EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

07.30.20

Links 30/7/2020: Kodi Media Center 18.8, GNOME Gingerblue 0.2.0, ‘BootHole’ Hype Everywhere (UEFI ‘Security’ Was Always Overhyped Anyway)

Posted in News Roundup at 3:52 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • Librem 14 Thoughts From a CG Artist

        think that the Librem 14 represents the Librem laptop coming to maturity. As a professional CG artist, I am looking for a computer that is able to run resource intensive software at good speed. As a person wishing for a respectful society, I am looking for a computer that remains humble in its branding, as well as respecting the people’s fundamental rights to privacy, security and control over a machine. I am also attached to the visual aspect and visual harmony of things and I think that the Librem 14 has all of that.

        I am so excited, I can’t wait for it to arrive!

      • Top 10 Cheap Linux Laptops [2020 Edition]

        One of the most beautiful things about Linux is that it can deliver fluid performance even on low-tier hardware. You don’t need 16GB of RAM or a quad-core processor just to browse the web. In fact, Ubuntu – one of the most popular Linux Distro can run perfectly well with a simple 2GHz dual-core system racking no more than 4GB of RAM and just needs a minimum of 25GB storage space.

        This opens up a whole new world for budget computing. By using Linux, you can get way more performance out on a low-spec system giving you a better bang-for-buck performance. With this in mind, we have put together a list of going over the best cheap laptops for Linux.

        Top 10 Budget Linux Laptops

        To keep the list diverse and useful for everybody, we have included laptops that fall between the $200 to $1000 price bracket. This makes sure there is something for everybody.

        Also, only some of the systems discussed here come with Linux pre-installed. Since most manufacturers prefer to ship with Windows, you might need to install Linux manually or set up a dual-boot configuration. We will tell you which laptops come with Linux out of the box and which don’t.

        So with that being said, here is our list of the ten best cheap Linux laptops.

    • Server

      • Self-Hosted and Open-Source Alternatives to Popular Services

        The internet is a prominent place. And while it may feel like a few huge names like Netflix, Dropbox, and Facebook run the show, they are far from the only option you have available. It’s now easier than ever to find a self-hosted alternative to just about any online platform.

        What does self-hosted mean? Self-hosted platforms are apps that function through their web hosting instead of a major option like Amazon Web Services. Generally, they’re not only open-source (a.k.a. free) but full of different content, features, and other things worth checking out.

        And here’s the best part—they’re often cheaper! Here are some of the best self-hosted alternatives to popular services.

      • Ideal Linux webhosting services of 2020

        Linux hosting is everywhere. Whether you’re looking for a simple shared web hosting account or a powerful dedicated server, the chances are that you’ll be offered a Linux-based option first.

        In many cases, you might not care. If your hosting needs are simple, you’ll probably choose an account based on the allocated web space, bandwidth and similar features – the operating system is so far down most people’s priority list that often it’s not even mentioned in comparison tables.

    • Audiocasts/Shows

      • FLOSS Weekly 589: LifeScope – Using Open Source to Organize and Play VR

        The open-source software that allows you to organize your life with VR! Doc Searls and Jonathan Bennet talk with Liam Broza, the CEO and Co-founder of LifeScope. The discuss the LifeScope platform, which is built to organizes your existing data and allows you to manage it better. It is a consultancy that helps you find and remove unwanted data. They also create virtual spaces for events, businesses, and brands that allow people to meet in the time of social distancing. They talk about the future of VR, and what is that going to look like for business and consumers and why it is essential to keep the future of VR open source.

      • 2020-07-29 | Linux Headlines

        The first standard-conformant implementations for OpenXR are finally shipping, LineageOS 17.1 has an unsupported build for the Raspberry Pi, Nextcloud gains a Forms feature, nano version 5 brings new features to the venerable text editor, Facebook releases PyTorch version 1.6, and Microsoft backs the Blender Foundation.

      • Destination Linux 184: Let’s Squash Some Bugs (plus Manjaro ARM Interview)

        Coming up on this week’s episode of Destination Linux, we have an interview with Dan Johansen of Manjaro ARM to talk all things ARM. The big topic of the week is about Bug Reports and how they can get better for both Users and Developers so Let’s Squash Some Bugs. In the News, we talk about the new AMD Ryzen Linux Laptops are finally hitting the market. Thanks to Tuxedo & Slimbook we’ve got 2 new Linux Laptops with the Tuxedo Pulse 15 & the KDE Slimbook. In Linux Gaming section we talk about SuperTuxKart which an awesome Open Source game for Linux! We’ve also got some great Community Feedback to talk about. In addition to our Software Spotlight we are going to start explaining the Linux Filesystem in the Tip of the Week for a Filesystem Breakdown Series. All of this and so much more on Episode 184 of the #1 video-centric Linux podcast, Destination Linux!

      • The Linux Link Tech Show Episode 868

        jenkins, chromeos, chromebook, arm, buying a house

    • Kernel Space

      • Linux 5.7.11

        I’m announcing the release of the 5.7.11 kernel.

        All users of the 5.7 kernel series must upgrade.

        The updated 5.7.y git tree can be found at:
        git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.7.y
        and can be browsed at the normal kernel.org git web browser:

        https://git.kernel.org/?p=linux/kernel/git/stable/linux-s…

      • Linux 5.4.54
      • Linux 4.19.135
      • Linux 4.14.190
      • Linux Quietly Makes It Harder To Guess Network RNG’s Internal State

        Merged today to mainline for Linux 5.8 Git and also marked for back-porting is a change to make it more difficult to guess the network random number generator’s internal state. It looks like it could be for a yet-to-be-published vulnerability.

        Hitting the Linux kernel Git tree today was random32: update the net random state on interrupt and activity. With that change the first 32 bits out of the 128 bits of a random CPU’s “net_rand_state” is now being modified on interrupt or CPU activity. This is being done “to complicate remote observations that could lead to guessing the network RNG’s internal state.”

      • Maintaining stable stability

        The goals of the stable tree are somewhat in competition with each other, Levin said. The maintainers do not want to introduce regressions into the tree, but they also want to try to ensure that they do not miss any fixes that should be in the tree. It is “very tricky” to balance those two goals. The talk would follow the path of patches that fix bugs, from the time they are written until they get released in a stable tree, showing the mechanisms in place to try to ensure that only real, non-regressing fixes make it all the way to the end.

        The first stage is the rules for the kinds of patches that get accepted into the stable tree. They have to be small, straightforward fixes that are already upstream in Linus Torvalds’s tree. No complex new mechanisms or new features are welcome in the stable tree. The patches have “passed the minimal bar” to get accepted into the mainline, but it is sometimes necessary for the maintainers (or patch submitters) to backport the patch. That is something the maintainers try hard to avoid, so that the testing of the mainline is effectively also testing everything in stable, but backports cannot be avoided at all times. If there are large, intrusive patches that must be backported—for, say, mitigations for speculative-execution processor flaws—the stable maintainers require a lot more testing, subsystem maintainer signoffs, and more to try to ensure that the backport is reasonable.

      • Emulating Windows system calls, take 2

        Back in June, LWN covered a patch set adding a mechanism intended to help systems like Wine emulate Windows system calls on a Linux system. That patch set got a lot of attention and comments, with the result that its form has changed considerably. Gabriel Krisman Bertazi has now posted a new patch set that takes a different approach to solving the same problem.
        As a reminder, the intent of this work is to enable the running of Windows binaries that call directly into the Windows kernel without going through the Windows API. Those system calls must somehow be trapped and emulated for the program to run correctly; this must be done without modifying the Windows program itself, lest Wine run afoul of the cheat-detection mechanisms built into many of those programs. The previous attempt added a new mmap() flag that would mark regions of the program’s address space as unable to make direct system calls. That was coupled with a new seccomp() mode that would trap system calls made from the marked range(s). There were a number of concerns raised about this approach, starting with the fact that using seccomp() might cause some developers to think that it could be used as a security mechanism, which is not the case.

      • Memory protection keys for the kernel

        The memory protection keys feature was added to the 4.6 kernel in 2016; it allows user space to group pages into “protection domains” that can have their access restricted independently of the normal page protections. There is no equivalent feature for kernel space; access to memory in the kernel’s portion of the address space is controlled exclusively by the page protections. That situation may be about to change, though, as a result of the protection keys supervisor (PKS) patch set posted by Ira Weiny (with many patches written by Fenghua Yu).
        Virtual-memory systems maintain a set of protection bits in their page tables; those bits specify the types of accesses (read, write, or execute) that are allowed for a given processor mode. These protections are implemented by the hardware, and even the kernel cannot get around them without changing them first. On the face of it, the normal page protections would appear to be sufficient for the task of keeping the kernel away from pages that, for whatever reason, it should not be accessing. Those protections do indeed do the job in a number of places; for example, page protections prevent the kernel from writing to its own code.

        Page protections work less well, though, in situations where the kernel should be kept away from some memory most of the time, but where occasional access must be allowed. Changing page protections is a relatively expensive operation involving tasks like translation lookaside buffer invalidations; doing so frequently would hurt the performance of the kernel. Given that protecting memory from the kernel is usually done as a way of protecting against kernel bugs that, one hopes, do not normally exist anyway, that performance hit is one that few users are willing to pay.

      • Intel Prepping Bus Lock Detection For Linux To Avoid This Performance Pitfall

        Building off the recently mainlined Intel work on split lock detection, Intel engineers have now been extending that with bus lock detection support.

        A bus lock as outlined within Intel’s PRM happens via split locked access to writeback memory or using locks to uncacheable memory. Detecting bus locks is important due to performance penalties and possible denial of service implications.

        Intel’s Fenghua Yu summed up the performance implications as typically being more than one thousand cycles slower than an atomic operation within a cache line and disrupting the performance of other CPU cores as well.

      • MSM Open-Source Driver Continues On Qualcomm Adreno 640/650 Series Bring-Up

        The open-source MSM DRM driver developed by Google, Qualcomm’s Code Aurora, and other parties as what started out as part of the “Freedreno” driver initiative is continuing to see better support for the newer Adreno 640 and 650 series.

        The MSM DRM driver developers continue working on the Adreno 640/650 series as found in the Snapdragon 855/855+ and 865/865+, respectively. Sent in on Wednesday was the MSM-next material for Linux 5.9. This pull has “a bunch more” work on Adreno 640/650 both on the display and GPU enablement side, among that work are fixes, setting up the UBWC configuration, HWCG setup (hardware clock gating), and other bits.

    • Benchmarks

      • Samsung 870 QVO SSD Performance On Ubuntu Linux

        The Samsung 870 QVO solid-state drives announced at the end of June have begun appearing at Internet retailers. The Samsung 870 QVO is the company’s latest QLC NAND solid-state drive offering 1TB of storage for a little more than $120 USD all the way up to 4TB for $500 and an 8TB variant for $900. For those curious about the EXT4 file-system Linux performance out of the Samsung 870 QVO, here are some benchmarks.

    • Applications

    • Instructionals/Technical

    • Games

      • [Godot] GSoC 2020 – Progress report #1

        As we announced a few months ago, Godot is participating again in the Google Summer of Code program for its 2020 edition.

        6 projects have been selected back in May, and the 6 students and their mentors have now been working on their projects for close to two months. We omitted to announce the projects formally (sorry about that!), but this first progress report written by each student will make up for it by giving a direct glimpse into their work.

      • Diversity in Open Source and Gaming: Does it Matter?

        It shouldn’t need to be said, and yet it needs to be shouted, over and over. The US has an especially egregious problem among developed nations with police violence (while data is difficult to obtain and interpret, there is clearly a problem). However, these are worldwide struggles in one form or another which shouldn’t be limited to protests in the streets and discussions of police and politics. As gamers and Linux users, we sit at a special intersection of entertainment and industry. Neither side is well represented when it comes to diversity and action. Our community needs to do better. We need to make Black lives matter in our own space and do our part to push society forward.

        This issue should be crucial to us because of the values we represent as Linux gamers. Gaming is universal. There is an innate desire to play, to escape, to be challenged, to connect or compete with others, to tell stories. Gaming is to be shared, to break down barriers and find commonality. Gaming on Linux means we also value Free/Libre Software. And Free Software is meant to be free: free from restrictions, for anyone to use and make it their own. These words are hollow without putting them into practice and ensuring this is available to all, that anyone can contribute. There is a natural connection here, between the joy and universality of gaming and the benefits and openness of Free Software, twin ideals we want to succeed. So while games are rarely Open Source, as a community that uses both we should reflect a culmination of these values.

        [...]

        Unfortunately, we do not. Many games and their players are rife with white supremacy, neo-Nazis, hate speech and groups, bigotry, poor (if any) representation, toxicity, issues of how they represent police, excuses of “historical accuracy,” ignoring the real problems of the locations they represent, and ugly actions like players spawning KKK members in Red Dead Online to terrorize others.

      • Gender balance in computing: current research
      • Atari VCS games cost up to $25, will focus on indies and not AAA games

        The Atari VCS is a kind of jack-of-all-trades. It’s a console-PC hybrid that supports Linux and Windows 10. It’s also a console with its own first-party storefront, controllers, and online ecosystem. But unlike Steam or the PlayStation Store, the Atari VCS store won’t sell $59.99 AAA games–at least not at launch. Instead, the Atari VCS games will be capped at $25 a pop and will be more like GOG than Steam.

        Atari is taking a smaller approach with its store and will exclusively sell remasters, classic version of its old games, and indie games at launch, complete with its vault of 100 Atari classics, Anstream on-demand retro game streaming, and remasters of older games like Missile Command.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Week 8: GSoC Project Report

          Last week I implemented the duration fields and addition of storyboard items from storyboard. Previously it could only be done from the timeline docker. Also I implemented updating of all affected items’ thumbnail. This makes the docker almost complete sans the capability to save or export.

          The duration field is implemented such that any item in the storyboard docker has the duration equal to the next keyframe in any node. This makes sense because the canvas image would be identical to the keyframe image for that duration only, after that the other keyframe’s content would be added to it. Changing duration would move all keyframes in all nodes after the keyframe for that item.

      • GNOME Desktop/GTK

        • Record Live Audio as Ogg Vorbis in GNOME Gingerblue 0.2.0

          Today I released GNOME Gingerblue version 0.2.0 with the basic new features…

          [...]

          The GNOME release team complained at the early release cycle in July and call the project empty, but I estimate it will take at least 4 years to complete 4.0.0 in reasonable time for GNOME 4 to be released between 2020 and 2026.

    • Distributions

      • IBM/Red Hat/Fedora

        • IBM Launches Fully Homomorphic Encryption (FHE) Toolkit for Linux

          Previously available for macOS and iOS, IBM’s Fully Homomorphic Encryption toolkit is now available on Linux too. It’s packaged as Docker containers with three editions for CentOS Linux, Fedora Linux and Ubuntu Linux.

          What’s so special about the Fully Homomorphic Encryption technology? Well, it makes it possible to protect your data at rest and in-flight with pervasive encryption. More specifically, FHE helps protect your data at all times without ever decrypting it.

          Combined with Data Privacy Passports, the homomorphic encryption helps IBM Z clients manage who gets access to data via policy-based controls and revoke access to that specific data even if it transferred from the system thanks to data protection controls.

        • IBM announces homomorphic encryption toolkit for Linux

          Global technology company IBM claims to have developed a new fully homomorphic encryption toolkit for Linux which has been made available on the source code repository GitHub for public use.

          IBM said the new technology would provide the ability to protect and process data simultaneously by Linux distributions that run on IBM Z and x86 architectures.

          It said the technology, initially suggested by mathematicians in the 1970s and first demonstrated in 2009, provided a different way to protect data privacy.

          IBM’s Flavio Bergamaschi and Eli Dow said in a note accompanying the announcement that so far it had not been possible to keep data protected and processed at the same time.

        • From a trickle to an Application Stream: Red Hat opens barriers for RHEL 8.3 beta

          Red Hat Enterprise Linux (RHEL) 8.3 has hit beta, with security and production stability pointed to as key goals for the update.

          RHEL 8.0 was released in May 2019 and introduced the concept of “Application Streams”, based on a separate repository dedicated to “all the applications you might want to run in a given userspace” including tools, runtimes, database managers and web servers. The smart piece is that there are “multiple virtual repositories within one physical repository” so users can fix on a particular version of an application but still get security and bug updates.

          Another key feature in RHEL is System Roles, which are Ansible modules for configuring the system. System Roles were introduced (in preview at the time) in RHEL 7.4. Ansible is Red Hat’s automation platform.

          The release cycle for RHEL provides for new minor releases every six months. RHEL 8.1 appeared in November 2019 with live kernel patching, and RHEL 8.2 in April this year with a new application stream for Red Hat container tools. We can therefore expect RHEL 8.3 to be generally available around three months from now.

        • Nest With Fedora registration now open

          Registration for Nest with Fedora is now open! We welcome you to join us for three days of Fedora content, workshops, and social hours. Nest begins Friday 7 August at 1200 UTC and runs through Sunday 9 August at 2200 UTC. The schedule will be published in the coming days. We are using a platform called Hopin, which has been generously provided by the Apache Software Foundation.

          As we all know, this year our annual contributor conference Flock to Fedora has been moved to a virtual event: Nest with Fedora. It won’t be a literal replacement for all the great in person time we usually get, but I am still excited to see all of the familiar (and new!) faces and to catch up on what everybody has been working on. There is also a silver lining going virtual: so many more Fedora contributors can attend!

      • Debian Family

        • Why has Debian been gripped by vendettas?

          Debian Community News and the Uncensored Debian Planet site (follow the RSS feed if you want all sides of the story) have cast a new light on uncomfortable truths about the way free software is produced.

          As people dig deeper, they are surprised to find that evidence of cult phenomena is indisputable while accusations against victims lack any evidence whatsoever.

          Nonetheless, running an elaborate cult surely takes time and effort. Why would anybody bother to do this?

          Credibility of Debian’s name

          Debian, thanks to the the Debian Social Contract, long history and technical reliability, has built up a reputation for technical competence.

          When somebody associated with Debian points out that Google’s privacy policy is no more than a modern-day re-write of The Emperor’s New Clothes, their concerns are often amplified and widely noticed.

          Companies like Google resent this, so they exert influence in various ways to discredit those individuals who speak the truth.

          We see exactly the same phenomena in the United States right now where President Trump has been trying to undermine his country’s leading expert on pandemics, Dr Anthony Fauci.

        • Norbert Preining: KDE/Plasma Status Update 2020-07-30

          Only a short update on the current status of my KDE/Plasma package for Debian sid and testing:

          Frameworks 5.72
          Plasma 5.19.4
          Apps 20.04.3
          Digikam 7.0.0
          Ark CVE-2020-16116 fixed in version 20.04.3-1~np2
          Hope that helps a few people.

      • Canonical/Ubuntu Family

        • Ubuntu invests in Google’s Flutter and Dart

          Flutter is Google’s open-source toolkit to build cross-device (and cross-platform) applications. Based on the Dart programming language released by the company in 2013, Flutter promises developers the ability to write and maintain a single application that runs on all of a user’s devices. Flutter applications support deployment on Android, iOS, Web browsers via JavaScript, macOS, and now Canonical and Google have teamed up to support Flutter applications in Linux. Promises of native speed, rapid development, and a growing community make it an interesting technology to take a look at.

          Flutter focuses on consistency and quality of the user experience it provides. Google has devoted considerable resources over the years in service of understanding how to build high-quality user experiences. These efforts have lead to projects like Material Design, with those principles being translated into Flutter’s components and overall development philosophy. For developers who prefer an iOS-style interface, Flutter provides components for that as well.

          Flutter itself is billed by Google as a “UI Toolkit”, and both Flutter and Dart are licensed under a permissive BSD 3-Clause license. Google declared Flutter “production ready” in 2018, and the company now claims over two million developers use the Flutter toolkit for application development. Since its release, Flutter has also built a significant open-source community of contributors and applications.

          Originally, Flutter was a toolkit focused on mobile application development targeting only Android and iOS platforms. With the version 1.0 release Google also started experimenting with using Flutter on traditional desktops. In the year and a half since then, Flutter now provides what the project describes as “alpha-quality features” for both macOS and Linux desktop environments. For Linux desktops, Flutter is implemented as a wrapper around GTK+ and according to the project, support for the Windows platform is still under development.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Open-source contact tracing, part 2

        In March 2020, the first contact-tracing app was released; it was TraceTogether in Singapore. As of early July 2020, it had been downloaded over 2.1 million times for a population of Singapore of around 5.8 million. The app uses a protocol called BlueTrace. A reference implementation of the protocol was released under the name of OpenTrace; it includes Android and iOS apps and the server piece. All those elements are released under GPL v3.

        The Git repository seems quiet after the initial release, counting, for example, only five commits to the Android app. It seems likely, then, that the public and private source trees diverged at some point. This looks to be confirmed when we look into the binary TraceTogether app analysis by Frank Liauw, and compare his results with the OpenTrace source code. OpenTrace includes, for example, the same database structure, but does not contain the updates made in TraceTogether. This means that the installed app does not correspond with the released source code, which could mean that some of the privacy characteristics of the app have changed.

        Beyond just the source code, the design paper [PDF] describes the main ideas and details of the protocol. Users are identified by their phone numbers; both global and temporary IDs are generated by the centralized server. The apps may download batches of temporary IDs in advance in order to continue working offline. The proximity tracing is done by Bluetooth and the BlueTrace protocol includes sending the phone model, for distance calibration purposes, along with the temporary ID.

      • Web Browsers

        • Mozilla

          • The sad, slow-motion death of Do Not Track

            “Do Not Track” (DNT) is a simple HTTP header that a browser can send to signal to a web site that the user does not want to be tracked. The DNT header had a promising start and the support of major browsers almost a decade ago. Most web browsers still support sending it, but in 2020 it is almost useless because the vast majority of web sites ignore it. Advertising companies, in particular, argued that its legal status was unclear, and that it was difficult to determine how to interpret the header. There have been some relatively recent attempts at legislation to enforce honoring the DNT header, but those efforts do not appear to be going anywhere. In comparison, the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) attempt to solve some of the same problems as DNT but are legally enforceable.

            In 2007, the US Federal Trade Commission was asked [PDF] to create a “Do Not Track” list, similar to the popular “Do Not Call” list. This would have been a list of advertiser domain names that tracked consumer behavior online, and would allow browsers to prevent requests to those sites if the user opted in. However, that approach never got off the ground, and DNT first appeared as a header in 2009, when security researchers Christopher Soghoian, Sid Stamm, and Dan Kaminsky got together to create a prototype.

          • ’90s vibes: Fresh themes for Firefox, video calls and more

            Raise your hand if your watchlists are showing signs of ‘90s reruns. Saved by the Bell, Friends and The Fresh Prince of Bel-Air are making comfort TV comebacks along with bike shorts, oversize button-downs and bandanas, which could honestly be the WFH meets socially distant uniform of the summer. Visually the ‘90s give so much in a simple, joyful way. A little neon here, a few shapes there, and whoomp, there it is!

            Get some fresh ’90s styles into your digital day-to-day, with wallpapers, video call backgrounds and browser themes. This collection is here to bring you ‘90s joy without the Macarena playing on the radio all the time.

      • FSF

        • GNU Projects

          • Beginner-friendly Terminal-based Text Editor GNU Nano Version 5.0 Released

            Open source text editor GNU nano has reached the milestone of version 5.0. Take a look at what features this new release brings.

            There are plenty terminal-based text editors available for Linux. While editors like Emacs and Vim require a steep learning curve with bunch of unusual keyboard shortcuts, GNU nano is considered easier to use.

            Perhaps that’s the reason why Nano is the default terminal-based text editor in Ubuntu and many other distributions. Upcoming Fedora 33 release is also going to set Nano as the default text editor in terminal.

            GNU nano 5.0 has just been released. Here are the new features it brings.

          • GNU nano 5.0 released
            
            2020.07.29 - GNU nano 5.0  "Among the fields of barley"
            
            • With --indicator (or -q or 'set indicator') nano will show a kind
              of scrollbar on the righthand side of the screen to indicate where
              in the buffer the viewport is located and how much it covers.
            • With <Alt+Insert> any line can be "tagged" with an anchor, and
              <Alt+PageUp> and <Alt+PageDown> will jump to the nearest anchor.
              When using line numbers, an anchor is shown as "+" in the margin.
            • The Execute Command prompt is now directly accessible from the
              main menu (with ^T, replacing the Spell Checker).  The Linter,
              Formatter, Spell Checker, Full Justification, Suspension, and
              Cut-Till-End functions are available in this menu too.
            • On terminals that support at least 256 colors, nine new color
              names are available: pink, purple, mauve, lagoon, mint, lime,
              peach, orange, and latte.  These do not have lighter versions.
            • For the color names red, green, blue, yellow, cyan, magenta,
              white, and black, the prefix 'light' gives a brighter color.
              Prefix 'bright' is deprecated, as it means both bold AND light.
            • All color names can be preceded with "bold," and/or "italic,"
              (in that order) to get a bold and/or italic typeface.
            • With --bookstyle (or -O or 'set bookstyle') nano considers any
              line that begins with whitespace as the start of a paragraph.
            • Refreshing the screen with ^L now works in every menu.
            • In the main menu, ^L also centers the line with the cursor.
            • Toggling the help lines with M-X now works in all menus except
              in the help viewer and the linter.
            • At a filename prompt, the first <Tab> lists the possibilities,
              and these are listed near the bottom instead of near the top.
            • Bindable function 'curpos' has been renamed to 'location'.
            • Long option --tempfile has been renamed to --saveonexit.
            • Short option -S is now a synonym of --softwrap.
            • The New Buffer toggle (M-F) has become non-persistent.  Options
              --multibuffer and 'set multibuffer' still make it default to on.
            • Backup files will retain their group ownership (when possible).
            • Data is synced to disk before "... lines written" is shown.
            • The raw escape sequences for F13 to F16 are no longer recognized.
            • Distro-specific syntaxes, and syntaxes of less common languages,
              have been moved down to subdirectory syntax/extra/.  The affected
              distros and others may wish to move wanted syntaxes one level up.
            • Syntaxes for Markdown, Haskell, and Ada were added.
            
                                        
            
            
          • Nano 5.0 Released As A Big Feature Update To This Easy-To-Use Terminal Text Editor

            The popular GNU Nano terminal text editor has reached version 5.0.

            Nano 5.0 has been released with a number of changes compared to the Nano 4.x series. Among the Nano 5.0 text editor highlights are:

            - The –indicator option can be used to provide a “scrollbar” on the right side of the screen to indicate approximately where in the buffer that the viewport / text is at.

            - The execute command prompt is now directly accessible from the main menu.

            - For terminals supporting at least 256 colors, new recognized color names include: pink, purple, mauve, lagoon, mint, lime, peach, orange, and latte. There are also new “light” variants on a number of existing common colors.

          • New features in gnuplot 5.4

            Gnuplot 5.4 has been released, three years after the last major release of the free-software graphing program. In this article we will take a look at five major new capabilities in gnuplot. First, we briefly visit voxel plotting, for visualizing 3D data. Since this is a big subject and the most significant addition to the program, we’ll save the details for a subsequent article. Next, we learn about plotting polygons in 3D, another completely new gnuplot feature. After that, we’ll get caught up briefly in spider plots, using them to display some recent COVID-19 infection data. Then we’ll see an example of how to use pixmaps, a new feature allowing for the embedding of pictures alongside curves or surfaces. Finally, we’ll look at some more COVID-19 data using the new 3D bar chart.

            A full accounting of all of the improvements and bug fixes in 5.4 can be found in the release notes. More gnuplot history can be found in our May 2017 article on the soon-to-be-released gnuplot version 5.2, which described its new features, some of which have been expanded in 5.4.

      • Programming/Development

        • GCC Sees More Progress On Ability To Parallelize The Compilation Of Large Source Files

          While GCC with GNU Make and other build systems can scale nicely in compiling many files concurrently, there has been an ongoing GCC effort to be able to parallelize more of the GNU Compiler Collection work when compiling large source files.

          Back in the summer of 2019 the work got underway for trying to address the parallelization bottleneck in letting more of the compiler work be parallelized in larger source files.

        • Perl/Raku

          • What’s new on CPAN – June 2020

            Welcome to “What’s new on CPAN”, a curated look at last month’s new CPAN uploads for your reading and programming pleasure. Enjoy!

        • Python

          • Face Mask Detection using Yolo V3

            Face Mask Detection Using Yolo_v3 on Google Colab

            Great you are ready to implement a hands on project ” Face Mask Detection ”

            Requirements
            Windows or Linux
            CMake >= 3.12
            CUDA 10.0
            OpenCV >= 2.4
            GPU with CC >= 3.0

          • Namespaces and Scope in Python

            This tutorial covers Python namespaces, the structures used to organize the symbolic names assigned to objects in a Python program.

            The previous tutorials in this series have emphasized the importance of objects in Python. Objects are everywhere! Virtually everything that your Python program creates or acts on is an object.

            An assignment statement creates a symbolic name that you can use to reference an object. The statement x = ‘foo’ creates a symbolic name x that refers to the string object ‘foo’.

            In a program of any complexity, you’ll create hundreds or thousands of such names, each pointing to a specific object. How does Python keep track of all these names so that they don’t interfere with one another?

          • Django Developers Community Survey 2020

            We’re conducting a seventeen question survey to assess how the community feels about the current Django development process. This was last done in 2015.

            Please take a few minutes to complete the 2020 survey. Your feedback will help guide future efforts.

          • How much fun was EuroPython 2020

            This year I’ve finally got enough courage and will, and I had 2 submissions for #pyconil. COVID-19 had other plans, and #pyconil was canceled

            I’ve told @ultrabug about this (Numberly CTO, Alexys Jacob), after a few weeks he surprised me with telling me he’s gonna present scylla-driver in europython2020, the shard-aware driver we were working on in the last 6 months.

            At the time it wasn’t yet ready nor publish. (Also found out that Numberly were sponsoring europython for years now) Took me a few seconds to figure that he just set me deadline without my consent…

        • Shell/Bash/Zsh/Ksh

          • An awk corner case?

            So even after years and years of experience, core tools still find ways to surprise me. Today I tried to do some timestamp comparisons with mawk (vnl-filter, to be more precise), and ran into a detail of the language that made it not work. Not a bug, I guess, since both mawk and gawk are affected. I’ll claim “language design flaw”, however.

        • Rust

  • Leftovers

    • Hollywood Is Finally Admitting That the U.S. Is a Lost Cause

      Premiering a film like Tenet only overseas is virtually unprecedented in the internet era, in which it’s common for big movies to launch simultaneously around the world, if not in the U.S. first. With Nolan’s film debuting abroad, it will be hard for Warner Bros. to prevent pirated copies from making their way online, and essentially impossible to stop details about the movie’s secret plot from being revealed to anyone doing a quick Google search.

      Unfortunately, Americans are likely months away from their own theaters reopening under similar circumstances as the countries where Tenet is premiering. As of this writing, China has reported 231 new cases over the past seven days, and South Korea 404; the United States reported 463,109. Though the country’s biggest theater chain, AMC, says it wants to open venues in mid- to late August, it’s not certain that the biggest markets, New York and Los Angeles, will even permit such a thing. Where exactly the movie could screen in the U.S. come Labor Day weekend is unclear.

    • Health/Nutrition

      • 5 Key Demands for the New Coronavirus Bill

        Call your senators at (202) 224-3121 and demand they fight to protect the American people. The window to act is closing, so raise your voice now.

      • Operation Eternal Vengeance: We Pledge to Defeat Any Politician Who Uses Covid-19 to Attack Social Security

        We will defeat every attack on our Social Security, every single time. But special emphasis will be given to any lawmaker who attempts to do so under the cover of this deadly pandemic.

      • Pandemic money Investigative journalists at ‘Proekt’ calculate who won big and came up short in Russia’s coronavirus government contracts

        The Russian state spent 210 billion rubles ($2.9 billion) to procure the goods and services needed to contain the spread of coronavirus, estimates the investigative news website Proekt. Reporters analyzed 90,000 government contracts concluded between March and June 2020. This amount of spending was 88 billion rubles ($1.2 billion) greater than the federal subsidies issued to state agencies and regions charged with implementing Russia’s efforts against COVID-19.

      • Hydroxychloroquine: The Black Knight of treatments for COVID-19

        Truly, hydroxychloroquine is the Black Knight of drugs to treat COVID-19. Monty Python fans will immediately know what I’m talking about, but for those who don’t the Black Knight is a fictional character from Monty Python and the Holy Grail. King Arthur encounters him guarding a rather pathetic bridge in his journeys and asks him to join his quest for the Holy Grail. The Black Knight refuses and then blocks Arthur’s passage. The battle is joined, and Arthur, one by one, chops off all of the Black Knight’s limbs. After each limb is lopped off, the Black Knight says things like, “‘Tis but a scratch” and “I’ve had worse.” Before his last leg is chopped off, the Black Knight proclaims, “I’m invincible,” to which Arthur retorts, “You’re a loony.” After losing his last limb, the Black Knight concedes, “All right, we’ll call it a draw.” Then, as Arthur rides off, the Black Knight yells, “Oh. Oh, I see. Running away, eh? You yellow bastards! Come back here and take what’s coming to ya! I’ll bite your legs off!”

      • The pandemic is raising concerns about how teens use technology. But there’s still a lot we don’t know.

        As the US continues to struggle to contain the Covid-19 pandemic and social distancing recommendations remain in place, millions of US children and adolescents aren’t expected to attend school in-person in the fall — meaning they’ll often be stuck inside their homes and using the internet as a primary means of human connection. The situation has resurfaced a longstanding, difficult-to-answer question: Is technology going to ruin my teenager’s brain?

        For years, some have blamed the growing rate of teenagers suffering from mental health issues in the US on the drastic increase in how much they’re engaging with digital devices compared to previous generations — but there isn’t much hard evidence to back up those claims.

      • The Danger of Blue Light Is Real. Protect Your Eyes With Blue Light Glasses.

        When we talk about blue light, we are talking about the blue hues of the visible light spectrum, between 380 and 500 nanometers. And to be clear, it’s not all bad. In fact, exposure to natural blue light during daytime hours is essential. During the day, blue light signals to your brain that it’s time to be awake, enhancing attention, energy, and mood. However, exposure to blue light at night is scientifically proven to suppress the production of melatonin, a hormone that tells your brain when it’s time to be quiet and go to sleep. When melatonin production is disrupted on a regular basis, it throws off your circadian rhythm, which is the body’s natural sleep-wake cycle. And this can lead to insomnia.

        But sleep is not the only thing negatively affected by blue light. Scientists have known for a long time that blue light plays a role in macular degeneration. Now, thanks to optical chemistry researchers and the University of Toledo, we know why.

      • Even mild coronavirus cases can cause lasting cardiovascular damage, study shows

        The study published Monday in JAMA Cardiology details the results of cardiac MRI exams of 100 recovered coronavirus patients. Twenty-eight of them required oxygen supplementation while fighting the virus, while just two were on ventilators. But 78 of them still had cardiovascular abnormalities after recovery, with 60 of them showing “ongoing myocardial inflammation,” the study shows. These conditions appeared to be independent of case severity and pre-existing conditions, though JAMA researchers note these findings need a larger study.

      • Evidence of Smallpox Infection in First Millennium Scandinavian Viking Settlements

        One of the signal public health achievements/victories of the 20th Century is the eradication of smallpox (variola virus, VARV) announced by the World Health Organization (WHO) in 1980; it has been estimated that smallpox infection killed 300-500 million people in the 20th Century alone. (A compelling example of the effects of smallpox in 18th Century America can be found in Pox Americana: The Great Smallpox Epidemic of 1775-1782, by Elizabeth A Fenn.) Fortuitously arriving before the advent of antivaxxers, the Internet, and proliferation of misinformed (at best) amateurs on social media, WHO, supported by most of the Western world was able to track down and subdue (by vaccination) outbreaks of the disease which has no known animal host reservoir. While a theoretical possibility ever since Jenner used the insight that milkmaids were “naturally” immune due to encountering vaccinia virus from cows in 1796, it took the organization (and relative wealth) of the post-war world and the auspices of the United Nations to remove a viral scourge known from time immemorial.

    • Integrity/Availability

      • Proprietary

        • Pseudo-Open Source

          • Privatisation/Privateering

            • Linux Foundation

              • Linux Foundation Launches Open Source COVID Group [Ed: They are tactlessly associating “Linux” with mass surveillance]

                The Linux Foundation has set up a group to bring together a number of open source projects that are working to fight COVID-19. The Linux Foundation Public Health (LFPH) builds, secures, and sustains open source software to help public health authorities (PHAs) combat COVID-19 and future epidemics.

                [...]

                The Linux Foundation says LFPH will initially focus on exposure notification applications like COVID Green and COVID Shield that use the GAEN system, after which it will expand to support all aspects of PHA’s testing, tracing, and isolation activities.

                COVID Shield was developed by a volunteer team of more than 40 developers from Shopify along with members of the Ontario and Canadian Digital Services. and is in the process of being deployed in Canada. While not an official Shopify project, the efforts were supported by Shopify CEO Tobi Lütke.

              • VMware Hands Control of Kubernetes Ingress Project Contour Over to CNCF

                Joe Beda, one of its creators, said one reason for the move was reassuring non-VMware developers that Contour’s development wouldn’t be steered by a single company.

              • Success Story: Linux System Administration Training and Certification Leads to New Career

                Fabian Pichardo has worked with multiple hardware platforms such as Nvidia, Xilinx, Microchip, and National Instruments, and is skilled in languages such as C++, Python, Matlab and Julia. During university, Fabian created the Mechatronic Student Society to offer programming training for newbies and demonstrate new technology trends.

        • Security

          • Security updates for Wednesday

            Security updates have been issued by Debian (curl, firefox-esr, luajit, and salt), Fedora (clamav, java-1.8.0-openjdk, and java-11-openjdk), Gentoo (claws-mail, dropbear, ffmpeg, libetpan, mujs, mutt, and rsync), openSUSE (qemu), Red Hat (openstack-tripleo-heat-templates), SUSE (freerdp, ldb, rubygem-puma, samba, and webkit2gtk3), and Ubuntu (mysql-5.7, mysql-8.0 and sympa).

          • Mozilla Addons Blog: Openness and security: a balancing act for the add-ons ecosystem

            Add-ons offer a powerful way for people to customize their web experience in Firefox. From content blocking and media enhancement to productivity tooling, add-ons allow third-party developers to create, remix, and share new products and experiences for the web. The same extensibility that allows developers to create utility and delight in Firefox, however, can also be used by malicious actors to harvest and sell user data.

            With an ecosystem of 20,000+ extensions hosted on addons.mozilla.org (AMO), hundreds of thousands of self-distributed extensions, and millions of users around the world, finding the right balance between openness and security is a key challenge for our small team. Developers need to feel supported on our platform, and users need to feel safe installing add-ons, so we continually make adjustments to balance these interests.

          • Equation Group is alive and kicking and active in Russia: Group-IB report

            After what seems like an eternity, a security company has dared to mention the unmentionable: the US does have advanced persistent threats or nation-state attack groups which are active.

            Singapore-based Group-IB listed the Equation Group, which is generally acknowledged as being a part of the NSA. It was originally discovered and named by Russian security outfit Kaspersky. In its latest Hi-Tech Crime Trends report for 2019-20, Group-IB pointed out that the Equation Group was operating against Russia and countries formed from the break-up of the former Soviet Union.

            Of itself, Group−IB says it is a leading provider of high‐fidelity adversary tracking and threat attribution framework, and best‐in‐class anti‐APT and online fraud prevention solutions

          • Billions of Devices Impacted by Secure Boot Bypass

            The “BootHole” bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks.

            Billions of Windows and Linux devices are vulnerable to cyberattacks stemming from a bug in the GRUB2 bootloader, researchers are warning.

            GRUB2 (which stands for the GRand Unified Bootloader version 2) is the default bootloader for the majority of computing systems. Its job is to manage part of the start-up process – it either presents a menu and awaits user input, or automatically transfers control to an operating system kernel.

          • BootHole GRUB2 Bootloader Security Exploit Discovered, Affects Billions Of Windows And Linux Devices

            A buffer overflow occurs when more data is pushed into a buffer than it can handle. This data still needs a place to go and it therefore often overflows into nearby memory spaces. This “overflow” can corrupt or overwrite the data that was originally in the memory space. Attackers can then abuse this situation to run arbitrary code and cause major problems with a device.

            Secure Boot processes are typically walled off from administrative level users. However, in this scenario, the bootloader parses a configuration file located in the EFI system partition. As a result, any user with administrator access can modify grub.cfg. Furthermore, the configuration file is typically implemented as an unsigned text file. Any changes to the configuration file therefore go unchecked.
            In the example provided by the researchers, Eclypsium found they could use the modified configuration file to pass a token too large for flex’s parse buffer. It called the function “YY_FATAL_ERROR()”. This threw an error code, but did not halt the execution. Flex never checks for YY_FATAL_ERROR() to return, so it continued to call and copy a token that was too large for the buffer. According to the researchers, this issue “overwrites critical structures in the heap.”

          • New Security Hole Puts Windows and Linux Users at Risk

            If you are a Windows or Linux user, brace yourself for a long siege of vulnerability nightmares. The fix will be long and treacherous and could brick your computers.

            Eclypsium researchers Wednesday released details of a set of newly discovered vulnerabilities dubbed “BootHole” that opens up billions of Windows and Linux devices to attacks.

          • ‘BootHole’ attack impacts Windows and Linux systems using GRUB2 and Secure Boot
          • ‘BootHole’ Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10

            A high-rated security vulnerability in the Secure Boot function of the majority of laptops, desktops, workstations and servers has been confirmed. Here’s what you need to know about BootHole.

            Security researchers at Eclypsium discovered a vulnerability that affects the bootloader used by ‘virtually every’ Linux system, and almost every Windows device using Secure Boot with Microsoft’s standard Unified Extensible Firmware Interface (UEFI) certificate authority.

          • Linux distros fix new Boothole bug

            Secure boot, despite the name, isn’t as secure as we’d like. Security company Eclypsium discovered a security hole in GRUB2: Boothole. Linux users know GRUB2 as one of the most commonly used bootloaders. As such, this security problem makes any machine potentially vulnerable to a possible attack — the keyword is “potentially.”

            BootHole enables hackers to insert and execute malicious code during the boot-loading process. Once planted there, the nasty bootkit payload can allow attackers to plant code that later take over the operating system. Fortunately, Linux distro developers were warned of this problem, and most of them have already issued patches.

          • A long list of GRUB2 secure-boot holes

            Several vulnerabilities have been disclosed in the GRUB2 bootloader; they enable the circumvention of the UEFI secure boot mechanism and the persistent installation of hostile software. Fixing the problem is not just a matter of getting a new GRUB2 installation, unfortunately. “It is important to note that updating the exploitable binaries does not in fact mitigate the CVE, since an attacker could bring an old, exploitable, signed copy of a grub binary onto a system with whatever kernel they wished to load. In order to mitigate, the UEFI Revocation List (dbx) must be updated on a system. Once the UEFI Revocation List is updated on a system, it will no longer boot binaries that pre-date these fixes. This includes old install media.”

          • Mitigating BootHole – ‘There’s a hole in the boot’ – CVE-2020-10713 and related vulnerabilities

            Today we released updates for a series of vulnerabilities termed ‘There’s a hole in the boot’ / BootHole in GRUB2 (GRand Unified Bootloader version 2) that could allow an attacker to subvert UEFI Secure Boot. The original vulnerability, CVE-2020-10713, which is a high priority vulnerability was alerted to Canonical in April 2020. Since then seven related vulnerabilities have been discovered by Canonical and we have worked with the wider open source community and Microsoft to provide the mitigations which have been released today for Ubuntu and other major Linux distributions.

            In this blog post, we will explain more about the vulnerabilities and a behind-the-scenes look about how they were fixed in a coordinated manner across the entire open source ecosystem. To discover the in-depth details of the CVEs and the updated packages which fix the associated vulnerabilities, please visit our Ubuntu Security Knowledge Base article.

          • Flaw in GRUB 2 Boot Loader Threatens Many Linux Systems

            There is a newly discovered vulnerability in a widely deployed boot loader that is included in most Linux distributions that could give an attacker access to the earliest portions of a computer’s start-up process and eventually complete control of the system. The flaw in the GRUB 2 boot loader can also affect other systems that uses UEFI Secure Boot, including Windows computers, under some specific conditions.

            The vulnerability (CVE-2020-10713) potentially affects hundreds of millions of devices, including embedded systems, network devices, IoT devices, as well as servers, desktops, and laptops. The flaw is a buffer overflow in the GRUB 2 bootloader, and though an exploit against it could grant complete control over the target system, the attacker would need privileged access to the machine in order to exploit the vulnerability. Researchers at Eclypsium discovered the bug in April and have been collaborating with dozens of affected vendors and project teams, including Microsoft and various Linux distributions. Although fixes will be rolling out beginning today, it could be several months before most affected devices are patched, thanks to the complexity of the Secure Boot process and the difficulty of getting the fix to some of the devices.

          • BootHole Blows Hole In GRUB2 Bootloader Security, Including UEFI SecureBoot

            A major vulnerability in the GRUB2 boot-loader has been made public today that compromises its UEFI SecureBoot capabilities.

            This vulnerability dubbed “BootHole” can allow for malicious code to be inserted into the system at early boot time via GRUB and can even be exploited on UEFI SecureBoot enabled systems.

          • BootHole and Seven Other Vulnerabilities Patched in GRUB2, Update Your Distros Now

            Developers from several popular GNU/Linux distributions coordinated the release of updates for the GRUB2 bootloader, which is used in almost all distros to allow users to patch their systems against no less than eight security vulnerabilities, the most serious of them all being dubbed as BootHole (CVE-2020-10713) and discovered by Jesse Michael and Mickey Shkatov from Eclypsium.

            Canonical reports today that they’ve been aware of the BootHole vulnerability since April 2020, and they worked with many developers from other well known Linux distributions, such as Debian, as well as developers from Microsoft to mitigate the security issue and release updates for users.

            But before releasing updates for the GRUB2 bootloader to address the BootHole vulnerability, Canonical’s security team decided to look for other possible vulnerabilities and it turns out they discovered seven more, including CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15706, and CVE-2020-15707.

          • SUSE addresses BootHole security exposure

            Security researchers from Eclypsium have published an attack called BootHole today. This attack requires root access to the bootloader used in Linux operating systems, GRUB2. It bypasses normal Secure Boot protections to persistently install malicious code which cannot be detected by the operating system.

            Given the need for root access to the bootloader, the described attack appears to have limited relevance for most cloud computing, data center and personal device scenarios, unless these systems are already compromised by another known attack. However, it does create an exposure when untrusted users can access a machine, e.g. bad actors in classified computing scenarios or computers in public spaces operating in unattended kiosk mode. These are scenarios which Secure Boot was intended to protect against.

            SUSE has released fixed grub2 packages which close the BootHole vulnerability for all SUSE Linux products, and is releasing corresponding Linux kernel packages, cloud image and installation media updates. Please follow the normal update procedure to install them. Should you be unsure about your company’s procedure, please consult your local system administrator.

          • Vulnerability found in GRUB2 bootloader, nicknamed ‘BootHole’, comproming Secure Boot

            Users of the popular bootloader may want to update their systems in order to mitigate the danger of this new exploit.

            It’s been revealed that a series of bugs in GRUB2 compromises the chain of trust in a Secure Boot-enabled system. You can read about the full scope of the exploit here but the short of it is that arbitrary code can be executed by an attacker on virtually any system running GRUB2 and using Secure Boot. The attack allows modification of GRUB2’s configuration file and allows for privilege escalation which could potentially mean that intrusions can go undetected by booted operating systems.

            Now, most of the risk comes from an attacker already having some level of privileges but this is still something that should give system administrators some pause. And while Windows systems are theoretically vulnerable as well, it’s far likelier that systems affected in the wild will be running Linux.

            Researchers from Eclypsium were responsible for identifying this vulnerability and have responsibly disclosed the bug to maintainers and the wider ecosystem. Expect package updates in your distro sometime soon. Even then, updates aren’t a complete solution as the keys that Secure Boot rely upon also have to be updated and older ones blacklisted. The Debian project have a good overview of what should be done and I expect that other distributions will follow suit with their own advice on how to deal with this exploit.

          • Sandworm details the group behind the worst cyberattacks in history [iophk: Windows TCO]

            Andy and Nilay discuss the origins of Sandworm, the intricacies and ramifications of their attacks, and what mysteries and situations are still left unsolved. Listen here or in your preferred podcast player to hear the entire conversation.

            Below is a lightly edited excerpt from the conversation.

          • Industrial Systems Can Be [Cr]acked Remotely via VPN Vulnerabilities

            In Secomea GateManager, which allows users to connect to the internal network from the internet through an encrypted tunnel, researchers discovered multiple security holes, including weaknesses that can be exploited to overwrite arbitrary data (CVE-2020-14500), execute arbitrary code, cause a DoS condition, execute commands as root by connecting via hardcoded Telnet credentials, and obtain user passwords due to weak hashing.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • Sneaky Doki Linux malware infiltrates Docker cloud instances [Ed: More exaggeration]

              Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware.

              Dubbed Doki, the malware strand is part of the Ngrok Cryptominer Botnet campaign, active since at least 2018.

              What makes Doki particularly interesting is its dynamic behavior regarding how it connects to its command and control (C2) infrastructure.

            • New form of Linux malware has a clever use for the Dogecoin API

              As more businesses shift their workloads to cloud environments, Linux threats are becoming increasingly common and cybercriminals have devised new tools and techniques to launch attacks against Linux infrastructure.

              One technique they often employ is scanning for publicly accessible Docker servers and then abusing misconfigured Docker API ports to set up their own containers and execute malware on their victim’s infrastructure. The Ngrok botnet is one of the longest ongoing attack campaigns that leverages this technique and a new report from Intezer Labs shows that it takes only a few hours for a new misconfigured Docker server to be infected by this campaign.

              Recently though, the company detected a new malware payload, which they dubbed Doki, that differs from the usual cryptominers typically deployed in this kind of attack. What sets Doki apart from other malware is that it leverages the Dogecoin API to determine the URL of the its operator’s command and control (C&C) server.

            • TrickBot’s new Linux malware covertly infects Windows devices [Ed: “TrickBot is a multi-purpose Windows malware platform that uses different modules to perform various malicious activities, including information stealing, password stealing, Windows domain infiltration,” but let’s blame is on Linux?

              TrickBot’s Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.

          • Privacy/Surveillance

            • Court Denies EFF, ACLU Effort to Unseal Ruling Rejecting DOJ Effort to Break Encryption

              A federal appeals court last week refused to unseal a court order that reportedly stopped the Justice Department from forcing Facebook to break the encryption it offers to users of its Messenger application.

              The unpublished decision ends an effort by EFF, ACLU, and Stanford cybersecurity scholar Riana Pfefferkorn to unseal the 2018 ruling from a Fresno, California federal court. The ruling denied an attempt by the Justice Department to hold Facebook in contempt for refusing to decrypt Messenger voice calls. Despite the fact that the ruling has significant implications for Internet users’ security and privacy—and that the only public details about the case come from media reports—the U.S. Court of Appeals for the Ninth Circuit upheld an earlier decision by the trial court that the public had no right to access the court decision or related records.

            • Why EFF Doesn’t Support California Proposition 24

              This November, Californians will be called upon to vote on a ballot initiative called the California Privacy Rights Act, or Proposition 24. EFF does not support it; nor does EFF oppose it.

              EFF works across the country to enact and defend laws that empower technology users to control how businesses process their personal information. The best consumer data privacy laws require businesses to get consumers’ opt-in consent before processing their data; bar data processing except as necessary to give consumers what they asked for (often called “data minimization”); forbid “pay for privacy” schemes that pressure all consumers, and especially those with lower incomes, to surrender their privacy rights; and let consumers sue businesses that break these rules. In California, we’ve worked with other privacy advocates to try to pass these kinds of strengthening amendments to our existing California Consumer Privacy Act (CCPA).

            • Key questions raised about algorithmic transparency by new GDPR case brought against Uber by its drivers

              Back in 2017, this blog noted a new threat to privacy from the increasing use of workplace surveillance. Once people’s work is quantified automatically, it can then be used for algorithmic management, as we described this year. The coronavirus lockdown has led to millions of people working from home for the first time. As well as presenting numerous issues for workers, it also brings with it new challenges for managers. Some fear that people aren’t working as efficiently as they could, when at home, and this has presented an opportunity for office surveillance systems. For example, MIT Technology Review discusses Enaible:

            • Everything you need to know from the tech antitrust hearing

              The CEOs of Apple, Google, Facebook, and Amazon testified in Congress today — trying to convince the House Judiciary Committee that their business practices don’t amount to anti-competitive monopolies. It’s one of the biggest tech oversight moments in recent years, part of a long-running antitrust investigation that has mustered hundreds of hours of interviews and over a million documents from the companies in question.

            • The beginning of the end for Big Tech? Congress grills Facebook & Amazon over abuse of market power

              Despite the ongoing political theater, and random shouts at members about mask etiquette (“put your mask on!”), the testimony soon began to question the execs in earnest. After about an hour into the event, Rep. Jerry Nadler (D-NY) went back and forth with Zuckerberg over internal company emails, which have now been uploaded by the subcommittee. In one rather revealing email, Zuckerberg explains that acquiring companies like Instagram and Foursquare will give Facebook “a year or more to integrate their dynamics before anyone can get close to their scale again.” It’s this kind of evidence lawmakers will use in determining if Facebook is a monopoly or not. Zuckerberg was later questioned about threatening rivals, which he denied.

            • The creator of Inbox is ready to save Google from itself

              Leggett has just announced the launch of a new full-time business called Simplify. Its goal, as he puts it, is to improve the not-so-optimal design of web services from the outside — using his coding and design chops and relying on regular ol’ web extensions as a vehicle for delivering his vision. And if that sounds slightly familiar, it should.

              Last spring, Leggett created a browser extension called Simplify Gmail (which is available for Chrome as well as for Firefox and even Edge). I wrote about it in this same space and still rely on it personally to this day. It’s no exaggeration to say the simple-seeming software has completely changed the way I interact with Gmail. It remakes Gmail into a totally different beast — one that doesn’t resemble Inbox directly, in terms of its interface or style, but absolutely does bring to mind the concepts that made Inbox beloved by so many productivity-minded email monsters (myself included).

            • Jeff Bezos Drops $10 Million on the House Next Door

              As one might expect from the planet’s richest human, Bezos has a well-documented affinity for buying his neighbors’ homes. Back in the late ’90s, he acquired several properties around his Seattle estate, and he also owns four apartments in the same Art Deco-style Manhattan building, three of them acquired from music executive Tommy Mottola.

            • Rite Aid deployed facial recognition systems in hundreds of U.S. stores

              In the hearts of New York and metro Los Angeles, Rite Aid deployed the technology in largely lower-income, non-white neighborhoods, according to a Reuters analysis. And for more than a year, the retailer used state-of-the-art facial recognition technology from a company with links to China and its authoritarian government.

              In telephone and email exchanges with Reuters since February, Rite Aid confirmed the existence and breadth of its facial recognition program. The retailer defended the technology’s use, saying it had nothing to do with race and was intended to deter theft and protect staff and customers from violence. Reuters found no evidence that Rite Aid’s data was sent to China.

              Last week, however, after Reuters sent its findings to the retailer, Rite Aid said it had quit using its facial recognition software. It later said all the cameras had been turned off.

            • The Garmin hack could have been a disastrous, large scale privacy breach

              Garmin recently suffered a ransomware attack that crippled services for days. The ransomware attack could have been a cover for a more targeted attack on individuals around the world. This wouldn’t be the first time that a more public facing hack ends up being a smokescreen for a more targeted attack. In the recent Twitter hack, most people were bedazzled by the amounts of bitcoin being sent to the bitcoin addresses posted by the compromised accounts of the likes of Bill Gates, Joe Biden, and Elon Musk. The thing is, private direct messages for eight targets were downloaded amid all that mess and the full ramifications of the hack have yet to be felt. While there’s no indication from Garmin – and in fact there is adamant denial on their end – that customers’ personal information or location was accessed, it very easily could have been and that mere fact should scare you greatly.

            • The Garmin Ransomware [Attack] Is Horrifying

              “For consumers, Garmin clearly represents a repository of really detailed information. You turn on your thing when you leave your residence, and you turn it off when you get home. Sometimes, you take a jog in the middle of the day and you’re trying to collect steps at work. These are all things that speak of who you are and what you do and where you live, and can all be quickly turned into identifying information,” John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto, told Motherboard.

              “A couple of years ago, I coined the term fit leaking to describe what happens when fitness tracking is used for intelligence gathering,” he added.

              While most Garmin smartwatches do not connect to the internet natively and store workout information on the devices themselves, the Garmin Connect app does not allow users to transfer their workout information to the app without storing it on Garmin’s servers. Garmin allows users to “Opt Out” of sharing workout information with the company, but opting out makes the app essentially useless: “our apps and websites can still be used to manage device settings and notifications [if you opt out],” the company says, but no workout data will be displayed.

    • Defence/Aggression

      • Yemen: A Torrent of Suffering in a Time of Siege

        It’s time for the world to demand an end to the policy-driven humanitarian crisis.

      • India Nuclear posture, Policy Shift from No First use to First Use

        Moving away from no first use policy will have severe implications on India. First is that adopting a FU option will put both India and Pakistan in the dilemma of first-strike instability for which Pakistan might have fear for survivability. India having a policy, is a firewall in a potential conflict between both India and Pakistan.

      • ‘Silence not the answer’ on jailed Australian lecturer

        It has now emerged that Dr Moore-Gilbert has been moved from Tehran’s Evin Prison, known as a detention centre for foreign political prisoners, to Qarchak women’s prison south of the capital. Qarchak is notorious for its crowded conditions and lack of hygiene, nutritious food and medical care, while inmates have reportedly been infected with Covid-19.

      • Colombia’s Emberá: From rainforest violence to urban want

        Unable to earn a living since the Colombian government imposed a countrywide lockdown in late March, hundreds of Indigenous Emberá who fled violence and poverty in their rainforest reserves are now having to confront the COVID-19 crisis with little assistance.

        Most have been living for months – some, for years – in overcrowded guesthouses in the capital, Bogotá. If they can’t pay the rent, they are evicted. They have no formal access to healthcare and some are weak from malnutrition.

        On Tuesday, as the Andean nation continues to experience a surge in coronavirus cases, Colombian President Iván Duque said the mandatory movement restrictions – and resulting economic fallout – will remain in place at least until the end of August.

    • Environment

    • Finance

      • The Perils and Possibilities of Billionaire Charitable Giving: MacKenzie Scott (Bezos) Makes Her First Move

        Philanthropy is at risk of becoming another extension of the private power of plutocrats, alongside monopoly ownership and media domination.

      • A Privately Funded Border Wall Was Already at Risk of Collapsing if Not Fixed. Hurricane Hanna Made It Worse.

        Intense rain over the weekend from Hurricane Hanna left gaping holes and waist-deep cracks on the banks of the Rio Grande that threaten the long-term stability of a privately funded border fence that is already the focus of lawsuits over its proximity to the river in South Texas.

        The damage comes at the start of what is projected to be an active hurricane season, which runs through Nov. 30.

      • How the Trump Administration Allowed Aviation Companies to Keep Relief Money That Was Supposed to Go to Workers

        This spring, as the coronavirus spread and international travel bans grounded flights, Gebrish Weldemariam got a layoff letter from his airline catering job at Dulles International Airport.

        He’d been working as a driver making more than $18 per hour for Flying Food Group, ferrying in-flight meals between the company’s kitchen and gated planes waiting on the tarmac. Between overtime at the airport and a part-time job driving buses on the side, Weldemariam felt that times were good. Last fall, with his wife expecting a fourth child, the family bought a house not far from the airport, allowing him to be nearby to help care for his oldest son, who has Down syndrome and needs constant attention.

      • Mephistopheles of Wall Street: Goldman Sachs, 1MDB and the Malaysian Settlement

        Malaysia’s politicians were crowing.  “We are confident that we are securing more money from Goldman Sachs compared to previous attempts, which were far below expectations,” stated Finance Minister Tengku Zafrul Aziz.  “We are also glad to be able to resolve this outside the court system, which would have cost a lot of time, money and resources.”

      • Why I’m Staying in the Stock Market

        That’s probably the smartest, and it’s what I consider the advanced version of #2.

        Anyway, that’s my plan, and why. And I’d love to hear how your analysis is similar or how it differs.

      • Dismantle Racial Capitalism

        The COVID crisis has cast into stark relief what has always been true: the wealth and prosperity of the U.S. economy rests on the labor, and the lives, of black and brown people.

        [...]

        Black Americans are dying from COVID-19 at almost three times the rate of white Americans. As has been widely noted, black people in this country face a variety of systemic public health risks—including higher pollution in neighborhoods and greater rates of asthma and heart disease—that contribute to this high fatality rate. Black and brown people are also more likely to work in industries like food service, care work, shipping, meatpacking, and farm work, where workers are being forced to choose between their lives or their livelihoods, while wealthier white-collar workers are better able to shelter and work remotely.

        The failures of the federal economic response accentuated these disparities. Wealthier and whiter communities gained quick access to Fed funds in money markets, while black and brown businesses were largely left out of the small business Paycheck Protection Program. Though most people received a one-time $1,200 cash support, debt payments and rent are still due. Working-class families must scratch together money to make these payments, while financiers and landlords retain their revenue streams.

        The COVID-19 crisis has cast into stark relief what has always been true: the wealth and prosperity of the U.S. economy rests on the labor, and the lives, of black and brown communities. Systemic racial disparities of wealth and health are woven deeply into the fabric of American capitalism.

        This system of racial capitalism is a result of policy choices that structure our political economy. Modern systems of precarious work are rooted in histories of extractive labor models, from Jim Crow to undocumented immigrant labor. Many black and brown workers were cut out of the twentieth-century New Deal social contract. Zoning policies have deliberately concentrated poverty and pollution—and therefore poor health—in black and brown neighborhoods while securing economic gains and class advantage for wealthier and whiter communities. The rise of predatory systems of student and consumer debt paper over the erosion of the safety net and fuel returns for financial interests. The racialization of public goods, from healthcare to welfare to food stamps, has helped drive austerity and the dismantling of the safety net.

    • AstroTurf/Lobbying/Politics

      • Goya Feels the Heat
      • How Covid–19 Could Upend Geopolitics

        This changes everything (or nothing).

      • Covid-19 Can Change International Politics Forever

        I don’t trust you.

      • To Stop Trump’s Military Police State, the House Needs to Withhold Funding From Trump’s Department of Homeland Security

        Trump’s use of  federal agencies to turn our country into a police state is not only unconstitutional. It is straight out of the playbook of the fascist leaders he admires and emulates, and it poses an existential threat to our democracy.

      • What Has Happened to Police Filmed Hurting Protesters? So Far, Very Little.

        It has been almost two months since a Los Angeles Police Department patrol car accelerated into Brooke Fortson during a protest over police violence. She still doesn’t know the name of the officer who hit her or whether that person is still policing the city’s streets. The officer did not stop after hitting Fortson and instead turned around, nearly hitting other demonstrators in the process, and sped off.

        The LAPD almost surely knows who the officer is. The squad car’s number is clearly visible in one of the multiple videos that captured the incident. But the department hasn’t released any information: not the officer’s name, or whether that person has been disciplined. The police say the incident is still under investigation.

      • No Moaning for the Barr
      • AG Bill Barr Grilled by House Lawmakers on Protest Crackdown, Voter Suppression & Pandemic Failures

        We play highlights from Attorney General William Barr’s grilling by the House Judiciary Committee over how he sent militarized federal forces to confront Black Lives Matter protesters, and his opposition to voting by mail, and get response from a close friend of Congressmember John Lewis who is now running for Senate. “In spite of the machinations of Donald Trump and those who do his bidding, including the attorney general, the good news is that we’re seeing a multiracial coalition of people pouring out into American streets,” responds Rev. Dr. Raphael Warnock, “saying that we’re concerned about the soul of our democracy.” Rev. Warnock is running as a Democrat for Senate in Georgia.

      • Killing Democracy in America

        The phrase “thinking about the unthinkable” has always been associated with the unthinkable cataclysm of a nuclear war, and rightly so. Lately, though, I’ve been pondering another kind of unthinkable scenario, nearly as nightmarish (at least for a democracy) as a thermonuclear Armageddon, but one that’s been rolling out in far slower motion: that America’s war on terror never ends because it’s far more convenient for America’s leaders to keep it going — until, that is, it tears apart anything we ever imagined as democracy.

      • Facebook, Google, Amazon and Apple CEOs are trying to use China to manipulate Congress

        That’s the line of attack that Sundar Pichai, Tim Cook, Mark Zuckerberg and Jeff Bezos are prepared for. As members of Congress question Big Tech’s implications for market competition in digital media, they must ask whether these companies unfairly prevent smaller players from being competitive. Do they acknowledge their monopoly status within certain markets? Are they building and planning in ways designed to increase their economic power and market influence even further over time?

      • Congress to Question Tech CEOs About Market Dominance

        The hearing also shines a spotlight on U.S. regulators and lawmakers, whose job it is to set policies and enforce laws that stop firms from using their market dominance to kill competition. They have been under increasing criticism from some antitrust experts that the government’s oversight of these giants has been weak, especially compared to stronger enforcement in Europe.

        In recent years, the tone has changed in Washington from one of caution about taking on Big Tech to one of resolve that something has to be done, Kovacic said.

      • Congrats, Dems: You Just Let Trump’s Chief Henchman Off the Hook

        If you watch a lot of congressional hearings (and congratulations to those who do not), the thing that likely struck you was how quickly this much-anticipated event reverted to the familiar melodrama of so many other congressional hearings.

        Democrats, who are in control of the Judiciary Committee, made soaring speeches about the rule of law, and tacked on a couple of questions at the end. Republicans made craven speeches in hopes of a presidential retweet. And Barr answered what questions he liked, ignored what questions he didn’t like, and generally stalled or obfuscated during the brief moments representatives stopped speechifying long enough for him to say anything.

        This was congressional theater in its purest form, with all sides (Democrats, Republicans, and Barr) trying to score “points” for some nonexistent scorekeeper. Liberal Twitter erupted with praise for particularly incisive speeches from Democrats. White-wing Twitter expressed glee every time Representative Jim Jordan speed-talked a Republican conspiracy theory into the record. Cable news hosts graded the effectiveness of particular representatives. The only thing missing was Jeff Probst handing out immunity idols to the participants.

      • The Senate Has Always Favored Smaller States. It Just Didn’t Help Republicans Until Now.

        On the one hand, the Senate has always been unequal, long giving less populous states an outsized voice relative to their population. But for more than a century, this hasn’t posed much of an issue: Until the 1960s, Republicans and Democrats competed for both densely and sparsely populated states at roughly the same rate

        But over the last several decades, that’s changed. The parties have reorganized themselves along urban-rural lines, and there is now a clear and pronounced partisan small-state bias in the Senate thanks to mostly rural, less populated states voting increasingly Republican. In fact, it’s reached the point that Republicans can win a majority of Senate seats while only representing a minority of Americans.

      • Pranks as Political Activism: From the Yippies to TikTok

        Bogad explains the idea of tactical performance as a force multiplier or a voice amplifier for activist groups. By symbolically subverting authority and collapsing established hierarchy, pranks have become important tools for grassroots political movements — creative, transgressive, and attention-grabbing forms of resistance.

      • What a new president means for Burundi

        A former army general with reformist credentials was sworn in as president of Burundi last month following the sudden death of Pierre Nkurunziza, whose extended and authoritarian rule set off a political crisis that caused hundreds of thousands of people to flee to neighbouring countries.

        But the appointment of a new government that includes ruling party hardliners, and continuing accounts of violence and arrests of opposition supporters during the first few weeks of President Évariste Ndayishimiye’s administration, suggest the prospect of change remains slim in the East African country.

        Several refugees who spoke to The New Humanitarian from underfunded camps in neighbouring Tanzania said they have no current plans to go back home – despite cuts to basic food rations, restrictions on their livelihoods, and periodic threats of forced repatriation.

        “The majority think it is too much to make the decision to return,” said one refugee, who asked for his name to be withheld. “The death of Nkurunziza did not change anything.”

    • Censorship/Free Speech

      • Banning Books

        From abducting civilians and journalist’s to banning books, there lies a bewildered dystopia. A Punjab Assembly board has chosen to boycott appropriation of three books by various writers, other than a day by day paper, and start lawful activity against in excess of hundred online networking IDs for supposedly containing irreverent substance. The Special Committee-6, which met at the get together secretariat here on Thursday under the seat of Law Minister Muhammad Basharat Raja, chose to boycott distribution as well as dissemination of The First Muslim and After the Prophet, the two works by outside creator Lesley Hazleton, and History of Islam by Mazharul Haq. The melancholic history of burning and banning Books has its roots back to when the Chinese emperor Shih Haung Ti buried alive 460 Confucian scholars to control the writings of History in his time. In 212 B.C, he burned all the books in his kingdom retaining only a single copy of each for the royal library. In the case of Pakistan, ideas of intellectuals that are allowed into the mainstream are sublimated through the meniscus of state ideology.

      • UN “concerned” by the new social media bill in Turkey

        The statement continued: “Under the draft bill, which reportedly will be discussed in parliament soon, social media companies would be required to appoint a representative within Turkey. If the companies fail to comply, they would face steep fines and the possibility of having their bandwidth slashed to the point that people in Turkey will not have any meaningful access to their site. The wholesale blocking of websites is not compatible with the right to freedom of expression. The same is true for measures that render websites effectively inaccessible, such as deliberate limitations to available bandwidth.”

        Throssell stressed that the law would also require that companies store all data of their Turkish customers within Turkey, undermining people’s right to communicate anonymously; “The law would also introduce extremely short deadlines for responding to content take-down requests by individuals and the courts. This in combination with the threat of legal liability and fines would provide strong incentives for over-compliance with take-down requests. We are also concerned about expanding the State’s power to demand removal of reporting from news websites.”

    • Freedom of Information/Freedom of the Press

      • Protests continue outside Belmarsh Prison in support of Julian Assange

        Joe Brack, a member of the Julian Assange Defence Committee, said: “The Saturday vigil has been going on for quite a few months now just to keep in mind that Julian Assange is in this Borough of Woolwich, in the super-maximum-security prison, and we won’t tolerate it because he is a journalist who has only told the truth.”

      • Julian Assange’s Political Indictment: Old Wine In Older Bottles

        What we know to date is that restrictions and shackles on Assange’s case are the order of the day. Restricted processes that do nothing to enable him to see counsel and enable a good brief to be exercised are typical. Most of all, the ceremonial circus that we have come to expect of British justice in the menacing shadow of US intimidation has become gloomily extensive. On July 27, that circus was given yet another act, another limping performance. As before, the venue was the Westminster Magistrates’ Court in London.

      • The most dangerous case against press freedom continues in silence

        Conflating [cr]acking and journalism.

        The Trump administration has coupled the Espionage Act indictment with two computer [cr]acking charges.

        The former [cr]acking charge alleges Assange “conspired” with US Army intelligence officer Bradley (now Chelsea) Manning to [cr]ack – rather than receive leaked documents from – a US government computer. The second [cr]acking charge, part of the recent indictment released in June, alleges Wikileaks worked with fellow [cr]acking groups LulzSec and Anonymous to obtain classified US documents.

      • NYPD subpoenaed reporter’s phone records in leak case

        “It is inexcusable that the New York Police Department would subpoena a journalist’s phone records, potentially exposing the journalist’s sources without their knowledge or consent,” said CPJ Program Director Carlos Martinez de la Serna. “The NYPD must disclose to the journalist what, if any, information they obtained from AT&T, and should refrain from pursuing such data in the future.”

    • Civil Rights/Policing

      • Civil Rights Icon Bernard Lafayette on His Friend John Lewis, Freedom Rides & Practicing Nonviolence

        We revisit civil rights leader and Congressmember John Lewis’s early years of activism with Bernard Lafayette, one of Lewis’s closest friends and collaborators. Lafayette participated with Lewis in the first Freedom Rides of 1961 as they attempted to integrate buses and faced brutal beatings by white mobs, and was a fellow leader in the Student Nonviolent Coordinating Committee. Lewis “knew how to relate to people who were different from him and who had different orientations, different values, different philosophies, and that’s why he was such a great leader,” Lafayette says. “He found a way to make a way.”

      • Rev. Warnock of Ebenezer Baptist Church on Legacy of John Lewis & Ongoing Fight for Voting Rights

        We look at the life and legacy of late civil rights icon and Georgia Congressmember John Lewis, who is being mourned across the U.S. and who became the first Black politician to lie in state in the U.S. Capitol Rotunda. “The irony of this moment is that even as we celebrate and honor John Lewis, the patron saint of voting rights, he hailed from the state which in many instances is ground zero for voter suppression,” says Rev. Dr. Raphael Warnock, who serves as senior pastor of the Ebenezer Baptist Church in Atlanta, was with Lewis in the final days of his life and will preside over his memorial service. “In recent years, voting has become increasingly a partisan issue, and there are those who are not embarrassed by making it difficult for people to vote.” Rev. Warnock is also running as a Democrat for Senate in Georgia.

      • Landmark Measure to Repeal ‘Racist,’ Anti-Choice Helms Amendment Hailed as Step to a ‘More Equitable World’

        “Abortion care is healthcare and healthcare is a fundamental human right.”

      • “Police Shouldn’t Be in Schools”: Omar, Pressley, Warren, and Murphy Introduce Bill to End Federal Funding for Officers on Campus

        “Schools should be places of learning, not law enforcement.”

      • “Anarchist” is not an Insult

        “These are anarchists, these are not protesters,” US president Donald Trump said on July 20th, defending his decision to unleash Department of Homeland Security hooligans on anti-police-violence demonstrators in Portland.  Anarchist-bashing  — referring to “radical left-anarchists” in Minneapolis, “ugly anarchists” in Seattle, etc. — has become a consistent Trump campaign theme since May.

      • ‘Racist, Classist Garbage’: Trump Brags to Suburbia About His Repeal of Housing Desegregation Rule

        “This is blatant racism from the President of the United States,” said Sen. Elizabeth Warren. “And it’s disgusting.”

      • Protest Songs Of The Week: ‘This Walk’ and ‘Orgone’ By Jyoti

        The following was originally published at Ongoing History Of Protest Songs.

        Jyoti is the one-woman jazz ensemble moniker of experimental soul artist, Georgia Anne Muldrow and it is the nickname given to her by a family friend, the legendary Alice Coltrane.

      • US federal law officers attack journalists covering protests in Portland

        U.S. federal law enforcement agencies must ensure that journalists can cover protests freely, and must refrain from attacking members of the press, the Committee to Protect Journalists said today.

        “All law enforcement agencies must stop using aggressive tactics against journalists covering protests in the United States,” said CPJ Program Director Carlos Martinez de la Serna. “Journalists in Portland should not have to worry about being targeted by federal agents while doing their jobs.”

      • Pakistan blasphemy: Gunman shoots accused dead in court

        A man accused of blasphemy in Pakistan has been shot dead in a courtroom during his trial in the northern city of Peshawar.

      • Blasphemy accused gunned down at Peshawar Judicial Complex

        A lawyer, who was present in the courtroom when the incident happened, said that a case had been registered against the deceased under blasphemy laws. The accused was brought to court from Peshawar Central Jail.

      • Pakistani Muslim accused of insulting Islam killed in court

        It was not immediately clear how the assailant, identified as Khalid Khan, managed to get into the court amid tight security. The attacker was subsequently arrested.

        The man on trial, Tahir Shamim Ahmad, had claimed he was Islam’s prophet and was arrested two years ago on blasphemy charges, according to Azmat Khan, the police officer. Ahmad died before he could be transported to hospital.

    • Monopolies

      • Amazon Emails Show Effort to Weaken Diapers.com Before Buying It

        At the congressional hearing on tech industry competition Wednesday, a Democrat looking to prove Amazon.com Inc. has too much market power revived one of the best-known examples of the retailer’s competitive streak: an effort to win market share from, and ultimately acquire, the parent company of Diapers.com.

        Amazon acquired Quidsi Inc. for $545 million in 2010, absorbing a competitor then making headway in the lucrative market for products to new parents. Emails released by the antitrust subcommittee detail Amazon’s plan to weaken Quidsi, including undercutting its smaller rival on price.

      • ‘Instagram can hurt us’: Mark Zuckerberg emails outline plan to neutralize competitors

        Zuckerberg continued: “One way of looking at this is that what we’re really buying is time. Even if some new competitors springs up, buying Instagram, Path, Foursquare, etc now will give us a year or more to integrate their dynamics before anyone can get close to their scale again. Within that time, if we incorporate the social mechanics they were using, those new products won’t get much traction since we’ll already have their mechanics deployed at scale.”

        Forty-five minutes later, Zuckerberg sent a carefully worded clarification to his earlier, looser remarks.

        “I didn’t mean to imply that we’d be buying them to prevent them from competing with us in any way,” he wrote.

      • A Handbook to Today’s Tech Hearing

        Each C.E.O. is expected to offer a full-throated defense of his business, with some like Mr. Bezos already laying out their arguments in prepared testimony. To make following along easier — the companies face scrutiny for complex and varied issues — The New York Times prepared this guide to what you are likely to hear and what you should know.

      • Tech CEOs to testify before US Congress antitrust panel

        All four CEOs will testify remotely at the hearing, which comes less than 100 days before the US presidential election.

        The tech bosses are expected to stress how they benefit consumers, particularly during the pandemic, and face competition — particularly from China.

      • Patents

        • Regarding The Patentability Of Plants And Animals In Europe – The G 3/19 Decision (“Pepper”) Of The European Patent Office

          On May 14, 2020, the Enlarged Board of Appeal of the European Patent Office (EPO) decided that excluding “essentially biological processes for the production of plants or animals” from patentability pursuant to Art. 53(b) EPC is to be understood and applied in such a way that products that can be exclusively obtained by means of an essentially biological process are not patentable either. Accordingly, European patents on plants, plant material or animals exclusively obtained by means of an essentially biological process will no longer be granted as a matter of principle.
          1. Background and referred questions

          In the past, the Enlarged Board of Appeal already dealt with the question of the scope of the exclusion effect for patentability under Art. 53(b) EPC on several occasions. Particularly in the two more recent decisions G 2/12 und G 2/13, both issued in March 2015, the Enlarged Board of Appeal concluded that plants and plant material are not excluded from patentability even if they can be exclusively produced by means of an essentially biological process. This construction was opposed by the legal situation in some member states, including Germany. In October 2013, the German Patent Act (PatG) was amended to also exclude animals and plants exclusively produced by means of an essentially biological process from patentability.

          Subsequently, in November 2016, the European Commission published a notice (2016/C 411/03) on the construction of the Directive 98/44/EG, the biotechnology directive of the European Union (EU). In said notice, the Commission took the view that, when the EU biotechnology directive was granted, the EU legislator had intended to exclude products obtained by means of essentially biological processes from patentability. Thus, the construction of Art. 53(b) by the Enlarged Board of Appeal was (also) contrary to the construction of the biotechnology directive by the EU Commission.

          [...]

          On the other hand, a technical step which overcomes the exclusion from patenting is conceivable in particular as a process which itself leads to a modification of the genome within the germ cells of plants or animals. Both targeted mutations established with the help of the CRISPR/Cas9 technology for example, as well as random mutagenesis, such as UV-induced mutations are technical processes that allow patenting. When looking at the offspring of transgenic organisms or mutants produced in this way, if the mutation or transgene is present in said offspring it is not produced exclusively by an essentially biological process and is thus patentable.

          For the assessment of patentability, it is irrelevant whether the “step of a technical nature” is novel, known in the art or trivial, whether it can also occur in nature or whether it is the central element of the invention. However, it must be essential for the modification of the plant or animal.

          In addition, technical aids for crossing and selection are of course patentable themselves as long as they meet the general requirements for patentability, i.e. they are in particular novel and inventive.

        • When the U.S. Patent Office Won’t Do Its Job, Congress Should Step In

          When people get sued by patent trolls, they can fight back in one of two places: a U.S. district court or the Patent and Trademark Office. But the Patent Office is putting its thumb on the scale again in favor of patent owners and against technology users. This time, the Office is relying on specious legal arguments to shut down patent reviews at the Patent and Trademark Appeals Board (PTAB).

          The procedure that’s being undermined at PTAB is a procedure called inter partes review, or IPR. Congress created IPRs in 2012, as a faster and less expensive way of resolving patent disputes than district courts. Since then, they have become an important part of maintaining the patent system. Many patents (especially software patents) are granted after woefully inadequate examinations, and are ultimately invalidated when challenged in court. Given that, it makes sense to allow the U.S. Patent and Trademark Office to take a second look at the patents they’ve handed out. The Patent Office granted more than 350,000 patents last year, and the median examiner review time is less than 20 hours. Mistakes happen. When users or small businesses are accused of patent infringement, they shouldn’t go broke trying to defend themselves in expensive court litigation. 

        • Software Patents

          • $2,500 for prior art on 2BCom patent

            On July 29, 2020, Unified Patents added a new PATROLL contest, with a $2,500 cash prize, seeking prior art on at least claim 1 of U.S. Patent 7,184,707, owned by 2BCom, LLC, an NPE. The ‘707 patent is generally related to a communication device and a method for controlling a communication device that can load or unload service information at appropriate timings by flexibly designating discriminating conditions of connection or disconnection of a link. The ‘707 patent has been asserted in district court against BMW, FCA, and Kia.

          • UNISOC Joins The Largest Patent Non-Aggression Community In History – Open Invention Network

            Open Invention Network (OIN) and UNISOC announced that UNISOC has become one of OIN’s community members. As a leading fabless semiconductor company in mobile communications and IoT chipsets, and a strong proponent of open source software (OSS), UNISOC is committed to OSS as an enabler of advanced communications and industrial / IoT systems.

            “OSS is ushering in a transformation of the IT and Communications sector and enabling realization of the vision of the billion-device universe first discussed in the mid-90’s. Growth in networking through Linux Foundation Networking projects such as OPNFV and ONAP is driving innovation in silicon,” said Keith Bergelt, CEO of Open Invention Network. “As a global leader in mobile and communications chipsets we are excited to have UNISOC join OIN and for its recognition of the need for patent non-aggression in the core of Linux and adjacent OSS.”

          • MobilePay patent held unpatentable

            On July 29, 2020, the Patent Trial and Appeal Board (PTAB) issued a final written decision in Unified Patents, LLC v. MobilePay LLC, holding all challenged claims of U.S. Patent 9,800,706 unpatentable. The ‘706 patent is owned by MobilePay, LLC, an IP Valuation Partners subsidiary and well-known NPE. MobilePay disclaimed some of the challenged claims early in the proceeding, and the Board found the remaining challenged claims unpatentable in the final written decision.

            The ’706 patent is directed to the systems that connect a credit card reader to a mobile phone via the audio port so the mobile phone can be used to transmit credit card data to a cloud service for decoding. The patent has been asserted against PayPal, Bank of America, Mindbody, and Intuit.

      • Trademarks

      • Copyrights

        • Mexico’s New Copyright Law: Cybersecurity and Human Rights

          This month, Mexico rushed through a new, expansive copyright law without adequate debate or consultation, and as a result, it adopted a national rule that is absolutely unfit for purpose, with grave implications for human rights and cybersecurity.

          The new law was passed as part of the country’s obligations under Donald Trump’s United States-Mexico-Canada Agreement (USMCA), and it imports the US copyright system wholesale, and then erases the USA’s own weak safeguards for fundamental rights.

        • Court Lifts Copyright Troll Roadblock but Puts Brakes on Piracy Settlement Bonanza

          A New Jersey district court has reversed a devastating order against Strike 3 Holdings, the most active copyright litigant in the US. A magistrate judge previously denied the company the right to subpoena ISPs because the underlying complaints are futile. While these subpoenas are now allowed, Strike 3 can’t initiate settlement discussions.

        • Disney Obtains New ‘Dynamic’ Court Order to Block 118 ‘Pirate’ Domains

          Disney Enterprises has obtained an injunction from the High Court in Delhi compelling local ISPs to block 118 ‘pirate’ domains. The main targets are streaming platforms offering movies, cartoons and anime, with torrent and proxy sites also included. The injunction is dynamic, meaning that additional domains can be added at a later point.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Slashdot

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 14/8/2020: GNUnet 0.13.2, Mesa 20.2 RC2

    Links for the day



  2. OK, Melinda...

    Teaching children about sex at the age of seven may seem controversial to most people, but not the Gates family



  3. High-Level Criminals Associate Privacy With Crime Because They Want Privacy Only for Themselves (Control But No Accountability)

    Tyrannical tendencies from the non-scientist who tries to paint himself as Mr. “science” (Jeffrey Epstein tried to do exactly the same thing, which is why he and Gates paid universities) are bare naked for everybody to see



  4. It Was Mozilla -- Not Google (or Chrome) -- That Liberated the World Wide Web From MSIE Monoculture and O/S Vendor Lock-in, But Firefox is Likely Dying

    Mozilla's attitude towards software freedom, privacy, and the most widely used free/libre operating system (O/S) isn't helping the "protected media" (DRM) Fox because its biggest selling point is becoming outdated/irrelevant/neglected



  5. Ars Technica, ZDNet and Bleeping Nonsense Still Misreporting to Blame 'Linux' for Malware One Can Merely Add to Linux (Distracting From Systems With Back Doors, Such as Windows)

    A revised (spun) 'report' that we alluded to last night is spreading to more sites today or overnight; but it's totally distorting the situation to make "Linux" seem a lot more dangerous than it really is



  6. DistroTube Does a Richard Stallman

    A video published yesterday in various sites



  7. Reporting Facts is Never a Crime (It Must Not Become That Way)

    The two-party political system in the United States is racing towards bipartisan (transcending perceived 'wings') rejection of free press, which won't be on the ballot box except for "third" parties; it's a real problem because it's designed to weaken if not obliterate accountability



  8. IRC Proceedings: Thursday, August 13, 2020

    IRC logs for Thursday, August 13, 2020



  9. [Meme] Linux Foundation and ZDNet Openwashing Proprietary Mass Surveillance (for a Fee!)

    The Linux Foundation and ZDNet tell us that Facebook is “open” (because it pays for that openwashing); the Foundation’s love of mass surveillance and spin regarding such surveillance is reaching new heights for the Foundation, clearly misusing the “Linux” brand, is rapidly becoming a leading voice for malicious surveillance companies that need openwashing to merely seem or feel “ethical”



  10. [Meme] IBM and Its Shakeups (Shaking up of the Earth)

    The Linux Foundation helps IBM seed shallow press coverage [1-6] about how IBM supposedly ‘saves the world from earthquakes’ 75 years after atomic bombs were dropped on Japan (after IBM had helped develop these), causing earthquakes-like effects and deaths of hundreds of thousands of people



  11. Backup: KIRO Report About Arrest of Rick Allen Jones

    We're making a mirror of this report as the media never touches the topic anymore



  12. Promoting False Perspectives and Narratives About GNU/Linux to Let Microsoft Dominate/Control Everything (Sometimes Quite Cynically in the Name of 'Security' or 'Responsibility')

    Microsoft's "perception management" games are progressing and are finding their way into official blogs of supposed 'competitors' like Canonical and SUSE



  13. Links 13/8/2020: New LibreOffice 6.4.x, Linspire 9.0, Endless OS 3.8.5

    Links for the day



  14. The National Center for Missing and Exploited Children (NCMEC) Identified Some of the Children in the Pornographic 'Stash' of Bill Gates' Engineer

    Today we carefully and responsibly disclose just 9 pages (out of about 2700 pages) with slightly redacted samples and a handful of exemptions to show what Bill Gates' engineer was amassing, including identified kids (known to NCMEC)



  15. A Red Hat Response to Factual Information About Red Hat

    So far we've seen only Red Hat employees blasting our articles about Red Hat/IBM and the responses lack any substance, just name-calling (so we must be on the right track; there's no refutation so far)



  16. Always Look for Stories the Media is Suppressing and Hiding

    Based upon closer scrutiny of the Jones case (engineer of Bill Gates arrested for pedophilia at the Gates mansion), the sentence he received is incredibly negligible or close to nothing (for possession and sharing/dissemination of massive troves of child pornography, typically leading to many years in prison), so we’re closely examining if he’s still working and whether he still works for Bill and Melinda (more FOIA requests may be necessary)



  17. On Web Servers, Microsoft's Collapse Continues More Rapidly Under COVID (a Million Domains Lost in the Past Month)

    Even though the Microsoft-sponsored media repeatedly refuses (or strangely enough just 'fails') to report on it, the days of Microsoft's IIS are likely numbered; it won't be long before less than a million computers run it



  18. Canonical is Boosting Microsoft's Proprietary Software With Extensive Surveillance

    Canonical’s commitment to Free software barely exists; with so-called “Apps” and “Snaps” and “Stores” we’re seeing a gradual transition to — and acceptance of — blobs and DRM, including Microsoft lock-in inside Ubuntu



  19. IRC Proceedings: Wednesday, August 12, 2020

    IRC logs for Wednesday, August 12, 2020



  20. Harfbuzz Joins LibFFI, Zlib1g in Dragging GNOME, All Free Software Towards Microsoft

    "...I don’t want to help them help Microsoft control my computing by proxy — by controlling the development platform itself"



  21. Links 12/8/2020: Go 1.15, LibreOffice 7.0 Downloaded About Half a Million Times, LibreELEC (Leia) 9.2.4

    Links for the day



  22. Mega Setup, Mini Budget

    For a sum total of under £800 (eight hundred British pounds are about USD/$1043) one can piece together a versatile working environment (my latest additions, as of 5 days ago, are the 4 plastic plants)



  23. Twitter Appears to Have Taken Vendor/Platform Lock-in up Another Notch, Having Become Almost as Malicious as Facebook

    Twitter jumped the shark



  24. IRC Proceedings: Tuesday, August 11, 2020

    IRC logs for Tuesday, August 11, 2020



  25. Infographic by Marcia Wilbur: Where's My Refund?!

    Tweet by Marcia Wilbur:



  26. Links 12/8/2020: New GNU Emacs, GXml-0.20, WordPress 5.5, and Mozilla is Laying off 250 Staff

    Links for the day



  27. You Just Know Somebody is in a State of Retreat When the Strategy Becomes to Discredit One's Critics (or Collectively Paint Them All as Wrong/Crazy)

    A goulash of bullcrap from Bill Gates doesn't add up; it seems like his media strategy has warped (or fallen back) onto discrediting his critics as though they don't exist, don't know anything, or are simply jealous



  28. United States v IBM Archives/Resources

    As the massive case against IBM monopoly (United States v IBM; 104,400 pages of trial transcripts and 17,000 exhibits) predates the World Wide Web it's difficult to find comprehensive literature about it any longer (Wikipedia and more modern sites are instruments of revisionism and reputation laundering)



  29. History Goes in Cycles

    Just like antiwar activism was 'quelled' or 'pacified' half a century ago nowadays we're led to think that software freedom is just fine and there's nothing left to argue about (except words and other petty nonsense)



  30. Looking Back at the Real Story of Microsoft

    Let's take a moment to examine what Microsoft was all along (since its formation in 1975)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts