Bonum Certa Men Certa

Links 3/3/2021: OpenSSH 8.5 and Absolute64 20210302 Released



  • GNU/Linux

    • Open source drone makes it to Mars, System76 unveils its new keyboard, and more
      In this edition of our open source news roundup, learn about open source on Mars, System76's new keyboard, a 5G open source stack, and more.

      When NASA's latest Mars rover hit the Red Planet in February, it was partially powered by open source software.

      A small drone helicopter named Ingenuity is inside the rover. Given its distance from Earth, no one will fly Ingenuity manually. Instead, it was built to fly itself using Linux and NASA's open source F€´ framework.

    • Audiocasts/Shows

      • mintCast 355.5 – McKnight in Shining Armor

        1:49 Linux Innards 27:06 Vibrations from the Ether 51:29 Check This Out 58:45 Announcements & Outro

        In our Innards section, we talk to community member Mike!

        And finally, the feedback and a couple suggestions

    • Kernel Space

      • LVFS Serves Up 25 Million Firmware/BIOS Updates To Linux Users - Phoronix

        It was just this past September that LVFS served its 20 millionth firmware file to Linux users updating their system BIOS or device firmware using Fwupd while this week the Linux Vendor Firmware Service crossed the 25 million milestone!

        LVFS/Fwupd lead developer Richard Hughes of Red Hat relayed the news that LVFS has now served more than 25 million firmware files to Linux users. Considering just a few years ago it was difficult updating your system BIOS under Linux and most hardware vendors wouldn't even consider offering firmware updates for Linux, this is an incredible accomplishment.

      • Btrfs: Resolving the logical-resolve €· Marcos' Blog

        Tools like fsck and smartctl are usually used when something bad happens on your disk. But, what if such tools have a problem and also need to be fixed? Well, that’s what we are going to see today.

        [...]

        An astute reader would think that we can get wrong mount points too, like a bind mount that points to a directory within our desired mount point. This was fixed by the commit mentioned in a previous post.

        [...]

        The package btrfs-progs v5.10 already contains the fixes pointed in this post, so make sure to upgrade your package in order to have a working logical-resolve.

      • Graphics Stack

    • Applications

      • Best Free and Open Source Alternatives to Google Maps

        Google has a firm grip on the desktop. Their products and services are ubiquitous. Don’t get us wrong, we’re long-standing admirers of many of Google’s products and services. They are often high quality, easy to use, and ‘free’, but there can be downsides of over-reliance on a specific company. For example, there are concerns about their privacy policies, business practices, and an almost insatiable desire to control all of our data, all of the time.

        What if you are looking to move away from Google and embark on a new world of online freedom, where you are not constantly tracked, monetised and attached to Google’s ecosystem.

        In this series, we explore how you can migrate from Google without missing out on anything. We’ll recommend open source solutions.

    • Instructionals/Technical

      • Kushal Das: Get a TLS certificate for your onion service

        For a long time, I wanted to have a certificate for the onion address of my blog. Digicert was the only CA who was providing those certificates with an Extended Validation. Those are costly and suitable for an organization to get, but not for me personally, especially due to the cost.

      • How To Install Nano Text Editor on CentOS 8 - idroot

        In this tutorial, we will show you how to install Nano Text Editor on CentOS 8. For those of you who didn’t know, Nano comes with many powerful features and allows you to edit and create various files on your computer or server. It includes all the basic functionality same as other text editors such as UTF-8 encoding, syntax highlighting, search and replace with regular expression support, multiple buffers, spellchecking, and more.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Nano Text Editor on CentOS 8.

      • How to Install Terraform in Linux Distributions

        Terraform is a popular cloud orchestration tool in the world of automation, which is used to deploy your infrastructure through the IAC (Infrastructure as code) approach. Terraform is built by Hashicorp and released under Mozilla Public License. It supports public, private as well as hybrid cloud, as of now Terraform supports 145 providers, which includes popular providers like AWS, Azure cloud, GCP, Oracle cloud, and many others.

        Terraform architecture is very simple. All you need is to download the terraform binary to your local/server machine which is going to act as your base machine. We have to mention the provider to work within our syntax file. Terraform will download the plugin for that particular provider automatically and will authenticate with provider API to execute the plan.

    • Games

      • PS2 Emulation Gets Even Nicer With Custom Textures

        PCSX2 has long been a fantastic PS2 emulator, but a recent advance has made it all the more appealing for anyone playing on a PC: the ability to swap textures in games.

        While the famous Dolphin emulator for the GameCube has long supported this feature, PCSX2 has only just brought it in, and it’ll allow modders to improve any kind of texture they want in an old PS2 game. In the example video below by someother1ne, we can see everything from the road in Gran Turismo to the helmets and jerseys in NFL2K5 get swapped out.

      • Valve Finally Makes Steam Link Available for Linux Gamers To Stream Games

        In case you didn’t know, Steam Link was initially a hardware-based solution to let you stream the games that you own in your Steam library from your PC.

        The tech was completely sold out and discontinued in November 2018. Right after that, it was pitched in as a software solution that supported mobile devices and Raspberry Pi to let you stream the game on them from your PC via your home network.

        The list of supported devices includes iPhone, Android TVs, Android phones, Samsung Smart TVs, and Raspberry Pi 3.

    • Distributions

      • BSD

        • OpenSSH 8.5
          OpenSSH 8.5 was released on 2021-03-03. It is available from the
          mirrors listed at https://www.openssh.com/.
          
          

          OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.

          Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: https://www.openssh.com/donations.html

          Future deprecation notice =========================

          It is now possible[1] to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K.

          In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1 hash algorithm in conjunction with the RSA public key algorithm. OpenSSH will disable this signature scheme by default in the near future.

          Note that the deactivation of "ssh-rsa" signatures does not necessarily require cessation of use for RSA keys. In the SSH protocol, keys may be capable of signing using multiple algorithms. In particular, "ssh-rsa" keys are capable of signing using "rsa-sha2-256" (RSA/SHA256), "rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of these is being turned off by default.

          This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs that is still enabled by default.

          The better alternatives include:

          * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them.

          * The RFC8709 ssh-ed25519 signature algorithm. It has been supported in OpenSSH since release 6.5.

          * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These have been supported by OpenSSH since release 5.7.

          To check whether a server is using the weak ssh-rsa public key algorithm, for host authentication, try to connect to it after removing the ssh-rsa algorithm from ssh(1)'s allowed list:

          ssh -oHostKeyAlgorithms=-ssh-rsa user@host

          If the host key verification fails and no other supported host key types are available, the server software on that host should be upgraded.

          This release enables the UpdateHostKeys option by default to assist the client by automatically migrating to better algorithms.

          [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) https://eprint.iacr.org/2020/014.pdf

          Security ========

          * ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket.

          On modern operating systems where the OS can provide information about the user identity connected to a socket, OpenSSH ssh-agent and sshd limit agent socket access only to the originating user and root. Additional mitigation may be afforded by the system's malloc(3)/free(3) implementation, if it detects double-free conditions.

          The most likely scenario for exploitation is a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access.

          * Portable sshd(8): Prevent excessively long username going to PAM. This is a mitigation for a buffer overflow in Solaris' PAM username handling (CVE-2020-14871), and is only enabled for Sun-derived PAM implementations. This is not a problem in sshd itself, it only prevents sshd from being used as a vector to attack Solaris' PAM. It does not prevent the bug in PAM from being exploited via some other PAM application. GHPR#212

          Potentially-incompatible changes ================================

          This release includes a number of changes that may affect existing configurations:

          * ssh(1), sshd(8): this release changes the first-preference signature algorithm from ECDSA to ED25519.

          * ssh(1), sshd(8): set the TOS/DSCP specified in the configuration for interactive use prior to TCP connect. The connection phase of the SSH session is time-sensitive and often explicitly interactive. The ultimate interactive/bulk TOS/DSCP will be set after authentication completes.

          * ssh(1), sshd(8): remove the pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc before it was standardized in RFC4253 (2006), has been deprecated and disabled by default since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.

          * ssh(1), sshd(8): update/replace the experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime coupled with X25519.

          The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per its designers, the sntrup4591761 algorithm was superseded almost two years ago by sntrup761.

          (note this both the updated method and the one that it replaced are disabled by default)

          * ssh(1): disable CheckHostIP by default. It provides insignificant benefits while making key rotation significantly more difficult, especially for hosts behind IP-based load-balancers.

          Changes since OpenSSH 8.4 =========================

          New features ------------

          * ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions: - The key was matched in the UserKnownHostsFile (and not in the GlobalKnownHostsFile). - The same key does not exist under another name. - A certificate host key is not in use. - known_hosts contains no matching wildcard hostname pattern. - VerifyHostKeyDNS is not enabled. - The default UserKnownHostsFile is in use.

          We expect some of these conditions will be modified or relaxed in future.

          * ssh(1), sshd(8): add a new LogVerbose configuration directive for that allows forcing maximum debug logging by file/function/line pattern-lists.

          * ssh(1): when prompting the user to accept a new hostkey, display any other host names/addresses already associated with the key.

          * ssh(1): allow UserKnownHostsFile=none to indicate that no known_hosts file should be used to identify host keys.

          * ssh(1): add a ssh_config KnownHostsCommand option that allows the client to obtain known_hosts data from a command in addition to the usual files.

          * ssh(1): add a ssh_config PermitRemoteOpen option that allows the client to restrict the destination when RemoteForward is used with SOCKS.

          * ssh(1): for FIDO keys, if a signature operation fails with a "incorrect PIN" reason and no PIN was initially requested from the user, then request a PIN and retry the operation. This supports some biometric devices that fall back to requiring PIN when reading of the biometric failed, and devices that require PINs for all hosted credentials.

          * sshd(8): implement client address-based rate-limiting via new sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize directives that provide more fine-grained control on a per-origin address basis than the global MaxStartups limit.

          Bugfixes --------

          * ssh(1): Prefix keyboard interactive prompts with "(user@host)" to make it easier to determine which connection they are associated with in cases like scp -3, ProxyJump, etc. bz#3224

          * sshd(8): fix sshd_config SetEnv directives located inside Match blocks. GHPR#201

          * ssh(1): when requesting a FIDO token touch on stderr, inform the user once the touch has been recorded.

          * ssh(1): prevent integer overflow when ridiculously large ConnectTimeout values are specified, capping the effective value (for most platforms) at 24 days. bz#3229

          * ssh(1): consider the ECDSA key subtype when ordering host key algorithms in the client.

          * ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. The previous name incorrectly suggested that it control allowed key algorithms, when this option actually specifies the signature algorithms that are accepted. The previous name remains available as an alias. bz#3253

          * ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.

          * sftp-server(8): add missing lsetstat@openssh.com documentation and advertisement in the server's SSH2_FXP_VERSION hello packet.

          * ssh(1), sshd(8): more strictly enforce KEX state-machine by banning packet types once they are received. Fixes memleak caused by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).

          * sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206

          * Minor man page fixes (capitalization, commas, etc.) bz#3223

          * sftp(1): when doing an sftp recursive upload or download of a read-only directory, ensure that the directory is created with write and execute permissions in the interim so that the transfer can actually complete, then set the directory permission as the final step. bz#3222

          * ssh-keygen(1): document the -Z, check the validity of its argument earlier and provide a better error message if it's not correct. bz#2879

          * ssh(1): ignore comments at the end of config lines in ssh_config, similar to what we already do for sshd_config. bz#2320

          * sshd_config(5): mention that DisableForwarding is valid in a sshd_config Match block. bz3239

          * sftp(1): fix incorrect sorting of "ls -ltr" under some circumstances. bz3248.

          * ssh(1), sshd(8): fix potential integer truncation of (unlikely) timeout values. bz#3250

          * ssh(1): make hostbased authentication send the signature algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on signature algorithm and not key type.

          Portability -----------

          * sshd(8): add a number of platform-specific syscalls to the Linux seccomp-bpf sandbox. bz#3232 bz#3260

          * sshd(8): remove debug message from sigchld handler that could cause deadlock on some platforms. bz#3259

          * Sync contrib/ssh-copy-id with upstream.

          * unittests: add a hostname function for systems that don't have it. Some systems don't have a hostname command (it's not required by POSIX). The do have uname -n (which is), but not all of those have it report the FQDN.

          Checksums: ==========

          - SHA1 (openssh-8.5.tar.gz) = 04cae43c389fb411227c01219e4eb46e3113f34e - SHA256 (openssh-8.5.tar.gz) = 5qB2CgzNG4io4DmChTjHgCWqRWvEOvCKJskLdJCz+SU=

          - SHA1 (openssh-8.5p1.tar.gz) = 72eadcbe313b07b1dd3b693e41d3cd56d354e24e - SHA256 (openssh-8.5p1.tar.gz) = 9S8/QdQpqpkY44zyAK8iXM3Y5m8FLaVyhwyJc3ZG7CU=

          Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). The PGP key used to sign the releases is available from the mirror sites: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc

          Please note that the OpenPGP key used to sign releases has been rotated for this release. The new key has been signed by the previous key to provide continuity.

          Reporting Bugs: ===============

          - Please read https://www.openssh.com/report.html Security bugs should be reported directly to openssh@openssh.com
      • Slackware Family

        • Absolute64-20210302 released

          Based on Slackware64-current. Slack recompiled everything due to gcc update... Stuff that I did NOT recompile still works, go figure. SpaceFM and ROX-Filer (arox) get me occassional complaints due to their age/ lack of updating... but they work for me and I still don't even use gvfs or udisks, like a default Slackware install. [But Slackware still resists systemd, YEAH!]

          Pulled Kodi and GMT from the installer -- Kodi I never use, so timely updating becomes an issue. GMT (generic mapping tools), no one besides me ever uses. These ommissions trimmed the ISO filesize a bit. Still a lot of development libraries included so the download is not small. But remember, although the distro has lots of files -- it runs lite :-)

      • Canonical/Ubuntu Family

        • Friendly Reminder From The Linux Mint Team: Update Your Computer (And Teach Others How)

          Clem from the Linux Mint team issued a reminder that we should all update our computers last month. It is good advice because "Security updates are very important". We can add that you should teach friends and family how to update their system if you install GNU/Linux on their machines, and the Linux community needs to make upgrades between major versions of GNU/Linux distributions a whole lot easier.

          [...]

          The Linux-focused TV channel Linux Lounge recently brought up a good point in a recent video: The assumption that GNU/Linux users know how to maintain and update their computer systems may be wrong. Quite a few of us have installed a user-friendly GNU/Linux distribution on a family-members computer and said "Good luck" with the assumption the machine will remain safe and secure and free from computer-viruses forever.

          The recent blog post from the Linux Mint team titled "Update your computer!" reminds us that there are a lot of Linux users out there who stick with outdated GNU/Linux distributions for years after they are reach their End-Of-Life and security updates, and other updates, stop coming. Those people are probably running even older software, they are probably not the types of people who kept their distribution up-to-date when it did get regular updates. Some are probably running the exact same base system they got when they originally installed their GNU/Linux distribution.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • The small web is beautiful

          About fifteen years ago, I read E. F. Schumacher’s Small is Beautiful and, despite not being interested in economics, I was moved by its message. Perhaps even more, I loved the terse poetry of the book’s title – it resonated with my frugal upbringing and my own aesthetic.

          I think it’s time for a version of that book about technology, with a chapter on web development: The Small Web is Beautiful: A Study of Web Development as if People Mattered. Until someone writes that, this essay will have to do.

          There are two aspects of this: first, small teams and companies. I’m not going to talk much about that here, but Basecamp and many others have. What I’m going to focus on in this essay is small websites and architectures.

      • Programming/Development

        • How to Deploy a Node.js App – From Server Setup to Production

          In this tutorial, we are going to learn everything we need to know before deploying a Node app to a production server.

          We will start by renting a server on Digital Ocean. Then we'll configure this server, connect to it, install Nginx and configure it, pull or create our Node app, and run it as a process.

          As you can see, there is a lot to do and it will be an action-packed tutorial. So let's get started without wasting any time.

        • React Tutorial – Learn React and JavaScript Programming Basics with Example Code

          React is an open-source JavaScript library that helps you build user interfaces. It's a component-based, declarative, "learn once and write anywhere" tool.

        • How to Build a Solid To-Do App with React

          In this tutorial you will learn how to create a basic Solid to-do app. But what is Solid – not to be confused with SOLID? Well, it's a set of conventions and tools used to build decentralized apps.

          So what do I mean by decentralized? Currently, all our data is centralized in a few web platforms: Facebook, Google, and others. This has various consequences for privacy that we're all aware of, but it also endangers the principle of universality of the web: the web must be accessible to everyone.

        • Working with RESTful Web Services in JavaScript - Creating your First Web Service

          Some developers consider themselves to be server-side specialists, while others focus most of their efforts on client-side coding. The departments of IT shops often reflect those tendencies. However, that need not be the case. Thanks to the emergence of technologies like Node.js, you can write both the server and client components using essentially the same language. In this series on RESTful Web services we'll cover how to to do it all using JavaScript. Today's installment will focus on setting up a basic Web service using Node.js and the Express framework.

        • How to Install R Programming Language Tools on Linux Mint 20

          By following today’s tutorial, you will be able to install the “R” programming language on your Linux Mint 20 system instantly. However, as soon as you feel like you do not want to work with this language anymore, you can conveniently uninstall it from your system to free up your resources.

        • Golang

          • Using Delve to debug Go programs on Red Hat Enterprise Linux - Red Hat Developer

            Delve is now available on Red Hat Enterprise Linux (RHEL). Starting in the RHEL 8.2 and devtools-2020.2 releases, the Go language debugger Delve will be installed with the Go toolchain itself via the go-toolset package.

            Being tailored specifically for Go, Delve has intricate knowledge of the Go runtime and provides features and an environment not available in other debuggers. The tool aims for simplicity of use, staying out of your way as you figure out what’s going wrong with your program. Delve also offers powerful features that let you debug your Go programs as quickly as possible.

        • Python

          • Python's datetime Module – How to Handle Dates in Python

            In this quick guide to Python's datetime module, you'll learn how to parse dates, extract meaningful information from dates, handle timedelta objects and much more.

            So without further ado let's start counting time with Python!

            Most programming languages provide libraries for easy handling of dates. Python offers the powerful datetime module with its many functions and lucid documentation which makes parsing dates easy.

        • Shell/Bash/Zsh/Ksh

          • Elegant bash conditionals

            The if-statement is a very basic thing, not just in bash, but in all of programming. I see them used quite a lot in shell scripts, even though in many cases they can be replaced with something much more elegant.

            In this rather short article, I'll show how control operators can be used instead. Many probably know about this, but don't realize how to use them nicely. This will help you write cleaner shell scripts in the future.

          • How to write a function in bash

            When you are writing a complex bash script (or any complex program for that matter), subdividing the functional logic of the script in smaller modules and writing/testing each module is often an effective coding strategy. A modularized bash script not only makes the script easier to understand, but also makes individual modules re-usable. In bash, such modular programming is achieved with bash functions.

            Even if you have little coding experience, you are probably familiar with the notion of a function in programming. A function is basically a self-contained block of code that performs a specific task via well-defined input/output interfaces. Let's find out how a bash function is written and how to use a function in bash. This bash tutorial will specifically cover how to create a bash function, how to pass arguments to a bash function, how to call a bash function, how to return a bash function, etc.

        • Rust

          • 5 signs you might be a Rust programmer

            I'm a fairly recent convert to Rust, which I started to learn around the end of April 2020. But, like many converts, I'm an enthusiastic evangelist. I'm also not a very good Rustacean, truth be told, in that my coding style isn't great, and I don't write particularly idiomatic Rust. I suspect this is partly because I never really finished learning Rust before diving in and writing quite a lot of code (some of which is coming back to haunt me) and partly because I'm just not that good a programmer.

            But I love Rust, and so should you. It's friendly—well, more friendly than C or C++; it's ready for low-level systems tasks—more so than Python, it's well-structured—more than Perl; and, best of all, it's completely open source from the design level up—much more than Java, for instance.

            Despite my lack of expertise, I noticed a few things that I suspect are common to many Rust enthusiasts and programmers. If you say "yes" to the following five signs (the first of which was sparked by some exciting recent news), you, too, might be a Rust programmer.

    • Standards/Consortia

      • What Every Developer Must Know About Encoding and Unicode

        If you are coding an international app that uses multiple languages, you'll need to know about encoding. Or even if you're just curious how words end up on your screen – yep, that's encoding, too.

        I'll explain a brief history of encoding in this article (and I'll discuss how little standardisation there was) and then I'll talk about what we use now. I'll also cover some Computer Science theory you need to understand.

  • Leftovers

    • Science

      • A materials science approach to combating coronavirus

        Researchers at Tokyo Institute of Technology working in collaboration with colleagues at the Kanagawa Institute of Industrial Science and Technology and Nara Medical University in Japan have succeeded in preparing a material called cerium molybdate (γ-Ce2Mo3O13 or CMO), which exhibits high antiviral activity against coronavirus.

        The ongoing coronavirus pandemic has highlighted the urgency not only of vaccine development and rollout but also of developing innovative materials and technologies with antiviral properties that could play a vital role in helping to contain the spread of the virus.

        Conventional inorganic antimicrobial materials are often prepared with metals such as copper or photocatalysts such as titanium dioxide. However, metal-based materials can be prone to corrosion, and the effects of photocatalysts are usually limited under dark conditions.

        Now, a research team led by Akira Nakajima of Tokyo Institute of Technology's Department of Materials Science and Engineering proposes a new type of an antiviral material that can overcome these drawbacks. The team successfully combined a relatively low-cost rare earth element cerium (Ce) with molybdenum (Mo), which is well known for its antibacterial effects, to prepare two types of cerium molybdate (Ce2Mo3O12 and γ-Ce2Mo3O13) in powder form.

        Both powders exhibited antiviral activity against bacteriophage Φ6. Notably, γ-Ce2Mo3O13 also exhibited high antiviral activity against SARS-CoV-2, the virus that causes COVID-19.

    • Health/Nutrition

      • The US Reaches 500,000 Deaths From the Coronavirus
      • 'It's Like Nobody Cares': After Two Weeks Without Running Water, Jackson, Miss. Pleads for Help

        "Water is a basic necessity and it just brought a lot of frustration, anger, and disappointment," said one of the city's residents. "If you don't know when it's coming back, what is being done to help us?"

      • Black People Face Higher COVID Infections & Deaths. Should They Have Lower Age Cutoffs for Vaccines?

        As the U.S. vaccine rollout continues to expand, health justice advocates worry about a racial gap in vaccinations. Black communities have been hard hit by the pandemic, but rates of vaccination in communities of color lag behind largely white communities across the country. Dr. Oni Blackstock, a primary care and HIV physician, argues that age cutoffs should be lowered or removed for Black people in order to speed up inoculations, noting that Black Americans are twice as likely to die from COVID-19 as white Americans and also dying at rates similar to those of white Americans who are 10 years older. “These fixed-age cutoffs that most states implemented did not take into account structural racism’s toll on Black life expectancy in addition to the impact of the pandemic on the life expectancy of Black people in this country,” says Dr. Blackstock.

    • Integrity/Availability

      • Proprietary

        • Epic Games is buying Fall Guys creator Mediatonic

          According to the blog posts and FAQs detailing the announcement, Fall Guys will remain available on Steam for the time being, and the developer is still bringing the game to both the Xbox and Nintendo Switch platforms. Epic and Mediatonic say there are no plans right now to make the game (which currently costs $19.99) free-to-play, as Epic did with Rocket League. Epic later confirmed it plans to make the PC version of Fall Guys available on the Epic Game Store.

        • You Can Now Install Official Evernote Client on Ubuntu and Debian-based Linux Distributions

          Evernote is a popular note-taking application. It was a revolutionary product at the time of its launch. Since then, there have been several such application that allow you to save web clippings, notes etc into notebook formats.

          For years, the desktop client of Evernote was not available for Linux. Evernote promised a Linux application some time ago and its beta version is finally available for Ubuntu-based distributions.

        • Four zero-day exploits used to attack Microsoft Exchange Server

          It said the four vulnerabilities being exploited — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 — had all been patched on Tuesday US time. The announcement and fixes came a week ahead of the company's regular monthly updates.

        • Last Week on My Mac: Users are losing out against Big Sur’s sealed System

          Big Sur’s sealed System volume seemed like a good idea. Although the read-only version in Catalina may look impregnable, guaranteeing integrity using a Merkle Tree of hashes, then locking the whole lot in a snapshot, looks even more robust. Like other good engineering ideas, though, it also needs thinking through thoroughly.

        • How long before grid attacks become the new normal?

          In the news roundup, David Kris digs into rumors that Chinese malware attacks may have caused a blackout in India at a time when military conflict was flaring on the two nation's Himalayan border. This leads us to Russia's targeting of the U.S. grid and to uneasy speculation on how well our regulatory regime is adapted to preventing successful grid attacks.

        • Security

          • Biggest Data Breaches of 2020 – and What Developers Should Learn From Them

            2020 was not a good year for hacks, data breaches, and other cyber-attacks. As far as those things go, it was among the worst years on record.

            Businesses far and wide experienced some of the most damaging and embarrassing hacks imaginable last year. And some of the incidents led to serious security failures that could end up having grave international implications.

            But despite all of the problems, some of 2020's hacks can yield valuable lessons for programmers and software engineers to help them to harden their products against future attacks.

          • SQL Injection Tutorial - What is SQL Injection and How to Prevent it

            SQL injection is when you insert or inject a SQL query via input data from the client to the application.

            Successful attacks allow an attacker to access sensitive data from the database, modify database data, potentially shut the database down or issue other admin commands, recover the contents of files, and occasionally issue commands to the operating system.

            This type of attack is relatively easy to detect and exploit, so it's particularly important that any vulnerable systems are quickly remediated.

          • Privacy/Surveillance

            • Privacy Talks | Interview with Robin Wilton from Internet Society

              This interview originally aired on August 28th, 2020.

            • Officials in Baltimore and St. Louis Put the Brakes on Persistent Surveillance Systems Spy Planes

              From April to October of 2020, Baltimore residents were subjected to a panopticon-like system of surveillance facilitated by a partnership between the Baltimore Police Department and a privately-funded Ohio company called Persistent Surveillance Systems (PSS). During that period, for at least 40 hours a week, PSS flew surveillance aircraft over 32 square miles of the city, enabling police to identify specific individuals from the images captured by the planes. Although no planes had flown as part of the collaboration since late October—and the program was scheduled to end later this year—the program had become troubling enough that on February 3, the City's spending board voted unanimously to terminate Baltimore's contract with Ohio-based Persistent Surveillance Systems.

              Given the program's problematic history and unimpressive efficacy, it may come as some surprise that on December 11, 2020, City of St. Louis Alderman Tom Oldenburg introduced legislation that would have forced the mayor, and comptroller, to enter into a contract with PSS closely replicating Baltimore's spy plane program.

              With lobbyists for the privately-funded Persistent Surveillance Systems program padding campaign coffers, Alderman Oldenburg's proposal was initially well received by the City's Board of Alders. However, as EFF and local advocates—including the ACLU of Missouri and Electronic Frontier Alliance member Privacy Watch STL—worked to educate lawmakers and their constituents about the bill’s unconstitutionality, that support began to waver. While the bill narrowly cleared a preliminary vote in late January, by Feb. 4 the Rules Committee voted unanimously to issue a "Do Not Pass" recommendation.

            • Is this the future of Covid-19 vaccine passports: open source and based on the Ethereum blockchain?

              But as the article rightly points out: “The key moral and legal issues are not so much about reliability, as about the reliance decision makers will place upon the certificates.” Vaccine certificates might be perfectly implemented, but if politicians shy away from taking meaningful action based on them, they become simply an exercise in window-dressing. As technical implementations of vaccine passports start to arrive, it is vital that the ethical and legal issues are addressed too.

            • Judge approves $650M Facebook privacy lawsuit settlement

              A federal judge on Friday approved a $650 million settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users.

              U.S. District Judge James Donato approved the deal in a class-action lawsuit that was filed in Illlinois in 2015. Nearly 1.6 million Facebook users in Illinois who submitted claims will be affected.

              Donato called it one of the largest settlements ever for a privacy violation.

            • Facebook privacy settlement approved: Nearly 1.6 million Illinois users will ‘expeditiously’ get at least $345

              The settlement class included about 6.9 million Facebook users in Illinois for whom the social network created and stored a face template after June 7, 2011. To qualify, Facebook users had to live in the state for at least six months over the last nine years.

              Nearly 1.6 million claim forms were filed by the Nov. 23 deadline, representing about 22% of eligible Illinois Facebook users.

              Out of the $650 million Facebook agreed to pay, Donato awarded $97.5 million in attorneys’ fees and about $915,000 in expenses. The court also awarded $5,000 to each of the three named plaintiffs in the lawsuit. The rest is to be distributed to all class members equally.

    • Defence/Aggression

      • Biden Ran on Ending Forever Wars. He’s Already Undermining That Promise.

        According to President Biden, the air strikes he launched against Iran-backed militias in Syria on Feb. 25 were designed to send Iran a message: “You can’t act with impunity. Be careful.” But the strikes also sent a disturbing message to Americans: Barely a month into Biden’s presidency, the Middle East quagmire is already undermining his much-advertised commitment to a “foreign policy for the middle class” that will end “forever wars” and focus on “existential” threats such as climate change and on rebuilding America’s strength at home.

      • The George Floyd Murder Was First Degree

        George Floyd’s family and attorney are pushing for a first-degree murder charge for Derek Chauvin. The difference between first and second-degree murder in the United States is premeditation. Brumley Law Firm wonders if 9 minutes of kneeling on someone’s neck could count as premeditated: “The argument could be made in this case that the defendant did premeditate the murder. Nearly nine minutes elapsed while the defendant knelt on the victim’s neck who repeatedly stated he couldn’t breathe and then became unresponsive. During this length of time the defendant had the opportunity to form the requisite intent to kill Mr. Floyd and then took time to consider his actions and then completed the act.”

        Crucially the first-degree murder charge does not necessarily need proof of a plan, only the passage of time. Ben Crump, the family’s lead attorney contends: “For Chauvin to leave his knee on George’s neck despite warnings and evidence that his life was in danger — and to continue that course for many minutes — demands a first-degree murder charge.” For attorney Antonio Romanucci the degree of proof lies in the fact that they knew their actions might cause death: “They are criminally liable because they knew what they were doing could lead to death.”

      • Congressional hearing investigates role of cryptocurrencies in domestic terrorism financing

        The memo for the hearing described the topic at hand:

      • The Turkish Drone War over Nagorno-Karabakh: Gamechanger for more unmanned armament?
      • The Israeli Military Shot My Cousin—and the US Bears Part of the Blame

        January 1, 2021. My aunt Rasmiya Mohammad, 75, began her year with the news that her grandson, my cousin Harun Abu Aram, had been seriously wounded during an Israeli army raid in the Tiwani village in the South Hebron Hills. It was his birthday, and he was turning 24.

      • Nigeria’s Boarding Schools Have Become a Hunting Ground for Kidnappers

        Each kidnapping seems to inspire another. The media coverage that erupts after every incident puts pressure on the government to win the release of the hostages.

        Governors in the north have come under heavy criticism for being unable to protect their citizens. But when hostages are liberated, the government sometimes capitalizes on the publicity. And corrupt government officials have also been accused of skimming portions of the ransom money, according to Nigerian analysts and media reports.

      • Hundreds of Nigerian schoolgirls rescued days after kidnapping

        Hundreds of schoolgirls that were kidnapped at gunpoint in Nigeria have been rescued, authorities said.

        The 279 girls were abducted on Friday by armed men who raided their state-run school in Nigeria's northwest Zamfara State, a high-ranking government official with knowledge of the incident told CNN.

        Yusuf Idris, a spokesman for the regional governor, said Tuesday the girls had been safely returned and were all accounted for. He did not comment when asked whether a ransom was paid for their release.

    • Transparency/Investigative Reporting

      • Mayday: How the White Helmets and James Le Mesurier got pulled into a deadly battle for truth

        The British man behind the Syrian civil defence group, the White Helmets, found himself at the centre of a battle to control the narrative of the Syrian war. Russian and Syrian propagandists accused his teams of faking evidence of atrocities - and convinced some in the West. The battle for truth formed a backdrop to James Le Mesurier's sudden death in Istanbul in November 2019.

    • Environment

      • Weakening Gulf Stream may disrupt world weather

        The Gulf Stream is growing feebler, the Arctic seas are gaining fresh water. Together they could affect the world’s weather.

      • Energy

        • New IEA Data Shows World on Path to Resume 'Carbon-Intensive Business-as-Usual'

          Following warnings that the coronavirus-triggered drop in planet-warming emissions would be short-lived without structural changes, the International Energy Agency released data Tuesday showing that global CO2 emissions from the energy sector were 2 percent higher in December 2020 compared to the same month the previous€ year.

        • ‘The System Worked as Designed in Texas; That’s the Really Scary Thing’

          Janine Jackson: The winter energy crisis in Texas has led to a number of strange scenes, from frozen fish tanks and basements turned into skating rinks to officials claiming that the crisis—in which more than 4 million people were left without electricity or heat, some without water, during a frigid week, and those whose lights stayed on faced eye-popping bills—was caused by the state’s reliance on renewable energy sources. Or, in the words of Gov. Greg Abbott, that it “just shows that fossil fuel is necessary.” Even a critical article on the “disaster foretold” takes the time to spell out:

      • Wildlife/Nature

        • Yellowstone Wasn't Saved by Chance

          In the 1870s and ’80s, opportunists in and out of Congress wanted to open Yellowstone to commercial development, settlement and private ownership. Picture Lamar Valley with a railroad running through it, mansions on Specimen Ridge, and a ski resort on Mount Washburn. Imagine a golf resort in Hayden Valley.

          This is not so far-fetched. In the early 1880s The Yellowstone Park Improvement Company was granted the rights to develop 4,000 acres in the newly minted park, including Old Faithful, Mammoth Hot Springs and the Grand Canyon of the Yellowstone. They planned on building railroads and logging, mining, and cattle ranching in the Park.

        • Oregon’s Logging Industry Says It Can’t Afford New Taxes. But Prices Have Never Been Higher and Profits Are Soaring.

          Thirty years after Oregon lawmakers began giving the state’s timber industry tax cuts that cost rural counties an estimated $3 billion, industry lobbyists warned them not to follow through on efforts to reinstate the tax this year.

          Legislators are considering whether to add to taxes paid by the logging industry after an investigation published last year by Oregon Public Broadcasting, The Oregonian/OregonLive and ProPublica found that timber companies, increasingly dominated by Wall Street real estate trusts and investment funds, benefited from the tax cuts at the expense of rural counties struggling to provide basic government services.

    • Finance

    • AstroTurf/Lobbying/Politics

      • Even Blue States Suppress Student Voters

        At the top of a small hill at the end of a dark, winding, and unlit path in Red Hook, N.Y., sits the only voting location for all of Bard College. For decades, the 750-square-foot building, called St. John’s Episcopal Church, has been the only place for those living on and around Bard’s campus to cast their vote in local, state, and national elections.

      • Happy 90th Birthday, Mr. Gorbachev

        No individual made a more profound impact on world history in the second half of the 20th century than did Mikhail Gorbachev, the last leader of the Soviet Union. The celebration of his 90th birthday on March 2 is a time to reflect on the difference he made and to dispel misconceptions.

      • VP Harris, Maybe You Were Elected for Such a Time as This

        In the biblical story of Queen Esther, a daughter of the exiled Hebrew people rose to power in the society of her day. When the survival of her people became a political issue before the King, Queen Esther’s Uncle Mordecai wrote on behalf of their marginalized community to suggest that God may have placed her in the position she was in for such a time as this. Queen Esther rose to the challenge and risked her position to save her people.

      • The Afghanization of American Democracy?

        What could possibly go wrong with sweeping the 2020 election controversies under the rug? Clues can be found in a recent report, “Elections: Lessons from the U.S. Experience in Afghanistan,” produced by the Special Inspector General for Afghanistan Reconstruction (SIGAR). That report contains more wisdom than will be found in President Trump’s idiotic tweet in December: “A young military man working in Afghanistan told me that elections in Afghanistan are far more secure and much better run than the USA’s 2020 Election.”

        I have been thumping U.S. policy in Afghanistan for a dozen years in CounterPunch, including “Eight Years of Big Lies on Afghanistan” in 2009, “Dying to Corrupt Afghanistan” in 2011, “Obama’s Biggest Corruption Charade” in 2016, and “Your Tax Dollars Bankroll Afghan Child-Molesters” in 2018. Sad to say, this new report has shattered my final illusions on this U.S. rescue mission.

      • As Manchin Yells He Will 'Never...Jesus Christ!' Vote to Kill Filibuster, Warren and Sanders Demand End to Archaic Rule

        "Moderate Democrats in the Senate have a choice to make: They can either defend democracy and the Constitution by passing H.R. 1 or they can save the McConnell filibuster. They can't do both."

      • 'You Do Love to See it': Progressives Cheer Withdrawal of Neera Tanden's OMB Nomination

        "The reason to celebrate the end of Neera Tanden's nomination has nothing to do with her late-night out-of-control rage-tweeting and everything to do with her record."

      • Twitter hashtags trends should be treated as political ads, says EC panel; here's why

        'Hashtag' trends on Twitter may be treated as political advertisements during the election process and subjected to media certification and monitoring committee (MCMC) regulations of the Election Commission, an expert committee set up by Election Commission last year has recommended.

        The committee, in its interim report submitted to the poll panel in January, also called for the creation of a separate social media monitoring cell in the district election officer's (DEO) office so that political ads on social media can be tracked during the elections, Times of India reported.

      • Trump and Gab CEO accounts compromised during large-scale [crack] of alternative social media platform

        Distributed Denial of Secrets, a group similar to WikiLeaks, collected more than 70 gigabytes of data from the platform incorporating more than 40 million posts, according to Wired. The [cracker] who allegedly recouped Gab’s information goes by the identifier "JaXpArO and My Little Anonymous Revival Project.” DDOSecrets co-founder Emma Best said the [cracker] got into the backend database via a SQL injection vulnerability, allowing for a [cracker] to meddle with it.

      • Twitter ups efforts to stop misinformation, labeling falsehoods related to COVID-19 vaccine

        At first, labels will be applied to tweets by Twitter's team when they determine that the content violates the company's policy. After a while, those assessments will be used to inform Twitter's automated tools to label similar content across the social media platform.

      • As Beijing’s power grows, can it shift meaning of ‘human rights’?

        Many observers think few participants will bow out. But that expectation points, in part, to China’s growing leverage on the international stage to push its own vision of human rights and block criticism of its record. Ultimately, experts say, Beijing is promoting a doctrine of non-interference that weakens global norms of human rights transparency and accountability.

        “China is attempting to reinterpret or at least change the balance of our thinking about what we mean by human rights,” says Rosemary Foot, a senior research fellow at the University of Oxford.

    • Censorship/Free Speech

      • Techdirt Podcast Episode 272: Section 230 Matters, With Ron Wyden & Chris Cox

        Last week, we hosted Section 230 Matters, a virtual Techdirt fundraiser featuring a panel discussion with the two lawmakers who wrote the all-important text and got it passed 25 years ago: Chris Cox and Senator Ron Wyden. It was informative and entertaining, and for this week's episode of the podcast, we've got the full audio of the panel discussion about the history, evolution, and present state of Section 230.

      • State Court Says Tennessee's Anti-SLAPP Law Is Constitutional, Shuts Down Litigant Involved In Baseless Libel Litigation

        Tennessee is filled with awful legislators. Fortunately, despite itself, the legislature passed an anti-SLAPP law that appears to finally be putting an end to ridiculous libel lawsuits in the state. Prior to this, residents and libel tourists were abusing the law to do things like silence legitimate criticism and -- believe it or not -- sue a journalist for things said by someone he interviewed.

      • The Most Important Part Of The Facebook / Oversight Board Interaction Happened Last Week And Almost No One Cared

        The whole dynamic between Facebook and the Oversight Board has received lots of attention -- with many people insisting that the Board's lack of official power makes it effectively useless. The specifics, again, for most of you not deep in the weeds on this: Facebook has only agreed to be bound by the Oversight Board's decisions on a very narrow set of issues: if a specific piece of content was taken down and the Oversight Board says it should have been left up. Beyond that, the Oversight Board can make recommendations on policy issues, but the companies doesn't need to follow them. I think this is a legitimate criticism and concern, but it's also a case where if Facebook itself actually does follow through on the policy recommendations, and everybody involved acts as if the Board has real power... then the norms around it might mean that it does have that power (at least until there's a conflict, and you end up in the equivalent of a Constitutional crisis).

      • Blasphemy suspect gets bail over four years after arrest

        The suspect’s counsel argued before the high court that his client had been languishing behind bars for the last four and a half years with no progress in the trial.

        The counsel said the forensic report proved that the alleged blasphemous post in a WhatsApp group had not been generated by the petitioner, who is now 20-years old.

      • Nabeel Masih convicted of Blasphemy at 16 years is to be set free on bail thanks to BACA

        After close to three years in prison Nabeel Masih now 20 years old asked BACA to take over his case. He was devastated over his ongoing incarceration and was desperate to restart his life which he felt was slipping away every day that he remained in a cell. We begun to pursue his freedom via Lahore High Court and hired a Christian solicitor Naseeb Anjum to challenge for his freedom initial seeking bail before we began the longer proceeding for full acquittal. We reasoned that the quicker process of a bail application would enable Nabeel to be freed from his incarceration sooner, enabling him to tackle his suicidal depression and face the challenge of a long battle for exoneration in a position of strength.

        Though initially charges under lower blasphemy offences had been laid against Nabeel Masih, Pattoki Police were building a case for charges under 295/C that would enact a death sentence. Moreover, they were also establishing a list of cyber crimes against Nabeel Masih, an action which was perceived to be a safety net prosecution, should public and international pressure result in the dropping of blasphemy charges against Nabeel. Fortunately for Nabel Masih the additional charges were thrown out of court due to a lack of evidence and a stringent fight by our BACA appointed lawyer.

    • Freedom of Information/Freedom of the Press

    • Civil Rights/Policing

      • Planned Parenthood Returns to Rural Texas

        It was a frigid October morning in the West Texas city of Lubbock as Shelley Woodbridge drove carefully over the thick black ice that covered roads; the coldest day in months, by far. Woodbridge, a single mother, crisscrossed town to drop her three young kids off at different schools. Just before 11 am, she turned onto 22nd Place in the city’s Medical District, and thought about the periwinkle dress she had on—her favorite. “I shouldn’t have worn this today,” she thought. “What if someone throws blood on me?”

      • ICE Is Also Using Utility Databases Run By Private Companies To Hunt Down Undocumented Immigrants

        ICE has always had a casual relationship with the Fourth Amendment. Since it's in the business of tracking foreigners, it has apparently decided the rights traditionally extended to them haven't actually been extended to them.

      • Opinion | In Honduras and Across the World, Human Rights Defenders Continue To Be Killed With Impunity

        Five years after Berta Cáceres was murdered, governments are still failing to protect human rights defenders.

      • ISIS and the UK: the Case of Shamima Begum
      • Anti-Choice Forces Use Pandemic to Slash Abortion Access in Preview of Post-Roe v. Wade World

        We look at how people across the U.S. have struggled to access abortions during the pandemic with reporter Amy Littlefield, who says that even before the COVID-19 outbreak, many states had restrictions, including three-day waiting periods and counseling sessions filled with misinformation. Then, many tried to use the pandemic as a pretext for banning abortion as a nonessential service. “Texas, in the early weeks of the pandemic, sort of gave us a dress rehearsal for what it could look like when states try to ban abortion entirely,” says Littlefield. “We saw how half a century worth of attempts to whittle away at abortion access really collided with a deadly pandemic in a way that was just devastating.”

      • Federal Court Affirms Travelers Have A First Amendment Right To Record TSA Screeners

        It's pretty clearly established you have the right to record public servants as they perform their public duties. There are a few exceptions, but for the most part, if you're not interfering with their work, record away. Public servants hate this, of course, but there's not much they can do about it. Sure, they can try to use local laws to shut down recordings, but those efforts have routinely been rejected by federal courts.

      • A Las Vegas Judge Approves $1.4 Million Payment to Wrongfully Convicted Man Who Served More Than Two Decades

        For the first time, Fred Steese walked into a Las Vegas courtroom on Monday without reason for trepidation. He was there to be awarded nearly $1.4 million by the state of Nevada for wrongfully convicting him of murder.

        “It’s a gigantic day,” Steese said in an interview afterward, noting how odd it felt after decades in which bad things happened to him in courtrooms.

      • Hours After an Employee Accused Him of Sexual Misconduct, Prominent Alaska Executive Resigns

        A week ago, one of Alaska’s most powerful executives abruptly resigned from his job leading the largest tribal health organization in the state. Neither the outgoing president nor the group said why.

        Earlier in the day, his former assistant had delivered a scathing three-page letter to the Alaska Native Tribal Health Consortium that described a pattern of abusive behavior, harassment and coerced sexual encounters by President Andy Teuber, according to the document, obtained by the Anchorage Daily News and ProPublica.

      • A New Form of Jim Crow: Ari Berman on the GOP’s Anti-Democratic Assault on Voting Rights

        The Republican-led House in Georgia has passed a sweeping bill to make it harder to vote, in a move aimed to prevent Democrats from winning future elections. The bill limits access to absentee ballots, limits weekend early voting hours and curbs ballot drop boxes, among other provisions. Across the U.S., Republican lawmakers have introduced more than 250 bills in 43 states aimed at restricting voting access. Ari Berman, author and reporter for Mother Jones, says Republicans are “breaking democracy” with their push to restrict voting. “The Republican Party has no interest in appealing to a majority of Americans. Instead, they are doubling down on anti-democratic tactics so they can get a minority of votes but wield a majority of power,” says Berman.

      • Christian Mother in Uganda Hit with Acid for Her Faith, Sources Say

        “My husband began questioning me whether I had embraced Christianity,” Kyoleka told Morning Star News. “I kept quiet. He started beating me with sticks, and my 5-month-old began crying, and before the arrival of the neighbors, my husband had already poured acid on me, and I lost all consciousness.”

        Kyoleka regained consciousness in a hospital bed in Mbale. She had acid burns on the right side of her body from breast to thigh, including private parts, she said.

    • Internet Policy/Net Neutrality

      • The New York Times (Falsely) Informs Its 7 Million Readers Net Neutrality Is 'Pointless'

        Let's be clear about something: the net neutrality fight has always really been about monopolization and a lack of broadband competition. Net neutrality violations, whether it's wireless carriers blocking competing mobile payment services or an ISP blocking competing voice services, are just symptoms of a lack of competition. If we had meaningful competition in broadband, we wouldn't need net neutrality rules because consumers would vote with their wallets and leave an ISP that behaved like an asshole.

    • Monopolies

      • The Unasked Question In Tech Policy: Where Do We Get The Lawyers?

        When we criticize Internet regulations like the CCPA and GDPR, or lament the attempts to roll back Section 230, one of the points we almost always raise is how unduly expensive these policy decisions can be for innovators. Any law that increases the risk of legal trouble increases the need for lawyers, whose services rarely come cheap.

      • FOSS Patents: Epic Games v. Apple App Store antitrust case: written order confirms May 3 trial date, further details of trial format

        Just like on Monday, it's still unclear how many trial days will be required. Over the next 16 days, the parties will provide different versions of their witness lists to the court. The deadlines for those filings are March 12 (Epic's tentative list), March 16 (Apple's tentative list), March 18 (Epic's supplemental list), and March 19 (either party's consolidated list). There will be another pretrial conference on March 26, and I guess at that one the judge presiding over this landmark case--to me, the most important smartphone litigation ever, eclipsing even Apple v. Samsung and FTC v. Qualcomm--will indicate how many trial days are needed. On Monday, different numbers of weeks were tossed out as hypothetical possibilities. It's hardly going to be shorter than three weeks, I guess.

        Trials in that district often have a rhythym that leaves one, two or even three days per week to the court for other matters. That is particularly the case when there are urgent criminal trials that must be held. In this case, however, Judge Gonzalez Rogers expects to be able to hear Epic Games v. Apple every day Monday through Friday.

        They'll start early (at 8 AM and finish at 3:15 PM, giving her enough time in the afternoon for orders (related to this case and to others she's presiding over). Considering the time zone from which I'll be following the proceedings, this schedule makes it easy for me to listen to the entirety of the public proceedings.

      • MIP International Patent Forum: How to overcome COVID career challenges[Ed: As if these patent zealots aren't already exploiting COVID to make a killing with patent monopolies...]

        This time last year it was hard to imagine that the 2021 Managing IP International Patent Forum would not take place in a London hotel complete with pastry and many opportunities for in-person networking.

        But with the pandemic forcing many events to move online, a virtual conference is the next best thing.

      • Patents

        • Early Disclosures of Patent Filing Activities Related to COVID-19 [Ed: Building monopolies around COVID to rip off the public, deny the poor access to medicine (vaccines), and slow down research (it's all about money, not solving problems, at least to them)]

          As of February 2021, it is still too early to have a clear and complete view of how the COVID-19 health, economic, and social crisis has affected patent filing trends and how innovation specifically dedicated to cope with the present “new normal” situation is the object of patent protection. This pandemic has prompted patent offices to provide companies and investigators with a large number of new web-based services and dedicated policies to cope with logistical and financial problems related to IP operations, as reported in WIPO COVID-19 IP Policy Tracker. Moreover, many websites giving access to patent databases have established dedicated portals to foster research and access to information relevant for developing new technical solutions, such as the PatentScope COVID-19 Index or the patent datasets EPO patent examiners and data analysts have compiled and which can be accessed at the Fighting Coronavirus webpage. These and other patent information search tools may also be used to evaluate to what extent the examination and publication of COVID-19 related patent applications have been accelerated after their filing. This search allows identifying in which countries applicants have shown more interest in getting a patent granted (or at least disclosing own patent-related activities), due to their own perception of the potential financial and strategic importance.

          I have co-authored a study (Falciola L. and Barbieri M., ”Searching and Analysing Patent-Relevant Information for Evaluating COVID-19 Innovation”; posted on the SSRN website on 26 January 2021) on the major trends in scientific and patent publications during the first months as of COVID-19’s appearance. The analysis has been performed in patent databases and official registers of the major patent offices worldwide, using a standardized set of keywords, under three main dimensions: the claimed technologies, the type of patent proceedings, and the countries. The data extracted for the period January-August 2020 show that more than 1,000 patent documents explicitly mentioning the infectious agent (SARS-CoV-2) and/or the disease (COVID-19) were already filed and published. These documents concern products or technologies applicable in a range of domains, mainly in diagnostics and therapeutics but also body protection, disinfection, informatics and mechanical devices. It is interesting to compare the dates of some early 2020 events with the filing dates of the earliest published patent applications, which predate even the official WHO declaration of the COVID-19 pandemic. This is illustrated below.

        • Samsung asks federal court in Texas to throw out Ericsson's FRAND claims: no subject-matter jurisdiction over foreign patents

          After a post on a Texas-size patent damages verdict in the Western District, we're now hopping over to the traditional patent (troll) litigation hotspot, the Eastern District of Texas.

          In Judge Rodney Gilstrap's court, Ericsson brought a FRAND action against Samsung in mid-December, not even knowing that the Korean electronics giant had pre-empted it by filing suit in China, and the Swedish former handset maker amended its Texas case in early January, right after the expiration of the previous cross-license agreement, by throwing in eight standard-essential patent (SEP) infringement claims. Yesterday (Tuesday, March 2) Samsung had to respond to Ericsson's complaint.

          [...]

          That competitive situation between Samsung and Ericsson presumably complicates the patent licensing dispute. Ericsson would like to tax its competition. It asserts patents against everyone, but in the base station market, there's a strategic aspect to it. It's also possible that Samsung's increasing success in the base station market makes some decision makers on Ericsson's side even more determined to maximize the license fees it can siphon off.

          Let's now look at Samsung's above-mentioned motion to dismiss Ericsson's FRAND claims, as this is related to the wider issue of extraterritoriality in patent litigation, a high-priority topic for this blog. Last week, Samsung filed the opening brief in its Federal Circuit appeal of Ericsson's anti-antisuit injunction from Texas, and earlier this week, six law professors explained that the Chinese approach to antisuit injunctions is actually pretty consistent and--as far as I can see--perfectly compatible with U.S. antisuit injunction case law (Gallo and Unterweser). Samsung's motion to dismiss is not based on the fact that Ericsson brought those claims in contravention of the Wuhan antisuit injunction, but on the lack of subject-matter jurisdiction even under Judge Gilstrap's own case law...

        • U.S. v. Arthrex: Supreme Court Oral Argument [Ed: Patent zealots want to stop the quality assessment of USPTO fake patents; because they're patent profiteers who distort patent law and don't want accountability]

          The Supreme Court heard argument on Monday in U.S. v. Arthrex, involving the question of whether appointment of Administrative Patent Judges (APJs) and their authority under the Leahy-Smith America Invents Act violates the Appointments Clause of the Constitution. Both the Government and Smith & Nephew, who lost this argument below, opposed Arthrex in this regard. At argument, the U.S. Government was represented by Malcolm l. Stewart, Deputy Solicitor General, Department of Justice; Smith & Nephew was represented by Mark A. Perry; and Arthrex was represented by Jeffrey A. Lamken.

          The Government argued first; in what is clearly a procedural pattern, the Court permitted each advocate to make their argument in brief before the Chief Justice started the questioning. Deputy Solicitor General Steward began with reference to Edmond v. United States, where the Court held that Coast Guard Court of Criminal Appeals judges were inferior officers. Here, he argued, the USPTO Director's supervisory powers exceed those in the Edmonds case. For example, the Director can "promulgate binding guidance concerning substantive patent law," "designate particular board opinions as precedential," "decide whether any particular review will be instituted and which judges will sit on the panel," and "de-institute a review even after it has been commenced." When included with the Director's power to convene a new panel and overturn any decision against PTO policy, the DSG argued that "[t]aken together, the Director's supervisory powers are fully sufficient to render administrative patent judges inferior officers."

        • Wac(k)o record verdict: jury in Western District of Texas says Intel owes Softbank-owned patent troll $2.175 billion over two patents

          Texas has a reputation for being big and going big. With respect to patents, it's unfortunately also notorious for going off the deep end at times--not all parts of the Lone Star State, but two of its federal districts. For a long time, the Eastern District was synonymous with patent troll-friendly pretrial rulings and juries. More recently, the Western District's Waco division has put into evidence that nothing is ever so bad it couldn't get worse.

          What happened in Waco yesterday is shocking for most of us while it's precisely what patent trolls' political friends like Senators Thom Tillis (R-N.C.) and Chris Coons (D-Del.) would like to see on a monthly if not weekly basis: the potential of money being sucked out of companies that make innovative products by those in the business of patent assertion.

          [...]

          The '373 patent was found to be literally infringed; for the '759 patent, the jury found an infringement under the doctrine of equivalents, and rejected Intel's invalidity contentions.

          The judge was so eager to hold this trial that he conducted an in-person patent trial despite the COVID-19 pandemic.

          The verdict is the highest one ever in an information technology patent case. Only one patent damages verdict in U.S. history was larger; it was about a pharmaceutical patent and, as Professor Mark Lemley (Stanford) notes on Twitter, was "erased on appeal."

          The verdict comes just a week before Intel and Apple will file their second amended complaint (i.e., "version 3.0" in total) in their antitrust action against Fortress in the Northern District of California. Last year they already amended the complaint once, but the case has to be narrowed further.

      • Copyrights

        • U.S. Navy is Liable for Mass Software Piracy, Appeals Court Rules

          The United States Navy is liable for a mass copyright infringement. The Court of Appeals for the Federal Circuit sided with the German software company Bitmanagement, which accused the Navy of copying software without permission. Bitmanagement claimed more than $500 million in damages, but the final amount has yet to be determined.

        • Games Publisher "Cracked & Pirated" 'The Sinking City', Developer Alleges

          Last week, Ukranian games developer Frogwares warned players not to buy the Steam version of its game The Sinking City, stating that it had not created it. In an announcement yesterday, Frogwares said that its own publisher, France-based Nacon, had "cracked and pirated" the game, uploaded it to Steam for profit, then tried to "cover up" the reporting trail.

        • Is Bill C-10 Unconstitutional? A Former Justice Senior General Counsel Makes the Case It Is

          Noting the lengthy CRTC hearing periods, I told the committee that the bill won’t provide new revenues for film and television production until the second half of the decade at the earliest. If a constitutional challenge is added to the mix, the timeline grows even longer. The bill has faced a rough ride at committee and the Palmer submission should give the committee further pause about the wisdom of moving forward without a significant overhaul.



Recent Techrights' Posts

Comparing U.E.F.I. to B.I.O.S. (Bloat and Insecurity to K.I.S.S.)
By Sami Tikkanen
New 'Slides' From Stallman Support (stallmansupport.org) Site
"In celebration of RMS's birthday, we've been playing a bit. We extracted some quotes from the various articles, comments, letters, writings, etc. and put them in the form of a slideshow in the home page."
Thailand: GNU/Linux Up to 6% of Desktops/Laptops, According to statCounter
Desktop Operating System Market Share Thailand
António Campinos is Still 'The Fucking President' (in His Own Words) After a Fake 'Election' in 2022 (He Bribed All the Voters to Keep His Seat)
António Campinos and the Administrative Council, whose delegates he clearly bribed with EPO budget in exchange for votes
Adrian von Bidder, homeworking & Debian unexplained deaths
Reprinted with permission from Daniel Pocock
Sainsbury’s Epic Downtime Seems to be Microsoft's Fault and Might Even Constitute a Data Breach (Legal Liability)
one of Britain's largest groceries (and beyond) chains
 
People Don't Just Kill Themselves (Same for Other Animals)
And recent reports about Boeing whistleblower John Barnett
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 18, 2024
IRC logs for Monday, March 18, 2024
Suicide Cluster Cover-up tactics & Debian exposed
Reprinted with permission from Daniel Pocock
Gemini Links 19/03/2024: A Society That Lost Focus and Abandoning Social Control Media
Links for the day
Matthias Kirschner, FSFE: Plagiarism & Child labour in YH4F
Reprinted with permission from Daniel Pocock
Linux Foundation Boasting About Being Connected to Bill Gates
Examples of boasting about the association
Alexandre Oliva's Article on Monstering Cults
"I'm told an earlier draft version of this post got published elsewhere. Please consider this IMHO improved version instead."
[Meme] 'Russian' Elections in Munich (Bavaria, Germany)
fake elections
Sainsbury's to Techrights: Yes, Our Web Site Broke Down, But We Cannot Say Which Part or Why
Windows TCO?
Plagiarism: Axel Beckert (ETH Zurich) & Debian Developer list hacking
Reprinted with permission from Daniel Pocock
Links 18/03/2024: Putin Cements Power
Links for the day
Flashback 2003: Debian has always had a toxic culture
Reprinted with permission from Daniel Pocock
[Meme] You Know You're Winning the Argument When...
EPO management starts cursing at everybody (which is what's happening)
Catspaw With Attitude
The posts "they" complain about merely point out the facts about this harassment and doxing
'Clown Computing' Businesses Are Waning and the Same Will Happen to 'G.A.I.' Businesses (the 'Hey Hi' Fame)
decrease in "HEY HI" (AI) hype
Free Software Needs Watchdogs, Too
Gentle lapdogs prevent self-regulation and transparency
Matthias Kirschner, FSFE analogous to identity fraud
Reprinted with permission from Daniel Pocock
Gemini Links 18/03/2024: LLM Inference and Can We Survive Technology?
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 17, 2024
IRC logs for Sunday, March 17, 2024
Links 17/03/2024: Microsoft Windows Shoves Ads Into Third-Party Software, More Countries Explore TikTok Ban
Links for the day
Molly Russell suicide & Debian Frans Pop, Lucy Wayland, social media deaths
Reprinted with permission from Daniel Pocock
Our Plans for Spring
Later this year we turn 18 and a few months from now our IRC community turns 16
Open Invention Network (OIN) Fails to Explain If Linux is Safe From Microsoft's Software Patent Royalties (Charges)
Keith Bergelt has not replied to queries on this very important matter
RedHat.com, Brought to You by Microsoft Staff
This is totally normal, right?
USPTO Corruption: People Who Don't Use Microsoft Will Be Penalised ~$400 for Each Patent Filing
Not joking!
The Hobbyists of Mozilla, Where the CEO is a Bigger Liability Than All Liabilities Combined
the hobbyist in chief earns much more than colleagues, to say the least; the number quadrupled in a matter of years
Jim Zemlin Says Linux Foundation Should Combat Fraud Together With the Gates Foundation. Maybe They Should Start With Jim's Wife.
There's a class action lawsuit for securities fraud
Not About Linux at All!
nobody bothers with the site anymore; it's marketing, and now even Linux
Links 17/03/2024: Abuses Against Human Rights, Tesla Settlement (and Crash)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 16, 2024
IRC logs for Saturday, March 16, 2024
Under Taliban, GNU/Linux Share Nearly Doubled in Afghanistan, Windows Sank From About 90% to 68.5%
Suffice to say, we're not meaning to imply Taliban is "good"
Debian aggression: woman asked about her profession
Reprinted with permission from Daniel Pocock
Gemini Links 17/03/2024: Winter Can't Hurt Us Anymore and Playstation Plus
Links for the day