[Meme] Azure Security

Posted in Deception, Microsoft, Security at 6:13 pm by Dr. Roy Schestowitz

Trump Facepalm: Azure is the most secure thing ever; when it's not, this isn't our fault

Summary: Remember that when it's too embarrassing and impossible to fix, then it is a feature, not a bug

Microsoft Whistleblower and Clients Warned, More Than 2 Years Ago in Fact, About the Current Azure Mess (But Microsoft Ignored Those Warnings, Buried Facts)

Posted in Deception, Microsoft, Security at 5:33 pm by Guest Editorial Team

This article is reproduced with a foreword about how Microsoft’s staff were forewarned (and ignored the warnings). As usual, when it comes to Azure, Microsoft just ignores security-related issues because security is not an actual goal. We saw that again very recently. “Covered this a few years ago,” Mitchel Lewis told us, citing new reports such as this one.

New Azure Active Directory password brute-forcing flaw has no fix | Ars Technica

This is in the news now

“My article from two years ago,” he added, already cautioned about it. We reproduce it below in full with permission from Mitchel Lewis.

How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks

Azure walking

MICROSOFT’S Azure AD is the de facto gatekeeper of Microsoft cloud solutions such as Azure, Office 365, and Enterprise Mobility. As an integral component of their cloud ecosystem, it is serving roughly 12.8 million organizations, 950+ million users worldwide, and 90% of Fortune 500 companies on a growing annual basis. Given such a resume, one might presume that Azure Active Directory is secure, but is it?

Microsoft Azure AD

Source: https://www.microsoft.com/en-us/microsoft-365/blog/2017/11/13/how-organizations-are-connecting-their-on-premises-identities-to-azure-ad/

Despite Microsoft itself proclaiming “Assume Breach” as the guiding principle of their security strategy, if you were to tell me a week ago that Azure or Office 365 was vulnerable to rudimentary attacks and that it could not be considered secure, then I probably would have even laughed you out of the room. But when a client of ours recently had several of their Office 365 mailboxes compromised by a simple brute-force attack, I was given no alternative but to question the integrity of Azure AD as a whole instead of attributing the breach to the services merely leveraging it and what I found wasn’t reassuring.

After a simple “Office 365 brute force” search on google and without even having to write a line of code, I found that I was late to the party and that Office 365 is indeed susceptible to brute force and password spray attacks via remote Powershell (RPS). It was further discovered that these vulnerabilities are actively being exploited on a broad scale while remaining incredibly difficult to detect during or after the fact. Skyhigh Networks named this sort of attack “Knock Knock” and went so far as estimating that as many as 50% of all tenants are actively being attacked at any given time. Even worse, it seems as if there is no way to correct this within Azure AD without consequently rendering yourself open to denial of service (DOS) attacks.

PowerShell bruce-force

Source: https://cssi.us/office-365-brute-force-powershell/

In fact, this sort of attack is so prevalent that it happens to be one of the biggest threats to cloud tenant security at Microsoft according to Mark Russonivich (CTO of Azure) and is among several reasons that Microsoft itself advises their customers to enable multi-factor authentication (MFA) for all users and implement advanced threat intelligence available only to E5 subscription levels or greater; basically requiring companies to give Microsoft more money to secure their own solutions. But MFA also doesn’t impede hackers from cracking passwords or protect businesses from a DOS attack nor does it help those that are unaware of its necessity as many tenants are at present.

Exchange and PowerShell
Source: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps

Further, since RPS does not work with deferred authentication (DAP) and MFA, partners consisting of consultants, managed services and support providers also cannot use their partner credentials to connect to the tenants of their clients via RPS for advanced administration and scripting. Even though they can easily manage their clients via a browser-based admin center with MFA, they often have to resort to creating admin accounts within Office 365 tenant itself instead, but others do it simply for ease of access to the admin console or for when they are not the Partner On Record. These accounts are precisely what many of these attacks are targeting, often unbeknownst to admins, and Deloitte’s breach is a perfect example of such a scenario.

Unfortunately, these accounts are often stripped of MFA security to make them more convenient and accessible for the multitude of support and operations staff to use while working for various companies offering support services and they seldom expire or change upon company exit. By default in Office 365 and on top of being vulnerable to being cracked and breached, the password expiration policy is further set to a 730-day expiration and further disabled, rendering accounts vulnerable to a prolonged breach at that. Needless to say, they are ripe for attack and this exact scenario is what enabled a hacker to have unabridged administrative access to Deloitte’s Exchange Online tenant for 6+ months.

Azure panel

Complicating matters even further, the natural solution to this problem renders the tenant vulnerable to DOS attacks by virtue of being able to lock users out of their accounts for a fixed duration imposed by Azure AD; but this is still in preview phases. For example, by default Azure AD Smart Lockout (Preview Stage), which is still in preview, is configured to allow 10 password attempts before subjecting the account to a 60-second lockout, giving attackers a theoretical limit of 14,400 attempts per account/per day. You could decrease the threshold to 5 and increase the duration to 5 minutes protect against breaches, reducing attempts to 1,440 per day, but this would create the potential for downtime for users whenever their accounts are being attacked with brute force and password spray attacks.

More brute-force PowerShell
Source: https://cssi.us/office-365-brute-force-powershell/

However, Tyler Rusk at CSSI also called out that Microsoft doesn’t seem to throttle or limit authentication attempts made through RPS. As shown, Tyler was able to surpass the theoretical 14,400 per day limit listed in Azure AD Smart Lockout Preview without added logic, moving at a rate of 48,000 per day had he let it run for a 24 hour period or an est. 17,520,000 attempts over 365 days. However, there are obvious ways to optimize these efforts even further through via background jobs (start-job cmdlet) by essentially running attacks asynchronously instead of synchronously while optimizing for custom lockout limits, max attempts, and minimal detection. The possibilities are endless with regard to password spray attacks for obvious reasons. To be fair to Tyler and CSSI though and in my opinion, they didn’t need to leverage such measures to validate their concern.

If their lockout feature were to work though and if you were able to reduce the threat surface in the manner above, you would then have to contend with the hard countdown of the duration time. It’s immutable which means that users have to wait for it expire in order to render the account accessible again. The unlock cannot be expedited administratively at present. As such, it can just as easily result in an intentional DOS for end users if they or an unintentional DOS while running the possibility of exposing the attack; that is when/if it starts actually working. Obviously protecting from breach takes precedent over downtime, but becoming prone to DOS attacks is hardly a consolation prize.

Ned Pyle

Banned passwords nor MFA cannot protect against DOS or brute-force attacks either, only against the breach itself. In fact, when brute forcing an account protected by MFA, the MFA challenge itself can be treated as confirmation of a valid cracked username and/or password. In turn, they can then begin to try these credentials in other places which may not be protected by MFA as users and admins alike tend to keep them as similar as possible in multiple directories so that they’re easy to remember. I’ll defer to Ned Pyle of Microsoft as to whether this applies to his employer and their partners.

Summarizing matters thus far, you can brute force accounts housed in Azure AD via RPS. Obvious solutions for this such as MFA, customized password blocking, and advanced threat intelligence are either ineffective, insufficient, paywalled, and/or generate significantly more overhead in order to offset these vulnerabilities. Further, these solutions are often ignored by lazy admins, consultants, and managed services providers and many may be oblivious to this threat entirely; possibly even to breaches of their own. Deloitte has proven that this can even hit the best of them.

Windows 2000 Server

As offensive as all of this may seem though, it’s important to remember that AD was never designed to be public facing, quite the opposite. It has actually always been inherently vulnerable to brute-force, password spray, and DOS attacks by design. AD has always been designed to be implemented in conjunction with various other counter-measures in order to maintain its integrity. This includes but certainly is not limited to relying on physical security measures such as controlled entry and limiting the ability to access the domain to those that make it past physical security measures successfully; with the obvious exception of VPN users. This is nothing new.

That said, AD was never, ever, meant to be the sole source of security for IT infrastructure and is fundamentally dependent on other security measures in order to be effective. Consequently, AD becomes markedly more vulnerable when other pre-emptive methods fail or are non-existent. Put simply, such breaches should be the expectation when depending on Azure AD alone for IT security, and this sadly applies to any Office 365 tenant with its default security settings. However, understanding its limitations helps us illuminate ways to harden Azure AD and mitigate these problems just the same.

It almost goes without saying, but none of the measures necessary to patch these vulnerabilities are free to companies leveraging these services at present. Even if Microsoft were to fix this, who is to say that something else just as simplistic and embarrassing isn’t hiding around in the corner or already being used? That said, avoiding products backed by a 20-year-old security system streamlined for vendor lock-in seems like a viable solution to avoiding this problem in the first place.

Azure AD

Source: https://www.microsoft.com/en-us/microsoft-365/blog/2017/11/13/how-organizations-are-connecting-their-on-premises-identities-to-azure-ad/

Before anything else, I truly think that the onus is on Microsoft to ensure that their baseline configuration for cloud accounts doesn’t expose their tenants unnecessarily. Sure, we could blame ignorant users and lazy admins, but I don’t think that this is fair given the scope of this vulnerability, which is essentially 46% of AzureAD’s user-base (password hash sync + cloud only = 46%). It is unknown how many have MFA enabled and the scope of this is ultimately an unknown both with regard to those who are vulnerable to it, actively being attacked, and/or those already breached though. But as a former tier 3 support engineer for Exchange Online at Microsoft, I can confirm that a significant amount of individuals as well as small-medium businesses are relying on Azure AD exclusively without further counter-measures and that they account for a sizable amount of Office 365’s user-base. That said, telling customers that pay you to secure their mailboxes or to disable basic auth to address this doesn’t cut it.

Microsoft has clearly acknowledged this problem, but rather than hardening their tenants from such attacks as other cloud services have, they have offered solutions only available to their high tier plans so as to capitalize on this problem rather than fixing it. As expensive as they are to migrate away from now, or sticky as they like to call it, their products are just going to become more costly to manage, vulnerable, and difficult to migrate away from over time. This is the malady of any legacy solution.

One easy way for Microsoft to mitigate such attacks is to update their RPS module to support DAP and develop other creative avenues for admins and the like to efficiently and securely manage their clients’ tenants. They should also extend their threat intelligence and advanced customizations available only to costly, high tier license subscribers to all license levels, at least until proper solutions are implemented for all tenant levels.

As an immediate mitigation step though, Microsoft could simply swap the order of authentication. Rather than requiring a password prior to doing a two-step verification on your phone, they could require the phone verification through authenticator app or a third party MFA app such as Duo as the initial means of authentication. By deferring their password in Azure AD as the second step instead of the first, they could buffer its weak password security at present and buy time to implement a proper solution. However, this only applies to users and tenants with MFA enabled and in-use.

System life span

Just as Active Directory seems to create necessity for other costly ancillary solutions, Microsoft seems to have built AzureAD to generate further necessity for more costly solutions coincidentally offered by them just the same. On top of this and if they had their way, their solution to enable MFA would also require employers to buy phones and mobile plans for two-step verification for all of their employees which can cost more on an annual basis than any of their plans.The same can be said of the costs associated with a proper MFA solution and/or an on-premises or hosted ADFS solution (if none exist) as they drastically complicate the solution as a whole while consequently inflating the ownership costs associated with it. As complexity increases, stability falters while costs skyrocket. All of which is why I recommend avoiding their solutions entirely.


Source: https://blogs.partner.microsoft.com/mpn/create-stickiness-with-ip/

But if a company is entrenched with Microsoft products and migration is out of reach, there are options. One solution that companies can implement is ADFS which defers authentication attempts to your own domain controllers on-premise rather than Azure AD while immediately granting more granular control of password policies with Active Directory on-premise and as much protection as money can buy on the network layer. All of which can be quite costly from a licensing perspective alone, let alone the hardware, network infrastructure, and labor required to implement it all let alone the staff to maintain it. This creates a single point of failure, often on-premise, for a cloud solution unless implemented in a highly available manner though.

They can also implement an MFA solution as well but there still remains added exposure and vulnerabilities which may require further consideration. But as mentioned before, there are also added costs and MFA may not protect accounts entirely. Users tend to manually synchronize their passwords across multiple platforms for the sake of remembering it, but not all of them have the same protections, MFA or otherwise. Similar to ADFS, access to your mailbox and other apps are restricted when MFA services are degraded, also becoming a single point of failure, as shown today by Azure’s MFA outage. So if you go with an MFA solution, diversify with a 3rd party MFA provider.

Microsoft password policy

While the existence of dirsync can do little to protect against brute-force attacks, enforcing a strong password policy including a customized banned password list on premise can be mirrored in the cloud. Customers with dirsync already pay for this functionality with Active Directory on premise and can simply have it be mirrored in the accounts synced to the Azure AD forest. Although this cannot protect from brute force, password spray, or denial of service attacks, it can absolutely harden accounts against prolonged breaches.

I suppose they could also call support to complain about it and see if they’ll fix it, but you will likely be met by someone difficult to understand without experience on such matters. Or maybe they could even get a technical account manager to yell into the void or possibly even find someone with half of an ass on your behalf if you have deep enough pockets for a premier membership. While you’re at it, maybe you could upgrade your E3 plan to an E5 plan at almost double your monthly cost of E3 just to pay Microsoft to compensate for its own vulnerabilities.

Microsoft: assume breach

In summary, Microsoft services built on Azure AD along with the businesses leveraging them are vulnerable to brute-force and password spray attacks which can be carried out by anyone with the capacity to run a script in RPS. Also, there isn’t an adequate means of hardening these services without incurring significant financial burden and paying for more of Microsofts services. All of which has probably been the case for as long as the ability to access tenants via RPS has been widely available to admins and ultimately why you would be wise to assume breach with Microsoft cloud solutions just as Microsoft does. Entities can absolutely mitigate these vulnerabilities, but Office 365 and Azure would cease to function as true cloud solutions while generating significantly more overhead costs in the process. All things considered though, it seems as if there is no way to harden Azure AD or the services such as Azure or Office 365 when leveraged by itself without incurring significant costs in addition to the aforementioned introduction of further complexity, points of failure, and on-premise dependencies for your cloud architecture.

By default , Azure AD is more of a security problem than a cloud. This is not to say that Azure cannot be made to be secure but it comes at a cost while sacrificing cloud resiliencies. Although they advise others to assume breach, Microsoft seems to be omitting this reality from Office 365 and Azure advertisements and such inconsistencies are indicative of this stance being more of a cop out than a tenable security strategy because of this. Rather than hardening the vulnerabilities inherent to Active Directory and Azure AD which makes them susceptible to some of the oldest tricks in the book, Microsoft seems to be attempting to capitalize on them instead while exposing those unaware to a haunting amount of risk.

Azure: need premium

[Meme] “This is Intentional Fraud” (European Commission on Impact Assessment of the UPC)

Posted in Deception, Europe, Patents at 4:04 pm by Dr. Roy Schestowitz

Yes, it's good for everybody; Not just law firms that came up with it to bully everybody

Germany and Slovenia ratify Protocol on Provisional Application Unified Patent Court
More here as recently as today (whatever has made it past moderation/censorship by Team UPC)

Summary: Team UPC isn’t giving up; it’s still faking it

Nobody to Talk to About EPO Abuses, Including Abuses Against the Media and Against the EPO’s Own Staff

Posted in Europe, Law, Patents at 3:46 pm by Dr. Roy Schestowitz

MEPs Roberta Metsola (Maltese) and Agnes Jongerius (Dutch)
MEPs Roberta Metsola (Maltese) and Agnes Jongerius (Dutch) love talking about press freedom, but they’re just talking

Summary: The supposed ‘democracy’ we have in Europe isn’t functioning; we’ve been seeing that in the UPC (corrupted media, toothless public officials who work against the public) and we’re seeing that in the EPO as well; they’ve basically put on a pedestal unaccountable systems that shamelessly abuse laws and constitutions

“For the first social dialogue virtual meeting with SUEPO after 11 months,” SUEPO Central wrote today, “President Campinos cherry-picks the agenda topics, imposes the number of attendees and refuses the attendance of SUEPO’s legal advisor. As a result, meetings with SUEPO are further delayed.”

“If none of this produces any results, we’ll escalate further.”This may not be surprising in light of insulting attitude towards courts. Campinos treats court rulings no better than Benoît Battistelli, as he thinks they’re merely gentle recommendations. As a result, earlier today SUEPO sent the following letter to most EPO staff, who are SUEPO members:

su21027cp – 0.2.1

SUEPO meeting with President Campinos could not take place

Dear SUEPO members,

The President invited SUEPO to a video conference on 30 September 2021 at 14.00h to discuss only the “Strike regulations” and a “Memorandum of Understanding”. He excluded from the agenda provided by SUEPO over three weeks ago important topics of concern to staff such as the New Career System.

In view of the legal complexity of these topics, the Central Bureau of SUEPO decided to be accompanied by its legal advisor and informed the President accordingly. However, in his reply, the President refused the attendance of our legal advisor.

SUEPO asked the President by letter1 to reconsider his position as it is standard practice that, similarly to the employer, workers’ unions can also be accompanied in such meetings by legal advisors who are experts in their field and by nature bound by confidentiality. Unfortunately, the President maintained his refusal.

The settlement of disputes remains also of high importance for staff. SUEPO is of course willing to continue social dialogue at the same eye level and has invited2 the President to another meeting on 28 October 2021. By then, SUEPO hopes the President will have created the conditions for the meeting to take place.

Your SUEPO Central Bureau

1 “Our planned meeting on 30 September 2021”, Letter to Mr Campinos of 29 September 2021 (su21025cl)
2 “Invitation to a meeting on 28 October 2021”, Letter to Mr Campinos of 30 September 2021 (su21026cl)

He has no way to rationalise what he did; so Campinos is just running away, evading interactions and mumbling about "gaps" that are fictional.

SUEPO must be feeling the cold shoulder, as did we after we had contacted a number of MEPs. It took a lot of time (not just E-mail but also telephone). We specifically focused on press-related issues and SLAPP (not European software patents or other subjects that merit a challenge). One might be inclined to think that Europe will take such things seriously, not offer mere platitudes and empty promises. But it is mostly the latter.

At the moment, for the record, only one office still communicates on the matter (and barely even that anymore). So it generally seems fair to say that the European Commission and Parliament are intentionally failing to respond to reports of EPO SLAPP. I’ve decided to give them until next week (or week’s end) before concluding they don’t want to challenge their employer’s own abuses. Why next week? They’re made some allusions to holidays (maybe an excuse) and are back to stonewalling. There’s generally a coalition against SLAPP in Europe (the-case.eu) and, to quote a lawyer who helped a little (pro bono), “[i]t seems several MEPs presented a report regarding SLAPPs in the European Parliament in order to propose a legislative proposal establishing minimum standards against SLAPP practices in the EU.”

“You can find an article here,” she told me, citing a piece entitled “EU Parliament to counter lawsuits designed to silence journalists, NGOs”. (“The European Parliament’s committees dealing with legal affairs (JURI), civil liberties and home affairs (LIBE)…”)

One of the MEPs is Roberta Metsola (Maltese), whom I contacted on roberta.metsola@europarl.europa.eu

She never bothered to even reply!

I then contacted also Agnes Jongerius (Dutch) on agnes.jongerius@europarl.europa.eu

“I think you already know this MEP as I remember I read it in one of your articles,” the lawyer said. But no reply, either.

So for the time being, amid German election, we’re only in touch with one MEP who is part of Merkel’s floundering coalition.

If none of this produces any results, we’ll escalate further. “There is an Expert Group against SLAPP in the European Commission. (Expert Group against SLAPP- E03746),” I was advised. “You can approach some of the Members in the different countries to see if they can help you further. Here is the list of Members. You can Google the names and organisations to contact them…”

Maybe that will be the next step, but not before the current endeavours are concluded (we’ve not given up). We’ve intentionally not named the German MEP and party; the MEP claims to care dearly about freedom of the press, but talk is cheap; action takes actual effort.

Links 30/9/2021: Fairphone 4, PostgreSQL 14, MediaGoblin 0.12.0, and GNU Anastasis 0.2.0

Posted in News Roundup at 11:29 am by Dr. Roy Schestowitz

  • GNU/Linux

    • Desktop/Laptop

      • 5 Best Linux Distros to Learn Linux

        Linux is one of the most powerful operating systems, powering numerous devices all across the globe. Linux is free and open-source that drives the foundation of major infrastructure, for example, the internet. It’s a powerful operating system that can bring the most out of your machine and productivity.
        For new users, however, getting into Linux can be daunting. There are numerous choices and technicalities. This “newness” factor can be overwhelming for many. In practice, Linux is not as difficult as it seems.

        This guide will explore some of the best Linux distros to consider if you’re willing to learn Linux.

        Let’s have a look at Windows. It comes with all the necessary binaries and libraries packed in one. Microsoft internally develops and distributes these parts. If you’re willing to use Windows, then you have to use the version Microsoft is offering.

        In the case of Linux, that’s not the case. Each component of Linux is available separately. Each of the components is developed by various organizations and communities. Most of these components are open-source and available free of cost.

        In theory, you could grab all the components you need, bake them together, and build your own Linux system. However, that’s quite a tedious task. This is where Linux distros come in. Any distro comes with all the necessary components and some additional components and tweaks.

    • Audiocasts/Shows

    • Kernel Space

      • Linux Achieves 5.1M IOPS Per-Core With AMD Zen 3 + Intel Optane – Phoronix

        Linux kernel developers have been working tirelessly to squeeze more performance out of IO_uring and the block / I/O code in general. IO_uring lead developer Jens Axboe who also serves as the Linux block subsystem’s maintainer (among other roles and major contributions over the years) has used his system as a baseline for evaluating such kernel improvements. He’s now moved to using AMD Zen 3 while sticking to Intel Optane storage and is seeing a mighty speed boost out of AMD’s latest processors.

        Rather than talking in the 3.5~3.8M IOPS per-core range for evaluating kernel improvements, he is now at over 5 million IOPS per core by upgrading to AMD Zen 3 hardware.

      • Open-source Allwinner V3 ISP driver to enable blob-free camera support in mainline Linux – CNX Software

        Bootlin has just submitted the first patchset for the Allwinner V3 image signal processor (ISP) driver in mainline Linux which should pave the way for a completely open-source, blob-free camera support in Linux using V4L2.

        There are several blocks in an SoC for camera support including a camera input interface such as MIPI CSI 2 and an ISP to process the raw data into a usable image. Add to this the need to implement the code for sensors, and there’s quite a lot of work to get it all working.

        Allwinner SDK comes with several binary blobs, aka closed-source binary, but Bootlin is working on making those obsolete, having first worked on Allwinner A31, V3s/V3/S3, and A83T MIPI CSI-2 support for the camera interface driver in the V4L2 framework (and Rockchip PX30, RK1808, RK3128 and RK3288 processors), as well as implemented support for Omnivision OV8865 and OV5648 image sensors earlier this year.

      • Initial Allwinner V3 ISP support in mainline Linux – Bootlin’s blog

        Several months ago, Bootlin announced ongoing work on MIPI CSI-2 support for the Allwinner A31/V3 and A83T platforms in mainline Linux, as well as support for the Omnivision OV8865 and OV5648 image sensors. This effort has been a success and while the sensor patches were already integrated in mainline Linux since, the MIPI CSI-2 controller patches are on their way towards inclusion.

      • Linux 5.16 To Feature More Extensible VirtIO GPU Driver With “Context Types” Addition – Phoronix

        Google’s work on the VirtIO DRM kernel driver around the notion of “context types” and being able to initialize different types of contexts is set to be merged for Linux 5.16 in opening up more use-cases for this driver that is an important part of the open-source virtualization graphics stack for graphics.

        The existing VirtIO GPU driver is modeled around Virgl protocol usage for 3D within guest virtual machines but with this context init / context type work is around being able to accommodate additional protocols for GPU communication between the guest VM and the host.

      • Graphics Stack

    • Applications

      • 10 Best Screen Recorders for Linux in 2021

        Oftentimes we want to record something on our screen. Whether for making a presentation or a video tutorial. Nowadays screen recording is becoming common, people are making youtube videos regarding various tutorials, how-to guides, and streaming games in which screen recording plays an essential role.

        As the importance and need of having a screen recorder tool on your system are increasing day by day, having a good tool that provides all the features users need is also increasing. Hence, today in this article we’ll discuss the Top 10 Popular Screen Recorder tools on Linux systems to help you understand better which tool to select out of all.

      • Cockpit 254

        Cockpit is the modern Linux admin interface. We release regularly.

        Here are the release notes from Cockpit 254 and cockpit-machines 253:

      • MediaGoblin 0.12.0: Potions

        Happy Software Freedom Day! Today we’re pleased to announce the release of MediaGoblin 0.12.0. See the release notes for full details and upgrading instructions.

        This release resolves two significant issues in the Celery backend media processing. The first was causing processed media to be marked as failed and the second was inhibiting useful error messages. We’ve also resolved installation issues caused by deprecated upstream code in the Werkzeug and jsonschema libraries.

      • Exim 4.95 MTA Comes with a Bunch of Improvements

        The latest version of the popular mail transfer agent, Exim 4.95, ships with TLS resumption support included in default builds.

        If you’re unfamiliar with Exim, it is one of the most used email server software, developed at the University of Cambridge. It is a free software under the GNU General Public License terms, which means that Exim is an open source mail transfer agent (MTA). It is among the best mail transfer agents in regard to its customization and configuration abilities.

        Exim runs primarily on Linux or Unix and is the default MTA on Debian, though Ubuntu and Red Hat Enterprise Linux use Postfix by default.

      • All the Methods To Run a Virtual Machine on Linux System

        Virtual machines are great if you’re trying to deploy a machine into your current operating system without doing any hard partitioning. No matter if you’re a Linux sysadmin or a developer, using a virtual machine is always fun and interesting. Now, you might question that the virtual machines make your original OS slower, and it’s kind of heavy to run on a regular basis. Yes, it’s always a bit heavy to execute virtual machines on the system. Nonetheless, using a virtual machine/Virtual machine on Linux can be a quick solution to test any program or run any application for a short time. Some power users also claim that using a Virtual machine actually increases the work efficiency as it allows you to test or run programs without restarting the entire system.

    • Instructionals/Technical

      • How to fix AH00557: httpd-prefork: apr_sockaddr_info_get() failed

        Last days i was confronted with issue above. i tried many solutions but it doesn’t really work , let me show you in this small tutorials how i have fixed it.

      • How to find the NVIDIA cuda version – nixCraft

        I need to find out the CUDA version installed on Linux. How do I know what version of CUDA I have?

        There are various ways and commands to check for the version of CUDA installed on Linux or Unix-like systems. Finding a version ensures that your application uses a specific feature or API. Hence, you need to get the CUDA version from the CLI.

      • How to Use ZSH Auto-suggestions

        ZSH is a popular Unix shell that extends the Bourne Again Shell. It comes packed with features and improvements over Bash. If you are a regular terminal user, having an exceptional terminal session will improve your workflow and help you enjoy using the terminal.

        This tutorial will teach you how to set up a ZSH shell and add features, such as command auto-suggestions.

      • How to Set Up Google Chromecast: A Step-By-Step Guide to Configuring Your Streamer

        The Google Chromecast, growing in popularity, is one of the more useful streaming devices available to users worldwide today. You can use this elaborate device to stream content, show off your home videos on a bigger screen, and share presentations.

        The device is simple enough, but it does take some work to get it set up and working correctly. This article will teach you how to start using your Google Chromecast and provide some helpful tips along the way.

      • How to Install Google Chrome on Debian and Kali Linux

        Debian and Debian-based Kali Linux come with Firefox as the default web browser. But this does not mean that you cannot install other web browsers in it.

        Google Chrome is hugely popular and you probably already use it on other systems. If you want to install Chrome on Debian, you can surely do so.

        You won’t find Google Chrome in the repositories of Debian because it is not open source software but you can download and install it from Chrome website.

      • How to Install Drupal with Apache and Let’s Encrypt SSL on Debian 11

        Drupal is a free and open-source content management system based on the LAMP stack. Drupal has great standard features that allow you to create powerful websites and blogs. It comes with a lot of themes, plugins, and widgets that help you to create a website without any programming knowledge. It provides a lot of features such as multi-site support, multi-language support, comment system, RSS feed, user registration, and more.

        In this post, we will show you how to install Drupal CMS with Apache and Let’s Encrypt SSL on Debian 11.

      • How to Install Cockpit on Rocky Linux 8

        Cockpit is a server management dashboard that provides real-time information on the state of your machine. In addition to CPU load, filesystem statistics, processes, and other data, it also gives access to the system. When you’re not signed in to the control panel, Cockpit doesn’t use any server resources. The Cockpit service only begins when you go to the control panel and use it.

        You can use Cockpit to manage your server and solve network problems. It also logs in with sudo, which allows you elevated privileges on the system – so there’s no need for a separate group of users.

      • How to Create Linux OS Templates with KVM on Ubuntu 20.04 – VITUX

        KVM refers to the Kernel-based Virtual Machine which helps to run multiple Linux or window-based isolated guests along with their own OS and virtual dedicated hardware. To run KVM your system must be compatible with hardware virtualization extensions, such as AMD-V or Intel-VT.

        The VM template is a copy of the virtual machine including specific virtual machine configuration as well as guest OS. If you need to deploy multiple VM of the same instance then creating a virtual machine using a template comes in handy which plays a huge role in saving time as well as storage.

        This tutorial shows you how to create a VM template from the existing VM on KVM. In this article, the installation of KVM and creating Linux OS templates are done on Ubuntu 20.04 system. Before continuing to the process you are pre-requested to ready the system with KVM installed on it.

      • How to Configure the DHCP Server of VMware Workstation Pro 16

        VMware Workstation Pro 16 uses its own DHCP server to assign IP addresses to virtual machines. DHCP can be configured for the VMware Workstation Pro 16’s NAT and Host-only network interfaces.

        You can configure the IP subnet and assignable IP ranges for each of the NAT and Host-only network interfaces of VMware Workstation Pro 16. You can also configure the DHCP server to assign specific IP addresses to specific VMware Workstation Pro 16 virtual machines.

        In this article, I am going to show how to configure the DHCP server of VMware Workstation Pro 16’s NAT and Host-only network interfaces to change its IP subnet and the assignable IP ranges. I will also show you how to configure the DHCP server to assign specific IP addresses to specific VMware Workstation Pro 16 virtual machines. So, let’s get started.

      • How To View Apache Log Files on Linux – idroot

        In this tutorial, we will show you how to view Apache log files on Linux. For those of you who didn’t know, the Apache access log is one of several log files produced by an Apache HTTP server. This particular log file is responsible for recording data for all requests processed by the Apache server. Apache access log can be used to examine a detailed log of who has been to your website, track errors that are happening when users take some actions on your website.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step view Apache web server log files on Linux.

      • How I use Ansible and anacron for automation | Opensource.com

        Automation is the great IT and DevOps ideal, but in my experience, anything that’s not immediately convenient may as well not exist at all. There have been many times when I’ve come up with a pretty good solution for some task, and I’ll even script it, but I stop short of making it literally automated because the infrastructure for easy automation doesn’t exist on the machine I’m working on.

      • How I monitor my web server with the ELK Stack | Enable Sysadmin

        In a previous article, I introduced Elasticsearch, Logstash, and Kibana (the ELK Stack) and the various components that make up this monitoring system. In this article, I’ll look at how I use the ELK Stack to monitor my Nginx web server. This requires approximately 16GB of memory to operate.

      • Openstack RDO && KVM Hypervisor: Attempt to test Web Cockpit Console on Fedora 35 Beta Server (VENV)

        First Fedora 35 Beta Server deployed as L1 KVM Guest on F34 Bare metal Server . Nested virtualization enabled via virsh console on F34 Server. Complete KVM && Cockpit install performed on L1 F35 Server Guest per https://computingforgeeks.com/how-to-install-kvm-on-fedora/

        Second Debian 11 L2 KVM Guest has been deployed via Web Cockpit Console on F35 Beta Server L1 Guest with no issues.

        Debian 11 L2 Guest (UEFI mode installation) virtual drive has been intensionally configured with Debian Calamares Installer.

      • Better screen resolution with Hyper-V on RHEL 8

        Let’s say you’ve just downloaded your free copy of Red Hat Enterprise Linux (RHEL) 8 and created a virtual machine (VM) using Microsoft’s Hyper-V virtual environment in Windows. So far, so good. But now you find yourself presented with an old-school 1024×768 screen resolution.

      • Make YAML as easy as it looks | Opensource.com

        If you’ve ever tried writing YAML, you may have been initially pleased with how apparently easy it looks. At first glance, the YAML that’s often used for configuration files, Ansible playbooks, and flat-file databases looks more or less as intuitive as a shopping list. However, there’s a lot of nuance in YAML’s structure, and it conceals a dangerous secret: YAML is actually a highly precise, structured, and surprisingly strict language. The good news is that you only need to understand two things to know how YAML works.

        The truth about YAML is that there are only two data structures in YAML: sequences and mappings. Those are two fancy names to represent what you’ll discover are very familiar concepts. This article explains them both, and more importantly, how they work together to make YAML a powerful way to represent the data you care about.

    • Games

      • Kalypso Media forms new studio to work on Tropico 7, hiring developers now | GamingOnLinux

        It seems Tropico 7 is now a confirmed thing, with Kalypso Media emailing today an announcement about forming a brand new studio dedicated to the next game. Early days yet with work ongoing to prepare for Tropico 7, so don’t expect any actual news on the game soon.

        Nine Worlds Studios is the name of the new team, named after “the nine worlds of Norse mythology – symbolising the team’s ambition to create new worlds”. This is the second studio that Kalypso Media has in the tech hub of Munich, Bavaria as they join Realmforge Studios who made Spacebase Startopia and the Dungeons series and Nine Worlds Studios are the fifth development studio within Kalypso Media.

      • Convention Plays Pokemon On Giant Color Game Boy Costume | Hackaday

        Standard cosplay is fun and all, but what is there for admirers to do but look you up and down and nitpick the details? Interactive cosplay, now that’s where it’s at. [Jaryd Giesen] knows this, and managed to pull together a working color Game Boy costume in a few days.

      • Beautiful puzzle game Bonfire Peaks is officially out now | GamingOnLinux

        Bonfire Peaks is a new release from Corey Martin and Draknek that’s a puzzle game about moving things around, and then setting your belongings on fire.

        “Move onwards, move upwards, and leave nothing behind: in Bonfire Peaks, players must climb to the top of a mysterious island ruin, burning everything they own along the way. Featuring hours of masterfully designed puzzle content, a breathtakingly lovely voxel overworld, and not a single second of filler content.”

      • Paradox celebrate 1 year of Crusader Kings III with stats, like Cannibalism being popular | GamingOnLinux

        . I’m eagerly awaiting getting back into it though as it is easily one of the best strategy games supported on Linux. Hopefully they won’t rush out the Royal Court expansion like they seemed to have done for other games recently.

    • Distributions

      • Gentoo Family

        • How upstreams should learn to stop worrying and love uncompressed manpages

          Portage (Gentoo’s primary package manager) allows me to choose my own compression command using the variable PORTAGE_COMPRESS in make.conf(5). As it happens, right now, it defaults to bzip2.

          The vast majority of man pages on my system are therefore compressed with it. This is because most packages don’t bother compressing their man pages – they accept the consensus that it’s for distributions/a user preference. It’s handled by my package manager at the point of installation.

          But it doesn’t stop with choice of algorithm. What about compression levels? What if I choose to use say, pbzip2 instead (notably the same algorithm)?

          i.e. Even if an upstream correctly guesses the right tool I’ve been using to be consistent with my other man pages (and I love consistency), they may end up doing it wrong anyway.

      • IBM/Red Hat/Fedora

        • Runtime Analysis in the Red Hat DevSecOps framework

          September is “runtime analysis” month in Red Hat’s monthly Security series! Since March 2021, the Red Hat Security Ecosystem team has published monthly articles and videos on DevOps Security topics to help you learn how Red Hat can help you master the practice called DevSecOps.

          By explaining how to assemble Red Hat products and introducing our security ecosystem partners, we aim to aid in your journey to deploying a comprehensive DevSecOps solution.

        • IBM Meets With Analysts on Monday. Why You Might Want to Own the Stock Now.

          On Monday, IBM will hold a meeting with analysts, presumably to discuss the financial details of its coming spinoff of Kyndryl, the company’s 90,000-employee IT infrastructure business. You might want to be long the stock headed into the event.

        • Hack APAC: How will you define the new normal?

          A good hackathon is a showcase for what technology, innovation, and creativity can deliver. A great hackathon lets you apply your skills to problems and challenges that inspire you. That’s why we thought our readers would want to know about Hack APAC: The new normal is yours—which challenges developers to address new scenarios emerging in a post-COVID world.

        • 3 fading and 3 future IT culture trends | The Enterprisers Project

          If there’s one takeaway IT professionals across all industries can learn from this pandemic, it’s that you need to be adaptable. Systems, processes, technologies, and internal dynamics must pivot as the business landscape reinvents itself and workplace culture trends shift.

          With a continuous push toward a WFH model, companies need to rethink how their infrastructure will promote collaboration, flexibility, and automation in a virtual or hybrid workplace.

          As a CIO, I know how crucial it is to adopt the right IT culture trends with the staying power to benefit your team long-term versus ones that will become obsolete in this post-COVID ecosystem. Here are some of the fading IT culture trends you’ll want to leave behind, as well as a few emerging, future-minded trends to take along with you.

        • 9 DevOps and DevSecOps best practices for the hybrid work era

          DevOps and digital transformation go hand in hand. DevOps culture and methodology prizes speed, experimentation, and collaboration, all happening on cross-functional teams. The processes and tools involved in DevOps can accelerate digital transformation work across the board.

          How does that translate to the new reality for many organizations of a hybrid work model, combining remote and office work? In the hybrid era, we’re all more reliant on digital tools and services, so DevOps is generally well suited to this work, some experts say.

          For instance, you can more easily hire people around the world when you lose the crutch of having a shared location. “A time difference is even beneficial for certain DevOps functions, such as testing and QA. Remote and hybrid DevOps teams offer unique benefits, including continuous development cycles, better throughput, rapid scale in team structures, and cost savings,” says Helmant Elhance, president, Excellerate.

        • Using Ansible with REST APIs | Opensource.com

          Ansible is a top open source project which, on the surface, looks to provide a simple way to standardize your existing automation and allow it to run in parallel across multiple hosts, and it does this very successfully. Yet, in reality, Ansible has the capabilities to extend what your existing automation does to incorporate other systems and really simplify tasks across all aspects of your daily routine.

          This capability starts with the collections and roles that are included with Ansible and all the third-party utilities distributed through Ansible Galaxy. You may have queried APIs with a web browser or curl, but one of the overlooked capabilities of Ansible is how well it can leverage APIs as part of any playbook. This is extremely useful because the number of REST APIs being built and deployed both internally and across the global internet is increasing exponentially. There’s even a public-apis GitHub repo listing hundreds of free APIs across over a dozen categories just for a sense of scale.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Utkarsh Gupta: FOSS Activites in August 2021

        Here’s my (twenty-third) monthly but brief update about the activities I’ve done in the F/L/OSS world.

      • Personal Management System: A personal CRM and daily routine for busy minds

        PMS is distributed and released under the MIT license which allows commercial use, modification, distribution, and private use. However, it comes without a warranty, liability and copyright notice are a must.

      • The Open Source ecosystem for Drones – itsfoss.net

        One of the global players is the Chinese company DJI. The 14-year-old company has dominated the drone category thanks to an aggressive pricing strategy for its hardware. But with the addition of DJI to the blacklist US Department of Commerce’s, the initial situation changes fundamentally: This step not only prevents DJI from continuing to source US components, but also means that any company that wants to do business with DJI (even if it is only the use of the DJI SDK), now has to check whether these activities comply with US regulations. This becomes a legal risk for the affected company, as does the use of Huawei hardware, the Chinese company that has been on the same list since 2019 and is next to no use in the US.

        An open source ecosystem is now in the process of establishing itself as the industry standard in the battle for market share. Since its inception in 2011, PX4 has become the most widely used open source flight control system for autonomous aircraft. While Auterion is the leading contributor, it is used by an external community of more than 600 contributors, including leading drone and aerospace companies, as well as companies all of whom are committed to software and hardware advancement. According to Auterion, the PX4 has two major advantages over the previous software controls for drones

      • Events

        • First batch of videos from the LibreOffice Conference 2021

          Our online conference for 2021 took place last week, and we’ve already uploaded a bunch of videos from it! Check out the playlist, using the button in the top-right – or scroll down for links to individual videos (PeerTube also to come):

          Please confirm that you want to play a YouTube video. By accepting, you will be accessing content from YouTube, a service provided by an external third party.

        • Fedora Community Blog: Nest With Fedora 2021 recordings now available!

          I am happy to announce the recordings for Nest With Fedora are now up on the Fedora YouTube channel. You can search for the ones you want or watch the whole playlist! There are 56 videos to peruse full of Fedora information and friends! Nest with Fedora 2021 was another huge virtual event success for our community. The event garnered 900+ registrations with an 81% turnout (4% above industry standard). This is almost double our numbers from Nest in 2020. A huge welcome to all the newcomers. We are so glad you are part of the Fedora community!

      • SaaS/Back End/Databases

        • PostgreSQL 14 Released!

          The PostgreSQL Global Development Group today announced the release of PostgreSQL 14, the latest version of the world’s most advanced open source database.

          PostgreSQL 14 brings a variety of features that help developers and administrators deploy their data-backed applications. PostgreSQL continues to add innovations on complex data types, including more convenient access for JSON and support for noncontiguous ranges of data. This latest release adds to PostgreSQL’s trend on improving high performance and distributed data workloads, with advances in connection concurrency, high-write workloads, query parallelism and logical replication.

          “This latest release of PostgreSQL advances our users’ ability to manage data workloads at scale, enhances observability, and contains new features that help application developers,” said Magnus Hagander, a PostgreSQL Core Team member. “PostgreSQL 14 is a testament to the dedication of the global PostgreSQL community in addressing feedback and continuing to deliver innovative database software that is deployed by organizations large and small.”

          PostgreSQL, an innovative data management system known for its reliability and robustness, benefits from over 25 years of open source development from a global developer community and has become the preferred open source relational database for organizations of all sizes.

        • PostgreSQL 14 released

          Version 14 of the PostgreSQL relational database manager is out.

        • PostgreSQL 14.0 Released With More Performance Improvements

          PostgreSQL 14.0 is now officially available as the latest version of this widely-used, open-source SQL server.

          As with most major PostgreSQL releases, PostgreSQL 14 brings more performance improvements. In particular there are new optimizations around parallel queries, heavily-concurrent workloads, partitioned tables, logical replication, and vacuuming. PostgreSQL 14 also has B-tree index updates so they are managed more efficiently. PostgreSQL 14′s libpq library also now allows for pipelining multiple queries to improve throughput over high latency connections.

        • PostgreSQL Global Temporary Tables extension v2.6 released

          pgtt is a PostgreSQL extension to create, manage and use Oracle-style Global Temporary Tables.

          The main interest of this extension is to reproduce Oracle behavior with GTT when you can not or don’t want to rewrite the application code when migrating to PostgreSQL. In all other case best is to rewrite the code to use standard PostgreSQL temporary tables.

          This is a maintenance release to add support for upcomming PostgreSQL 1

      • CMS

        • People of WordPress: Yordan Soares

          WordPress is open source software, maintained by a global network of contributors. There are many examples of how WordPress has changed people’s lives for the better. In this monthly series, we share some of the amazing stories.

          To coincide with International Translation Day and the final day of the 2021 WordPress Translation celebration, we feature the story of a WordPresser who has made a major impact in the polyglots team.

      • FSF

        • GNU Projects

          • GNU Anastasis v0.2.0 released

            GNU Anastasis is a Free Software protocol and implementation that allows users to securely deposit core secrets with an open set of escrow providers and to recover these secrets if their original copies are lost.

            Currently, GNU Anastasis is released as Alpha-quality software. It is not yet production ready! You cannot rely on it to keep your secrets recoverable today! In particular, we need to still review the various country-specific questions used to create unique user identifiers at the beginning of the backup and recovery process. Community feedback on those inputs would be particularly welcome!

      • Programming/Development

        • Qt 6.2 for Android
        • Qt 6.2 LTS Released
        • Qt 6.2 LTS Released With Qt6 Now Aiming To Be Ready For Widespread Adoption – Phoronix

          Qt 6.2 LTS is out today as the first long-term support release in the Qt6 series and also with all of the major modules now ported over from Qt5 in aiming to make this a suitable point to transition from Qt 5.15 LTS.

        • Qt Design Studio 2.2 Released

          We are happy to announce the release of Qt Design Studio 2.2.

        • FreeAptitude – Playing with D-Bus and KDE applications (Part 1)

          Speaking about the several ways that a Linux system offers to users to create custom automation, there is a software technology that hides under the hoods of modern desktop environments,

        • prctl in C example Usage

          The prctl system call has been used in the C language to manipulate diverse characteristics of the calling function or process activities. The first parameter of the “prctl” system call defines what has to be done with the initialised values in header. All the other arguments or parameters would be used as per the first argument and its worth. Let’s take a deep glance at the “prctl” system call in C while we have been working on the Ubuntu 20.04 at the time of implementing this article.

        • Python

          • The basics of PyQt5

            PyQt5 is a python module for GUI desktop application development. It’s available for multiple platforms such as Windows, Mac, Linux, iOS, and Android. Python offers several modules that are, in fact, capable of GUI development, such as Tkinter, wxPython, PySide2, and more. However, PyQt5 utilizes more than 1000 classes; in fact, PyQt5 is a huge module! Moreover, PyQt5 includes a Qt Designer, a graphical user interface designer, which further facilitates GUI creation. It can be used to create anything from media players to web browsers. In this tutorial, we will learn the basics of the PyQt5 module.

        • Shell/Bash/Zsh/Ksh

          • Is Fish Shell Better Than ZSH?

            As Linux power users, we spend most of our computing time working in the terminal. When it comes to which shell to use, there are three main competitors: Bash, ZSH, and Fish.
            Bash is the grandfather, and it powers tons of Linux distributions as the default shell. If you have ever used a terminal session, chances are you have come across Bash.

            This complete article will break down the features of two close competitors: ZSH and Fish. By the end of this article, you should know what are the similarities and differences of these shells.

        • Rust

  • Leftovers

    • College Athletes Should Have Collective Bargaining Rights, NLRB Memo Says
    • A Novel Caught Between 2 Plagues

      Toward the end of his short life, the French photographer and writer Hervé Guibert was bereft: dying of a virus that had killed or was killing many of his closest friends and lovers, without access to the social and economic capital that might save his life, and exiled from his great love—fucking. He couldn’t even manage to kill himself properly: “I can’t rid myself of my self,” he remarked in his diaries. One wonders to which self he was referring: the materially decaying house of the body; the metaphysical subject position we might call “consciousness”; or perhaps the writerly legacy he was hastily securing with his final texts.

    • Hardware

    • Health/Nutrition

    • Integrity/Availability

      • Proprietary

        • The Human Costs of iPhones

          Yet, how many of us users ever ask what are the conditions under which these iPhones are produced?  What are these conditions doing to China’s workers, who assemble such wonderful instruments?

          These are questions rarely asked in a world where the “free market” reigns.  Actually, the free market is an ideological construct, where basic questions about the impact on workers or upon the environment are precluded by definition:  the whole game is to focus concentration on consumption.  In other words, as long as you have the money (or access to credit), you can get whatever your heart desires, and issues of size, style, color, texture, etc., prevail. But just don’t ask about the workers, or the environment.

        • Security

          • If you have any of these Android, iOS and Windows phones, you will lose your Internet connection from today – Market Research Telecast [Ed: An automated translation]

            How would you stay if we told you that your Android, iPhone or Windows mobile – if you still use one of the latter – is going to be unable to access the Internet from today? Well, that will happen to literally thousands of smartphones and devices without updating due to a change in the way the Network of Networks handles security.

          • Assess and Secure Your Linux Footprint – Now! – Infosecurity Magazine [Ed: Lack of understanding of fundamental differences between GNU, Linux, and other things. Very shallow.]
          • What is an SSL certificate? / SSL certificate: A Complete Insight

            With such increased online activities, the threat to crucial data you share has seen severe consequences, ranging from fraudulent financial transactions, online identity theft, etc. Moreover, with the heightened use of technology, cyber-attacks have also become more complex and challenging.

            No doubt, the data security awareness among internet users has grown multifold. If you are a website owner or a blogger, it becomes your prime responsibility to protect your user’s sensitive data and privacy from the evil intentions of cybercriminals.

            Here, SSL Certificate plays the most effective and crucial role in hardening the security of your website. So, let us first try to understand the very basics of SSL.

          • Syxsense Announces Powerful Automation, Including Patch Rollback, to its Comprehensive Linux Management Solution [Ed: Inflated claims and exaggerations in this marketing of proprietary software]

            The complexities of Linux patch remediation abound. Each Linux Distribution (Redhat, Debian, Ubuntu, Centos and more) uses slightly different commands, patches are released on unpredictable schedules, and deployment requires in-depth scripting knowledge. Syxsense simplifies large scale Linux server management, without requiring manual scripting. Syxsense users can receive full endpoint intelligence of OS, hardware, and software inventory details, and know if patches are missing or security standards are compromised. Syxsense Cortex, the company’s powerful visual workflow designer, now includes prebuilt actions to control pre- and post-patching necessities such as reboots or rollbacks while ensuring smooth, uninterrupted patch remediation and software deployment.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • RansomEXX ransomware Linux encryptor may damage victims’ files [Ed: So you should generally not get this thing installed on your system. This isn't about "Linux" but about something that can run on top of the GNU/Linux operating system.]

              ​Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files.

              In a new report by Profero, Senior Incident Responder Brenton Morris says the RansomEXX decryptor was failing on various files encrypted by the threat actor’s Linux Vmware ESXI encryptor for one the victims who paid the ransom.

          • Privacy/Surveillance

            • #PrivacyOfThePeople: Gig and app-based workers

              In the latest post in our #PrivacyOfThePeople series, we look at the impact of the Personal Data Protection Bill, 2019 on gig and app-based workers. We examine the minimal data rights provided to these workers by work agreements, how the Bill would affect these conditions, and how these issues can be remedied.


              Gig workers Partner agreements in the gig-work industry significantly disadvantage workers. For example, delivery workers have complained of constant surveillance by platform apps, low net pay even after long working hours, unsafe working conditions due to the high velocity demands placed by platform apps, and a hostile working atmosphere that penalises workers for the most minor infractions. Platforms are also employing indirect methods such the ‘gamifcation’ of worker ratings by displaying a weekly scoreboard of top performers as way to increase intra-worker competitiveness and encourage them to stay online for longer periods (without compensating them for the same)

              A report on working conditions in Indian internet ventures by the Fairwork Project ranked Zomato, Swiggy, and Uber the lowest, scoring 1 out of 10 point scale based on pay, conditions, contracts, management, and representation. Ola did only marginally better with a score of 2. These issues are compounded by the categorization of such workers as independent contractors and not as employees (even though these companies look at themselves as ‘employers’).

              Such working conditions lead to platforms having significant control over the phones of gig workers. Zomato riders have said that logging off the app leads to “phone calls and messages from their team warning them” to log back in or risk losing their payment incentives. High levels of control over data are reflected in the partner agreements as well. For example, Dunzo’s delivery partner agreement states besides monitoring and sharing a worker’s geo-location data during the provision of services (which may be understandable), Dunzo, “may monitor, track and share your geo‐location information obtained by the Platform and Delivery Partner Device… for safety, security, technical, marketing and commercial purposes”. The ambiguity here with respect to the period during which the data will be collected may lead to a situation where workers are surveilled during their ‘off-duty’ time. This can be seen in instances where delivery workers have complained of receiving ‘nudges’ and notifications during their off-duty time that urged them to be in the vicinity of a package pickoff point (thus effectively soliciting unpaid work from these workers). Similarly, Zomato’s delivery partner agreement states that Zomato can “store, process, access, and use delivery partner information for certain purposes” as Zomato may deem fit (subject to the applicable law). Given that the Personal Data Protection Bill, 2019 is yet to be passed, this clause gives Zomato effective control of riders’ data.

    • Defence/Aggression

      • The Failure of Intervention

        The essential question revolves around the principles that will bolster these policies. George F. Kennan, the noted American diplomat and foreign policy expert, suggested four such principles: proper distance, mutual respect, non-interference and, above all, the avoidance of war. Although his thoughts were mainly framed at the often-thorny relations between the Soviet Union and the U.S., we can adopt the practice of non-interference and the avoidance of war as basic principles, at a time where any false step can lead to a world confrontation of unpredictable but certainly dire consequences.

        In the book Peril, Bob Woodward and Robert Costa allege that General Mark A. Milley, Chairman of the Joint Chiefs of Staff, called China’s top general, Li Zuocheng, to assure him that if the U.S. decided to attack China, he would warn him ahead of time.

      • In a California Desert, Sheriff’s Deputies Settle Schoolyard Disputes. Black Teens Bear the Brunt.

        Barron Gardner, a high school history teacher in Southern California’s Antelope Valley, stared down Los Angeles County Sheriff’s Department deputies during an online meeting in April, trying to keep his composure.

        Gardner, 41, had become a reluctant spokesperson for a growing movement, driven primarily by Black and Latino residents, to get LASD deputies off school campuses. His wife, a nurse, worried about the repercussions for their family. What if he lost his job? What if he became a target of discrimination or worse? After all, this valley at the western edge of the Mojave Desert, population roughly 500,000, has a long history of racial tension, including white supremacist attacks on Black community members.

      • Diary Entry: Handling the Truth of Cuba

        Sometimes it seems what Ellsberg tells us is lost in the celebrity of his giving some back to The Man.

        Of course, the other thing probably worth remembering — well, it’s right there in the title — Ellsberg planned nuclear wars — and, being so goddamned clever, was probably good at it, and, indeed, may well have been the archetypal Master of War that the Bard from Duluth, in his famous song, spat on his grave. Who knows, he doesn’t say, but maybe the Big E was influenced by the Big D.  Our romantic hearts want it to be so; so there it is.  We wanted Dylan to be our savior, but, when he wouldn’t be, some of us Lefties called him “a Jew.” He went from Jesus to “Judas” in one breath — talk about self-loathing Jews. He’s reborn now and beyond the fray — Hey! —

      • The Names You’ll Never Know

        Within two weeks, a New York Times investigation would dismantle that official narrative. Seven days later, even the Pentagon admitted it. Instead of killing an ISIS suicide bomber, the United States had slaughtered 10 civilians: Zemari Ahmadi, a longtime worker for a U.S. aid group; three of his children, Zamir, 20, Faisal, 16, and Farzad, 10; Ahmadi’s cousin Naser, 30; three children of Ahmadi’s brother Romal, Arwin, 7, Benyamin, 6, and Hayat, 2; and two 3-year-old girls, Malika and Somaya.

        The names of the dead from the Kabul strike are as important as they are rare. So many civilians have been obliterated, incinerated, or — as in the August 29th attack — “shredded” in America’s forever wars. Who in the United States remembers them? Who here ever knew of them in the first place? Twenty years after 9/11, with the Afghan War declared over, combat in Iraq set to conclude, and President Joe Biden announcing the end of “an era of major military operations to remake other countries,” who will give their deaths another thought?

    • Environment

      • Wildlife/Nature

        • Over 20 Newly Extinct Species in US Offer ‘Sobering Reminder’ of Humanity’s Wreckage

          Twenty-three species should be declared extinct, U.S. officials said Wednesday—a fate that conservation advocates warn could await hundreds of other species barring immediate efforts to protect them.

          “If we do nothing to address climate change and the growing biodiversity crisis,” tweeted the National Audubon Society, “today’s announcement will pale in comparison to the future we face.”

    • Finance

      • Opinion | Now Is the Time, Finally, for Congress to Stand Up for Working Families

        We live in an unprecedented moment as our country faces enormous crises including Covid-19, climate change, attacks on democracy, income and wealth inequality, and the multi-decade decline of the American middle class.

      • What is To Be Done About Work?

        In the midst of this national uproar about new job hazards and workplace rules, three authors—Jamie McCallum, Sarah Jaffe, and Eyal Press– have published important books that examine work and its discontents, in pre-pandemic form. The questions they raise and arguments they make about job satisfaction, inadequate compensation, long hours, and morally injurious employment are a good starting point for post-Covid campaigning for fundamental changes in how work is organized, directed, and externally regulated.

        In Worked Over: How Round-The-Clock Work is Killing the American Dream, (Basic Books), Middlebury College sociology professor Jamie McCallum takes aim at “over-work.” McCallum began writing about this problem as an attempt to reconcile an “intense personal work ethic” with his conviction that “we need a mass movement to win greater collective control over work time” and a return to labor’s historic fight for shorter hours. As he notes, there has been much ground lost since millions of workers finally won the 40-hour week and related over-time pay requirements, during the union upsurge of the 1930s.  “From 1975 to 2016, the hours of all wage and salary workers increased by 13 percent, the equivalent to about five extra weeks of work per year.” Today, McCallum writes, “many Americans work close to forty-seven hours per week yet earn far less than they did decades ago. Among full-time workers, nearly 40 percent report working fifty hours per week or more, and about 18 percent say they work sixty hours or more.”

      • Opinion | Corporate Lobbyists Are Going to War Against the Build Back Better Plan

        Right now, corporations and the ultra-rich are spending millions to derail President Biden’s Build Back Better plan. Behind the scenes, they’re hard at work to keep our elected officials from helping our country recover from the pandemic.

      • “Hold the Line!”: Can Progressives Force Passage of $3.5T Package to Expand the Social Safety Net?

        Progressives in the House of Representatives say they will oppose the $1 trillion infrastructure bill, after House Speaker Nancy Pelosi said she would seek a vote on the measure separately from the Build Back Better Act, the $3.5 trillion bill that expands the social safety net and combats the climate crisis. Conservative Democratic Senators Kyrsten Sinema and Joe Manchin, who receive major donations from financial institutions, fossil fuel companies and other industries, continue to oppose the $3.5 trillion package. While the $1 trillion infrastructure bill is “kind of a half-measure,” the Build Back Better Act “really could be best described as the Democratic platform,” says David Dayen, executive editor of The American Prospect.

      • UN Experts Denounce ‘Truly Shocking’ Magnitude of Inequality Revealed by Pandemic

        “States must act together, in solidarity, to fairly distribute vaccines and help each other combat the impacts of Covid-19.”—Michelle Bachelet, U.N. High Commissioner for Human Rights

      • ‘It’s Sickening’: Sinema Draws Progressive Ire for Obstructing Biden Agenda

        Sen. Kyrsten Sinema is not the only corporate-backed Democrat standing in the way of the party’s potentially historic and broadly popular budget reconciliation package.

        But the Arizona senator’s refusal to explain her specific objections to the proposal and offer alternatives has sparked growing anger among progressive lawmakers, who say that Sinema is—in the words of Rep. Ro Khanna (D-Calif.)—”holding up the will of the entire Democratic Party.”

      • Opinion | If Sinema Won’t Stand With Arizona Democrats, We Will Vote Her Out

        By an overwhelming 81% vote, the Arizona Democratic Party (ADP) passed a resolution on September 25th pledging a vote of NO CONFIDENCE in Arizona Senator Kyrsten Sinema if she fails to vote to reform the filibuster or doesn’t support President Biden’s “Build Back Better” reconciliation bill.

    • AstroTurf/Lobbying/Politics

      • How $25 Vouchers Can Help Save Our Democracy

        An assault on democracy is advancing at the state level, as bills making voting harder are considered in 18 state legislatures. These bills are brazen and extreme, but this interstate campaign isn’t new—it’s the latest attempt in a decades-long effort to make our democracy less accessible to regular people.

    • Civil Rights/Policing

      • Protest Song Of The Week: ‘In Your Path’ By War On Women

        The post was originally published at Ongoing History of Protest Music.Back on November 20, 2019, Chilean feminist collective Las Tesis first performed ‘Un Violador en TuCamino (A Rapist in Your Path).” to mark the International Day for the Elimination of Violence AgainstWomen.The song was directed at police and government agents, who sexually tortured women inChile. It became a viral international anthem and was performed during countless rallies worldwide.American hardcore band War On Women later covered the song under the title “In Your Path,”which appeared on their exceptional 2020 album (one of the best protest albums of 2020).“Wonderful Hell” was released just before the United States presidential election. Considering the U.S. Supreme Court has two alleged rapists and both presidential candidates were alleged rapists, the lyrical reference to “thejudges and the president” carry an additional resonance in the version recorded by War On Women.The band also recently released a video that juxtaposes images from both the U.S. and the 2019 Chileanuprising against inequality. (War on Women frontwoman Shawna Potter also discusses the lyrics and tune on her excellent podcast But Her Lyrics…”Watch or listen to “In Your Path” By War On Women:

    • Internet Policy/Net Neutrality

    • Monopolies

      • Opinion | The Utterly Baseless Case for Recusal of Biden Antitrust Nominee, Jonathan Kanter

        In recent weeks, Big Tech’s allies, including the Wall Street Journal editorial page, have insisted that President Biden’s nominee for Associate Attorney General for Antitrust at the Department of Justice (“DOJ”), Jonathan Kanter, should be recused from overseeing the department’s case against Google and its investigations of other tech titans. The weakness of the case for Kanter’s recusal reveals just how determined these companies are to defend the status quo.

      • The SHOP SAFE Act Is A Terrible Bill That Will Eliminate Online Marketplaces

        We’ve already posted Mike’s post about the problems with the SHOP SAFE Act that is getting marked up today, as well as Cathy’s lamenting the lack of Congressional concern for what they’re damaging, but Prof. Eric Goldman wrote such a thorough and complete breakdown of the problems with the bill that we decided that was worth posting too.

      • Copyrights

        • Genshin Impact Developer Goes With Extremely Fan-Friendly Fan-Art For Commercial Sale Policy

          The manner in which content producers generally, and video game publishers specifically, handle art and content created by their biggest fans varies wildly. There’s the Nintendo’s of the world, where strict control over all things IP is favored over allowing fans to do much of anything with its properties. Other gaming companies at least allow fans to do some things with their properties, such as making let’s play videos and that sort of thing. Still other gaming companies like Square have managed to let fans do some large and amazing projects with its IP.

Elise Thomas Has a Straw Man Argument (and FUD Against Software Freedom, Conflating It With Violent Extremism)

Posted in Deception, Free/Libre Software, FUD at 7:21 am by Dr. Roy Schestowitz

Video download link | md5sum 007489baa0c80015a7a63400b13f9c66

Summary: Old FUD tactics use fringe groups to demonise the whole (e.g. using about a hundred Web sites to badmouth or generalise to tens of millions of Web sites). That’s like ZDNet looking to blame Go Language (golang) for malware just because few malicious people write their malicious code in it.

THE article discussed above reaffirms our stance that the "ethical" source provocateurs are a threat to Software Freedom. It’s not that they look for a different slant; they just sabotage or vandalise more than free software — to the point of looking to restrict the right to run and distribute copies of programs.

“In fact, what powers the Web — not just server software (transmission etc.) — is predominantly Free software these days.”ESR foresaw this kind of FUD, e.g. Microsoft insinuating that Free software (he says “Open Source”) was some sort of terrorism enabler. OSI banned him from the mailing list a couple of years ago, despite him being the co-founder of OSI. Corporations which now dominate the OSI never cared for free speech anyway; all they want is control and they wish to muzzle critics of theirs (the CoC helps with that) when those critics condemn them for bombing people or for naked racism.

As noted in the video, as well as in our Daily Links from yesterday, Free software is what powers the Web, so singling it out for “extremists” is a pretty extreme viewpoint. As a matter of fact, yesterday’s “Web Server Survey” from Netcraft still chronicles Microsoft’s collapse in the Web servers space (it became irrelevant), noting that in the past month “Microsoft lost both in absolute numbers and market share.” Almost all the rest are Free software. In fact, what powers the Web — not just server software (transmission etc.) — is predominantly Free software these days.

“This seems not so much like concern-trolling but something even worse.”This appalling FUD piece is signed by “Elise Thomas is an OSINT Analyst at ISD. She has previously worked for the Australian Strategic Policy Institute, and has written for Foreign Policy, The Daily Beast, Wired and others.”

We don’t comment much on ‘pure’ politics, but those sites are known for their support of US exceptionalism, imperialism, and corporatism. And the logic suggested by the article stands on no feet at all. The concluding part says: “The goal of this analysis is not to prescribe how open source communities ought to respond, but rather shed some light on the issue and spark a conversation [read: TROLL] within open source communities. Ultimately, it rests in the hands of those creators to decide whether the use of their tools to promote extreme and hateful ideologies is a problem they want to tackle – and if it is, what they are prepared to do about it.”

“As for solutions, in the video I’ve noted repeatedly that hosts or “platforms” are the more suitable channel.”This seems not so much like concern-trolling but something even worse. It’s a bit like saying, Nazis go to eat at some restaurants sometimes, so cooks are helping Nazis and we should hold them accountable or call them “Nazi enablers”…

What the nonsensical piece suggests is almost an impossibility unless we modify/misuse the software or add remote controls to the software (in order to subjugate/muzzle the user/s). And if it’s still Free software, then anybody can modify it to remove those antifeatures, then distribute copies of the same.

As for solutions, in the video I’ve noted repeatedly that hosts or “platforms” are the more suitable channel. As one person put it a couple of years ago, it doesn’t take complex mathematics to arrive at the conclusion that the more such pages get served, the more violence will follow.

Let’s hope that ISD holds a fringe viewpoint, just like the Web sites it wants us to think are a significant chunk of the Web (they’re not; they’re a fringe). Radical suggestions that break the Web and destory Free software can be just as “extreme” as the extremism ISD is looking to tackle. Free software and free speech can help expose corruption and prevent violence. ISD ignores that.

Links 30/9/2021: New Mesa 21.x and Microsoft Censoring for China Again

Posted in News Roundup at 6:55 am by Dr. Roy Schestowitz

  • GNU/Linux

    • General Motors Announces its New Linux-based Vehicle Software Platform Called ‘Ultifi’ That Will Reimagine Car Ownership

      Cars of the future will be more like connected devices on wheels and software-based, allowing customers to add new functions and features to their vehicles just as easily as downloading apps to a smartphone. Software based vehicles can also be kept up to date by receiving regular over-the-air updates to add new features and functionality.
      Building vehicles that are more like smartphones is a model pioneered in the auto industry by electric automaker Tesla, but now legacy automakers are making plans to transition to software based vehicles, the latest is U.S. automaker General Motors.
      The company on Tuesday announced a new end-to-end vehicle software platform called “Ultifi” that will underpin its future vehicles. The platform was designed entirely in-house and will allow GM and its customers the ability to add new vehicle features and functions and personalization options so cusomters can make their vehicles an extension of their digital lives.

    • GM’s Ultifi software program to let owners interact remotely with cars

      Ultifi will be based on the Linux software platform to make it easier for third-party developers to have access.

      The new software program will be enabled through hardware that’s built into some next-generation products, including both internal combustion vehicles and electric vehicles. Customers will opt in to Ultifi. Some capabilities will be provided for free and others will come with additional costs.

    • Server

      • Peter Czanik: Syslog-ng 3.34: MQTT destination with TLS and WebSocket support

        Version 3.33 of syslog-ng arrived with basic MQTT support. Version 3.34 has added many important features to it: user authentication, TLS support and WebSocket support. These features give you both security and flexibility while sending log messages to an MQTT broker.

        This blog helps you to make your first steps securing your MQTT connection.

    • Audiocasts/Shows

      • Want To Save The Planet? Install Linux! – Invidious

        One of the most often asked questions that I get is “Why do you run Linux?” There are many reasons that I personally run Linux, but maybe the most important reason is this: Linux can help save the environment!

      • Brave Talk: Reselling Jitsi As A Privacy Chat – Invidious

        Recently Brave opened up public access to their new chat service Brave Talk except it’s not actually a new chat service it’s literally just Jitsi with a couple on minor CSS tweaks

      • Ubuntu Kylin 21.10 Beta

        Today we are looking at Ubuntu Kylin 21.10 Beta. It comes with Linux Kernel 5.13 and uses about 800MB to 1GB of ram when idling. Enjoy!

      • Ubuntu Kylin 21.10 Beta Run Through – Invidious

        In this video, we are looking at Ubuntu Kylin 21.10 Beta.

      • Falling for FastAPI | Coder Radio 433

        Mike’s falling in love with FastAPI and gives us a hint at the next project he’s building.

        Plus, our thoughts on employee machine monitoring and building a transition plan when you are ready to quit your job.

      • FLOSS Weekly 649: Open Firmware

        Daniel Maslowski joins Doc Searls and Dan Lynch to talk about open firmware. Open firmware is an almost ironic term, especially for IP cameras, given the proprietary purposes of most manufacturers. There is a large and active community of code and developments around open firmware, led largely in part by Maslowski.

    • Kernel Space

      • A discussion on folios

        A few weeks ago, Matthew Wilcox might have guessed that his session at the 2021 Linux Plumbers Conference would be focused rather differently. But, as we reported earlier in September, his folio patch set ran into some, perhaps unexpected, opposition and, ultimately, did not land in the mainline for 5.15. Instead of discussing how to use folios as part of the File Systems microconference, he led a discussion that was, at least in part, on the path forward for them.

        Wilcox began by noting that the folio patches had not been merged and that he did not have clear direction from Linus Torvalds about what “needs to be changed in order to make it acceptable to him”. That is a rather different outcome than Wilcox had been hoping for, so the session was not going to be about “what you need to do in order to enable your filesystems to go faster” using folios. “That’s not where we are.”

      • The Rust for Linux project [LWN.net]

        The first ever Rust for Linux conference, known as Kangrejos, got underway on September 13. Organizer Miguel Ojeda used the opening session to give an overview of why there is interest in using Rust in the kernel, where the challenges are, and what the current status is. The talk and following discussion provided a good overview of what is driving this initiative and where some of the sticking points might be.

      • Key Rust concepts for the kernel [LWN.net]

        The first day of the online Kangrejos conference was focused on introducing the effort to bring the Rust programming language into the Linux kernel. On the second day, conference organizer Miguel Ojeda shifted to presenting the Rust language itself with an emphasis on what Rust can provide for kernel development. The result was a useful resource for anybody who is curious about this project, but who has not yet had the time to become familiar with Rust.

        Ojeda began by stressing that the talk was not meant to be a tutorial; to actually learn the language, one should get a good book and work from that. There is no way to cover everything needed in an hour of talk (a fact that became abundantly clear as time went on), but he hoped to be able to show some of the key ideas behind Rust. In the end, though, the only way to really understand the language is to sit down and write some code.

      • More Rust concepts for the kernel [LWN.net]

        The first day of the Kangrejos (Rust for Linux) conference introduced the project and what it was trying to accomplish; day 2 covered a number of core Rust concepts and their relevance to the kernel. On the third and final day of the conference, Wedson Almeida Filho delved deeper into how Rust can be made to work in the Linux kernel, covered some of the lessons that have been learned so far, and discussed next steps with a number of kernel developers.

        Almeida started by noting that he is not a Rust developer and does not feel that the language is perfect; he does believe, though, that it can solve some problems in the kernel. He works as an Android platform security-team engineer and has been looking for ways to improve that platform — specifically, to reduce its attack surface. Rust can do that, he said; it also helps with correctness and provides an expressive type system with features that C cannot match.

      • Libcamera Maturing Well As Open-Source Camera Stack – Phoronix

        Libcamera as an open-source camera stack that has been coming together over the past few years has been maturing quite well, broadening its supported hardware and feature set, and more in filling a void in the Linux camera ecosystem.

        Longtime Linux kernel developer Laurent Pinchart presented yesterday at the Embedded Linux Conference around libcamera and how it has developed over the past three years, the current state, and some of the future work for improving Linux camera support.

      • “pkill_on_warn” Proposed For Killing Linux Processes That Cause A Kernel Warning – Phoronix

        A new kernel option was proposed today called “pkill_on_warn” that would kill all threads in a process if that process provoked a kernel warning.

        Currently when a process triggers a kernel warning there is no impact on that process by default. The Linux kernel does have a “panic_on_warn” option to cause a kernel panic when a warning happens, but pkill_on_warn would be less of an overkill and at least keep the system up and running.

      • Graphics Stack

        • mesa 21.2.3
          Hi list,
          The next, regularly scheduled release of mesa is here. Due to the broken
          cadence of the last release this one is slightly smaller than normal
          (once you discount all of the release metadata commits).
          There is a bit of everything here, but not too much of any one thing,
          which is what one would normally expect by this point in the cycle.
          Overall I think this is trending nicely for the 21.2 series.
        • Mesa 21.2.3 Released As A Small Update To This Graphics Driver Stack – Phoronix

          Succeeding Mesa 21.2.2 from earlier this month that was a much delayed and in turn very large release, Mesa 21.2.3 is out today and it’s on the quieter side.

          Mesa 21.2.3 is out on time and thus a more manageable release compared to the big v21.2.2. There still though are a number of bug fixes, as usual mostly around the Intel and Radeon drivers for both OpenGL and Vulkan.

    • Applications

      • Thibault Saunier: GStreamer: one repository to rule them all

        For the last years, the GStreamer community has been analysing and discussing the idea of merging all the modules into one single repository. Since all the official modules are released in sync and the code evolves simultaneously between those repositories, having the code split was a burden and several core GStreamer developers believed that it was worth making the effort to consolidate them into a single repository. As announced a while back this is now effective and this post is about explaining the technical choices and implications of that change.

        You can also check out our Monorepo FAQ for a list of questions and answers.


        Since we can not create new merge requests in your name on gitlab, we wrote a move_mrs_to_monorepo script that you can run yourself. The script is located in the gstreamer repository and you can start moving all your pending MRs by simply calling it (scripts/move_mrs_to_monorepo.py and follow the instructions).

      • Mixxx 2.3.1 Free DJ Software Adds Support for New Controllers, Improves HiDPI Support

        Fans of the open-source DJ software will be happy to learn that the Mixxx 2.3.1 release introduces support for 125% and 175% HiDPI scale factors to make the application look better on HiDPI/4K displays. However, it should be noted the fact that this feature is only supported on systems where Qt 5.14 or later is installed.

        This update to one of the greatest and free DJ software out there also brings support for new hardware. For example, it adds mappings for the Numark DJ2GO2 Touch and Numark Mixtrack Pro FX controllers, and updates the mappings for the Behringer DDM4000 mixer and the Denon MC7000 controller.

      • 4 Best Free and Open Source Console Batch Renamers

        A console application is computer software which can be used with a text-only computer interface, the command line interface, or a text-based interface included within a graphical user interface operating system, such as a terminal emulator (such as GNOME Terminal or the aforementioned Terminator). Whereas a graphical user interface application generally involves using the mouse and keyboard (or touch control), with a console application the primary (and often only) input method is the keyboard. Many console applications are command line tools, but there is a wealth of software that has a text-based user interface making use of ncurses, a library which allow programmers to write text-based user interfaces.

        Console based applications are light on system resources (very useful on low specified machines), can be faster and more efficient than their graphical counterparts, they do not stop working when X is restarted, and are perfect for scripting purposes. When designed well, console applications offer a surprisingly improvement in productivity. The applications are leaner, faster, easier to maintain, and remove the need to have installed a whole raft of libraries.

    • Instructionals/Technical

      • How to Set up Load Balancing for Apache Tomcat

        Load balancing refers to distributing tasks to a set of resources to reduce the heavy workload on a single resource. Think of a load balancer as a traffic cop that manages the traffic from the clients and distributes it across multiple servers.

        Load balancing enhances performance and ensures the servers do not go down due to heavy workload. It can also help manage the traffic if one of the resources is down.

        This tutorial will show you how to set up a load balancer on Apache Tomcat using the Apache HTTP server.

        NOTE: Before we proceed, ensure you have Apache Tomcat and Apache HTTPD installed and working correctly. Check out our tutorial on the topics to learn more.

      • Using Oracle Cloud, Part 4: Creating an Arm-Based Cloud Desktop — Virtualization Review

        In the previous article and others in this series, I discussed how I signed up for and created an “Always Free” AMD virtual machine (VM) using Oracle Cloud, and then used that VM to create an Apache Web server which I accessed from the internet. I was pleasantly surprised by how easy Oracle made it to consume its cloud-based resources.

        This series of articles came about due to Oracle’s latest offering: Arm-based compute instances. In this article, I will use Oracle Cloud to create an Ubuntu instance to use as a virtual desktop. This will be interesting to attempt as the VM does not have a built-in remote console like VMware does to display a graphic desktop; instead, it will have to be entirely set up using the command line.

        Using a free Arm instance on Oracle Cloud is not something that is practical. Although an Arm “Always Free” instance — with its 4 cores and 24GB of RAM — should be powerful enough for a desktop, Oracle limits the use of an Arm instance to a maximum of 30 days, after which point it will be destroyed and need to be recreated.

      • How to protect Linux against rogue USB devices using USBGuard

        You deployed a perfect firewall and other network security policies preventing unauthorized access to the user’s desktop computer over a network. However, you still need to block USB device access. We can configure a Linux desktop security policy to protect your computer against rogue USB devices (a.k.a. BadUSB) by implementing essential allow and blocklisting capabilities based on device attributes. For instance, I can define what kind of USB devices are authorized and how a USB device interacts with the Linux system. For example, I can define policy allowing Yubikey with serial number “XYZ” and USB LTE modem with serial # “ABC.” Every other USB device access is denied by default. This guide will cover the following topics:

      • How to install Downhill Jam on a Chromebook

        Today we are looking at how to install Downhill Jam on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

      • Ingo Juergensmann: LetsEncrypt CA Chain Issues with Ejabberd

        I was having some strange issues on my ejabberd XMPP server the other day: some users complained that they couldn’t connect anymore to the MUC rooms on my server and in the logfiles I discovered some weird warnings about LetsEncrypt certificates being expired – although they were just new and valid until end of December.


        After some days of fiddling around with the issue, trying to find a solution, it appears that there is a problem in Ejabberd when there are some old SSL certifcates being found by Ejabberd that are using the old CA chain. Ejabberd has a really nice feature where you can just configure a SSL cert directory (or a path containing wildcars. Ejabberd then reads all of the SSL certs and compare them to the list of configured domains to see which it will need and which not.

    • Games

      • Steam Beta Improves Its Vulkan Pre-Caching System, PipeWire Capture Now Opt-In – Phoronix

        With the initial Steam Deck release quickly approaching, Valve continues to be quite busy on a variety of improvements to enhance their Steam Linux builds.

        Hitting the Steam beta state tonight is an improved Vulkan pre-caching system. Steam’s Vulkan pre-caching data-sets are now separated by Proton versions and graphics driver capabilities. In turn this should lead to smaller Vulkan cache sizes for users by avoiding the downloading of unnecessary/irrelevant caches while not impacting the performance goals of pre-caching. Though in transitioning to this new scheme, moving to this new beta will start from scratch with its downloads.

      • SuperTuxKart 1.3 arrives with important improvements in terms of performance and interface

        SuperTuxKart 1.3 has recently appeared , the latest version of the classic Super Mario Kart clone starring the most prominent mascots of free software and whose code is published mainly under the GPLv3 license, with components of the artistic part under Creative Commons licenses and public domain .

        SuperTuxKart is a very veteran project that as a video game falls within a genre that is very trite, so saving things like the online video game, which was included in version 1.0 , the foreseeable thing is to expect improvements and more content. SuperTuxKart 1.3 has included two new battle arenas called Ancient Colosseum Labyrinth and Alien Signal , the first being inspired by the Roman Colosseum and the second by the actual location of the SETI program .

        The Las Dunas Soccer Stadium circuit, which is not very popular with users, has been revised based on the feedback generated by the community, so it is now presented as a simplified and symmetrical soccer field.

        In order to facilitate the completion of the races, extensions have been introduced to the finish line on the following tracks to ensure the counting of the laps even in case the player is slightly off the track: Hacienda, Old Mine, Ravenbridge Mansion and Shifting Sands. At the broker level, Pepper has been included , extracted from the Pepper & Carrot comic that is published as free and Open Source software, while Adiumy, Emule, GNU and Sara have been improved.

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • Free Software Review: GNOME Web 3.38.2 on Debian GNU/Linux 11. A worthy replacement for your current browser?

          With so many web browsers out there to pick from, many of them really aren’t very different from each other, and few take the time to work like the other applications on your desktop.

          In Windows, nobody notices this because none of the applications (even from Microsoft) or system settings menus are consistent. They duplicate functionality, have different GUI conventions, and the entire thing is a usability hell. GNOME tries to be a bit “cleaner” than this.

          In Windows 11, in fact, Microsoft tried to steal from Chrome OS, GNOME, and the Mac’s “clean” interface design, but reverted to form and immediately crapped it up with the usual junk and ads and trialware, and a store that nobody wanted to use to begin with because there’s still time to repeat that disaster again.

          But the point, here, is that GNOME (and to a lesser extent) KDE for various *nix operating systems (they’re portable), try not to confound the user and present them with a giant headache of pointlessness and redundancy and bugs. Which is nice.

          That’s where GNOME Web comes in. The development name is Epiphany, because that was the application’s original name, when it started as a project to build a web browser around the Mozilla rendering engine, Gecko. In the late 2000s, Mozilla decided to make it difficult to use their engine in anything but Firefox, forcing the GNOME Web developers to go a different way.

    • Distributions

      • IBM/Red Hat/Fedora

        • Fedora Linux 35 Beta makes its first appearance | ZDNet [Ed: ZDNet is improving. Covering GNOME release six days late!! Now it's covering Fedora beta ‘only’ 2 days late. Sarcasm: maybe ZDNet is waiting for authorisation/clearance from its masters at Microsoft before releasing/publishing any GNU/Linux stories…]

          When you think of Fedora, Red Hat’s community Linux distribution, you think of Linux’s cutting edge. Everything is the newest version. If some of that isn’t ready for prime time yet, well, you could always get a more mature Linux distro. But with the latest Fedora Linux 35, you also get a more polished Linux that extends, in the words of Fedora Project Leader Matthew Miller, “existing features and [adds] new features or support to level up the experience of using Fedora Linux.”

        • نسخه Fedora Linux 35 Beta منتشر شد
      • Debian Family

        • Deepin 20.2.4 Released with Added Global Search

          In Deepin 20.2.4 many of the DDE applications have been patched and optimized to improve the overall user experience.

          Deepin is a rising star among Linux distros thanks to its combination of an elegant desktop environment with the stability and reliability of Debian. Deepin’s primary goal is to offer a dependable but also beautiful and easy to use work environment.

          Deepin features its own desktop environment called DDE (Deepin Desktop Environment) which is built on Qt and available for various distributions like Arch Linux, Fedora, Manjaro, openSUSE and Ubuntu. DDE brings a clean, elegant, modern, and professional-looking user interface.

        • Download deepin 20.2.4 Linux distro now

          Linux does not belong to any specific country — the open source kernel can be enjoyed by people all over the world. This includes China, a great ally of the United States. We depend on China to manufacture many of our goods, but also, developers in that country contribute to open source projects.

          Case in point, deepin is a Linux-based operating system from China that is both beautiful and elegant. For some, it could be a nice alternative to Windows 11. deepin is a miraculous Chinese gift to the open source community. Today, the wonderful deepin developers release version 20.2.4 of the Linux distribution. Based on Debian, it uses Linux kernel 5.13.13 and has a new global search feature.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Web Browsers

        • Chromium

          • This change in Google Chrome 94 will make you switch to Firefox – itsfoss.net

            Two days ago, Google released a new version of its web browser, Chrome 94, which has come with many changes, such as improved HTTPS connections, better integration with Google Drive or performance improvements thanks to the new WebGPU API. However, not all is good news for users of the Google browser, and this new version also includes a new controversial function that, if you are the least concerned about your privacy, you should take into account.

      • Programming/Development

        • C

          • What is the Usage of Extern in C?

            The term “extern” has been used to define the global variables within the C language. The word “extern” indicates that it is abbreviated from the word “external” which means outside. Hence, these variables are globally accessible throughout the C code. These variables are always initialized and defined outside of the main method. This guide is for the users who want to explore the working of the “extern” variable using the C language. So, let’s go ahead.

          • Bind System Call in C

            The bind() system call binds an address or name with any socket in the C language. This system call has mostly been used in socket programming. This address will be bonded to the socket descriptor. The bind() system call contains three parameters in actual. The first one is the descriptor of a socket. The second parameter is the pointer used for the address of a socket. The address must be some local path. The third argument can be the size of a socket address. Today’s guide will see how the “bind()” system call works in Ubuntu 20.04 using the C language. So, log in from the system first.

          • ptrace system call in C

            Ptrace() system call is generally used for debugging breakpoints and tracing system calls. The ptrace() “process trace” system call is frequently used for debugging purposes. It is the main way that native debuggers keep track. Tracees can be paused, registers and memory can be inspected and set, system calls can be monitored, and even system calls can be intercepted using Ptrace system call. The Tracee must first be connected to the tracer. In a multithreaded process, each thread can be separately attached to a possibly distinct tracer or left unattached and therefore un-debugged. As a result, “Tracee” always refers to “a potentially multithreaded process, never or maybe multithreaded process.

            All signals provided to the traced process, except for one, cause it to stop, regardless of its registered signal processing, and deliver an event towards the tracing process, which may be identified using the wait () system function. The SIGKILL signal is an exception, as it is delivered instantly and accomplishes the expected behavior. There has never been a standard for Ptrace system call. Its interface is comparable across operating systems, notably in terms of essential functionality, but it differs slightly from one system to the next.

            System calls can be traced using the Linux edition of ptrace. The PTRACE SYSCALL request restarts the child process in the same way that PTRACE CONT does, but it arranges for it to stop at the next system call entry or exit. This brings up a lot of new opportunities. For PTRACE PEEK requests, ptrace() will return the desired data; it will return zero for all the other requests. All requests that fail return -1, with errno set to the optimum value. In the case of PTRACE PEEK requests, -1 may be a legitimate return value; the program is responsible for determining whether this is an error situation or a valid return value. This guide will explain to you the functionality of the ptrace() system call in C language with one example.

          • Futex system call in C

            In general, thread synchronization primitives necessitate the use of system calls by userspace programs. The system call is inherently inevitable for placing a thread to sleep and waiting for another thread or waking up a thread from sleep. Obtaining an uncontended lock, for example, does not necessitate a system call, at least not naturally. The futex is the remedy to this challenge. A futex is simply an instantaneous integer address. The address is used to identify a queue of threads that are waiting to be processed. The value of the integer at that location is utilized to execute the fast path with atomic operations if available, as well as to handle corner case race situations in the event of a conflict. The futex() system call allows a program to wait for a value at a particular address to change, as well as wake up anyone waiting on that address. It is most commonly used to implement the debatable case of a shared memory lock, as mentioned in futex (7). When a futex(7) action in userspace fails to complete without error, a call to the kernel is required to resolve the issue. Arbitration can be used to either put the calling process to sleep or to wake up a waiting process. The semantics defined in the futex is expected to be followed by callers of this function (7).

            Because these semantics require authoring non-portable assembly instructions, most users will most likely be library authors rather than ordinary application developers. Futex is a single system call that performs many operations. That may appear strange, even perplexing, if not downright. That is, nevertheless, standard procedure for a one-of-a-kind system call: the “ioctl” system call contains considerably more operations than futex. For another instance, programmers are unlikely to discover because Glibc hides it, although the single socket call system implements all socket-related functions. As a result, if threads access it in a single process, it can be specified as a global variable or stored in a shared memory segment if threads from various processes utilize it. A state updated in userspace using atomic operations is stored in the shared variable. There is no need for a system call when the state says that there is no conflict. If the condition indicates a contention, on the other side, a futex system call is made to put the calling task to sleep.

          • Getline function in C

            Getline is the newest and most popular function for reading a string of text (). The getline() function is part of the C library. This function accepts a string from the input stream as an input, so getline() is a better option. The concept of pointers is used by getline(). For reading text, the getline method is the ideal way. The getline method reads a full line from a stream, such as a newline character. To finish the input, use the getline function to generate a stop character. The command will be completed, and this character will be removed from the input. We all have the cin object to take user input; however, the cin object doesn’t allow us to receive user input in many lines; therefore, we can use the getline() function to take input from the input stream in several lines or a string till a delimiter character is discovered.

            The getline function uses the realloc function to automatically increase the memory block as required, ensuring that there is never a space shortage. This is one of the explanations why getline is safe. The value returned inside the second parameter will also inform us of the new block size. It returns -1 if an error appears, such as reaching the end of a file without receiving any bytes. Getline functions cease reading input from the stream when they meet a newline character or the end of a file.Syntax

          • Brk system call in c

            The program discontinuity, which marks the termination of the process’s data segment, i.e., the program breakdown is the first position following the completion of the uninitialized data segment, can be changed using brk(). Increasing the program break allows memory to the process; reducing the break allows memory to the process. When that amount is sensible, the system would have enough memory, and the process does not surpass its maximum data size, brk() sets the ending of the data segment to the value supplied by the addr. Brk() returns zero if it succeeds. If there comes an error, -1 is returned. The system functions brk(), and sbrk() is utilized to regulate the amount of memory allotted towards the process’s data segment. Usually, these functions are invoked from a larger memory management library function like malloc. The program break, which identifies the end of the process’s heap section, is moved about with brk() and sbrk(). brk() assigns the value of addr to the ending of the heap segment. sbrk() increases the heap space of the program by increment bytes. It takes you back to the earlier program break. The present location of the program break can be found by calling sbrk() with just a raise of 0.

          • How to Check for Malloc Error in C

            The malloc is a C language function used to allocate memory to some variable. It also returns a pointer. We can also use the Malloc function to check for errors about memory allocation. When a malloc method finds itself unable to allocate memory, it usually returns NULL. You can also through an error message if the allocation got failed upon managing the pointers. In this guide, we will see the implementation of the malloc function to allocate memory and check the error for memory allocation. So, start the implementation by simply log in from the Linux system.

        • Postgresql

          • Postgresql group by

            Postgresql group by clause is a feature that is used to unite/combine those rows in the table that have the same data. This clause is mainly used to remove duplicate data and to maintain concurrency. Whenever we want to calculate sum, or any other aggregate like AVG, etc., this group by clause is always used as there are many clauses used in PostgreSQL. But there exists a hierarchy between each clause.

          • Postgresql stored procedure example

            Postgresql database is more reliable than others because it can create and store the data in the form of relations, procedures, etc. Postgresql is a customizable database, as we can modify the storage containers according to our requirements. The data in Postgresql is managed by the schemas and catalogs. Postgresql supports many languages, which means that we can execute queries in any programming language either in the psql (shell) or on the pgAdmin side.

            Just like the temporary tables, we also use some other features to involve the storage capacity. These are called the “STORED PROCEDURES”. These are not shown like the tables. But silently works with the tables.

            In Postgresql or any other database management system, we use functions to perform operations on the data. These functions are user-created or user-defined. One major drawback of these functions is that we are unable to execute transactions inside the functions. We cannot commit or rollback. That’s why we use the stored procedures. By using these procedures, application performance is increased. Moreover, we can use more than one SQL statement inside a single procedure. There are three types of parameters.

          • PostgreSQL Copy from Stdin

            PostgreSQL like other database management systems supports the standard streams. These streams are responsible for manipulating data for storage in PostgreSQL. These are the input and output channels of communication between the application and the environment that is created at the time of execution.

            Whenever we execute a command in PostgreSQL, the streams make the connection with the text terminal where the psql (shell) is running. However, in the case of inheritance, each child’s process inherits the streams from the parent process. Not every program needs these streams to be introduced in the code, some functions such as getchar() and putchar() use the input and output streams automatically. Streams lie in the category of 3.

          • How do I count unique values in PostgreSQL?

            Postgresql database, like other databases, can store data that remain intact for a long time. This can be done by removing redundancy from the data in the schema by maintaining concurrency and accuracy of data present. While adding data in relations, you might encounter such a situation in which you don’t notice the replication of the inserted data at the time of inserting. To remove the garbage values or similar data, we need some special functions to keep the rest of the values unique and distinct. Count () is a built-in function of PostgreSQL. By using this function, we can get information regarding the data present in the table. Postgresql deals with the count () very effectively by displaying data to the provided conditions. To get the distinct data or the values in terms of discrimination with other data, we need some different commands and the count (). This article will highlight the examples applied on different relations to elaborate the concept of counting unique values in PostgreSQL.

            Firstly, you need to create a database in the installed PostgreSQL. Otherwise, Postgres is the database that is created by default when you start the database. We will use psql to start implementation. You may use pgAdmin.

          • How do I describe a table in PostgreSQL?

            To describe the tables of a database, we don’t need any permissions or privileges of the user. Anyone can describe the information regarding the table. “postgresql describe table” refers to checking the table structure. We can use various examples with variety in their usage leads to gain the description of the data. This will be understood by you while reading the article.

          • PostgreSQL Median Function

            The calculating median is obliging to get the middle value from the data. Like many other functions, Postgresql provides a wide range of versatility in dealing with the median function. It is concerned with finding the median value from the column of the table on which median is used. In contrast with Postgresql aggregate functions COUNT, SUM, there is not a specific function used to calculate the aggregate of the median. Median is a user-defined function.

            In simple arithmetic functions, there are different means and formulas to find the median in any provided data either in plain text or in the tabular form. Whereas in the case of database systems, we use some other built-in functions combined to get the value of the median. This article will elaborate on some of the most efficient techniques and also a manual function created by us to fetch the median from the data in Postgresql.

          • PostgreSQL Create Database if not Exists

            Whenever we talk about PostgreSQL, we always think about databases because it is a database management system. You can create as many databases of your choice on your PostgreSQL server as you want. After creating a database of your choice, you can create multiple tables within it to store your data, and then you can perform different calculations on that data. However, at times, we want to run a query on an existing database, but for that, the existence of such a database is mandatory.

            What we mean to say is that we need a mechanism to check if a database exists on our PostgreSQL server or not. Moreover, there are some situations in which we want a database to be created once we run a query if it does not already exist on our database server. In that case, the “Create Database if not Exists” notation comes into play. This guide aims to introduce you to the usage of this notation with a brief discussion on whether PostgreSQL supports this notation or not. After that, we will share with you a PostgreSQL-supported alternative for this notation.

  • Leftovers

    • Michael Roberts
    • Health/Nutrition

      • Opinion | This Is How We Win on Affordable Health Care Now

        Joe Biden promised me at the Democratic National Convention that he would work towards a national health insurance public option. My Senator, Michael Bennet, put forward a national public option plan, called Medicare-X earlier this year. A limited version of the public option is re-emerging in the Build Back Better bill to fix the so-called Medicaid gap, which traps low income people in conservative states (Alabama, Florida, Georgia, Kansas, Mississippi, North Carolina, South Carolina, South Dakota, Tennessee, Texas, Wisconsin, and Wyoming) without health care. Reforms in progressive states like Washington, Nevada and Colorado are leading the way.

      • Congressional Report on Toxic Metals in Baby Food Spurs Demand for FDA Action

        A new congressional report released Wednesday revealing the baby food industry has failed to keep products with heavy metals off the shelves spurred calls for federal authorities to enact swift action and tough limits on toxin levels.

        “This is what happens when you let the food and chemical companies, not the FDA, decide whether our food is safe to eat,” said Scott Faber, senior vice president for government affairs at Environmental Working Group (EWG), in a statement.

      • Federal Judge Says South Carolina Can’t Block Schools From Issuing Mask Mandates
      • Public Health Advocates Target Top Biden Aide, Moderna CEO in Protest Demanding Vaccine Equity

        Public health advocates on Wednesday brought towering piles of prop bones to the homes of a top White House aide and Moderna’s CEO in a bid to spur the Biden administration and Big Pharma to save countless lives around the world by ramping up Covid-19 vaccine production and technology-sharing.

        “The world’s current shortage of Covid-19 vaccines is really the result of deliberate policy choices.”—Dr. Rebecca Zash,Harvard Medical School

      • After 25 Years In The Dark, The CDC Wants To Study The True Toll Of Guns In America

        We know from Centers for Disease Control and Prevention data that just over 100 people, on average, are killed by firearms in the U.S. every day. That includes crimes, suicides, gun accidents and shootings involving law enforcement.

        But how often is someone injured by a firearm in America? Why, how and what kinds of weapons are used? What are the underlying causes? What’s the relationship between shooter and victim? What evidence-based, scalable programs work best to help prevent criminal shootings, accidents and suicides? On these and other questions, people in public health, criminal justice, policing and academia admit they lack full and adequate answers.

    • Integrity/Availability

      • Proprietary

        • Researchers find new backdoor likely linked to SolarWinds attacker [iophk: Windows TCO]

          Global cyber security firm Kaspersky claims to have discovered a new backdoor it has named Tomiris which shows signs of being connected to the same actor behind the attacks on SolarWinds which were revealed last year.

        • Security

          • House passes legislation to strengthen federal cybersecurity workforce [iophk: Windows TCO]

            The House on Wednesday passed bipartisan legislation aimed at strengthening the federal cybersecurity workforce, an issue that has garnered support following a year of massive information security incidents.

            The Federal Rotational Cyber Workforce Program Act, sponsored by Reps. Ro Khanna (D-Calif.) and Nancy Mace (R-S.C.), would establish a program to allow cybersecurity professionals to rotate through multiple federal agencies and enhance their expertise.

            The bill would also encourage federal agency leaders to identify cybersecurity positions that can be rotated through government, and give the Office of Personnel Management (OPM) jurisdiction over the Federal Rotational Cyber Workforce Program.

          • Weaponizing middleboxes

            Middleboxes are, unfortunately in many ways, a big part of today’s internet. While middleboxes inhabit the same physical niche as routers, they are not aimed at packet forwarding; instead they are meant to monitor and manipulate the packets that they see. The effects of those devices on users of the networks they reign over may be unfortunate as well, but the rest of the internet is only affected when trying to communicate with those users—or so it was thought. Based on some recently reported research, it turns out that middleboxes can be abused to inflict denial-of-service (DoS) attacks elsewhere on the net.

            Though it lacks the catchy nickname and logo that have come to dominate security research reporting over the last few years, the “Weaponizing Middleboxes for TCP Reflected Amplification” web site describes a potent threat. The researchers, Kevin Bock, Abdulrahman Alaraj, Yair Fax, Kyle Hurley, Eric Wustrow, and Dave Levin, found flaws in the TCP/IP implementation of various middleboxes that allow DoS attacks via amplification. The middleboxes they studied are those deployed by government organizations for the purposes of censorship, but “even benign deployments of firewalls and intrusion prevention systems in non-censoring nation-states can be weaponized using the techniques we discovered”.

          • The Rise of One-Time Password Interception Bots

            In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.

          • Privacy/Surveillance

            • Clearview Suffers Brief Bout Of Better Judgment, Drops Subpoena Demanding Activists’ Communications With Journalists

              Just a few days ago, Clearview — the company that scrapes the web to build a facial recognition database it sells to law enforcement, government agencies around the world, and a number of private parties — decided to make itself even less likable.

            • FPF’s 2020 Student Privacy Pledge: New Pledge, Similar Problems

              A new school year has started, the second one since the pandemic began. With our education system becoming increasingly reliant on the use of technology (“edtech”), especially for remote learning during the pandemic, protecting student privacy is more important than ever. Unfortunately, the Future of Privacy Forum’s 2020 Student Privacy Pledge, like the legacy version, continues to provide schools, parents, and students with false assurance due to numerous loopholes for the edtech company signatories that collect and use student data.

              The Future of Privacy Forum (FPF) originally launched the Student Privacy Pledge in 2014 to encourage edtech companies to take voluntary steps to protect the privacy of K-12 students. In 2016, we criticized the Legacy Pledge after it reached 300 signatories—to FPF’s dismay.

              The 2020 Pledge once again falls short in how it defines material terms, such as “Student PII” and “School Service Providers”; many of the 2020 Pledge’s commitments are conditioned on school or parent/student consent, which may inadequately protect student privacy; and new commitments are insufficiently precise.

            • How to find your lost iPhone — even if it’s off

              And now that iOS 15 brings with it the capability to locate your phone even if the battery has run out or it’s been turned off — if you’ve got the right phone — the utility of Find My has become even greater.

            • GM Will Have Cloud-Based Software in Its Cars Starting in 2023

              GM is thinking of some advanced features. A car could include settings to slow down teen drivers in school zones. The system may also be able to host V2X, a vehicle-to-everything app that enables cars to communicate with other, similarly equipped vehicles to alert drivers to hazards or changing road conditions.

            • Data protection ombudsman raps Finnish police over controversial facial ID app

              The NBI decided to try Clearview AI after it was recommended at a meeting hosted by European law enforcement group Europol in 2019.

              In the reprimand issued to the NBI on Tuesday, the Deputy Data Protection Ombudsman noted that the police had used a facial recognition programme without adequately ensuring in advance that the app complied with data security or data protection legislation.

            • This is why James Bond doesn’t use an iPhone

              “It wouldn’t be hard for the enemy to set up a fake mobile phone tower, for example, acting as a ‘Man in the Middle’ to steal all the data in transit,” he says. “If Bond is ‘in country’ then mass data collection and analysis at an infrastructure level is also a possibility. In short, like anything in cybersecurity, he would be expected to weigh up the risk and return with any technology and make a call, or not make a call.”

            • Why you shouldn’t buy Facebook Ray-Ban smart glasses

              Imagine that you are strolling along a tranquil beach in your swimsuit. Suddenly, a stranger walking toward you takes out their phone and starts recording you. You might work up the courage to ask how they dared to invade your privacy, and demand they delete the footage.

              Fortunately, overt recording of people in public spaces is not as common as it could be, because it involves pointing a camera at someone. But it just became a lot easier with Facebook and Ray-Ban’s new mainstream tool to secretly surveil people: Stories smart glasses (as pictured above).

              Below, we’ll unpack why you shouldn’t buy these wearable surveillance cameras, why they can’t be used safely in public spaces, and why Facebook and other companies need to prioritise human rights when developing “smart” glasses.

    • Defence/Aggression

    • Environment

      • Pope praises young climate activists for ‘challenging adult world’

        Pope Francis on Wednesday praised young environmental activists for challenging global leaders on emission policies ahead of a United Nations climate summit next month.

      • Climate activists begin 10-day protest in downtown Helsinki

        The ‘August Rebellion’, or Syyskapina, is calling on Finland’s government to declare a climate and environmental emergency, and to create binding legislation that will achieve carbon neutrality by 2025, a decade ahead of the government’s current goal of 2035.

      • ‘We Are Not Deterred’: Water Protectors Vow to Keep Fighting as Line 3 Completed

        Indigenous and environmental activists on Wednesday vowed to keep up the fight against Enbridge’s Line 3 pipeline expansion after the Canadian company announced the completion of the multi-billion-dollar tar sands project.

        “From the belly of the beast north of the medicine line to rice beds that sustain the life-ways of the Anishinaabe… we will continue to fight for the natural and spiritual knowledge of the Earth.”—IEN

      • UK’s 26 Million Gas Boilers Produce Double the Emissions of Country’s Gas Power Plants, Study Finds

        Household gas boilers in the UK release over double the carbon dioxide of all gas-fired power stations in the country, a new study has revealed.

        Analysis of data from energy regulator Ofgem shows that domestic gas boilers also emit over eight and a half times as much harmful nitrogen oxide than the UK’s entire gas power fleet, increasing the risk of respiratory illnesses.

      • Right Livelihood Award Recognizes ‘Courageous Mobilizers’ Defending People and Planet

        Known around the world as the “alternative Nobel Prize” to honor and support “courageous people solving global problems,” the Right Livelihood Award was granted Wednesday to three activists from Cameroon, Canada, and Russia as well as a legal group in India.

        Right Livelihood has recognized nearly 200 laureates from more than 70 countries since its founding over four decades ago. This year, the Stockholm-based organization considered a record 206 nominees from 89 nations, executive director Ole von Uexkull said during a press conference.

      • Opinion | Embodying Climate Grief, a Conversation With Climate Activists

        A conversation between National Academy of Sciences fellow Dr. Sarah Myhre and National Poetry Series winner Teresa K. Miller on bearing witness to the climate crisis through science and storytelling.

      • Energy

        • The Climate Strike That Wasn’t: What’s Behind Declining Protest in 2021?

          It’s important to look at longitudinal trends in protest to understand how mass political action has changed in recent years. Data from the Center for Strategic and International Studies (CSIS) makes clear that the frequency of demonstration events grew significantly in North America from the late 2000s and early 2010s – during the early Obama years – compared to in the mid-2010s, late in his presidency. Protest events were the most frequent during Trump’s first year in office, and relatively more common in 2018 and 2019 than during the Obama years. The CSIS estimates are not completely ideal, since they refer to all protests in North America, rather than to those in the U.S. However, our alternative measure of news coverage of both “protest” and “demonstrations,” drawn from the Nexis Uni academic database and covering The New York Times as the nation’s “paper of record,” reveals a similar trend. As the figure below demonstrates, total coverage of protests over the last 20 years – measured in number of articles per month – increased significantly over time, spiking in 2003 during the Iraq war, and later in 2011 coinciding with the Madison, Wisconsin protests of Republican Governor Scott Walker’s assault on state worker’s and collective bargaining and with the rise of the Occupy Wall Street movement, and finally during the mid-to-late 2010s with the rise of the Black Lives Matter movement. Protest coverage reached its highest point in 2020, coinciding with the rise of the George Floyd protests, only to fall dramatically in 2021.

          If we were to offer a simplistic explanation for the dramatic decline in protest and protest coverage in 2021, we might adopt the much-repeated leftist platitude that the Democratic Party is the “graveyard of social movements,” and that the rise of Joe Biden’s presidency represents yet another example of how social movements are co-opted and assaulted by smooth-talking Democratic officials who promise to respond to rising protests during Republican administrations but deliver on little to none of their promises. There is some real substantive appeal to this explanation, in that there has been a dramatic decline in protest this year, and it does coincide with the rise of an administration that has promised action on the climate and to address concerns with racial inequality but has not thus far implemented solutions on these pressing crises.

        • Labour’s Transport Chief Rejects ‘Pause’ on UK Airport Expansions Despite Climate Warnings

          Labour’s transport spokesperson has rejected calls to “pause” expansions at UK airports during a party conference event on how to “build back greener” after the Covid-19 pandemic.

          Jim McMahon, Labour’s shadow transport secretary, claimed that some flights were “too cheap”, however, while speaking on a panel event on Tuesday alongside Andy Brown, group corporate affairs director at Manchester Airports Group and Karen Dee, CEO of the Airports Operations Association.

      • Wildlife/Nature

    • Finance

      • Republicans Show They’d Rather Risk Recession Than Allow Democrats to Pass Bills
      • Opinion | GOP Suicide Bombers Threaten Debt-Ceiling Sabotage of US Economy

        Mitch McConnell just had Republicans in the Senate declare a filibuster against a simple piece of legislation that would raise the debt ceiling to keep the federal government running, telling Democrats if they want to avoid a massive and destructive government shutdown they’re going to have to raise the debt ceiling using reconciliation.

      • The Secret to Actually Taxing the Rich
      • Progressives “Hold the Line” for $3.5T Package to Expand the Social Safety Net
      • It’s always about the grift

        I’ve been writing about quacks for over 20 years now if you count my time on Usenet before I launched the first iteration of this blog in 2004. Indeed, my very first (substantive) post asked the question: How can intelligent people use alternative medicine? Soon after, I started deconstructing alternative cancer cure “testimonials” (with many variations over the years) and thus this blog was born. Over the years, I’ve occasionally contemplate another question: Do those pushing alternative medicine “miracle cures,” be they for cancer or other serious diseases, really believe in their quackery or are they just in it for the grift? In other words, are they true believers or scamming grifters? The answer is more complicated than I had initially thought, but when you come right down to it often they’re both. They believed, which led them to start selling their “cures,” and now they’re in it for the grift too.

      • NYT Runs Interference for Billionaires Who Don’t Want Their Wealth Taxed

        According to a White House analysis (9/23/21), the country’s 400 wealthiest families have an effective tax rate of just over 8%. At the New York Times (9/23/21), reporter Jim Tankersley was quick to cast doubt on the figure.

      • A Peek Inside Corporate America’s Ascendant Woke-Industrial Complex

        Nearly a decade and a half after I’d learned it, the Goldman Rule had only grown in importance. In January 2020, at the World Economic Forum in Davos, Goldman Sachs CEO David Solomon declared that Goldman would refuse to take companies public unless they had at least one “diverse” member on their board. Goldman didn’t specify who counted as “diverse,” other than to say that it had a “focus on women.” The bank said that, “this decision is rooted first and foremost in our conviction that companies with diverse leadership perform better,” and that board diversity “reduces the risk of groupthink.”

        Personally, I believe the best way to achieve diversity of thought on a corporate board is to simply screen board candidates for the diversity of their thoughts, not the diversity of their genetically inherited attributes. But that wasn’t what bothered me most about Goldman’s announcement. The bigger problem was that its edict wasn’t about diversity at all. It was about corporate opportunism: seizing an already popular social value and prominently emblazoning it with the Goldman Sachs logo. This was just its latest version of pretending to plant trees in Harlem.

        The timing of Goldman’s announcement was telling. In the prior year, approximately half the open board seats at S&P 500 companies went to women. In July 2019, the last remaining all-male board in the S&P 500 appointed a woman. In other words, every single company in the S&P 500 was already abiding by Goldman’s diversity standard long before Goldman issued its proclamation.

        Goldman’s announcement was hardly a profile in courage; it was just an ideal way to attract praise without taking any real risk: another great risk-adjusted return for Goldman Sachs.

    • AstroTurf/Lobbying/Politics

      • Rhode Island Ed Commissioner Angélica Infante-Green: Cynical Neoliberal Identity Politics Masking A Financial Mega-Scandal

        Unfortunately, of course, there is a hint of truth to this. Last spring, as a child molestation scandal might have sunk her along with former Providence Superintendent Harrison Peters, she accused an unnamed Providence Teachers Union member for calling her the undeniably racist name “AnHELLica.” August Bebel famously quipped that antisemitism was “the socialism of fools” and there certainly were a few clowns taking center ring that day. These clowns have taken center stage quite a few times in the past few years. Owing to a dearth of political education, for example, one group of teachers that were displaced from Cooley High School ended up ranting to the School Board about “political correctness” as if they had just walked out of a Limbaugh broadcast studio.

        Yet despite these issues, which should not be ignored or brushed aside, the scandals remain.

      • Republicans Plotting Against America

        The Republican Party with Donald Trump as its leader is trying to destroy America as we know it.

      • Sanders Slams Pundits, Implores “Tell Me Where We Should Cut” Reconciliation
      • The Perils of One-Party Rule

        Here in Montana there’s not much debate over who is calling the shots. The Republicans took every state-level office in the last election and, other than the judiciary, are in total control of state government. We now have a Republican governor, solid Republican majorities in both chambers of the Legislature, a Republican superintendent of public instruction, state auditor, secretary of state, and all-Republican Public Service Commission.

        Basically, what that means is anything that goes wrong or right in our state government, elections, lawmaking, education system, insurance or utility regulation fall for better or worse in the Republicans’ laps. And yes, that means holding them accountable for those outcomes — which doesn’t mean criticism is necessarily motivated by political partisanship, there’s just no one else to criticize for the decisions when one party holds all the power.

      • US Media Have Distorted Narratives on Haiti Since 1804. It’s Still Happening.
      • New Report Exposes Corporate Scheme to Derail Biden Agenda and ‘Upend Democracy’

        Corporations threatened by the prospect of paying a slightly higher tax rate and exercising a little less power over working people are spending millions to sabotage a far-reaching Democratic reconciliation bill that would expand the social safety net and bolster climate action.

        “We pulled the curtain back on corporate America to find they were trying to put Congress in a headlock.”—Sondra Youdelman, People’s Action

      • Calls to Fire DeJoy Intensify as 10-Year Plan to Sabotage USPS Takes Effect
      • ‘Fire DeJoy’ Demand Intensifies as 10-Year Plan to Sabotage Postal Service Takes Effect

        Defenders of the U.S. Postal Service are urgently renewing their calls for the ouster of Postmaster General Louis DeJoy as his 10-year plan to overhaul the cherished government institution is set to take effect Friday, ushering in permanently slower mail delivery while hiking prices for consumers.

        “DeJoy calls his plan ‘Delivering for America,’ but it will do the exact opposite—slowing many First Class Mail deliveries down, taking their standard from three to five days,” Porter McConnell of Take on Wall Street, a co-founder of the Save the Post Office Coalition, warns in a video posted online late Tuesday.

      • Backed by Sanders and Warren, House Progressives Are Firm on Infrastructure Vote
      • ‘We Had a Deal’: Warren Joins Sanders and House Progressives in Fight for Biden’s Agenda

        Sen. Elizabeth Warren on Tuesday joined fellow Sen. Bernie Sanders in backing House progressives as they fight to ensure that Democrats’ reconciliation package—a potentially historic investment in climate action and the social safety net—passes before Congress gives final approval to a bipartisan infrastructure bill.

        “We had a deal. And that deal was in place long before we voted here in the Senate.”

      • Activists Who Helped Elect Kyrsten Sinema Launch CrowdPAC to Fund Challenger
      • “Who’s at the Table?”: Cori Bush Says Bill Negotiations Need More Representation
      • Podcast: Asa Winstanley on the Purging of Socialists from the U.K. Labour Party
      • Rep. Jared Golden Among Corporate Democrats Obstructing Extension of Expanded Child Tax Credit

        A new report released Wednesday reveals the extent to which a handful of corporate Democrats “are choosing a minority of wealthy households over the millions of children in their states who would benefit from the expansion of the child tax credit” proposed in the Build Back Better Act.

        “It makes no sense economically to hold hostage real help for families just to protect tax breaks for a tiny, wealthy minority.”—Kyle Herrig, Accountable.US

      • #MeanwhileInWilcannia: Leaked Minutes From Emergency Meetings Reveal Govt Officials Blocked Wilcannia Pleas For COVID Help

        At the start of the pandemic, international jetsetters were rushing home to quarantine in five-star hotels at Australian taxpayers’ expense. And complaining about it. At the same time, governments around the country were ‘ring-fencing the vulnerable’ by blocking access to aged care centres, and closing remote Aboriginal communities. Meanwhile in Wilcannia, a chronically overcrowded Aboriginal community in a remote corner of the Far West of NSW, residents there couldn’t even convince the Berejiklian government to give them tents so they could isolate from the virus in their own backyards. Now, 18 months after the COVID-19 crisis began, more than one third of the community has contracted the disease in a shocking outbreak that has captured the world’s attention. Chris Graham, Cherie von Horchner and Jack Marx report*.

      • ‘Everything Is on the Line’: Senate Under Pressure to Protect Abortion Rights

        With reproductive freedom under attack nationwide, six advocacy groups on Wednesday delivered 300,000 petition signatures pressuring the U.S. Senate to urgently pass House-approved legislation that would ensure the right to abortion under federal law.

        The petition delivery and press conference outside the U.S. Capitol came ahead of hundreds of marches planned for Saturday across the country. Organizers of the #RallyforAbortionJustice events are calling on members of Congress to pass both the Equal Access to Abortion Coverage in Health Insurance (EACH) Act and the Women’s Health Protection Act (WHPA).

      • Diversification of Legislation Editing Open Software (LEOS) Using Software Agents – Transforming Parliamentary Control of the Hellenic Parliament into Big Open Legal Data

        [...] Now in its third release, it effectively supports the drafting of legal documents using Akoma Ntoso compatible schemes. However, the tool, originally developed for cooperative legislative drafting, can be repurposed to draft parliamentary control documents. This is achieved through the use of actor-oriented software components, referred to as software agents, which enable system interoperability by interlinking the text editing system with parliamentary control datasets. [...]

      • Diversification of Legislation Editing Open Software (LEOS) Using Software Agents—Transforming Parliamentary Control of the Hellenic Parliament into Big Open Legal Data

        The accessibility and reuse of legal data is paramount for promoting transparency, accountability and, ultimately, trust towards governance institutions. The aggregation of structured and semi-structured legal data inevitably leads to the big data realm and a series of challenges for the generation, handling, and analysis of large datasets. When it comes to data generation, LEOS represents a legal informatics tool that is maturing quickly. Now in its third release, it effectively supports the drafting of legal documents using Akoma Ntoso compatible schemes. However, the tool, originally developed for cooperative legislative drafting, can be repurposed to draft parliamentary control documents. This is achieved through the use of actor-oriented software components, referred to as software agents, which enable system interoperability by interlinking the text editing system with parliamentary control datasets. A validated corpus of written questions from the Hellenic Parliament is used to evaluate the feasibility of the endeavour, and the feasibility of using it as an authoring tool for written parliamentary questions and generation of standardised, open, legislative data. Systemic integration not only proves the tool’s versatility, but also opens up new grounds in interoperability between formerly unrelated legal systems and data sources.

      • [Astroturfer] farms reached 140 million Americans a month on Facebook before 2020 election, internal report shows

        The report found that [astroturfer] farms were reaching the same demographic groups singled out by the Kremlin-backed Internet Research Agency (IRA) during the 2016 election, which had targeted Christians, Black Americans, and Native Americans. A 2018 BuzzFeed News investigation found that at least one member of the Russian IRA, indicted for alleged interference in the 2016 US election, had also visited Macedonia around the emergence of its first [astroturfer] farms, though it didn’t find concrete evidence of a connection. (Facebook said its investigations hadn’t turned up a connection between the IRA and Macedonian [astroturfer] farms either.)

      • How Texas’ social media censorship law could mean more spam in your inbox

        House Bill 20, which passed on Sept. 9, prohibits email service providers from “impeding the transmission of email messages based on content.” Eric Goldman, a professor at Santa Clara University of Law whose research and teaching focuses on internet, IP [sic] and advertising law topics, says this restricts efforts to control email spam.

      • Texas Enacts Social Media Censorship Law to Benefit Anti-Vaxxers & Spammers

        The law has four main provisions:


        a ban on email service providers blocking spam, coupled with a private right of action and statutory damages…for any spammer whose spam gets blocked. THIS IS THE STUPIDEST POSSIBLE POLICY THE LEGISLATURE COULD ADOPT, AND TEXAS RESIDENTS BOMBARDED BY SPAM WILL BE SHOCKED THAT THEIR LEGISLATURE SCREWED THEM OVER.

      • To No One’s Surprise, FOSTA Is Confounding Judges–J.B. v. G6

        The short story is that the initial version of SESTA didn’t link 1595 to 1591, which caused many objectors–myself included–to raise concerns that 1595’s lower scienter requirements would reach too many unintended defendants. In response to this concern, after a pivotal Senate Commerce Committee meeting (one of the most stressful moments of my professional career), the SESTA Manager’s Amendment (which got rolled verbatim into FOSTA) added the heightened scienter requirement–which is what caused the Internet Association (as ordered by Facebook) to flip on SESTA and endorse it. So efforts to write the 1591 precondition out of the statute are an attempt by plaintiffs to reclaim the original SESTA proposal, even though that’s exactly what Congress chose NOT to do as part of the bargain to advance the legislation. It’s frustrating, but hardly unexpected, to see historical revisionism by plaintiffs–but ultimately, I blame FOSTA and everyone who has supported it, because Congress was warned about these impending jurisprudential trainwrecks and went ahead anyways.

        (If your head is hurting trying to sort through all of this, you are not alone).

      • China clamps down on pop culture in bid to ‘control’ youth

        In a series of sweeping measures, Beijing has moved to check what it considers the excesses of modern entertainment, and urged social media platforms to promote patriotic content.

      • This is Facebook’s internal research on the mental health effects of Instagram

        The research slide decks are available on Facebook’s newsroom here, split into two PDFs. We’ve also embedded the PDFs at the bottom of this story. Notably, the two PDFs have been annotated by Facebook in an effort to provide context.

      • Senators gear up for bipartisan grilling of Facebook execs

        Concerns over social media’s impact on kids’ health and privacy have been a rare unifying issue in Washington, though the collective fury has failed to produce swift legislative action on proposals to regulate platforms.

      • Russia threatens ‘retaliatory measures’ after YouTube’s removal of RT channels

        YouTube announced earlier Wednesday that it would ban several prominent accounts that contained false information about vaccines, part of a larger effort by the video platform to crack down on medical misinformation.

        Under the new policy, the site, owned by Google, will take down any videos that claim approved vaccines cause cancer or infertility.

      • Russia threatens to block YouTube, Kremlin urges ‘zero tolerance’

        Berlin denied an allegation by the Russian foreign ministry that YouTube’s decision had been made with clear and tacit support from the German authorities and local media.

      • Yanis Varoufakis on Angela Merkel’s Legacy, European Politics & the “Sordid Arms Race” on the Seas

        The center-left Social Democratic Party in Germany has narrowly claimed victory in an election that marks an end to the 16-year era of Angela Merkel’s conservative chancellorship. We look at what this means for Europe and the world with Yanis Varoufakis, a member of the Greek Parliament and the former finance minister of Greece. The SDP’s narrow victory should be viewed critically, says Varoufakis, noting that the party “ruthlessly” practiced austerity in 2008 and 2009. “Not much has changed,” Varoufakis says. “It’s not as if an opposition party won.”

    • Censorship/Free Speech

      • Content Moderation Case Studies: Coca Cola Realizes Custom Bottle Labels Involve Moderation Issues (2021)

        Summary: Content moderation questions can come from all sorts of unexpected places — including custom soda bottle labels. Over the years, Coca Cola has experimented with a variety of different promotional efforts regarding more customized cans and bottles, and not without controversy. Back in 2013, as part of its “Share a Coke” campaign, the company offered bottles with common first names on the labels, which angered some who felt left out. In Israel, for example, people noticed that Arabic names were left off the list, although Coca Cola’s Swedish operation said that this decision was made after the local Muslim community asked not to have their names included.

      • LinkedIn Blocks Some User Profiles in China

        In a statement to VOA, LinkedIn defended its actions, saying that as a global platform it “respects the laws that apply to us, including adhering to Chinese government regulations for our localized version of LinkedIn in China.”

        Profiles that have been limited in China are still “visible across the rest of the globe,” LinkedIn said.

      • ” By the Koran of Mecca I will smoke you out”: Zemmour (again) threatened with death

        On Twitter, Eric Zemmour lamented this aggression, which he said was “the daily fate of so many French people”. The MP for the Alpes-Maritimes department and candidate in the right-wing primaries, Éric Ciotti, also reacted on the social network, assuring Eric Zemmour of his “support”. “No personality involved in political life should be threatened because of their opinions,” he added.

      • 14 Cuts in 25 Minutes: How Hong Kong Censors Movies

        Beyond the national security law, the government plans to toughen its censorship policies to allow it to ban or force cuts to films deemed “contrary to the interests of national security.” Such powers would also be retroactive, meaning the authorities could bar films that were previously approved. People that show such films could face up to three years in prison.

        “Part of the underlying goal of this law is to intimidate Hong Kong filmmakers, investors, producers, distributors and theaters into internalizing self-censorship,” said Shelly Kraicer, a film researcher specializing in Chinese-language cinema. “There will be a lot of ideas that just aren’t going to become projects and projects that aren’t going to be developed into films.”

      • Pakistan’s government wants to impose centralised censorship office

        RSF and its Pakistani partner, Freedom Network, are supporting the campaign that Pakistani media outlets and journalists have launched against the proposed legislation, which was first unveiled in June and would create a powerful new entity called the Pakistani Media Development Authority (PMDA).

      • ‘Woke’ censorship: US free speech group sorry for removing ‘women’ from Ginsburg abortion quote

        “When the government controls that decision for her, she is being treated as less than a full adult human responsible for her own choices.”

        But in the version that the ACLU shared on Twitter, it removed any reference to women.

    • Freedom of Information/Freedom of the Press

      • FreeTheTruth – Bjartmar Alexandersson interviewed by Dr Deepa Driver
      • EFF, Access Now, and Partners to European Parliament: Free Speech, Privacy and Other Fundamental Rights Should Not be Up for Negotiation in the Digital Services Act

        To ensure the DSA is moving in the right direction, we are calling on the European Parliament to reject proposals that cross the line to undermine pillars of the e-Commerce Directive crucial in a free and democratic society. In a letter to members of Parliament today, we are sending a clear message that free speech online, protection of marginalized groups, and respect for users’ private communication are key principles that should not be up for negotiation.

        Specifically, proposals by the EP Committee on Legal Affairs (JURI) to limit liability exemptions for internet companies that perform basic functions of content moderation and content curation would contradict EU Court of Justice case law and result in over-removal of legitimate content at large scale. These dangerous ideas, up for committee vote this week, should be rejected. The DSA should make sure that online intermediaries continue to benefit from comprehensive liability exemptions in the EU and not be held liable for content provided by users. Any modifications that result in short-sighted content removals of legitimate speech or which otherwise do not comply with fundamental rights protections under the EU Charter and the jurisprudence of the Court of Justice should be rejected.

        Further, measures that would force companies to analyze and indiscriminately monitor users’ communication or use upload filters have no place in the DSA. Protecting the privacy of users and their personal data is a fundamental right laid down in the EU Charter. They should honor users’ expectation of privacy and protect their right to communicate free of monitoring and censorship.

    • Civil Rights/Policing

      • Court To Sheriff: Sending An Officer To Tell A Teen To Delete Instagram Posts Is So Very Obviously A Rights Violation

        Wisconsin is apparently America’s Karen.

      • Our Union Has Been Fighting for Voting Rights All Year

        On September 14, the Senate introduced the Freedom to Vote Act, a bill that would do more to protect American democracy than any law since the Voting Rights Act of 1965. The news flew under the radar in California, where citizens were busy voting in our recall election. In a sense, it was perfect timing. The recall, which saw incredibly high turnout driven by millions of ballots cast through our state’s universal vote-by-mail provision, made a strong case for precisely the kind of commonsense voting laws that we need to enact on a national level.

      • Grandma Knows Best
      • Keeanga-Yamahtta Taylor, “Race For Profit”
      • Hacking Migration

        Back in the Trump era, when every day brought new official policies designed to make the lives of would-be-immigrants hell, Dr. Luis Romero Guerra, a dual-national who is currently strategic capacity officer for the Tijuana-based Catholic Legal Immigration Network, Inc (CLINIC), was finding it nearly impossible to keep up. Guerra, a tall, hefty man with cropped hair and bloodshot eyes, wearing a mauve T-shirt, jeans, and blue sneakers initially got involved in immigrant rights work a decade ago after seeing families with children incarcerated at the Dilley Family Detention Center in Texas. By the middle of the Trump presidency, tens of thousands of migrants had cooped up in Mexico in what were effectively refugee camps, as a result of the Orwellian-sounding Migrant Protection Protocols. Migrants were fleeing a brutal combination of poverty, government corruption, gang violence, and environmental collapse.

      • EFF Stands With #SaveAlaa, Calls for Release of Alaa Abdel Fattah, Activist and Friend

        Fattah began using his technical skills almost 20 years ago to connect technologists across the Middle East and North Africa with each other and build online platforms so that others could share opinions and speak freely and privately. The role he played in using technology to amplify the messages of his fellow Egyptians—as well as his own participation in the uprising in Tahrir Square—made him a prominent global voice during the Arab Spring, and a target for the country’s repressive regimes, which have used antiterrorism laws to silence critics by throwing them in jail and depriving them of due process and other basic human rights.Fattah’s latest arrest, in 2019, occurred just six months after he was released following a five-year prison term for his role in the peaceful demonstrations of 2011. He was re-arrested in a massive sweep of activists and charged with spreading false news and belonging to a terrorist organization. The crackdown comes amidst a number of other cases in which prosecutors and investigation judges have used pre-trial detention as a method of punishment. Egypt’s counterterrorism law was amended in 2015 under President Abdel-Fattah al-Sisi so that pre-trial detention can be extended for two years and, in terrorism cases, indefinitely.Fattah has been held without trial at Tora Prison, without access to books or newspapers, no exercise time or time out of the cell and—since COVID-19 restrictions came in to play—with only one visit, for twenty minutes, once a month.Over the years Fattah has continued to speak out for human rights even while jailed, and has shown great courage while facing conditions meant to silence him. Now his calls for justice and free speech will be available for all to read. “You Have Not Yet Been Defeated” is set for release in spring of 2022, and can be pre-ordered on Amazon and other online sources. Fattah speaks with passion in the book about his love for his country and why he has stood up to the regime and joined protestors in Tahrir Square.

        Fattah’s family warns that he is in imminent danger, his mental health is failing after two years of cruel treatment by the Ministry of Interior and National Security. “His life is in danger, in a prison that operates completely outside the space of the law and in complete disregard of all officials,” they said in a recent statement.We urge everyone to order “You Have Not Yet Been Defeated,” and contact your elected representatives to ask that they contact their counterparts in Egypt. We must raise awareness about his situation and put pressure on the Egyptian government to release him. His book is a testament to his resilience, and we urge everyone to do everything they can so Fattah, who stands for the right to freedom of expression, association, and assembly, is not defeated.

      • Alabama GOP Condemned for Plan to Build Prisons With Covid-19 Funds

        “To be clear, the current state of the Alabama prison system is abhorrent, but the use of Covid-19 relief funds to pay for decades of our state’s neglect is simply unacceptable.”—Rep. Terri Sewell (D-Ala.)

      • Muslim Man Chokes Own Mother To Death For Converting From Islam To Christianity

        An Israeli man has been charged on Monday, Sept. 27, for murdering his own mother and hiding her body, in August earlier this year, for converting from Islam to Orthodox Christianity.

      • Elderly Christian Woman Beaten for Housing Converts from Islam

        “When he mentioned that he was a pastor, we opened only to see several men outside,” the Christian said. “We rushed into one of the rooms and hid ourselves on top of the ceiling. The attackers could not find us and landed on our spiritual grandmother, saying, ‘Let us kill her.’ Another said she was too old.”

      • Why India’s ex-Muslims struggle for recognition amid fear of retribution from the community

        According to him, there are many Muslims who have got disillusioned with the “outdated beliefs” of Islam, but do not come out in the open due to fear of retribution. “It is the need of the hour to spread awareness that it is perfectly fine to leave Islam,” he says.

        What is also worrisome for ex-Muslims is the violence perpetrated against them in the name of apostasy. “I know of a family that converted to another religion in Hyderabad. The family and children were tortured by local religious mobs to such an extent that the gentleman lost his mental balance and is now in an asylum,” he says, unwilling to reveal the identity of the family for their safety. “The killing, torture and marginalization of those who leave Islam needs to end.”

    • Internet Policy/Net Neutrality

      • FCC Commissioner Simington Says Universal Fiber to the Home Can Wait

        Modernizing the Universal Service Fund has been one of the hot topics for broadband this year. The fund, which extends basic telecom services to all Americans, has been called unsustainable due to its reliance on shrinking voice revenues.

        Some have suggested that the fund’s reliance be wholesale replaced with general taxation from Congress, while others have said that the fund’s revenue base should be extended to include the increasing broadband revenues.

        Simington prefaced his comments by saying he didn’t want to get ahead of Congress, which would set the parameters of a new regime, but raised previous recommendations – including from FCC Commissioner Brendan Carr – that part of the money can come from big technology companies, like Facebook and Google.

    • Monopolies

      • Microsoft CEO Politely Confirms Trump TikTok Fracas Was Dumb, Performative, Nonsense

        Last year we noted how the calls to ban TikTok didn’t make a whole lot of sense. For one thing, a flood of researchers have shown that TikTok is doing all the same things as many other foreign and domestic adtech-linked services we seem intent to…do absolutely nothing about.

      • Patents

        • Court of Appeal confirms requirement for human inventor in ‘DABUS’ case [Ed: Courts are a lot more sane and less corrupt then lying lawyers; but the provocateur will carry on trying for fame and publicity]

          On 21 September 2021 the Court of Appeal handed down its decision in THALER v COMPTROLLER GENERAL concerning allowability of UK patents having an AI based machine known as DABUS (short for Device for the Autonomous Bootstrapping of Unified Sentience) listed as an inventor. A copy of the decision can be found here.

          The Court of Appeal rejected Dr Thaler’s appeal and upheld decisions of the UKIPO hearing officer and the High Court that applications were deemed withdrawn where no human inventor is named (only an AI system was named as the inventor). Dr Thaler’s appeal was rejected by a majority 2-to-1 decision.

        • Can AI qualify as an “inventor” for the purposes of patent law? [Ed: People who are actually honest about the real purpose of patent law know that the answer is "No" and DABUS is just provoking the system with the help of dishonest yet persuasive (in Australia and South Africa) lawyers]

          The Court of Appeal has ruled that an artificial intelligence machine cannot qualify as an “inventor” for the purposes of Sections 7 and 13 of the Patents Act because it is not a person. Further, in determining whether a person had the right to apply for a patent under Section 7(2)(b), there was no rule of law that new intangible property produced by existing tangible property was the property of the owner of the tangible property, and certainly no rule that property in an invention created by a machine was owned by the owner of the machine.

        • Serial Filing of IPRs and as Reexamination [Ed: Patent zealots (Crouch is now funded by patent litigation giants) try to reinforce the narrative of death (“kill patents”, “death squads”, “serial kill”) to demonise those looking to squash fake patents that should never have been granted by USPTO]

          Vivint sued Alarm.com for infringing its US Patent 6,717,513. Alarm.com responded with three different inter partes review (IPR) petitions. Those three petitions were denied at the institution stage. Two of the petitions were denied on the merits, the third petition was denied based upon the “abusive” IPR filing practices of Alarm.com (noting that there were 15 total IPRs filed involving ‘incremental petitioning’).

          A year later Alarm.com petitioned for ex parte reexamination of the ‘513 patent. Most of the reexamination petition was word-for-word identical to the IPR petitions, although there was one new reference added for two of the four patentability questions. The PTO ordered the examination and eventually concluded that that the challenged claims were not patentable.

          Inter Partes Review and Ex Parte Reexamination both involve an initial threshold stage where the patent office must decide whether the petition presents a sufficient case to move forward with the full review. But, the standard for IPR is much higher than that of reexamination. IPR’s are only initiated upon a finding of a “reasonable likelihood” that at least one claim will be cancelled while reexaminations require only a “substantial new question of patentability.” Thus, it logically makes sense that a challenge might fail the IPR threshold, but still be sufficient to surpass the reexam requirement.

        • Comment: Can AI be recognised as an inventor? [Ed: "Richard Johnson is patent attorney with IP firm Mewburn Ellis". A site called "The Engineer" has been infiltrated not by engineers but litigation fanatics and profiteers.]
        • Applied UV Receives Notification of Patent Allowance from European Patent Office for Pathogen Destroying Devices
        • [Older] Toyota’s self-driving haul from Lyft includes 100+ US patent assets

          Woven Planet, the subsidiary leading Toyota’s self-driving push, acquires a raft of global patent assets from ride-hailing app Lyft

        • [Older] Sisvel ties-up Oppo deal after multi-jurisdictional patent dispute settles

          After a two-year litigation battle, Sisvel and Oppo have agreed a peace deal that leaves the Chinese company with a licence to SEPs covering cellular technology

        • [Older] China’s overseas patent application volume remains high, but growth is slowing

          State IP funding programmes have helped fuel patent application growth by Chinese entities, but as subsidies are wound down the rate of increase for foreign filings is already beginning to decline

        • [Older] Elon Musk does not hate patents and Tesla’s famous pledge is not as generous as it seems

          Tesla will not initiate a lawsuit against any party for infringing its patents through activity relating to electric vehicles, but it does not say anything about other technologies

        • Philip Morris IQOS Imports Barred in Reynolds Tobacco Fight [Ed: Monopoly over giving cancer to millions of people]
        • Australian appeal to determine future of global relationship with AI [Ed: This is false. Australia does not matter much to the patent system (except its villain, Gurry, who is now powerless)]

          While DABUS was named as the inventor on the application, the Deputy Commissioner held that an AI system was incapable of being considered the inventor for the purposes of 3.2(C)(2)(aa) of the Patents Regulations 1991 (Cth), and therefore no inventor had been named.

          The question faced by the Court was whether a valid application had been lodged, not whether the application should be approved. To answer this, the Court spent substantial time considering section 15(1) (below) which prescribes who may be granted a patent, and particularly sections 15(1)(b) and (c) with respect to granting a patent to a person where the inventor is not themselves a natural person.

        • The Unified Patent Court (UPC) – another step forward – provisional application period close to commencing [Ed: See meme rebuttal]

          Germany’s deposit of its ratification of the UPC protocol on provisional application on 27 September, 2021, and suggestions that Slovenia and Austria may also ratify shortly, mean that the provisional application period during which the practical arrangements for the UPC will be put in place, which this protocol (once sufficiently ratified) will usher in, now looks likely to commence before the end of 2021 and possibly even as soon as October. If so, the UPC could start to function fully from mid-2022, as has been suggested by the UPC Preparatory Committee in recent comments.

          The UPC start date is still dependent on the date of Germany’s deposit of its instrument of ratification of the UPC Agreement (UPCA) with the EU Council, but once deposited, the new court system will commence on the 1st day of the fourth month after the month in which that deposit occurs. Germany will not trigger this timetable until all the practical arrangements are in place. As the UPC Preparatory Committee commented following Germany full ratification of the protocol this week, “When it is clear that the UPC will be operational upon the entry into force of the UPCA the final ratification of the Agreement by Germany can take place serving as a “gatekeeper” for Member States to ensure a proper process”.

        • Germany Sets Up Unified Patent Court For 2022 Launch [Ed: This is false because it cannot even get started; UPCA is stuck and UK is not rejoining the EU to ratify UPCA; See meme rebuttal]

          The German federal government has approved the rules governing the European Union’s Unified Patent Court system and expects the court to begin functioning in mid-2022.

          Germany’s Federal Ministry of Justice and Consumer Protection announced the move Monday, which ratified the protocols for the UPC system, which is designed to allow patent disputes in the EU to be adjudicated in a single case before one court.

        • Software Patents

          • Eligibility: Which Case Will the SCT Choose as its Vehicle?

            ENCO and DaVincia compete in the market for automated captioning of audio signals. ENCO did not invent the general concept, but its patent brings together a number of important features make it workable and with a 2000 application priority filing date.


            Unlike Barbed-wire Glidden who did have a novel way of wrapping wire compared with the prior art, I don’t believe that any of ENCO’s individual elements have a point of novelty. Rather, the novelty of the invention involves putting them all together into a method that works.

            In its decision, the Federal Circuit ruled that ENCO’s claims were directed to “simply the abstract idea of automating the AV captioning process.” But, the claims did not provide any specific technological improvement: “The advance is only at the abstract level of computerization because claim 1 fails to set forth specific techniques for processing the data, instead reciting known computer techniques for automation of known processes.”

            ENCO’s petition argues that “the Federal Circuit reached the wrong result” since the patent claims a “method of solving a technological problem using physical components executing defined steps to produce a tangible result.”

      • Copyrights

        • TikTok settles lawsuit with actress over its original text-to-speech voice

          TikTok has agreed to settle a lawsuit with Bev Standing, the voice actress who said she was behind the app’s original text-to-speech voice. Standing sued TikTok in May, saying that the app was using her voice without permission. A robotic version of what sounded like Standing’s voice had been in the app for months, speaking over what felt like every other video at the time.

        • TikTok stole my voice, says woman behind viral text-to-speech feature

          Ms Standing, a professional voice actor in Ontario, Canada, is better known as the “voice of TikTok”, the computer generated speech that narrates thousands of videos on the app.

          Since launching in late 2020, TikTok’s text-to-speech feature has become one of its most viral features, giving the effect of having a virtual assistant like Siri narrating a user’s videos.

          But Ms Standing, whose recordings made for a different company in 2018 were used to build the feature, says she never gave permission for her voice to be used.

        • Upcoming vote on Digital Services Act in JURI committee: Pirate MEP Patrick Breyer fears massive threats to fundamental rights

          On Thursday, the European Parliament’s Committee on Legal Affairs (JURI) will vote on the compromise proposals drafted by French opinion rapporteur Geoffroy Didier (EPP) on the Digital Services Act. MEP Patrick Breyer (Pirate Party), shadow rapporteur of the Greens/EFA group, considers the proposals dangerous in many respects. Together with his Renew and S&D colleagues he puts alternative compromise amendments to the vote: [...]

          „The Rapporteur’s proposals are radical. They would i.e. threaten the secrecy of private correspondence and end-to-end encryption, mandate and encourage error-prone ex-ante upload filtering, introduce excessively short content take-down delays, enforce excessive national laws (e.g. in Poland or Hungary) throughout the EU and even globally, turn ‚trusted flaggers‘ into ‚trusted censors‘ and much more. I expect the vote to be very tight on several of these issues.

        • CEO of Major Anti-Piracy Company Arrested in Russia For High Treason

          Cybersecurity company Group-IB, which for several years has investigated hundreds of pirate sites and their connections to organized crime, is currently in the midst of a huge scandal in Russia. Company founder Ilya Sachkov was arrested by local security services this week under suspicion of treason and working with foreign intelligence services.

        • Court Rejects Trump’s Motion to Dismiss ‘Electric Avenue’ Lawsuit on Fair Use Grounds

          In 2020, British singer-songwriter Eddy Grant filed a lawsuit against then-President Donald Trump over the unlicensed use of his 1982 song ‘Electric Avenue’. Trump’s lawyers attempted to have the copyright claim thrown out, claiming that any use of the song was protected under the doctrine of fair use. U.S. District Judge John Koeltl has now rejected that motion stating that the fair use factors weigh in favor of Grant.

Welcome Back, Richard Stallman

Posted in Free/Libre Software, FSF, Videos at 4:29 am by Guest Editorial Team

Published on September 29, 2021. Reproduced with consent. Original article here.


tarting from March 2020, Richard Stallman’s speeches in person had to be canceled due to COVID-19 restrictions. After the restrictions were reduced, he held his first in-person speech in Kyiv, Ukraine, on September 18, 2021.

During that speech, he was welcomed back with applause twice:

1. The audience interrupted Stallman with applause when he mentioned he is back on the FSF Board of Directors. #back-on-board

2. People reacted with applause when RMS observed that this was his first presentation of St. iGNUcius since 2019 (he presents it at some in-person speeches). #back-in-person

These welcome-back reactions by an Ukrainian physical audience are to confirm what the community at large had already expressed in numerous comments, articles, and testimonies throughout the Internet.

The letter of support, with 6,850+ signatures that show a large number of non-American supporters, provides further evidence that the international free software community, including minority groups, rejects the defamation and smear campaign launched against Richard Stallman in the United States.

A comment from an attendee:

Great lecture. A wonderful experience to see and hear Richard live. A very educated, consistent and rational person. By Kira, translated from Russian

Worth noting the number of female attendees that can be seen in the full video.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts