EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Links 25/8/2018: Go 1.11, LLVM 7.0 RC2

Posted in News Roundup at 11:20 am by Dr. Roy Schestowitz

GNOME bluefish



  • Desktop

    • Google Chrome OS

      Chrome OS is Google’s cloud-connected desktop operating system. This web-apps focused OS powers mostly inexpensive chromebooks, offering a low-cost desktop option for those of modest means or basic needs. That affordability, along with tie-ins to Google’s online productivity apps, has made the OS popular in the education market. The recent addition of the ability to run Android apps has given the OS new life and millions of new software choices, though the support for those apps is inconsistent. With that major integration still ongoing, Chrome OS feels like something of a work in progress, one that’s not suited to high-power computing needs. Still, for the right users, Chrome OS is a strong choice.

    • New Chrome OS v69 beta hits the Pixelbook with Linux support, night light, and more

      Google announced Linux app support on Chrome OS back at I/O, but it’s been slow to move it out of the dev channel. Finally, the Pixelbook just got a new build of Chrome v69 update that adds the beta Linux support. That’s not all—this was a rather major update.

      Make sure you have plenty of battery before installing this update. In addition to tweaking Chrome OS, the latest update brings changes to the BIOS and touchpad firmware. The installation process will take a few minutes longer than usual as a result. Once you get up and running, you can enable Linux support in the system settings. We have a handy tutorial to get you started installing Linux-y things.

    • How Google’s rumored ‘Campfire’ dual-boot Chromebooks may burn Microsoft

      even years ago, Google began an assault on Windows PCs with its cloud-centric Chromebook PC alternative. Google’s leveraging of a more secure, easier to manage, and more affordable “PC” positioned Chromebooks for market success. Despite this success, however, Chromebooks’ global market share still pales in comparison to Windows PC’s seemingly indomitable presence.

      Google remains committed to an unrelenting multifaceted assault on Windows PCs, in an attempt to position Chromebooks as the “PC” for the modern personal computing age. Android apps on Chrome, aggressive Chromebook ads, a strategic push in schools, Progressive Web App (PWAs), and low Chromebook prices are all tools Google has and will use to make Chromebooks appealing to the masses.

      Campfire, Google’s rumored Windows and Chrome dual-boot solution, is just the latest, and possibly most important, tool in Google’s arsenal to unseat Windows PCs as the PCs for the masses.

    • Some of Google’s Chromebook laptops won’t be getting support for Linux apps

      When Chromebooks first came out, you were limited to a small selection of apps, all made by Google. Over time, the company has opened up Chrome OS to accommodate third-party Android apps, and it’s recently added support for regular Linux apps as well. However, it turns out that a number of Chromebooks have a version of the operating system that’s simply too old to be compatible with this new batch of software.

  • Server

    • Is Kubernetes free as an open source software?

      So, is Kubernetes free?

      Yes, but also no.

      Pure open source Kubernetes is free and can be downloaded from its repository on GitHub. Administrators must build and deploy the Kubernetes release to a local system or cluster or to a system or cluster in a public cloud, such as AWS, Google Cloud Platform (GCP) or Microsoft Azure.

      While the pure Kubernetes distribution is free to download, there are always costs involved with open source software. Without professional support, Kubernetes adopters need to pay in-house staff for help or contract someone knowledgeable. The Kubernetes admin needs a detailed working knowledge of Kubernetes software build creation and deployment within a Linux environment.

      In effect, users need to know what they’re getting into before they adopt open source software in the enterprise.

  • Kernel Space

    • Linux 4.18.5
    • Linux 4.17.19
    • Linux 4.14.67
    • Linux 4.9.124
    • Linux 4.4.152
    • What Stable Kernel Should I Use?

      I get a lot of questions about people asking me about what stable kernel should they be using for their product/device/laptop/server/etc. all the time. Especially given the now-extended length of time that some kernels are being supported by me and others, this isn’t always a very obvious thing to determine. So this post is an attempt to write down my opinions on the matter. Of course, you are free to use what ever kernel version you want, but here’s what I recommend.

      As always, the opinions written here are my own, I speak for no one but myself.

    • Happy birthday, Linux: 27 years

      Linux celebrates another birthday today—27 years! And we couldn’t be more pleased to share in the excitement. Many of our readers are Linux users, fans, nerds… the list of adjectives describing them goes on. What would you call yourself?

      I’d say I’m a Linux newbie with mad respect. On the technical side, I installed Linux for the first time in 2014. On the community side, I’ve been working with Linux folks for six years as an editor for Opensource.com. Because we gather and publish articles from the great, wide community of users out there, I meet and get to know hundreds of Linux users from all walks of life, of all ages and stages on their Linux journey. It’s a fascinating world, because Linux is eating the world with its millions of users, but also because Linux users are a passionate bunch. They feel that they’re on to something special. And they are.

    • Linus Torvalds announced the first version of what became Linux in 1991

      Linux, a free and open-source software operating system, was built around Linux Kernel, the central part of Linux operating systems, Android and Chrome OS. It all begun, when Linus Torvalds started working on his own operating system kernel in 1991. Linus Benedict Torvalds, a Finnish-American software engineer, was studying computer science at University of Helsinki. Linus wrote the program specifically for the hardware he was using and developed it on MINIX using the GNU C Compiler. Torvalds ended up writing an operating system kernel and announced it by posting to the newsgroup “comp.os.minix.” on 25 August 1991. Linux gained importance in 1992 after the X Window System was ported to Linux by Orest Zborowski.

    • Happy Birthday, Linux!

      Happy Birthday, Linux! It’s 27 years since Linus Torvalds’ famous Linux announcement of his (now hugely influential) open source operating system.

    • 27 Interesting Facts about Linux

      In honour of Linux’s birthday here’s a list 27 interesting facts about Linux, its creator Linus Torvalds, and the impact his “hobby” OS has had on the world.

      Since its creation back in 1991, the open source Unix-like operating system has gone on to revolutionise the world, empower startups, birth new industries, and help in the creation of new types of gadgets and technologies.

    • What was the most important moment in the history of Linux?

      Today Linux powers so much of the world’s infrastructure that it’s honestly hard to think of an industry that hasn’t been significantly shaped by its progress. From banks to healthcare giants to airlines, to almost all of the most popular websites in use today, and perhaps even the phone in your pocket, the world runs on Linux.

    • Intel Has Also Relicensed Their FSP Binaries: A Big Win To Coreboot, LinuxBoot

      There’s some good news beyond Intel’s CPU microcode re-licensing to clear up the confusion among users and developers this week: Intel is also re-licensing their FSP binaries to this same shorter and much more concise license.

      The FSP “Firmware Support Package” binaries used by the likes of Coreboot, LinuxBoot, and Facebook’s Open Compute Project is under this same license now as the CPU microcode files. The FSP bits have been closed-source for several generations but are used by Coreboot and friends for allowing their “BIOS” to be as open as possible otherwise. The Intel Firmware Support Package is basically the firmware that initializes the processor, memory controller, chipset, and other certain bits that unfortunately don’t have open-source initialization code available.

    • Linux Kernel Getting Better Support For The Apple Magic Keyboards

      The Magic Keyboard that was introduced by Apple in 2015 is seeing improved Linux support with a new kernel patch that’s pending.

      The Apple Magic Keyboard has worked with Linux already when using the USB-based connection, but not Bluetooth (though some have managed workarounds). Additionally, the Apple Magic Keyboard having the numeric keypad hasn’t worked with either USB or Bluetooth.

    • Linux Kernel And Its Functions

      People use Linux every day. Today almost all electronic products are built on Linux and the most popular ones are Android devices. Every day almost 850,000 Android devices are activated which is the largest compared to any other mobile devices manufacturer such as Windows phone, iPhone etc. It’s not just smartphones that Linux runs but every other gadget from your TV to a refrigerator is running on Linux. So how is this all possible and what is Linux all about? Let’s talk about this.
      Before identifying the main functions that the famous Linux Kernel has, it is vital to define what is the Linux Kernel.

    • A Global Switch To Kill Linux’s CPU Spectre/Meltdown Workarounds?

      Something I have seen asked in our forums and elsewhere — most recently on the kernel mailing list — is whether there is a single kernel option that can be used for disabling all of the Spectre/Meltdown workarounds and any other performance-hurting CPU vulnerability workarounds.

      With many of the mitigation patches for these speculative execution vulnerabilities hitting many processors these days, there’s often a measurable “performance tax” associated with them. Fortunately, for most of the mitigations they can be disabled at run-time via various options.

    • WireGuard Takes Another Step Towards The Mainline Linux Kernel

      Jason Donenfeld who has now spent years working on WireGuard as an in-kernel, secure network tunnel sent out a second version of his kernel patches on Friday.

      At the end of July he sent out the initial kernel patches for review and following that month worth of feedback he now has V2. The revised work includes splitting up some of the Zinc crypto code, code clean-ups, and other low-level improvements to this code.

    • IBM Posts Initial Patches For Linux Secure Virtual Machine On POWER

      IBM developers on Friday posted their initial Linux kernel patches for enabling Secure Virtual Machine (SVM) support with POWER hardware.

      These “request for comments” patches are their preliminary work on supporting Secure Virtual Machines on POWER.. The goal is on making the guest’s memory inaccessible to the hypervisor, similar to the work done by AMD for EPYC CPUs with Secure Encrypted Virtualization and as well some work by Intel for their CPUs.

    • Linux Foundation

      • Performance and Scalability Systems Microconference Accepted into 2018 Linux Plumbers Conference

        Core counts keep rising, and that means that the Linux kernel continues to encounter interesting performance and scalability issues. Which is not a bad thing, since it has been fifteen years since the “free lunch” of exponential CPU-clock frequency increases came to an abrupt end. During that time, the number of hardware threads per socket has risen sharply, approaching 100 for some high-end implementations. In addition, there is much more to scaling than simply larger numbers of CPUs.

    • Graphics Stack

      • RadeonSI Gets Patches For OpenGL 4.5 Compat, Workaround For No Man’s Sky On Steam Play

        Valve open-source Linux GPU driver developer Timothy Arceri has spent a lot of time in recent months improving the RadeonSI Gallium3D driver’s OpenGL compatibility profile support. Now there are patches taking it up to par with the core profile context support.

        With the imminent Mesa 18.2 release the RadeonSI OpenGL compatibility profile support has gone from OpenGL 3.2 to OpenGL 4.4 thanks to Arceri, Marek at AMD, and other contributors. This Friday morning Timothy has now posted patches bumping it to OpenGL 4.5.

      • RadeonSI Gets Another Handful Of OpenGL Extensions, Mirroring The PRO Driver’s Behavior

        Prolific Mesa contributor Marek Olšák has landed support for more OpenGL / OpenGL ES extensions into the RadeonSI Gallium3D driver.

      • AMD Posts Open-Source Vulkan Driver Code For Vega 12 GPU

        AMD developers have done their weekly code drop to their official open-source Linux Vulkan driver code. This week there are fixes while most interesting is initial support for the yet-to-launch Vega 12 graphics processor.

      • Looks like AMD just open sourced their V-EZ Vulkan wrapper

        When they initially announced V-EZ, they said it would be closed source and they would be working with “professional ISVs who would benefit from acquiring the source code”.

        I’ve seen a lot of developers mention how Vulkan really is a much more complex beast, which makes sense since it’s supposed to be closer to the hardware than OpenGL with a smaller, leaner driver giving developers more power and control. That’s not great for everyone though, so projects like this are still going to be useful. Previously, their GitHub page said “V-EZ is not aimed at game developers.”, however they seem to have removed that now too.

      • weston 5.0.0

        This is the official release of weston 5.0.0.

      • Wayland 1.16 Released, Likely The Last Time-Based Release, Plus Weston 5.0

        Current Wayland/Weston release manager Derek Foreman of Samsung OSG today announced the release of Wayland 1.16 as well as the Weston 5.0 reference compositor.

        Wayland 1.16 brings build system updates, drops the wl_buffer definition, the protocol now supports a zero physical size output, and other small work… Really nothing too major in Wayland 1.16.

      • mesa 18.1.7

        Mesa 18.1.7 is now available for general consumption. This release has been rather small compared to the last few release, There’s just a handful of fixes in total. Meson, radv, anv, gallium winsys, intel, i965, and r600 were the only recipients of fixs this go around.

      • Mesa 18.1.7 Released With Few Bug Fixes

        Mesa 18.1.7 ships with the last two weeks worth of fixes in the Mesa stable space. But overall this isn’t nearly as big as past Mesa 18.1 point releases. Mesa 18.1.7 has some minor fixes to R600 Gallium3D, Intel i965, RADV Vulkan driver fixes, the Doom workaround has been back-ported to RADV, and a variety of other fixes.’

    • Benchmarks

  • Applications

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • Akademy, Akadeyou
      • Akademy Group Photo Automator

        Every year we take a group photo at Akademy and then me or one of the Kennies manually marks up the faces so people can tag them and we can know who we all are and build community. This is quite old school effort so this year I followed a mangazine tutorial and made Akademy Group Photo Automator to do it. This uses an AI library called face_recognition to do the hard work and Docker to manage the hard work and spits out the necessary HTML. It was a quick attempt and I’m not sure it did much good in the end alas. The group photos tend to be quite disorganised and whoever takes it upon themselves to direct it each year makes basic mistakes like putting everyone on a flat stage or making everyone wave their hands about which means many of the faces are half covered and not recognised. And it seems like the library is not a fan of glasses. It also outputs rect coordinates rather than circle ones which ment Kenny had to do many adjustments. Still it’s an interesting quick dive into a new area for me and maybe next year I’ll get it smoother.

      • A GNOME dev enters an Akademy and…

        And so three days later we traveled to Wien to meet with the KDE community. On arrival, we were pleased by a friendly and joyful ambient on the pre-registration party, which had no registration at all! We were happy to know these issues don’t happen only at GUADEC.

      • postmarketOS at Akademy 2018

        Two weeks ago was Akademy 2018, KDE’s yearly gathering to talk about and develop all things KDE. Since Plasma Mobile (which we have packaged) was of course also represented, a few members of the postmarketOS team decided to attend and meet each other for the first time! @ollieparanoid even took it upon himself to hold a talk about our project, telling everyone what it’s about and what progress has been made since the start. You can view the slides here and this blog post will be updated to include a link to the video of the talk once Akademy’s recordings are put online.

        Besides our own talk, our friend @bshah from Plasma Mobile also had a talk about the progress on running the mainline kernel rather than libhybris or Halium to achieve fully working hardware (slides are available as well). We used this oppertunity to talk with the Plasma Mobile team directly and discuss the future and exchange ideas.

        Also present was TL Lim from PINE64 who kindly offered several of us dev-kits for the Pine A64 including a touch screen, so we can develop postmarketOS on it. Watch out for a port coming to that device!

      • KDE Itinerary – Overview

        As introduced in the previous post there has been some work going on to explore a privacy-by-design alternative to digital travel assitant services like provided by Google or TripIt.

        While probably not noticed by many users, the first building blocks for this have been added in the 17.12 and 18.04 application releases already, and a lot more is coming with 18.08. The following provides an overview of the components that have been extended or created as part of this effort.

      • KDE PIM Junior Jobs are opened!

        Do you want to help us improve your favorite PIM suite but you were always scared by its size and complexity? Well, fear no more! We have collected a bunch of simple and isolated tasks in various parts of the PIM suite that require none or just very basic understanding of how the entire Kontact and Akonadi machinery works. We have documented them and we are prepared to guide you and help you to accomplish the tasks. Those are small simple tasks, but they will make many users (and PIM developers) very very happy.

    • GNOME Desktop/GTK

      • GUADEC 2018

        I was a bit anxious about the travel, It was my first time flying and not only that but I had to spent the night in the Airport due to departure being at 6am. The flights went smoothly and I arrived at Málaga in the evening. Afterwards I took a bus to get to Almeria, it was a pleasant surprise to find out that other gnomies were also on board.


        By far the thing I enjoyed the most from GUADEC was the social events. Talking with people about all sorts of thing and seeing perspectives of others from all around the world was a magical experience and though-provoking. I don’t really like going to the beach, but I loved both the beach party and the Sandcastle BoFs. The visit to the Alcazaba Castle and the Flamenco show afterwards was absolutely delightful too.

  • Distributions

    • DuZeru OS: As Easy as It Gets

      DuZeru isn’t going to blow your mind — it’s not that kind of distribution. What it does do is prove that simplicity on the desktop can go a long, long way to winning over new users. So if you’re looking for a solid and simple Linux distribution, that’s perfectly suited for new users, you should certainly consider this flavor of Linux.

    • Red Hat Family

      • Maxta Introduces A Hyperconverged Red Hat Virtualization Offering

        On August 22nd, Maxta Inc announced a pre-configured system of Red Hat Virtualization software and Maxta Hyperconvergence software bundled together on Intel Data Center Blocks hardware. Maxta specializes in hyperconverged software like this and will be demoing it next week at VMworld, booth #1518.

      • Red Hat infrastructure migration solution for proprietary and siloed infrastructure

        Red Hat recently introduced its infrastructure migration solution to help provide an open pathway to digital transformation. Red Hat infrastructure migration solution provides an enterprise-ready pathway to cloud-native application development via Linux containers, Kubernetes, automation, and other open source technologies. It helps organizations to accelerate transformation by more safely migrating and managing workload to an open source infrastructure platform, thus reducing cost and speeding innovation.

      • OVS-DPDK: Migrating to vhostuser socket mode in Red Hat OpenStack

        In the Newton release, the default vhostuser mode in Open vSwitch (OvS) is dpdkvhostuser. In Red Hat OpenStack Platform 10 GA, and subsequent updates till 29th June, the default vhostuser mode is dpdkvhostuser. With the latest update to OSP10 (post 29th June 2018), the default mode has been changed to dpdkvhostuserclient. This post provides the information on vhostuser migration and verifying the vhostuser modes of the VMs created with dpdkvhostuser mode.

        In order to understand the difference between the two modes and the advantage of moving to dpdkvhostuserclient mode, read the OvS documentation onvhostuser modes. In short, vhostuser allows Qemu to fetch/put network data to OvS-DPDK without overloading Qemu with the translation. And the vhostuser socket is a UNIX domain socket, created to establish the communication between Qemu and OvS-DPDK. This communication follows a specific messaging format detailed in theQemu’s vhost user document.

      • 2018 C-Suite Award Winners (AH)
      • Finance

      • Fedora

        • Flock 2018 Reflections

          Flock 2018 is going down in my books as another successful and wonderful Fedora conference! This year Flock to Fedora was held in Dresden, Germany, August 8-11th. I am so thankful to have the opportunity to be a part of this community for another year, and to have the chance to see the impact my contributions make. This year, I attended with the determination to interact more with different parts of the community outside of Fedora design. I made it my goal to liaise with people from other teams to hear their experiences, stories, and to learn how Fedora Badges could help improve each initiative and the project as a whole. Overall, I think I was successful in this venture and would like to share some of the experiences I had.

        • FPgM report: 2018-34
        • 1000 downloads of Scribus unstable in COPR Fedora 28

          What a surprise to see 1000 download of Fedora 28 repository for Scribus Unstable! Thanks a million.

        • Meet Fedora at FrOSCon 2018!
    • Debian Family

      • Debian/TeX Live updates 20180724

        Exactly one month has passed since the last TeX Live for Debian update, so here we are with the usual bunch. Besides the usual updates to macros and font packages, this time I also uploaded a new set of binaries for TeX Live which incorporates several bug fixes to programs.

      • Freexian’s report about Debian Long Term Support, July 2018

        Like each month, here comes a report about the work of paid contributors to Debian LTS.

      • Debian LTS work, July 2018
      • Derivatives

        • Canonical/Ubuntu

          • Cosmic Cuttlefish (to be 18.10) feature freeze

            As per the release schedule, Cosmic is now in Feature Freeze.

          • Feature Development Is Over On Ubuntu 18.10

            Ubuntu 18.10 “Cosmic Cuttlefish” is now under a feature freeze to focus on bug-fixing ahead of the October debut of this next Ubuntu Linux installment.

            Developers should be now working on just fixing bugs/regressions and not new features, but feature freeze exceptions are possible in certain circumstances.

            Ubuntu developer Steve Langasek announced the start today of the feature freeze. Ubuntu 18.10 is aiming for an 18 October release and for that to be the UI freeze is coming up next on 13 September, the beta release on 27 September, and the kernel freeze on 4 October.

          • Canonical Outs Major Linux Kernel Updates for All Supported Ubuntu Releases

            Canonical released today a bunch of major Linux kernel updates for all supported Ubuntu releases to address more than 50 security vulnerabilities affecting various kernel components.

            The new kernel security updates are now available for users of the Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) operating system series on 32-bit, 64-bit, Raspberry Pi 2, Amazon Web Services (AWS) systems, Google Cloud Platform (GCP) systems, and cloud environments.

          • Ubuntu Membership Board call for nominations

            As you may know, Ubuntu Membership is a recognition of significant and sustained contribution to Ubuntu and the Ubuntu community. To this end, the Community Council recruits from our current member community for the valuable role of reviewing and evaluating the contributions of potential members to bring them on board or assist with having them achieve this goal.

            We have five members of our boards expiring from their terms, which means we need to do some restaffing of this Membership Board.


            To nominate yourself or somebody else (please confirm they wish to accept the nomination and state you have done so), please send a mail to the membership boards mailing list (ubuntu-membership-boards at lists.ubuntu.com). You will want to include some information about the nominee, a Launchpad profile link, and which time slot (20:00 or 22:00) the nominee will be able to participate in.

  • Devices/Embedded

Free Software/Open Source

  • How NFV deployments are driven by open source projects

    There is growing demand for efficient networks with low latency and high bandwidth to support innovations such as autonomous cars, connected devices, machine learning, augmented and virtual reality, and real-time analytics.

    To satisfy this demand, communication service providers and telecom operators are adopting new telecom architectures enabled with software-defined networking (SDN) and network function virtualization (NFV). These systems provide faster networks, centralized control, and faster deployment of new services as network function devices turn into software packages called virtual network functions (VNFs) to reduce capital and operating expenditures. With NFV and SDN, many service providers are shifting toward multi-featured 5G networks, which are ideal for the latest technology demands.

  • Nova is an open-source video player for phones, tablets, and Android TV

    inding the perfect media player on the platform you like to enjoy watching or listening to content on can be a pain in the butt. I remember this being such a hassle on the desktop PC until VLC came around, and now most of the people in the know either use it or MPC-HC. Then people began watching more content on their smartphones, and again, it led to a huge search for the go-to application to use. For a long time, this ended up being an application called MX Player, which has been downloaded by over 500,000 million users. As people have begun to move away from MX Player, a new open-source video player has emerged and it is being called Nova.

    So you may wonder if MX Player had such a strong following then why are so many people looking for alternatives? We see this from time to time though. An application gets so big that some feel it becomes bloated with features, and some feel the updates aren’t pushed out fast enough, or a recent user update has tarnished the experience. However, in the case of Android’s most popular media player, it was actually when MX Player was all of a sudden acquired by a media giant in India. This started to worry people because once a popular application gets acquired, the parent company almost always ruins what made it so great.

  • 8 Best Kodi Live TV Addons For Streaming Live Channels | Working Addons 2018

    Kodi is one of the most popular media players mainly because of its versatility. With the help of Kodi addons, you can use the XBMC owned media player for streaming movies, music and even games. It is an open source software that is free to use, and with new Kodi repositories coming by the day, the versatility of Kodi is increasing.

  • Software freedom for the modern era

    True software freedom for this age: you can get the source code of a service you use, and can set it up on your own server. You can also get all your data from the service, and migrate it to another service (hosted by you or someone else). Futher, all of this needs to be easy, fast, and cheap enough to be feasible, and there can’t be “network effects” that lock you into a specific service instance.

  • Startup Taps into Open-Source Operating System Shift
  • Events

    • It’s The Season For A Lot Of Interesting Linux / Open-Source Conferences

      There’s been a number of recent Linux/open-source conferences but more are right on the horizon, including some with video streams for those interested.

      Earlier this month in Boston was Red Hat’s DevConf.us. If you are interested in that free Linux conference, the video sessions from there are now uploaded on YouTube.

  • Web Browsers

    • Mozilla

      • Support Localization – Top 20 Sprint and More

        It’s time to update you about the current status of the localization clean up initiative proposed a while ago. After an initial outreach to hundreds of previously registered contributors around Mozilla, small groups of still active localizers were asked to try and reach the goal of localizing the Top 20 articles into their language.

      • This Week in Mixed Reality: Issue 17, Hubs Edition

        As I do every week, I was going to say it’s mostly be bug fixing. However this week the big news is our update to Hubs, Mozilla’s VR chat system. You can now share any kind of media within Hubs: PDFs, images, music, and even Youtube videos.

      • Bias and Hiring: How We Hire UX Researchers

        This year, the Firefox User Research team is planning to add two new researchers to our group. The job posting went live last month, and after just a few weeks of accepting applications, we had over 900 people apply.

        Current members of the Firefox User Research Team fielded dozens of messages from prospective applicants during this time, most asking for informational meetings to discuss the open role. We decided as a team to decline these requests across the board because we did not have the bandwidth for the number of meetings requested, and more importantly we have spent a significant amount of time this year working on minimizing bias in our hiring process.

        We felt that meeting with candidates outside of the formal hiring process would give unfair advantage to some candidates and undermine our de-biasing work. At the same time, in alignment with Mozilla’s values and to build on Mozilla’s diversity and inclusion disclosures from earlier this year, we realized there was an opportunity to be more transparent about our hiring process for the benefit of future job applicants and teams inside and outside Mozilla thinking about how they can minimize bias in their own hiring.

      • Skill Tree Balancing with a Job Move

        I’m moving from Research to Cloud Ops within Mozilla. The following wall of text and silly picture are a brain dump of new ideas about skills and career growth that I’ve built through the process.

  • Pseudo-Open Source (Openwashing)

    • The Commons Clause – Helpful New Tool or the End of the Open Source as We Know it?

      Almost nothing inspires a spirited discussion among the open source faithful as much as introducing a new open source license, or a major change in an existing license’s terms. In the case of version 3 of the GPL, the update process took years and involved dozens of lawyers in addition to community members. So, it’s no surprise that the pot is already boiling over something called the “Commons Clause.” How energetically? Well, one blog entry posted yesterday was titled The Commons Clause Will Destroy Open Source. The spark that turned up the heat was the announcement the same day by RedisLabs that it was adopting the license language.

      The clause itself is short (you can find it here, together with an explanatory FAQ). It was drafted by Heather Meeker, an attorney with long open source involvement, in conjunction with “a group of developers behind many of the world’s most popular open source projects.”

      It’s also simple in concept: basically, it gives a developer the right to make sure no one can make money out of her code – whether by selling, hosting, or supporting it – unless the Commons Clause code is a minor part of a larger software product. In one way, that’s in the spirit of a copyleft license (i.e., a prohibition on commercial interests taking advantage of a programmer’s willingness to make her code available for free), but it also violates the “Four Freedoms” of Free and Open Source software as well as the Open Source Definition by placing restrictions on reuse, among other issues.

    • Complicating Licensing

      I’ve recently seen a couple of attempts to present non-open source licensing as almost open source. What I’m talking about is Commons Clause and fair source. This sounds a lot like the failed shared source model promoted by companies such as Microsoft in the early 2000. Yes, I’m looking at you redis and neo4j.

      What I find particularly disturbing is the way that both, but especially Commons Clause, attempts to piggyback on the good name of open source. The naming is very close to Creative Commons, and the way that the clause is intended to be introduced is very confusing for the user as the user would see a familiar open source license, and then just a “small” exception.

      I would argue that the way to go about this is to combine a strong copyleft license such as GPLv3, LGPLv3 or AGPLv3, with a CLA. That way a dual licensing model could be used to create a business model. If that is not possible, the [A/L]GPLv3 needs to be improved – not complicated by additional clauses added by a third party.

  • BSD

    • OpenSSH 7.8 released

      OpenSSH 7.8 is out. It includes a fix for the username enumeration vulnerability; additionally, the default format for the private key file has changed, support for running ssh setuid root has been removed, a couple of new signature algorithms have been added, and more.

    • OpenBSD Foundation gets first 2018 Iridium donation!

      This year the first $100K+ donation came from Handshake (https://www.handshake.org).

    • Remote Access Console using Raspberry Pi 3b+ and FreeBSD

      I have a small homelab and I was looking into some sort of KVM console to be able to access them both locally and remotely instead of moving around VGA cables/serial cables.

      Those are rather expensive so I opted to build my own remote access system. Since all my servers and switch(es) have a serial console that should not be to hard.

  • Licensing/Legal

    • Deutsche Bahn Intercity software under EUPL

      This software, distributed under the EUPL, is the open European Train Control System (OpenETCS), the signalling and control component of the European Rail Traffic Management System (ERTMS). It is kind of positive train control, replacing the many incompatible safety systems previously used by European railways. It is becoming a standard that was also adopted outside Europe and is an option for worldwide application. It is managed by the European Union Agency for Railways (ERA) and it is a legal requirement that all new, upgraded or renewed tracks and rolling stock in the European railway system should adopt it, possibly keeping legacy systems for backward compatibility

  • Programming/Development

    • Go 1.11 is released

      Who says releasing on Friday is a bad idea?

      Today the Go team is happy to announce the release of Go 1.11. You can get it from the download page.

      There are many changes and improvements to the toolchain, runtime, and libraries, but two features stand out as being especially exciting: modules and WebAssembly support.

      This release adds preliminary support for a new concept called “modules,” an alternative to GOPATH with integrated support for versioning and package distribution. Module support is considered experimental, and there are still a few rough edges to smooth out, so please make liberal use of the issue tracker.

    • Go 1.11 Released With WebAssembly Port, Assembler Accepting AVX-512 Instructions

      Version 1.11 of the Go programming language is out this Friday as the newest feature update.

    • Project Template for Bison and Flex
    • littler 0.3.4: More updated examples

      The fifth release of littler as a CRAN package is now available, following in the now more than ten-year history as a package started by Jeff in 2006, and joined by me a few weeks later.

      littler is the first command-line interface for R and predates Rscript. And it is (in my very biased eyes) better as it allows for piping as well shebang scripting via #!, uses command-line arguments more consistently and still starts faster. It also always loaded the methods package which Rscript converted to rather recently.

      littler lives on Linux and Unix, has its difficulties on macOS due to yet-another-braindeadedness there (who ever thought case-insensitive filesystems as a default where a good idea?) and simply does not exist on Windows (yet — the build system could be extended — see RInside for an existence proof, and volunteers are welcome!).

    • LLVM 7.0 RC2 Along With The Updated Clang Can Be Tested This Weekend

      LLVM release manager Hans Wennborg tagged the second release candidate this week of LLVM and its associated sub-projects like Clang.

      LLVM 7.0-RC2 has seen “a bunch of merges” for fixing the initial fall-out from the past six months worth of development on this compiler stack. Several bugs were fixed in the process. At least from some recent tests I did on the branched LLVM/Clang 7.0 code, it’s been working out great on several Linux x86_64 boxes.


  • Triumph Of Greed Over Arithmetic

    It gets worse. S3 is by no means the low-cost provider in the storage market. If we assume that the competition is Backblaze’s B2 service at $0.06/GB/yr and that their Kryder rate is zero, FileCoin would need to store 428PB for 10 years before breaking even. Nearly half an Exabyte for a decade!

  • Science

    • Kids are glued to their screens – but parents are in no position to criticize

      And more than half of teens said they often or sometimes find their parents or caregivers to be distracted by their electronic devices when the youngsters are trying to have a conversation with them. The study calls teens’ relationship with their phones at times “hyperconnected” and notes that nearly three-quarters check messages or notifications as soon as they wake up. Parents do the same, but at a lower, if still substantial, rate of 57%.

  • Hardware

    • [Old] Intel settlement: The power of email

      Intel’s rebate payments to Dell maxed out that fiscal quarter, February to April 2006, at $805 million, according to the Cuomo complaint. That figure represented 104% of Dell’s net income for the quarter. (Do these sound like traditional, volume discounts to you, reader?) Nevertheless, Dell capitulated in May and announced plans to introduce one line of AMD-powered servers. Intel’s payments to Dell that quarter dropped to $554 million (which, nevertheless, constituted 116% of Dell’s quarterly net). In August 2006, Dell actually started shipping AMD-powered servers, and in September it unveiled plans to introduce other AMD-powered lines of PCs. The next quarter, its rebate dropped to $200 million.

  • Health/Nutrition

    • Dominican Republic Appeals WTO Plain Packaging Decision

      The Dominican Republic has followed Honduras in appealing a decision by a World Trade Organization dispute settlement panel that found Australia’s tobacco plain packaging law to be allowable under WTO rules. Cuba and Indonesia also had cases against Australia but so far have not appealed.

      The details of the Dominican Republic’s appeal are not yet available from the WTO, and are expected in the coming days. The appeal, WT/DS441/23, will be found here when available.

      The tobacco-producing Caribbean nation had filed a WTO case against Australia in July 2012, and focused on alleged trademark and geographical indications violations. The original filing, WT/DS441/1, is available here.

  • Security

    • Intel ditches Linux patch benchmark ‘gag’, offers ‘innocuous’ new license

      Intel has ditched a controversial licensing agreement that appeared aimed at legally preventing developers from publishing benchmark results that could reveal performance slowdowns caused by its recent security patches.

      As ZDNet reported yesterday, the chip maker was criticized by open-source champion Bruce Perens for slipping new restrictions into the software agreement for maintainers of Linux distributions such as Debian and Ubuntu.

      The changes in license terms came with microcode updates to mitigate Spectre and Foreshadow, or L1 Terminal Fault (L1TF), speculative attacks.

    • No, a Teen Did Not Hack a State Election

      Headlines from Def Con, a hacking conference held this month in Las Vegas, might have left some thinking that infiltrating state election websites and affecting the 2018 midterm results would be child’s play.

      Articles reported that teenage hackers at the event were able to “crash the upcoming midterm elections” and that it had taken “an 11-year-old hacker just 10 minutes to change election results.” A first-person account by a 17-year-old in Politico Magazine described how he shut down a website that would tally votes in November, “bringing the election to a screeching halt.”

      But now, elections experts are raising concerns that misunderstandings about the event — many of them stoked by its organizers — have left people with a distorted sense of its implications.

      In a website published before r00tz Asylum, the youth section of Def Con, organizers indicated that students would attempt to hack exact duplicates of state election websites, referring to them as “replicas” or “exact clones.” (The language was scaled back after the conference to simply say “clones.”)

    • If It Doesn’t Have Paper Backups and Automatic Audits, It’s Not an Election Security Bill

      Right now, the U.S. Senate is debating an issue that’s critical to our democratic future: secure elections. Hacking attacks were used to try to undermine the 2016 U.S. election, and in recent years, elections in Latin America and Ukraine were also subject to cyber attacks.

      It only makes sense to harden the security of U.S. voting machines, which are perhaps the most direct route to impacting an election’s results. But the current bill that’s advancing in the Senate, the Secure Elections Act, is no solution at all. If it isn’t strengthened dramatically, senators should vote against this deeply flawed bill.

      The best solution to stop a possible hack of voting machines is clear: all machines must use a paper trail that’s regularly audited. Many states with voting machines already use paper, but more than a dozen are using at least some machines that provide no paper trail. In five states—New Jersey, Delaware, South Carolina, Georgia, and Louisiana—not a single jurisdiction has a paper trail.

    • OpenBSD Co-Founder Drops Hyper-Threading Support to Mitigate Foreshadow Attacks

      Theo de Raadt, an OpenBSD co-founder has officially announced that the open-source operating system will not utilize Hyper-threading for Intel processors. He complains that Intel isn’t telling them about upcoming discovered threats and the steps that an OS developer needs to take to mitigate against TLBleed and T1TF; otherwise known as “Foreshadow.” He has dropped support for older versions of OpenBSD and asks users to upgrade to version 6.4 as he doesn’t have the manpower to backport the changes.

    • Intel Hyper-Threading Accused of Being a Security Threat

      Following the reveal of the Foreshadow (L1TF) Intel CPU flaw, as well as the previous TLBleed flaw, Theo de Raadt, founder of OpenBSD, which makes a free, multi-platform, UNIX-like operating system, recommended everyone completely disable Intel’s Hyper-Threading in BIOS before hackers start taking advantage of it.


      We’ve seen over the past few months that the Meltdown and Spectre flaws were not a one-time vulnerability that we could patch once and then forget about. Multiple Spectre-like speculative execution flaws have been found since Meltdown and Spectre was revealed earlier this year, and chances are we’ll continue to see more of them until the entire class of speculative execution bugs are fixed at the CPU architecture level.

      de Raadt also believes that Hyper-Threading itself will exacerbate most of the speculative execution bugs in the future, which is why now is the best time to disable it. He also recommended updating your BIOS firmware if you can.

      The OpenBSD founder criticized Intel over not being very transparent about how it intends to fix these speculative execution flaws once and for all and also about not properly documenting which operating systems are supposed to do to mitigate these bugs. The OpenBSD team had to learn how to research and develop their own mitigations based on what other operating systems were doing without much help from Intel.

    • Intel Reworks Microcode Security Fix License after Backlash, Intel’s FSP Binaries Also Re-licensed, Valve Releases Beta of Steam Play for Linux, Chromebooks Running Linux 3.4 or Older Won’t Get Linux App Support and Windows 95 Now an App
    • T-Mobile Hacked Again: Over 2 Millions Account Numbers and Addresses Potentially Leaked

      Attackers may have compromised three percent of T-Mobile’s 77 million customers on Monday, revealing personal information like addresses, phone numbers, and account numbers.

      Credit cards, passwords, and social security numbers were not accessed, according to T-Mobile. The company will notify affected customers via text message.

    • T-Mobile hack may have exposed data of 2 million customers

      T-Mobile has revealed that hackers may have stolen the personal information of some of its customers.

      The intrusion took place on Monday, and some customer data “may have been exposed” before the carrier’s cybersecurity team shut off access and reported the breach to law enforcement, it said in a statement.

    • Securing google-authenticator-libpam against reading secrets

      I have recently worked on enabling 2-step authentication via SSH on the Gentoo developer machine. I have selected google-authenticator-libpam amongst different available implementations as it seemed the best maintained and having all the necessary features, including a friendly tool for users to configure it. However, its design has a weakness: it stores the secret unprotected in user’s home directory.

      This means that if an attacker manages to gain at least temporary access to the filesystem with user’s privileges — through a malicious process, vulnerability or simply because someone left the computer unattended for a minute — he can trivially read the secret and therefore clone the token source without leaving a trace. It would completely defeat the purpose of the second step, and the user may not even notice until the attacker makes real use of the stolen secret.

    • A Rant on Single Function Security Tools
    • Mirai Variant Cross-Compiles Attack Code with Aboriginal Linux [Ed: This malware relies on systems being compromised in the first place, e.g. due to default password that's uniform]
    • Mirai IoT Malware Variant Abuses Linux Cross-Compilation Framework
  • Defence/Aggression

    • Zimbabwe ambassador to Senegal found dead in Dakar

      Zimbabwe’s ambassador to Senegal and The Gambia, Trudy Stevenson, has been found dead in Dakar on Friday.

      The 73-year-old diplomat was reportedly discovered at her residence by her chauffeur when he reported for duty.

      The Zimbabwean foreign affairs and international trade ministry confirmed the death of the diplomat, but could not shed more light, saying government was yet to talk to the family.

      “It is true Ms Stevenson has passed, but we are yet to get in contact with all the relatives,” an official in the ministry said.

    • Zim ambassador to Senegal found dead in Dakar
    • US Military Admits It Killed Dozens More Civilians Than Previously Acknowledged. Now What?

      In June and July, the US-led Coalition of countries fighting the armed group calling itself the Islamic State admitted that reports of civilian casualties it had previously dismissed as “not credible” were, in fact, correct: in its assault on Raqqa, Syria, last year, Coalition forces had killed at least 77 civilians, as documented earlier this year by Amnesty International. The Coalition also acknowledged that an attack on a school near Raqqa had likewise killed dozens of civilians, as documented by Human Rights Watch – a claim also previously dismissed as “not credible.”

      This grim news represents a step forward of sorts for the Coalition. Previous reports of civilian deaths at the hands of U.S. or Coalition forces by Amnesty, the United Nations and other human rights organizations had been dismissed out of hand. When Amnesty, where I work, reported on civilians killed by U.S. drone strikes in Pakistan, for example, we received no response at all. That may have been because the government would not even acknowledge it had engaged in drone strikes in the country—regardless, it left deaths publicly uncounted.

  • Transparency/Investigative Reporting

    • Reality Winner Will Spend Five Years In Jail For Leaking Info Government Officials Released Publicly

      This is the longest sentence ever imposed under the Espionage Act. And it’s being imposed for a leaked document confirming much of what had been been discussed publicly by intelligence officials: that Russia interfered with the 2016 election. Winner will spend five years in jail for leaking information other government officials have published in full.

      Espionage charges are easy to prosecute. The defendant’s options are limited. They’re unable to raise defenses about serving the public interest or acting as whistleblowers. This was document turned over to a media agency. This was not a document detailing crucial national security matters being handed to agents of an unfriendly government.

      Winner isn’t a martyr, but neither is she the despicable villain portrayed in the DOJ’s official statement on its easy win. Twice the statement reminds us her act was not a “victimless crime.” In case we’re unable to get the point, it’s delivered in all caps once. Bold print highlights various incidentals the US Attorney thinks are particularly nefarious — like Winner KNOWINGLY disseminating a document with TOP SECRET printed across the top of it even though it EXPOSED SOURCES AND METHODS and it will apparently take the US intelligence community years to recover.

    • Former MI6 spy v WikiLeaks editor: Who really deserves 1st Amendment protection?

      If ‘Dirty Dossier’ author Christopher Steele deserves protection under the 1st Amendment but WikiLeaks’ Julian Assange doesn’t, then the concept of a free press is merely a distant memory.
      While it is all too easy to become frustrated and annoyed by what passes for news in the legacy media these days, this article in the Daily Mail did arouse my particular ire earlier this week – and in this instance no particular blame attaches to the newspaper, it is simply reporting some unpalatable facts.

      The gist of it is that former British MI6 intelligence officer and current mercenary spy-for-hire, Christopher Steele, author of the discredited ‘Dirty Dossier’ about Donald Trump, has been accorded First Amendment rights in a court case in the USA.

      You might wonder why this article caused me so much spluttering annoyance over my breakfast? Steele’s treatment is in marked contrast to that accorded to WikiLeaks Publisher and Editor-in-Chief, Julian Assange, and the hypocrisy is breathtaking. Allow me to expound.

    • Julian Assange and the Fate of Journalism

      Julian Assange is the Australian founder of Wikileaks—a website dedicated to the public’s right to know what governments and other powerful organizations are doing. Wikileaks pursues this goal by posting revelatory documents, often acquired unofficially, that bring to light the criminal behavior that results in wars and other man-made disasters. Because Wikileaks’ very existence encourages “leaks,” government officials fear the website, and particularly dislike Julian Assange.

      Essentially, Wikileaks functions as a wholesale supplier of evidence. Having identified alleged official misconduct, Wikileaks seeks to acquire and make public overwhelming amounts of evidence—sometimes hundreds of thousands of documents at a time—which journalists and other interested parties can draw upon. And since the individuals and organizations being investigated are ones ultimately responsible to the public, such a role as wholesale supplier of evidence can be seen as a public service.

    • Ecuador leaves Venezuelan-run regional alliance

      Ecuador has withdrawn from a regional bloc led by Venezuela in a bid to further distance itself from that country’s socialist government.

      Foreign minister Jose Valencia said on Thursday that Ecuador has decided to abandon the Bolivarian Alliance for the Peoples of Our America, or ALBA, immediately because Ecuador wants to be “independent” of organizations that are trying to impose “specific views” on Latin America’s social and political issues.

      ALBA was created in 2004 by the late Venezuelan President Hugo Chavez in a bid to counter U.S. influence in the region. It currently has 12 members that include Nicaragua, Bolivia, Cuba and several small Caribbean islands.

    • Let a hundred WikiLeaks blossom

      When WikiLeaks exploded onto the scene a decade ago, it briefly seemed like the internet could create a truly open society. Since then, Big Brother has fought back.

      Every day now, we hear complaints about the growing control of digital media, often from people who apparently believe the concept was originally an unregulated free-for-all.

      However, let’s remember the origin of internet. Back in the 1960s, the US Army was thinking about how to maintain communications among surviving units in the event that a global nuclear war destroyed central command. Eventually, the idea emerged of laterally connecting these dispersed units, bypassing the (destroyed) center.

      Thus, from the very beginning, the internet contained a democratic potential since it allowed multiple direct exchanges between individual units, bypassing central control and coordination – and this inherent feature presented a threat for those in power. As a result, their principle reaction was to control the digital “clouds” that mediate communication between individuals.

      “Clouds” in all their forms are, of course, presented to us as facilitators of our freedom. After all, they make it possible for me to sit in front of my PC and freely surf with everything out there at our disposal – or so it seems on the surface. Nevertheless, those who control the clouds also control the limits of our freedom.


      But my point here is that I was repeatedly attacked for my report on this case: the reproach was that by describing the case I reproduced it and thus repeated it symbolically. Although, I shared it with strong disapproval, I allegedly secretly enabled my listeners to find perverse pleasure in it.

      And these attacks on me exemplify nicely the “politically correct” need to protect people from traumatic or disturbing news and images. My counterpoint to it is that, in order to fight such crimes, one has to present them in all their horror, and one has to be shocked by them.

    • Reality Winner could get record-setting sentence in NSA leak case

      Reality Winner, who pleaded guilty in June to leaking a top-secret government report about Russian meddling in the 2016 election, could receive a record-setting prison term when she is sentenced in a federal court in Augusta Thursday, court records show.

      The former National Security Agency contractor faces up to 10 years in prison. But her plea deal with prosecutors calls for her to serve five years and three months behind bars. That is longer than anyone else has been sentenced for an “unauthorized disclosure to the media,” federal prosecutors said in a court filing this month.

      The prosecutors are urging Chief U.S. District Court Judge J. Randal Hall to agree to the sentence spelled out in her plea deal. If the judge instead moves to give her a longer sentence, Winner, 26, could withdraw her guilty plea and go to trial.

  • Finance

    • Farmer shows ubuntu, gives land to his workers

      Colin Forbes also provided mentorship and resources, including supplying them with the initial seeds, fertilisers, pesticides and diesel to operate machinery.

      In the small town of Amsterdam in Mpumalanga, a community of farm workers are finally building brick houses for themselves after farm owner Colin Forbes gave a portion of his land to his employees.

      Forbes’ family has owned Athole Farm in the small town near the Swaziland border since 1860.

      Seven years ago, he followed his father’s idea of showing humanity to their workers by giving away 10% of the farm to them.

    • Bad News for Donald Trump, China is Already Bigger Than the United States

      Actually, China’s economy is already considerably bigger than the US economy. Using the purchasing power parity measure, which is recommended by most economists and the CIA World Factbook, China’s economy is already more than 25 percent larger than the US economy. It is also worth noting that there are no growth projections from any remotely reputable source that show the US economy growing more rapidly than China’s economy.

  • AstroTurf/Lobbying/Politics

    • Why Manafort and Cohen Thought They’d Get Away With It

      Oh, the audacity of dopes. The crimes of Paul Manafort and Michael Cohen are notable not just for how blatant they were but also for their lack of sophistication. The two men did little to hide their lying to banks and the Internal Revenue Service. One can almost sympathize with them: If it wasn’t for their decision to attach themselves to the most unlikely president in modern history, there’s every reason to think they might be still working their frauds today.

      But how anomalous are Mssrs. Manafort and Cohen? Are there legions of K Street big shots working for foreign despots and parking their riches in Cypriot bank accounts to avoid the IRS? Are many political campaigns walking felonies waiting to be exposed? What about the world of luxury residential building in which Cohen plied his trade with the Trump Organization?

      The answer is more disturbing than the questions: We don’t know. We don’t know because the cops aren’t on the beat. Resources have been stripped from white-collar enforcement. The FBI shifted agents to work on international terror in the wake of 9/11. White-collar cases made up about one-tenth of the Justice Department’s cases in recent years, compared with one-fifth in the early 1990s. The IRS’ criminal enforcement capabilities have been decimated by years of budget cuts and attrition. The Federal Election Commission is a toothless organization that is widely flouted.

      No wonder Cohen and Manafort were so brazen. They must have felt they had impunity.

    • Do NOT Let Them Make A Saint Of This Asshole

      John McCain’s family has announced that the Arizona Senator has opted to end treatment for brain cancer and live out his final few days in peace, presumably under the best hospice care money can buy. And I sincerely hope that it is peaceful. My statements about my desire for John McCain to shuffle off this mortal coil sooner rather than later have been highly publicized, and I stand by all of them, but I don’t wish him a painful or agitated end.

      And, also, I am going to keep hammering on how very important it is that we refuse to bow to the aggressive demands from establishment loyalists that we be respectful of this warmongering psychopath and his blood-soaked legacy.


      One of the most aggressively protected narratives in corporate liberal circles is that John McCain is a hero whose very name should be uttered with the greatest reverence. It gets traction with rank-and-file Democrats because supporting McCain for his opposition to Trump allows them to feel as though they are non-partisan free thinkers, in exactly the same way Trump supporters believe their hatred of McCain makes them non-partisan free thinkers. In reality, McCain is just one of the many bloodthirsty neocons like Bill Kristol and Max Boot who have aligned themselves with the Democratic party in recent years in order to better advance their warmongering agendas.

      It is those agendas that are being promoted with the hero worship of John McCain. By committing the outrageous heresy of mocking, ridiculing and scorning that sacred cow, we are fighting the attempts of the empire loyalists and war propagandists to normalize and sanctify the act of inflicting neoconservative military bloodbaths upon innocent people around the world.

    • Mystery group blankets Michigan seeking ballots from 2016 election

      Clerks around the state are getting blanketed with requests to turn over every ballot cast in the 2016 election, as they try to recover from record turnouts in the August primary and prepare for November.

      The new challenge comes compliments of a woman named “Emily” with no last name.

      Nearly every clerk in Michigan has received Freedom of Information Act requests signed by Emily asking for copies of every ballot cast in the 2016 presidential election — whether at the polls or by absentee ballot. Voter signature cards have even been sought.

      “It’s unnerved a lot of the clerks, rightfully so,” Michigan Director of Elections Sally Williams said Friday.

  • Censorship/Free Speech

    • New York State Can’t Be Allowed to Stifle the NRA’s Political Speech

      The First Amendment bars state officials from using their regulatory power to penalize groups merely because they promote disapproved ideas.

      It’s no secret that New York Gov. Andrew Cuomo is no fan of the National Rifle Association. A mailer his campaign sent to New York voters this week proclaims, in bold letters: “If the NRA goes bankrupt, I will remember them in my thoughts and prayers.”

      There’s nothing wrong with the governor singling out a political adversary for criticism, or even mockery. That’s just politics, and the NRA itself is no stranger to hardball tactics.

      But in a lawsuit the NRA filed against Cuomo this spring, the organization contends that he did more than criticize it. The NRA alleges that Cuomo and top members of his administration abused their regulatory authority over financial institutions to threaten New York banks and insurers that associate with the NRA or other “gun promotion” groups, and that those threats have jeopardized the NRA’s access to basic insurance and banking services in New York.

      In the ACLU’s view, targeting a nonprofit advocacy group and seeking to deny it financial services because it promotes a lawful activity (the use of guns) violates the First Amendment. Because we believe the governor’s actions, as alleged, threaten the First Amendment rights of all advocacy organizations, the ACLU on Friday filed a friend-of-the-court brief supporting the NRA’s right to have its day in court.

    • Post Valve’s ‘Hands Off’ Games Curation Announcement, Everything Is A Mess

      Back in June we discussed Valve’s somewhat odd announcement that it was getting out of the games curation business, and opening its platform to what it said would be far more games. The restrictions on what type of content would now be allowed on the gaming platform was said to mostly be limited only to games that are “trolling” or “illegal.” As with all things Valve, this apparent announcement aimed at transparency and making sure developers knew what expectations Valve had for games on Steam mostly achieved the exact opposite, with everyone wondering immediately what qualified as “trolling.” Nobody could really agree on where exactly Valve would be drawing the lines on the types of content it would allow. That said, most people, including most of the participants of the podcast we conducted on the topic, essentially agreed that this would chiefly allow more games with sexual content onto the platform.

      And, yet, it seems that even that hasn’t been true thus far. Kotaku has a post up discussing the many, many sexuality related games that had been disallowed from Steam, but which were gearing up to be included based on the new policy. It seems the policy hasn’t opened up the platform to many of them after all.

    • Trump’s Anti-press Rhetoric Is Dangerous, But His Actions Are Worse

      In a coordinated response to Trump’s incessant attacks on the press, more than 300 news organizations joined together last week and published editorials about the important role of a free press.

      The effort is led by the Boston Globe, who called for editorial boards of publications across the country to publish their own editorials defending—in their own words—the importance of press freedom. Participating publications include outlets big and small, from the New York Times to small, local, and independent papers.

      Trump has called the press “enemy of the American people,” and said that journalists “don’t like our country.” He responded to the editorials in a predictably petty manner. He has also vowed to revoke broadcast licenses over coverage he didn’t like, and has threatened to sue critical news organizations and journalists. And, of course, he engages in constant Twitter diatribes about “fake news.”

      The president’s verbal attacks on the press are certainly appalling, but his rhetoric gets an outsized amount of attention, when his administration’s actions against press are much worse. They deserve just as much condemnation as his tweets.

    • Dubious Studies And Easy Headlines: No, A New Report Does Not Clearly Show Facebook Leads To Hate Crimes

      Those are some fairly bold claims, and certainly worth exploring. However, it’s not exactly clear that the paper actually can support such claims. You can download a copy of the 75 page paper yourself, entitled Fanning the Flames of Hate: Social Media and Hate Crime by two PhD students, Karsten Müller and Carlo Schwarz, both from the University of Warwick. For what it’s worth, people have pointed out that this paper has not yet been peer reviewed, and an earlier version of this paper got some less breathless press coverage a few months ago. But, the NY Times is the NY Times.

      The paper definitely presents some interesting data, and it should be applauded that researchers are exploring these issues — though separating out the actual causal variables seems like a difficult task. The researchers do appear to have fairly thorough data on anti-refugee attacks throughout Germany. The Facebook data, however, seems a lot less solid. A few people have been breaking down the problems with the study online, including Jonas Kaiser, Dean Eckles and Hal Hodson, who all convincingly argue that the NY Times is overplaying what the study actually shows.

      Before I dig in a bit, I should note that part of the problem here is that the necessary Facebook data to do this kind of study is hard to come by. Earlier this year, Facebook announced that it would be giving some academics access to data in order to do just this kind of research (though more focused on election impact, but this should be similar). And, it would be damn helpful if Facebook were willing to give out the kind of data needed in order to actually do the kind of study that was presented in this paper.

    • Today In Useless Surveys: Some People Want Internet Companies To Stop Filtering News And Some Don’t.

      Sometimes public sentiment is useful. And sometimes it’s only useful in demonstrating how little the general public understands some issues. It would appear that a new survey done by the Knight Foundation about how the internet giants should handle “news” content is one of the latter ones. While there’s lots of discussion about what the poll results “say,” the only thing they really say is that the public has no clue about how the internet and news works — and that should be the focus. We need much greater tech and media literacy. Unfortunately, the poll seems more likely to do the opposite.


      There’s a little bit more of a discussion about the breakdown based on age, but there is no discussion of what the fuck this even means — because it means literally nothing. What “regulations” do newspapers and broadcast news face? Well, not much? But, it really kind of depends. Broadcast news may face some FCC regulations because they use the public airwaves. But newspapers don’t. And internet sites don’t. Because they don’t use the public airwaves. Other than that, they already face the same basic “rules and regulations.” So it’s not at all clear how — as a bunch of people have claimed — this study supports the idea for “increased” regulation of internet sites.

      Honestly, this feels like a kind of push poll and it’s kind of shameful that the Knight Foundation and Gallup — both of which should know better — would do such a thing. After asking all these random amorphous meaningless questions about internet platforms, they then jump in with a question about regulating the platforms without defining or clarifying what regulations they’re even talking about, in an area where the vast majority of the public will have literally no idea what those limited regulations are? What good is that other than to just get people to say “sure, they should all be on an equal footing.”

    • More Student Press Censorship Alleged at Liberty

      Officials at Liberty University fired two student editors with a history of mixed coverage from the institution’s newspaper, the second occasion in which the religious university has come under fire for press censorship.


      Liberty is led by President Jerry Falwell Jr., who was criticized in 2016 after he stopped The Champion from publishing a column that slammed then candidate Donald Trump for remarks on the notorious leaked Access Hollywood recording. Falwell, a vocal Trump supporter, said the column was “redundant,” as the newspaper had just run a piece about Trump.

      Suppression of student press at religious institutions is well documented. A group of student journalists at Taylor University in Indiana surveyed student reporters at religious colleges and universities and found widespread reports of censorship.

    • Free Speech in Peril as #Resistance Hero John Brennan Loses Security Clearance

      After President Donald Trump revoked his security clearance last week, John Brennan arose as a Hero of Free Speech. On Twitter he announced in terms designed to stir the corpses of the Founding Fathers “This action is part of a broader effort by Mr. Trump to suppress freedom of speech. My principles are worth far more than clearances. I will not relent.” Twelve former senior intelligence officials agree, calling Trump’s revocation “an attempt to stifle free speech.”

      No less than Ben Wizner, a director at the ACLU, stated “The First Amendment does not permit the president to revoke security clearances to punish his critics.” Even Republicans like Bob Corker, the retiring Senate Foreign Relations Committee chair said “It just feels like sort of a… banana republic kind of thing.” For emphasis, Corker also said the revocation was the kind of thing that might happen in Venezuela. Referring to a list of other former Obama officials whose clearances Trump may revoke, Senator Mark Warner, the top Democrat on the Intelligence Committee, said “It was almost… a Nixonian enemies list.” Admiral William McRaven, former SEAL and bin Laden killing superhero said of Trump’s revocation “Through your actions, you have embarrassed us in the eyes of our children.” A letter to the New York Times demanded a military coup to end Trump’s reign.


      Is it all political? Sure. What was the point of Brennan, or other Obama-era officials unlikely to be consulted by the Trump administration, of having clearances that outlived their government tenure anyway? Brennan in particular was using his security clearance to monetize his experience, and to bolster his opinions with the tang of inside knowledge. There is no government interest in any of that, and the government has no place allowing Brennan to hold a clearance for his own profit. Shutting him down preserves the whole point of issuing anyone a clearance, granting them access to America’s secrets so that they can do Uncle Sam’s work. A clearance isn’t a gift, it’s a tool issued by the government to allow employees to get some work done. Brennan is working now only for himself, and deserved to lose his clearance.

    • Arrow season 7 is so violent that it’s testing The CW’s censorship limits

      We already know that Stephen Amell has had, in his words, “the shit kicked out” of him thanks to Arrow’s gritty seventh season. But we didn’t realise just how violent the show is set to be.

      Revealing just how far Arrow is pushing the boundaries ahead of its return, the series’ long-time stunt coordinator James Bamford recently admitted they’re trying their best to reach the limit.

      Talking about an unprecedented phone call Bamford and showrunner Beth Schwartz had with the show’s censors, the stuntman told Newsarama: “We are really trying to push the limits on the show in the gritty factor.

    • Music censorship in Northern Nigeria

      In Northern Nigeria, music has long been used as a tool for social criticism: a powerful means of speaking out against tyranny, corruption and oppression. However, artists who attempt to use their music to convey socio-political messages often find themselves the victims of censorship and other forms of official reprimand. This article provides an overview of censorship in Northern Nigerian music.


      The most radical form of censorship in the region has stemmed from the introduction, in 1999, of Islamic sharia law in states with dominant Muslim populations, such as Zamfara, Kano, Sokoto, Katsina, Bauchi, Borno, Jigawa, Kebbi and Yobe. In these states, sharia is used to outlaw sensual and vulgar musical content. The Kano State Censorship Board (KSCB), arguably the most visible censorship body in Northern Nigeria, was established in 2001. Since its founding, it has faced allegations of intimidation and arrests within Kano, prompting an exodus of artists to neighbouring states perceived to be more liberal and friendlier to their craft.

  • Privacy/Surveillance

    • Android Collects 10x Data Than Apple iOS When Idle: Report

      A new study has surfaced that says Google collects way more data from Android than Apple does through iOS. Most of the data taken into account is collected through passive means, i.e., when the Android device is idle or stationary. But Google captures a lot of data while the device is being used as well.

    • Google Tracks Users In Incognito Mode Too, Study Suggests

      If you think that using incognito mode in Chrome would really hide your footprints, you are in for a shock. A new report says that user-anonymous identifiers are collected while browsing in private mode and Google has the ability to connect this information to your Google Account.

      Let’s say you open up a private browser session in Chrome. Websites that run Google ads automatically send anonymized cookies to the browser associated with the user.

    • Sydney airport seizure of phone and laptop ‘alarming’, say privacy groups

      A British-Australian citizen travelling through Sydney airport has had his devices seized, and believes his laptop password cracked and his digital files inspected by Border Force officers, in what privacy groups say is a worrying development.

      Nathan Hague, a 46-year-old software developer, was detained apparently at random for 90 minutes while the officers took his phone and password-protected laptop into a back room.

      Hague said the officers refused to tell him what would be done with his devices, why they were being inspected or whether his digital data was being copied and stored.

    • Appeals Court: City-Owned Utility Pulling Electric Use Info Every 15 Minutes Is A Search

      An oddball, but interesting, decision [PDF] flowing from the Supreme Court’s Carpenter ruling has been issued by the Seventh Circuit Court of Appeals. While the Carpenter decision centered on the long term collection of historic cell site location information, the ruling could be applied to a number of situations where records created by citizens are stored and housed by other parties and accessible without a warrant.

      This case deals with smart meters, issued by the government (via the public electric utility) to track electric use in citizens’ homes. With the old meters, readings were performed by utility employees every few weeks. The new smart meters send back info on electric use every fifteen minutes. This frequency was chosen by the City of Naperville government. It could have gone with something less intrusive, but it chose this method instead.

      The city was sued by citizens opposed to being snooped on by the new smart meters. The plaintiffs argued the frequent readings allowed to government to make a great deal of inferences about activities inside citizens’ homes, based on the rolling delivery of energy use amounts. The district court tossed the case. So does the Appeals Court, but only after making some interesting findings. (via Orin Kerr/Volokh Conspiracy)

      First, the court rules that the government’s use of smart meters to retrieve information about electric usage is actually a search under the Fourth Amendment. To do that, it looks to the Supreme Court’s Kyllo decision, which dealt with the warrantless deployment of thermal imaging scanners by law enforcement. That decision found deployment to be a search, even if officers never physically entered the residences being scanned. Enough could be inferred about inside activity from the thermal images to be considered a search under the Fourth Amendment. The Appeals Court says the same rationale applies here.

    • Facebook’s ‘Privacy Protecting’ VPN Booted From Apple Store For Snooping Too Much

      Back in February we noted how Facebook had launched a new security tool the company promised would “help keep you and your data safe when you browse and share information on the web.” The product was effectively just reconstituted version of the Onavo VPN the company acquired back in 2013. We also noted how some reports were quick to point out that instead of making Facebook users’ data more private and secure, Facebook used the VPN to track users around the internet — specifically what users were doing when they visited other platforms and services.


      Admittedly, Apple’s app store approval process is certainly its own type of terrible. But the report notes that Apple demanded that Facebook “voluntarily” remove the app, and Facebook complied. As such, iOS users can no longer download the app, and users that have already installed it will no longer receive updates for it. It is, however, still available over at the Google Play store, if giving Facebook even greater insight into your online activity is a prospect that excites you.

      The whole kerfuffle only punctuated our repeated point that VPN’s aren’t some kind of mystical privacy panacea. In the wake of the GOP killing broadband privacy rules and the myriad other privacy and hacking scandals, countless people have been flocking to VPNs under the mistaken belief that a VPN is some kind of silver bullet. But a VPN is only as good as the people running it on the other end. And if the people on the other end are running scams or lying about what data is collected and stored (which is incredibly common in the VPN realm) you’re not a whole lot better off.

  • Civil Rights/Policing

    • ‘My Son is Traumatized’: One Separated Family’s Reunion

      The reunion offers a window into what medical experts warned: For children, the trauma of separation can linger far past reunion.

      Inside a Texas detention center, 3-year-old Sammy* was asleep next to his father, Ever Reyes-Mejia, on the ground with a tin foil emergency blanket when an Immigration and Customs Enforcement official told Ever that he needed to go see an immigration judge and fill out some paperwork. Ever asked whether he should leave his son asleep and was told that he would return shortly and there was no need to wake him.

      That was the last time Ever saw his son before ICE took Sammy across the country to Bethany Christian Services, a foster care agency in Michigan.

      Fleeing violence in Honduras, Ever and Sammy came to the United States in April 2018 seeking asylum, presenting themselves to immigration authorities at the McAllen Bridge in Texas. They were two of the thousands of parents and children who were forcibly separated under the Trump administration’s family separation policy. Ever and Sammy were separated for almost three and half months. During that time, Sammy was so upset that he refused to speak to his father on the phone.

      On June 26, a federal judge, ruling in the ACLU’s class-action lawsuit, ordered the U.S. government to stop the separation of families and to reunite those who had already been torn apart. Ever was among the first group of parents prioritized for reunification because Sammy was under the age of 5.

    • Celebrate Women’s Suffrage, but Don’t Whitewash the Movement’s Racism

      Sojourner Truth and Mary Church Terrell are among the activists who endured deeply entrenched racism while fighting for Black women’s right to vote.

      My 94-year-old great-aunt, Paralee Wilmer — we call her Aunty Lee — voted for the first time after moving to Cincinnati, Ohio, in 1944. Born to no-nonsense, small farmers in Millers Ferry, Alabama, and the youngest daughter of 12 children, Aunty Lee was one among many African Americans who moved from the South to the North in search of better job opportunities and greater freedoms during the The Great Migration. These freedoms included the right to vote without intimidation or any other hindrance.

      Aunty Lee’s memory is a bit cloudy regarding whether the first time she cast her ballot was in an election for local politicians or a presidential race, but one thing she knows for sure is her pastor at the time inspired her to exercise her constitutional rights and fulfill her civic duties. He said, “When it’s time to vote, make sure you vote. When it’s time to do grand jury, make sure you go.”

      At age 20, Aunty Lee understood the magnitude of her pastor’s advice, given the disenfranchisement of Black folks that she witnessed growing up in Millers Ferry — including poll taxes, literacy tests, and outright violence and intimidation that prevented Black people from voting. To be a Black citizen in America but denied full citizenship rights epitomizes the hypocrisy of American democracy. This is a sad truth that I repeat like a blues refrain to my students.

      This summer — as the nation celebrates the 170th anniversary of the first major convention for women’s rights at Seneca Falls and the 98th anniversary of the 19th Amendment to the Constitution, which granted women the right to vote — how do we reconcile widespread narratives of a triumphant, steady march towards women’s enfranchisement with the more complicated and painful reality of my great-aunt’s lived experience as a young, Black woman in Jim Crow America?

      One word: intersectionality.

    • Joe Bryan’s Attorneys Ask For New Trial, Say Murder Conviction Built On Faulty Forensics

      In the tiny central Texas town of Comanche, in the same courtroom where he was convicted nearly three decades ago of murdering his wife, Joe Bryan and his attorneys finally got the opportunity this week to make their case that the 77-year-old former high school principal deserves a new trial.

      Over three days, they presented a succession of witnesses who testified that the forensic evidence used to convict Bryan of his wife’s 1985 murder was faulty, and that new evidence pointed to a possible alternative suspect in the killing.

      The hearing — which held out the tantalizing promise of winning Bryan a fresh chance to prove his innocence — drew dozens of spectators who packed the hard-wooden benches inside the Comanche County courthouse. Lining the two front rows were Bryan’s family members, who wore matching red t-shirts emblazoned with the words “Justice For Joe.”

      Behind them, Clifton residents who had not seen Bryan since the 1980s crowded in beside law students, reporters, and top attorneys with the Innocence Project of Texas, who were on hand to assist with Bryan’s case. Penny Blue, the sister of Joe’s late wife, Mickey, sat by herself in the back of the courtroom.

    • Another Prison Phone Service Caught Recording Privileged Conversations And Passing Them On To Law Enforcement

      The law was broken and no one on the law enforcement side did anything to fix it. That split-second decision made during an rapidly-evolving situation (or whatever) may come back to haunt Boston and his Sheriff’s department cohorts. In this mess of 1,000 calls hang 58 serious criminal cases, running the gamut from gang-related charges to the attempted murder prosecution of the offspring of a reality TV star.

      The “technical error” was exposed during the trial of Joshua Waring, the son of a star of “Real Housewives of Orange County.” Inmate services director Greg Boston testified during this case, exposing Global Tel Link’s screwup and the apparent partaking of ill-gotten goods by local law enforcement.

      The Orange Court Sheriff’s Department claims it instructed the service provider to fix the problem when it discovered it had access to privileged recordings. But that hardly explains how Global Tel Link managed to record 1,000 calls it never should have recorded before someone on either end actually noticed the issue. According to Waring’s attorney, the “technical error” went unaddressed for three years, suggesting the OCSD didn’t mind having access to privileged conversations, even when it knew the recordings were illegal under state law.

    • Sanitation Salvage Ordered to Halt Trash Collections

      The agency that oversees New York’s private trash industry ordered Sanitation Salvage, one of the city’s largest haulers, to halt operations, saying the company poses “an imminent danger to life and property.”

      “This company has demonstrated time and time again that they value profit over the lives of New Yorkers and the well-being of their workers,” Mayor Bill de Blasio said in a statement. “We are immediately suspending this company’s license following a pattern of unsafe practices.”

      The action comes after Sanitation Salvage trucks killed two men between November 2017 and April 2018. Those deaths prompted local politicians and community groups to demand closer oversight of a dangerous industry that sends trucks racing through the streets of New York every night.

      The Business Integrity Commission, or BIC, released a five-page order that said the company cannot collect trash in New York City until the commission completes an audit and determines that Sanitation Salvage is no longer a danger to the public.

    • Research Paper Shows Militarized SWAT Teams Don’t Make Cops — Or The Public — Any Safer

      A study has been released confirming what many have suspected: militarization of law enforcement doesn’t make communities safer, has zero effect on officer safety, and is rarely deployed as advertised when agencies make pitches for the acquisition of military gear.

      The most frequent recipient of military tools and training are SWAT teams. Professor Jonathan Mummolo’s research — published by the National Academy of Sciences — gained unprecedented access to SWAT deployment numbers, thanks to a public records request and a Maryland state law requiring documentation of every SWAT raid performed. (That law was allowed to expire by legislators who apparently felt it provided too much transparency and accountability.)

    • CIA Whistleblower: John Brennan Is Out For Himself, Not the Resistance

      Donald Trump’s revoking of ex-CIA Director John Brennan’s security clearance has re-ignited a bitter public feud. Ex-CIA torture whistleblower John Kiriakou argues that given Brennan’s record and personal ambitions, he is not a trustworthy Resister.

    • Lithuania says will not appeal European court ruling over CIA jail

      Lithuania on Wednesday said it would not appeal a European court ruling that the Baltic state had been complicit in a clandestine CIA programme by holding terror suspects at a secret detention site on its territory.

      “We decided it would make no sense to appeal to the Great Chamber because there are no legal criteria for that,” government official Karolina Bubnyte Sirmene told AFP.

      The European Court of Human Rights ruled in May that Lithuania hosted a secret prison from February 2005 to March 2006, when CIA operatives held Abu Zubaydah, considered a top Palestinian operative for Al-Qaeda.

      The EU and NATO state was ordered to pay 100,000 euros ($116,000) in damages to Zubaydah for enabling US authorities to subject him to “inhuman treatment”.

  • Internet Policy/Net Neutrality

    • T-Mobile Begs Small Wireless Carriers To Support Its Awful Merger. The Problem: They Hate It Too

      We’ve repeatedly explained how T-Mobile and Sprint’s latest attempt to merge will be terrible for both jobs and competition. Despite what T-Mobile and Sprint executives have claimed, history suggests the reduction of total wireless carriers from four to three will likely result in less incentive than ever to seriously compete on price. Similarly, while T-Mobile and Sprint have told regulators that the deal will somehow create an explosion in new jobs, Wall Street analysts have predicted that the deal could kill off anywhere from 10,000 to 30,000 jobs as the new company inevitably eliminates redundant positions.

      While some diehard T-Mobile and Sprint fans have bought into these claims, most objective observers with a firm grasp on history realize that the promised “synergies” of telecom mergers like this one almost never materialize. And the obvious impact on competition and jobs is a major reason this merger and others like it (including AT&T’s attempt to acquire T-Mobile) have been scuttled by regulators. There’s simply too many examples of this kind of consolidation resulting in massive monopolies with little incentive to give a damn (hi Comcast and AT&T, didn’t see you standing there).

      T-Mobile’s looming merger is so unpopular, the company was forced to quietly hire Trump ally Corey Lewandowski in an effort to seal the deal (the whole mocking a kid with Down Syndrome thing be damned). Reuters notes that the company has also started reaching out to smaller wireless carriers, urging them to not only express support to the FCC, but submit favorable editorials to major papers supporting the merger.

    • Verizon tries to douse criticism, touts “priority access” for first responders

      Verizon officials were contrite and apologetic during a California State Assembly committee hearing that was convened Friday to examine mobile Internet throttling experienced by firefighters during recent blazes.

  • Intellectual Monopolies

    • Chinese patent quality and innovation should not be underestimated, new study claims [Ed: The patent maximalists like to deny that China's SIPO does grant lots of utterly trash patents. Why? Because it puts at risk their maximalist agenda. Here we have the patent trolls' lobby, IAM.]

      Self-reported patent quality in China generally matches up with quantitative measures of patent quality, according to the findings of a recently published study. In the face of some claims that the power of Chinese technological progress is overstated, this is another piece of evidence which indicates that, at least from an IP perspective, the country is very much on the march.

    • USA: Yellowfin Yachts, Inc. v. Barker Boatworks, LLC, United States Court of Appeals, Eleventh Circuit, No. 17-11176, 07 August 2018

      The federal district court in Tampa did not err in deciding on summary judgment that fishing boat manufacturer Yellowfin Yachts failed to establish that a former executive and his company were liable for trade dress infringement, unfair competition, or trade secret misappropriation, the U.S. Court of Appeals in Atlanta has held, affirming summary judgment in favor of the defendants.

    • Birss J excuses Chugai from tocilizumab royalties in UCB “validity tie breaker”
    • SPC export waiver: a long road ahead

      The European Commission’s proposed export waiver for supplementary protection certificates is likely to face opposition and may be delayed by EU parliamentary changes, says Trevor Cook of WilmerHale.

      On hearing that the European Commission had on 28 May 2018 adopted a proposal for a Regulation to amend Regulation (EC) 469/2009 concerning the supplementary protection certificate (SPC) for medicinal products, many practitioners might have been forgiven for imagining that such proposal sought to deal with what are to them are the most pressing issues with the SPC Regulation—perhaps by seeking to introduce a unitary SPC to accompany the proposed unitary patent, or perhaps by addressing some of the confusion surrounding certain aspects of the SPC Regulation that has led to so many references to the Court of Justice but has resulted in so little clear guidance from that body.

    • Trademarks

      • Honey Badger Don’t Care: Protecting Creativity with Trademarks

        The Honey Badger video is probably NSFW — but it is also funny and informative. In the viral video, C.Gordon (aka Randall) who created the video, repeatedly states that “Honey Badger Don’t Care” and “Honey Badger Don’t Give a Shit.” This became a meme. (See google photo search results below.) Gordon registered the “Honey Badger Don’t Care” mark, but at the time couldn’t register the potentially offensive “Don’t Give a Shit” mark.

      • Auckland girl fights global media company over ‘Slime Princess’ trademark

        A 12-year-old Auckland girl is taking on a global media giant after her attempt to trademark “Slime Princess” hit opposition.

        Katharina Weischede, from Henderson in West Auckland, first began making slime as part of a school science fair. What started off as a hobby had by late 2017 become a home-based business called “Slime Princess”.

        Now known by her friends, family and even strangers as the “Slime Princess”, she eventually decided to trademark her business’s name.

      • Nickelodeon Is Opposing A 12 Year Old New Zealand Girl’s ‘Slime’ Trademark For Some Reason

        Viacom has decided to take its trademark bullying game international and possibly against the most sympathetic target it could find. Nickelodeon, owned by Viacom, has decided to oppose the trademark registration of a 12 year old girl in New Zealand, claiming its trademark on the word “slime” is too important. Katharina Weischede has managed to build up an online brand in New Zealand for producing and playing with “slime.” She made a business out of it and attempted to trademark “slime princess”, only to find Nickelodeon opposing it.

    • Copyrights

      • ‘The Locks They Put on DVDs Now Are in Tractors’

        Copyright and farmers don’t often appear in the same story. They did last spring, when agricultural machine maker John Deere argued that farmers should not be able to independently access the operating software in their tractors, for example—because they don’t own that part, they just license it. Or, as our guest put it, “Old McDonald has a tractor, but he owns a massive barn ornament, because the manufacturer holds the rights to the programming that makes it run.”

        Kyle Wiens is co-founder and CEO of iFixit, the online repair community and parts retailer. We asked him to explain the right to repair, and the argument that John Deere and others are trying to make.

      • Recognizing It Had No Chance, Cox Settles BMG Copyright Trolling Case

        The long saga of the BMG v. Cox case is now over. If you don’t recall, BMG had hired the copyright trolling outfit Rightscorp to bombard ISPs with shakedown letters, based on accusations of copyright infringement. Rightscorp really wanted ISPs to pass those letters on to ISP subscribers, including the part where they demand money to leave you alone. As was revealed during the case, Rightscorp would blatantly lie to those subscribers, telling them that if they were innocent they needed to first hand their computers over the police for a forensic search. Cox, after being bombarded with these shakedown letters, started ignoring the Rightscorp letters, leading BMG to sue.

        Cox pointed to the DMCA safe harbors to protect itself, but the judge, Liam O’Grady, made it pretty clear that he didn’t care much for the internet at all, and didn’t seem to mind Righscorp and BMG shaking down people for money with the threat of losing their entire internet access. Of course, it did not help at all that Cox itself had some damning emails about how they treated subscribers accused of infringement. While plenty of attention has been placed on Cox’s apparent “thirteen strikes” policy for those accused (not convicted) of copyright infringement, the real problem came down to the fact that Cox didn’t follow its own repeat infringer policy. So, in the end, Cox lost to BMG in the lower court and it was mostly upheld on appeal.

      • Katy Perry sued for copyright infringement, is Marcus Grey the Dark Horse?

        Following this Kat’s post on the Ed Sheeran copyright infringement case relating to the song “Shape of You” (here), she came across another similar dispute going on over the pond!

        This case, brought in the US District Court of California, is between Plaintiffs Marcus Gray, Chike Ojukwu, and Emanuel Lambert who are Christian rap/hip-hop artists and Defendants Katheryn Elizabeth Hudson (Katy Perry), Jordan Houston (Juicy J), Lukasz Gottwald (Dr Luke) as well as a number of other individuals and music publishers.

        The allegation was first filed on the 1st July 2014, which claimed that the song “Dark Horse” infringed upon the Plaintiffs’ copyright in the song “Joyful Noise.” On 25th June 2018 the defendants filed a motion for a summary judgement and the Court hearing took place on 13th August.

      • Milan court issues dynamic blocking injunction against Italian ISPs

        Does a blocking injunction against an intermediary only concern the domain names indicated in the relevant order or can it be also considered as encompassing future infringements committed through other domain names?

        This is the question that the Milan Court of First Instance (Tribunale di Milano) had to address in the context of interim proceedings between publisher Mondadori and a number of major Italian internet access providers (ISPs).

      • Copyright Trolls Killed Off in Denmark After Supreme Court Hearing Denied

        Two ISPs in Denmark have emerged victorious from a battle to keep the personal details of their customers private. Telenor and Telia were previously ordered to hand over information to copyright trolls but when the demands kept coming, the ISPs kicked back. Following a big win for the providers at the High Court in May, the Supreme Court will not hear the case, meaning the trolls will lose access to their cash cows.


Links 24/8/2018: Intel’s Gag Backfires, Red Hat Takes Aim at VMware

Posted in News Roundup at 11:22 am by Dr. Roy Schestowitz

GNOME bluefish



  • Microsoft Investigated For Alleged Bribery and Corruption in Hungary

    U.S. Justice Department and the Securities and Exchange Commission are investigating Microsoft for possible bribery and corruption in its pursuit of software sales in Hungary, the Wall Street Journal reported on Thursday.

  • Desktop

    • You want how much?! Israel opts not to renew its Office 365 vows

      Microsoft’s desire to move users into the exciting world of Office 365 subscriptions has been dealt a blow as the Israeli government took a look and said “no thanks.”

      In a statement given to The Register, the Israeli Ministry of Finance explained that it currently spends more than 100m Israel New Shekels (£21.3m) per year on Microsoft’s software products.

    • Big List of Most Popular Chromebook Brands Will Not Receive Linux Support Due to 3.14 Kernel

      It turns out that unfortunately a lot of Chromebooks with the Linux 3.14 kernel aren’t going to be getting any Linux app support from Google – including Google’s own Chromebook Pixel series. This is quite a blow to the Chromebook Linux community, as many developers were always working on backporting the essential kernel modules such as vsock, trying their best to make vsock backward compatible – though it turned out that vsock isn’t backwards compatible with Linux kernel 3.14, but the point remains.

    • Old Chromebooks won’t get Linux app support after all
    • Chromebooks with Linux kernel 3.14 & older won’t get Linux app support
    • Linux apps are NOT coming to many still-supported Chromebooks
    • Older Chromebooks including the 3-year-old Chromebook Pixel won’t get Linux apps
    • Linux Apps Won’t Come To Many Older Chromebooks Including the 2015 Pixel – But There’s A Catch
    • Linux Apps On Chrome OS To Require Kernel Version Above 3.14
    • Chromebook Linux support: not everyone’s invited to the party
    • Older Chromebooks may not run Linux programs due to outdated software

      Not all Chromebooks will support Linux software when the feature comes to Chrome OS later this year. So far, 14 devices may be excluded from the list including Google’s own Chromebook Pixel introduced in 2015. The current list, generated on Reddit, consists of four models from Acer, four models from Asus, two from AOpen, and more.

      Google revealed support for Linux software on Chrome OS during its developer conference earlier this year. The idea is for developers to test their Android- and web-based apps on Chromebooks. Linux would run inside a virtual machine designed specifically for Chrome OS, which is simply an emulated high-end computer running within your PC’s real-world system memory.

    • Organizing a Market for Applications

      The “Year of the Desktop” has been a perennial call to arms that’s sunken into a joke that’s way past its expiration date. We frequently talk about the “Year of the Desktop”, but we don’t really talk about how we would achieve that goal. What does the “Year of the Desktop” even look like?

      What it comes down to is applications—rather, a market for applications. There is no market for applications because of a number of cultural artifacts that began when the Free Software was just getting up on wobbly legs.

      Today, what we have is a distribution-centric model. Software is distributed by an OSV (operating system vendor), and users get their software directly from there via whatever packaging mechanism that OSV supports. This model evolved, because in the early-to-mid 1990s, those OSVs existed to compile the kernel and userspace into a cohesive product. Packaging of applications was the next step as a convenience factor to save users from having to compile their own applications, which always was a hit-or-miss endeavor as developers had different development environment from the users. Ultimately, OSVs enjoyed being gatekeepers as part of keeping developers honest and fixing issues that were unique to their operating system. OSVs saw themselves as agents representing users to provide high-quality software, and there was a feeling that developers were not to be trusted, as of course, nobody knows the state of their operating system better than they would.

  • Server

    • Aqua Security Open Sources Container Pen Test

      Aqua Security is trying to level the container security playing field by making available as an open source project an open source edition of a penetration testing tool designed specifically for container clusters.

      Rani Osnat, vice president of product marketing for Aqua Security, says kube-hunter is an automated penetration testing tool that developers and cybersecurity teams can employ to discover vulnerabilities within containers.

      That tool is designed to be run in two modes. Passive hunters run by default and are designed to execute a series of tests that probe for potential access points within your cluster. An active hunting mode then can be employed to execute additional tests against any weaknesses found with the passive hunter. Results from those tests are then shown on a website hosted by Aqua Security.

    • Getting started with Linux containers

      A major drawback of an OS-based model is that it is slow, and to deploy a new application, IT administrators might need to install a new server, which incurs operational costs and requires time.

      When every application has its own copy of the OS, operations are often inefficient. For example, to guarantee security, every application needs its own dedicated server, which results in lots of under-utilized hardware in the data center.

      A container is an isolated environment where the OS uses namespaces to create barriers. Linux containers have all the necessary components to run an application and make it easy to run a container on top of an operating system.

      From a hardware standpoint, containers utilize resources more efficiently. If there is still hardware capacity available, containers can use that and admins won’t need to install a new server.

  • Audiocasts/Shows

  • Kernel Space

    • UBIFS & OverlayFS Updates Hit The Linux 4.19 Kernel

      For the Linux 4.19 kernel there’s been a lot of F2FS performance enhancements and more, the new EROFS file-system, low-level Btrfs improvements, and more. Some of the file-system work less in the spotlight are the OverlayFS and UBIFS updates sent in this week.

      On the OverlayFS front it’s a fairly notable merge window. OverlayFS now has support for stack file operations and metadata-only copy-up. The stack file operation support alone will allow cleaning up some “hacks” in the kernel’s VFS code and other code improvements. The details on the OverlayFS work via this pull from a few days ago.

    • Linux 4.19 ARM Updates Bring Raspberry Pi Voltage Driver, Samsung Aires Phone Support

      Olof Johansson has sent in his usual batch of multiple pull requests updating the ARM hardware support, this time for the nearly-over Linux 4.19 kernel merge window.

      There is some good additions to the ARM hardware support in Linux 4.19 like the Raspberry Pi voltage driver as well as the Raspberry Pi Compute Module CM1 support in mainline, a few new SoCs, and various new hardware devices supported — including the $100 Chinese Pinebook ARM 64-bit laptop recently making rounds. Though not part of the Linux 4.19 cycle is anything more on the lack of NXP i.MX8 support and has us increasingly wondering not if Purism will make their Librem 5 ship goal for this Linux smartphone but how far they will be off that ship date… Their Librem 5 developer kits also appear to have not begun shipping yet.

    • Linux 4.19 Adds Deferred Console Takeover Support For FBDEV – Cleaner Boot Process

      While FBDEV has been on its last leg for years with some calling for its deprecation and encouraging instead DRM/KMS drivers rather than (mostly embedded vendors) focusing on FBDEV frame-buffer drivers, with Linux 4.19 the FBDEV subsystem is bringing a useful addition to the kernel.

      Hans de Goede, who has done a range of useful kernel contributions over the years at Red Hat from working out better Linux laptop power management to a cleaner boot process, has been working this summer on deferred console takeover support.

    • OpenRISC Continues Puttering Along With Linux 4.19 Improvements, New GCC Port

      While OpenRISC has been around longer than RISC-V as an open-source processor ISA, with not having as many commercial stakeholders involved, it hasn’t been off to the races as quickly, but it’s still marching to the beat of its own drum.

      OpenRISC developer Stafford Horne today sent in the kernel patches for the Linux 4.19 cycle. The only changes on the OpenRISC front for the Linux 4.19 cycle is work done by Christoph Hellwig to allow this CPU architecture code to use the kernel’s generic DMA interfaces.

    • Linux Foundation

      • Open Source Akraino Edge Computing Project Leaps Into Action

        The ubiquitous topic of edge computing has so far primarily focused on IoT and machine learning. A new Linux Foundation project called Akraino Edge Stack intends to standardize similar concepts for use on edge telecom and networking systems in addition to IoT gateways. The goal to build an “open source software stack that supports high-availability cloud services optimized for edge computing systems and applications,” says the project.

        “The Akraino Edge Stack project is focused on anything related to the edge, including both telco and enterprise use cases,” said Akraino evangelist Kandan Kathirvel, Director of Cloud Strategy & Architecture at AT&T, in an interview with Linux.com.

    • Graphics Stack

      • Patches Prep The Merging Of AMDKFD + AMDGPU Linux Drivers

        The plans talked about in early July for merging the AMDKFD driver into the AMDGPU DRM driver are moving ahead and out today are the initial patches working towards this merger.

        AMDKFD is the graphics vendor’s “Kernel Fusion Driver” with the name originating from the Fusion days and is the kernel bits needed for HSA/compute on Radeon graphics hardware.

    • Benchmarks

      • AMDGPU-PRO 18.30 Pro/Open vs. Upstream Mesa OpenGL/Vulkan Radeon Benchmarks

        Last week AMD released the AMDGPU-PRO 18.30 hybrid driver featuring their latest optional proprietary Linux driver components as well as the “all-open” driver stack option. Here are some initial benchmarks of that driver stack compared to what’s shipped by default in Ubuntu 18.04.1 LTS as well as the latest upstream Mesa/AMDGPU support.

        AMDGPU-PRO 18.30 was introduced with Ubuntu 18.04.1 LTS support as well as for Ubuntu 16.04.5 and RHEL/CentOS 6.10 and 7.5. AMDGPU-PRO doesn’t see new releases too often these days so also coming with 18.30 is the Radeon Pro WX 8200 graphics card support, CLI-based WattMan-like functionality, and other updates.

  • Applications

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • The $99 Laptop That Can Run KDE Neon

        A $99 laptop that can run KDE Neon and the full Plasma desktop? I’m intrigued!

        But that’s exactly what KDE Neon’s Jonathan Riddell has shared word of on his blog, highlighting a new collaborative version of the distro designed for the Pinebook ARM laptop.

        “Blue Systems has worked together with the manufacturer of the Pinebook to create a showcase test image that runs well on these devices,” he writes.

      • Last week in Kube
      • Optimizing Kube’s storage

        Near the middle / end of my internship, I got to modify parts of the storage system in Sink, the library handling all the data of Kube.

        The goal was to both to speed up the storage and reducing disk space. These two goals often go hands in hand in databases, since smaller data means faster disk lookup, and more data put in memory, available for direct usage.

      • digiKam 6.0.0 beta 1 is released

        Dear digiKam fans and users, following the long stage of integrating a lots of work from students during the Summer of Code we are proud to announce the first beta of digiKam 6.0.0.

      • digiKam 6.0 Beta Brings Full Video File Management, Greater Camera Coverage

        Just over two years since digiKam 5.0 shipped, this Qt/KDE-aligned open-source photo management software has debuted its 6.0 beta release.

        The headlining feature of digiKam 6.0 Beta is that there is now full support for the management of video files, in a similar manner to digiKam’s photo management. The meta-data on video files are now fully extracted and the video files can be dealt with in the same manner as one would manage a photograph using this software.

      • I was at Akademy 2018!

        It was a very productive week of intense discussion and hacking. This year it was hosted by the Technical University of the beautiful City of Vienna.

    • GNOME Desktop/GTK

      • Fun with SuperIO

        While I’m waiting back for NVMe vendors (already one tentatively onboard!) I’ve started looking at “embedded controller” devices. The EC on your laptop historically used to just control the PS/2 keyboard and mouse, but now does fan control, power management, UARTs, GPIOs, LEDs, SMBUS, and various tasks the main CPU is too important to care about. Vendors issue firmware updates for this kind of device, but normally wrap up the EC update as part of the “BIOS” update as the system firmware and EC work together using various ACPI methods. Some vendors do the EC update out-of-band and so we need to teach fwupd about how to query the EC to get the model and version on that specific hardware. The Linux laptop vendor Tuxedo wants to update the EC and system firmware separately using the LVFS, and helpfully loaned me an InfinityBook Pro 13 that was immediately disassembled and connected to all kinds of exotic external programmers. On first impressions the N131WU seems quick, stable and really well designed internally — I’m sure would get a 10/10 for repairability.

      • Please welcome AKiTiO to the LVFS

        Over the last few weeks AKiTiO added support for the Node and Node Lite devices, and I’m sure they’ll be more in the future. It’s been a pleasure working with the engineers and getting them up to speed with uploading to the LVFS.

        In other news, Lenovo also added support for the ThinkPad T460 on the LVFS, so get any updates while they’re hot. If you want to try this you’ll have to enable the lvfs-testing remote either using fwupdmgr enable-remote lvfs-testing or using the sources dialog in recent versions of GNOME Software. More Lenovo updates coming soon, and hopefully even more vendor announcements too.

      • AKiTiO Thunderbolt Devices Begin Receiving Firmware Upgrade Support Under Linux

        AKiTiO is the latest hardware vendor beginning to allow for firmware upgrades in an easy and reliable manner under Linux.

        Red Hat’s Richard Hughes has shared that AKiTiO has begun supporting the Linux Vendor Firmware Service (LVFS) for distributing firmware updates to Linux users and the subsequent firmware upgrades being carried out by the fwupd utility.

  • Distributions

    • Intel ‘gags’ Linux distros from revealing performance hit from Spectre patches

      Open-source champion Bruce Perens has called out Intel for adding a new restriction to its software license agreement along with its latest CPU security patches to prevent developers from publishing software benchmark results.

      The new clause appears to be a move by Intel to legally gag developers from revealing performance degradation caused by its mitigations for Spectre and Foreshadow or ‘L1 Terminal Fault’ (L1FT) flaw speculative attacks.

      “You will not, and will not allow any third party to … publish or provide any software benchmark or comparison test results,” Intel’s new agreement states.

      The new term appeared with the fixes for ‘L1 Terminal Fault’ that were recently delivered to Microsoft and Linux distributions.

    • Intel Clears Up Microcode Licensing Controversy – Simpler License, Allows Benchmarking

      Over the past day online there has been lots of controversy following some high-profile sites reporting about Intel’s “un-friendly microcode license update” and its “ban on benchmarking”, among other catch phrases. It’s now been officially cleared up by Intel with a simpler license that doesn’t forbid benchmarking, allows distribution vendors to re-distributed these binary files to their users, and doesn’t have any other nastiness integrated into the legal text.

    • Perens: Intel Publishes Microcode Security Patches, No Benchmarking Or Comparison Allowed

      Bruce Perens looks at the license agreement for Intel’s latest CPU microcode update and does not like what he sees.

    • Intel Publishes Microcode Security Patches, No Benchmarking Or Comparison Allowed!

      UPDATE: Intel has resolved their microcode licensing issue which I complained about in this blog post.

    • Use Debian? Want Intel’s latest CPU patch? Small print sparks big problem

      At least one Linux distribution is withholding security patches that mitigate the latest round of Intel CPU design flaws – due to a problematic license clash.

      Specifically, the patch is Chipzilla’s processor microcode update emitted this month to stop malware stealing sensitive data from memory by exploiting the L1 Terminal Fault vulnerability in Intel’s silicon. The biz had released microcode in July that corrected the underlying problem mostly for server-grade CPUs; this latest fix now covers desktop processors.

      Ideally, Intel’s CPU microcode is updated by the motherboard firmware during boot. However, manufacturers may be slow to emit patches, so operating system kernels can also push updates to the chipset during startup. Since microcode updated in this way is discarded every time the power is cycled, it is up to the firmware and OS to reapply the update as early as it can during the boot process.

    • Debian Withholding Intel Security Patches, Linus Torvalds on the XArray Pull Request, Red Hat Transitioning Its Container Registry, Akraino Edge Stack Moves to Execution Phase, openSUSE Tumbleweed Snapshots Released and digiKam 6.0.0 Beta 1 Now Available

      Debian is withholding security patches for the latest Intel CPU design flaw due to licensing issues. The Register reports that the end-user license file Intel added to the archive “prohibits, among other things, users from using any portion of the software without agreeing to be legally bound by the terms of the license”, and Debian is not having it. See also Bruce Perens’ blog post on this issue.

    • Intel rips up microcode security fix license that banned benchmarking
    • Intel Statement on Benchmark Clause: “We Are Updating the License”
    • (Updated) Intel says no more benchmarks on Linux in new terms of microcode update
    • Intel catches heat for CPU benchmarking clause, responds to complaints
    • Intel Included Gag-Order In Microcode Update – Update: Gag-Order Removed
    • Updated: Intel Answers Complaints About Microcode Benchmarking Ban
    • Debian rejects Intel code update
    • Controversial T&C clause found in Intel’s latest microcode update
    • Intel EULA Agreement Forbids Linux Users From Sharing CPU Benchmarks of L1TF Performance Hit
    • Intel makes CPU benchmark publishing illegal after security patch
    • Intel backtracks on controversial benchmark clause, updating its T&Cs
    • Intel Puts Microcode Benchmarking Ban On Linux Distros; Retracts Later

      Well-known open-source programmer Bruce Perens has called out Intel for placing new restrictions on its software license agreement that prevents developers from publishing software benchmark results.

    • Intel EULA License prohibits benchmarks on new Linux microcode Patches

      Intel recently has provided its microcode updates for Linux distributions. The Register reports that Debian is rejecting a new Intel microcode update because of a new license term prohibiting the use of the CPU for benchmarks and profiling.

      There is a new license term applied to the new microcode: “You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results.”

    • Reviews

      • Quirky Linux: Pleasingly Peculiar

        Quirky Linux is a classic example of what makes Linux such a varied and useful operating system.

        Puppy Linux developer Barry Kauler earlier this month released Quirky Xerus 64 version 8.6, which comes packed with the latest innovations for doing Linux stuff differently.

        This latest in the “Xerus” series is a must-try if you like to push your computing experience envelope. It offers a slightly different approach to blending a traditional Linux desktop with the latest in usability options.

    • New Releases

      • Bodhi Linux 5.0.0 released with updated Ubuntu core 18.04 and a modern look

        The Bodhi Team have announced the fifth major release of their Linux distribution. Bodhi Linux 5.0.0 comes with an updated Ubuntu core 18.04 and an overall modern look for its Moksha Window Manager.

        Bodhi Linux was first released as a stable version seven years ago, as a lightweight Linux distribution based on Ubuntu and Moksha window manager. It uses a minimal base system allowing users to populate it with the software of their choice.

        Bodhi Linux 5.0.0 features disc images which have a fresh new look; a modified version of the popular ‘Arc Dark’ theme colorized in Bodhi Green. They have also included a fresh default wallpaper, login screen, and splash scenes as your system boots.

    • OpenSUSE/SUSE

      • Tumbleweed Snapshots Bring Changes for KVM, QEMU, Xen

        The most recent snapshot, 20180818, updated the kernel to version 4.18.0, which brought many changes for KVM (Kernel-based Virtual Machine). Mozilla Firefox 61.0.2 improved website rendering with the Retained Display List feature enabled and also fixed broken DevTools panels. The ffmpeg 4.0.2 package in the snapshot added conditional package configuration and AOMedia Video 1 (AV1) support. Netfilter project nftables was restored as the default backend with firewalld 0.6.1 and now nftables and iptables can co-exist after a bug fix with the ‘nat’ table form the 4.18 kernel. The Command Line Interface configuration utility for wireless devices known as iw added support in its 4.14 for all new kernel features of kernel 4.14. The HTTP client/server library for GNOME, libsoup 2.62.3, now uses an atomic-refcounting in classes that are not using GObject-refcounting. The Linux Kernel 4.16 or higher is needed for the strace 4.24 package, which implemented decoding of KVM vcpu (virtual central processing unit) exit reason as an option, and yast2-http-server 4.1.1 fixed PHP support by dropping php5 and using php7.

      • openSUSE Tumbleweed Is Now Powered by Linux Kernel 4.18, Introduces AV1 Support

        Even though it’s the holidays season and most developers take a break from all the heavy work they do all year, the OpenSuSE Tumbleweed operating system continues to receive some of the freshest updates, and this week it received a major kernel bump with the latest Linux 4.18 kernel series, which brings lots of new features.

        “The most recent snapshot, 20180818, updated the kernel to version 4.18.0, which brought many changes for KVM (Kernel-based Virtual Machine),” said Douglas DeMaio. “Netfilter project nftables was restored as the default backend with firewalld 0.6.1 and now nftables and iptables can co-exist after a bug fix with the ‘nat’ table form the [Linux] 4.18 kernel.”

    • Red Hat Family

      • Red Hat Enterprise Linux 7.6 Beta released with focus on security, cloud, and automation

        Red Hat has rolled out their Red Hat Enterprise Linux 7.6 beta in their goal of becoming the cloud powerhouse. This release focuses on security and compliance, automation, and cloud deployment features.

      • Red Hat’s Open Source Migration Service

        New service aims to help users avoid vendor lock-in and proprietary virtualisation silos

        Red Hat has rolled out a a new managed infrastructure migration service that aims to help enterprises shift to open source infrastructure.

        The service from the North Carolina-headquartered open source giant bundles together a range of existing and forthcoming Red Hat offerings into a three-step mechanism.

        This aims to help enterprises tackle legacy virtualisation infrastructure issues, from closed vendor systems to onerous licencing costs.

        James Labocki Director of Product Management at Red Hat told Computer Business Review that the rationale for the product was fundamentally simple.

      • Red Hat Virtualization hypervisor adoption considerations

        RHV offers centralized management with Red Hat Virtualization Manager and is integrated with Red Hat’s cloud tools, including Red Hat Ansible Automation and Red Hat CloudForms, which enables customers to orchestrate and automate events, handle reporting, and enforce compliance requirements.

        RHV also supports OpenStack Glance and Neutron, which means RHV works in private and hybrid cloud infrastructures. Simple network management protocol messaging handles third-party monitoring.

      • Red Hat Takes Virtualization Aim at VMware
      • Red Hat Takes Aim At VMware

        Red Hat thinks VMware is an anchor dragging enterprise IT departments down, and it’s looking provide wings to help them soar. The ruby-lidded guys are launching infrastructure migration tools and professional services to migrate “legacy virtualization solutions” (Red Hat’s euphemism for the V-team) to open source.

        In a blog post scheduled to go live Thursday, Red Hat Inc. (NYSE: RHT) takes aim at the financial cost of running these “legacy virtualization solutions,” and promises to help enterprises “cut costs and speed innovation through cloud-native and container-based technologies.” Red Hat says the cost of running legacy infrastructure starves enterprises of the resources needed for digital transformation. Red Hat is looking to fix that.

      • Red Hat Goals To Assist Firms Migrate To A Modern IT Infrastructure

        Business enterprises nowadays aren’t shy about their desire embrace “digital transformation,” and the companies that provide much of their information technology infrastructure are falling over themselves which is happening again and again.

      • How the Boston Children’s Hospital Is Innovating on Top of an Open Cloud

        Pienaar says that it’s very important that it is all open source and, again, not just because of the cost savings. Having been using Linux from the start of the project, he believes they wouldn’t have access to the different development environments and languages they’d want to use if they were tied to a proprietary cloud.

        “I very much am inspired by the idea that, with these open source approaches, we can build things that really affect data that has real connections to the world behind it,” Pienaar said.

        “Right now if we were trying to collaborate deep down into the Amazon cloud, I would imagine we would have to set up a licensing agreement with Amazon. I wouldn’t be able to download the Amazon Cloud to run up my own environment. And while the full power of ChRIS lies in its connection to the Mass Open Cloud, nothing stops you from downloading and running ChRIS right now on your laptop. The entire ChRIS is available. Your experience is identical — albeit your laptop might not quite muster the grade for heavy computing. Still, you can troubleshoot and develop to your own mini-but-complete ChRIS in totality and then with a click deploy to any number of other ‘ChRISes’ that live out on clouds.”


        Both this use case and the medical ones follow an operational pattern of bringing in the data and code, running on the optimum numbers of data, and sharing the input data and the temporary data that are required for the application itself. ChRIS also has mechanisms that can facilitate visualizing the data for clinicians.

        The end goal is not to just make applications run faster on a single machine, but to open source data itself, while still remaining compliant to regulations like the U.S.’s HIPAA and Europe’s GDPR.

      • [PodCTL] PodCTL #46 – KubeVirt and Container Native Virtualization

        Does it feel like sometimes the new Kubernetes updates are only targeted at new, cloud-native applications? What about all those existing applications that aren’t microservices or are running in virtual machines today? Today’s show looks at the intersection of container, virtual machines and Kubernetes. We talk about the KubeVirt project and the work that Red Hat is doing with Container Native Virtualization. It’s a great look at how new Kubernetes capabilities like Customer Resource Definitions (CRDs) are allowing Kubernetes to expand it’s capabilities without making the core project less stable.

      • Eclipse MicroProfile and Red Hat Update: Thorntail and SmallRye

        With the name, we also changed versioning to come back to a more semantic version numbering. Thus the last release version of WildFly Swarm was 2018.5.0 and the first version of Thorntail (same code, different name) was 2.0.0.Final.

        Changing the version numbering makes it easier for us to communicate about new features and have better links to downstream project versions.

        You’ll find more information on the project renaming and versioning changes in this interview that Bob McWhirter gave to InfoQ.

      • Can I catch up with Linux containers?

        Cloud, Linux containers, and container orchestration (in the form of Kubernetes) are the topics I hear being discussed the most today. Most IT organizations are discussing DevOps and microservices. The will to deep dive into that pool of fresh new experiences is leading many organizations to rethink tooling, culture, and processes in-house. Businesses want all the benefits of this digital transformation, but are you really prepared for this new paradigm? Are you really ready for containers?

        In order to standardize environments, isolate processes or increase modularity, to be able to better produce code, services and provide maintenance, the solution that comes in handy is containers. A smaller footprint which is standardized and isolated while consuming the resources of the host was the perfect recipe. Click here to understand what containers are.

      • Transitioning the Red Hat container registry

        Red Hat has seen significant adoption of our container ecosystem since we began shipping Red Hat Enterprise Linux with support for Linux containers more than four years ago. To support our existing users and users to come, we will be transitioning our product portfolio and customers to a new container registry for Red Hat container images available at registry.redhat.io over the next year. We have several reasons to make this change, and we’re also taking a number of steps to make the move away from registry.access.redhat.com as minimally disruptive as possible.

      • Maxta Launches Hyperconverged (Un)Appliance for Red Hat Virtualization Pre-Configured on Intel® Data Center Blocks
      • Introducing Red Hat infrastructure migration solution: An enterprise-grade remedy designed for proprietary virtualization silo ills

        For many organizations, legacy virtualization solutions can stifle innovation and IT advancement, which can limit the path to hybrid cloud infrastructure, where workloads and resources span physical, virtual and cloud-based environments. The cost of maintaining these existing infrastructure investments can tie up a significant portion of IT budgets. Compounding this, Gartner states, “IT organizations with goals for “doing more with less” find it difficult to quantify, estimate and communicate the level of non-discretionary IT spending needed to sustain business transformation.” With the budget remaining, an organization can be forced to put digital transformation, the modernization of IT environments through digital technologies, on hold.

      • Finance

      • Fedora

        • Flock 2018

          A couple weeks ago I had the pleasure of traveling to Dresden, Germany to attend Flock, the annual gathering of Fedora contributors. This was my third Flock and it was fun and quite productive.

          One of the things I enjoyed about this year’s schedule was the built-in coffee breaks. Most conferences pack the schedule completely full with many simultaneous tracks, so that attending the “hallway track” means that you are missing talks. The built-in coffee breaks were such that there were no other scheduled activities, which was great for having sanctioned hallway track time. It was a great idea and I hope it is also incorporated into next year’s event.

        • IBus 1.5.19 is released

          IBus 1.5.19 is now released and it’s available in Fedora 29.

        • [ES] Docker Meetup 05 Panamá [Docker+Fedora]
        • Civility in a systemd World

          Let me just say that I don’t really know much of anything about systemd and as such, I’m not even sure I care. I know that people either like systemd or really, really, hate systemd and that there is a very slim slice of global users that don’t care one way or the other. I also know that literally everything in life can be turned into a punchline joke if you link it to systemd. You don’t even have to understand the specifics of the joke, you just know that if systemd is part of the punch line that you are supposed to laugh. Now after all that, here is the real reason for this post.

          I was listening to episode 262 of the Linux Unplugged podcast in which there is a discussion of Benno Rice’s BSDCan 2018 keynote called “The Tragedy of systemd. First, the discussion was really, really good and certainly thought provoking. I would highly recommend listening to the discussion. It was interesting enough that I had to go and actually find the keynote presentation and watch it in it’s entirety. Remember what I said at the start of this post, I don’t really know anything about systemd nor do I know if I even care. And yet I am willing to say it was a very good presentation.

    • Debian Family

      • Derivatives

        • Deepin OS 15.7 – Enjoy The Better Performance

          Deepin OS is among the most awesome Operating Systems in the world, period. The Debian-based distro has successfully won the hearts of everybody that I know has used it for over a day and its latest release (in the form of version 15.7) brings so many improvements I could have a field day reviewing them all.

          If you are not already familiar with this OS then don’t skip this article.

          Deepin OS is an open-source, Debian-based desktop distribution whose aim is to provide users with a beautiful, security-conscious, and user-friendly Operating System. It was initially based on Ubuntu until the release of its current major version, 15 when it switched to model Debian.

          As at the time of writing, it sits at #28 on Distrowatch and has a 9/10 rating out of 301 reviews with approx. 325 hits per day.

        • Canonical/Ubuntu

          • The Road to K8s/vSphere Integration

            Recently, Juju began supporting cloud-native features via “integrator” charms (e.g.: aws-integrator, gcp-integrator, openstack-integrator). These allow charms to request things like persistent storage from a cloud provider without having to shuffle your super-secret credentials around to all the applications in your deployment.

            The way an integrator charm works is simple: you entrust it (and only it) with your Juju credentials for a particular cloud and then relate it to charms that want to make cloud-native requests. The integrator will ensure appropriate roles are created, submit a request to the cloud, and then notify the requesting charm that enough data is available to start using the new resource.

            Lately I’ve been testing Canonical Kubernetes (CDK) on the VMware vSphere platform — to Juju, vSphere is supported like any other cloud. I really needed persistent storage for my pods and thought, “it sure would be nice if there was a vsphere-integrator that I could use for this.” So I wrote one.

          • Ubuntu/Debian Add LZ4-Compressed Initramfs Support, Will Auto Decide LZ4/XZ Choice

            Back in March was the discussion about Ubuntu 18.10 considering an LZ4-compressed kernel image (initamfs) by default while now action has been taken on this support and coming up with a new default.

            With the latest Ubuntu and Debian packages, compressing the initramfs using LZ4 is now supported. Ubuntu up to this point has been using the basic Gzip compression support. The benefit to using an LZ4-compressed image is much quicker decompression than alternative algorithms but it does mean a slightly larger file size.

  • Devices/Embedded

Free Software/Open Source

  • SD Times Open-Source Project of the Week: TransmogrifAI

    Salesforce is open sourcing a tool that aims to make it easier to build scaled machine learning systems for enterprises, TransmogrifAI.

    TransmogrifAI is a automated machine learning library for structured data that enables data teams to transform customer data into meaningful predictions, according to the company.

    Salesforce explained it has been using TransmogrifAI to power its Einstein AI platform, but it wants to open up the project to empower other developers to build machine learning solutions at scale.

  • Channeling Community Wisdom: Recent Open Source Momentum And What’s To Come
  • The “Sign-in with Facebook” problem and the open source solution

    Managing accounts, credentials and personal information on the Internet has become a nightmare. Almost every website today encourages users to register, or even requires them to do so to be able to access content. They usually want some combination of your email, a password, your name and date of birth. This information is always the same, yet you spend your time typing it again and again, then double checking it for mistakes and correcting typos before pressing Enter and being granted access.

    And you often reuse the same password that you already used for countless other websites, because there are only so many passwords that you can remember – until you find a website with an annoying password policy that your ordinary password does not meet, and then you have to add a punctuation symbol, a Greek letter and a B flat note played on a horn.

    Some people try to solve this by using password managers, such as the ones included in modern browsers – and then they have to remember and secure the password to their password manager, and there is no way to recover their accounts if they lose it; and if they end up using someone else’s device, or a PC in an Internet café, they cannot log in anywhere, as they do not know any of their passwords any more. So they will save their credentials on their mobile phone, which then gets stolen, putting all their online affairs at risk.

  • What is Qiskit, IBM’s open source quantum computing framework

    Researchers, scientists, academics, hobbyists, businesses – all of these groups are represented in the community of Qiskit, the open source framework based on IBM’s quantum computing programme that’s opening up access to real quantum computing in the cloud for everyone.

    Qiskit (Quantum Information Science Kit) is just over a year old, and it followed up the IBM Quantum Experience – IBM Q Experience for short – a program that put quantum computers on the cloud (for the first time) so researchers and developers could tinker with the almost brand-new field of computation.

    Since opening up the Q Experience, hobbyists have created games and composed music using real quantum computers, while scientists and researchers are using qubits to solve problems that were previously too difficult to solve.

  • Potential for Open Source for Health IT Software Development

    Open source development supports health IT software innovation as healthcare technology vendors and provider organizations work on improving the same source code.

    “Open source is a methodology on how to develop software,” Red Hat Director of Healthcare Craig Klein told HITInfrastructure.com. “The premise behind open source is you have a group of people collaborating on a particular piece of code. For example, if you have someone building an operating system, there may be one hundred thousand people contributing that particular piece of code from thousands of organizations.”

    The number of developers lends open source as an avenue for health IT innovation. Industry professionals are constantly improving on available source code and sharing their improvements with the open standards community.

    Open standards encourage competing implementations of the same standard, rather than creating competing platforms. This can benefit consumers, according to a report published by the Journal of Medical Internet Research.

  • FairEmail is an open source, privacy-friendly email app

    As they say, Big Data is Big Money, and it’s hard to get around online these days. There are even toggles in the operating system themselves that let you disable location services but will continue storing your location data on their servers. Thankfully, Android is open source and many have gone for the pure AOSP flavor without letting any of Google’s code touch their device. That’s why it was interesting when XDA Recognized Developer M66B released an email application called FairEmail with the goal of being privacy-friendly.

    FairEmail is open source, available on GitHub, and even has a testing program available in the Play Store (as of the writing of this article, the program is not live). Some would assume this means the application is light on features, but FairEmail is feature packed. Check out the full list of features below.

  • Web Browsers

    • Mozilla

      • Screenshots from the Console

        To access the command, open the Web Console via Tools → Web Developer → Console, type in :screenshot and press ENTER. A screenshot of the current document will be downloaded to your downloads directory.

      • These Weeks in Firefox: Issue 43
      • More on the RLS and a 1.0 release

        In my last post, I announced a release candidate for the RLS 1.0. There has been a lot of feedback (and quite a lot of that was negative on the general idea), so I wanted to expand on what 1.0 means for the RLS, and why I think it is ready. I also want to share some of my vision for the future of the RLS, in particular changes that might warrant a major version release.

      • Good First Bugs

        One great way (of many) to get started in software development, particularly in open source, is to find good first bugs. This is a class of software bugs (which should be called issues, since they’re not always bugs) that are easy to fix with little experience. It can also be a great way, once you have software development skills, to learn a new domain or set of tools. Many projects, even well funded ones, are very happy to receive community contributions, if nothing else it’s one other way they can provide opportunities to the community.

        At Mozilla we use bugzilla to track our bugs, and use the good first bug keyword to identify such bugs. You’re welcome to contribute patches for these bugs, and potentially have your work included in Firefox. You can also search by component, so the list of open good first bugs for the garbage collector is here and I’d be happy to help with any of these.

      • Let Firefox’s Side-View extension give you an edge for fantasy football, basketball, hockey and all the other sportsballs

        It’s that time of year again. When we find ourselves pouring over player rosters, reading frustratingly vague injury reports and trying to shake down our friends and colleagues to reveal how they’re planning to make their picks. Yes, with autumn just around the corner in the northern hemisphere it means that it’s time to make your fantasy sports league picks.

      • Share your favorite images and videos in VR with Mozilla Hubs

        Last April we released Mozilla Hubs, a VR chat system that lets you walk and talk in VR with your friends, no matter where in the world they are. Now we have a game changing new feature: you can share virtually any kind of media with everyone in your Hubs room by just pasting in a URL. Anything you share becomes a virtual object that everyone can interact with. From images to videos to 3D models, Hubs is the best way to collaborate across devices (laptops, phones, headsets) and OSes. Let’s look at a few details.

      • Thunderbird Monterail Themes Redux

        It just got easier to install the stylish Monterail themes in Thunderbird, the free and open source email client.

        The Monterail themes for Thunderbird were created last year by the open source community based on concept designs from a Polish design company.

        And they proved an instant hit.

      • Firefox DevEdition 62 Beta 18 Testday Results

        As you may already know, last Friday August 17th – we held a new Testday event, for Firefox DevEdition 62 Beta 18.

  • SaaS/Back End

    • New Mirantis Product Empowers Customers with Workload-Centric Cloud Configurations
    • Mirantis CEO: ‘Choose Your Cloud’ Using Open Source

      An update to Mirantis’ open source private cloud platform allows users to change their infrastructure to best suit individual workloads, Mirantis CEO Adrian Ionel says.

      The latest version of Mirantis Cloud Platform (MCP) is built around the idea of a tuned infrastructure stack — a pre-defined configuration template that can be edited using a tool called infrastructure model designer. This software is built on top of open source tools including Cookiecutter, Reclass, and Salt. It allows operations teams to define cluster configuration using declarative scripting.

  • CMS

    • Overview of Popular Static Site Generators

      All static page generators have a single and seemingly straightforward task: to produce a static HTML file and all its assets.


      There are many obvious benefits to serving a static HTML file, such as easier caching, faster load times, and a more secure environment overall. Each static page generator produces the HTML output differently.

  • Pseudo-Open Source (Openwashing)

  • BSD

    • FreeBSD & DragonFlyBSD Put Up A Strong Fight On AMD’s Threadripper 2990WX, Benchmarks Against Linux

      The past two weeks I have been delivering a great deal of AMD Threadripper 2990WX benchmarks on Linux as well as some against Windows and Windows Server. But recently I got around to trying out some of the BSD operating systems on this 32-core / 64-thread processor to see how they would run and to see whether they would have similar scaling issues or not like we’ve seen on the Windows side against Linux. In this article are FreeBSD and DragonFlyBSD benchmarks with the X399 + 2990WX compared to a few Linux distributions.

    • OpenSSH 7.8 released
    • DragonFlyBSD Gets Performance Tuning For Threadripper 2990WX Topology, Scheduler Tuning

      While it was just days ago that DragonFlyBSD lead developer Matthew Dillon got his hands on a Threadripper 2990WX 32-core / 64-thread “beast”, got it working under this long ago forked operating system from FreeBSD, and proceeded to exclaim with joy how powerful this system is, he’s now made it even better. Dillon has landed some additional kernel work to benefit the AMD Ryzen Threadripper 2990WX.

      On top of the kernel changes made at the end of last week to bring-up the 2990WX support, Matthew Dillon has now had the time to do some tuning to make this 64-thread system perform even faster. Hitting DragonFlyBSD Git overnight was a patch to update the AMD topology detection as seeing four nodes with eight cores and two threads per core, per node. Previously it was just exposed as a CPU with 32 cores and 2 threads per core.

      The DragonFly patch also now is able to expose how much memory is accessible from each node, an instability fix in the kernel’s scheduler when dealing with large core counts, and memory-on-node weighting in the scheduler.

  • Public Services/Government

    • Los Angeles County Officials Announce New Voting System For Upcoming Midterm Elections (VIDEO)

      The newly implemented system — named the Voting Solutions for All People (VSAP) Tally Version 1.0 — is designed to improve and secure the ways in which Vote-by-Mail (VBM) ballots are counted, according to officials.

      “This is a significant milestone in our efforts to implement a new voting experience for the voters of Los Angeles County,” said Dean C. Logan, registrar-recorder/county clerk. “The VSAP Tally System will ensure that new Vote-by-Mail ballots cast in the upcoming November election will be counted accurately and securely.”

      The newly redesigned packets necessary for VSAP are scheduled to be distributed on Oct. 9, and are set to include the new full-face ballot, return envelope, secrecy sleeve and an “I voted” sticker, according to officials.

    • L.A. County first in state certified to use open-source election technology

      A new vote tally system in Los Angeles County was approved Tuesday, making it the first publicly owned, open-source technology certified under the California voting systems standards.

      Certification of the Voting Solutions for All People Tally, made by California Secretary of State Alex Padilla, now allows the county to move forward with its newly redesigned vote by mail ballots for the Nov. 6 general election.

    • LA County will switch to all open source vote-counting machines

      California voting officials have certified an open source vote-counting package for use in the upcoming LA elections, in the first of a series of planned improvements to the County’s voting system (other plans include improved absentee voting ballots).

      It’s the first time in US history that vote-tallying will be done with open, public, universally auditable source-code. As an LA County resident, this makes me very happy.

    • Los Angeles County’s new ‘open source’ vote tallying system isn’t open source just yet
    • New Voting System Comes to LA County

      On Tuesday, California Secretary of State Alex Padilla certified Los Angeles County’s Voting Solutions for All People (VSAP) Tally Version 1.0, making it the first publicly-owned, open-source election tally system certified under the California voting systems standards.

      “With security on the minds of elections officials and the public, open-source technology has the potential to further modernize election administration, security, and transparency,” said Secretary of State Alex Padilla. “Los Angeles County’s VSAP vote tally system is now California’s first certified election system to use open-source technology. This publicly-owned technology represents a significant step in the future of elections in California and across the country.”

    • LA County gets open source election tally system

      California Secretary of State Alex Padilla has certified the first publicly owned, open-source election tally system under his state’s voting systems standards. Los Angeles County’s Voting Solutions for All People Tally Version 1.0 had to undergo rigorous functional and security testing by the secretary of state’s office and a certified voting testing lab.

      “Los Angeles County’s VSAP vote tally system is now California’s first certified election system to use open-source technology,” Padilla said. “This publicly-owned technology represents a significant step in the future of elections in California and across the country.” The certification of the VASP Tally solution allows Los Angeles County to move forward with its new redesigned VSAP vote-by-mail ballots for the November elections.

  • Licensing/Legal

    • Redis has a license to kill: Open-source database maker takes some code proprietary

      Database maker Redis Labs this week moved the Redis Modules developed by the company from the AGPL to a license that combines Apache v2.0 with Commons Clause, which restricts the sale of covered software.

      The licensing change means that house-made Redis Modules – RediSearch, Redis Graph, ReJSON, ReBloom and Redis-ML – are no longer open-source software, as the term is generally defined. Instead, they become “source available.”

      Practically speaking, the new license limits the ability of cloud providers to offer these Redis Modules to customers; Redis Labs presumably aims to be the sole seller of services incorporating these add-ons. The Redis database code, however, remains under the BSD license.

      Redis Labs is not the only company to make such a change. In May, Neo4j, which makes the Neo4j graph database, added the Commons Clause to its AGPL license.

  • Openness/Sharing/Collaboration

    • Open Data

      • Understanding Niamey’s flood risk through open source mapping, drones, and modeling

        For thousands of years, the Niger River has been the lifeblood for not only Niger, but also its neighboring countries in the Niger River Basin. Yet, even as many Nigeriens depend on the mighty waterway for food, water, and livelihoods, the Niger River also poses a severe flood risk to the West African country during the rainy season. In the third quarter of 2017, widespread flooding due to heavy rains claimed the lives of over 50 people and displaced nearly 200,000.

        Lying on the banks of the Niger River, the Nigerien capital Niamey is especially vulnerable to flood risk. Poorly planned development in the city, which has contributed to land degradation and soil erosion, has only exacerbated the risk. To make matters even worse, many parts of Niamey, which has seen its population balloon to over one million people, lack proper drainage infrastructure.

  • Programming/Development

    • Codeplay Outs SYCL-Based ComputeCpp 1.0, Running Parallel C++ Code On Multiple Platforms

      Codeplay, the company behind tools like clspv for running OpenCL C code on Vulkan, today released ComputeCpp 1.0.

      ComputeCpp 1.0 is built upon the Khronos Group’s SYCL 1.2.1 standard and is designed to write standard C++ code for heterogeneous systems that in turn can run across processors and accelerators from a variety of vendors — in effect, everywhere.

    • New podcast interview

      Apparently August 2018 is Shamelessly Shill Yourself Month. I appeared on the IT in the D podcast last week. A fun time was had by all–well, at least by me. And that’s the important thing, right? We talked about my books, decades of IT, SSH, ed, and general nerdery.


  • Passport queues vex airlines

    Airlines and airports are starting to worry that the queues could discourage flying for business. Austerity is a primary cause of the waits, according to Andrew Charlton of Aviation Advocacy, a research firm based in Geneva. Since the 2007-09 financial crisis, air traffic has increased and budgets for passport controllers have been slashed. The number of passengers going through Britain’s airports has risen by a quarter since 2012, for example, but its border force’s budget has fallen by a tenth. America’s international passenger numbers have risen three times faster than its border-patrol budget in the same period.

  • Hardware

    • Fujitsu Presents Post-K CPU Specifications

      Fujitsu today announced publication of specifications for the A64FX™ CPU to be featured in the post-K computer, a supercomputer being developed by Fujitsu and RIKEN as a successor to the K computer, which achieved the world’s highest performance in 2011. The organizations are striving to achieve post-K application execution performance up to 100 times that of the K computer.

      A64FX is the world’s first CPU to adopt the Scalable Vector Extension (SVE), an extension of Armv8-A instruction set architecture for supercomputers. Building on over 60 years’ worth of Fujitsu-developed microarchitecture, this chip offers peak performance of over 2.7 TFLOPS, demonstrating superior HPC and AI performance.

    • Fujitsu unveils details on Post-K Supercomputer processor powered by ARM

      Today Fujitsu published specifications for the A64FX CPU to be featured in the post-K computer, a future machine designed to be 100 times faster than the legendary K computer that dominated the TOP500 for years.

  • Health/Nutrition

    • STI which rots genitals found in UK for first time

      A sexually transmitted disease which can rot the genitals has been detected in the UK for the first time.

      Rare STI Donovanosis is usually only found in tropical countries but there have now been three recorded incidents in the UK.

      The nasty bug causes genital ulcers to grow and spread. If left untreated flesh in the groin literally starts to eat itself.

      And according to a Freedom of Information request, submitted by online pharmacy chemist-4-u.com, the rare sexually transmitted disease Donovanosis has been diagnosed three times.

      Twice in Bolton and once in a woman, between the age of 15 and 25, in Southport in the past 12 months.

    • Negotiators On UN TB Resolution May Have A Deal

      Negotiators for a United Nations declaration on tuberculosis, meeting intensively in New York this week, may have reached agreement today on a key sticking point related to intellectual property, innovation and access to new medicines, according to sources. An agreement, if accepted by other delegations, could allow the text to proceed to the high-profile High-Level Meeting scheduled to take place at the UN General Assembly next month.

    • SCOTUS petition on HIV drug patents poses reputational as well as legal risks for pharma companies [Ed: The patent trolls' lobby IAM worries that the public might find out that patent greed harms health because SCOTUS looks into this matter.]

      The AIDS Healthcare Foundation (AHF) last week announced it had filed a petition asking the US Supreme Court to review lower courts’ decisions to dismiss its attempts to invalidate patents protecting a Gilead HIV treatment. It has asked the high court to determine the circumstances under which a party can file suit for declaratory judgment. A favourable decision for the foundation could have significant ramifications for pharmaceuticals patent litigation, clearing the path for federal court invalidity suits to be launched prior to ANDA filing by a generic competitor and by a wider range of potential plaintiffs.

  • Security

    • Security updates for Thursday
    • The Untold Story of NotPetya, the Most Devastating [Windows] Cyberattack in History

      The result was more than $10 billion in total damages, according to a White House assessment confirmed to WIRED by former Homeland Security adviser Tom Bossert, who at the time of the attack was President Trump’s most senior cybersecurity-­focused official. Bossert and US intelligence agencies also confirmed in February that Russia’s military—the prime suspect in any cyberwar attack targeting Ukraine—was responsible for launching the malicious code. (The Russian foreign ministry declined to answer repeated requests for comment.)

    • Aussie gov bans Huawei and ZTE from supplying 5G kit

      The Australian government announced the ban on Thursday morning, just a day ahead of the country’s 5G auction, citing – unsurprisingly – concerns over national security.

    • Government Provides 5G Security Guidance To Australian Carriers
    • Kids at hacking conference show how easily US elections could be sabotaged

      The bad news is that it doesn’t really matter. While the actual risk of a hacker seizing thousands of voting machines and altering their records may be remote, the risk of a hacker casting the validity of an election into question through one of any number of other entry points is huge, and the actual difficulty of such an attack is child’s play. Literally.

    • Former Facebook security chief says it’s ‘too late’ to protect 2018 elections

      Facebook’s recently departed security chief says US government inaction has ensured that the upcoming midterm elections will be vulnerable to hacking and online manipulation campaigns.

    • Adobe Patches 2 Code Execution Vulnerabilities in Photoshop CC 2017 & 2018

      Hot off the discovery board is news of two important vulnerabilities that have been found in Adobe’s Photoshop CC versions 19.1.5 and prior for the 2018 edition and versions 18.1.5 and prior for the 2017 edition. The discovery of these vulnerabilities was made by a Fortinet security researcher, Kushal Arvind Shah, but nothing has been officially released in the level of detail expected for CVE vulnerabilities.

      It appears that a combined update has been rolled out through the Adobe Creative Cloud for the respective editions and versions of Adobe Photoshop CC 2018 / 2017 to patch the two found vulnerabilities. The flaws are seen to impact the said versions of the software on both the Windows operating system and the Apple Mac operating system.

    • New Mirai Variants Leverage Open Source Project [Ed: DarkReading looking to blame "Open Source" because yes, people can craft things with FOSS. Sometimes even malicious things.]

      Mirai, the IoT botnet responsible for enormous DDoS attacks in 2016, has continued to evolve: it’s now leveraging an open-source project named Aboriginal Linux to make cross-compiling the malicious code easier, more effective, and less prone to error.

    • Mirai leveraging Aboriginal Linux to target multiple platforms [Ed: Did Steve Ragan copy Catalin Cimpanu (below) or the other way around (almost identical spin)?]
    • Mirai IoT Malware Uses Aboriginal Linux to Target Multiple Platforms
    • Mirai botnet strikes again: This time it’s going after a specific open source project [Ed: So, long story short, devices with holes or hand-coded passwords in them are blamed on "Linux" and/or "Open Source"]
    • Vulnerability in OpenSSH “for two decades” (no, the sky isn’t falling!) [Ed: Responding to the likes of Catalin Cimpanu]

      The OpenSSH software came out of the super-security-conscious operating system project OpenBSD, the “free, functional and secure” operating system that boasts on its website that it’s suffered “only two remote holes in the default install, in a heck of a long time!”

      Compared to the average Linux distro, or Windows, or macOS, or pretty much any mobile phone you care to mention, that isn’t an idle boast, even if it’s not the sort of claim a traditional marketing department might go for.

    • Huawei slams Australia ban as being ‘politically motivated’

      Australia’s decision to ban Huawei Technologies from playing a role in the country’s 5G networks is “politically motivated, not the result of a fact-based, transparent, or equitable decision-making process”, a spokesperson from the company’s headquarters in Shenzhen says.

    • Huawei ban: China asks Australia to drop ‘ideological bias’

      The Chinese Government has told its Australian counterpart to get rid of its “ideological biases” and create a “fair environment” for business in the country in the wake of the 5G ban imposed on Chinese companies Huawei Technologies and ZTE Corporation.

    • Australia’s Huawei ban meant to please Uncle Sam

      For more than a few decades now, Huawei has been supplying telecommunications equipment to all parts of the world, 170 countries in all. Chances are that if there were any backdoors planted in that equipment, then some man or woman in some part of the world would have cottoned onto it.

    • Disable SMT/Hyperthreading in all Intel BIOSes

      Solving these bugs requires new cpu microcode, a coding workaround,
      *AND* the disabling of SMT / Hyperthreading.

      SMT is fundamentally broken because it shares resources between the two
      cpu instances and those shared resources lack security differentiators.
      Some of these side channel attacks aren’t trivial, but we can expect
      most of them to eventually work and leak kernel or cross-VM memory in
      common usage circumstances, even such as javascript directly in a

      There will be more hardware bugs and artifacts disclosed. Due to the
      way SMT interacts with speculative execution on Intel cpus, I expect SMT
      to exacerbate most of the future problems.

    • Why the DNC Thought a Phishing Test Was a Real Attack [iophk: "turns out all the disinformation yesterday was just that -- disinformation; fat chance of the facts getting as much coverage though"]

      Lookout had alerted the DNC as well as DigitalOcean—the server company hosting the imposter—within hours of the fake site going live. The incident was initially touted as a success: A cyberespionage campaign thwarted before any data was stolen. Now, it instead raises questions about how a covert phishing simulation could have taken an understandably guarded group totally unaware.

    • Nearly half of English councils are using end of life server software

      Although the vast majority (between 88 and 94 per cent, depending on product) say that they intend to upgrade inside two years, by using such outdated software in the meantime, they continue to run the gauntlet of potential zero-day vulnerabilities with the power to bring down the entire infrastructure of the council.

    • Security updates for Friday
  • Transparency/Investigative Reporting

    • Reality Winner, who pleaded guilty to leaking [sic] secret U.S. report, gets 63-month sentence

      Reality Winner, 26, pleaded guilty in June to a single count of transmitting national security information. The former Air Force translator worked as a contractor at a National Security Agency’s office in Augusta, Georgia, when she printed a classified report and left the building with it tucked into her pantyhose. Winner told the FBI she mailed the document to an online news outlet.

    • Reality Winner, leaker of secret report on Russian election hacking, gets more than 5 years for espionage [sic]

      “The vulnerability of the American electoral system is a national topic of immense gravity, but it took Winner’s act of bravery to bring key details of an attempt to compromise the democratic process in 2016 to public attention,” The Intercept’s statement continues. “Reality Winner’s courage and sacrifice for the good of her country should be honored, not punished.”

    • NSA leaker who mailed doc outlining Russian hacking gets 5 years in prison
    • Download Chicago’s Parking Ticket Data Yourself

      ProPublica Illinois has been reporting all year on how ticketing in Chicago is pushing tens of thousands of drivers into debt and hitting black and low-income motorists the hardest. Last month, as part of a collaboration with WBEZ, we reported on how a city decision to raise the cost of citations for not having a required vehicle sticker has led to more debt — and not much more revenue.

      We were able to tell these stories, in part, because we obtained the city of Chicago’s internal database for tracking parking and vehicle compliance tickets through a Freedom of Information request jointly filed by both news organizations. The records start in 2007, and they show you details on when and where police officers, parking enforcement aides, private contractors and others have issued millions of tickets for everything from overstaying parking meters to broken headlights. The database contains nearly 28.3 million tickets. Altogether, Chicago drivers still owe a collective $1 billion for these tickets, including late penalties and collections fees.

    • A first-timer’s guide to anonymously leaking information via SecureDrop

      Well, meet The IT Cooler. For there is no computer, printer or phone which I cannot jinx with my innate inability to log on, download, upload or any load, more or less.

      So, let me be frank, being tasked, as a guinea pig, with uploading a document to ICIJ’s SecureDrop did not fill the chambers of my heart with sparkledust.

      No, dear reader, I sallied forth with four heavy chambers in the center of my chest, certain in the knowledge that SecureDrop and I would never be BFFs. Never, ever.

  • Environment/Energy/Wildlife/Nature

  • Finance

    • ‘We Don’t Want to See People Who Are Homeless in Our Cities’

      In the winter of 2017, seven people were arrested in Florida for the crime of serving food to homeless people in a public park. Media didn’t take much notice, though one wire report explained that while you might think feeding the hungry sounds good, it’s “actually a legally complicated matter that could violate laws and even send you to jail.”

    • Besieged Facebook Says New Ad Limits Aren’t Response to Lawsuits

      Facebook’s move to eliminate 5,000 options that enable advertisers on its platform to limit their audiences is unrelated to lawsuits accusing it of fostering housing and employment discrimination, the company said Wednesday.

      “We’ve been building these tools for a long time and collecting input from different outside groups,” Facebook spokesman Joe Osborne told ProPublica.

      Tuesday’s blog post announcing the elimination of categories that the company has described as “sensitive personal attributes” came four days after the Department of Justice joined a lawsuit brought by fair housing groups against Facebook in federal court in New York City. The suit contends that advertisers could use Facebook’s options to prevent racial and religious minorities and other protected groups from seeing housing ads.

      Raising the prospect of tighter regulation, the Justice Department said that the Communications Decency Act of 1996, which gives immunity to internet companies from liability for content on their platforms, did not apply to Facebook’s advertising portal. Facebook has repeatedly cited the act in legal proceedings in claiming immunity from anti-discrimination law. Congress restricted the law’s scope in March by making internet companies more liable for ads and posts related to child sex-trafficking.

  • AstroTurf/Lobbying/Politics

    • Find out who’s manipulating you through Facebook political ads with ProPublica’s free tool
    • Facebook: Iran has been posting hundreds of fake pages since 2011
    • Louisiana Senate President Sank Ride-Sharing Bill. His Close Pal Sells Insurance to Cabs.

      Gordy Dove has begged Uber and Lyft to make their ride-sharing services available in Terrebonne Parish, where he serves as parish president.

      The sprawling coastal parish of 112,000 people is not easily walkable, and Dove worries about how students at colleges in the area will get home from the bars after they’ve had a few drinks.

      But the big ride-sharing companies aren’t coming to places like Houma, the parish’s biggest city, or many other parts of Louisiana anytime soon. That’s because Louisiana does not have legislation in place allowing them to operate. The state is one of only five that lacks such a law, instead requiring the companies to go through the costly and time-intensive process of getting approval in each locality.

      A bill to change that has garnered widespread and bipartisan support. It was backed by the governor, a Democrat, and sponsored by the House speaker, a Republican. It had 56 co-sponsors from both parties — nearly 40 percent of the state’s lawmakers — in both chambers and from all corners of the state. It was favored by the potent Louisiana Association of Business and Industry and other economic development groups.

    • Mass Media Is The Enemy Of The People Like The Cage Is The Enemy Of The Bird

      They say that Corbyn is a secret Nazi who loves antisemitism over and over and over again like it’s a real thing despite the complete absence of anything remotely resembling facts or evidence, then publish op-eds by ostensibly terrified mothers citing “accusations of antisemitism in the Labour party making headline news virtually every day” as the basis for her fear of her three year-old daughter winding up like Anne Frank. And then when this unconscionable behavior sees Corbyn decrying the mass media and pushing for reforms, the British press responds with headlines like “Corbyn is following the Donald Trump playbook on persecuting the media”.

    • Distorting Past and Present: Reuters on Nicaragua’s Armed Uprising

      From April 18 until late July 2018, an armed insurrection in Nicaragua left hundreds of people dead. The uprising, backed enthusiastically by private media outlets in Nicaragua (in particular one of its largest circulating newspapers, La Prensa, and the TV network 100%Noticias), was also supported by local NGOs funded by the US government through the National Endowment for Democracy (NED). The Trump administration and others (the EU parliament, UN officials) publicly backed the opposition’s version of events, as did Amnesty international and Human Rights Watch. Nicaraguan President Daniel Ortega and his supporters were held responsible for the vast majority of the “protest”-related deaths, and Ortega (who had been re-elected in 2016) was pressured at first to resign outright, and later to hold “early elections.”

      I examined 45 Reuters news articles about the uprising in Nicaragua since April 18, as the London-based wire service, whose news articles are widely reprinted throughout English-language Western media, provides a good sense of the ostensible facts about the conflict as portrayed by corporate journalism. The story conveyed by Reuters is that the Sandinista government is opposed to democracy and human rights in Nicaragua, while the US government supports these things. Various other sources, which may provoke less distrust than a US government led by Donald Trump, were cited in support of this scenario. But a closer look at the picture presented by Reuters reveals numerous distortions about Nicaragua’s past and present.

  • Censorship/Free Speech

    • The Web-Hosting Service for Sex Workers, by Sex Workers, Against SESTA/FOSTA

      That need took on sudden urgency in 2018 when the Stop Enabling Sex Traffickers Act and the Allow States and Victims to Fight Online Sex Trafficking Act came into effect. Alternately referred to as SESTA, FOSTA, or both (SESTA/FOSTA), these laws empower federal and state law-enforcement agencies to target websites that supposedly facilitate sex trafficking. But the legislation’s definition of trafficking is so broad that it has also ensnared sex workers who rely on digital platforms for their safety and livelihood. Sites that had previously been used by sex workers to vet clients, such as Backpage, were seized by the federal government; others, like Craigslist’s “Personals” sections, voluntarily shuttered; and now all kinds of online service providers, from social networks to blogging platforms, are booting users suspected of engaging in sex work.

    • Pakistan records protest with Netherlands against blasphemous cartoon competition

      The Foreign Office (FO) on Monday called the charge d’affaires of the Netherlands to record a protest against the “announcement by the leader of Dutch Freedom Party and Parliamentarian Geert Wilders to hold a competition of blasphemous caricatures.”

    • Sacrilegious sketches: Govt urged to sever diplomatic ties with the Netherlands

      The JI members gathered outside Peshawar Press Club. They burnt the flag of the Netherlands and portraits of a Dutch politician to express anger against the sacrilegious act.

      They were also holding banners and placards inscribed with slogans, asking the government to end diplomatic ties with the Netherlands.

    • Ban Trump, Twitter and Free Speech

      Chief among those opposing ideas they want silenced are Donald Trump’s. His remarks — from the silly, labeled unpresidential, to the more extreme labeled racist/sexist/misogynist/hateful — have attracted a surprising group of otherwise intelligent people demanding he be shut up.

    • Forget About Social Media Content Moderation; Get Ready For Internet Infrastructure Content Moderation

      The big topic du jour, of course, has been about content moderation on social media. But that may only be just the very beginning of where all of this heads. It didn’t get that much attention, but last week Microsoft threatened to take down all of Gab.ai based on some (really awful) posts on that site. Gab, if you don’t know, is the social network “alternative” that claims to be free speech supporting (even if that’s a bit of an exaggeration), when it really has basically become the home to all the assholes who have been kicked off of Twitter. It’s generally a cesspool of idiocy, so it’s not clear what suddenly inspired Microsoft — which hosts Gab on its Azure cloud platform — to suddenly speak up.

      As we’ve noted many times in the past, Microsoft, like any company, has certain rights, including First Amendment rights for what speech lives on its own computers and who it associates with. But, we’re talking about a different kind of ballgame when we start getting to the infrastructure level, rather than just talking about content moderation at the edge provider level. This hearkens back to the big post I did nearly a year ago when Cloudflare stopped providing service to the Daily Stormer. As I noted at the time, there were no easy answers, and the situation is incredibly complicated. Simply kicking bad services off the internet doesn’t make their hatred/ignorance/stupidity go away (and sometimes allows it to fester in even darker corners, where it can’t be monitored or countered).


      And, as I wrote in last year’s post about the Cloudflare situation, I’m a lot more worried about infrastructure players suddenly deciding that they should have an editorial say as well, as that seems well beyond what role they should be playing. Yes, again, they have every right to stop working with services they dislike, but we should be discussing the potential impact of infrastructure players as censors. With edge services, one point that is regularly brought up is that if you don’t like how a service is running you can just go to another one or build your own. But that gets a lot more complicated when you get to the infrastructure level where you can’t just “build your own” and the number of options may be greatly limited.


      Indeed, infrastructure providers are the next battleground, and we should start thinking about what that means earlier, rather than waiting until everything is a total mess.

    • Protecting Free Speech in Fearful Times

      In the absence of (1) people “capable of deliberating and choosing on the basis of knowledge,” (2) access to “authentic information,” and (3) evaluation based on “autonomous thought,” Marcuse argued that democracy veered towards a form of totalitarianism (pp. 95, 97): Under democracy “with totalitarian organization,” he observed, “radically negative news” is relegated to “an obscure place” and commitments to impartiality and objectivity unintentionally foster “a mental attitude which tends to obliterate the difference between true and false, information and indoctrination, right and wrong” (97).

      Recent controversies remind us all too clearly that anyone interested in promoting free speech must contend with the possibility that some speakers will abuse their license to it by making unthinking or dangerous remarks that could weaken or demolish democracy. Milo Yiannopoulos and Alex Jones, for example, have made careers for themselves by manufacturing controversy in order to generate attention. Jones has said that decisions by Facebook and other social media platforms to limit his access are part of “a war on free speech.” Similarly, as Steve Coll has observed in the New Yorker, Donald Trump and his far-right allies have “vigorously exploited the neutrality of social-media platforms.”

  • Privacy/Surveillance

    • ICANN appeals German court injunction rejection

      The internet overseer says the court was wrong to rule that it did not “sufficiently explain” or provide a “credible reason” why it wanted to force one of its registrars to collect data on new registrants

    • Facebook violates Apple’s data-gathering rules, pulls VPN from App Store

      Facebook is the latest company to violate Apple’s new app guidelines surrounding data collection. According to a report by The Wall Street Journal, Facebook pulled Onavo Protect, a VPN app, from Apple’s App Store after the iPhone maker determined that Onavo violated its data-collection rules.

    • Facebook Removed Their Spying VPN From The App Store (But It’s Still on Google Play)

      Facebook removed Onavo—a free VPN run by the social networking company—from the iOS App Store today. The voluntary move by Facebook was prompted by discussions with Apple about privacy policy.

      Onavo promises to help “secure your personal details” on the product’s website, but the VPN service exists primarily so Facebook can monitor user activity on rival sites. In other words, Facebook uses it to spy on you.

    • Facebook Removes Data-Security App From Apple Store

      Facebook Inc. pulled its data-security app from Apple Inc.’s app store after the iPhone maker ruled that the service violated its data-collection policies, according to a person familiar with the matter.

    • Apple Removes Facebook’s VPN App From App Store

      Apple has removed Facebook’s VPN app Onavo Protect after it violated Apple’s data collection policies.

      As reported by The Wall Street Journal, Apple warned Facebook that the VPN app does not comply with the new privacy rules set up in June this year. The latest set of regulations are charted to limit the data harvested by third-party apps.

    • Don’t Shoot Messenger

      Late last week, Reuters reported that Facebook is being asked to “break the encryption” in its Messenger application to assist the Justice Department in wiretapping a suspect’s voice calls, and that Facebook is refusing to cooperate. The report alarmed us in light of the government’s ongoing calls for backdoors to encrypted communications, but on reflection we think it’s unlikely that Facebook is being ordered to break encryption in Messenger and that the reality is more complicated.

      The wiretap order and related court proceedings arise from an investigation of the MS-13 gang in Fresno, California and is entirely under seal. So while we don’t know exactly what method for assisting with the wiretap the government is proposing Facebook use, if any, we can offer our informed speculation based on how Messenger works. This post explains our best guess(es) as to what’s going on, and why we don’t think this case should result in a landmark legal precedent on encryption.

    • Chinese Surveillance State Is Basically The US Surveillance Apparatus Minus The Constitutional Rights

      Reuters has a long, detailed examination of the Chinese surveillance state. China’s intrusion into the lives of its citizens has never been minimal, but advances in technology have allowed the government to keep tabs on pretty much every aspect of citizens’ lives.

      Facial recognition has been deployed at scale and it’s not limited to finding criminals. It’s used to identify regular citizens as they go about their daily lives. This is paired with license plate readers and a wealth of information gathered from online activity to provide the government dozens of data points for every citizen that wanders into the path of its cameras. Other biometric information is gathered and analyzed to help the security and law enforcement agencies better pin down exactly who it is they’re looking at.

    • Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path

      In this paper, we perform a large-scale analysis of on-path DNS interception and shed light on its scope and characteristics. We design novel approaches to detect DNS interception and leverage 148,478 residential and cellular IP addresses around the world for analysis. As a result, we find that 259 of the 3,047 ASes (8.5%) that we inspect exhibit DNS interception behavior, including large providers, such as China Mobile. Moreover, we find that the DNS servers of the ASes which intercept requests may use outdated vulnerable software (deprecated before 2009) and lack security-related functionality, such as handling DNSSEC requests. Our work highlights the issues around on-path DNS interception and provides new insights for addressing such issues.

    • Court rules that you need a warrant to read someone’s smart meter

      A US JUDGE has ruled that any data collected by smart meters is protected by the Fourth Amendment, meaning any examination of that data constitutes a government search requirement.

    • Chrome’s anonymous browsing feature isn’t as secret as we assumed

      A researcher from Vanderbilt University in Nashville, Tennessee found that although the data collected appears to be anonymised, in reality, Google can retroactively identify it from the usernames and other account data used during the session.

  • Civil Rights/Policing

    • Women don’t have penises

      In Britain it might soon be a crime to express this scientific fact.

      Is it now a crime to tell the truth in Britain? It’s heading that way. At the weekend it was revealed that Merseyside Police are making ‘enquiries’ into a trans-sceptical group that distributed stickers saying ‘Women don’t have penises’. Yes, that’s right: the police, the actual police, are investigating a group for expressing what the vast majority of people consider to be a biological, social, actual fact: that if you have a penis you are not a female. What next: arrest people for saying the sky is blue or that Piers Morgan is a muppet?

    • Rotherham: the silencing of Muslim voices

      Rotherham is a town whose very name has become synonymous with the horrific cases of Child Sexual Exploitation (CSE) which have occurred there in recent years. The media narrative around these cases – appalling crimes committed by a tiny minority of the population – is so powerful that it has been extremely difficult to challenge or even question. However as Islamophobia escalates to an unprecedented level with Boris Johnson’s comments emboldening the far right and racists and poisonous tropes of Muslims as terrorists and sexual predators sweep the country, it becomes particularly important to do so.

      Once a thriving town built round coal mines and steel, Rotherham today is a bleak place. The coal mines are closed and the steel industry is in decline. Unemployment is high. However, as many people emphasise, until six or seven years ago, racial violence had never been an issue. The comparatively small Pakistani community had lived cheek by jowl with white people. As playwright Emteaz Hussain puts it, “we were a working class community struggling to make ends meet, everyone lived in close proximity, and we naturally found a way of getting on.”

    • Alabama Abortion Decision Raises Alarms Ahead of Kavanaugh Hearings

      This week, a federal appeals court struck down Alabama’s ban on a safe, medically proven abortion method. The decision shows just how high the stakes are ahead of next month’s Senate confirmation hearings for Brett Kavanaugh, President Trump’s nominee to the Supreme Court.

      In recent years, anti-abortion politicians across the country have enacted hundreds of dangerous restrictions aimed at preventing women from obtaining abortions. Alabama has been at the forefront of this coordinated national campaign, with politicians there enacting a multitude of restrictions designed to make it impossible for a woman to get the medical care she needs.

      The latest legal battle concerned Alabama’s ban on dilation and evacuation (D&E) abortions. On Wednesday, the Eleventh Circuit Court of Appeals affirmed a lower court order invalidating the ban. The statute we challenged in the case, West Alabama Women’s Center v. Miller, made it a crime for physicians to provide D&E abortions. Had Alabama been permitted to enforce the ban, it would have prevented hundreds of women each year from being able to have an abortion, because D&E is the only outpatient procedure that is available after the earliest weeks of the second trimester. As the trial court that heard the case explained, the state could not “justify such a substantial obstacle to the constitutionally protected right to terminate a pregnancy.” The Eleventh Circuit judges affirmed that decision, explaining that their “role is to apply the law the Supreme Court has laid down,” and as a result of previous Supreme Court’s decisions, the Alabama statute plainly could not stand.

    • Michigan teacher who runs porn site under investigation

      The Michigan Court of Appeals had ruled that a public school teacher can’t be fired for private behavior that doesn’t adversely affect students, the Free Press reported at the time.

    • Looking at the Archives From the Time of the 1968 Democratic National Convention in Chicago and Seeing Familiar Themes

      This week, ProPublica Illinois reporter Mick Dumke wrote a column about the letters people sent to Chicago Mayor Richard J. Daley after the 1968 Democratic National Convention, held in the city, praising him for how he and the police handled protesters. Amid demonstrations, violence broke out, and Daley attacked the press for its coverage of those events.

      In one letter that touches on what the convention came to represent, a national simmering point of truth, facts, police violence and Chicago’s reputation, the manager of the Shannon Rovers Irish Pipe Band — the “official band of Chicago’s St. Patrick’s Day Parade” — thanked Daley and said “we regret” the “biased coverage of the television media.”

      “We will do whatever we can as individuals and as a band to keep Chicago where it should be — the leading city in the nation — in education, in economic growth and in social justice,” the letter read.

      An independent report found that police violence was “often inflicted upon persons who had broken no law, disobeyed no order, made no threat.” And it concluded that Chicago police and Daley specifically targeted journalists during the clashes.

    • When They Decide to Get You

      Alex Salmond’s jeopardy has caused me a dreadful shudder of recognition and empathy. I too was accused of hideous offences under a civil service disciplinary code and barred from taking any action to defend myself. I was not allowed to speak to anybody at all about the charges, and particularly not allowed to know the identity of my accusers, or to organise witnesses in my defence – which appears the exact procedure which Alex Salmond now, with absolute justice, complains of. These Civil Service disciplinary investigations are contrary to all rules of natural justice, and designed to facilitate executive stitch-ups, not to uncover the truth.

      As with Alex Salmond, some of the accusations against me were hideous – offering visas in exchange for sex, for example. They were so hideous that the mental anguish of not being permitted to take any normal steps to defend myself caused me a mental breakdown. I know what Salmond must be feeling. I received psychiatric treatment in St Thomas’ Hospital for a condition called “learnt helplessness” – meaning it was the dreadful experience of having things done to me which I was not permitted to take any normal steps to counter, which caused my clinical depression.

      The charges against me were entirely fake and entirely vexatious, even malicious, issued after I had objected to British complicity in torture in the “War on Terror”, which the government denied at the time, calling me a liar, though now admits. The charges were designed to destroy my reputation. You can read the full story in my book “Murder in Samarkand”, widely available in libraries. I believe it conveys the anguish that “learnt helplessness” can cause.

      To be plain, I was told not to reveal the existence of the charges to anybody at all and specifically forbidden from contacting witnesses. Nevertheless the charges were such obvious nonsense they eventually collapsed and I was found not guilty of all eighteen charges – but found guilty of breaking the order to keep the charges secret, in organising my defence. Not keeping the charges secret is the only disciplinary offence of which I was ever convicted.

      The extreme Kafkaesque nature of this is only increased by the fact that the government themselves had revealed the charges in the widest possible manner, by leaking them to the Daily Mail, in the effort to permanently ruin my reputation. A number of the charges were sexual, such as having a secret flat to entertain prostitutes – again, totally untrue, but great for the tabloids. The use of false sexual allegations to destroy threats to the political elite is routinely deployed – Alex Salmond joins Julian Assange, Tommy Sheridan (whose recent court victories against the Murdoch press went totally unreported), Scott Ritter and myself among recent victims of this tactic.

  • Internet Policy/Net Neutrality

    • California’s Resurrected Net Neutrality Bill Just Passed a Major Hurdle
    • Just Because The Internet Didn’t Implode The Day After Repeal Doesn’t Mean Killing Net Neutrality Was A Good Idea

      By now we’ve well established that the FCC ignored the public, ignored the experts, and ignored all objective data when it killed net neutrality rules at the behest of telecom monopolies.

      While the vote to kill the rules occurred last year, the rules didn’t technically die until last June 11. And one common refrain by Pai and pals (and many folks who don’t understand how the broken telecom market works) is that because the internet didn’t immediately collapse upon itself post-repeal in a rainbow-colored explosion, that the repeal itself must not be that big of a deal. For example, Ajit Pai tried to make that point again last week at an FCC oversight hearing that was severely lacking in the actual oversight department.

    • Verizon Incompetence and Greed Leaves Firefighters Throttled During Wildfire

      As part of the settlement, Verizon was forced to reimburse consumers to the tune of $1 million after a nine-month investigation found it was advertising wireless connections as “unlimited,” but then kicking users off of the Verizon Wireless network for “excessive use”—without disclosing the hidden limits of these connections.

      Ten years later and it’s not clear that Verizon has learned much of anything from the experience.

      The company made headlines again this week after a brief filed by net neutrality advocates highlighted that Verizon had throttled the “unlimited” data connection of the Santa Clara County Fire Department as it struggled to battle the Mendocino Complex Fire, one of the largest forest fires in California’s history.

    • Verizon’s Throttling of Fire Fighters Could Go Unpunished Because the FCC Repealed the Open Internet Order

      People are mad about the revelation that Verizon throttled the wireless service of the Santa Clara Fire Department in the middle of fighting a massive fire. In response, Verizon is making the very narrow claim that this wasn’t a clear violation of the 2015 Open Internet Order’s ban on throttling. That intentionally misses the point. The 2015 order, by reclassifying ISPs under Title II of the Federal Communications Act, would have likely made what happened with the fire department illegal.

      Under the 2015 Open Internet Order, the Federal Communications Commission did two things. First, it established that all broadband Internet service providers were common carriers subject to the federal laws that protect consumers, promote competition, and guard user privacy. Second, it established a set of “net neutrality” rules based on its Title II authority through the bright line rules of “no blocking, no throttling, no paid prioritization” as well as a general conduct rule.

    • History of Gopher
    • Internet Relay Chat, or IRC, turns 30

      Internet Relay Chat, better known by its acronym IRC, is celebrating a birthday. In fact this year the chat protocol is turning 30, University of Oulu, the birthplace of IRC, reports.
      IRC was developed in University of Oulu in Finland in the late 80s. The messaging platform was created in the Computer Science department as a replacement for their BBS-based messaging platform called MultiUser Talk, or MUT.

      In August of 1988, exact date unknown, Computer Science student Jarkko Oikarinen released IRC, both server and client software, that he had developed over the summer. The first server was run by a Sun-3 computer in the Department of Information Processing Science lab.

    • Internet chat system IRC turns thirty

      IRC (Internet Relay Chat) was born at the Department of Information Processing Science of the University of Oulu 30 years ago. Jarkko Oikarinen developed the internet chat system back in 1988 in addition to his summer job. Today, people are still using IRC.

    • Senate Commerce Committee Holds FCC Oversight Hearing to Discuss Net Neutrality and Rural Broadband Deployment

      Last week the Senate Committee on Commerce, Science, and Transportation held a hearing to conduct oversight of the Federal Communications Commission (FCC). Although there was the typical overblown bickering over the FCC’s action on net neutrality rules taken in recent months under FCC Chairman Ajit Pai that one might expect, much of the day’s hearing focused on the poor quality of current broadband coverage maps employed by the FCC in distributing subsidies as well as the need to improve rural broadband deployment to reach millions of Americans living in rural communities.

    • Karl Grossman on Space Force, Evan Greer on Net Neutrality Cyber Fraud

      This week on CounterSpin: A popular internet meme says, “I have a question about Space Force; when is Flint getting clean water?” But while social media reflect complaints that the Trump administration’s plans to “address space as a developing war-fighting domain,” as Defense Secretary Jim Mattis has it, will mean still more resources channeled away from social programs to Warmongering, Inc., that line of questioning has so far had little place in corporate media coverage.

      We’ll talk about the prospect of war in space with longtime FAIR associate Karl Grossman, journalism professor at State University of New York/College at Old Westbury, and author of the books Weapons in Space and The Wrong Stuff: The Space Program’s Nuclear Threat to Our Planet, among others.

  • DRM

    • GOG Launches FCKDRM to Promote DRM-Free Art and Media

      GOG, the digital distribution platform for DRM-free video games and video, has launched a new initiative designed to promote content without embedded DRM. While Digital Rights Management is seen by many companies as necessary to prevent piracy, GOG believes that its restrictions are anti-consumer and run counter to freedoms that should exist alongside content ownership.

  • Intellectual Monopolies

    • Japan to extend design patent term by five years in bid to spark corporate creativity

      The Japan Patent Office (JPO) will ask the country’s legislature to extend design patent protection to 25 years during its next session, according to a report in Nikkei. The policy change has a dual aim of making Japanese companies more brand-conscious and enhancing coverage for innovations that combine visual and technical features, such as user interfaces.

    • A 5G iPhone will cost Apple about $21 in licensing fees to Nokia, Qualcomm, and others

      Nokia on Wednesday announced a flat, 3 euro ($3.48) per-device licensing fee for its 5G standards-essential patents, according to VentureBeat. That contrasts with Ericsson, which is charging on a sliding scale between $2.50 and $5 based on the cost of a device.

      Qualcomm, however, is licensing its 5G patents at 2.275 percent of a single-mode phone’s total price, and 3.25 percent for multi-mode phones, albeit with a $400 price cap.

      A modern smartphone could potentially be saddled with over $21 in combined royalty payments. Around $13 will go to Qualcomm regardless of any current spats.

    • Copyrights

      • Movie Company Sues Post-Production Studio For $5 Million For Leaking ‘Kickboxer’ Film That Grossed $5k Domestically

        It is no revelation that film studios have been in a sustained freakout for years over films that leak to the internet before they hit the theaters. While the freakout is somewhat understandable (nobody wants to plan out a film release only to have the product appear in a way outside those well-laid plans), much of the reasoning in the freakouts has to do with claims that the leaks eat into the profits the company would generate at the theater. This reasoning has been debunked many times over, most notably by AAA movies that leak online still making a killing at the box office. What should be immediately apparent is that much of this is driven by emotion and outrage rather than anything resembling facts or clear-thinking.


Links 23/8/2018: Mesa 18.2 RC4 Released, Bodhi Linux 5.0.0 Released

Posted in News Roundup at 6:19 am by Dr. Roy Schestowitz

GNOME bluefish



  • The Back to School sale is on!

    For some of you, it is a time to return your educational institution and continue the important process of learning about the world around you—maybe for some of you it is the first time being part of higher education, while some of you might be long-time academic researchers and associates. For those who are sick of their thick laptops weighing down on their backpacks and who would also want something with security in mind, what better way to start the school year than with a Purism laptop?!

  • Desktop

    • Google Makes it Easier to Run Linux Apps on Chromebooks

      Have you been patiently waiting for the ability to run Linux apps on your Chromebook since word of Crostini first surfaced?

      If so, your patience is about to be well rewarded.

      Google is preparing to roll out this exciting Chrome OS feature as part of its next OS update, giving more users the opportunity to install and run Linux apps on their Chromebook.

    • This Week In Chrome: #madebygoogle Chromebooks, Linux Apps And We Get A Facelift

      The “Crostini Project” that brought Linux apps to Chromebooks has seemingly accelerated in development as of late. What appeared to be a developer-centric experiment, has quickly spread to a large number of Chrome devices and has already moved into the Beta Channel of Chrome OS.

      You can now install Linux apps on dozens of Chromebook models by the flipping a switch in the Beta channel and executing a few simple lines of code. Even more exciting is the fact that support for Debian files is here meaning you can simply download the application file you want and double-click to install just like you would on any other OS.

      If that’s not enough, you can even install the Gnome Software Center and install apps from the “store.” All of these combined will surely bring Linux apps to the forefront of Chrome OS’s usability and versatility.

    • Chrome OS 69 Will Finally Bring Linux Apps to Chromebooks, Night Light Support

      Chrome OS is Google’s Linux-based operating system for Chromebook devices, and the tech giant is currently testing support for installing and running Linux apps on Chrome OS, a feature that will be introduced to the masses with the next stable release of the operating system, Chrome OS 69, though it’ll still be available in a beta form.

      “Linux (Beta) for Chromebooks allows developers to use editors and command-line tools by adding support for Linux on a Chrome device,” said Google in the release notes. “After developers complete the set up, they’ll see a terminal in the Chrome launcher. Developers can use the terminal to install apps or packages, and the apps will be securely sandboxed inside a virtual machine.”

    • My 3 favorite Linux releases

      For the 25th anniversary of the Linux kernel, I gave a 25 years of Linux in 5 minutes lightning talk at All Things Open in Raleigh. As we approach the kernel’s 27th anniversary, I’d like to take a stroll down memory lane and look back at the three releases that have been most significant to me.

    • Google confirms many older Chromebooks won’t get Linux apps, including the 2015 Chromebook Pixel

      Google announced earlier this year that Linux apps would eventually be supported on Chrome OS. The feature has been available for months in the Canary and Dev channels, and now works on a variety of Chromebooks from multiple manufacturers. A merged pull request on the Chromium Gerrit now confirms that any device running the Linux kernel 3.14 (or older) will never get Linux app support.

      For context, Linux apps on Chrome OS run in a protected container, to prevent malicious software from interfering with the main system. This container requires features only found in recent versions of the Linux kernel, like vsock (which was added in Linux 4.8). Chromebooks usually stick with whatever kernel version they are shipped with, and many popular models are running older versions too old for containers.

  • Kernel Space

    • Linux 4.18.4
    • Linux 4.17.18
    • Linux 4.14.66
    • Linux 4.9.123
    • Linux 4.4.151
    • Linus Torvalds On Linux 4.19: “This Merge Window Has Been Horrible”

      While Linux 4.19 is slated to have a lot of new features as we have been covering now the past week and a half, Linus Torvalds is upset with these big pull requests and some of them being far from perfect — to the extent of being rejected.

      “So this merge window has been horrible,” began Torvalds’ latest kernel mailing list post. He went on to explain how he is not going to pull XArray support for Linux 4.19. He got turned off when he was going to look at the code because the XArray pull request was based upon the libnvdimm tree, which were changes Torvalds decided against pulling this cycle anyhow due to code quality concerns. And it was not communicated in the pull request why the XArray pull request was based against the libnvdimm changes, which led to another one of Torvalds’ famous email blasts.

    • More Tablet Touchscreen Support & ThinkPad Calculator Key Support Come To Linux 4.19

      The x86 platform driver work was merged today for the Linux 4.19 kernel merge window.

      Unless you were affected by one of the quirky devices now fixed up by the platform-drivers-x86 work, it mostly comes down to a random collection of hardware fixes and improvements. The changes range from the ThinkPad ACPI driver enabling support for the calculator key on at least some Lenovo laptops to the ASUS WMI drivers recognizing the lid flip event on the UX360 ZenBook Flip.

    • F2FS Enables Discard By Default, Performance Enhancements

      Jaegeuk Kim, the creator and lead developer of the Flash-Friendly File-System (F2FS), has finally submitted the big feature updates slated for the Linux 4.19 kernel merge window.

    • The importance of being noisy

      Hundreds (at least) of kernel bugs are fixed every month. Given the kernel’s privileged position within the system, a relatively large portion of those bugs have security implications. Many bugs are relatively easily noticed once they are triggered; that leads to them being fixed. Some bugs, though, can be hard to detect, a result that can be worsened by the design of in-kernel APIs. A proposed change to how user-space accessors work will, hopefully, help to shine a light on one class of stealthy bugs.

      Many system calls involve addresses passed from user space into the kernel; the kernel is then expected to read from or write to those addresses. As long as the calling process can legitimately access the addressed memory, all is well. Should user space pass an address pointing to data it should not be able to access — a pointer into kernel space, for example — bad things can happen.

    • The mismatched mount mess

      “Mounting” a filesystem is the act of making it available somewhere in the system’s directory hierarchy. But a mount operation doesn’t just glue a device full of files into a specific spot in the tree; there is a whole set of parameters controlling how that filesystem is accessed that can be specified at mount time. The handling of these mount parameters is the latest obstacle to getting the proposed new mounting API into the mainline; should the new API reproduce what is arguably one of the biggest misfeatures of the current mount() system call?

      The list of possible mount options is quite long. Some of them, like relatime, control details of how the filesystem metadata is managed internally. The dos1xfloppy option can be used with the FAT filesystem for that all-important compatibility with DOS 1.x systems. The ext4 bsddf option tweaks how free space is reported in the statfs() system call. But some options can have significant security implications. For example, the acl and noacl options control whether access control lists (ACLs) are used on the filesystem; turning off ACLs by accident on the wrong filesystem risks exposing files that should not be accessible.

    • New Intel Caching Feature Considered for Mainline

      Reinette Chatre of Intel posted a patch for a new chip feature called Cache Allocation Technology (CAT), which “enables a user to specify the amount of cache space into which an application can fill”. Among other things, Reinette offered the disclaimer, “The cache pseudo-locking approach relies on generation-specific behavior of processors. It may provide benefits on certain processor generations, but is not guaranteed to be supported in the future.”

      Thomas Gleixner thought Intel’s work looked very interesting and in general very useful, but he asked, “are you saying that the CAT mechanism might change radically in the future [that is, in future CPU chip designs] so that access to cached data in an allocated area which does not belong to the current executing context wont work anymore?”

      Reinette replied, “Cache Pseudo-Locking is a model-specific feature so there may be some variation in if, or to what extent, current and future devices can support Cache Pseudo-Locking. CAT remains architectural.”

    • RT Microconference Accepted into 2018 Linux Plumbers Conference

      We are pleased to announce that the RT Microconference has been accepted into the 2018 Linux Plumbers Conference! The Real-Time patch (also known as PREEMPT_RT) has been developed out of tree since 2004. Although it hasn’t yet been fully merged, several enhancements came to the Linux kernel directly as the result of the RT patch. These include, mutexes, high resolution timers, lockdep, ftrace, RT scheduling, SCHED_DEADLINE, RCU_PREEMPT, cross-arch generic interrupt logic, priority inheritance futexes, threaded interrupt handlers, to name a few. All that is left is the conversion of the kernel spinning locks into mutexes, and the transformation is complete. There’s talk about that happening by the end of this year or early next year.

    • Linux Foundation

      • Building in the Open: ONS Europe Demos Highlight Networking Industry Collaboration

        LF Networking (LFN), launched on January 1st of this year, has already made a significant impact in the open source networking ecosystem gaining over 100 members in the just the first 100 days. Critically, LFN has also continues to attract support and participation from many of the world’s top network operators, including six new members announced in May: KT, KDDI, SK Telecom, Sprint, Swisscom; and Deutsche Telekom announced just last month. In fact, member companies of LFN now represent more than 60% of the world’s mobile subscribers. Open source is becoming the de facto way to develop software and it’s the technical collaboration at the project level that makes it so powerful.

        Similar to the demos in the LFN Booth at ONS North America, the LFN Booth at ONS Europe will once again showcase the top, community-led, technical demos from the LFN family of projects. We have increased the number of demo stations from 8 to 10, and for the first time, are showcasing demos from the big data analytics project PNDA, and demos that include the newly added LFN Project, Tungsten Fabric (formerly OpenContrail). Technology from founding LFN Projects FD.io, ONAP, OPNFV, and OpenDaylight will also be represented, along with adjacent projects like Acumos, Kubernetes, OpenCI, Open Compute Project, and OpenStack.

        Building on the Virtual Central Office demo shown at the OPNFV Summit last year, a team from Red Hat and 10+ participating companies, including China Mobile, have expanded to show a mobile access network configuration using vRAN for the LTE RAN and vEPC built in open source. Another demo showcasing collaboration from 10+ companies, Orange will showcase their Orange OpenLab which is based on several LFN projects. OpenLab allows for the management of CI/CD pipelines, and provides a stable environment for developers. Other operator-led demos include CCVPN (Cross Domain and Cross Layer VPN), from China Mobile and Vodafone, that demonstrates ONAP orchestration capability; and a demo from AT&T showcasing the design, configuration, and deployment of a closed loop instance acting on a VNF (vCPE).

      • ​Cloud Foundry survey finds top enterprise languages

        Programmers may love hot newer languages like Kotlin and Rust, but according to a Cloud Foundry Foundation (CFF) recent survey of global enterprise developers and IT decision makers, Java and Javascript are the top dog enterprise languages.


        This is coming hand-in-glove with the growth of cloud-native development. Multi-cloud users, for example, report using more developer languages, but the majority uses Java and JavaScript, followed by 50 percent saying they use C++.

        The CFF’s results are confirmed by RedMonk’s recent language rankings. RedMonk also placed Java and JavaScript at the top tier of development languages. Java is alive and well.

        In contrast to CFF’s findings, however, RedMonk found Python and PHP used more frequently than C# and C++, but only marginally. As RedMonk’s Stephen O’Grady wrote, “the numerical ranking is substantially less relevant than the language’s tier or grouping.” All four of these languages are alive and well.

      • The Linux Foundation Is Changing The Fabric Of Networking
      • Windmill Enterprise Joins the Linux Foundation

        Windmill Enterprise, developer of the Cognida network and platform with a focus on enterprise blockchain innovation, joined the Linux Foundation this week, and two projects – the Linux Foundation Networking community and EdgeX Foundry.

        Windmill joins existing Linux Foundation members like AT&T, Google, IBM and DellEMC, and companies including Samsung and Analog Devices who are working collaboratively with the EdgeX Foundry community to address complex issues at the edge of IoT and Industrial IoT networks.

        When mobile blockchain meets edge computing, IoT and IIoT developers have a decentralized data management framework available. Despite their being thousands of projects using blockchain in service today in finance, healthcare and logistics, its application in mobile services including IoT remains nascent.

      • Open Metrics Project Comes to the Cloud Native Computing Foundation

        The Cloud Native Computing Foundation (CNCF) is expanding its roster, announcing that it has accepted the Open Metrics project as a Sandbox effort.

        The CNCF Sandbox is a place for early-stage projects, and it was first announced in March. The Sandbox replaces what had originally been called the Inception project level.

        With Open Metrics, Richard Hartmann, technical architect at SpaceNet, Prometheus team member, and founder of OpenMetrics, aims to bring useful metrics to cloud-native deployments. At its core, Open Metrics is an effort to develop a neutral metrics exposition format.

        “OpenMetrics does not limit or define what metrics to send, on purpose,” Hartmann told ServerWatch. “What it does do is define an efficient way to transport those metrics over the wire, and a flexible and powerful way to attach information to them: label sets.”

    • Graphics Stack

      • Collabora’s Mesa EGLDevice Work To Better Support Multiple GPUs

        As covered earlier this month, Emil Velikov at Collabora has been working on EGLDevice support for Mesa. These EGL extensions originally developed by NVIDIA are being pursued by Mesa developers for better dealing with the enumeration and querying of multiple GPUs on a system.

        Right now there is the DRI_PRIME environment variable to allow toggling between systems primarily with two GPUs (namely, Optimus notebooks have been the main use-case) but using EGLDevice support by the Mesa drivers the matter of GPU selection for OpenGL rendering can be made by the application/toolkit developer and for other scenarios like multi-GPU systems running without a display server.

      • NVIDIA 396.54 Linux Driver Released To Fix A OpenGL/Vulkan Performance Bug

        One day after announcing the GeForce RTX 2070/2080 series, NVIDIA has released a new Linux driver. But it’s not a major new driver branch at this time (that’s presumably coming closer to the 20 September launch date) with the Turing GPU support, but is a point release delivering a practical bug fix.

        The sole change listed in today’s NVIDIA 396.54 driver update is, “Fixed a resource leak introduced in the 390 series of drivers that could lead to reduced performance after starting and stopping several OpenGL and/or Vulkan applications.”

      • Why Linux’s Direct Rendering Manager Won’t Add A Generic 2D Acceleration API

        Daniel Vetter of Intel’s Open-Source Technology Center team has written his first blog post in a while on Linux graphics. In this latest post he is answering why there isn’t a 2D user-space API in the Direct Rendering Manager (DRM) code.

        While Linux DRM has advanced on many fronts in the past few years, it doesn’t offer any generic 2D acceleration API. The reasons for that come down to there being no 2D acceleration standard akin to OpenGL/Vulkan for 3D (granted, there’s OpenVG for vector graphics and some other limited alternatives, but nothing as dominant), each hardware blitter engine being different, and other complexities that make 2D acceleration harder than one might otherwise think.

      • Vetter: Why no 2D Userspace API in DRM?

        On his blog, Daniel Vetter answers an often-asked question about why the direct rendering manager (DRM) does not have a 2D API (and won’t in the future)…

      • Why no 2D Userspace API in DRM?

        The DRM (direct rendering manager, not the content protection stuff) graphics subsystem in the linux kernel does not have a generic 2D accelaration API. Despite an awful lot of of GPUs having more or less featureful blitter units. And many systems need them for a lot of use-cases, because the 3D engine is a bit too slow or too power hungry for just rendering desktops.

        It’s a FAQ why this doesn’t exist and why it won’t get added, so I figured I’ll answer this once and for all.

      • mesa 18.2.0-rc4

        The forth release candidate for the Mesa 18.2.0 is now available.

        As per the issue tracker [1] we still have a number of outstanding bugs blocking the release.

      • Mesa 18.2-RC4 Released Due To Open Graphics Driver Bugs

        The fourth release candidate of Mesa 18.2 is out today rather than the final release due to open blocker bugs still persisting.

        Mesa 18.2-RC4 ships with 18 fixes ranging from GLSL compiler fixes, RADV Vulkan driver fixes, some Intel i965 work, EGL on Android, and various other not too notable bug fixes.

      • NVIDIA Talks Up GeForce RTX 2080 Series Performance, But No Linux Mentions

        On Monday NVIDIA introduced the GeForce RTX 20 series while today they have begun making some more performance details of these Turing-powered GPUs succeeding the GeForce GTX 1000 “Pascal” series.

        NVIDIA has posted about how with the RTX 2080 graphics card it’s now possible to game at 60 FPS at 4K with HDR capabilities. They have also shared some relative performance metrics of the GTX 1080 vs. RTX 2080 vs. RTX 2080 with select games where their deep-learning DLSS is supported.

      • NVIDIA RTX / Ray-Tracing Support For Vulkan Coming Soon

        Given Monday’s press conference by NVIDIA where they launched the RTX 20 series and much of the two-hour-long event was focused on ray-tracing for games, you may be wondering about the state of Linux affairs…

        While the GeForce RTX 20 series should work fine with NVIDIA’s proprietary Linux driver come 20 September, NVIDIA’s RTX ray-tracing technology is still largely tied to Windows and Direct3D 12. But they are working on bringing support for RTX to Vulkan API and that frees it up to be supported on Linux.

      • NVIDIA 396.54 Linux Drivers Show Up to 20% Performance Increase After Memory Leak Fix

        While just yesterday NVIDIA released their 396.54 Linux driver update which some may overlook, its actually a significant performance update for Linux gamers – so definitely do not miss out on this update if you’re a Linux gamer using an NVIDIA card. NVIDIA released this 396.54 update specifically to address a resource leak that was plaguing the drivers back to the 390 series, and the resource leak was lowering performance after Vulkan and OpenGL applications had stopped and started on the system – though NVIDIA hasn’t gone into specific details regarding exactly why this was happening.

    • Benchmarks

      • NVIDIA 396.54 Linux Driver Offers Big Performance Boost For Frequent Gamers

        Yesterday NVIDIA released the 396.54 Linux driver update and while from being another point release might feel like a mundane update hot on the heels of the GeForce RTX 2070/2080 series debut, it’s actually a significant driver update for Linux gamers. Here are some benchmarks showcasing the performance fix that warranted this new driver release.

        As mentioned in yesterday’s article, the 396.54 was released to fix a resource leak that had been existent going back to the 390 series driver. This resource leak could lead to lower performance after several OpenGL or Vulkan applications have started/stopped on the system… That’s about all of the details they’ve made public. But in knowing that it was performance related and that they began investigating this issue when seeing some differences in Phoronix benchmark results compared to past articles and spent several weeks analyzing the issue, I fired up the 396.54 Linux driver right away for some game benchmarking.

      • Vive la différence! Threadripper 2 on Linux and Windows 10

        Windows 10 is much better at dealing with multithreaded tasks but Linux has been optimized for both high core counts and NUMA for quite a while, so looking at the performance difference is quite interesting. Phoronix tested a variety of Linux flavours as well as Windows 10 Pro and the performance differences are striking, in some cases we see results twice as fast on Linux as Win10. That does not hold true for all tests as there are some benchmarks which Windows excels at. Take a look at this full review as well as those under the fold for a fuller picture.

  • Applications

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • Akademy 2018 in lovely Vienna!

        Attending Akademy – the annual KDE contributors summit – is always a quite intense experience. This year it happened from 11th to 17th August in the lovely city of Vienna, Austria. It was a quite special edition. We got a higher number of attendees, including some people who have been doing KDE things for more than a decade but only now had the chance to show up and talking to people in-person. In addition, we changed the conference program a bit, moving the reports for the Working Groups from the KDE e.V. General Assembly (restricted to KDE e.V. members) to the general Akademy schedule. Also, this year we introduced four training sessions covering topics not exactly technical but of paramount important for a community like KDE: Non-violent Communication, Online Fundraising and Campaigning, Documentation writing for non-writers, and Public Speaking Training.

      • Best Service

        How often do you meet your laptop vendor in person? Last year, I picked up a KDE Slimbook, and the machine has been great, acting as my development-box-on-the-go for lots of KDE travels. It has a few stickers, and some scratches, and the screen had gotten a bit wobbly by now .. so, at this year’s Akademy I stopped by the Slimbook stand, admired the newer Slimbook II (alas, the old one isn’t written off yet), and mentioned the wobbly screen.

      • New Kirigami communication channels

        Kirigami used to have a Telegram channel as its main communication channel. this is of course not optimal being a closed service and many potential contributors not having an account on Telegram.

      • KDE Plasma on ARM Laptop Pinebook

        In the last few years, smartphone hardware has become powerful enough to drive conventional desktop software. A developing trend is to create laptops using hardware initially designed for smartphones and embedded systems. There are distinct advantages to this approach: those devices are usually very energy efficient, so they can yield a long runtime on a single battery charge; they’re also rather inexpensive and lighter than conventional laptops.

      • KDE neon Linux Operating System Is Now Available for Pinebook 64-Bit ARM Laptops
      • KDE Neon With Plasma Ported & Optimized For Low-Cost 64-bit ARM Laptop
      • KDE neon on the $100 Pinebook

        The KDE neon team has been working with the Blue Systems hardware enablement team and the Pinebook developers to create the KDE neon Pinebook Remix. It uses our Bionic images built for arm64 to create a full featured slick desktop that runs on the best value hardware. The Pinebook comes at a low price but it’s a full laptop useful for watching videos, browsing the web or coding on KDE software. This could open up whole new markets to getting KDE software, a school which previously could only afford a couple of computers could now afford enough for a classroom, a family which previously had to share one computer could now afford a laptop for the children to learn how to code on. It’s quite exciting. And with the KDE Slimbook, neon now covers all ends of the market.

      • More Laptops

        One of the things to come out of Akademy is the first community release of the KDE neon Pinebook Remix image. I’ve been carrying around the Pinebook for some time — since FOSDEM, really, where I first met some of the Pine folks. At Akademy, TL was back and we (that’s a kind of royal “we”, because TL and Rohan and Bhushan and other people did all the hard work) got around to putting the finishing touches on the Pinebook image.

    • GNOME Desktop/GTK

      • Virtualization, Remote Connection Made Simple Using GNOME Boxes

        GNOME Boxes is an application which makes virtualization super simple. Targeted to entry level users, gnome boxes has managed to eliminate too many configurations and settings changes needed to connect to a remote or virtual machine. There are other virtual machine client available in Linux universe but they are complex and sometimes dedicated to advanced users.

      • 4 Neat New GTK Themes for Your Linux Desktop

        The new Yaru/Communitheme theme might be the talk of the Ubuntu town right now, but it’s not the only decent desktop theme out there.

        If you want to give your Linux desktop a striking new look ahead of the autumn then the following quad-pack of quality GTK themes might help you out.

        Don’t be put off by the fact you will need to manually install these skins; it’s pretty to install GTK themes on Ubuntu 18.04 LTS above, providing you set hidden folders to show (Ctrl + H) in Nautilus first.

      • Getting Things GNOME

        When I last visited the question of to-do lists, I settled on a command-line utility, todo.txt. It’s reasonably versatile…but I’ve found that I don’t use it.

        The first reason is that I’d really prefer a graphical user interface, not a flat text display. But also, I’ve found that I want a hierarchical organizer. I tend to group tasks into categories, and I plan by dividing major tasks into subtasks.

        So I was intrigued when I noticed, quite by chance, that my time-tracker software (Hamster) will integrate with two task managers: Evolution and Getting Things GNOME! (GTG). I’ve always thought of Evolution as massive overkill, but I’d never heard of GTG, so I thought I’d give that a try.

      • GNOME 3.30 Brings Back Desktop Icons with Nautilus Integration, Wayland Support

        Earlier this year, the GNOME devs decided to remove the ability of the Nautilus (Files) file manager to handle desktop icons, stating with the GNOME 3.28 release, promising to bring it back as soon as possible through a new implementation in the form of a GNOME Shell extension.

        As expected, users were skeptical about the new implementation if it will offer them the same level of convenience that the previous method provided via the Nautilus file manager. We said it before and we’ll say it again, desktop icons are he to stay for many years and they are not going to disappear.

      • Desktop Icons For The GNOME Shell Are Back With Beta Extension
      • Desktop icons goes beta

        Today I have good news for “classic mode” users and those used to desktop icons.

      • GNOME’s New ‘Desktop Icons’ Extension Enters Beta

        Anyone hesitant of upgrading to GNOME 3.28 because of its decision to remove desktop icons need worry no more.

        A new extension for GNOME Shell brings desktop icons support back to the GNOME desktop.

        It works almost exactly as you’d expect: you can see icons on your desktop and rearrange them; double-click on files/folders/apps to open them; right-click on an empty part of the desktop create a new folders or open a folder in the terminal; and perform basic file operations like copy and paste.

      • New Videos & New Opportunities

        Flatpak 1.0 has released which is a great milestone for the Linux Desktop. I was asked at GUADEC whether a release video could be in place. In response, I spontaneously arranged to produce a voice-over with Sam during the GUADEC Video Editing BoF. Since then, I have been storyboarding, animating and editing the project in Blender. The music and soundscape has been produced by Simon-Claudius who has done an amazing job. Britt edited the voice-over and has lended me a great load of rendering power (thanks Britt!).

      • Getting back into Outreachy

        Outreachy is a great organization that helps women and other minorities get involved in open source software. (Outreachy was formerly the GNOME Outreach Program for Women.) I’ve mentored several cycles in Outreachy, doing usability testing with GNOME. I had a wonderful time, and enjoyed working with all the talented individuals who did usability testing with us.

        I haven’t been part of Outreachy for a few years, since I changed jobs. I have a really hectic work schedule, and the timing hasn’t really worked out for me. Outreachy recently posted their call for participation in the December-March cycle of Outreachy. December to March should be a relatively stable time on my calendar, so this is looking like a great time to get involved again.

        I don’t know if GNOME plans to hire interns for the upcoming cycle of Outreachy, at least for usability testing. But I am interested in mentoring if they do.

        Following conversations with Allan Day and Jakub Steiner, from GNOME Design, I’m thinking about changing the schedule we would use in usability testing. In previous cycles, I set up the schedule like a course on usability. That was a great learning experience for the interns, as they had a ramp-up in learning about usability testing before we did a big usability project.

  • Distributions

    • They should have called it Mirrorball

      TL;DR: there’s now an rsync server at rsync://images-dl.endlessm.com/public from which mirror operators can pull Endless OS images, along with an instance of Mirrorbits to redirect downloaders to their nearest—and hopefully fastest!—mirror. Our installer for Windows and the eos-download-image tool baked into Endless OS both now fetch images via this redirector, and from the next release of Endless OS our mirrors will be used as BitTorrent web seeds too. This should improve the download experience for users who are near our mirrors.

      If you’re interested in mirroring Endless OS, check out these instructions and get in touch. We’re particularly interested in mirrors in Southeast Asia, Latin America and Africa, since our mission is to improve access to technology for people in these areas.

    • New Releases

      • Bodhi Linux 5.0.0 Released

        Today I am very pleased to share the hard work of the Bodhi Team which has resulted in our fifth major release. It has been quiet the journey since our first stable release a little over seven years ago and I am happy with the progress this projected has made in that time.

        For those looking for a lengthy change log between the 4.5.0 release and 5.0.0, you will not find one. We have been happy with what the Moksha desktop has provided for some time now. This new major release simply serves to bring a modern look and updated Ubuntu core (18.04) to the lightning fast desktop you have come to expect from Bodhi Linux.

      • Lightweight Linux Distribution Bodhi Linux 5.0 Released

        It has been a few years of good progress for Bodhi Linux. It is always interesting to see what a lightweight Linux distribution has to offer.

      • Bodhi Linux 5.0 Promises a Rock-Solid Moksha Desktop on Top of Ubuntu 18.04 LTS

        Bodhi Linux developer Jeff Hoogland announced today the release and general availability of the final Bodhi Linux 5.0 operating system series for 32-bit and 64-bit platforms.

        Based on Canonical’s long-term supported Ubuntu 18.04 LTS (Bionic Beaver) operating system series, Bodhi Linux 5.0 promises to offer users a rock-solid, Enlightenment-based Moksha Desktop experience, improvements to the networking stack, and a fresh new look based on the popular Arc GTK Dark theme, but colorized in Bodhi Green colors.

      • Bodhi Linux 5.0 Arrives with Moksha Desktop Improvements

        The latest version of the lightweight Linux distribution includes a modest set of changes mainly concerned with aesthetics. The main lure for users will be the foundational upgrade to Ubuntu 18.04 LTS ‘Bionic Beaver’.

        “We have been happy with what the Moksha desktop has provided for some time now. This new major release simply serves to bring a modern look and updated Ubuntu core (18.04) to the lightning fast desktop you have come to expect from Bodhi Linux,” Bodhi developer Jeff Hoagland writes in his release announcement.

      • Bodhi Linux 5.0.0 now available with Ubuntu 18.04 base

        One of the best things about there being so many Linux distributions, is it can be fun to try them all. Believe it or not, “distro-hopping” is a legit hobby, where the user enjoys installing and testing various Linux-based operating systems and desktop environments. While Fedora is my reliable go-to distro, I am quite happy to try alternatives too. Hell, truth be told, I have more fun trying distributions than playing video games these days, but I digress.

        A unique distribution I recommend trying is the Ubuntu-based Bodhi Linux. The operating system is lightweight, meaning it should run decently on fairly meager hardware. It uses a desktop environment called “Moksha” which is very straightforward. The Enlightenment 17 fork is a no-nonsense DE that both beginners and power users will appreciate. Today, version 5.0.0 finally becomes available. This follows a July release candidate.

      • UBOS Beta 15: status LEDs, Pagekite and Staff improvements
      • UBOS Linux beta 15: status LEDs, Pagekite and Staff improvements

        Two important conferences are coming up:

        * the Nextcloud conference in Berlin, Germany, from August 23 to 30, and
        * the MyData.org conference in Helsinki, Finland, August 29-31.

        We’ll be at both, and just in time, we are proud to release UBOS beta 15!

        Here are some highlights:

        * Boot your Raspberry Pi from USB, not just an SDCard
        * The UBOS Staff has learned a very convenient new trick
        * UBOS now drives the LEDs on Intel NUCs and the Desktop Pi enclosure for the Raspberry Pi
        * Access your device from the public internet through Pagekite integration

        For more info, read the detailed release notes here: https://ubos.net/docs/releases/beta15/release-notes/

      • Freespire 4.0, Mozilla Announces New Fellows, Flatpak 1.0, KDevelop 5.2.4 and Net Neutrality Update

        Freespire 4.0 has been released. This release brings a migration of the Ubuntu 16.04 LTS codebase to the 18.04 LTS codebase, which adds many usability improvements and more hardware support. Other updates include intuitive dark mode, “night light”, Geary 0.12, Chromium browser 68 and much more.

      • Omarine 4.0 released!
    • Red Hat Family

      • Red Hat Enterprise Linux 7.6 Beta now available

        The hybrid cloud requires a consistent foundation and today, we are pleased to refine and innovate that foundation with the availability of Red Hat Enterprise Linux 7.6 beta. The latest update to Red Hat Enterprise Linux 7 is designed to deliver control, confidence, and freedom to demanding business environments, keeping pace with cloud-native innovation while supporting new and existing production operations across the many footprints of enterprise IT.

        As Red Hat’s Paul Cormier states, the hybrid cloud is becoming a default technology choice. Enterprises want the best answers to meet their specific needs, regardless of whether that’s through the public cloud or on bare metal in their own datacenter. Red Hat Enterprise Linux provides an answer to a wide variety of IT challenges, providing a stable, enterprise-grade backbone across all of IT’s footprints – physical, virtual, private cloud, and public cloud. As the future of IT turns towards workloads running across heterogeneous environments, Red Hat Enterprise Linux has focused on evolving to meet these changing needs.

      • Red Hat Enterprise Linux 7.6 Beta Updates Cockpit, Adds Podman
      • Red Hat Enterprise Linux 7.6 beta is out now
      • Red Hat Enterprise Linux 7.6 Enters Beta with Linux Container Innovations, More

        Red Hat announced today the availability of Red Hat Enterprise Linux 7.6 operating system for beta testing for Red Hat Enterprise Linux customers.

        Red Hat Enterprise Linux 7.6 is the sixth maintenance update in the Red Hat Enterprise Linux 7 operating system series, promising innovative technologies for Linux containers and enterprise-class hybrid cloud environments, new security and compliance features, as well as improvements in the management and automation areas.

        “The latest update to Red Hat Enterprise Linux 7 is designed to deliver control, confidence, and freedom to demanding business environments, keeping pace with cloud-native innovation while supporting new and existing production operations across the many footprints of enterprise IT,” said Red Hat in today’s announcement.

      • Open source key in federal IT modernization, adoption of emerging tech

        There’s no pause button for agencies as they modernize systems — they must maintain critical legacy services while developing new platforms, which can make modernization a doubly tough proposition.

        Open source technologies, however, can help to lighten that load, says Adam Clater, chief architect of Red Hat’s North American public sector business.

        “Open source in the current climate is very much on the tip of everyone’s tongue. As the federal government looks to dig themselves out of the technical debt and focus on modernization, as well as delivering new services to their end users, at the end of the day they do have to continue the business of the government,” said Clater. “There’s a very natural affinity toward open source technologies as they do that because open source technologies are really at the forefront of the innovation we’re seeing.”

        Because of this, Clater says he’s seen a surge in adoption of open source technology in the federal government in recent years.

        “I think the government is ratcheting up their participation in open source communities,” he told FedScoop. “They’ve long been participants and contributors, but with Code.gov and the memorandum around open source and open sourcing of government code, I think they’re really leaning in as both a contributor and a consumer of open source while partnering with industry in a lot of that adoption.”

      • How open source should transform your product development strategy

        It’s a bit surprising that no one else seems to be following Red Hat’s lead. For a company that pulled in a very profitable $3 billion in its last fiscal year, and is on track to top $5 billion, Red Hat does a lot of things right. Perhaps most interestingly, however, is how it does product development.

        As Red Hat CEO Jim Whitehurst has said: “Five years ago we didn’t know the technologies we’d be using today, and we don’t know what will be big in five years time.” That’s true of all companies. What’s different for Red Hat, however, is how the company works with open source communities to invent the future.

      • Mozilla Announces Major Improvements to Its Hubs Social Mixed Reality Platform, Windmill Enterprise Joins The Linux Foundation, Cloud Foundry Survey Results, New Bodhi Linux Major Release and Red Hat Linux 7.6 Now Available

        Red Hat Linux 7.6 beta is now available. According to the Red Hat blog, “Red Hat Enterprise Linux 7.6 beta adds new and enhanced capabilities emphasizing innovations in security and compliance features, management and automation, and Linux containers.” See the Release Notes for more information.

      • Maxta, Red Hat, Intel Team Up for Hyperconverged ‘(Un)Appliance’

        Hyperconverged storage software maker Maxta on Aug. 22 introduced a new appliance with a specific function: to run its software on Red Hat Linux’ virtualization framework.

        This is a pre-configured system—called a Hyperconverged (Un)Appliance—consisting of Red Hat and Maxta software bundled together on Intel Data Center Blocks hardware. The joint package provides appliance-based hyperconvergence benefits without the disadvantages conventional systems have to endure, such as costs for refreshing, upgrading, VMware licensing and proprietary virtualization.

        Hyperconverged (Un)Appliances collapse servers, storage and networking into a single server tier that is used to run virtual machines and containers, Maxta said. Storage is configured automatically when VMs or containers are created, allowing administrators to focus on managing applications rather than storage.

      • Maxta Introduces Hyperconverged “(Un)Appliance” with Maxta and Red Hat Virtualization Pre-Configured on Intel® Data Center Blocks Hardware

        -Maxta Inc., a leading provider of hyperconvergence software, today introduced a Hyperconverged “(Un)Appliance” for Red Hat Virtualization, a pre-configured system of Red Hat Virtualization software and Maxta Hyperconvergence software bundled together on Intel® Data Center Blocks hardware. This joint solution provides all the advantages of appliance-based hyperconvergence without any of the disadvantages – there’s no refresh tax, no upgrade tax, no VMware tax, and no proprietary virtualization.

      • Ready to adapt: Providing applications and services worldwide easily and quickly

        The automobile industry is undergoing the biggest transformation in its 100-plus year history – and automotive trade is changing just as dramatically. Digitization has become at once a major competitive factor and a catalyst, influencing every company in the industry, while simultaneously proving to be a resource to be taken advantage of. Companies wishing to benefit from it should prepare to adapt organizationally, culturally, and technically while being able to manage the resulting changes.

        In many ways, digitization means that companies must orient themselves to the needs of the customers economically, strategically, and technically. This customer-centric focus runs through all value chains company-wide as well as the respective individual divisions of every company, from development and production to sales and service.

      • New Red Hat Product Security OpenPGP key

        Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key. This was done to improve the long-term security of our communications with our customers and also to meet current key recommendations from NIST (NIST SP 800-57 Pt. 1 Rev. 4 and NIST SP 800-131A Rev. 1).

        The old key will continue to be valid for some time, but it is preferred that all future correspondence use the new key. Replies and new messages either signed or encrypted by Product Security will use this new key.

      • Reducing data inconsistencies with Red Hat Process Automation Manager

        Managing data reconciliation through a specific process is a common necessity for projects that require Digital Process Automation (formerly known as Business Process Management), and Red Hat Process Automation Manager helps to address such a requirement. This article provides good practices and a technique for satisfying data reconciliation in a structured and clean way.

        Red Hat Process Automation Manager was formerly known as Red Hat JBoss BPM Suite, so it’s worth mentioning that jBPM is the upstream project that fuels Process Automation Manager. The blog post From BPM and business automation to digital automation platforms explains the reasons behind the new name and shares exciting news for this major release.

      • Finance

      • Fedora

        • Flatpak Linux app distributor is now ready for prime time

          The Flatpak framework for distributing Linux desktop applications is now in prodaction release, after three years of beta status. The framework, originally called XDG-app, is intended to make Linux more attractive to desktop app developers. Applications built as a Flatpak can be installed on just about any Linux distribution.

          The open source FlatPak can be used by different types of desktop applications and is intended to be as agnostic as possible when it comes the building of applications. There are no requirements for languages, build tools, or frameworks. Users can control app updates. Flatpack uses familiar technologies such as the Bubblewrap utility for setting up containers and Systemd for setting up Linux cgroups (control groups) for sandboxes.

        • Fedora 29 FESCO Approval Highlights from This Week, and Fedora 30 Release Schedule Confirmed

          The members of the Fedora Engineering and Steering Committee have not only recently approved the Fedora 30 release schedule proposal, they have just recently approved a handful of Fedora 29 features.

          Fedora 29 won’t be shipping until the end of October, but the Fedora 30 release schedule was confirmed to be around April 30th to May 7th of next year – the developers are planning on a massive and lengthy rebuild to occur around the end of January, then change checkpoint completion deadline by middle of February, beta freeze in early March, beta release towards the end of March, and the final freeze around the middle of April.

        • Fedora 30 Release Schedule Finalized, Aiming For A 30 April Debut

          While Fedora 29 isn’t shipping until the end of October, the release schedule for Fedora 30 was firmed up this week at the Fedora Engineering and Steering Committee meeting.

          The approved schedule is aiming for the Fedora 30 Linux release to happen on 30 April but with a pre-planned fallback date of 7 May.

        • Bodhi 3.9.0 released
        • PHP on the road to the 7.3.0 release

          Version 7.3.0beta2 is released. It’s now enter the stabilisation phase for the developers, and the test phase for the users.

          RPM are available in the remi-php73 repository for Fedora ≥ 27 and Enterprise Linux ≥ 6 (RHEL, CentOS) and as Software Collection in the remi-safe repository (or remi for Fedora)

        • Xfce 4.13 Approved For Fedora 29 Along With Other Late Change Proposals

          In addition to approving the Fedora 30 release schedule proposal, the members of the Fedora Engineering and Steering Committee have approved this week a number of Fedora 29 features.

        • Flock 2018 trip report

          A presentation from Jim Perrin and Matt Miller revealed that Fedora and CentOS dist-git will be tied together. This change will likely provide an opportunity to do crazy, awesome and beautiful stuff. But the key thing is to have a single dist-git deployment instead of 2 at start. Once that’s done, we may start thinking about what to do with it.

          Also Brian Stinson described the CI effort to validate all Fedora packages using CentOS CI infrastructure. Good updates, we seem to be getting really close to a system where all of us can write tests for their packages easily and run them on builds. Brian promised that short term we should be getting notifications from the pipeline and documentation. Can’t wait!

    • Debian Family

      • Debian Developers Discuss Process For Salvaging Packages

        While Debian has tens of thousands of packages in its archive and users often tend to cite the size of a package archive as one of the useful metrics for evaluating a OS/distribution or package manager’s potential, not all packages are maintained the same. In acknowledging that not all packages are maintained to the same standard and some ultimately slip through the cracks, Debian developers are discussing a salvaging process.

        Like other distributions, Debian has processes in place already for orphaning packages when a maintainer disappears or voluntarily gives up maintaining a particular package. But this proposed package salvaging process is for poorly maintained or completely unmaintained packages that aren’t in an orphaned state — the process to salvage a package to improve its quality would be “a weaker and faster procedure than orphaning.” The package maintainers could simply be preoccupied for a number of months, lost interest in the particular package and not pursued orphaning, etc.

      • Reasons Why Debian Is Crucial To Linux History

        That August 16, 1993, a young Ian Murdock announced on Usenet “the imminent completion of a new version of Linux which I will call Debian Linux Release.”
        Murdock, of course, had no idea that Debian would end up becoming an institution in the Linux world. This distribution, mother of many others (Ubuntu included), has completed 25 splendid years that have confirmed it as a crucial development in the world of Linux and Open Source.

      • Linux Vacation Eastern Europe 2018

        On Friday, I will be attending LVEE (Linux Vacation Eastern Europe) once again after a few years of missing it for various reasons. I will be presenting a talk on my experience of working with LAVA; the talk is based on a talk given by my colleague Guillaume Tucker, who helped me a lot when I was ramping up on LAVA.

        Since the conference is not well known outside, well, a part of Eastern Europe, I decided I need to write a bit on it. According to the organisers, they had the idea of having a Linux conference after the newly reborn Minsk Linux User Group organised quite a successful celebration of the ten years anniversary of Debian, and they wanted to have even a bigger event. The first LVEE took place in 2005 in a middle of a forest near Hrodna.

      • DebConf18 video work

        For personal reasons, I didn’t make it to DebConf18 in Taiwan this year; but that didn’t mean I wasn’t interested in what was happening. Additionally, I remotely configured SReview, the video review and transcoding system which I originally wrote for FOSDEM.

      • Derivatives

        • Looking for a new OS? Try these Debian Linux-based systems

          The Linux-based OS Debian is 25 years old, and during its lifetime this child of the 90s has spawned its own family of operating systems.

          Debian derivatives come in all shapes and sizes, from user-friendly Linux Mint to the macOS replacement Elementary OS to the privacy-centric Tails.

          This gallery rounds up some of the most notable and popular Debian derivatives, as highlighted by The Debian Project and DistroWatch.

        • Devuan is a Linux Distro Without systemd. Why Should You Use It?

          Devuan is a fork of the popular Debian Operating System upon which Ubuntu is based. It was first released in November 2014 with the aim of providing Linux users with a distro that doesn’t have the systemd daemon installed by default.

          Although Devuan started when Debian adopted systemd but didn’t have a stable release until last year, 2017 in line with the release of Debian 9.

          Because Devuan is virtually a replica of Debian except that it doesn’t use systemd, this article will be to highlight the differences between both OSes (starting with the most important,) so that you can see why you may prefer one over the other.

        • Canonical/Ubuntu

          • Ubuntu Server development summary – 21 August 2018

            The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubuntu Server Team. If you would like to reach the server team, you can find us at the #ubuntu-server channel on Freenode. Alternatively, you can sign up and use the Ubuntu Server Team mailing list.

          • Flavours and Variants

            • After Adopting LXQt, Lubuntu Is Switching to Wayland by Default for Ubuntu 20.10

              Like its bigger brother Ubuntu and other official flavors, Lubuntu is still using the old X.Org Server by default, though nothing stops users to switch to Wayland if they want a more secure and capable display server for their computers, but that’s about to change in the coming years as Lubuntu will adopt Wayland by default.

              Ubuntu already tried to move to Wayland by default with the now deprecated Ubuntu 17.10 (Artful Aardvark) release, but it had to switch back to X.Org Server and put Wayland on the back seat as an alternative session, which users can select from the login manager, with the Ubuntu 18.04 LTS (Bionic Beaver) release.

  • Devices/Embedded

Free Software/Open Source

  • Will a new, open source Twitter replace the flawed old one?

    If you type Mastodon into Google around now you’ll probably happen upon a hairy chap called Brent Hinds who is apparently selling off his huge collection of guitars and amplifiers. For as well as being a prehistoric elephant, Mastodon is a beat combo and, latterly, a newish social network being promoted as “Twitter without the Nazis” or, less hysterically, “Twitter minus its bad bits”.

    Mastodon was launched in August 2016 and received a guarded welcome. People got the idea: Mastodon was community owned, open source, decentralised, no advertising, no tracking, and no hate speech (probably) sort of outfit.

    Unlike Twitter, Mastadon comprises software ‘instances’, so it’s a federation of little sites which self-administer. If you live mostly in one instance, that doesn’t stop you from following and being followed by members of other instances.

  • What is a ‘living’ application?

    Essentially open source Business Process Management (BPM) software company Bonitasoft has introduced its Bonita 7.7 iteration release.

    This is BPM software with Intelligent Continuous Improvement (ICI) and Continuous Delivery (CD) capabilities.

    The company says that its ICI play here is a route to building what it has called adaptable ‘living’ applications.

    A living application then being one that can deliver changes in terms of continuous improvement, continuous integration, continuous deployment and continuous connectivity.

  • Open-source tool simplifies DNS rebinding

    A new open-source tool designed to make DNS rebinding attacks easier has been released.

    The kit, dubbed ‘singularity of origin’, was launched last week by a team from NCC Group.

    It simplifies the process of performing a DNS rebinding attack, where an attacker is able to takeover a victim’s browser and break the single origin policy. This effectively allows an attacker to mask as the victim’s IP address and potentially abuse their privileges to access sensitive information.

    The tool was created with pentesters in mind, and to increase awareness for developers and security teams on how to prevent DNS rebinding, the tool’s creators said.

    NCC Group’s Gerald Doussot and Roger Meyer, who wrote the tool, told The Daily Swig: “Many developers think it’s safe to write software that has debug services listening only locally, but we’ve had several engagements where we were able to remotely compromise applications using DNS rebinding.

  • Open source community accelerates Akraino development for Edge Computing

    One of the most fascinating open networking projects to emerge earlier this year is the AT&T-initiated Akraino Edge Stack, which is being managed by the Linux Foundation. The objective of the Akraino project is to create an open source software stack that supports high-availability cloud services optimised for edge computing systems and applications.

    The project has now moved into its execution phase to begin technical documentation and is already backed and supported by a strong group of telecoms operators and vendors. They include Arm, AT&T, Dell EMC, Ericsson, Huawei, Intel, Juniper Networks, Nokia, Qualcomm, Radisys, Red Hat and Wind River.

  • Progress Open Sources ABL Code with Release of Spark Toolkit

    Progress, a provider of application development and digital experience technologies, has released the Progress Spark Toolkit, a set of open source ABL code and recommended best practices to enable organizations to evolve existing applications and extend their capabilities to meet market demands.

    Previously only available from Progress Services, the Spark Toolkit was created in collaboration with the Progress Common Component Specification (CCS) project, a group of Progress OpenEdge customers and partners defining a standard set of specifications for the common components for building modern business applications. By engaging the community, Progress says it has leveraged best practices in the development of these standards-based components and tools to enable new levels of interoperability, flexibility, efficiencies and effectiveness.

  • Open Source ABL code release with Spark Toolkit

    Progress has announced the release of Progress Spark Toolkit, a set of open source Advanced Business Language (ABL) code and recommended best-practices to enable organizations to evolve existing applications and extend their capabilities to meet market demands.

  • Foundries.io promises standardized open source IoT device security

    IoT devices currently lack a standard way of applying security. It leaves consumers, whether business or individuals, left to wonder if their devices are secure and up-to-date. Foundries.io, a company that launched today, wants to change that by offering a standard way to secure devices and deliver updates over the air.

    “Our mission is solving the problem of IoT and embedded space where there is no standardized core platform like Android for phones,” Foundries.io CEO George Grey explained.

  • Foundries.io delivers secure IoT
  • Foundries.io Launches microPlatforms for an Always-Secure Internet of Things

    Emerging from two years in stealth mode, Foundries.io™ today announced the world’s first commercially available, continuously updated LinuxⓇ and Zephyr™ microPlatform™ distributions for the embedded, IoT, edge and automotive markets. Supported by a newly announced partner program, these microPlatforms™ enable devices from light bulbs to connected cars to always be secure and updated to the latest available firmware, operating system and application(s).

  • Managed Linux and Zephyr distros for IoT offer OTA and container tech

    A Linaro spinoff called Foundries.io unveiled a continuously updated “microPlatforms” IoT service with managed Linux and Zephyr distros. The Linux platform is based on OE/Yocto and Docker container code.

    A Cambridge, UK based startup called Foundries.io, which is funded by Linaro and led by former Linaro exec George Grey, has launched a microPlatforms service with managed, subscription-based Linux and Zephyr distributions. The microPlatforms offering will target IoT, edge, and automotive applications, and provide continuous over-the-air (OTA) updates to improve security.

    The distributions are designed to work with any private or public cloud platform, with the microPlatform cloud service acting as an intermediary. The microPlatforms packages include firmware, kernel, services, and applications, “delivered continuously from initial product design to end-of-life,” says Foundries.io.

  • Foundries.io Tightens Edge, IoT Integration to Boost Security

    oundries.io emerged from stealth with the notion that tight integration and instant software updates are the best security for edge, embedded, and IoT devices.

    That philosophy is behind the company’s “microPlatforms” software that target devices running Linux or Zephyr distributions for the embedded, IoT, connected device, and edge markets. The Foundries.io platform allows for security and bug fix updates to be immediately sent to those devices. The software includes firmware, kernel, services, and application support, with Foundries.io handling the engineering, testing, and deployment of those updates.

  • Startup Drives Open Source to IoT

    A startup formed by members of Linaro wants to be the Red Hat of the Internet of Things, delivering configurations of Linux and the Zephyr RTOS for end nodes, gateways and cars. Foundries.io aims to provide processor-agnostic code with regular updates at a time when IoT developers have a wide variety of increasingly vendor-specific choices.

    “Today every IoT product is effectively a custom design that has to be tested and maintained, and we believe that causes huge fragmentation. Our concept is to make it as easy to update an embedded product as to update a smartphone, so you don’t need a security expert,” said George Grey, chief executive of Foundries.io.

  • State Certifies LA County’s New Open-Source Vote Tally System

    Los Angeles County’s open-source vote tally system was certified by the secretary of state Tuesday, clearing the way for redesigned vote-by-mail ballots to be used in the November election.

    “With security on the minds of elections officials and the public, open-source technology has the potential to further modernize election administration, security and transparency,” Secretary of State Alex Padilla said. “Los Angeles County’s VSAP vote tally system is now California’s first certified election system to use open-source technology. This publicly-owned technology represents a significant step in the future of elections in California and across the country.”

    The system — dubbed Voting Solutions for All People (VSAP) Tally Version 1.0 — went through rigorous security testing by staffers working with the secretary of state as well as an independent test lab, according to county and state officials.

  • LA County gets state approval of new vote-counting system using open source software
  • LA County OKs Open-Source Election System
  • LA County OKs Open-Source Election System

    California Secretary of State Alex Padilla’s office has certified the first open-source, publicly owned election technology for use in Los Angeles County — “a significant step in the future of elections in California and across the country.”

    The system is known as Voting Solutions for All People (VSAP) Tally Version 1.0. Its certification will allow Los Angeles County to use its newly designed Vote By Mail (VBM) ballots in the November election.

    County Registrar-Recorder/County Clerk Dean Logan, in the news release from Padilla’s office, said the new system will ensure accurate and secure counting of ballots.

    Logan’s office will begin distributing the new ballots on Oct. 9. Each voter’s packet will include a ballot, a postage-paid return envelope, a secrecy sleeve and an “I Voted” sticker.

    “As part of the certification process, the system went through rigorous functional and security testing conducted by the Secretary of State’s staff and a certified voting system test lab,” Padilla’s office said. “The testing ensured the system’s compliance with California and federal laws, including the California Voting System Standards (CVSS).”

  • State Certifies LA County’s New Open-Source Vote Tally System

    Los Angeles County’s open-source vote tally system was certified by the secretary of state Tuesday, clearing the way for redesigned vote-by-mail ballots to be used in the November election.

    “With security on the minds of elections officials and the public, open-source technology has the potential to further modernize election administration, security and transparency,” Secretary of State Alex Padilla said. “Los Angeles County’s VSAP vote tally system is now California’s first certified election system to use open-source technology. This publicly-owned technology represents a significant step in the future of elections in California and across the country.”

    The system — dubbed Voting Solutions for All People (VSAP) Tally Version 1.0 — went through rigorous security testing by staffers working with the secretary of state as well as an independent test lab, according to county and state officials.

  • 5 open source tools for container security

    As containers become an almost ubiquitous method of packaging and deploying applications, the instances of malware have increased. Securing containers is now a top priority for DevOps engineers. Fortunately, a number of open source programs are available that scan containers and container images. Let’s look at five such tools.

  • Salesforce Makes ML Library Available as Open Source Project

    It’s increasingly clear that when it comes to artificial intelligence (AI), many organizations will be able to leverage investments made by IT vendors that are being made available as open source code. The latest example of that trend is a decision by Salesforce to make TransmogrifAI, a machine learning library that makes it simpler to consume large amounts of structured data, available as open source code on GitHub.

    Shubha Nabar, senior director of data science for Salesforce Einstein, the AI platform developed by Salesforce, says the decision to make TransmogrifAI open source is driven by primarily by a desire to make AI technologies readily available and easily understandable.

  • Bolster your DevOps infrastructure with open source tools

    When we talk about DevOps, we typically mean managing software deliverables, not infrastructure. But the overall system sanctity is deeply coupled with infrastructure integrity. How many times have you heard “But it works on my system”? Or perhaps a misconceived admin changes the configuration of the production server and things don’t work anymore. Hence, it is essential to bring infrastructure into the proven DevOps practices of consistency, traceability, and automation.

    This article builds on my previous one, Continuous infrastructure: The other CI. While that article introduced infrastructure automation and infrastructure as a first-class citizen of the CI pipeline using the principles of infrastructure as code and immutable infrastructure, this article will explore the tools to achieve a CIi (continuous integration of infrastructure) pipeline through automation.

  • Open-Source Hybrid Analysis Portal Gets a Boost

    The free Hybrid Analysis malware research site used for investigating and detecting unknown malware threats now includes an accelerated search feature that roots out matches or correlations in minutes, rather than hours.

    CrowdStrike donated its Falcon MalQuery new rapid-search feature to the Hybrid Analysis community platform, which has some 100,000 active users worldwide. Hybrid Analysis was acquired in fall 2017 by CrowdStrike, and also employs CrowdStrike’s sandbox technology.

  • BlazeMeter Open Sources Plugin for Mainframe Testing

    BlazeMeter launched an open source plugin for continuous mainframe testing.

    The RTE plugin works with the company’s Apache JMeter, an open source Java application designed to load test functional behavior and measure performance.

    “Supporting IBM mainframe protocols TN5250 and TN3270, the JMeter RTE plugin simulates a mainframe terminal sending actions and keystrokes to the mainframe server,” the company said in a statement. “By using the plugin, developers and testers can simulate filling forms or calling processes, specify the position of fields on the screen and the text to set on them, and simulate the keyboard attention keys.”

  • If you have ambition, open source at scale is essential

    When your job is to provide the cloud infrastructure to run analytics and workloads across three that are more than 100 miles apart datacenters, sucking 100-plus petabytes from each daily, it’s no longer an even remotely credible option to buy it from Megavendor X. These days, the only place to find such software is on an open source repository somewhere.

    Which is exactly what Didi Chuxing, the Uber of China, did.


    Five years ago, Cloudera cofounder Mike Olson wrote, “No dominant platform-level software infrastructure has emerged in the last ten years in closed-source, proprietary form.” In significant measure, this stems from the realities of operating at web-scale: The financial costs, never mind the technical costs, of trying to scale proprietary hardware and software systems are simply too high. Companies like Google and Facebook keep gifting genius creations to the open source community, driving innovation faster, well beyond the realm of proprietary firms’ ability to compete in data infrastructure.

  • Energy controls platform available in open source

    VOLTTRON is an innovative open source software platform that helps users rapidly develop and deploy new control solutions for a myriad of applications in buildings, renewable energy systems and electricity grid systems. Developed by Pacific Northwest National Laboratory with funding from the Department of Energy, VOLTTRON can be downloaded from the not-for-profit Eclipse Foundation that will steward it as an open source software platform. As part of this move, PNNL has joined the Eclipse Foundation, a global organization with more than 275 members.

    Flexible, scalable and cyber-secure, VOLTTRON offers paradigm-shifting capabilities for development of new analysis and management solutions for energy consumption optimization and integration of building assets with the electric grid. VOLTTRON provides the ability to shift energy demand to off-peak hours and manage a facility’s load shape to reduce stress on the grid.

  • Open source microservices management trends alter software delivery

    If you’re a business that uses a monolithic architecture, the adoption of microservices might cause some anxiety on your team. After all, there isn’t one comprehensive place to find answers to all the challenges that arise from managing today’s cloud-native apps, and there isn’t one single vendor that has all the answers.

    Fortunately, the open source community can offer some help. Trends in open source software point toward a future with a completely different approach to application management. If you’re willing to delve into and invest in today’s leading open source microservices projects, it’s possible to find everything you need to manage modern microservices applications in the cloud.

  • Web Browsers

    • Mozilla

      • Notes now uses Rust & Android components

        Today we shipped Notes by Firefox 1.1 for Android, all existing users will get the updated version via Google Play.

        After our initial testing in version 1.0, we identified several issues with the Android’s “Custom Tab” login features. To fix those problems the new version has switched to using the newly developed Firefox Accounts Android component. This component should resolve the issues that the users experienced while signing in to Notes.

      • Dweb: Serving the Web from the Browser with Beaker

        We work on Beaker because publishing and sharing is core to the Web’s ethos, yet to publish your own website or even just share a document, you need to know how to run a server, or be able to pay someone to do it for you.

        So we asked ourselves, “What if you could share a website directly from your browser?”

        Peer-to-peer protocols like dat:// make it possible for regular user devices to host content, so we use dat:// in Beaker to enable publishing from the browser, where instead of using a server, a website’s author and its visitors help host its files. It’s kind of like BitTorrent, but for websites!


        Beaker uses a distributed peer-to-peer network to publish websites and datasets (sometimes we call them “dats”).

      • New in Hubs: Images, Videos, and 3D Models

        A few months ago, we announced an early preview release of Hubs by Mozilla, an experiment to bring Social Mixed Reality to the browser. Since then, we’ve made major strides in improving usability, performance, and support for standalone devices like the Oculus Go. Today, we’re excited to share our first big feature update to Hubs: the ability bring your videos, images, documents, and even 3D models into Hubs by simply pasting a link.

      • Getting cross border lawful access in Europe right

        Lawmakers in the EU have proposed a new legal framework that will make it easier for police in one country to get access to user data in another country (so-called ‘e-evidence’) when investigating crimes. While the law seeks to address some important issues, there is a risk that it will inadvertently undermine due process and the rule of law in Europe. Over the coming months, we’ll be working with lawmakers in Europe to find a policy solution that effectively addresses the legitimate interests of law enforcement, without compromising the rights of our users or the security of our communications infrastructure.

      • Mozilla files FTC comments calling for interoperability to promote competition

        Mozilla’s Internet Health Report 2018 explored concentration of power and centralization online through a spotlight article, “Too big tech?” Five U.S. technology companies often hold the five largest market capitalizations of any industry and any country in the world. Their software and services are entangled with virtually every part of our lives. These companies reached their market positions in part through massive innovation and investment, and they created extremely popular (and lucrative) user experiences. As a consequence of their success, though, the product and business decisions made by these companies move socioeconomic mountains.

        And, like everyone, tech companies make mistakes, as well as some unpopular decisions. For many years, the negative consequences of their actions seemed dwarfed by the benefits. A little loss of privacy seemed easy to accept (for an American audience in particular) in exchange for a new crop of emojis. But from late 2016 through 2017, things changed. The levels of disinformation, abuse, tracking, and control crossed a threshold, sowing distrust in the public and catalyzing governments around the world to start asking difficult questions.

        Since our “Too big tech?” piece was published, this trajectory of government concern has continued. The Facebook / Cambridge Analytica scandal generated testimony from Facebook CEO Mark Zuckerberg on both sides of the Atlantic. The European Commission levied a $5 billion fine on Google for practices associated with the Android mobile operating system. Meanwhile Republican Treasury Secretary Steve Mnuchin called for a serious look at the power of tech companies, and Democratic Senator Mark Warner outlined a 20 point regulatory proposal for social media and technology firms.

      • TenFourFox and legacy addons and their euthanasia thereof

        Presently TenFourFox uses Mozilla Addons as a repository for “legacy” (I prefer “classic” or “can actually do stuff” or “doesn’t suck”) add-ons that remain compatible with Firefox 45, of which TenFourFox is a forked descendant. Mozilla has now announced these legacy addons will no longer be accessible in October. I don’t know if this means that legacy-only addons will no longer be visible, or no longer searchable, or whether older compatible versions of current addons will also be no longer visible, or whatever, or whether everything is going to be deleted and HTH, HAND. The blog post doesn’t say. Just assume you may not be able to access them anymore.

        This end-of-support is obviously to correlate with the end-of-life of Firefox 52ESR, the last version to support legacy add-ons. That’s logical, but it sucks, particularly for people who are stuck on 52ESR (Windows XP and Vista come to mind). Naturally, this also sucks for alternative branches such as Waterfox which split off before WebExtensions became mandatory, and the poor beleaguered remnants of SeaMonkey.

      • Timeline for disabling legacy add-ons on addons.mozilla.org

        Mozilla will stop supporting Firefox Extended Support Release (ESR) 52, the final release that is compatible with legacy add-ons, on September 5, 2018.

        As no supported versions of Firefox will be compatible with legacy add-ons after this date, we will start the process of disabling legacy add-on versions on addons.mozilla.org (AMO) in September. On September 6, 2018, submissions for new legacy add-on versions will be disabled. All legacy add-on versions will be disabled in early October, 2018. Once this happens, users will no longer be able to find your extension on AMO.

        After legacy add-ons are disabled, developers will still be able to port their extensions to the WebExtensions APIs. Once a new version is submitted to AMO, users who have installed the legacy version will automatically receive the update and the add-on’s listing will appear in the gallery.

  • Education

  • Pseudo-Open Source (Openwashing)

    • SUSE, Microsoft team up for Azure-tuned Linux kernel

      By default, SUSE Linux Enterprise Server 15 instances on Azure will run on this custom-tuned kernel, although it can be easily switched back to the standard kernel using the package manager, Zypper.

    • Microsoft, SUSE collaborate on Linux kernel
    • SUSE and Microsoft Announce Enterprise Linux Kernel for Azure
    • Haiku Release R1/beta1, Flatpack v. 1.0.0, SUSE Updates Their Kernel to Boost Performance on Azure, Debian Receives Mitigation Updates to Vulnerability

      SUSE has had a long history with Microsoft, and it would seem that their relationship with the software giant continues with the Linux distribution’s updates to their kernel to boost performance on Azure.

    • Eclipse Foundation and IBM Partner to Help Fight Natural Disasters in New Global Open Source Software Initiative

      The Eclipse Foundation, the platform for open collaboration and innovation, today announced that it is joining the Call for Code initiative with Founding Partner IBM to use the power of open source software and a global collaborative community of developers to help people around the world better prevent, respond to, and recover from natural disasters.

      The Call for Code Global Challenge, created by David Clark Cause and powered by IBM, has more than 35 organizations asking developers to create solutions that significantly improve natural disaster preparedness and relief. This competition is the first of its kind at this global scale, encouraging developers worldwide who want to give back to their communities open software solutions that alleviate human suffering.

    • Why Redis Labs made a huge mistake when it changed its open source licensing strategy

      No, Redis is not proprietary after Redis Labs introduced a tweak to its licensing strategy. Yes, some modules from Redis Labs will now be under a weird new license hack that says, in essence, “Clouds, you’re not allowed to make money from this code unless you pay us money.” And yes, this hack was completely unnecessary in terms of open source evolution.

      You see, we already have ways to accomplish this. Not everyone likes strategies like Open Core, but they’re well-established, well-understood, and could have saved Redis Labs some headaches.


      Let’s be clear: Redis Labs’ desire is rational and common to open source vendors. While Redis Labs didn’t touch the license for Redis Core (it remains under the highly permissive BSD), the company has slapped a “Commons Clause” onto otherwise open source software to make it…not open source. The rationale?

    • The Data Transfer Project

      Social networks are typically walled gardens; users of a service can interact with other users and their content, but cannot see or interact with data stored in competing services. Beyond that, though, these walled gardens have generally made it difficult or impossible to decide to switch to a competitor—all of the user’s data is locked into a particular site. Over time, that has been changing to some extent, but a new project has the potential to make it straightforward to switch to a new service without losing everything. The Data Transfer Project (DTP) is a collaborative project between several internet heavyweights that wants to “create an open-source, service-to-service data portability platform”.


      Users will obviously need to authenticate to both sides of any transfer; that will be handled by authentication adapters at both ends. Most services are likely to use OAuth, but that is not a requirement. In addition, the paper describes the security and privacy responsibilities for all participants (service providers, users, and the DTP system) at some length. These are aimed at ensuring that users’ data is protected in-flight, that the system minimizes the risks of malicious transfers, and that users are notified when transfers are taking place. In addition, a data transfer does not imply removing the data from the exporting provider; there is no provision in DTP for automated data deletion.

      One of the advantages for users, beyond simply being able to get their hands on their own data, is the reduction in bandwidth use that will come because the service providers will directly make the transfer. That is especially important in places where bandwidth is limited or metered—a Google+ user could, for example, export their photos to Facebook without paying the cost of multi-megabyte (or gigabyte) transfers. The same goes for backups made to online cloud-storage services, though that is not really new since some service providers already have ways to directly store user data backups elsewhere in the cloud. For local backup, though, the bandwidth cost will have to be paid, of course.

      The use cases cited in the paper paint a rosy picture of what DTP can help enable for users. A user may discover a photo-printing service that they want to use, but have their photos stored in some social-media platform; the printing service could offer DTP import functionality. Or a service that received requests from customers to find a way to get their data out of another service that was going out of business could implement an export adapter using the failing service’s API. A user who found that they didn’t like the update to their music service’s privacy policy could export their playlists to some other platform. And so on.

    • KOGER Announces Open Source Client Portal Available for Financial Firms

      KOGER® Inc., a global financial services technology company, has announced the availability of an open-source client portal for financial institutions, asset managers, and fund administrators that works in tandem with the systems they already have in place.

  • Funding

    • Handshake Provides a Leg Up

      Handshake has recently awarded funds to many critical free and open source software projects. In particular Conservancy has been gifted $200K for our ongoing work to support software freedom by providing a fiscal home for smaller projects, enforcing the GPL and undertaking strategic efforts to grow and improve free software. Outreachy, the organization offering biannual, paid internships for under-represented people to work in free software (itself a member project of Conservancy) has also been awarded $100,000 from these funds.

      “We are grateful for this donation that will allow us to continue supporting people from underrepresented backgrounds in gaining focused experience as free software contributors and shaping the future of technology,” said Marina Zhurakhinskaya, Outreachy Organizer. Donations to the Outreachy general fund support program operations and increasing awareness of opportunities in free software among people from underrepresented groups in tech.


      As a small organization, we are always working to do the most with what we have. The Handshake grant allows us to tackle some of the work that we would have otherwise had to put off to a later date. Unfettered donations give us the freedom to say yes to hiring contractors to help with tasks that we don’t have expertise for in house, they help us move up our timetables for critical infrastructure and they enable us to spend less time fundraising. These kinds of gifts are absolutely critical for Conservancy and for our frugal sister organizations in the free software community.

    • BackYourStack To Provide Open Source With Financial Security

      Open Collective has come up with an new initiative that makes it easy for companies to identify the open source projects that they depend on that also need funding and make a financial contribution. BackYourStack provides a new way for open source communities get paid for the work they do and become financially sustainable.


      Open Collective lets its users set up pages to collect donations and membership fees where the funds required and the funds raised are explicitly shows and sponsors and the extent of their support is acknowledged. This page gives also access to an ongoing record of a project’s expenses where members can submit new expenses for reimbursement and its Budget facility allows income and expenditure to be tracked.

      According to its FAQs, so far Open Collective has raised $2,815,000 in funds for its members. It takes 10% plus credit card fees to cover the costs of running the platform and managing bookkeeping, taxes and the admin of reimbursing expenses and shares this commission with the host organizations that hold the money on behalf of member collectives.

  • BSD

    • DragonFlyBSD Now Runs On The Threadripper 2990WX, Developer Shocked At Performance

      Last week I carried out some tests of BSD vs. Linux on the new 32-core / 64-thread Threadripper 2990WX. I tested FreeBSD 11, FreeBSD 12, and TrueOS — those benchmarks will be published in the next few days. I tried DragonFlyBSD, but at the time it wouldn’t boot with this AMD HEDT processor. But now the latest DragonFlyBSD development kernel can handle the 2990WX and the lead DragonFly developer calls this new processor “a real beast” and is stunned by its performance potential.

      When I tried last week, the DragonFlyBSD 5.2.2 stable release nor DragonFlyBSD 5.3 daily snapshot would boot on the 2990WX. But it turns out Matthew Dillon, the lead developer of DragonFlyBSD, picked up a rig and has it running now. So in time for the next 5.4 stable release or those using the daily snapshots can have this 32-core / 64-thread Zen+ CPU running on this operating system long ago forked from FreeBSD.


    • Software Freedom Ensures the True Software Commons

      Proprietary software has always been about a power relationship. Copyright and other legal systems give authors the power to decide what license to choose, and usually, they choose a license that favors themselves and takes rights and permissions away from others.

      The so-called “Commons Clause” purposely confuses and conflates many issues. The initiative is backed by FOSSA, a company that sells materiel in the proprietary compliance industrial complex. This clause recently made news again since other parties have now adopted this same license.

      This proprietary software license, which is not Open Source and does not respect the four freedoms of Free Software, seeks to hide a power imbalance ironically behind the guise “Open Source sustainability”. Their argument, once you look past their assertion that “the only way to save Open Source is to not do open source”, is quite plain: “If we can’t make money as quickly and as easily as we’d like with this software, then we have to make sure no one else can as well”.

      These observations are not new. Software freedom advocates have always admitted that if your primary goal is to make money, proprietary software is a better option. It’s not that you can’t earn a living writing only Free Software; it’s that proprietary software makes it easier because you have monopolistic power, granted to you by a legal system ill-equipped to deal with modern technology. In my view, it’s a power which you don’t deserve — that allows you to restrict others.

      Of course, we all want software freedom to exist and survive sustainably. But the environmental movement has already taught us that unbridled commerce and conspicuous consumption is not sustainable. Yet, companies still adopt strategies like this Commons Clause to prioritize rapid growth and revenue that the proprietary software industry expects, claiming these strategies bolster the Commons (even if it is a “partial commons in name only”). The two goals are often just incompatible.

    • It may be poor man’s Photoshop, but GIMP casts a Long Shadow with latest update

      There appears to be no rest for Wilber as the GIMP team has updated the venerable image editor to version 2.10.6.

      We were delighted to see the arrival of the Straighten button in version 2.10.4, mainly due to our inability to hold a camera straight. Version 2.10.6 extends this handy feature to include vertical straightening, so the Leaning Tower of Pisa need lean no more. As before, the user must wield the Measure tool and either let GIMP automatically work out if straightening should be vertical or horizontal, or override the application.

      In a nod to East Asian writing systems, or just to those who feel the need for vertical text, GIMP has also gained a variety of vertical text options, including mixed orientation or the more Western style upright.

    • GNU Parallel 20180822 (‘Genova’) released

      GNU Parallel 20180822 (‘Genova’) has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/

      Quote of the month:

      GNU parallel is a thing of magic.

  • Openness/Sharing/Collaboration

    • Open Hardware/Modding

      • AMD Open-Sources “Rocprofiler” ROCm Profiler For GPU Hardware Perf Counters

        AMD developers have open-sourced rocprofiler for profiling the AMD GPU hardware performance counters under compute/OpenCL workloads.

        Rocprofiler consists of a library and tool for accessing the AMD graphics processor hardware performance counters. They anticipate that this profiler will be bundled as part of their upcoming ROCm 1.9 release, but it can be built today and used with their existing ROCm 1.8 releases.

      • RISC-V video
      • Fujitsu reveals the A64FX, an Arm-based supercomputer CPU

        Fujitsu has revealed details about its new high performance CPU, destined for the Post-K supercomputer. The A64FX is a Fujitsu designed Arm processor and is of particular note as it is the first to implement the Arm v8-A SVE architecture (SVE = Scalable Vector Extensions). Architectural details of the A64FX were shared at the Hot Chips 30 symposium yesterday evening in Cupertino, California. Fujitsu today emailed HEXUS a press release concerning further Post-K CPU specifications, yet to be shared on its website.

      • Fujitsu Presents Post-K CPU Specifications

        Fujitsu today announced publication of specifications for the A64FX CPU to be featured in the post-K computer, a supercomputer being developed by Fujitsu and RIKEN as a successor to the K computer, which achieved the world’s highest performance in 2011. The organizations are striving to achieve post-K application execution performance up to 100 times that of the K computer.

      • Fujitsu Unveils Details on Post-K Supercomputer Processor Powered by ARM

        Today Fujitsu published specifications for the A64FX CPU to be featured in the post-K computer, a future machine designed to be 100 times faster than the legendary K computer that dominated the TOP500 for years.

      • Fujitsu Reveals Details of Processor That Will Power Post-K Supercomputer

        Fujitsu has announced the specifications for A64FX, an Arm CPU that will power Japan’s first exascale supercomputer. The system, known as Post-K, is scheduled to begin operation in 2021.

  • Programming/Development

    • Python wriggles onward without its head

      At the third annual PyBay Conference in San Francisco over the weekend, Python aficionados gathered to learn new tricks and touch base with old friends.

      Only a month earlier, Python creator Guido van Rossum said he would step down as BDFL – benevolent dictator for life – following a draining debate over the addition of a new way to assign variables within an expression (PEP 572).

      But if any bitterness about the proposal politics lingered, it wasn’t evident among attendees.

      Raymond Hettinger, a Python core developer, consultant and speaker, told The Register that the retirement of Python creator Guido van Rossum hasn’t really changed things.

      “It has not changed the tenor of development yet,” he said. “Essentially, [Guido] presented us with a challenge for self-government. And at this point we don’t have any active challenges or something controversial to resolve.”

    • Introducing CI-Admin

      A major focus of recent developments in Firefox CI has been putting control of the CI process in the hands of the engineers working on the project. For the most part, that means putting configuration in the source tree. However, some kinds of configuration don’t fit well in the tree. Notably, configuration of the trees themselves must reside somewhere else.

    • This Week in Rust 248

      This week’s crate is wasm-bindgen-futures, a crate to make ECMAScript futures and Rust futures interoperate. Thanks to Vikrant for the suggestion!

    • CafeOBJ 1.5.8 released

      Some time ago we released CafeOBJ 1.5.8 with some new features and bugfixes for the inductive theorem prover CITP. We are still struggling with SBCL builds on Windows, which suddendly started to produce corrupt images, something that doesn’t happen on Linux or Mac.

    • digest 0.6.16

      digest version 0.6.16 arrived on CRAN earlier today, and was just prepared for Debian as well.

      digest creates hash digests of arbitrary R objects (using the ‘md5′, ‘sha-1′, ‘sha-256′, ‘sha-512′, ‘crc32′, ‘xxhash32′, ‘xxhash64′ and ‘murmur32′ algorithms) permitting easy comparison of R language objects.

  • Standards/Consortia

    • Broadband Forum automates, accelerates cloud-based access deployment

      The Broadband Forum today announced the first code release and documentation of its new Open Broadband project – Broadband Access Abstraction (OB-BAA) to enable standardized, automated and accelerated deployment of new cloud-based access infrastructure and services.

    • Broadband Forum unveils first Open Broadband release

      The Broadband Forum has announced the release of code and supporting documentation for Broadband Access Abstraction (OB-BAA), the first code release for the Open Broadband project.

      The code and documentation offer an alternative approach for telcos looking to upgrade networks ahead of the anticipated stress caused by the introduction of more accessible and faster connectivity. The aim is to facilitate coexistence, seamless migration and the agility to adapt to an increasingly wide variety of software defined access models.

      “OB-BAA enables operators to optimize their decision-making process for introducing new infrastructure based on user demand and acceptance instead of being forced into a total replacement strategy,” said Robin Mersh, Broadband Forum CEO. “By reducing planning, risks and execution time, investment in new systems and services can be incremental.”

      The Forum’s Open Broadband initiative has been designed to provide an open community for the integration and testing of new open source, standards-based and vendor provided implementations. The group already counts support from the likes of BT, China Telecom, CenturyLink and Telecom Italia, as well as companies such as Broadcom and Nokia on the vendor side.

    • Broadband Forum Creates an Open Source Project for Network Access Interoperability

      As a freely-published, open source project, BAA specifies northbound interfaces, core components, and southbound interfaces for functions associated with network access devices that have been virtualized.

      Robin Mersh, CEO of the Broadband Forum, said the BAA project is an Apache 2.0 licensed open source project. The code from the project resides on GitHub and contributors develop the work on BitBucket.

      Operators and equipment manufacturers involved in the project include Broadcom, BT, Calix, CenturyLink, China Telecom, Huawei, Nokia, Telecom Italia, Tibit Communications, the University of New Hampshire InterOperability Lab, and ZTE.

      The BAA code will immediately be integrated into another Broadband Forum initiative — its Cloud Central Office (CloudCO) project. CloudCO is a regular standards project. It’s developing a framework for transformation of the network from fixed function, through boxes, to software-defined networking.


  • Woman cons dozens of men into ‘date’ then sets them against each other

    At 6pm on Sunday, hundreds of men arrived at Union Square in Manhattan for what Aponte told them would be a one-on-one date where they would watch her friend DJ. Once they had formed an audience, each thinking the rest of the men were just there for a show, Aponte took to the stage, explained what was going on and started whittling down the guys with questions and challenges, saying that the winner would actually go on a date with her.

  • Science

    • Wikipedia, the Last Bastion of Shared Reality

      The culture wars are coming for the best utopian project of the early [I]nternet. Can it survive the informational anarchy that’s disrupted the rest of media?

    • What is Machine Learning?

      Advancements in computer technology over the past decades have meant that the collection of electronic data has become more commonplace in most fields of human endeavor. Many organizations now find themselves holding large amounts of data spanning many prior years. This data can relate to people, financial transactions, biological information, and much, much more.

      Simultaneously, data scientists have been developing iterative computer programs called algorithms that can look at this large amount of data, analyse it and identify patterns and relationships that cannot be identified by humans. Analyzing past phenomena can provide extremely valuable information about what to expect in the future from the same, or closely related, phenomena. In this sense, these algorithms can learn from the past and use this learning to make valuable predictions about the future.

    • A porn company promises to insert customers into scenes using deepfakes

      The company demoed the service with a pair of sample clips (link very much not safe for work). One blends the faces of two actresses and another swaps the background of a scene from a bedroom to a beach. It’s not the most advanced use of the technology, but the face-blending is relatively seamless, and it shows how accessible this sort of AI-powered video manipulation has become.

    • Naughty America Wants to Monetize Deepfake Porn

      This week, the company is launching a new service that allows customers to commission their own deepfake clips, which can include superimposing their own faces onto the bodies of porn performers, or incorporating porn stars into different environments. “We see customization and personalization as the future,” said the company’s CEO Andreas Hronopoulos in an interview with Variety.

  • Health/Nutrition

    • Preliminary Injunction Denied, But Two-Day TRO Granted Precluding Launch of Generic Estrogen Patch

      The court denied plaintiff’s motion for a preliminary injunction but granted plaintiff’s motion for a TRO precluding the launch of defendants’ generic transdermal estrogen product.

    • Can A Surge In Activism Defeat American Big Pharma?

      Not a day passes in America without news of a drug company raising prices on prescription drugs. Americans pay two to six times more for prescription drugs than those living in other developed countries, who earn the same income.

      People with chronic or life-threatening diseases, for whom drug costs are unaffordable, often skip treatment altogether. One quarter of all cancer patients chose not to fill a prescription due to cost, according to a 2013 study in the journal Oncologist. This is as drug prices for these conditions have skyrocketed. Humira for example, a widely used best-selling drug for rheumatoid arthritis, is now $2,700 per course of treatment, nearly three times what it costs in Switzerland.

      The vast majority of Americans support a wide range of measures to make drugs more affordable: 92% of Americans support laws allowing the federal government to negotiate lower prices for people on Medicare, the public welfare benefit scheme targeted at senior citizens. However, with two lobbyists per member of Congress and a lobbying services’ bill that oustrips every other industry, including defence, the odds are stacked against citizens in their fight against ‘big pharma’ over drug prices.

    • Is there a high chance of US and UK courts grappling with medicinal cannabis patents?

      The US and UK patent offices have granted a number of patents relating to the therapeutic use of cannabis derived products. Paradoxically, both the US and UK governments currently define cannabis and cannabis-derived products as having no medicinal benefit. Recent developments suggest that both governments may soon soften the legal definition of cannabis. This Kat takes the opportunity to ask, in view of the US and UK governments current position that cannabis has no medicinal use, how strong are the patents claiming the very same?


      Recreational cannabis is subject to varying restrictions around the world. In the UK, the Misuse of Drugs Act 1971 categories cannabis and cannabinol as Class B drugs, meaning that unlicensed supply carries a maximum penalty of 5 years in prison and/or an unlimited fine. Cannabis has been fully legalized in certain US states (e.g. Colorado), and it will soon become fully legal to grow, possess and sell Cannabis in Canada.

      The legality of medicinal cannabis is distinct from that of recreational cannabis. The legislation governing whether licences can be awarded to supply a controlled substance for medical purposes is dependent on whether that substance is considered to have a proven medicinal effect. Cannabis was categorized by the UN Convention on Narcotic Drugs as a drug having “no medicinal benefit” (Schedule 1). Both the US and UK currently follow this classification.

  • Security

    • Three New Security Advisories Hit X.Org’s X11 Library

      It’s been a while since last having any big security bulletins for the X.Org Server even though some of the code-base dates back decades and security researchers have said the security is even worse than it looks and numerous advisories have come up in recent years. But it’s not because X11 is bug-free as today three more security bulletins were made public affecting libX11.

      Today’s security advisory pertains to three different functions in libX11 that are affected by different issues. The security issues come down to off-by-one writes, a potential out of boundary write, and a crash on invalid reply.

    • USBHarpoon: How “Innocent” USB Cables Can Be Manipulated To Inject Malware

      Back in 2014 Black Hat Conference, crypto specialists Karsten Nohl and Jakob Lell introduced the concept of BadUSB — a USB security flaw which allows attackers to turn a USB into a keyboard which can be used to type in commands.

      Now, a researcher from SYON Security has managed to build a modified USB charging cable that will enable hackers to transfer malware on your PC without you even noticing it. Behind the hood is the BadUSB vulnerability.


      While BadUSB is gradually climbing the ladder towards the mainstream cyber attacks, people are also coming up with the corresponding firewalls to tackle the new age attacks.

    • Open Source ‘Kube-Hunter’ Does Kubernetes Penetration Testing

      Aqua Security released the open source kube-hunter tool for penetration testing of Kubernetes clusters, used for container orchestration.

      “You give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues — it’s like automated penetration testing,” the company said in an Aug. 15 blog post.

      The tool — with source code available on GitHub — is also packaged by the company in a containerized version, which works with the company’s kube-hunter Web site where test results can be seen and shared.

    • Get an open-source security multiplier

      Open-source solutions offer numerous advantages to development-savvy teams ready to take ownership of their security challenges. Teams can implement them to provide foundational capabilities, like “process logs” or “access machine state,” swiftly; no need to wait for purchasing approval. They can build custom components on top of open-source code to fit their company’s needs perfectly. Furthermore, open-source solutions are transparent, ‘return’ great value for dollars spent (since investment makes the tool better rather than paying for a license), and receive maintenance from a community of fellow users.

    • Is Open Source More Secure? Maybe Not [Ed: Cloud Academy is badmouthing FOSS and ignoring the fact that proprietary software has back doors in it, cannot be fixed by users]
    • Secure your open source components automatically, continuously, and silently[Ed: This site is posting promotional spam for this Microsoft partner that likes to badmouth FOSS in order to sell its proprietary software]
    • Security updates for Wednesday
    • Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades

      A vulnerability affects all versions of the OpenSSH client released in the past two decades, ever since the application was released in 1999.

      The security bug received a patch this week, but since the OpenSSH client is embedded in a multitude of software applications and hardware devices, it will take months, if not years, for the fix to trickle down to all affected systems.


      This bug allows a remote attacker to guess the usernames registered on an OpenSSH server. Since OpenSSH is used with a bunch of technologies ranging from cloud hosting servers to mandate IoT equipment, billions of devices are affected.

      As researchers explain, the attack scenario relies on an attacker trying to authenticate on an OpenSSH endpoint via a malformed authentication request (for example, via a truncated packet).

    • CVE-2018-5390 and “embargoes”

      A kernel bug that allows a remote denial of service via crafted packets was fixed recently and the resulting patch was merged on July 23. But an announcement of the flaw (which is CVE-2018-5390) was not released until August 6—a two-week window where users were left in the dark. It was not just the patch that might have alerted attackers; the flaw was publicized in other ways, as well, before the announcement, which has led to some discussion of embargo policies on the oss-security mailing list. Within free-software circles, embargoes are generally seen as a necessary evil, but delaying the disclosure of an already-public bug does not sit well.

      The bug itself, which Red Hat calls SegmentSmack, gives a way for a remote attacker to cause the CPU to spend all of its time reassembling packets from out-of-order segments. Sending tiny crafted TCP segments with random offsets in an ongoing session would cause the out-of-order queue to fill; processing that queue could saturate the CPU. According to Red Hat, a small amount of traffic (e.g. 2kbps) could cause the condition but, importantly, it cannot be done using spoofed IP addresses, so filtering may be effective, which may blunt the impact somewhat.

    • Meltdown strikes back: the L1 terminal fault vulnerability

      The Meltdown CPU vulnerability, first disclosed in early January, was frightening because it allowed unprivileged attackers to easily read arbitrary memory in the system. Spectre, disclosed at the same time, was harder to exploit but made it possible for guests running in virtual machines to attack the host system and other guests. Both vulnerabilities have been mitigated to some extent (though it will take a long time to even find all of the Spectre vulnerabilities, much less protect against them). But now the newly disclosed “L1 terminal fault” (L1TF) vulnerability (also going by the name Foreshadow) brings back both threats: relatively easy attacks against host memory from inside a guest. Mitigations are available (and have been merged into the mainline kernel), but they will be expensive for some users.

    • Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities
    • Airmail 3.6 Fixes Potential URL Scheme Vulnerability

      Airmail has just released an update which patches a known security vulnerability in the e-mailing service. Security analysts recently discovered that the client was vulnerable to malicious exploits that could allow foreign and unauthorized persons to access and read sent and received emails in the context of a victim user. The patch released fixes the vulnerable channels that could have been exploited to gain such unwarranted access.

    • Ghostscript Vulnerability Could Cause Data Security Breach

      A vulnerability in the Ghostscript interpreter used to decipher Adobe Postscript and PDF documents online has come to light after a report by a Google security researcher, Tavis Ormandy, and a bothersome statement by Steve Giguere, an EMEA engineer for Synopsis. As the Ghostcript page descriptive language interpreter is the most commonly employed system in numerous programs and databases, this vulnerability has a mass range of exploit and impact if manipulated.


      According to Giguere, this causes second tier delay as mitigation of this depends directly upon authors resolving the issue at its core as soon as it arises, firstly, but that on its own is no use if these resolved components are not uploaded to the web servers and applications that make use of them. The issues must be resolved at the core and then updated where they are directly being used for the sake of effective mitigation. As this is a two step process, it could provide malicious attackers with all the time that they need to exploit this type of vulnerability.

    • Microsoft Visual Studio C++ Runtime installers were built to fail

      Security researcher Stefan Kanthak claims the Microsoft Visual C++ Redistributable for Visual Studio 2017 executable installers (x86 and x64) were built with insecure tools from several years ago, creating a vulnerability that could allow privilege escalation.

      In other words, Redmond is distributing to developers executables that install its Visual C++ runtime, and these installer programs are insecure due to being created by outdated tools. They can be exploited by malicious software to execute arbitrary code. It’s not the end of the world – it’s more embarrassment than anything else, due to the reliance on out-of-date tools.

  • Defence/Aggression

    • Family of children Israel killed on Gaza beach reopen search for justice

      Four years after the massacre, Montaser still can’t play the game that brought him and his brothers joy. The sound of a football being kicked revives memories of bombs, shrieks and bloodshed, as well as a scene that he wants to shut out forever.

      “I still cannot forget. I was running quickly to flee the area. I survived, but I lost my brother and my cousins,” the 17-year-old recalls of a massacre that occurred just yards from the sparkling waters of the Mediterranean Sea.

      Montaser Bakr is the sole remaining survivor of the Bakr children who the Israeli military struck on July 16, 2014, while they played football on a Gaza beach at the height of the enclave’s last war, killing four children aged between nine and 11 years old.

    • Drone Strikes Remain Unchecked in the War on Terror
    • ‘Liberal’ MSNBC Runs All-Star Lineup of Awful Right-Wing Guests

      MSNBC is often described as the liberal version of Fox News, delivering unabashed left-leaning content for vociferously partisan viewers. But if you looked at MSNBC’s lineup of guests for August 15, you’d be hard pressed to find a more odious group of right-wing liars, warmongers and racists on Fox News or any other outlet.

      MSNBC kicked it off with Andrea Mitchell interviewing mercenary Erik Prince, the billionaire founder of private military contractor Blackwater USA and the brother of Trump administration Education Secretary Betsy DeVos.

      Firstly, Mitchell didn’t even get Prince’s credentials right, saying that his company Blackwater no longer exists. This is exactly what its marketing department wants you to believe: Blackwater rebranded as Xe Services following the massacre of 17 Iraqi civilians by Blackwater contractors in Nisour Square in 2007. In 2010, Prince sold Xe to a private equity firm run by a family friend, who changed the name to Academi, which later merged with rival private military contractor Triple Canopy in 2014 to form Constellis Holdings, which was in turn purchased by the private equity giant Apollo Global Management in 2016. Under the name Constellis, Blackwater is still going strong; earlier this year, Apollo was looking to sell it for between $2 billion and $2.5 billion.

  • Transparency/Investigative Reporting

    • Tweets from Assange’s mum fuel conspiracy theory on Clinton email leaks

      Julian Assange’s mother caused excitement on Twitter, saying an ex-DNC worker leaked the Clinton emails. Christine Assange deleted her post after followers concluded that she meant Seth Rich, who was killed in 2016.

      The story unfolded after Christine responded to a tweet claiming Julian Assange had given the then presidential candidate Donald Trump the “upper hand” by leaking the Clinton emails.

  • Finance

    • Tax Case Flips the Script for Democrats and the GOP. But What About for Jurists?

      In a dispute between states’ rights and the congressional power to tax, you would expect conservatives to line up with the states and liberals with Congress. As the battle lines are drawn in State of New York v. Mnuchin, a lawsuit filed last month by the states of Connecticut, Maryland, New Jersey and New York, it will be Republicans defending the power of Congress and Democrats rallying to the cause of the states.

      While well off most people’s radar, the case has the potential to disrupt President Donald Trump’s signature legislative achievement: last year’s massive tax cut. What remains to be seen — and will largely determine the outcome — is whether judicial conservatives align with Republicans (as they usually do) or defend the states’ rights doctrine at the heart of their legal thinking.

      The lawsuit attacks the tax cut passed at the end of last year by the Republican-controlled Congress, specifically its limits on the deductibility of state and local taxes. The law resulted in much higher federal taxes for many residents of high-tax states, most of which are governed by Democrats. Last month, the states brought suit in federal court in Manhattan challenging the constitutionality of this provision of the new law. The legal consensus is that the lawsuit is unlikely to prevail. But the strange bedfellows of this issue may be causing legal analysts to underestimate its chances.

  • AstroTurf/Lobbying/Politics

    • Paul Manafort trial: Jury unable to reach a verdict on 10 of 18 counts

      The jury in the financial fraud trial of former Trump campaign chairman Paul Manafort sent a second note to the court late Tuesday afternoon, informing the judge that there are 10 counts the jury cannot reach a verdict on. Judge T.S. Ellis III has decided there is “manifest necessity” to proceed and a verdict will be reached shortly on 8 of the counts. Judge Ellis will accept a partial verdict.

      Deliberations resumed deliberations Tuesday morning after finishing its third day of deliberations without reaching a verdict. Jurors deliberated until 6:15 p.m. Monday, later than usual, before being dismissed for the day.

    • Warren proposes ban on lawmakers owning individual stocks
    • Trump to announce NAFTA ‘handshake’ deal on Thursday: report

      The Trump administration is reportedly planning to announce this week that it has reached an agreement with Mexico in its renegotiation of the North American Free Trade Agreement (NAFTA).

    • To The US Media, A “Regime” Is Any Government At Odds With The US Empire

      The function of “regime” is to construct the ideological scaffolding for the United States and its partners to attack whatever country has a government described in this manner…

    • The Limits of Elizabeth Warren

      Senator Elizabeth Warren at the National Press Club in Washington on Tuesday launched into a blistering attack on unfettered corporate power in America but waffled when asked about military spending and Israel’s recent brutal reaction to Palestinian resistance.

      Warren outlined with great specificity a host of proposals for eliminating financial conflicts, closing revolving doors between business and government and reforming corporate structures.

      She pilloried former Congressman Billy Tauzin for having done the pharmaceutical lobby’s bidding by preventing a bill for expanded Medicare coverage to include a program to negotiate lower drug prices. “In December of 2003, the very same month the bill was signed into law, PhRMA — the drug companies’ biggest lobbying group — dangled the possibility that Billy could be their next CEO,” Warren said.

      “In February of 2004, Congressman Tauzin announced that he wouldn’t seek re-election. Ten months later, he became CEO of PhRMA — at an annual salary of $2 million,” Warren said. “Big Pharma certainly knows how to say ‘thank you for your service.’”

    • Michael Cohen and Paul Manafort: Two Cases That Shook the Trump World — “Trump, Inc.” Podcast Extra

      In April, we published an investigation into Michael Cohen’s past. The “Trump, Inc.” episode, reported by our partners at WNYC, traced how so many of Cohen’s associates over the years have been convicted of crimes, disbarred or faced other legal troubles.

      But — at the time of the episode — the president’s former lawyer had himself never been convicted, or even accused of a crime.

      Well, it’s time for an update. Cohen pleaded guilty Tuesday to eight felony counts, including tax fraud, lying to a bank and campaign finance violations. The same hour he was pleading guilty, a federal jury found another former Trump aide guilty: Paul Manafort, the erstwhile campaign chairman. Also eight counts. Also bank and tax fraud.

    • Lanny Davis: Trump “Corrupted Our Democracy,” He “Directed” Michael Cohen To Do A “Criminal Act”

      Lanny Davis, attorney for Michael Cohen, told ABC News’ George Stephanopoulos Wednesday that his client has information that would be “of interest” to special counsel Robert Mueller.

      “I can tell you that it’s my observation that what he knows that he witnessed will be of interest to the special counsel,” Davis told Stephanopoulos.

      Davis also named President Trump as the ‘candidate’ tied to Cohen’s campaign finance case. He said his client was “directed” “to do a criminal act” by Trump, calling the crime what he was told to do with two women, Stormy Daniels and Karen McDougal. Davis said there is evidence that Russians are complicit with Wikileaks and members of the Trump campaign help “facilitated that conspiracy.”

  • Censorship/Free Speech

    • Facebook is rating the trustworthiness of its users on a scale from zero to 1 [Ed: phasing in censorship while blaming "users" for it]
    • Facebook Assigns “Zero To 1” Rating Based On Your “Trustworthiness”

      In the unceasing fight against fake news, Facebook has started to assign a reputation score to its user based on their “trustworthiness,” reports Washington Post.

      The new rating tool revealed by Tessa Lyons, product manager and currently fighting misinformation on Facebook, is among the many other behavior clues that Facebook continuously take into consideration “as it seeks to understand risk.”

    • Facebook Fueled Anti-Refugee Attacks in Germany, New Research Suggests

      When you ask locals why Dirk Denkhaus, a young firefighter trainee who had been considered neither dangerous nor political, broke into the attic of a refugee group house and tried to set it on fire, they will list the familiar issues.

      This small riverside town is shrinking and its economy declining, they say, leaving young people bored and disillusioned. Though most here supported the mayor’s decision to accept an extra allotment of refugees, some found the influx disorienting. Fringe politics are on the rise.

      But they’ll often mention another factor not typically associated with Germany’s spate of anti-refugee violence: Facebook.

      Everyone here has seen Facebook rumors portraying refugees as a threat. They’ve encountered racist vitriol on local pages, a jarring contrast with Altena’s public spaces, where people wave warmly to refugee families.

    • Facebook Is Driving Increasing Attacks On Refugees In Germany, Study Finds

      Two Researchers from the University of Warwick, named Karsten Miller and Carlo Schwarz, have conducted a study which analyzed the anti-refugee attacks in Germany. Some of the factors that were considered for the study included wealth, demographics, political support, newspaper sales, number of refugees, past crimes against refugees and the number of protests.

      The pattern that emerged suggested that the towns where Facebook usage was higher than the average were more involved in the anti-refugee attacks.

    • Dutch Government Prosecuting Dutch Citizen For Insulting Turkish President Recep Erdogan

      Turkey’s president Recep Erdogan is the pettiest of tyrants, ruling with an iron fist and an easily-bruised ego. In addition to snuffing out dissent in his own country with a combination of arrests and intimidation, Erdogan and his government scour the planet for non-Turkish citizens who have offended Lord Gollum.

      This doesn’t just take the form of content removal requests and site blocking. It also means actual arrests of foreign citizens residing in other countries. Germany’s government was shocked to find an old law on its books — one that forbade insulting foreign states — being used against one of its own, a German comedian who wrote an immensely unflattering poem about the Turkish dictator. The government gave in at first before swiftly excising the law.

      The same can’t be said about the Netherlands, another country with bad laws Erdogan is more than happy to exploit to silence criticism. This makes things a little easier for the Turkish government. The last time it punished a Dutch citizen for criticizing the Turkish president, it had to wait for the journalist to visit the country before arresting her.

      This time the Dutch government is going to be doing the punishing. Erdogan has spoken and, rather than being greeted with laughter followed by a dial tone, the Dutch government appears to be moving forward with a local prosecution.

    • That Facebook Will Turn to Censoring the Left Isn’t a Worry—It’s a Reality

      On August 6, a number of giant online media companies, including Facebook, YouTube, Apple, Spotify and Pinterest, took the seemingly coordinated decision to remove all content from Alex Jones and his media outlet Infowars from their platforms.

      Jones, perhaps the internet’s most notorious far-right conspiracy theorist, has claimed that the Sandy Hook shooting was a hoax, the Democratic Party is running a child sex ring inside a DC pizzeria and that the Las Vegas shooting was perpetrated by Antifa. Despite or perhaps because of such claims, his website Infowars has built up an enormous following: 3 million Americans, almost 1 percent of the population, visited the site in July 2018, according to Alexa.


      Unfortunately, Facebook immediately used this new precedent to switch its sights on the left, temporarily shutting down the Occupy London page and deleting the anti-fascist No Unite the Right account (Tech Crunch, 8/1/18). Furthermore, on August 9, the independent, reader-supported news website Venezuelanalysis had its page suspended without warning.

      The site does not feign neutrality, offering news and views about Venezuela from a strongly left-wing perspective. But it’s not uncritical of the Venezuelan government, either, and provides a crucial English-language resource for academics and interested parties on all sides wishing to understand events inside Venezuela from a leftist perspective, something almost completely absent in corporate media, which has been actively undermining elections (FAIR.org, 5/23/18) and openly calling for military intervention or a coup in the country (FAIR.org, 5/16/18).

    • Once Again, Court Rejects Silly Claims That YouTube Provided Material Support For Terrorists

      For the past few years we’ve been covering a whole series of cases, most of them filed by (I’m not making this up) a silly law firm by the name of 1-800-Law-Firm, trying to argue that various big internet companies provided material support to ISIS or other terrorists, and therefore owe tons of money to surviving relatives of people killed by ISIS or other terrorist organizations. There have been lawsuits against Twitter, Facebook and Google/YouTube. So far, all of these lawsuits have failed miserably — as they should.

      Even if the plaintiffs could show that these platforms actively enabled terrorists to use their platform (which they do not, as all of them proactively look to remove terrorist related content), none of the cases makes an even half-hearted attempt to connect the (very unfortunate) deaths of their relatives to any actual content on these platforms. The lawsuits are basically “these bad people use Twitter/Facebook/YouTube, these people killed my relative, thus, those platforms owe me millions of dollars.” That, of course, is not how the law works.

    • Court Dismisses Defamation Lawsuit Over Steele Dossier

      You may have noticed that an awful lot of news broke yesterday concerning a wide variety of legal cases all touching on the President. Most of the coverage, of course, went to the two big cases: the guilty verdict against former campaign chair Paul Manafort and the guilty plea by former Trump personal lawyer Michael Cohen. There were some other cases with breaking news as well, including a judge in New York rejecting Trump’s attempt to dump a lawsuit filed against his private security team for apparently beating up some protesters. Also, in a (frankly, very weak) defamation lawsuit filed by former Apprentice contestant Summer Zervos, apparently Trump has refused to submit to discovery requests, leading Zervos’ legal team to file a motion to compel him to respond.

      Most of those cases don’t cover the kinds of things we usually talk about (the defamation case being the exception — but at this stage, there really isn’t that much worth commenting on). However, there was yet another case loosely involving the President that is something we’d talk about and which concluded late Monday (though, the news broke on Tuesday as well). And that involved a defamation case filed by three Russians against Christopher Steele, author of the so-called “Steele Dossier.” Back in October of last year, three Russians, Mikhail Fridman, German Khan and Peter Aven, who are all involved with Alfa-Bank, sued Fusion GPS and its founder Glenn Simpson in federal court for defamation. That case is still waiting for a ruling on both a Motion to Dismiss and an Anti-SLAPP Motion.

      However, while all of that was going on, the same three Russians filed a very similar case in the DC Superior Court (the equivalent of a state court, rather than federal court). That case was filed in April of this year, and while the federal court is still dilly dallying around on it, the state court dismissed the case on anti-SLAPP grounds (which rendered a related Motion to Dismiss moot.).

    • Facebook begins rating users on how trustworthy they are at flagging fake news

      One of those is this trust rating. Facebook didn’t tell the Post everything that went into the score, but it is partly related to a user’s track record with reporting stories as false. If someone regularly reports stories as false, and a fact-checking team later finds them to be false, their trust score will go up; if a person regularly reports stories as false that later are found to be true, it’ll go down.

    • John Calder, British Publisher Who Fought Censorship, Dies at 91

      John Calder, an independent British publisher who built a prestigious list of authors like Samuel Beckett and Heinrich Böll and spiritedly defended writers like Henry Miller against censorship, died on Aug. 13 in Edinburgh. He was 91.

      Alessandro Gallenzi, who bought Mr. Calder’s publishing company in 2007 and continues to sell books under his name, confirmed the death.

      Mr. Calder’s refined literary palate — sometimes at odds with his admittedly uneven commercial acumen — led him to bring out books in Britain by Eugène Ionesco, Marguerite Duras, Alain Robbe-Grillet, Claude Simon, William S. Burroughs and Nathalie Sarraute.

    • Publisher John Calder was a ‘towering figure in the fight against censorship’
    • Censorship machines removed my article warning people about censorship machines

      A few days ago, about a dozen articles and campaign sites criticizing EU plans for copyright censorship machines silently vanished from the world’s most popular search engine. Proving their point in the most blatant possible way, the sites were removed by exactly what they were warning of: Copyright censorship machines.

      Among the websites that were made impossible to find: A blog post of mine in which I inform Europeans about where their governments stand on online censorship in the name of copyright and a campaign site warning of copyright law that favors corporations over free speech.


      After the EFF uncovered further fraudulent removals by Topple Track and TorrentFreak covered the story, Google reportedly terminated its trusted partnership with the company. But still, as of this writing, my blog post remains unlisted on Google Search. Incredibly, not even when a company is exposed for issuing abusive takedowns are the websites they’ve previously ordered removed reinstated. Each individual author must actively put up a fight to restore the findability of their free speech. [Update: The page seems to be back in the Google index now.]

    • Blockchain tech has the power to fight censorship — but it can help fake news stay forever

      Although a lot of people use ‘blockchain’ as a synonym to bitcoin, the possibilities this tech offers go far beyond cryptocurrencies.

      In its core, blockchain is a decentralised database of data where nothing can be added or modified without the consent of all the participants.

      Publiq, which describes itself as a non-profit foundation, uses blockchain technology to create a new, decentralised environment for content publishing. Their aim is to bypass centralised management of the media sector and give authors the freedom to publish their content without any external intervention. As a bonus, blockchain technology helps authors retain copyright and monetise their work.

      Publiq is founded on blockchain, which means no one can modify content at any stage of its publishing and sharing. Dr. Christian de Vartavan, adviser and global ambassador at Publiq, compares the principle of blockchain technology to an old-fashioned bill spike: you pile up the bills by sticking them on the spike one by one, and you can’t remove or modify any of the previous bills unless you take everything off, which is simply impossible with blockchain.

    • Society Is Made Of Narrative. Realizing This Is Awakening From The Matrix.

      Without mental narrative, nothing is experienced but sensory impressions appearing to a subject with no clear shape or boundaries. The visual and auditory fields, the sensation of air going in and out of the respiratory system, the feeling of the feet on the ground or the bum in the chair. That’s it. That’s more or less the totality of life minus narrative.

      When you add in the mental chatter, however, none of those things tend to occupy a significant amount of interest or attention. Appearances in the visual and auditory field are suddenly divided up and labeled with language, with attention to them determined by whichever threatens or satisfies the various agendas, fears and desires of the conceptual identity construct known as “you”. You can go days, weeks, months or years without really noticing the feeling of your respiratory system or your feet on the ground as your interest and attention gets sucked up into a relationship with society that exists solely as narrative.

      “Am I good enough? Am I doing the right thing? Oh man, I hope what I’m trying to do works out. I need to make sure I get all my projects done. If I do that one thing first it might save me some time in the long run. Oh there’s Ashley, I hate that bitch. God I’m so fat and ugly. If I can just get the things that I want and accomplish my important goals I’ll feel okay. Taxes are due soon. What’s on TV? Oh it’s that idiot. How the hell did he get elected anyway? Everyone who made that happen is a Nazi. God I can’t wait for the weekend. I hope everything goes as planned between now and then.”

      On and on and on and on. Almost all of our mental energy goes into those mental narratives. They dominate our lives. And, for that reason, people who are able to control those narratives are able to control us.

    • European lawmaker writes post warning about dangers of automatic copyright filters, which is taken down by an automatic copyright filter

      Julia Reda is the Member of the European Parliament who has led the fight against Article 13, a proposal to force all online services to create automatic filters that block anything claimed as a copyrighted work.

      Reda has written copiously on the risks of such a system, with an emphasis on the fact that these filters are error-prone and likely to block material that doesn’t infringe copyright.

    • Automated Filter Removed Parliament Member’s Article Warning About Censorship By Automated Filters

      Last week, Tim Cushing had a post about yet another out of control automated DMCA notifier, sending a ton of bogus notices to Google (most of which Google removed from its search engine index, since the sender, “Topple Track” from Symphonic Distribution was a part of Google’s “Trusted Copyright Program,” giving those notices more weight). The post listed many of the perfectly legitimate content that got removed from Google’s index because of that rogue automated filter, including an EFF page about a lawsuit, the official (authorized) pages of Beyonce and Bruno Mars, and a blog post about a lawsuit by Professor Eric Goldman.

    • Facebook Suspended a Latin American News Network and Gave Three Different Reasons Why

      On August 13, Facebook shut down the English-language page of Telesur, blocking access for roughly half a million followers of the leftist media network until it was abruptly reinstated two days later. Facebook has provided three different explanations for the temporary disappearing, all contradicting one another, and not a single one making sense.

      Telesur was created by Venezuela’s then-President Hugo Chávez in 2005 and co-funded by hemispheric neighbors Cuba, Bolivia, Nicaragua, and Uruguay — Argentina pulled support for the web and cable property in 2016. As a state-owned media property, it exists somewhere on the same continuum as RT and Al Jazeera, though like the former, Telesur has been criticized as a nakedly partisan governmental mouthpiece, and like the latter, it does engage in real news reporting. But putting aside questions of bias and agenda, Telesur does seem to exist on a separate plane than, say, Infowars, which exists primarily to peddle its particular, patently false genre of right-wing paranoia fan fiction packaged as news (and brain pills), as opposed to some garden-variety political agenda. Unlike RT, Telesur hasn’t been singled-out for a role in laundering disinformation for military intelligence purposes, nor is it a hoax factory, à la Alex Jones.

    • Alex Jones was an Easy Censorship Precedent – Predictably Other Dissent is Following
    • Before You Talk About How Easy Content Moderation Is, You Should Listen To This

      For quite some time now, we’ve been trying to demonstrate just how impossible it is to expect internet platforms to do a consistent or error-free job of moderating content. Especially at the scale they’re at, it’s an impossible request, not least because so much of what goes into content moderation decisions is entirely subjective about what’s good and what’s bad, and not everyone agrees on that. It’s why I’ve been advocating for moving controls out to the end users, rather than expecting platforms to be the final arbiters. It’s also part of the reason why we ran that content moderation game at a conference a few months ago, in which no one could fully agree on what to do about the content examples we presented (for every single one there were at least some people who argued for keeping the content up or taking it down).

      On Twitter, I recently joked that anyone with opinions on content moderation should first have to read Professor Kate Klonick’s recent Harvard Law Review paper on The New Governors: The People, Rules and Processes Governing Online Speech, as it’s one of the most thorough and comprehensive explanations of the realities and history of content moderation. But, if reading a 73 page law review article isn’t your cup of tea, my next recommendation is to spend an hour listening to the new Radiolab podcast, entitled Post No Evil.

      I think it provides the best representation of just how impossible it is to moderate this kind of content at scale. It discusses the history of content moderation, but also deftly shows how impossible it is to do it at scale with any sort of consistency without creating new problems. I won’t ruin it for you entirely, but it does a brilliant job highlighting how as the scale increases, the only reasonable way to deal with things is to create a set of rules that everyone can follow. And then you suddenly realize that the rules don’t work. You have thousands of people who need to follow those rules, and they each have a few seconds to decide before moving on. And as such, there’s not only no time for understanding context, but there’s little time to recognize that (1) content has a funny way of not falling within the rules nicely and (2) no matter what you do, you’ll end up with horrible results (one of the examples in the podcast is one we talked about last year, explaining the ridiculous results, but logical reasons, for why Facebook had a rule that you couldn’t say mean things about white men, but could about black boys).

    • Richie Greenberg Raises Tech Censorship Awareness at Twitter’s Headquarters

      On Friday, August 17th, a group of people gathered at Twitter’s headquarters in San Francisco to raise awareness about censorship at big tech companies.

      They gathered at the corner of Market and 10th streets in San Francisco. Onlookers can see the volunteers in neon vests holding hand-written signs.


      Once shadowbanned, the user would be limited in certain abilities, making it harder to gain new followers.

    • Social media companies must disclose censorship

      Millions of Americans use social media to get their news, and that number is growing rapidly by the year. But when they log on, they don’t always get the full story.

      Powerful social media companies are filtering the information that users receive on their platforms. As a result, the picture we get of politics is partial and distorted, like a carnival mirror.

      Last month, Vice reported that Twitter was limiting the visibility of conservative accounts.

      Some tweets from these accounts did not appear in searches, and the accounts themselves were made more difficult to find through the search feature. This “shadow ban” made it harder for users to get information about certain public officials — or even to learn that their presence existed.

    • Censorship in the age of Netflix

      The Indian state has an expansive legal toolkit when it comes to censorship of content, encompassing cinema, broadcast media, books, and newspapers and news magazines. Even live dramatic performances do not escape the possibility of censorship, thanks to the truly anachronistic Dramatic Performances Act and its various state government avatars. Essentially, if the government believes you are up to no good, there are laws on the books which they can use to stop you regardless of whether your chosen vehicle is a prurient pantomime, a blasphemous book, or a mischievous movie.

      Confining ourselves to moving images (which are more heavily regulated than any other type of content), we are all familiar with the Censor Board – officially known as Central Board of Film Certification – and the delicate dance that Indian filmmakers play when it comes to obtaining the ubiquitous CBFC certificate we see before every film. Some of us are even familiar with the content code that all television channels in India need to comply with.

    • House Majority Leader Kevin McCarthy Is At It Again with Bullshit Censorship Claim

      Twitter rant about the online “censorship” of “conservatives” might be that he’s the dumbest person ever elected to Congress.

    • Pelosi mocks McCarthy for tweet complaining of censorship
    • House speaker hopefuls Kevin McCarthy and Nancy Pelosi trade tweet blows over Twitter censorship
    • GOP House Majority Leader Kevin McCarthy had technical difficulties with his Twitter ‘censorship’ complaint
    • Republican Kevin McCarthy Accused Twitter Of Censoring Conservatives, Turns Out He Just Had His Settings Wrong
    • Nancy Pelosi Mocks GOP Leader Kevin McCarthy for Not Knowing How Twitter Works
    • Facebook apologizes to right-wing group PragerU after being accused of censoring its videos
    • Facebook apology after censorship isn’t enough, says Prager: ‘The Left doesn’t believe in free speech’
    • Pakistan lifts state media censorship for complete editorial independence
    • Imran Khan Thanks Navjot Sidhu, Has Message For His Critics In India
    • India – New Pak PM Imran Khan’s Biggest Foreign Policy Challenge
    • First act of Imran Khan’s government: remove censorship on state radio and television
    • Political censorship lifted from PTV, says information minister
    • Pakistan PM Imran Khan lifts censorship of state TV, radio: Minister
    • Information Minister notifies to end political censorship of state media
    • PTI government lifts political censorship on PTV, Radio Pakistan
    • “Complete Editorial Independence”: Pakistan Lifts State Media Censorship
    • No political censorship on state-owned media: info minister Fawad Chaudhry
    • PTI govt ends decades-old political censorship on PTV
    • Info minister says has ended political censorship of state TV
    • Censorship on state-run media lifted: Fawad

      Information Mini­ster Fawad Ahmed on Tuesday announced that the Pakistan Tehreek-i-Insaf-led government had lifted political censorship on state-run news organisations.

      In a statement posted on Twitter, the minister said that both Pakistan Television (PTV) and Radio Pakistan would now enjoy complete editorial independence over the content they produce.

    • EU set to impose tough new rules on social media companies

      The European Commission is reportedly planning to bring in new laws that will punish social media companies if they don’t remove terrorist content within an hour of it being flagged.

      The news comes courtesy of the FT, which spoke to the EU commissioner for security, Julian King, on the matter of terrorists spreading their message over social media. “We cannot afford to relax or become complacent in the face of such a shadowy and destructive phenomenon,” he said, after reflecting that he doesn’t think enough progress had been made in this area.

      Earlier this year the EU took the somewhat self-contradictory step of imposing some voluntary guidelines on social media companies to take down material that promotes terrorism within an hour of it being flagged. In hindsight that move seems to have been made in order to lay the ground for full legislation, with Europe now being able to claim its hand has been reluctantly forced by the failure of social media companies to do the job themselves.

      So long as the legal stipulation if for content to be taken down when explicitly flagged as terrorist by police authorities it should be pretty easy to enforce – indeed it could probably be automated. But legislation such as this does pose broader questions around censorship. How is ‘terrorist’ defined? Will there be a right of appeal? Will other organisations be given the power to demand content be taken down? Will this law be extended to other types of contentious content?

    • A New Report Details Pro-Trump Censorship of Liberty University’s Student Paper

      A rift between the Liberty University president and an on-campus newspaper indicates that campus free speech battles are not solely an issue for liberal colleges. Jerry Falwell, Jr., the president of one of the largest Christian universities in America, is a very vocal supporter of Republicans and conservatives and that support has crossed over to his college’s identity. Earlier in the month, Falwell invoked his students to criticize Attorney General Jeff Sessions for not supporting President Trump enough, citing their low attendance at a 2016 event as proof that they did not back Sessions. Now World Magazine alleges that Falwell played a direct role in censoring the political views of Liberty’s Champion, the on-campus paper. The alleged censorship mostly applied to criticisms of Trump.

      In one allegation, Falwell reportedly directed staffers in 2016 to state the presidential candidate for which they were voting. At another point, Falwell told another editor to not run former Sports Editor Joel Schmieg’s column disavowing Trump’s “locker room talk” controversy. Schmieg then attempted to share his thoughts on Facebook, but later resigned when a faculty adviser communicated to him that he should refrain from repeating the action in the future. According to World Magazine, Schmieg said, “I didn’t feel comfortable being told what I couldn’t write about by President Falwell.”

    • FreeWeibo is working towards a censorship-free China

      China’s internet has always been heavily censored by its government. The heavy censorship, also know as The Great Firewall, restricts users from searching or sharing certain phrases and words online — like pictures of Winnie the Pooh — to ‘protect’ Chinese citizens, or so the government says.

      Understandably, not everybody is happy with the ridiculously outdated policy. That why activists at GreatFire created FreeWeibo — a search engine that collects censored and deleted posts originally posted on Sina Weibo (China’s answer to Twitter).

    • A majority of Google employees are content with offering a censored search engine in China
    • Chasing the China market and enduring censorship
    • An anonymous poll of Google insiders shows how divided employees are over China
    • If Google goes to China, will it tell the truth about Tiananmen Square?
    • This chart shows how divided tech workers are over Google’s reported new Chinese search engine
    • Google workers protest China plan secrecy
    • Behind the fight over Google’s China project, a battle for the company’s soul
    • In China, Google must go by any other name
    • Google backs out of working with the Pentagon, but is still considering helping China censor its people
    • The Censorship of Youtube and Facebook with David Pakman and Andrew Austin

      On this Project Censored show Mickey, Chase and their guests discuss how Internet titans like Facebook and Youtube are censoring what users can post, and what the response to such censorship might be. David Pakman is the host of the David Pakman Show, available on Free Speech TV, Youtube, and radio. Andrew Austin is a Professor of Democracy and Justice Studies at the University of Wisconsin, Green Bay. Nolan Higdon is a professor of communications and history at multiple campuses in the San Francisco Bay area, is a long time contributor to Project Censored, and is an occasional co-host of this program.

    • Censorship of student journalism must stop
    • What Countries Have the Strictest Internet Censorship Regulations?

      Many of us take the benefits of the Internet for granted, and it’s hard to imagine life without the connectivity it provides. And yet, for some people, living with a heavily censored and restricted Internet connection is their routine, and there’s pretty much nothing they can do about it that can’t land them in trouble with their governments. Let’s take a look at how the Internet works in some parts of the world.


      China is another country notorious for the way it treats Internet access, and the situation is quite challenging for anyone who wants to visit a large number of popular websites. Many Western sites are prohibited, or tightly regulated, and various specific types of content are not allowed to be viewed by anyone. As can be expected, the government keeps a close eye on the activities of all its citizens, and you can often about someone getting punished because they’ve decided to speak out against them openly.

  • Privacy/Surveillance

    • Defend encryption in Australia

      The Australian Government have released a draft Bill [The Assistance and Access Bill 2018] designed to compel device manufacturers and service providers to assist law enforcement in accessing encrypted information. Although apparently developed to allow government agencies access to criminals’ encrypted communications, the Bill also grants broad, sweeping powers to government agencies that will harm the security and stability of our communications and the internet at large.

    • Does the CIA plan to assassinate Duterte?

      President Duterte’s statement alleging that the Central Intelligence Agency (CIA) plans to assassinate him is not as crazy as it sounds.


      Here are just a few examples of CIA’s covert ops against world leaders, as cited by the Guardian: “Earlier well-documented episodes include Congo’s first prime minister, Patrice Lumumba of Congo, judged by the US to be too close to close to Russia. In 1960, the CIA sent a scientist to kill him with a lethal virus, though this became unnecessary when he was removed from office in 1960 by other means.”

      “Other leaders targeted for assassination in the 1960s included the Dominican
      dictator Rafael Trujillo, president Sukarno of Indonesia, and president Ngo Dinh Diem of South Vietnam. In 1973, the CIA helped organise the overthrow
      of Chile’s president, Salvador Allende, deemed to be too left wing: he died on the day of the coup.”

      The CIA was reportedly involved not only in the killings of political leaders (usually done by military or opposition forces the spy agency was assisting), but also in the many coup d’etats and rebellions in South American countries, including Chile, Bolivia, Haiti, Panama, Peru, Argentina, El Salvador, Brazil, Guatemala, Uruguay, and Venezuela.

    • ‘The CIA is listening & may kill me’: Duterte mulls ditching his smartphone

      Philippines President Rodrigo Duterte is thinking of dumping his smartphone over fears that the CIA is constantly eavesdropping on his conversations and might use his private information to eventually assassinate him.

      “I know, the US is listening. I’m sure it’s the CIA, it’s also the one who will kill me,” Duterte said in Cebu City on Tuesday, rejuvenating fears that Washington may seek his demise over his independent foreign policy and willingness to obtain weapons from other global suppliers.

      To avert possible smartphone intrusion by outside powers, which Duterte said could include “Russia, China, Israel, and maybe Indonesia,” the 73-year-old leader is considering going back to using a basic cellphone, with which eavesdropping and interception is harder.

    • Central Florida police, fire departments embrace drones despite privacy concerns
    • Win! Landmark Seventh Circuit Decision Says Fourth Amendment Applies to Smart Meter Data

      The Seventh Circuit just handed down a landmark opinion, ruling 3-0 that the Fourth Amendment protects energy-consumption data collected by smart meters. Smart meters collect energy usage data at high frequencies—typically every 5, 15, or 30 minutes—and therefore know exactly how much electricity is being used, and when, in any given household. The court recognized that data from these devices reveals intimate details about what’s going on inside the home that would otherwise be unavailable to the government without a physical search. The court held that residents have a reasonable expectation of privacy in this data and that the government’s access of it constitutes a “search.”

      This case, Naperville Smart Meter Awareness v. City of Naperville, is the first case addressing whether the Fourth Amendment protects smart meter data. Courts have in the past held that the Fourth Amendment does not protect monthly energy usage readings from traditional, analog energy meters, the predecessors to smart meters. The lower court in this case applied that precedent to conclude that smart meter data, too, was unprotected as a matter of law. On appeal, EFF and Privacy International filed an amicus brief urging the Seventh Circuit to reconsider this dangerous ruling.

    • Duterte again accuses CIA of wanting him dead and bugging his phone

      President Duterte has again claimed the CIA wants to kill him and has accused the US spy agency of bugging his telephone conversations.

      Speaking at a government conference in Cebu today (Tuesday, August 21), he said: “I know, the US is listening. I’m sure it’s the CIA. It’s also the one who will kill me.”

    • Duterte: CIA could be listening to my conversations

      President Rodrigo Duterte on Tuesday said the United States’ Central Intelligence Agency (CIA) could be listening to his phone conversations, as he revived his allegations that the agency was out to kill him.

    • Report: Nakasone Recommends Keeping NSA, CyberCom Under Same Head

      General Paul Nakasone, head of the National Security Agency (NSA) and U.S. Cyber Command (CyberCom), recommended keeping the agencies under the same leader for the next two years, according to a report by the Washington Post. The Post’s sources noted that Nakasone believes CyberCom still needs intelligence support from NSA. When asked for comment by MeriTalk, NSA media relations officer Chris Augustine responded: “As NSA Director General Paul M. Nakasone has acknowledged publicly, NSA confirms that General Nakasone has completed his 90 Day assessment on the status of the dual hat arrangement. He provided this to the Secretary of Defense and the Chairman of the Joint Chiefs of Staff for their review.”

    • FBI Tried To Get Google To Turn Over Identifying Info On Hundreds Of Phone Owners

      This is the sort of rummaging the Constitution is supposed to prevent. It’s understandable the FBI needed some assistance tracking down robbery suspects, but this grab for a wealth of information about 45 hectares of people milling about minding their own business, isn’t. And this sort of thing isn’t limited to the FBI. As was covered here earlier this year, the Raleigh PD did the same thing at least four times during criminal investigations in 2017.

      In this case, hundreds of people would have been swept up in the dragnet. Certainly, some post-acquisition data sifting would have occurred to narrow it down to people/devices near the location of robberies when they occurred. But whatever happens after info is obtained cannot be used to justify the original acquisition. This warrant never should have been signed.

      If there’s any good news coming out of this, it’s that Google either didn’t hand over the info requested or didn’t have the info requested on hand.

    • Documents Bare How Federal Researchers Went to Absurd Lengths to Undo Problematic Tattoo Recognition Research

      In response to an EFF investigation that uncovered deeply troubling research practices by the National Institute for Technology & Standards (NIST), a senior federal scientist stripped off his clothes, had another scientist draw all over his skin with washable markers, and then posed for the camera. Those images—obtained by EFF through a Freedom of Information Act lawsuit—illustrate federal officials’ absurd reaction to an EFF investigation that showed the research exploited prisoners while bypassing ethical oversight measures.

      As EFF revealed in 2016, NIST researchers partnered with the FBI on a multi-year program to advance the state of the art of tattoo recognition technology—computer algorithms that automatically identify someone by their tattoos and even identify the meaning of those tattoos. NIST documentation explicitly stated that one goal was to use this automated technology to identify a subject’s “affiliation to gangs, sub-cultures, religious or ritualistic beliefs, or political ideology”—raising major First Amendment concerns. In addition, EFF’s research discovered that NIST researches had used—and distributed to corporate and institutional researchers—images of thousands of prisoners’ tattoos without their consent and without going through the ethical oversight process that protects prisoners from being unwitting research subjects. Following EFF’s report, NIST scrambled to retroactively change the nature of the research by removing all references to religion from its already published materials and redacting tattoo images previously available on its website.

    • Google is being sued over ‘privacy-invading’ location data collection

      “Despite users’ attempts to protect their location privacy, Google collects and stores users’ location data, thereby invading users’ reasonable expectations of privacy, counter to Google’s own representations about how users can configure Google’s products to prevent such egregious privacy violations.”

      The whole shebang kicked off last week when a report from the Associated Press (AP) uncovered evidence of data collection by Google using another telemetry. When asked to explain itself, it said that it was possible to turn off location tracking more fully, using a completely erroneously labelled as ‘Web and App Activity’.

    • In France, Smart City Policing is Spreading Like Wildfire

      In March, we started unveiling what is surrounding the Orwellian project
      “Smart City™” in Marseille. But, as it turns out, Marseille is but a tree hiding the forest, as predictive policing and police surveillance centers boosted by Big Data tools are proliferating all over France. Nice is a good illustration: The city’s mayor, security-obsessed Christian Estrosi, has partnered with Engie Inéo and Thalès — two companies competing in this thriving market — for two projects meant to give birth to the “Safe City™” in Nice. Yet, in the face of the unhindered development of these technologies meant for social control, the president of the CNIL (France’s data protection agency) seems to find it urgent to… follow the situation. Which amounts to laisser-faire.

    • Police Bodycams Can Be Hacked to Doctor Footage

      As they proliferate, police body cameras have courted controversy because of the contentious nature of the footage they capture and questions about how accessible those recordings should be.

      But when it comes to the devices themselves, the most crucial function they need to perform—beyond recording footage in the first place—is protecting the integrity of that footage so it can be trusted as a record of events. At the DefCon security conference in Las Vegas on Saturday, though, one researcher will present findings that many body cameras on the market today are vulnerable to remote digital attacks, including some that could result in the manipulation of footage.

      Josh Mitchell, a consultant at the security firm Nuix, analyzed five body camera models from five different companies: Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc. The companies all market their devices to law enforcement groups around the US. Mitchell’s presentation does not include market leader Axon—although the company did acquire Vievu in May.

      In all but the Digital Ally device, the vulnerabilities would allow an attacker to download footage off a camera, edit things out or potentially make more intricate modifications, and then re-upload it, leaving no indication of the change. Or an attacker could simply delete footage they don’t want law enforcement to have.

    • Researcher Says Police Body Cameras Are An Insecure Mess

      The promise of transparency and accountability police body cameras represent hasn’t materialized. Far too often, camera footage goes missing or is withheld from the public for extended periods of time.

      So far, body cameras have proven most useful to prosecutors. With captured footage being evidence in criminal cases, it’s imperative that footage is as secure as any other form of evidence. Unfortunately, security appears to be the last thing on body cam manufacturers’ minds.

    • The NSA Continues to Violate Americans’ Internet Privacy Rights

      An upcoming federal appeals case could restore crucial privacy protections for millions of Americans who use the internet to communicate overseas.

      A federal court will be scrutinizing one of the National Security Agency’s worst spying programs on Monday. The case has the potential to restore crucial privacy protections for the millions of Americans who use the internet to communicate with family, friends, and others overseas.

      The unconstitutional surveillance program at issue is called PRISM, under which the NSA, FBI, and CIA gather and search through Americans’ international emails, internet calls, and chats without obtaining a warrant. When Edward Snowden blew the whistle on PRISM in 2013, the program included at least nine major internet companies, including Facebook, Google, Apple, and Skype. Today, it very likely includes an even broader set of companies.

    • Giving Privacy Badger a Jump Start

      When new users try Privacy Badger, they often get confused about why Privacy Badger isn’t blocking anything right away. But that’s because Privacy Badger learns about trackers as you browse; up until now, it hasn’t been able to block trackers on the first few sites it sees after being installed.

      With today’s update, however, new users won’t have to wait to see Privacy Badger in action. Thanks to a new training regimen, your Badger will block many third party trackers out of the box.


      Using Selenium for automation, our new training regimen has Privacy Badger visit a few thousand of the most popular websites on the Web, and saves what Privacy Badger learns. Then, when you install a fresh version of Privacy Badger, it will be as if your Badger has already visited and learned from all of those sites. As you continue browsing, your Badger will continue to learn and build a better understanding of which third parties are tracking you and how to block them.

      Every time we update Privacy Badger, we’ll update the pre-trained list as well. If you already use the extension, these updates won’t affect you. After you install Privacy Badger, it’s on its own: your Badger uses the information it had at install time combined with what it learns from your browsing. Future updates to the pre-trained list won’t affect your Badger unless you choose to reset the tracking domains it’s learned about. And as always, this learning is exclusive to your browser, and EFF never sees any of your personal information.

  • Civil Rights/Policing

    • Mother held in Dubai after wine row ‘sent bomb and death threats’

      She told BBC Radio Kent she had “never expected to get all of this”, with a bomb threat even made to her home.

    • No Immunity For ICE Attorney Who Submitted A Forged Document In A Deportation Hearing

      Love will be held personally responsible for violating the rights of an immigrant seeking naturalization. The record shows Lanuza was exactly the kind of person we want to welcome to the US — a person who was useful, productive, and by all accounts a model citizen. The only thing he was missing was the citizenship. And an ICE lawyer tried to take it all away and separate Lanuza from his family by submitting a forged document into evidence. The brazen dishonesty is shocking. The capricious cruelty of this move — completely unwarranted by Lanuza’s behavior during his decade in the US — is what really sticks in your throat.

    • Whistleblowers — RT Interview

      In the wake of anoth­er appar­ently vic­tim­ised whis­tleblower emer­ging from the US intel­li­gence com­munity, here is an inter­view on the sub­ject on RT…

    • Torture, missing evidence and procedural violations: how to make a terrorism case against 21 Russian Muslims

      In late July, a court in Ufa, capital of Bashkortostan, reached a final ruling in one of the largest cases concerning the Islamist party Hizb ut-Tahrir in recent years. Alleged and real members of the organisation, which is banned in Russia, have been targeted consistently over the past 15 years: since 2003, there were at least 50 trials concerning Hizb ut-Tahrir – and no less than 300 people have been convicted (mostly in Tatarstan and Bashkortostan) as a result.

      On this occasion, some 21 people were sentenced to between five and 24 years imprisonment. According to the investigation, the crimes of these men included reading certain books, as well as holding meetings and discussions about Islam. The defendants were charged under two articles of Russia’s Criminal Code: on terrorist organisations and on attempts to overthrow the constitutional order.

    • Arnold Ahlert: Reality Winner Reveals Deep-State Rot

      While the American Left was plumbing the depths of its ideologically induced ignorance by conflating John Brennan’s constitutional rights with his revoked security clearance, a shining example of Deep State rot has remained largely below the radar. On June 26, Reality Winner, a 26-year-old NSA contractor arrested for leaking classified information to a news outlet, pleaded guilty as charged. Last Thursday, it was revealed the virulently anti-Trump Georgia woman faces sentencing Aug. 23. According to the prosecutors’ court filings, Winner will receive the “longest sentence served by a federal defendant for an unauthorized disclosure to the media.”

    • Former NSA Contractor Faces “Longest Sentence” Ever Under Espionage Act

      A woman in Georgia is facing what some observers are calling “the longest sentence” ever imposed on someone convicted of leaking sensitive federal data to news outlets.

      Reality Winner — an ex-NSA contract employee — is the young woman looking at spending 10 years in federal prison, should the judge impose the harshest possible penalty at her sentencing hearing scheduled for August 23.

      Winner has been incarcerated since June after being charged and convicted of passing to The Intercept a classified NSA document detailing Russian attempts to meddle in the 2016 presidential election. Winner was eventually identified as the source of the document and was apprehended and convicted.

    • More Than 500 Children Are Still Separated. Here’s What Comes Next.

      It’s been nearly one month since a federal court ordered the Trump administration to reunite separated families, but hundreds of children are still waiting. In fact, as of 12:00 pm on August 16, 565 immigrant children remained in government custody.

      For 366 of those children, including six who are under the age of five, reunion is made all the more complicated by the fact that the government already deported their parents — without a plan for how they would be ever be located.

      After forcefully rejecting the government’s assertion that the ACLU is solely responsible for finding deported parents — rather than say, the administration who deported them — the court has ordered both us and the administration to create a plan to locate and reunite deported parents with their children.

  • Internet Policy/Net Neutrality

    • Apple sued over claims website is inaccessible to visually impaired users

      Mendez, said to be a proficient user of the Jobs Access With Speech (JAWS) screen reading program, visited the Apple website earlier this month but encountered “multiple access barriers” that denied “full and equal access to the facilities, goods, and services offered to the public,” such as being able to browse and purchase products, make service appointments, or learn of the facilities available in Apple Stores in New York, the city where Mendez is resident.

      The filing provides a long list of issues with the website that it believes needs fixing, in order to comply with the ADA, in relation to screen readers. The list includes the lack of alternative text for graphics, empty links containing no text, redundant links, and linked images missing alternative text.

    • A new Class Action Lawsuit has been filed against Apple on behalf of those that are Legally Blind or Visually Impaired

      Further into the lawsuit they note: …”simple compliance with the WCAG 2.0 Guidelines would provide Plaintiff and other visually-impaired consumers with equal access to the Website, Plaintiff alleges that Defendant has engaged in acts of intentional discrimination.”

    • 22 states jointly petition the Federal Circuit appeals court to reinstate Net Neutrality

      The Attorneys General of New York, California, Connecticut, Delaware, Hawaii, Illinois, Iowa, Kentucky, Maine, Maryland, Massachusetts, Minnesota, Mississippi, New Mexico, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, Virginia, Washington, and the District of Columbia have filed suit in the U.S. Court of Appeals for the D.C. Circuit, asking it to reinstate the Network Neutrality rules killed by Trump FCC Chairman Ajit Pai.

      The states argue that the FCC broke the rules that require administrative agencies to act on the basis of evidence, rather than whim or ideology. The Net Neutrality rule that Pai destroyed was passed after extensive consultation and an open, rigorous comment process, with hearings and other fact-finding activities.

    • 23 Attorneys General Urge Appeals Court To Restore Net Neutrality

      As expected, Mozilla, 22 State attorneys general, INCOMPAS, and numerous consumer groups this week asked a U.S. appeals court to reinstate FCC net neutrality rules. The state AGs, led by New York Attorney General Barbara Underwood, filed a lawsuit back in January attempting to overturn the repeal, arguing that the decision will ultimately be a “disaster for New York consumers and businesses.” Mozilla and a few other companies also filed suit, as well as consumer groups including Free Press and Public Knowledge.

    • Verizon Throttled The ‘Unlimited’ Data Plan Of A Fire Dept. Battling Wildfires

      We’ve long discussed how Verizon (like most U.S. cellular carriers) has a terribly-difficult time understanding what the word “unlimited” means. Way back in 2007 Verizon was forced to settle with the New York Attorney General after a nine-month investigation found the company was throttling its “unlimited” mobile data plans after just 5GB of data usage, without those limits being clearly explained to the end user. Of course Verizon tried for a while to eliminate unlimited data plans completely, but a little something called competition finally forced the company to bring the idea back from the dead a few years ago.

      But the company’s new “unlimited” data plans still suffer from all manner of fine print, limits, and caveats. That includes throttling all video by default (something you can avoid if you’re willing to pay significantly more), restrictions on tethering and usage of your phone as a hotspot or modem, and a 25 GB cap that results in said “unlimited” plans suddenly being throttled back to last-generation speeds as slow as 128 kbps. In short, Verizon still pretty clearly has no damn idea what the word unlimited actually means, nor does it much care if this entire mess confuses you.

    • EFF Tells the FTC Why We Need Better Competition and Consumer Protection Policies for Tech Companies

      The Federal Trade Commission (FTC) is wondering whether it might be time to change how the U.S. approaches competition and consumer protection. EFF has been thinking the same thing and come to the conclusion that yes, it is. On August 20, we filed six comments with the FTC on a variety of related topics to tell them some of the history, current problems, and thoughtful recommendations that EFF has come up with in our 28 years working in this space.

      Back in June 2018, the FTC announced it was going to hold hearings on “competition and consumer protection in the 21st century” and invited comment on 11 topics. As part of our continuing work looking at these areas as they intersect with the future of technology, EFF submitted comments on six of the topics listed by the FTC: competition and consumer protection issues in communication, information, and media technology networks; the identification and measurement of market power and entry barriers, and the evaluation of collusive, exclusionary, or predatory conduct or conduct that violates the consumer protection statutes enforced by the FTC, in markets featuring “platform” businesses; the intersection between privacy, big data, and competition; evaluating the competitive effects of corporate acquisitions and mergers; the role of intellectual property and competition policy in promoting innovation; and the consumer welfare implications associated with the use of algorithmic decision tools, artificial intelligence, and predictive analytics.

      Our goal in submitting these comments was to provide information and recommendations to the FTC about these complicated areas of Internet and technology policy. The danger is always that reactionary policies created in response to a high-profile incident may result in rules that restrict the rights of users and are so onerous that only established, big companies can afford to comply.

  • Intellectual Monopolies

    • High-stakes gambling with a bad hand

      Scientific Games Corp was handed a dead loss judgment for $305 million in a recent professional gambling antitrust case, which stemmed from patent misuse in an earlier lawsuit over an automatic card shuffler. This monopoly-beating jackpot will be divided among Shuffle Tech LLC, DigiDeal Corp, Aces Up Gaming, Inc and Poydras-Talrick Holdings LLC, which had claimed that Scientific Games’ patent infringement lawsuit against them was based on patents that Scientific Games knew were unenforceable.

    • Nokia reveals licencing charges for access to its 5G patents

      Nokia holds a swathe of patents for its intellectual property that will be essential for the rollout of next generation mobile networks

    • Hologic Wins $4.8M in Jury Verdict After Judge Determines Assignor Estoppel BarredPatent Invalidity Defenses

      On July 27th, a jury verdict entered in the District of Delaware awarded $4.8 million in lost profit and reasonable royalty damages to Marlboro, MA-based medical technology company Hologic Inc. after the jury determined that two of its patents were infringed by Redwood City, CA-based medical device company Minerva Surgical. At issue in the case was a technology marketed by Minerva to treat women dealing with abnormal uterine bleeding (AUB).

    • Abstraction, Filtration, and Comparison in Patent Law

      Last April, I had the good fortune to participate in a symposium at Penn Law School. The symposium gathered a variety of IP scholars to focus on the “historic” kinship between copyright and patent law. That kinship, first identified in Sony v. Universal Pictures, supposedly shows parallels between the two legal regimes. I use scare quotes because it is unclear that the kinship is either historic or real. Even so, there are some parallels, and a collection of papers about those parallels will be published in the inaugural issue of Penn’s new Law & Innovation Journal.

    • Request for Attorney Fees of $1.3 Million Reduced to $100 Thousand Due to Heavily Redacted Billing Records

      The court awarded defendant only $100,000 of its claimed $1.3 million in attorney fees under 35 U.S.C. § 285 because defendant failed to present sufficient evidence to support its fee claim.

    • Barcelona Court of Appeal considers that the “ex re ipsa” doctrine applies to patent matters

      Upon reading the title of this blog entry, readers may be wondering what the “ex re ipsa” doctrine involves. It therefore may be worth clarifying that it is a legal doctrine applied, for example, to cases dealing with damages, where the damage is presumed to have been caused (“causality”) when it is inherent to the activity that is the object of the complaint.

    • AIPPI appoints Arno Hold as executive director

      Hold was the Dean of external relations, member of the president’s board and lecturer on international trade at the University of St Gallen

    • EUIPO publishes 436 page survey on pre-Directive EU trade secrets protection

      The AmeriKat has been noticeably whiskers down in her day job over the past few months. But now, with the frenzy of a new Court term still several weeks away, she has taken the relatively quiet opportunity to review the much awaited publication of the EU IPO’s report entitled “The Baseline of Trade Secrets Litigation in the EU”. This report was commissioned by the EU IPO in order to prepare the future report that will assess what impact the EU Trade Secrets Directive has had (see previous Kat posts here). That report is to be published before 9 June 2021 (just think, 2021…what might be in store for us then?).

    • PCT Collaborative Search And Examination (CS&E) Pilot Project Run By The IP5 Offices

      On 1 July 2018, the IP5 Offices (EPO, KIPO, USPTO, JPO and SIPO) launched a pilot project to test a collaborative approach to international searches under the PCT, particularly with a view to assessing user interest for such a new PCT product and also look at the expected efficiency gains for the participating offices.

      In short, a PCT application filed in English can be entered in the pilot, with the EPO as ISA for example. If it is accepted by the EPO, the EPO will conduct its normal search and examination of the application. Before sending their report the EPO will send the application and its provisional search and examination to colleagues in each of the other four offices, who will review the report and comment on it and possibly update the search using their own resources.

    • With the strongest speech recognition portfolio, specialist operator Nuance holds off big tech players

      Boston-based computer software business Nuance Communications has the most grants and the highest quality patents related to speech recognition technologies, a new analysis examining the IP landscape of the field has revealed. In a report released earlier this month, IP analytics platform Relecura looked at more than 100,000 published patent applications (over half of which are granted) related to speech recognition technologies. Of these, over 33,500 have been filed in the US, compared to approximately 25,000 in China and 15,000 in Japan.

    • Trademarks

      • Dressing up a brand against lookalikes: part two

        Fashion brands may find it difficult to protect their designs under traditional methods of IP protection (for more information, please see “Dressing up a brand against lookalikes: part one”). Part two of this update looks at the more unconventional method of trade dress protection and highlights previous key trade dress cases in Russia.

      • Heaven Hill sues Bob Dylan-owned whiskey brand in trademark spat

        Attorneys for a well-known Kentucky bourbon maker are knock, knock, knockin’ on Bob Dylan’s door.

        Heaven Hill Distillery has filed a trademark infringement lawsuit against Heaven’s Door Spirits, a whiskey line co-owned by Dylan that was released earlier this year.

        The company’s name is a reference to Dylan’s 1973 song Knockin’ on Heaven’s Door.

        The lawsuit, filed Friday in U.S. District Court in Louisville, argues that the Bardstown-based company was founded by the Shapira family shortly after prohibition ended in the 1930s and has used the trademark for more than 80 years.

        A Heaven Hill attorney sent a cease-and-desist letter to Chicago-based Heaven’s Door in April, saying the start-up distillery’s use of its trademark “will create a likelihood of confusion” with the Kentucky bourbon brand’s products.

      • Heaven Hill Distillery Knocks On Bob Dylan’s Door Over His Heaven’s Door Whiskey For Trademark Infringement

        Trademark disputes in the alcohol industries are often times absurd enough to make the comments section question whether everyone involved was simply drunk. While I’m sure the lawyers on all sides tend to be sober, every once in a while you read a claim in a big-boy legal document that makes you pause and wonder. And, then, sometimes the dispute centers around a public figure punning off his own notoriety, making the trademark claims extra ludicrous.

        Meet Bob Dylan. Bob used to be a counterculture folksinger hero that eschewed the trappings of materialism and sang as one of the original social justice warriors. Present day Bob sings songs on car commercials and owns a Whiskey brand. And, hey, Bob’s allowed to make money, no matter how jarring this might be to those born decades ago. His Heaven’s Door Whiskey is, sigh, allowed to exist. It’s also allowed to fight back against the absurd trademark lawsuit brought by Heaven’s Hill Distillery over its logo and trade dress.

      • Has the CJEU quietly changed the conditions for safe harbour availability?

        This referral from Estonia was made in the context of proceedings that a collecting society, SNB-REACT, had initiated against an individual, Deepak Mehta, concerning the latter’s alleged liability for infringement of the IP rights of 10 trade mark owners.

        According to SNB-REACT, Mehta had allegedly registered a number of IP addresses and internet domain names, which unlawfully used signs identical to the trade marks owned by SNB-REACT members, together with websites unlawfully offering for sale goods bearing such signs.

        Mehta, however: (1) denied that he had registered the IP addresses and domain names challenged by the claimant; (2) even if he owned 38,000 IP addresses, he had rented them to third-party companies; and (3) this activity should be regarded as akin to that of a service providing access to an electronic communications network, together with an information transmission service, being – as a result – eligible for the safe harbour protection under the Estonian provisions corresponding to Article 12 to 14 of the E-Commerce Directive.

    • Copyrights

      • New Report Calls For Copyright For Public Benefit In Digital Era

        The report, “Creative Markets and Copyright in the Fourth Industrial Era: Reconfiguring the Public Benefit for a Digital Trade Economy,” was authored by Prof. Ruth L. Okediji, the Jeremiah Smith, Jr. professor of law at Harvard Law School.

        The report suggests that the rise of emerging technologies such as “big data, robotics, machine learning, and artificial intelligence (AI)” calls for “a more radical conception of global copyright norms” in order to “preserve, and even advance, public benefit in an era of digital trade.”

      • ROM sites are falling, but a legal loophole could save game emulation

        But what if there might be a middle ground that could thread the needle between the legality of original cartridges and the convenience of emulated ROMs? What if an online lending library, temporarily loaning out copies of ROMs tied to individual original cartridges, could satisfy the letter of the law and the interests of game preservation at the same time?

        What if such a library already exists? In fact, it has for 17 years.


Links 21/8/2018: deepin 15.7 and Git 2.19 RC

Posted in News Roundup at 12:00 pm by Dr. Roy Schestowitz

GNOME bluefish



  • Teaching kids Linux at summer camp

    As the late, great mathematician, computer scientist, and educator Seymour Papert once said, “I am convinced that the best learning takes place where the learner takes charge.” Unfortunately, most schools stifle children’s natural curiosity and creativity, locking down technology and reducing students to consumers of content they have no hand in creating.

    This summer, I had an opportunity to test Papert’s theory while teaching a session on open source technology to a small group of middle school students at a local summer camp. I used some of open source advocate Charlie Reisinger’s methods from his book, The Open Schoolhouse, to give the students the opportunity to explore and create their own knowledge. Reisinger says, “In an open schoolhouse, every student is trusted with learning technology and empowered to rewire and reshape the world.”

  • Desktop

    • True Believer

      With the fervor of the evangelical, I began to spread the word far and wide. I read incessantly, from Stallman to Torvalds, Searles, Moody, Knaapen, Raymond and Schroder, I learned the history and mechanics of Linux. I read not only of my new freedom but of the restrictions and limitations of other proprietary operating systems. The more I read, both my anger and excitement grew in equal measure. I took it upon myself to join The Movement against anything and anyone who stood in the way of spreading the news. This new way of operating your computer could indeed change the world. The Blog of helios began…

      and so it went. Surely The Year of the Linux Desktop was at hand. Year, after year, after year. and surely. It wore on me year after year, breakthrough after failure, hope dashed by hopelessness. Until the harsh, glaring truth descended upon me like a shipping container full of anvils…..

      We never had a prayer. We entered a race with all other contestants miles ahead.

      I rattled off a list of names above. Those who have inspired me and in more than one case, probably saved me from something terribly grim. Glyn Moody is one of those names. Glyn has been an inspiration to me since the turn of the century. I’ve come to count on Glyn for insightful and brutally honest commentary. He’s a brilliant writer and wastes no time with hyperbole. But aside from that, Glyn aided me at a time when I thought my life was over. To this day he has no idea, the part he played in turning me away from something horrible. We’ll just leave it at that.

    • Top Linux Applications For Office Use

      The next time you encounter a laptop or PC, pay attention to the operating system. Most likely it is not open source because closed-source platforms such as Windows and macOS have captured most of the PC client OS market.
      Open source OS programs such as Linux, makeup only a tiny bit of market share and rightly so – they still have a lot to do if they want to compete with the likes of MacOS and Windows in terms of appearance and functionality.

      Although Ubuntu and other distributions are a clear sign of progress, most companies are not yet ready to establish their employees with an open source operating system. The employees themselves are reluctant to use this operating system.

  • Kernel Space

    • A checklist for submitting your first Linux kernel patch

      One of the biggest—and the fastest moving—open source projects, the Linux kernel, is composed of about 53,600 files and nearly 20-million lines of code. With more than 15,600 programmers contributing to the project worldwide, the Linux kernel follows a maintainer model for collaboration.

      In this article, I’ll provide a quick checklist of steps involved with making your first kernel contribution, and look at what you should know before submitting a patch. For a more in-depth look at the submission process for contributing your first patch, read the KernelNewbies First Kernel Patch tutorial.

    • Nintendo Wii’s Guitar/Drums Will Work On The Linux 4.19 Kernel Plus Totem & Surface Dial

      Going back to 2011 there’s been a Nintendo Wii remote “Wiimote” driver in the Linux kernel but this unofficial hardware driver hasn’t worked with some of the devices that can interface with the Wiimote like devices for Rock Band and Guitar Hero. In 2018, that’s now changed with the in-development Linux 4.19 kernel.

    • Updated HID Drivers in Linux 4.19 Kernel Support Wiimote Instruments for Rock Band and Guitar Hero

      It would appear that a “Wiimote” driver has existed in the Linux kernel for the Nintendo Wii remote since 2011, but being an unofficial hardware driver, it hasn’t exactly worked with some of the devices that can interface with the Wiimite such as the instruments for Rock Band and Guitar Hero. Well, guess what? Now it does, thanks to some development in that regards on the Linux 4.19 kernel.

      Even though the Nintendo Wii is discontinued for several years now, a Linux developer has gotten the guitar and drum kits for Guitar Hero and Rock Band to work with the Wiimote while attached to Linux. The method is based on some never-mainlined patches from a few years ago, but the patches have been updated to work with the latest kernel / HID interfaces.

    • security things in Linux v4.18

      One of the many ways C can be dangerous to use is that it lacks strong primitives to deal with arithmetic overflow. A developer can’t just wrap a series of calculations in a try/catch block to trap any calculations that might overflow (or underflow). Instead, C will happily wrap values back around, causing all kinds of flaws. Some time ago GCC added a set of single-operation helpers that will efficiently detect overflow, so Rasmus Villemoes suggested implementing these (with fallbacks) in the kernel. While it still requires explicit use by developers, it’s much more fool-proof than doing open-coded type-sensitive bounds checking before every calculation. As a first-use of these routines, Matthew Wilcox created wrappers for common size calculations, mainly for use during memory allocations.

    • Linux 4.19 Raises The GCC Minimum Version Required To Build The Kernel

      Officially the Linux kernel listed GCC 3.2 as the minimum version of the GNU compiler needed. However, with Linux 4.19 that is being raised to GCC 4.6.

      Various architectures on older GCC4 releases had already been failing to cleanly compile the Linux kernel so with Linux 4.19 that minimum version supported is being set at GCC 4.6.

    • Linux 4.19 Kernel Now Requires GCC 4.6 to Build, Due to Compiling Failures on Older Architecture

      For Linux developers working on the kernel, the to-be-released Linux 4.19 kernel raises the GCC minimum version required for kernel building. The official Linux kernel has listed GCC 3.2 as the minimum version of the compiler required for kernel building, but Linux kernel 4.19 is raising that to GCC 4.6.

      This is because various architectures on older GCC4 releases have been failing to cleanly compile the Linux kernel, hence why GCC 4.6 is being set as the minimum. The kernel will also explicitly check for GCC 4.6.0 or newer and if not found, the compiler will error out.

      This is also beneficial for the kernel code, as the kernel devs were able to strip out several dozen lines of code for older GCC workarounds that were aimed at compiler bugs and behavioral differences in the older compiler releases.

    • Libratbag + Piper Allow For Great Logitech Gaming Mouse Support On Linux

      While Roccat previously backed their devices on Linux that is the case no more and what is left for the time being are various community/third-party applications for supporting gaming mice/keyboard configuration under Linux from Logitech to Razer and various other lesser known brands of gaming peripherals (Razer will hopefully change this, at least). One of the most promising efforts right now for unifying mouse configuration on Linux is libratbag and its GTK3 Piper interface. Ratbag and Piper have evolved into a very competent open-source project for configuring Logitech mice on the Linux desktop.

    • Linux Foundation

      • Performance and Scalability Systems Microconference Accepted into 2018 Linux Plumbers Conference

        Core counts keep rising, and that means that the Linux kernel continues to encounter interesting performance and scalability issues. Which is not a bad thing, since it has been fifteen years since the “free lunch” of exponential CPU-clock frequency increases came to an abrupt end. During that time, the number of hardware threads per socket has risen sharply, approaching 100 for some high-end implementations. In addition, there is much more to scaling than simply larger numbers of CPUs.

      • Trinity Desktop Environment New Release, New Read-Only File System Designed for Android Devices, CloudNative Conference Coming Up, Retro Arcade Games Coming to Polycade

        Mark your calendars for September 12-13: the CloudNative, Docker, and K8s Summit will be hosted in Dallas, Texas this year. To learn more, visit the official conference website.

      • Building a Cloud Native Future

        Cloud and open source are changing the world and can play an integral role in how companies transform themselves. That was the message from Abby Kearns, executive director of open source platform as a service provider Cloud Foundry Foundation, who delivered a keynote address earlier this summer at LinuxCon + ContainerCon + CloudOpen China, known as LC3.

        “Cloud native technologies and cloud native applications are growing,’’ Kearns said. Over the next 18 months, there will be a 100 percent increase in the number of cloud native applications organizations are writing and using, she added. “This means you can no longer just invest in IT,” but need to in cloud and cloud technologies as well.

    • Graphics Stack

      • Collabora Improves Graphics, Support for Chromebook Devices in Linux Kernel 4.18

        Collabora informs Softpedia about the contributions made by various of its developers to the recently released Linux 4.18 kernel series during its entire development cycle.

        Linux kernel 4.18 was released two weeks ago, and it’s currently the most advanced Linux kernel series featuring mention Spectre V1 and V2 mitigations for 32-bit ARM architectures, Spectre V4 mitigations for ARM64 (AArch64) and ARMv8 architectures, as well as a just-in-time compiler for eBPF programs on 32-bit (x86) architectures.

        It also improves discard support for the F2FS (Flash-Friendly File System) file system, adds official support for the Qualcomm Snapdragon 845 ARM mobile processor, as well as better support for USB Type-C and USB 3.2 connections, and initial support for the upcoming Radeon Vega 20 graphics processing units.

      • Mesa 18.2 Is Releasing Soon With Many OpenGL / Vulkan Driver Improvements

        Mesa 18.2.0 is expected to be released in the days ahead as the latest quarterly feature release to this collection of open-source user-space graphics driver components. As has been the case each quarter for particularly the past few years, these timed quarterly releases are quite feature-packed.

    • Benchmarks

      • The Impact Of The CPU Frequency Scaling Governor On AMD Threadripper 2990WX Linux Performance

        One of many test requests we have received concerning the AMD Threadripper 2 Linux performance was to look at the impact of the different CPU frequency scaling governors, particularly for the 32-core / 64-thread Ryzen Threadripper 2990WX. Here are those CPUFreq governor benchmarks for those interested in squeezing slightly better performance out of your HEDT system by changing how aggressively or not the system is shifting power states to higher frequencies.

  • Applications

    • Flatpak Post-1.0 Will Focus On Infrastructure Work

      Now that Flatpak 1.0 was released yesterday, what’s next for this leading Linux app sandboxing and distribution framework?

      Alex Larsson, the Red Hat developer who started Flatpak (originally known as XDG-App), has shared his personal commentary on reaching the big “1.0″ milestone for Flatpak. He does expect the rate of change to Flatpak itself to now decrease with having a solid — and stable — footing in place. But moving past the 1.0 release, Larsson and the team will be focusing on the infrastructure around Flatpak.

    • Kick-starting the revolution 1.0

      Yesterday marked the day when we finally released Flatpak 1.0 (check out the release video!). I want to thank everyone who helped make this a reality, from writing code, to Flathub packaging, to just testing stuff and spreading the word. Large projects like this can’t be done by a single person, its all about the community.

      With 1.0 out, I expect the rate of change in Flatpak itself to slow down. Going forward the focus will be more on the infrastructure around it. Things like getting 1.0 into all distributions, making portals work well, ensuring Flathub works smoothly and keeps growing, improving our test-suites and working on the runtimes.

    • Flatpak 1.0 Released, Could Be the Best Decentralized Linux App Sandboxing Tool

      The Linux app sandboxing tool Flatpak 1.0 (previously known as XDG-App) has been released as their new stable release series. Flatpak packages GNOME in the main runtime, and is advocated for by at least 16 different Linux distributions.

      One of the main differences between Flatpak and similar tools like Snap is that Flatpak is entirely decentralized from, for example, the Canonical store, and also Flatpak utilizes a collection of oneshot applications that perform their task and exit, instead of a daemon that runs in the background.

    • 8 Feature Rich Image Viewers for Linux

      Is your default image viewer not giving you the image viewing experience you desire? Do you feel frustrated that it lacks other essential editing capabilities that you think are crucial for a more immersive viewing and editing experience?

      In this tutorial, we’ll look some nice alternative image viewer to the default one on Linux and see how to install its packages on Ubuntu, Centos and Arch Linux.

    • GIMP 2.10.6 Released with Vertical Text, New Filters and Improvements

      GIMP 2.10.6 lands with some new features. Here’s what’s new.

      GIMP, the best image editor for Ubuntu, Linux ecosystem recently released a revamped version post major release of 2.10 version (which we covered here).

    • Dropbear SSH a lightweight alternative to OpenSSH

      Dropbear is a small and lightweight SSH server and client that can replace OpenSSH on any POSIX platform such as GNU / Linux, * BSD, Cygwin … Dropbear is free software since it is released under MIT-style licenses.

    • Moreutils – A Collection Of More Useful Unix Utilities

      We all know about GNU core utilities that comes pre-installed with all Unix-like operating systems. These are the basic file, shell and text manipulation utilities of the GNU operating system. The GNU core utilities contains the commands, such as cat, ls, rm, mkdir, rmdir, touch, tail, wc and many more, for performing the day-to-day operations. Among these utilities, there are also some other useful collection of Unix utilities which are not included by default in the Unix-like operating systems. Meet moreutilis, a growing collection of more useful Unix utilities. The moreutils can be installed on GNU/Linux, and various Unix flavours such as FreeBSD, openBSD and Mac OS.

    • Proprietary

      • Opera 55 Web Browser Debuts with Easier Installation of Chrome Extensions, More

        Opera Software has promoted this week the Opera 55 Chromium-based web browser to the stable channel for all supported platforms, including Windows, Mac, and Linux.

        Opera 55 is now the most stable version of the Chromium-based and cross-platform web browser, a release that adds yet another layer of improvements and new features, starting with the installation of Google Chrome extensions from the Chrome Web Store, which is now a lot easier thanks to a new “Install Extension’ button that’ll be displayed on top of the page when visiting the extensions web store.

      • Opera 55 offers better control of web pages and more accessible bookmarks

        It has been a big summer for us at Opera, and today we are excited to unveil Opera 55.

        The new stable build of our browser includes a smarter layout for the settings page, an expanded security badge and page information pop-up for better page control, easier Chrome Web Store extension installation and more accessible bookmarks.

        Our busy and exciting summer continued on July 27 when we became a listed company on the Nasdaq market and enjoyed a successful initial public offering. This was a major milestone for our company, and one we could not have accomplished without the support and trust from you, our users! A week later, Opera launched as a snap in the Snap Store for Linux systems.

    • Instructionals/Technical

    • Wine or Emulation

    • Games

      • The Linux version of Graveyard Keeper is now available on GOG

        Need to hide a few bodies? Graveyard Keeper is now available for Linux on GOG after being missed at the release.

        It was actually added a day or so after the initial release. Sometimes the Linux version is missing when a game is released on GOG, as the Linux team at GOG discover issues in it. The game did indeed have some pressing issues at release, a fair few have been fixed now so it is quite a bit better.

      • Life is Strange 2 officially revealed with a new trailer

        While we don’t yet know about Linux support, I will honestly be shocked if Feral Interactive didn’t port Life is Strange 2. Especially since they ported the original to Linux and are currently porting Before the Storm which is a little delayed.

      • The Jackbox Party Pack 5 now has a Steam page and it’s going to release with Linux support

        Currently scheduled to release “Fall 2018″, The Jackbox Party Pack 5 is the latest pack of crazy party games from Jackbox Games, Inc. and it should be coming out with Linux support.

      • Combat helicopters are coming to War Thunder in the next update

        Gaijin Entertainment have announced that combat helicopters are coming to War Thunder [Steam, Official Site] along with a teaser trailer.

      • The action RPG Underworld Ascendant is now releasing in November

        The action RPG Underworld Ascendant [Official Site] from OtherSide Entertainment is now going to release on November 15th and they have a new trailer. They previously said it would be September, so hopefully the extra time will make it a better game.

        Last we heard from them, they were still planning Linux support although they didn’t have a specific date nailed down for the Linux version just yet, so do keep that in mind.

      • Bloodstained: Ritual of the Night delayed again, this time until 2019

        Not for the first time, Bloodstained: Ritual of the Night has been delayed and will now launch in 2019.

        Writing in a Kickstarter update, they confirmed it’s to increase the quality of the game as a whole after they gathered feedback from a special backer demo. Delays sadly happen and if we can get a decent game out of this then I will be happy. Hopefully it will give them time to ensure the Linux version is nicely polished too. The Vita version was cancelled along with this announcement.

      • Die for Valhalla! is an action RPG that has you possess enemies and objects

        A supernatural Valkyrie with the ability to possess things, what could possibly go wrong? Go ahead and Die for Valhalla!

        Released back at the end of May with full Linux support, Die for Valhalla! offers an action-RPG with single-player and local co-op options for up to four people.

      • BATTLETECH has an expansion named FLASHPOINT coming out this November

        Even though they still haven’t managed to get the Linux version out yet, Harebrained Schemes and Paradox Interactive have announced the FLASHPOINT expansion for BATTLETECH. As a reminder, we spoke to the developer earlier this month about the Linux version which they do hope to release soon.

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • KDevelop 5.2.4 released

        As the last stabilization and bugfix release in the 5.2 series, we today make KDevelop 5.2.4 available for download. This release contains a few bug fixes and a bit of polishing, as well as translation updates, and should be a very simple transition for anyone using 5.2.x currently.

      • flameshot – simple to use screenshot program

        Being able to take a screenshot comes in handy so many times. Linux is blessed with a good range of competent screenshot software. One which has recently caught our attention is Flameshot, an easy to use, open source, Qt-based screenshot utility which is adept at capturing custom areas of a desktop.

        It’s a complete screen capture and snipping tool with some unique and interesting features. We didn’t think a screenshot tool could capture (no pun intended) our attention this much!

      • Qt5 Screenshot Tool FlameShot 0.6.0 Adds Pin And Text Tools, More

        Flameshot, a Qt 5 screenshot tool, has been updated with new features, like new pin and text tools, a new side panel, and other important improvements.

        Flameshot is a tool for taking screenshots which includes features like annotations (you can draw lines, arrows, blur or highlight text, etc. on the screenshot), upload screenshot to Imgur, and more. It comes with a GUI but it can also be controlled from the command line, and it supports X11 while also having experimental Wayland support for Gnome and Plasma.

        The biggest change in Flameshot 0.6.0 is for me the merge of its 3 menu entries into a single entry. Previously, Flameshot installed 3 menu entries, for taking a screenshot, launch the application in tray mode, or open its settings, which was confusing.

    • GNOME Desktop/GTK

      • Robert Roth: Five or More GSoC
      • Adventures with NVMe, part 2

        A few days ago I asked people to upload their NVMe “cns” data to the LVFS. So far, 643 people did that, and I appreciate each and every submission. I promised I’d share my results, and this is what I’ve found:

      • The Next Challenge For Fwupd / LVFS Is Supporting NVMe SSD Firmware Updates

        With UEFI BIOS updating now working well with the Fwupd firmware updating utility and Linux Vendor Firmware Service (LVFS) for distributing these UEFI update capsules, Richard Hughes at Red Hat is next focusing on NVMe solid-state drives for being able to ship firmware updates under Linux.

        Hughes is in the early stages at looking to support NVMe firmware updates via LVFS/fwupd. Currently he is hoping for Linux users with NVMe drives to send in the id-ctrl identification data on your drives to him. This data will be useful so he knows what drives/models are most popular but also for how the firmware revision string is advertised across drives and vendors.

  • Distributions

    • Reviews

      • Robolinux 9.3 Raptor – Bird of prey?

        Robolinux 9.3 Raptor is an interesting project. On one hand, it does most of the basics well, offers good functionality out of the box, comes with modern features and software, and tries to provide unique value through its Stealth VM capability. Quite commendable on that front.

        Unfortunately, there are problems, too. The looks are more than questionable, the aggressive focus on donations spoils the experience and even breeds a sense of mistrust, hardware compatibility can be quite a bit better, and there were also some crashes and a dozen papercuts typical of small distros. In the end, it’s still Ubuntu, improved and spoiled by the extras. The security card is flashed way too many times, and it creates a sour feeling. This is a neat distro, but it tries too hard.

        All in all, it has its own identity, and it could become quite useful to new users, but it’s overwhelming in its current guise, and the desktop stability needs to improve, pretty much across the board. It deserves something like 7/10. Well, that said, I’m looking forward to the next release, hopefully with more aesthetic focus and a fully streamlined operating system conversion and migration experience for new users. Now that could really be a killer feature. Take care.

    • New Releases

      • deepin 15.7 – Enjoy The Better Performance

        deepin 15.7 mainly optimizes the performance, including ISO size reduction, laptop power optimization and memory optimization. What is more, it fixed many bugs found in deepin 15.6.

      • Deepin 15.7 Ships With Power/Performance Optimizations, NVIDIA PRIME Support

        Deepin 15.7 is the project’s new release under their new versioning scheme. Deepin 15.7 features a smaller footprint for its ISO, laptop power optimizations yielding a standby time up to 20% longer, lower memory consumption, NVIDIA PRIME support, and a variety of bug fixes and other improvements to this desktop-focused Linux distribution.

      • Deepin 15.7 Released, Claims to Use Less Memory Than Ubuntu

        A new version of the Deepin Linux distribution has been released — and it boasts significantly lower memory usage.

        A performance-focused update building on the Deepin 15.6 release launched back in June, Deepin 15.7 also features improvements to power consumption and a smaller ISO download size.

      • deepin 15.7 Linux Distro Released With Size Reduction And Memory Optimization

        deepin desktop edition is known to often preferred by the users who love to use a system that’s easy to use and good looking as well. In June, the developers of the distro shipped deepin 15.6 with 217 bug fixes and a new welcome program to let you customize your computer as per your preference.

        Just recently, deepin 15.7 was released to bring even more improvements and polishing. Apart from the major features rolling out with this release, an important change has taken place in deepin version naming and upgrade strategy.

      • deepin Linux 15.7 available for download

        Yeah, there are way too many Linux distributions these days. You know what, though? Many of them are great! True, it is probably a waste of resources, but as long as high-quality distros are being released, who really cares?

        One such excellent Linux-based desktop operating system is the beautiful deepin. Today, that OS reaches version 15.7. The distribution features significant performance improvements, a new laptop battery saving mode, a reduced ISO image size (nearly 20 percent), and better memory optimization. Owners of laptops with Nvidia hybrid graphics will appreciate improved compatibility thanks to NVIDIA-PRIME.

      • Deepin 15.7 Released With Fixes for Memory Leakage, Chrome and Firefox Updates

        The Debian-based Deepin Linux distro has just been updated to Deepin 15.7, which falls under the project’s new versioning scheme. Among its features are a smaller ISO footprint, laptop power optimizations which should yield a 20% longer standby time, support for NVIDIA PRIME, lower memory consumption, and just overall bug fixes and improvements to the distro.

        There’s a lot of improvements to be found in this release, including a rebuilt network plugin, optimized system volume, an optimized switching effect between desktops, and updates to Google Chrome and Firefox Quantum (ZH).

      • Freespire 4.0 Released

        Today we are pleased to announce the release of Freespire 4.0. Freespire 4.0 is our newest release in the Freespire line. Freespire 4.0 is a free release in both terms of cost and code. Freespire 4.0 is a migration of our current 16.04 LTS codebase to the 18.04 LTS codebase which brings with it many improvements to usability and to hardware support. Freespire 4.0 is also the base for our commercial Linspire release

      • Freespire 4.0 Released, The Linux Distribution That Originated As “Lindows”

        Earlier this year development on Linspire/Freespire was restarted for this Linux distribution that dates back to 2001 when it launched as “Lindows” before having to be renamed due to a trademark dispute with Microsoft. Back in January, PC/OpenSystems who is now developing the distribution, the Freespire 3.0 release debuted while today Freespire 4.0 is available.

        Freespire 4.0 migrates from an Ubuntu 16.04 LTS base to now relying upon the Ubuntu 18.04 “Bionic Beaver” archive and is also now serving as the base for their next Linspire release. Freespire 4.0 pushes the desktop in a different direction from upstream Ubuntu and some of its default applications include Geary, Chromium, Abiword, Gnumeric, Audacious, Totem, G-Debi, and Synaptic. Freespire 4.0 is supporting both Snaps and Flatpak packaging.

      • Freespire 4.0 Officially Released, Based on Ubuntu 18.04 LTS (Bionic Beaver)

        The Freespire 4.0 Linux-based operating system has been officially released as the first major version, as project leader Roberto J. Dohnert informed Softpedia earlier today.

        Based on the Ubuntu 18.04 LTS (Bionic Beaver) operating system series, Freespire 4.0 promises to offer users a stunning graphical interface that’s familiar to those coming from another Linux OS or even from a Windows OS. It also features an intuitive dark mode for professionals and those who like dark themes.

    • OpenSUSE/SUSE

      • [Older] Language, Networking Packages Get Updates in Tumbleweed

        There were two openSUSE Tumbleweed snapshots this past week that mostly focused on language and network packages.

        The Linux Kernel also received an update a couple days ago to version 4.17.13.

        The packages in the 20180812 Tumbleweed snapshot brought fixes in NetworkManager-applet 1.8.16, which also modernized the package for GTK 3 use in preparations for GTK 4. The free remote desktop protocol client had its third release candidate for freerdp 2.0.0 where it improved automatic reconnects, added Wave2 support and fixed automount issues. More network device card IDs for the Intel 9000 series were added in kernel 4.17.13. A jump from libstorage-ng 4.1.0 to version 4.1.10 brought several translations and added unit test for probing xen xvd devices. Two Common Vulnerabilities and Exposures fixes were made with the update in postgresql 10.5. Several rubygem packages were updated to versions 5.2.1 including rubygem-rails 5.2.1, which makes the master.key file read-only for the owner upon generation on POSIX-compliant systems. Processing XML and HTML with python-lxml 4.2.4 should have fewer crashes thanks to a fix of sporadic crashes during garbage collection when parse-time schema validation is used and the parser participates in a reference cycle. Several YaST packages receive updates including a new ServiceWidget to manage the service status with yast2-ftp-server 4.1.3 as well with yast2-http-server, yast2-slp-server and yast2-squid 4.1.0 versions.

    • Red Hat Family

    • Debian Family

      • Debian GNU/Linux 9 “Stretch” Receives L1 Terminal Fault Mitigations, Update Now

        The Debian Project released today a new Linux kernel security update for Debian GNU/Linux 9 “Stretch” users to address the recently disclosed L1 Terminal Fault vulnerabilities.

        According to the security advisory published on Monday, the new kernel security update addresses both CVE-2018-3620 and CVE-2018-3646 vulnerabilities, which are known as L1 Terminal Fault (L1TF) or Foreshadow. These vulnerabilities had an impact on normal systems, as well as virtualized operating systems, allowing a local attacker to expose sensitive information from the host OS or other guests.

      • Derivatives

        • Canonical/Ubuntu

          • The Fridge: Ubuntu Weekly Newsletter Issue 541

            Welcome to the Ubuntu Weekly Newsletter, Issue 541 for the week of August 12 – 18, 2018.

          • Flavours and Variants

            • LinuxAIO – Test All The Ubuntu Flavours at Once

              We recently released an article wherein I discussed which Ubuntu flavour you should choose, and if you checked it out you will notice that there are well over 5 flavours to pick with varying main features. Would you like to try all of them for yourself but have limited time and resources? Today is your lucky day, then.

              If you haven’t heard about LinuxAIO before, it is a tool that enables you to run multiple major Linux distributions directly from a single ISO file on a USB 4GB+/8GB+ flash drive or DVD / DVD DL. Every distro can be used as a Live system without the requirement of hard drive installations.

              LinuxAIO currently supports Ubuntu and its most popular flavors, Linux Mint, Debian Live, LMDE, and a variety of other secondary releases as listed on its website.

              This utility tool also comes with inbuilt tools for hardware detection and memory testing – features that will come in handy if you’re not sure of your system specs.

  • Devices/Embedded

Free Software/Open Source

  • Nerd Knobs and Open Source in Network Software

    Tech is commoditizing. I’ve talked about this before; I think networking is commoditizing at the device level, and the days of appliance-based networking are behind us. But are networks themselves a commodity? Not any more than any other system.

    We are running out of useful features, so vendors are losing feature differentiation. This one is going to take a little longer… When I first started in network engineering, the world was multiprotocol, and we had a lot of different transports. For instance, we took cases on IPX, VIP, Appletalk, NetBios, and many other protocols. These all ran on top of Ethernet, T1, Frame, ATM, FDDI, RPR, Token Ring, ARCnet, various sorts of serial links … The list always felt a little too long, to me. Today we have IPv4, IPv6, and MPLS on top of Ethernet, pretty much. All transports are framed as Ethernet, and all upper layer protocol use some form of IP. MPLS sits in the middle as the most common “transport enhancer.” The first thing to note is that space across which useful features can be created is considerably smaller than it used to be.

  • Events

    • Meetings that make people happy: Myth or magic?

      People tend to focus on the technical elements of meeting prep: setting the objective(s), making the agenda, choosing a place and duration, selecting stakeholders, articulating a timeline, and so on. But if you want people to come to a meeting ready to fully engage, building trust is mission-critical, too. If you need people to engage in your meetings, then you’re likely expecting people to come ready to share their creativity, problem-solving, and innovation ideas.

  • Web Browsers

    • Mozilla

      • Mozilla Announces 26 New Fellows in Openness, Science, and Tech Policy

        These technologists, activists, and scientists will spend the next 10 to 12 months creating a more secure, inclusive, and decentralized internet

        A neuroscientist building open-source hardware. A competition expert studying net neutrality enforcement in Nigeria. A technologist studying tools that combat disinformation.

        These are just three of Mozilla’s latest Fellows — 26 technologists, activists, and scientists from more than 10 countries. Today, we’re announcing our 2018-2019 cohort of Fellows, who begin work on September 1, 2018.

      • AV1 and the Video Wars of 2027

        Author’s Note: This post imagines a dystopian future for web video, if we continue to rely on patented codecs to transmit media files. What if one company had a perpetual monopoly on those patents? How could it limit our access to media and culture? The premise of this cautionary tale is grounded in fact. However, the future scenario is fiction, and the entities and events portrayed are not intended to represent real people, companies, or events.

      • Volunteer Add-on Reviewer Applications Open

        Thousands of volunteers around the world contribute to Mozilla projects in a variety of capacities, and extension review is one of them. Reviewers check extensions submitted to addons.mozilla.org (AMO) for their safety, security, and adherence to Mozilla’s Add-on Policies.

        Last year, we paused onboarding new volunteer extension reviewers while we updated the add-on policies and review processes to address changes introduced by the transition to the WebExtensions API and the new post-review process.

  • Pseudo-Open Source (Openwashing)

  • BSD

    • An Insight into the Future of TrueOS BSD and Project Trident

      Last month, TrueOS announced that they would be spinning off their desktop offering. The team behind the new project, named Project Trident, have been working furiously towards their first release. They did take a few minutes to answer some of our question about Project Trident and TrueOS. I would like to thank JT and Ken for taking the time to compile these answers.

    • July/August 2018 Issue of the FreeBSD Journal Now Available

      The July/August 2018 issue of the FreeBSD Journal is now available! The latest issue is focused on Big Data and features articles on High-performance

  • Openness/Sharing/Collaboration

    • Open Hardware/Modding

      • Open-Source RISC-V-Based SoC Platform Enlists Deep Learning Accelerator

        SiFive introduces what it’s calling the first open-source RISC-V-based SoC platform for edge inference applications based on NVIDIA’s Deep Learning Accelerator (NVDLA) technology.

        A demo shown at the Hot Chips conference consists of NVDLA running on an FPGA connected via ChipLink to SiFive’s HiFive Unleashed board powered by the Freedom U540, the first Linux-capable RISC-V processor. The complete SiFive implementation is suited for intelligence at the edge, where high-performance with improved power and area profiles are crucial. SiFive’s silicon design capabilities and innovative business model enables a simplified path to building custom silicon on the RISC-V architecture with NVDLA.

      • SiFive Announces First Open-Source RISC-V-Based SoC Platform With NVIDIA Deep Learning Accelerator Technology

        SiFive, the leading provider of commercial RISC-V processor IP, today announced the first open-source RISC-V-based SoC platform for edge inference applications based on NVIDIA’s Deep Learning Accelerator (NVDLA) technology.

        The demo will be shown this week at the Hot Chips conference and consists of NVDLA running on an FPGA connected via ChipLink to SiFive’s HiFive Unleashed board powered by the Freedom U540, the world’s first Linux-capable RISC-V processor. The complete SiFive implementation is well suited for intelligence at the edge, where high-performance with improved power and area profiles are crucial. SiFive’s silicon design capabilities and innovative business model enables a simplified path to building custom silicon on the RISC-V architecture with NVDLA.

      • SiFive Announces Open-Source RISC-V-Based SoC Platform with Nvidia Deep Learning Accelerator Technology

        SiFive, a leading provider of commercial RISC-V processor IP, today announced the first open-source RISC-V-based SoC platform for edge inference applications based on NVIDIA’s Deep Learning Accelerator (NVDLA) technology.

        The demo will be shown this week at the Hot Chips conference and consists of NVDLA running on an FPGA connected via ChipLink to SiFive’s HiFive Unleashed board powered by the Freedom U540, the world’s first Linux-capable RISC-V processor. The complete SiFive implementation is well suited for intelligence at the edge, where high-performance with improved power and area profiles are crucial. SiFive’s silicon design capabilities and innovative business model enables a simplified path to building custom silicon on the RISC-V architecture with NVDLA.

      • Building microprocessor architectures on open-source hardware and software

        “The real freedom you get from open source projects is much more, and more important than the fact that you don’t have to pay for it,” Frank Gürkaynak, Director of ETHZ’s Microelectronics Design Center, writes in an article posted on All About Circuits. “Researchers can take what we provide and freely change it for their experiments. Startup companies can build on what we provide as a starting point and concentrate their time and energy on the actual innovations they want to provide. And people who are disturbed by various attacks on their systems [1, 2] have the chance to look inside and know what exactly is in their system.”

      • Create DIY music box cards with Punchbox

        That first time almost brought tears to my eyes. Mozart, sweetly, gently playing on the most perfect little music box. Perfectly! No errors in timing or pitch. Thank you, open source—without Mido, Svgwrite, PyYAML, and Click, this project wouldn’t have been possible.

  • Programming/Development

    • Git v2.19.0-rc0 [Ed: Microsoft spends billions of imaginary money trying to extinguish it and shore up its proprietary software]

      An early preview release Git v2.19.0-rc0 is now available for testing at the usual places. It is comprised of 707 non-merge commits since v2.18.0, contributed by 60 people, 14 of which are new faces.

    • Git 2.19 Begins Its Release Dance, RC0 Is Up For Testing

      Junio Hamano issued the first release candidate on Monday of the upcoming Git 2.19 distributed revision control system update.

      Git 2.19-RC0 comes with hundreds of changes over Git 2.18. There isn’t any select standout features of this new release but a lot of continued code churn all over the place with a ton of smaller additions.


  • Hardware

    • NVIDIA Unveils The GeForce RTX 20 Series, Linux Benchmarks Should Be Coming

      NVIDIA CEO Jensen Huang has just announced the GeForce RTX 2080 series from his keynote ahead of Gamescom 2018 this week in Cologne, Germany.

    • NVIDIA have officially announced the GeForce RTX 2000 series of GPUs, launching September

      The GPU race continues on once again, as NVIDIA have now officially announced the GeForce RTX 2000 series of GPUs and they’re launching in September.

      This new series will be based on their Turing architecture and their RTX platform. These new RT Cores will “enable real-time ray tracing of objects and environments with physically accurate shadows, reflections, refractions and global illumination.” which sounds rather fun.

    • NVIDIA Launches GeForce RTX 2000 Series With 6x Faster Performance

      Last week we saw the release of the professional Quadro RTX series at SIGGRAPH 2018. As expected, Nvidia has now unveiled its latest consumer-facing cards as well. The company unveiled the new GeForce RTX 2000 series of graphics cards at Gamescom in Germany.

      Just like the Quadro series, the RTX 2080 is also based on Nvidia’s newly introduced Turing architecture. The company unveiled the RTX 2070, RTX 2080, and RTX 2080 Ti promising up to 6x better performance than its predecessors.

  • Security

    • Fix for July’s Spectre-like bug is breaking some supers

      High-performance computing geeks are sweating on a Red Hat fix, after a previous patch broke the Lustre file system.

      In July, Intel disclosed patches for another Spectre-like data leak bug, CVE-2018-3693.

      Red Hat included its own fixes in an August 14 suite of security patches, and soon after, HPC sysadmins found themselves in trouble.

      The original report, from Stanford Research Computing Center, details a failure in LustreNet – a Lustre implementation over InfiniBand that uses RDMA for high-speed file and metadata transfer.

    • Aqua Security Launches Open-Source Kube-Hunter Container Security Tool

      Aqua Security has made its new Kube-hunter open-source tool generally available, enabling organizations to conduct penetration tests against Kubernetes container orchestration deployments.

      Aqua released Kube-hunter on Aug.17, and project code is freely available on GitHub. Rather than looking for vulnerabilities inside of container images, Kube-hunter looks for exploitable vulnerabilities in the configuration and deployment of Kubernetes clusters. The project code is open-source and can be run against an organization’s own clusters, with additional online reporting capabilities provided by Aqua Security.

    • Election Security Bill Without Paper Records and Risk Limiting Audits? No Way.

      The Senate is working on a bill to secure election infrastructure against cybersecurity threats, but, unless amended, it will widely miss the mark. The current text of the Secure Elections Act omits the two most effective measures that could secure our elections: paper records and automatic risk limiting audits.

      Cybersecurity threats by their very nature can be stealthy and ambiguous. A skillful attack can tamper with voting machines and then delete itself, making it impossible to prove after the fact that an election suffered interference. Paper records ensure that it is possible to detect and quickly correct for such interference. Automatic audits ensure that such detection actually happens.

    • Reproducible Builds: Weekly report #173
    • North Korean Hackers Exploit Recently Patched Zero-Day

      North Koren hackers are exploiting a recently patched vulnerability in Microsoft’s VBScript engine vulnerability in live attacks, security researchers say.

    • Windows VBScript Engine Zero-day [sic] Flaw used by Darkhotel Hackers Group To Compromise Vulnerable Systems
    • Philips to look into PageWriter Cardiograph Device Vulnerabilities Mid 2019
    • Security updates for Tuesday
    • Fund Meant to Protect Elections May Be Too Little, Too Late

      The Election Assistance Commission, the government agency charged with distributing federal funds to support elections, released a report Tuesday detailing how each state plans to spend a total of $380 million in grants allocated to improve and secure their election systems.

      But even as intelligence officials warn of foreign interference in the midterm election, much of the money is not expected to be spent before Election Day. The EAC expects states to spend their allotted money within two to three years and gives them until 2023 to finish spending it.

      Election experts have expressed skepticism that the money will be enough to modernize election equipment and secure it against state-sponsored cyber threats.

  • Defence/Aggression

    • A ‘Regime’ Is a Government at Odds With the US Empire

      In the aftermath of the assassination attempt against Venezuelan President Nicolas Maduro, an article in the Miami Herald (8/5/18) reported that “a clandestine group formed by Venezuelan military members opposed to the regime of Nicolás Maduro claimed responsibility.” A New York Times op-ed (8/10/18) mused, “No one knows whether the Maduro regime will last decades or days.” AFP (8/12/18) reported that “Trump has harshly criticized Maduro’s leftist regime.”

      The word “regime” implies that the government to which the label is applied is undemocratic, even tyrannical, so it’s peculiar that the term is used in Venezuela’s case, since the country’s leftist government has repeatedly won free and fair elections (London Review of Books, 6/29/17). One could argue that, strictly speaking, “regime” can simply mean a system, and in some specific, infrequent contexts, that may be how it’s used. But broadly the word “regime” suggests a government that is unrepresentative, repressive, corrupt, aggressive—without the need to offer any evidence of these traits.

      Interestingly, the US itself meets many of the criteria for being a “regime”: It can be seen as an oligarchy rather than a democracy, imprisons people at a higher rate than any other country, has grotesque levels of inequality and bombs another country every 12 minutes. Yet there’s no widespread tendency for the corporate media to describe the US state as a “regime.”

    • A Gangster State

      Max Weber defined a key attribute of a state as holding the monopoly on the legitimate exercise of violence within a given territory. For anybody other than the state to use substantive physical force against you or to imprison you is regarded as an extremely serious crime. The state itself may however constrain you, beat you, imprison you and even kill you. That link is on deaths in police custody. I might also quote the state murder of 12 year old British child Jojo Jones, deliberately executed by drone strike by the USA with prior approval from the British government.

      That is but one example of the British state’s decreasing reticence over the use of extreme violence. The shameless promotion of Cressida Dick to head the Metropolitan Police as reward for orchestrating the cold-blooded murder of an innocent and unresisting Jean Charles de Menezes is another example. So is Savid Javid’s positive encouragement of the US to employ the death penalty against British men stripped of citizenship.

      There are a class of states where the central government does not have sufficient control over its territories to preserve its monopoly of violence. That may include violence in opposition to the state. But one further aspect of that is state sanctioned violence in pursuit of state aims by non state actors, done with a nod and a wink from the government – death squads and private militias, often CIA supplied, in South America have often acted this way, and so occasionally does the British state, for example in the murder of Pat Finucane. In some instances, a state might properly be described as a gangster state, where violent groups acting for personal gain act in concert with state authorities, with motives of personal financial profit involved on both sides.


      Rory Stewart appeared on Sky News this morning and the very first point he saw fit to make was a piece of impassioned shilling on behalf of G4S. That this was the first reaction of the Prisons Minister to a question on the collapse of order at Birmingham Prison due to G4S’ abject performance, shows both the Tories’ ideological commitment to privatisation in all circumstances, especially where it has demonstrably failed, and shows also the extent to which they are in the pockets of financial interests – and not in the least concerned about the public interest.

    • Fifteen Years of Forever Wars

      Fifteen years ago on May 1, 2003, speaking in Kabul, Secretary of Defense Donald H. Rumsfeld declared that, in Afghanistan, “we clearly have moved from major combat activity to a period of stability and stabilization and reconstruction activities.” Later that same day, standing on the flight deck of the USS Abraham Lincoln, President George W. Bush proclaimed that “…major combat operations in Iraq have ended. In the battle of Iraq, the United States and our allies have prevailed.” He described the U.S. overthrow of the Iraqi government as “one victory in a war on terror that began on September the 11th, 2001,” adding that our “war on terror is not over, yet it is not endless.”

      But, evidently, it is indeed endless. Secretary Rumsfeld defined success in this war as not creating more terrorists than we kill. That seems a fair standard. But, by this criterion, what we have done is clearly counterproductive.

    • What a New Study of British Spies Reveals About the CIA

      Historians know a great deal about CIA history. The US government has acknowledged some 50 Cold War covert actions, from fiddling with Italian elections in the late 1940s to undermining Marxist influence in Yemen in the 1980s. Spy chiefs, practitioners, journalists, and academics have written enough books on the CIA to fill several libraries. Although debate still rages about the good or ill of the CIA, we know the major contours of its history.


      Looking at the history of covert action through the eyes of MI6 therefore offers unexpected insight into the CIA.

      British covert action cannot be considered in isolation from US activity, but the reverse is also true. Since 1945, both sides have misled the other, manipulated the other, tried to recruit the other and restrained the other.

      In trying to “rollback”the Soviet Union from Eastern Europe, the CIA has gained a reputation for being rather aggressive, especially in the early Cold War. Traditional narratives cast the UK as a responsible partner trying – with various degrees of success – to restrain American recklessness.

  • Transparency/Investigative Reporting

  • Environment/Energy/Wildlife/Nature

    • Summer weather is getting ‘stuck’ due to Arctic warming

      Summer weather patterns are increasingly likely to stall in Europe, North America and parts of Asia, according to a new climate study that explains why Arctic warming is making heatwaves elsewhere more persistent and dangerous.

      Rising temperatures in the Arctic have slowed the circulation of the jet stream and other giant planetary winds, says the paper, which means high and low pressure fronts are getting stuck and weather is less able to moderate itself.

      The authors of the research, published in Nature Communications on Monday, warn this could lead to “very extreme extremes”, which occur when abnormally high temperatures linger for an unusually prolonged period, turning sunny days into heat waves, tinder-dry conditions into wildfires, and rains into floods.

      “This summer was where we saw a very strong intensity of heatwaves. It’ll continue and that’s very worrying, especially in the mid-latitudes: the EU, US, Russia and China,” said one of the coauthors, Dim Coumou from the Potsdam Institute for Climate Impact Research. “Short-term heatwaves are quite pleasant, but longer term they will have an impact on society. It’ll have an affect on agricultural production. Harvests are already down this year for many products. Heatwaves can also have a devastating impact on human health.”

    • How One West Virginia Supreme Court Justice Gave Natural Gas a Big Victory and Shortchanged Residents

      Justice Beth Walker voted to reopen an already decided case around the time her husband owned stock in a variety of energy companies. And that’s not even why she’s been impeached.


      But left unmentioned in the impeachment and the debate around it has been a peculiar vote by Walker that benefited the natural gas industry. In one of her earliest votes, Walker made a highly unusual decision to reopen a case and then reverse a Supreme Court ruling that would have forced drillers to pay more in profits to residents. Walker voted to reopen the case around the time her husband owned stock in a variety of energy companies, including those participating in West Virginia’s growing gas boom.

      The case focused on whether natural gas companies are allowed to deduct a variety of expenses — for the transportation and processing of gas, for example — when they calculate payments for West Virginia residents or companies that lease them drilling rights to their gas. Millions of dollars in gas royalty payments, the riches from the industry’s dramatic growth in West Virginia over the past decade, were at stake.

  • Finance

    • Some Techies Are Shunning Silicon Valley for the Japanese Dream

      Corporate Japan has a reputation for long hours, small salaries and no Silicon Valley-style stock options for the rank-and-file, but the country is also having a kind of renaissance that’s making it easier to recruit global talent. Tourism is booming and, for the last few years, Japanese cities have been ranked routinely among the world’s most livable. For some tech firms, Japan’s pop culture caché is also providing an edge when it comes to hiring engineers, who, let’s face it, tend to skew a little nerdy.

  • AstroTurf/Lobbying/Politics

    • Trump Speechwriter Fired After Revelations of His Links to White Nationalists

      Back in the United States, a speechwriter for President Trump was fired last Friday after revelations surfaced that he had spoken at a conference alongside prominent white nationalists. In 2016, Darren Beattie was a panelist at the H.L. Mencken Club conference alongside Peter Brimelow, founder of the anti-immigrant website VDARE.com. The Southern Poverty Law Center calls the conference a gathering of “white nationalists and pseudo-academic and academic racists.”

    • Ex-CIA chief John Brennan an outlaw like his Irish namesake “Brennan on the Moor”

      It’s been a tough week for the President. His golfing was interrupted when he realized that he had another Brennan on the Moor—John Brennan—metaphoric blunderbuss bearing down on him. There was the monster he created, Omorosa, giving White House tapes to the media. There was his former campaign manager, Paul Manafort, about to be convicted for his love of ostrich coats, Russian oligarchs and other spendthrift ways.

      And, of course, there is the Hero of America, Robert Mueller, closing in.

      Silent, relentless, terrifying.

      Trump is indeed terrified at what is coming for him. When he is frightened, like a child in a thunder storm, he whelps out.

    • Protests and Blaming the Media. Sound Familiar? That Was During the ’68 Democratic National Convention.

      Like so many others, Stan Skoko was outraged by what he’d seen of the 1968 Democratic National Convention in Chicago, where TV cameras captured images of officers beating protesters with nightsticks, kicking them and throwing them into police wagons as tear gas floated over Michigan Avenue.

      So Skoko, a commissioner in Clackamas County, Oregon, near Portland, fired off a note on his office letterhead to Mayor Richard J. Daley. But unlike the withering criticism from reporters and TV anchors covering the street clashes, Skoko wanted to let the mayor know he and the Chicago police had done a great job.

      “Congratulations on the manner in which you handled the ridiculous demonstrations by certain persons of questionable intelligence in your City during the recent Democratic Convention,” Skoko wrote. “My only criticism of your action is you were too lenient.”

  • Censorship/Free Speech

    • EU Commission Moving Forward With Legislation Demanding One Hour Removal Of ‘Terrorist Content’

      Governments — which will process requests from citizens in statutorily-required time almost zero percent of the time — never think the private sector moves fast enough. The government says “Jump” and then immediately asks why the jumping wasn’t already in progress when it ordered the jumping to commence.

      Content that isn’t even of the “I know it when I see it” variety isn’t being taken down quickly enough for the EU. Various members have implemented their own 24-hour policies for the removal of everything from “hate speech” to “extremist content” — both particularly difficult to classify immediately when context and newsworthiness must be considered.

      The EU Commission is reeling in the leash it has attached to US social media companies. It pitched the idea back in March but now appears to following through with its threats. The latest move towards impossibility is detailed by The Financial Times.

    • Social media faces EU fine if terror lingers for an hour

      The European Commission is planning to order websites to delete extremist content on their sites within an hour to avoid the risk of being fined.

    • EU wants tech firms to remove terror content within an hour or face fines

      In March, legislation passed that presented the hour-long purge window, but it was only marked under voluntary guidelines. But it looks like tech firms aren’t volunteering to work to these guidelines so the EU wants to force them to do so by imposing fines on firms that are blasé about terrorism-related materials on their services, networks and platforms.

    • EU considers fining tech companies for extremist content

      If passed, it would be the first time the EU has imposed rules that go beyond self-regulation efforts favored by technology companies.

    • Appeals Court Says Of Course Twitter Can Kick Racists Off Its Platform

      Phew. After a surprising (and very, very weird) ruling in a California state court earlier this summer, that suggested that a well known racist might have a legitimate legal case against Twitter for kicking him off their platform, an appeals court has quickly and thoroughly corrected that error. To understand what happened here requires a little bit of background, so let’s dig in.

      Back in March, we wrote about a silly case filed by noted racist (he prefers “race realist” or “white advocate” but come on), Jared Taylor, who had been kicked off Twitter. Taylor sued, claiming that Twitter kicking him off the platform violated various rights. As we noted at the time, the case had no chance, and would be tossed out on CDA 230 grounds, as the law makes it clear that platforms cannot be liable for their moderation choices. Indeed, the whole reason CDA 230 was first created was in response to a horrible court ruling that said moderation choices could make you liable. CDA 230 was a correction to that mistaken court. And in the two decades since then we’ve seen all sorts of attempts by people to argue their way around CDA 230 and nearly all of them fail, and thus we expected this one to fail easily. As I noted in that original post, I had spent some time going back and forth with some of Taylor’s lawyers, who seemed surprisingly uninformed about CDA 230.

      So, I will admit that I was a bit surprised back in July when the court refused to dump the case. While the official ruling came in July, the Judge’s rational was laid out at a hearing in June, in which he did agree to dump some of the claims, but kept one claim: an “unfair competition” claim. The reasoning was… very, very strange. Basically, the court claimed that under California law, Taylor could claim that Twitter’s terms of service were “unconscionable” because they said the site could kick you off for any reason. It is true that California code 1670.5 says that “If the court as a matter of law finds the contract or any clause of the contract to have been unconscionable at the time it was made the court may refuse to enforce the contract.” But how is Twitter’s terms of service unconscionable?

    • As Press Freedom Dies In Turkey, Twitter Is There To Help Dig Its Grave

      Turkish president Recep Erdogan figures the best critic is a silenced critic. Determined to “earn” the respect of people worldwide, Erdogan and his government have engaged in unprecedented censorship. This goes far beyond the punishment of its own citizens. Erdogan has tried to secure charges and prosecutions from other governments against their own citizens for having the temerity to not take him as seriously as he takes himself.


      It doesn’t work, of course. Nothing gets censored worldwide and whatever censorship hits home can be circumvented. But of all the internet targets, Twitter is Erdogan’s absolute favorite. The Committee to Protect Journalists has done the math. Its excellent article on Erdogan’s censorship activities makes it clear that all other countries are merely pretenders to the throne when it comes to talking Twitter into doing their dirty work.

    • How Turkey silences journalists online, one removal request at a time

      On June 19, Abdülhamit Bilici, the last editor-in-chief of the now-shuttered Turkish paper Zaman, tweeted about the decline of press freedom in his home country. If you can see his tweet, you are probably not in Turkey because it is among the over 1.5 million tweets belonging to journalists and media outlets censored there under Twitter’s “country withheld content” (CWC) policy.

    • GOP leader accuses Twitter of censoring conservatives, finds out his user settings was hiding tweets

      House Majority Leader Kevin McCarthy learned something about Twitter this week, and it had nothing to do with the supposed censorship of right-wing users.

      The California Republican sent a tweet on Friday complaining that conservatives were being censored on Twitter. He ordered Twitter CEO Jack Dorsey to rectify the issue immediately.

    • Shadow Banning: GOP Leader Kevin McCarthy Mocked For Crying Censorship Over His Own Account Settings
    • GOP leader mocked for tweet complaining of conservative censorship on Twitter
    • GOP Leader Accuses Twitter Of Censorship — But It Really Was His Own Account Settings At Fault
    • House Majority Leader Kevin McCarthy Is At It Again with Bullshit Censorship Claim
    • Egypt internet: Sisi ratifies law tightening control over websites
    • Egypt president approves law tightening internet controls
    • Law tightens Egypt’s grip on websites
    • Egypt’s Sisi ratifies new cyber-crime law – Politics – Egypt
    • President Sisi Tightens Control Over Internet
    • Egypt signs censorship-focused cybercrime bill into law
    • Egyptians to face jail for accessing banned websites

      Egypt has adopted a law that threatens to jail anyone who browses censored websites, after having already blocked dozens of sites belonging to human rights groups and critical media.

      The law, ratified by Abdel Fattah al-Sisi, the president, on Saturday, gives courts the power to block websites deemed a threat to national security.

      The decision may be appealed, but if upheld anyone who browses the censored websites faces at least one year in prison and a fine.

    • Egypt’s President Sisi ratifies new internet control law

      Egyptian President Abdel Fattah el-Sisi signed a new law on Saturday tightening the government’s control of the internet, state media reported.

      Aimed at combating extremism, the Anti-Cyber and Information Technology Crimes legislation prohibits the “promotion of the ideas of terrorist organizations” and allows authorities to block websites deemed by judges to be threats to national security.

      It also bans the dissemination of information on the movement of security forces and imposes strict punishments for hacking government information systems, according to the state-run Al-Ahram newspaper.

    • Egypt’s Sisi signs new law tightening government control online

      Egypt has rolled out a new law that allows authorities, through a judge, to order the blocking of websites that “constitute a threat” to the state, as well as jail or fine those who run them.

      The “cybercrime” legislation, signed by President Abdel Fattah el-Sisi on Saturday, is one of a series of measures that critics have deplored as attacks against freedom of speech in the country.

      The penalties also target those who intentionally or “in error without a valid reason” visit the banned websites considered by the authorities as threatening to Egypt’s economic and national security interests, according to the official gazette.

  • Goggle/Privacy/Surveillance

    • California Assembly Acquiesces In Secret Police Surveillance

      For the second year in a row, the California State Assembly’s Appropriations Committee has effectively killed a bill that was poised to ensure transparency, community oversight, and civil liberties regarding proliferating police surveillance technology.

      S.B. 1186 was approved by the California Senate, as well as by two Assembly policy committees. Despite that momentum, the bill stalled in the Assembly Appropriations Committee, chaired by Assemblymember Lorena Gonzalez Fletcher of San Diego. The bill needed to be voted on by committee members by August 17 in order to move to a floor vote, but was instead indefinitely placed on a “suspense calendar” without the committee ever voting.

      Like S.B. 21 in the 2017 session, S.B. 1186 was a straightforward measure that would have simply required police to respect public oversight before gaining access to powerful surveillance technology. S.B. 1186 differed from its predecessor in that it did not require annual transparency reports, a compromise accepted by the author, Sen. Jerry Hill, that should have alleviated the Appropriation Committee’s fiscal concerns.

    • The right of access in GDPR: What are the debates?

      There is much debate about the right of access in GDPR but many of them are yet to be discussed widely outside of academia. Here we discuss some of those debates including around subject access requests and privacy protections.

    • Google Sued For Tracking Location History Of Users With Location Turned Off

      Last week Google admitted that it tracks the location history of users even after turning off location services. Not long after, a man name Napoleon Patacsil from San Diego filed a lawsuit against the tech giant for the same.

      This lawsuit was filed in a federal court in San Francisco where his attorneys argued that “Google is violating the California Invasion of Privacy Act and the state’s constitutional right to privacy.”

    • San Diego man sues Google over Location History deception

      A resident of San Diego, California, has sued Google overs its deceptive practice of continuing to track users’ locations even after the Location History option was turned off on its Android mobile operating system.

    • Women are 79 percent more likely to spend money on mobile games

      Female users purchase in-app content 16.7 percent of the time after installing an app, and the report encourages app developers to focus on this segment of the market in the future. The report states that although it takes $0.18 more to make an app appealing enough for a female user to install than a male user, “a closer examination of conversion rates reveals females are in fact the most valuable gamers.”

    • Liftoff: Females are 79% more likely to make in-app purchases in mobile games

      The report also found that Europe, Middle East, and Africa (EMEA) in-app purchase rates are increasing, with the cost-per-install at $2.63, compared with $4.66 for North America and $2.62 for Asia Pacific. But when it comes to the cost of acquiring a user who makes an in-app purchase, the numbers are very different. The cost for acquiring a North American user who makes an in-app purchase is $21.42, compared to $16.53 for an EMEA user and $71.02 for a user in Asia Pacific.

    • Australians who won’t unlock their phones could face 10 years in jail

      The Australian government wants to force companies to help it get at suspected criminals’ data. If they can’t, it would jail people for up to a decade if they refuse to unlock their phones.

      The country’s Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people who refuse to unlock their phones for the police. Under Australia’s existing Crimes Act, judges could jail a person for two years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn’t strong enough.

    • Schools Are Mining Students’ Social Media Posts for Signs of Trouble

      Blake Prewitt, superintendent of Lakeview school district in Battle Creek, Michigan, says he typically wakes up each morning to twenty new emails from a social media monitoring system the district activated earlier this year. It uses keywords and machine learning algorithms to flag public posts on Twitter and other networks that contain language or images that may suggest conflict or violence, and tag or mention district schools or communities.

  • Civil Rights/Policing

    • Head Of Department Of Justice Bashes Justice System Because It Blocks Too Many Of Trump’s Orders

      Recently, Attorney General Jeff Sessions attended the Eighth Circuit Judicial Conference. Considering he was speaking to members of the judiciary, it seems odd he would have used this occasion to deliver a rant against the judicial system.

      As a prosecutor, Sessions greatly benefited from the system he now maligns. The justice system barely enters the lives of those being prosecuted. An adversarial system designed to provide the accused with due process is rarely engaged. The outcome is predetermined, except for arguments over minor details. As the Supreme Court wrote in a 2012 decision, the criminal justice system is a downhill slope for prosecutors who rarely need more than a light shove to put someone behind bars.

    • Under Court Order, ICE Must Reconsider Asylum Seekers’ Humanitarian Parole Applications

      After ICE is forced to do a case-by-case review of asylum seekers’ requests for release from detention, we’re seeing life-changing results.

      Last month, a federal judge blocked the government from arbitrarily locking up asylum seekers who came to the U.S. fleeing persecution, torture, or death in their countries of origin. The judge found that under President Trump, the Department of Homeland Security had been violating its own policy, which instructs that asylum seekers be released on humanitarian parole — provided they meet a series of strict requirements — while they await decisions in their case.

      The impact of DHS’s about-face on humanitarian parole was felt immediately by asylum seekers. Our lawsuit identified five ICE field offices where parole grant rates had dropped from 95 percent in 2013 to nearly zero since President Trump took office. At the time of filing in March, we estimated that there were more than 1,000 asylum seekers locked up in these districts alone.

      The court ordered ICE to do a case-by-case review of each asylum seeker’s request for release from detention, and for some there have already been life-changing results. In the El Paso region — which covers New Mexico and West Texas — more than 20 women have been released from the Cibola County Correctional Center transgender unit. A prominent Mexican journalist and his adult son were released from the El Paso Processing Center, along with H.A.Y. and A.M.M., a married couple who are two of our plaintiffs in the Damus suit.

    • Puerto Ricans: Have You Experienced Any Problems When Registering to Vote?

      A lawsuit filed Thursday claims that Puerto Ricans living in Florida who have limited English proficiency will be prevented from voting because, according to a press release by the advocacy group Demos, “elections in many parts of the state are conducted only in English.” The suit alleges that 32 Florida counties are not planning to provide ballots in Spanish.

      The suit cites Section 4(e) of the Voting Rights Act, which specifically protects Puerto Rican voters educated in Spanish-speaking schools on the island. It prohibits states from making the right to vote contingent on a person’s ability to understand English.

      Although Puerto Ricans are American citizens, the island doesn’t elect a voting representative or senators. Evacuees who moved to the mainland after the hurricanes are eligible to vote in the midterm elections in the state in which they’re living, but they have to re-register.

      The exodus of Puerto Ricans affected by the storms has created an influx of potential voters. The Center for Puerto Rican Studies estimates more than 130,000 Puerto Ricans relocated to the continental U.S. after Hurricane Maria. Of those, 56,447 reside in Florida as of March 2018. Despite the efforts of campaigns to reach this new electorate, displaced Puerto Ricans don’t seem to be registering to vote at the rate some were expecting, at least by now.

    • Arizona Could Illegally Disenfranchise 500,000 or More Voters

      The state’s failure to update people’s address could have dire consequences for the 2018 election. We’re suing before it’s too late.

      The state of Arizona is violating the National Voter Registration Act, putting more than 500,000 voters at risk of being disenfranchised. The ACLU has repeatedly warned Arizona that it is violating the law, and yet it has failed to take the necessary steps to protect voters.

      This weekend, we filed a federal lawsuit against Arizona Secretary of State Michele Reagan, nine months after first notifying her office of significant federal voting rights violations. The lawsuit asks the court to order Arizona to keep voters’ registration addresses up to date. To ensure that affected voters’ ballots count in the 2018 general election, we are also asking the court to instruct the secretary of state to count provisional ballots cast by affected voters and to send a mailing to all affected voters informing them of how to correct their registration address and locate polling location. The secretary of state has indicated that more than half a million of voters could require their addresses to be updated.

    • The Nationwide Prison Strike: Why It’s Happening and What It Means for Ending Mass Incarceration

      Earlier this spring, violence broke out in the Lee Correctional Institution in South Carolina, resulting in seven deaths and many injuries. Incarcerated leaders in the South Carolina prison system decided they had had enough. Brutal treatment from corrections officers, deteriorating prison conditions, and incredibly long, punitive sentences had led to a condition of hopelessness in South Carolina’s prisons.

      Leaders within the South Carolina prison system began reaching out to incarcerated allies across the country, including the Free Alabama Movement, who had led a prison strike in 2016. A decision was made: It was time to launch a national prison strike to raise awareness around the brutality of mass incarceration.

  • Internet Policy/Net Neutrality

    • A Senator Says U.S. Broadband Maps ‘Stink.’ Here’s Why Nobody Wants To Fix Them.

      Last week we noted how an FCC “oversight” hearing fell well short of anything actually resembling, well, actual oversight. Three FCC staffers had just been caught making up a DDOS attack and misleading Congress, the press and the FBI about it — yet the subject was was barely even broached by lawmakers on either side of the aisle. It was another embarrassing example of the absence of anything resembling genuine accountability at the agency.

      Fortunately one subject that did get a little attention was the FCC’s comically-terrible broadband maps, something we’ve covered at great lengths here at Techdirt. If you want to see our terrible broadband maps at work, you need only go visit the FCC’s $300+ million broadband availability map, which is based on the Form 477 data collected from ISPs. If you plug in your address, you’ll find that not only does the FCC not include prices (at industry behest), the map hallucinates speed and ISP availability at most U.S. addresses.

    • Domain Name Registrations Reach 339.8 Million in 2Q18

      VeriSign tracks the continued growth of internet domains on a quarterly basis and released its’ second quarter 2018 Domain Name Industry Brief (DNIB) on Aug. 16.

      According to VeriSign there were 339.8 million domain name registrations across all top-level domains (TLDs), up from 333.8 million at the end of the first quarter. That’s a 1.8 percent quarterly gain, or 2.4 percent over the second quarter of 2017.

      As has been the case since the beginning of the internet, dot com is the top domain registry, accounting for approximately 135.6 million domain names as of June 30. China’s .cn country code TLD (ccTLD) holds on to second spot at 22.7 million. Rounding out the top three is the .tk ccTLD which is a free domain for island of Tokelau, that now has 21.5 million registrations.

  • DRM

    • Android Anti-Piracy Software DexGuard Has Source Code Leaked to Over 200 Repos

      The popular commercial anti-piracy software developed by Guardsquare DexGuard recently had its source code leaked online, which could be a field day for Android pirates to take apart and decompile commercial Android apps, and possibly release “hacked” versions.

      DexGuard essentially makes it difficult for Android hackers to take apart commercial apps by obfuscating some of the inner-working of the app, as well as protecting the app against reverse engineering attacks – which in turn prevents users from figuring out all of the apps secret functions. This is basically Android anti-piracy, as DexGuard makes it more difficult for attackers to bypass anti-piracy checks – but an older version of DexGuard’s source code leaked onto GitHub, and it has been confirmed to be the real deal as Guardsquare is filing a DMCA takedown request on the GitHub repo for copyright infringement.

  • Intellectual Monopolies

    • Interview: Baidu’s Jian Qin on the role of patents in its strategy

      The Chinese tech company’s IP leader explains to Karry Lai why his focus has shifted more to patent and trade secret protection from copyright and internet IP. He says a big focus is good quality patents to compete on the world stage

    • When Can a Company Be Liable for Its Vendor’s Copyright or Patent Infringement?: Hollywood Studios’ IP Headache

      The case of Rearden LLC et al. v. The Walt Disney Company et al., Nos. 3:17-cv-04006, 04191 & 04192 (N.D. Cal.), has been covered more in the Hollywood Reporter than in legal publications, but it is both a “Hollywood story” and a case with intellectual property issues that cover the spectrum of patent, copyright and (to a lesser extent) trademark law. The case revolves around a technology called MOVA Contour Reality Capture technology (“MOVA Contour”) that is used to create 3D animated characters that appear more human than ever, as used in movies such as Guardians of Galaxy and many others. Some of Hollywood’s biggest studios hired a vendor, DD3, which used this 3D technology as part of the process of creating 3D characters in the movies. Rather than suing DD3 for any IP violations, however, the plaintiff, Rearden, decided to sue those Hollywood Studios for alleged copyright, patent and trademark infringement. The case thus illustrates various issues and considerations as to when a party can be liable for the acts of a vendor it hires, if the vendor is (allegedly) committing copyright and patent infringement.

    • Nokia reveals expected licensing rate for 5G phones [Ed: Microsoft entryism turned Nokia from Linux champion (almost top kernel committer) to patent parasite]

      Nokia has announced its expected licensing royalty rate for 5G mobile phones, becoming the latest operator to publicly disclose its price for the next generation of wireless devices.

      The Finnish telecoms giant’s rate will be capped at €3 per device for a licence to the company’s 5G portfolio of standard essential patents.

      The news comes with the roll out of 5G expected to start in earnest next year which should be a considerable boon to Nokia and other licensors that own significant amounts of the IP underpinning the new technology.

      It also comes as another example of patent owners conceding that they must provide some transparency around their royalty rates in a licensing market that is typically fairly opaque.

      “We feel it’s a best practice to give some indication and it’s fairly consistent with what we’ve done with 3G and 4G,” Nokia patent chief Ilkka Rahnasto commented on the company’s 5G announcement.

    • Trademarks

      • Express Homebuyers Wins Its Bid To Cancel Competitors ‘We Buy Houses’ Trademark

        We’ve often made the point in the past that much of the trademark legal strife and bullying that occurs throughout the country ought to be squarely blamed on a USPTO that can’t be bothered to put much thought into the trademarks it approves. All too often, the Trademark Office acts as a mindless rubber stamping facility, pushing through the application paperwork without thinking about the broader consequences of its approvals, nor the legal minutia involved into what makes a term a valid trademark. That bureaucratic lethargy is precisely how you get trademark bullies wielding trademarks that should never have been granted. And, because trademark bullying generally works, it’s rare that anyone outside the USPTO is actually forced to clean up this mess it created.

        But, on rare occasions, sanity puts a win up on the board. Such is the case with Express Homebuyers USA of Virginia, which defeated WBH Marketing Inc.’s trademark suit in which the latter claimed infringement based on its registered trademark for the phrase “We Buy Houses.”

    • Copyrights

      • Only 12% Of Music Revenue Goes To Actual Artists

        You may be noticing a pattern? Very little of the money being made actually goes to the artist. Now we have even more data on this. Citibank recently released a massive and incredibly thorough report on the entire music industry showing how and where the money is made. There’s lots of interesting and useful information in the report, but the headline grabbing fact is that musicians end up with just about 12% of global music revenue. As I said, the report is incredibly thorough (and a really useful read if you want to get a sense of just how convoluted and complex the music business really is), but the key is that there was ~$43 billion spent on music in 2017.

      • No Ban for ‘Stealing’ and ‘Theft’ Terms During Cox’s Piracy Liability Trial

        Music publisher BMG and Internet provider Cox are gearing up for a new trial. Having learned from the first one, Cox has asked the court to preclude BMG from using inflammatory and derogatory statements, as well as terms such as “stealing” and “theft” when referring to copyright infringement. However, the court sees no reason for such a ban.

      • Tomorrow! Join Us For a Reddit AMA On Defending Security Researchers From Copyright Law

        Have you ever wanted to talk with the Electronic Frontier Foundation about the risks of talking in public about security issues, especially in connected Internet of Things devices? Tomorrow, you’ll get your chance.

        Information security has never been more important: now that everything from a car to a voting machine is just a computer in a fancy case, being able to tell the difference between secure systems and insecure ones is a literal life-or-death matter.

        But security researchers have never faced more threats. When security researchers divulge flaws in computers, the companies that make those computers are often tempted to shoot the messenger, threatening civil and criminal retaliation against their critics.

      • Book Review: Copyright – What Everyone Needs to Know

        Rather, the book ‘speaks’ to a wider audience with no, or little, legal background and no specific knowledge in copyright.

      • When John Fogerty was sued for sounding too much like John Fogerty

        Now, let’s make it clear that both songs were written by the same songwriter.


Links 20/8/2018: Flatpak’s 1.0 Milestone, New GIMP, New Chinese Distro Releases

Posted in News Roundup at 5:29 pm by Dr. Roy Schestowitz

GNOME bluefish



  • Desktop

    • First time with Linux: 30 installation tales

      The Linux kernel turns another year older on Saturday, August 25. Twenty-six years ago it may have felt to the creator and BDFL Linus Torvalds that Linux would only amount to satisfying the needs of one. But today we know it has changed the lives of many.

      To celebrate, thirty of our readers share what their first Linux distro and installation was like. Some of their stories are magical, some maniacal. And, it’s no surprise that the tension and passion of these Linux lovers is palpable.

  • Kernel Space

    • RISC-V’s Linux Kernel Support Is Getting Into Good Shape, Userspace Starting To Work

      The RISC-V open-source processor ISA support within the mainline kernel is getting into good shape, just a few releases after this new architecture port was originally added to the Linux Git tree.

      The RISC-V code for Linux 4.19 includes the ISA-mandated timers and first-level interrupt controllers, which are needed to actually get user-space up and running. Besides the RISC-V first-level interrupt controller, Linux 4.19 also adds support for SiFive’s platform-level interrupt controller that interfaces with the actual devices.

    • A Hearty Batch Of KVM Updates Land In Linux 4.19

      There is a lot of new feature work for the Kernel-based Virtual Machine (KVM) within the Linux 4.19 kernel.

    • Icelake LPSS, ChromeOS EC CEC Driver On Way To Linux 4.19 Kernel

      The Linux “multi-function device” code updates were sent in overnight for the 4.19 kernel merge window with a few interesting additions.

      Worth pointing out in the MFD subsystem for the Linux 4.19 kernel includes:

      - The ChromeOS EC CEC driver being added. Google’s embedded controller for ChromeOS devices is able to expose an HDMI CEC (Consumer Electronics Control) bus for interacting with HDMI-connected devices for controlling them via supported commands. The Linux kernel’s HDMI CEC support has got into shape the past few kernel cycles and now the ChromeOS EC support can expose its HDMI CEC abilities with this new driver.

    • Testing and Fuzzing Microconference Accepted into 2018 Linux Plumbers Conference

      Testing, fuzzing, and other diagnostics have greatly increased the robustness of the Linux ecosystem, but embarrassing bugs still escape to end users. Furthermore, a million-year bug would happen several tens of times per day across Linux’s installed base (said to number more than 20 billion), so the best we can possibly do is hardly good enough.

    • Latest Linux 4.19 Code Merge Introduces ChromeOS EC CEC Drivers and Cirrus Logic Detection

      Some interesting code updates were just recently put into the Linux 4.19 kernel merge window regarding “multi-function device” capabilities – mostly, this includes several new drivers and driver support, but perhaps most interesting is the ChromeOS EC CEC driver being added.

      Google’s embedded controller for ChromeOS has been able to expose an HDMI CEC (Consumer Electronics Control) bus for interacting with HDMI-connected devices, which in turn is able to control them via supported commands. So now Linux kernel’s HDMI CEC support has been improved over the past few kernel cycles until now, which means that the ChromeOS EC support will be able to expose the HDMI CEC abilities utilizing the new driver added in this merge window.

    • Linux 4.19 Had A Very Exciting First Week Of New Features

      The Linux 4.19 kernel merge window opened one week ago and there’s been a lot of new features and improvements to be merged during this front-half of the merge period. If you are behind on your Phoronix reading, here’s a look at the highlights for week one.

    • Linux Foundation

      • Hyperledger could open source your business using blockchain

        Hyperledger is the umbrella body for ten open source blockchain projects, all of which are cross-industry. So far, that is. Ledger Insights spoke to Hyperledger Executive Director, Brian Behlendorf, and explored the likelihood of industry-specific open source blockchains. Open source could significantly impact the governance of industry consortia and increase the pace of innovation.

        For the health sector, there’s potential for an open source Electronic Health Record project. For supply chain it could be a provenance ledger for diamonds or luxury goods. Or a blockchain for bills of lading. In the case of insurance perhaps a policy ledger.

    • Benchmarks

      • A Look At The Windows vs. Linux Scaling Performance Up To 64 Threads With The AMD 2990WX

        This past week we looked at the Windows 10 vs. Linux performance for AMD’s just-launched Ryzen Threadripper 2990WX and given the interest from that then ran some Windows Server benchmarks to see if the performance of this 64-thread CPU would be more competitive to Linux. From those Windows vs. Linux tests there has been much speculation that the performance disparity is due to Windows scheduler being less optimized for high core/thread count processors and its NUMA awareness being less vetted than the Linux kernel. For getting a better idea, here are benchmarks of Windows Server 2019 preview versus Ubuntu Linux when testing varying thread/core counts for the AMD Threadripper 2990WX.

        Toggled via the BIOS was SMT as well as various CCX configurations and each step of the way comparing the Windows Server 2019 Build 17733 performance to that of Ubuntu 18.04 LTS with the Linux 4.18 kernel in various multi-threaded benchmarks supported under both operating systems.

      • The Performance Hit For A Xeon-Backed Ubuntu Linux VM With L1TF / Foreshadow Patches

        Last week L1 Terminal Fault (a.k.a. L1TF and Foreshadow) was made public as the latest set of speculative execution vulnerabilities affecting Intel processors. This Meltdown-like issue was met by same-day Linux kernel patches for mitigating the problem and does introduce another performance penalty but in this case is at least only limited to virtual machines. Last week I posted some initial L1TF-mitigated KVM-based VM benchmark results using a Core i7 CPU but the results for sharing today are using a much more powerful dual Xeon server.

        For getting a better idea of the performance impact of mitigating L1TF/Foreshadow vulnerabilities I tested the Ubuntu patched kernel in a variety of configurations. First was the unmitigated Ubuntu 18.04 kernel, then Ubuntu 18.04 with the default out-of-the-box mitigation on the host and guest kernels, then having the host booted with the kernel parameter to force an L1D cache flush on every VMENTER rather than the default behavior of the conditional flushing, and then again when booting with l1tf=full for the full mitigation, which in the process also disables SMT/HT support.

      • A Fresh Look At The NVIDIA vs. Radeon Linux Performance & Perf-Per-Watt For August 2018

        With NVIDIA expected to announce the Turing-based GeForce RTX 2080 series today as part of their Gamescom press conference, here is a fresh look at the current NVIDIA Linux OpenGL/Vulkan performance with several Pascal graphics cards compared to AMD Polaris and Vega offerings. Additionally, with these latest Linux drivers, the current look at the performance-per-Watt.

        It will be interesting to learn more about the GeForce RTX 2080 series in a short time, which will surely deliver significantly better performance and power efficiency improvements over the GeForce GTX 1000 “Pascal” hardware. But for a current look at how those cards are running under Linux, this morning are benchmarks for the GeForce GTX 1060, GTX 1070 Ti, GTX 1080, and GTX 1080 Ti while using the latest NVIDIA 396.51 graphics driver. For the competition on the AMD side was the Radeon RX Vega 64 and RX 580 (the GTX 1060 / RX 580 included in this article for a more mature look at the Linux driver support, namely for the AMDGPU+RADV/RadeonSI side). The Radeon tests were done with the latest Linux 4.18 AMDGPU DRM state and using Mesa 18.3-dev from the Oibaf PPA as of 19 August.

      • Linux vs. Windows Benchmark: Threadripper 2990WX vs. Core i9-7980XE Tested

        The last chess benchmark we’re going to look at is Crafty and again we’re measuring performance in nodes per second. Interestingly, the Core i9-7980XE wins out here and saw the biggest performance uplift when moving to Linux, a 5% performance increase was seen opposed to just 3% for the 2990WX and this made the Intel CPU 12% faster overall.

      • Which is faster, rsync or rdiff-backup?

        As our data grows (and some filesystems balloon to over 800GBs, with many small files) we have started seeing our night time backups continue through the morning, causing serious disk i/o problems as our users wake up and regular usage rises.

        For years we have implemented a conservative backup policy – each server runs the backup twice: once via rdiff-backup to the onsite server with 10 days of increments kept. A second is an rsync to our offsite backup servers for disaster recovery.

        Simple, I thought. I will change the rdiff-backup to the onsite server to use the ultra fast and simple rsync. Then, I’ll use borgbackup to create an incremental backup from the onsite backup server to our off site backup servers. Piece of cake. And with each server only running one backup instead of two, they should complete in record time.

        Except, some how the rsync backup to the onsite backup server was taking almost as long as the original rdiff-backup to the onsite server and rsync backup to the offsite server combined. What? I thought nothing was faster than the awesome simplicity of rsync, especially compared to the ancient python-based rdiff-backup, which hasn’t had an upstream release since 2009.

  • Applications

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • KStars v2.9.8 released

        KStars 2.9.8 is released for Windows, MacOS, and Linux. It is a hotfix release that contains bug fixes and stability improvements over the last release.

      • KDE Itinerary – How did we get here?

        At Akademy I’ve presented the current state of KDE Itinerary. Due to popular demand and since 25 minutes aren’t a whole lot of time I’ll try to write a few posts on this subject here too, beginning with how this all started.

        When travelling regularly you probably have come across or are using the digital travel assistant features found on Android or iOS, or dedicated services for this like TripIt. Getting a unified itinerary rather than digging through ad-infested HTML emails for your departure gate, having a single place to look for your boarding pass rather than two dozen vendor apps and getting up to date information about changes to your trip are all very useful and convenient.

        Most of this is available “for free”, that is you pay with your data rather than your money. In the extreme case (Google), you have those providers reading your entire email in order to extract your travel information.

      • Plasma 5.13.4, Applications 18.08.0 and Frameworks 5.49 by KDE now available to all Chakra users

        On your next system upgrade you will receive all the latest versions of KDE’s Plasma, Applications and Frameworks, in addition to the usual package updates. There is a new series 18.08 out for for Applications, with improvements aimed at making your usability and productivity better, in addition to adding new features.

        For more details and the full changelogs on KDE’s software releases, you can read the official announcements:

        Plasma 5.13.4
        Applications 18.08.0
        Frameworks 5.49.0

      • Chakra GNU/Linux Users Can Now Install KDE Plasma 5.13.4, KDE Applications 18.08

        Users of the Chakra GNU/Linux operating system can now install the latest KDE software, including KDE Plasma 5.13.4, KDE Applications 18.08, and KDE Frameworks 5.49 from the main repositories.

        In early July 2018, Chakra GNU/Linux users have got their taste of the latest KDE Plasma 5.13 desktop environment, but now they can update their installations to the recently released KDE Plasma 5.13.4 point release, which brings more than 45 bug fixes and improvements.

      • Kate/KTextEditor Picks Up Many Improvements To Enhance KDE Text Editing

        Even with KDE’s annual Akademy conference happening this past week in Vienna, KDE development has been going strong especially on the usability front. The Kate text editor and the KTextEditor component within KDE Frameworks 5 have been the largest benefactors of recent improvements.

        This KDE text editing code now has support for disabling syntax highlighting entirely if preferred. When using syntax highlighting, there have been many KTextEditor enhancements to improve the experience as well as improvements to the highlighting for a variety of languages from JavaScript to YAML to AppArmor files.

      • Kate projects and out-of-source builds

        During Akademy I once more was a bit disappointed how bad the project plugin of Kate can cope with out-of-source builds.

        At work, we use in-source-builds, as we normally only build in one configuration and have no issues with left-overs in the source directories locally. For this use-case, the project plugin works really well. You have your project local terminal view and that allows you all normal things you need during work, e.g. building + using the git command line client for the version control work.

        On the other side, with out-of-source builds, that no longer is that nice to use. Either you use the .kateproject generated by the “Kate – Ninja” or “Kate – Unix Makefiles” CMake generators, then your terminal defaults to the build directory, which allows building just fine, but no version control stuff, or you use the .kateproject (or auto-project creation) in the source directory, which doesn’t allow you to build nicely inside the terminal prompt of Kate. There are workaround for that, like having shell magic to switch between source and build directory with ease, but that all feels a bit unnatural.

        Therefore, I added today a very simple “fix” for the issue: If you have a .kateproject that has a different base directory (the toplevel “directory” entry) than the directory the .kateproject file is located in, you will get two terminal tabs in the project view.

      • Post Akademy

        So, it has been a busy week of Qt and KDE hacking in the beautiful city of Vienna.
        Besides getting quite some of the Viennese staple food, schnitzel, it was an interesting adventure of getting smarter.

      • My First Akademy!

        That day I also attended Plasma Mycroft BoF, in which Aditya told us about various new development and gave us High-Level Overview about working of Mycroft and also How can we make it easier for developers to make Mycroft skills!

      • Akademy retrospective

        I had an amazing time with the KDE community in Vienna this past week at Akademy. In fact it was my first Akademy despite contributing to KDE for so long, but Vienna was a great reason to make my first trip to Europe.


        I led a BoF on this topic for kdesrc-build and participated in a few others as well. There’s a lot out there that we can do to improve our story here, in kdesrc-build and elsewhere, and I’m hopeful we can accomplish real improvement here over the next year. But it was also nice to see and hear a lot of the positive feedback our developers had about kdesrc-build.

      • Akademy 2018

        The time for Akademy came this year as well, this year it was in the gorgeous Vienna, Austria.
        This year marks my 10th Akademy in a row, starting from my first one in Belgium in 2008.
        Talks have been awesome as usual, but what’s always awesome for me year by year is all the face to face conversation with so much diverse and smart people in out awesome KDE community.

      • Notes on the Akademy 2018

        This year I attended to my fourth Akademy, the annual KDE summit. The conference is always a good place to meet old and new KDE people. This year we had a lot of new faces showing up there, which is very good because new people might mean new ideas coming, more hands to work on KDE projects, and more mouths to spread our message From Brazil we had three new contributors attending for the first time, Lays, Caio and Eliakin, from a total of eight Brazilians who participated this year. I think we can count with Tomaz and Helio although they are living in Germany

      • Interview with Margarita Gadrat

        Nothing that really annoys me. Krita is awesome and complete software! Maybe a couple of little things, but I don’t really use them. Like text tool, which is now getting better and better. And I’d like to be able to move the selection form not while selecting, but after it is selected.

    • GNOME Desktop/GTK

      • Customing time and date formats in the GNOME top bar

        Do you want another time and date format in the GNOME top bar than what is set in your default locale? The Clock Override extension for GNOME gives you full control of what and how time and data information is display in the top bar.

        The GNOME Shell for Linux doesn’t provide a lot of customization options out of the box. GNOME really don’t believe that anyone would ever want to customize their beautiful desktop shell. They’ve taken their design-by-omitting-customization paradigm so far that they’ve even left out the ability to customize the date and time format. Fortunately, the GNOME Shell is quite extensible and users always do find a way to change things the way that they want them.

      • Face detection and recognition in shotwell

        After dabbling a bit with OpenFace, I wanted to add similar face detection and recognition abilities to a typical Linux desktop photo app. So I discovered Shotwell, which is a photo manager for Gnome. Shotwell had a partial implementation of face detection (no recognition) which was under a build define and not enabled in the releases. With that code as the starting point, I started integrating the ideas from OpenFace into Shotwell.

      • Shobha Tyagi: GNOME.Asia Summit 2018

        GNOME.Asia Summit 2018 was co-hosted with COSCUP 2018 and openSUSE.Asia Summit in Taipei, Taiwan 11-12 August 2018.

      • Umang Jain: GNOME Asia 2018, Taipei

        I am very pleased to attend to GNOME Asia(again!) that took place at National Taiwan University of Science and Technology, Taipei this year. Its always great to see GNOME folks around, hanging out and have a social side of things. GNOME Asia was co-hosted with OpenSUSE Asia summit and COSCUP.


        We had a GNOME BoF to address couple of issues around conferences: Mostly around standardization of conference organization, budget, effect of local team presence at potential conference venues etc.

      • GNOME Shell & Mutter Get Tidied Up Ahead Of Next Month’s GNOME 3.30

        They didn’t make it out in time for last week’s GNOME 3.29.91 release but updates to Mutter and GNOME Shell are now available in their near-final state ahead of the upcoming GNOME 3.30 desktop update.

  • Distributions

    • Reviews

      • YunoHost

        At this point I have only set up YunoHost, created a few user accounts and installed a handful of applications. While I may play with it further, my main focus going into this trial was how well the framework of the distribution functions. That is: is it easy to install, how hard is it for new users to add services and accounts, and is it straight forward to keep the system up to date? Basically, I wanted to know whether I could give this distribution to someone who wanted to set up home-based network services for the first time and expect them to be able to use it. Based on my experiences so far with YunoHost, my answer is: probably.

        The distribution does make it pretty easy to create user accounts and install web-based services. In fact, YunoHost does this quite well. The admin panel is very streamlined, uncluttered and easy to navigate and getting something like a game of Hextris or a media streaming service installed is about as easy as a few mouse clicks. Managing the firewall, monitoring the system and creating backups are nearly as easy. The administrator still needs to figure out how to get backup archives off the disk to another location for safe keeping, but the bulk of the work in backing up and restoring the operating system is done for us.

        Where I feel the distribution runs into trouble is mostly little details, and a few general concepts. For example, asking the user to create an “admin” password but leaving the root password as the default is both likely to confuse people and leave a permanent security hole on the servers of most inexperienced hobbyist administrators. On the topic of accounts, it makes sense, from a security standpoint, to separate web accounts from system accounts. But, this means there may be some confusion as to why, once an account has been created, it cannot log into the system. Little concepts like this may throw new users and I don’t feel these issues are well addressed by the documentation.

        The first time through, the system installer failed during the partitioning section. It worked the second time though with the same settings, so I’m not sure if this is a semi-persistent bug or a one-time error with my system.

        On the whole, YunoHost performs well. It’s light on resources, it offers a lot of common network services home administrators will probably want and it is pretty easy to run and maintain. There are a few little wrinkles in the experience, but in general I found the distribution to be straight forward to use. For people looking to set up a home server, this is probably a good platform on which to build.

    • Red Hat Family

      • Kubernetes on Metal with OpenShift

        My first concert was in the mid-80s, when AC/DC came to the Providence Civic Center in Rhode Island, and it was glorious. Music fans who grew up in the 80s will fondly remember the birth of MTV, the emergence of the King of Pop and the heyday of rock-n-roll’s heavy metal gone mainstream era, when long hair and guitar riffs both flowed freely. So recently when Def Leppard joined Journey at Fenway Park in Boston for their 2018 joint tour, I knew I had to be there.

        Metal also dominated the datacenter in the 80s and 90s, as mainframes and minicomputers made way for bare-metal servers running enterprise applications on UNIX and, soon after, open source Linux operating systems powered by Red Hat. Just like heavy metal eventually made way for the angst-filled grunge rock era of the 90s, so too did application provisioning on bare metal make way for the era of virtualization driven by VMWare – with subsequent VM sprawl and costly ELAs creating much angst to this day for many IT organizations.

      • Security Technologies: Stack Smashing Protection (StackGuard)

        In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function return address, which leads to several interesting exploitation techniques like ret2libc, ret2gets, and ret2plt. With all of these methods, the function return address is overwritten and attacker controlled code is executed when the program control transfers to overwritten address on the stack.

      • Keeping both of your OpenShift Container Platforms Highly Available with Keepalived and HAproxy

        Until Kubernetes Federation hits the prime time, a number of solutions have sprung up as stop gaps to address geographically dispersing multiple cluster endpoints: stretch clusters and multiple clusters across multiple datacenters. The following article discusses how to configure Keepalived for maximum uptime of HAproxy with multiple cluster endpoints. In the following documentation an HAproxy and Keepalived configuration will be discussed in detail to load balance to the cluster(s) endpoints.

        In a production environment a Global server load balancing (GSLB) or Global Traffic Manager (GTM) would be used to give a differing IP address based on the originating location of the request. This would help to ensure traffic from Virginia or New York would get the closest location to the originating request.

      • How to integrate A-MQ 6.3 on Red Hat JBoss EAP 7
      • The Open Brand Project | The helpful guy in the red hat.

        A big part of the Red Hat Open Brand Project has been looking back at our past and examining our roots. It is important that we imbue the new symbol with as much shared meaning from our history and culture as possible. To represent ourselves, we have to understand our origins.

        Before there was Shadowman, before there was a red fedora, before we were an enterprise technology company, and before we helped make open source a driving force of technology innovation, we had our name.

      • Finance

      • Fedora

        • Release 1.0.0

          Flatpak 1.0 is the first version in a new stable release series. This
          new 1.x series is the successor to the 0.10.x series, which was first
          introduced in October 2017. 1.0 is the new standard Flatpak version,
          and distributions are recommended to update to it as soon as possible.

          The following release notes describe the major changes since
          0.10.0. For a complete overview of Flatpak, please see

        • Linux Application Sandboxing And Distribution Framework Flatpak Reaches Version 1.0 Stable

          Flatpak, the Linux application sandboxing and distribution framework, has reached version 1.0 stable. Compared to the previous stable series (0.10.x), the new version should have faster installation and updates, it allows marking applications as end-of-life, and it asks the user to confirm app permissions at install time, among other improvements.

          Flatpak is a software utility for software deployment, package management, and application virtualization for Linux. Applications built with Flatpak can run on almost any Linux distribution. Flatpak applications run in a sandbox environment in which the applications are isolated from the rest of the system, and require permission from the user to access the user’s files or access hardware devices.

        • Flatpak Linux App Sandboxing Hits 1.0 Milestone After Three Years in Development

          The Flatpak Linux application sandboxing and distribution framework, formerly XDG-App, used for building and distributing conternized apps on Linux desktops, has hit today the 1.0 milestone.

          After being in development for more than three years, the widely-used Flatpak Linux application sandboxing and distribution framework has finally reached the 1.0 version, which means that it’s mature enough to be deployed and used in production environments for distributing and running Linux apps.

          “Flatpak 1.0 is the first version in a new stable release series. This new 1.x series is the successor to the 0.10.x series, which was first introduced in October 2017. 1.0 is the new standard Flatpak version, and distributions are recommended to update to it as soon as possible,” said developer Alexander Larsson.

        • Flatpak 1.0 Released For Delivering The Best Linux App Sandboxing
        • Flatpak 1.0 released

          The 1.0 release of the Flatpak application distribution system is out. There are a number of performance improvements, the ability to mark applications as being at end-of-life, up-front confirmation of requested permissions, and more. “Apps can now request access the host SSH agent to securely access remote servers or Git repositories.”

        • Flatpak 1.0 Released with ‘Significant Improvements’
        • Decentralize common Fedora apps with Cjdns

          Are you worried about a few huge corporations controlling the web? Don’t like censorship on centralized social media sites like facebook and twitter? You need to decentralize! The internet was designed to be decentralized. Many common activities, from social media to email to voice calls, don’t actually require a centralized service.

          The basic requirement for any peer to peer application is that the peers be able to reach each other. This is impossible today for most people using IP4 behind NAT (as with most household routers). The IP4 address space was exhausted over a decade ago. Most people are in “IP4 NAT Jail.”

          Your device is assigned a private IP, and translated to the public IP by the router. Without port forwarding to a specific private IP, incoming TCP connections or UDP sessions can’t tell where to forward to, and are dropped. As a result, nothing can connect to your device. You must connect to various public servers to do anything. IP4 NAT Jail forces centralization.

    • Debian Family

      • Derivatives

        • Latest Deepin Linux Release Promises to Consume Less Memory Than Ubuntu, Windows

          Coming just two months after the Deepin 15.6 release that introduced new Light and Dark themes, Deepin 15.7 is now available with a focus on performance. It smaller ISO size by removing unnecessary components and optimizing the core system structure, better power optimization for laptops for up to 20 percent battery life, and improved memory usage.

          “Deepin 15.7 has made a series of adjustments and optimizations in memory usage. In the standard configuration, the boot memory has decreased from 1.1G to 830M, and reduced to less than 800M on a discrete graphics card,” wrote the devs in today’s announcement, where they compared the memory consumptions of Deepin 15.7, Deepin 15.6 and other operating systems on the same computer.

        • Canonical/Ubuntu

          • Ubuntu 18.10 (Cosmic Cuttlefish) Daily Lives Now Ship with Yaru Theme by Default

            We’ve been waiting for this moment for a couple of weeks now and we’re proud to be the first to report that the Yaru theme developed by various members of the Ubuntu Linux community has now finally been enabled by default in the daily builds of the Ubuntu 18.10 (Cosmic Cuttlefish) operating system.

            Of course, we immediately took a screenshot tour of the Yaru theme on today’s Ubuntu 18.10 (Cosmic Cuttlefish) daily build so we can show you how great it looks. We think it’s a professional theme that matures Ubuntu to the next level, and it is definitely a step in the right direction for the look and feel of the Ubuntu Desktop.

          • Canonical Apologizes for Ubuntu 14.04 LTS Linux Kernel Regression, Releases Fix

            The kernel security update addressed both the L1 Terminal Fault vulnerabilities, as well as two other security flaws (CVE-2018-5390 and CVE-2018-5391) discovered by Juha-Matti Tilli in Linux kernel’s TCP and IP implementations, which could allow remote attackers to cause a denial of service.

            Unfortunately, on Ubuntu 14.04 LTS (Trusty Tahr) systems, users reported that the mitigations also introduced a regression in the Linux kernel packages, which could cause kernel panics for some users that booted the OS in certain desktop environments.

          • Ubuntu 18.10 Daily Builds Ship with New Default Theme

            Ubuntu has a striking new look in the latest daily builds of Ubuntu 18.10 ‘Cosmic Cuttlefish’. The community created Yaru GTK theme and the Suru icon theme are now part of the default image and set as the default GTK and GNOME Shell theme. Unexpected? In shock?

          • Flavours and Variants

            • What’s New in Ubuntu Kylin 18.04 LTS

              Ubuntu Kylin 18.04 LTS is the latest version of Ubuntu Kylin. As part of Ubuntu 18.04 Flavor, this release ships with UKUI desktop environment 1.0 series. Linux kernel has been updated to 4.15. Besides, all the special software and the jointly developed software are updated to the new version, including Kylin Assistant, Ubuntu Kylin Software Center, Kylin Video, Youker Weather, Sougou Pinyin and WPS Office. Especially, Electronic Wechat and Burner have been added to the default normal install for better user experience in work and entertainment.

              WPS Office is a suite of software which is made up of three primary components: WPS Writer, WPS Presentation, and WPS Spreadsheet. Ubuntu Kylin team is working with Kingsoft Corp to continue providing WPS for Ubuntu Kylin users for free. Foxit reader is based on the Foxit for Linux and designed for Chinese user to be simple during installation. It provides a way to view, create and sign PDF files, and add annotations to them.

  • Devices/Embedded

Free Software/Open Source

  • Keeping patient data safe with open source tools

    Healthcare is experiencing a revolution. In a tightly regulated and ancient industry, the use of free and open source software make it uniquely positioned to see a great deal of progress.

    I work at a scrappy healthcare startup where cost savings are a top priority. Our primary challenge is how to safely and efficiently manage personally identifying information (PII), like names, addresses, insurance information, etc., and personal health information (PHI), like the reason for a recent clinical visit, under the regulations of the Health Insurance Portability and Accountability Act of 1996, HIPAA, which became mandatory in the United States in 2003.

  • Why Salesforce is open sourcing the AI technology behind Einstein

    Branded TransmogrifAI, the AutoML library is less than 10 lines of Scala code written on top of Apache Spark, and can be used by developers looking to train machine learning models to predict customer behaviour without having to use a large data set for training.

  • What Does “Ethical” AI Mean for Open Source?

    It would be an understatement to say that artificial intelligence (AI) is much in the news these days. It’s widely viewed as likely to usher in the next big step-change in computing, but a recent interesting development in the field has particular implications for open source. It concerns the rise of “ethical” AI.

    In October 2016, the White House Office of Science and Technology Policy, the European Parliament’s Committee on Legal Affairs and, in the UK, the House of Commons’ Science and Technology Committee, all released reports on how to prepare for the future of AI, with ethical issues being an important component of those reports. At the beginning of last year, the Asilomar AI Principles were published, followed by the Montreal Declaration for a Responsible Development of Artificial Intelligence, announced in November 2017.

    Abstract discussions of what ethical AI might or should mean became very real in March 2018. It was revealed then that Google had won a share of the contract for the Pentagon’s Project Maven, which uses artificial intelligence to interpret huge quantities of video images collected by aerial drones in order to improve the targeting of subsequent drone strikes. When this became known, it caused a firestorm at Google. Thousands of people there signed an internal petition addressed to the company’s CEO, Sundar Pichai, asking him to cancel the project. Hundreds of researchers and academics sent an open letter supporting them, and some Google employees resigned in protest.

  • Haiku: R1/beta1 release plans – at last

    At last, R1/beta1 is nearly upon us. As I’ve already explained on the mailing list, only two non-“task” issues remain in the beta1 milestone, and I have prototype solutions for both. The buildbot and other major services have been rehabilitated and will need only minor tweaking to handle the new branch, and mmlr has been massaging the HaikuPorter buildmaster so that it, too, can handle the new branch, though that work is not quite finished yet.

  • Haiku OS R1 Beta Is Finally Happening In September

    It’s been five years since the last Haiku OS alpha release for their inaugural “R1″ release but next month it looks like this first beta will be released, sixteen years after this BeOS-inspired open-source operating system started development.

  • IBM Scores More POWER Open-Source Performance Optimizations

    Following our POWER9 Linux benchmarks earlier this year, IBM POWER engineers have continued exploring various areas for optimization within the interesting open-source workloads tested. Another batch of optimizations are pending for various projects.

  • Events

    • DevConf.in 2018

      Earlier this month, I attended DevConf.in 2018 conference in Bengaluru, KA, India. It was sort of culmination of a cohesive team play that began for me at DevConf.cz 2018 in Brno, CZ. I say sort of because the team is already gearing up for DevConf.in 2019.

  • Web Browsers

    • Mozilla

      • Mozilla files arguments against the FCC – latest step in fight to save net neutrality

        Today, Mozilla is filing our brief in Mozilla v. FCC – alongside other companies, trade groups, states, and organizations – to defend net neutrality rules against the FCC’s rollback that went into effect early this year. For the first time in the history of the public internet, the FCC has disavowed interest and authority to protect users from ISPs, who have both the incentives and means to interfere with how we access online content.

        We are proud to be a leader in the fight for net neutrality both through our legal challenge in Mozilla v. FCC and through our deep work in education and advocacy for an open, equal, accessible internet. Users need to know that their access to the internet is not being blocked, throttled, or discriminated against. That means that the FCC needs to accept statutory responsibility in protecting those user rights — a responsibility that every previous FCC has supported until now. That’s why we’re suing to stop them from abdicating their regulatory role in protecting the qualities that have made the internet the most important communications platform in history.

        This case is about your rights to access content and services online without your ISP blocking, throttling, or discriminating against your favorite services. Unfortunately, the FCC made this a political issue and followed party-lines rather than protecting your right to an open internet in the US. Our brief highlights how this decision is just completely flawed…

      • Using Brotli compression to reduce CDN costs

        The Snippets Service allows Mozilla to communicate with Firefox users directly by placing a snippet of text and an image on their new tab page. Snippets share exciting news from the Mozilla World, useful tips and tricks based on user activity and sometimes jokes.

        To achieve personalized, activity based messaging in a privacy respecting and efficient manner, the service creates a Bundle of Snippets per locale. Bundles are HTML documents that contain all Snippets targeted to a group of users, including their Style-Sheets, images, metadata and the JS decision engine.

        The Bundle is transferred to the client where the locally executed decision engine selects a snippet to display. A carefully designed system with multiple levels of caching takes care of the delivery. One layer of caching is a CloudFront CDN.

      • Working around the extension popout-tab refusing to close on Firefox for Android

        How do you close an web extension popout-winndow (the small window that appears when you click on on extension’s toolbar button)? On the desktop, all you need is a simple window.close(). Because of the limited available screen space Firefox on Android have popout-tabs instead of popout-windows. Users can dismiss these tabs by pressing the back button, closing them manually, or switching to another tab. However, they’re deceptively difficult to close pragmatically.

        This article was last verified for Firefox 61, and applies to Firefox for Android versions 57 and newer.

        It’s common for web extension popout-windows to close themselves after the user has completed an action in them. While many web extensions work on Firefox for Android, users often have to manually close the popout-tabs on their own.

  • Pseudo-Open Source (Openwashing)

  • Funding

    • The Unitary Fund: a no-strings attached grant program for Open Source quantum computing

      Quantum computing has the potential to be a revolutionary technology. From the first applications in cryptography and database search to more modern quantum applications across simulation, optimization, and machine learning. This promise has led industrial, government, and academic efforts in quantum computing to grow globally. Posted jobs in the field have grown 6 fold in the last two years. Quantum computing hardware and platforms, designed by startups and tech giants alike, continue to improve. Now there are new opportunities to discover how to best program and use these new machines. As I wrote last year: the first quantum computers will need smart software.

      Quantum computing also remains a place where small teams and open research projects can make a big difference. The open nature is important as Open Source software has the lowest barriers for others to understand, share and build upon existing projects. In a new field that needs to grow, this rapid sharing and development is especially important. I’ve experienced this myself through leading the Open Source Forest project at Rigetti Computing and also by watching the growing ecosystem of open projects like QISKit, OpenFermion, ProjectQ, Strawberry Fields, XaCC, Cirq, and many others. The hackathons and community efforts from around the world are inspiring.

  • Openness/Sharing/Collaboration

  • Programming/Development

    • rfoaas 2.0.0: Updated and extended

      FOAAS upstream recently went to release 2.0.0, so here we are catching up bringing you all the new accessors from FOAAS 2.0.0: bag(), equity(), fts(), ing(), particular(), ridiculous(), and shit(). We also added off_with() which was missing previously. Documentation and tests were updated. The screenshot shows an example of the new functions.

    • Introduction to writing pipelines-as-code and implementing DevOps with Jenkins 2

      One of the key ideas of DevOps is infrastructure-as-code—having the infrastructure for your delivery/deployment pipeline expressed in code—just as the products that flow it.

    • Intel’s Beignet OpenCL Driver Updated To Work With LLVM 6/7

      Intel stopped developing their Beignet open-source Linux OpenCL driver in February to concentrate all efforts now around their new Intel OpenCL NEO platform. But commits landed today with a few improvements for those still using Beignet.

      Independent contributor to the Beignet OpenCL stack Rebecca Palmer submitted a number of patches recently that were added to mainline Beignet, the first commits to this OpenCL library since early February.


  • Hardware

    • Apple iPad’s Battery ‘Almost’ Explodes, Injures 3 Employees At Apple Store

      As reported by iCulture, an iPad battery almost exploded at Apple’s Amsterdam Store and injured three employees due to harmful fumes released into the air. This is one of a kind incident as we haven’t heard any news of an explosion in iPad’s battery in the past. However, there have been several similar incidents involving iPhones.

  • Health/Nutrition

  • Security

  • Defence/Aggression

    • Sweden: Dozens of cars set on fire in one night

      Around 80 cars were set on fire and a further 40 vandalized in the city of Gothenburg in western Sweden on Monday night, according to Hans Lippens, police spokesman for the country’s western region.

      It is not unusual for such attacks to take place in Sweden in the week before schools reopen after the summer holiday [...]

    • More Than 80 Cars Burned by Youths in Southern Sweden Overnight

      More than 80 cars were set ablaze in cities across southwestern Sweden overnight as groups of masked youths threw stones and started fires in what may have been a coordinated action.

    • Up to 80 cars set on fire by ‘youths’ in Sweden in night of mayhem

      A police spokesperson also told TT : “We know from experience that these kinds of fires more often happen the week before schools start than other weeks.”

    • US-based embassy officers to be quizzed over CIA letter leak

      Several officers based at the Malaysian Embassy in Washington will be called up in the investigation into the leaked letter to the United States’ Central Intelligence Agency, says the Inspector-General of Police.

      Tan Sri Mohamad Fuzi Harun said so far, police had recorded the statements of several persons of interest, including Datuk Hasanah Abdul Hamid, the former Malaysian External Intelligence Organisation (MEIO) chief.

      “We will wait for the officers based in Washington to return and we will record their statements.

      “The investigation involves the leaked letter and other relevant police reports on the matter,” he told reporters after attending the Bukit Aman monthly assembly yesterday.

      It was reported that on July 31, the veracity of the letter was confirmed by Hasanah’s lawyer Datuk Shahar­udin Ali, who said that this fell under the Official Secrets Act.

    • Russia says downed 45 drones aimed at Syria base
    • Russia: Drone attacks on Syria base increasing

      Russian air defense assets in Syria have downed 45 drones targeting their main base in the country, its military said Thursday, after an attack by the Islamic State of Iraq and the Levant militant group on a Syrian Army base a day earlier killed seven troops.

      The Russian Defense Ministry spokesman, Maj. Gen. Igor Konashenkov, said that five of them were shot down in the last three days near the Hemeimeem Air Base. The base in the province of Latakia serves as the main hub for Russian operations in Syria.

    • Russia says drone attacks on its bases in Syria are increasing
    • US Benghazi Operator Accuses Brennan of ‘Putting His Politics Before’ CIA Team

      Although the former CIA director enjoyed a lot of support from his former colleagues in the intelligence community after US President Donald Trump stripped him of his security clearance, the news also caused a stir among a number of widely known special operations stars, who suggested Brennan deserved it and even got off cheap.

      “He is lucky the security clearance is all he is getting away with,” Kris “Tanto” Paronto, a former Army Ranger and private security staffer who fought back during the 2012 Benghazi terror attack as part of the CIA team, told Fox News in an interview on Friday.

    • Brennan, CIA ‘Kool-Aid drinkers’ blasted by Benghazi terror survivor

      Benghazi terror attack survivor Kris Paronto made it clear this week that he won’t be defending former CIA director John Brennan anytime soon.

      The former Army Ranger and CIA contractor who lived to tell the tale of the Sept. 11, 2012 terrorist attacks in Benghazi, Libya, said Mr. Brennan essentially got off easy when President Trump revoked his security clearance.

      Mr. Paronto lost his security clearance years ago for telling his account of the attack.

      Amb. Christopher Stevens, foreign service officer Sean Smith, and CIA contractors Tyrone S. Woods and Glen Doherty were killed during the siege on a CIA compound.

    • China’s Dismantling Of CIA Spy Ring Highlights Growing Dystopian-Like Surveillance State

      A new report has described how a catastrophic failure on the part of the Central Intelligence Agency, combined with the Chinese government’s steadily more sophisticated internet monitoring capabilities, led to the dramatic collapse of an American intelligence network in China and the executions of dozens of spies and their associates. The incident is just one example of how authorities in Beijing are overseeing the creation of an ever more effective police state, complete with technology and tactics straight out of a certain genre of near-future science fiction movie.

      Earlier in August 2018, Foreign Policy revealed how Chinese state security officials were able to completely dismantle a CIA-run intelligence operation over the course of two years, beginning in 2010. The New York Times first broke the news of the debacle in 2017, but its sources either did not disclose or did not know exactly what had happened or the true scale of China’s response. In May 2018, U.S. officials charged former CIA officer Jerry Chun Shing Lee with conspiracy to commit espionage over the affair, nearly five months after indicting him for retaining classified information.

    • Security News This Week: A Devastating Report on the CIA’s Deadly Mistakes in China

      There’s no such thing as summer vacation in security, and researchers started off this week by disclosing a problematic flaw in Intel processors that undermines the company’s so-called secure enclave offering, and potentially other capabilities like virtual machines. A different group of analysts realized that they could potentially take a power grid down by conscripting air conditioners, water heaters, and other devices into a botnet and coordinating a massive power draw. And yet another research team exposed risks in how developers manage app storage on Android. Plus, an analysis of five body camera models found that the devices are deeply insecure and vulnerable to an array of attacks, including the troubling potential for footage manipulation.

      Activists in Syria are establishing a sensor network to give civilians advanced warning about airstrikes, invisible mouse clicks (called “synthetic clicks”) could let malware onto macOS devices, and vulnerabilities in fax machines are putting lots of corporate networks at risk—even in 2018. Meanwhile, WIRED analyzed seven Fortnite imposter apps and found all the malware and general sketchy junk you’d expect, and researchers are developing methods for tracking and identifying hackers through behavioral patterns.

    • How the CIA’s China Miscalculation Cost 30 Lives

      They thought they were invincible. Starting in 2010 and lasting for two years, Chinese authorities dismantled the CIA’s network of assets in their country. Some sources fled, while others were given large sums of cash and left behind. But no one detained by Chinese intelligence survived. Now it’s thought that China was able to crack into the CIA’s online communication system. Agents in China have reportedly reverted to older methods of spycraft like meeting in person, with some intelligence experts wondering if internet-based systems can ever be counted on again.

    • A CIA double agent and bad software led to China executing as many as 30 American intelligence assets

      However, that significant breach of security does not account for everyone killed by the Chinese during the two-year span of time. Instead, it seems likely that Chinese intelligence officers used the network identified through the communications platform to identify working assets and agents, then followed them to identify others that were not a part of the system breach. It remains unclear how Chinese authorities gained access to the system, though it could potentially have happened in a number of ways.

      There’s a high likelihood a former CIA officer named Jerry Chun Shing Lee aided the Chinese in gaining access. He was indicted on espionage charges earlier this year after it was revealed that he had accepted hundreds of thousands of dollars worth of payments from the Chinese government, however, the CIA’s use of a communications platform originally designed for operations in the Middle East shares some of the blame. As compared to China, the Middle East is not a heavily contested digital environment. China’s strict control over its own population, particularly in the digital sphere, makes the use of such a system a questionable decision at best.

    • A secure communications flub cost the CIA its Chinese network
    • REPORT: A Breach In The CIA’s Communications System Led To The Destruction Of Its Entire China Spy Network
    • CIA screwup may have allowed China to identify and execute dozens of US spies
    • The CIA falsely believed it was ‘invincible’ in China — here’s how its spies were reportedly discovered in one of the biggest blows to the agency
    • How CIA mistakes led to dozens of spies dead

      “It migrated to countries with sophisticated counterintelligence operations, like China,” an official said.

      “The attitude was that we’ve got this, we’re untouchable.”

      Intelligence officers and their sources were able to communicate with each other using ordinary laptops or desktop computers connected to the internet, marking a stark departure from some of the more traditional methods of covert communication.

      This “throwaway” encrypted program, which was assumed to be untraceable and separate from the CIA’s main communication line, was reportedly used for new spies as a safety measure in case they double-crossed the agency.

    • PKK chief hit in drone-backed operation

      A senior figure of the outlawed Kurdistan Workers’ Party (PKK) was killed in a joint operation by the Turkish military and the National Intelligence Organization (MİT) backed by unmanned aerial vehicles in the northern Iraqi town of Sinjar on Aug. 15.

      İsmail Özden—codenamed Mam “Uncle” Zaki Shingali—was reportedly responsible for the group’s activities in the Sinjar town and was also a member of the group’s so-called “executive council.” Özden was reported to have been in charge of the PKK’s illegal drug and arms trafficking in the region.

    • Religious Divisions Threaten to Further Inflame Ukrainian Civil War

      During the American Civil War, in which 620,000 people were slaughtered on the battlefields alone and hundreds of thousands more injured, the organization of the Roman Catholic Church in the American north and south remained united throughout the war and after.

      The same cannot be said for the four-year-old civil war in Ukraine, which has deepened existing divisions among Orthodox Christians in the country.

      Tensions are rising to the point that the Ukrainian government has been accused of suppressing the celebration of the 1030th anniversary of the coming of Christianity to ancient Rus, the proto-state of Eastern Slavs, which included the territories of modern Ukraine, Russia and Belarus. The government is being blamed for involvement in an effort to eliminate the original historic church of the Ukrainian Orthodox Church of the Moscow Patriarchate (UOC-MP), because of its affiliation with Russia and the word “Moscow” in its name.

      The UOC-MP currently includes more than 12,000 of about 18,000 parishes in Ukraine, and is headed by Ukrainian Metropolitan Onuphrius, under the higher spiritual authority of Patriarch Kirill of Moscow and All Rus, seated in Moscow.

      On July 27, a solemn march celebrating the 1030th anniversary of the baptism of Rus by Prince Vladimir the Great of Kiev in 988 AD drew 250,000 faithful of the UOC-MP in Kiev despite the attempt to sabotage it by the U.S.-backed Ukrainian government of President Petro Poroshenko. According to numerous testimonies by UOC-MP’s priests, published in the Ukrainian press, transportation was cut off from outlying parishes and believers were intimidated.

    • MSM Finally Concedes Defeat On Yemen, Ceases Blackout Of Coverage

      Last month, an article by Fair.org went viral in republications by popular alternative media outlets ranging from Salon to Zero Hedge to Alternet to Truthdig, among many others. The article was initially titled “ACTION ALERT: It’s Been Over a Year Since MSNBC Has Mentioned US War in Yemen”, but many subsequent republications went with variations on the more attention-grabbing headline, “MSNBC has done 455 Stormy Daniels segments in the last year — but none on U.S. war in Yemen”.


      Ever since the Saudi-led assault on Yemen began in March of 2015, alternative media outlets everywhere have been repeatedly and aggressively decrying the mainstream media in the US and UK for their spectacular failure to adequately and accurately cover the violence and humanitarian disaster with appropriate reporting on who is responsible for it. After the 2016 US election, journalist Michael Tracey wrote an essay documenting how throughout the entire year and a half that Americans were pummeled with updates from the mass media about candidates and their campaigns, not one single question about Yemen was ever asked by any mainstream outlet of any candidate.

      This is of course outrageous, but because of how media coverage works, mainstream attention was never drawn to the problem. It hasn’t been a total media blackout, but because it only turns up in mainstream media reports every once in a while with little if any emphasis being placed on who is behind the devastation, it occupies a very peripheral place in western consciousness. The average American would probably be able to tell you that some parts of their government appear to be concerned about Russia, Syria, Iran and North Korea, because those rival nations have been the subject of intense mass media coverage, but if you asked them about Yemen you’d likely be told something like “I think there’s some kind of humanitarian crisis there?”, if anything.

  • Transparency/Investigative Reporting

    • Julian Assange pardon push going nowhere one year later

      A congressman who doubts that Russia hacked Democratic emails during the 2016 election has been unable to speak with President Trump despite a full year attempting to broker a pardon for WikiLeaks editor Julian Assange in exchange for information disproving Russian culpability.

      It’s unclear why exactly the White House has kept Rep. Dana Rohrabacher, R-Calif., at an arm’s length, and whether the decision is an example of uncharacteristic restraint by Trump or a result of interference by deputies fearing reputational or legal hazards.

      Rohrabacher told the Washington Examiner he believes that fear of special counsel Robert Mueller’s Russia investigation has prevented the conversation from happening.

      “Assange assured me the Russian government was not responsible for the hacking and distribution of the DNC emails during the 2016 election. Assange told me he had hard evidence to prove that case, and there are highly qualified retired intelligence officers who back up his claim,” Rohrabacher said.

    • Over 4000 New MKUltra Documents Requested from CIA after Crowdfunding Campaign

      housands of new documents from Project MKUltra, the Central Intelligence Agency’s mid-century mind control program, will soon be released. The new records include 4,358 undisclosed pages regarding MKUltra’s “behavior modification” efforts.

      John Greenewald, founder of The Black Vault, a site specializing in declassified government records obtained via Freedom of Information Act (FOIA) requests, first uploaded MKUltra documents in 2004—tens of thousands of pages, spread over four CD-ROMs. The document index alone is 85 pages.

    • Internet Users Crowdfund Release of 4358 CIA MKUltra Documents

      John Greenewald of Black Vault, a website that publishes government documents, appealed to the internet for help after the agency refused to waive the $425 fee it was demanding to release the documents. Greenewald, who has been filing FOIA requests for two decades, had previously published files on MKUltra, a program best known for dosing individuals with drugs like LSD to research mind control. The program was shut down, and the documents were reportedly destroyed in 1973 at the order of then-director Richard Helms, but some were eventually released.

    • CIA releases President Truman’s first daily intelligence briefings
    • The Lies at the Heart of the Mueller Indictments: Framing Assange

      In the prologue of this series, we saw the breathtaking scope of Mueller’s dishonesty regarding the behavior and motives of one of them: the mysterious “Guccifer 2.0” (G2), who emerged online to take credit for the now-infamous Russian hack of the Democratic National Committee’s servers just one day after the Washington Post broke the story with the headline: “Russian government hackers penetrated DNC, stole opposition research on Trump.”

  • Environment/Energy/Wildlife/Nature

    • Forest fires threaten Asian Games as hotspots flare up in Sumatra

      Authorities in South Sumatra province detected 198 fire hotspots across the province in July, most of them in districts with a long history forest fires. These include the districts of Ogan Komering Ilir and Ogan Ilir, both close to the provincial capital, Palembang, which is co-hosting this year’s Asian Games. Tens of thousands of athletes, officials and visitors from 45 countries are expected to attend the Games, which Jakarta is also co-hosting.

    • Florida Is Having a 10-Month Streak of Toxic Red Tide

      Red tides occur across the globe and are caused by a variety of algal species. The microorganism behind Florida’s outbreak is Karenia brevis, a marine dinoflagellate that releases brevetoxins, neurotoxic compounds that can be lethal to wildlife and cause neurological, respiratory, and gastrointestinal problems in humans. This year’s blooms have left hundreds of animals, including fish, turtles, and manatees, dead on the state’s shores.

      The outbreak shows no signs of abating anytime soon. “We’re entering into what’s typically the bloom season,” says Marc Suddleson, the program manager for the National Oceanic and Atmospheric Association’s (NOAA) Harmful Algal Blooms Program. “[So] it’s possible that conditions will favor [its] persistence throughout the end of the summer into early fall.”

    • DNC reverses ban on fossil fuel donations

      The Democratic National Committee (DNC) overwhelmingly passed a resolution on Friday evening saying it welcomes donations from fossil fuel industry workers and “employers’ political action committees.”

      Critics of the newly passed resolution are calling it a reversal of the DNC’s recently adopted ban on accepting donations from fossil fuel companies’ political organizations.

    • Native Tribes Are Taking Fire Control Into Their Own Hands

      Usually, if a prescribed burn gets out of control, it’s due to inexperience. But among the Karuk, Yurok, and Hupa, fire knowledge is deep—and now that laws are changing, that knowledge can finally be applied. Preston attends a yearly managed-fire training program, TREX, in her small hometown of Orleans. The two-week program attracts about 80 to 100 participants, who learn to spray water, create fire buffers, and determine safe temperature and wind conditions for managed fires. At the end, the teams conduct a prescribed burn on a few hundred acres of forest. Trained youth teach their new skills to their parents, filling in generational gaps where traditions were lost (federal policies separated Karuk children from their families for “re-education” in the early 1900s).

    • Standing Rock: Tribes await court ruling due August 10

      This baneful jurist will be deciding whether the U.S. Army Corps of Engineers adequately considered the detrimental effects on the Standing Rock Sioux and the Cheyenne River Sioux Tribes of the approval of the Dakota Access Pipeline (DAPL).

    • Out of spotlight, tribes keep fighting Dakota pipeline

      Native American tribes that tried to block the Dakota Access oil pipeline during a months-long standoff with authorities in North Dakota more than a year ago are carrying on their fight in federal court, in what they contend is a symbol of their ongoing struggle for tribal sovereignty.

    • Examined: Indigenous Resistance To Major Oil Pipelines

      Last month, TransCanada told the Cheyenne River Sioux and several other First Nations in a letter that the company is preparing to place machinery along the pipeline’s route for a 2019 construction start date.

    • The Latest Pipeline Battle Is Ramping Up in New York

      It’s understandable, then, that New Yorkers are not looking kindly upon a new fracked-gas pipeline that’s proposed to snake its way mere miles from the same areas hardest hit by Hurricane Sandy. Banding together in a coalition of environmental groups and local communities, they are now organizing to prevent the construction of the Northeast Supply Enhancement pipeline.

    • Abandoned baby orangutan rescued after it was found crying alone in bushes

      A baby orangutan – whose mother is presumed dead – has been rescued by heroic locals after being found weeping alone in the jungle.

      A plantation worker called Rahman found the adorable ape crying in the bushes and reported the discovery to his manager.

      Thinking the baby’s mother would return to retrieve him, they left him where he was but when they went back the next day they were upset to discover he was still in the same place, all alone.

      A team from International Animal Rescue (IAR) and members of the Natural Resources Conservation Centre (BKSDA) in West Borneo travelled to the oil palm plantation in Tanjung Pasar Village in Ketapang District where Rahman and his co-workers were waiting to hand the baby over.

    • Watchdog closes probe into alleged censorship of Park Service climate report

      The Interior Department’s internal watchdog said it closed its investigation into alleged censorship of a National Park Service (NPS) report because it was released without edits.

      Reveal reported in April that Trump administration officials had removed mentions of climate change from a draft report examining the impact to NPS sites from sea-level rise and storm surges.

      That prompted Interior’s Office of the Inspector General (OIG) to investigate, after five House Democrats, led by House Natural Resources Committee ranking member Raúl Grijalva (D-Ariz.), asked for the probe.

    • IG halts climate censorship investigation

      The Interior Department’s Office of Inspector General has dropped its investigation into allegations that the National Park Service censored a climate change report.

  • Finance

    • Amazon’s India Chief Takes Stand Against Work Email After 6 p.m.

      Psychologists, sleep laboratories and fertility clinics have raised concerns about the mental and physical toll wrought by the frenetic work schedule. Insomnia, depression and suicidal tendencies are rampant symptoms, said Dr. S. Kalyanasundaram, a well-known psychiatrist who sees many technology workers in his thriving south Bangalore practice. “These days I see many 25- and 28-year-olds suffering heart attacks, something I haven’t seen in my four decades in this field,” he said.

      The doctor said all of his Saturday appointments are reserved for tech workers and often booked months in advance.

    • Turkey shaken by financial fears, Trump rattles it further

      On Thursday, Erdogan said “If they have their dollar, we have the people, we have Allah.”

    • What a campaign to revive Russia’s urban spaces means for civil society
    • Who Profits From Our Prison System?

      The prison economy rests on an opaque, often unaccountable economic infrastructure, with its own private-equity financiers, holding companies, and multinational executives. Since the financial transactions driving incarceration are typically private and unregulated, according to CAP director Bianca Tylek, their analysis aims “to help people understand just how big this space is,” particularly because, often, “companies spend their money in a way to further entrench or expand the use of our criminal-legal system, and who it ends up touching.”

  • AstroTurf/Lobbying/Politics

    • Twitter Explains #BreakingMyTwitter

      On August 16, Twitter shuttered two legacy APIs that it had announced would be removed earlier this year. Developers of a number of popular third-party Twitter clients warned that the shutdown of the User Streams and Site Streams APIs would negatively affect users of their apps and, as a #BreakingMyTwitter backlash evidences, it turns out they were right.

      One app, Tweetbot for iOS, for instance, no longer supports automatic timeline refreshing, and push notifications for events such as likes and follows, have been removed. Tweetbot’s maker, Tapbots, removed its Twitter client app for Apple Watch entirely.

    • Twitter CEO: ‘We are not’ discriminating against any political viewpoint
    • Jack Dorsey Finally Realized Twitter Has A Toxic Environment

      Twitter’s efforts to clean up its platform often feels like a drop in the ocean, and now its CEO finally seems to be acknowledging this fact.

      In an interview with CNN, Chief Executive Jack Dorsey said that the company is working to clean up the toxic atmosphere created by individuals on the platform.

    • Tired of Twitter? Join Me on Mastodon

      Here’s what Mastodon is: an open-source, community-run microblogging website. It lets you post “toots,” and you can “boost” other users’ posts. It’s mostly like Twitter, but instead of living in one place, the social network lives in different chunks, called “instances,” each with its own rules and administrators. That’s what makes up a “federation,” and it protects the integrity of the service—there is no single, central server. So, if one instance stops paying for their [I]nternet or forgets to re-up their URL, the rest are unharmed in their semi-permeable silos.

    • Twitter was supposed to spread democracy, not Trump’s ravings

      Here’s the $64,000 question for our time: how did digital technologies go from being instruments for spreading democracy to tools for undermining it? Or, to put it a different way, how did social media go from empowering free speech to becoming a cornerstone of authoritarian power?

    • Twitter CEO commits to fixing the platform’s ‘toxic’ content problem, but gives no timetable

      Later, he added, “We have to understand first the problem we’re trying to solve, like what incentives we actually want to drive; not just what we want to remove, but what we want to drive.” But he said he knows he wants incentives “that encourage people to talk and to have healthy conversation.”

    • British Ambassador Asks Chiwenga About GNU Possibility

      British Ambassador Catriona Laing reportedly asked VP Chiwenga if Zanu-PF would agree to coalition government.

      Laing apparently asked the question this past week at a meeting to discuss the Electoral outcome and post-election violence which was also attended by EU Ambassador Philippe Van Damme.

    • ‘Chamisa cannot be trusted in the GNU much less to govern,’ says ED apologist – true but neither can ED

      Those who defend the indefensible are fools and Zanu PF apologists are some of the biggest fools there is. Give a fool a long rope and he will hang himself, so goes the adage. Bishop Lazarus, a seasoned Zanu PF apologist and Zimpaper columnist, has used all the space granted him in Sunday Mail to hang himself.

    • USAid funds abusers push for Zimbabwe GNU

      A GROUP of NGOs is contriving reports of State-sanctioned post-election human rights abuses in an effort to get Western countries to pressure President-elect Emmerson Mnangagwa into forming a “Government of National Unity” with opposition parties.

      Under the ambit of the Zimbabwe Human Rights Forum, the NGOs last week generated a “2018 Post-Election Violence Monitoring Report”, which claims to document violence against opposition supporters by State agents, Zanu-PF supporters and traditional chiefs. The allegations were not supported by any specifics, and many of them are based on social media rumours.

    • GNU is not good for both Zanu-PF and MDC-Alliance

      Chamisa has shown that he is a bad loser and so how can this bad loser become a useful partner? Albert Einstein would say: “Whoever is careless with the truth in small matters cannot be trusted with important matters.”

      “And those who were seen dancing were thought to be insane by those who could not hear the music,” Friedrich Nietzsche would say as the urbanites and the rural folk in Zimbabwe continue mocking each other after the July 30 elections. Soon we will know kuti mapenzi ndivanani.
      They tell me Tendai “Mr Fake Bravado” Biti ran like a rat as he tried to evade arrest by Zimbabwean police at Chirundu Border Post. Kwanzi Biti wakazhamba sepwere achitiza. This man is a sickening coward. Ko wotizeiko futi nhai Biti?

    • Pakistan’s Imran Khan sworn in as prime minister

      Pakistan’s cricket star-turned-politician Imran Khan was sworn in as prime minister on Saturday despite protests by opposition parties, which accuse the security services of intervening on his behalf in last month’s elections.

      Khan’ s Tehreek-e-Insaf party won the most seats in the July 25 national elections but fell short of an outright majority. It allied with independents to form a coalition, and Khan was elected by the National Assembly on Friday. Khan had campaigned on promises to combat Pakistan’s endemic corruption and break powerful landowners’ monopoly on political power.

    • QAnon: Why we have the CIA partly to thank for the craziest conspiracy theory yet

      As the editor of the JFK Facts blog, I try not to spend a lot of time on stupid conspiracy theories, but given widespread ignorance and confusion on the subject, unpleasant journalist duty often calls.

      Who killed JFK? The Federal Reserve? Nah. The Secret Service man? A hoax. Ted Cruz’s father? Pure B.S. George H.W. Bush? Heavy breathing is not the same as credible evidence. On a recent Black Vault podcast, the most common JFK question I heard was, “Was Kennedy assassinated because of his interest in UFOs?” Um, no, he was not.

      Which brings me to QAnon, the imaginative conspiracy theorist now dominating the internet, attracting followersof President Trump, and obsessing the Washington Post, which has published a dozen articles about QAnon in the span of four days. Like many conspiracy theories, the QAnon fever dream can be traced back to the assassination of JFK.

  • Censorship/Free Speech

  • Privacy/Surveillance

    • EFF & Privacy Coalition Oppose Efforts to Undo New California Data Privacy Law

      California enacted a data privacy law less than two months ago, and business groups already are urging the legislature to gut some of its most important protections. EFF and our privacy allies are fighting back.

      On June 28, California enacted the Consumer Privacy Act (S.B. 375). It seeks to protect the data privacy of technology users and others by imposing new rules on companies that gather, use, and share personal data. As we have explained, while this law is a step forward, it also has important flaws that must be fixed. The law does not go into effect until January 2020, which means privacy advocates like EFF have 18 months to fix those flaws and strengthen it.

      However, some are attempting to use this window of time to undermine the privacy protections in the law. Already, dozens of business groups, led by the California Chamber of Commerce, have asked legislators for immediate and far-reaching changes that would terminate many of the law’s critical safeguards.

      The privacy and social justice communities quickly pushed back, urging legislators to reject the Chamber’s ill-considered proposals.

      Most importantly, many of the Chamber’s proposals would harm the data privacy of 40 million Californians. For example, the Act creates a “right to know,” meaning a right for users to learn the “specific pieces” of personal information that a company has collected about them. The Chamber would delete this term, leaving users with a far weaker right to learn what general “categories” of information a company collected about them. This is not enough. For example, users should be able to learn exactly what information about their browsing history was harvested by a company—not just that the company monitored their browsing history.

    • DOJ Asking Court To Force Facebook To Break Encryption On Messenger Voice Calls

      Calls via Messenger are still in a gray area. Facebook claims calls are end-to-end encrypted so it cannot — without completely altering the underlying software — assist with an interception. Regular messages via Facebook’s services can still be decrypted by the company but voice calls appear to be out of its reach.

      Obviously, the government would very much like a favorable ruling from a federal judge. An order to alter this service to allow interception or collection could then be used against a number of other services offering end-to-end encryption.

      It’s unknown what legal options Facebook has pursued, but it does have a First Amendment argument to deploy, if nothing else. If code is speech — an idea that does have legal precedent — the burden falls on the government to explain why it so badly needs to violate a Constitutional right with its interception request.

      This is a case worth watching. However, unlike the DOJ’s very public battle with Apple in the San Bernardino case, there’s nothing to see. I’m sure Facebook has filed motions to have court documents unsealed — if only to draw more attention to this case — but the Reuters article says there are currently no visible documents on the docket. (The docket may be sealed as well.) There is clearly public interest in this case, so the presumption of openness should apply. So far, that hasn’t worked out too well for the public. And if the DOJ gets what it wants, that’s not going to work out too well for the public either.

    • NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other “High Potential” Targets

      The National Security Agency successfully broke the encryption on a number of “high potential” virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document.

      A virtual private network, or VPN, uses an encrypted connection to enable users to go over the internet and connect to a private network, such as a corporate intranet. This allows an organization’s staff to access internal services like file-sharing servers or private wikis without having to physically be in the office.

    • NSA broke into secure network of Al Jazeera and others: report

      The National Security Agency (NSA), a US intelligence agency tasked with collecting data for foreign and counter intelligence operations, broke into the encrypted network of the Al Jazeera Media Network and several others in 2006, according to a report by US media.

      A document provided to The Intercept by NSA whistle-blower Edward Snowden shows that the NSA cracked Al Jazeera’s Virtual Private Network (VPN), an encrypted tunnel used to secure internet traffic.

      “Recently, NSA has decrypted a number of interesting targets … deemed by product lines to have high potential as sources of intelligence,” the document states, which is then followed by a list of targets.

      That list includes Al Jazeera, the Iraqi Ministry of Defence and Interior, the Iraqi state internet provider and four airlines from Russia, Paraguay and Iran.

    • The NSA’s Role in a Climate-Changed World: Spying on Nonprofits, Fishing Boats, and the North Pole

      In the northernmost place in the United States, Point Barrow, Alaska, a National Security Agency collection site has allowed analysts to observe Russia’s military buildup 24/7, as melting Arctic ice opens a new conflict zone. The NSA has also monitored a dispute between India and Pakistan over access to the Indus River system, which is fed by glaciers high in the Himalayas, now shrinking. And as fisheries are facing increasing pressure from seas whose currents and temperatures have already been altered significantly by climate change, the NSA has listened in on phone conversations and monitored the movement of fishing boats engaged in potentially illegal practices that threaten dwindling stocks.

      Previously unreleased documents leaked by former NSA contractor Edward Snowden show how the agency has gathered intelligence meant to support U.S. interests related to environmental disasters, conflicts, and resources. In the coming years, greenhouse gas pollution caused by the burning of fossil fuels will increase the frequency of ecological crises and conflicts over natural resources. The documents provide a window into the role the United States’s most sprawling international surveillance agency will play in an altered world.

      The documents show that although the NSA’s interest in environmental issues is limited, it’s wide-reaching and has grown over the years. Unsurprisingly, the agency is driven not by an imperative to avoid climate-induced ecological crises, but by a need to respond to such crises as they threaten U.S. political and economic interests or explode into violent clashes.

    • Before Snowden, an NSA Spy Tried to Incite Change From the Inside. He Called Himself the “Curmudgeon” of Signals Intelligence.

      You know the type.

      Middle-aged, male, tired of his job. He’s been around for ages and moans about how things were done 10 times better back in the day. Every so often, he snaps pointlessly at a co-worker. He’s the office curmudgeon. It’s time for him to go, and he probably realizes it.

      Workplace grouches are usually ignored or fired, but the National Security Agency gave a unique platform to one of its own. In the mid-aughts, in an internal newsletter, the NSA published a series of articles by Rahe Clancy, an eavesdropper disillusioned with what the agency had become and what he was doing there. It’s not that Clancy disliked spying on people or governments — he supported the collection of signals intelligence, or SIGINT — but he felt that the NSA had lost its way.

      After 30 years on the job, he wrote, “I found myself turning into a SIGINT Curmudgeon.” In 2005, he published his coming-out article for the newsletter, SIDtoday, which was targeted at the agency’s core Signals Intelligence Directorate. Clancy wrote that he was particularly worried about the future of his area of expertise, known as “collection,” through which the NSA intercepts and downloads a variety of transmissions, both earthbound and from satellites. “I was convinced,” he continued, “that collection was a dying career field and that NSA management was hastening its demise through neglect.” Clancy was writing for a distinctive audience — the thousands of eavesdroppers, hackers, and analysts who worked for the NSA. His articles for SIDtoday, posted on a secure computer network, were provided to The Intercept by whistleblower Edward Snowden.

    • 328 NSA Documents Reveal “Vast Network” of Iranian Agents, Details of a Key Intelligence Coup, and a Fervor for Voice-Matching Technology

      It began not by tapping enemy insurgents’ phones or capturing their emails, but by following the money.

      When the National Security Agency discovered that Iran may have been buying computer chips from the United States, routing them through a U.S. ally, and potentially supplying them to detonate bombs against U.S. forces in Iraq and Afghanistan, it credited so-called economic intelligence with the find.

      And the solution was not a death blow delivered by the military, but rather a new regulation on the export of certain technologies via the Commerce Department, which the spy agency said would end up “saving American and coalition lives.”

    • Aadhaar, the mass surveillance system

      If you are following me on Twitter, you have already seen a lot of (re)tweets related to Aadhaar. For the people first time hearing this term, it is a 12 digit unique identification number provided by the Unique Identification Authority of India (UIDAI). It is also the world’s largest bio-metric ID system. It is supposed to be a voluntary service.

      From the very beginning, this project tried to hide the details from the Indian citizens. Let it be privacy advocates or security researchers or human rights activists, everyone predicted that this will become a monster, a mass surveillance system, a tool of choice of the power hungry dictators.

    • Amazon’s secretive Cambridge Alexa start-up doubles revenue and headcount
    • Behavioral biometrics: Websites and apps are learning from how you type, hold your phone, and use your mouse

      While behavioral biometrics are nothing new, the availability of affordable computing power and the vast array of sensors available on modern smartphones have led to a wide increase in its usage, according to an excellent article by Stacy Cowley published by the New York Times this week. In addition to providing an overview of the technology and how it’s being used, the author highlights three main areas of concern for the privacy-conscious user:

    • Banks and Retailers Are Tracking How You Type, Swipe and Tap

      In most countries, there are no laws governing the collection and use of biometric behavioral data.

      Even Europe’s new privacy rules have exemptions for security and fraud prevention. A new digital privacy law in California includes behavioral biometrics on the list of tracking technologies companies must disclose if they collect, but it does not take effect until 2020.

  • Civil Rights/Policing

    • Police Unions Know Exactly Why NFL Players Keep Protesting

      This struggle will continue as long as police unions refuse to accept any accountability for the actions of their members. Perhaps, however, if the police unions are that upset, there are actions that they could take that would be more effective than having their members call for refunds and renounce the Dolphins organization. As one person tweeted to me, a gentleman by the name of Bones McKenzie, if police truly wanted to show their dissent, they should actually show up to the games… and take a knee.

    • This Is Not a Time for Civility

      White-nationalist rallies are calls for genocide, and must be treated as such.

    • Danish Imam Defends Himself Against Hate Speech Charges by Calling for Jihad Against Israel

      “I made it clear that the solution to our problems as Muslims, and the problem of Palestine, is the establishment of the Islamic State, the Caliphate,” he said. “The Caliphate will fight our enemy and will liberate Palestine, Allah willing, and will eliminate that colonialist state of Israel.”

    • Sweden’s Government Funds Anti-Semitism

      In Sweden, imported Middle Eastern anti-Semitism is funded by taxpayer money, so when scandals occur, they are often addressed by the same people who have participated in spreading its message.

      No effective actions are currently being taken against the spread of anti-Semitism in Sweden.

    • British woman arrested in Dubai after ordering wine on Emirates flight

      “I told him I had a glass of wine on the flight. It was given to me free by Emirates Airlines staff,” she told the Mail Oline.

      The officer said possession of alcohol — even if consumed — was a crime in the United Arab Emirates and after Dr Holman began filming him for evidence she was swarmed by armed police.

    • Cables document CIA Director Haspel’s direct role in torture at black site in Thailand

      Declassified cables released last Friday provide irrefutable evidence that the current CIA director, Gina Haspel, played a direct role in the torture of detainees at a CIA black site in Thailand in 2002. The National Security Archive obtained the documents through a Freedom of Information Act lawsuit. Haspel was chief of base at “Detention Site Green” (also known as “Cat’s Eye”) and either wrote or authorized the cables.

      The publication of the damning cables was given short shrift by the corporate media. The New York Times and the Washington Post each published only one article on the story in their August 10 editions. Both newspapers placed the story on their inside pages and buried it thereafter.

      Haspel, tapped by Trump earlier this year to succeed Mike Pompeo, who was promoted to secretary of state, served as acting director beginning last April 26 and became director on May 26. The Democrats supplied the necessary votes to assure her confirmation by the Senate following hearings in May. The Senate Select Committee on Intelligence hearings on Haspel’s nomination provided a revealing exposure of the criminality of the US intelligence apparatus as well as the disintegration of bourgeois democratic processes in the United States.

      The hearing was characterized by gushing tributes by both Democrats and Republicans for the work of an agency long ago dubbed “Murder, Inc.” for its crimes around the world, including the organization of political assassinations, the creation of terrorist armies and the orchestration of fascist-military coups.

    • “Yo, Take the Rap for Me”: More Trouble for a Garbage Hauler

      It was shortly after 9 p.m. on Aug. 8 when a private sanitation truck headed up East 169th Street in the Bronx and drove into oncoming traffic. The truck smashed head-on into a sedan, sending it 25 feet down the block and into another parked car, triggering the sedan’s airbags, according to the police report. The garbage truck wound up crashing into a second parked car before coming to a stop.

      Bystanders began to gather. Someone called 911. A New York City Fire Department ambulance was dispatched, police records show.

      Soon, a man emerged from the cab of the garbage truck. The vehicle belonged to Sanitation Salvage, one of the largest private trash haulers in the city, whose safety record and wider operations are being investigated. The man, it turns out, never should have been driving the truck.

    • Munira Mirza: Critiquing Islamist fundamentalist practice is not an ‘attack on Muslim women’

      There are some people now trying to argue that you should be critical of the burka but without using critical language. And that mocking people’s religious choices – no matter how extreme – is tantamount to racism. Did gay rights campaigners tread on eggshells about Christian beliefs when they argued for legalising gay marriage? Were feminist politicians in the UK supersensitive about Catholic beliefs during the abortion debate in Ireland? No, they disagreed powerfully, sometimes offensively, in a bid to persuade the public of their views. Mockery of religious practices is not everyone’s choice of tactic, but to act like it is beyond the pale is disingenuous and hypocritical.

    • Delhi: Man tries to sell wife, but the ‘buyer’ is a policeman

      On August 1, Saddam again quarrelled with a man while shopping with Samira. He decided he couldn’t take it any more and bought a knife to kill her. The night passed and he had another idea.

      Why kill her when he could sell her to a brothel in Delhi, he thought.

    • Yazidi Slavery, Child Trafficking, Death Threats to Journalist: Should Turkey Remain in NATO?

      Reuniting the kidnapped Yazidis with their families and bringing the perpetrators to justice should be a priority of civilized governments worldwide, not only to help stop the persecution and enslavement of Yazidis, but also to defeat jihad.

      The question is: Should Turkey, with the path it is on, even remain a member of NATO?

    • Judge Threatens Censorship After Newspaper Reveals Bureaucratic Errors in Parkland Lead-Up

      The South Florida Sun Sentinel’s reporting on sensitive information about Parkland school shooter Nikolas Cruz was “shameful,” a circuit court judge said yesterday.

      Earlier this month, the Sun Sentinel obtained a confidential Broward County School Board report on Cruz, who murdered 17 people at Marjory Stoneman Douglas High School, which he used to attend, on February 14. As Reason’s Robby Soave noted, the report showed that Cruz was entitled to special needs assistance while attending Stoneman Douglas, but the school never provided him with the help he needed.

      The Sun Sentinel was not supposed to have access to much of Cruz’s confidential information. In compliance with a court order, the school board redacted two-thirds of the report on his background. But the newspaper figured out that by copying and pasting the report into a separate file, it could read the blacked-out portions. The Sun Sentinel then published the report in full.

      In response, the school board asked Judge Elizabeth Scherer of the 17th Judicial Circuit Court in Broward County to hold the newspaper in contempt. Yesterday, in addition to saying she would consider the request, Scherer blasted the Sun Sentinel’s reporting as “shameful.”

    • NSA Leaker Makes Espionage Distinction in Sentencing Memo

      Jailed for a over year since her leak of a classified intelligence report, Reality Winner faces sentencing next week for a crime that has led some to hail her bravery and others to brand her a traitor.

      “At the time of the offense, Reality was an impetuous twenty-five year old, in her first full-time ‘real’ job since being honorably discharged from the military,” Winner’s Aug. 15 sentencing memorandum states. “She acknowledges responsibility for her singular and serious act, recognizes the severity of it, and is prepared to accept her punishment. But, Reality is not a terrorist. Despite the rhetoric that has flowed freely throughout this case, she is not a hater of her country or its people — she is quite the opposite.”

    • Former NSA contractor Reality Winner facing ‘longest sentence’ for leak to media
    • Georgia woman facing ‘longest sentence’ for leaking to media

      A Georgia woman who mailed a secret U.S. report to a news organization faces the “longest sentence” ever behind bars for a federal crime involving leaks to the news media, prosecutors said in a court filing.

      Former National Security Agency contractor Reality Winner, 26, is scheduled to be sentenced Aug. 23 by a U.S. District Court judge in Augusta. She pleaded guilty in June to a single count of transmitting national security information when she worked as a translator at an NSA facility in Augusta.

    • Former NSA contractor faces ‘longest sentence’ of five years and three months in prison for leaking secret government report to media
  • DRM

    • One month until IDAD 2018!

      International Day Against DRM (IDAD) is coming up! In just under a month, on September 18th, we’ll be celebrating what the world could look like without DRM. We need your help to make sure the messages gets all the attention it needs.

      We’ve been working hard preparing for IDAD 2018, and hope you will join us for this year’s action.

  • Intellectual Monopolies

    • Endo Pharmaceuticals Solutions, Inc. v. Custopharm Inc. (Fed. Cir. 2018)

      Last month, in Endo Pharmaceuticals Solutions, Inc. v. Custopharm Inc., the Federal Circuit affirmed a decision by the U.S. District Court for the District of Delaware finding that Defendant-Appellant Custopharm Inc. had not proven that claim 2 of U.S. Patent No. 7,718,640 or claim 18 of U.S. Patent No. 8,338,395 were invalid as obvious under 35 U.S.C. § 103. The ’640 and ’395 patents are owned by Plaintiffs-Appellees Bayer Intellectual Property GmbH and Bayer Pharma AG.

      Seeking approval to market a generic version of Aveed®, a long-acting injectable testosterone replacement therapy for men suffering from physiologically low levels of testosterone, for which Plaintiff-Appellee Endo Pharmaceuticals Solutions, Inc. holds the approved New Drug Application, Paddock Laboratories, LLC (Custopharm’s predecessor-in-interest) filed an Abbreviated New Drug Application (ANDA) with the FDA. In response to that filing, Endo and Bayer brought an action for infringement of the ’640 and ’395 patents. During the proceedings, Custopharm stipulated to infringement, and Endo and Bayer limited their asserted claims to claim 2 of the ’640 patent and claim 18 of the ’395 patent.

    • Architectural Patents Beyond Bucky Fuller’s Quadrant

      This draft of a chapter in a compilation addressing architectural appropriation examines patents on architectural designs issued over the last century and a half to flesh out the surprisingly expansive legal standard for what constitutes a patentable design at the United States Patent and Trademark Office (PTO). Architectural patents are not limited to innovative construction technologies. Innovative dispositions of space – that is, novel arrangements of the programmatic spaces as represented in floor plans, sections, or their three-dimensional equivalents – can also be patented. They are functional technologies that “do” something, not simply copyrightable artistic works, because they have programmatic affordances: they allow some human behaviors and patterns of human activity to occur more easily than others.

    • Patent Classification Systems and Technological Categorization: An Overview and Update

      Patent classification systems and upper-level grouping have been widely used but are insufficiently documented. This article provides an overview of the major patent classification systems and the basic ideas behind technological categorization of patent classes. I then point out a few recent institutional changes that disproportionately affect patents in specific categories and alternative categorization used in the patent examination process. Finally, I include a user-written update of NBER patent technological categorization based on the last edition of U.S. patent classification, following the logic in Hall, Jaffe, and Trajtenberg (2001).

    • Antitrust Law and Patent Settlement Design

      For competing firms, a patent settlement provides a rare opportunity to write an agreement that forestalls competition without transparently violating the antitrust laws. Problematically, such agreements are highly profitable for reasons that have nothing to do with resolving a patent dispute. Thus, even if the firms think the patent is very likely invalid or noninfringed, they prefer to restrain competition to monopoly and share in the proceeds. In response, antitrust has recently come to focus on how the settlement’s competitive effects compare to the expected result of foregone patent litigation, which seemingly requires some assessment of the likelihood that the patentee would have prevailed. But this “case-within-a-case” approach leads to major complications in practice. Indeed, outside of one well-known settlement format—so-called “pay-for-delay” agreements—how to administer this burgeoning antitrust standard remains an open question.

    • 10 million US patents since 1790… and counting (Part 1)

      How has US patenting changed over the past 230 years? Inspired by the announcement that the USPTO has just issued its 10 millionth patent, litigation supremo Andrew Waugh QC has delved into the inventions behind the statistics. The Constitution of The United States of America (then 13 states of New Hampshire, Massachusetts, Rhode Island, Connecticut, New York, New Jersey, Pennsylvania, Delaware, Maryland, Virginia, Georgia, North Carolina and South Carolina) was negotiated in Pennsylvania between May to September 1787. It was engrossed on parchment and sent to Congress on 18th September 1787 and Section 8 of Article 1 of the Constitution provided that “The Congress shall have Power…..To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries”.

      Andrew has looked at the first US patent ever (both of them, read more and you’ll understand) and number 1 million, 2 million and so forth to see what technology was around, and how fast patenting has accelerated during its existence.

      From a process for making pot ash through vehicle tyres, ethanol production and, inevitably, data processing, the documents are remarkably representative of how technology has developed. Interestingly, the fastest million patents were granted between 2011 and 2013 (this is between patent number 8 million and patent number 9 million) – the next million took 5 years – two and half times longer. There has been talk of a slowdown in patenting, but this is a pretty clear statistic that either filing or granting has slowed down. Andrew’s review is not really about the numerical variation, more a celebration of two centuries of patenting, but it provides food for thought in many ways – and some light-hearted summer reading if you want a break from your beach novel. Over to Andrew.

    • Syneo receives patent in China

      Syneo recently received a patent in China for its Servo Electric Press Two-Stage Force technology. The patent gives the company the rights to use its two-stage force measuring system in manual electric press and automatic electric press (press-fit) machine applications.

      The patent protects the company’s technology that is featured in the two-stage force measuring system that enhances press force resolution and sensitivity in force curves of pin pressing applications in electronic manufacturing and printed circuit board assembly.

    • Ferrari Patents Novel Method for Making Turbocharged Engines Sound Better
    • USPTO Announces 2018 Patents for Humanity Winners
    • Prevailing Party’s Previously-Sanctioned Misconduct Weighs Heavily Against Award of Attorney Fees

      Following remand, the court denied plaintiff’s motion to reinstate its award of attorney fees under 35 U.S.C. § 285 because of plaintiff’s own misconduct in seeking a TRO.

    • Civil Society And TRIPS Flexibilities Series – Translations Now Available

      Patients around the world, in developing and developed countries, are encountering barriers to access to affordable medical products, in part due to patents and resulting high prices. This is occurring despite longstanding protections built into international trade rules to allow smaller economies to act on behalf of their people and make such medical products available regardless of patents. These protections are often referred to as flexibilities in the 1994 World Trade Organization Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS). The prevailing view is that knowledge, understanding and use of them remains limited among policymakers and many potential beneficiaries, even as patent-strong nations and their industries work to narrow the reach and ability to use these flexibilities.

    • Size of drug patent thickets highlighted by report, amidst intense pharma IP scrutiny

      A recent report sheds new light on the patent estates protecting the US’s best-selling drugs. Revealing that over 100 applications are made on average for patents relating to blockbuster drugs, with dozens of assets being granted, the study makes plain the scale of the legal challenge facing many biosimilar producers seeking to launch their products. Released at a time of intense political controversy surrounding the high medical costs faced by patients in the US, it is also bound to fuel further discussion about the future of legal monopolies in the country.

    • Chinese battery maker picks up 100+ patents from Google amid IP fight with LG Chem

      Recent USPTO assignments data shows the first known third-party IP acquisition by Amperex Technology Limited (ATL), a Hong Kong-based maker of lithium-ion batteries. According to the filing, Alphabet unit Google dealt 139 former Motorola assets to the company after first advertising them for sale back in 2015. IAM readers may remember ATL from a story we published last year on the increasing patent enforcement activity in the fiercely competitive lithium ion battery industry, which supplies everything from electric cars to handheld electronics. ATL has a somewhat murky relationship to Contemporary Amperex Technology Limited (CATL), the world’s largest producer of electric vehicle batteries.

    • Copyrights

      • Can copyright be trumped by a penal law against obscenity?

        In the case of Sex Style v. Abutbul, the plaintiff, a producer of pornographic movies, sued the defendant, an individual who operates an adult website, for copyright infringement. It was alleged that the defendant’s website provided links without authorization to 15 pornographic movies. While the court ruled that the movies are entitled to copyright protection, it declined awarding statutory damages for infringement on the ground of such content, being obscene, was therefore illegal.

        At the beginning of its analysis, the court determined that the movies are pornographic (rather than being merely erotic), based simply on the plaintiff‘s statement of claim and without further discussion. After a (very) brief discussion on the copyrightability of the movies, which the court concluded in the positive, the court then turned to the question of whether the copyright in the movies is enforceable in light of the nature of their contents. To address this question, the court relies on the Israel Penal Law, 1977, which prohibits the publication of “obscene” content.

      • Prenda Scam Boss, Paul Hansmeier, Pleads Guilty

        After fighting for years, it appears that Paul Hansmeier realized he was cooked. On Friday, he pleaded guilty to various fraud and money laundering charges related to his copyright trolling under the Prenda name. Hansmeier, of course, was one of the two “masterminds” (and I use that term loosely) behind Prenda along with John Steele, who pleaded guilty last year, and was set to be a witness against Hansmeier, who came up with some colorfully ludicrous theories to try to talk his way out of these charges.

        If you don’t recall, Hansmeier and Steele started out as garden variety copyright trolls, suing tons of people and shaking them down for money, but they kept expanding the scam, to the point that they were setting up bogus honeypots with content they themselves uploaded to get IP addresses to shake down (with hilariously dumb attempts to cover up that it was them). They also set up fake shell companies as their own “clients” which didn’t go over well in court. That’s not even getting to the way that Steele and Hansmeier were clearly the beneficiaries of these shakedowns, or the fact that they tried to hide the money. And do we even mention the outright lying in court?


Links 19/8/2018: Skrooge 2.15.0, Wine 3.14, End of Akademy 2018

Posted in News Roundup at 5:33 am by Dr. Roy Schestowitz

GNOME bluefish



Free Software/Open Source

  • Oracle puts GraphPipe into open source to standardize and deploy machine learning

    Oracle released a new tool, which is called GraphPipe, into open source in order to speed up real-world deployments of machine learning.

    GraphPipe, which Oracle has put into open source via GitHub, was designed to standardize and clarify machine learning models in order to scale out services and applications to customers.

  • Uber Open Sources Its Large Scale Metrics Platform M3

    Uber’s engineering team released its metrics platform M3, which it has been using internally for some years, as open source. The platform was built to replace its Graphite based system, and provides cluster management, aggregation, collection, storage management, a distributed time series database (TSDB) and a query engine with its own query language M3QL.


    M3′s query engine provides a single global view of all metrics without cross region replication. Metrics are written to local regional M3DB instances and replication is local to a region. Queries go to both the regional local instances as well as to coordinators in remote regions where metrics are stored. The results are aggregated locally, and future work is planned wherein any query aggregation would happen at the remote coordinators.

  • SD Times Open-Source Project of the Week: Dev.to

    This week’s highlighted project comes courtesy of a community of developers who hope that their codebase will be used to foster communities like theirs, focused on education and collaboration among peers of any skill level. Dev.to’s codebase is open-source as of last week week and the community-building platform’s developers think that further community involvement in development will lead to great things.


    Halpern made sure to clarify in the post that this release is not simply a library for creating the types of community-driven communication platforms that dev.to embodies, but the for-profit company’s entire codebase. “However, that is a perfectly valid use case in the future,” Halpern wrote in a post leading up to the release. “If you are interested in contributing such that we can eventually help people stand up their own version of this platform for their own business or society, we’ll definitely welcome that input.”

    The platform is a Ruby on Rails app with a Preact front-end. The company is hard at work on native apps for iOS and Android but say its technology choices are fluid.

  • Events

    • Testing & Fuzzing Microconference Accepted into 2018 Linux Plumbers Conference

      Testing, fuzzing, and other diagnostics have greatly increased the robustness of the Linux ecosystem, but embarrassing bugs still escape to end users. Furthermore, a million-year bug would happen several tens of times per day across Linux’s installed base (said to number more than 20 billion), so the best we can possibly do is hardly good enough.

  • Web Browsers

    • Mozilla

      • Bitslicing with Karnaugh maps

        Bitslicing, in cryptography, is the technique of converting arbitrary functions into logic circuits, thereby enabling fast, constant-time implementations of cryptographic algorithms immune to cache and timing-related side channel attacks.

        My last post Bitslicing, An Introduction showed how to convert an S-box function into truth tables, then into a tree of multiplexers, and finally how to find the lowest possible gate count through manual optimization.

      • This Week in Mixed Reality: Issue 16

        On Monday Andrzej Mazur launched the 2018 edition of the JS13KGames competition. As the name suggests, you have to create a game using only thirteen kilobytes of Javascript (zipped) or less. Check out some of last year’s winners to see what is possible in 13k.

        This year Mozilla is sponsoring the new WebXR category, which lets you use A-Frame or Babylon.js without counting towards the 13k. See the full rules for details. Prizes this year includes the Oculus Go for the top three champions.

      • Share files easily with extensions

        When we want to share digital files, most people think of popular file hosting services like Box or Dropbox, or other common methods such as email and messaging apps. But did you know there are easier—and more privacy-focused—ways to do it with extensions? WeTransfer and Fire File Sender are two intriguing extension options.

        WeTransfer allows you to send files up to 2GB in size with a link that expires seven days from upload. It’s really simple to use—just click the toolbar icon and a small pop-up appears inviting you to upload files and copy links for sharing. WeTransfer uses the highest security standards and is compliant with EU privacy laws. Better still, recipients downloading files sent through WeTransfer won’t get bombarded with advertisements; rather, they’ll see beautiful wallpapers picked by the WeTransfer editorial team. If you’re interested in additional eye-pleasing backgrounds, check out WeTransfer Moment.

      • RLS 1.0 release candidate

        The current version of the Rust Language Server (RLS), 0.130.5, is the first 1.0 release candidate. It is available on nightly and beta channels, and from the 3rd September will be available with stable Rust.

        1.0 for the RLS is a somewhat arbitrary milestone. We think the RLS can handle most small and medium size projects (notable, it doesn’t work with Rust itself, but that is large and has a very complex build system), and we think it is release quality. However there are certainly limitations and many planned improvements.

        It would be really useful if you could help us test the release candidate! Please report any crashes, or projects where the RLS gives no information or any bugs where it gives incorrect information.

      • Mozilla brings back Stylish Add-on to Firefox after it was Banned Last Year

        The Stylish add-on, with which you can give websites their very own style, is back for Firefox. This improvement has been welcomed by many users. The history of this Add-on is quite complicated as it was supposedly twice removed and added back before it was removed again. Now it has been added back as reported by Vess (@VessOnSecurity).


        The add-on Stylish has been brought back in the Mozilla’s add-on storehouse. What users should know: This expansion was criticized some time prior as a user data collector and has been prohibited and banned a year back from Mozilla’s Add-on store.

        Owing to its notoriety of collecting data of users’ website visits in a way which makes it convenient to reveal users’ identity to third parties, Google and Mozilla banned it last year. It is indeed surprising as to why Mozilla decided to bring it back to its browser after it was criticized for compromising users’ identity.

  • Oracle/Java/LibreOffice

    • LibreOffice 6.1: A week in stats

      On August 8, we announced LibreOffice 6.1, a new version of the suite with many great features and updates created by our worldwide community. Let’s look at some stats from the last week!

  • Pseudo-Open Source (Openwashing)

    • How Changa Bell is taking an ‘open source’ approach to grow the Black Male Yoga Intiative
    • Microsoft open sources new framework for Windows driver development [Ed: openwashing Microsoft Windows by pretending that when you write proprietary drivers for a proprietary O/S that does DRM, spies on users etc. you actually do something "open"]
    • Microsoft to Open Source Its Network Replication Software [Ed: Microsoft is openwashing some more of its entirely proprietary 'offerings', a hallmark of a company of liars. Come to us! The traps are free, the cages will be "open".]
    • GitHub goes off the Rails as Microsoft closes in [Ed: Microsoft will take GitHub off the rail like it did Skype and LinkedIn (totally lost)]

      GitHub’s platform group is about 155 people at the moment and growing, said Lambert. And much of the group’s focus is on breaking GitHub apart.

      GitHub is about a third of the way through an architectural change that began last year. The company is moving away from Ruby on Rails toward a more heterogeneous, composable infrastructure. Ruby still has a place at GitHub – Lambert referred to the company as a Ruby shop, but he said there’s more Go, Java and even some Haskell being deployed for services. The goal, he explained, is to make GitHub’s internal capabilities accessible to integrators and partners.

      “Our monolith is starting to break up and we’re starting to abstract things into services,” said Lambert. “The platform we’ve chosen to put them on is Kubernetes.”


  • Openness/Sharing/Collaboration

    • Tesla open sources its security software, Hollywood goes open source, and more news
    • Open Access/Content

      • As Academic Publishers Fight And Subvert Open Access, Preprints Offer An Alternative Approach For Sharing Knowledge Widely

        That’s certainly true, but is easy to remedy. Academics who plan to publish a preprint could offer a copy of the paper to the group of trusted journalists under embargo — just as they would with traditional papers. One sentence describing why it would be worth reading is all that is required by way of introduction. To the extent that the system works for today’s published papers, it will also work for preprints. Some authors may publish without giving journalists time to check with other experts, but that’s also true for current papers. Similarly, some journalists may hanker after full press releases that spoon-feed them the results, but if they can’t be bothered working it out for themselves, or contacting the researchers and asking for an explanation, they probably wouldn’t write a very good article anyway.

        The other concern relates to the quality of preprints. One of the key differences between a preprint and a paper published in a journal is that the latter usually goes through the process of “peer review”, whereby fellow academics read and critique it. But it is widely agreed that the peer review process has serious flaws, as many have pointed out for years — and as Sheldon himself admits.

        Indeed, as defenders note, preprints allow far more scrutiny to be applied than with traditional peer review, because they are open for all to read and spot mistakes. There are some new and interesting projects to formalize this kind of open review. Sheldon rightly has particular concerns about papers on public health matters, where lives might be put at risk by erroneous or misleading results. But major preprint sites like bioRxiv (for biology) and the upcoming medRxiv (for medicine and health sciences) are already trying to reduce that problem by actively screening preprints before they are posted.

  • Programming/Development

    • MUMPS Masochism part I: Line and Block Scope

      It’s sort of an open secret that I sometimes use ANSI M, better known as MUMPS. It was developed in the 60′s, and it definitely still looks like something from the 60′s. But it’s 1,000 times uglier than anything from that decade. I’ve made plenty of people, from software testers at work to other developers on IRC, recoil in horror from showing them samples of even relatively mundane code like a simple “Hello, World!”.


  • Twitter’s fear of making hard decisions is killing it

    But rather than kill off third-party apps for good, it introduced a series of half-measures designed to bleed them out slowly: denying them new features, for example, or capping the number of users they could acquire by limiting their API tokens. While this spared some amount of yelling in the short term, the move — which was still hugely unpopular with a vocal segment of the user base — needlessly prolonged the agony.

  • Twitter shutters legacy APIs and borks third-party apps in the process

    In it there’s a “told you so” dating back to 2011, warning devs not to make apps that do what the official app does. In 2012 it warned that it would limit the use of the API, which it did.

    After that, it gave exceptions to certain apps, but warned: “We’ve repeatedly told developers that our APIs does not prioritise client use cases”.

  • Science

    • M&S ditches call centres for AI chatbots; nans run away screaming

      Staff can even sign up for longer courses in Python and AI, though we’re not sure what use that’s going to be on a checkout, though the company has been partnering with Microsoft to bring AI into the company along with digital transformation powered by specialist firm True.

    • A Bot Panic Hits Amazon’s Mechanical Turk

      But here’s the thing: It’s hard to know for sure if what Bai reported was the result of bots run amok. There are plenty of explanations for junk responses on MTurk. Bai recognizes this. “It might be bots, it might be human-augmented bots, or it might be humans who are tired of taking the survey and are just randomly clicking the buttons,” he says. It could also be the result of poor survey design, as Joe Miele, who operates an MTurk data consultancy, pointed out in response to the uproar.

  • Health/Nutrition

    • Young doctors revolt, force AMA to consider backing single-payer healthcare for the first time

      This June at the American Medical Association’s annual meeting, a coalition of young doctors forced the AMA to debate its decades of opposition to single-payer healthcare. During the heated debate on the resolution, older doctors lectured their young challengers about the possibility that universal health care would erode doctors’ income.

    • Once Its Greatest Foes, Doctors Are Embracing Single-Payer

      Though they had tried for years to advance a resolution calling on the organization to drop its decades-long opposition to single-payer health care, this was the first time it got a full hearing. The debate grew heated — older physicians warned their pay would decrease, calling younger advocates naïve to single-payer’s consequences. But this time, by the meeting’s end, the AMA’s older members had agreed to at least study the possibility of changing its stance.

    • Single Payer Is Actually a Huge Bargain

      It’s easy to get lost in the weeds here. But at the end of the day, even according to Blahous’s errant projections, Medicare for All would save the average American about $6,000 over a decade. Single payer, in other words, shifts how we pay for health care, but it doesn’t actually increase overall costs—even while providing first-dollar comprehensive coverage to everyone in the nation. The Post’s fact-checker is wrong: Single-payer supporters can and should trumpet this important fact.

    • US invaded by savage tick that sucks animals dry, spawns without mating

      The tick, the Asian longhorned tick (or Haemaphysalis longicornis), has the potential to transmit an assortment of nasty diseases to humans, including an emerging virus that kills up to 30 percent of victims. So far, the tick hasn’t been found carrying any diseases in the US. It currently poses the largest threat to livestock, pets, and wild animals; the ticks can attack en masse and drain young animals of blood so quickly that they die—an execution method called exsanguination.

      Key to the tick’s explosive spread and bloody blitzes is that its invasive populations tend to reproduce asexually, that is, without mating. Females drop up to 2,000 eggs over the course of two or three weeks, quickly giving rise to a ravenous army of clones. In one US population studied so far, experts encountered a massive swarm of the ticks in a single paddock, totaling well into the thousands. They speculated that the population might have a ratio of about one male to 400 females.

  • Security

    • OpenSSH Username Enumeration

      We realized that without this patch, a remote attacker can easily test whether a certain user exists or not (username enumeration) on a target OpenSSH server

  • Defence/Aggression

    • US suspect was ‘training children to commit school shootings’

      A man arrested after 11 malnourished children were found in a remote desert compound was training them to commit school shootings, US media report.

      According to prosecutors’ documents, Siraj Ibn Wahhaj was teaching some of the children, who are aged one to 15, how to use weapons.

    • New Mexico compound suspects were training children for school shootings, prosecutors say

      If the defendants were to “be released from custody, there is a substantial likelihood defendant may commit new crimes due to his planning and preparation for future school shootings,” the court documents said.

    • A bubbling Islamist insurgency in Mozambique could grow deadlier

      Adding to the misery are reports of ruby-related land grabs. In London lawyers are pursuing cases against Gemfields on behalf of over 100 small-scale ruby miners, who claim they were shot at, beaten up and sexually abused by police officers and the company’s security guards.

    • Yazidis in US Mark IS Genocide Anniversary
    • Bomb that killed 40 children in Yemen was supplied by the US

      The bomb used by the Saudi-led coalition in a devastating attack on a school bus in Yemen was sold as part of a US State Department-sanctioned arms deal with Saudi Arabia, munitions experts told CNN.

      Working with local Yemeni journalists and munitions experts, CNN has established that the weapon that left dozens of children dead on August 9 was a 500-pound (227 kilogram) laser-guided MK 82 bomb made by Lockheed Martin, one of the top US defense contractors.

      The bomb is very similar to the one that wreaked devastation in an attack on a funeral hall in Yemen in October 2016 in which 155 people were killed and hundreds more wounded. The Saudi coalition blamed “incorrect information” for that strike, admitted it was a mistake and took responsibility.

    • Why a retired Navy SEAL commander wants Trump to revoke his security clearance

      The former Navy admiral bashed Trump’s leadership and said that Trump used “McCarthy-era tactics” against his critics.

      “Through your actions, you have embarrassed us in the eyes of our children, humiliated us on the world stage and, worst of all, divided us as a nation,” McRaven wrote.

      McRaven’s letter joined a chorus of detractors who have condemned Trump’s decision Wednesday to revoke Brennan’s security clearance.

    • Inside the Coup Plotting Before the Venezuela Drone Assassination Attempt

      This past April, a number of Venezuelan military dissidents were holed up in neighboring Colombia plotting to overthrow the government of President Nicolas Maduro when they were approached by a group with similar plans.

      The second group, mostly civilians, wanted to assassinate Maduro and suggested joining forces. They showed videos of armed drones shipped from Miami and being tested on a Colombian farm.

  • Transparency/Investigative Reporting

    • No, Julian Assange is NOT a Fascist.

      No, Julian Assange is not a Fascist. Nor is he to blame for Donald Trump becoming US President. Assange did not support and does not support Trump, who certainly does not and never did support WikiLeaks. Sure, Trump repeatedly exploited WikiLeaks revelations to help himself win the election, but that’s just political opportunism. In 2010 Trump said WikiLeaks revelations merited “the death penalty or something”. After winning power he made his lack of support for WikiLeaks even clearer.

    • London: Ecuador embassy vigil marks six years since Julian Assange granted asylum

      Supporters of WikiLeaks editor Julian Assange took part in a demonstration outside the Ecuadorian embassy in London Thursday to mark six years since he sought refuge there and was granted political asylum.

      Chanting slogans including “Protect all journalists, free Assange!” protesters held placards reading, “Free Julian Assange,” “Free Press! Free Assange!” “No Internet Censorship” and “Bring Julian Home.”

      Ecuadorian President Lenín Moreno, under pressure from the United States with which he seeks closer relations and investment, has stepped up moves to eject Assange from the embassy.


      World Socialist Web Site reporters spoke to some of those at the protest. Mr. Tan from Singapore, who is holidaying in the UK, said he fully supported Assange and was pleased to see people still defending him.

      “I think Julian Assange has done more than anyone this century to promote freedom of speech. In my own country, Singapore, we have been a so-called democratic state since independence [in 1965 from Britain] but it has been the same party in power, the People’s Action Party [PAP], ever since.

      “For a lot of that time the same man, Lee Kuan Yew, was the prime minister. So you could say Singapore is a one-party state. And even though it has absolute power the PAP uses the courts and all sorts of underhand ways to stop opposition parties growing.

      “We are ranked as one of the worst countries in the world in terms of press freedom. And it is getting worse, with more and more restrictive laws.

      “Although the government says it does not censor political opinion on the internet, nearly all the online news channels are owned by the big newspaper companies which are tightly controlled or censor themselves. I will have to look at the World Socialist Web Site when I get back home.

    • Julian Assange Can Vindicate Trump

      President Donald Trump and Sen. Rand Paul (R-KY) were once enemies as they vied for the presidency, but these days they are best buds working together to spread peace instead of war by pursuing diplomatic measures with countries such as Russia and North Korea, much to the chagrin of the deep state and military-industrial complex.

  • Environment/Energy/Wildlife/Nature

    • EPA docs don’t show any scientific evidence for Scott Pruitt’s climate claims

      The Environmental Protection Agency (EPA) has not been able to offer any scientific evidence for statements made by the agency’s former Administrator Scott Pruitt when he went on CNBC in March 2017 and said that carbon dioxide was not known to be a major contributor to climate change.

    • Palm oil: A new threat to Africa’s monkeys and apes?

      Endangered monkeys and apes will almost certainly face new risks if Africa becomes a big player in the palm oil industry.

    • Trump administration delays Dakota Access Pipeline decision again

      In a status report filed in federal court on Tuesday, the U.S. Army Corps of Engineers said it needed until August 31 to complete its work on the final portion of the $3.8 billion project. The agency is reviewing information submitted by tribal opponents and Energy Transfer Partners, the firm behind the pipeline, government attorneys said.

    • Standing Rock protesters now protesting Line 5 pipeline

      Shomin, 54, and others have set up a camp to protest Canadian oil transport company Enbridge’s Line 5, which carries millions of gallons of oil and natural gas liquids each day, splitting into two pipelines as it passes underwater through the Straits of Mackinac.

    • ‘Tears running down my face’: farmers turn to crowdfunding for support

      Tammy and Craig Whatman supply 1.2 million litres of milk to the Australian market from their Mayberry farm in Burrawang, NSW but their more than 300 cows are approaching starvation and drought conditions are pushing them to the edge.

    • On climate change, it’s time to start panicking

      Yet this is one of those issues in which — because there are so many twists and turns and overwhelming details — it is easy to lose sight of a crucial fact: If we do not resolve the problem of man-made climate change, it could quite literally spell the end of human civilization.

    • The world is losing the war against climate change

      Yet as the impact of climate change becomes more evident, so too does the scale of the challenge ahead. Three years after countries vowed in Paris to keep warming “well below” 2°C relative to pre-industrial levels, greenhouse-gas emissions are up again. So are investments in oil and gas. In 2017, for the first time in four years, demand for coal rose. Subsidies for renewables, such as wind and solar power, are dwindling in many places and investment has stalled; climate-friendly nuclear power is expensive and unpopular. It is tempting to think these are temporary setbacks and that mankind, with its instinct for self-preservation, will muddle through to a victory over global warming. In fact, it is losing the war.

    • New South Wales drought now affects entire state

      A dry winter has intensified what has been called the worst drought in living memory in parts of eastern Australia.

      NSW produces about a quarter of Australia’s agricultural output. It was officially listed as “100% in drought” on Wednesday.

    • Finnish travel firms consider ban on parks with captive orca

      Finnish holiday companies such as Aurinkomatkat (Suntours), Apollomatkat (Apollo Travels) and TUI Finland are mulling whether they should join in a decision by one company in Britain to ban destinations with animal theme parks that feature captive orcas as entertainment.

      Thomas Cook Group, a British-owned travel group, announced on July 29 that it would be stopping trips and ticket sales to several destinations in 2019.

    • Is Climate the Worst Casualty of War?

      The Pentagon uses more petroleum per day than the aggregate consumption of 175 countries (out of 210 in the world), and generates more than 70 percent of this nation’s total greenhouse gas emissions, based on rankings in the CIA World Factbook. “The U.S. Air Force burns through 2.4 billion gallons of jet fuel a year, all of it derived from oil,” reported an article in the Scientific American. Since the start of the post-9/11 wars, U.S. military fuel consumption has averaged about 144 million barrels annually. That figure doesn’t include fuel used by coalition forces, military contractors, or the massive amount of fossil fuels burned in weapons manufacturing.

    • VW’s CEO was told about emissions software months before scandal: Der Spiegel

      Volkswagen (VOWG_p.DE) Chief Executive Herbert Diess was told about the existence of cheating software in cars two months before regulators blew the whistle on a multi-billion exhaust emissions scandal, German magazine Der Spiegel said.

  • Finance

    • HUD accuses Facebook of Fair Housing Act violations

      The Department of Housing and Urban Development (HUD) filed a complaint [PDF] against Facebook on Friday. HUD accuses the social media company of violating the Fair Housing Act, which prohibits discrimination in print and online advertisements on the basis of race, religion, physical ability, gender, and other attributes.

      The HUD complaint [read it here, PDF] claims Facebook allowed advertisers to target prospective buyers or renters and filter out others– for instance, a person interested in “accessibility,” or another from a zip code associated with a given race or economic class.

    • HUD hits Facebook with housing discrimination complaint

      The federal Fair Housing Act prohibits home rental and sale advertisements from discriminating “based on race, color, religion, sex, handicap, familial status, or national origin.”

      In its complaint, the federal housing agency outlined several ways landlords or sellers can use Facebook ads to do just that. They could, for example, decide to show the ads to only men, or ensure that their ads don’t appear in the feeds of anyone with “accessibility” listed as an interest.

    • Walmart completes $16 bn acquisition deal; to hold 77% stake in Flipkart

      Founded in 2007, Flipkart has led India’s eCommerce revolution. The company has grown rapidly and earned customer trust, leveraging a powerful technology foundation, including artificial intelligence, and emerging as a leader in electronics, large appliances, mobile and fashion and apparel.

    • Walmart is now the largest shareholder of Flipkart

      Walmart’s $16 billion investment includes $2 billion of new equity funding to help accelerate the growth of the Flipkart business. The Bentonville-based company had announced its intent to acquire Flipkart on May 9 and in less than three months received an approval by the Competition Commission of India (CCI) on August 8.

    • Japan’s habits of overwork are hard to change

      The model now holds Japan back. It is miserable for male workers, especially as companies no longer make the money to offer new employees the same benefits and guarantees. It is even worse for women. Those who succeed in a male-dominated workplace risk all if they have children, after which it is hard to pick up careers again. A large number of women don’t return to work at all. As for Japan’s young, many opt out of corporate life to open or staff boutiques, cafés and the like. There they accept low pay rather than toil in bleak offices. None of this helps companies either—Japan has the lowest productivity of the G7.

    • Appeal from a political economist: the left internationalist case for a second referendum on Brexit

      In 1975, a referendum was held on Britain’s membership of the European Union in which a substantial proportion of the left of the Labour Party, and of the labour movement more generally, voted in favour of withdrawal. Why? Because the EU’s institutional structures and trading arrangements favoured the interests of capital far more than they did the interests of labour. Rejecting Britain’s EU membership was therefore a clear-cut and correct class position for the left to take.

      But is that same position correct today, more than four decades later? As the EU’s political and economic structures are still weighted in favour of business interests, it would seem that the answer has to be affirmative: rejection of Britain’s membership of the EU appears to represent a consistency of class principle. However, this consistency is only valid if complete abstraction is made from the seismic changes in the world order that have occurred since 1975. Factor these changes into the equation and what appears to be a consistent class position turns out to be anything but that in reality.

    • Stephan Livera Podcast 15 – Intellectual Property, Bitcoin, and Internet Censorship

      Stephan Kinsella, Intellectual Property lawyer, and libertarian advocate joins me in this episode to discuss:

      His story with bitcoin
      Money as Sui Generis Good
      The imprecise application of Lockean property theory
      Why you can’t own bitcoin, but it probably doesn’t make a big difference anyway
      The harmful effects of patents and copyright
      ‘Internet Censorship’ as it relates to property rights and ownership of private social media platforms

    • Self-made entrepreneur behind Superdry fashion label hands £1m to Brexit referendum campaign

      The businessman behind the Superdry fashion label is donating £1m to the People’s Vote campaign for a new referendum on Brexit.

      Self-made entrepreneur Julian Dunkerton said he was giving the money because there is “no vision for Brexit” being offered by the government.

      It will be used to launch one of the biggest polling operations ever undertaken in UK politics, to bolster the campaign for a new public vote.

    • Brexit is a consequence of low upward mobility

      On June 23, 2016, the British public voted by a 52-48 percent margin for the United Kingdom to leave its membership of the European Union. A popular view is that British citizens favored Brexit because they were swayed by misplaced nationalism and base xenophobia. Most academic studies, however, find that the Brexit vote reflected economic grievances: economically distressed regions had higher “Leave” shares; and people under financial stress were more likely to vote for Brexit. Recent research shows that people who are economically marginalized and see their social standing slipping away are likely to identify themselves with nationalistic and xenophobic ideas and seek solutions for their grievances outside of the political mainstream. People who…see their social standing slipping away are likely to identify themselves with nationalistic and xenophobic ideas and seek solutions for their grievances outside of the political mainstream.

  • AstroTurf/Lobbying/Politics

    • OMG This This This This!

      Last night, one of my callers said we needed journalists and commentators willing to die for the truth,” Black tweeted. “I disagreed. We need journalists and commentators willing to give up their status, quit their jobs and make less money telling truth and sadly to most that’s the same as dying.”

      There’s so much truth in that I just want to unpack it a bit and riff on its implications from my own perspective. What would happen if a significant percentage of journalists got fed up with spoon feeding lies to a trusting populace and decided to place truth and authenticity before income and prestige? Or, perhaps more realistically, what if people who are interested in reporting and political analysis ceased pursuing positions in the plutocrat-owned mass media and pursued alternate paths to getting the word out instead?

    • Identity politics has conquered the Westminster bubble

      Something strange has happened to British politics: more and more social and political grievances are being aired and conducted through accusations and counter-accusations of Islamophobia or anti-Semitism or some other form of prejudice. This ‘racism’ game seems to be the only one in town at the moment.

    • Michigan Candidate for Governor Linked to Nation of Islam

      NOI has a long history of extremism. Imam Deen Mohammad’s former assistant Imam Mubarak affiliates himself with the mosque and regularly posts to the Center’s Facebook page, including posts describing Jews and Christians as untrustworthy.

      In addition to its connection to the Nation of Islam, the Muslim Center has several ties to the Muslim Brotherhood.

    • Brennan: “We have never before seen the approval or removal of security clearances used as a political tool”

      Last week Trump suspended former CIA head John Brennan’s security clearance.

      His defenders immediately rose to declare this shall not stand. Twelve former intelligence officials signed a statement criticizing Trump’s decision, claiming “We have never before seen the approval or removal of security clearances used as a political tool, as was done in this case… this action is quite clearly a signal to other former and current officials to stay silent.”


      All those statements are completely and idiotically wrong. My clearance was revoked by my then-employer, the State Department, in 2011 for political reasons, to silence me and others, as part of the Obama war on whistleblowers. And I wasn’t alone. Jesselyn Radack then of The Government Accountability Project wrote “Peter Van Buren is the latest casualty of this punitive trend. The government suspended his top-secret security clearance – which he has held for 23 years – over linking, not leaking to a WikiLeaks document on his blog and publishing a book critical of the government.

  • Censorship/Free Speech

    • Why should Islam be exempt from ridicule?

      However, this is the price of living in a free society where free expression is sacrosanct. Sometimes you have to listen to and tolerate views that may annoy you, and as an adult you should be able to cope with that. Islam cannot be given special exemption from scrutiny, criticism, ridicule or satire. No other religion, philosophy or ideology is, and yet our politicians and much of the mainstream media pander to such demands from some sections in the Muslim community. The silencing term ‘Islamophobia’ is also employed to conflate bigotry against peaceful individual Muslims, which is wrong, with any criticism of Islam. The witch hunt is back and Islamophobes are the new witches.

    • Google defends controversial China project in meeting with employees

      The Dragonfly project would reportedly involve censoring information in accordance with the Chinese government’s demands, which has prompted some employees
      to protest the company’s secrecy over the matter. “I think there are a lot of times when people are in exploratory stages where teams are debating and doing things, so sometimes being fully transparent at that stage can cause issues,” Pichai said, according to BuzzFeed News. “So I do think there are genuine issues teams are grappling with. We are as a company, I think, more committed to transparency than probably any company in the world.”

    • Google’s Brin Cops to Plan to Reclaim Lost Decade in China

      At the company’s weekly all-staff meeting, the project was discussed by co-founder Sergey Brin — the very executive most closely associated with the decision in 2010 to pull out of China. It was a widely lauded move by Google managers, led by Brin, who argued that they’d rather leave than subject their search tool to China’s stringent rules that filter out politically sensitive results, such as the 1989 Tiananmen Square massacre.

    • Here’s What Happened At Today’s Google All-Hands Meeting

      Google leadership addressed Dragonfly, the company’s censored search product for Chinese markets that sparked internal furor when many employees first learned about it two weeks ago, for the first time at an all-hands staff meeting today.

      But according to a source with knowledge of the meeting, after answering a few questions on the subject, executives present at the meeting changed the topic because reporters were live tweeting what they were saying.

    • WordPress removes several alt-right blogs that spread Sandy Hook conspiracies

      Now alt-right bloggers and readers claim several sites have been removed, including conspiracies about Sandy Hook and 9/11. The timing of the move comes just after The New York Times reported on how WordPress was still allowing these bloggers to stay online.

    • Finnish court issues precedent “right to be forgotten” decision for Google to remove data

      The Supreme Administrative Court ruled that Google must remove a convicted man's information from its search engine data, as requested, in respect of his privacy.

    • Twitter Shut Down My Account For “Abusing” John McCain

      They’re calling it a “suspension”, but nobody can view my page and I can’t perform any activities on it, and it appears to be permanent unless I succeed in going through the anonymous and unaccountable appeals process. Now when people try to access my account, they get a screen that looks something like this depending on what device they’re using…


      I posted this four days ago when John McCain was trending because Donald Trump didn’t pay him any respect when signing the bloated NDAA military spending bill that was (appropriately) named after him. My reason for doing so was simple: the establishment pundits responsible for manipulating the way Americans think and vote have been aggressively promulgating the narrative that McCain is a hero and a saint, and I think it’s very important to disrupt that narrative. If we allow them to canonize this warmongering psychopath, then they’ll have normalized and sanctified his extensive record of pushing for psychopathic acts of military violence throughout his entire political career. They’ll have helped manufacture support for war and the military-industrial complex war whores who facilitate it. Saying we’ll be glad when he’s gone is a loud and unequivocal way of rejecting that establishment-imposed narrative.

      Interestingly, I’ve been saying this exact same thing repeatedly for over a year. An article I wrote about McCain in July of last year titled “Please Just Fucking Die Already” received a far more widespread backlash than this one, with articles published about it by outlets like CNN, USA Today and the Washington Post. Whoopi Goldberg and Joy Behar talked about me on The View. I was never once suspended or warned by any social media outlet or blogging platform at that time; it was treated as the political speech about a public figure that it clearly and undeniably is. The only thing that has changed since that time is the climate of internet censorship.


      So it looks like anyone who voices a political opinion that is deemed sufficiently offensive to Centrist Twitter can be purged in this way now. If you can get enough people reporting the same thing over and over again for a few days, one of those reports will eventually land in the lap of an admin whose personal bias allows them to squint just right at political speech about a public figure and see a violation of Twitter policy.

      I’ve been writing about the dangers of internet censorship so much lately because this is becoming a major problem. In a corporatist system of government, wherein government power and corporate power are not separated in any meaningful way, corporate censorship is state censorship. The plutocratic class which effectively owns the US government also owns all the mass media, allowing that plutocratic class to efficiently manipulate the way Americans think and vote so as to manufacture public consent for the establishment status quo upon which those plutocratic empires are built.

    • Free Press with Craig Aaron

      On today’s program, we look at the state of the media as we hear updates from Craig Aaron, CEO and president of FreePress.net about their latest campaigns fighting big media consolidation at the FCC, including on matters of net neutrality, and spearheading initiatives to revive local journalism. In the second half of the show we’re joined by Jesse Franzblau, policy analyst with Open the Government coalition to discuss recent and ongoing attacks on journalists and the free press.

    • 1A Victory: SCOTUS Again Confirms ‘Hate Speech’ is Protected

      In the world we awoke to on November 8, 2016, a myth took hold among many progressive people that so-called “hate speech” — speech that demeans on the basis of race, ethnicity, gender, religion, age, disability — is not protected by the First Amendment. Even Howard Dean contributed to the falsehood.

      The Supreme Court just made it very, very clear that is wrong. Offensive and hateful speech is as protected as any other. It is vital to protect all speech, for the road of prohibiting speech one disagrees with is a slippery one. There is a right to offend; deal with it, snowflakes.

  • Privacy/Surveillance

    • NSA hacked Al Jazeera & Aretha Franklin ‘disturbs the peace’ (E783)

      Former intelligence officer Philip Giraldi discusses the multitude of ways that sanctions harm the wellbeing of people in targeted countries, and talks about the NSA reportedly hacking Al Jazeera in 2006.

    • After call to implant microchips in people awaiting trial, are they about to become the next threat to our privacy?

      Last year, Privacy News Online wrote about the Swedish SJ Railways allowing customers to use under-the-skin microchip implants for “easy” ticket purchases. That might have seemed a one-off bad idea, but such implants have a surprisingly long history. More worryingly, they seem to be gaining in popularity, and cropping up increasingly in everyday situations, with evident privacy implications.

    • Google Goggles Goes to the Grave, Long Live Lens

      Google Goggles has been around for years, but it hasn’t been updated since 2014. Until now. The new app kills off Goggles entirely, directing users to install Google Lens.

    • Google Goggles is dead, now prompts users to install Lens

      When Google Lens was first announced a year ago, many pointed out its similarities to the long-abandoned Google Goggles app. Both were designed to identify objects in pictures, but Lens is far smarter thanks to a healthy dose of machine learning.

      Google Goggles just received its first update since 2014, which replaces the entire app with a “Hello, Google Lens!” message. It asks users to install the new standalone Lens app, and that’s it.

    • Exclusive: U.S. government seeks Facebook help to wiretap Messenger – sources

      The U.S. government is trying to force Facebook Inc (FB.O) to break the encryption in its popular Messenger app so law enforcement may listen to a suspect’s voice conversations in a criminal probe, three people briefed on the case said, resurrecting the issue of whether companies can be compelled to alter their products to enable surveillance.

    • US seeks Messenger data in case that could mirror one in Australia
    • Have British Spies Been Hacking the EU?

      Just after midnight on Aug. 16, I was called by LBC Radio in London for a comment on a breaking story on the front page of The Daily Telegraph about British spies hacking the EU. Even though I had just retired to bed, the story was just too irresistible, but a radio interview is always too short to do justice to such a convoluted tale. Here are some longer thoughts.

      For those who cannot get past the Telegraph paywall, the gist is that that the European Union has accused the British intelligence agencies of hacking the EU’s side of the Brexit negotiations. Apparently, some highly sensitive and negative EU slides about British Prime Minister Theresa May’s plan for Brexit, the Chequers Plan, had landed in the lap of the British government, which then lobbied the EU to suppress publication.

      Of course, this could be a genuine leak from the Brussels sieve, as British sources are claiming (well, they would say that, wouldn’t they?). However, it is plausible that this is the work of the spies, either by recruiting a paid-up agent well placed within the Brussels bureaucracy, or through electronic surveillance.

    • Modern horror films are finding their scares in dead phone batteries

      Which is why, at this point, the “neutralizing the characters’ cellphones” moment has become a standard part of horror movie language. The most common way around cellphones in horror films is putting the characters in a dead spot where they can’t get reception, either because they’re too isolated or more often because of some kind of technological or supernatural interference.

    • Google clarifies location-tracking policy

      Google has revised an erroneous description on its website of how its “Location History” setting works, clarifying that it continues to track users even if they’ve disabled the setting.

      The change came three days after an Associated Press investigation revealed that several Google apps and websites store user location even if users have turned off Location History. Google has not changed its location-tracking practice in that regard.

  • Civil Rights/Policing

    • A feeling of apartheid in Holland

      The harsh reality in Holland now is that people have their own barbers, their own shopping markets, their own foods, their own places to socialise, their own worlds. They are not comfortable living around one another, and where they are forced to do so by the rental market, they are not comfortable sharing the space. This is not an opinion – this is a fact backed by government research. The latest findings by the Dutch government explicitly state that feelings of mistrust and loss of identity rise in parallel with an increase in societal diversity.

      The Dutch seem insulated. You can get used to anything if it sticks around long enough. This is also one of the more nefarious effects of segregation: necessarily it is difficult to see and experience the problem if it is in a neighbourhood where you never go. Out of sight, out of mind. Again it harks very much back to South Africa, where the racial tension is so deeply embedded, so much part of the national psyche, that it would be unhealthy and unrealistic to spend your days obsessing over it. And so the poison lingers.

    • The burqa represents an ideology that looks down on women

      Non-Muslim protesters even wore burqas in ‘solidarity’ with Muslim women, standing on the wrong side of history by indirectly opposing the Muslim women who are defying the idea of full veil in countries such as Iran and Saudi Arabia.

      Anyone fighting the Danish ban is not only willing to compromise the security of their fellow citizens but they are also endorsing the extremist men who want to alienate their female members, despite the full veil having no roots in core Islamic scriptures.

    • ‘I was kidnapped in London and trafficked for sex’

      Anna came to London from Romania intending to study, but first she needed to earn some money. She took temporary jobs – waitressing, cleaning, maths tutoring. Then one day in March 2011 she was snatched off the street, flown to Ireland and put through nine months of hell.

    • The Perils of Housecleaning Abroad

      Better laws can reduce forced labor, but they will not end it. For starters, throughout much of the Arab world, such regulations operate within a much larger, inherently exploitative structure — the “kafala” system. This form of visa sponsorship is believed to have originated in Gulf states to accommodate foreign workers, mostly from South Asian countries like Pakistan, Sri Lanka and Bangladesh. Over the years, the scheme has evolved from helping protect migrants to severely limiting domestic workers’ rights. Under today’s kafala, a migrant is not allowed to leave her employer without the employer’s consent. She is also forbidden from changing employers or traveling out of the country. Escaping is a crime, punishable by arrest and deportation. Human Rights Watch has long argued that no secondary regulation can guarantee the safety of domestic workers as long as the kafala keeps them legally handcuffed to their employers.

    • Amanda Lindhout recounts 15-month Somalia ordeal on Australian TV’s Interview programme

      Young reporter Amanda Lindhout was aware of the risks, but three days after entering Somalia, she and her friend were seized. She told Andrew Denton of her 15-month ordeal.

    • Friday’s papers: Recognising shared parenting, cops feign ignorance, deterring repeat offenders

      National daily Helsingin Sanomat features an analysis of the preliminary investigation report from a trial that began on Tuesday, where top police leaders are suspected of dereliction of their official duties by not ensuring that a database of police informants was properly managed.


      HS reports that the behaviour of the leaders of the police and security institutions in Finland when confronted with the problem of Aarnio’s rebel methods was nothing less than “embarrassing”. Throughout the investigation report, their responses to questions on the register were a consistent “I don’t know”, “I can’t answer that”, “I have no knowledge of that”, or “I don’t know.”

    • Slavery Survivor Recalls Trafficking Horrors
    • Facebook accused of helping traffickers by not blocking ads aimed at refugees

      Facebook has been accused of allowing refugees to be tricked into unsafe situations by not blocking advertisements from human traffickers on its site.

    • A Retrospective on Kofi Annan, Dead at 80

      Kofi Annan, the first United Nations secretary general from sub-Saharan Africa, ends his 10-year term on Sunday, leaving behind a complex legacy during an era of genocide, terrorism, and US dominance.

      The 2001 Nobel Peace Prize recipient charted a treacherous course between pleasing and antagonizing Washington while resisting persistent calls for his resignation over the worst corruption scandal in UN history.

      Annan was a secretary general of many contradictions: the first UN staff member to rise to the top, he was later reviled by much of the staff. A champion of developing world causes against entrenched First World power, he was lambasted as a toady of the West. And while critics say his inactions contributed to genocide in Bosnia and Rwanda, he later became a leading advocate for military intervention to curb mass killings.

  • Internet Policy/Net Neutrality

    • NBN Co forced to back down on charging rural users more

      Under pressure from the Federal Government, the NBN Co, the company rolling out Australia’s national broadband network, has backed down on a decision to charge rural and regional users $20 more for their fixed wireless 50/20Mbps plans.

    • A Straightforward Timeline of the FCC’s Twisty DDoS Debacle

      This particular drama started last year, when comedian John Oliver urged viewers of his show, Last Week Tonight, to file comments through the FCC’s website asking the FCC to preserve its net neutrality rules. The next day, the FCC’s site went unresponsive. Rather than blaming the traffic generated by Oliver’s show, the FCC claimed it was the victim of a “distributed denial of service,” or DDoS, attack, meaning that someone had deliberately tried to overload its servers and cause them to crash.

      Security experts, journalists, and Congress immediately questioned the claim, but FCC chair Ajit Pai assured both houses of Congress that the agency had evidence of an attack. [...]

    • Ajit Pai knew DDoS claim was false in January, says he couldn’t tell Congress