There are many interesting features of the Linux directory structure. This month I cover some fascinating aspects of the /dev directory. Before you proceed any further with this article, I suggest that, if you have not already done so, you read my earlier articles, Everything is a file, and An introduction to Linux filesystems, both of which introduce some interesting Linux filesystem concepts. Go ahead—I will wait.
Great! Welcome back. Now we can proceed with a more detailed exploration of the /dev directory.
I have covered Microsoft’s interference with FOSS [free and open-source software] for over a decade and carefully studied even pertinent antitrust documents. I know the company’s way of thinking when it comes to undermining their competition
The pattern of embrace and extend (to extinguish) — all this while leveraging software patents to make Linux a Microsoft cash cow or compel OEMs to preinstall privacy-hostile Microsoft software/apps with proprietary formats (lockin) — never ended. What I see in the Linux Foundation right now is what I saw in Nokia 5 years ago and in Novell 10 years ago — the very thing that motivated me to start BoycottNovell, a site that has just turned 10 with nearly 22,000 blog posts. It is a saddening day because it’s a culmination, after years of Microsoft ‘micro’ payments to the Linux Foundation (e.g. event sponsorship in exchange for keynote positions), which will have Microsoft shoved down the throats of GNU/Linux proponents and give an illusion of peace when there is none, not just on the patent front but also other fronts (see what Microsoft’s partner Accenture is doing in Munich right now).
Last year Pine64 debuted a tiny little Linux computer that packs an Allwinner A64 ARM processor inside a small, clear shell. The big deal with that tiny computer was that it cost only $15 or starters. Pine64 is back and this year it has a new laptop that is impressively cheap called the Pinebook.
This laptop packs in the Allwinner quad-core, 64-bit processor and pairs that processor with 2GB of RAM. Internal storage is 16GB and the Pinebook features WiFi and Bluetooth built-in. The machine has dual USB 2.0 ports, a microSD card slot, a mini HDMI output, and a headphone port. It’s not going to be a powerhouse machine, but the hardware isn’t bad considering that the 11.6-inch screen version sells for $89.
Two weeks ago, we discussed here the upcoming features of the Docker 1.13.0 open-source and cross-platform application container engine as part of the new version's first Release Candidate build.
And now, Developer Victor Vieux announced the availability of the second RC version for the Docker 1.13.0 release, which appears to bring lots of improvements and bug fixes. Notable changes include support for labels on volumes, the ability to filter volumes by label, along with the ability to purge data from a deleted volume using the "--force" parameter in the "docker volume rm" command.
AWS recently launched a Docker container image for its Amazon Linux operating system, complementing the EC2 specific Amazon Linux AMI with a versatile deployment option for custom cloud and on-premise environments. The image is available through the Amazon EC2 Container Registry (Amazon ECR), and also as an official repository on Docker Hub.
The Amazon Linux AMI is a "supported and maintained Linux image provided by Amazon Web Services" that is designed to "provide a stable, secure, and high performance execution environment for applications running on Amazon EC2". It has long been the base image for most of AWS' Linux based offerings, such as the AWS Elastic Beanstalk platforms, the Amazon Elastic MapReduce releases, and the Amazon EC2 Container Service instances.
In previous articles, we’ve discussed four notable trends in cloud computing and how the rise of microservices and the public cloud has led to a whole new class of open source cloud computing projects. These projects leverage the elasticity of the public cloud and enable applications designed and built to run on it.
Early on in cloud computing, there was a migration of existing applications to Amazon Web Services, Google, and Microsoft’s Azure. Virtually any app that ran on hardware in private data centers could be virtualized and deployed to the cloud. Now with a mature cloud market, more applications are being written and deployed directly to the cloud and are often referred to as being cloud native.
Here we’ll explore three emerging cloud technologies and mention a few key projects in each area. For a more in-depth explanation and to see a full list of all the projects across six broad categories, download our free 2016 Guide to the Open Cloud report.
To explain this, I’m going to have to recap on some old work with a particular focus on co-evolution.
Still on the regular Sunday release schedule, here's rc7.
I think we got all the silly problems I was aware of fixed, and on the whole things are looking pretty good. In fact, if next week ends up being very quiet, this _might_ be the last rc, although honestly I strongly suspect I'll end up doing an rc8. It's been a big release, and rc7 could have been quieter. We'll see.
I basically reserve the right to make up my mind next weekend.
The changes in rc7 are mainly drivers, architecture and networking. In fact, most of the driver updates are networking drivers, so I guess I could say "mostly networking and architecture updates, with a smattering of other driver updates" (the main other driver areas being usb, gpu, hid, i2c, iommu). And we've got the usual small random stuff all over (core kernel, a eBPF fix, some filesystem fixes etc).
The appended shortlog gives a reasonable view into what's up.
Linus
It's Sunday here is the US, and, for hardcore Linux users, this means that they test drive yet another RC (Release Candidate) build of the soon-to-be-released Linux 4.9 kernel.
That's right, Linus Torvalds just made his weekly announcement to inform the Linux community on the immediate availability of the seventh Release Candidate (RC7) development milestone for the upcoming Linux kernel 4.9 series, which has been delayed for a week due to the size of the patch.
The Linux 4.9-rc7 test kernel is now available although it's yet undecided whether there will be an RC8 before declaring it gold.
The world almost certainly needs to wait another week for Linux 4.9, says the operating system's overlord Linus Torvalds.
In his weekly post on the progress of the next kernel release, Torvalds announced release candidate seven of Linux 4.9, saying “ I think we got all the silly problems I was aware of fixed, and on the whole things are looking pretty good.”
VK9, formerly known as 'SchaeferGL' is an open source project that aims to implement d3d9 over Vulkan.
For those riding the stable Mesa release train, Mesa 13.0.2 is now available as the newest Mesa 13.0 point release.
As covered last week, the 50+ changes in this version include many fixes to VC4, i965, Radeon, and RADV drivers. There are also a number of Vulkan WSI (windowing system integration) fixes plus driver specific work, more smoke-testing, and memory leak fixes. The Intel Mesa driver also has received its share of support for Intel Geminilake hardware coming out in 2017.
Today, November 28, 2016, Collabora's Emil Velikov announced the release of the second maintenance update to the stable Mesa 13.0 3D Graphics Libray for Linux-based operating systems.
There's now patches for bringing up open-source graphics driver support in the Freedreno stack for Qualcomm's latest-generation Adreno graphics hardware.
The Adreno 505, 506, 510, and 530 GPUs are found in Qualcomm's Snapdragon SoCs like the Snapdragon 820, 821, 650, and 430. The Adreno 500 series is fully Vulkan 1.0 compliant, supports OpenGL ES 3.1/3.2, and has full support for OpenCL 2.0.
With the holiday season in full swing, whether you are just a casual photographer or professional, Darktable is easily one of the best photography workflow applications and it's free software! Darktable has offered OpenCL acceleration for providing faster performance on GPUs and with the imminent Darktable 2.2 release there is even better OpenCL results. For those curious about the OpenCL performance of Darktable, I've done some Darktable 2.2-RC1 benchmarks on a variety of NVIDIA GeForce and AMD Radeon graphics cards under Ubuntu Linux.
CRAN just accepted the newest release 0.1.1 of anytime, following the previous five releases since September.
anytime is a very focussed package aiming to do just one thing really well: to convert anything in integer, numeric, character, factor, ordered, ... format to POSIXct (or Date) objects -- and to do so without requiring a format string.
It's been almost a month since the major FFmpeg 3.2 "Hypatia" open-source, free and cross-platform multimedia framework was officially unveiled, and now the first point release arrives for all supported platforms.
FFmpeg 3.2 "Hypatia" brought us many goodies, including OpenH264 decoder wrapper, libopenmpt demuxer, alias muxer for Ogg Video (.ogv), VP8 support for Ogg muxing, the True Audio (TTA) muxer, as well as the crystalizer, maskedclamp, hysteresis, lut2, yuvtestsrc, vaguedenoiser, weave, avgblur, gblur, and acrusher audio filters.
On the look out for a clean, modern and open-source desktop RSS reader app for Linux? I know I am, so I was excited to come across Alduin. Alduin is a simple RSS (and Atom) feed aggregator that’s billed as having an “ergonomic, complete and easy to use interface, which will be suitable for all types of user.”
Looking for a nifty screensaver for Ubuntu? Check out Gluqlo, a Linux version of the popular Fliqlo screensaver for Windows and OS X.
Ubuntu no longer bundles a screensavers with the default build. Instead, when you leave your computer idle for a set period Ubuntu blanks the display to conserve power.
Laminar Research has released their first public beta of the massive X-Plane 11.0 flight simulator update. It's a huge update and expect some bugs at this stage, but should be a very exciting release.
X-Plane 11 is nearing release, so the developers have put up a beta and a demo of the beta for you to try before you buy.
I can count with the fingers of a single hand the number of comics I read in my whole life, and the Battle Chasers aren't the exception; though, if this upcoming game is being loyal to their style and tone, I have to say I would be more tempted to do so. Personally, I don't expect for games to have state-of-the-art technology behind their graphics, but I care a lot about the artistic design, and this one truly seems to deliver on that. Plus, if you check this news on the official site, after a successful Kickstarter campaign they announced to be completely funded by Nordic Games without sacrificing the creative control of the project, so basically the quality of the game now simply relies on how talented they are and how well they spend the budget on the game.
If you're looking to play an adventure game but you don't have a lot of time, then you may be interested to check out Sisyphus Reborn, a lightweight (300 MB) and short existential adventure that will only take you 40 minutes to finish (and that includes getting all the achievements). It was released for Linux exactly two months ago, as indicated in this announcement, where you can also find the person who made the port credited.
We've run a GOTY award for the last two years and this year will be no different! I am requesting feedback!
The page is currently open, with the categories adjusted from last year: https://www.gamingonlinux.com/goty.php
If you have a suggestion for a category, please let me know, but I don't want too many more as I think we already have a good selection going from feedback last year.
Something that didn't go unnoticed was that Valve has removed the SteamPlay logo from Steam store pages.
This is interesting, as it was a partial source of confusion amongst SteamOS/Linux gamers. Plenty of us know how to easily identify games that have Linux support, but there was plenty who didn't. People were genuinely getting confused about it all and I don't blame them.
If you are looking for any gift ideas this 2016 holiday season for a Linux gamer/enthusiast or just a casual user looking for some friendly PC hardware, here are my favorites for this holiday season.
Guild Software announced a new update to their cross-platform, multiplayer Vendetta Online 1.8 MMORPG, versioned 1.8.398, which ships only a few days after the 1.8.397 maintenance update.
As you might imagine, Vendetta Online 1.8.398 is a small patch addressing various issues reported by users from the previous point release, but also adding significant improvements to analog stick sensitivity for various game controllers made by Razer, Moga, SteelSeries, and Nyko, when playing the game with the Samsung Gear VR headset.
On November 27, 2016, Chakra GNU/Linux developer Neofytos Kolokotronis informs the community about the availability of a set of new software updates for the rolling distro originally based on Arch Linux.
A week ago, we reported on the availability of the cups 2.1.4-3 and pepperflashplugin 23.0.0.207-1 packages in the Chakra GNU/Linux repositories, which required manual intervention from the user. And, after some issues with their hosting provider, the promised KDE goodies are finally here, along with numerous other updates.
The KDE community will once more be participating in Google Code-in, which pairs KDE mentors with students beween the ages of 13 and 18 to work on tasks which both help the KDE community and teach the students how to contribute to free and open source projects. Not only coding, but also documentation and training, outreach and research, quality assurance and user interface tasks will be offered.
As I just posted in the Mission Forum, our KDE Developer Guide needs a new home. Currently it is "not found" where it is supposed to be.
We had great luck using markdown files in git for the chapters of the Frameworks Cookbook, so the Devel Guide should be stored and developed in a like manner. I've been reading about Sphinx lately as a way to write documentation, which is another possibility. Kubuntu uses Sphinx for docs.
In any case, I do not have the time or skills to get, restructure and re-place this handy guide for our GSoC students and other new KDE contributors.
In this last week, the master branch of GTK+ has seen 40 commits, with 1551 lines added and 1998 lines removed.
There are a lot of Linux communities all over the globe filled with really nice people who just want to help others. Typically these people either can’t (or don’t feel comfortable) coding, and I’d love to harness some of that potential by adding a huge number of new application reviews to the ODRS. At the moment we have about 1100 reviews, mostly covering the more popular applications, and also mostly written in English.
Emmanuele Bassi, senior software engineer at Endless and GNOME/GTK+ collaborator, reports today, November 28, 2016, on the work that happened this last week for the cross-platform and open-source GTK+ GUI toolkit.
With 1551 lines added and 1998 lines removed, the master branch of GTK+ has seen 40 commits since Emmanuele Bassi's last report, and it appears that the first GTK+ 4 development snapshot is now ready for public testing, versioned 3.89.1. According to the current GTK+ road map, all deprecated APIs have now been removed.
On the one hand, businesses want the most stable operating systems. That's why Red Hat has Red Hat Enterpise Linux (RHEL). On the other, developers want the newest and fastest development tools. That's why Red Hat also puts out the community Fedora Linux distribution. But what if you want both? Red Hat has you covered with Red Hat Developer Toolset 6.
In this video from SC16, Dan McGuan from Red Hat Inc. describes the company’s wide range of software offerings for the HPC market.
Bonilla first got involved in the Fedora community when he was studying for the RHCSA (Red Hat Certified System Administrator) exam. He felt using Fedora was the best way to prepare for the exam. “One criteria I use when choosing any open sourced software is to examine the community.” Jose looks at the number of users, forums, blog posts, and issue resolution all as part of the community. The Fedora community exceeds all his expectations.
Jose would like to see more development of Cockpit. “I feel that web-based server administration tools are the future and perhaps the gateway for new interest in Linux administration.” Bonilla did not credit any single person for influencing his decision to contribute to Fedora. It was a “multitude of people and their stances,” he said. Bonilla commented that his “goal is to convince people, by example, that open source projects such as the Fedora Project are important and viable solutions to anyone’s computing needs.”
Over Thanksgiving break, I decided to go through a long list of emails that were marked "when you have a spare moment". I really didn't have one but I realized that many of those emails were crufty and old. One was some people asking about getting abiword together for EL-7. This looked like a straightforward enough task so I got into it and started working out all the packages that would need to be branched to say EPEL and what would be needed to compile them.
Devuan, the Debian fork that frees the system of systemd, is now two years old.
Yesterday marked two years since the announcement of the systemd-free Debian fork, Devuan.
Two years going, this Linux OS that aims for "Init Freedom" isn't the most vibrant distribution out there. When's the last time you've heard of Devuan or even used it yourself? This year much of the systemd "hate" seems to have calmed down compared to prior years, although new features continue to be tacked onto systemd. Here's an interesting Google Trends comparison for those interested.
Since 2008 I use two monitors in my desktop. Yesterday I bought a new graphics interface and a third monitor. Some time I was looking for a low cost graphics interface. Ok, I am using GeForce GT 740 which has three output ports: VGA, DVI and HDMI. In Brazil this interface card can be found around R$ 400 (US$ 117, but my card was US$ 87 in Brazilian Black Friday). In Amazon.com, it is between US$ 51 and US$ 109. The chosen manufacturer was Zotac, but all GT 740 and 750 will work fine (I tested the GT 750 too).
Today, November 27, 2016, the developers of the Debian-based Parsix GNU/Linux distribution announced the availability of new security updates for the Parsix GNU/Linux 8.10 "Erik" and 8.15 "Nev" releases.
While the upcoming Parsix GNU/Linux 8.15 "Nev" release is still in the works, it gets the same security update as Parsix GNU/Linux 8.10 "Erik," which are being ported from the upstream repositories of Debian GNU/Linux 8 "Jessie" (a.k.a. Debian Stable) to Parsix GNU/Linux's own repos.
It's been a week since our previous report on the security updates pushed to the stable Parsix GNU/Linux repositories, and we're seeing updated versions of the Vim text editor, Apache Tomcat 7 and 8 Java Servlet Containers, as well as Wireshark network protocol analyzer.
Canonical, through Udi Nachmany, head of the Ubuntu Certified Public Cloud program, was proud to announce the availability for purchase of Ubuntu Advantage Virtual Guests on the AWS marketplace.
Mir is a project to support the management applications on the display(s) of a computer. It can be compared to the more familiar X-Windows used on the current Ubuntu desktop (and many others). I’ll discuss some of the motivation for Mir below, but the point of this post is to clarify the relationship between Mir and Unity8.
Most talk these days of Ubuntu's Unity 8 next-gen desktop experience and their Mir display server goes hand-in-hand since the change-over is planned in-step before Ubuntu 18.04 LTS, but there's a new Ubuntu Insights blog post up working to promote Mir as more than just tech for the Unity 8 desktop.
Canonical engineer Alan Griffith has written a blog post today about Mir outside of Unity 8. Mir's abstraction layer is providing libmiral.so as a stable library to Mir providing window manager, the miral-shell providing both traditional and tiling window manager, and miral-kiosk as a sample "kiosk" with basic window management.
Ubuntu 17.04, code named Zesty Zapus, is the future release that will succeed Ubuntu 16.10, and even though it’s End of life date has been scheduled for January 2018, the development team aims to bring a lot of upgrades, fixes, and additions in this release.
It's been almost a month since the Maui 2 "Blue Tang" Linux distro arrived based on the Ubuntu 16.04 LTS (Xenial Xerus) operating system and KDE Plasma 5.8 LTS desktop environment, and now the first ISO respin is here.
Maui 2.1 is a refreshed installation medium for those who want to install the Ubuntu-based distribution on their personal computers, including various updated packages, but it mainly focuses on fixing various issues reported by users with the Calamares installer since Maui 2.
The AECX-APL0 supports the three Atom-branded Apollo Lake processors instead of the related Celeron and Pentium models. No OS support is listed, which is also the case for the other Litemax/WynMax embedded boards, which are mostly Mini-ITX boards, with a sprinkling of 3.5-inch SBCs, based on Intel and AMD processors. Running Linux should not be a problem.
The 146 x 102mm AECX-APL0 supports up to 8GB DDR3L RAM, and offers SATA III and mSATA, with the latter made available via one of the two mini-PCIe slots. The other is paired with a micro-SIM for wireless expansion.
Do you have a huge collection of movies, TV shows, and music that you purchased over the years but it’s collecting digital dust on your hard drives? How about creating your very own Netflix- and Pandora-like setup using the free Plex Media Server software? No, you don’t have to buy an expensive, bulky PC. All you need is a Raspberry Pi 3, a hard drive, an SD card and a mobile charger. It should all cost less than $100.
As we've noted here before, when it comes to top open source stories of the past couple of years, it's clear that one of the biggest is the proliferation of tiny, inexpensive Linux-based computers at some of the smallest form factors ever seen. The diminutive, credit card-sized Raspberry Pi, which has been priced at only $25 and $35, has grabbed most of the headlines in this space, and has recently hit some new milestones.
The chances are slim that you might be knowing about YunOS, the mobile operating system developed by China’s Alibaba group. In a recent development related to YunOS, this relatively newer OS is on the track to gather a 14 per cent share of phone shipments in mainland China.
According to forecasts made by analysts, by the end of this year, YunOS will beat iOS to become the second-largest mobile operating system in China. This forecast falls in line with Alibaba’s previous claims that YunOS has already passed iOS.
As sales keep dropping. Apple iOS sales will be topped by Alibaba's YunOS in what was once the U.S. tech behemoth's growth engine. YunOS is set to take 14% of the smartphone shipments in mainland China...
In 2006 I first visited Taiwan. The reason back then was Sean Moss-Pultz contacting me about a new Linux and Free Software based Phone that he wanted to do at FIC in Taiwan. This later became the Neo1973 and the Openmoko project and finally became part of both Free Software as well as smartphone history.
Ten years later, it might be worth to share a bit of a retrospective.
It was about building a smartphone before Android or the iPhone existed or even were announced. It was about doing things "right" from a Free Software point of view, with FOSS requirements going all the way down to component selection of each part of the electrical design.
HMD Global, the company behind the rumored upcoming Nokia Android phone, has confirmed that it will attend Mobile World Congress in February 2017. A handful of mid-range and top-end Nokia Android smartphones have already been spotted on benchmark sites and has been analyzed by some tech people. Now, there is a new name to be added to the list of the leaked Nokia Android smartphones, an entry-level device to be detailed about it.
With the invention and gaining momentum of smartphones, Android users have a huge variety of apps and games almost at our fingertips. However, something that is very irritating for the users is that some games have too many advertisements, in-app purchases and various other features which diminish the stellar experience of the games.
Although the world of open source games isn’t exactly well-known for its good quality games, there is always a wide array of Android games which you would get at F-Droid repository and which are almost new and playable. A majority of these games are actually duplicates of their computer-playable counterparts but can still be enjoyed in every form.
The Chinese consumer electronics manufacturer Meizu may not be a huge name outside of its home country, but that doesn’t mean the Guangdong-based company isn’t delivering some quality Android smartphones of all tiers. Earlier this year, Meizu caught a lot of positive headlines with the Meizu PRO 6, a powerful 5.2-inch phone which punched well above its weight. Now, if the latest rumors from China are to be believed, Meizu may soon take the spotlight in the consumer electronics industry once again as the company is seemingly planning to enter the Android tablet market.
Lenovo's Yoga Book is really great at being a tablet. As far as playing games and watching movies goes, I was as comfortable using the Yoga Book as I am with my iPad Air 2.
As far as productivity goes, this device wasn't for me. Of course, that doesn't mean that it's not for anyone. My version of productivity involves a keyboard (I type a lot, if you haven't guessed), while for others, it might involve switching between a keyboard and pen input, and for those people, the Yoga Book is nearly perfect.
Ultimately, Lenovo's Yoga Book is a truly innovative device, offering a number of features that aren't seen anywhere else. It is, of course, a first-generation product, and if Lenovo stays the course, the second-generation model will be a real winner.
I'd say that it's worth buying, as long as you know what you're getting. It's an excellent consumption tablet, and it's also fantastic for taking notes and drawing, as well as a bit of light typing.
Communication with your team is key.
For chat, IRC or Mattermost are great ways to stay in touch in real time. But chat can be a productivity killer if you feel like you have to be present at all times. Structure your day so that you only focus on necessary chat converstions; log off of chat when you need to focus on another task and set expectations with your team. Also, talk to your team about what types of things will be discussed on chat and what discussions are better for a different method, like a meeting.
For meetings, talking with people in person can be necessary and very helpful for getting things done, but meetings can also be a time sink. Try to set them for only 30 minutes and stick to it. If you need more time, then take it as needed. If you set an agenda (try Etherpad for this), stick to it. Use your calendar to track your time—check out these open source Google calendar alternatives.
JavaScript’s open source stance is also one of the best. Contrary to popular belief, JavaScript is not a project, but a specification with an open standard where the language is evolved and maintained by its core team. ECMAScript, another fancy name of JavaScript, is not open source, but it too has an open standard.
You can easily see evidence of JavaScript's popularity when you look at both at GitHub. JavaScript is the top programming language when it comes to the number of repositories. Its prominance is also evident on Livecoding.tv, where members are diligently creating more videos on JavaScript than any other topic. At the time of this writing, the self-dubbed edutainment site hosts 45,919 JavaScript videos.
Yelp saved itself US$10 million by building out its Apache Kafka-based Data Pipeline, and now it wants to spread that love to other enterprises. Just before the holidays, Yelp open-sourced its Data Pipeline and assorted utilities used to maintain and build out this streaming data platform.
Data Pipeline is now available on GitHub under the Apache 2.0 license. Using Data Pipeline, developers can tie their applications into the constantly flowing stream of Kafka data. The company detailed this in a blog entry.
In mid-October, Google open-sourced the core software behind their TLD registry: Nomulus. This software allows creation and management of new top-level domains (TLDs) in the cloud, enabling current businesses in the Internet real-estate market to expand into the new, rapidly growing generic TLD (gTLD) space, as well as reducing the technological barrier for prospective newcomers.
Nomulus provides a wealth of core features out of the box. Because it is designed to run on Google App Engine, Nomulus is cloud-based and can scale quickly and efficiently as domains leased increase in popularity and number of registrations or inquiries.
Today is Cyber Monday, the day when everyone in the US goes back to work after Thanksgiving. Cyber Monday is a celebration of consumerism, and the largest online shopping day of the year. Right now, hundreds of thousands of office workers are browsing Amazon for Christmas presents, while the black sheep of the office are on LiveLeak checking out this year’s Black Friday compartment syndrome compilations.
Quentin Gallivan, CEO of Hitachi Data Systems’ Pentaho subsidiary, has said government agencies should develop a “centralized” plan that seeks to leverage the use of business analytics tools and an open-source framework like Hadoop in order to facilitate data integration and access.
Gallivan wrote that agencies should adopt an open-source framework that includes governance practices on the use of data and works to support big data processing operations.
Blockstream's Eric Martindale opened his five-minute All Things Open lightning talk with a bold claim: "Bitcoin is one on the most significant innovations of our time."
On the Nextcloud blog I just published about the beta for Nextcloud 11. The release will deliver many improvements and is worth checking out in itself, plus I put a nice clickbait-style title and gave three reasons to test it.
It’s that time of year! The excitement of Black Friday carries into today – CyberMonday – the juxtaposition of the analog age and the digital age. Both days are fueled by media and retailers alike and are about shopping. And both days are heavily reliant on the things that we want, that we need and what we think others want and need. And, all of it is powered by the data about us as consumers. So, today – the day of electronic shopping – is the perfect day to provoke some deep thinking on how our digital lives impact our privacy and online security. How do we do this?
You might wonder why there is so high number of phpMyAdmin security announcements this year. This situations has two main reasons and I will comment a bit on those.
First of all we've got quite a lot of attention of people doing security reviews this year. It has all started with Mozilla SOS Fund funded audit. It has discovered few minor issues which were fixed in the 4.6.2 release. However this was really just the beginning of the story and the announcement has attracted quite some attention to us. In upcoming weeks the security@phpmyadmin.net mailbox was full of reports and we really struggled to handle such amount. Handling that amount actually lead to creating more formalized approach to handling them as we clearly were no longer able to deal with them based on email only. Anyway most work here was done by Emanuel Bronshtein, who is really looking at every piece of our code and giving useful tips to harden our code base and infrastructure.
We are witnessing a golden age of open source. Never in the history of the technology industry have we seen so many developers coding in the open, jointly working on common codebases that can be leveraged by any individual user or company.
This trend is a huge step forward, with broad benefits to both the user and vendor community. It is spurring significantly greater innovation and interoperability across solutions.
First, it’s worth noting that Apple and Google operating systems are designed for more specialized desktops and laptops. The Mac OS X is the biggest platform after Windows, but it’s exclusively for Macs. Google developed the Chrome OS for Chromebook laptops. As such, you can’t install either platform on Windows desktops and laptops with a Mac OS X or Chromebook DVD. The only way you can run Chrome OS and MacOS X on Windows PC is with virtualization software such as VirtualBox. Thus, they can’t be counted as genuine alternatives to Windows 10; but these are a few of the OS alternatives for Windows desktop and laptops.
Everyone benefits from Network Time Protocol, but the project struggles to pay its sole maintainer or fund its various initiatives
Have you ever felt that you wanted to give back to the KDE project? As the season of giving draws near there's never been a better time to support KDE and help the project continue to bring free software to millions of lives worldwide.
By participating in the end of year fundraiser, you can help us in our mission. Your donations are used to pay for transport and accomodation for developers to attend sprints as well as to support the server infrastructure required to keep the project running.
There was a C++ standards meeting recently in Issaquah, Washington and a report on it is now available with the latest on C++17 and early work around what will form C++20.
This meeting resulted in the C++17 committee draft as the first feature-complete draft of the C++17 specification.Various tweaks to the language and library were accepted at this meeting. C++17 remains on track for seeing its official spec out in 2017.
Are you of a mind to launch an open source project or are you in the process of doing so? Doing it successfully and rallying community support can be more complicated than you think, but a little up-front footwork and howework can help things go smoothly. Beyond that, some planning can also keep you out of legal trouble. Issues pertaining to licensing, distribution, support options and even branding require thinking ahead if you want your project to flourish. In this post, you'll find our newly updated collection of good, free resources to pay attention to if you're doing an open source project.
In this week's edition of our open source news roundup, we take a look at open source virtual reality, a new board for electronics testing, Fedora 25, and more.
Opendata.ch, which represents the Open Knowledge Foundation in Switzerland, has launched the Business Innovation food.opendata.ch programme, with the goal of building an open and public database on food and nutrition data. The programme is also funded by the Swiss food industry, represented by Migros – via its funding arm Engagement Migros.
So today is Thanksgiving and I am writing this from the GlobalRev studio in New York, while my wife Nikky and my daughter Valentina are in Madrid. I was supposed to be on the 10pm flight to Madrid today, but it was not meant to be. Yesterday, I got a call from the passport office that my passport application is going through “administrative processing” and will be delayed in issuance.
A day earlier, when i was submitting paperwork for a same day passport renewal, they canceled my existing passport, so now i don’t have a passport to be able to travel. I have been given no indication as to how long this “administrative processing” can take.
[...]
This culminated yesterday when i got that call from the passport office. I was having lunch with a friend in Union square when the call came in. The gentleman on the other side of the phone first verified my identity and then informed me that I will not be able to fly to Spain today because my passport is being held up for “administrative processing” and he has no information on when that will be done, but assured me he will call me whenever that happens.
THE EUROPEAN COMMISSION (EC) was struck by a large-scale distributed denial of service (DDoS) attack on Thursday, bringing down its internet access for hours.
The EC confirmed the attack to Politico, saying that while it did fall victim to a DDoS attack, no data breached was experienced.
"No data breach has occurred," a Commission spokesperson said. "The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time."
The sensors incorporated into wearables can sometimes be repurposed to perform tasks beyond their intended applications. For example, it's been shown that it's possible to discover a victim user’s passwords and PINs by applying a sophisticated algorithm to the data gathered by wearable embedded sensors.
Recently, researchers at the Future Interfaces Group at Carnegie Mellon University have overclocked the accelerometer of an LG smartwatch to extend its capabilities to more than just tracking fitness. By overclocking the off-the-shelf smartwatch via some software updates, they can now detect and process very small vibrations and audio signals.
The new technology, dubbed ViBand, can allow different apps to understand the context of your activities by capturing bio-acoustic signals.
A few days ago there was a story about how to steal a Tesla by installing malware on the owner's phone. If you look at the big picture view of this problem it's not all that bad, but our security brains want to make a huge deal out of this. Now I'm not saying that Tesla shouldn't fix this problem, especially since it's going to be a trivial fix. What we want to think about is how all these working parts have to fit together. This is something we're not very good at in the security universe; there can be one single horrible problem, but when we paint the full picture, it's not what it seems.
A software engineer setting up a secure Red Hat Enterprise Linux virtual machine in the cloud discovered a serious configuration flaw that could be exploited to upload arbitrary software packages to Microsoft Azure update infrastructure.
Ian Duffy found Microsoft had configured the Red Hat Update Appliance used for Azure in such a way that an attacker could easily get access to the content delivery servers and upload packages that client virtual machines would acquire when updating.
Duffy was able to bypass the username and password authentication on the content delivery server by running a log file collector application. Once completed, the log file collector provided a link to a downloadable compressed archive.
In my previous blog post Azure bug bounty Pwning Red Hat Enterprise Linux I detailed how it was possible to get administrative access to the Red Hat Update Infrastructure consumed by Red Hat Enterprise Linux virtual machines booted from the Microsoft Azure Marketplace image. In theory, if exploited one could have gained root access to all virtual machines consuming the repositories by releasing an updated version of a common package and waiting for virtual machines to execute yum update.
If you have Linux servers that depend upon encryption, you owe it to yourself to beef up the system entropy. Here's how to do so with haveged.
Though short of Mr Torvalds' aim of world domination, FutureVault, Inc., has set the ambitious goal to "change the way business is done" with its FutureVault digital collaborative vault application. Described by its developer as "at the epicenter of a brand new disruptive category in the financial services world", FutureVault allows users to deposit, store and manage important financial, legal and personal documents digitally by means of a white-label, cloud-based, SaaS platform.
A VULNERABILITY in Microsoft's Azure cloud platform could have been exploited by an attacker to gain admin rights to instances of Red Hat Enterprise Linux (RHEL) and storage accounts hosted on Azure.
Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances.
Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS.
From there Duffy found a package labelled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host.
Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances.
Deutsche Telekom (DTEGY) , Europe's largest, said it could have been a victim of a cyber attack as 900,000 fixed-line customers face a second consecutive day of outages.
The Bonn, Germany-based company, which has 20 million fixed network customers, said 900,000 customers with specific routers have faced temporary problems and marked fluctuations in quality, with some also receiving no service at all. It added that the problems have occurred in a wide region, not in a specific area.
It seems that on Friday, right in the midst of busy Thanksgiving weekend holiday traffic, the San Francisco Municipal Transportation Agency or Muni, was hit by hackers, forcing the system to offer Saturday free rides on the system’s light rail trains. The breach was apparently a ransomware attack, with the hackers demanding 100 Bitcoin, or approximately $73,000, to unencrypt the system.
It all began when the words “You Hacked, ALL Data Encrypted” appeared on Muni agents’ screens. It’s not known whether Muni paid the ransom, although that’s considered unlikely. Operations of the system’s vehicles were not affected.
A deluge of 1979 U.S. diplomatic cables released by WikiLeaks on Monday illustrate how intensely the partial meltdown at Three Mile Island grabbed the world's attention and thrust the future of nuclear energy into question.
Included in those communications are a series involving initial estimates of the human and environmental risks, as well as the response from world leaders to the unfolding crisis at the plant outside Harrisburg.
In a cable sent from the U.S. Embassy in Brussels to Dublin, Ireland's days after the March 28 incident, mounting interest from European officials is evident. All cables are unedited, but in some cases they've been clarified.
"Mrs. Aston, along with several other officials concerned with nuclear power situations in the ec [European Community], called DOE [U.S. Department of Energy] representative at usec brussels early this morning to request all available information on the subject incident."
Top OPEC oil exporter Saudi Arabia has told the producer group it will not attend scheduled talks in Vienna on Monday with non-OPEC oil producers, OPEC sources said on Friday.
State wildlife regulators say another deer in southern Michigan may have been found with chronic wasting disease.
The Department of Natural Resources says a hunter shot the 1€½-year-old buck last week in Clinton County’s Eagle Township and took it to a check station.
In what is said to be one of the greatest environmental disasters of the 21st century, vast parts of Indonesia are currently on fire, burning from forest fires due to a whole range of sub-standard environmental policies.
Due to deforestation, the land is sparse, as canals have dried up and the rain forest is set on fire to be cleared for the building of plantations. Palm oil is one of the main reasons for the clearing of the rain forests.
Outgoing Economic Affairs Minister Olli Rehn has come out in defence of Prime Minister Juha Sipilä following reports that an engineering company owned by the PM’s relatives won a lucrative contract from the taxpayer-funded Terrafame mine in eastern Finland. Rehn said he is "absolutely sure" that Sipilä had no knowledge that the company owned by his uncles and cousins had won a half-a-million-euro order from the former Talvivaara mine.
Members of the Electoral College should not make Donald Trump the next president unless he sells his companies and puts the proceeds in a blind trust, according to the top ethics lawyers for the last two presidents.
Richard Painter, Chief Ethics Counsel for George W. Bush, and Norman Eisen, Chief Ethics Counsel for Barack Obama, believe that if Trump continues to retain ownership over his sprawling business interests by the time the electors meet on December 19, they should reject Trump.
In an email to ThinkProgress, Eisen explained that “the founders did not want any foreign payments to the president. Period.” This principle is enshrined in Article 1, Section 9 of the Constitution, which bars office holders from accepting “any present, emolument, office, or title, of any kind whatever, from any king, prince, or foreign state.”
Recounts provide a peaceful dispute mechanism to help ensure that elections will be free and fair and equal to all. But the mere act of having a recount is not what helps elections be free and fair. The recount must be accountable to the public and fully transparent.
A recount doesn’t need a smoking gun, and never needs to be apologized for. Done correctly, recounts add validity to elections.
There is a great deal at stake in any recount. Observers should not make assumptions that every recount is honest, or that every statement made by public officials is true. The purpose of observation is authentication, and this responsibility should be taken seriously.
No, despite what you read, CNN did not run porn for 30 minutes last night, as was reported by Fox News, the New York Post,Variety and other news organizations, several of which later corrected their stories.
Republican President-elect Donald Trump has described an impending recount of votes in Wisconsin as a "scam".
Mr Trump, who narrowly won the state, said the results "should be respected instead of being challenged or abused".
Green Party candidate Jill Stein had initiated the recount. She also wants recounts in Michigan and Pennsylvania, citing "statistical anomalies".
Democratic candidate Hillary Clinton's campaign has said it would participate in Wisconsin's recount.
Results would need to be overturned in all three states to alter the outcome of the 8 November presidential election.
President-elect Donald Trump blasted Green Party presidential nominee Jill Stein on Saturday for pushing for a recount in several states, calling her efforts a "scam."
"This is a scam by the Green Party for an election that has already been conceded, and the results of this election should be respected instead of being challenged and abused, which is exactly what Jill Stein is doing," Trump said in a statement.
Citing concerns that voting systems have been compromised, Stein filed for a recount in Wisconsin on Friday afternoon, and has been fundraising off her vow to do the same in Pennsylvania and Michigan — all states in which Trump won or is leading.
Donald Trump has blasted the recount effort launched last week by the Green Party in Wisconsin which on Saturday attracted the formal support also of Hillary Clinton.
From his Palm Beach retreat in Florida, Mr Trump issued a lengthy rebuke of the initiative calling it “ridiculous” and a “scam” that had been launched purely to benefit the Green Party’s nominee, Jill Stein, and “fill her coffers with money”.
So far Ms Stein has raised close to $6 million through crowdfunding to pay to petition for recounts of the election results in three states. The request for a recount was submitted to the election authorities in Wisconsin on Friday. If she reaches her goal of raising $7 million in total she will be able to make similar filings to Pennsylvania and Michigan next week.
As a result of a federal judge in Rhode Island taking a second look at an order he hastily granted earlier, Paul Alan Levy of Public Citizen has been able to confirm Richart Ruddie -- the head of an extremely-sketchy reputation management company -- signed off on the forged and fraudulent documents delivered to the court. The documents -- a bogus lawsuit featuring the forged signatures of both the plaintiff and the defendant -- are apparently just part of Profile Defenders' reputation management work.
Nice work if you can get [away with] it. File a bogus lawsuit. "Locate" a bogus defendant. Produce a signed admission of guilt and ask the judge to order search engines to delist the offending content. Cash checks. Repeat until caught.
Richart Ruddie has been caught.
So: Clinton lost because Russia wanted Trump to win because Trump will favor Russia so Russia created fake news which influenced over 62 million Americans to overlook Trump’s flaws and vote for him. Got it.
Proof? Stuff on Facebook. Main source of that proof? A group of unknown origin, financing, and makeup (“an independent team of concerned American citizens”) called PropOrNot, i.e., propaganda or not. The group also “strongly suspects that some of the individuals involved have violated the Espionage Act, the Foreign Agent Registration Act, and other related laws.”
Terrified of Donald Trump gaining access to the world’s most powerful spy apparatus, a growing coalition of civil liberties activists, companies, and individuals are calling for President Obama to enact emergency NSA reforms before leaving office.
Many take cues from former National Security Agency systems analyst Edward Snowden, who, after stealing a cache of documents to give to the press in 2013, warned of a surveillance apparatus so powerful it would enable “turnkey tyranny” if inherited by a president inclined to abuse it.
And more than any major party candidate in recent memory, Trump has shaken opponents with outright promises to abuse executive power, like proposing to register all American Muslims in a database and spy on them without a warrant. He has a history of wanting to spy, too: A number of sources have previously claimed Trump would listen in on his guests’ phone calls at his Mar-A-Largo resort.
The Intercept has published a fascinating, and eerie, investigation into the iconic Brutalist tower at 33 Thomas Street in Manhattan. Built to withstand a nuclear bomb, the modern fortress has no windows.
Last week, the government’s Digital Economy Bill hit the news because of a proposed ban on pornographic websites that didn’t comply with its planned age verification rules. The news was just the right amount of shocking and yes, sexy, to grab the nation’s attention, but in the meantime other parts of the Bill remained unscrutinised. A distinctly un-sexy aspect of the Bill – Part 5, “Digital Government” – aims to completely revolutionise the way your personal data is shared.
In essence, Part 5 allows the government to digitise your data and bulk-share it without informing you or asking for your permission. This data includes your birth, death, and marriage certificates, as well as information on your taxes, court appearances, benefits, student loans, and even parking tickets. If the Bill passes, your information will be shared with local councils, charities, and even businesses – initially, gas and electricity companies.
More than 100,000 people have asked Parliament to repeal new spying laws, forcing MPs to consider debating them. But they are likely to block any further discussion of the hugely controversial bill.
A petition focusing the Investigatory Powers Bill criticises the new surveillance laws, arguing that they allow authorities “unprecedented levels of power” and that they must be revoked. It had received 120,000 signatures at the time of publication, meaning that Parliament must consider it for debate.
Public administrations increasingly use location data to deliver public services such as location-enabled tools, apps for tourists, toll collection services or cadastral web applications. Location data such as addresses, GPS coordinates or camera images is key to many public services and can also be linked to all sorts of other data, generating new information that was not available before. Despite the increase consumption of location data, its potential to reveal personal information is often underestimated, especially in comparison to other sensitive data, for instance in the financial and health domains.
In the Dakota language, the word “oahe” signifies “a place to stand on.”
And that’s what the Standing Rock Sioux and its allies in the environmental and activist movements say they are doing: using Lake Oahe in North Dakota as a place to take a stand by setting up camps and obstructing roads to block the controversial $3.7 billion Dakota Access pipeline.
Their confrontations with police — who have responded with water cannons, pepper spray and rubber bullets — have steered attention to the 1,170-mile-long oil pipeline project and its owner, Energy Transfer Partners. But the real source of Native Americans’ grievance stretches back more than a century, to the original government incursions on their tribal lands. And those earlier disputes over their rights to the land, like the one over the Dakota Access pipeline, pitted the tribes against a persistent force, the Army Corps of Engineers.
Unicorn Riot is a media collective that formed in response to the lack of media coverage of the Occupy Wall Street movement and the Tar Sands Blockade; their news comes direct from the front lines of some of the most significant and under-reported conflicts in the world, in the form of unedited livestreams from the conflict zone, and edited highlight reels after the fact.
Unicorn Riot's reporters are among the most targeted by Morton County Sheriff's Deputies -- the same law enforcement officers whom Unicorn Riot have outed for the sadistic use of water-canons in subzero temperatures and of firing tear gas cannisters directly into the protesters' crowds, activities the deputies lied about when they denied doing either.
The Morton County cops say that because Unicorn Riot has a point of view, they are protesters, not reporters (this is the same argument they used when they fabricated charges against Democracy Now's Amy Goodman in October). This is wrong on its face: protesting is a thing you do, not a thing you believe. As Unicorn Riot's Lorenzo Serna says, "I'm not participating. I'm not building the barricade. I'm not pushing off against the police. I’m not going to pray at the water ceremony. I'm literally there observing."
Discriminatory policing against journalists based on their political beliefs raises significant First Amendment questions, and they will only get more grave: the rise of crowdfunded, independent media; the decline of commercial, traditional news organizations; the practice of blacking out coverage of significant protests; and the coming, press-hostile, human-rights-hostile Trump years will put police and journalists into more conflict than ever.
Politicians' argument that Shariah laws do not affect non-Muslims is disproved by existing interfaith custody battles, the Sisters in Islam group said today when urging the rejection of a Bill to enhance Shariah punishments.
Citing the cases of M. Indira Gandhi and S. Deepa who both underwent high-profile custody battles with Muslim convert ex-spouses, SIS said this was just one of many reasons not to “bulldoze” through PAS president Datuk Seri Abdul Hadi Awang's private member's Bill.
“While proponents of RUU355 insist that the Bill will not affect non-Muslims, reality shows that existing syariah laws are already impacting non-Muslims in Malaysia,” the group said.
At around 7pm on Friday evening a 20-year-old man was shot in BiskopsgÃÂ¥rden, a district of Gothenburg long plagued by gang violence. Then at 2am on Saturday morning, a man in his mid-to-late 30s was shot inside a club in Norra Grängesbergsgatan, a Malmö street known for its illegal nightclubs.
Amendments to Thailand’s controversial Computer Crime Act were debated in parliament this week, with rights groups expressing concerns that the law will bolster government efforts to restrict online freedoms and spy on users.
The 2007 legislation was originally created to stop spam, identity fraud, hacking and other computer-related offenses.
However, there are fears the military junta will use these new amendments to help in its bid to suppress dissent in the country, which it often does by using the ancient lese-majeste law forbidding criticism of the Royal Family.
The proposed amendments, seen by Reuters, include articles 18 and 19 which say the authorities can grab user and traffic data from service providers without court approval, as well as demand computer devices from users.
Article 20, meanwhile, apparently states that any website deemed to threaten national security or "offend people's good morals" can be removed or suspended.
A seminar was organised by the World Intellectual Property Organization to provide a discussion platform on the eve of this week’s meeting on the protection of traditional knowledge, and as a way for countries to share systems of protection. Panellists presented views on possible graduated protection for different sorts of traditional knowledge.
The European Union Council of member states today agreed on draft regulations to prevent blocking of cross-border e-commerce, but appears to retain copyright restrictions.
“Geo-blocking is a discriminatory practice that prevents online customers from accessing and purchasing products or services from a website based in another member state,” the Council explained in a press release. The draft regulation will form the common position to start negotiations with the European Parliament and Commission, it said.
This Kat was very excited when she heard about "Copyright Beyond Law: Regulating Creativity in the Graffiti Subculture" by Mart Iljadica with Bloomsbury Press. The perfect opportunity to top up her hipster street art card with some proper knowledge.
The book begins with a notice that there are no images contained within the text, precisely because the author argues that graffiti is copyright protected. Iljadica invites readers to explore street art on their own (N.B. For London-based IPKat readers, I highly recommend the Alternative London walking tours near Liverpool St.) The book's focus is instead on the creative process of graffiti making.
Last month the Court of Justice of the European Union (CJEU) issued its decision in Microsoft, a reference for a preliminary ruling from Latvia concerning the principle of digital exhaustion as applied to computer programmes.
Million of people use Kodi as their main source of entertainment, often with help from add-ons that allow them to access pirated movies and TV-shows. While these tools are a blessing for many, the streaming cyberlockers that provide the videos see the add-ons as a major threat to their business.
A lawsuit that accuses Cloudflare of providing services to alleged 'pirate' sites has been expanded. In an amended complaint, adult outfit ALS Scan now seeks to hold hosting providers OVH and Steadfast Networks liable for infringement, alongside operators and affiliates of several image hosting sites.