Bonum Certa Men Certa

Links 14/5/2017: Linux 4.12 RC1 and KDE Frameworks 5.34.0





GNOME bluefish

Contents





GNU/Linux



Free Software/Open Source



  • Insomnia Is Now Open Source
    Today, I’m happy to announce that the Insomnia desktop app is now open source software under the GPLv3 license! The source code is hosted on GitHub for your viewing pleasure.


  • Bookmarks for Nextcloud 0.10.0 released
    I am happy to announce the availability of Bookmarks for Nextcloud 0.10.0! Bookmarks is a simple way to manage the remarkable websites and pages you come across on the Internet. Bookmarks 0.10.0 provides API methods to create, read, update and delete your bookmarks as well as compatibility with upcoming Nextcloud 12, next to smaller improvements and fixes.


  • Coreboot Ported To Another Core 2 Era Motherboard: G41C-GS
    If you happen to have an ASRock G41C-GS still in use or tucked away in your closet, this older motherboard for Intel Core 2 CPUs now has support for Coreboot to free the proprietary BIOS of the motherboard. Or if you don't but still have other parts available, this motherboard is still available from a few online shops.


  • Events



  • Web Browsers



    • Mozilla



      • Firefox 57: new Photon design screenshots
        The following article gives you a glimpse of the upcoming Photon design of the Firefox web browser which will come out later this year.

        Mozilla plans to make Firefox 57 a milestone release. It is the version of Firefox in which the cut is made that leaves legacy add-ons behind, and also the Firefox version that will feature a design update.

        This design update is called Photon, and we talked about this previously already here on Ghacks Technology News.


      • Firefox vs Chrome & Other Browsers
        Not too many years ago, Firefox was king of the jungle. Sadly, this is no longer the case. Is Chrome the browser to beat in 2017 on the Linux desktop? Can Firefox or other alternatives possibly make a dent in Chrome’s reign? I examine this matter closely.


      • Firefox vs Chrome & Other Browsers | Feedback Hangouts Video






  • Databases



  • OnlyOffice/LibreOffice



  • BSD



    • pfSense 2.5 and AES-NI
      We’re starting the process toward pfSense software release 2.3.4. pfSense software release 2.4 is close as well, and will bring a number of improvements: UEFI, translations to at least five lanuguages, ZFS, FreeBSD 11 base, new login page, OpenVPN 2.4 and more. pfSense version 2.4 requires a 64-bit Intel or AMD CPU, and nanobsd images are no longer a part of pfSense as of version 2.4.




  • FSF/FSFE/GNU/SFLC



  • Licensing/Legal



    • Machine learning for lawyers


      Machine learning is a technique that has taken the computing world by storm over the last few years. As Luis Villa discussed in his 2017 Free Software Legal and Licensing Workshop (LLW) talk, there are legal implications that need to be considered, especially with regard to the data sets that are used by machine-learning systems. The talk, which was not under the Chatham House Rule default for the workshop, also provided a simplified introduction to machine learning geared toward a legal audience.




  • Openness/Sharing/Collaboration



    • Open Hardware/Modding



      • Hackaday Prize Entry: Open Source Electrospinning
        Electrospinning is the process of dispensing a polymer solution from a nozzle, then applying a very high voltage potential between the nozzle and a collector screen. The result is a very, very fine fiber that is stretched and elongated down to nanometers. Why would anyone want this? These fibers make great filters because of their large surface area. Electrospinning has been cited as an enabling technology for the future of textiles. The reality, though, is that no one really knows how electrospinning is going to become a standard industrial process because it’s so rare. Not many labs are researching electrospinning, to say nothing of industry.






  • Programming/Development



    • Oracle crushed in defeat as Java world votes 'No' to modular overhaul
      The database goliath has lost a Java Community public-review ballot by 13 to 10 that was to have approved its Java Platform Module System (JPMS) specification as a final draft. Executive Committee members ignored dire warnings from Oracle spec lead Mark Reinhold in an open letter where he claimed that a “no” vote would not only delay Java 9 but also be a “vote against the Java Community Process itself”.

      The JSR, number 376, needed a two-thirds majority to pass.

      In that bluntly worded letter, Oracle’s Java platform chief also chastised IBM and Red Hat for suggesting that they might vote against JPMS.






Leftovers



  • Science



    • Toddlers’ screen time linked to speech delays and lost sleep, but questions remain

      It turns out that about 1 in 5 of the toddlers used handheld screens, and those kids had an average daily usage of about a half hour. Handheld screen time was associated with potential delays in expressive language, the team found. For every half hour of mobile media use, a child’s risk of language delay increased by about 50 percent.





  • Health/Nutrition



  • Security



    • Major cyber attack hits companies, hospitals, schools worldwide

      Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.



    • Massive cyberattack hits several hospitals across England


    • Rejection Letter
      We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)


    • SambaXP 2017: John Hixson’s Reflection
      The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.


    • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack


    • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

      Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?



    • Current wave of ransomware not written by ordinary criminals, but by the NSA

      The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.



    • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"
      A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).


    • DDOS attacks in Q1 2017
      In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

      The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.


    • Applied Physical Attacks and Hardware Pentesting
      This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.


    • Intel's zero-day problem


    • Reverse-engineering the Intel Management Engine’s ROMP module
      Last month, while I was waiting for hardware to arrive and undergo troubleshooting, I had some spare time to begin some Intel ME reverse engineering work.

      First, I need to give some shout out to Igor Skochinsky, a Hex-Rays developer, who had been working on reverse engineering the Intel ME for a while, and who has been very generous in sharing his notes and research on the ME with us, which is going to be a huge help and cut down months of reverse engineering and guesswork. Igor was very helpful in getting me to understand the bits that didn’t make sense to me.
    • Intel AMT on wireless networks
      More details about Intel's AMT vulnerablity have been released - it's about the worst case scenario, in that it's a total authentication bypass that appears to exist independent of whether the AMT is being used in Small Business or Enterprise modes (more background in my previous post here). One thing I claimed was that even though this was pretty bad it probably wasn't super bad, since Shodan indicated that there were only a small number of thousand machines on the public internet and accessible via AMT. Most deployments were probably behind corporate firewalls, which meant that it was plausibly a vector for spreading within a company but probably wasn't a likely initial vector.

      [...]

      Case 2 is the scary one. If you have a laptop that supports AMT, and if AMT has been provisioned, and if AMT has had wireless support turned on, and if you're running Windows, then connecting your laptop to a public wireless network means that AMT is accessible to anyone else on that network[1]. If it hasn't received a firmware update, they'll be able to do so without needing any valid credentials.


    • Intel declared war on general purpose computing and lost, so now all our computers are broken
      It's been a year since we warned that Intel's Management Engine -- a separate computer within your own computer, intended to verify and supervise the main system -- presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next?

      For the past week, the IT press has been full of news about the AMT module in the Management Engine making millions of systems vulnerable to local and remote attacks, with a firmware update to disable the module as the only really comprehensive solution. But AMT is only one of the many components of ME, and every one of them could have a vulnerability as grave as this one -- and Intel is not offering any way to turn off ME altogether, meaning that there's a lot of this in our future.

      ME is a brilliant example of why declaring war on general-purpose computing is a terrible idea. There are lots of reasons to want a computer that can only run some programs (instead of every program): preventing poisoned operating systems and other malware, preventing game cheating, enforcing copyright restrictions (DRM), etc... Every one of them is presented as a use-case for ME.


    • OSS-Fuzz: Five months later, and rewarding projects


    • USN-3285-1: LightDM vulnerability


    • generic kde LPE


    • QSB #30: Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)


    • Europe is living under Microsoft’s digital killswitch
      All across Europe, from Finland to Portugal, Ireland to Greece, governments rely on Microsoft software. As their digital systems grow in size and importance, countries are becoming increasingly dependent on this single American corporation. But what consequences does this “lock-in” have? What risks does it pose for the security of European data? And what can governments do to counter it?

      It’s estimated that Microsoft makes around two billion euros in Europe every year, just from its business with the public sector. In 2012 the European Commission released a report that stated that 1.1 billion euros were unnecessarily lost by the European public sector due to being locked-in in business with IT system providers.




  • Defence/Aggression





  • Finance



    • Kevin McKenna: Giving huge IT deal to foreign firm is a betrayal of Scotland [Ed: Microsoft...]

      CGI was at the centre of the massive IT catastrophe which left around 20,000 farmers without their farm subsidy payments, driving many to the edge of ruin. Audit Scotland, which produced a report into the shambles, warned that the incomplete €£178m system, designed to process common agricultural policy payments of €£688m a year, was at risk of running out of money before it had met the European Commission deadline.



    • The Windows Store is looking a lot like the future of Windows

      Oh, and there are some big benefits for Microsoft if it can pull this off, too, given that the company gets a nice 30 percent cut of app purchases.





  • AstroTurf/Lobbying/Politics



  • Censorship/Free Speech



  • Privacy/Surveillance



    • This Is the Secret Court Order That Forced the NSA to Delete the Data It Collected About You
      A newly released court opinion from the secretive Foreign Intelligence Surveillance Court (FISC) shows that for years the NSA improperly and perhaps illegally surveilled Americans. The court order triggered the surprise announcement two weeks ago that the agency would be severely scaling back its domestic surveillance and destroying previously collected data on Americans.
    • Their View: NSA stops one abuse, but many remain
      The National Security Agency has decided to halt a controversial surveillance program, but this was just the tip of an iceberg of government abuses of privacy and due process.


    • Report: NSA Analysts Frequently Broke Rules on Intelligence Collection
      When searching intelligence data, analysts from the National Security Agency failed to follow the rules “with much greater frequency” than was previously disclosed, documents published by the Office of the Director of National Intelligence show.

      The secretive Foreign Intelligence Surveillance Court accused the NSA of a “lack of candor” when reporting those failures, which are a serious concern for the Fourth Amendment.

      During a preliminary review of just a few months in 2015, analysts running searches on emails and other digital communications vacuumed up from undersea internet cables frequently violated Americans’ privacy—albeit unintentionally.


    • Met Police use of Indian hackers probed by watchdog

      Undercover counter-extremism officers used hackers in India to access the emails of journalists and environmental activists, it has been claimed.



    • How to escape the online spies [iophk: "block Facebook at the firewall"]

      And that’s just the start of it. Experts warn that, in the future, your online activity could be taken into consideration when you apply for a loan – or for a job.



    • Young children unconcerned about digital tracking by strangers [iophk: "*cough*facebook*cough*"]

      In contrast, the children did not express such negativity, overall. The youngest children (4-7 years) were positive about someone tracking others' possessions. In fact, children were more negative about someone merely placing a mobile GPS device on an object and not tracking it than about someone placing the device in order to track the object, Gelman said.



    • NHS cyber attack: Edward Snowden says NSA should have prevented cyber attack
      Edward Snowden has blamed the National Security Council for not preventing a cyber attack which infiltrated the computer systems of organisations in 74 countries around the world.

      In a tweet, the National Security Council (NSA) whistleblower said: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.”




  • Civil Rights/Policing



    • [Old] Raif Badawi

      First detained on apostasy charges in 2008, Mr. Badawi was released after a day of questioning. He was arrested on June 17, 2012, on a charge of insulting Islam through electronic channels and brought to court on several charges including apostasy, a conviction which carries an automatic death sentence. Human Rights Watch stated that Badawi's website had hosted material criticizing "senior religious figures." Mr. Badawi had also suggested that Imam Muhammad ibn Saud Islamic University had become "a den for terrorists."



    • ‘We’ll not be safe with Indonesia,’ says West Papua’s Benny Wenda

      In its rush to claim former Dutch colonies in the Asia-Pacific region following West Papua’s self-declared independence from the Netherlands in late 1961, Indonesia has subjected West Papua to continued human rights violations.



      [...]

      With foreign media all but denied access to West Papua – despite apparent lifting of restrictions by President Joko Widodo in 2015 – much of Indonesia’s atrocities remain secret, hidden.



    • How one obscure court case could decide the future of internet business

      In August, the U.S. Court of Appeals for the 9th Circuit dealt the Federal Trade Commission a major blow by calling into question one of the consumer protection agency's most important powers. The court said the FTC should be banned from regulating a company if even a small part of that firm's business is regulated by the Federal Communications Commission as a telecom service, otherwise known as a "common carrier."





  • DRM



    • Anti-DRM artists march on the World Wide Web Consortium today
      Today, activists will gather in Cambridge, Mass to march to the offices of W3C Director Tim Berners-Lee to urge him to keep DRM out of the standards for the open web.

      The controversial project to standardize DRM for streaming video on the web started in 2013 and culminated last month with a poll by W3C members whose results are confidential (though the W3C has chosen to publish the outcomes of previous polls and may yet do so for this one).

      Many of the members who voted in that poll endorsed a compromise advanced by the EFF: to go ahead with DRM, but only if members sign an amendment to the current membership agreement, promising not to use DRM laws to attack people engaged in legitimate activity like adapting the standard for people with disabilities, investigating security and privacy defects, and adding lawful features to video tools.




  • Intellectual Monopolies



    • Copyrights



      • The rise of copyright trolls
        At the 2017 Free Software Legal and Licensing Workshop (LLW), which was held April 26-28 in Barcelona, Spain, more information about the GPL enforcement efforts by Patrick McHardy emerged. The workshop is organized by the Free Software Foundation Europe (FSFE) and its legal network. A panel discussion on the final day of the workshop discussed McHardy's methodology and outlined why those efforts are actually far from the worst-case scenario of a copyright troll. While the Q&A portion of the discussion was under Chatham House Rule (which was the default for the workshop), the discussion between the three participants was not—it provided much more detail about McHardy's efforts, and copyright trolling in general, than has been previously available publicly.


      • ISP Bombarded With 82,000+ Demands to Reveal Alleged Pirates

        Scandinavian telecoms operator Telia has revealed how rightsholders are bombarding the company with demands to identify alleged pirates. During the past year alone, Telia has been ordered to hand over personal details relating to more than 82,000 IP addresses, a large proportion of which will go to known copyright trolls.



      • How Amanda Palmer gave the music industry the finger with crowdfunding

        “I’ve had to continually re-educate myself that this isn’t about selling music. It’s about making music.”



      • Anglophiles: Hang up your VPN; iPlayer isn’t for you anymore

        BBC collects IP address, location, e-mail address in fight against online cheats.



      • Texas Court Orders Temporary ‘Pre-Piracy’ Shutdown of Sports Streaming Sites

        A Federal Court in Texas has issued a broad preliminary injunction ordering several Internet services to disconnect a list of pirate sports streaming domains. While domain name seizures are not an entirely new phenomenon in the US, this order targets "anticipated" infringements and only applies temporarily. It ends after the Indian Premier League cricket tournament.









Recent Techrights' Posts

Representing and Speaking for Animals
If I ever choose to take this matter to tribunal with animals-centric NGOs on my side, it'll get some press coverage for sure
Slopwatch: Fake Articles About "Linux", Slop Images in VentureBeat, Linux Foundation Spam Made With LLM Slop and Slop Images
The only relief or upside - if any exists - is that the pace of slop was down a bit this week
 
Financiers and Sponsors of the Slop Hype (Pyramid Scheme Waiting to End, Bubble That Will Inevitably Implode)
It's also burning the planet
Slopwatch: Fake Articles About "Linux", Google Helps Ponzi Schemes and Slopfarms in Google News
Slopfarms are a real pain
Gemini Links 29/08/2025: Retiring at 62 and URL Filtering HTTP(S) Proxy on Qubes OS
Links for the day
Links 29/08/2025: Lisa Cook Sues Convicted Felon and Backdoor Mandate in UK Resisted
Links for the day
Links 29/08/2025: Arti 1.5.0, War on Public Health (CDC), and Slop 'Bros' Made to Pay for Their Mass Plagiarism
Links for the day
No, 4Chan is Not Fighting for You by Lawyering Up Against Ofcom (UK)
Don't mistake proto-fascists for people who "fight for you". They don't.
Downlplaying the Impact of "UEFI 9/11" is a Losing Strategy
we won't publish much whilst on holiday
In Many Places in the World Vista 11 "Market Share" is Going Down, Not Up
In some countries Windows is already down to third place or lower
More Microsoft-Connected Layoffs, at Least Third Time This Month! (Also Another Death on Campus)
Microsoft as a "gaming" company is where studios, projects, games, and even developers come to die
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, August 28, 2025
IRC logs for Thursday, August 28, 2025
Gemini Links 29/08/2025: Poems, Games, and Java 25 Performance
Links for the day
Links 28/08/2025: Greenland 'Interferences' by US and Skinnerboxes to Get Banned in Korean Schools
Links for the day
Richard Stallman (RMS) Talk in Ethereum Cypherpunk Congress Will be Remote
This past week RMS received lots of accolades online
The Register MS (Run by Microsoft Operatives): Free Software is Putin, Hence Evil and Dangerous
The current editor in chief is an American Microsofter, the previous one went to work for Google (US)
Links 28/08/2025: Chatbots Distorting/Fabricating History and Also Driving Suicide
Links for the day
Gemini Links 28/08/2025: Back in Japan and Why "Hacker News" Sucks
Links for the day
A Much-Needed Wake-up Call to Users of Wordpress.com, Blogspot, Substack and All Those Other Outsourced (and Centralised) Platforms
There are several lessons in there
The UEFI 9/11 - Part II - Campaign of Censorship and Defamation Against Critics
In dictatorships, humour serves an important role. It's tragic.
Open Source Initiative (OSI) Resists Software Freedom, Even by Attacking Its Own
The OSI is compromised
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, August 27, 2025
IRC logs for Wednesday, August 27, 2025
Slopwatch: linuxsecurity.com, Slopfarms in Google News, and More
Some readers of ours end up sending us links that are from slopfarms, not realising those are slopfarms
Gemini Links 27/08/2025: Katrina Memories and Google Versus Software Freedom
Links for the day
Links 27/08/2025: Police Against Media Freedom in the UK, Energy-Hungry Countries Targeted by China
Links for the day
Microsoft Windows Fell to All-Time Lows in Egypt This Summer, Vista 11 Adoption Decreases While GNU/Linux Increases
Vista 11 is going down rather than up
Links 27/08/2025: Microsoft Demoralises Staff With Slop Demands, Leaving Mastodon Explained
Links for the day
12 Hours Ago The Register MS Published a Fake (Paid-for) Article, But This One for a Change Did Not Promote a Ponzi Scheme
There are also Free software alternatives, but they don't pay The Register MS for "synthetic" so-called 'journalism'
More People Need to Call Out and Put a Stop to Serial Sloppers
Unless slopfarms are stopped, people will read and share Microsoft propaganda made by chatbots
Gemini Links 27/08/2025: Headphones and Tartarus
Links for the day
Morale at Microsoft is Terrible (Proprietary Plagiarism Machines Have No Future, LLM Slop is a Bubble)
The slop sceptics/critics are going to have lots of "told you so" moments
GNOME "governance issues, staff reduction, etc." amidst Albanian whistleblowing and women trafficking
Notice the connection to Software Freedom Conservancy (SFC) and GNOME
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, August 26, 2025
IRC logs for Tuesday, August 26, 2025