Bonum Certa Men Certa

Links 14/5/2017: Linux 4.12 RC1 and KDE Frameworks 5.34.0





GNOME bluefish

Contents





GNU/Linux



Free Software/Open Source



  • Insomnia Is Now Open Source
    Today, I’m happy to announce that the Insomnia desktop app is now open source software under the GPLv3 license! The source code is hosted on GitHub for your viewing pleasure.


  • Bookmarks for Nextcloud 0.10.0 released
    I am happy to announce the availability of Bookmarks for Nextcloud 0.10.0! Bookmarks is a simple way to manage the remarkable websites and pages you come across on the Internet. Bookmarks 0.10.0 provides API methods to create, read, update and delete your bookmarks as well as compatibility with upcoming Nextcloud 12, next to smaller improvements and fixes.


  • Coreboot Ported To Another Core 2 Era Motherboard: G41C-GS
    If you happen to have an ASRock G41C-GS still in use or tucked away in your closet, this older motherboard for Intel Core 2 CPUs now has support for Coreboot to free the proprietary BIOS of the motherboard. Or if you don't but still have other parts available, this motherboard is still available from a few online shops.


  • Events



  • Web Browsers



    • Mozilla



      • Firefox 57: new Photon design screenshots
        The following article gives you a glimpse of the upcoming Photon design of the Firefox web browser which will come out later this year.

        Mozilla plans to make Firefox 57 a milestone release. It is the version of Firefox in which the cut is made that leaves legacy add-ons behind, and also the Firefox version that will feature a design update.

        This design update is called Photon, and we talked about this previously already here on Ghacks Technology News.


      • Firefox vs Chrome & Other Browsers
        Not too many years ago, Firefox was king of the jungle. Sadly, this is no longer the case. Is Chrome the browser to beat in 2017 on the Linux desktop? Can Firefox or other alternatives possibly make a dent in Chrome’s reign? I examine this matter closely.


      • Firefox vs Chrome & Other Browsers | Feedback Hangouts Video






  • Databases



  • OnlyOffice/LibreOffice



  • BSD



    • pfSense 2.5 and AES-NI
      We’re starting the process toward pfSense software release 2.3.4. pfSense software release 2.4 is close as well, and will bring a number of improvements: UEFI, translations to at least five lanuguages, ZFS, FreeBSD 11 base, new login page, OpenVPN 2.4 and more. pfSense version 2.4 requires a 64-bit Intel or AMD CPU, and nanobsd images are no longer a part of pfSense as of version 2.4.




  • FSF/FSFE/GNU/SFLC



  • Licensing/Legal



    • Machine learning for lawyers


      Machine learning is a technique that has taken the computing world by storm over the last few years. As Luis Villa discussed in his 2017 Free Software Legal and Licensing Workshop (LLW) talk, there are legal implications that need to be considered, especially with regard to the data sets that are used by machine-learning systems. The talk, which was not under the Chatham House Rule default for the workshop, also provided a simplified introduction to machine learning geared toward a legal audience.




  • Openness/Sharing/Collaboration



    • Open Hardware/Modding



      • Hackaday Prize Entry: Open Source Electrospinning
        Electrospinning is the process of dispensing a polymer solution from a nozzle, then applying a very high voltage potential between the nozzle and a collector screen. The result is a very, very fine fiber that is stretched and elongated down to nanometers. Why would anyone want this? These fibers make great filters because of their large surface area. Electrospinning has been cited as an enabling technology for the future of textiles. The reality, though, is that no one really knows how electrospinning is going to become a standard industrial process because it’s so rare. Not many labs are researching electrospinning, to say nothing of industry.






  • Programming/Development



    • Oracle crushed in defeat as Java world votes 'No' to modular overhaul
      The database goliath has lost a Java Community public-review ballot by 13 to 10 that was to have approved its Java Platform Module System (JPMS) specification as a final draft. Executive Committee members ignored dire warnings from Oracle spec lead Mark Reinhold in an open letter where he claimed that a “no” vote would not only delay Java 9 but also be a “vote against the Java Community Process itself”.

      The JSR, number 376, needed a two-thirds majority to pass.

      In that bluntly worded letter, Oracle’s Java platform chief also chastised IBM and Red Hat for suggesting that they might vote against JPMS.






Leftovers



  • Science



    • Toddlers’ screen time linked to speech delays and lost sleep, but questions remain

      It turns out that about 1 in 5 of the toddlers used handheld screens, and those kids had an average daily usage of about a half hour. Handheld screen time was associated with potential delays in expressive language, the team found. For every half hour of mobile media use, a child’s risk of language delay increased by about 50 percent.





  • Health/Nutrition



  • Security



    • Major cyber attack hits companies, hospitals, schools worldwide

      Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.



    • Massive cyberattack hits several hospitals across England


    • Rejection Letter
      We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)


    • SambaXP 2017: John Hixson’s Reflection
      The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.


    • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack


    • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

      Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?



    • Current wave of ransomware not written by ordinary criminals, but by the NSA

      The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.



    • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"
      A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).


    • DDOS attacks in Q1 2017
      In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

      The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.


    • Applied Physical Attacks and Hardware Pentesting
      This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.


    • Intel's zero-day problem


    • Reverse-engineering the Intel Management Engine’s ROMP module
      Last month, while I was waiting for hardware to arrive and undergo troubleshooting, I had some spare time to begin some Intel ME reverse engineering work.

      First, I need to give some shout out to Igor Skochinsky, a Hex-Rays developer, who had been working on reverse engineering the Intel ME for a while, and who has been very generous in sharing his notes and research on the ME with us, which is going to be a huge help and cut down months of reverse engineering and guesswork. Igor was very helpful in getting me to understand the bits that didn’t make sense to me.
    • Intel AMT on wireless networks
      More details about Intel's AMT vulnerablity have been released - it's about the worst case scenario, in that it's a total authentication bypass that appears to exist independent of whether the AMT is being used in Small Business or Enterprise modes (more background in my previous post here). One thing I claimed was that even though this was pretty bad it probably wasn't super bad, since Shodan indicated that there were only a small number of thousand machines on the public internet and accessible via AMT. Most deployments were probably behind corporate firewalls, which meant that it was plausibly a vector for spreading within a company but probably wasn't a likely initial vector.

      [...]

      Case 2 is the scary one. If you have a laptop that supports AMT, and if AMT has been provisioned, and if AMT has had wireless support turned on, and if you're running Windows, then connecting your laptop to a public wireless network means that AMT is accessible to anyone else on that network[1]. If it hasn't received a firmware update, they'll be able to do so without needing any valid credentials.


    • Intel declared war on general purpose computing and lost, so now all our computers are broken
      It's been a year since we warned that Intel's Management Engine -- a separate computer within your own computer, intended to verify and supervise the main system -- presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next?

      For the past week, the IT press has been full of news about the AMT module in the Management Engine making millions of systems vulnerable to local and remote attacks, with a firmware update to disable the module as the only really comprehensive solution. But AMT is only one of the many components of ME, and every one of them could have a vulnerability as grave as this one -- and Intel is not offering any way to turn off ME altogether, meaning that there's a lot of this in our future.

      ME is a brilliant example of why declaring war on general-purpose computing is a terrible idea. There are lots of reasons to want a computer that can only run some programs (instead of every program): preventing poisoned operating systems and other malware, preventing game cheating, enforcing copyright restrictions (DRM), etc... Every one of them is presented as a use-case for ME.


    • OSS-Fuzz: Five months later, and rewarding projects


    • USN-3285-1: LightDM vulnerability


    • generic kde LPE


    • QSB #30: Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)


    • Europe is living under Microsoft’s digital killswitch
      All across Europe, from Finland to Portugal, Ireland to Greece, governments rely on Microsoft software. As their digital systems grow in size and importance, countries are becoming increasingly dependent on this single American corporation. But what consequences does this “lock-in” have? What risks does it pose for the security of European data? And what can governments do to counter it?

      It’s estimated that Microsoft makes around two billion euros in Europe every year, just from its business with the public sector. In 2012 the European Commission released a report that stated that 1.1 billion euros were unnecessarily lost by the European public sector due to being locked-in in business with IT system providers.




  • Defence/Aggression





  • Finance



    • Kevin McKenna: Giving huge IT deal to foreign firm is a betrayal of Scotland [Ed: Microsoft...]

      CGI was at the centre of the massive IT catastrophe which left around 20,000 farmers without their farm subsidy payments, driving many to the edge of ruin. Audit Scotland, which produced a report into the shambles, warned that the incomplete €£178m system, designed to process common agricultural policy payments of €£688m a year, was at risk of running out of money before it had met the European Commission deadline.



    • The Windows Store is looking a lot like the future of Windows

      Oh, and there are some big benefits for Microsoft if it can pull this off, too, given that the company gets a nice 30 percent cut of app purchases.





  • AstroTurf/Lobbying/Politics



  • Censorship/Free Speech



  • Privacy/Surveillance



    • This Is the Secret Court Order That Forced the NSA to Delete the Data It Collected About You
      A newly released court opinion from the secretive Foreign Intelligence Surveillance Court (FISC) shows that for years the NSA improperly and perhaps illegally surveilled Americans. The court order triggered the surprise announcement two weeks ago that the agency would be severely scaling back its domestic surveillance and destroying previously collected data on Americans.
    • Their View: NSA stops one abuse, but many remain
      The National Security Agency has decided to halt a controversial surveillance program, but this was just the tip of an iceberg of government abuses of privacy and due process.


    • Report: NSA Analysts Frequently Broke Rules on Intelligence Collection
      When searching intelligence data, analysts from the National Security Agency failed to follow the rules “with much greater frequency” than was previously disclosed, documents published by the Office of the Director of National Intelligence show.

      The secretive Foreign Intelligence Surveillance Court accused the NSA of a “lack of candor” when reporting those failures, which are a serious concern for the Fourth Amendment.

      During a preliminary review of just a few months in 2015, analysts running searches on emails and other digital communications vacuumed up from undersea internet cables frequently violated Americans’ privacy—albeit unintentionally.


    • Met Police use of Indian hackers probed by watchdog

      Undercover counter-extremism officers used hackers in India to access the emails of journalists and environmental activists, it has been claimed.



    • How to escape the online spies [iophk: "block Facebook at the firewall"]

      And that’s just the start of it. Experts warn that, in the future, your online activity could be taken into consideration when you apply for a loan – or for a job.



    • Young children unconcerned about digital tracking by strangers [iophk: "*cough*facebook*cough*"]

      In contrast, the children did not express such negativity, overall. The youngest children (4-7 years) were positive about someone tracking others' possessions. In fact, children were more negative about someone merely placing a mobile GPS device on an object and not tracking it than about someone placing the device in order to track the object, Gelman said.



    • NHS cyber attack: Edward Snowden says NSA should have prevented cyber attack
      Edward Snowden has blamed the National Security Council for not preventing a cyber attack which infiltrated the computer systems of organisations in 74 countries around the world.

      In a tweet, the National Security Council (NSA) whistleblower said: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.”




  • Civil Rights/Policing



    • [Old] Raif Badawi

      First detained on apostasy charges in 2008, Mr. Badawi was released after a day of questioning. He was arrested on June 17, 2012, on a charge of insulting Islam through electronic channels and brought to court on several charges including apostasy, a conviction which carries an automatic death sentence. Human Rights Watch stated that Badawi's website had hosted material criticizing "senior religious figures." Mr. Badawi had also suggested that Imam Muhammad ibn Saud Islamic University had become "a den for terrorists."



    • ‘We’ll not be safe with Indonesia,’ says West Papua’s Benny Wenda

      In its rush to claim former Dutch colonies in the Asia-Pacific region following West Papua’s self-declared independence from the Netherlands in late 1961, Indonesia has subjected West Papua to continued human rights violations.



      [...]

      With foreign media all but denied access to West Papua – despite apparent lifting of restrictions by President Joko Widodo in 2015 – much of Indonesia’s atrocities remain secret, hidden.



    • How one obscure court case could decide the future of internet business

      In August, the U.S. Court of Appeals for the 9th Circuit dealt the Federal Trade Commission a major blow by calling into question one of the consumer protection agency's most important powers. The court said the FTC should be banned from regulating a company if even a small part of that firm's business is regulated by the Federal Communications Commission as a telecom service, otherwise known as a "common carrier."





  • DRM



    • Anti-DRM artists march on the World Wide Web Consortium today
      Today, activists will gather in Cambridge, Mass to march to the offices of W3C Director Tim Berners-Lee to urge him to keep DRM out of the standards for the open web.

      The controversial project to standardize DRM for streaming video on the web started in 2013 and culminated last month with a poll by W3C members whose results are confidential (though the W3C has chosen to publish the outcomes of previous polls and may yet do so for this one).

      Many of the members who voted in that poll endorsed a compromise advanced by the EFF: to go ahead with DRM, but only if members sign an amendment to the current membership agreement, promising not to use DRM laws to attack people engaged in legitimate activity like adapting the standard for people with disabilities, investigating security and privacy defects, and adding lawful features to video tools.




  • Intellectual Monopolies



    • Copyrights



      • The rise of copyright trolls
        At the 2017 Free Software Legal and Licensing Workshop (LLW), which was held April 26-28 in Barcelona, Spain, more information about the GPL enforcement efforts by Patrick McHardy emerged. The workshop is organized by the Free Software Foundation Europe (FSFE) and its legal network. A panel discussion on the final day of the workshop discussed McHardy's methodology and outlined why those efforts are actually far from the worst-case scenario of a copyright troll. While the Q&A portion of the discussion was under Chatham House Rule (which was the default for the workshop), the discussion between the three participants was not—it provided much more detail about McHardy's efforts, and copyright trolling in general, than has been previously available publicly.


      • ISP Bombarded With 82,000+ Demands to Reveal Alleged Pirates

        Scandinavian telecoms operator Telia has revealed how rightsholders are bombarding the company with demands to identify alleged pirates. During the past year alone, Telia has been ordered to hand over personal details relating to more than 82,000 IP addresses, a large proportion of which will go to known copyright trolls.



      • How Amanda Palmer gave the music industry the finger with crowdfunding

        “I’ve had to continually re-educate myself that this isn’t about selling music. It’s about making music.”



      • Anglophiles: Hang up your VPN; iPlayer isn’t for you anymore

        BBC collects IP address, location, e-mail address in fight against online cheats.



      • Texas Court Orders Temporary ‘Pre-Piracy’ Shutdown of Sports Streaming Sites

        A Federal Court in Texas has issued a broad preliminary injunction ordering several Internet services to disconnect a list of pirate sports streaming domains. While domain name seizures are not an entirely new phenomenon in the US, this order targets "anticipated" infringements and only applies temporarily. It ends after the Indian Premier League cricket tournament.









Recent Techrights' Posts

Expose Corrupt Insurance Companies, Don't Kill People
Murder gives them sympathy, makes the raiders seem like the victims
[Meme] Write Code, Not Social Control Media
don't forget to 'like'
 
Microsoft Windows Falls to 11% in Senegal, an All-Time Low
In neighbouring countries (to the east of Senegal) the "market share" of Windows is even lower
The EPO's Corrupt Dealings With Microsoft Never Addressed, Only Worsened
it helps Microsoft spy on the competition and manipulate examiners dealing with its files
The Catching of Luigi Mangione Shows We Need Not Have More Surveillance (Than We Already Have; It's Excessive Anyway)
instead of saying surveillance is insufficient and thus we need more of it, now they can claim they have enough of it
[Teaser] Fate of Formalities Officers (FOs) at the EPO
Coming soon
Libre Liberia: Windows Down to 8% in Liberia
In Liberia, only about 1 in 12 Web requests seems to originate from Windows
Links 10/12/2024: Health, Politics, Economics, and More
Links for the day
Gemini Links 10/12/2024: LLM Plagiarism and "Flow" Review
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 09, 2024
IRC logs for Monday, December 09, 2024
EPO Salaries Reduced: EPO's “Sustainability” Clause "Cuts the Average Overall Adjustment for Staff by –41,8%."
What does this all mean for staff?
Google is Nuking Remaining Invidious Instances Again, Hoping to Force Everyone to Use Proprietary Spyware With DRM
This issue started a few hours ago
Microsoft's Grip on Armenia is Slipping, According to New Data From statCounter
Notice what happened to Windows - an all-time low
[Meme] Sloppy Plagiarism Full of Errors, Lacking Actual Comprehension
LLMs are not "AI"
More LLM Spam/Slop About LLM Spam/Slop
This is what the Web will become unless we expose those who contribute to the problem
Reforming Versus Rebooting Versus Destroying Institutions
At the moment we strive to expose the truth or shine light on pertinent facts
Microsoft's Windows is Pretty Much Dead in Haiti
Android has eaten Microsoft's lunch, Microsoft can't even eat crow
[Teaser] EPO Management Thinks Inflation in Europe is 0.2% Per Annum
Taming inflation by entirely ignoring it is like wrongly assuming that climate change (caused by human activity) can be overcome by not studying the effect of 8+ billion humans on this finite planet
Corporate Media Will Be Discarded and Eventually Die If It Keeps Doing "Bill Gates Sez" (or Similar) Pieces Instead of Journalism
"Superintelligence" does not even mean anything!
This Week We Focus Again on European Patent Office (EPO) Scandals
Nothing can stop us, not even a party or SLAPP
Links 09/12/2024: Health Care Anger and Power Vacuum in Syria
Links for the day
Links 09/12/2024: Burned, Uncertain Future, and Failure
Links for the day
Links 09/12/2024: UnitedHealthcare C.E.O.'s Killer Still Unknown, Syrian Regime Change Completed
Links for the day
Site in Support of Richard Stallman Reminds People of the FSF's and Stallman's Support of Women
new updates
Microsoft: Target the Young (Get 'Em While They're Young)
Then they say Free software advocates are "extremists" and "rude"...
As of December 8th (23 Days Remaining), the FSF (Free Software Foundation, Inc.) Already a Third of the Way Toward Ambitious Funding Goal
FSF's memberships (or donations) drive is going a lot better than we anticipated
Why Mike Magee Created and Was Involved in So Many News Sites About Technology
British legend
In Memory of Mike Magee (1949-2024) and Our Best Wishes to The Register, Which He Founded in the 1990s
Months have passed since Magee died
Tunisia is Android, Windows is Waning There
Windows was measured below 20% in Tunisia
[Meme] Jeff Bezos Working From Home
"B**** please, publish articles in Washington Post about how working from home sucks"
'Remote' (From Home) Tech Workers Are More Productive for a Lot of Reasons
The Bezos-owned media should disclose its conflict of interest here
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 08, 2024
IRC logs for Sunday, December 08, 2024
No Wonder Microsoft's LinkedIn and Github Have So Many Layoffs, Permanent Office Closures
Traffic down, losses, probably never going to profit
Microsoft Ends Support for Vista 10, So Relative Share of Vista 10 Goes Up, Vista 11 is Down
For 2 months in a row already
When Python is Basically Run by a 'Microsoft-Friendly' Mole Who Ousts People That Actually Contributed a Lot to Python for Many Years
Removing some of the best people
Microsoft's Latest 'Novel' Approach, Trying to Prevent People Moving Away From Microsoft and From Windows
ads say a lot about their business strategy
Syria: Microsoft Windows Down to 8% "Market Share" (It Was 99% Just 15 Years Ago)
it was even measured at less than 5% earlier this year
Microsoft-sponsored "The New Stack" Publishing Microsoft Windows Articles in "Linux" Clothing
Just sayin'...
Links 08/12/2024: Boeing Leaks and Bluesky’s Business Model Dilemma
Links for the day
Gemini Links 08/12/2024: UK Winds and Ultraviolet Grasslands (UVG)
Links for the day
Links 08/12/2024: Conflicts, Misinformation, and Gutting of the Media
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 07, 2024
IRC logs for Saturday, December 07, 2024