Bonum Certa Men Certa

Links 14/5/2017: Linux 4.12 RC1 and KDE Frameworks 5.34.0





GNOME bluefish

Contents





GNU/Linux



Free Software/Open Source



  • Insomnia Is Now Open Source
    Today, I’m happy to announce that the Insomnia desktop app is now open source software under the GPLv3 license! The source code is hosted on GitHub for your viewing pleasure.


  • Bookmarks for Nextcloud 0.10.0 released
    I am happy to announce the availability of Bookmarks for Nextcloud 0.10.0! Bookmarks is a simple way to manage the remarkable websites and pages you come across on the Internet. Bookmarks 0.10.0 provides API methods to create, read, update and delete your bookmarks as well as compatibility with upcoming Nextcloud 12, next to smaller improvements and fixes.


  • Coreboot Ported To Another Core 2 Era Motherboard: G41C-GS
    If you happen to have an ASRock G41C-GS still in use or tucked away in your closet, this older motherboard for Intel Core 2 CPUs now has support for Coreboot to free the proprietary BIOS of the motherboard. Or if you don't but still have other parts available, this motherboard is still available from a few online shops.


  • Events



  • Web Browsers



    • Mozilla



      • Firefox 57: new Photon design screenshots
        The following article gives you a glimpse of the upcoming Photon design of the Firefox web browser which will come out later this year.

        Mozilla plans to make Firefox 57 a milestone release. It is the version of Firefox in which the cut is made that leaves legacy add-ons behind, and also the Firefox version that will feature a design update.

        This design update is called Photon, and we talked about this previously already here on Ghacks Technology News.


      • Firefox vs Chrome & Other Browsers
        Not too many years ago, Firefox was king of the jungle. Sadly, this is no longer the case. Is Chrome the browser to beat in 2017 on the Linux desktop? Can Firefox or other alternatives possibly make a dent in Chrome’s reign? I examine this matter closely.


      • Firefox vs Chrome & Other Browsers | Feedback Hangouts Video






  • Databases



  • OnlyOffice/LibreOffice



  • BSD



    • pfSense 2.5 and AES-NI
      We’re starting the process toward pfSense software release 2.3.4. pfSense software release 2.4 is close as well, and will bring a number of improvements: UEFI, translations to at least five lanuguages, ZFS, FreeBSD 11 base, new login page, OpenVPN 2.4 and more. pfSense version 2.4 requires a 64-bit Intel or AMD CPU, and nanobsd images are no longer a part of pfSense as of version 2.4.




  • FSF/FSFE/GNU/SFLC



  • Licensing/Legal



    • Machine learning for lawyers


      Machine learning is a technique that has taken the computing world by storm over the last few years. As Luis Villa discussed in his 2017 Free Software Legal and Licensing Workshop (LLW) talk, there are legal implications that need to be considered, especially with regard to the data sets that are used by machine-learning systems. The talk, which was not under the Chatham House Rule default for the workshop, also provided a simplified introduction to machine learning geared toward a legal audience.




  • Openness/Sharing/Collaboration



    • Open Hardware/Modding



      • Hackaday Prize Entry: Open Source Electrospinning
        Electrospinning is the process of dispensing a polymer solution from a nozzle, then applying a very high voltage potential between the nozzle and a collector screen. The result is a very, very fine fiber that is stretched and elongated down to nanometers. Why would anyone want this? These fibers make great filters because of their large surface area. Electrospinning has been cited as an enabling technology for the future of textiles. The reality, though, is that no one really knows how electrospinning is going to become a standard industrial process because it’s so rare. Not many labs are researching electrospinning, to say nothing of industry.






  • Programming/Development



    • Oracle crushed in defeat as Java world votes 'No' to modular overhaul
      The database goliath has lost a Java Community public-review ballot by 13 to 10 that was to have approved its Java Platform Module System (JPMS) specification as a final draft. Executive Committee members ignored dire warnings from Oracle spec lead Mark Reinhold in an open letter where he claimed that a “no” vote would not only delay Java 9 but also be a “vote against the Java Community Process itself”.

      The JSR, number 376, needed a two-thirds majority to pass.

      In that bluntly worded letter, Oracle’s Java platform chief also chastised IBM and Red Hat for suggesting that they might vote against JPMS.






Leftovers



  • Science



    • Toddlers’ screen time linked to speech delays and lost sleep, but questions remain

      It turns out that about 1 in 5 of the toddlers used handheld screens, and those kids had an average daily usage of about a half hour. Handheld screen time was associated with potential delays in expressive language, the team found. For every half hour of mobile media use, a child’s risk of language delay increased by about 50 percent.





  • Health/Nutrition



  • Security



    • Major cyber attack hits companies, hospitals, schools worldwide

      Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.



    • Massive cyberattack hits several hospitals across England


    • Rejection Letter
      We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)


    • SambaXP 2017: John Hixson’s Reflection
      The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.


    • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack


    • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

      Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?



    • Current wave of ransomware not written by ordinary criminals, but by the NSA

      The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.



    • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"
      A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).


    • DDOS attacks in Q1 2017
      In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

      The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.


    • Applied Physical Attacks and Hardware Pentesting
      This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.


    • Intel's zero-day problem


    • Reverse-engineering the Intel Management Engine’s ROMP module
      Last month, while I was waiting for hardware to arrive and undergo troubleshooting, I had some spare time to begin some Intel ME reverse engineering work.

      First, I need to give some shout out to Igor Skochinsky, a Hex-Rays developer, who had been working on reverse engineering the Intel ME for a while, and who has been very generous in sharing his notes and research on the ME with us, which is going to be a huge help and cut down months of reverse engineering and guesswork. Igor was very helpful in getting me to understand the bits that didn’t make sense to me.
    • Intel AMT on wireless networks
      More details about Intel's AMT vulnerablity have been released - it's about the worst case scenario, in that it's a total authentication bypass that appears to exist independent of whether the AMT is being used in Small Business or Enterprise modes (more background in my previous post here). One thing I claimed was that even though this was pretty bad it probably wasn't super bad, since Shodan indicated that there were only a small number of thousand machines on the public internet and accessible via AMT. Most deployments were probably behind corporate firewalls, which meant that it was plausibly a vector for spreading within a company but probably wasn't a likely initial vector.

      [...]

      Case 2 is the scary one. If you have a laptop that supports AMT, and if AMT has been provisioned, and if AMT has had wireless support turned on, and if you're running Windows, then connecting your laptop to a public wireless network means that AMT is accessible to anyone else on that network[1]. If it hasn't received a firmware update, they'll be able to do so without needing any valid credentials.


    • Intel declared war on general purpose computing and lost, so now all our computers are broken
      It's been a year since we warned that Intel's Management Engine -- a separate computer within your own computer, intended to verify and supervise the main system -- presented a terrifying, unauditable security risk that could lead to devastating, unstoppable attacks. Guess what happened next?

      For the past week, the IT press has been full of news about the AMT module in the Management Engine making millions of systems vulnerable to local and remote attacks, with a firmware update to disable the module as the only really comprehensive solution. But AMT is only one of the many components of ME, and every one of them could have a vulnerability as grave as this one -- and Intel is not offering any way to turn off ME altogether, meaning that there's a lot of this in our future.

      ME is a brilliant example of why declaring war on general-purpose computing is a terrible idea. There are lots of reasons to want a computer that can only run some programs (instead of every program): preventing poisoned operating systems and other malware, preventing game cheating, enforcing copyright restrictions (DRM), etc... Every one of them is presented as a use-case for ME.


    • OSS-Fuzz: Five months later, and rewarding projects


    • USN-3285-1: LightDM vulnerability


    • generic kde LPE


    • QSB #30: Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)


    • Europe is living under Microsoft’s digital killswitch
      All across Europe, from Finland to Portugal, Ireland to Greece, governments rely on Microsoft software. As their digital systems grow in size and importance, countries are becoming increasingly dependent on this single American corporation. But what consequences does this “lock-in” have? What risks does it pose for the security of European data? And what can governments do to counter it?

      It’s estimated that Microsoft makes around two billion euros in Europe every year, just from its business with the public sector. In 2012 the European Commission released a report that stated that 1.1 billion euros were unnecessarily lost by the European public sector due to being locked-in in business with IT system providers.




  • Defence/Aggression





  • Finance



    • Kevin McKenna: Giving huge IT deal to foreign firm is a betrayal of Scotland [Ed: Microsoft...]

      CGI was at the centre of the massive IT catastrophe which left around 20,000 farmers without their farm subsidy payments, driving many to the edge of ruin. Audit Scotland, which produced a report into the shambles, warned that the incomplete €£178m system, designed to process common agricultural policy payments of €£688m a year, was at risk of running out of money before it had met the European Commission deadline.



    • The Windows Store is looking a lot like the future of Windows

      Oh, and there are some big benefits for Microsoft if it can pull this off, too, given that the company gets a nice 30 percent cut of app purchases.





  • AstroTurf/Lobbying/Politics



  • Censorship/Free Speech



  • Privacy/Surveillance



    • This Is the Secret Court Order That Forced the NSA to Delete the Data It Collected About You
      A newly released court opinion from the secretive Foreign Intelligence Surveillance Court (FISC) shows that for years the NSA improperly and perhaps illegally surveilled Americans. The court order triggered the surprise announcement two weeks ago that the agency would be severely scaling back its domestic surveillance and destroying previously collected data on Americans.
    • Their View: NSA stops one abuse, but many remain
      The National Security Agency has decided to halt a controversial surveillance program, but this was just the tip of an iceberg of government abuses of privacy and due process.


    • Report: NSA Analysts Frequently Broke Rules on Intelligence Collection
      When searching intelligence data, analysts from the National Security Agency failed to follow the rules “with much greater frequency” than was previously disclosed, documents published by the Office of the Director of National Intelligence show.

      The secretive Foreign Intelligence Surveillance Court accused the NSA of a “lack of candor” when reporting those failures, which are a serious concern for the Fourth Amendment.

      During a preliminary review of just a few months in 2015, analysts running searches on emails and other digital communications vacuumed up from undersea internet cables frequently violated Americans’ privacy—albeit unintentionally.


    • Met Police use of Indian hackers probed by watchdog

      Undercover counter-extremism officers used hackers in India to access the emails of journalists and environmental activists, it has been claimed.



    • How to escape the online spies [iophk: "block Facebook at the firewall"]

      And that’s just the start of it. Experts warn that, in the future, your online activity could be taken into consideration when you apply for a loan – or for a job.



    • Young children unconcerned about digital tracking by strangers [iophk: "*cough*facebook*cough*"]

      In contrast, the children did not express such negativity, overall. The youngest children (4-7 years) were positive about someone tracking others' possessions. In fact, children were more negative about someone merely placing a mobile GPS device on an object and not tracking it than about someone placing the device in order to track the object, Gelman said.



    • NHS cyber attack: Edward Snowden says NSA should have prevented cyber attack
      Edward Snowden has blamed the National Security Council for not preventing a cyber attack which infiltrated the computer systems of organisations in 74 countries around the world.

      In a tweet, the National Security Council (NSA) whistleblower said: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.”




  • Civil Rights/Policing



    • [Old] Raif Badawi

      First detained on apostasy charges in 2008, Mr. Badawi was released after a day of questioning. He was arrested on June 17, 2012, on a charge of insulting Islam through electronic channels and brought to court on several charges including apostasy, a conviction which carries an automatic death sentence. Human Rights Watch stated that Badawi's website had hosted material criticizing "senior religious figures." Mr. Badawi had also suggested that Imam Muhammad ibn Saud Islamic University had become "a den for terrorists."



    • ‘We’ll not be safe with Indonesia,’ says West Papua’s Benny Wenda

      In its rush to claim former Dutch colonies in the Asia-Pacific region following West Papua’s self-declared independence from the Netherlands in late 1961, Indonesia has subjected West Papua to continued human rights violations.



      [...]

      With foreign media all but denied access to West Papua – despite apparent lifting of restrictions by President Joko Widodo in 2015 – much of Indonesia’s atrocities remain secret, hidden.



    • How one obscure court case could decide the future of internet business

      In August, the U.S. Court of Appeals for the 9th Circuit dealt the Federal Trade Commission a major blow by calling into question one of the consumer protection agency's most important powers. The court said the FTC should be banned from regulating a company if even a small part of that firm's business is regulated by the Federal Communications Commission as a telecom service, otherwise known as a "common carrier."





  • DRM



    • Anti-DRM artists march on the World Wide Web Consortium today
      Today, activists will gather in Cambridge, Mass to march to the offices of W3C Director Tim Berners-Lee to urge him to keep DRM out of the standards for the open web.

      The controversial project to standardize DRM for streaming video on the web started in 2013 and culminated last month with a poll by W3C members whose results are confidential (though the W3C has chosen to publish the outcomes of previous polls and may yet do so for this one).

      Many of the members who voted in that poll endorsed a compromise advanced by the EFF: to go ahead with DRM, but only if members sign an amendment to the current membership agreement, promising not to use DRM laws to attack people engaged in legitimate activity like adapting the standard for people with disabilities, investigating security and privacy defects, and adding lawful features to video tools.




  • Intellectual Monopolies



    • Copyrights



      • The rise of copyright trolls
        At the 2017 Free Software Legal and Licensing Workshop (LLW), which was held April 26-28 in Barcelona, Spain, more information about the GPL enforcement efforts by Patrick McHardy emerged. The workshop is organized by the Free Software Foundation Europe (FSFE) and its legal network. A panel discussion on the final day of the workshop discussed McHardy's methodology and outlined why those efforts are actually far from the worst-case scenario of a copyright troll. While the Q&A portion of the discussion was under Chatham House Rule (which was the default for the workshop), the discussion between the three participants was not—it provided much more detail about McHardy's efforts, and copyright trolling in general, than has been previously available publicly.


      • ISP Bombarded With 82,000+ Demands to Reveal Alleged Pirates

        Scandinavian telecoms operator Telia has revealed how rightsholders are bombarding the company with demands to identify alleged pirates. During the past year alone, Telia has been ordered to hand over personal details relating to more than 82,000 IP addresses, a large proportion of which will go to known copyright trolls.



      • How Amanda Palmer gave the music industry the finger with crowdfunding

        “I’ve had to continually re-educate myself that this isn’t about selling music. It’s about making music.”



      • Anglophiles: Hang up your VPN; iPlayer isn’t for you anymore

        BBC collects IP address, location, e-mail address in fight against online cheats.



      • Texas Court Orders Temporary ‘Pre-Piracy’ Shutdown of Sports Streaming Sites

        A Federal Court in Texas has issued a broad preliminary injunction ordering several Internet services to disconnect a list of pirate sports streaming domains. While domain name seizures are not an entirely new phenomenon in the US, this order targets "anticipated" infringements and only applies temporarily. It ends after the Indian Premier League cricket tournament.









Recent Techrights' Posts

When Wikileaks Sources Were Actually Murdered and Wikileaks Was Still a Wiki
when Wikileaks was a young site and still an actual wiki
Why Virtually All the Wikileaks Copycats, Forks, and Rivals Basically Perished
Cryptome is like the "grandpa" of them all
Why the Media is Dying (It Sucks, No Mentally Healthy People Will Tolerate This for Long)
linking to actual news articles helps fuel the spam, too
 
In the United Kingdom Google Search Rises to All-Time High, Microsoft Fell Nearly 1.5% Since the LLM Hype Began
Microsoft is going to need actual products or it will gradually vanish from the market
Trying to Put Out the Fire at Microsoft
Microsoft is drowning in debt while laying off loads of staff, hoping it can turn things around
GNU/Linux Growing at Vista 11's Expense
it's tempting to deduce many people who got PCs with Vista 11 preinstalled are deleting it, only to replace it with GNU/Linux
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 23, 2024
IRC logs for Tuesday, July 23, 2024
[Meme] Was He So Productive He Had to be Expelled Somehow? (After He Was Elected and Had Given Many Years of Work to Earn a Board Seat)
Things like these seem to lessen the incentive to devote one's life to Free software projects
GNOME Foundation is Causing Itself More Embarrassment With Secrecy Than With Full Transparency
It also arouses suspicion and hostility towards Codes of Conduct, which gave rise to 'secret courts' governed by large corporations
Links 23/07/2024: NetherRealm Layoffs and Illegitimate Patent 'Courts' (Illegal)
Links for the day
Gemini Links 23/07/2024: AM Radio, ngIRCd, and Munin
Links for the day
A Lot of GNU/Linux Growth on the Client Side is Owing to India (Where GNU/Linux Has Reached 16%)
A lot of this happened in recent years
Insulting Free Software Users in Social Control Media (Proprietary, Bloated With Opaque JavaScript) is Like Insulting Amish on TV
Why bother? Don't take the bait.
statCounter: Dutch GNU/Linux Usage Surged 1% in Summer
Microsoft is running out of things to actually sell
Microsoft's "Results" Next Week Will be Ugly (But It'll Lie About Them, as Usual)
Where can Microsoft find income rather than losses as its debt continues to grow and layoffs accelerate?
Julian Assange is Still Being Dehumanised in Media Whose Owners Wikileaks Berated (With Underlying Facts or Leaks)
Wikileaks and Free software aren't the same thing. Nevertheless, the tactics used to infiltrate or discredit both ought to be understood.
A Month Later
We're optimistic on many fronts
Links 23/07/2024: Downsizing and Microsoft and Still Damage Control
Links for the day
Gemini Links 23/07/2024: Friends and Solitaire
Links for the day
Censorship in Eklektix's Linux Weekly News (LWN)
Medieval system of speech, where the monarchs (Linux Foundation) dictate what's permissible to say
10 Years of In-Depth EPO Coverage at Techrights (Many Others Have Abandoned the Topic)
Listen to staff
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 22, 2024
IRC logs for Monday, July 22, 2024
[Meme] The Latest in the Microsoft Windows Blame Game
Microsoft found the culprit and came to everyone's rescue!
Links 22/07/2024: Overworking and Performance Issues From Europe
Links for the day
Microsoft Eliminates 67% of the Building Occupancy - That's Some Truly Massive Layoffs
Half a dozen floors? Microsoft cuts that down to two.
[Meme] Signs of a Dying Patent Office
"Bribe the media to say you excel"
This Month's General Consultative Committee (GCC) Webchat ('Meeting') Covered the European Patent Office's Attacks on Its Own Interpreters
The Central Staff Committee is currently circulating a report with appendices about the GCC meeting [sic] (webchat) that took place less than a fortnight ago
A Byzantine European Patent Office Where Staff Must Beg for Help With Contraception (Worse Than the Rest of Europe)
The Central Staff Committee (EPO staff representation) has just circulated a report
[Teaser] EPO Run by Children
"Daddy, why was I born?"
Let's Encrypt About to Fall Below 100 (Capsules) in Geminispace, It's Basically in a Freefall
The "self-signed" portion keeps growing
Gemini Links 22/07/2024: Spacewalk Dies and Old Computer Challenge in the Rear View
Links for the day
For the First Time Since May Linux.com (Linux Foundation) Published Something. It's All Spam.
Can we trust the Linux Foundation to look after anything at all? Look what it turned this once-thriving site into.
Honduras: Windows Down, Android Peaking Again
Honduras does not have many stakes in Microsoft
[Meme] Twitter (X) Will Reject the Concept of a Female President
Twitter (X) is controlled by misogynists, who socially control (or socially-engineer) their fake concept of "media"
Second Family Photo of Julian Assange Since His Release (First Since His Birthday)
His wife shows the 4 of them for the first time (2 hours ago)
Protesters in Kenya Need Software That is Free (Libre) and Supports Real Encryption in Order to Avoid Capture and Torture (Sometimes Execution)
There's more to fight over than economic issues
The Ludicrous Idea That GNU/Linux is a "Poor Man's" Operating System
Seeing the trends in countries such an Norway, it ought to be abundantly clear that adoption of GNU/Linux has nothing to do with poverty
Links 22/07/2024: Internet Optimism and Kamala Harris Policies Debated
Links for the day
Something is Happening at OFTC
It looks like it shrank by 20,000 users
GNU/Linux Usage in Guadeloupe Rises Closer to International Average, Based on Web Data Collected by statCounter
It should be noted that the estimates of GNU/Linux usage are now in 4.5% territories
The Impact of OFTC's Latest Changes on the Perceived Scale of IRC Globally
IRC is still one of the more potent alternatives to the social control media conglomerates
New: Why They Really Went After Assange
Uploaded by Chris Hedges
Links 21/07/2024: Health, Politics, and Kamala Harris in Focus
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 21, 2024
IRC logs for Sunday, July 21, 2024
A Drop in Half (From 208 to 104): Sharp Decline in Number of Gemini Capsules That Use Let's Encrypt CA Since December
Gemini is increasing its independence from Certificate Authorities (CAs)