As per the report, Barcelona city plans to replace all user applications on its computers with open source alternatives. After finding a proper replacement for all proprietary software, the final step would be to go ahead with replacing the operating system with Linux.
Barcelona city administration has prepared the roadmap to migrate its existing system from Microsoft and proprietary software to Linux and Open Source software.
While the City of Munich is switching back to Windows after running Linux on their public PCs, a move that will cost them over €100 million euros, the City of Barcelona is making the smart choice of dumping Microsoft's products and switch to Linux and Open Source.
First spotted by It's FOSS, this fantastic news was reported by Spanish newspaper El País, stating that the City of Barcelona is currently in talks of migrating all of their public computer systems to Open Source software products like LibreOffice and Open-Xchange, replacing Microsoft's expensive products.
I asked the above quiz question during the Geekcamp tech conference in Nov 2017 during my emcee role. The theoretical answer as you can glean from the title of this post is the 486 which was first released in 1989. I determined that fact from this article where support for the 386 was dropped in Dec 2012.
By now, everyone knows that something “big” just got announced regarding computer security. Heck, when the Daily Mail does a report on it , you know something is bad…
Anyway, I’m not going to go into the details about the problems being reported, other than to point you at the wonderfully written Project Zero paper on the issues involved here. They should just give out the 2018 Pwnie award right now, it’s that amazingly good.
As promised, Linux kernel maintainer Greg Kroah-Hartman released today new versions of the Linux 4.14, 4.9, and 4.4 kernel series to address some of the regressions from previous builds and fix more bugs.
Linux kernels 4.14.13, 4.9.76 LTS, and 4.4.111 LTS are now available for download from kernel.org, and they include more fixes against the Spectre security vulnerability, as well as some regressions from the Linux 4.14.12, 4.9.75 LTS, and 4.4.110 LTS kernels released last week, as some reported minor issues.
Freedreno open-source Qualcomm Adreno driver creator Rob Clark has sent in the set of updates for the MSM DRM driver targeting the Linux 4.16 kernel.
The MSM Direct Rendering Manager updates for DRM-Next to go into Linux 4.16 are a bit late for the DRM staging, but these changes are mostly small. Besides some bug fixes and other minor code changes, the main feature addition for MSM in Linux 4.16 is DEVFREQ support for controlling the GPU clock frequency.
Open-source software was once something that large businesses shied away from, but over the course of the last few years, it’s made inroads into virtually every enterprise company. With Automotive Grade Linux (AGL), the Linux Foundation hosts a project that aims to bring open source to the car industry. As the AGL group announced at CES in Las Vegas today, Toyota and Amazon have now signed up to support the project, as well.
Toyota, which is using AGL in the 2018 Camry, is joining as a platinum member, while Amazon opted for the silver level. Indeed, you may have seen another Toyota and Amazon mashup today, which is probably no coincidence.
If you are still running with a pre-GCN AMD graphics card, a number of R600 Gallium3D commits landed in Mesa Git over night as well as an interesting patch series on the Mesa mailing list.
Hitting Mesa 17.4-dev Git a few hours ago were a number of R600 Gallium3D fixes. This time around the various fixes come courtesy of VMware's Roland Scheidegger, a long time Mesa developer. They are a variety of minor fixes. It's nice to see nevertheless as R600g doesn't get too much action these days.
The xf86-video-intel DDX driver now has support for the first "Coffee Lake" processors.
Yesterday I posted some fresh GPU/driver benchmark results for discrete AMD Radeon and NVIDIA GeForce graphics cards. These were some of the most competitive numbers yet we've seen out of the open-source RadeonSI OpenGL and RADV drivers while using the latest Linux 4.15 kernel, especially for the GTX 1060 vs. RX 580 battle. In the comments were requests to see some CPU utilization numbers, including from one of the Radeon Linux developers, so here is a look at how the CPU usage compares.
With having some spare cycles this morning on that Core i7 8700K "Coffee Lake" desktop, I ran a CPU usage comparison with various Linux games when using the Radeon RX 580 (on Linux 4.15 + Mesa 17.4-dev + LLVM 6.0 SVN) vs. the comparable GeForce GTX 1060 (on Linux 4.15 + NVIDIA 390.12) for showing the latest CPU utilization difference for both OpenGL and Vulkan games.
RADV co-founder Bas Nieuwenhuizen has landed support for the Vulkan VK_EXT_discard_rectangles extension within Mesa 17.4-dev.
David Airlie and Bas Nieuwenhuizen's work on the RADV open-source Vulkan driver is quite relentless. David has posted yet another patch working on further optimizing the performance of this unofficial Radeon Vulkan driver living within Mesa.
For those NVIDIA Linux users reliant upon the proprietary driver and wanting to upgrade to the Linux 4.15 kernel that will be officially released within the next two weeks, the 390.12 driver is playing nicely.
Earlier NVIDIA driver releases ran into compatibility issues with the Linux 4.15 interfaces following the merge window (not due to KPTI, as some other FUD previously passed around by others). But with last week's NVIDIA 390.12 beta it has been working fine atop the Linux 4.15 Git kernel, including when Kernel Page Table Isolation is enabled for Meltdown prevention. (Retpoline support has yet to be mainlined, haven't tested the NVIDIA driver there yet to formally confirm if any breakage may happen.)
AMD sent in a fair number of AMDGPU updates slated for Linux 4.16 but now hitting the cut-off for major feature updates for DRM-Next code looking to make it into 4.16, AMD has submitted some fixes.
Here is a fresh look at the NVIDIA GeForce and AMD Radeon Linux graphics card performance as we start 2018. Testing was done using the latest Linux 4.15 Git kernel -- including the KPTI page table isolation support -- as well as using the newest Mesa 17.4-dev driver code for RadeonSI/RADV and on the NVIDIA side is their brand new 390.12 beta driver.
The Linux hdparm tool enables administrators to establish a basic, low-level measure of disk performance. Using hdparm with the -t option takes advantage of the Linux disk cache, while the -t option also accesses the disk through the cache, but doesn't pre-cache the results. Low-level Linux storage benchmarking tools such as hdparm are very sensitive to file systems and other higher level constructs, however, so results can vary dramatically.
Admins often use the Linux dd -- data duplicator -- command for tasks such as backup and copy, but its interaction with storage can also enable sequential throughput for storage performance.
Flexible I/O Tester (FIO) is perhaps the most versatile and popular tool for benchmarking hard disk drive and solid-state drive devices. It enables administrators to run sequential read/write tests with varied I/O block sizes and queue depths.
Over the past week and a half of running many benchmarks looking at the performance impact of the Linux KPTI and Retpoline patches for Spectre and Meltdown mitigation, one of the most common test requests is some thorough benchmarks on older systems. Why that's important is with older (pre-Westmere) CPUs there isn't PCID (Process Context Identifier) support that's used by KPTI, which helps offset some of the performance loss. So for some test results to share today are two old ThinkPads from the Clarksfield and Penryn days compared to a newer Broadwell ThinkPad in looking at the performance difference.
When last we met, we learned that the Linux console supports multimedia. Yes, really! You can enjoy music, movies, photos, and even read PDF files without being in an X session with MPlayer, fbi, and fbgs. And, as a bonus, you can enjoy a Matrix-style screensaver for the console, CMatrix.
You will probably have make some tweaks to your system to make this work. The examples used here are for Ubuntu Linux 16.04.
Clipboard Anywhere is a free, lightweight, and cloud-enabled clipboard application with which you can copy to and paste from its clipboard universally synced across all connected devices.
It is important to remember that Clipboard Anywhere is NOT a clipboard manager app but simply a clipboard app via which you can have texts and images that you copy on your desktop available on your mobile devices and vice versa.
Storaji is a free, Electron-powered, open-source and lightweight Inventory Management System. Its development is aimed at Middle-Low Companies who might not be able to afford the license for similar applications to manage their stock.
I thought Endless Horde [Steam] looked like it could be a nice Tower Defense game to kill a few minutes since it's cheap, so I took a look.
Developed by Ominous Entertainment, the game released with Linux support in April of last year. I let it bake a little longer, but even after waiting this long it's not great.
Can't get enough hardcore platforming? Good news for you, as the colourful and musical ERSATZ [Steam, Official Site] now supports Linux.
Originally released for Windows back in September of last year, the Linux version arrived two days ago. The developer said it does have two small differences to the Windows build, one being the "L" key being used to dash and a "shockwave" effect when you slam-hit the ground had to be removed due to graphical issues.
Spartan Fist [Steam, Official Site], a first-person puncher roguelike from Glass Bottom Games looks fantastic and the good news is that it's heading to Linux.
It's really great to know that Glass Bottom Games will continue to support Linux, as they previously released Jones On Fire and Hot Tin Roof: The Cat That Wore A Fedora so I was hoping they would. Spartan Fist actually features two characters from those previous games too, but you won't need to play them to enjoy this.
For those curious about the financial aspect of porting games to Linux and macOS, Feral Interactive has published their 2017 fiscal year results.
Well known Linux game porting company Feral Interactive that also brings games to macOS/iOS has filed their latest financial data this week with UK's Companies House for their fiscal year ending 31 March 2017.
Unity Technologies has rolled out their first public beta for the Unity 2018.1 release. Exciting us about this game engine update is their Scriptable Render Pipeline.
The Scriptable Render Pipeline is their new real-time rendering architecture. Scriptable Rendering Pipeline (SRP) is still being developed but is designed to exploit the potential of modern systems, particularly GPUs, and to do so in an easy and efficient manner. SRP is designed to be extensible and can be extended/customized using C# code and material shaders.
I decided to bite the bullet and actually pick up a personal copy of Opus Magnum [Steam, Humble Store], I’m glad I did and it's fantastic.
At first, it’s a little bit like there’s a tiny man inside your brain just shouting “AHH!” as there’s quite a lot to take in, but once you push through the initial brain overload it’s a brilliant experience. I wouldn’t say I was generally a huge puzzle game fan, but Opus Magnum absolutely fascinates me in ways I didn’t think possible.
Sad news, as it seems there's just no chance of Killing Floor 2 coming to Linux any more as Tripwire can't find a developer.
Going back to February of last year, Knockout Games sneaked out before that they were working on it, but not all contracts work out of course. I assumed they had parted ways, since later in August of last year Tripwire then said it wasn't in active development. I was hoping Knockout Games (or anyone) was just quietly working on it, but I guess not.
Where The Water Tastes Like Wine [Steam, Official Site] is an upcoming adventure game from Dim Bulb Games and Serenity Forge has a new trailer to show off some characters, the fun news is that the musician Sting is starring in it.
Gordon Matthew Thomas Sumner, better know by his stage name of Sting is starring is this new adventure game along side some great actors like: Dave Fennoy (The Walking Dead: A Telltale Games Series), Cissy Jones (Firewatch), Kimberly Brooks (Mass Effect) and many more.
We're kicking off 2018 with a new fantastic release of KStars for Windows & MacOS. Linux users should wait a few more days to get the release in the official PPA due to Canonical's Launchpad downtime because of the Meltdown and Spectre CPU vulnerabilities discovered recently.
KStars 2.9.1 aka "Lancaster" release is primarily a bugfix release, but it brings with it as well several new features and improvements to existing technologies.
Akademy is the KDE Community conference. The 2018 edition is from Saturday 11th to Friday 17th August in Vienna, Austria. If you are working on topics relevant to KDE or Qt, this is your chance to present your work and ideas at the Conference. The days for talks are Saturday and Sunday, 11th and 12th. The rest of the week will be BoFs, unconference sessions and workshops.
We’ve officially gone into String Freeze mode now! That’s developer speak for “No New Features, Honest”. Everything that’s going into Krita 4.0 now is in, and the only thing left to do is fixing bugs and refining stuff.
Given how much has changed between Krita 3 and Krita 4, that’s an important part of the job! Let us here repeat a very serious warning.
The KDE/Qt-aligned Krita digital painting program has released its first beta release of the major 4.0 update that also marks its string freeze. Now marks the period of bug fixing before shipping Krita 4.0 within a few months.
Today is a big day. The Nextcloud community is launching a new product and solution called Nextcloud Talk. It’s a full audio/video/chat communication solution which is self hosted, open source and super easy to use and run. This is the result of over 1.5 years of planing and development.
For a long time it was clear to me that the next step for a file sync and share solution like Nextcloud is to have communication and collaboration features build into the same platform. You want to have a group chat with the people you have a group file share with. You want to have a video call with the people while you are collaborative editing a document. You want to call a person directly from within Nextcloud to collaborate and discuss a shared file, a calendar invite, an email or anything else. And you want to do this using the same login, the same contacts and the same server infrastructure and webinterface.
We’re very proud to announce today Nextcloud Talk, the first enterprise-ready, self-hosted communication technology giving users the highest degree of control over their data and communication. Nextcloud Talk is a fully open source video meeting software, on-premise hosted and end-to-end encrypted. It features a text chat and is available for web and mobile. In related news, Nextcloud has become the vendor with the greatest momentum in the self-hosted Enterprise File Sync and Share market and increased its customer base by 7 times in 2017. And over 500 individuals contributed more than 6.6 million lines of code to Nextcloud last year!
Nextcloud has launched a self-hosted open source alternative to Google Hangouts, Skype, and similar chat services.
Called ‘Nextcloud Talk’, the feature brings audio, video and messaging features based on WebRTC to the personal cloud server software, which was forked from OwnCloud back in 2016.
The Nextcloud cloud hosting software forked from ownCloud now has audio/video/chat abilities.
Somebody made a proposal on the fwupd mailing list that the machine running fwupd should “phone home” to the LVFS with success or failure after the firmware update has been attempted.
This would let the hardware vendor that uploaded firmware know there are problems straight away, rather than waiting for thousands of frustrated users to file bugs. The report should needs to contain something that identifies the machine and a boolean, and in the event of an error, enough debug information to actually be useful. It would obviously involve sending the users IP address to the server too.
[...]
This means vendors using the LVFS know first of all how many downloads they have, and also the number of success and failures. This allows us to offer the same kind of staged deployment that Microsoft Update does, where you can limit the number of updated machines to 10,000/day or automatically pause the specific firmware deployment if > 1% of the reports come back with failures.
I was disappointed in GeckoLinux in only one situation. The practice of including a password for the live session demo mode was a new feature promised in this release. The product description hawks the convenience of not having to enter passwords for the live session user account.
Yet the brief documentation for the ISO download mentions the user password for the live session as "linux." I was hoping that the developer merely forgot to update the download information.
Alas, the new version still needs a password. Oh well, maybe the next release.
Otherwise, GeckoLinux 423 is a worthy release that provides improvements over the standard openSuse mindset.
Several openSUSE Tumbleweed snapshots arrive before and after the new year and this post will focus on the most recent snapshots released this week.
Much of the efforts of developers this week have focused on patching the Meltdown and Spectre vulnerabilities. openSUSE’s rolling distribution produced four openSUSE Tumbleweed snapshots so far this week.
While the Long-Term Support 4.4 Linux Kernel has patched many of the vulnerabilities associated with Meltdown and Spectre, the 4.14.12 Linux Kernel released in snapshot 20180107 hasn’t, but Tumbleweed users will likely see the vulnerabilities patched soon.
This past week, the technology world became aware of three significant security threats that could be used to allow cybercriminals to steal valuable data from an affected computer system. Together, these three bugs are commonly known as “Spectre” and “Meltdown” – a technical discussion of these vulnerabilities can be found here, and a non-technical explanation of the key facts is here.
During the fall of 2017, we conducted a microservices survey with our Red Hat JBoss Middleware and Red Hat OpenShift customers. From this, we were able to discover how these customers are using microservices to their advantage, what they see as some of the major benefits, what challenges exist and how to overcome them and how microservices can give respondents a competitive advantage. While these statistics are based off of a specific group of Red Hat customers, these findings give a good sense of the overall attitude toward microservices adoption and implementation. Read on to learn more about these findings.
The past year was a busy for Fedora. The community released Fedora 26 and 27. Different sub-projects of Fedora give their share of time for the overall success of Fedora. But in a project as big as Fedora, it’s hard to keep track of what everyone is doing! If you’re a developer, you likely know more about what’s happening inside the code of Fedora, but you may not know what’s happening with the Fedora Ambassadors. Or maybe you’re involved with Globalization (G11n) and translating and know what’s happening there, but you’re not as familiar with what the Fedora Design team is working on.
As upstream Glibc is working on deprecating libcrypt for its eventual removal from the codebase, Fedora developers are looking at using libxcrypt for their hashing/encoding crypto library.
Some Fedora / Red Hat developers have been working on libxcrypt as the distribution's potential replacement to libcrypt. Libxcrypt is inspired in part by Openwall Linux, supports most all password hashing algorithms, offers a faster development cycle, and makes adding new hashing algorithms easy.
Support for Ubuntu 17.04 Zesty Zapus will be coming to an end this Saturday, nine months after being pushed out. The end of life applies to all systems no matter whether you’re running it on a desktop or a server. Once the end of life date arrives, you should have a plan to move to Ubuntu 17.10 or downgrade to Ubuntu 16.04.
Ubuntu Unity Remix 18.04 is already functional even though it's still very new. For you who don't know, Unity Remix is a new Ubuntu distro with Unity 7 desktop created after the official Ubuntu switched to GNOME 3. Unity Remix is based on the effort of Unity 7 Continuation Project by Khurshid Alam and Dale Beaudoin, and it calls for developers & testers right now. Today I, an Ubuntu user who likes Unity Desktop, start a series of article about my days in personal testing Ubuntu Unity Remix. This 'Day 1' covers a short overview about the latest ISO from 27-Dec-2017. This series is (again) inspired by Didier Roche's series at early Artful days. Enjoy!
Do you like Nemo and Caja file managers? Good news for you, you can use them at Ubuntu Unity Remix now. More good news is there are 2 ISOs available (for testing purpose) for both Unity Remix Nemo and Unity Remix Caja editions! Having these two is like continuing the 17.04 but with the feels of Linux Mint 'MATE' and 'Cinnamon' editions. For you who don't know, you will find Nemo or Caja even more useful than Nautilus, because you'll have more features you cannot find at (like normal menu bar, F3, and status bar). This 'Day 2' covers simple overview about both file managers at Ubuntu Unity Remix 18.04. Enjoy!
The PiTalk is an RPi phone add-on board. The Gemini PDA is a clamshell re-spin of the Psion. Eelo is a privacy-oriented phone ROM. Samsung is planning to load Ubuntu desktops on Galaxy phones. They all want to reinvent the Linux phone concept.
Since our September story surveying a new crop of Linux smartphone contenders, including the Raspberry Pi based ZeroPhone and Purism’s Librem 5, we’ve seen several more Linux phone projects pop into view. New entries covered here include a successfully Kickstarted PiTalk phone add-on for the Raspberry Pi. There’s also a Gemini PDA with 4G support that dual-boots Linux and Android. It won Indiegogo funding last year and has now opened for additional orders.
Presumably, the module runs Linux and/or Android, but there were no details on that score.
The Telecommunications Infrastructure Project is looking to apply open source technologies to next generation fixed and mobile networks.
The Telecom Infra Project (TIP), conceived by Facebook to light a fire under the traditional telecommunications infrastructure market, continues to expand into new areas.
Launched at the 2016 Mobile World Congress in Barcelona, the highly disruptive project takes an open ecosystem approach to foster network innovation and improve the cost efficiencies of both equipment suppliers and network operators.“We know from our experience with the Open Compute Project that the best way to accelerate the pace of innovation is for companies to collaborate and work in the open. We helped to found TIP with the same goal - bringing different parties together and strengthen and improve efficiencies in the telecom industry,” according to Aaron Bernstein, Director of Connectivity Ecosystem Programmmes at Facebook.
Algorithms are everywhere in our world, and so is bias. From social media news feeds to streaming service recommendations to online shopping, computer algorithms—specifically, machine learning algorithms—have permeated our day-to-day world. As for bias, we need only examine the 2016 American election to understand how deeply—both implicitly and explicitly—it permeates our society as well.
What’s often overlooked, however, is the intersection between these two: bias in computer algorithms themselves.
Contrary to what many of us might think, technology is not objective. AI algorithms and their decision-making processes are directly shaped by those who build them—what code they write, what data they use to “train” the machine learning models, and how they stress-test the models after they’re finished. This means that the programmers’ values, biases, and human flaws are reflected in the software. If I fed an image-recognition algorithm the faces of only white researchers in my lab, for instance, it wouldn’t recognize non-white faces as human. Such a conclusion isn’t the result of a “stupid” or “unsophisticated” AI, but to a bias in training data: a lack of diverse faces. This has dangerous consequences.
The All Hands is a special time of the year where Mozilla employees along with core volunteers gather for a week of many meetings and brainstorming. The All Hands Wiki page has more information about the general setting. During the All Hands, the Reps Council participated in the Open Innovation meetings as well as had meetings about what 2018 planning. One of our main topics was about the Mission Driven Mozillians proposal.
openSUSE is pleased to announce that registration and the call for papers for the openSUSE Conference 2018 (oSC18), which takes place in Prague, Czech Republic, are open.
The dates for this year’s conference will be May 25 through May 27 at Faculty of Information Technologies of Czech Technical University in Prague. Submission for the call for papers will be open until April 20. There are 99 day from today to submit a proposal, but don’t wait until the late minute. Registration will be open from today until the day oSC18 begins; make sure to answer the survey question regarding the T-Shirt size.
The Firefox ESR (extended support release) is based on an official release of Firefox desktop for use by organizations including schools, universities, businesses and others who need extended support for mass deployments. Since Firefox 10, ESR has grown in popularity and many large organisations rely on it to let their employees browse the Internet securely.
We want to make customization of Firefox deployments simpler for system administrators and we’re pleased to announce that our next ESR version, Firefox 60, will include a policy engine that increases customization possibilities and integration into existing management systems.
Seen from here, EPUB is a technical dead end. The ebook market just cannot absorb newer versions of EPUB any more, and I’m not sure when it will be able to absorb even light incremental changes again. EPUB books based on EPUB 3.0.1 or a light and for once backwards-compatible evolution of 3.0.1, are here to stay for a very, very long time.
Yesterday, I was talking with Kohei Yoshino (the person behind the Bugzilla Quantum effort that recently landed significant UX improvements to the header strip) about some visual issues I have on bugzilla.mozilla.org which basically boil down to our default view being a bit too noisy for my taste and not emphasizing enough on the key elements I want to glance at immediately when I visit a bug (bug Status, description, comments).
Given that I spend a significant amount of time on Bugzilla and that I also spend some time on Github issues, I decided to see if I could improve our default theme on Bugzilla with a user style to make it easier on the eyes and also closer visually to Github, which I think is good when you use both on a daily basis.
Software Freedom Conservancy thanks the Pineapple Fund and its anonymous backer for its recent donation of over 18 Bitcoin (approximately $250,000). The Pineapple Fund is run by an early Bitcoin adopter to give about $86 million worth of Bitcoin to various charities. Shortly after the fund’s announcement earlier this month, volunteers and Conservancy staff members applied for its support. That application was granted this week.
For more than 3 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
We humbly present to you the sum of another major iteration of the OPNsense firewall. Over the second half of 2017 well over 500 changes have made it into this first release candidate. Most notably, the firewall NAT rules have been reworked to be more flexible and usable via plugins, which is going to pave the way for subsequent API works on the core firewall functionality. For more details please find the attached list of changes below.
Meltdown and Spectre patches are currently being worked on in FreeBSD[1], but there is no reliable timeline. We will keep you up to date through the usual channels as more news become available. Hang in there!
The law of open source is complex and constantly changing.
In a conversation on Law.com’s Unprecedented podcast, Silicon Valley attorney and former programmer Heather Meeker of O’Melveny & Myers explains recent trends in open source license enforcement. She also talks about why dealing with sexual harassment in the open source community is legally challenging, and security issues in open source.
Learning a programming language involves some important decisions on the part of a professional. Gone are the days when one mastered a single popular programming language and it granted job security. Highlighting these limitations of reliance on a single programming language, Coding Dojo coding school has shared the results of an interesting study.
I think 2017 was a great year for Rust. Near the beginning of the year, after custom derive and a bunch of things stabilized, I had a strong feeling that Rust was “complete”. Not really “finished”, there’s still tons of stuff to improve, but this was the first time stable Rust was the language I wanted it to be, and was something I could recommend for most kinds of work without reservations.
I think this is a good signal to wind down the frightening pace of new features Rust has been getting. And that happened! We had the impl period, which took some time to focus on getting things done before proposing new things. And Rust is feeling more polished than ever.
The explosion occurred at Apple's Calle Colón Store in Valencia, Spain. According to a report in Las Provincias, the battery overheated while being worked upon and started emitting smoke, triggering immediate evacuation from the building. An entire floor in the building was engulfed in smoke, one of the first responders at the site reported.
It’s a tough time for Apple Store staff across the world, not only because iPhone owners rush to change their worn-out batteries as part of the $29 discount program, but also due to some batteries actually catching fire right when being serviced.
It happened earlier this week in Zurich, when an iPhone battery started emitting smoke all of a sudden, and now the same thing took place in Spain at Apple’s store in Valencia.
A report from local newspaper LasProvincias reveals that the iPhone battery hasn’t just emitted smoke, but it actually exploded, leading to the entire floor being filled with smoke.
This obviously triggered the store evacuation given the risks of smoke intoxication, and firefighters and police rushed to the scene. Emergency services, however, weren’t required to intervene because Apple Store staff managed to vent the building by opening all windows and to cover the faulty battery with sand. No injuries were caused to Apple employees or store visitors.
American kids are 70 percent more likely to die during childhood compared with children in other wealthy, democratic nations, according to a peer-reviewed study published Monday by Health Affairs.
The battle to protect farmworkers and their families from dangerous pesticides has been going on for decades. But it has always been an uphill struggle because of the power and the money behind the mammoth petrochemical industry. In 2017, farmworkers, their families continued to be exposed to toxic sprays that drift into school zones and other populated areas.
A bug report submitted on Open Radar this week reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.
I have been watching Meltdown and Spectre unfold from the sidelines. Other than applying available updates, I'm just watching and absorbing the process of the disclosure. This one appears mid way along a long road.
I teach mostly administrators. I teach some developers. I teach those in, or desiring to be in, infosec. I like teaching security topics. I think securing systems requires more people thinking about security from the beginning of design and as an everyday, no big deal part of life. A question I ask with these newsworthy issues is what normal practices can mitigate even part of the problems? There are two big basics - least privilege and patch management - to always keep in mind. Issues like ShellShock and Venom were mostly mitigated from the beginning with SElinux enabled (least privilege) and WannaCry had little impact on those systems patched long ago when the SMB bug was first found and fixed.
However, in some cases, both exploits and accidents come from doing something that no one else thought of trying. This is why I like open source. There is the option (not always used) for more people trying different things and finding better uses as well as potential flaws. Any type of cooperation and collaboration can be the source of some of these findings including pull requests, conference talks, or corporations working with academic research projects.
Josh and Kurt talk about the recent npm happenings. What it means for the supply chain, and we end with some thoughts on how maybe none of this matters.
Much has been written about the nature of the Meltdown and Spectre threats, which leverage the speculative execution features of modern processors to give user-level applications access to operating system kernel memory. This is obviously a very big problem. Chip suppliers and operating system and hypervisor makers have known about these exploits since last June, and have been working behind the scenes to provide corrective countermeasures to block them. The idea was to wait until January 9 to have all the fixes lined up in the industry and then tell the world about the exploits. But rumors about the speculative execution threats forced the hands of the industry, and last week Google put out a notice about the bugs and then followed up with details about how it has fixed them in its own code for its own systems.
The National Security Agency didn't know about the Meltdown or Spectre flaws, White House cybersecurity coordinator Rob Joyce said at the International Conference on Cyber Security at Fordham University Law School here today (Jan. 11).
Like many I was profoundly saddened by this analysis. I want to believe in constructive correctness, in math and in proofs. And so with the rise of functional programming, I thought that this historical slide from reason towards observation was just that, historical, and that the "safe" languages had a compelling value that would be evident eventually: that "another world is possible".
In particular I found solace in "langsec", an approach to assessing and ensuring system security in terms of constructively correct programs. One obvious application is parsing of untrusted input, and indeed the langsec.org website appears to emphasize this domain as one in which a programming languages approach can be fruitful. It is, after all, a truth universally acknowledged, that a program with good use of data types, will be free from many common bugs. So far so good, and so far so successful.
The basis of language security is starting from a programming language with a well-defined, easy-to-understand semantics. From there you can prove (formally or informally) interesting security properties about particular programs. For example, if a program has a secret k, but some untrusted subcomponent C of it should not have access to k, one can prove if k can or cannot leak to C. This approach is taken, for example, by Google's Caja compiler to isolate components from each other, even when they run in the context of the same web page.
But the Spectre and Meltdown attacks have seriously set back this endeavor. One manifestation of the Spectre vulnerability is that code running in a process can now read the entirety of its address space, bypassing invariants of the language in which it is written, even if it is written in a "safe" language. This is currently being used by JavaScript programs to exfiltrate passwords from a browser's password manager, or bitcoin wallets.
A new Mac security flaw lets you type literally any username and password in order to unlock the Mac App Store panel in System Preferences. It’s probably not a big deal practically speaking—the panel is unlocked by default—but the fact that this issue exists at all is a worrying reminder that Apple isn’t prioritizing security like they used to.
Sometimes the cure is worse than the disease. Just ask the affected users of older AMD systems who had their PCs bricked after downloading and installing a Windows update that was supposed to protect them from Meltdown and Spectre. It is not just Windows users who are suffering, either. Some Ubuntu Xenial 16.04 users also report that the latest update for their OS has rendered their system unable to boot.
After a series of ransomware attacks capturing the headlines past year, crypto mining malware and cryptojacking attacks came into the play. Just last month, a Starbucks customer found that the infected Wi-Fi hotspot was trying to mine Monero digital coins. It was a new kind of threat associated with using public hotspots, which are often labeled unsafe and users are advised to use VPN services for extra privacy.
An indictment filed Wednesday in federal court in Ohio may answer some of those questions. It alleges Fruitfly was the creation of an Ohio man who used it for more than 13 years to steal millions of images from infected computers as he took detailed notes of what he observed.
While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection—could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades. While the EMC vulnerabilities were announced late last year, VMware only became aware of its vulnerability last week.
Basically, it's pretty typical of the malware that crops up in dodgy apps that have wormed their way past the digital bouncers on the Play Store.
This may sound like a crazy way of enhancing security on a server, but if you can get away with it—as in you don't need any USB devices such as keyboards, mice, external drives—disabling USB support can be an added means of ensuring malicious files do not find their way onto your servers. Obviously, this will only work for headless machines, so you better make certain you can SSH into those servers, otherwise, you'll find yourself in trouble trying to input anything via keyboard or mouse.
Former military strategist Daniel Ellsberg, famous for releasing the Pentagon Papers, a top-secret study of U.S. involvement in Vietnam, calls the United States’ nuclear weapons policy “dizzyingly insane and immoral.” In his new memoir, “Doomsday Machine: Confessions of a Nuclear War Planner,” Ellsberg chronicles his years spent as a nuclear policy analyst, which included the near miss of the Cuban Missile Crisis in 1962. Ellsberg joins us to discuss his new book and why he calls for more risk-reduction measures around nuclear weapons. We’ll also get his thoughts on the new movie, “The Post,” which dramatizes the Washington Post’s decision to publish the Pentagon Papers in 1971.
According to reports, 13 small drones descended on Russian forces, but none did significant damage. Seven were destroyed by anti-aircraft defences and the others were brought down using electronic countermeasures to hijack or jam the drone’s controls and land them intact.
Though expanding the U.S.-led war in Afghanistan last year, President Trump has shown little interest in the details — until New Year’s Day when he threatened Pakistan in a surprising tweet storm, reports Dennis J Bernstein.
"The UN ruling – issued almost two years ago – is crystal clear in its language – Mr Assange is unlawfully and arbitrarily detained by the UK authorities and must be released," Assange's legal team told teleSUR. "The UK should not permit itself to be intimidated by the Trump administration's public threats to 'take down' Mr Assange."
Ecuador’s decision to grant nationality to Julian Assange is a welcome step, but we’re still a long way from resolving this situation. In the first year of Donald Trump’s presidency, we’ve seen the US rhetoric against First Amendment activity, and the threats of prosecution, reach new, dangerous heights. When the Director of the CIA uses his inaugural speech to declare a publisher’s arrest a “priority”, we should all take seriously the threat posed to press freedoms in America. With alleged NSA whistleblower Reality Winner’s Espionage case coming to trial in March and dozens of leak investigations underway, it is clear that the Trump Administration will only intensify the war on whistleblowers and the journalism they make possible.
WikiLeaks co-founder Julian Assange has cryptically uploaded a picture of himself dressed in the national colors of Ecuador. The country’s media reports the whistleblower has been granted an Ecuadorian ID. Assange’s ID was issued on December 21, Ecuadorian outlet El Universo reports, citing “reliable sources” and providing the civil registry number to check on the government website. The document number 1729926483, upon checking on the Internal Revenue Service, is indeed registered to one Julian Paul Assange.
Government whistleblowers and journalists who report on leaked information could face 20 years’ imprisonment if changes to Australia’s official secrecy laws pass parliament.
The overhauled offence provisions, introduced to the House of Representatives in December just hours after marriage equality became law, form part of the Coalition government’s broader crackdown on treason, espionage and foreign interference. If passed, the reform will increase tenfold the maximum penalties for anyone communicating information potentially harmful to the national interest, where that information is obtained via a government official without authorisation.
“This is ‘creeping Stalinism,’” said Ethicos Group specialist Howard Whitton, who has advised governments and the United Nations ethics office on whistleblower policy. “The absolute protection of principled disclosure of wrongdoing – unfettered by government – must be preserved, or Australia will become a laughing stock internationally.”
The Foreign Office rejected a request from Ecuador to grant Julian Assange diplomatic status, according to British officials. The WikiLeaks founder has been living in the London embassy of the south American country for five-and-a-half years after being granted political asylum to fight allegations of sex-related crimes in Sweden. Ecuador's foreign minister, Maria Fernanda Espinosa, said on Wednesday the country was seeking mediation to resolve the impasse. However, an FCO spokesman said on Wednesday: "The Government of Ecuador recently requested diplomatic status for Mr Assange here in the UK. The UK did not grant that request, nor are we in talks with Ecuador on this matter. "Ecuador knows that the way to resolve this issue is for Julian Assange to leave the embassy to face justice."
Daily newspaper El Universo cited sources saying that Assange had been issued both a national ID card and passport, while a search on the country's tax office website confirmed his "cedula" number as 1729926483.
Ecuador says it has granted nationality to WikiLeaks founder Julian Assange, who's living in its London embassy.
The Associated Press reports that Ecuador has granted citizenship to Julian Assange. The Wikileaks founder has been living in the Ecuadorian embassy in London since 2012, when he was faced with extradition to Sweden for allegedly sexually assaulting two women. The New York Times also reports that Ecuador has sought to give Assange diplomatic status, but Britain has rejected the request. Diplomatic immunity would allow him to leave the embassy without the possibility of being arrested for jumping bail in 2012.
Ecuador has granted citizenship to WikiLeaks founder Julian Assange, who has been holed up in the country's London embassy for more than five years.
Ecuador's foreign minister Maria Fernanda Espinosa said Assange was naturalised as a citizen on 12 December, at his request.
It comes after Britain's Foreign Office said on Thursday that it had rejected Ecuador's request to grant diplomatic status to Assange, which would give him immunity from arrest.
Ecuador announced on Thursday that it had granted citizenship to Julian Assange, the WikiLeaks co-founder who has been living in a tiny room in the South American country’s London embassy since seeking political asylum in 2012.
It was an extraordinary development in the prolonged diplomatic standoff, and came only hours after Britain said it had rejected a request by Ecuador to grant Mr. Assange diplomatic immunity so he could leave the embassy.
The Ecuadorean government has confirmed that Julian Assange was granted Ecuadorean citizenship on 12 December.
Ecuador subsequently asked the UK to recognise Mr Assange as a diplomatic agent - a move that could have given him immunity.
The UK has refused, saying Mr Assange - who has been at the embassy since 2012 - should now leave and "face justice".
Julian Assange has been granted Ecuadorian citizenship as the country says it is seeking a “dignified and just” resolution to the Wikileaks founder’s extended residence in its London embassy.
Mr Assange was granted political asylum in the embassy five-and-a-half years ago when Swedish prosecutors were investigating sex crime allegations against him.
The investigation has since been dropped but Mr Assange, 46, has refused to leave, claiming he fears arrest over breaching his bail because he might be extradited to the US.
Ecuador has granted citizenship to Wikileaks founder Julian Assange, who has been living in the country's London embassy since 2012, according to the Associated Press.
WikiLeaks founder Julian Assange was "naturalized" as an Ecuadorean on Dec. 12, at his request, Ecuador's foreign minister said on Thursday, adding that she was seeking a "dignified" solution to his situation with Britain.
Ecuador says it has granted nationality to Julian Assange after the British government denied a request to grant the WikiLeaks founder diplomatic status.
Assange faces arrest for breaking his bail conditions if he leaves Ecuador's London embassy, where he was granted asylum in 2012 to avoid extradition to Sweden over sexual assault allegations, which he has repeatedly denied.
Ecuador has granted citizenship to WikiLeaks founder Julian Assange, who has been living in asylum at the nation's embassy in London for more than five years.
The nation's foreign minister announced Thursday that officials had decided to permit Assange's naturalization while they look for ways to resolve his situation.
Ecuador has granted citizenship to WikiLeaks founder Julian Assange, who has been living in asylum at the nation's embassy in London for more than five years.
Ecuador has granted citizenship to WikiLeaks founder Julian Assange after more than five years of living in asylum at the nation's embassy in London, officials announced Thursday.
WHISTLEBLOWING website Wikileaks has been a thorn in the side of governments, armies and spy agencies for a decade by publishing secret papers online.
Sweden dropped the case, though Assange has remained in the embassy because he is still subject to arrest in Britain for jumping bail.
Ecuador has granted citizenship to WikiLeaks founder Julian Assange, Ecuador's Foreign Minister Maria Fernanda Espinosa announced Thursday. Speaking at a news conference in Quito, Espinosa said Assange was granted naturalization on December 12.
U.S.-trained Chinese-born talent is becoming a key force in driving Chinese companies’ global expansion and the country’s efforts to dominate next-generation technologies like artificial intelligence and machine learning. Where college graduates once coveted a prestigious overseas job and foreign citizenship, many today gravitate toward career opportunities at home, where venture capital is now plentiful and the government dangles financial incentives for cutting-edge research.
South Korea's justice minister said on Thursday that a bill is being prepared to ban all cryptocurrency trading in the country.
That news is a major development for the cryptocurrency space, as South Korea is one of the biggest markets for major coins like bitcoin and ethereum.
A no-deal hard Brexit could cost the UK half a million jobs and €£50 billion less investment, according to a study.
Research for the mayor of London Sadiq Khan warned of a "lost decade" of significantly lower growth.
The country could have 500,000 fewer jobs in the worst-case scenario and nearly €£50 billion less investment by 2030.
In London alone, there could be 87,000 fewer jobs and the capital's economic output could be 2% lower by 2030 than predicted under the status quo, it was warned.
Owen Jones wrote a thoughtful article recently in which he defended Labour for accepting Brexit. He covered electoral triangulation, far-right extremism, and fundamental problems with referenda. Much of what he wrote was spot on. The problem is, like almost all Brexit debate, it looked backwards, not forwards. And here’s why that matters.
[...]
Labour should continue to acquiesce – both for votes, and because acquiescence to a referendum result is to a certain extent moral. But rather than look backwards to when Keir Starmer’s six tests were sufficient, we must look forwards – to when Brexit takes shape and acquiescence gets harder.
For example, consider the criticism of Jeremy Corbyn for not supporting an initial discussion on single market membership. There is a real irony here in that the criticism comes from Remainers and Corbyn pointed out what the Brexiteers denied – i.e. that the single market is not a separate joinable entity.
Ironic or not, that Remainer criticism matters. As others make better play of being Remain parties – we lose our default “not the Brexit party” position. And worse is to comes as Brexit ceases to be an abstract concept.
Broadly acquiescing to a referendum result and the word “Brexit” was possible in 2017 but soon we will have to choose between enabling or blocking a specific Tory Brexit.
That isn’t acquiescence – it is support or opposition. And it could alienate millions of either Brexit or Remain voters who chose Labour in 2017.
Wednesdbury Oak Academy in the West Midlands is an "academy school," similar to a US charter school -- a publicly funded, privately operated school, which, theory goes, is able to "experiment" with new educational techniques, by deviating from the standard curriculum, rejecting students on the basis of selection criteria, and hiring teachers without formal qualifications.
The school solicited €£6 contributions from parents to contribute to the cost of new playground apparatus. Contributions from the parents of 80 children out of the 450 who attend the school sent in money. When the school purchased the new equipment, the playground was segregated, with the children whose parents contributed the €£6 able to play anywhere, but the remaining majority of children were barred from playing in the area with the new equipment.
The article illustrates much of what is wrong with European institutions, in particular the European Commission, a mixture of bureaucratic arrogance, false creed based on dogma rather than facts, and a disdain for democratic debate. The Commission, based in Brussels, is not elected but, according to EU treaties, it has a monopoly -- yes, a monopoly -- on initiating legislation at the European level. Each Commissioner is an appointed bureaucrat, one for each member state -- often a former top politician, now sidelined in his country of origin, therefore with very little democratic legitimacy.
Yair Netanyahu and his friends hoped their night out would not be documented. Accompanied by a bodyguard and a driver provided by the state, the prime minister’s son, the son of gas tycoon Kobi Maimon and Roman Abramov, a representative of billionaire James Packer, went touring strip clubs in Tel Aviv, paying for erotic dances and talking about the natural gas deal that had just been reached. On Monday night, the Israel Television News Company broadcast a recording made that night.
This is a real exchange that happened between President Donald Trump and Fox News' chief White House correspondent John Roberts in a press conference with the Norwegian prime minister on Wednesday afternoon.
He said after months of non-stop phone calls from Yelp, he claims his favorable rating dropped after he finally told the company he would not pay for advertising.
Cohen also said via Twitter that he is suing the private investigative firm Fusion GPS, which compiled a dossier of claims that say, among other things, that Cohen and Trump had ties with shadowy Russian characters. BuzzFeed published the dossier, which was commissioned in 2016 by Trump's opponents.
Your editorial “Book Banning Bunkum” (Jan. 8) is far too serene in dismissing as routine Trumpish “feckless bluster” in his efforts to pressure Michael Wolff’s publisher into abandoning publication of his book. Of course, you are right to recall other such threats by the president which weren’t followed up by actual litigation, including one to this newspaper. But not all publications and journalists can so easily shrug off such threats of financially crippling litigation.
But Tariq Aziz, a close ally of Saddam Hussein who served under him for over two decades, was unable to take up the invitation, after he was reportedly refused a visa by the Home Office.
The Chief censor, Steven Mala says that capacity has been the delaying issue with the PNG Censorship Board.
The body made a stand last year to work closely with production houses to closely monitor the content of music by local artists.
Following up on this, Mala revealed that not much focus was given to the industry, to date.
However he said, recruitment has been completed in 2017 so work should commence this year.
Mala reiterated that work by artists should be screened by the Censorship Board before being aired.
He said another circular will be sent to media houses going forward.
For reasons only known to the plaintiff, an American psychiatrist offering unlicensed services in Japan is suing a whole bunch of Redditors for defamation. The underlying reason for this lawsuit is obvious: searches for Dr. Douglas Berger or psychiatrists in Japan tend to return lots of links presumably owned by Dr. Berger, but more prominently, a bunch of warnings from Redditors at Japan-focused subreddits to steer clear of his psychiatric services.
And even if they did, the First Amendment would stop him in his tracks.
In the latest in a long line of attacks on freedom of the press, President Trump has once again threatened today to change libel laws to make it easier to sue news organizations, publishers, and others after the publication of an unflattering book.
“We are going to take a strong look at our country’s libel laws so that when somebody says something that is false and defamatory about someone, that person will have meaningful recourse in our courts,” Trump said.
As internet users in 2018, we are all able to produce content, share it with an audience and be considered “content creators” regardless of background, orientation or qualifications. The internet in the modern day has made it possible for any person with access to it to have the opportunity to create videos for any viewer to see. YouTube is a platform where this opportunity can come to life.
While YouTube is a positive place where creators put out content in many different genres it is also a place where offensive videos have an opportunity to be shared and reach millions of viewers.
YouTube currently has a policy that prohibits videos with offensive language, sexual content, or “controversial subjects” including tragedy or violence from being monetized. The algorithm in place is that of a robot, separating the offensive material from the non-offensive. However, like many algorithmic programs, there are flaws within the system.
Last summer, we wrote about an important Supreme Court case, Packingham v. North Carolinia, which made the fairly important ruling that the internet was so central to everyday life that courts could not ban people from the internet, even if they were convicted of a horrific crime. It was an important ruling -- but almost immediately, some people worried that some would interpret the ruling in a way to suggest that online service providers, themselves, could not kick people off of their service. That's not what the ruling actually says, but it's possible to quote it out of context to suggest as much.
And, indeed, we've started to see such cases brought against internet companies. The case Dennis Prager brought against YouTube, for example, cites Packingham to argue that it's somehow unconstitutional to filter his videos with warning labels. And now we can add famed internet troll Chuck Johnson to the list, as he's filed a lawsuit against Twitter, long after the site permanently banned Johnson from using their platform.
As we noted with the Prager/YouTube case, it's unlikely this case will go anywhere. Courts have held out, repeatedly, that platforms have the right to operate however they want regarding letting people use their services or not (the big distinction with Packingham was that was the government denying individuals access to the internet, not private operators). And there is extensive case law around Section 230 of the CDA as well, which states in fairly plain language that sites not only can filter and moderate however they want without liability, but actually encourages them to do so. There is, of course, at least some amount of irony that it was conservatives who were complaining about "bad stuff" (mainly porn) online who pushed for incentives in the CDA to get internet services to censor via filtering... and now it's "conservative" commentators like Prager and Johnson, who are suing because those sites are filtering, as is explicitly encouraged by the law.
The Ninth Circuit Court of Appeals has upheld a 2015 decision finding Idaho's "ag-gag" law unconstitutional. Despite the protestations of legislators and the state itself, the court finds the law prohibiting people from obtaining access to farms and other agricultural entities under false pretenses a violation of protected speech.
As the lower court pointed out, the law would have made Upton Sinclair's expose of the meatpacking industry illegal. The upshot of Sinclair's book was significant changes to food and employee safety laws. Without the efforts of whistleblowers this law clearly targeted, the safety of the public -- both consumers and employees -- would be negatively impacted.
The Appeals Court finds little to like about the state's arguments the law is meant to protect the privacy of agricultural entities. Instead, it points out statements made by legislators -- as well as the law's wording -- indicates the state intended to block speech critical of these entities. The decision [PDF] highlights comments made by legislators during the passage of the law which show the true impetus for the law's creation.
For the last few years, the trend du jour in online media has been to demonize, vilify, then shutter the traditional news comment section. Usually these closures come with all manner of disingenuous nonsense about how websites are banning comments for the sake of "building relationships" or because the website in question just "really loves conversation." Usually, on-site users are then shoved toward social media silos at Twitter and Facebook we're told are "just as good" as an active, on-site community (read: doing this is cheaper and makes it somebody else's problem).
Traditionally, readers of these websites are told that news comments simply had to die because it's impossible to cultivate healthy discourse in the post-truth, mega-troll era. But as Techdirt and countless other websites have made clear for more than a decade, that's simply not true. And while being lazy, cheap and actively hostile to on-site community is any website's prerogative, this ignores the fact that online news comments are an excellent avenue for transparency and a tool to hold websites, and authors, accountable.
[...]
Again, for better or worse news in the modern era is a conversation. Muting your on-site audience may feel good to editors on tight budgets, tired of trolls, and wistful for the bygone days of carefully-chosen letters to the editor, but it's doing your community (and the news industry at large) a disservice. As such, the Intercept's moves are a welcome change of pace for an industry that has spent the last few years insisting that muzzling your readership somehow represents a breathless dedication to quality online discourse.
Changes made to a middle-school history textbook’s chapter on the Cultural Revolution have sparked controversy in China, with its state-run publisher denying it censored the book.
The furore came after a post widely shared on Chinese social media suggested that politically sensitive content about the political movement had been removed.
The post showed photographs of the old version of the textbook and a revised text.
The pictures appeared to show that a chapter formerly devoted to the Cultural Revolution had been taken out.
The post also suggested that a sentence referring to the political movement in China in the 1960s and 1970s – which caused a decade of violence and political and social violence upheaval – had been altered to remove a reference to the Communist Party.
The Congressional showdown on Section 702 reforms/renewal continues to generate little actual debate or reform -- but plenty of bad proposals. Both the House and Senate Intelligence Committees have decided there should be a renewal -- preferably an extended one -- with zero actual reform.
Members of the House offered up some tepid reforms in the USA Liberty Act, only to find this offering blocked by the House Permanent Select Committee on Intelligence (HPSCI), which offered a zero-reform package at the last minute. Fortunately, no one was able to tack a lousy non-reform bill to the tailend of the annual budget bill, thereby dodging reform discussions and giving the NSA a surveillance blank check for the next 5-10 years.
Having been stiff-armed for a few weeks, the HPSCI has put together another Section 702 "reform" bill that does nothing to change the status quo and actually has the possibility of making things worse.
As discussed this morning, the House voted a few hours ago on a bill to reauthorize Section 702 of the FISA Amendments Act that did not reform the widely abused surveillance rules -- other than to codify some of the power allowing them to continue to abuse it for warrantless surveillance on Americans. There was a vote on an important Amendment from Reps. Justin Amash and Zoe Lofgren that would have allowed the reauthorization of the underlying program, but (importantly) required a warrant (as per the 4th Amendment) for spying on Americans. And, unfortunately, the amendment was voted down (183-233) and the awful reauthorization passed, 256 to 164.
The fight over this bill was... weird in so many ways. There was the expected bullshit: politicians outright lying to the public, arguing that the Amash/Lofgren amendment (which again, just said that the program had to be conducted in accordance with the 4th Amendment) would somehow stop the intelligence and law enforcement community from finding terrorists (it wouldn't). Again: everyone expected that. What was weird was (1) having some of Donald Trump's loudest detractors in Congress... then argue against the Amash amendment and in favor of giving the Trump administration more power to warrantlessly spy on Americans and share that data widely among law enforcement. And (2) having President Trump tweet a series of confused tweets this morning that demonstrated that he clearly didn't know what the debate is actually about... and suggesting he was against the reauthorization, despite the fact that the White House (his White House) had issued a statement strongly supporting the reauthorization.
The House of Representatives cast a deeply disappointing vote today to extend NSA spying powers for the next six years by a 256-164 margin. In a related vote, the House also failed to adopt meaningful reforms on how the government sweeps up large swaths of data that predictably include Americans’ communications.
Because of these votes, broad NSA surveillance of the Internet will likely continue, and the government will still have access to Americans’ emails, chat logs, and browsing history without a warrant. Because of these votes, this surveillance will continue to operate in a dark corner, routinely violating the Fourth Amendment and other core constitutional protections.
The U.S. House of Representatives on Thursday passed a bill to renew the National Security Agency’s warrantless internet surveillance program, overcoming objections from privacy advocates and confusion prompted by morning tweets from President Donald Trump that initially questioned the spying tool.
The legislation, which passed 256-164 and split party lines, is the culmination of a yearslong debate in Congress on the proper scope of U.S. intelligence collection - one fueled by the 2013 disclosures of classified surveillance secrets by former NSA contractor Edward Snowden.
After a contentious debate, the House of Representatives has voted to extend a controversial government surveillance program that powers American spying operations, as it voted down a proposal to include new privacy measures.
The debate centers on Section 702 of the Foreign Intelligence Surveillance Act, which allows for collection of foreign intelligence data, and that privacy advocates say invasively scoops up Americans’ communications. The authorization for the program is set to expire later this month, if not reauthorized. Section 702 allows the National Security Agency to continue controversial surveillance activities like PRISM, which the agency uses to scan through data held by American tech companies.
As recently as last night, the Trump administration was strongly in favor of legislation to renew one of the federal government's most controversial spying powers. Known to insiders as Section 702 of the FISA Amendments Act, the law grants the government surveillance powers that are only supposed to be used on targets outside the United States.
Civil liberties groups say that the law can too easily be used to sweep up the private communications of Americans. And they're backing legislation called the USA Rights Act to place new restrictions on the use of 702 spying powers—the House of Representatives was voting on that amendment as we published this story. Last night, the White House put out a statement condemning USA Rights.
It was a delicate and belated legislative minuet, in pursuit of a goal that aligned Donald Trump, his House GOP allies, some Democratic adversaries, and the intelligence agencies he derides as Nazi-like. Perhaps predictably, Trump disrupted all those complex congressional machinations with a tweet.
The House voted decisively Thursday to reauthorize a powerful government authority to conduct foreign surveillance on U.S. soil, overcoming opposition from privacy advocates and confusion sown by contradictory and seemingly misinformed tweets from President Trump questioning his administration’s support for the program.
IN 2013, 18-YEAR-OLD Tadrae McKenzie robbed a marijuana dealer for $130 worth of pot at a Taco Bell in Tallahassee, Florida. He and two friends had used BB guns to carry out the crime, which under Florida law constitutes robbery with a deadly weapon. McKenzie braced himself to serve the minimum four years in prison.
But in the end, a state judge offered McKenzie a startlingly lenient plea deal: He was ordered to serve only six months’ probation, after pleading guilty to a second-degree misdemeanor. The remarkable deal was related to evidence McKenzie’s defense team uncovered before the trial: Law enforcement had used a secret surveillance tool often called Stingray to investigate his case.
Stingrays are devices that behave like fake cellphone towers, tricking phones into believing they’re pinging genuine towers nearby. By using the device, cops can determine a suspect’s precise location, outgoing and incoming calls, and even listen-in on a call or see the content of a text message.
The American Civil Liberties Union praised the policy for requiring officers to have some suspicion before copying and using electronic methods to search a device. But the Constitution still requires that the agency get a search warrant based on probable cause to search a device, according to the ACLU.
Section 702 of the Foreign Intelligence Surveillance Act has been abused by the intelligence agencies to spy on Americans. This week the House of Representatives will vote on a bill to make that legal.
[...] No fix has been issued to date.
More troubling is the existence of a hard coded backdoor with credentials that cannot be changed. Logging in to Western Digital My Cloud services can be done by anybody using "mydlinkBRionyg" as the administrator username and "abc12345cba" as the password. Once logged in, shell access is readily available followed with plenty of opportunity for injection of commands.
He added: “I just do not buy the claim that it’s impossible.”
Cybersecurity experts and civil liberties organizations, meanwhile, have long made the case that iPhone encryption keeps the average consumer’s data safe from hackers and authoritarian surveillance, a net benefit for society.
When WhatsApp added end-to-end encryption to every conversation for its billion users two years ago, the mobile messaging giant significantly raised the bar for the privacy of digital communications worldwide. But one of the tricky elements of encryption—and even trickier in a group chat setting—has always been ensuring that a secure conversation reaches only the intended audience, rather than some impostor or infiltrator. And according to new research from one team of German cryptographers, flaws in WhatsApp make infiltrating the app's group chats much easier than ought to be possible.
At the Real World Crypto security conference Wednesday in Zurich, Switzerland, a group of researchers from the Ruhr University Bochum in Germany plan to describe a series of flaws in encrypted messaging apps including WhatsApp, Signal, and Threema. The team argues their findings undermine each app's security claims for multi-person group conversations to varying degrees.
But while the Signal and Threema flaws they found were relatively harmless, the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.
According to a Wired report, the flaws allow a person with the control of WhatsApp’s servers to add anyone to a WhatsApp group without admin permission.
Anyone in control of WhatsApp's servers - like an employee instructed by a government, for example - could spoof security processes and add new members to groups and snoop on private conversations, researchers at Germany’s Ruhr University Bochum have claimed.
Do you remember that time when Uber didn’t tell us that the data of 57 million of their users got exposed? Or that time when Equifax failed to protect data of 400,000 people in the UK? Or those two Yahoo hacks that breached more than one billion accounts? Oh, and that time when TalkTalk was fined €£400,000 for inadequately protecting 156,959 accounts of their customers?
I could go on. These are just a fraction of the data breaches that have caused leaks of people’s data. Every time you provide your name, date of birth, home address or details for an online payment to a company you do so based on trust that they will keep your data safe. But increasingly, companies fail their customers.
Currently, the Government’s Data Protection Bill will give citizens the power to instruct a select group of not for profit bodies to represent them in complaints to the data protection authority or the judiciary. This is required of the Government - Article 80(1) is a mandatory provision in the EU’s General Data Protection Regulation (GDPR).
With NSA Director Adm. Mike Rogers set to retire later this year, several prominent names are already being floated among government leaders as to who will become the next leader of the country's premier signals intelligence agency.
In the analog world of our parents, leaks to the press were heavily protected in both ends – both for the leaker and for the reporter receiving the leak. In the digital world of our children, this has been unceremoniously thrown out the window while discussing something unrelated entirely. Why aren’t our digital children afforded the same checks and balances?
News specific to these communities will be directed to users by both human curators and algorithms. News appearing on each cities’ "Today In" feed will reportedly be vetted by Facebook’s news partnership team.
Myanmar prosecutors sought charges on Wednesday against two Reuters reporters under the Official Secrets Act, which carries a maximum prison sentence of 14 years, the reporters’ lawyer said.
Wa Lone, 31, and Kyaw Soe Oo, 27, were detained on Dec. 12 after they had been invited to meet police officers over dinner. Family members have said the two told them they were arrested almost immediately after being handed some documents by the officers they had gone to meet.
The two had worked on Reuters coverage of a crisis in the western state of Rakhine, where - according to U.N. estimates - about 655,000 Rohingya Muslims have fled from a fierce military crackdown on militants.
Good news out of the Ninth Circuit: the federal court of appeals heeded EFF’s advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle’s website in a manner it didn’t like. The court ruled back in 2012 that merely violating a website’s terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes—in this case, California and Nevada—to enforce their computer use preferences.
This decision shores up the good precedent from 2012 and makes clear—if it wasn’t clear already—that violating a corporate computer use policy is not a crime.
Oracle v. Rimini involves Oracle’s terms of use prohibition on the use of automated methods to download support materials from the company’s website. Rimini, which provides Oracle clients with software support that competes with Oracle’s own services, violated that provision by using automated scripts instead of downloading each file individually. Oracle sent Rimini a cease and desist letter demanding that it stop using automated scripts, but Oracle didn’t rescind Rimini’s authorization to access the files outright. Rimini still had authorization from Oracle to access the files, but Oracle wanted them to access them manually—which would have seriously slowed down Rimini’s ability to service customers.
Rimini stopped using automatic downloading tools for about a year but then resumed using automated scripts to download support documents and files, since downloading all of the materials manually would have been burdensome, and Oracle sued. The jury found Rimini guilty under both the California and Nevada computer crime statues, and the judge upheld that verdict—concluding that, under both statutes, violating a website’s terms of service counts as using a computer without authorization or permission.
The state with the worst racial disparities in incarceration lifts ban on Michelle Alexander's seminal book.
Michelle Alexander dedicates her book, “The New Jim Crow,” to the people who have been swept up by America’s racist criminal justice system. “You may be locked up or locked out of mainstream society, but you are not forgotten.” For the first time, all prisoners across New Jersey can read her words.
The ACLU of New Jersey learned that “The New Jim Crow” was banned as a matter of official policy in at least two prisons: New Jersey State Prison and Southern State Correctional Facility. On Monday, we sent a letter to the Department of Corrections commissioner telling him that the ban was not only unconstitutional as a violation of the First Amendment, but also that it was a deeply disturbing policy, especially since New Jersey has the worst racial disparities in incarceration in the entire country.
It is not only immoral to deport people to countries where they will be violently persecuted. It’s illegal.
Rahim Mohamed’s daughter was born in October, but the 32-year old father, who has been detained in immigration custody since April, has not seen or held her. If Immigration and Customs Enforcement has its way, he won’t get that chance. Instead, he will be summarily deported to Somalia, despite the fact that Rahim fears persecution by Al-Shabaab, the Somali-based affiliate of Al-Qaeda, and would be leaving behind his U.S. citizen wife, toddler son, and infant daughter.
Rahim is one of 92 Somali nationals, currently locked up in Florida, who ICE is rushing to deport before they have a chance to ask to reopen their immigration cases so that a judge can consider the danger to their lives. The Somalis have filed a lawsuit against ICE to stop their immediate deportations. In addition to the ACLU, they are represented by the Immigration Clinic at the University of Miami School of Law, Americans for Immigrant Justice, the James H. Binger Center for New Americans at the University of Minnesota Law School, the Legal Aid Service of Broward County, and The Advocates for Human Rights.
On Tuesday, we appeared in federal court to argue that these men and women must receive a full and fair opportunity to reopen their cases before an immigration judge in keeping with due process and habeas corpus rights. It is against U.S. law to deport anyone to a country where they are likely to be persecuted or tortured. Immigration law also permits the reopening of removal orders based on changed circumstances.
However, ICE seems intent on ignoring both of these facts.
Revenge porn, where people share intimate images of others in order to intimidate, harass, or embarrass, is rampant. Now, data obtained by a security analyst and shared with The Daily Beast reveals the behind-the-scenes of the epicenter of revenge porn: a notorious image board called Anon-IB, where users constantly upload non-consensual imagery, comment on it, and trade nudes like baseball cards.
The data shows Anon-IB users connecting from U.S. Senate, Navy, and other government computers, including the Executive Office of the President, even as senators push for a bill that would further combat the practice, and after the military’s own recent revenge-porn crisis.
“Wow tig ol bitties. You have any nudes to share?” someone wrote in November, underneath a photo of a woman who apparently works in D.C., while connecting from an IP address registered to the U.S. Senate.
The ACLU filed papers on behalf of yet another girl 17-year-old whose right to an abortion is being flagrantly disregarded.
First there was Jane Doe. Then there were Jane Roe and Poe. Now Jane Moe has come to our attention.
Earlier this week, we learned that yet another 17-year-old immigrant in government custody was being blocked by the Trump administration from obtaining an abortion.
Jane Moe, who is believed to be in her second trimester of pregnancy, made clear her desire to terminate her pregnancy two weeks ago. Private funds are available to pay for her abortion, and staff at the shelter where she is being held are willing to accompany Ms. Moe to a clinic, but as in three prior cases, the government is refusing to allow it.
Arizona prisons are causing harm and death because of inadequate medical and mental health care.
Walter Jordan tried to tell the world he was dying in prison in Arizona when he mailed a handwritten message, titled “Notice of Impending Death,” to the federal court in Phoenix. Nine days later, he was dead. According to Dr. Todd Wilcox, a physician who reviewed Jordan’s case, the 67-year-old might have survived if he had received competent treatment by the Arizona Department of Corrections (ADOC) and its private, for-profit health care contractor, Corizon Health.
Jordan died of an invasive squamous cell skin cancer that ate through his skull and invaded his brain. Dr. Wilcox identified multiple deficiencies in Jordan’s care, concluding that his death was “unfortunate and horrific” and that he had suffered “excruciating needless pain” in the final months of his life.
Jordan himself testified to his own impending death in his letter. “ADOC and Corizon delayed treating my cancer,” he wrote. “Now because of there [sic] delay, I may be luckey [sic] to be alive for 30 days.”
Jordan died in prison, but his words have reached us, and they are a call to action against poor prison conditions that lead to pain and death for prisoners who have a right to proper care from the institutions charged with their custody.
This is not a new problem.
You have probably noticed by now that the biggest problem in the U.S. broadband market is a lack of vibrant competition in many areas. This lack of competition over the "last mile" is the core reason for the majority of the problems in the sector, from privacy violations to net neutrality infractions. And while lawmakers from both parties adore paying empty lip service to making broadband faster, cheaper, and more available, very few have the courage to stand up to AT&T, Verizon, and Comcast and actually implement policies that improve our competitive options.
More often than not, government's "solution" for the broadband market involves first ignoring that there's any real competition problem whatsoever, then hyping "broadband expansion" efforts that fail to truly address the underlying problems.
That's usually accomplished via programs with "goals" that would have been accomplished anyway. Like when Obama promised in 2011 to ensure wireless broadband reached 98% of the public (ignoring the problem of high prices and usage caps, or the fact this coverage was going to occur anyway), or when Obama's former FCC boss Julius Genachowski promised a gigabit ISP in each one of the fifty states (also something that would have happened without government involvement). Such efforts usually comically ignore how limited competition and high prices are the biggest problem.
So we've noted repeatedly how the attack on net neutrality is just one small part of a much larger, dumber plan by major ISPs to neuter nearly all federal and state oversight. A plan that involves gutting all meaningful FCC authority over broadband ISPs, then shoveling any remaining authority to the FTC. An FTC (surprise surprise) the broadband industry is currently in court arguing has no authority over broadband providers. Ajit Pai's FCC (at Verizon and Comcast lobbyists' request) also included provisions pre-empting states from trying to protect consumer privacy or net neutrality.
So far individual states aren't listening. New York, Washington, Minnesota, Massachusetts and California are all pushing their own net neutrality rules. And since the FCC's net neutrality repeal prohibits states from passing such laws, many of these states are creatively eyeing provisions that require ISPs adhere to net neutrality if they want to win government contracts, or if they want to keep getting taxpayer subsidies for those fiber networks they always tend to leave half built anyway.
ISP lobbyists have already begun trying to argue that these individual state efforts create a discordant patchwork of regulations that may be difficult to adhere to. But that's the sort of thing said lobbyists should have thought about before rushing mindlessly to destroy federal net neutrality rules. Rules that were actually among the more modest of any of the developed nations that have passed such protections (see The Netherlands, India, Japan, Canada, Germany).
One reading of that is that conflicts are now waged over smaller issues, in that the sorts of things that affect how a pharmaceutical patent system functions are more narrow issues than things such as when to start granting patents and whether to do so retroactively (not to mention the first order question of whether to have a patent system at all). But while that’s all correct, the conflicts remain intense in this more narrow space.
A Washington District Court has issued a devastating order against a copyright holder of the film "Once Upon a Time in Venice," which chases alleged BitTorrent pirates for cash settlements. The Court points out that one of their experts is unqualified, doubts whether declarants even exist, and highlights that IP-address evidence may have been obtained illegally.