The idea behind a process is fairly simple. A running program consists of not only executing code, but also data and some context. Because the code, data and context all exist in memory, the operating system can switch from one process to another very quickly. This combination of code + data + context is known as a "process", and it's the basis for how Linux systems work.
When you start your Linux box, it has a single process. That process then "forks" itself, such that two identical processes are running. The second ("child") process reads new code, data and context ("exec"), and thus starts running a new process. This continues throughout the time that a system is running. When you execute a new program on the command line with & at the end of the line, you're forking the shell process and then exec'ing your desired program in its place.
When you sign up for a communication service, you are typically volunteering to store your personal, unencrypted data on someone else’s remote server farm. You have no way of ensuring that your data is safe or how it is being used by the owner of the server. However, online services are incredibly convenient especially when you have multiple devices.
Don't equate compliance through certification with security, because compliance and security are not the same. We look at automated compliance testing with InSpec for the secure operation of enterprise IT.
Dan Kohn, executive director of the Cloud Native Computing Foundation, has called the launch of the new Kubernetes service provider certification program the most significant announcement yet made by the Foundation around the open source container orchestration engine.
On this new episode of The New Stack Makers from KubeCon + CloudNativeCon 2017, we’ll learn more from Kohn and William Denniss, a product manager at Google, about how the program can help ensure interoperability and why that’s so important.
Usage of containers in software applications is on the rise, and with their increasing usage in production comes a need for robust testing and validation. Containers provide great testing environments, but actually validating the structure of the containers themselves can be tricky. The Docker toolchain provides us with easy ways to interact with the container images themselves, but no real way of verifying their contents. What if we want to ensure a set of commands runs successfully inside of our container, or check that certain files are in the correct place with the correct contents, before shipping?
In this blog post, I will try to explain the relation between Prometheus, Heapster, as well as the Kubernetes metrics APIs and conclude with the recommended way how to autoscale workloads on Kubernetes.
Google has announced a new framework designed to help developers conduct unit tests on Docker container images.
The Container Structure Test gives enterprises a way to verify the structure and contents of individual containers to ensure that everything is as it should be before shipping to production, the company said in the company’s Open Source blog Jan. 9.
Google has been using the framework to test containers internally for more than a year and has released it publicly because it offers an easier way to validate the structure of Docker containers than other approaches, the company said.
The next release of systemd, v237, will introduce support for WireGuard. WireGuard as a reminder is the effort to provide a fast, modern and secure VPN tunnel that eventually plans to be part of the mainline Linux kernel.
Systemd's networkd component recently merged patches for supporting WireGuard that have been in the works since September 2016. From the systemd perspective it's implementing support for the new "wireguard" interface type and supporting key management.
There's still a week and a half to go until the Linux 4.15.0 stable kernel release is expected and that rings in the Linux 4.16 merge window. On top of various Linux 4.16 changes already talked about, here's a look at some of the other kernel features/additions expected for this next release cycle.
Around this time every year, our minds turn to copyright. Or maybe they turn more to copyright. After all, open source works because of copyright law. As you may already know, copyright laws give the authors of works the exclusive right to copy (among other things) their work. These rights attach as soon as the work is fixed in a tangible medium (written down, saved to disk, etc.). So the rights that open source licenses grant rely on copyright law.
But what rights are specifically granted? That depends on which license the developer selects. Most projects use one of a few standard licenses, but they're not always clearly communicated. For example, a project may be released under "the GNU General Public License (GPL)." But which version? And can the recipient choose a later version if they wish?
The Software Package Data Exchange (SPDX) is a Linux Foundation project to help reduce the ambiguity of software by defining standards for reporting information. The license is one such piece of information. SPDX provides a format for listing the specific license variant and version that applies to a software package. With over 300 licenses, you're likely to find the one you use. The License List contains a human-friendly name, a short name, and a link to the full license text. SPDX also provides guidelines for matching the text of a license file to the official text of the license.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced on Thursday the availability of a new training course, LFS205 – Administering Linux on Azure.
A large number of the virtual machines running in Azure are utilizing the Linux operating system. Both Linux and Azure professionals should make sure they know how to manage Linux workloads in an Azure environment as this trend is likely to continue.
Linux is very much mainstream nowadays. What was once viewed as a hobby and niche project, is transforming the world. Many of the world's servers are running Linux-based operating systems. Hell, the most popular mobile operating system on the planet, Android, is Linux-based. Even closed-source champion Microsoft is embracing Linux by integrating it into Windows 10 and offering it on its Azure platform.
The call for proposals deadline is quickly approaching! With more than 2000 attendees expected at this year’s event, submit before Sunday, January 14, 2018 at 11:59pm PST to share your ideas and expertise with the open networking community.
Ongoing Wayland/Weston release manager Bryce Harrington of Samsung's Open-Source Group has laid out plans for the next releases of Wayland and the reference Weston compositor.
It's been a half-year since the release of Wayland 1.14 and Weston 3.0, so Bryce is trying to build up interest in getting out new releases in the weeks ahead.
It's not any re-clocking code or magical improvements for Nouveau's Pascal support, but on the Tegra side a NVIDIA developer has volleyed some new open-source patches.
The work on adding optional Meson build system support to the Linux graphics stack and other key open-source projects continues...
Going back to last September has been work for Meson-izing Mesa as an alternative build system rather than Autotools, CMake, or SCons within Mesa. It's been delivering fast results and since the initial port landed more Mesa components have become supported by the Meson build.
Adam Jackson of Red Hat has sent out the second version of the ongoing patches for providing server-side GLVND functionality for the X.Org Server.
Most of you faithful Phoronix readers should be familiar with GLVND, the OpenGL Vendor Neutral Dispatch Library. That's the effort led by NVIDIA and supported by others in the ecosystem for improving the "Linux OpenGL driver ABI" by allowing for multiple OpenGL drivers to happily co-exist on the same system without fighting over libGL.so. and the like. That's been going well but server-side GLVND for the X.Org Server takes things a step further.
Here are some Linux hardware and software statistics going back to 2011.
You’re searching a code for your project online and the Internet connection is suddenly dropped. What would you do? Just sitting idle and waiting for the Internet connection to be back? Not necessary! Now, you can search your favorite code written in any language even if there is no Internet connection. Sounds awesome? Indeed! Say hello to “OpenGenus Quark” – the World’s first Offline Search Engine that helps you to search code for any algorithm or data-structure in your favorite language in seconds. Be it a C++ code, or Java or Python, OpenGenus Quark will instantly display a lot of sample codes in a matter of second. OpenGenus community is constantly adding more codes everyday. So if the code you’re looking for is not available, no worries! Just mail them and they will take care of it.
You might not have heard about PageDown before, but you must have heard about Stack Overflow and its sister sites. Well, PageDown is the Markdown library those services use. And it is also what StackEdit is based on.
StackEdit is a full-featured modern, open-source Markdown editor and it is what is used by Stack Overflow and all its sibling sites.
The multi-platform, professional-grade Lightworks non-linear video editing system is getting close to releasing version 14.1.
Most of the Linux commands you encounter do not depend on other operations for users to unlock their full potential, but there exists a small subset of command line tool which you can say are useless when used independently, but become a must-have or must-know when used with other command line operations. One such tool is yes, and in this tutorial, we will discuss this command with some easy to understand examples.
A guest session on Ubuntu allows having a temporary user account and access the Ubuntu machine. The desktop of a guest session looks like it does when a regular user logs in. Behind the scenes, Ubuntu controls the access privileges for a guest session.
I’ll mention it right at the top: there’s still no cross-platform multiplayer as of this update.
Putting that aside, this latest update makes a few important changes to Civilization VI [Official Site]. Perhaps most notably, religion has seen a reformation of sorts with new units, pantheons, rules and balancing passes that have changed up how that aspect of the game develops. I noticed from a quick game that it’s now much easier to tell apart the different religions of missionaries and see how trade affects the spreading of faith. Likewise, in a similar vein, a lot of the game’s UI has seen a lot of changes for the better. The diplomacy screen has been overhauled and there’s all sorts of small touches that make it simpler to understand the information the game is throwing at you.
The Khmer and Indonesia are also now in the game as part of a DLC pack. It also adds both a new wonder, Ankor Wat, as well as a natural wonder, Ha Long Bay. Like with the other DLC thus far, there’s also a new scenario included with special rules but, as of the time of writing this article, it’s not selectable on the in-game list. I contacted Aspyr about that omission and I’ve been told that they’ll look into it. Hopefully it’s just something that was overlooked and easily fixed.
This rather fun trading card game has had unofficial builds that run on Linux for a little while now. I tried them out and it’s a pretty fun game, but don’t expect official support anytime soon.
For those excited by Next Up Hero [Steam, Official Site], the new 2D action game from Digital Continue & Aspyr Media we have somewhat bad news, as there's no Linux support during Early Access.
The developer of Shoppe Keep 2 [Steam, Official Site] has announced that Linux will be supported in their merchant simulator when it launches in Early Access.
Cendric [Steam, Official Site] is an interesting discovery, a game this mixes platformer gameplay with an RPG and it will launch with Linux support in March.
What's interesting, is that the game is open on GitHub, where a lot of the assets are under a mixure of Creative Commons licenses. Unsure about the code, since it isn't mentioned. The actual game engine is custom-made and is based on the SFML library.
KDE Applications 17.12 is the latest and most advanced version of the open source software suite used in KDE Plasma desktop environments or independently. It was released last month on December 14 with numerous improvements and new features, including HiDPI support for Okular and Dolphin enhancements.
Now, the KDE Applications 17.12.1 minor bugfix release is out and brings more than 20 improvements to various of the included applications like Ark, Akonadi, Dolphin, Filelight, Gwenview, KGet, K3b, Kate, Kdenlive, Kleopatra, KMix, KMahjongg, Kontact, Okteta, Okular, and Umbrello.
Nextcloud informs Softpedia today on the general availability of Nextcloud Talk, world's first self-hosted, enterprise-ready, and end-to-end encrypted audio/video and chat communication platform.
Meet Nextcloud Talk, the first enterprise-ready, open-source, and end-to-end encrypted, and privacy-focused self-hosted communication technology that promises to give users full control over their data while chatting with others over the communication platform.
Developed by Nextcloud, the biggest self-hosted and fully open source enterprise file sync and share platform, Nextcloud Talk features text chat and audio/video conferencing support, and it can be hosted on-premise, accessible from the Internet through a web browser and on your mobile device.
The developers of the Krita open-source and cross-platform digital painting software have released today the first beta version of the upcoming Krita 4.0 major release.
Krita 4.0 will be the biggest update since version 3.0, and today's first beta release gives users early access to many of its awesome new features and improvements. Right now, Krita 4.0 is in String Freeze development stage, which means that most of the major new features are already implemented.
"We’ve officially gone into String Freeze mode now! That’s developer speak for "No New Features, Honest." Everything that’s going into Krita 4.0 now is in, and the only thing left to do is fixing bugs and refining stuff," reads today's announcement.
These improvements were landed by KDE Developers Kai Uwe Broulik, Albert Astals Cid, Aleix Pol, Michael Heidelbach, and myself. And that’s not all; the entire KDE community has been busy landing many more bugfixes and features too–more than I can keep track of!
I want to especially focus on the last Discover change I mentioned above. After my last post about Discover, we got a lot of user feedback that people wanted greater density and to be able to see more apps at once.
Today we’re releasing Krita 3.3.3. This will probably be the last stable release in the Krita 3 series.
One of the features exciting us the most about GTK4 is the Vulkan renderer that will make its premiere. This Vulkan renderer continues getting worked into shape for GTK+ 4.0.
The most recent addition to this Vulkan renderer is a means to allow specifying a device (GPU) to use for rendering, in the event of having multiple Vulkan graphics processors on the same system.
Twenty years ago, when I first started using Linux, finding a distribution that worked, out of the box, was an impossible feat. Not only did the installation take some serious mental acuity, configuring the software and getting connected to the Internet was often a challenge users were reluctant to attempt.
Today, things are quite different. Linux now offers distributions that anyone can use, right out of the box. But, even among those distros that “just work,” some rise to the top to stand as the best in breed. These particular flavors of Linux are perfect for users hoping to migrate away from Windows or mac OS and who don’t want to spend hours getting up to speed on how the platform works, or (more importantly) making the system perform as expected.
Read more
openSUSE Project reports today through Douglas DeMaio that the openSUSE Tumbleweed software repositories have been flooded this week by four new snapshots that brought updated components and other improvements.
According to the developer, much of the efforts of the openSUSE Tumbleweed's maintainers were focused this week on patching the recently unearthed Meltdown and Spectre security vulnerabilities that put billions of devices at risk of attacks by allowing unprivileged attackers to steal your sensitive data from memory.
When thinking about future trends, it’s important to have a strong understanding of the important innovations impacting most sectors, and pair that understanding with an intuition around what impacts those innovations will have to most organizations in 2018.
Innovation is crucial to federal agencies, but is muted when security becomes a factor. When it comes to impactful trends in the new year, it’s all about three things: security, security, security. Despite the fact that a Ponemon Institute study recently showed that the global average cost of a data breach is down 10 percent over previous years to $3.62 million, according CSO, the average size of a data breach increased nearly two percent. This stat signifies that security will continue to be a top concern for 2018, just as it was in 2017, and will be in 2019.
Red Hat is a company with roughly 11,000 employees. The IT department consists of roughly 500 members. Though it makes up just a fraction of the entire organization, the IT department is still sufficiently staffed to have many application service, infrastructure, and operational teams within it. Our purpose is "to enable Red Hatters in all functions to be effective, productive, innovative, and collaborative, so that they feel they can make a difference,"—and, more specifically, to do that by providing technologies and related services in a fashion that is as open as possible.
Being open like this takes time, attention, and effort. While we always strive to be as open as possible, it can be difficult. For a variety of reasons, we don't always succeed.
his article is about the journey that we made since the Fedora modularity project started and we decided to get involved and provide modularity features in Copr. It has been a long and difficult road and we are still not on its end because the whole modularity project is a living organism that is still evolving and changing. Though, we are happy to be part of it.
Different topics were covered during the events, not only for people already familiar with our community but especially for newcomers intrigued by the open source world and willing to join the Fedora Project. This year we presented in Guwahati, Bangalore, Tirana, Managua, Cusco, Puno, Pune, Lima, Brno and Prishtina, spreading the word about Fedora and saying thank you to all the women contributors to our project.
Even though the events were dedicated to women, everyone of all identities were welcomed to participate or give a talk. We are glad to see how much interest there was in these events in different local communities and how successful they were, making the decision easier for us to organize them again next year.
If you’re in any way creative, and want to give something back to the Linux community, here’s your chance!
Fedora is on the hunt for a new set of desktop wallpapers sourced from the open source community.
The distro invites open source enthusiasts to submit their very best photographs and illustrations for possible inclusion in the add-on wallpaper pack for its next major release, Fedora 28.
Thanks to the Fedora Project, GNOME, BacktrackAcademy and the Linux Foundation, I was able to organize FLOSS events mostly in Lima, Peru. Besides that, I did a voluntary work as speaker in FLOSS workshops and IT conference in other parts of the world, being interviewed to reach more newcomers into the challenging Linux world, and do online training.
In short succession a new release of TeX Live for Debian – what could that bring? While there are not a lot of new and updated packages, there is a lot of restructuring of the packages in Debian, mostly trying to placate the voices that the TeX Live packages are getting bigger and bigger and bigger (which is true). In this release we have introduce two measures to allow for smaller installations: optional font package dependencies and downgrade of the -doc packages to suggests.
Several users reported last month broken BIOSes on their Lenovo, Acer, and Toshiba laptops due to a bug in the Ubuntu 17.10 installation images that won't allow them to access their BIOS settings. The BIOS could be bricked even if the user ran the Ubuntu 17.10 image in live mode, without installing the OS.
Canonical was quick to temporarily disable access to Ubuntu 17.10 downloads from their ubuntu.com website warning people about the issue. A workaround and a fix for existing users were available shortly after that, as they had to update the kernel packages in Ubuntu 17.10 to disable the intel-spi driver at boot time.
If you think the release of Linspire 7.0 and Freespire 3.0 were just a one-off, think again because we're now in possession of the release roadmap for both operating systems, and it looks like we should be able to get our hands on the next major releases at the end of the year. But, in the meanwhile, we'll be able to test a lot of the beta versions for both Freespire 4.0 and Linspire 8.0, as well as to enjoy new incremental versions of current releases.
"Today we are releasing the release schedule and roadmap for Linspire and Freespire. These dates are not set in stone and there may be some alterations due to holidays and development mishaps. While the Freespire beta's will be available publicly the Linspire beta's will be available to subscription holders and insiders," says Roberto J. Dohnert in today's announcement.
When the Raspberry Pi Foundation announced Raspbian (Debian) Stretch for x86 and Macs, there was a very brief mention of something called PiServer to manage multiple Pi clients on a network, with a promise to cover it in more detail later.
Well, 'later' has now arrived, in the form of a new Raspberry Pi Blog post titled The Raspberry Pi PiServer Tool. In simple terms, the PiServer package allows you to manage multiple Raspberry Pi clients from a single PC or Mac server. Here are the key points
Though it hasn’t been sunny for Linux on smartphones. There are some interesting things to look forward to. The Librem 5 Linux phone has been creating a lot of buzz and is expected to hit the floors this year. One major reason for a Pure Linux phone not being successful could be that they haven’t been made available to the world. Most of the times they are sold only in certain regions and with lower end configuration.
Meet Raspberry Pi Zero WH, the third Raspberry Pi Zero model, which offers the same features as Raspberry Pi Zero W and a professionally soldered header that might come in handy for those who don't know how to solder their own header on a Raspberry Pi Zero W board, and it's also perfect for those tiny projects of yours.
"Imagine a Raspberry Pi Zero W. Now add a professionally soldered header. Boom, that’s the Raspberry Pi Zero WH," says Alex Bate. "It’s your same great-tasting Pi, with a brand-new…crust? It’s perfect for everyone who doesn’t own a soldering iron or who wants the soldering legwork done for them."
Then there’s a fleet of companies with new interfaces to facilitate how you interact with your car (human-machine interaction, or HMI – because, of course, there’s an acronym), as well as a small armada working on automotive-grade Linux, which pretty much everyone seems to think is going to be at the heart of every self-driving vehicle someday. Sorry, Windows.
Verizon, one of the big mobile and data wireless carriers in the US, is currently rolling out a new software update for the Gear S3 and Gear S3 Frontier smartwatches. The updates are for Tizen 3.0.0.1 and, from the feedback we’ve received, it looks like the updates also contain the recent battery bug fix that was released by Samsung.
With virtualization, organizations began to realize greater utilization from physical hardware. That trend continued with the cloud, as organization began to get their virtual machines in a pay-as-you-go service.
The rapid rise of tools and techniques in Artificial Intelligence and Machine learning of late has been astounding. Deep Learning, or “Machine learning on steroids” as some say, is one area where data scientists and machine learning experts are spoilt for choice in terms of the libraries and frameworks available. A lot of these frameworks are Python-based, as Python is a more general-purpose and a relatively easier language to work with. Keras, Theano, TensorFlow are a few of the popular deep learning libraries built on Python, developed with an aim to make the life of machine learning experts easier.
It's no secret that Aleph Objects, by design, does not have trade secrets. As the makers of the LulzBot brand of 3D printers, our industry-leading transparency is born out of a passion for free software, libre innovation, and open source hardware.
Every software tool we use to make our certified open source hardware is free software. Libre innovation encourages this kind of fanatical transparency, freeing us to share not only our bill of materials and internal assembly documentation, but even things like our research projects on our public development server. We confidently share everything that goes into our products—and more importantly, it lets us show you how they're made and how to get involved.
I'm glad to annouce that there will be a Ceph Day on the 7th of February 2018 in Darmstadt. Deutsche Telekom will host the event. The day will start at 08:30 with registration and end around 17:45 with an one hour networking reception. We have already several very interesting presentations from SUSE, SAP, CERN, 42.com, Deutsche Telekom AG and Red Hat on the agenda and more to come. If you have an interesting 15-45 min presentation about Ceph, please contact me to discuss if we can add it to the agenda. Presentation language should be German or English.
The web browser has become a critical component of the computing experience for many users. Modern browsers have evolved into powerful and extensible platforms. As part of this, extensions can add or modify their functionality. Extensions for Firefox are built using the WebExtensions API, a cross-browser development system.
Which extensions should you install? Generally, that decision comes down to how you use your browser, your views on privacy, how much you trust extension developers, and other personal preferences.
It's easy to fall into the trap of obsessing about performance and try to micro-optimize every little detail in the code you're writing. Or reviewing for that matter. Most of the time, this just adds complexity and is a waste of effort.
If a piece of code only runs a few (or even a few hundred) times a second, a few nanoseconds per invocation won't make a significant difference. Chances are the performance wins you'll gain by micro optimizing such code won't show up on a profile.
Since working on the Electrolysis team (and having transitioned to working on various performance initiatives), I’ve been working on making tab operations feel faster in Firefox. For example, I wrote a few months back about a technique we used to make tab closing faster.
Today, I’m writing to talk about how we’re trying to make tab switching feel faster in some cases.
For those sticking to Firefox Extended Support Releases, the Firefox 60 branch will be the next ESR version.
Firefox 60 will be an ESR release and the plan is to have the ESR 60.0 release out on 8 May, the Firefox 60.1 ESR release on 3 July, and to end Firefox 52 ESR on 28 August when releasing Firefox 60.2.
Some wrapper solutions are built on open source technology, while others are proprietary. Today, we are here to talk about Prebid, the leading open source solution that enables publishers to quickly implement header bidding.
Open source has officially been a thing for 20 years now. Did anyone notice?
No, really. For something as revolutionary as open source, you’d think it would have changed the way all software is developed, sold, and distributed. Unfortunately for those party planners looking to celebrate the 20-year anniversary of open source, it hasn’t—changed software, that is. For most developers, most of the time, software remains stubbornly proprietary.
For fans of the pfSense-forked OPNsense FreeBSD-based firewall/network operating system, the first release candidate of OPNsense 18.1 is available for testing.
This week we look at how open source projects are viewed by college students, unusual tools for agile team development, setting up a Raspberry Pi for retro gaming, the future of Kubernetes, and our annual Linux distro poll.
Even though JavaScript has been around for more than 20 years, it’s becoming the first-class citizen for developing enterprise applications. There is a huge developer community behind this technology.
What makes things even more interesting is that, with Node.js, JavaScript can run on server, so developers can write applications that run end-to-end in JavaScript. Node.js is very well suited for service applications because server applications are increasingly becoming single function event-driven microservices.
The PackageKit-Qt project that provides Qt bindings for PackageKit has simultaneously released versions v0.10 and v1.0.
PackageKitQt is a Qt Library to interface with PackageKit
It’s been a while that I don’t do a proper PackageKitQt release, mostly because I’m focusing on other projects, but PackageKit API itself isn’t evolving as fast as it was, so updating stuff is quite easy.
I was reflecting the other day how useful it would be if GitHub, in addition to the lists it has now like Trending and Explore, could also provide me a better view into which projects a) need help; and more, b) can accept that help when it arrives. Lots of people responded, and I don't think I'm alone in wanting better ways to find things in GitHub.
Lots of GitHub users might not care about this, since you work on what you work on already, and finding even more work to do is the last thing on your mind. For me, my interest stems from the fact that I constantly need to find good projects, bugs, and communities for undergrads wanting to learn how to do open source, since this is what I teach. Doing it well is an unsolved problem, since what works for one set of students automatically disqualifies the next set: you can't repeat your success, since closed bugs (hopefully!) don't re-open.
And because I write about this stuff, I hear from lots of students that I don't teach, students from all over the world who, like my own, are struggling to find a way in, a foothold, a path to get started. It's a hard problem, made harder by the size of the group we're discussing. GitHub's published numbers from 2017 indicate that there are over 500K students using its services, and those are just the ones who have self-identified as such--I'm sure it's much higher.
In an open letter to Apple, two of its major shareholders, Jana Partners and the California State Teachers' Retirement System, have raised concerns about research that suggests young people are becoming "addicted" to high-tech devices like the iPhone and iPad, and the software that runs on them. It asks the company to take a number of measures to tackle the problem, such as carrying out more research in the area, and providing more tools and education for parents to help them deal with the issue.
On Tuesday, January 9, 2018 we released Ubuntu kernel updates for mitigation of CVE-2017-5754 (aka Meltdown / Variant 3) for the x86-64 architecture.
Lubuntu 17.10.1 has been released to fix a major problem affecting many Lenovo laptops that causes the computer to have BIOS problems after installing. You can find more details about this problem here.
Please note that the Meltdown and Spectre vulnerabilities have not been fixed in this ISO, so we advise that if you install this ISO, update directly after.
This release is no different in terms of features from the 17.10 release, and is comparable to an LTS point release in that all updates since the 17.10 release have been rolled into this ISO. You can find the initial announcement here.
Devices running Linux are affected by Spectre and Meltdown vulnerabilities as much as their Windows counterparts.
Development teams work on updated kernels for the various distributions, and users need to update browsers and other software to protect data against potential attacks.
We talked about identifying whether your Windows PC or web browser is vulnerable already. A recently published script does the same for Linux systems. You may use it to check whether your Linux distribution is vulnerable.
Many Ubuntu Linux users who installed the latest kernel updates to fix the Meltdown CPU vulnerability found themselves stuck in a boot loop and had to revert back to a previous version.
The problem affected mostly Ubuntu 16.04 (Xenial Xerus), which is a long-term support (LTS) release. Soon after the 4.4.0-108 kernel update was released to fix the Meltdown vulnerability, users flooded the Ubuntu Forums and bug tracker to report booting problems.
The Intel Meltdown security problem is the pain that just keeps hurting. Still, there is some good news. Ubuntu and Debian Linux have patched their distributions. The bad news? It's becoming clearer than ever that fixing Meltdown causes significant performance problems. Worst still, many older servers and appliances are running insecure, unpatchable Linux distributions.
Canonical announced a few moments ago that Intel's latest microcode update for the Spectre security vulnerability is now available from the software repositories of all supported Ubuntu Linux releases.
After releasing earlier this week new kernel updates to mitigate the Meltdown and Spectre security exploits that put billions of devices at risk of attacks by allowing a local, unprivileged attacker to obtain sensitive information from kernel memory, Canonical now released the updated microcode from Intel for supported Intel CPUs.
Cisco has switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic.
Switchzilla has not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service – now known as Encrypted Traffic Analytics (ETA) - available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V.
Those devices can’t do the job alone: users need to sign up for Cisco’s StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.
According to the bug report, users can simply open System Preferences, go to App Store settings and check the padlock icon. If it is unlocked, lock it and then try unlocking it using your username and any password.
Processor giant Intel has told some of its customers that the microcode patches it issued to fix the Meltdown and Spectre flaws in its products are buggy and that they should not install them.
The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate.
H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would require the Department of Homeland Security to submit a report to Congress outlining how the government deals with disclosing vulnerabilities. Specifically, the mandated report would comprise two parts. First, a “description of the policies and procedures developed [by DHS] for coordinating cyber vulnerability disclosures,” or in other words, how the government reports flaws in computer hardware and software to the developers. And second, a possibly classified “annex” containing descriptions of specific instances where these policies were used to disclose vulnerabilities in the previous year, leading to mitigation of the vulnerabilities by private actors.
Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities. To date, such evidence has been exceedingly sparse; for instance, Apple received its first ever vulnerability report from the U.S. government in 2016. Assuming the report and annex work as intended, the public’s confidence in the government’s ability to “play defense” may actually increase.
The FBI continues its anti-encryption push. It's now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn't taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he's no longer the only FBI employee willing to speak up on the issue.
Wray expanded his anti-encryption rhetoric last week at a cybersecurity conference in New York. In short, encryption is inherently dangerous. And the FBI boss will apparently continue to complain about encryption without offering any solutions.
Canonical's Dean Henrichsmeyer published today an update on the Ubuntu patches for the Meltdown and Spectre security vulnerabilities and what they plan on doing next to mitigate these critical bugs.
By now, most of you have probably updated your Ubuntu Linux computers to the new kernel versions Canonical released earlier this week, as well as the new Nvidia proprietary graphics driver and Firefox web browser, both including patches to mitigate the Meltdown and Spectre exploits affecting billions of devices powered by modern processors from Intel, AMD, and ARM.
In a posting. Mark Papermaster, AMD's CTO, admitted Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors. But, Papermaster wrote, "We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue."
Last week in light of the Spectre disclosure. AMD believed they were at "near zero risk" to Variant Two / Branch Target Injection. But now the company confirmed last night that's not the case: they are at least potentially vulnerable.
On January 8th Intel released new Linux Processor microcode data files that can be used to mitigate the Spectre and and Meltdown vulnerabilities in Intel CPUs. Using microcode files, an operating system can fix known bugs in Intel CPU without having to perform a BIOS update on the computer.
Speculative execution is something that has been part of modern processors for well over a decade, and while it is hard to quantify how much of a performance benefit this collection of techniques have delivered, it is obviously significant enough that all CPUs, including IBM Power and System z chips, have them. And that, as the new Spectre and Meltdown security holes that were announced by Google on January 3 show, turns out to be a big problem.
Without getting too deep into the technical details, there are many different ways to implement speculative execution, which is used to keep the many instruction pipelines and layers of cache in a processor busy doing what is hoped will be useful work. So much of what a computer does is an IF-THEN-ELSE kind of branch, and being able to pre-calculate the answers to multiple possible branches in an instruction stream is more efficient than following each path independently and calculating the answers in series. The speculative part of the execution involves using statistics to analyze patterns in data and instructions underneath an application and guessing which branches and data will be needed. If you guess right a lot of the time, then the CPU does a lot more work than it might otherwise. There are no modern processors (except for the PowerPC A2 chips used in the BlueGene/Q supercomputers from IBM) that we can find that don’t have speculative execution in some form or another, and there is no easy way to quantify how much of a performance boost it gives.
Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.
This is bad, but expect it more and more. Several trends are converging in a way that makes our current system of patching security vulnerabilities harder to implement.
Security is a hot topic in web development with great reason. Every few months a major website is cracked and millions of user records are leaked. Many times the cause of a breach is from a simple vulnerability that has been overlooked. Here are a few tips to give you a quick overview of standard techniques for making your websites more secure. Note: I do not guarantee a secure website if you follow these suggestions, there are many facets to security that I don’t even touch in this article. This write-up is for increasing awareness about techniques used to correct some common vulnerabilities that appear in web applications.
The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end). For example, this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.
Assange has been holed up for more than five years in the Ecuadorean embassy in London where he was granted asylum in 2012 to avoid extradition to Sweden over rape allegations.
Ecuador's Foreign Minister Maria Fernanda Espinosa confirmed Assange's citizenship request at a press conference in Quito. She said she feared for threats to Assange's life coming from third party States.
It is for the government of Ecuador, not the UK, to determine who is an Ecuadorian citizen. It is for the government of Ecuador, not the UK, to determine who is an Ecuadorian diplomat.
It is not in the least unusual for Julian Assange to become an Ecuadorian citizen. Having been granted political asylum, and having lived for over five years under Ecuadorian jurisdiction, naturalisation is a perfectly normal step. There are a great many refugees in this country who are now naturalised UK citizens. Julian appears suitably proud of his new citizenship, and rightly so.
The Foreign and Commonwealth Office appears to be putting out a story that it has refused to accredit Assange as an Ecuadorian diplomat. As the Guardian reports: “Earlier this week the UK’s Foreign Office revealed that Ecuador had asked for Assange, who was born in Australia, to be accredited as a diplomat. The request was dismissed.”
I have no knowledge that the Ecuadorian government ever notified Assange as a member of diplomatic staff of its mission. But it has every right to appoint Assange, now an Ecuadorian citizen, as an Ecuadorian diplomat if it so chooses. Ecuador cannot tell the UK who may or may not be a British diplomat, and the converse applies.
The Vienna Convention on Diplomatic Relations – to which the UK and Ecuador are both party – is the governing international law and determines the obligations to respect diplomatic immunity. It is crystal clear (Article 4,1) that the need to obtain agreement in advance of the receiving state only applies to the Head of Mission – ie the Ecuadorian Ambassador. For other staff of the mission the sending state (in this case, Ecuador) “may freely appoint” the other members of the mission, (Article 7), subject to provisos in Articles 5,8,9 and 11. Plainly the only one of these which applies in the Assange case is Article 9. Julian Assange is persona non grata – unwelcome -to the UK government. That is a legitimate reply to notification, but comes following the appointment; it does not pre-empt the appointment.
Here is the key point. A member of staff below head of mission can already have entered the country before appointment, and their diplomatic immunity starts from the moment their appointment is notified, and NOT from the moment it is accepted.
WikiLeaks founder Julian Assange is stateless no more. On Thursday, Ecuador revealed that it had extended citizenship to Assange, a controversial figure who moved into London’s Ecuadorian embassy to evade extradition to Sweden back in 2012. Assange alluded to the citizenship status with a Twitter post depicting him in an Ecuadorian football jersey.
FaithLeaks, a young transparency organization focused on religious communities, published its first big trophy this week: a collection of 33 letters and documents from an internal investigation into alleged sexual abuse within a congregation of Jehovah’s Witnesses.
Like other whistle-blower organizations, FaithLeaks provides sources the ability to anonymously submit sensitive documents, which the site then posts publicly. FaithLeaks uses SecureDrop, an encrypted open-source system that is also used by media outlets including the New York Times and ProPublica. SecureDrop uses the anonymizing Tor network to facilitate submissions that leave no trace online. Founded by two former Mormons in November, FaithLeaks believes that “increased transparency within religious organizations results in fewer untruths, less corruption, and less abuse.”
On one hand, the investment in cryptocurrencies is coming under the radar of Indian government, India’s largest corporate conglomerate is planning to launch its own cryptocurrency named JioCoin in the near future.
As per a report from Livemint, the JioCoin project is being led by Mukesh Ambani’s elder son Akash Ambani. The company is planning to build a 50-member team of young employees to work on the blockchain technology.
After disrupting the telecom sector with its free offers and hyper-competitive tariffs, Reliance Jio Infocomm Ltd plans to create its own cyptocurrency, JioCoin.
With Mukesh Ambani’s elder son Akash Ambani leading the JioCoin project, Reliance Jio plans to build a 50-member team of young professionals to work on blockchain technology, which can also be used to develop applications such as smart contracts and supply chain management logistics.
Jeff Bezos, the founder and CEO of e-commerce giant Amazon, is now the richest person on Earth, with a net worth of around $105 billion. This is on the back of a sharp increase in his fortunes throughout the first week or so of 2018, to the tune of about $6 billion. Amazon shares rose about 6.6% because of the shopping service managing to net about 89% of the holiday spending among top retailers who see spikes in spending during the season. It should be noted that Bezos’ high net worth is not solely due to his position with Amazon; he also controls the Washington Post and Blue Origin, a somewhat secretive space startup.
The waivers were issued in a little-noticed announcement published in the Federal Register during the Christmas holiday week. They come less than two years after then-candidate Trump promised “I'm not going to let Wall Street get away with murder.”
[...]
All of these interactions with the Trump administration and the federal government are transpiring as Deutsche serves as a key creditor for the president’s businesses.
Minority Leader Nancy Pelosi complained Thursday that immigration negotiations are being led by "five white guys" — and was quickly rebuked by her No. 2, Minority Whip Steny Hoyer, himself one of those white guys involved in the talks.
“The five white guys I call them, you know," Pelosi said at her weekly news conference. "Are they going to open a hamburger stand next or what?” Pelosi said, complaining that minority members of Congress were not involved in deciding the fate of Dreamers.
A lawyer for President Donald Trump arranged a $130,000 payment to a former adult-film star a month before the 2016 election as part of an agreement that precluded her from publicly discussing an alleged sexual encounter with Mr. Trump, according to people familiar with the matter.
Michael Cohen, who spent nearly a decade as a top attorney at the Trump Organization, arranged payment to the woman, Stephanie Clifford, in October 2016 after her lawyer negotiated the nondisclosure agreement with Mr. Cohen, these people said.
Ms. Clifford, whose stage name is Stormy Daniels, has privately alleged the encounter with Mr. Trump took place after they met at a July 2006 celebrity golf tournament in Lake Tahoe, these people said. Mr. Trump married Melania Trump in 2005.
Mr. Trump faced other allegations during his campaign of inappropriate behavior with women, and vehemently denied them. In this matter, there is no allegation of a nonconsensual interaction.
The banning of movies which were supposed to be broadcast on Croatian Radio Television (HRT), but which are considered inappropriate by Homeland War Veterans and rightwing associations continues, reports Index.hr on January 12, 2018.
War veterans and widows of dead soldiers protested yesterday in front of the HRT building against the movie “Ministry of Love” (Ministarstvo Ljubavi), directed by Pavo Marinković, which HRT first removed from its programme, then returned it, and then moved it to a late night slot when most people are asleep. War veterans admit that Veterans’ Affairs Minister Tomo Medved tried to stop the broadcast of the movie.
Last week, Emmanuel Macron announced a future law against the spreading of "fake news". By aiming for a rather cynical announcement effect, his proposals exemplify an actual lack of interest for a matter which, however, needs to be addressed seriously. The spreading of "fake news" as a symptom of distortion in public debates is caused by the commercial surveillance system of the big platforms - with which the established political parties perfectly got along so far.
Emmanuel Macron proposes that during election period a judge, if asked to, should be able to censor "fake news1" by any means, up to and including the blocking of a website.
With regard to current law, the interest for such proposals is especially dubious. The Law on the Freedom of the Press of 29 July 1881 already prohibits (even outside election period) the spreading of intentionally false information which defames someone or disturbs - or might disturb - public order in France2. Thus, beyond such kind of information, it seems very unclear what kind of "fake news" Macron wants to tackle.
It's going to be a fun few months for German government officials as they run from one embarrassing fire to the next, hoping to keep their newly-minted "hate speech" law from being scrapped for sheer ineptitude.
The law went live January 1st, promising hefty fines for social media companies if they don't remove poorly-defined "hate speech" fast enough. This has resulted in exactly the sort of side effects the law's critics promised. The only remarkable thing is how fast the side effects have presented themselves.
Within 72 hours of the law's debut, a satirical post mocking a German's politician's bigoted words was deleted by Twitter in an apparently proactive move. The 24-hour window for content removal is backed by €50m fines for each violation. Given the amount of money on the line, it's no surprise social media companies are trying to stay ahead of Germany's government when it comes to regulating speech. It's also no surprise Twitter, et al are relying heavily on users to help narrow down which questionable posts it should be looking at.
Another day, another stupid lawsuit/legal threat emanating from the Trump offices. Trump's personal lawyer, Michael Cohen, has decided to rub up against the libel laws Trump so badly wants to "open up" by filing a ridiculous defamation lawsuit against Buzzfeed for publishing the Christopher Steele dossier compiled by Fusion GPS. Fusion is also being sued, but the addition of Buzzfeed strips the lawsuit of much of its credibility.
The South China Morning Post reports that the People’s Education Press (PEP), a state-run publication house, dismissed (in Chinese) widespread accusations that it had removed content about the Cultural Revolution in its newly released history textbook for eighth-grade students, adding that the historical event would be well covered in the second volume of the book, which would be distributed to schools across the country in March.
The controversy started earlier this week when an internet user posted some photos (in Chinese) of the old and new textbooks on Weibo. In the old book, there was a chapter named “Ten years of the Cultural Revolution,” whereas the new book appears to have omitted an introduction of that period of time. In addition, to describe the 1960s in China, the old version reads, “Mao Zedong wrongfully believed that the central leadership of the party had the problem of revisionism and the party and the country were facing the risk of the restoration of capitalism.” In comparison, the latest version writes, “Mao Zedong believed that the party and the country were facing the risk of the restoration of capitalism.”
A political fight is brewing in San Francisco’s Tenderlion district, over murals.
The paintings in question are in an area known as Veterans Alley.
Now, the artist may not be able to stop his murals from being painted over.
“It’s a mural project that I started back in 2011,” said muralist Amos Gregory, who began partnering with local veterans to give them a canvas to tell their story six years ago.
In the latest of a series of undercover operations targeting the mainstream media and now Social Media, James O’Keefe of Project Veritas has just dropped a new undercover video which reveals Twitter “shadow banning” and creating algorithms that censor certain ideas.
Several current and former Twitter employees admitted in an undercover video from Project Veritas that the company censors conservatives and “shadow bans” people who express right-wing viewpoints.
Hidden-camera interviews with eight current and former employees reveal that Twitter is using an array of tools to identify users with conservative, pro-Trump, pro-America, or even pro-God views, and target them for censorship.
Remarking that the constraints imposed by censors had always been a problem for any filmmaker, veteran director Ramesh Sippy said that the battles waged by today’s filmmakers was part of a continuing cinematic legacy.
At the 16th edition of the Pune International Film Festival on Friday, Sippy spoke of the problems he faced with the censors during the making of his iconic Sholay (1975).
"Being a movie maker, one will want much more freedom," he said after inaugurating the forum with Randhir Kapoor, Rishi Kapoor and Rajiv Kapoor. Festival director Jabbar Patel engaged him in a freewheeling chat about life and cinema, and censorship, because of all the battles Indian filmmakers are fighting with the Central Board of Film Certification (CBFC).
The Chinese government may not worry too much about these calls for more privacy provided they remain directed at companies, since they offer a useful way for citizens to express their concerns about surveillance without challenging the state. It looks happy to encourage users to demand more control over how online services use their personal data -- so long as the authorities can still access everything themselves.
As well as government acquiescence in these moves, there's another reason why Chinese companies may well start to take online privacy more seriously. ÃÂn article in the South China Morning Post points out that if Chinese online giants want to move beyond their fast-saturating home market, and start operating in the US and EU, they will need to pay much more attention to privacy to satisfy local laws. As Techdirt reported, an important partnership between AT&T and Huawei, China's biggest hardware company, has just been blocked because of unproven accusations that data handled by Huawei's products might make its way back to the Chinese government.
The House of Representatives just voted 256–164 to pass S. 139, which reauthorizes the U.S. government’s mass spying powers under Section 702 of the FISA Amendments Act. They also voted down an amendment that attempted to fix the worst parts of the bill and limit domestic spying on American citizens. The bill heads to the Senate this Tuesday, and we only need 41 Senators to stop the vote. A bipartisan group of Senators are already threatening to filibuster, as it does not include Fourth Amendment protections for innocent Americans.
During his 'Executive Time' this morning, a three-hour block which we are coming to understand as being an extended period of watching Fox News, tweeting and eating Happy Meals, he was addressed by one of the guests on the flickering talk-box to oppose the renewal of the act.
House Minority Leader Nancy Pelosi (D-Calif.) has called on Speaker Paul Ryan (R-Wis.) to pull a bill from the floor reauthorizing the government’s surveillance powers after a pair of contradicting tweets from President Trump Thursday morning about his support for the legislation, a Democratic aide said.
The House is headed for a close vote Thursday over whether to reauthorize the National Security Agency’s (NSA) controversial warrantless surveillance program, which has been criticized for the ease with which prosecutors can obtain warrants from a surveillance court to spy on Americans.
The US House of Representatives on Thursday passed a bill to renew the National Security Agency’s warrantless Internet surveillance program. The legislation, which passed 256-164 and split on party lines, is the culmination of a years-long debate in congress on the proper scope of US intelligence collection — one fueled by the 2013 disclosures of classified surveillance secrets by former NSA contractor Edward Snowden, CNBC reported. Senior Democrats in the house representatives had urged cancellation of the vote after Trump appeared to cast doubt on the merits of the program, but Republicans forged ahead.
The US House of Representatives on Thursday passed a bill to renew the National Security Agency's warrantless internet surveillance programme.
It did so despite tweets from President Donald Trump that initially questioned the spying tool.
The legislation, which passed 256-164 and split party lines, was the culmination of a years-long debate in Congress on the proper scope of US intelligence collection.
If a decentralized Web doesn't achieve mass participation, nothing has really changed. If it does, someone will have figured out how to leverage antitrust to enable it. And someone will have designed a technical infrastructure that fit with and built on that discovery, not a technical infrastructure designed to scratch the itches of technologists.
The Menlo Park, California-based company has kept revenue growing by consistently selling more advertising in its news feed, striking partnerships with media companies to distribute their stories, and including more video postings, which draw higher ad rates. Facebook’s latest changes don’t impact ads -- only business and media-oriented content posted by pages and other people, according to a person familiar with the matter.
Thursday’s changes raise questions of whether people may end up seeing more content that reinforces their own ideologies if they end up frequently interacting with posts and videos that reflect the similar views of their friends or family. And bogus news may still spread — if a relative or friend posts a link with an inaccurate news article that is widely commented on, that post will be prominently displayed.
Apple wouldn’t be the first U.S. tech firm to run into difficulties when handling non-Chinese users with new policies. LinkedIn introduced restrictions on content for users in China when it launched a local service, but that included international accounts that were active in China. Similarly, international content was also found to have been censored from users in China in some cases.
The House passed a bill that would make the government's dangerous spying powers worse. It now goes to the Senate.
House leadership today once again caved to irresponsible fearmongering from the intelligence agencies and succeeded in jamming through a hastily drafted surveillance bill.
In a 256-164 vote, the House passed a bill that would extend, or in many respects possibly expand, a controversial spying authority known as Section 702 of the Foreign Intelligence Surveillance Act. This law is used to spy on the emails, text messages, and other electronic communications of Americans and foreigners without a warrant. The bill now goes to the Senate.
When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they’d obtained a warrant to collect. The investigators left without any evidence.
Most tech companies don’t expect police to regularly raid their offices, but Uber isn’t most companies.
Casually throwing around MEK images to represent unrest in Iran is the worst combination of insulting and sloppy. It would be like a Chinese outlet, in 2012, using images of a Westboro Baptist Church protest in a story about Occupy Wall Street, because both opposed the US government. The exact ideology of those protesting in Iran isn’t 100 percent clear—they seem to represent a mix of groups and grievances—but MEK has virtually zero support in Iran itself, having been disowned by the Green Movement (the last major protest movement in Iran) in 2009, and is widely loathed for working with Israeli intelligence and fighting alongside the Iraqi army in Iran’s decade-long war against Saddam in the 1980s that killed a half-million Iranians. The MEK has carried out several bomb attacks in Iran, and was even officially listed by the US State Department as a foreign terrorist organization for 16 years, until it was removed by then-Secretary of State Hillary Clinton in 2012, after a years-long lobbying effort by pro-regime change forces within the US.
The only major media faction that even pretends the MEK has any legitimacy within Iran is the Murdoch group, which routinely runs MEK’s blatant disinformation (Fox News, 1/1/18) and pro-regime change op-eds (Wall Street Journal, 1/8/18).
The Jacksonville City Council president and other local lawmakers have called for suspending the issuing of pedestrian tickets in the wake of a state attorney’s office bulletin, the substance of which suggests that hundreds of tickets had been issued in error in recent years.
Jacksonville Assistant State Attorney Andrew Kantor on Tuesday issued a bulletin to the Jacksonville Sheriff’s Office detailing the proper enforcement of Florida’s pedestrian statutes — a document that supports a recent Times-Union/ProPublica analysis showing police have been issuing certain crosswalk violations in error, ticketing hundreds of pedestrians for failing to cross at formal intersections even when no such option was readily available.
“I’d like to make sure that we are enforcing the laws appropriately,” City Council President Anna Brosche said shortly after being made aware of the state attorney’s bulletin. “I do support a pause to make sure that everything is being enforced that should be.”
There ought to be a law, say many people opposed to revenge porn. And so they craft laws with an eye on prosecution but not so much on the First Amendment, tending to treat collateral damage as acceptable so long as revenge porn site operators are criminally charged. But the proposed laws are more than bad, they're extraneous. Existing laws are still taking down revenge porn purveyors, as we've covered previously at this site.
The FTC has taken down another revenge porn site and secured a judgment against one of its operations, all without having to having to hack away at protected speech or undermine Section 230 immunity. MyEx.com -- a site "dedicated solely to revenge porn" -- has been targeted in an FTC complaint.
[...]
Paid removals were handled in a similarly shady fashion. The site's operators made those seeking content removal wire money to someone named "Shelly Mae Garcia" who supposedly lived in the Philippines. Those who refused to pay the extortion were invited to send snail mail to the fake address in the Netherlands.
[...]
This revenge porn operation is effectively dead. The nonconsensual part of the operation is blocked by the FTC judgment and the inability to charge removal fees pretty eliminates the most profitable revenue stream. It's unclear what the future holds for Neil Infante, but it appears the Republican Senate race in Ohio (Infante's home state) is suddenly in need of a new frontrunner. Perhaps FTC judgment recipient and former revenge porn site operator Craig Brittain could send his colleague a few ideas on to how to MAGA the hell out of the nation as a Senate race bottom-feeder.
Yes, as Wendy's repetition was designed to point out, over and over again, those old rules simply must be extra burdensome, because it's 400 pages and over 1700 footnotes. Of course, that's bullshit, and Wendy knows its bullshit -- but he wanted to misrepresent the rules and make them seem like a giant regulatory burden. The actual rules were just 8 pages. There were 392 other pages of legally required information including discussions of the various public comments and the various statements from the Commissioners, including lengthy dissent statements from the disagreeing commissioners. In the Wheeler ruling, Ajit Pai's dissent took up 64 pages and Michael O'Rielly's was another 15 pages. Yet, somehow, Wendy and others didn't bother letting people know that 89 pages of the 400 pages were explaining why the rules were (apparently) bad.
When the draft rules came out, at 210 pages, I wondered why Wendy and others were suddenly silent on the page length.
Last week, as you may have heard, Pai's actual final rules were released... and the full document weighs in at 539 pages. Again, those are not the actual rules. Those are just the rules, the legally required (and very detailed) explanation of the rules and all the Commissioners' statements. And guess who's suddenly angry about people misrepresenting why the new document is so long?
The Federal Communications Commission (FCC) is again delaying its review of Sinclair Broadcast Group’s acquisition of Tribune Media.
To be clear, that's a good thing. These upcoming lawsuits, which will focus on the FCC's blatant disregard for objective data and public interest, are going to need all the help they can get. Said suits will focus extensively on how Ajit Pai and the FCC ignored the nation's startups, the people who built the internet, and any and all objective data as it rushed to give a sloppy, wet kiss to the nation's entrenched telecom monopolies.
That said, several IA member companies' dedication to net neutrality has been anything but consistent. Google, while often touted as a "net neutrality advocate," hasn't truly supported the concept since 2009 or so. As the company pushed into fixed (Google Fiber) and wireless (Project Fi, Android) broadband, its interest in rules that truly protected consumers from duopoly market abuse in the sector magically disappeared. And Google worked with AT&T and Verizon to help craft FCC net neutrality protections in 2010 that were so packed with loopholes as to be largely useless (they didn't even cover wireless networks).
Other IA members like Facebook have actively worked to undermine net neutrality overseas as they attempt to corner the ad market in developing nations. Facebook received ample criticism for its behavior in India specifically, when the company tried to trick citizens into supporting Facebook's push for a zero-rated walled garden platform dubbed "Free Basics." India ultimately banned such zero rating efforts under its own net neutrality rules, supporting Mozilla's position that if Facebook is so concerned about the Indian poor, it should help fund access to the entire internet -- and not just a Facebook-curated walled garden.
In a decision in an invalidation trial jointly claimed by INSTITUT NATIONAL DE L’ORIGINE ET DE LA QUALITE and CONSEIL INTERPROFESSIONNEL DU VIN DE BORDEAUX, the Invalidation Board of Japan Patent Office (JPO) ordered the invalidation of trademark registration no. 5737079 for a word mark “Bord’or” in script fonts (see below) in violation of Article 4(1)(vii) of the Trademark Law.
The Supreme Court's decision in The Slants' trademark case is already beginning to pay off for trademark seekers whose applications were determined to be a bit too racy for the Trademark Office's (subjective) taste. Section 1052(a) of the US Code used to forbid the registration of trademarks that "disparaged" other persons or groups or anything the USPTO found to be "immoral or scandalous."
That's all gone now, thanks to the Supreme Court, which found this restriction to registrations unconstitutional. The Supreme Court struck down the language limiting "disparaging" trademark registrations. The Federal Circuit Court of Appeals has just struck down the remaining limiting language ("immoral or scandalous"), allowing clothing brand FUCT to finally secure federal trademark protection.