Bonum Certa Men Certa

Links 22/5/2018: Parrot 4.0, Spectre Number 4





GNOME bluefish

Contents





GNU/Linux



  • Desktop



    • Lenovo denies claims it chose Windows over Linux in second row over technology
      Lenovo Group has angrily denied claims it chose the popular Microsoft Windows system over a domestically-produced Linux operating system (OS) in a recent government procurement programme.

      The company branded the allegations as “slander” in a statement that follows an internet storm in China in recent weeks over the company’s decisions on domestic versus overseas technology.

      China’s largest personal computer (PC) maker insisted it had suggested using a domestically-produced Linux OS for both desktop and notebook PCs in a recent PC procurement meeting for suppliers organised by the Central Government Procurement Center, according to the company statement on Tuesday.


    • Lenovo denies on voting against preloading domestic operating systems: report
      Lenovo says the report about it voting against preloading domestic operating systems (O/S) are "deliberate slander," and the company "strongly condemns" the rumor, according to a report by qq.com late Monday.

      Lenovo claimed the suggestion it made was to use a separately made domestic Linux system solution, including in desktops and notebooks, adding that the advice has been submitted.

      The company has always supported the development of domestic O/S, Lenovo said.

      The response came after domestic news site guancha.cn reported earlier the same day that four leading computer manufacturers including Lenovo voted against preloading domestic O/S in personal computers in a poll organized by a government purchasing center on May 16.


    • Linux app support coming to older Chrome OS devices
      Linux apps on Chrome OS is one of the biggest developments for the OS since Android apps. Previous reports stated Chromebooks with certain kernel versions would be left in the dust, but the Chrome OS developers have older devices on the roadmap, too.

      When Google first broke silence on Linux app functionality, it was understood that Linux kernel 4.4 was required to run apps due to dependencies on newer kernel modules. Thanks to an issue found on Chromium’s public bugtracker, we have confirmation that containers won’t be limited to the handful of Chrome OS devices released with kernel 4.4.






  • Kernel Space



    • Looking Ahead To The Linux 4.18 Kernel
      There still are several weeks to go until the Linux 4.17 kernel will be officially released and for that to initiate the Linux 4.18 merge window, but we already know some of the features coming to this next kernel cycle as well as an idea for some other work that may potentially land.




  • Applications



  • Desktop Environments/WMs



    • K Desktop Environment/KDE SC/Qt



      • Plasma 5.12.5 bugfix update for Kubuntu 18.04 LTS – Testing help required
        Are you using Kubuntu 18.04, our current LTS release?

        We currently have the Plasma 5.12.5 LTS bugfix release available in our Updates PPA, but we would like to provide the important fixes and translations in this release to all users via updates in the main Ubuntu archive. This would also mean these updates would be provide by default with the 18.04.1 point release ISO expected in late July.


      • Revisiting my talk at FOSSASIA summit, 2018
        Earlier this year, I had the chance to speak about one of KDE community’s cool projects that is helpding developers erase the line between desktop and mobile/tablet UI’s with ease. I’m referring to the Kirigami UI framework – a set of QtQuick components targetted at the mobile as well as desktop platforms.

        This is particularly important to KDE and a lot of projects are now migrating towards a Kirigami UI, particularly keeping in mind the ability to run the applications on the Plasma Mobile.


      • This Week in KDE, Part 2 : OYLG, Workspace KCM, Single/Double Click
        Last weekend, I went to Ä°stanbul to attend Özgür Yazılım ve Linux Günleri (Free Software and Linux Days 2018) to represent LibreOffice. We had 3 presentations during the event about LibreOffice Development and The Open Document Format. We had booth setup with stickers, flyers, roll-up etc. These were all thanks to The Document Foundation’s supports! You can find detailed information about the event from here : https://wiki.documentfoundation.org/Events/2018/OYLG2018


      • Watching the Detectives


        For instance, Kevin Ottens has been writing about understanding the KDE community by the “green blobs” method, showing who is active when. Lays Rodrigues has written about using Gource to show Plasma growing up. Nate Graham describes the goings-on in the KDE community nearly every week.

        Those are, roughly: a metric-, a visual-, and a story-based approach to understanding the community, over different timescales. But understanding of a system doesn’t come from a single dimension, from a single axis of measurement. It comes from mixing up the different views to look the system as a whole.


      • Managing cooking recipes
        I like to cook. And sometimes store my recipes. Over the years I have tried KRecipes, kept my recipes in BasKet notes, in KJots notes, in more or less random word processor documents.

        I liked the free form entering recipes in various notes applications and word processor documents, but I lacked some kind of indexing them. What I wanted was free-ish text for writing recipes, and some thing that could help me find them by tags I give them. By Title. By how I organize them. And maybe by Ingredient if I don’t know how to get rid of the soon-to-be-bad in my refridgerator.


      • KDAB at Qt Contributor’s Summit 2018, Oslo
        KDAB is a major sponsor of this event and a key independent contributor to Qt as our blogs attest.

        Every year, dedicated Qt contributors gather at Qt Contributors’ Summit to share with their peers latest knowledge and best practices, ensuring that the Qt framework stays at the top of its game. Be a Contributor to Qt!


      • Krita 2018 Sprint Report
        This weekend, Krita developers and artists from all around the world came to the sleepy provincial town of Deventer to buy cheese — er, I mean, to discuss all things Krita related and do some good, hard work! After all, the best cheese shop in the Netherlands is located in Deventer. As are the Krita Foundation headquarters! We started on Thursday, and today the last people are leaving.
      • Back from Krita Sprint 2018
        Yesterday I came back from 3,5 days of Krita Sprint in Deventer. Even if nowadays I have less time for Krita with my work on GCompris, I’m always following what is happening and keep helping where I can, especially on icons, and a few other selected topics. And it’s always very nice to meet my old friends from the team, and the new ones!


      • GSoC 2018 Week #1 with KDE
        There were quite some implementations out of the pre-plans and were huge. They got me very nervous at first. Such changes meant big updation in the code base and lots of time to have everything in place and with no warnings/errors ( well I can’t say much about bugs :p as they always arise in some cases which I or others haven’t tried, but hopefully they will be much less ).




    • GNOME Desktop/GTK





  • Distributions



    • New Releases



      • Bodhi Linux 5.0 Enters Development Based on Ubuntu 18.04 LTS, First Alpha Is Out
        Now that Canonical released Ubuntu 18.04 LTS (Bionic Beaver), more and more Ubuntu-based GNU/Linux distributions would want to upgrade to it for their next major releases, including Bodhi Linux with the upcoming 5.0 series. The first Alpha is here today to give us a glimpse of what to expect from the final release.

        Besides being based on Ubuntu 18.04 LTS, the Bodhi Linux 5.0 operating system will be shipping with the forthcoming Moksha 0.3.0 desktop environment based on the Enlightenment window manager/desktop environment, and it's powered by the Linux 4.9 kernel series. Also, it supports 32-bit PAE and non-PAE systems.


      • Emmabuntüs Debian Edition Linux Is Now Based on Debian GNU/Linux 9.4 "Stretch"
        Emmabuntüs Linux developer Patrick d'Emmabuntüs informs us today on the immediate availability for download of the Emmabuntüs Debian Edition 2 1.02 release.

        Emmabuntüs Debian Edition 2 1.02 is the second maintenance update to the Debian-based operating system used in schools and other educational institutions across the globe. It's based on the latest Debian GNU/Linux 9.4 "Stretch" operating system and brings various updated components, as well as improvements like the ability to turn off the script that handles the screensaver images and support for automatically detecting and configuring printers.




    • Slackware Family



      • VLC rebuilt for -current, Chromium and Palemoon updated
        Browser updates: both Google Chromium (66.0.3359.181) and Palemoon (27.9.2) released new versions last week which I packaged for Slackware 14.2 and -current. The Palemoon update contains CVE-tagged security fixes. You are advised to upgrade.




    • Red Hat Family



    • Debian Family



      • OSCAL'18 Debian, Ham, SDR and GSoC activities
        Debian has three Google Summer of Code students in Kosovo this year. Two of them, Enkelena and Diellza, were able to attend OSCAL. Albania is one of the few countries they can visit easily and OSCAL deserves special commendation for the fact that it brings otherwise isolated citizens of Kosovo into contact with an increasingly large delegation of foreign visitors who come back year after year.


      • Derivatives



        • Parrot 4.0 is out
          Parrot 4.0 has been released. Parrot is a security-oriented distribution aimed at penetration tests and digital forensics analysis, with additional tools to preserve privacy.


        • Parrot 4.0 release notes


        • Canonical/Ubuntu



          • Don’t expect Ubuntu maker Canonical to IPO this year
            Canonical, the company best known for its Ubuntu Linux distribution, is on a path to an IPO. That’s something Canonical founder and CEO Mark Shuttleworth has been quite open about. But don’t expect that IPO to happen this year.

            “We did decide as a company — and that’s not just my decision — but we did decide that we want to have a commercial focus,” Shuttleworth told me during an interview at the OpenStack Summit in Vancouver, Canada today. “So we picked cloud and IoT as the areas to develop that. And being a public company, given that most of our customers are now global institutions, it makes for us also to be a global institution. I think it would be great for my team to be part of a public company. It would be a lot of work, but we are not shy of work.”

            Unsurprisingly, Shuttleworth didn’t want to talk about the exact timeline for the IPO, though. “We will do the right thing at the right time,” he said. That right time is not this year, though. “No, there is a process that you have to go through and that takes time. We know what we need to hit in terms of revenue and growth and we’re on track.”


          • Ubuntu Weekly Newsletter Issue 528


            Welcome to the Ubuntu Weekly Newsletter, Issue 528 for the week of May 13 – 19, 2018.


          • Ubuntu 18.04 Bionic Beaver - Canonical giveth, Canonical taketh


            This review focuses on Ubuntu with Gnome 3 - and so I will leave my findings with the Unity desktop separate, except a single sentence: Unity is the desktop environment that 18.04 should have had, and everything else is a fallout consequence of that. So yes, Ubuntu Bionic Beaver is okay. But that's like saying paying mortgage for the rest of your life and then dying unceremoniously is okay. It's not okay. Mediocre has never been anything to strive for. EVER.

            Ubuntu Beaver does a few things well - and with some updates, it's also polished up some of them early turds, as I've outlined in the Kubuntu review; hint, the same is ALSO happening in Kubuntu, and we may have a presentable offering soon. Yes to media, phones, app stack, package management. But then, the network side of things should be better, resource utilization should be better, the desktop should be more usable for ordinary humans. It's ridiculous that you NEED extensions to use Gnome 3, in addition to all the hacks Canonical introduced to make the system usable. So yes, if you wanna be mediocre go for it. 7/10. If not, wait for Kubuntu or MATE to get its game together, or stick Unity onto 18.04. More to follow soon.


          • Canonical founder Mark Shuttleworth takes aim at VMware and Red Hat at OpenStack Summit
            “Google, IBM, Microsoft [are] all investing and innovating to drive down the cost of infrastructure. Every single one of those companies engages with Canonical to deliver public services,” he said.

            “Not one of them engages with VMware to offer those public services – they can’t afford to. Clearly they have the cash, but they have to compete – and so does your private cloud.”

            To capitalise on this trend, the firm is in the throes of rolling out a migration service to help users shift from VMware to a “fully managed” version of Canonical’s Ubuntu OpenStack distribution, which Shuttleworth said costs half as much to run.

            “When we take out VMware, and displace VMware, we are regularly told that a fully managed OpenStack solution costs half of the equivalent VMware estate [to run],” he added.










  • Devices/Embedded





Free Software/Open Source



  • Open Source Storage: 64 Applications for Data Storage
    As data storage needs continue to grow and many organizations move toward software-defined infrastructure, more enterprises are using open source software to meet some of their storage needs. Projects like Hadoop, Ceph, Gluster and others have become very common at large enterprises.

    Home users and small businesses can also benefit from open source storage software. These applications can make it possible to set up your own NAS or SAN device using industry-standard hardware without paying the high prices vendors charge for dedicated storage appliances. Open source software also offers users the option to set up a cloud storage solution where they have control over security and privacy, and it can also offer affordable options for backup and recovery.


  • OpenStack Moves Beyond the Cloud to Open Infrastructure
    The OpenStack Summit got underway on May 21, with a strong emphasis on the broader open-source cloud community beyond just the OpenStack cloud platform itself.

    At the summit, the OpenStack Foundation announced that it was making its open-source Zuul continuous development, continuous integration (CI/CD) technology a new top level standalone project. Zuul has been the underlying DevOps CI/CD system that has been used for the past six years, to develop and test the OpenStack cloud platform.


  • OpenStack makes Zuul continuous delivery tool its second indie project
    The OpenStack Foundation has launched its Zuul continuous delivery and integration tool as a discrete project.

    Zuul is therefore Foundation’s second project other than OpenStack itself. The first was Kata Containers. Making Zuul a standalone effort therefore advance’s the Foundation’s ambition to become a bit like the Linux and Apache Foundations, by nurturing multiple open source projects.


  • OpenStack spins out its Zuul open source CI/CD platform
    There are few open-source projects as complex as OpenStack, which essentially provides large companies with all the tools to run the equivalent of the core AWS services in their own data centers. To build OpenStack’s various systems the team also had to develop some of its own DevOps tools, and, in 2012, that meant developing Zuul, an open-source continuous integration and delivery (CI/CD) platform. Now, with the release of Zuul v3, the team decided to decouple Zuul from OpenStack and run it as an independent project. It’s not quite leaving the OpenStack ecosystem, though, as it will still be hosted by the OpenStack Foundation.


  • Nextcloud 13: How to Get Started and Why You Should
    In its simplest form, the Nextcloud server is "just" a personal, free software alternative to services like Dropbox or iCloud. You can set it up so your files are always accessible via the internet, from wherever you are, and share them with your friends. However, Nextcloud can do so much more.

    In this article, I first describe what the Nextcloud server is and how to install and set it up on GNU/Linux systems. Then I explain how to configure the optional Nextcloud features, which may be the first steps toward making Nextcloud the shell of a complete replacement for many proprietary platforms existing today, such as Dropbox, Facebook and Skype.


  • Why use Puppet for automation and orchestration
    Puppet the company bills Puppet the automation tool as the de facto standard for automating the delivery and ongoing operation of hybrid infrastructure. That was certainly true at one time: Puppet not only goes back to 2005, but also currently claims 40,000 organizations worldwide as users, including 75 percent of the Fortune 100. While Puppet is still a very strong product and has increased its speed and capabilities over the years, its competitors, in particular Chef, have narrowed the gap.

    As you might expect from the doyenne of the IT automation space, Puppet has a very large collection of modules, and covers the gamut from CI/CD to cloud-native infrastructure, though much of that functionality is provided through additional products. While Puppet is primarily a model-based system with agents, it supports push operations with Puppet Tasks. Puppet Enterprise is even available as a service on Amazon.


  • Events



  • Web Browsers



    • Mozilla



      • Mozilla uncovers ‘new conceptual framework’ for open source
        A report has been generated which claims to offers ‘a new conceptual framework’ of open source project archetypes.

        This research cover aspects of open source spanning business objectives, licensing, community standards, component coupling and project governance.

        It also contains some practical advice on how to use the framework (it actually is a working framework) and on how to set up projects.


      • Qt for WebAssembly – check out the examples!


        WebAssembly is now supported by all major web browsers as a binary format for allowing sand-boxed executable code in web pages that is nearly as fast as native machine code. Qt for WebAssembly makes it possible to run Qt applications on many web browsers without any download steps or special server requirements (other than serving the wasm file).

        To give you a closer look, we compiled some demos. For best performance, use Firefox.


      • Redeploying Taskcluster: Hosted vs. Shipped Software
        The Taskcluster team’s work on redeployability means switching from a hosted service to a shipped application.

        A hosted service is one where the authors of the software are also running the main instance of that software. Examples include Github, Facebook, and Mozillians. By contrast, a shipped application is deployed multiple times by people unrelated to the software’s authors. Examples of shipped applications include Gitlab, Joomla, and the Rust toolchain. And, of course, Firefox!






  • Pseudo-Open Source (Openwashing)



  • Funding



    • City student emerges winner in Google contest

      Abishek, who lives in Panangad, was among the 1,000-odd students roped in by FOSSASIA, an organisation from Asia engaged in developing open source software, as part of the contest. He was asked to complete 93 coding tasks in 49 days between November and January this year.



    • Open source startup Tidelift snags $15 mln Series A
      Boston-based Tidelift, an open source startup, has secured $15 million in Series A funding. General Catalyst, Foundry Group and former Red Hat Chairman and CEO Matthew Szulik led the round. In conjunction with the funding, Larry Bohn, managing director at General Catalyst, Ryan McIntyre, co-founder and managing director at Foundry Group and Szulik have all joined Tidelift’s board of directors.
    • Tidelift raises $15M to find paying gigs for open-source developers maintaining key projects
      Tidelift wants to give open-source developers a way to earn some money for contributing to important open-source projects and while helping the companies that are using those projects in key parts of their business, and it just raised $15 million to build those connections.

      General Catalyst, Foundry Group, and former Red Hat CEO Matthew Szulik co-led the Series A founding round into the Boston-based startup, the first time the 17-person company has taken financing, said Donald Fischer, co-founder and CEO of Tidelift. The other co-founders — Havoc Pennington, Jeremy Katz, and Luis Villa — share a wealth of open-source experience across companies like Red Hat and organizations like The Wikimedia Foundation and the Mozilla Foundation.
    • Tidelift Raises $15M Series A To Make Open Source Work Better--For Everyone




  • BSD



    • DragonFlyBSD 5.3 Works Towards Performance Improvements
      Given that DragonFlyBSD recently landed some SMP performance improvements and other performance optimizations in its kernel for 5.3-DEVELOPMENT but as well finished tidying up its Spectre mitigation, this weekend I spent some time running some benchmarks on DragonFlyBSD 5.2 and 5.3-DEVELOPMENT to see how the performance has shifted for an Intel Xeon system.




  • FSF/FSFE/GNU/SFLC



  • Licensing/Legal



    • VMware Announces OpenStack 5, Tesla Releases Some Source Code, KDE's Plasma 5.13 Beta and More
      Tesla has released some of the source code for its in-car tech. Engadget reports that the company "has posted the source code for both the material that builds the Autopilot system image as well as the kernels for the Autopilot boards and the NVIDIA Tegra-based infotainment system used in the Model S and Model X."


    • Tesla inches toward GPL compliance in low gear: Source code forcibly ejected into public
      Following five years of hectoring, Tesla has released a portion of the open-source code it's obligated to provide under the terms of the GNU General Public License (GPL).

      Since 2013, the Software Freedom Conservancy (SFC), responding to complaints of GPL violations related to software in the Tesla Model S, has pressed the carmaker to comply with the terms of the GPL.

      The SFC provides legal support to open source projects. In theory, Tesla could be sued for flouting the GPL, but even the SFC, which backed the controversial GPL claim against VMware, prefers resolving compliance issues outside of court.




  • Openness/Sharing/Collaboration



    • Phase Genomics and Pacific Biosciences Announce the Release of Co-Developed Genome Assembly Phasing Software - 'FALCON-Phase'
      FALCON-Phase is available as open source to scientists and also as a service through Phase Genomics. Scientists can utilize the new software to advance their current research and even revive historic genome projects with the addition of Hi-C data.


    • Open Data



      • Mapping Palestine Before Israel
        During the founding of the state, the Israeli military destroyed more than 500 Palestinian villages; some were completely abandoned, while others became the foundation for Jewish villages and towns. Some villages survived. A new open-source mapping project, Palestine Open Maps, allows users to see the Palestinian landscape as it looked before 1948—and to search for villages and towns from that era to find out whether they remain, were depopulated, or were built over.

        [...]

        The maps’ level of detail is exceptional, showing roads, topographic features, and property boundaries. The team’s next task: to make the maps downloadable.

        [...]

        In the decades since 1948, what Palestinians call the nakba (“catastrophe”) remains a matter of debate between the sides of the Israeli-Palestinian conflict. For Barclay, an aim of the mapping project is to clarify at least one part of this debate: the land itself, and what was once there. “Putting the villages on screen that were destroyed, depopulated, and built over in the form of these maps makes what happened irrefutable,” he said. He also noted the irony of using the maps of the former colonizer for such a project. “The British essentially drew these maps as part of their control of Palestine,” he said. “But the maps unintentionally captured the moment before the destruction occurred.”








Leftovers



  • Science



  • Hardware



  • Health/Nutrition



    • World Health Assembly Begins Discussion On Access To Medicines
      On the second day of this week’s annual World Health Assembly, delegates began discussing the issue of “shortages of, and access to, medicines and vaccines.” It is generally held that access to safe, efficacious, and affordable medicines is of paramount importance to achieve the United Nations Sustainable Development Goals by 2030, but there seems to be no expeditious solution, and no lack of divergent views on how to get there.


    • Global Antimicrobial Resistance R&D Hub Launched At Health Assembly
      According to a press release today from the German Federal Ministry of Education and Research, “the German Federal Government has led the establishment of the Global AMR R&D Hub: Under the German Presidency, the G20 Heads of State and Government resolved in the summer of 2017 to intensify global cooperation in the fight against AMR. The Federal Research Ministry subsequently proposed plans for the Global AMR R&D Hub and supported its establishment. Initially, the secretariat of the Global AMR R&D Hub will be based in Berlin, at the German Center for Infection Research (DZIF).”

      “We urgently need new drugs, particularly antibiotics, in the fight against infectious diseases in order to protect the health and lives of people around the world,” German Federal Research Minister Anja Karliczek said in the release. “Resources need to be used more effectively in order to develop more new treatments, diagnostics and prevention measures for resistant pathogens. We will therefore strengthen and improve the coordination of our research on antimicrobial resistance at the national and international level.”


    • WHO Director Dr Tedros Opens First Annual World Health Assembly With ‘Keys For Success’
      According to Tedros, the eradication of smallpox stands as one of the greatest achievement in the history of the WHO but also in the history of medicine. This victory shows “what WHO is capable of,” he said, adding that it could change the course of history, with partners.


    • Global Influenza Initiative Celebrates 10 Years, Adds Former WHO Official
      As the annual World Health Assembly opened today, a global initiative for sharing influenza genetic data celebrated its tenth anniversary and announced new senior advisors for international affairs and biosecurity issues, one of which is Marie-Paule Kieny, former World Health Organization Assistant Director-General for Health Systems and Innovation.




  • Security



    • Google and Microsoft disclose new CPU flaw, and the fix can slow machines down
      Microsoft and Google are jointly disclosing a new CPU security vulnerability that’s similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says “these mitigations are also applicable to variant 4 and available for consumers to use today.”

      However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts.



    • Spectre variants 3a and 4
      Intel has, finally, disclosed two more Spectre variants, called 3a and 4. The first ("rogue system register read") allows system-configuration registers to be read speculatively, while the second ("speculative store bypass") could enable speculative reads to data after a store operation has been speculatively ignored. Some more information on variant 4 can be found in the Project Zero bug tracker. The fix is to install microcode updates, which are not yet available.


    • Red Hat Says It'll Soon Fix the Speculative Store Bypass Security Vulnerability
      Red Hat informed us today that they are aware of the recently disclosed Speculative Store Bypass (CVE-2018-3639) security vulnerability and will soon release updates to mitigate the issue on all of its affected products.

      Speculative Store Bypass (CVE-2018-3639) is a security vulnerability recently unearthed by various security researchers from Google and Microsoft, and it appears to be a fourth variant of the Spectre hardware bug publicly disclosed earlier this year in modern microprocessor, and later discovered to affect billions of devices. The Speculative Store Bypass vulnerability appearently lets an unprivileged attacker to bypass restrictions and gain read access to privileged memory.
    • Spectre chip security vulnerability strikes again; patches incoming
      After the first-wave of Spectre and Meltdown attacks were conquered, people relaxed. That was a mistake.

      Since the CPU vulnerabilities Spectre and Meltdown showed an entirely new way to attack systems, security experts knew it was only a matter of time until new assault methods would be found.

      They've been found.


    • Spectre Variants 3A & 4 Exposed As Latest Speculative Execution Vulnerabilities


    • Speculative Store Bypass explained: what it is, how it works


    • After Meltdown and Spectre, Another Scary Chip Flaw Emerges

      At the same time, though, a larger concern was also looming: Spectre and Meltdown represented a whole new class of attack, and researchers anticipated they would eventually discover other, similar flaws. Now, one has arrived.



    • 22 essential security commands for Linux
      There are many aspects to security on Linux systems – from setting up accounts to ensuring that legitimate users have no more privilege than they need to do their jobs. This is look at some of the most essential security commands for day-to-day work on Linux systems.


    • CVE-2018-3639: Spectre Variant 4 Vulnerability Affects the Linux Kernel
      A Spectre variant 4 vulnerability has been identified in the Linux kernel and represents a very dangerous threat to all affected machines. All system administrators are urged to apply the latest updates as soon as possible to mitigate any possible impact.


    • Spectre Number 4, STEP RIGHT UP!
      In the continuing saga of Meltdown and Spectre (tl;dr: G4/7400, G3 and likely earlier 60x PowerPCs don't seem vulnerable at all; G4/7450 and G5 are so far affected by Spectre while Meltdown has not been confirmed, but IBM documentation implies "big" POWER4 and up are vulnerable to both) is now Spectre variant 4. In this variant, the fundamental issue of getting the CPU to speculatively execute code it mistakenly predicts will be executed and observing the effects on cache timing is still present, but here the trick has to do with executing a downstream memory load operation speculatively before other store operations that the load does not depend on. If the CPU is convinced to speculatively execute down this victim path incorrectly, it will revert the stores and the register load when the mispredict is discovered, but the loaded address will remain in the L1 cache and be observable through means similar to those in other Spectre-type attacks.


    • Email Might Be Impossible To Encrypt


    • Email Is Dangerous
      One week ago, a group of European security researchers warned that two obscure encryption schemes for email were deeply broken. Those schemes, called OpenPGP and S/MIME, are not the kinds of technologies you’re using but don’t know it. They are not part of the invisible and vital internet infrastructure we all rely on.

      This isn’t that kind of story.

      The exploit, called Efail by the researchers who released it, showed that encrypted (and therefore private and secure) email is not only hard to do, but might be impossible in any practical way, because of what email is at its core. But contained in the story of why these standards failed is the story of why email itself is the main way we get hacked, robbed, and violated online. The story of email is also the story of how we lost so much of our privacy, and how we might regain it.


    • Real Security Begins At Home (On Your Smartphone)
      When the FBI sued Apple a couple of years ago to compel Apple's help in cracking an iPhone 5c belonging to alleged terrorist Syed Rizwan Farook, the lines seemed clearly drawn. On the one hand, the U.S. government was asserting its right (under an 18th-century statutory provision called the All Writs Act) to force Apple to develop and implement technologies enabling the Bureau to gather all the evidence that might possibly be relevant in the San Bernardino terrorist-attack case. On the other, a leading tech company challenged the demand that it help crack the digital-security technologies it had painstakingly developed to protect users — a particularly pressing concern given that these days we often have more personal information on our handheld devices than we used to keep in our entire homes.


    • Software fault triggered Telstra mobile network outage

      The blackout was the third in May, with an outage to its triple-zero service occurring on 4 May after a cable between Bowral and Orange in NSW was cut due to lightning. On 1 May, the telco suffered an outage of its NBN services and 4G services.

    • Security updates for Tuesday


    • Red Hat responds to Speculative Store Bypass and helps explain Variant 4 chip vulnerability
    • Microsoft, Google: We've found a fourth data-leaking Meltdown-Spectre CPU hole
    • Google and Microsoft Reveal New Spectre Attack




  • Defence/Aggression



    • This Article From 1985 Predicted Deadly Force by Police Would Be 'Nonexistent' in the Future
      When you imagine the American police officer of the future, what do you see? In the 1980s, one police officer saw “supercops”—a highly trained force of professionals who had the most high-tech toys at their disposal and almost never killed people.

      James R. Metts wrote an article for the October 1985 issue of The Futurist magazine about these “supercops” of the future. The piece is part utopian fantasy (jetpacks!) and part dystopian nightmare (surveillance!), but it’s also a fascinating look into what some people thought cops would look like in the future—just two years before the original RoboCop would hit theaters.


    • The U.S. Considered Declaring Russia a State Sponsor of Terror, Then Dropped It
      The attempt to kill a former Russian spy in England bore an ominous signature: The assailants used a lethal nerve agent of a type developed in the Soviet Union, and British investigators quickly concluded that only the Kremlin could have carried out such a sophisticated hit.

      Soon after the March attack, Rex Tillerson, then the U.S. secretary of state, ordered State Department officials to outline the case for designating Russia as a state sponsor of terrorism under U.S. law. Experts in the department’s Bureau of Counterterrorism began to assemble what they thought was a strong case.

      But almost as quickly as the review began — within about two days — the secretary of state’s office sent new instructions to drop the initiative, according to State Department officials familiar with the episode.


    • 2,000 years ago in Denmark, a fierce battle left dozens dead
      Months after the battle, people ritually damaged remains and put them under water.


    • Russia downs drone near military base in Syria
      The Russian military sais on Monday it shot down an unidentified drone approaching the Russian Hmeimim air base in Syria's Latakia province.

      A statement carried on Monday by Russian news agencies reported that there were no casualties or damage to the base.

      The Hmeimim air base serves as the main hub for Russian operations in Syria.




  • Transparency/Investigative Reporting



    • Australian workers and youth defend Julian Assange
      Over the past week, the imperialist-led campaign against WikiLeaks editor Julian Assange has intensified. The Guardian, acting as a mouthpiece of the intelligence agencies, has published a stream of articles aimed at providing the pretext for Assange to be expelled from Ecuador’s London embassy, where he was granted political asylum almost six years ago, and forced into the hands of the British and US authorities.

      [...]

      The sentiments of ordinary people stand in stark contrast to the venomous hostility to Assange on the part of governments and the corporate media. On Sunday, the Socialist Equality Party held a successful public meeting in Brisbane, concluding a national series titled “Organise Resistance to Internet Censorship, Free Julian Assange.” The Brisbane meeting, like previous events in Sydney, Melbourne and Newcastle, was attended by workers, retirees, students and WikiLeaks supporters.


    • For Ecuador, Currying Favor with Washington is as Simple as Sacrificing Julian Assange
      For all practical purposes, whistleblower and WikiLeaks founder Julian Assange is now a prisoner in asylum at the Embassy of Ecuador in London, facing the torture of near-total isolation from the outside world and hanging by the thread of the Andean state’s dwindling hospitality.

      On Thursday, the Australian – who, strangely enough, was given Ecuadorian citizenship last December – faced a new layer of precariousness atop his six-year refuge, when Ecuadorean President Lenin Moreno ordered that additional security assigned to the building be withdrawn.


    • Assange looks to be one step closer to eviction from embassy
      After half a decade of stagnation, the story of Wikileaks founder Julian Assange and his endless stay at the Ecuadorian embassy in London may be moving into high gear. It was only a week ago when we learned that his hosts were talking about either trying to sneak him out of the country to Russia or simply telling him to pack his things and walk out the door. They were also complaining about his grubby living conditions and describing him as being a “threat” to embassy personnel. Now, in yet another signal that it may be time to go, Ecuador has fully withdrawn Assange’s special security detail who had been protecting him. (Reuters)


    • Assange Team Lawyer: It's Important That Ecuador Maintains Independence From US
      Former Ecuadorian President Rafael Correa has blasted the country’s government for depriving WikiLeaks founder Julian Assange of access to the outside world. Meanwhile Ecuador’s Foreign Minister Maria Espinosa stated that she and the UK share the intention to solve the issue. Sputnik spoke with Greg Barns, a member of Julian Assange’s legal team.


    • Judge admonishes ex-CIA worker over protective order
      A federal judge has sternly reminded a former CIA employee who may face charges connected to a leak at the agency that he can't discuss sensitive material covered by a protective order with anyone other than his attorney.

      U.S. District Judge Paul A. Crotty spoke to 29-year-old Joshua Schulte on Monday at prosecutors' request.


    • Accused CIA leaker must keep quiet about case, judge says
      Prosecutors said in Manhattan Federal Court that the terms of a September 2017 protective order regarding the case of Joshua Schulte, 29, had been broken by recent articles revealing he is under investigation for leaking the closely guarded cyber tools.


    • Alleged CIA leaker accused of sending press info about case
      A former CIA software engineer suspected of leaking classified documents to Wikileaks is also leaking information about his case to the press, it emerged in Manhattan federal court on Monday.


    • Suspect identified in CIA ‘Vault 7’ leak, that revealed iOS-Mac exploits
      U.S. Authorities have identified a major suspect in the so-called “Vault 7” leak that has released a huge cache of information detailing the Central Intelligence Agency’s cyber-tools, including software exploits targeting iPhone and Mac devices.


    • Courts Says CIA Can Dump Classified Info To Members Of The Public And Still Deny They've Been Publicly Released
      Journalist Adam Johnson's FOIA lawsuit against the CIA has been brought to a halt. Johnson sued the CIA for refusing to release classified documents it had previously voluntarily "leaked" to selected journalists. The CIA argued the documents were still classified and not subject to FOIA requests. Johnson argued the CIA had already released the documents to the public when it decided to release this classified info to journalists.

      Back in February, it appeared the court was on Johnson's side. Responding to the government's motion to dismiss, the court pointed out the CIA couldn't waive FOIA exemptions when dumping docs to journalists and then seek to use them when other journalists asked for the same info.






  • Finance



    • Rupert Murdoch Believes In The Free Market... Until His Company Is Struggling: Then He Wants To Regulate Competitors


      Yes, Rupert Murdoch believes this right up until his own companies have trouble adapting and competing. Then he goes running to government to regulate those companies who are actually succeeding.

      There may be reasonable arguments for certain kinds of regulations. But Murdoch's only reason for calling for regulations of internet companies -- after whining about socialism and talking up free markets -- is pretty blatantly an attempt to whine for a handout for his own businesses that have failed to adapt to changing times.




  • AstroTurf/Lobbying/Politics



    • Twitter bots may have affected voters on Brexit, U.S. presidential race: study

      “Overall, our results suggest that the aggressive use of Twitter bots, coupled with the fragmentation of social media and the role of sentiment, could contribute to the vote outcomes,” wrote the authors of the paper, researchers at the University of California at Berkeley and the United Kingdom's Swansea University.



    • Twitter Bots May Have Boosted Donald Trump's Votes by 3.23%, Researchers Say

      Automated tweeting played a small but potentially decisive role in the 2016 Brexit vote and Donald Trump’s presidential victory, the National Bureau of Economic Research working paper showed this month. Their rough calculations suggest bots added 1.76 percentage point to the pro-“leave” vote share as Britain weighed whether to remain in the European Union, and may explain 3.23 percentage points of the actual vote for Trump in the U.S. presidential race.



    • “Just be fair”: when does journalism undermine its own reputation?
    • Media Ignore Government Influence on Facebook’s Plan to Fight Government Influence
      Facebook announced Thursday it was partnering with DC think tank the Atlantic Council to “monitor for misinformation and foreign interference.” The details of the plan are vague, but Atlantic Council’s Digital Forensic Research Lab wrote in a non-bylined Medium post (5/17/18) that the goal was to design tools “to bring us closer together” instead of “driving us further apart.” Whatever that means, exactly.

      Behind its generic-sounding name and “nonpartisan” label, the Atlantic Council is associated with very particular interests. It’s funded by the US Department of State and the US Navy, Army and Air Force, along with NATO, various foreign powers and major Western corporations, including weapons contractors and oil companies. The Atlantic Council is dead center in what former President Obama’s deputy national security advisor Ben Rhodes called “the blob”—Washington’s bipartisan foreign-policy consensus. While there is some diversity of opinion within the Atlantic Council, it is within a very limited pro-Western ideological framework—a framework that debates how much and where US military and soft power influence should be wielded, not if it should in the first place.
    • Antifa or Antiwar: Leftist Exclusionism Against the Quest for Peace
      CounterPunch has astonished many of its old fans by its current fundraising ad portraying the site as a prime target of Russia hostility. Under the slogan, “We have all the right enemies”, CP portrays itself as a brave little crew being blown off the water by an evil Russian warship out to eliminate “lefty scum.”

      Ha Ha Ha, it’s all a joke of course. But it’s a joke that plays into the dangerous, current Russophobia promoted by Clintonite media, the deep state and the War Party. This is a reminder that Russophobia finds a variant in the writing of several prominent CounterPunch contributors.

      Yes, CounterPunch continues to publish many good articles, but appears also to be paying its tribute to the establishment narrative.

      Put on the defensive by the “fake news” assault against independent media, CP senior editor Jeffrey St Clair seemed to be shaken by Washington Post allegations that he had published articles by a “Russian troll” named Alice Donovan. St Clair never publicly questioned the FBI claim that the ephemeral plagiarist worked for the Kremlin, when she could as well have been planted by the FBI itself or some other agency, precisely in order to embarrass and intimidate the independent website.
    • Why Are So Many Democrats Afraid of Impeachment?
      Party leaders need to make clear that impeachment is always valid when there is evidence of presidential wrongdoing, cover-ups, and corruption of justice.
    • Virtually Everything the Government Did to WikiLeaks is Now Being Done to Mainstream US Reporters
      At Freedom of the Press Foundation, we believe it’s vital to defend WikiLeaks’ right to gather and publish classified information in the public interest, just as it’s vital to protect the rights of Associated Press and Fox News to do the same. Under the law, the AP, Fox News, and WikiLeaks are no different (a fact that even the government argues). If one falls, the others will not be far behind.

      Despite this fact, many journalists and mainstream media organizations purposefully stayed silent when WikiLeaks first came under attack by the Justice Department in early 2011. That disappointing silence left open the possibility that the Justice Department could use those same tactics against others in the future.

      And unfortunately now it's clear: virtually every move made by the Justice Department against WikiLeaks has now also been deployed on mainstream US journalists.
    • Philip Cross Madness Part IV
      Mike Barson, keyboard player of the great ska group Madness, had his Wikipedia entry amended by “Philip Cross” to delete his membership of Momentum and interview with The Canary.

      [...]

      A number of people have opined in reply to my posts that the time spent to make all of Cross’s daily edits, as per the number of keystrokes, is not great. That ignores the colossal effort that goes into research and above all monitoring of Wikipedia by the “Philip Cross” operation.

      Finally, this is an excellent example of the bias of Wikipedia. The information about Barson is totally true. He is a proud member of Momentum. It is also quite interesting and an important bit of his life. But according to Wikipedia’s pro-MSM rules, “Philip Cross” can indeed delete it because the information is not from an MSM source. In the unlikely event of the Times or Telegraph ever writing about Barson’s Momentum membership, it would of course be in a hos




  • Censorship/Free Speech



  • Privacy/Surveillance



    • Progressive groups launch petition for government to break up Facebook

      The groups, which include the Content Creators Coalition, Demand Progress and the Open Markets Institute, are urging the Federal Trade Commission (FTC) to force Facebook to do three things: spin off its subsidiaries like Instagram and WhatsApp into separate companies, make it possible to communicate across third-party social media platforms and strengthen its privacy rules.



    • The most significant UK data breaches

      With only months until GDPR comes into effect in May 2018, high-profile breaches are still occurring. Here are some of the more significant from UK organisations.



    • Cookies That Go the Other Way
      The original cookie allowed the server to remember the client when it showed up again. Later the cookie would remember other stuff: for example, that the client was a known customer with a shopping cart.

      Cookies also came to remember fancier things, such as that a client has agreed to the server's terms of use.

      In the last decade, cookies also arrived from third parties, some for site analytics but mostly so clients could be spied on as they went about their business elsewhere on the web. The original purpose was so those clients could be given "relevant" and "interest-based" advertising. What matters is that it was still spying and a breach of personal privacy, no matter how well its perpetrators rationalize it. Simply put, websites and advertisers' interests end at a browser's front door. (Bonus link: The Castle Doctrine.)

      Thanks to the EU's General Data Protection Regulation (GDPR), which comes into full force this Friday, that kind of spying is starting to look illegal. (Though loopholes will be found.) Since there is a world of fear about that, 99.x% of GDPR coverage is about how the new regulation affects the sites and services, and what they can do to avoid risking massive fines for doing what many (or most) of them shouldn't have been doing in the first place.


    • Microsoft makes inroads with U.S. spy agencies [iophk: "now Russia, China, and others have easiest access to the 17 agencies data"]

      Microsoft has secured a potentially lucrative agreement that makes the full suite of the tech giant's cloud-computing platform available to 17 U.S. intelligence agencies, executives said recently, moving agencies' computer systems onto Office 365 applications and adding certain cloud-based applications not previously available to them.



    • The backlash that never happened: New data shows people actually increased their Facebook usage after the Cambridge Analytica scandal


    • Chinese school uses facial recognition to check if pupils aren't concentrating


    • Acer becomes first PC maker to bring Alexa to laptops

      Acer first revealed its plans to bring Amazon's easily-fooled AI assistant to its hardware line-up back in January, and news of the impending rollout comes just days after rival PC maker HP showed off the first all-in-one to come with Alexa smarts baked-in.

      The Acer Spin 5 line of convertibles, which come kitted out with four-microphone arrays for far-field voice detection, will be the first in line to receive the software update on 23 May, with the gaming-focused Nitro 5 Spin set to offer Alexa when it goes on sale next month.



    • Google has almost completely expunged 'don't be evil' from its Code of Conduct

      Alphabet, the shell company created to house Google and other unrelated projects such as Waymo, never used the phrase, though they have something similar, but Google has always stuck to the idea that not being evil is worth mentioning. Heck, it's even been the wifi password for shuttles to Google Campus.



    • Google Duplex will warn anyone it calls that they are being recorded

      Duplex calls will need to be recorded so they can be sent to the cloud for parsing. The other solution would be an on-device AI chip that would be much slower although Amazon is said to be looking at one as an accelerator for Echo devices.



    • Google's Duplex AI Robot Will Warn That Calls Are Recorded

      On Thursday, the Alphabet Inc. unit shared more details on how the Duplex robot-calling feature will operate when it’s released publicly, according to people familiar with the discussion. Duplex is an extension of the company’s voice-based digital assistant that automatically phones local businesses and speaks with workers there to book appointments.



  • Civil Rights/Policing



    • UK gov will have fresh [I]nternet safety laws ready in a 'couple of years'

      But you'd be wrong. The Department got Digital, Culture, Media & Sport will work with the Home Office and other government departments and industry to knock out a white paper later this year that'll set out legislation to be brought forward to tackle [I]nternet nastiness.



    • Predatory behavior runs rampant in Facebook’s addiction support groups

      After the call, Couch was surprised to find that she could not log back in to Affected by Addiction. In fact, she came to realize, she’d been banned. The experience left her feeling paranoid, like she couldn’t trust anyone. She warned her son to be careful about support groups.



    • The Pointless "Security" At Airports Stops Everyone But The Criminals
      # warning: references the Fail

      This is the antithesis of security and means that we are actually more insecure than if we put all those TSA dollars into probable cause-based policing. No showy show show at the airport out of that, but it would actually keep us safer.



    • The effect of the new UK cybersecurity laws
      Interestingly, despite earlier indications, the UK government has moved away from applying the very high potential fines linked to percentage of turnover that the GDPR has. Instead, there is a sliding scale of fines depending on the severity of the contravention with the highest being €£17 million for a material contravention which caused/could cause an immediate threat to life or significant adverse impact on the UK economy.


    • The Latest: Haspel jokes about rocky confirmation process
      Newly sworn-in CIA Director Gina Haspel says she wants to send more officers into the field, improve foreign language proficiency among the ranks and strengthen the agency's working relationships with intelligence agencies in partner nations.


    • President Trump swears in new CIA Director Gina Haspel


    • Trump targets former CIA Director John Brennan, quoting a pundit on 'Fox & Friends'
    • Here's Why Donald Trump Is Criticizing Former CIA Director John Brennan
    • Trump lambastes a former CIA director ahead of installation of a new one
    • Group affected by CIA brainwashing experiments wants public apology, compensation from government
      A group of Canadians affected by CIA brainwashing experiments conducted at McGill University's Allan Memorial Institute met for the first time on Sunday to start organizing for a public apology and compensation from the federal government through a possible class-action.

      Around 40 people gathered at a Montreal condo to share their stories, cry and support each other. The pain, many said, was palpable in the room.

      "The government should offer an apology and there should be recognition of the injustice that was done," says Gina Blasbalg, who became a patient at the Allan in her teens in 1960, and drove with her husband from Richmond, B.C., to attend the weekend meeting.

      ​Survivors Allied Against Government Abuse (SAAGA), as the group calls itself, includes both victims and family members of people who were unwitting participants in brainwashing experiments conducted under the supervision of Dr. Ewen Cameron, director of the psychiatric hospital between 1943 and 1964.


    • China must stop pushing territorial claims, censorship on foreign firms
      China imposes its political assertions on foreign companies, and if they do not comply, it retaliates against them. China should end this excessive censorship, which hinders free economic activities by the private sector.

      The Chinese government has demanded Japanese, U.S. and other airlines describe Taiwan, Hong Kong and Macao as part of China on their websites. They have also been directed to label Taiwan “Chinese Taiwan” and use the same color for Taiwan on their maps as the one for mainland China.


    • Chinese publishers are in uncharted territory as maps get left out of books
      New rules have made it so difficult for publishers to get maps of China past the censors that some are choosing to leave them out of books entirely.

      Three separate publishing sources have told the South China Morning Post that the process of getting them approved for publication is so difficult and costly, they’re even suggesting authors remove maps before they will go ahead with a book deal.

      While Beijing has always been fastidious about maps of China – particularly whether they include the nine-dash line showing its disputed claim in the South China Sea, and the self-ruled island of Taiwan – the censors are now also turning their attention to how the country is represented on maps of the world, and even historical maps.
    • China Now Leads the World — at Bullying
      China has made known that it wants to be the world’s premier power, and it already leads in one area: bullying. The latest example is GAP clothing retailer, which just issued a groveling apology to Beijing for releasing a t-shirt emblazoned with an “erroneous” map of China. The “error” was omitting Taiwan, parts of Tibet, and certain South China Sea islands — all places that Beijing fancies part of its territory.

      The kicker is that, apparently, the shirt wasn’t even being sold in China. In fact, it was photos of the garment taken in Canada’s Niagara region that attracted the Chinese attention after being circulated online. This reflects a little known phenomenon: Through economic bullying, China is influencing markets well beyond its borders.
    • Patriot or Double Agent? CIA Officer on Trial as U.S. Targets Spying by China


      To the U.S. government, Kevin Mallory was a man in desperate straits, with no income in his pocket but with information in his head useful to China, given his longtime work as a covert CIA officer who spoke Mandarin.


    • State TV Says Fishing Rods ‘Used To Communicate With CIA’
      Despite Iran’s Intelligence Ministry insisting there is no proof to suggest that the environmentalists who have been detained were involved in espionage against their homeland, their attorney sees no breakthrough in his clients’ situation.

      At least 13 environmentalists, charged with espionage for “enemies,” have been behind bars since January 24.

      The Islamic Revolutionary Guards Corps (IRGC) intelligence organization also detained more than 40 environmentalists, rangers, and their relatives on May 7 and 8 in Hormozgan Province, southern Iran.


    • South Carolina Legislature Repeals Racist ‘Disturbing School’ Law for Students
      In 2015, video surfaced of a police officer violently dragging a Black girl from her school desk. He was arresting her, and using shockingly excessive force, because she was “disturbing school,” a vague law that more or less made it a crime for a student to be loud, to talk back to staff or school police. In other words, it criminalized being a kid.

      Unsurprisingly, this law has disproportionately affected students of color, who are already over-policed outside the school walls, so we sued in August 2016. Last week, we scored a victory on behalf of all students who have been pulled into the maze of the state’s criminal justice system.

      On Thursday, South Carolina Gov. Henry McMaster signed an amendment repealing the crime of disturbing schools for students in the state of South Carolina. The importance of this law being signed cannot be understated. Its passage will eliminate a major source of the school-to-prison pipeline, which has caused grievous and lifelong harm to students across South Carolina.


    • Uncle Sam Is Helping Missouri Cops Steal From the State’s Public Education Fund
      When it comes to the practice of civil asset forfeiture, the state of Missouri has the right idea. State law mandates that 100 percent of proceeds from cash and property forfeitures that result in convictions be used to fund the state’s public schools. That’s a sound idea, but there’s one problem: It isn’t happening.

      In 2016, local law enforcement only sent $100,000 to public schools when it seized $6.3 million worth of property. And of that total, 44 percent went to the feds. What accounts for this discrepancy?

      Simple: Missouri law enforcement has conspired with the Department of Justice, in defiance of state law, to ensure that the cash goes into their coffers rather than to the school children of Missouri.

      In 2001, Missouri’s Civil Asset Forfeiture Act (CAFA) was amended in an effort to impede state and local law enforcement from policing for profit, a common practice in many states across the county whereby police are incentivized to seize property and pocket its cash value. CAFA aimed to ensure that upon a defendant’s conviction their seized property be handed off to the local county prosecutor who would “deposit the proceeds into the public education fund as required by the Missouri Constitution,” thereby curtailing law enforcement’s incentive to arbitrarily and pervasively seize, and then keep or cash in, property allegedly involved in a crime.


    • The CIA made a Magic: The Gathering-style card game for training agents, and we played it
      Last year during SXSW, the CIA revealed it designs elaborate tabletop games to train and test its employees and analysts. After receiving a Freedom of Information Act request, the CIA sent out censored information on three different games it uses with trainees — and thanks to Diegetic Games, an adapted version of one of them will soon be available to the public.

      CIA: Collect it All is based off a card game described in the documents as “Collection Deck,” which was designed by CIA Senior Collection Analyst David Clopper. Its play style is roughly based on Magic: The Gathering, and demonstrates how different intelligence tactics can be used to address political, economic, and military crises — and how the system often manages to screw it all up. If you want a copy of your own, there’s a funded Kickstarter campaign for it that ends on Tuesday that charges $29 for a set of physical cards or $10 for a print-and-play version.


    • It takes more than a makeover to make a woman
      Munroe Bergdorf is pushing a pretty sexist view of womanhood.


    • A Death in Slow Motion
      James “Lee” Lewis had waited years for a new heart, praying for the day he would be free of the mechanical pump doctors implanted in him in 2015. The device had extended his life after his heart began to fail, but he hated that its wires and the portable battery pack kept him tethered to land and off his fishing boat.

      [...]

      For the next three months, he remained connected to life-support machines, enduring nearly 20 follow-up surgeries and procedures, before dying on March 23. For many weeks, the hospital withheld key details about his care, the family said, including what went wrong in the operating room during his transplant.

      Along the way, his wife and daughter chronicled Lee’s downward spiral in matter-of-fact Facebook posts that belied their sadness and anger but sometimes hinted at their frustration with the transplant program. ProPublica and the Chronicle confirmed their account through a review of medical records, answers to written questions from the hospital and an interview with a physician involved in Lee’s care.

      Taken together, excerpts from their social media feeds show how loved ones coped after Lee’s transplant — his shot at deliverance — went seriously wrong.


    • An old CIA memo provides rare proof of abuses by Brazil’s dictatorship


      From 1964 to 1985, Brazil was ruled by a military dictatorship that tortured and murdered dissidents in the name of fending off communism. The generals who ran the country have long denied the use of such brutal tactics, but a newly unearthed CIA memo reveals that Brazil’s top leaders knew and approved of a policy to execute people seen as threatening to the regime.

      In the two decades after Brazil’s military overthrew a democratically elected government in 1964, researchers say, the regime committed numerous atrocities. Interrogators utilized electric shocks on victims, drilled nails into their hands and doused their extremities in alcohol before setting them on fire. Hundreds of people deemed a threat to the government died or disappeared.
    • MoD wants to maintain a register of AI experts
    • Military brainboxes ponder 'UK needs you' list of AI boffins




  • Internet Policy/Net Neutrality

    • Verizon Begins 'Testing' DSL Usage Caps It Refuses To Call Usage Caps
      For years now broadband providers have used a lack of competition to impose all manner of obnoxious additional fees on the backs of broadband consumers. That includes arbitrary and obnoxious usage caps and overage charges, which not only raise rates on captive customers, but quite intentionally make using streaming video competitors more expensive and cumbersome. Once caps are in place, large ISPs often exempt their own content from usage caps while still penalizing streaming competitors (aka zero rating).

      ISPs used to claim that such limits were necessary to manage network congestion, but as that argument was increasingly debunked (caps don't actually help manage congestion) they've shifted their justifications to more flimsy alternatives. These days, ISPs usually offer no justification at all, or issue vague declarations that they're simply trying to help users "better understand their consumption habits."



    • FCC will take public comments on Sinclair-Tribune merger


    • T-Mobile should stop claiming it has “Best Unlimited Network,” ad group says

      AT&T challenged T-Mobile's ads to the National Advertising Division (NAD), which ruled that T-Mobile hasn't substantiated its claim that it has the best wireless network.





  • Intellectual Monopolies



    • Chinese company which raised $1.3 billion in IP-backed financing has Virginia factory site foreclosed
      It would appear that the recipient of the largest ever IP-backed loan has come full circle to cautionary tale.

      Tranlin Paper, based in China’s Shandong Province, borrowed well over a billion dollars from the China Development bank in 2014 on the strength of its IP portfolio. It planned to invest part of the sum in a US-based paper mill which promised to provide 2,000 jobs.

      On the US side at least, the deal appears to have gone pear-shaped. And in China as well, serious questions are being asked about Tranlin’s financial situation.


    • Examining the Role of Patents in Firm Financing


      First, I'm working on a paper on this topic right now, using a high quality dataset that nobody has been able to exploit for this question. I hope my coauthor (David Ratigan, an economist here at Villanova) and I can do so! Hall's paper lays out some of the challenges we face, and the primary criticism of prior papers: whether the benefit of financing is simply the patent right, or instead the underlying quality of the invention. Professor Hall suggests that the best approach may be a detailed study of companies with unpatented inventions as compared to companies with patented inventions. I think it would be great, but really difficult, to do such a study. But I'm not convinced it is necessary with the proper random sample and controls. We'll find out, because that's what we're trying to do. Even if we fail, I think there is value in knowing the role of the patent right even if it is simply a proxy signal - more on this theoretical question below.

      Second, I think it would be good for law folks to read this. This is not a literature I hear discussed or cited very often.

      [...]

      This last question is the most important, and the one highlighted in this literature review. Must we separate the patent right from the patent innovation in order to determine that the patent system has value? Whenever I have propounded this theory of patenting, that's the pushback I get - that the patent is just a correlated signal with firm quality, so the patent doesn't have any real value on its own (this pushback even implies that the patent right has little value). But imagine a world where there is no patent system and firms innovate. How would they signal their quality? The method doesn't really matter, except to note that those very same firms that don't patent now can signal their quality in the exact same way.


    • A litigious Chinese Internet startup worth up to $30 billion buys patents for the first time
      China’s most popular news app, Toutiao, uses an algorithm to deliver a personalised feed of content to 120 million active users. The service, which produces no original content of its own, has dedicated most of its IP efforts to date to fending off copyright complaints. But a recent US assignment shows that it is preparing for potential patent conflict, too. Toutiao’s parent company, Bytedance, has raised money at a valuation of up to $30 billion, and remains independent of China’s three big internet giants, Baidu, Alibaba and Tencent.


    • Trademarks



    • Copyrights



      • Sleepwalking towards a perpetual (news?) publishers’ right in online publications
      • US Congress considers extending copyright term
        A Bill has been put before the US Congress that extends copyright protection for sound recordings (that were fixed before 1972) until 2067. This could mean that sound recordings fixed as early as 1923, would remain out of the public domain for evvvveeerrrr 144 years.
      • HBO Wins Stupid Copyright, Trademark Lawsuit Brought By Graffiti Artist Over 2 Seconds Of Background Scenery


        Whenever a company like HBO gets targeted with a lawsuit over intellectual property concerns, you might think we find it tempting to jump all over them in each and every case. After all, HBO has the distinction of being notably horrible when it comes to enforcing its own IP, from shutting down viewing parties, to offering streaming options, to abusing the the DMCA process just to keep spoilers from existing, as though that could possibly work.

        But the truth is the fun we have in cases where these types are found to be in legal trouble over intellectual property only extends to when that legal trouble is in some way warranted. When its not, we find that there is a helpful other party on which to heap our ire. That's the case in a lawsuit HBO recently won against graffiti artist Itoffee R. Gayle, who complained about his work appearing in a scene of the HBO show Vinyl. The court ruled that HBO's use was de minimis, or so fleeting so as to cause no injury and therefore not be actionable.
      • How The Recording Industry Hid Its Latest Attempt To Expand Copyright (And Why You Should Call Your Senator To Stop It)
        Last month, we wrote about the problems of the CLASSICS Act that the House was voting on. There's a lot of background (much of it included in that post), that is not worth repeating, but the very short version is that sound recordings from before 1972 are treated somewhat differently under copyright law than songs recorded since February of 1972. Specifically, pre-1972 sound recordings are not covered by federal copyright law, but by a weird batch of state laws. Due to a bunch of shenanigans, many of those works will not be put into the public domain until 2067, even if by any other measure they should be in the public domain. The RIAA has always liked this aspect of pre-1972 songs. However, there are other aspects of pre-1972 songs that the RIAA does not like, and that's mainly that the lack of federal copyright coverage means that those works (mostly) don't get any performance rights, since most state laws didn't have such a concept. That's money the RIAA feels is being left on the table.

        One way to handle this would be to just federalize the copyright on pre-1972 works and put all works on an equal footing. Easy, right? But that's not what the CLASSICS Act does. Instead, it just modernizes the parts of copyright for those works that help extract more money from people (such as adding in performance rights) while refusing to bring with it the parts of copyright law that protect the public -- including the timeline for things moving into the public domain.

        [...]

        Instead, it's just a welfare bill for musicians. And, hey, Congress can set up a welfare system for musicians if it wants to, but it should be described as such and debated as such. Instead, this is being positioned very differently, because of course that's how the RIAA plays things.


      • Kodi-Addon Developer Gives Up Piracy Defense Due to Lack of Funds

        Shani, the brains behind the popular Kodi-addon ZemTV, has asked his attorney to stop defending him. The London-based developer says he doesn't have the funds to fight the legal battle against Dish Networks in a US court. As a result, there's a high likelihood that the broadcast provider will win a default judgment.



      • Singapore ISPs Block 53 Pirate Sites Following MPAA Legal Action

        Several major ISPs have blocked dozens of pirate torrent and streaming platforms following orders from the Singapore High Court. The action, which covers platforms including The Pirate Bay plus KickassTorrents and Solarmovie variants, follows a successful application from the MPAA, which accuses the platforms of flagrant copyright infringement.









Recent Techrights' Posts

The 'Other' Bruce... on Openwashing at OSI (and Not Bruce Perens, the OSI's Co-founder)
Openwashing people (connected to Microsoft) already do "open weights"
Gemini Links 10/11/2024: A Writer's Block, VIM Tips and Tricks
Links for the day
"Paperless Office" (Incompatible With the Law) as a Threat to Workers' Health at the EPO, Europe's Second-Largest Institution and Largest Patent Office
"Software Ergonomics need to be brought back to the agenda at a high level!"
Joel Espy Klecker, unpaid, terminally ill youth labor & Debian knew it
Reprinted with permission from Daniel Pocock
 
Links 10/11/2024: Politics, Economics, and Ticketmaster Issues
Links for the day
Linux Foundation: We've Shut Down the Mailing Lists and Fired Everyone at Linux.com So We Can Spend Money Buying Puff Pieces and Paying Clickfraud/Spammers
deeply rogue
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 09, 2024
IRC logs for Saturday, November 09, 2024
[Meme] Linux Foundation Cuts
money is spent by the million on highly dubious things
Politics Becoming Way Too 'Toxic'
'Toxic' political discourse ought to be covered, but reducing the toxicity of coverage itself (e.g. inaccurately covering things to incite "the left" and "the right") is still challenging
Linux Foundation is Rebuilding the Berlin Wall (to Keep Russians Out of Linux)
So the Linux Foundation is basically acting a bit like oppressive Soviets
Linux Foundation is a Scam Like 'Crypto' (So is the Company of Jim Zemlin's Wife, Bakkt)
To us, the Linux Foundation is just a massive scam
Remembering and Respecting Fallen Ones by Avoiding or Stopping Wars (and Boycotting Companies That Want Wars)
The people who die tend to be the least privileged and connected
EPO is Blasting Its Own Foot (There Will be No EPO Left)
If the EPO carries on shooting its own foot, there will be nothing left of it
There's Always a Way to Improve
Self-improvement is a perpetual task
List of Debian lies and deception
Reprinted with permission from Daniel Pocock
Links 09/11/2024: More Mass Layoffs and Concerns About Musk Working Like Trump Aide
Links for the day
Gemini Links 09/11/2024: Operating the Temple System and SeaweedFS
Links for the day
[Teaser] [Meme] Central Occupational Health, Safety and Ergonomics Committee (COHSEC) at European Patent Office (EPO)
These are not teenage gamers
Links 09/11/2024: Further Restrictions on Social Control Media, CASIO Cracked Again
Links for the day
Why Brown CIT Oughtn't Be Named After Thomas J. Watson (Like Many Faculties Ought Not be Named After Bill Gates)
In their own words
Reminder That Mass Layoffs Are Going on All Month This Month at IBM
The "silent" layoffs continue until the end of this month if not longer
[Meme] Just Blame Whoever Takes Advantage of Your Back Doors
The media will even sympathise with malicious and/or incompetent companies if they blame "Russia"
This Remembrance Sunday We Must Also Remember That Some 'Security Companies' Want More Cyberwar
Some companies profit from the cyberwar; hence, their objective is not to end the war
Non-Tech Enshittification: Post Office Perils and the Czech is in the Mail
We still hope that the parcel will be recovered (maybe at customs) or will be sent back some day
[Meme] Don't Try This at Home (But a Datacentre Might be OK)
Quit outsourcing to Social Control Media
There's No Free Lunch in Video Hosting
they say there's no free lunch; if you aren't paying for hosting and serving of "your" videos, you're not the customer and those videos, once uploaded, aren't quite yours anymore
Parroting Microsoft Talking Points About Computer Security
This past summer Richard M. Stallman (RMS) openly complained in a public event that the term "security" had come to mean all sorts of ridiculous things, including the very oppose of real security
Visits to OpenAI's Site Plunged by More Than 67% in the Past Half a Year Alone
'autocorrect on steroids' is mostly worthless
Pocock Running for Office Again
Pocock dealt with all sorts of 'politics' in Free software and, unlike many politicians, he has a background in science and technology
[Meme] Turning the EPO Into a Speculation Bank, Monetising It by Breaking the Law, Playing Real Estate (and Mortgage) Financial Games
travesty
Real Estate and Workplace Problems at the European Patent Office, Which Grants Fake Patents Under the Guise of "Law"
Report on the 54th meeting of the Munich LOHSEC of 20 June 2024
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 08, 2024
IRC logs for Friday, November 08, 2024
Links 09/11/2024: Politics, Climate, and Why Physical Cash is Crucial
Links for the day
Gemini Links 09/11/2024: Minerals, Rants, and Maintaining Planetary Balance
Links for the day
Plagiarism by Bots: Guardian Digital, Inc (linuxsecurity.com) Still Creates Fake Articles About "Linux"
100% fake
[Teaser] [Meme] New Ways to Impoverish Patent Examiners (Entrusted to Block Unjust Monopolies or Monopoly Applications)
Coming tomorrow!
Apple Tax funds: railways, defective concrete blocks in Ireland's North and West
Reprinted with permission from Daniel Pocock
Daniel Pocock, Nomination for Ireland, Dublin Bay South, General Election 2024
Reprinted with permission from Daniel Pocock
Links 08/11/2024: TikTok Bans and Clownflare Issues/Perils
Links for the day
Gemini Links 08/11/2024: RPS, O.D.I.N., and RSS in Yahoo News
Links for the day
Donald Trump as Censor in Chief Can Now Leverage Censorship Companies and Fake Protection Disguised as 'Security'
Centralised CAs were trouble all along
Technology: rights or responsibilities? - Part VI
By Dr. Andy Farnell
A Death of a News Industry
A theme we explored thrice today
Deciphering Centralised CAs and Why Their Demise Should be a Goal
Encryption in transmission is good; but who controls the key exchange and certification/authentication/validation?
Links 08/11/2024: Strikes, Recessions, and Slowdowns
Links for the day
"Many Applications Labelled as "Cybersecurity" and Given a Veneer of Legitimacy Are Really "Weaponised" and Abusive Code"
New from Dr. Andy Farnell
[Teaster] [Meme] New Ways of Wrecking (NWoW)
The EPO
Gateway for News and Blogs
In the long run, this site and its sister site (less overlap between them now) should hopefully become a popular destination for people who look for information, not chaff
Going Even Faster
We hope the site will be faster soon
Psychopaths Who Reaffirm Our Work's Value
Psychopaths and sociopaths lack empathy, so they're willing to go very far and stoop as low as they deem necessary
[Meme] How Low Can You Go at the European Patent Office?
Not just in terms of patent quality
More Cuts/End to Benefits for EPO Workers (Europe's Working Conditions Incompatible With the European Patent Convention)
"The Office is now reviving it but plans to introduce new cuts on benefits"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 07, 2024
IRC logs for Thursday, November 07, 2024
Security Advisory: Debian falls for social engineering hacks
Reprinted with permission from Daniel Pocock
Gemini Links 08/11/2024: US Election, RetroChallenge 2024, and More
Links for the day