Linus Torvalds announced the release of Linux 5.2 last Sunday: So I was somewhat pre-disposed towards making an rc8, simply because of my travels and.
The recent work on enabling "-Wimplicit-fallthrough" behavior for the Linux kernel has culminated in Linux 5.3 with actually being able to universally enable this compiler feature.
The -Wimplicit-fallthrough flag on GCC7 and newer warns of cases where switch case fall-through behavior could lead to potential bugs / unexpected behavior.
The EXT4 file-system updates have already landed for the Linux 5.3 kernel merge window that opened this week.
For Linux 5.3, EXT4 maintainer Ted Ts'o sent in primarily a hearty serving of fixes. There are fixes from coverity warnings being addressed to typos and other items for this mature and widely-used Linux file-system.
The bpf() system call allows user space to load a BPF program into the kernel for execution, manipulate BPF maps, and carry out a number of other BPF-related functions. BPF programs are verified and sandboxed, but they are still running in a privileged context and, depending on the type of program loaded, are capable of creating various types of mayhem. As a result, most BPF operations, including the loading of almost all types of BPF program, are restricted to processes with the CAP_SYS_ADMIN capability — those running as root, as a general rule. BPF programs are useful in many contexts, though, so there has long been interest in making access to bpf() more widely available. One step in that direction has been posted by Song Liu; it works by adding a novel security-policy mechanism to the kernel. This approach is easy enough to describe. A new special device, /dev/bpf is added, with the core idea that any process that has the permission to open this file will be allowed "to access most of sys_bpf() features" — though what comprises "most" is never really spelled out. A non-root process that wants to perform a BPF operation, such as creating a map or loading a program, will start by opening this file. It then must perform an ioctl() call (BPF_DEV_IOCTL_GET_PERM) to actually enable its ability to call bpf(). That ability can be turned off again with the BPF_DEV_IOCTL_PUT_PERM ioctl() command.
Internally to the kernel, this mechanism works by adding a new field (bpf_flags) to the task_struct structure. When BPF access is enabled, a bit is set in that field. If this patch goes forward, that detail is likely to change since, as Daniel Borkmann pointed out, adding an unsigned long to that structure for a single bit of information is unlikely to be popular; some other location for that bit will be found.
Part of the kernel's job is to arbitrate access to the available hardware resources and ensure that every process gets its fair share, with "its fair share" being defined by policies specified by the administrator. One resource that must be managed this way is I/O bandwidth to storage devices; if due care is not taken, an I/O-hungry process can easily saturate a device, starving out others. The kernel has had a few I/O-bandwidth controllers over the years, but the results have never been entirely satisfactory. But there is a new controller on the block that might just get the job done. There are a number of challenges facing an I/O-bandwidth controller. Some processes may need a guarantee that they will get at least a minimum amount of the available bandwidth to a given device. More commonly in recent times, though, the focus has shifted to latency: a process should be able to count on completing an I/O request within a bounded period of time. The controller should be able to provide those guarantees while still driving the underlying device at something close to its maximum rate. And, of course, hardware varies widely, so the controller must be able to adapt its operation to each specific device.
The earliest I/O-bandwidth controller allows the administrator to set maximum bandwidth limits for each control group. That controller, though, will throttle I/O even if the device is otherwise idle, causing the loss of I/O bandwidth. The more recent io.latency controller is focused on I/O latency, but as Tejun Heo, the author of the new controller, notes in the patch series, this controller really only protects the lowest-latency group, penalizing all others if need be to meet that group's requirements. He set out to create a mechanism that would allow more control over how I/O bandwidth is allocated to groups.
CPU scheduling is a difficult task in the best of times; it is not trivial to pick the next process to run while maintaining fairness, minimizing energy use, and using the available CPUs to their fullest potential. The advent of increasingly complex system architectures is not making things easier; scheduling on asymmetric systems (such as the big.LITTLE architecture) is a case in point. The "turbo" mode provided by some recent processors is another. The TurboSched patch set from Parth Shah is an attempt to improve the scheduler's ability to get the best performance from such processors. Those of us who have been in this field for far too long will, when seeing "turbo mode", think back to the "turbo button" that appeared on personal computers in the 1980s. Pushing it would clock the processor beyond its original breathtaking 4.77MHz rate to something even faster — a rate that certain applications were unprepared for, which is why the "go slower" mode was provided at all. Modern turbo mode is a different thing, though, and it's not just a matter of a missing front-panel button. In short, it allows a processor to be overclocked above its rated maximum frequency for a period of time when the load on the rest of system overall allows it.
Turbo mode can thus increase the CPU cycles available to a given process, but there is a reason why the CPU's rated maximum frequency is lower than what turbo mode provides. The high-speed mode can only be sustained as long as the CPU temperature does not get too high and, crucially (for the scheduler), the overall power load on the system must not be too high. That, in turn, implies that some CPUs must be powered down; if all CPUs are running, there will not be enough power available for any of those CPUs to go into the turbo mode. This mode, thus, is only usable for certain types of workloads and will not be usable (or beneficial) for many others.
EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge IoT computing independent of hardware, silicon, application cloud, or operating system, today announced the availability of its “Edinburgh” release. Created collaboratively by a global ecosystem, EdgeX Foundry’s new release is a key enabler of digital transformation for IoT use cases and is a platform for real-world applications both for developers and end users across many vertical markets. EdgeX community members have created a range of complementary products and services, including commercial support, training and customer pilot programs and plug-in enhancements for device connectivity, applications, data and system management and security.
Launched in April 2017, and now part of the LF Edge umbrella, EdgeX Foundry is an open source, loosely-coupled microservices framework that provides the choice to plug and play from a growing ecosystem of available third party offerings or to augment proprietary innovations. With a focus on the IoT Edge, EdgeX simplifies the process to design, develop and deploy solutions across industrial, enterprise, and consumer applications.
One of the areas that I always have "fun" benchmarking for new CPU launches is looking at the compiler performance. Following the recent Ryzen 3000 series launch I carried out some initial benchmarks looking at the current Zen 2 performance using the newest GCC 9 stable series with its "znver2" optimizations. Here is a look at how the Znver2 optimizations work out when running some benchmarks on the optimized binaries with a Ryzen 9 3900X running Ubuntu 18.04 LTS.
AMD developers introduced the initial Znver2 support into the GNU Compiler Collection last November and thus is part of the GCC 9 stable release that debuted in May. This was their initial cut support for the updated Zen microarchitecture but sadly hasn't seen any enhancements since that initial commit. The Znver2 target does bring some alterations to the cost tables and enables the CLWB / RDPID / WBNOINVD instructions. But as we found out during the Ryzen 3000 briefings, there are more instructions new to Zen 2 besides those like RDPRU, so unfortunately this support while appreciated isn't yet fully complete and likely missing various optimizations considering there haven't been any updates since November. Sadly any improvements made now to their GCC Znver2 support won't see users until the GCC 10 release in Q2'2020 and thus not making it into the likes of Ubuntu 20.04 LTS and other distributions.
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.
The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.
Nikkei had also previously reported in June that Apple is similarly considering moving between 15% and 30% of all iPhone production out of China and has asked its major suppliers to weigh up the costs.
Gavriella Schuster, corporate vice president and One Commercial Partner channel chief at Microsoft, says that while it cost the company practically nothing to provide partners with traditional software, it would be a significant expense for the company to provide cloud services like Office 365 for free.
KRP on Tuesday revealed that its pre-trial investigation shows that the unauthorised access detected in the city’s data systems earlier this summer was an organised attack rather than an error by an individual user.
The attacker or attackers managed to cause damage by actively spreading a malware, compromising at least a thousand devices.
“A Linux server at his customer’s remote location had a Samba mount of a Windows server’s share,” says fish. “Every day at around 9:30 a.m., like clockwork, the Linux server would stop responding to any requests on this mounted directory.
“I couldn’t figure it out; nothing was being output on the debug logs. I was about ready to build a new Linux kernel to see if that would fix the problem.”
Before fish can do that, though, he gets a call from the client, who just got off the phone with someone at the remote location. “After a year of dealing with this problem and asking her if there’s anything she does about the time that the server hangs, she finally says, ‘Oh yeah — I reboot the Windows server every day at 9:30 a.m.!’”
The developer of Test Tube Titans recently put up a Linux version of their in-development title and it's quite amusing.
Being completely honest, I've not laughed while playing a game as much as I did with Test Tube Titans when I first attempted to go out into the world with my creature. Due to the physics-based controls (which I'm awful at), you need to move your legs using different buttons to actually get anywhere. It's clumsy but also highly entertaining! It's designed with a gamepad in mind, so I checked it out using my Steam Controller hooked up with SC Controller and it works beautifully.
I will admit, I am quite surprised. Supraland from Supra Games recently released on GOG and it was only for Windows. The developer said some odd things about it all and now it seems they changed their mind, thankfully.
Today, the Linux version of Supraland officially went live on GOG and GOG themselves sent over a copy for me to check out. I've already played through the demo on Steam and apart from some performance issues here and there, it's a delightful game.
In development from Voidpoint and 3D Realms, the retro FPS Ion Maiden has now become Ion Fury. They've also announced the final release for August 15th with a new trailer.
Why the name change? Well, they were in a bit of a legal problem with the band Iron Maiden.
The dungeon crawler by Brian Fargo and inXile is set to finally launch on Linux soon. The new director’s cut will bring more than just a new coat of paint.
KDE Plasma 5.16.3 comes two weeks after the KDE Plasma 5.16.2 update with more than 30 changes across various core components and apps, including Plasma Workspace, Plasma Desktop, Plasma Audio Volume Control, Plasma Networkmanager (plasma-nm), KWin, Plasma Discover, DrKonqi, KWayland-integration, plasma-browser-integration, plasma-integration, and kde-cli-tools.
"Today KDE releases a bugfix update to KDE Plasma 5, versioned 5.16.3. Plasma 5.16 was released in June with many feature refinements and new modules to complete the desktop experience. This release adds a fortnight's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important," reads the release announcement.
While currently Ubuntu makes use of GNOME Software as their "software center" (or "app store") with Snap integration, as we wrote about recently Canonical has begun writing their own Snap Store. Given this and that they don't plan to use GNOME Software in Ubuntu 20.04 LTS and thus have taken their developers away from working on the upstream support, GNOME developers are planning to disable the Snap plug-in for GNOME Software.
In Fedora 31 I'll be disabling the snap plugin from GNOME Software. It's never been enabled in RHEL and so this change only affects Fedora. It's also not installed by default and so this change should only affect a few people. It's also not really a FutureFeature, it's a RemovalOfFeature but I'm happy to write something for the process and release notes if required. Recently Canonical decided that they are not going to be installing gnome-software in the next LTS, preferring instead to ship a "Snap Store by Canonical" rather than GNOME Software. The new Snap store will obviously not support Flatpaks (or packages, or even firmware updates for that matter). The developers currently assigned to work on gnome-software have been reassigned to work on Snap Store, and I'm not confident they'll be able to keep both the old and new codebases in the air at the same time.
GNOME developers plan to disable the Snap plugin for GNOME Software, as Canonical has started creating its own Snap Store and won't be using GNOME Software in Ubuntu 20.04 LTS. According to Phoronix, "Canonical's in-development Snap Store will obviously be focused just on their own Snap effort and not supporting the likes of Flatpak. Due to the likelihood that the GNOME Software Snap plug-in will quickly suffer from bit-rot and pose a maintenance burden to GNOME developers with little to no return, it's certainly reasonable that they would at least disable this plug-in."
The Snap plugin for GNOME Software is being ‘disabled’ in Fedora 31, the distro’s next major release.
Red Hat’s Richard Hughes announced the change on the Fedora developer mailing list, citing various issues with the plugins QA and long-term usefulness.
Neal Gompa, who maintains the Snap package in Fedora, says the decision has “blindsided” him.
So why is Fedora doing this?
Well, code quality and concerns about the impact the plugin has on the overall GNOME Software user experience are cited:
Gentoo elections are conducted using a custom software called votify. During the voting period, the developers place their votes in their respective home directories on one of the Gentoo servers. Afterwards, the election officials collect the votes, count them, compare their results and finally announce them.
The simplified description stated above suggests two weak points. Firstly, we rely on honesty of election officials. If they chose to conspire, they could fake the result. Secondly, we rely on honesty of all Infrastructure members, as they could use root access to manipulate the votes (or the collection process).
To protect against possible fraud, we make the elections transparent (but pseudonymous). This means that all votes cast are public, so everyone can count them and verify the result. Furthermore, developers can verify whether their personal vote has been included. Ideally, all developers would do that and therefore confirm that no votes were manipulated.
Currently, we are pretty much implicitly relying on developers doing that, and assuming that no protest implies successful verification. However, this is not really reliable, and given the unfriendly nature of our scripts I have reasons to doubt that the majority of developers actually verify the election results. In this post, I would like to shortly explain how Gentoo elections work, how they could be manipulated and introduce Votrify — a tool to explicitly verify election results.
Google Code-in is a contest to introduce students (ages 13-17) to open source software development. Since 2010, 8,108 students from 107 countries have completed over 40,100 open source tasks Because Google Code-in is often the first experience many students have with open source, the contest is designed to make it easy for students to jump right in. I was one of the mentors in this first time for Fedora program. We had 125 students participating in Fedora and the top 3 students completed 26, 25 and 22 tasks each.
Every year Google invites the Grand-Prize winners and their parents, and a mentor to it’s headquarters in San Francisco, California for a 4 days trip. I was offered the opportunity to go and represent Fedora in the summit and meet these 2 brilliant folks in person. This report covers activities and other things that happened there.
There is no doubt that the transition from Python 2 to Python 3 has been a difficult one, but Linux distributions have been particularly hard hit. For many people, that transition is largely over; Python 2 will be retired at the end of this year, at least by the core development team. But distributions will have to support Python 2 for quite a while after that. As part of any transition, the version that gets run from the python binary (or symbolic link) is something that needs to be worked out. Fedora is currently discussing what to do about that for Fedora 31.
Fedora program manager Ben Cotton posted a proposal to make python invoke Python 3 in Fedora 31 to the Fedora devel mailing list. The proposal, titled "Python means Python 3", is also on the Fedora wiki. The idea is that wherever "python" is used it will refer to version 3, including when it is installed by DNF (i.e. dnf install python) or when Python packages are installed, so installing "python-requests" will install the Python 3 version of the Requests library. In addition, a wide array of associated tools (e.g. pip, pylint, idle, and flask) will also use the Python 3 versions.
The "Requests" link above does point to a potential problem area, however. It shows that Requests for Python 3 III is not fully finished, with an expected release sometime "before PyCon 2020" (mid-April 2020), which is well after the expected October 2019 release of Fedora 31. The distribution already has a python3-requests package, though, so that will be picked up as python-requests in Fedora 31 if this proposal is adopted. There may be other packages out there where Python 3 support is not complete but, at this point, most of the major libraries have converted.
With CNS*2019 around the corner, we worked on getting the NeuroFedora poster ready for the poster presentation session. Our poster is P96, on the first poster session on the 14th of July.
[...]
Unfortunately, this time, no one from the team is able to attend the conference, but if you are there and want to learn more about NeuroFedora, please get in touch with us using any of our communication channels.
To everyone that will be in Barcelona for the conference, we hope you have a fruitful one, and of course, we hope you are able to make some time to rest at the beach too.
Debian Edu, also known as Skolelinux, is a Debian-based GNU/Linux distribution designed to provide a complete solution for schools and other educational environments. It comes out-of-the-box with all the tools needed to quickly set up a completely configured school network in minutes, allowing users and machines to be easily added via the GOsa€² web interface. Debian Edu features the Xfce desktop environment by default and it's perfect for older computers.
"Do you have to administrate a computer lab or a whole school network? Would you like to install servers, workstations and laptops which will then work together? Do you want the stability of Debian with network services already preconfigured? Do you wish to have a web-based tool to manage systems and several hundred or even more user accounts? Then Debian Edu is for you," reads the release announcement.
Debian typically uses code names to refer to its releases, starting with the Toy Story character names used (mostly) instead of numbers. The "Buster" release is due on July 6 and you will rarely hear it referred to as "Debian 10". There are some other code names used for repository (or suite) names in the Debian infrastructure; "stable", "testing", "unstable", "oldstable", and sometimes even "oldoldstable" are all used as part of the sources for the APT packaging tool. But code names of any sort are hard to keep track of; a discussion on the debian-devel mailing list looks at moving away from, at least, some of the repository code names.
The issue was raised by Ansgar Burchardt, who wondered if it made sense to move away from the stable, unstable, and testing suite names in the sources.list file used by APT. Those labels, except for unstable, change the release they are pointing at when a new release gets made. Currently stable points to "Jessie Stretch" (Debian 9), while testing points to Buster. Soon, stable will point to Buster, testing will point at "Bullseye", which will become Debian 11.
He asked about using the release code names directly, instead, so that pointing a system at Stretch would continue to get packages from that release. But he also thought it would be nice to completely route around the code names, which "confuse people".
In embedded Linux development, there are two approaches when it comes to what operating system to run on your device. You either build your own distribution (with tools such as Yocto/OpenEmbedded-Core, Buildroot and so on), or you use a binary distribution where Debian and derivatives are common.
It's common to start out with a binary distribution. This is a natural approach, because it's a familiar environment for most people who have used Linux on a PC. All the commodities are in place, and someone else has created the distribution image for you to download. There normally are custom vendor images for specific hardware that contain optimizations to make it easy to get started to utilize your hardware fully.
Any package imaginable is an apt install command away. This, of course, makes it suitable for prototyping and evaluation, giving you a head start in developing your application and your product. In some cases, you even might ship pre-series devices using this setup to evaluate your idea and product further. This is referred to as the "golden image" approach and involves the following steps...
The Raspberry Pi 4 was announced - and available - about two weeks ago. That's about six months earlier than was generally expected; Eben Upton explains how this came to be in the linked announcement. Like many Raspberry Pi users, I got very excited when I saw the announcement, so I went directly to the Pi-Shop.ch web page, and was pleased to find that it was already available there - so I ordered one right away.
It arrived the next day, but when I opened the box I was confronted with the harsh reality that I had gone charging into this latest adventure without actually bothering to put my brain into gear first.
Raspberry Pi computers are pretty damn great. Not only are they small and inexpensive, but they are ideal for tinkering and learning. And yes, they can serve as excellent media boxes thanks to the Linux-based LibreELEC. With the Raspberry Pi 4, however, it is finally powerful enough to serve as a true desktop computer -- prior models were capable, but offered woefully slow desktop experiences.
With all of that said, surely the Raspberry Pi 4 is highly recommended, right? Actually no. Sadly, we must warn you not to buy this seemingly solid piece of hardware. Unfortunately, it has one massive faulty aspect, meaning you should probably pass on it.
The Raspberry Pi 4 is perhaps the biggest thing to happen to single-board computers this year, and with good reason. Now, network security-conscious consumers can install Kali Linux on the new Pi thanks to a new release for the new single-board computer.
For those wondering, Kali Linux is a Linux distro based on Debian. However, Kali comes with software modifications and pre-installed tools specifically geared for penetration testing and auditing network security. Kali has long been a favorite for security professionals and aficionados due to its pre-configured setup.
The data protection officer of the German federal state of Hessen has warned that the cloud-based Office 365 solution is not a compliant solution for use in schools when student information is being stored on it. This fits with earlier, similar conclusions by the Swedish and Dutch governments – US cloud solutions are not GDPR compliant.
This is an article that will collect my opinions concerning Gopher experiences and practices, primarily those I dislike, with regards to conventions I've encountered and whatnot. I'll update this article as I have more to write of and feel the want.
Today, Software Defined Visualization (SDVis) is the ultimate in the world of visualization, allowing the best-of-the-best to emerge. It’s hardly a secret in the world of scientific visualization, digital animation, and computer graphics (CG). Go to any hit movie these days, and the results of SDVis will be present to help make the incredible believable.
This week we had the annual Netfilter Workshop. This time the venue was in Malaga (Spain). We had the hotel right in the Malaga downtown and the meeting room was in University ETSII Malaga. We had plenty of talks, sessions, discussions and debates, and I will try to summarice in this post what it was about.
Florian Westphal, Linux kernel hacker, Netfilter coreteam member and engineer from Red Hat, started with a talk related the some works being done in the core of the Netfilter code in the kernel to convert packet processing to lists. He shared an overview of current problems and challenges. Processing in a list rather than per packet seems to have several benefits: code can be smarter and faster, so this seems like a good improvement. On the other hand, Florian thinks some of the pain to refactor all the code may not worth it. Other approaches may be considered to introduce even more fast forwarding paths (apart from the flow table mechanisms for example which is already available).
Florian also followed up with the next topic: testing. We are starting to have a lot of duplicated code to do testing. Suggestion by Pablo is to introduce some dedicated tools to ease in maintenance and testing itself. Special mentions to nfqueue and tproxy, 2 mechanisms that requires quite a bit of code to be well tested (and could be hard to setup anyway).
[...]
After lunch, Pablo followed up with a status update on hardware flow offload capabilities for nftables. He started with an overview of the current status of ethtool_rx and tc offloads, capabilities and limitations. It should be possible for most commodity hardware to support some variable amount of offload capabilities, but apparently the code was not in very good shape. The new flow block API should improve this situation, while also giving support for nftables offload. Related article in LWN: https://lwn.net/Articles/793080/
Next talk was by Phil, engineer at Red Hat. He commented on user-defined strings in nftables, which presents some challenges. Some debate happened, mostly to get to an agreement on how to proceed.
We are happy to let you know that Friday, July 19th, we are organizing Firefox Nightly 70 Testday. We’ll be focusing our testing on: Fission.
Open Document Format is LibreOffice’s native file format. (If you have a file with a .odt, .ods, .odp or .odg extension, then it’s an Open Document Text, Spreadsheet or Presentation file or Graphic respectively.)
ODF is developed by OASIS, then submitted to ISO (the International Organization for Standardization), and then adopted as a standard. There is also a working group at ISO, which by the way also works on OOXML – which can then ask questions about development, and so on.
For ODF we are now working on version 1.3. We had a “feature freeze” last summer. We have come so far that everything we wanted to have in it is available in the “editor version”. Now we’re going to fine-tune it, then we’ll be back in summer – so that was a whole year. Then comes the coordination process at OASIS, so it usually takes two years until a new version of the standard is ready.
This is a tool specifically for games being made in Unity, an engine which has been used to make plenty of games people don't associate with it—games like Hearthstone, Cities: Skylines, Wasteland 2, Beat Saber, and Cuphead, for instance, were all made in Unity.
The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.3-RELEASE on July 09th 2019.
This is the fourth release of the stable release of FreeBSD 11 branch.
[...]
The kernel will now log the jail ID when logging a process exit.
Several feature additions and updates to userland applications.
Several network driver firmware updates.
Warnings for features deprecated in future releases will now be printed on all FreeBSD versions.
Warnings have been added for IPSec algorithms deprecated in RFC 8221.
Deprecation warnings have been added for weaker algorithms when creating geli providers.
Note: Before you start complaining, I realise this is probably a very sub-optimal solution code-wise, but it worked for me. In my defence, I did open up my copy of the Sed & Awk Pocket Reference before my eyes went all glassy and I hacked up the following ugly method. Also note that the shell scripts are in Fish shell and may not work directly in a 100% POSIX shell.
First, I needed to get a data set to work on. Hat-tip to Mike Ralphson for pointing me to APIs Guru as a good resource. I analysed their APIs-guru/openapi-directory repository1, where in the APIs folder they keep a big collection of public APIs. Most of them following the OpenAPI (previously Swagger) specification.
The first task of last week's Perl Weekly Challenge was to print the first ten strong and weak primes. A prime pn is "strong" if it's larger than the average of its two neighbouring primes (i.e. pn > (pn-1+pn+1)/2). A prime is "weak" if it's smaller than the average of its two neighbours.
Of course, this challenge would be trivial if we happened to have a list of all the prime numbers. Then we'd just filter out the first ten that are strong, and the first ten that are weak. In fact, it would be even easier if we happened to have a list of all the strong primes, and a list of all the weak ones. Then we'd just print the first ten of each.
But there are an infinite number of primes and of weak primes (and possibly of strong primes too, though that's still only conjectured), so building a complete list of the various subspecies of primes is impractical in most programming languages.
"He was born in October 1893, so had grown up knowing roads with horse and buggy, and was absolutely thrilled to see history being made," Mr Sills says. "The acceleration of technology seemed incredible, and [Cronkite] explained how amazing it was."
There’s no hard data on how many researchers are affected. After an Iranian labmate at Western University in Canada couldn’t attend the Society for Neuroscience’s (SfN) conference last November in San Diego, Matthew Leavitt created a survey to assess the scale of the issue. He received 25 responses by researchers who were denied visas to attend conferences in the US and Canada. Of these, 21 were from Iranians, 2 from Syrians, and 1 from an Iraqi. “In my experience at scientific conferences pre-travel ban, Iran [was] of one of the most widely represented nationalities after the US, Canada, Germany, The Netherlands, and Japan,” Leavitt writes to The Scientist in an email.
These figures are probably a gross underestimate: “I also received dozens of emails from people who were denied visas but hesitant to fill out the survey or speak publicly about their experiences for fear of retaliation, as well as academics who were not personally denied visas but shared stories of colleagues who were affected,” Leavitt explains.
gpg: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures. The old behaviour can be achieved by adding keyserver-options no-self-sigs-only,no-import-clean to your gpg.conf. [#4607]
Security updates have been issued by Debian (dosbox and openjpeg2), Oracle (dbus and kernel), Scientific Linux (dbus), Slackware (mozilla), and SUSE (fence-agents, libqb, postgresql10, and sqlite3).
Zero Trust architecture might be popular now, but that doesn’t necessarily mean it’s for you. If you find your needs are met by your current security, you may not want to switch. That said, keep in mind that waiting until you have a security breach isn’t an ideal way to evaluate your security.
A problem with the way that OpenPGP public-key certificates are handled by key servers and applications is wreaking some havoc, but not just for those who own the certificates (and keys)—anyone who has those keys on their keyring and does regular updates will be affected. It is effectively a denial of service attack, but one that propagates differently than most others. The mechanism of this "certificate flooding" is one that is normally used to add attestations to the key owner's identity (also known as "signing the key"), but because of the way most key servers work, it can be used to fill a certificate with "spam"—with far-reaching effects.
The problems have been known for many years, but they were graphically illustrated by attacks on the keys of two well-known members of the OpenPGP community, Daniel Kahn Gillmor ("dkg") and Robert J. Hansen ("rjh"), in late June. Gillmor first reported the attack on his blog. It turned out that someone had added multiple bogus certifications (or attestations) to his public key in the SKS key server pool; an additional 55,000 certifications were added, bloating his key to 17MB in size. Hansen's key got spammed even worse, with nearly 150,000 certifications—the maximum number that the OpenPGP protocol will support.
The idea behind these certifications is to support the "web of trust". If user Alice believes that a particular key for user Bob is valid (because, for example, they sat down over beers and verified that), Alice can so attest by adding a certification to Bob's key. Now if other users who trust Alice come across Bob's key, they can be reasonably sure that the key is Bob's because Alice (cryptographically) said so. That is the essence of the web of trust, though in practice, it is often not really used to do that kind of verification outside of highly technical communities. In addition, anyone can add a certification, whether they know the identity of the key holder or not.
As per the researchers, the spyware was again active in 2018 and the latest activity was spotted in Myanmar in June 2019. These implants are capable of collecting personal information such as SMS, Emails, Calendars, Device Locations, Multimedia and even messages from some popular social media apps.
If you are an iOS user, then the implant is only observed to work on jailbroken devices. If an iOS device is already jailbroken then this spyware can be remotely installed via different mediums like messaging, email, etc. However, the implants have not been observed on the latest version of iOS.
FinSpy is spyware made by the German company Gamma Group. Through its UK-based subsidiary Gamma International Gamma Group sells FinSpy to government and law enforcement organizations all over the world. FinSpy is used to collect a variety of private user information on various platforms. Its implants for desktop devices were first described in 2011 by Wikileaks and mobile implants were discovered in 2012. Since then Kaspersky has continuously monitored the development of this malware and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019. Late in 2018, experts at Kaspersky looked at the functionally latest versions of FinSpy implants for iOS and Android, built in mid-2018. Mobile implants for iOS and Android have almost the same functionality. They are capable of collecting personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data from the most popular messengers.
The Climate Risk Disclosure Act would direct the Securities and Exchange Commission, in consultation with climate experts at other federal agencies, to issue rules within the next year requiring companies to disclose their greenhouse gas emissions, fossil fuel assets and its risk management strategies related to the climate crisis.
The live stream from Eastern Finland - which lasts more than 48 hours - begins Wednesday 10 July, 6pm Finnish time (1500 UTC) and ends at noon on Saturday.
Monarch butterflies haven’t had it easy lately. Populations of these beloved insects have crashed 80 percent or more in most parts of their range as a result of pesticides, habitat loss, climate change and other environmental threats. As a result, monarchs are now being considered for protection under the Endangered Species Act.
A lot of people are working hard to protect monarchs, but one all-too-common activity intended to help may actually do more harm than good: mass releases of captive-raised butterflies.
Companies such as Alphabet Inc's Google, Apple Inc, Facebook Inc and Amazon.com Inc would likely be subject to the tax.
In a new development, Apple has reportedly started exporting some iPhones made in India to certain European markets. The move, if true, will boost the Indian Government's initiative for foreign companies to "Make in India" and another step in Apple's efforts of making India an export hub. Apple began advertising "Now made in India" earlier this year.
Apple's contract manufacturer in India, Wistron, has become the first of Apple's contract makers to export the smartphones, from its facility in Bengaluru. The timing is interesting considering that a rumor surfacing last month claimed that Apple was preparing a fundamental restructuring of its supply chain that could shift up to 30% out of China."
In an interview with Foreign Policy this week, Malkevich confirmed that the men had met with Qaddafi’s son but denied that they had sought to interfere in the country’s factious politics. He said they were only conducting research and described the allegations as a project of the “deep state” in the United States.
The fears are well-founded. Mainland China has sent operatives to Hong Kong to abduct businessmen and booksellers. The Hong Kong legislative council is already not fully democratic. The public elects only half of its 70 members; the other half is selected by so-called functional constituencies, which give pro-Beijing corporations and tycoons direct influence over policy. The result is a business-friendly legislature that disqualified elected officials who refuse to pledge allegiance to mainland China and essentially criminalized a pro-independence political party.
Wage theft is a general term for paying workers less than what they’ve rightfully earned. Nobody knows exactly how much is stolen, but some experts estimate wage theft costs U.S. workers $50 billion a year. To put that number in perspective, all robberies, burglaries, and car thefts combined cost victims $14 billion, in 2012, according to FBI statistics.
“The leak of cables has a chilling effect on what diplomats are prepared to put in writing and send back,” said Amanda Sloat, a scholar at the Brookings Institution and a former State Department official. “I’m sure that British diplomats in embassies around the world are now going to be having similar concerns about things that they are writing in cables and sending back to London.”
What is arguably most sensitive to the Chinese Communist Party are discussions of any historical events in which the CCP appears to be at fault, whether it be violence in Xinjiang or the Tiananmen Square Massacre. In the current political environment, these events call into question the legitimacy of the CCP, and therefore, information about them is increasingly restricted. But it wasn’t always this way. In the 1980s, public discussions and writings (known as “scar literature”) of the horrors of Mao’s rule were largely tolerated by the government. This was also a period when such history appeared to be less relevant, and therefore, less threatening to the Party. At that time, the country was reforming its political institutions, liberalizing its economy, and some high-ranking CCP officials were even considering full democratization.
An Italian court has ordered Cloudflare to terminate the accounts of several pirate sites. The ruling comes after a complaint from local broadcaster RTI, which successfully argued that Cloudflare can be held liable if it willingly fails to act in response to copyright infringement notices.
Instagram is also due to launch another tool, called Restrict, designed to help users filter abusive comments without needing to block others. The tool will mean that restricted people will not be able to see when a user is active on on Instagram or when direct messages have been read.
Walkie-Talkie is an Apple Watch app that offers push-to-talk calls through a tweaked form of FaceTime Audio. It was added to the Apple Watch with last year’s release of watchOS 5. The app itself is still installed on users’ watches, but calls won’t go through.
Apple was alerted to the bug via its report a vulnerability portal directly and says that there is no current evidence that it was exploited in the wild.
The company is temporarily disabling the feature entirely until a fix can be made and rolled out to devices. The Walkie Talkie App will remain installed on devices, but will not function until it has been updated with the fix.
"We decided to create this separate developer name to help set the appropriate expectations with people that, unlike Facebook's family of apps, NPE Team apps will change very rapidly and will be shut down if we learn that they're not useful to people," said the social network.
I'm not sure if this is supposed to be bad news or good news. Should we feel anything about it? Maybe dismay, because law enforcement just isn't working as well as it used to? Some sort of disappointment that wiretaps aren't turning into convictions as often as they used to in the past? A general malaise about the sheer number of inscrutable stats that government thrusts at us in an attempt to believe it actually cares about transparency?
Maybe what we should feel is some sort of gratitude the system isn't being abused quite as frequently. This gratitude shouldn't be directed towards the court system, which has been a willing enabler of law enforcement abuse. It shouldn't be directed towards law enforcement, which has repeatedly shown an ability to abuse any system it works with.
No, if there's anything that's a positive sign in this report, all gratitude for this needs to go to journalists like Brad Heath, who uncovered abuse of wiretap authorities on a massive scale in his investigation for USA Today.
For years, the DEA ran wiretap warrants through state courts in southern California. A majority of these warrants landed in front of a single judge. The DEA had California courts acting as enablers, allowing agents to bypass restrictions the DOJ places on seeking and deploying wiretaps. Having found an easy source for warrant approval, the DEA went back to the well time and time again, even as other federal law enforcement agencies expressed their concerns about the legality of this tactic.
The White House is today hosting a social media summit to examine allegations of bias and censorship. EPIC objected to an earlier White House survey on this topic, noting that the White House failed to protect the privacy of respondents.
Google have rolled out controls allowing signed-in users to have their collected location history, web searches, and activity data automatically deleted after three or 18 months. Controls to delete data had been available before, but users would have to revisit periodically and manually request the deletion of data.
Google doesn’t yet prompt users to chose how long they want data to be stored, but they can go in and set their own preferences if they manage to find the auto-delete options.
At the start of the Global Conference for Media Freedom in London (10-11 July 2019), the international press freedom organisation Reporters Without Borders (RSF) revealed that it took an unprecedented mission to Saudi Arabia in April to advocate for the release of 30 jailed journalists. RSF views this measure as the only way to clear Riyadh’s way to the G20 chairmanship in the aftermath of the assassination of Jamal Khashoggi.
[...] The sentence was not made public and RSF has only just learned of its existence.
The verdict issued by a military court on 1 November 2018, a copy of which has been obtained by RSF, states: “In the court’s view, it has been clearly established that Abdullahi Ahmed Nur, a police sergeant working for the customs and finance department, committed the crime of which he is accused.”
A legal stoush has broken out in the US over whether police video of Australian yoga instructor Justine Ruszczyk Damond naked and "gasping for breath in the last moments of her life" should be shown to the media and members of the public.
Hennepin County District Judge Kathryn Quaintance ruled last week the police body camera video should only be viewed by the jury, lawyers and herself during Minneapolis police officer Mohamed Noor's murder trial.
A coalition of media organisations, led by the Minneapolis Star Tribune, challenged the judge's ruling at a hearing on Friday.
That is just one of the roughly 500 scenarios on the FATS (Firearms Training Simulator), an interactive machine designed, in the words of Detective Raul Hernandez, who puts nearly 1,000 Newark officers through their paces on the FATS twice a year, “to train our officers to survive an encounter with a person with a weapon.” Around 3,800 agencies in America, and hundreds more around the world, including the Canadian and Singaporean armies and the British defence ministry, use these machines.
Here I am, awakened during a dream in the wee hours. I dreamt my late father came into the kitchen and solemnly informed my mother that a cup of coffee was a multiple of his hourly pay and he would have to skip it… Effectively, that’s happening as wealthy people pay many dollars for cups of coffee without a thought for how the poorer folk get by. Getting by is not a concept when one buys $60K pickups to drive empty in city traffic or pays half a $million for an ordinary home that used to provide for a family of 5 to 20 children and now is occupied by 2.5 people.
She stands accused of ordering her bodyguard Rani Saidi, who is also charged, to beat up the workman Ashraf Eid after he was seen taking a photo inside her home in September 2016.
Eid, who worked in the luxury apartment block, had been called in to repair a damaged basin and told investigators he needed the pictures taken with his phone to carry out the work.
But after the split, she said the children lived in a "boot camp" experience isolated from other children at the center. Domingo says Rathbun ( who's since left Scientology) was in charge of Connor and Isabella's indoctrination into the faith.
The Indian authorities are currently disconnecting the Internet at a rate of ten times a month, each time depriving an average of several hundred thousand people of all online information. This was the case on 5 July, in the Kashmiri district of Shopian, in India’s far north, where the Internet was disconnected as a “preventive measure” after a gunfight between separatist militants and paramilitaries.
We are tracking instances of Internet shutdowns in India to draw attention to the troubling trend of disconnecting access to Internet services.
We recently noted that the DOJ seemed to have shifted its thinking and is now likely to approve T-Mobile's highly problematic $26 billion merger with Sprint. Why? As it stands, not only do such telecom mergers almost always result in significant layoffs (despite what T-Mobile is promising employees), the deal would eliminate one of just four major US wireless competitors, dramatically reducing any incentive to compete on price. So T-Mobile lobbyists have launched a hail Mary pass: they're proposing spinning off a part of the company and potentially selling it to a competitor like Dish Network, creating a new fourth carrier.
The problem: Wall Street doesn't believe the assets Dish will obtain (like prepaid brand Boost Mobile) will be enough to craft a fully viable fourth character. There's also a lot of doubt that Dish Network, with a long history of hoovering up valuable spectrum and then doing absolutely nothing with it, would actually be competent enough to pull such a plan off.
To stock Amazon’s shelves, merchants travel the backroads of America in search of rare soap and coveted toys
There’ve been some minor changes, but the majority of the STRONGER Patents Act is a copy of the 2017 edition.
That means that the bill still creates a standing requirement for inter partes reviews (IPRs), incentivizing patent owners to sit and wait until products are developed and profitable before filing their lawsuits and preventing product designers from testing the validity of a patent before making that investment.
The bill still changes the standard of proof in IPRs to clear and convincing evidence–a standard district courts use in deference to the competence of the USPTO. The USPTO has no need to defer to its own competence—in fact, the multiple technically and legally trained judges composing a PTAB panel are significantly more competent than the single examiner spending an average of 19 hours to examine a patent.
It still defines a real party in interest broadly enough that a stockholder might be a real party in interest and a crowdfunder almost certainly is. The real party in interest requirement was designed to prevent a company from using control or influence with another company to file an IPR that they wouldn’t have been able to file themselves, something the PTAB already actively polices, and the amended definition of real party in interest goes far beyond that point.
[...]
But even the improvements are just eliminating harmful changes from the bill—they don’t actively improve the patent system and they don’t offset the harms to innovation that the bill would create. The STRONGER Patents Act of 2019 is not a bill that anyone should support if they care about U.S. innovation—a fire that only destroys your kitchen is better than a fire that burns down your entire house, but neither one is desirable.
Over the past 7 years, IPR has provided a successful tool to eliminate patents that shouldn’t have been granted, resulting in lower-cost, less-frequent patent litigation, saving billions of dollars that can be spent on actual research and development instead of lawyers. And the reduction in litigation has come almost entirely from non-practicing entities, not the kind of productive operating companies that perform research and development.
Why would anyone want a bill that tries so hard to eliminate a program that’s eliminated patents that never should have issued, reduced the amount of troll litigation, and even made litigation less expensive in the process?
U.S. Patent No. 10,285,922 (110 days from earliest priority to issuance). The ‘922 Patent claims a “topical exfoliating formulation” that includes papain enzyme. Case was subject to a petition to make special based upon the inventor’s age of 65+. Applicant cited no references and the (primary) examiner only found two.
U.S. Patent No. 10,343,988 (111 days from earliest priority to issuance). The ‘988 patent is directed to a new compound known as hydroxytyrosol thiodipropionic acid apparently useful for food preservation.
After the Senate’s recent €§ 101 hearings, Senators Tillis and Coons seem to have remained steadfast in their belief that patentable subject matter is a real problem for U.S. innovation. (It’s not.) But there’s a particular flaw in their belief. In a recent article penned by the two Senators, published in Law360, they state that because of €§ 101, “investors are reluctant to pursue the innovations that propel our country forward.”
The reality is that €§ 101 isn’t being used to eliminate those innovations—it’s being used to prevent the kinds of patents on economic transactions that Tillis and Coons claim to want to prevent. Let’s take a look at some real examples.
[...]
Outside of China (which is investing tens of billions of dollars in government funding of AI research), the U.S. remains by far the most popular jurisdiction for AI patent applications. And that growth has accelerated in the U.S. after the 2014 Alice decision compared to other jurisdictions. This suggests that Alice has actually led to increased AI investment as companies worry less about being sued for their AI work and can spend more time and money on actual R&D.
As it turns out, when you look at €§ 101’s actual impacts on high tech, it’s been positive. €§ 101 has been getting rid of patents on processing and graphing data and on remotely authorizing purchases, not harming research into technologies like AI.
If this is the best evidence of harm from €§ 101, I’d say the only problem is calling it a “problem” in the first place.
On June 24, 2019, in Iancu v. Brunetti, the Supreme Court of the United States struck down the Lanham Act's ban on registering "immoral" or "scandalous" trademarks, two years after the Supreme Court struck down a similar ban on registering "disparaging" trademarks. The decision was a victory for skater, artist and entrepreneur Erik Brunetti, whose application to register a controversial trademark, FUCT, was denied on the basis that it was "immoral" or "scandalous."
Many are hailing the Brunetti decision as a victory for "free speech"—and it is. However, the decision has little to do with whether businesses can (or should) adopt and use profane marks, and everything to do with whether such marks are legally registerable by the U.S. Patent and Trademark Office (USPTO).
[...]
Although the majority declined to adopt the narrow interpretation of the three dissenting justices on the basis that they would not "rewrite" the statute before them, they acknowledged that some speech-related restrictions could withstand constitutional scrutiny, signaling to Congress that the relevant provisions of the Lanham Act could be amended and upheld. The majority opinion seemingly acknowledged that language prohibiting registration of "lewd," "sexually explicit" or "profane" marks may not violate the First Amendment, suggesting that Congress could adopt such language in an amended statute. Justice Alito emphasized exactly this point in his separate, concurring opinion, noting specifically that the majority opinion leaves room for Congress to adopt a "more carefully focused statute" prohibiting registration of marks "containing vulgar terms that play no real part in the expression of ideas."
Several stream-ripping sites have been unable to download and convert files from YouTube starting a few hours ago. It appears that the video streaming platform is actively blocking requests from these sites. While the reason for the sudden blocking efforts is unknown, the music industry would certainly welcome a more aggressive stance from YouTube.