Bonum Certa Men Certa

Links 17/7/2019: VirtualBox 6.0.10 and Mageia 7.1 Releases, Mint Betas



  • GNU/Linux

    • Server

      • Data as the new oil: The danger behind the mantra

        Not a week goes by that I don’t hear a tech pundit, analyst, or CIO say “data is the new oil.” This overused mantra suggests that data is a commodity that can become extremely valuable once refined. Many technologists have used that phrase with little knowledge of where it originated – I know I wasn’t aware of its origin.

        It turns out the phrase is attributed to Clive Humby, a British mathematician who helped create British retailer Tesco’s Clubcard loyalty program. Humby quipped, “Data is the new oil. It’s valuable, but if unrefined it cannot really be used. It has to be changed into gas, plastic, chemicals, etc., to create a valuable entity that drives profitable activity; so must data be broken down, analyzed for it to have value.”

      • How to explain deep learning in plain English

        Understanding artificial intelligence sometimes isn’t a matter of technology so much as terminology. There’s plenty of it under the big AI umbrella – such as machine learning, natural language processing, computer vision, and more.

        Compounding this issue, some AI terms overlap. Being able to define key concepts clearly – and subsequently understand the relationships and differences between them – is foundational to your crafting a solid AI strategy. Plus, if the IT leaders in your organization can’t articulate terms like deep learning, how can they be expected to explain it (and other concepts) to the rest of the company?

      • How to make the case for service mesh: 5 benefits

        Service mesh is a trending technology, but that alone does not mean every organization needs it. As always, adopting a technology should be driven by the goals it helps you attain or, put another way, the problems it helps you solve.

        It’s certainly worth understanding what a service mesh does – in part so you can explain it to other people. Whether or not you actually need one really depends upon your applications and environments.

      • IBM

        • Using KubeFed to Deploy Applications to OCP3 and OCP4 Clusters
        • IBM Announces Three New Open Source Projects for Developing Apps for Kubernetes and the Data Asset eXchange (DAX), the Linux Foundation Is Having a Sysadmin Day Sale, London Launches Open-Source Homebuilding App and Clonezilla Live 2.6.2-15 Released

          IBM this morning announces three new open-source projects that "make it faster and easier for you to develop and deploy applications for Kubernetes". Kabanero "integrates the runtimes and frameworks that you already know and use (Node.js, Java, Swift) with a Kubernetes-native DevOps toolchain". Appsody "gives you pre-configured stacks and templates for a growing set of popular open source runtimes and frameworks, providing a foundation on which to build applications for Kubernetes and Knative deployments". And Codewind "provides extensions to popular integrated development environments (IDEs) like VS Code, Eclipse, and Eclipse Che (with more planned), so you can use the workflow and IDE you already know to build applications in containers."

          IBM also today announces the Data Asset eXchange (DAX), which is "an online hub for developers and data scientists to find carefully curated free and open datasets under open data licenses". The press release notes that whenever possible, "datasets posted on DAX will use the Linux Foundation's Community Data License Agreement (CDLA) open data licensing framework to enable data sharing and collaboration. Furthermore, DAX provides unique access to various IBM and IBM Research datasets. IBM plans to publish new datasets on the Data Asset eXchange regularly. The datasets on DAX will integrate with IBM Cloud and AI services as appropriate."

    • Audiocasts/Shows

    • Kernel Space

      • Call for submissions — linux.conf.au 2020

        The linux.conf.au 2020 organising team has issued an invitation to IT professionals for proposals for talks and miniconfs at the next conference, which will take place on the Gold Coast, 13–17 January 2020.

        Held regularly since 1999, linux.conf.au is the largest Linux and open source conference in the Asia–Pacific region. The conference provides deeply technical presentations from industry leaders and experts on a wide array of subjects relating to open source projects, data and open government and community engagement.

      • Intel Is Still Working On Upstreaming SGX Enclave Support To Linux - Now At 21 Revisions

        Intel Software Guard Extensions "SGX" have been around since Skylake for allowing hardware-protected (via encryption) memory regions known as "enclaves" that prevent processes outside of the enclave from accessing these memory regions. While supported CPUs have been out for years, the Intel SGX support has yet to make it into the mainline kernel and this week marks the twenty-first revision to these patches.

        The twenty-eight patches implementing the Intel SGX foundations support for the Linux kernel and Intel Memory Encryption Engine support were revised with various fixes. Even if the review of this twenty-first revision to these patches go spectacular, due to the timing this SGX support won't land until at least the Linux 5.4 kernel with being too late for Linux 5.3.

    • Benchmarks

      • Firefox 69 Beta On Linux Bringing Better Performance

        With the recent release of Mozilla Firefox 68 there are some nice WebRender performance improvements that Linux users can enjoy. But with Firefox 69 now in beta there is even better performance, including when enabling WebRender on Linux.

        Given the recent Firefox 68.0 release and Firefox 69.0 being promoted to beta, I ran some fresh browser benchmarks for checking out the current state of Mozilla's Linux performance from the Ubuntu desktop. The official Mozilla Firefox binaries for Linux x86_64 67.0.4, 68.0, and 69.0b3 were tested on the same system in a variety of browser benchmarks.

    • Applications

      • Top 15 Best Forum Software For Linux in 2019

        The online forum has been a popular and helpful platform for different kinds of professionals and bloggers. Based on the posted topic, people do discuss and provide their opinions. It works as a great place to get a clear idea of any item you prefer in the specific community. Like the other platforms, Linux also has many useful forum applications. Today, we are going to show you a comprehensive list of the best forum software for Linux users.

      • Changelog for VirtualBox 6.0

        VirtualBox 6.0.10 (released July 16 2019)

      • VirtualBox 6.0.10 Released with UEFI Secure Boot Support

        Oracle Virtualbox 6.0.10 was released today with many improvements and fixes to Linux hosts and guests.

      • VirtualBox 6.0.10 Adds UEFI Secure Boot Driver Signing On Ubuntu And Debian 10+ Hosts

        VirtualBox 6.0.10 was released today, and while this is a maintenance release, with mostly bug fixes, it does come with an important addition: support for UEFI secure boot driver signing on Ubuntu and Debian 10+ hosts.

        VirtualBox is a x86 and AMD64/Intel64 virtualization software that runs on Windows, Linux, macOS and Solaris, and supports a large number of guest operating systems, including Windows Linux, Solaris, OpenSolaris, OS/2 and OpenBSD.

    • Instructionals/Technical

    • Games

    • Distributions

      • Kali NetHunter App Store – Public Beta

        Kali NetHunter has been undergoing a ton of changes of late. Now supporting over 50 devices and running on Android devices from KitKat (v4.4) to Pie (v9.0), its amazing the extra capabilities that have been introduced.

        But, we don’t want to stop there. After a ton of work, we are really excited to introduce the Kali NetHunter App Store!

      • New Releases

      • Screenshots/Screencasts

      • PCLinuxOS/Mageia/Mandriva Family

        • Mageia 7.1, Mageia 7 with Ryzen 3000 hardware support

          The timing for Mageia 7, just prior to the recent release of the new AMD Ryzen 3000 series of CPU’s, didn’t play nicely. Namely, there was an issue with the system starting up on these new CPU’s that prevented any type of installation, except for a net install. So, the only solution was to release a new set of installation media, which are available to download here.

          It’s very important to note that if you have a working system, there is nothing that you need to address. This release is primarily to fix installation on systems with the above CPU’s.

        • Mageia 7.1 Released With Systemd Fix For AMD Ryzen 3000 Systems
      • Fedora Family

        • Network Security Toolkit 30-11210

          We are pleased to announce the latest NST release: "NST 30 SVN:11210". This release is based on Fedora 30 using Linux Kernel: "kernel-5.1.17-300.fc30.x86_64". This release brings the NST distribution on par with Fedora 30.

      • Debian Family

        • Proxmox VE 6.0 released!

          We're excited to announce the final release of our Proxmox VE 6.0! It's based on the great Debian 10 codename "Buster" and the latest 5.0 Linux kernel, QEMU 4.0, LXC 3.1.0, ZFS 0.8.1, Ceph 14.2, Corosync 3.0, and more.

          This major release includes the latest Ceph Nautilus feautures and an improved Ceph management dashboard. We have updated the cluster communication stack to Corosync 3 using Kronosnet, and have a new selection widget for the network making it simple to select the correct link address in the cluster creation wizard.

          With ZFS 0.8.1 we have included TRIM support for SSDs and also support for native encryption with comfortable key-handling.

        • Univention Corporate Server 4.4-1/Point Release UCS 4.4-1: performance improvements, app recommendations and UDM REST API Beta

          There are significant performance improvements for managing the contents of the directory service via UDM, especially for application scenarios with complex structures. There have also been further minor improvements in DNS management, where the search for IP addresses is now enabled in further modules, as well as in the use of standard containers of domain controller objects.

          A brand new feature is the REST API for UDM, which considerably facilitates the integration of UDM with other applications. This REST API has been released as beta version for the time being. After further tests and improvements we plan to release a stable version in autumn.

      • Canonical/Ubuntu Family

        • Linux Mint 19.2 Beta Released, Available to Download Now

          The beta pops out ahead of the final Linux Mint 19.2 stable release, which is expected sometime next month. Users who install this beta will be upgrade to the final stable release when it arrives.

          Overall, Linux Mint 19.2 “Tina” is shaping up to be a modest, but mature upgrade. It touts a crop of performance improvements and interface refinements, and brings enhancements to a number of core apps and utilities.

          When stable, Linux Mint 19.2 will become the 30th named version of Linux Mint, and the second point release in the 19.x series based on Ubuntu 18.04 LTS Bionic Beaver.

          Linux Mint 19.2 will, upon release, receive critical updates and fixes from release until 2023.

        • Linux Mint 19.2 “Tina” Cinnamon – BETA Release

          Linux Mint 19.2 is a long term support release which will be supported until 2023. It comes with updated software and brings refinements and many new features to make your desktop even more comfortable to use.

        • Linux Mint 19.2 "Tina" Available In Beta Form
        • Linux Mint 19.2 “Tina” MATE – BETA Release

          This is the BETA release for Linux Mint 19.2 “Tina” MATE Edition.

        • Linux Mint 19.2 “Tina” Xfce – BETA Release

          This is the BETA release for Linux Mint 19.2 “Tina” Xfce Edition.

        • Ubuntu 19.10 Will Offer a Flicker Free Boot (For Some Users, Anyway)

          A short, but welcome, update: Ubuntu 19.10 will offer a flicker free boot experience for some users!

          Red Hat’s crop of competent engineers are (as always) to credit for effort that Ubuntu 19.10 ‘Eoan Ermine’ takes full advantage of.

          Now, Ubuntu’s boot experience as-is isn’t exactly terrible, but there’s a visible bit of blinking during the process.

          As an AMD user I’m used to my laptop display “flickering” off and back on a few times during boot, signalling the transition from boot loader to loading screen to login screen — alas, something this effort can’t address.

          But users of Ubuntu 19.10 with modern Intel graphics cards and an UEFI setup should benefit from a truly seamless flickr-free boot experience, thanks to a new Plymouth snapshot added to the Eoan archives.

        • Ubuntu 19.10 To Ship With Flicker-Free Boot Support

          Thanks to the upstream work achieved by Red Hat engineers working on Fedora the past few cycles, Ubuntu 19.10 should have a flicker-free boot experience.

          Ubuntu 19.10 is in the process of picking up packages for the flicker-free boot experience that was led by Red Hat engineers like Hans de Goede for delivering a very polished boot experience particularly when booting in UEFI mode and also with supported graphics driver configurations, which for now is best with the Intel DRM code.

        • Our Diamond Sponsor – Ubuntu!

          Our Diamond Sponsor of this event is Ubuntu, an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.

          Linux was already established in 2004, but it was fragmented into proprietary and unsupported community editions, and free software was not a part of everyday life for most computer users. That’s when Mark Shuttleworth gathered a small team of Debian developers who together founded Canonical and set out to create an easy-to-use Linux desktop called Ubuntu.

        • Ubucon Europe 2019: Call for Sponsors

          This event can only be possible thanks to our sponsors. Your investment helps us create a greater experience for the open source community, while you still benefit from a considerable amount of exposure.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Seven Concerns Open Source Should Worry About - Part 1

        Not long ago, the Linux community celebrated the twenty-fifth anniversary of Linus Torvalds’ famous Internet post, and thus its birth. While Linux was not the first open source project (Richard Stallman announced his GNU Project eight years before), it soon became the poster child of a new way of collaborative development that changed not only how technology is created, but many other aspects of the world as well. Today, most critical software platforms and architectures are open source, and virtually all proprietary software is riddled with free and open source software (FOSS) as well.

        So, what could go wrong? Well, a lot, actually, unless we pause to think about where the potholes may emerge in the future, and how we can successfully navigate our way around them. That’s what I plan to do in a series of articles to which this is the introduction.

        Happily, all the potential concerns I will address can be addressed. That’s the good news. The bad news is that neither the commercial world nor the community of developers has a very good history of thinking about some types of risks that might be expensive, inconvenient, or just plain boring to manage or fix.

        Take security. That’s hardly a risk that’s unique to FOSS. But it is a concern that’s been around for a very long time. So long that we have a pretty compelling record of how both human and commercial nature act in response to security risks. Or, more to the point, don’t act. It would be impossible to find a single new wave of technology – and there have been very many – where security was not addressed as an after thought rather than designed in from the start. Almost always after multiple disasters had already occurred.

        The latest example is the Internet of Things. The IoT has been building out for going on a decade now, and none of the initial devices had any security features at all. Most of the latest devices still don’t. Some even have designed-in vulnerabilities, like factory programmed, unchangeable passwords.

        Other risks arise from a different type of complacency – assuming that because FOSS is “good” that it’s not possible to do anything “bad” when it’s created. That’s a dangerous attitude to have when you consider that there are increasing numbers of projects that are heavily funded by multiple head to head competitors. FOSS projects need concise antitrust policies - and then they need to follow them. Codes of Conduct, too.

        Other aspects of complacency relate to how effective FOSS licenses (as compared to what might be referred to as social pressures) are in a legal sense. Another is unquestioned assumption that the world will always be better with a single, dominant code base. Sometimes, competition between multiple architectures and platforms is a good thing. And while everybody wants to contribute to a rapidly expanding project that’s taking over the world, not everyone wants to do the boring maintenance work after its finished and becomes stable. If too many developers lose interest and drift away, still-crucial elements of the technology ecosystem can become dangerously vulnerable, stagnant and weak.

      • Web Browsers

      • Productivity Software/LibreOffice/Calligra

        • GSOC19 Ahmed ElShreif: Week 7 Report

          Then I spend more time reading some UI tests written with Python framework and try to figure out what missing of the UI elements and I disccuss adding logs for new events with my mentors.

      • Programming/Development

        • Return the number which is larger than the sum of the remaining numbers in a list with Python

          Given a list of numbers, return a new list consists of the number which is larger than the sum of the remaining numbers in a list or larger than absolute zero. For example, this list [2, 5, 2, 1] will convert to [5, 2, 1] because 5 is greater than 2+1, 2 is greater than 1 and 1 is greater than absolute zero. Another example. [2, 3, -3] will convert to [2, 3] because 2 is greater than 3+(-3) and 3 is greater than -3 but -3 is lesser than 0 which means -3 will not get included into the new list.

        • Jussi Pakkanen: A personal story about 10× development

          During the last few days there has been an ongoing Twitter storm about 10× developers. And like all the ones before it (and all the future ones that will inevitably happen) the debate immediately devolved into name calling and all the other things you'd except from Twitter fights. This blog post is not about that. Instead it is about a personal experience about productivity that I had to experience closer than I would have liked.

          Some years ago I was working for company X on product Y. All in all it was quite a nice experience. We had a small team working on a code base that was pretty good. It had nice tests, not too many bugs, and when issues did arise they were usually easy to fix. Eventually the project was deemed good enough and we were transferred to work on different projects.

          I have no idea what our "industry standard performance multiplier" was when we worked on that project, but for the sake of argument let's call it 1×.

          The project I got transferred to was the thing of nightmares. It was a C++ project and all the bad things that have ever been said about C++ were true about that code base. There was not much code but it was utterly incomprehensible. There were massively deep inheritance hierarchies, , compilation speed was measured in minutes for even the most trivial changes, and so on. It was managed by an architecture astronaut that, as one is wont to do, rewrote existing mature libraries as header only template libraries that were buggy and untested (one could even say untestable).

        • 101 Machine Learning Algorithms for Data Science with Cheat Sheets

          Think of this as the one-stop-shop/dictionary/directory for your machine learning algorithms. The algorithms have been sorted into 9 groups: Anomaly Detection, Association Rule Learning, Classification, Clustering, Dimensional Reduction, Ensemble, Neural Networks, Regression, Regularization. In this post, you'll find 101 machine learning algorithms, including useful infographics to help you know when to use each one (if available).

        • Python for NLP: Developing an Automatic Text Filler using N-Grams

          This is the 15th article in my series of articles on Python for NLP. In my previous article, I explained how to implement TF-IDF approach from scratch in Python. Before that we studied, how to implement bag of words approach from scratch in Python.

          Today, we will study the N-Grams approach and will see how the N-Grams approach can be used to create a simple automatic text filler or suggestion engine. Automatic text filler is a very useful application and is widely used by Google and different smartphones where a user enters some text and the remaining text is automatically populated or suggested by the application.

        • How to Write Pythonic Loops

          One of the easiest ways to spot a developer who has a background in C-style languages and only recently picked up Python is to look at how they loop through a list. In this course, you’ll learn how to take a C-style (Java, PHP, C, C++) loop and turn it into the sort of loop a Python developer would write.

          You can use these techniques to refactor your existing Python for loops and while loops in order to make them easier to read and more maintainable. You’ll learn how to use Python’s range(), xrange(), and enumerate() built-ins to refactor your loops and how to avoid having to keep track of loop indexes manually.

        • Tutorial: Advanced For Loops in Python

          In a previous tutorial, we covered the basics of Python for loops, looking at how to iterate through lists and lists of lists. But there’s a lot more to for loops than looping through lists, and in real-world data science work, you may want to use for loops with other data structures, including numpy arrays and pandas DataFrames.

          This tutorial begins with how to use for loops to iterate through common Python data structures other than lists (like tuples and dictionaries). Then we’ll dig into using for loops in tandem with common Python data science libraries like numpy, pandas, and matplotlib. We’ll also take a closer look at the range() function and how it’s useful when writing for loops.

        • PyCoder’s Weekly: Issue #377 (July 16, 2019)
  • Leftovers

    • Hardware

      • ASUS Chromebook C523

        Today we are looking at the ASUS Chromebook C523 (C523NA-DH02). It is a strong, modern smart-looking Chromebook for a great price with a big screen.

        It comes with a fanless Dual-Core Intel Celeron N3350 CPU, a 15.6 inch, 1366x768, HD NanoEdge display, and non-touch screen. It has 4gb of RAM and a 32GB eMMC SSD.

        It has Android Apps (Google Play) and Linux Apps (crostini) support and it will receive auto-updates until November 2023.

        It weighs 3.1 lbs and its dimensions are 14.1 x 9.9 x 0.6 in inches. The battery has 2 cells, 38Whr Lithium-ion battery, and 10 hours of battery life.

    • Security

      • Security updates for Tuesday

        Security updates have been issued by Fedora (expat and radare2), Oracle (thunderbird), Red Hat (389-ds-base, keepalived, libssh2, perl, and vim), Scientific Linux (thunderbird), SUSE (bzip2, kernel, podofo, systemd, webkit2gtk3, and xrdp), and Ubuntu (bash, nss, redis, squid, squid3, and Zipios).

      • Explainer: What is post-quantum cryptography?

        Few of us give much thought to the tiny padlock symbol that appears in our web browsers every time we use an e-commerce site, send and receive emails, or check our bank or credit card accounts. But it’s a signal that the online services are using HTTPS, a web protocol that encrypts the data we send across the internet and the responses we receive. This and other forms of encryption protect all kinds of electronic communications, as well as things like passwords, digital signatures, and health records.

      • Monitoring Linux Logs with Kibana and Rsyslog

        f you are a system administrator, or even a curious application developer, there is a high chance that you are regularly digging into your logs to find precious information in them.

        Sometimes you may want to monitor SSH intrusions on your VMs.

        Sometimes, you might want to see what errors were raised by your application server on a certain day, on a very specific hour. Or you may want to have some insights about who stopped your systemd service on one of your VMs.

        If you pictured yourself in one of those points, you are probably on the right tutorial.

        In this tutorial, we are to build a complete log monitoring pipeline using the ELK stack (ElasticSearch, Logstash and Kibana) and Rsyslog as a powerful syslog server.

        Before going any further, and jumping into technical considerations right away, let’s have a talk about why do we want to monitor Linux logs with Kibana.

      • Critical Vulnerability Found In Ad Inserter WordPress Plugin [Ed: Well, ads are malicious, many are literally malware, so people who put this crap in their site ask for if not deserve the worst.]

        On July 12, Wordfence team(Another popular security plugin for WordPress), discovered a vulnerability called RCE — Remote Code Execution in Ad inserter. This vulnerability can allow an attacker to run any arbitrary PHP code on the site.

        The vulnerability was found in Ad preview module of the plugin where you can preview the ads position, size, etc. before publishing it. This action can only be executed by the WordPress administrators and to ensure this, the plugin writer used WordPress function ‘check_admin_referer()‘ which ensures that the action is being performed by the administrator.

        Wordfence threat intelligence team who discovered this vulnerability said the ‘check_admin_referer()‘ function is not enough protection. check_admin_referer() is designed to protect against CSRF (Cross-site request forgery) and the way it ensures this is by checking if nonce (a one-time token) exists in the request.

      • Wanna work on Debian LTS (and get funded)?

        If you are in Curitiba and are interested to work on Debian LTS (and get paid for that work), please come and talk to me, Debian LTS is still looking for more contributors!

    • Transparency/Investigative Reporting

      • Chelsea Manning’s Daily Fines For Grand Jury Resistance Increase To $1000

        Daily fines against Chelsea Manning for resisting a grand jury investigating WikiLeaks increased to $1000 on July 16.

        On May 16, Judge Anthony Trenga held Manning in civil contempt and ordered her to be sent back to the William G. Truesdale Adult Detention Center in Alexandria. The court also imposed a fine of $500 per day after 30 days, and then a fine of $1000 per day after 60 days.

        From June 16 to July 15, the court fined her $500/day. Those fines total $15,000.

        If Manning “persists in her refusal” for the next 15 months or until the grand jury’s term ends, her legal team says she will face a total amount of fines that is over $440,000. This excessive amount may violate her Eighth Amendment rights under the Constitution.

        In May, Manning’s attorneys filed a motion challenging the harshness of the fines. The federal court has yet to rule on the motion or hold a hearing.

        The motion asserted there is no “appropriate coercive sanction” because Manning will never testify. She should be released from jail and relieved of all fines.

        “Ms. Manning has publicly articulated the moral basis for her refusal to comply with the grand jury subpoena, in statements to the press, in open court, and most recently, in a letter addressed to this court,” her attorneys stated. “She is suffering physically and psychologically, and is at the time of this writing in the process of losing her home as a result of her present confinement.”

        “The government, and maybe the general public, think that I have access to resources just because I am a public figure but that’s just not true,” Manning previously declared. “Making money has never been my priority.”

    • Environment

      • Energy

        • ‘We Can't Sit on the Sidelines and Be Climate Deniers,’ Dominion VP Warns Natural Gas Industry

          Donald Raikes arrived at 2019’s DUG East conference, a major shale gas industry gathering in Pittsburgh, with a mixed set of messages for his fellow fossil energy officials.

          “We are faced with a lot of challenges in this industry,” Raikes, senior vice president of gas infrastructure at Dominion Energy, said. “And this morning what I plan to do is use my time to carve out a call for action for all of us. We need to be very aware of the forces that are out there and how they are coming against us.”

          What sorts of forces? Raikes warned specifically about opposition from environmental groups.

          But Raikes also warned that the oil and gas industry was doing itself no favors by denying that it affects the environment, and he even dipped his toes into the issue of climate science denial.

      • Wildlife/Nature

        • This Land: New Book Exposes the Biggest Threats to the Wild West

          If you’re a lover of wilderness, wildlife, the American West and the public lands on which they all depend, then journalist Christopher Ketcham’s new book is required — if depressing — reading.

          In This Land: How Cowboys, Capitalism and Corruption Are Ruining the American West, Ketcham weaves together 10 years of reporting and decades of adventuring in the West into a deeply political and deeply personal call to save the West’s public lands.

          “It is still possible in this country to find wild, clean, open spaces, where the rhythms of the natural world go on as they should, relatively undisturbed by industrial man,” he writes. “I fear the opportunity, though, could disappear in our lifetime.”

    • Censorship/Free Speech

      • The Sixth Circuit Also Makes A Mess Of Section 230 And Good Internet Policy

        Yesterday we wrote about a bad Section 230 decision against Amazon from the Third Circuit. But shortly before it came out the Sixth Circuit had issued its own decision determining that Section 230 could not protect Amazon from another products liability case. But not for the same reason.

        First, the bad facts, which may even be worse: the plaintiffs had bought a hoverboard via Amazon, and it burned their house down (and while two of their kids were in it). So they sued Amazon, as well as the vendor who had sold the product.

        From a Section 230 perspective, this case isn't quite as bad as the Third Circuit Oberdorf decision. Significantly, unlike the Third Circuit, which found Amazon to be a "seller" under Pennsylvania law, here the Sixth Circuit did not find that Amazon qualified as a "seller" under the applicable Tennessee state law. [p. 12-13] This difference illustrates why the pre-emption provision of Section 230 is so important. Internet platforms offer their services across state lines, but state laws can vary significantly. If their Section 230 protection could end at each state border it would not be useful protection.

        But although this case turned out differently than the Third Circuit case and the Ninth Circuit's decision in HomeAway v. City of Santa Monica, it channeled another unfortunate Ninth Circuit decision: Barnes v. Yahoo. In Barnes Yahoo was protected by Section 230 from liability in a wrongful user post. After all, it was not the party that had created the wrongful content. Because it couldn't be held liable for it, it also couldn't be forced to take it down. But Yahoo had offered to take the post down anyway. It was a gratuitous offer, one it didn’t have to make. But, per the Ninth Circuit, once having made it, Section 230 provided no more protection from liability arising from how Yahoo fulfilled that promise.

      • Section 230 Is Not Exceptional, It Is Not Unique, It Is Not A Gift: It's The Codification Of Common Law Liability Principles

        There are so many myths about Section 230 that seem to need debunking. There's the myth that it requires platforms to be neutral. There's the myth that if you moderate too much you "lose" your status as a "platform." There's the myth that Section 230 of the CDA was "a gift" to big tech. None of those are true, and we've gone into great detail over the past few years about how Section 230 is designed to encourage the most "good" content, and discourage the most "bad" content. It's designed as a pretty straightforward balance, and it actually does a pretty good job of that.

        However, along with the claims that 230 is a "gift" to tech companies, is the unfortunate similar myth that 230 is somehow "exceptional" or that it treats internet companies "different than any other company." This has never been true. Instead, it's really about properly applying liability to the party actually violating the law, rather than putting the blame on the tools and services they use to violate the law. Brent Skorup and Jennifer Huddleston at the Mercatus Center have now put out an interesting paper, highlighting how -- far from being a "unique gift" to internet companies -- Section 230 was merely the codification of basic common law principles regarding liability.

      • Gab, Mastodon And The Challenges Of Content Moderation On A More Distributed Social Network

        While so many of the discussions and debates about content moderation focus on a few giant platforms -- namely Facebook, YouTube and Twitter -- it's fascinating to see how they play out in other arenas. Indeed, one of the reasons why we're so concerned about efforts to "regulate" content moderation practices on social media is that focusing on the manner in which those big, centralized platforms work could serve to stifle newer, more innovative platforms, whose very set up may inherently deal with the "problems" in the first place (see my protocols, not platforms discussion for one example).

        There are a few interesting platforms out there trying to take a different approach to nearly everything -- and one of the more well known is Mastodon, an open source "federated" system that is sort of somewhat like Twitter. If you somehow have missed the Mastodon boat, I'd recommend the long piece Sarah Jeong wrote about it two years ago, which is a pretty good intro to the topic. The really short version, though, is that anyone can set up their own Mastodon community and, if others so choose, they may "federate" with other Mastodon communities. You could build a Mastodon instance that is totally isolated from others, or you could build one that connects to others and allows "toots" to go from one instance of Mastodon to others. And, of course, the federating can change over time. It's kind of neat in that it allows for multiple communities, who can set different rules, norms and standards, and thus you get much more widespread experimentation. And, unlike a fully centralized system, like Twitter, the ability for different instances to just "go there own way" if they disagree, allows for much greater flexibility, without a centralized content moderation impossibility.

    • Privacy/Surveillance

      • Mr. Librem Kyle Rankin: Consent Matters: When Tech Shares Your Secrets Without Your Permission

        There is a saying that goes around modern privacy circles that “Privacy is about Consent.” This means that the one big factor that determines whether your privacy is violated comes down to whether you consented to share the information. For instance, let’s say Alice tells Bob a secret: if Bob then tells the secret to someone else, Bob will be violating Alice’s privacy, unless he had asked Alice for permission first. If you think about it, you can come up with many examples where the same action, leading to the same result, takes on a completely different tone–depending on whether or not the actor got consent.

        We have a major privacy problem in society today, largely because tech companies collect customer information and share it with others without getting real consent from their customers. Real consent means customers understand all of the ways their information will be used and shared, all the implications that come from that sharing–now, and in the future. Instead, customers get a lengthy, click-through privacy policy document that no one is really expected to read or understand. Even if someone does read and understand the click-through agreement, it still doesn’t fully explain all of the implications behind sharing your location and contact list with a messaging app or using voice commands on your phone.

        Big Tech has been funded, over the past two decades, by exploiting the huge influx of young adults who were connected to the Internet and shared their data without restriction. While it’s a generalization that young adults often make decisions based on short-term needs, without considering the long-term impacts, there’s also some truth behind it–whether we are discussing a tattoo that seemed like a good idea at the time, posting pictures or statements on social media that come back to bite you or giving an app full access to your phone. Individuals didn’t understand the value of this data or the risks in sharing it; but tech companies knew it all along and were more than happy to collect, store, share and profit off of it, and Big Tech is now a multi-billion-dollar industry.

      • EFF, ACLU Will Ask Court to Rule In Favor of Travelers Suing DHS Over Unconstitutional, Warrantless Searches of Cellphones, Laptops

        Boston, Massachusetts—On Thursday, July 18, at 3:00 p.m., lawyers for the Electronic Frontier Foundation (EFF) and the ACLU will ask a federal judge to decide that the constitutional rights of 11 travelers were violated by the suspicionless, warrantless searches of their electronic devices at the border by the U.S. government.

        The plaintiffs are ten U.S. citizens and a lawful permanent resident who, like many Americans, regularly travel outside the country with their cellphones, laptops, and other electronic devices. Federal officers searched their devices at U.S. ports of entry without a warrant or any individualized suspicion to believe that the devices contained contraband. Federal officers also confiscated the devices of four plaintiffs after they left the border, absent probable cause of criminal activity. The judge will decide whether a trial is needed or whether the evidence is so clear that the case can be decided now.

      • EFF Sues AT&T, Data Aggregators For Giving Bounty Hunters and Other Third Parties Access to Customers’ Real-Time Locations

        The Electronic Frontier Foundation (EFF) and Pierce Bainbridge Beck Price & Hecht LLP filed a class action lawsuit today on behalf of AT&T customers in California to stop the telecom giant and two data location aggregators from allowing numerous entities—including bounty hunters, car dealerships, landlords, and stalkers—to access wireless customers’ real-time locations without authorization.

        An investigation by Motherboard earlier this year revealed that any cellphone user’s precise, real-time location could be bought for just $300. The report showed that carriers, including AT&T, were making this data available to hundreds of third parties without first verifying that users had authorized such access. AT&T not only failed to obtain its customers’ express consent, making matters worse, it created an active marketplace that trades on its customers’ real-time location data.

        “AT&T and data aggregators have systematically violated the location privacy rights of tens of millions of AT&T customers,” said EFF Staff Attorney Aaron Mackey. “Consumers must stand up to protect their privacy and shut down this illegal market. That’s why we filed this lawsuit today.”

      • EFF Hits AT&T With Lawsuit Over Sale Of User Location Data

        We've noted a few times now that while Facebook gets a lot of justified heat for its privacy scandals, the stuff going on in the cellular data and app market in regards to location data makes many of Facebook's privacy issues seem like a grade-school picnic. That's something that was pretty well highlighted by a wave of massive scandals showing how your daily location data has long been collected by cellular data companies, then sold to a laundry list of dubious individuals and organizations. Outfits that have repeatedly failed to prevent this data from being abused by everyone from law enforcement to stalkers.

        The Ajit Pai FCC has yet to lift a finger or so much as scold the companies for their cavalier treatment of private user data. And while cellular giants like AT&T, Verizon, Sprint, and T-Mobile say they've stopped the practice in light of these scandals, nobody has actually bothered to confirm this fact. Given the billions to be made, it's certainly possible these companies may have just made a few modest changes to what's collected, who they sell this data to, and what they call this collection, but are still engaged in monetizing your daily location habits in some fashion.

    • Internet Policy/Net Neutrality

      • AT&T Will Now Filter Robocall Spam, If You Pay Them Extra

        When the FCC recently released its "new" robocall plan, consumer groups quickly noted how it wasn't really new, and didn't actually accomplish much of anything. Outside of making it clear that carriers could implement robocall blocking tech by default, most of the plan was just a rehash of past (inadequate) FCC policies. Worse, the plan fixates almost exclusively on "scam" calls (when "legit" telemarketers and debt collectors are the biggest culprits of unwanted calls), and does absolutely nothing to punish carriers that fail to implement either call blocking tech, or call authentication tech (to thwart number "spoofing").

    • Monopolies

      • Patents and Software Patents

        • Another Way In Which Patents Contributed To The Opioid Crisis: Hospitals Ordered Not To Use Better, Less Problematic Medicines

          Two years ago, we wrote about a stunning (and horrifying) study that explained how patents deeply contributed to the opioid crisis. It described the lengths that drug companies -- including OxyContin maker Purdue Pharma -- went through to block any and all generic competition. It was quite a story.

          However, on a recent episode of Terry Gross's "Fresh Air" she interviewed medical bioethicist Travis Rieder about his new book, In Pain. It tells the story of how, even as a "medical bioethicist," Rieder himself got addicted to opioids after being in a severe motorcycle accident -- and then was shocked to find that none of his doctors either knew how or cared enough to help him get off the painkillers. The story is fascinating -- and harrowing.

      • Copyrights

        • New Study Points Out What A Boon Sports Streaming Piracy Could Be To Leagues

          When it comes to cable cord-cutting and the set box vs. streaming revolutions, I have always argued that professional and college sports plays an outsized roll. In fact, sports programming is one of the few threads by which the cable television industry is currently hanging. Some leagues have made better use of these trends than others, with Major League Baseball still representing the gold standard in sports streaming, with the other major sports leagues riding along in its wake. And, yet, one of the most common complaints about streaming copyright infringement one can find out there is that of live-streaming professional sports. While much of this comes from the broadcast partners of these leagues, the leagues themselves still make a significant amount of noise about pirated sports streaming.

          It's never made sense to me. Sports league revenues generally are dominated by two categories: merchandise and advertising revenue. The former gets boosted with the maximum number of eyeballs on the product while the latter becomes something of a complicated mess, given that ad revenues have traditionally gone to broadcast partners, which translate into large contracts with revenue going from the broadcasters to the leagues. Despite that complication, the interest here is in advertising revenue.

Recent Techrights' Posts

"Many Applications Labelled as "Cybersecurity" and Given a Veneer of Legitimacy Are Really "Weaponised" and Abusive Code"
New from Dr. Andy Farnell
Security Advisory: Debian falls for social engineering hacks
Reprinted with permission from Daniel Pocock
The High Cost of Making Scepticism of Proprietary Voting Machines a "Trump" and "Conspiracy Theory" Territory
Time to get back to paper? Or read an old paper?
 
Donald Trump as Censor in Chief Can Now Leverage Censorship Companies and Fake Protection Disguised as 'Security'
Centralised CAs were trouble all along
Technology: rights or responsibilities? - Part VI
By Dr. Andy Farnell
A Death of a News Industry
A theme we explored thrice today
Deciphering Centralised CAs and Why Their Demise Should be a Goal
Encryption in transmission is good; but who controls the key exchange and certification/authentication/validation?
Links 08/11/2024: Strikes, Recessions, and Slowdowns
Links for the day
[Teaster] [Meme] New Ways of Wrecking (NWoW)
The EPO
Gateway for News and Blogs
In the long run, this site and its sister site (less overlap between them now) should hopefully become a popular destination for people who look for information, not chaff
Going Even Faster
We hope the site will be faster soon
Psychopaths Who Reaffirm Our Work's Value
Psychopaths and sociopaths lack empathy, so they're willing to go very far and stoop as low as they deem necessary
[Meme] How Low Can You Go at the European Patent Office?
Not just in terms of patent quality
More Cuts/End to Benefits for EPO Workers (Europe's Working Conditions Incompatible With the European Patent Convention)
"The Office is now reviving it but plans to introduce new cuts on benefits"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 07, 2024
IRC logs for Thursday, November 07, 2024
Gemini Links 08/11/2024: US Election, RetroChallenge 2024, and More
Links for the day
[Meme] Questioning Proprietary Software? Not OK...
A disaster long in the making
Links 07/11/2024: HTTP/3, Health Research, and Punditry
Links for the day
Gemini Links 07/11/2024: On Writing Publicly and Record Player Table
Links for the day
Open Source Security Foundation (OpenSSF) Hosted SOSS as Microsoft Propaganda Platform With Microsoft Front Group OSI
They essentially promote what they're attacking under false pretences [...] OSI is deeply corrupt. It's more toxic than arsenic.
Anti-Linux FUD, Now in LLM Form, Thanks to Brittany Day
They attack Linux with chatbots
[Meme] When You Discredit People Who Discredit Secret Code
proprietary systems with hundreds of millions of transistors (and hundreds of millions of lines of code)
Links 07/11/2024: Online Manipulation in Social Control Media, Election Deniers, and More
Links for the day
Gemini Links 07/11/2024: emacs-guix and File Hoarding
Links for the day
[Meme] Election Day at the European Patent Office
Less than 60 minutes left to cast your vote
Staff Union of the European Patent Office (SUEPO) Election Ending Today
In one hour
[Meme] When the Patent Office Does Illegal Things and Staff Speaks Out
many leaks received today
Today We Got an Early Birthday Gift
Exciting times
[Meme] Going Too Far to the Left Can Breed Militant Ideology
Some people can never be appeased because they prefer not to be appeased
Apple's Debt Has Skyrocketed While Gimmicks Like Vision Pro Failed
In Apple's case, the debt is almost double the "Cash on Hand", which isn't even cash
FSF Expressed No Preference Regarding Presidential Candidates (Its Founder Did)
Because he is a principled person, he does not prioritise loyalty to customers or employers (money)
A President Trump is Excellent News to Microsoft
His racist policies gave lots of contracts to Microsoft
Who Next on the Linux Foundation's 'Kill List'?
Remember that only about 2% of the "Linux" Foundation's budget goes to Linux
Links 07/11/2024: Facebook Scams, Journalists on Strike
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 06, 2024
IRC logs for Wednesday, November 06, 2024
Microsoft-Connected Publishers Want Us to Think That Linux is Some Sort of a Virus and a "Backdoor"
"The problem is with windows and the attack vector is via Windows"
We've Made it to 18! Here's to Another 18!
Going on for another 18 years means until some time at the end of 2042
Links 07/11/2024: Political Angst and Laptop Issues
Links for the day
Even LKML Subjected to Slop/SPAM by Guardian Digital, Inc (linuxsecurity.com)
They're really awful
Links 06/11/2024: BPF in RFC 9669, More Facebook Fines for Privacy Abuses
Links for the day
Gemini Links 06/11/2024: Political Shock and Hermaic Encouragement
Links for the day
Planet Debian Allows Politics (But It Depends on Your Opinions and Debian's Big Sponsors)
Planet Debian is OK with politics... as long as all your political opinions are the "correct" ones and you add cute animals
What Makes RMS Such an Attractive Target ('Discreditisation' Campaigns)
Don't be so easily fooled
The Biggest OEMs or Vendors of GNU/Linux Stopped Competing With Microsoft (Which Pays Them to Promote Windows, Too)
Where are the competition authorities (or regulators for that matter)?
Let's Encrypt Falls to a New Low of Only 0.6% of Gemini Capsules Known to Lupa
In Gemini Protocol, certificates for encryption are required, but centralised Certificate Authorities (CAs) aren't needed
Computer-Generator Crap Flooding the Web, the Latest Example About "Linux"
Here's today's example
Links 06/11/2024: Election Disinformation and Legal Actions
Links for the day
Gemini Links 06/11/2024: Stargazing and Death on Hallowe'en
Links for the day
Would You Trust a Liar?
Why lie about the authorship?
Mass Layoffs at Mozilla Announced During US Elections
Maybe nobody will notice?
[Meme] Announcing "Results" Before Everyone Even "Played"
There is a "tech" angle to otherwise political news
US Polls Close in One Minute (Social Control Media Does Not Care, Will Not Wait)
US election results will be known in about 2 days
Concentration and Centralisation Versus Aggregation or Syndication
KDE has a history of burying old sites
Social Control Media, Even Hours Before Polls Have Closed
Has social control media controlled by CPC (TikTok) and the Trumpmobile guy (Musk's "X") done enough to convince people not to even vote (based on presumptive "results", presented a long time before all polls have closed)?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 05, 2024
IRC logs for Tuesday, November 05, 2024
Wayland Pains in Community-Led Distros of GNU/Linux
Few people and companies use Wayland; there's hardly any technical or practical reason to choose it
IBM Still Conflating Microsoft With 'Security'
As a meme
Sanctions Cause Fragmentation in Software
some Chinese Linux developers are already subjected to restrictions similar to Russians'
Web Failing With Slop, Even in 'Linux' Sites (LLM Spam)
Add SEO prompting to the mix and the Web becomes a pool of slop, not knowledge
[Meme] State of the World Wide Web and Online Journalism
Technically a failure (DRM) and cannot even get basic things right
Trump's signature policy, building a wall, copied from Irish-Australian student politician
Reprinted with permission from Daniel Pocock
Linus Torvalds' self-deprecating LKML CoC mail linked to Hitler's first writing: Gemlich letter
Reprinted with permission from Daniel Pocock
[Meme] Turning 18 in One Day
just one more day