Bonum Certa Men Certa

Links 3/8/2019: Wine 4.13 Released, Gnuastro 0.10

  • GNU/Linux

    • System76 are prepping a powerful new Linux laptop, the "Adder WS"

      System76 sent word earlier about something new. A new (and rather powerful) Linux laptop named the Adder WS. The Adder WS will be the first Linux machine from System76 to include an OLED display, with a 15" size and 4K support it's sounding impressive.

      They're saying it's a "workstation laptop", as it's going to be quite the beast. The base standard configuration will have an Intel Core i7-9750H CPU and you can push it up to an i9-9980HK, the top end Intel offer for Laptops (according to System76). It will also come with an NVIDIA RTX 2070 GPU which "uses effective cooling techniques that allow the graphics card to reach its full performance potential"—so it sounds like a pretty damn good unit for some intense Linux gaming sessions.

    • Linux Magazine's New Issue (Partial Paywall)

    • Server

      • Started wanting to move stuff to docker.

        Started wanting to move stuff to docker. Especially around build systems. If things are mutable they will go bad and fixing them is annoying.

      • IBM

        • Shifting culture is the best way to reignite public-sector innovation

          Right now, we're in a storm of digital disruption, also known as the Fourth Industrial Revolution or any of the other trendy monikers coined in recent years. The truth is that the speed of innovation today makes long-term planning incredibly difficult.

          Like everyone, government organizations are struggling to chart paths forward in the face of a fast-moving and increasingly ambiguous future. According to a 2018 report from the Congressional Research Service, federal government IT budgets are growing, but so are the costs of maintaining older systems.

          The only way government agencies -- or any organization -- will continue to thrive amid continual, innovative disruptions will be to fundamentally rethink how they operate.

        • Multi-cloud: 5 important trends to watch

          Going by the most straightforward definition of multi-cloud – using two or more cloud services from two or more vendors – outsized numbers about multi-cloud adoption shouldn’t really surprise anyone, especially IT pros. It seems hard these days to not use at least a handful of cloud-based services.

        • Three Weeks After Closing the Red Hat Deal, IBM Rolls Out New Cloud Offerings

          Managed services and software optimized for Red Hat OpenShift and Linux aimed at helping enterprises move to the cloud.

        • The Big Picture

          IBM finally closed the deal to purchase Red Hat this month, writing a $34 billion check for the leading Linux company in hopes of restarting its cloud and network service endeavors. Red Hat was a really big fish in the open source scene, but they are tiny compared to IBM, and many observers are wondering how this story will unfold.

          In the press release confirming the sale [1], IBM said all the right things, leading off the announcement with the following bullets:

          IBM preserves Red Hat's independence and neutrality; Red Hat will strengthen its existing partnerships to give customers freedom, choice, and flexibility. Red Hat's unwavering commitment to open source remains unchanged. Together, IBM and Red Hat will deliver a next-generation hybrid multicloud platform.

          As you probably already know, this deal is all about the cloud, and about integrating hybrid cloud with IBM's existing business service portfolio. The quote from IBM CEO Ginni Rometty sounds like a manifesto, "Businesses are starting the next chapter of their digital reinventions, modernizing infrastructure and moving mission-critical workloads across private clouds and multiple clouds from multiple vendors. They need open, flexible technology to manage these hybrid multicloud environments. And they need partners they can trust to manage and secure these systems. IBM and Red Hat are uniquely suited to meet these needs. As the leading hybrid cloud provider, we will help clients forge the technology foundations of their business for decades to come."

        • IBM moves quickly to shift software base to Red Hat OpenShift

          IBM Corp. is losing no time in its efforts to demonstrate results from its acquisition of Red Hat Inc., which closed just three weeks ago.

          The company today is announcing that it will make much of its software portfolio available in cloud-native form on OpenShift, which is Red Hat’s version of the Kubernetes container orchestration manager. Containers are portable, self-contained software environments and Kubernetes is a management layer for large container deployments.

          “Cloud-native” is a term for software that’s constructed to take advantage of cloud-specific features such as near-limitless scalability and flexible, usage-based pricing. Many cloud applications are essentially versions of on-premises software that has been shifted to the cloud without the full benefit of cloud-specific features.

          “Cloud isn’t just about sticking content in a container,” said Hillery Hunter, chief technology officer of IBM Cloud. “It’s about getting IT operational efficiency and automation.”

    • Audiocasts/Shows

    • Kernel Space

      • Graphics Stack

        • Diff selection, AArch64 Pi4, caching

          The result of all the diff construction testing and sample implementations ... is an unchanged diff format. In my opinion, the scenario that most needs optimization is when a small change is made to a large buffer, and detailed damage tracking is unavailable. Then the main source of delay in the program is the time needed to scan through the unchanged portion of the buffer. On the other hand, when most of the buffer has changed, the data transfer time (and any compression/decompression stages) will take enough time that a 5% increase in diff runtime will be hidden by the other operations. In essence, it's better to optimize the diff for text input than for games. Based on the target scenario, the bitset format was ruled out, because a 1/64th control data overhead is huge when only 1/1000th of the buffer changed, and the time needed to convert the bitset to another format added too much slowdown, even in the case where no data changed. The split variation on the standard diff format was also discarded, as it required a bit more complexity to manage two buffers, while not significantly improving performance.

          A key optimization used by the standard diff method is "windowing": small unchanged gaps in the data stream are still copied into the diff. This speeds up diff application, by reducing the number of chunks that must be memcpy'd, as well as the number of branch mispredictions, and makes it possible to limit the number of times that the diff construction routine must switch between copying data and not copying data. The maximal size gap to be skipped is still kept relatively small, to minimize both the total diff size and the total amount of data written. (It's currently at 256 bytes, and can't go any lower than 64 bytes without breaking a key optimization for the SIMD diff routines.)

        • Broadcom's VC4/V3D Driver Developer Parts Ways To Join Google

          Eric Anholt who has near single-handedly been developing the V3D driver stack (formerly known as "VC5") for use by the Raspberry Pi 4 and other newer Broadcom boards as well as maintaining the mature VC4 driver stack he developed for previous Raspberry Pi boards has left Broadcom. But Broadcom's loss is to Google's open-source gain.

          Eric Anholt had been working for Broadcom the past five years on the VC4 driver stack as the Mesa Gallium3D driver paired with the in-kernel DRM/KMS driver and then more recently the V3D driver stack that for months now is mainline in Mesa and the Linux kernel. The V3D driver stack is now in use most notably by the recently launched Raspberry Pi 4.

        • Eric Anholt: Raspberry Pi 4, moving on

          Recently the Raspberry Pi Foundation released the Raspberry Pi 4, which shipped with the V3D driver I wrote as its GLES driver.

          I’m pretty proud of the work I did on the project. I was a solo developer building a GLES3 graphics driver based on Mesa, splitting my time between the new V3D and maintaining VC4, while also fixing issues in the X server and building a kernel driver. I didn’t finish everything (the hardware should be able to do GLES 3.2, and I almost made it to CTS-complete on 3.1 before shipping), but I feel like this is clear proof of how productive graphics driver developers can be working on the Mesa stack.

    • Applications

      • 4 of the Best Download Managers for Linux Users

        Struggling to keep your file downloads organized, or have you suddenly lost connection on a download at 99%? If you don’t already have a download manager installed on your Linux machine, it’s time to get one.

        Thankfully, there are several good download managers for Linux users to try. Here are four of the best. While we are using Linux Mint as an example, most of them should work on other Linux distros, too.

      • New 4.0.2 Version of Uyuni is Released

        Contributors of Uyuni Project have released a new version of Uyuni 4.0.2, which is an open-source infrastructure management solution tailored for software-defined infrastructure.

        Uyuni, a fork of the Spacewalk project, modernizing Spacewalk with SaltStack, provides more operating systems support and better scalability capabilities. Uyuni is now the upstream for SUSE Manager.

        With this release, Uyuni provides powerful new features such as monitoring, content lifecycle management and virtual machine management.

        Both the Uyuni Server node and the optional proxy nodes work on top of openSUSE Leap 15.1 and support Leap 15.1, CentOS, Ubuntu and others as clients. Debian support is experimental. The new version of Uyuni uses Salt 2019.2, Grafana 6.2.5, Cobbler 3.0 and Python 3.6 in the backend.

        “The upgrade involves the complete replacement of the underlying operating system,” according to a post on July 9 by Hubert Mantel on Github. “This is a very critical operation and it is impossible to handle any potential failure in a graceful way. For example, an error during upgrade of the base OS might lead to a completely broken system which cannot be recovered.

      • DeaDBeeF Music Player 1.8.2 Released with Stability Fixes

        The second bug-fix release for Deadbeef 1.8 series was released a day ago with some stability fixes and improvements.

    • Instructionals/Technical

    • Wine or Emulation

      • Wine Announcement

        The Wine development release 4.13 is now available.

      • Wine 4.13 Released Following Nearly Month Long Summer Holiday

        Wine 4.12 was released back on 5 July while finally today has been succeeded by Wine 4.13, which is normally seeing updates on a two-week release cycle.

        The nearly month long break in releases was due to lead developer Alexandre Julliard going on a summer holiday for much of July. Presumably many other Wine developers also enjoyed some time away from their keyboards as well as the Wine 4.13 release isn't too notable even with the extended cycle.

      • Not The Wine O'Clock News is now showing at 4.13

        This isn't in reference to the lovely fruity stuff, we are of course talking about the Wine compatibility software. The Wine team have been hacking away at their code again, with a brand new release now available with Wine 4.13.

        Quite a small one in terms of features included in this round, partly as Wine developer Alexandre Julliard had a vacation recently. I expect things to pick up again now.

    • Games

      • A three-way look at Rocket League on Linux, with D9VK versus Linux Native

        After chatting on Twitter with a fellow Rocket League enthusiast about the performance of the game, I decided to take a look.

        Rocket League originally released for Linux back in 2016, using an older build of Unreal Engine 3 with OpenGL as the renderer. With that in mind, it's one of the older major Linux ports available to us. Age is just a number though, it's a fantastic game. It's not perfect though and there's plenty of room for improvements.

      • Extreme arcade space combat game "Space Mercs" has officially released

        Designed and developed by Bearded Giant Games, Space Mercs is an extreme arcade space combat game like some of the classics and it's out now with Linux support.

        As a reminder, Bearded Giant Games have been developing Space Mercs entirely on Linux with the Unity game engine. Working from a low-powered Notebook, they've put a special amount of attention into the optimizations so it should work great across a huge variety of systems. It certainly does look good, with an impressive atmosphere to it!

      • The next Humble Monthly is out, with a nice deal for Linux gamers

        Once the bundle is over next month, you will also get an additional bunch of games. On top of that, as always, you also gain access to the Humble Trove. The Humble Trove is their curated selection of DRM-free games, while subscribed you can download them any time and keep them. Last I looked, the Trove had around 47 Linux games in it.

      • Zachtronics latest game "Eliza", is a Visual Novel that involves an AI counselling program

        This was quite unexpected, Zachtronics who are known for their challenging and high quality puzzle games have announced a Visual Novel called Eliza and it sounds unusual.

    • Desktop Environments/WMs

      • Try Out the JADE Desktop Environment

        This new desktop environment strives to offers something different, and while the design isn’t for everyone, it does introduce a couple of interesting features.

        2019 is not a year for innovation in the desktop environment. Ever since the desktop revolts over KDE 4, GNOME 3, and Unity in 2008-2012, developers have been cautious about innovation and alienating users with too much change. Any innovations have been incremental or minor. Under these circumstances, JADE (Just Another Desktop Environment) is a welcome development. Although it suffers from a lack of layout knowledge, at least JADE tries, and manages one or two promising features along the way.

        JADE was begun by Vitor Lopes and developed within the Manjaro distribution. To date, JADE is unavailable in any other distribution, but, since it was developed using standard web-technologies like HTML5, CSS, JavaScript and Python, porting it should be a trivial task, and only a matter of time. On the Manjaro forums, it was announced in 2017 as “a completely different DE concept, that changes the way you interact with your desktop, is made to be easy to use, independently of your computer skill.” According to Lopes, he began the product to “learn Python” and to “keep my coding skills sharp.”

        Currently, JADE is available in the Manjaro Webdad Preview version 17.1.11-stable. The preview runs in Virtual Box as an Other Linux – and not as a version of Arch Linux, as you might expect if you know the origins of Manjaro. In fact, if you try to install it as an Arch variant, the installation may stall, even if you use the fallback theme as suggested. The installer appears to be a modified version of Ubuntu’s, with the addition of usefully verbose online instructions. The only oddity is that, when allotted 15GB for the installation, the automatic partitioning creates a sap file of 15GB, which seems excessive.

        The DVD image is live. However, it is so slow that, even on a recent machine, it took 13 seconds to reach the login screen and another 15 to reach the desktop. Even then, I found it so unresponsive that several times I thought the desktop had frozen. The speed improved somewhat after installation to a drive, although even then I found it so unresponsive that several times I thought the desktop had frozen when I clicked to start applications. JADE is still in development, and the point of installing it is not to use it so much as to see how it is designed (Figure 1).

      • K Desktop Environment/KDE SC/Qt

        • June/July in KDE Itinerary

          Another two busy months have passed since the last bi-monthly summary on KDE Itinerary’s progress. Here are the highlights.

        • Sprint ahoy

          Well, I did manage to get some work done during the start of the week cause after that it was just dripping nose and back to back headaches along with a sore throat for around the next 3 days, and I also had to prepare for Krita sprints happening next week.

      • GNOME Desktop/GTK

        • GNOME Launches An Inclusion & Diversity Team [Ed: The comments there are worth reading, too]

          In addition to GNOME's involvement and stewarding of the Outreachy program (back to the days when it was known as GNOME's "Outreach Program for Women"), they have just launched an Inclusion and Diversity Team to help the desktop environment community become more inclusive.

          The GNOME Inclusion and Diversity Team looks to ensure the GNOME community is more inclusive and diverse beyond just getting more women and other minority groups involved, as is the case for Outreachy internships.

    • Distributions

      • Arch Family

        • TROM-Jaro: A New Twist on Open Source Freedom

          TROM-Jaro Linux offers a new twist on the concept of open source as free software.

          First released as a beta version last December, TROM-Jaro's second and current non-beta release pushed out in June.

          This new distro is a custom-built version of the popular Manjaro Arch Linux. It is probably more accurate to describe TROM-Jaro as a strategically modified version of Manjaro Linux. The unnamed developers used the Manjaro community tools to construct the modifications.

          That rebuilding, of course, is perfectly legitimate in the open source software world. TROM-Jaro is not a fork of Manjaro. It has the pronounced look and feel of the Manjaro base.

          In fact, nowhere in the screen displays or application titles is anything branded as anything other than "Manjaro Linux." This is evident with the initial help screen that welcomes you to Manjaro! Even the installation screens do not hawk the "TROM-Jaro" distro name.

      • Fedora Family

        • FPgM report: 2019-31

          Here’s your report of what has happened in Fedora Program Management this week. Flock is this week in Budapest.

      • Debian Family

        • Sparky 2019.08

          There are new live/install media of SparkyLinux 2019.08 “Po Tolo” available to download. This is the 1st snapshot of the new (semi-)rolling line, which is based on the testing branch of Debian “Bullseye”.

      • Canonical/Ubuntu Family

        • Linux Mint 19.2 “Tina” Released

          Open the preferences window from the update manager and open the blacklist tab. Click the add button and fill in the package name that you want to target and the specific version that you do not want the operating system to update this package to. Hit “OK” and it’ll not update the package to the selected version.

          This option lets stay safe from a specific version that you know will break your system. However, this feature will only block the update to the specific version you’ve selected. In case a later version is released, the update manager will download and install the package updates.

          You can also blacklist a specific version from the update manager by right-clicking the update package and blacklist it. This way of blacking a version update is easy and a recommended one.

        • New long-term support version of Linux Mint desktop released

          With more work than ever going into making the Linux desktop great for all users and gaming, it only seems appropriate that Mint is releasing its latest long-term support of its flagship operating system: Linux Mint 19.2, Lisa.

          This is important because, as I've said before after looking at many Linux desktops year in and out, Linux Mint is the best of the breed. It's easy to learn (even if you've never used Linux before), powerful, and with its traditional windows, icons, menus, and pointers (WIMP) interface, it's simple to use.

          As before, Linux Mint will run on pretty much any PC in your home, office, or junk closet. It only needs 2GB of RAM, but it can run with as little as 1GB. Sorry, Bill, 640K is not enough. You'll also need at least 15GB of disk space, but 20GB recommended. Finally, you'll need a graphics card and monitor that supports a 1024×768 resolution. I can find that kind of hardware at my local second-hand store.

        • Linux Mint 19.2 is out

          The Linux Mint team released a new version of the Linux distribution on August 2, 2019. Linux Mint 19.2 is already available in the three supported flavors Cinnamon, MATE, and Xfce.

          The new version is a long-term service release; it will be supported until 2023 and is already available on the official website of the project. 32-bit and 64-bit versions of Linux Mint 19.2 Cinnamon, MATE, and Xfce are provided. The release follows Linux Mint 19.1 and Linux Mint 19.0 which we reviewed here.

          Highlights of the release are reduced RAM usage, and Update Manager and Software Manager improvements.

          Check out our guide on upgrading Linux Mint if you don't know how to upgrade from an earlier version of the Linux distribution.

        • Best VPN for Ubuntu in 2019 (Full Review)

          Linux is a highly customizable and completely open-source operating system that gives you full control over your computer. The Ubuntu distribution takes that customizability and adds a layer of user-friendliness on top. You get all the security benefits of Linux, only you don’t have to be a command line expert to get things done.

          Even though Ubuntu is more secure than other operating systems, out of the box it doesn’t do much to protect data leaving your device. VPNs bridge that crucial gap by providing encryption for every packet that exits your home network. You’ll get non-local privacy along with a high level of anonymity, all from the comfort of your own Ubuntu system.

    • Devices/Embedded

      • Linux heads for space in hardened Ai-RIO computer

        Aitech announced that its VxWorks-driven “Ai-RIO” computer, which is available in separate Space and Mil/Aero configurations, now offers a Linux BSP. The rugged Ai-RIO runs on a PowerPC-based NXP P1020 and offers radiation resistance and modular I/O expansion.

        Commercial space travel is on the verge of becoming a major market for embedded computing. Much of it is RTOS-driven to ensure greater reliability, but with the advent of real-time Linux kernels, the penguin is playing a growing role. On the low-end, Fossbyte just reported that the European Space Agency is using Raspberry Pi Zero SBCs on its experimental CryptIC CubeSat for low-cost encryption. On the high-end are hardened computers like Aitech’s intelligent Ai-RIO Remote I/O interface Unit (RIU), which has just gained a Linux BSP to join the existing VxWorks 6.9 support.

    • Free, Libre, and Open Source Software

      • What is open source software? Open source and FOSS explained [Ed: IDG repeats Microsoft lies towards the end (as expected)]

        The “free” in free software is meant to denote users’ freedom to alter and distribute code as they like; there’s no rule against charging money for free software in this sense.

      • Web Browsers

        • Mozilla

          • These Weeks in Firefox: Issue 62

            In Nightly (and targeted for Firefox 70) we now have color-contrast checks in the color-picker tooltip thanks to Maliha, our Accessibility intern!

          • Mozilla VR Blog: Lessons from Hacking Glitch

            When we first started building MrEd we imagined it would be done as a traditional web service. A potential user goes to a website, creates an account, then can build experiences on the site and save them to the server. We’ve all written software like this before and had a good idea of the requirements. However, as we started actually building MrEd we realized there were additional challenges.

            First, MrEd is targeted at students, many of them young. My experience with teaching kids during previous summers let me know that they often don’t have email addresses, and even if they do there are privacy and legal issues around tracking what the students do. Also, we knew that this was an experiment which would end one day, but we didn’t want the students to lose access to this tool they just had just learned.

            After pondering these problems we thought Glitch might be an answer. It supports anonymous use out of the box and allows easy remixing. It also has a nice CDN built in; great for hosting models and 360 images. If it would be possible to host the editor as well as the documents then Glitch would be the perfect platform for a self contained tool that lives on after the experiment was done.


        • Gnuastro 0.10 released
          Dear all,

          I am pleased to announce the 10th release of GNU Astronomy Utilities (Gnuastro 0.10).

          Gnuastro is an official GNU package of various command-line programs and library functions for the manipulation and analysis of (astronomical) data. All the programs share the same basic command-line user interface (modeled on GNU Coreutils). For the full list of Gnuastro's library, programs, and a comprehensive general tutorial (recommended place to start using Gnuastro), please see the links below respectively:

          Many new features have been added, and many bugs have been fixed in this release. For the full list, please see [1] below (part of the NEWS file within the tarball). Some of the highlights are: 1) You can now do column arithmetic (on FITS and plain text tables) directly within the Table program, it also has some operators unique to table columns for example conversion of pixel to world coordinate system (WCS) coordinates and vice-versa. 2) Crop can now be used to pull out sections of 3D data cubes also. 3) You can let CosmicCalculator find the red-shift by identifying an emission line's wavelength or name, and its observed wavelength.

          Here is the compressed source and the GPG detached signature for this release. To uncompress Lzip tarballs, see [2]. To check the validity of the tarballs using the GPG detached signature see [3]:

 (5.2MB) (833B) (3.4MB) (833B)

          Here are the MD5 and SHA1 checksums (other ways to check if the tarball you download is what we distributed):

          886c7badcd5b94d28bb616013b303bfb gnuastro-0.10.tar.gz 48d1081543ba19b5d1b59e6d29b3b349 gnuastro-0.10.tar.lz fce509583955f4bf15a764f30c7720de9df01a83 gnuastro-0.10.tar.gz 23c7f8d570e7b2851302500b5227026cb0d76340 gnuastro-0.10.tar.lz

          For this release, I am very grateful to Alexey Dokuchaev, Joseph Putko and Raul Infante-Sainz for direct contributions to Gnuastro's source. Hamed Altafi, Roberto Baena Gallé, Zahra Bagheri, Leindert Boogaard, Bruno Haible, Raul Infante-Sainz, Lee Kelvin, Elham Saremi, Zahra Sharbaf, David Valls-Gabaud and Michael Wilkinson (in alphabetical order) also provided very good suggestions and bug reports, I am very grateful to them.

          If any of Gnuastro's programs or libraries are useful in your work, please cite _and_ acknowledge them. For citation and acknowledgment guidelines, run the relevant programs with a `--cite' option (it can be different for different programs). Citations _and_ acknowledgments are vital for the continued work on Gnuastro, so please don't forget to support us by doing so.

          This tarball was bootstrapped (created) with the tools below. Note that you don't need these to build Gnuastro from the tarball, these are the tools that were used to make the tarball itself. They are only mentioned here to be able to reproduce/recreate this tarball later. Texinfo 6.6 Autoconf 2.69 Automake 1.16.1 Help2man 1.47.10 ImageMagick 7.0.8-58 Gnulib v0.1-2794-gc8e2eee54 Autoconf archives v2019.01.06-55-gc5711b3

          The dependencies to build Gnuastro from this tarball are described here:

          Best wishes, Mohammad
      • Programming/Development

        • Lesson In Adopting Test Driven Development (TDD)

          Test Driven Development (TDD) has been a part of the developer's term that I view it as an arcane art for me.

          As a love or hate relationship between the developer who swears by it exclusively to you don't need this attitude.

          Which is similar to adopting Agile software management practices for an organisation.

          I found out about it more as I became involved in helping to guide developers in Python for a developer gym organised by Junior Developer Singapore.

        • Use the Blockchain data to populate the combo box

          Previously the cryptocurrency application has loaded the world currency text file and then populate the currency combo box based on the currency symbol in that text file. In this article, the cryptocurrency program will use the returning currency symbol from Blockchain to populate that same combo box.

        • Why your mock doesn’t work

          Mocking is a powerful technique for isolating tests from undesired interactions among components. But often people find their mock isn’t taking effect, and it’s not clear why. Hopefully this explanation will clear things up.

          BTW: it’s really easy to over-use mocking.

        • Dask joins NumFOCUS Sponsored Projects

          Dask is an open source library for natively scaling Python. It provides advanced parallelism for analytics, enabling performance at scale for the tools you love. Dask builds on existing Python libraries like NumPy, pandas, and scikit-learn to enable scalable computation on large datasets. In addition, Dask provides a general purpose framework to enable advanced users to build their own parallel applications. Dask enables analysts to scale from their multi-core laptop to thousand-node cluster.

        • [Older] History and effective use of Vim

          This article is based on historical research and on simply reading the Vim user manual cover to cover. Hopefully these notes will help you (re?)discover core functionality of the editor, so you can abandon pre-packaged vimrc files and use plugins more thoughtfully.

  • Leftovers

    • Science

    • Health/Nutrition

    • Security (Confidentiality/Integrity/Availability)

      • Cisco's failure to heed whistleblower's warning about security defects in video surveillance software costs the company $8.6m in fines

        There's a lesson here about the people who advocate for allowing companies to decide when defects in their products can be revealed: companies are not trustworthy custodians of bad news about their products, even (especially) when the stakes are high and they face titanic liability for failing to mitigate reported defects.

      • GitLab Is A Very Powerful Tool For Security: Liz Rice Of Aqua Security

        The ‘Takeaway’ from this interview is that GitLab is a very powerful tool for security. Guest Liz Rice, VP of Open Source Engineering at Aqua Security.

      • Liz Rice On Technology & Culture Of The Cloud Native World

        Liz Rice, VP of Open Source Engineering at Aqua Security sat down with Swapnil Bhartiya at KubeCon and CloudNativeCon, Barcelona, to talk about a wide range of topics.

      • bzip2 and the CVE that wasn’t

        Compiling with the GCC sanitizers and then fuzzing the resulting binaries might find real bugs. But not all such bugs are security issues. When a CVE is filed there is some pressure to treat such an issue with urgency and push out a fix as soon as possible. But taking your time and making sure an issue can be replicated/exploited without the binary being instrumented by the sanitizer is often better.

        This was the case for CVE-2019-12900 “BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors“.

        The bzip2 project had lost the domain which it had used for the last 15 years. And it hadn’t seen an official release since 2010. The bzip2 project homepage, documentation and downloads had already been moved back to And a new bug tracker, development mailinglist and git repository had been setup. But we were still in the middle of a code cleanup (removing references to the old homepage, updating the manual and adding various cleanups that distros had made to the code) when the CVE was filed.

    • Defence/Aggression

      • Iran Claims Saudi Arabia Killed Over '3000 Americans' And Still Gets to 'Have Nuclear Weapons'

        Zarif accused the U.S. of hypocrisy as the Trump administration attempted to support Saudi Arabia in building its nuclear program, tweeting: "Kill 3,000+ Americans but remain a US client and you can have nuclear weapons — even get help in acquiring them." The statement is a likely reference to the fact that 15 of the 19 Al-Qaeda-affiliated hijackers involved in the 9/11 attacks that killed nearly 3,000 people, the vast majority of which were U.S. citizens, were Saudi citizens, and other alleged links between Riyadh and jihadi groups that target Washington's interests.

    • Transparency/Investigative Reporting

      • APNewsBreak: Edward Snowden book coming out Sept. 17

        Metropolitan Books, an imprint of Macmillan Publishers, announced Thursday that Snowden’s “Permanent Record” will be released simultaneously in more than 20 countries, including the U.S., Germany and Britain. According to Metropolitan, Snowden will describe his role in the accumulation of metadata and the “crisis of conscience” that led him to steal a trove of files in 2013 and share them with reporters. Metropolitan spokeswoman Pat Eisemann declined to offer additional details.

      • FBI Says QAnon, Internet Conspiracy Theorists Are National Security Threats

        The FBI—an agency which has presided over counterterrorism and major mafia and cartel takedowns—concedes in the report that categorizing conspiracy theories as national security threats might come across as odd at first, but shouldn’t be disqualified in the current environment.

        “Although many conspiracy theories appear benign or inconsequential, others create serious risks," it reads. The bulletin emphasizes that the internet can be a vector not just for the spread of conspiracy theories, but for people to seek out perceived villains in the real world.

      • Exclusive: FBI document warns conspiracy theories are a new domestic terrorism threat

        The FBI acknowledges conspiracy theory-driven violence is not new, but says it’s gotten worse with advances in technology combined with an increasingly partisan political landscape in the lead-up to the 2020 presidential election. “The advent of the Internet and social media has enabled promoters of conspiracy theories to produce and share greater volumes of material via online platforms that larger audiences of consumers can quickly and easily access,” the document says.

        The bulletin says it is intended to provide guidance and “inform discussions within law enforcement as they relate to potentially harmful conspiracy theories and domestic extremism.”

        The FBI Phoenix field office referred Yahoo News to the bureau’s national press office, which provided a written statement.

      • The Distraction Distraction

        Trump presents us with a conundrum. We can’t ignore a president who spews Ku Klux Klan–level rhetoric that could get people killed and maybe already has. But neither can we allow him to colonize our collective imagination. Elizabeth Warren put it well in tweet: “This president is desperate. Calling out his racism, xenophobia, and misogyny is imperative. But he’s trying to divide us and distract from his own crimes, and from his deeply unpopular agenda of letting the wealthy and well-connected rip off the country. We must do more.” She’s right. We must demand more of our media and ourselves—more clarity, more balance, and more time focused on what the Trump administration is actually doing to our country than on his latest stupid, racist tweet. Democracy is not a reality show, and our media needs to stop treating Trump as if he’s still a TV host, lest we end up, in the late critic Neil Postman’s prescient phrase, “amusing ourselves to death.”

      • In Ecuador, Political Actors Must Step Away From Ola Bini’s Case

        After spending nearly a week in Ecuador to learn more about the case against Swedish open source software developer Ola Bini, who was arrested here in April, EFF has found a clear consensus among the experts: the political consequences of his arrest appear to be outweighing any actual evidence the police have against him. The details of who stood to benefit from Bini's prosecution varied depending on who we spoke with, but overall we have been deeply disturbed by how intertwined the investigation is to the political effects of its outcome. Ola Bini’s innocence or guilt is a fact that should be determined only be a fair trial that follows due process; it should in no way be impacted by potential political ramifications.

        Since EFF was founded in 1990, we have frequently stepped in to defend security researchers from misunderstandings made by law enforcement, and raised awareness when technologists in the United States have been incarcerated. And last year, we launched a new Coders’ Rights in Latin America project, which seeks to connect the work of security research with the fundamental rights of its practitioners. While security researchers play a vital role in fixing flaws in the software and hardware that everyone uses, their actions and behaviors are often misunderstood. For example, as part of their work, they may discover and inform a company of a dangerous software flaw—a civic duty that could be confused with as a hacking attack.

        When we first began analyzing Ola Bini’s case, we thought this was what had happened. The so-called “evidence” presented after his arrest—which included USB sticks, security keys, books on programming—suggested this might be the case. Of course, owning such things is not a crime, but together, they can seem suspicious to an authority who isn’t in the know.

    • Environment

      • In Zimbabwe, the Water Taps Run Dry and Worsen ‘a Nightmare’

        The shortage of water has become an annual problem in Zimbabwe, but this year’s drought is particularly serious because it has occurred earlier in the summer and affected even more people than usual.

        The level of rainfall this year has been about 25 percent less than the annual average, according to Washington Zhakata, the director of the Climate Change Management Department in the Zimbabwean government. A cyclone inundated the country in March, but it didn’t raise the water table and isn’t included in this year’s rainfall tally.

      • In the Fight to Save the Planet, Its Defenders Are Being Killed

        Global Witness noted that the actual figure is probably far higher because reporting is iffy in the most vulnerable parts of the world. Governments and industries are also learning that there are other, nonlethal means of intimidating or eliminating activists who resist them. In addition to the violence of private security agents, state forces or contract killers, activists now also confront teams of aggressive lawyers.

      • Indonesia to Deploy Thousands of Security Personnel to Combat Haze-Causing Fires

        Fires are an annual occurrence during Indonesia’s dry season, which normally runs from about June to October. The blazes — largely caused by illegal slash-and-burn farming methods by palm oil and pulpwood companies — cause serious haze problems in Indonesia and neighboring countries.

      • Three things Jokowi could do better to stop forest fires and haze in Indonesia

        The fires also produced 15.95 million tons of CO2 emissions per day. This was more than the daily emissions of the entire US economy, making Indonesia one of the major contributors to global greenhouse gas emissions from land use change and the forestry sector.

        In addition to thousands of premature deaths, researchers warned of the alarming long-term impacts of the cross-border haze’s particulate matter being inhaled by infants in Indonesia, Malaysia and Singapore.

      • Indonesia battles fires as dry season peaks

        The latest hot spot figures compare with over 750 hot spots just on Sumatra island alone in mid-October 2015 - at the peak of the national fire crisis, caused by massive burning to clear land for palm oil, paper and rubber plantations.

      • Malaysians brace for hazy days due to Sumatra fires

        In a statement on Thursday, the DoE attributed the smog to transborder haze due to forest fires in Indonesia, and said it had stepped up efforts to monitor and clamp down on open burning through the use of drones.

      • Indonesia Fights Fires in Palm-Growing Regions to Prevent Deadly Haze

        Forest fires from illegal burning to clear land for palm oil and paper plantations are a recurrent event in Southeast Asia’s biggest economy. Their frequent occurrence prompted President Joko Widodo to order a moratorium on new permits to clear forest and peat land for palm oil cultivation.

        Riau, one of the country’s main palm oil-growing region, is the worst affected province this year with fires scorching about 28,000 hectares of land already, the disaster mitigation agency said in a statement on Tuesday.

      • Advance of climate change a threat to security in Finland, says expert

        Limnéll also called attention to estimates that global warming may force up to a billion people to become refugees, arguing that it is an indication of how widespread the ramifications of climate security can be for global stability and the entire planet.

      • The Arctic Is on Fire, and It Might Be Creating a Vicious Climate 'Feedback Loop'

        “Peat fires burn ‘old’ carbon,” Smith said in an email, meaning that the carbon has taken thousands of years to accumulate. “So in a few weeks, a fire can burn through hundreds of years worth of carbon sequestration.”

        In other words, Smith said, these fires are not carbon-neutral. More fires contribute to faster climate change, which in turn creates ideal conditions for more Arctic blazes.

        "These greenhouse gas emissions (which are not offset by future regrowth) will lead to warming, and warming will increase the likelihood of peat soils being drier earlier in the summer and therefore more likely to burn.... In turn leading to more greenhouse gas emissions," Smith said. "It is a classic positive feedback loop."

      • New Concerns Raised by Opponents Delay Wanhua’s $1.25 Billion Plastic Complex in Louisiana

        “Look at what is coming into the Parish, instead of saying ‘Yeah, yeah, yeah’—it is time to say ‘No,’” Pastor Harry Joseph told the St. James Parish Council on July 24. He implored councilmembers to consider freshly unveiled public health and economic concerns before they reaffirmed a permit allowing yet another petrochemical plant in a southern Louisiana community fed up with its already rapid industrialization.

        Joseph, pastor of Mount Triumph Baptist Church in St. James, is one of the plaintiffs appealing the parish council’s permit granted May 20 to Wanhua Chemical, which is planning to build a $1.25 billion plastics factory on the banks of the Mississippi River. During the appeal, new information about the project caused the council to halt a vote on repealing the permit. Instead, it sent the matter back for reconsideration to the parish planning commission, which had previously granted the project permission.

      • Energy

        • Fracking's Dirty Water Problem Is Getting Much Bigger

          While fracking for oil and gas in the U.S. has contributed to record levels of fossil fuel production, a critical part of that story also involves water. An ongoing battle for this precious resource has emerged in dry areas of the U.S. where much of the oil and gas production is occurring. In addition, once the oil and gas industry is finished with the water involved in pumping out fossil fuels, disposing of or treating that toxic wastewater, known as produced water, becomes yet another problem.

          These water woes represent a daunting challenge for the U.S. fracking industry, which has been a financial disaster, something even a former shale gas CEO has admitted. And its financial prospects aren't looking any rosier: The industry is facing another round of bankruptcies as producers are overwhelmed by debt they are unable to repay.

      • Wildlife/Nature

        • Finally, We Have Some Good Nature News: Tiger Numbers in India Are Rebounding

          The efforts the project team undertakes to derive the tiger population estimate are nothing short of phenomenal: 44,000 field staff conducted almost 318,000 habitat surveys across 20 tiger-occupied states of India.

          Some 381,400 km€² (147,000 square miles) was checked for tigers and their prey.

        • The Iconic Joshua Tree Is in Trouble

          Her calculations suggest that addressing climate change could save 19 percent of the trees after 2070. If nothing is done, however, the park likely only would keep a scant 0.02 percent. The study appears in the journal Ecosphere.

        • The New Guy in Charge of Public Lands Thinks We Should Sell It All

          Conservative lawyer William Perry Pendley has argued that the federal government should sell its public lands. As of Monday, he’s in charge of overseeing a huge chunk of them.

          Interior Secretary David Bernhardt signed an order on Monday naming Pendley as the acting head of the Bureau of Land Management (BLM). The BLM oversees more land than any other federal agency—nearly 240 million acres, over three times as much as the National Parks Service, encompassing much of the western U.S. Unlike National Parks, BLM-managed land is governed by “multiple-use” principles, which allow for some activities like logging and grazing to occur.

    • AstroTurf/Lobbying/Politics

      • A US senator has introduced a bill that would stop Facebook, Twitter, or YouTube from endlessly showing you content, in an attempt to keep users from getting addicted to social media

        The bill would also require social media companies to add an automatic time limit of 30 minutes per day for all users (though users could change it), and inform users of how much time they have spent on the platform every 30 minutes.

      • ‘Democracy Has Become a Joke on the Island’ - CounterSpin interview with Ed Morales on Puerto Rican protest

        Puerto Rico is a territory of the United States; that’s critical to understanding the island’s historical, political and economic situation. And we rightfully make fun of—especially—politicians who seem not to understand that. On another level, there are reasons to think about Puerto Rico as a different place—Puerto Ricans’ decisive, collective uprising in response to clear revelations of anti-humane governance not the least of them.

        It’s hard not to find inspiration in the vibrant multi-sector protests in Puerto Rico and on the mainland, even recognizing the deep hardships and systemic failures that fuel them. We’re recording on July 25; Governor Ricardo Rosselló announced his resignation late last night. Joining us now to talk about the protests that made that happen, and what in turn spurred them, is writer Ed Morales. He teaches at Columbia University’s Center for the Study of Ethnicity and Race, and his new book, Fantasy Island: Colonialism, Exploitation and the Betrayal of Puerto Rico, is forthcoming from Bold Type Press. He joins us now by phone from here in town. Welcome back to CounterSpin, Ed Morales.

      • A Celebration Of Pioneering Satirist Paul Krassner

        As Krassner wrote in his autobiography, Confessions of a Raving, Unconfined Nut: Misadventures in Counter-Culture, “America had a powerful tradition of alternative journalism that could be traced back, from contemporary periodicals—The Independent, I.F. Stone’s Weekly, George Seldes’ In Fact, to [William Cowper] Brann’s Iconoclast published in the 1890s in Waco, Texas, all the way back to Benjamin Franklin and Tom Paine during revolutionary times.” (The title of his book came from the FBI, which described Krassner as a “raving, unconfined nut.”)

        Krassner was not only inspired by this journalistic tradition but also a column from Malcolm Muggeridge, a former writer for Punch, that was published by Esquire in 1958. Muggeridge wrote, “The area of life in which ridicule is permissible is steadily shrinking, and a dangerous tendency is becoming manifest to take ourselves with undue seriousness. The enemy of humor is fear and this, alas, is an age of fear.”

        “The only pleasure of living is that every joke should be made, every thought expressed, every line of investigation, irrespective of its direction, pursued to the uttermost limit that ingenuity, courage, and understanding can take it,” he added.

        That led to the start of The Realist. At the time, Krassner “had no role models and no competition, just an open field mined with taboos waiting to be exploded.”

      • Boris Johnson’s Fake Radicalism

        We hear much about Johnson coming to power as an iconoclastic figure willing to cut a swathe through the ranks of the Establishment and especially the Civil Service, aided by blue skies thinker Dominic Cummings.

        In fact nothing could be further from the truth. There has never been a Prime Minister more entrenched in and deferential to the London Establishment than Boris Johnson.

        It may seem strange that Johnson’s very first executive decision on coming in to 10 Downing Street was to cancel the long delayed judicial inquiry into UK involvement in torture and extraordinary rendition. On the face of it, there were political attractions for Johnson in pursuing the issue. The policy of complicity in torture had been established by Tony Blair and Jack Straw, with as ever the active collaboration of Alastair Campbell. A judicial inquiry would hold them to account, and given they are not only New Labour but a leading Remainer posse, you would think Johnson would have pushed forward with the chance to expose them. Plus he likes to pose as something of a social liberal himself. So why was Johnson’s urgent priority to cancel the torture inquiry?

        The answer is that scores of very senior civil servants were deeply implicated in British collusion in extraordinary rendition. Those directly guilty of complicity in torture include Sir Richard Dearlove, Sir John Scarlett, Sir William Ehrman, Lord Peter Ricketts and Sir Stephen Wright. It was Johnson’s fellow old Etonian, Sir William Ehrman, who chaired the series of meetings in the FCO on the implementation of the policy of getting intelligence through torture.

    • Censorship/Free Speech

      • Ohio Police Officers Face Disciplinary Action Over Stormy Daniels' Arrest

        Daniels was arrested in July 2018 at the Sirens Gentlemen's Club, months after suing President Trump. At the time, Daniels had accused Trump of defamation and also was fighting to void a nondisclosure agreement — a "hush deal" she had agreed to that involved a $130,000 payment from then-Trump attorney Michael Cohen.

      • Teenaged girl becomes a resistance symbol for her peaceful reading of the Russian constitution to a Putin goon-squad (they beat her up later)

        Article 31 of the Russian constitution guarantees the right to peaceful political assembly, which is why Russian opposition protesters like to wave copies of the constitution around as Putin's goon-squads descend on them to dole out savage beatings and mass arrests.

      • Youthful Vlogger’s Face Filter Fails, Exposing Her As 58-Year-Old

        The vlogger used a beauty filter to pose as a much younger-looking woman on Chinese live streaming website Doyu. During a live stream with a different vlogger, Qiao Biluo’s face filtering software stopped working, revealing her true likeness to her viewers — and raising questions about how we present ourselves on the web.

      • Chinese vlogger who used filter to look younger caught in live-stream glitch

        Live-streamers are discouraged from broadcasting in a public sphere, and are extremely restricted on what they can say. Expressing their opinions could result in a backlash from the authorities if the content is deemed to be politically sensitive or against government rhetoric. They also have to be careful that they are not seen to be "vulgar".

        Consequently, many live-streamers simply sing karaoke in their bedrooms, or eat snacks for hours on end.

      • Mauritania releases Facebook blogger convicted of blasphemy

        "This blogger was francophone Africa's longest-held citizen-journalist. We thank all those who contributed to his release," said Christophe Deloire, the group's secretary-general.

      • Mauritania: Blogger in ‘Blasphemy’ Case Freed After 5 Years

        Mohamed Cheikh Ould Mkhaitir was freed three days before the inauguration of the new president, Mohamed Ould Ghezouani. The authorities transferred Mkhaitir directly from detention to a location outside Mauritania, ostensibly because his life would be in danger in his native country after religious figures and demonstrators had called for his execution.

      • SLAPP Suit In Virginia Tries To Silence Historian Highlighting Ancestry Of Guy Suing To Keep Confederate Statues In Charlottesville

        Another day, another attempt by someone to silence people for saying something they don't like. The latest is a history professor, who was briefly quoted in an article about another lawsuit. That lawsuit? An attempt by some Virginia residents to stop the removal of some Confederate monuments in Charlottesville, Virginia. One of the plaintiffs in that case is Edward Dickinson Tayloe II. The article, written in the publication "C-Ville" (as you've figured out, a publication about Charlottesville) goes a bit into the history of the Tayloe family -- which goes back centuries in Virginia and apparently includes cotton plantation (and slave) owners.

        The article contains two quotes from UVA history professor Jalane Schmidt. In the introduction to the article, she is quoted as saying the following about those who were suing to prevent the removal of Confederate monuments...

      • Philippines Lawmaker Introduces 'Fake News' Bill That Would Allow The National Police To Literally Police Speech

        Fake news laws are so hot right now. Any government with an authoritarian bent is getting in on the action, stepping up domestic surveillance while trampling remaining speech protections -- all in the name of "protecting" people from a concept they can't clearly define.

        It's not just the places you expect. Sure, we may like to think this sort of opportunistic lawmaking may be relegated to places like Vietnam and Singapore, where governments have continually expressed their interest in deterring criticism of governments and kings and their shitty laws. But even our own President spends a great deal of time talking about "fake news" and the need to prevent journalists from criticizing the guy sitting in the Oval Office. And France's government is looking at adding this to its long list of speech restrictions, even if only at "election time."

        The latest country to add a speech-squashing, government-expanding "fake news" bill to its roster of bad ideas is the Philippines. The proposal doesn't use the terminology du jour, but "fake news" by any other name is still "fake news." Here's the immediate effect the "Anti-False Content Act" would have on the country's population.

      • Enough With The Myth That Big Tech Is 'Censoring' Conservatives AND That The Law Requires Them To Be Neutral

        I feel like we need to repost this on a near weekly basis, but there are two big myths that keep making the rounds over and over and over again, so they need to be repeatedly debunked. First, it's the idea that internet companies are "censoring" conservatives. And, yes, I know that we're going to get some angry commenters pinky swearing that it's true, and calling me all sorts of creative names for not being willing to admit it, but it remains true that there has been absolutely no evidence shown to support that premise. The other one, which is related, is the idea that Section 230 of the Communications Decency Act somehow was premised on platforms being "neutral." Three recent articles tackle these myths, and it seemed worth highlighting all three.

    • Privacy/Surveillance

      • High [Internet] use and state support help countries ditch cash

        Most transactions around the world are still conducted in cash. However, its share is falling rapidly, from 89% in 2013 to 77% today. Despite the attention paid to mobile banking in emerging markets, it is rich countries, with high financial inclusion and small informal economies, that have led the trend. Within the rich world, more-digitised societies tend to make fewer cash payments. In Nordic countries like Norway and Denmark, where 97% of people use the internet, around four out of five transactions were already cashless by 2016, according to a recent review chaired by Huw van Steenis of the Bank of England. In contrast, internet penetration in Italy is just 61%, and 85% of transactions there were still handled in cash in 2016.

      • The Encryption Debate Is Over - Dead At The Hands Of Facebook

        Update 1AM EST 8/2/2019: On July 25th, WhatsApp's parent company Facebook did not dispute the characterization posed to it that it planned to "moderat[e] end to end encrypted conversations such as WhatsApp by using on device algorithms," with the spokesperson pointing to Zuckerberg's own blog post calling for precisely such filtering. This afternoon, Vice President of WhatsApp Will Cathcart contradicted this, offering “we have not done this, have zero plans to do so, and if we ever did it would be quite obvious and detectable that we had done it. We understand the serious concerns this type of approach would raise which is why we are opposed to it.” Yet asked how WhatsApp planned to meet Zuckerberg’s call for the ability to detect illegal content within its end-to-end encrypted products, including WhatsApp, without such in-client scanning and the close alignment of the company’s work presented at F8 with this call that seems ill-suited for any other task, Carl Woog, Director of Communications for WhatsApp declined to comment, including declining to comment on any of the questions posed regarding how the company hopes to balance the privacy promises of end-to-end encryption with parent company Facebook's calls for moderation of its end-to-end encryption such as WhatsApp. A detailed accounting is provided here.

      • UK, US, Australia, Canada and New Zealand meet to discuss the “ghost protocol” aka built in encryption backdoors

        The GCHQ has specifically mentioned something called they’re calling the “ghost protocol,” which describes a fantasy scenario where police and other law enforcement officers could be surreptitiously added into supposedly encrypted group chats. Supposedly, applying a “ghost protocol” to WhatsApp was the main concern of the discussion. Besides precluding a backdoor, a world where this happens is a world where the laws of mathematics are being ignored by governments. Something that Australian Prime Minister Turnbull has actually specifically called for.

      • She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database.

        The New York Police Department has been loading thousands of arrest photos of children and teenagers into a facial recognition database despite evidence the technology has a higher risk of false matches in younger faces.

        For about four years, internal records show, the department has used the technology to compare crime scene images with its collection of juvenile mug shots, the photos that are taken at an arrest. Most of the photos are of teenagers, largely 13 to 16 years old, but children as young as 11 have been included.

        Elected officials and civil rights groups said the disclosure that the city was deploying a powerful surveillance tool on adolescents — whose privacy seems sacrosanct and whose status is protected in the criminal justice system — was a striking example of the Police Department’s ability to adopt advancing technology with little public scrutiny.

      • [Older] Facial Recognition Technology: Ensuring Transparency in Government Use

        In the area of biometrics, NIST has been working with public and private sectors since the 1960s. Biometric technologies provide a means to establish or verify the identity of humans based upon one or more physical or behavioral characteristics. Examples of physical characteristics include face, fingerprint, and iris images. An example of behavioral characteristic is an individual’s signature. Used with other authentication technologies, such as passwords, biometric technologies can provide higher degrees of security than other technologies employed alone. For decades, biometric technologies were used primarily in homeland security and law enforcement applications, and they are still a key component of these applications. Over the past several years, the marketplace for biometric solutions has widened significantly and today includes public and private sector applications worldwide, including physical security, banking and retail applications. According to one industry estimate, the biometrics technology market size will be worth $59.31 billion by 2025.1 There has been a considerable rise in development and adoption of facial recognition, detection and analysis technologies in the past few years.

      • Do Not Use ring (or rustls)

        I’m not joking. If you file a pull request, you will be asked for money. And it isn’t the first time.

        Might I also mention that ring’s implementation doesn’t use blinding during RSA signing? Nor have they merged the latest attack mitigations for pkcs1_encode() from BoringSSL. It is easy to be fast when you’re insecure.

        Then there’s the fact that they don’t do security embargoes. All disclosures are zero days. Never mind the fact that GitHub gives the ability to do all this sanely.

        I’m willing to work around (and patch) some of these issues. But if I can’t contribute without a shakedown, what’s the point?

        Don’t use ring.

        Unfortunately, this means that rustls is now stuck. They are built on top of ring and are widely used in the Rust community. So I can’t recommend rustls until ring fixes its problems.

        Don’t use rustls.

      • ICE’s Rapid DNA Testing on Migrants at the Border Is Yet Another Iteration of Family Separation

        As the number of migrants at the southern border has surged in the past several months, the Trump administration has turned to increasingly draconian measures as a form of deterrence. While the separation of children from their parents and housing of migrants in overcrowded and ill-equipped holding facilities have rightfully made front-page headlines, the administration’s latest effort—to conduct Rapid DNA testing on migrant families at the border—has flown under the radar. However, this new tactic presents serious privacy concerns about the collection of biometric information on one of the most vulnerable populations in the U.S. today—and raises questions of where this practice could lead.

      • District Court Rolls Back Magistrate's Decision, Says Compelled Fingerprint Product Isn't A Fifth Amendment Issue

        So much for the Fifth Amendment. At least in Idaho, anyway. Back in January, a magistrate judge rejected the government's attempt to force a suspect to unlock a seized phone using his fingerprints. The judge found the government's request to be a violation of two rights -- the Fifth Amendment protection against compelling a defendant to testify against themselves -- and the Fourth Amendment, since the government hadn't shown a connection between the accused and the seized device.

        As the magistrate pointed out, the government could not rely on "foregone conclusion" arguments because it had failed to develop any foregone conclusions. The warrant itself said the government was seeking to search the phone for "indicia of ownership" -- something the government should have been able to plausibly allege long before it started asking the court to compel the suspect to unlock the device.

      • Amazon Has Already Roped 200 Police Departments Into Its Ring Doorbell Surveillance/Promotional Scheme

        Amazon is slowly but steadily building a surveillance network. It's not just building it for itself. It has Alexa for that. It's building a new one for US law enforcement agencies, free of charge, in exchange for free promotion and future long-term buy-in.

        Ring's doorbell cameras are a consumer device, but many, many people are getting them for free from local PDs. The incentives work for everyone… except for those concerned about a private company turning people's houses into de facto police cameras. The police hand out the free cameras to citizens, implicitly suggesting end users could repay their debt to um... society[??] by providing camera footage on demand. Amazon gives these cameras to PDs for next to nothing, asking only that PDs promote Ring cameras and push camera recipients into downloading Amazon's snitch app, Neighbors.

        Two hundred law enforcement agencies is a drop in the S3 bucket, considering there's almost 18,000 law enforcement agencies in the United States. But every market starts somewhere, and Amazon is aggressively pursuing this untapped arena with free doorbell cameras, a free law enforcement surveillance portal, and a bunch of incentives that skew heavily in favor of the watchers. Sooner or later, the other Amazon marketing push -- facial recognition -- will get folded in, giving cops the chance to determine who you're hanging out with by using your own doorbell against you.

    • Civil Rights/Policing

      • Saudi Arabia Frees Doctor With U.S. Citizenship After 21 Months

        About a week after his arrest, Dr. Fitaihi was taken from his room at the Ritz by security officials, who slapped and blindfolded him and stripped him down to his underwear, he later told a friend. He said he was bound to a chair, given electric shocks and severely beaten during a torture session that lasted about an hour.

      • Birmingham has highest female genital mutilation rate than anywhere in UK

        NHS figures released today reveal healthcare professionals recorded 305 new cases of women and girls having undergone the traumatic procedure across Birmingham and Solihull CCG - which is illegal in the UK - in 2018/19.

      • Why Muslim Friends Betray

        This phenomenon is not limited to the Islamic State in Syria and Iraq. In Nigeria—a nation that shares little with Syria and Iraq, other than for its Islam—a jihadi attack that left five churches destroyed and several Christians killed was enabled by “local Muslims” who were previously on friendly terms with the region’s Christians.

        Nor is this phenomenon connected to any of those contemporary Muslim “grievances”—whether the existence of Israel, “blasphemous” cartoons, or “lack of job opportunities”—Western talking heads often cite to rationalize away Muslim hatred. The following anecdote, over one century old and from the Ottoman Empire, speaks for itself: [...]

    • Internet Policy/Net Neutrality

      • Cable Programming Blackouts Continue To Rise As Cord-Cutting Continues

        We've for some time written about cable TV programming blackouts stemming from contract disputes over retransmission fees. The way this works is that cable operators pay broadcasters of television channels fees to retransmit those broadcasts to customers. When those contracts come to term, broadcasters often demand rate-hikes, which the cable operator resists. In the event no agreement is reached, one side or the other blacks out the channel, pissing off fans of that channel. That anger is then leveraged by both sides to negotiate better terms. Pay TV customers, meanwhile, never see any kind of refund for the missing channel.

        In the pantheon of reasons that cord-cutting continues to be a trend, blackouts may not rank as the highest of reasons, but it might be one of the easiest to understand, irritating examples of how the cable TV business simply isn't serving its customers all that well. Blackout instances have been trending upward for years, but as Karl just discussed 2019 is already a record-breaking year for blackouts, and we're only a bit over half way through the year.

      • AT&T Scores $1 Billion Contract To Rebuild DOJ Systems

        AT&T is increasingly becoming one of those companies that's so bone-grafted to the government, it's getting harder to determine where the telecom giant ends and the government begins. Reports have already explored how AT&T is effectively fused to the NSA; the company provides the government widespread access to every shred of data that traverses its network, and its employees can often be found acting as government intelligence analysts.

    • Monopolies

      • Pentagon pauses $10 billion cloud contract over Amazon concerns

        The entire contracting process, which involves bids from companies like Oracle, Microsoft, Amazon, and IBM, has been steeped in controversy over the past few weeks. First, Google dropped out of the race after employees petitioned against the contract, raising concerns over the ethics of supplying its technology to the military. But tensions rose late last month when President Donald Trump suggested that Amazon was involved in a conspiracy to win the deal and create a “Ten-Year DoD Cloud Monopoly.”

      • BBC gets go ahead to fight Netflix by keeping shows on iPlayer for a year

        Media regulator Ofcom has given full clearance for the Corporation to keep shows uploaded to iPlayer available for a full year after broadcast, beyond the previous 30-day limit, with some shows of limited commercial value being allowed an even longer shelf-life.

      • Patents and Software Patents

        • Protectability Of A Design, The Representations Of Which Show Different Embodiments Of A Product – Federal Court Of Justice, Decisions Of Dec. 20, 2018, Docket Nos. I ZB 25/18 – Sporthelm [Sports Helmet] And I ZB 26/18 – Sportbrille [Sports Glasses]

          In two groundbreaking decisions that change the settled case law, the Federal Court of Justice continues the trend of the last years: The representations of a design must, in the interest of the legal certainty of third parties, reveal in a clear and unambiguous manner what is exactly protected by the respective design. This requirement sets clearer limits to the previous, highly validity-friendly interpretation of the representations of a design (at European level, see already ECJ, judgment of 5.7.2018, C-217/17 P - Mast-Jägermeister). The core of both cases, which were already decided by the Federal Court of Justice at the end of last year, but were only published recently, was the question of whether a registered design, the representations of which show different embodiments of a product, is valid according to the previous, so-called "intersection theory" ["Schnittmengentheorie"] of the Federal Court of Justice (cf. FCJ, judgment of 15.2.2001, I Z

        • Recent developments in bipartisan patent legislation [Ed: Jason Rantanen promotes the "bipartisan" lie; two politicians with two parties on their lapel don't make a bribed-for, corrupt bill "bipartisan"]
        • Guest Post by Prof. Ghosh: A Fitter Statute for the Common Law of Patents

          As a law professor, I am in the camp of those who are critical of the proposed bipartisan, bicameral legislation (“the Coons-Tillis bill”) to amend provisions of the Patent Act dealing with patentable subject. I am also in the camp of those who find the “two-step test” introduced by the Supreme Court in its Mayo v, Prometheus, 566 U.S. 66 (2012), and Alice v CLS Bank, 573 U.S. 208 (2014), decisions unworkable and inconsistent with its own precedent. I am also in the perhaps much smaller camp that is skeptical of the approach adopted by the Court in its Association for Molecular Pathology v. Myriad, 569 U.S. 576 (2013) decision (even if I agree with the result that identified genetic sequences are not patent eligible). Here are my thoughts about the Coons-Tillis bill and the comments in the letter from the ACLU and the law professors and practitioners organized by Professor Ted Sichelman of University of San Diego Law School.

          A proposed provision of the Coons-Tillis legislation states: “No implicit or other judicially created exceptions to subject matter eligibility, including ‘abstract ideas,’ ‘laws of nature,’ or ‘natural phenomena,’ shall be used to determine patent eligibility under section 101, and all cases establishing or interpreting those exceptions to eligibility are hereby abrogated.”

          The language expresses frustrations with judge-made exceptions to patentable subject matter based on implications drawn from the language of the Act or from judge made common law reasoning. If enacted, the amendment would not only remove established exceptions to patentable subject matter, but also would limit the power of the federal judiciary to create exceptions based on its own reasoning and interpretation of the Patent Act. Such legislation is in conflict with the long-established relationship between federal courts and Congress. If enacted, it would invite constitutional challenges claiming violation of the separation of powers, under Article III, of the Constitution. The proposed amendment would very likely be found unconstitutional.

          Federal courts have as their role the interpretation of statutes. By abrogating the federal court’s power to develop any implications from the statutory language and to engage in common law reasoning in interpreting the statute, Congress invades long-standing judicial power. Although a full analysis of the separation of powers is beyond the scope of this post, Congressional limitations on judicial power in other realms have failed under judicial scrutiny. At the extreme, Congress is limited in its power to legislate that federal courts cannot hear certain cases or controversies. See Boumediene v. Bush, 553 U.S. 723 (2009) (suspension of writ of habeas corpus unconstitutional); United States v. Klein, 80 U.S. 128 (1871) (Congress’ limitations on claims relating to confiscated and abandoned property unconstitutional). But see Patchak v. Zinke, 138 S.Ct. 897 (2018) (Congress’ stripping federal court jurisdiction over claims arising from Department of Interior’s taking of land into trust was not unconstitutional).

        • Reexaminations and Final Decision Estoppel

          In this case, the district court entered a not-invalid final judgment. However, the Federal Circuit has previously ruled that such judgment doesn’t count as a “final decision” for 317(b) until appeals have been exhausted. Fairchild.

          Here, Apple argues that there still has not been a “final decision” because the case is still ongoing in district court. On appeal though, the Federal Circuit rejected that analysis — finding that its prior appeal in the case foreclosed future validity questions — and thus was the final decision for the statute (once the mandate issued and time for Supreme Court petition passed). “In sum, €§ 317(b) applies here despite the fact that issues unrelated to invalidity were remanded.”

      • Trademarks

      • Copyrights

        • Data-mining reveals that 80% of books published 1924-63 never had their copyrights renewed and are now in the public domain

          But there's another source of public domain works: until the 1976 Copyright Act, US works were not copyrighted unless they were registered, and then they quickly became public domain unless that registration was renewed. The problem has been to figure out which of these works were in the public domain, because the US Copyright Office's records were not organized in a way that made it possible to easily cross-check a work with its registration and renewal.

        • Authors Take Copyright So Seriously They Hides Jokes In Their Copyright Notices

          Were you to hear from the lobbying groups for the major book publishers on the topic of copyright, their answers are generally to push for longer terms, stricter anti-piracy measures, and the most draconian reading of copyright law possible. Groups like The Authors Guild have been firm in their stances that copyright is the only thing that keeps authors in any kind of business, so important is it to their livelihoods. One would think, therefore, that all authors of books would likewise take copyright very, very seriously.

Recent Techrights' Posts

IBM Sends Money to Microsoft
Red Hat basically helps sponsor the company that's a attacking our community
When the Cancer 'Metastasises'
We had a red flag
Italy visa & residence permit: Albanian Outreachy, Wikimedia & Debian tighten control over woman
Reprinted with permission from Daniel Pocock
Be a Navalny
We salute Mr. Navalny
Gemini at 3,800+
total number of known capsules at above 3.8k
Links 02/03/2024: Actual Journalists Under Attack, More Software Patents Being Challenged
Links for the day
Gemini Links 02/03/2024: NixOS on GPD, Meson Woes
Links for the day
statCounter March 2024 Statistics (Preliminary)
Notice Asia
Links 02/03/2024: More Lawsuits Against Microsoft, Facebook Killing Hard-To-Find News
Links for the day
ZDNet (Red Ventures) Works for Microsoft (Redmond), Many Of Its Pages Are Spam/Advertisements Paid for by Microsoft
Here is the "smoking gun"
Wikipedia Demotes CNET Due to Chatbot-Generated Spew as 'Articles'; It Should Do the Same to ZDNet (Also Red Ventures, Also Microsoft Propaganda)
Redmond Ventures?
The Direction WordPress (GPL) Has Taken is an Embarrassment
it comes with strings attached
March in Techrights (EPO Litigation and More)
One theme we'll explore a lot when it comes to GNU/Linux is the extent to which communities truly serve communities
Don't Forget to Also Follow Tux Machines
We've split the material
Yandex Usage Has Surged Since the Invasion of Ukraine, Microsoft Fell to 0.7% (It Was 1.7% Before the 'Bing Chat' Hype Campaign)
In Soviet Russia, Bing searches user
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, March 01, 2024
IRC logs for Friday, March 01, 2024
Sellout Completed: Linux Foundation Converging With the Gates Foundation
not a joke
Hitler Rants Parodies on Steve Ballmer
Parody created using clips from Downfall (Der Untergang)
With Windows This Low (27% of the "OS" Market), Steve Ballmer Would Have Thrown Another Chair
The media produced many puff pieces about Nadella at 10 (as CEO), but what has he done for Windows? Nothing.
[Meme] The Naked President
EPO Suffers From Shrinkage
Attacks on the EPC: Reality and Fiction
EPO leaks
Understanding Cardinal George Pell prosecution, Institutional abuse & Debian cybertorture
Reprinted with permission from Daniel Pocock
Links 01/03/2024: Many More Layoffs, "Funerals" for Software Patents in the US
Links for the day
Gemini Links 01/03/2024: OFFLFIRSOCH 2024 and Dark Streets Tech Demo
Links for the day
Links 01/03/2024: Navalny Funeral and Media Under Attack
Links for the day
Gemini Links 01/03/2024: Making Art and the Concept of Work Management
Links for the day
Schriftleitergesetz: Hiding the Holocaust with censorship
Reprinted with permission from Daniel Pocock
[Meme] His Lips Moved
Here is your national "news" for today
statCounter: GNU/Linux Exceeded 6% in Asia Last Month (Compared to 4% Just 12 Months Earlier)
numbers may be biased
What the End of Journalism Looks Like
All on the same day
Links 01/03/2024: Microsoft 'Retiring' More Services and Raspberry Pi Celebrates 3rd Birthday (Launched on February 29th, 2012)
Links for the day
Women's Empowerment
Sponsored by Bill Gates
Gemini Links 01/03/2024: Speed Bumps and Analog Stuff
Links for the day
[Meme] Those Greedy EPO Examiners
Says the litigation industry, charging 300 euros an hour per attorney
EPO Discriminates Against Families of Its Own Workers, the Union Explains Legal Basis Upon Which It's Likely Illegal and Must be Challenged
To the Council, the EPO boasts about its wealth (seeking to impress by how much breaking the law "pays off")
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 29, 2024
IRC logs for Thursday, February 29, 2024
Links 01/03/2024: Misuse of Surveillance Against UK-Based Journalism, EPO Conflict Now in the Media
Links for the day
Taking a Break From Paid Promotion of the Illegal, Unconstitutional Kangaroo Court for Patents (UPC)
JUVE returns to its 'roots'?