Bonum Certa Men Certa

Links 10/9/2019: Kate Planning and GnuCash 3.7



  • GNU/Linux

    • Server

      • IBM

        • Red Hat Quay 3.1, a highly available Kubernetes container registry, arrives

          Kubernetes lets us orchestrate containers, but how do you track your container images? That's where Quay comes in. It enables you to keep a handle on not just your images but the configuration details you need to get a complete application up and running. Now, Red Hat is releasing Quay 3.1 to enable developers to mirror, store, build, and deploy their images securely across diverse enterprise environments and to leverage several new backend technologies.

          This follows up on May's Quay 3.0 release. That version brought support for multiple architectures, Windows containers, and a Red Hat Enterprise Linux (RHEL)-based image to this container image registry.

        • Red Hat Quay 3.1: Now even better across distributed environments

          Red Hat Quay is a distributed, highly available container registry for enterprises. This release builds on the focus to help Quay users store, build and deploy their images in a more secure way across diverse enterprise environments and to leverage several new backend technologies. With the availability of repository mirroring, a new Kubernetes Operator for a more streamlined setup, a new repository mode to support archived or (temporarily) frozen repositories and enhancements for storage and database support, this release hardens the product’s manageability across hybrid environments.

        • Powering your SAP HANA workloads with Red Hat Enterprise Linux 8 for SAP Solutions

          While Linux containers and Kubernetes are often discussed as transformative technologies, nearly every IT deployment, new and existing, has one common denominator: data. In-memory database technologies like SAP HANA€® can help enterprises accelerate intelligent decision-making but also require a powerful, highly available, and more secure underlying operating system to match the associated data-processing demands. Red Hat’s strategic alliance and long-standing collaboration with SAP makes it possible to pair the world’s leading enterprise Linux platform with mission-critical SAP workloads, delivering a more stable, flexible, and highly available production platform for business transactions.

    • Audiocasts/Shows

      • Linux Headlines – 09/09/2019

        Manjaro begins a new era, KDE sets goals for future usability, and Mozilla rolls out a controversial feature to Firefox.

        Plus after nearly 10 years, one of our favorite open source projects gets a major feature update.

      • Powered Journalistic Freedom With SecureDrop

        The internet has made it easier than ever to share information, but at the same time it has increased our ability to track that information. In order to ensure that news agencies are able to accept truly anonymous material submissions from whistelblowers, the Freedom of the Press foundation has supported the ongoing development and maintenance of the SecureDrop platform. In this episode core developers of the project explain what it is, how it protects the privacy and identity of journalistic sources, and some of the challenges associated with ensuring its security. This was an interesting look at the amount of effort that is required to avoid tracking in the modern era.

      • Python’s Long Tail | Coder Radio 374

        As Python 2's demise draws near we reflect on Python's popularity, the growing adoption of static typing, and why the Python 3 transition took so long.

        Plus Apple's audacious app store tactics, Google's troubles with Typescript, and more!

    • Kernel Space

      • Linux Foundation

        • Twelve Community-Driven Demos Highlight Innovation and Integration Across the Networking Stack

          The ONS Europe CFP collected a record number of submissions this year for speaking as well as for community-driven demos. Accordingly, we’ve expanded the number of demo stations from 10 to 12 and highlight innovations from 7 of the 8 LFN projects from within the LF Networking umbrella (FD.io, ONAP, OPNFV, OpenDaylight, OpenSwitch, PNDA, and Tungsten Fabric), as well as projects from adjacent technology stacks, including Collectd, DPDK, HAPROXY, Helm, Kafka, Kubernetes, Openstack, OpenWRT, and Prometheus. We welcome you to spend some time talking to and learning from these experts in the technical community during the Technical Showcase in the Atrium Monday – Wednesday.

      • Graphics Stack

        • AMD Begins Posting "Dali" APU Linux Graphics Driver Patches

          In addition to AMD's open-source Linux driver developers being busy in recent weeks bringing up the Renoir APU support, today we've seen the first baby steps towards bringing up "Dali" as another upcoming AMD APU.

          The Dali codename has been known for a few months now and has been expected to be a value/mobile APU to launch in 2020. Dali is expected in more budget devices while Renoir should carry better performance up the stack.

        • Vega-Based Renoir APU Has The Same VCN Video Encode/Decode Block As Navi

          The next-generation AMD "Renoir" APU is turning into being an interesting successor over the existing Picasso APUs. While at first it was a letdown finding out that the APU is based on Vega and not their newer Navi architecture, follow-on open-source Linux patches have continued to show that it's more than a facsimile and in some areas like display and multimedia has blocks in common with Navi.

          It's been interesting to watch the Renoir APU Linux driver support form since the initial patches last month and more code continues to come out almost weekly for getting this initial support into shape for the Linux 5.4 kernel.

        • Vulkan 1.1.122 Brings Extension Documenting Proprietary Imagination Tech Bits

          The VK_IMG_format_pvrtc Vulkan extension has been around but not publicly document. This extension exposes additional texture compression features specific to Imagination PowerVR texture compression formats (PVRTC). There had been this two year old issue report over the VK_IMG_format_pvrtc extension not being public and they had been unable to provide the documentation over legal grounds. Earlier this year Imagination did provide a PVRTC texture compression user guide and now with Vulkan 1.1.122 they have finally documented this extension. The extension documentation is basically pointing out a number of different enums.

    • Applications

      • Mumble Chat App Get First Major Update in 10 Years

        Mumble is free, open source software available for Windows, macOS and Linux without any licensing, costs or other faff required. It’s available as host and as client software.

        While Mumble is not an app I’m hugely familiar with — I have a vague recollection of using it when I was a guest on the Ubuntu Podcast, but that’s all — it’s a tool I know a lot of folks are enthusiastic about using and promoting.

        So if you’re looking for a decent audio chat app built on top of free standards, do check the latest release out using the downloads available on the Mumble website. There you’ll find Windows, macOS and Linux installer packages.

      • Mumble 1.3.0 Released! How to Install in Ubuntu 18.04

        Mumble, open source low latency and high quality voice chat utility, released new major 1.3.0 released a day ago. Here’s how to install it in Ubuntu 18.04, Ubuntu 16.04, and even Ubuntu 14.04.

        Mumble 1.3.0 is the new major release that features over 3000 changes.

    • Instructionals/Technical

    • Games

      • The short and sweet sci-fi story CAT Interstellar is now permanently free to grab

        CAT Interstellar, a rather short sci-fi "walking sim" that I quite enjoyed after playing it back in 2017 has now gone 100% free to grab.

        Speaking about it going free on Steam, the developer noted that they never actually expected it to make any profit. However, they did manage to ship around 100k units across Steam, Humble Bundle and the Playstation Store although most were from sales and bundles.

        What they did with that money is quite sweet though. Grossing around $8k a year across four years, the majority of it went to fostering animals and donating to their "local humane society". They never really promoted that until now when it's free, as they thought it would have been a "sleazy sales tactic".

      • Need a new stresstest for your Linux PC? Geekbench 5 is out adding Vulkan support

        You all love benchmarks right? Hearing the fans on your PC spin up to keep everything inside nice and cool while you start to sweat. Geekbench 5 has been officially released this month.

        One of the big additions is Vulkan support in the GPU Compute Benchmark, along with some new tests included there to run too including "computer vision tasks such as Stereo Matching, and augmented reality tasks such as Feature Matching".

        They also added some additional CPU benchmark tests too including "machine learning, augmented reality, and computational photography". Primate Labs also said they increased the "memory footprint of existing workloads" to account for the effect of that on CPU performance. Also added is a bunch of new multi-threaded benchmark modes and so on.

      • Sin Slayers, the dark fantasy roguelike RPG has released with Linux support

        Lead a team of heroes through a dark fantasy world in Sin Slayers, out officially now with Linux support. Note: Key from their PR team.

        Borrowing some ideas from the seven deadly sins, in Sin Slayers you're tasked with taking down the seven in a place known as the Valley of Fallen Sinners. It's a mix of turn-based RPG styled combat with elements of roguelikes and dungeon crawlers to create a curious mix.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDE's Kate Text Editor Plans Improvements To Better Compete With Atom

          During this week's KDE Akademy 2019 conference there was some planning discussions around improving the Kate text editor.

        • Kate Planning

          KDevelop vs. Kate?

          Given already today we enter the area of KDevelop by providing the LSP client, we need to think about what happens in the future with overlapping features.

          It is no goal to evolve Kate into an IDE.

          We think Kate shall be a competitor for editors like Atom, not for full-fledged IDEs like KDevelop or Visual Studio.

          Still, e.g. in the area of project management/code navigation/version control support there will be some overlap.

          The question is: can we share stuff there? What shall be the focus of Kate and KDevelop in e.g. language support?

          I think here it will be interesting which future direction the KDevelop project will take.

        • Akademy 2019 Monday BoF Wrapup

          Monday was the first day of Akademy BoFs, group sessions and hacking. There is a wrapup session at the end of the day so that what happened in the different rooms can be shared with everyone including those not present.

        • More control over warnings for and visibility of deprecated library API via generated export macro header

          KDE Frameworks, the continuation of the “kdelibs” bundle of libraries, but with emphasis on modularization, is now at API-compatible major version 5. Yet one can find legacy API already deprecated in version 3 times, but done so only as comment in the API dox, without support by the compiler. And while lots of API is also properly marked as deprecated to the compiler, the consumer has no KDE Frameworks specific option to control the warnings and visibility. While some “*_NO_DEPRECATED” macros are used, they are not consistently used and usually only for deprecations done at version 5.0.

          As you surely are aware, currently the foundations of the next generation of Qt, version 6, are sketched, and with the end of 2020 there even exists a rough date planned for its initial release. Given the API breakage then happening the same can also be expected for the libraries part of KDE Frameworks. And which would be a good time to also get rid of any legacy cruft.

      • GNOME Desktop/GTK

        • Vertical Option in Development for Dash to Panel

          If you long for a Dash to Panel vertical option I’ve some seriously good news: one is in development!

          The Dash to Dock Vertical implementation is being developed in a separate branch on the desktop dock’s Github, but its developer has already made quick progress.

          In Dash to Dock vs Dash to Panel face-off the latter would score higher with me simply because it combines the Top Bar and the “Dash” (what GNOME Shell calls the ‘dock’) into a single panel.

          Dash to Panel is neat. It’s tidy. And when paired with a traditional app menu (like the Arc Menu extension) it’s very Cinnamon-esque.

          But Dash to Dock can do something that its width-long rival can’t: be placed on any side of the screen.

    • Distributions

      • Best Linux server distro of 2019

        While Windows may be the world's most popular Operating System (OS) for desktop PCs, the world's most popular OS for the internet's web servers is Linux.

        Usually bundled along with Apache, MySQL, and PHP - and frequently referred to as a LAMP configuration - a wide variety of different Linux distros are used.

        Sometimes it's down to personal preference, sometimes market forces, and sometimes due to small advantages a particularly distro will have in regards to the core applications to be used, security concerns, or stability issues.

        Ultimately, most web users will never notice any difference because the OS works very much in the background, and it will only be the system administrators and IT managers who take notice of which distro of Linux is used.

      • Screenshots/Screencasts

      • Fedora Family

      • Debian Family

        • Purism's Debian-Based PureOS Linux Goes Stable for Rock Solid Releases

          PureOS is Purism's in-house developed operating system based on the well-known Debian GNU/Linux OS, which the company is currently deploying on all of their Librem laptops, as well as the Librem 5 smartphone. Until now, PureOS was delivered only as a rolling release where you install once and receive updates forever.

          However, due to the privacy and security-focused Librem 5 Linux phone, which will start shipping to customers on September 24th, the company decided to create a stable version of PureOS that contains well-tested components for a rock solid release, without any bleeding-edge software, which may not always work as intended.

        • Purism starts shipping its Librem 5 open/free phone

          Purism (previously) is a company that crowdfunds free/open laptops and phones whose design goal is to have no proprietary software, even at the lowest levels. The company is best known for its Purism laptops, and I'm very fond of mine (it didn't end up replacing my Thinkpad, only because I'm addicted to the trackpoint for mousing, and trackpads give me raging RSI) (that said, getting any GNU/Linux to run on a current-model Thinkpad is so hard and results in such a rotten experience that I'm reconsidering whether to switch back).

          For years, the holy grail of free/open hardware has been a competitive mobile phone, with software that respects your privacy and hardware that respects your autonomy (user-replaceable batteries ahoy!). The Librem 5 may be that phone: it runs a free/open OS called Pureos that's not based on Android or Ios, offers far greater user control without surveillance from the manufacturer, OS isolation from the notoriously insecure baseband module, hardware disconnections for networking/cam/mic, a replaceable battery, a mic jack, and a promise to release "lifetime" updates that improve performance and features of old hardware over time.

        • Shipping schedule released for Linux-driven Librem 5 phone

          Purism has revealed its shipping schedule for its privacy-oriented Librem 5 smartphone. Comprised of six iterations, the shipping schedule spans from this month into Q4 2020, with each iteration including updates to the phone’s hardware, mechanical design and software.

          Purism has announced its shipping schedule for its Librem 5 phone running PureOS. We covered the details of the Librem 5 in our story last month when the phone went on pre-order sale. The company bills it as the world’s first IP-native mobile handset. The unlocked Librem 5 provides end-to-end encrypted decentralized communication, including encrypted calls, texts, and emails. The device provides open source code and support for VPN services. Its design isolates the CPU from the baseband for greater security, and there are hardware kill switches for the camera, microphone, WiFi/Bluetooth radio and baseband.

      • Canonical/Ubuntu Family

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Google Moves Ahead With Contributing The MLIR Machine Learning IR To LLVM

        Back in April we wrote about MLIR as Google's new IR designed for machine learning. This intermediate representation was designed for use by any machine learning framework and now this common format is being contributed to LLVM.

        As noted back then, LLVM founder Chris Latner was among those at Google involved in the development of MLIR. As such, it was just a matter of time before this common IR for machine learning was ready to become part of LLVM.

      • Events

        • Hacker Summer Camp 2019: The DEF CON Data Duplication Village

          One last post from Summer Camp this year (it’s been a busy month!) – this one about the “Data Duplication Village” at DEF CON. In addition to talks, the Data Duplication Village offers an opportunity to get your hands on the highest quality hacker bits – that is, copies of somewhere between 15 and 18TB of data spread across 3 6TB hard drives.

        • Distribution kernels at Linux Plumbers Conference 2019

          I'm attending the Linux Plumbers Conference in Lisbon from Monday to Wednesday this week. This morning I followed the "Distribution kernels" track, organised by Laura Abbott.

          I took notes, included below, mostly with a view to what could be relevant to Debian. I think there will be another public set of notes, which I'll link from here when they appear. There should also be video recordings available at some point.

      • Web Browsers

        • Mozilla

          • Firefox will soon 401 your URL with DNS

            There are no specific rollout details for this feature, though Mozilla says it'll be live for US users by the end of this month. When we'll see it in Blighty? We'll let you know when we do. Mozilla is staging the rollout to bug bash any problems it comes across.

          • State of the art protection in Chrome Web Store

            All of you certainly know already that Google is guarding its Chrome Web Store vigilantly and making sure that no bad apples get in. So when you hit “Report abuse” your report will certainly be read carefully by another human being and acted upon ASAP. Well, eventually… maybe… when it hits the news. If it doesn’t, then it probably wasn’t important anyway and these extensions might stay up despite being taken down by Mozilla three months ago.

            As to your legitimate extensions, these will be occasionally taken down as collateral damage in this fierce fight. Like my extension which was taken down due to missing a screenshot because of not having any user interface whatsoever. It’s not possible to give an advance warning either, like asking the developer to upload a screenshot within a week. This kind of lax policies would only encourage the bad guys to upload more malicious extensions without screenshots of course.

            And the short downtime of a few weeks and a few hours of developer time spent trying to find anybody capable of fixing the problem are surely a small price to pay for a legitimate extension in order to defend the privilege of staying in the exclusive club of Chrome extension developers. So I am actually proud that this time my other browser extension, PfP: Pain-free Passwords, was taken down by Google in its relentless fight against the bad actors.

          • Caniuse and MDN compatibility data collaboration

            Web developers spend a good amount of time making web compatibility decisions. Deciding whether or not to use a web platform feature often depends on its availability in web browsers.

            [...]

            We’ve been asked why the datasets are treated differently. Why didn’t we merge them in the first place? We discussed and considered this option. However, due to the intrinsic differences between our two projects, we decided not to. Here’s why:

            MDN’s support data is very broad and covers feature support at a very granular level. This allows MDN to provide as much detailed information as possible across all web technologies, supplementing the reference information provided by MDN Web Docs.

            Caniuse, on the other hand, often looks at larger features as a whole (e.g. CSS Grid, WebGL, specific file format support). The caniuse approach provides developers with higher level at-a-glance information on whether the feature’s supported. Sometimes detail is missing. Each individual feature is added manually to caniuse, with a primary focus on browser support coverage rather than on feature coverage overall.

            Because of these and other differences in implementation, we don’t plan on merging the source data repositories or matching the data schema at this time. Instead, the integration works by matching the search query to the feature’s description on caniuse.com. Then, caniuse generates an appropriate feature table, and converts MDN support data to the caniuse format on the fly.

      • Healthcare

        • FHA, ONC transition CONNECT interoperability project to the private sector

          While the agencies will no longer maintain or update the CONNECT wiki, it will continue to exist as an open source project whose code and community resources can be "used, adopted and implemented by any interested organization."

          [...]

          CONNECT is an open source software and community project, jointly developed 10 years ago by FHA and ONC as another way to harness the expertise of software developers and promote interoperability across the U.S. healthcare system.

      • Pseudo-Open Source (Openwashing)

        • Building team of engineers dedicated to open source broadband solutions; and embedding this team in ONF's Lab to promote open source adoption by operators

          Building team of engineers dedicated to open source broadband solutions; and embedding this team in ONF's Lab to promote open source adoption by operators

        • Analyst Watch: Is open source the great equalizer?

          Success in commercial open source requires a careful balance of contribution and evangelism to the ecosystem — which may contain direct competitors who leverage the code themselves — combined with the ability to upsell related tools and services.

          What matters is the open source ecosystem. Almost nothing is proprietary anymore, so value comes from net adoption. So whether you are SmartBear contributing to Swagger for APIs, or MongoDB, or Chef opening up its stack and making IaC recipes available to all on GitHub, there’s a reinvention afoot for many established vendors.

          Big companies have an increased appetite for compliance — and they are willing to pay vendors handsomely for enterprise-level support, certified builds and regular updates. They can realize the benefits of open-source software with far less risk.

      • FSF/FSFE/GNU/SFLC

        • GnuCash 3.7 released

          The GnuCash development team announces GnuCash 3.7, the eighth release of the 3.x stable release series.

        • GnuCash 3.7

          GnuCash is a personal and small business finance application, freely licensed under the GNU GPL and available for GNU/Linux, BSD, Solaris, Mac OS X and Microsoft Windows. It’s designed to be easy to use, yet powerful and flexible. GnuCash allows you to track your income and expenses, reconcile bank accounts, monitor stock portfolios and manage your small business finances. It is based on professional accounting principles to ensure balanced books and accurate reports.

          GnuCash can keep track of your personal finances in as much detail as you prefer. If you are just starting out, use GnuCash to keep track of your checkbook. You may then decide to track cash as well as credit card purchases to better determine where your money is being spent. When you start investing, you can use GnuCash to help monitor your portfolio. Buying a vehicle or a home? GnuCash will help you plan the investment and track loan payments. If your financial records span the globe, GnuCash provides all the multiple-currency support you need.

      • Programming/Development

        • Python 3.5.8rc1

          Python 3.5.8rc1 was released on September 9th, 2019.

          Python 3.5 has now entered "security fixes only" mode, and as such the only changes since Python 3.5.4 are security fixes. Also, Python 3.5.8rc1 has only been released in source code form; no more official binary installers will be produced.

        • 6 Python Projects For Beginners

          So, you’ve just finished learning the basics of Python. The question now is, what do you do now? How can you continue to keep developing your coding skills using Python? Do you carry on watching tutorials, or is there something better you can do? The answer is yes there is something better, and that something is working on your own python project. So, here are 6 small Python projects you can do as a beginner.

        • Python 3.5.8rc1 is now available

          Python 3.5.8rc1 is now available.

        • MATLAB vs Python: Why and How to Make the Switch

          MATLAB€® is widely known as a high-quality environment for any work that involves arrays, matrices, or linear algebra. Python is newer to this arena but is becoming increasingly popular for similar tasks. As you’ll see in this article, Python has all of the computational power of MATLAB for science tasks and makes it fast and easy to develop robust applications. However, there are some important differences when comparing MATLAB vs Python that you’ll need to learn about to effectively switch over.

          [...]

          Python is a high-level, general-purpose programming language designed for ease of use by human beings accomplishing all sorts of tasks. Python was created by Guido van Rossum and first released in the early 1990s. Python is a mature language developed by hundreds of collaborators around the world.

          Python is used by developers working on small, personal projects all the way up to some of the largest internet companies in the world. Not only does Python run Reddit and Dropbox, but the original Google algorithm was written in Python. Also, the Python-based Django Framework runs Instagram and many other websites. On the science and engineering side, the data to create the 2019 photo of a black hole was processed in Python, and major companies like Netflix use Python in their data analytics work.

          There is also an important philosophical difference in the MATLAB vs Python comparison. MATLAB is proprietary, closed-source software. For most people, a license to use MATLAB is quite expensive, which means that if you have code in MATLAB, then only people who can afford a license will be able to run it. Plus, users are charged for each additional toolbox they want to install to extend the basic functionality of MATLAB. Aside from the cost, the MATLAB language is developed exclusively by Mathworks. If Mathworks were ever to go out of business, then MATLAB would no longer be able to be developed and might eventually stop functioning.

        • Turn string into the score

          You are working at a lower league football stadium and you’ve been asked to automate the scoreboard.

          The referee will shout out the score, you have already set up the voice recognition module which turns the ref’s voice into a string, but the spoken score needs to be converted into a pair for the scoreboard!

        • Reuven Lerner: Learn and understand Python objects — with Weekly Python Exercise, starting September 17
        • For real this time, get your butt off Python 2: No updates, no nothing after 1 January 2020 [Ed: When Microsoft Tim says "according to Redmonk" he means mostly according to Microsoft (because Redmonk relies on proprietary GitHub for data)]

          Python 2 will sunset on January 1st 2020 – however, many applications have not yet upgraded to version 3, causing the coding lingo's team to mount a communications campaign to persuade devs to port their code.

          Python is the third most popular programming language after JavaScript and Java, according to Redmonk. Its use has been boosted by the strong interest in machine learning, for which Python is well suited, thanks in part to its various AI-related libraries and frameworks.

          Python 2.0 was released in 2000, and Python 3.0, which is not fully backwards compatible, in 2008. The last version of Python 2.x, 2.7, was released in July 2014.

        • Python API Tutorial: Getting Started with APIs

          In this tutorial on working with APIs using Python, we’ll learn how to retrieve data for data science projects. There are millions of APIs online which provide access to data. Websites like Reddit, Twitter, and Facebook all offer certain data through their APIs.

          To use an API, you make a request to a remote web server, and retrieve the data you need.

        • Performance of numpy and pandas - comparison

          There seems to be no data science in Python without numpy and pandas. (This is also one of the reason why Python has become so popular in Data Science). However, dumping the libraries on the data is rarely going to guarantee the peformance. So what’s wrong?

        • Conveying Build and Test Information with Repository Badges

          When you check out a repository on github, sometimes theres a little bit of flare at the top of the project that catches your eye.

          This bit of flare is called a badge and can be used to indicate build status, test coverage, documentation generation status, version support, software compatibilty statements or even community links to gitter or discord where you can find more help with the project.

          I used to think that badges were fancy fluff people added to their projects to make them seem more professional. But after working with them in my own projects and experiencing their usefulness, my opinion has changed slightly. I now think of them as fancy fluff that adds useful info and functionality. They can work with any software project, be it a small webapp, to even a collection of multi-stage microservices.

  • Leftovers

    • Science

      • Whistleblowers out Falwell's Liberty University as a grifty, multibillion-dollar personality cult

        I'm a volunteer on several nonprofit boards, and we all take this stuff really seriously: even if your ethical sense doesn't kick in when this kind of thing is going on, there's the personal legal and financial liability for board members who let this stuff happen on their watch. Judging from this report, there's enough shenanigans going on at Liberty U to tie up a whole division of IRS investigators, and based on the university's massive balance sheet, there's enough money to be recouped to pay for all of them.

      • The Many Ways Planned Obsolescence Is Sabotaging How We Preserve Internet History

        Now apply that thought process to every device you currently own—or owned just a few years ago—and you can see where this is going.

        We’re allowing the present to conspire against the past in the name of the future.

        We’re endangering nostalgia, something important to the way we see the world even as it’s frequently imperfect, due to technology that at one point was seen as a boon for progress.

        We’re making it much harder to objectively document the information in its original context. And the same companies that are forcing us into this brave new world where we’re deleting history as fast as we’re creating it should help us fix it.

        Because it will be way too late to do so later.

    • Hardware

    • Health/Nutrition

      • Data Touted by OxyContin Maker to Fight Lawsuits Doesn’t Tell the Whole Story

        Purdue Pharma has tried to refute accusations that it fueled the opioid crisis by arguing it was a small player in the U.S. market for prescription pain relievers. But a new ProPublica analysis of government data shows that the company, the maker of OxyContin, had a far bigger impact than it portrays.

        Purdue’s position rests on a Drug Enforcement Administration database, made public by a court order in July, which shows Purdue sold 3.3% of the prescription opioid pain pills in the U.S. from 2006 to 2012.

    • Security (Confidentiality/Integrity/Availability)

      • Critical Exim Flaw Opens Millions of Servers to Takeover [Ed: This repeats the FUD headline from ZDNet's Bleeping Computer hire; no server is known to have been compromised by this yet. They dramatise this.]

        A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.

      • Google Fortifies Kubernetes Nodes Against Boot Attacks

        Google released a beta version of its Shielded GKE Nodes that prevents an attacker from exploiting vulnerable Kubernetes nodes.

      • Spoofing commits to repositories on GitHub

        The situation that worries me relates to distribution packaging. Debian has a policy that deltas to packages in the stable repository should be as small as possible, targetting fixes by backporting patches from newer releases.

        If you get a bug report on your Debian package with a link to a commit on GitHub, you had better double check that this commit really did come from the upstream author and hasn’t been spoofed in this way. Even if it shows it was authored by the upstream’s GitHub account or email address, this still isn’t proof because this is easily spoofed in git too.

        The best defence against being caught out by this is probably signed commits, but if the upstream is not doing that, you can clone the repository from GitHub and check to see that the commit is on a branch that exists in the upstream repository. If the commit is in another fork, the upstream repo won’t have a ref for a branch that contains that commit.

      • How Safari and iMessage Have Made iPhones Less Secure

        "If you want to compromise an iPhone, these are the best ways to do it," says independent security researcher Linus Henze of the two apps. Henze gained notoriety as an Apple [cracker] after revealing a macOS vulnerability known as KeySteal earlier this year. He and other iOS researchers argue that when it comes to the security of both iMessage and WebKit—the browser engine that serves as the foundation not just of Safari but all iOS browsers—iOS suffers from Apple's preference for its own code above that of other companies. "Apple trusts their own code way more than the code of others," says Henze. "They just don’t want to accept the fact that they make bugs in their own code, too."

      • Exciting few weeks in the SecureDrop land

        Last month, during Defcon 27, there was a panel about DEF CON to help hackers anonymously submit bugs to the government, interestingly the major suggestion in that panel is to use SecureDrop (hosted by Defcon) so that the researchers can safely submit vulnerabilities to the US government. Watch the full panel discussion to learn more in details.

    • Defence/Aggression

      • Afghanistan Is Both Stalemate and Quagmire
      • Robert Mugabe’s Legacy: Revolution, Amity and Decline

        Robert Mugabe is the sort of figure that always caused discomfort. He was a permanent revolutionary, becoming, in time, the despotic ruler who frittered away revolutionary gain. He played multiple roles in international political consciousness. As Zimbabwe’s strongman, he was demonised and lionised in equal measure for a good deal of his time in power. His role from the 1990s – Mugabe, the West’s all-too-convenient bogeyman and hobgoblin – tended to outweigh other considerations. In the end, even his supporters had to concede that he had outstayed his welcome, another African leader gone to seed.

      • Islam: The West’s “Most Formidable and Persistent Enemy" [Ed: The right wing does not want to talk about class war; it wants to create and inflame religious wars instead.]

        Thus what is now called “the West” is actually the westernmost remnant of what was a much more extensive civilizational block that Islam permanently severed, thereby altering the course of “Western” history. And, once Muslims overran Africa and the Middle East, most of its Christian subjects, to evade fiscal and social oppression and join the winning team, converted to Islam, thereby perpetuating the cycle, as they became the new standard bearers of jihad against their former coreligionists north and west of the Mediterranean.

        Such are the rarely noted ironies of history.

    • Transparency/Investigative Reporting

    • Environment

    • AstroTurf/Lobbying/Politics

      • Joe Biden Must Be Stopped

        The man quickly identified himself as a vice chair of the Democratic National Committee. He didn’t need to tell me that he was hopping mad.

      • Biden Invokes Dead Family Members Against Medicare for All and Corporate Media Plays Along

        Democratic presidential candidate Joe Biden last month released a new Iowa TV ad called “Personal,” which recounts the former vice president’s personal tragedy of losing his wife and daughter to a car crash, and the subsequent loss of his son Beau Biden from brain cancer.

      • As Biden Invokes Dead Family Members Against Medicare for All, Media Play Along

        Democratic presidential candidate Joe Biden last month released a new Iowa TV ad called “Personal,” which recounts the former vice president’s personal tragedy of losing his wife and daughter to a car crash, and the subsequent loss of his son Beau Biden from brain cancer.

      • Johnson to Suspend U.K. Parliament After 3 Defeats on Brexit

        The simmering showdown between Prime Minister Boris Johnson and Britain’s Parliament over Brexit came to a head as lawmakers delivered three defeats to the government’s plans for leaving the European Union, before being sent home early Tuesday for a contentious five-week suspension of the legislature.

      • Democrats make renewed push for election security

        The House-passed version of the fiscal year 2020 Financial Services and General Government bill includes $600 million for the Election Assistance Commission (EAC) to distribute to states to bolster election security.

      • Tech industry pushes Congress to pass Trump's North American trade pact

        The tech industry, meanwhile, has rallied behind the USMCA by backing the provisions that offer intellectual property [sic] and data protections.

        The signatories of Monday's letter include the Internet Association, which represents Facebook, Google and Amazon; the Consumer Technology Association; the Computing Technology Industry Association; and the Information Technology Industry Council.

      • Trump Is Not Well

        “I don’t oppose Mr. Trump because I think he’s going to lose to Hillary Clinton,” I told Ben from Purcellville, Virginia. “I think he will, but as I said, he may well win. My opposition to him is based on something completely different, which is, first, I think he is temperamentally unfit to be president. I think he’s erratic, I think he’s unprincipled, I think he’s unstable, and I think that he has a personality disorder; I think he’s obsessive. And at the end of the day, having served in the White House for seven years in three administrations and worked for three presidents, one closely, and read a lot of history, I think the main requirement for president of the United States … is temperament, and disposition … whether you have wisdom and judgment and prudence.”

        That statement has been validated.

      • 'He's losing his s---': Trump's advisers are increasingly worried about his mental state following days of erratic behavior

        "He's deteriorating in plain sight," one Republican strategist who is in frequent contact with the White House told Insider on Friday.

        But a person who was close to Trump's legal team during the Russia investigation told Insider his public statements were "nothing compared to what he's like behind closed doors."

        "He's like a bull seeing red," this person added. "There's just no getting through to him, and you can kiss your plans for the day goodbye because you're basically stuck looking after a 4-year-old now."

      • Trump may have broken federal law by altering Hurricane Dorian's path on a map to validate his false claim that it could hit Alabama

        "Whoever knowingly issues or publishes any counterfeit weather forecast or warning of weather conditions falsely representing such forecast or warning to have been issued or published by the Weather Bureau, United States Signal Service, or other branch of the Government service, shall be fined under this title or imprisoned not more than ninety days, or both," the relevant part of the US Code reads.

      • Furious storm over Trump’s tweets continues to rage at NOAA [iophk: an equally big scandal is use of a private, foreign owned service for these communications in place of official channels]

        Accurate and trustworthy forecasts are important not only because they help prepare for the storm, they also avoid unnecessary panic in places that won’t actually be threatened.

    • Privacy/Surveillance

      • Facebook Sees Libra Tied to Dollar, Euro, Yen But Maybe Not Yuan

        Facebook Inc. told U.S. senators that the initial basket of currencies that will back its Libra cryptocurrency will likely include the U.S. dollar, euro, yen, British pound and Singapore dollar.

      • Google hopes to protect users with open source differential privacy library

        In the end, the goal of differential privacy is to provide anonymity while preserving access to boatloads of useful information. Google said differential privacy, "provides formal guarantees that the output of a database query does not reveal too much information about any individual present in the database."

      • European regulators to Microsoft: We’re watching you

        The Dutch DPA has taken a long time examining that and other changes Microsoft made, to see whether Windows now complies with the agency’s regulations, as well as with the newer GDPR rules. The DPA concluded that the changes complied with what the DPA originally asked Microsoft to do. But its examination “also brought to light that Microsoft is remotely collecting other data from users. As a result, Microsoft is still potentially in breach of privacy rules,” according to the agency. So the DPA turned over the case to the Irish Data Protection Committee (DPC), because Microsoft’s European operations are headquartered in Ireland. That agency will determine whether Microsoft is violating the GDPR.

      • Verizon 5G is barely coming to ‘parts of the seating areas’ at some NFL stadiums

        Verizon is continuing the rollout of its fast but spotty 5G service by bringing 5G to 13 NFL stadiums for kickoff weekend this Sunday. But the speedier network will only be available in “parts of the seating areas” and “could” be available in other parts of the stadiums. That type of hedging doesn’t exactly inspire confidence that Verizon’s 5G will let you post that touchdown celebration from the stands.

      • Verizon’s bizarre 5G rollout now covers some seats in 13 NFL stadiums

        Let’s consider this for a moment. If you go out and buy a $1,000 Verizon 5G phone today, you might get 5G service if you’re in the right seats at certain football stadiums, some of which are the only places with Verizon 5G in their cities. Who would do that? And isn’t there a better time to experience the ultra-fast download speeds of your brand new phone than in the middle of a live sporting event you paid to watch in person?

      • [Older] Two states admit bulk interception practices: why does it matter?

        These confessions constitute a positive step towards transparency and regulation. Several myths with regard to their operation are exposed. For instance, the persistent argument by governments that such powers collect only foreign intelligence signals is refuted. The South African intelligence agencies admit that the system cannot distinguish between foreign and domestic communication and human intervention is necessary to make this distinction.

        These programmes have run in secret since the early 2000s. However, it took multiple reports by whistleblowers and journalists, the sensation caused by the Snowden disclosures and persistent legal action by civil society actors for these two governments to admit the existence of some of the most pervasive surveillance programmes in human history.

      • DMVs Are Selling Your Data to Private Investigators

        Departments of Motor Vehicles in states around the country are taking drivers' personal information and selling it to thousands of businesses, including private investigators who spy on people for a profit, Motherboard has learned. DMVs sell the data for an array of approved purposes, such as to insurance or tow companies, but some of them have sold to more nefarious businesses as well. Multiple states have made tens of millions of dollars a year selling data.

        Motherboard has obtained hundreds of pages of documents from DMVs through public records requests that lay out the practice. Members of the public may not be aware that when they provide their name, address, and in some cases other personal information to the DMV for the purposes of getting a driver's license or registering a vehicle, the DMV often then turns around and offers that information for sale.

      • Press Release: Open Privacy discovers unencrypted patient medical information broadcast across Vancouver

        The Open Privacy Research Society has discovered that the sensitive medical information of patients being admitted to certain hospitals across the Greater Vancouver Area is being broadcast, unencrypted, by hospital paging systems, and that these broadcasts are trivially interceptable by anyone in the Greater Vancouver Area.

        The data being broadcast includes the patients name, age, gender marker, diagnosis, their attending doctor and room number. Other broadcasts regarding medical tests such as x-rays are often associated with a patients last name or medical number, exposing their progression through hospital departments. Some broadcasts appear to contain freeform text, allowing other sensitive information to be entered as well. We have been able to confirm the authenticity of this data by cross-referencing records with public obituaries.

      • What Is MQTT and How Does It Work?

        While the Internet of things is supposed to help make our lives easy, the technology itself is anything but. Efficient communication is key to making the IoT feel seamless and easy to use. Behind the scenes, this can be complicated. Sometimes when it comes to speed, the standard protocols the Internet relies on don’t work. That’s when you turn to alternate protocols like MQTT. What Is MQTT? MQTT stands for Message Queuing Telemetry Transport. That might sound complicated, but it’s simply an alternative to other protocols like HTTP, which stands for HyperText Transport Protocol.

    • Civil Rights/Policing

      • Americans Deserve Their Day in Court About NSA Mass Surveillance Programs

        EFF continues our fight to have the U.S. courts protect you from mass government surveillance. Today in our landmark Jewel v. NSA case, we filed our opening brief in the Ninth Circuit Court of Appeals, asserting that the courts don’t have to turn a blind eye to the government’s actions. Instead, the court must ensure justice for the millions of innocent Americans who have had their communications subjected to the NSA’s mass spying programs since 2001. Just this spring the Ninth Circuit Court of Appeals ruled in a case called Fazaga v. FBI that the state secrets privilege does not apply to cases challenging domestic electronic surveillance for national security.€  Instead such cases must go forward to the merits of whether the spying is illegal. Today we asked the appeals court to apply that same reasoning to Jewel v. NSA and reverse a judge’s order of dismissal so our clients, and the American people, can finally have their day in court.We argue in our brief:

        This appeal challenges two separate orders of the district court dismissing first our Fourth Amendment claims, and later our statutory claims. Both dismissals were based in substantial part on the district court’s belief that the legality of the spying could not be adjudicated, even under protective court procedures, without revealing to the Judge at least, secret information which the government claims would harm national security.The district court dismissed our Fourth Amendment claims in February 2015, finding that Jewel and the other plaintiffs could not prove on the available public evidence that they had been caught up in the spying. And the district court dismissed our remaining statutory claims in April 2019, claiming that it would be impossible to analyze the legality of the mass spying without revealing state secrets, and ruling again that the plaintiffs could not prove they were spied on based on the public evidence.As we argue, the district court’s decisions wrongly deny the American people a ruling on whether the spying programs are legal:

      • Appeals Court Approves Nationwide Injunction Against Trump Asylum Rule, Acknowledges Harm To Legal Groups

        A federal appeals court restored a nationwide injunction against a rule imposed by President Donald Trump’s administration to block asylum seekers.

        On July 16, a rule on asylum eligibility was developed to deny asylum to individuals who enter the United States at the southern border without first applying for asylum in Mexico or a third country. It is commonly referred to as the third-country rule.

      • America’s Lost Liberties, Post-9/11

        Take heed, America.

      • Welcome Back
      • MIT Media Lab offers painful lesson on donations

        There are so many good, honest people generously supporting causes. Accepting their money is easy.

        But sometimes the calls aren’t so simple. Two families — the Saudi royals and the Sacklers of opioid infamy — come immediately to mind. [...]

      • Rare video of underage marriage in Iran: the 'bride' is aged 11
        The video shows a wedding that took place on August 26, 2019, in Bahmaei, an impoverished district in southeastern Iran.

        A video showing an 11-year-old girl marrying her 22-year-old cousin in rural Iran has drawn new attention to a practice many Iranians believe to be in decline. But our Observer says child marriage is still common in some rural areas.

      • South Africa is guilty of Afrophobia, not xenophobia

        Xenophobia refers to prejudice against people from other countries. South Africa does not have a xenophobia problem.

      • South African archbishop compares nation's xenophobia to Nazi Germany

        Zambia's bishops urged South African leaders to do more to stop xenophobic attacks, and a South African archbishop warned of a rising tide of hatred and violence in the country. "Xenophobia and its resultant chaos are not just criminal but cruel, barbaric and abominable," Zambia's bishops said in a Sept. 7 statement titled, "You were once foreigners in a foreign land." At least 10 people were killed, two of them foreign nationals, in a wave of riots and xenophobic attacks that began in late August in Pretoria and spread to nearby Johannesburg. "We are facing a rising tide of hatred and intolerance, no different to the rising tide of hatred in Nazi Germany," said Archbishop Buti Tlhagale of Johannesburg, noting that, "If we do not take urgent action to stop it, there will be nothing left." Zambia's bishops said they were "deeply saddened" by the attacks.

    • Internet Policy/Net Neutrality

      • New York City Sues T-Mobile For Ripping Off Its Prepaid Users

        While T-Mobile has built a brand on the claim it's hugely different from the other big wireless carriers, it routinely likes to illustrate the limits of that claim. Like the time T-Mobile CEO John Legere mocked the EFF after the group noted T-Mobile routinely violated net neutrality (it also supported killing the FCC rules). Or the time the company hired Trump advisor Corey Lewandowski, shortly after he'd mocked a kid with Downe's Syndrome on live TV, just to get a leg up on its Sprint merger approval process. And that's before you get to the steady stream of bullshit T-Mobile has been pushing to get that deal approved.

    • Monopolies

      • Patents and Software Patents

        • Swedish Patents and Market Court of Appeal requests CJEU to clarify concept of “public” in new CJEU reference

          Readers may know that the InfoSoc Directive does not expressly define the concept of “public”: it may not be clear whether that concept should be given a uniform interpretation within the framework of this piece of legislation. Could that concept of “public” be different when it relates to an act of communication within Article 3 as opposed to an act of distribution within Article 4?

          The Swedish Patents and Market Court of Appeal (PMÖD) has just requested (available only in Swedish) the Court of Justice of the European Union (CJEU) to clarify this very question: does the concepts of “public” in Articles 3 and 4 of the InfoSoc Directive have a uniform meaning? if so, is a court a public with the meaning of these two provisions?

          [...]

          According to the PMÖD, neither the court nor its staff can be considered “individuals in general” nor do they belong to a private circle. In addition, while the number of individuals who can access the work in connection with the handling of the case is limited to the employees of the court, that number may still be large.

          The following questions have therefore been referred to the CJEU (please note that this is my own translation from Swedish; see also here):

          1. Should the concepts of “public” in Articles 3(1) and 4(1) of the InfoSoc Directive be given a uniform meaning?

          2. If yes, does a court constitute a public with the meaning of the two provisions?

        • Vacating the Entire Patent Office Proceedings on Equitable Grounds

          This case involves two inter partes reexaminations filed by PPG back in 2012. U.S. Patents 7,592,047 and 8,092,876. On reexamination, the examiner rejected all the claims; then the Board (PTAB) reversed all of those rejections (favoring the patentee).

          On appeal, the Federal Circuit refused to hear the case on standing grounds — holding that Valspar had granted a covenant-not-to-sue that mooted the appeal. PPG Industries, Inc. v. Valspar Sourcing, Inc., 679 Fed. Appx. 1002 (Fed. Cir. Feb. 9, 2017)(nonprecedential) (Valspar I). Still, although it did not hear the merits of the case, the court still vacated the PTAB Final decisions in the interests of “justice.” In particular, the court appeared to be looking to punish Valspar for filing its covenant-not-to-sue late in the appeal — “tardily and unilaterally.”

          [...]

          To my knowledge, the Federal Circuit has not begun vacating Inter Partes Review proceedings based upon lack of appellate jurisdiction, but this decision shows how it is within the court’s equitable power.

      • Copyrights

        • New Chair of EFF’s Board of Directors: Renowned Legal Expert Pamela Samuelson

          EFF is proud to announce our newest Chair of our Board of Directors, renowned legal expert Pamela Samuelson. Pam has served on EFF’s board for nearly 20 years, and her deep knowledge of digital copyright law, intellectual property, and information policy has made EFF a stronger organization.

          Pam is a co-director of the Berkeley Center for Law and Technology—an internationally respected research center at the University of California, Berkeley, School of Law. Pam is also co-founder and chair of the board of the Authors Alliance, a non-profit group that promotes the public interest in access to knowledge. She has written and spoken extensively about the challenges that new information technologies pose for traditional legal regimes, as well as about privacy, the First Amendment, and other cyberlaw issues.



Recent Techrights' Posts

Advertisers and Their Covert Impact on Publications' Output (or Writers' Topics of Choice, as Assigned or Approved by Editors)
It cannot be trivially denied that sponsorship in the form of "advertising" impacts where publishers go (or don't go, won't go)
Terrible Year for Microsoft Windows in Cyprus
down from 86% to 72% since January
 
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024
IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search
Links for the day
Brittany Day Connects Windows Ransomware to "Linux" Using Microsoft LLMs (FUD Galore, Zero Effort, No Accountability)
FUD and misinformation made by Microsoft LLMs again?
Links 24/12/2024: Labour Strikes and TikTok Scrambling to Prop Up Radical Politicians That Would Protect TikTok
Links for the day
Where the Population is Controlled by Skinnerboxes Inside People's Pockets (or Purses)
A very small fraction of mobile users practise or exercise freedom/control over the skinnerbox
[Meme] Coin-Operated Publishers (Gaming the Message, Buying the Narrative)
Advertise (sponsor) to 'play'
[Meme] How to Kill Unions (Staff on Shoestring Budget Cannot Afford Lawyers)
What next for the EPO? "Gig economy"?
The EPO's Staff Union (SUEPO) Takes Legal Action to Rectify the Decrease in Wages (Lessening of Purchasing Power)
here is what the union published
Gemini Links 24/12/2024: Deedum Gemini Client Gets Colour Support, Advent of Code 2024
Links for the day
Microsoft Windows Slides to New Lows in Colombia
Now Windows is at an all-time low
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 23, 2024
IRC logs for Monday, December 23, 2024
A Strong and Positive Closing for the Year's Last Week
In a lot of ways this year was a good one for Free software
Feels Too Warm for Christmas
Christmas is here, no snow in sight
Links 23/12/2024: 'Negative Time' and US Arms Taiwan Again
Links for the day
Links 23/12/2024: The Book of Uncommon Beings, Squirrels, and Slop Ruining Workplaces
Links for the day
Links 23/12/2024: North Korean Death Toll in Russia at ~1,100, Oligarch Who Illegally Migrated/Stayed (Musk) Shuts Down US Government
Links for the day
The World's 'Richest Country' Chooses GNU/Linux
This has gone on for quite some time
Richard Stallman on Love
Richard Stallman's personal website includes a section that lists three essays on the subject of love
Apple's LLM Slop Told Us Luigi Mangione Had Shot Himself, BetaNews Used LLMs to Talk About a Dead Linus Torvalds
They can blame it on some bot
Microsoft, Give Me LLM Slop About "Linux" and "Santa", I Need Some Fake Article...
BetaNews is basically an LLM slop site
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 22, 2024
IRC logs for Sunday, December 22, 2024