There are just 22 days left until Christmas — already? so soon!! — at the time of writing this, so you’ll need to move fast and buy your gifts now to ensure that they arrive in time to be wrapped, fondled, and stashed under the xmas tree.
Now, the Linux gift ideas that follow are not based on anything other than my own subjective tastes, i.e. this is stuff I’ve seen and thought: “heh, that looks like something I wouldn’t be annoyed to receive”.
Any electronic design engineer practicing today will be familiar with open source software. Nowadays, it is likely that the question of using an open source operating system is always on the agenda at a new project kick-off meeting.
Linux is clearly a popular solution. In fact, it has been reported that Linux is used on every supercomputer in the Top500 project. Thanks to its tie-in with Android, it is also one of the most widely deployed general-purpose operating systems. Its open nature means that anyone can take Linux and configure it for use on a particular hardware platform, which has also made it popular for embedded applications.
The official release of version 3.0 of the Helm package manager for Kubernetes is designed to make it easier for IT organizations to discover and securely deploy software on Kubernetes clusters more easily.
Taylor Thomas, a core contributor to Helm who is also a software developer for Nike, says for the last year the committee that oversees the development of Helm under the auspices of the Cloud Native Computing Foundation (CNCF) has been structuring the package manager to rely more on the application programming interfaces (APIs) that Kubernetes exposes to store records of installation. Helm Charts, which are collections of YAML files describing a related set of Kubernetes resources, now can be rendered on the client, eliminating the need for the Tiller resource management tool resident in the previous release of Helm that ran on the Kubernetes cluster.
In addition to providing a more secure way to render Helm Charts, Thomas says this approach provides a more streamlined mechanism for packaging software using Helm. Helm 3.0 also updates Helm Charts and associated libraries. Additionally, a revamped Helm Go software development kit (SDK) is designed to make Helm more accessible, with the aim of sharing and reusing code the Helm community has open-sourced with the broader Go community, says Thomas.
Last year, we introduced Gardener in the Kubernetes Community Meeting and in a post on the Kubernetes Blog. At SAP, we have been running Gardener for more than two years, and are successfully managing thousands of conformant clusters in various versions on all major hyperscalers as well as in numerous infrastructures and private clouds that typically join an enterprise via acquisitions.
We are often asked why a handful of dynamically scalable clusters would not suffice. We also started our journey into Kubernetes with a similar mindset. But we realized that applying the architecture and principles of Kubernetes to productive scenarios, our internal and external customers very quickly required the rational separation of concerns and ownership, which in most circumstances led to the use of multiple clusters. Therefore, a scalable and managed Kubernetes as a service solution is often also the basis for adoption. Particularly, when a larger organization runs multiple products on different providers and in different regions, the number of clusters will quickly rise to the hundreds or even thousands.
Today, we want to give an update on what we have implemented in the past year regarding extensibility and customizability, and what we plan to work on for our next milestone.
Cloud native is more than just a buzzword, though. It's an approach used by some of the largest organizations on the planet, including Walmart, Visa, JP Morgan Chase, China Mobile, Verizon and Target, among others. Cloud native is an approach that enable developers and organization to be more agile, providing workload portability and scalability.
Kata Containers can significantly improve the security and isolation of your container workloads. It combines the benefits of using a hypervisor, such as enhanced security, and container orchestration capabilities provided by Kubernetes.
Together with Eric Erns from Intel, we have recently performed a webinar in which we presented the benefits of using Kata Containers in a Charmed Kubernetes environment. In this blog, we aim to highlight the key outcomes from this webinar.
CentOS 8 Stream looks like a nice, smart project. Whether it's going to grant the intended users, i.e. not desktop folks, the necessary levels of flexibility and stability and modernity, well, time shall tell. But it is a sensible idea, because at the moment, the choice is one between austerity and unpredictability.
I am testing from the desktop angle, so the considerations are definitely different - and the benefits smaller if any. But then, I'm thinking. Could I perhaps commit this to some production or semi-production desktop machine, and see whether it offers long-term value? In general, I don't like the concept of using third-party repositories on systems used for serious work, but I'm tempted enough to see how well this pans out. Hm, we shall see. The end, cliffhanger style.
Fellow Red Hat associates Cesar Saavedra, Pavol Loffay, Jeff Mesnil, Antoine Sabot-Durand, Scott Stark, and I have written a book on Eclipse MicroProfile, called Hands-On Enterprise Java Microservices with Eclipse MicroProfile.
This 256-page book provides an introduction to microservices and why they are important, and it showcases Eclipse MicroProfile as a way to implement so-called 12-factor apps.
APIs continue to spread, as seen in this 2019 report from ProgrammableWeb, which shows a 30% increase over last year’s growth rate. More regulations are enforcing the use of APIs to open up companies and foster innovation. Think of the Payment Services Directive version two (PSD2), open banking, and the public sector releasing 0pen data APIs. With such an abundance of APIs, it becomes increasingly crucial to get the value out of your APIs and differentiate yourself from the growing competition. It’s time to design and manage your APIs as a Product.
To get started with Insights, the first thing you’ll need to do is create a Red Hat customer portal login if you don’t already have one using these instructions. This will give you access to the Red Hat Customer Portal and cloud.redhat.com which includes the Insights dashboard. Next, use the Getting Started page to enable the Insights client.
One of the most exciting days of the year is finally here. Registration for Red Hat Summit 2020 is now open!
We’re heading back to San Francisco and the Moscone Center on April 27-29, 2020, where we expect thousands of customers, partners and technology industry leaders from around the world to come together for a high-energy week of innovation, education and collaboration.
[...]
For the past 15 years, Red Hat Summit has delivered inspirational, educational and actionable content, industry-shaping news, and insight into best practices from customers and partners from around the world and across industries. Attendees also have the chance to talk to the teams who produce the technologies they depend on, and learn more about Red Hat’s product roadmap.
November's wander-around-the-web has turned up some interesting Ansible stories. It's fascinating to explore Ansible development through data, as Greg Sutcliffe does in his blog linked below. On the YouTubes this month, we found a couple of really interesting talks.
As part of my role as a senior product marketing manager at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends for product marketers, managers, and other influencers. Here are five of my and their favorite articles from that update.
The bare metal cloud is an abstraction layer for the pools of dedicated servers with different capabilities (processing, networking or storage) that can be provisioned and consumed with cloud-like ease and speed. It embraces the orchestration and automation of the cloud and applies them to bare metal workload use cases.
The benefit to end users is that they get access to the direct hardware processing power of individual servers and are able to provision workloads without the overhead of the virtualization layer—providing the ability to provision environments in an Infrastructure-as-code methodology with separation of tenants and projects.
In the previous article, APIs as a Product: Get the value out of your APIs, we presented a new approach called “APIs as a Product” to maximize the value of your APIs. In this article, we show how to quickly get started with APIs as a Product using the new features of Red Hat 3scale API Management 2.7.
To showcase the power of 3scale 2.7’s new features, combined with the awesomeness of the open source communities Apicurio and Microcks, we will design two APIs as a Product and show how we can compose both products in 3scale to get the resulting API as a Product.
Let’s look at the well-known Petstore example. Imagine for a moment that the first steps of the API Design Thinking process led to this rough definition of the customer’s needs:
Well over half the attendees were conference first-timers. On the one hand, lots of new blood is a sign of a healthy community. On the other hand… well, I’ll let one such first-timer, consultant and industry analyst Keith Townsend, speak for himself: “I’m not shy in saying I don’t know what’s going on at this keynote. It’s not aimed at me or people like me for sure. To use a metaphor - it feels like I’ve been dropped in the middle of an industry conference like the American Medical Association. There are some words and concepts I understand, but overall I’m lost. And there are very few IT topics,” he noted on Twitter.
Enterprise distributions can help to abstract away some of this complexity by making opinionated choices about components and otherwise packaging the cloud-native ecosystem into a more consumable form.
DevNation tech talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions and code and sample projects to help you get started. In this talk, you’ll learn about testing in production from Alex Soto, Red Hat Software Engineer.
DevOps has grown in popularity in recent years, particularly in software companies that want to reduce lead time to be measured in days/weeks instead of months/years. To make sure your software does the right things and does those things right, you need to test it implacably. Many companies, however, see the testing phase as a bottleneck that slows product release. To change that, we need a new approach — making the release process of an application a testing process and involving QA from the beginning.
We are pleased to announce the release of Red Hat CodeReady Workspaces 2.0. Based on Eclipse Che, its upstream project CodeReady Workspaces is a Red Hat OpenShift-native developer environment enabling cloud-native development for developer teams.
Customer empowerment is one consequence of digital transformation. And as we explained in the first part of this series, it's a powerful one. Empowering customers can deepen their relationship with your organization—but it won't work if they don't trust you.
In this article, we'll explain how acting openly can create that foundation of trust—and why it can lead to business success.
If you’re looking for a one-word summary of corporate blockchain efforts in 2019, try “experimentation.” The hype is subsiding and more businesses are actively trying to figure out how they can actually use the technology to their benefit.
“2019 has continued what 2018 started – enterprises experimenting,” says George Spasov, blockchain architect and co-founder at LimeChain. “The finger-dipping exercises of the last year have encouraged further experimentation this year, while dragging along new experimenters.”
I really didn't notice it taking a toll on me at the time but, looking back, I started showing symptoms of burnout fairly early. However, it was easy to push aside with the excitement of moving to new roles with increasing responsibility and continuing my aggressive pursuit of learning. Before I knew it, several years had passed and I was officially burnt out.
"Burnout" isn't just being bored or tired at your job; it's a serious issue with real consequences. The Mayo Clinic defines burnout as "a special type of work-related stress — a state of physical or emotional exhaustion that also involves a sense of reduced accomplishment and loss of personal identity."
While burnout is not an official medical diagnosis, it goes hand in hand with underlying medical conditions such as depression and anxiety, which could make symptoms worse.
I wasn't officially diagnosed with clinical depression until 2012 but I've been dealing with it my entire life (and by "dealing with it," I mean completely ignoring it, which I do not recommend.) It wasn't until I started taking medication and seeing a therapist that I realized how much burnout was affecting my everyday life.
Lutris gets a shot of cash from Epic Games, Django unchains version 3, and the Qt folks have a new marketplace.
In this video, I am going to show an overview of Kali Linux 2019.4 and some of the applications pre-installed.
Starting a new project is always exciting because the scope is easy to understand and adding new features is fun and easy. As it grows, the rate of change slows down and the amount of communication necessary to introduce new engineers to the code increases along with the complexity. Thomas Hatch, CTO and creator of SaltStack, didn't want to accept that as an inevitable fact of software, so he created a new paradigm and a proof-of-concept framework to experiment with it. In this episode he shares his thoughts and findings on the topic of plugin oriented programming as a way to build and scale complex projects while keeping them fun and flexible.
TIK TEK TOE, episode 007. Marcel and Evan discuss Ryan Reynold's continued redemption with Detective Pikachu, martial arts movies, VR arcades, whether a decade starts on a 0 or 1, what kind of decade FOSS has had, or is about to have had, the Internet Society and .ORG vs the Girl Scouts (our money is on the Girls Scouts), on-demand culture, Drake (yeah, that Drake), and perineum sunning.
Once you're done listening, or right now for that matter, please (pretty please, even) make sure you share this podcast with your friends, family, neighbours, enemies . . . just share and recommend. Also, if you can spare a few extra keystrokes, be sure to leave us a comment and tell us how we're doing.
Brent sits down with Rocco of Big Daddy Linux for a conversation about the origins of Linux Spotlight, some shared behind-the-scenes podcasting perspectives, and just how great we feel about our linux community.
The XFS file-system is seeing a large number of changes for the in-development Linux 5.5 kernel.
Darrick Wong characterized the changes for this release as having "changed quite a few things" and indeed the list is much longer than we are used to seeing out of a proven and mature file-system.
With the Linux 5.5 livepatching support comes system state tracking in order to better handle different kernel live patches over time that could potentially clash with one another. Patches altering shadow variables and callbacks could lead to cases where live-patches cannot be reverted easily or not jive with future live-patches, but the system state tracking is designed to track those state changes so there is the ability to revert complex patches later on.
Think Silicon, recognized for the successful ultra-low power NEMA€® GPU-Series for MCU driven SoCs, announced the demonstration of the industry’s first RISC-V ISA based 3D GPU -- the NEOX|Vââ¢. Attendees at the RISC-V Summit, in San Jose, California, will have the first opportunity to witness this new GPU innovation designed for the rapid deployment of Computer Graphics, Machine Learning and open GPGPU compute framework applications.
Offering a myriad of flexible possibilities, NEOX|V â⢠IP is designed to be easily configured for applications such as computer graphics, machine learning, vision/video processing and general-purpose compute. The new offering provides a platform for implementation in multiple embedded and external devices across many consumer and industrial vertical markets including Graphics, Compute, and AI for IoT/Edge/Compute.
While there has been the Libre RISC-V community-driven effort to create a RISC-V graphics processor that basically amounts to a RISC-V core with vector extensions/improvements and running a Vulkan software implementation (though they are now reportedly eyeing POWER instead of RISC-V), Think Silicon has announced the first actual RISC-V ISA based 3D graphics processor.
At ELC Europe in Lyon I held a nice little presentation about the state of upstream graphics drivers, and how absolutely awesome it all is. Of course with a big focus on SoC and embedded drivers. Slides and the video recording
While originally Intel planned to transition their OpenGL driver default to the modern "Iris" Gallium3D driver rather than the longstanding "i965" DRI driver for Mesa 19.3, that was pushed back to Mesa 20.0 for introduction in Q1'2020. In aiming to make that revised milestone a reality, a new option has been added to Mesa 20.0 with the Meson build system for being able to indicate the Intel OpenGL driver preference.
The plan is for Mesa 20.0 to default to their new Gallium3D driver with Broadwell "Gen8" graphics and newer, including Icelake "Gen11". It's with Tiger Lake "Gen12" graphics where there is only support being implemented anyhow on this Gallium3D driver and not the older i965 OpenGL driver. As it stands right now when building Mesa, the i965 driver is used by default and then an environment variable allows overriding the driver to load in order to use Iris Gallium3D.
The Panfrost Gallium3D driver that is the open-source OpenGL community-led driver for supporting Arm Mali Midgard/Bifrost architectures now has stable support for the T720 GPU.
The T720 is now enabled in Mesa 20.0-devel with the GPU support being equal to that of the already supported T760 and alongside other Mali GPUs like the T820/T860.
Although I primarily use GnuCash to track my family's personal finances, I decided to try HomeBank as a secondary program. HomeBank was a pleasant surprise; it is easily configured, has a friendly interface, can generate nice charts and reports, and is accompanied by good documentation. If GnuCash seems too complex or intimidating for your needs, HomeBank just might be the alternative that hits the sweet spot.
If you are brand new to HomeBank, a good starting point is Meemaw's article in the March 2012 issue of The PCLinuxOS Magazine, called "Linux Financial Apps: HomeBank".
Her tutorial covers what is probably ver. 4.4 of the program. HomeBank's interface and behavior have not changed drastically since then. However, I should mention that the term "wallet" is no longer used to refer to files.
Data loss is a common threat we all face these days. Disk failure or other user mistakes might result in data loss. Losing data is more hazardous for a data center which stores tons of information every day. There are so many backup Utilities available in the market which makes it confusing to choose the best one among the numerous options. This article will help you select the most appropriate free backup utility for Linux that might fit your needs.
PhotoFilmStrip is a nice program for easily creating video slideshows of your photos. It supports audio tracks, panning and zooming, and has a few transition and image effects. The interface is quite well designed, making the program quick and easy to use.
[...]
I really like how PhotoFilmStrip makes it very easy to quickly produce a high quality slideshow of your favorite photos. It's definitely far simpler than doing it all manually in dedicated video editing software. I recommend PhotoFilmStrip to anyone looking for a quick and easy solution to photo slideshows.
nbdkit is our flexible toolkit for building block devices. I just added a couple of new features which will appear in the next stable release, nbdkit 1.18.
Previously I’ve talked on this blog and gave a talk at FOSDEM about how you can write block devices in shell script using nbdkit-sh-plugin. But that requires you to use an extra file for the script. What if opening an extra file is too much work? Well now you can specify the script directly on the nbdkit command line using the new eval plugin.
Phoronix Test Suite 9.2-Hurdal is available today as the newest quarterly feature release to the Phoronix Test Suite for automated, cross-platform and open-source benchmarking.
VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files, and various streaming protocols this week the latest update in the form of VLC 3.2.3 has started rolling out. Bringing with it a new user interface design for the audio and video player together with an improved TV interface as well as additional keyboard shortcuts within the Chrome OS.
Of course, enabling DoH in the browser will have benefits, since most people interact with the internet mostly through their web browser. But, not everything happens in a web browser, so anything that happens outside of the web browser won't receive the encryption of DNS requests.
There is, however, another alternative that is probably better than DoH, and simultaneously gives users the same protection both inside and outside of a web browser. We published a short article on Cloudflare's 1.1.1.1 DNS service in the May, 2018 issue of The PCLinuxOS Magazine. By simply replacing your DNS service with Cloudflare's DNS service, you will gain protection for all DNS requests, for all internet data.
Still, 40 some years after it was originally created, DoH gives significant privacy upgrades to DNS servers. In every case that I found, DoH was NOT turned on by default. You owe it to yourself to turn it on to give you an extra layer of protection. Plus, does your ISP *really* need to know everywhere you've been on the web? It's not as if every other entity out there is trying to leech as much of your personal and private data as possible. Why make it easier for them to do so?
DXVK 1.4.6 has fixes to fix rendering issues and the like with American Truck Simulator, Euro Truck Simulator 2, Final Fantasy XIV, and Warcraft III: Reforged. In the case of Warcraft III: Reforged, DXGI features should now allow DXVK to run the game. DXVK 1.4.6 also has crash fixes for mode changes or when closing a game as well as an issue where CPU-limited performance could degrade over time.
What could be a true turning point for Paradox Development Studio and Paradox Interactive with Imperator: Rome, a new update "Livy" is out along with the free Punic Wars DLC.
You have to hand it to the developers at Beamdog, they certainly support their revamped RPG classics for a long time. Neverwinter Nights: Enhanced Edition just got a big update too!
The 1.79 stable patch is live and it comes alongside the launch of Neverwinter Nights: Enhanced Edition on PS4, Xbox One and Nintendo Switch and so Beamdog have enabled PC (Linux, macOS and Windows) online cross-play with Xbox (in January) and Switch (live now) but not the PS4.
Father Robert Ballecer, a former tech blogger turned God-lover, decided he wanted to combine his two big passions and asked his Twitter followers (all 23,000 of them) what game he should create a server for. Minecraft won with 64 per cent, and so the server at minecraft.digitaljesuit.com was born.
Ballecer's aim is to create something a bit less ‘toxic' than many of the mainstream servers out there.
A totally scientifically inaccurate depiction of hive dynamics! In Hive Time you're responsible for growing your hive, making that sweet-sweet honey and producing a Queen before the current one dies.
Skookum Arts have finally given their seriously clever puzzle-platform The Pedestrian a release date, coming to Linux on January 29, 2020.
After testing an early build this year, which you can still try yourself on itch.io, I was instantly hooked. Such a brilliant idea. You control the person symbol you usually see on signs and you go running from sign to sign, rearranging and reconnecting signs in order to solve puzzles. Honestly, it's absolutely fantastic with an awesome atmosphere.
Kharon's Crypt - Even Death May Die, a nonlinear dungeon crawler inspired by old Nintendo Game Boy Color games and Zelda is getting closer to an Early Access release and they have a sweet new trailer.
This is another that was crowdfunded on Kickstarter (listed on our dedicated page) back in October of 2017. Playing as Kharon, you are a being thought to be death itself. Your mission is to escape from your crypt, where you had been sealed by a deranged king that wanted to elude death.
Help Kyle prepare for an important interview with a guest on their hit TV show in Kyle is Famous, a somewhat absurd and free text adventure.
Full text adventures like this are not something I usually go for personally, however Kyle is Famous ticks a few boxes. It has some truly ridiculous humour that's hard not to enjoy, it's also quite short and with multiple endings you can go back and have another quick run to see what happens.
Wall running, long jumping and lots of pew-pew is what you will be doing in Arsenal Demon. It's a newish arena-survival FPS and it's now available on Linux too. It launched on Steam in October, with Linux (and macOS) getting support in mid-November.
Much like an older favourite of mine called Devil Daggers, the overall idea is simple: you're pushed into an arena and you have to survive as long as possible. Beat your last time, beat everyone else you know too. It's ridiculously fast, it's exciting and you get to customize your Arsenal Demon too.
Shortly after I had finished uploading my video where I wanted to see how well Google Stadia would work on Linux, somebody followed up with a question on whether it would work with Chromium, the open source browser on which Chrome is built. I didn't actually know the answer, but I was willing to test it out, and I did, and I recorded it. :-)
Today KDE releases a bugfix update to KDE Plasma 5, versioned 5.17.4. Plasma 5.17 was released in October 2019 with many feature refinements and new modules to complete the desktop experience.
Highlights of KDE Plasma 5.17.4 include better compilation support with Qt 5.14, removal of deprecated API in KWindowSystem, fix for broken multimedia control on lock screen, the ability for the Folder view to use the selected text color for selected items in full representation, improved default layout for Workspace KCM, several Weather applet improvements, and new DesktopEntry for notifyrc, and disabled systeminfo test on systems without uname in Dr Konqi.
All users are urged to update their installations as soon as possible to the KDE Plasma 5.17.4 point release, which will soon be available from the stable software repositories of your favorite GNU/Linux distributions. The next and last maintenance update in the KDE Plasma 5.17 desktop environment series will be KDE Plasma 5.17.5, due for release on January 7, 2020.
This October I attended the GNOME Shell Hackfest 2019 in the Netherlands. It was originally just planned as a small hackfest for core Shell developers, but then us designers decided to crash the party and it became a pretty big thing. In the end we were about 15 people from lots of different companies, including Red Hat, Endless, Purism, and Canonical. The venue was the Revspace hackerspace in Leidschendam, which is somewhere between the Hague and Leiden.
The venue was very cool, with plenty of hackerspace-y gadgets and a room with couches and a whiteboard, which was perfect for the design team’s planning sessions.
Offensive Security, maintainer of the Kali Linux penetration-testing platform, has released a new version of the widely used open source project.
Key improvements in Kali Linux 2019.4 include a brand-new default desktop environment, a unified user interface, and an undercover feature that allows security researchers to use the pen-testing tool in a public setting without tipping their hand.
With the new release, Offensive Security has moved Kali Linux from Gnome to Xfce, a lightweight, open source desktop environment for Linux, BSD, and other Unix-like operating systems. The move is designed to improve performance and the user experience for pen-testers, according to Offensive Security.
By the way, the update in-place from the previous version (2019.3) works swimmingly. However, the single bug-a-boo that I experienced was the necessity to drop postgresql10 for the latestest iteration of same; but that's picking nits, now ain't it guvnor? And, then there's the Kali Undercover...plus, not to forget - Kali-Docs is now on Markdown. Savoire-Faire is Everywhere!
Kali Linux is popular among ethical hackers and pen testers alike, commonly used by researchers and red teamers to perform security tests. Last week, Kali Linux released version 2019.4 to the public, and the newest version boasts a new ‘undercover’ mode in which users can convert the Linux desktop to look like a Windows 10 device. Kali Linux’s reputation is the driving force behind this ‘undercover’ mode, as it may be suspicious to run Kali Linux in a professional or public setting. The new model solves this issue by offering users the option to make it appear as though they are running Windows rather than Linux.
Would you pay $20 for a Linux desktop? I would, and in fact, I regularly choose to pay more than that when I download free software! The reason I do this is that open source is worth it. For a copy of Elementary OS, US$ 20 happens to be the default asking price (you can download it for $1 or even $0 if you can't afford anything more). What you get in return is an excellent and heavily curated distribution that ships with its own Pantheon desktop design.
You may find Pantheon included in a software repository, as it is open source, but more likely, you'll have to download and install Elementary Linux to experience it. If you're not ready to install Elementary on your computer as the main OS, you can install it into a virtual machine, like GNOME Boxes.
The Pantheon desktop is clean, attractive, and features many of the little things many users want in a desktop but could never quite get from the usual Linux desktops.
elementary OS has long been viewed by many as the future of Linux on the PC thanks to its beautiful desktop environment and overall polished experience. Development of the Ubuntu-based operating system has been frustratingly slow, however. This shouldn't be surprising, really, as the team of developers is rather small, and its resources are likely much less than those of larger distributions such as the IBM-backed Fedora or Canonical's Ubuntu. And that is what makes elementary OS so remarkable -- its developers can make magic on a smaller budget.
Today, the latest version of the operating system is released. Code-named "Hera," elementary OS 5.1 is now available for download. Support for Flatpak is now baked in — this is significant, as the developers explain it is “the first non-deb packaging format we've supported out of the box.” The Linux kernel now sits at a very modern 5.0. One of the most important aspects of elementary OS, the AppCenter, is now an insane 10 times faster than its predecessor. Wow.
This major update to elementary OS carries a wealth of changes and improvements, including native support for Flatpak, a faster App Centre store front, and many thoughtful refinements to the system’s bespoke UI.
A free update for existing elementary OS users, the Hera uplift also introduces Linux Kernel 5.0 courtesy of Ubuntu’s recent LTS hardware enablement stack update.
To learn more about what’s new in the elementary OS 5.1 release, and how to download it to try for yourself, keep reading!
elementary OS 5.1 Hera
The bulk of the changes being offered in the elementary OS 5.1 update aren’t strictly new as they’ve been iteratively pushed out via software updates to the elementary 5.0 Juno release.
But the sum total of those updates is enough to create a distinct, separate version number with new .iso images for folks to download. Think of it like an Ubuntu point release, in that sense.
The elementary team proudly announced today the official availability of the elementary OS 5.1 "Hera" operating system, a major update that adds many improvements and new features, as well as updated components and fresh new artwork.
elementary OS 5.1 "Hera" is the culmination of one year of hard work, during which the development team implemented out-of-the-box Flatpak support to make it easier and secure for users to install third-party apps that are not available in the AppCenter, but are essential for their everyday tasks.
For this, elementary OS 5.1 comes with Sideload, a new, in-house built graphical utility that lets you install Flatpak apps with single click. In addition, elementary OS 5.1 adds Flatpak support to the AppCenter so that users can manage Flatpak apps alongside regular applications from the official repositories.
It’s no secret I have a distaste for Windows 10. Its telemetry, endless nagging, broken updates and general bloat pushed me to Linux last year. My opinion about macOS is less critical. I still utilize it for the occasional music production tasks, and it respects my privacy far better than Microsoft’s desktop OS. Unfortunately, the macOS experience hasn’t evolved much, and with each new update Apple continues its forced obsolescence of older hardware. But there’s a Linux alternative that exudes pure desktop elegance and runs like a dream on older machines. It emphasizes a clean workflow and thoughtful design in every single pixel. Yea, it’s time to pay attention to elementary OS.
You’ve probably heard of Ubuntu, one of the most popular Linux distributions out there. Well, elementary OS is based on the stable version of Ubuntu (meaning you’ll get a thoroughly tested kernel and software) but it makes substantial tweaks to its presentation by using a custom Desktop Environment called Pantheon.
At first blush, elementary OS (and by extension, the Pantheon desktop) may remind you of macOS — it may even comfortably feel like it — but when you start to dig in and use it, the differences become clear. It’s not only easier, but far more elegant.
Today the developers behind elementary OS introduced version 5.1, which I’ve been testing for the last week. It brings several substantial improvements, and manages to outclass macOS (and every other Linux distribution available) in a few key areas.
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project Currently the project manager is Nanni Bassetti (Bari - Italy). CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
In this video, we are looking at Linux Mint 19.3 Beta Cinnamon. Enjoy!
MX Linux 19 has been released and announced by MX Linux Dev team, this release brings a lot of major improvements and changes. The operating system based on Debian 10 buster, powered by linux kernel 4.19 and uses the lightweight Xfce 4.14 desktop environment. It even features a patched sudo, there is a bunch of great software installed, such as Firefox 69, Thunderbird 60.9, LibreOffice 6.1.5, VLC 3.0.8, GIMP 2.10.12, and more!
As you know, Mageia 7 was released this summer, followed shortly after by Mageia 7.1. It is time to say goodbye to Mageia 6 – updates have stopped, including security updates. As usual, before the upgrade, do a backup of your data and documents.
Why and when did you start using Linux? 2006 Open-Suse, 6 Months later PCLinuxOS my only distro.
What specific equipment do currently use with PCLinuxOS? Office, Graphics, Multimedia - Jack-Audio, HTML Website build and not so often anymore, 3D CAM
Do you feel that your use of Linux influences the reactions you receive from your computer peers or family? If so, how? Trying to make people curious by talking about it.
What would you like to see happen within PCLinuxOS that would make it a better place. What are your feelings? That Mini Live CD correspond to the Sinn Mini, only for the wide hardware compatibility and peripherals such as printers and scanners.
Together with my colleague Bettina Bassermann and SUSE partners, we will be running a series of blogs and webinars from SUSE (Software Development, Microservices & Container Management, a SUSE webinar series on modern Application Development), and try to address the former questions and doubts about K8s and Cloud Native development and how it is not compromising quality and control.
EPYC is AMD’s flagship mainstream server microprocessors and supports 1-way and 2-way multiprocessing. The first generation was originally announced back in May 2017 and replaced the previous Opteron server family with the introduction of the Zen microarchitecture for the mainstream market.
Content Lifecycle management is managing how patches flows through your infra in a staged manner. In ideal infra, latest patches will always be applied on development servers. If everything is good there then those patches will be applied to QA servers and lastly to production servers. This enables sysadmins to catch issues if any and hence preventing patching of prod system which may create downtime of live environments.
SUSE Manager gives you this control via content lifecycle. In this, you create custom channels in SUSE Manager for example dev, qa and prod. Then you register your systems to those channels according to their criticality. Now whenever channels gets the new patches it will be available to respective systems (registered to those channels) to install. So if you control channels you control the patch availability to systems.
In content lifecycle management, suse manager enables you to push patches to channels manually. Like on first deploy all latest patches will be available to dev channels and hence dev systems. At this stage, if you run update commands (zypper up, yum update) they will show latest patches only on dev servers. QA and prod servers wont show any new patches.
CCOSS stands for “Cumbre de Contribuidores de Open Source Software” (Contributors Summit in Open Source Software). It is the first event in Mexico dedicated to improving accessibility for latin tech practitioners to contribute to world-leading open source technologies, focusing on delivering content in Spanish & providing hands-on mentoring opportunities.
In its 16th edition, Latinoware started on Wednesday (27) and continued until Friday (29), with a program of over 300 activities. The Latin American Congress of Free Software and Open Technologies at the Rafain Palace Hotel & Convention, in Foz do Iguaçu, attracted over 2700 of participants, including children, students, professionals and even older people, interested in the different topics addressed.
There are new live/install media of Sparky 2019.12 “Po Tolo” available to download, which is based on the testing branch of Debian “Bullseye”.
Goals: ● system upgraded from Debian testing “Bullseye” repos as of December 1, 2019 ● Calamares installer 3.2.17 ● Linux kernel 5.3.9 as default (5.4.1 & 5.3.14 in Sparky unstable repos)
No reinstallation is required if you have Sparky 2019.xx (of the line 6) installed, simply make full system upgrade.
The Tails project, which develops the Debian-based Tails amnesic incognito live operating system, has announced today some of their major plans for 2020 to improve the anonymous OS used by NSA whistle-blower Edward Snowden to stay hidden online.
In 2020, the Tails project plans to release numerous updates to its Tails anonymous OS, some of which will be major ones implementing big new features like support for Secure Boot to offer better compatibility with more hardware components, thus making it easier to start Tails on PCs and Macs.
While Secure Boot support is planned for July 2020, when the Tails 4.9 release should hit the streets, the project also aims to deal with the manual upgrades as soon as January 2020. These manual upgrades have been bugging users for a long time now, but Tails wants to make the upgrade process less painful, lighter and more robust.
On October 7, we launched our donation campaign by explaining why supporting Tails is more important than ever. On October 31, we summarized what we did in 2019 to make Tails easier to adopt by new users. Today we pass on to you our plans for 2020.
But first, we are pleased that the donation campaign has been pretty successful so far. We received around 50ââ¬Â¯000 € already, which is 69% more than last year. Still, these good results are due to some large donations and fewer people have been donating so far, 16% less than in 2018. We hope that after reading this post many of you will consider donating to Tails.
There are a lot of small changes that can be made to the Debian archive to increase the overall quality. Many of these changes are small and have just minor benefits if they are applied to just a single package. Lintian encourages maintainers to fix these problems by pointing out the common ones.
Most of these issues are often trivially fixable; they are in general an inefficient use of human time, and it takes a lot of effort to keep up with. This is something that can clearly be automated.
Several tools (e.g. onovy's mass tool, and the lintian-brush tool that I've been working on) go a step further and (for a subset of the issues reported by lintian) fix the problems for you, where they can. Lintian-brush can currently fix most instances of close to 100 lintian tags.
Thanks to the Vcs-* fields set by many packages and the APIs provided by hosting platforms like Salsa, it is now possible to proactively attempt to fix these issues.
The Debian Janitor is a tool that will run lintian-brush across the entire archive, and propose fixes to lintian issues via pull request.
The Lubuntu Team is pleased to announce we are running a Focal Fossa wallpaper competition, giving you, our community, the chance to submit, and get your favorite wallpapers included in the Lubuntu 20.04 LTS (Long Term Support) release.
Welcome to the Ubuntu Weekly Newsletter, Issue 607 for the week of November 24 – 30, 2019. The full version of this issue is available here.
Autumn (or Fall, depending on your level of Americanization) was a busy period… so busy in fact that the Computer Weekly Open Source Insider blog saw a number of milestone advancements go whizzing past.
Among those news items we’re catching up on as we approach the Christmas silly season is the latest update from Canonical on Ubuntu.
Canonical is positioning Ubuntu as (in its view) an operating system (OS) of choice for ‘most’ (it was clear not to say all) public cloud workloads, as well as the emerging categories of ‘smart gateways’, self-driving cars and advanced robots.
It’s no secret that every year brings a significant advancement for our GPUs – after all, they are one of the things that we’re best known for. However, this time things are a little bit different. Yes, we are today announcing a new GPU, but we’ll come right out and say it – this year we haven’t made a significant step forward. No… this time we’ve made an exceptional leap forward. Today, we are proud to introduce IMG A-Series. It’s not only a range of new cores, but it introduces a new GPU architecture too. The headline figure? A-Series is 2.5x faster (or 150%) for the same area and same power compared to our currently shipping PowerVR GPUs. Normally, a 20-25% uplift in performance on an annual basis would be welcomed making this nothing less than an exceptional leap over to current shipping hardware, such as the PowerVR Series9XM in the Oppo Reno Z. This increase means we are inherently more power efficient too, and for the same performance, we are now 60% lower power too.
The IMG A-Series is being advertised as offering a 2.5x increased performance figure, 8x faster at AI processing, and 60% lower power than current-generation PowerVR hardware. Imagination refers to their new IMG A-Series as "The GPU of Everything." The A-Series IP will be available for hardware in 2020 and does support Vulkan 1.1 among other 3D standards.
Imagination Technologies has just launched IMG A-Series GPU which they claim is “The GPU of Everything” and “The fastest GPU IP ever”.
“Ubuntu, Redhat, Suse, CentOS, etc. Linux comes in various forms and offers various benefits. One of the most important attributes of Linux is that it is available free of charge. This does not only save money, it also helps the further distribution of KNX worldwide.”, says Franz Kammerl, President of KNX Association. “Being now available also for further platforms, such as Raspberry Pi and other single-board computers (SBCs), the hardware input for realising a KNX project with the ETS Inside has been considerably lowered.”
Today, we are proud to announce Code the Classics, the latest (and long-awaited) publication from Raspberry Pi Press.
The Raspberry PI 4 Model B Single Board Computer (SBC) is a great computing device; almost every computer geek on the knows that. This is why the $35 priced ultra-small computer is now available in its 4th iteration and is more powerful than ever.
After receiving my review unit from Seeed Studios, a Shenzen based global supplier of electronics, I decided to ditch my Ryzen powered desktop PC in favor of the Raspberry Pi 4 Model B (4GB variant) for a week.
The other day we wrote about Getting Started with Embedded Linux on RISC-V in QEMU emulator and noted that Linux capable RISC-V hardware is currently fairly expensive.
We also mentioned there was work on porting uCLinux to Kendryte K210 RISC-V processor on boards such as Sipeed Maix board. The processor only comes with 8MB RAM, and does not feature an MMU (Memory Management Unit) so what you’d be able to do on the board would be limited, and for instance, a desktop environment is clearly impossible on the platform.
NOMMU support also requires some extra work, and in Linux 5.4 we saw only of the changes was “SiFive PLIC IRQ chip modifications, in preparation for M-mode Linux”.
The open source software movement coalesced in the late 1990s, with programmers sharing software source code rather than sealing it off from users and forbidding its replication. The movement is known most famously, perhaps, for the Linux operating system, which was created by a disparate group of users connected only by the internet—a direct contrast to the sealed-in software worlds of tech titans like Microsoft and Apple.
Those using open source software in agriculture are up against similarly powerful companies. Farmers who scrap their cherished binders and spreadsheets full of records in favor of off-the-shelf farm management software often run the risk of losing control of their data to tech companies—or losing their data entirely.
If you have pre-ordered the PinePhone Brave Heart edition or are waiting for it to go on general sale early next year then the following video is a must watch.
In it, Pine64’s Lukasz Erecinski shows off his PinePhone developer edition, showing us the fit, form and build quality, and giving us a glimpse at what lays behind the back case, including some very tantalising pogo pins…
Face au duopole de Google et d’Apple sur les systèmes d’exploitation mobiles, ce Normand développe €«/e/€», un système d’exploitation affranchi des Gafam.
When we announced the Librem 5 crowdfunding campaign we promised we would publish the Librem 5 hardware schematics when we ship. That promise is also rooted in our articles of incorporation to release schematics of any hardware we author. We’ve shipped the first Librem 5 phones from the Birch batch to backers and photos, videos and positive early impressions are being shared.
[...]
We believe that you should have full ownership of your hardware, you shouldn’t have to essentially rent it from a company to be safe. While privacy and security are popular marketing terms these days, when many companies use those words they expect your complete and blind trust and reliance. While we believe you should trust us, we don’t require you to put blind trust in us. By publishing our schematics we give you the ability to verify that trust on your own (or with the help of someone else).
We’ve previously released hardware schematics for the Librem 5 devkits and now the Librem 5 Birch batch and will continue to share up-to-date specifications for future products and iterations. Why is this important for you even if you have no interest in looking at the specifications? Open hardware schematics allow anyone to audit, verify and contribute to more freedom respecting products. You shouldn’t have to blindly trust that any corporation has your best interests in mind.
News has been buzzing around for long when hackers have managed to run Android OS on Nintendo, Windows 10 IoT on a calculator on OnePlus models. However, this time we have an open-source project called ‘Bliss OS’ which lets us do just that legally.
Last year too Bliss OS had released a version which ran Android Pie on our computers even. The latest version, Bliss OS 12 has evolved manifold and lets us run Android 10 on any Linux or Windows 10 PC.
The Librem 5 is the first smartphone from Linux laptop maker Purism. First announced more than two years ago, the Librem 5 still isn’t quite ready for prime time. But folks willing to pay $699 for pre-production hardware have started to receive devices from the Librem 5 Birch batch that began shipping last week.
That means the first real-world unboxing videos, user impressions, and hands-on reviews from people who don’t work for Purism are here.
The good news? The Librem 5 is a real thing that mostly works the way it’s supposed to. The bad news? The software is quite clearly still a work in progress.
When Ars spoke to Purism founder and CEO Todd Weaver two weeks ago, the Librem 5 had been "shipping" for a month but not to backers—only to Purism employees and inside developers. Weaver talked a little about the unexpected hardware issues the company had been experiencing late in the game, including a batch of phone boards missing a 10kOhm resistor, and he gave us an updated schedule for when the phones would resume shipping. More importantly, Weaver said backers would begin receiving their phones by the first week of December.
Google has released today the Android Security Patch for December 2019 for its latest Android 10 mobile operating system series to address some of the most critical security vulnerabilities. Consisting of the 2019-12-01 and 2019-12-05 security patch levels, the Android Security Patch for December 2019 addresses a total of 42 security flaws across various Android components, including Android Framework, Media framework, Android System, Kernel components, as well as Qualcomm components, including closed-source ones.
The most critical security issues fixed in this update affects the Framework component and could allow a remote attacker to cause a permanent denial of service. Also patched is a flaw that could allow a remote attacker to execute arbitrary code within the context of a privileged process by using a specially crafted file, and a vulnerability that could let a local attacker with privileged access to gain access to sensitive data.
We would like to introduce (and thank!) Amol Meshram, who has joined us here at the OSI to provide monthly summaries of both the License-Discuss and License-Review mailing lists. We hope these reports provide you with a helpful snapshot of the monthly activities on the lists, keeping you up to date with the latest topics, while also providing a reference point for further discussion. Of course all suggestions are welcome as we continue to enhance our reporting. We will try our best to include the feedback from OSI community members to make the summaries as accurate as possible and the discussions lively and fruitful.
Carlo Piana is not in favour of The Vaccine License and feels it is a trolling exercise. Filli Liberandum suggested to Carlo Paina to read the mailing list code of conduct. In furtherance to it, Filli Liberandum explained why there is a necessity of acknowledging The Vaccine License by OSI board and its members. Anand Chowdhary based on his experience of adding privacy compliance under twente open source license pointed out that there are better ways to protect privacy of individuals like local/national/international regulation instead of protecting it through open source license. He is of the opinion that there are better ways to advocate for vaccination and open source license is not the better way to advocate for it. Filli Liberandum countered to Anand Chowdhary by citing example of Cryptography Autonomy License of Mr. Lindstrom which ask for some release of data as a condition and head of OSI has publicly accepted this condition. Pamela Chestek brought into notice of Filli Liberandum that OSI did not endorse the view of Simon Phipps (referred head of OSI by Filli) on Cryptography Autonomy License data condition clause. Simon Phipps is member of the board along with others. Simon Phipps views on CAL are personal. Filli Liberandum raised a concern with respect to archives as it is stuck in a plaintext mode. Simon Phipps suggested to Filli Liberandum to familiarize with License-review process and change the tone of message and requested to leave moderating to the moderators to which Filli agreed and responded that here onwards Filli will directly reach out to concerned members. Gil Yehuda responded to Fil that Licenses usually do ask for things in return and appreciated the efforts of Fil in writing The Vaccine License, while considering the OSD. Gil raised an important point of enforceability of The Vaccine License in the real life scenario. Gil is of the opinion that one can right a blog and promote the importance of the idea instead of restricting it with copyright license. To buttress claim, Gil cited article written by Selam G which convinced Gil to support Free Software Movement. The reason behind citing this article is to explore other platforms instead of publishing work under copyright license.
Carlo Piana responded to Fil that The Vaccine License is discriminatory and non-enforceable in nature. Carlo thinks that vaccination can be achieved through local authorities instead of enforcing it through copyright license. Carlo believes one should provoke reactions rather than genuine attempt of having a license approved. Josh Berkus agrees with Carlo on provoking reactions from members on license instead of attempting for approving the license. Josh suggested to take this submission as a use case and put it on opensource.org for future reference. Carlo Piana is of the same view that opensource.org should take this submission as a use case for future submissions to avoid duplication of work. Bruce Perens is also of the opinion that a direct law on vaccination will be more effective than a license. Similarly, Bruce also wrote two blog posts on the issue of “ethical” licenses wherein Bruce referred the proposed The Vaccine License. Grahame Grieve replied to Bruce’s blog post and appreciated the efforts of writing blog post on ethical license and also the basic arguments put forwards by Bruce. But Grahame bothered by the lack of ethics in the Vaccine License, judging vaccine license solely based on enforceability clause. Similarly, Grahame wanted to know whether the lawyers, courts and violators laugh at license and is there any precedent on when someone gives something of value away, on the condition that it not used in a particular way? Bruce Perens replied to all the queries of Graham Grieve. Firstly, Bruce Perens claims blog post argument is based on law instead of license terms. Secondly, Bruce has experience in handling litigation for various reasons and Bruce wants other should not get into litigation for same cause of action. Lastly, Bruce said Lawyers, courts and violators laugh at license and this whole exercise will be term as a ‘‘copyright misuse’’. Kevin P. Fleming replied to Graham and pointed that The Vaccine License does not talk about goals instead it focusses on action to be performed which is not in sync with the use of the software. Similarly, Kevin is of the opinion that The Vaccine License violates the OSD 5. To this Grahame Grieve countered by saying if The Vaccine license is applied to health software then in such scenario would Kevin change his opinion. Van Lindberg appreciated various aspect of the Vaccine License and efforts put forward by Fil in creating the vaccine license. But Van feels the Vaccine License does not qualify for OSS because it imposes conditions which are logically separate from and wholly unrelated to scope intellectual property rights that are licensed. Similarly, Van attempted to answer the question on what scope of action can be required of a license? Van observed if restrictions are closely related to the exercise of the intellectual property rights granted under license then such restrictions make sense and compatible with OSD. Filli Liberandum replied to analysis of Van and requested to reverse engineer the rules from the approved licenses which Fil believe will lead us to conclusion that the Vaccine License attempt is not an accidental in nature. Josh Berkus feels that The Vaccine License is very good example for ‘’unrelated conditions’’ license which can be referred in future as a textbook example to differentiate between what kind of licenses OSS supports and what can’t be supported by OSS license.
Among them: native MP3 decoding on Linux, Windows and macOS systems. This is a particularly big feature and is made possible by patents on the MP3 technology expiring.
For Linux users, this changes means that Firefox does not have to rely on third-party packages like gstreamer to play mp3 content (e.g., a podcast) in the browser.
The Lockwise password manager (requires a Firefox account) gains support for subdomains and makes breach alerts available to those using the browser with a screen reader enabled.
Another feature in Firefox 71 is the new Kiosk mode aimed at enterprise users. Launching Firefox with the --kiosk flag at the command line will open the app in an immersive fullscreen mode.
Another release is upon us: please welcome Firefox 71 to the stage! This time around, we have a plethora of new developer tools features. These include the web socket message inspector, console multi-line editor mode, log on events, and network panel full text search!
And as if that wasn’t good enough, there are important new web platform features available, like CSS subgrid, column-span, Promise.allSettled, and the Media Session API.
The upcoming Firefox 71 web browser is now available to download for all supported platforms, including Linux, Windows, and macOS, ahead of tomorrow's official launch. Firefox 71 has entered development in late October and it promises to introduce a new "--kiosk" command-line parameter that opens the web browser in full-screen mode (a.k.a. kiosk mode), a redesigned about:config internal configuration page, as well as Picture-in-Picture (PiP) support on Windows.
"Windows users now have the ability to pop out videos on the web into an always-on-top video player using the Picture-in-Picture feature! For most videos, this can be accomplished by hovering the video with the mouse, and clicking on the Picture-in-Picture toggle," explained Mozilla in the preliminary release notes.
TenFourFox Feature Parity Release 17 final is now available for testing (downloads, hashes, release notes). Apologies for the delay, but I was visiting family and didn't return until a few hours ago so I could validate and perform the confidence testing on the builds. There are no other changes in this release other than a minor tweak to the ATSUI font blacklist and outstanding security patches. Assuming all is well, it will go live tomorrow evening Pacific time.
The FPR18 cycle is the first of the 4-week Mozilla development cycles. It isn't feasible for me to run multiple branches, so we'll see how much time this actually gives me for new work. As previously mentioned, FPR18 will be primarily about parity updates to Reader mode, which helps to shore up the browser's layout deficiencies and is faster to render as well. There will also be some other minor miscellaneous fixes.
There’s a good chance you are reading this in Google’s Chrome web browser, which commands 65% of the global market (and about 50% in the U.S.), according to Statcounter. Only about 4% to 5% of web surfers now go online through Firefox, the open-source browser from the California-based Mozilla foundation. But the web was much different when Firefox launched 15 years ago on November 9, 2004, and the browser began a fast rise to prominence.
When Firefox hit the scene, Internet Explorer had more than 90% market share, having felled Netscape Navigator. Given that it was the default browser on Windows, which commanded a similar share of the operating system market, its monopoly seemed like it could be permanent. But Firefox quickly caught on, and eventually grew to command about a third of the market at its height in 2009. While it’s unlikely to recapture such former glory, Firefox has been experiencing something of a renaissance, not just by improving speed and features, but by putting user control over privacy front and center.
Fifteen years on, it’s hard to imagine how radical Firefox was at the time of its debut. Instead of coming from a megacorporation like Microsoft (or today, Google), Firefox was built by volunteers around the world who gave their code away for free. “Open source was well known for developers,” says Mitchell Baker, who cofounded the Mozilla Project back in 1998 and is today the chairwoman of the Mozilla Corporation and Mozilla Foundation. “But the common wisdom of the time was that open source was only for the geeks. You could build [tools] for developers but not consumer products out of it.”
I recently gave a talk at OWASP Global AppSec in Amsterdam and summarized the presentation in a blog post about how to achieve “critical”-rated code execution vulnerabilities in Firefox with user-interface XSS. The end of that blog posts encourages the reader to participate the bug bounty program, but did not come with proper instructions. This blog post will describe the mitigations Firefox has in place to protect against XSS bugs and how to test them.
Our about: pages are privileged pages that control the browser (e.g., about:preferences, which contains Firefox settings). A successful XSS exploit has to bypass the Content Security Policy (CSP), which we have recently added but also our built-in XSS sanitizer to gain arbitrary code execution. A bypass of the sanitizer without a CSP bypass is in itself a severe-enough security bug and warrants a bounty, subject to the discretion of the Bounty Committee. See the bounty pages for more information, including how to submit findings.
I’ve long been a fan of smart editors which have a semantic understanding of the code you’re editing, and leverage it to provide semantics-aware features such as accurate code completion (only offering completions for names that are actually in scope), go-to-definition, find references, semantic highlighting, and others.
When I joined Mozilla six years ago, my choice of editor for C++ code was Eclipse CDT, because based on experience and research, this was the most fully-featured option that was cross-platform and open-source. (Depending on who you ask, Visual Studio, XCode, and CLion have, at various times, been described as matching or exceeding Eclipse CDT in terms of editor capabilities, but the first two of these are single-platform tools, and are three all proprietary.)
This assessment was probably accurate at that time, and probably even for much of the intervening time, but in recent years Eclipse CDT has not aged well. The main reason for this is that Eclipse CDT has its own C++ parser. (For brevity, I’m using “parsing” here as an umbrella term for lexing, preprocessing, parsing, semantic analysis, and all other tasks that need to be performed to build a semantic model of code from source.) C++ is a very complex language to parse, and thus a C++ parser requires a lot of effort to write and maintain. In the early days of CDT, there was a lot of investment, mostly from commercial vendors that packaged CDT-based IDEs, in building and maintaining CDT’s parser, but over time, the level of investment has faded. Meanwhile, the C++ language has been gaining new features at an increasing rate (and the Mozilla codebase adopting them — we’re on the verge of switching to C++17), and CDT’s parser just hasn’t been able to keep up.
Version 71.0, first offered to Release channel users on December 3, 2019
Today marks the last Mozilla Firefox feature update of 2019 with the release of Firefox 71.0.
Firefox 71.0 introduces a --kiosk CLI switch for launching Firefox in a full-screen kiosk mode, a redesigned about:config area, a new certificate viewer, new server timing information is exposed via Firefox's Developer Tools, partial support for the Media Session API, native MP3 encoding is enabled for all desktop platforms, and various other developer enhancements.
A month ago I wrote about Avast browser extensions being essentially spyware. While this article only names Avast Online Security and AVG Online Security extensions, the browser extensions Avast SafePrice and AVG SafePrice show the same behavior: they upload detailed browsing profiles of their users to uib.ff.avast.com. The amount of data collected here exceeds by far what would be considered necessary or appropriate even for the security extensions, for the shopping helpers this functionality isn’t justifiable at all.
[...]
Spying on your users is clearly a violation of the terms that both Google and Mozilla make extension developers sign. So yesterday I reported these four extensions to Mozilla and Google. Quite surprisingly, as of today all of these extensions are no longer listed on either Mozilla Add-ons website or Chrome Web Store. That was a rather swift action!
It remains to be seen how this will affect millions of existing extension users. At least Mozilla didn’t add Avast extensions to the blocklist yet, stating that they are still talking to Avast. So the extensions will remain active and keep spying on the users for now. As to Google, I don’t really know where I can see their blocklist, any hints?
Welcome to the fourth edition of Multilingual Gecko Status Update!
In the previous update we covered the work which landed in Firefox 61-64.
At the time, we were landing Fluent DOM Localization APIs, still adding mozIntl features, and we had close to 800 strings migrated to Fluent.
I indicated that 2019 should be quieter, and in result I reduced the update frequency to just one this year.
Last month, the Internet Society (ISOC) announced plans to sell the Public Interest Registry (PIR) — the organization that manages all the dot org domain names in the world — to a private equity firm named Ethos. This caught the attention of Mozilla and other public benefit orgs.
Many have called for the deal to be stopped. It’s not clear that this kind of sale is inherently bad. It is possible that with the right safeguards a private company could act as a good steward of the dot org ecosystem. However, it is clear that the stakes are high — and that anyone with the power to do so should urgently step in to slow things down and ask some hard questions.
For example: Is this deal a good thing for orgs that use these domains? Is it structured to ensure that dot org will retain its unique character as a home for non-commercial organizations online? What accountability measures will be put in place?
In a letter to ISOC, the EFF and others summarize why the stakes are high. Whoever runs the dot org registry has the power to: set (and raise) prices; define rights protection rules; and suspend or take down domains that are unlawful, a standard that varies widely from jurisdiction to jurisdiction. It is critical that whoever runs the dot org registry is a reliable steward who can be held accountable for exercising these powers fairly and effectively.
We are continuing our beta testing of the Firefox Private Network extension that we released earlier this year. The extension hides your Firefox browsing activity and location. This prevents eavesdroppers on public Wi-Fi from spying on the actions you take online by masking your IP address and routing your traffic through our partner’s secure servers. It also protects you from internet service providers collecting or selling data on your browsing activity. And it hides your locations from websites and data collectors that profile you to target ads.
There will be no changes for test pilots who have already started using the extension by logging in with their Firefox account. For those who are not yet using the extension, we invite you to join the Test Pilot program and try it out. When you sign up or log in with a Firefox account and become one of our beta testers, you’ll get 12 hours of protected browsing for free this month. We are continuing to explore the best way to deliver browser-level protection to our users and we welcome your feedback and input each step of the way.
In June we made an announcement, that left us — just like many of our users — particularly excited: we introduced Firefox Preview, a publicly available test version of our upcoming best in class browser for Android that will be fueled by GeckoView. GeckoView is Mozilla’s own high-performance mobile browser engine, which enables us to deliver an even better, faster and more private Firefox to Android device owners. Hundreds of thousands of users have downloaded and tested Firefox Preview since it became available.
Over the past 5 months we’ve been working diligently on improvements to the app. We’ve been listening closely to user feedback and are basing app development on users’ requests and needs; one very recent example is our support for extensions through the WebExtensions API. We will still continue to test Firefox Preview Beta and we’re expecting to launch as a final product in the first half of 2020. Today, we want to provide an update on our progress, and share some of the amazing new features we’ve added to Firefox Preview since the beta release of 1.0.
Today marks my 12th anniversary working for Mozilla. I started on December 3, 2007, as a contractor, and moved to a full employment 13 months later, in January 2009. So in January this year, I was employed there 10 years.
I wrote about my work anniversary once before. Some things have changed since then, some have not. I am still working on Firefox accessibility, doing, unfortunately, less blogging than I used to (current series excepted), and am doing more engineering and less evangelism in general.
To many, especially in Silicon Valley, it is strange, yes even bewildering, for someone to stay in one employment relationship for that long. However, if you look at people with disabilities, the number of long term employments is generally higher than with the rest of the population working in the same field. The answer is quite simple: Regardless of the U.S., Canada or Europe, finding employment as a person with a disability is much harder than if you’re not disabled. As a consequence, we tend to hang on to our jobs much longer, do less job hopping.
As the year comes to a close, we look back at what we’ve accomplished. As recently noted in the press, this year may be the mark of our privacy-renaissance. We’ve built additional privacy protections in the browser which included blocking third party tracking cookies and cryptomining by default and created an easy-to-view report which shows the trackers that follow you and collect your online browsing habits and interests. To date, we’ve blocked more than 1 Trillion tracking requests that attempt to follow you around the web! Privacy has always been part of our DNA. We’ve always believed our role is and has always been to help give people more control over their online lives.
Mozilla officially released today the Firefox 71 web browser for all supported platforms, including Linux, Windows, and macOS, a release that adds various improvements and new features. While we already took an early look at Firefox 71, which our readers could download since yesterday, Mozilla has published more details release notes that highlight a much-improved built-in password manager that can now recognize subdomains and automatically fill domain logins and provide breach alerts from Firefox Monitor for users with screen readers.
Furthermore, the integrated Enhanced Tracking Protection, which was enabled by default in the Firefox 69 release, now offers users more information about the actions it takes by displaying notifications when Firefox blocks cryptominers, as well as a running tally of blocked trackers in the protection panel, which users can access by clicking the address bar shield.
Database vendors have started to use their own open source style licenses in a bid to stave off cannibalization by large cloud players such as Amazon Web Services.
The promise of open source database software is that users can freely use the code as they choose. Open source isn't just a marketing hook, but rather a well-defined set of licenses that have been approved as open source by the Open Source Initiative (OSI) and are compliant with the Open Source Definition.
Many database vendors have long used an open core model, in which the foundational model is an open source licensed code base, with added enterprise-grade features for reporting, scalability and management available under a proprietary license.
On behalf of the NetBSD project, it is my pleasure to announce the first (and hopefully only) release candidate of NetBSD 9.0.
Many changes have been made since 8.1. Here are a few highlights:
- Support for Arm AArch64 (64-bit Armv8-A) machines, including "Arm ServerReady" compliant machines (SBBR+SBSA) - Enhanced hardware support for Armv7-A - Updated GPU drivers (e.g. support for Intel Kabylake) - Enhanced virtualization support - Support for hardware-accelerated virtualization (NVMM) - Support for Performance Monitoring Counters - Support for Kernel ASLR - Support several kernel sanitizers (KLEAK, KASAN, KUBSAN) - Support for userland sanitizers - Audit of the network stack - Many improvements in NPF - Updated ZFS - Reworked error handling and NCQ support in the SATA subsystem - Support a common framework for USB Ethernet drivers (usbnet)
Since the start of the release process four months ago a lot of improvements went into the branch - more than 500 pullups were processed! This includes usbnet (a common framework for usb ethernet drivers), aarch64 stability enhancements and lots of new hardware support, installer/sysinst fixes and changes to the NVMM (hardware virtualization) interface.
Binaries of NetBSD 9.0_RC1 are available for download via our Fastly CDN: https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/
(or from ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-9.0_RC1/, or one of its mirrors)
Those who prefer to build from source can either use the netbsd-9-0-RC1 tag or follow the netbsd-9 branch.
Please help us out by testing 9.0_RC1. We love any and all feedback. Report problems through the usual channels (submit a PR or write to the appropriate list). More general feedback is welcome at releng%NetBSD.org@localhost. Your input will help us put the finishing touches on what promises to be a great release!
Enjoy,
Martin
NetBSD 9.0 is around the corner and finally presenting 64-bit Arm (AArch64) support as well as other long overdue hardware support like Intel Kabylake graphics.
NetBSD 9.0 is a big step-up for this BSD operating system with better support for modern Arm and x86_64 Intel/AMD hardware. There is also updated ZFS file-system support, the kernel finally supports kernel address space layout randomization, and other kernel features added. Out today is NetBSD 9.0 RC1 as what is expected to be the only release candidate.
There is now a public discussion about GNU governance issues as described in this LWN article: Rethinking the governance of the GNU Project. We have had private discussion about GNU governance issues for the last couple of decades between GNU maintainers, but that never resulted in actual change. And recent events made things a bit more urgent. Since the Chief GNUisance is no longer the president of the FSF. The FSF is now asking for feedback on how their relationship with the GNU project should go forward with respect to fiscal sponsorship, technical infrastructure, promotion, copyright assignment, and volunteer management. So we need to answer a lot of questions.
Mark Wielaard has posted a summary of the discussion thus far on the governance of the GNU project.
The last two FSFE e.V. members resigned immediately after the 2019 annual meeting decided to pursue a vendetta against the former fellowship representative.
These resignations don't reflect any wrongdoing on the part of the members who have departed, they reflect the fact FSFE e.V. itself is being consumed by foolish vendettas.
When we read the (defamation redacted by satire) minutes of the 2019 FSFE annual meeting, we see the same thing: a motion has been passed deciding that the community elected representative has to be blamed for everything that is wrong in the world. The text of the motion is irrelevant: the key point is that bunch of supposedly grown-up German males are getting together to whine about a volunteer who resigned over a year ago. This is no accidental slip of gaslighting: the minutes show that 11 people travelled to Essen on 12 October 2019, meeting at the LinuxHotel and making a formal resolution to continue in the footsteps of the GDR's secret police. The minutes do not include any positive plans for the next 12 months: just some administrative changes and the resolution to pursue a vendetta. Would Stasi predecessors feel a tingle of pride reading the unredacted version of the document, dripping with character assassination?
This is even more despicable because the volunteer in question resigned at a time of personal tragedy and asserted that he is grieving for the loss of a family member. Hounding a volunteer who resigned at a time like that shows an utter lack of humanity.
Corrupt elements of the FSFE management were already running evil campaigns like this in private emails before the Fellowship migrated to the fsfellowship.eu mailing list in May. In a #MeToo moment for Free Software, the former community representative called them out, leaking this quote from Herr Matthias Kirschner, FSFE president.
Today marks a very special day for us as we are finally able to present you the Qt Marketplace. We have been working very hard for the past year to build the marketplace and to onboard the first set of fantastic extensions with the help of our great community. Huge thanks for everyone involved in the process! To make this our joint effort for #Qt we would like to invite you for populating it with all the fantastic extensions including Qt Creator Plugins, tools and modules … that has been done with Qt.
While there is the KDE Frameworks that offers a wonderful set of complementary extensions/add-ons to the Qt5 tool-kit, for those looking for more Qt5 extensions, The Qt Company has launched "The Qt Marketplace" as a source for both free and paid extensions.
Qt Marketplace offers extensions to add additional functionality around the tool-kit, new Qt Creator Plugins, tools, modules, and more. There are 100+ extensions at launch including Felgo that offers additional Qt APIs, Incredibuild as a network-based build system for Qt Creator, Froglogic to help with testing Qt programs, KDAB's KUESA workflow software, and various KDE add-ons.
There's not a single month where I don't have to explain this. I thought it'd be a good opportunity to write about this .gitignore file so everyone is up to date on this magic file.
If you are a programmer or developer and working on software applications or any website, you will definitely require some versioning system to track the changes. Version Control System is also referred as SCM (Source Code Management) tools or RCS (Revision Control System).
Version control is a method or a category of software tools that helps to keep a track of changes in the code so that if something goes wrong, we can make comparisons in different code versions and can easily revert to previous versions. It is very helpful when multiple developers are continuously working or changing the source code.
No matter how often you write code, though, there's bound to be something you don't use often enough to type without a reference. Maybe you can't remember whether to include or import or how to parse incoming arguments. There are a few ways to bridge such a gap: you can use a robust IDE and let it autocomplete the obvious parts, or you can keep a cheat sheet handy to get a little control over all that dizzying syntax.
While Java's too big to be contained on a two-page cheat sheet, whether you're new to programming or you only dip into Java every once and a while, this cheat sheet gets you up and running. Perhaps most importantly, it provides you with added context for what you're trying to remember. You don't have to blindly choose between prompts from your IDE for a private or public method; you can get clarity instead. And let our cheat sheet inspire you to create your own as you go. The next time you stumble over syntax that's not covered on this cheat sheet, open up a notebook or a text file and jot down the solution. When you get enough good ones, let us know what they are, and who knows? Maybe a sequel can be arranged!
C++ was designed by Bjarne Stroustrup with its first release in 1983. It’s a statically typed, free-form, multi-paradigm, portable, compiled, general-purpose programming language. C++ is regarded as an intermediate-level language, as it has a combination of both high-level and low-level language features. C++ was designed for systems and applications programming, extending the C programming language. Hence the name C++, the increment operator is written as ++.
C++ remains a popular programming language. For example, it is heavily used in embedded systems, banking, and telecommunications.
It is a superset of C that retains the efficiency and notational convenience of C, while providing facilities for stronger type checking, multiple inheritance, data abstraction, exception handling operator overloading, generic programming, and object-oriented programming. C++ has influenced many other languages including C#, Java, and the development of C.
The full commit details are well worth reading, as is the manual page for the (new) msyscall(2), and some associated discussion on tech@.
In this article we'll take a look at the different techniques that can be used to decide when to collect garbage, how to implement such a technique, and what techniques a few programming languages out there use.
I’ve watched how my thirteen year old son goes about to acquire information about things online. I am astonished how he time and time again deliberately chooses to get it from a video on YouTube rather than trying to find the best written documentation for whatever he’s looking for. I just have to accept that some people, even some descendants in my own family tree, prefer video as a source of information. And I realize he’s not alone.
So therefore, I bring you, the…
libcurl video tutorial
My intent is to record a series of short and fairly independent episodes, each detailing a specific libcurl area. A particular “thing”, feature, option or area of the APIs. Each episode is also thoroughly documented and all the source code seen on the video is available on the site so that viewers can either follow along while viewing, or go back to the code afterward as a reference. Or both!
I’ve done the four first episodes so far, and they range from five minutes to nineteen minutes a piece. I expect that it might take me a while to just complete the list of episodes I could come up with myself. I also hope and expect that readers and viewers will think of other areas that I could cover so the list of video episodes could easily expand over time.
Thanks to the tireless efforts of release managers Aleks-Daniel Jakimenko-Aleksejev and Samantha McVey, this week finally saw a new Rakudo Compiler release again: 2019.11. For packagers, this is the first release that is fully relocatable. Kudos to the 65 contributors to this release! And kudos to Claudio Ramirez to immediately supply packages for many Linux distributions that now also support relocatable builds!
You can get Django 3.0 from our downloads page or from the Python Package Index. The PGP key ID used for this release is Carlton Gibson: E17DF5C82B4F9D00.
With the release of Django 3.0, Django 2.2 has reached the end of mainstream support. The final minor bug fix release (which is also a security release), 2.2.8, was issued today. Django 2.2 is an LTS release and will receive security and data loss fixes until April 2022. All users are encouraged to upgrade before then to continue receiving fixes for security issues.
So as I work through all the OpenGLContext projects to get automatic (or near automatic) releasing, SimpleParse wound up failing on the 3.x branches with a weird xml test failure. But with Python 3.8 the C code just won't import at all. Seems there was a change in Python 3.8 where it does a load-time test for functions in the module and the hand-coded C module triggers it. So I'll have to spend some time on that before I can get the whole stack releasing.
Interactive widgets for Jupyter notebooks, MongoDB support, and code assistance for all Python 3.8 features. Download the new version now, or upgrade from within you IDE.
Pandas is a powerful and flexible Python package that allows you to work with labeled and time series data. It also provides statistics methods, enables plotting, and more. One crucial feature of Pandas is its ability to write and read Excel, CSV, and many other types of files. Functions like the Pandas read_csv() method enable you to work with files effectively. You can use them to save the data and labels from Pandas objects to a file and load them later as Pandas Series or DataFrame instances.
This is pretty common in devops world. You might be looking at all repositories of in all github organizations. You might be looking at all keys in all AWS S3 buckets under a specific account. You might be looking at all tables owned by all schemas in a database.
It's helpful -- for the moment -- to stay away from taller tree structures like the file system. Traversing the file system involves recursion, and the pattern is slightly different there. We'll get to it, but what made this clear to me was a "simpler" walk through a two-layer hierarchy.
The nested for-statements aren't really ideal. We can't apply any itertools techniques here. We can't trivially change this to a multiprocessing.map().
When you start building apps that display long documents, large amounts of data or large numbers of widgets, it can be difficult to arrange things within a fixed-size window. Resizing the window beyond the size of the screen isn't an option, and shrinking widgets to fit can make the information unreadable.
To illustrate the problem below is a window in which we've created a large number of QLabel widgets. These widgets have the size Vertical Policy set to Preferred which automatically resizes the widgets down to fit the available space. The results are unreadable.
Our paths had crossed via Twitter while the book was written and I was rather pleased to see the origin story for the name “Mu” got a mention since I shared it with Mitsuharu in a tweet. As you’ll read below (and in typical fashion for me), there are many layers to my reason for the choice of name.
For the first time the PSF is participating in Giving Tuesday! This event is held annually the Tuesday after Thanksgiving - this year on December 3rd, 2019. The global celebration runs for 24 hours and begins at midnight local time.
Email authentication has had a turbulent history - SMTP did not have a native form of authentication when it was designed, and all modern authentication methods are built on top of that system. This was not a problem in the 1980s because there were simply too few people emailing - the only ones using it were universities and corporations actively involved in building the internet. Since then we’ve got a variety of tools to attempt to verify emails, including SPF, DKIM, and DMARC, and I wanted to explore the actual usage of these authentication methods by the most popular sites and companies in the world - specifically, the top 100 domains and the Fortune 500 companies.
For quite a while, it looked like my prediction — one to two articles per day — was overly optimistic. By summer, there were only four new sites: Reed College, University of Oklahoma (at least, I think that that's what uucp node uok is), vax135, another Bell Labs machine — and, cruciallyy, U.C. Berkeley, which had a uucp connection to Bell Labs Research and was on the ARPANET.
In principle, even a slow rate of exponential growth can eventually take over the world. But that assumes that there are no "deaths" that will drive the growth rate negative. That isn't a reasaonable assumption, though. If nothing else, Jim Ellis, Tom Truscott, Steve Daniel, and I all planned to graduate. (We all succeeded in that goal.) If Usenet hadn't shown its worth to our successors by then, they'd have let it wither. For that matter, university faculty or Bell Labs management could have pulled the plug, too. Usenet could easily have died aborning. But the right person at Berkeley did the right thing.
Mary Horton was then a PhD student there. (After she graduated, she joined Bell Labs; she and I were two of the primary people who brought TCP/IP to the Labs, where it was sometimes known as the "datagram heresy". The phone network was, of course, circuit-switched…) Known to her but unknown to us, there were two non-technical ARPANET mailing lists that would be of great interest to many potential Usenet users, HUMAN-NETS and SF-LOVERS. She set up a gateway that relayed these mailing lists into Usenet groups; these were at some point moved to the fa ("From ARPANET") hierarchy. (For a more detailed telling of this part of the story, see Ronda Hauben's writings.) With an actual traffic source, it was easy to sell folks on the benefits of Usenet. People would have preferred a real ARPANET connection but that was rarely feasible and never something that a student could set up: ARPANET connections were restricted to places that had research contracts with DARPA. The gateway at Berkeley was, eventually, bidirectional for both Usenet and email; this enabled Usenet-style communication between the networks.
Legendary Apple designer Jony Ive has been removed from Apple’s Leadership page. The move suggests Ive’s departure from the company is complete.
"We are taking on the big-money interests who have an army of lobbyists trying to defeat Medicare for All."
An alarming highlight in the study is the fact that India, along with Bangladesh and the United States (US), ranks the lowest in physical activity among boys, while the Philippines has taken the last place in overall physical activity among teenagers.
As health insurance, pharmaceutical and hospital companies fight to prevent more politicians from backing Medicare for All, the industry’s front group has turned to top Democratic consulting firms and pro-business nonprofits for help, according to its 2018 tax return. The array of consultants includes presidential candidate Joe Biden’s pollster.
Last month, the United States government, acting on behalf of its Department of Health and Human Services (HHS), filed suit in Delaware against Gilead Sciences, Inc. and Gilead Sciences Ireland UC for infringing four patents covering inventions developed by scientists at the Centers for Disease Control and Prevention. The patents all cover methods for a type of medical regimen known as "pre-exposure prophylaxis" (PrEP) for the prevention of HIV.
[...]
Still further, the Complaint goes to significant length to explain that Gilead provided absolutely no support in developing the inventions, aside from providing certain drug compounds under an MTA. Indeed, the Complaint addresses and squarely shoots down Gilead's public statement claiming credit for the development of the PrEP regimine.
The Complaint notes the significant benefits achieved by Truvada€® and Descovy€® for treating established HIV infections, but focuses on the efforts that were being made in the 1990s and 2000s to discover a way to prevent HIV infection from becoming established. In particular, the Complaint provides a great summary of the substantial -- yet unsuccessful -- R&D that had been and was being undertaken to develop a vaccine and/or post-exposure prophylaxis treatment of HIV prior to the invention, as well as the reasons why PrEP was then-deemed unachievable. In this respect, the Complaint is like a great survey article on the history of HIV treatment research, but the document is written in a much more readable manner than most survey articles.
OmniOS Community Edition weekly releases for w/c 2nd of December 2019 are now available.
OmniOS r151032e ships with the newest Intel CPU microcode in order to address the JCC Erratum issue, there is a fix for supporting USB hard drives greater than 2TB, OpenJDK has been updated, better support for recent Linux distribution releases within LX Zones, ZFS fixes, fixes to the SMB support, and various other fixes. LX Zones is a SmartOS/OmniOS feature for running Linux software in a lighterweight-than-a-VM environment.
Prospective users of these tools can find plentiful educational resources online, including video tutorials. The UCSC Genome Browser has two archived and searchable listservs, or electronic mailing lists: one for website and data questions, the other for queries on setting up and maintaining Genome Browser mirrors. JBrowse users can ask questions on Github or on the software’s open instant-messaging channel, but Holmes suggests contacting the developers directly. “We have some developers who really like getting feedback from users,” he says.
90% of companies DO NOT NEED JavaScript or macros to run in PDF
Now that I’m done with Kaspersky, it’s time to look at some other antivirus software. Our guest today is McAfee Total Protection 16.0. Let’s say this up front: it’s nowhere near the mess we’ve seen with Kaspersky. It doesn’t break up your encrypted connections, and the web protection component is limited to the McAfee WebAdvisor browser extension. So the attack surface is quite manageable here. The extension also uses native messaging to communicate with the application, so we won’t see websites taking over this communication channel.
Of course, browser extensions claiming to protect you from online threats have some rather big shoes to fill. They have to be better than the browser’s built-in malware and phishing protection, not an easy task. In fact, McAfee WebAdvisor “blocks” malicious websites after they already started loading, this being not quite optimal but rather typical for this kind of extension. I also found three issues in the way McAfee WebAdvisor 6.0 was implemented which made its protection far less reliable than it should be.
[...]
A bug in the way McAfee WebAdvisor deals with malicious frames made it trivial for websites to avoid blocking. Also, I found ways for websites to unblock content programmatically, both for top-level and frame-level blocking.
In fact, the way unblocking top-level content was implemented, it allowed arbitrary websites to open special pages. Browsers normally prevent websites from opening these pages to avoid phishing attacks or exploitation of potential security vulnerabilities in browser extensions. McAfee WebAdvisor allowed websites to circumvent this security mechanism.
Bad ad campaigns are targeting Windows more often than any other operating system. But should we be surprised? Let's first define a bad ad campaign.
A bad ad campaign is merely a series of online ads linked to a common threat set, designed to have a malicious effect on the end-user. These campaigns are designed to redirect the user to malicious sites or to trick the user into downloading a piece of malware. Now we are ready to look at the data. Let's dive in!
The below chart shows all of the new, uniquely defined bad ad campaigns DEVCON observed from July 11 - November 22, 2019.
Most malvertising campaigns (malicious ads) target Windows users, according to statistics shared last week by cyber-security firm Devcon.
We are very happy that from week to week, we are gaining more customers for IPFire in the cloud - where you now can manage your network just as you do it in your own data centre.
In contrast to Amazon’s own features, IPFire is easier to manage, performs just as well, but brings you even more features like standard IPsec VPNs, OpenVPN for on-the-road connectivity to the cloud, Intrusion Prevention for your cloud servers, detailed logging and reporting and many more features.
Canonical released major kernel security updates for all of its supported Ubuntu Linux operating system series to address up to 15 security vulnerabilities. The biggest kernel security patch released in December 2019 is for Ubuntu 19.10 (Eoan Ermine) and Ubuntu 18.04 LTS (Bionic Beaver) and fixes 12 vulnerabilities affecting Linux 5.3's OverlayFS and ShiftFS drivers, the Wi-Fi driver stack, ARM Komeda display driver, VirtualBox guest driver implementation, ADIS16400 IIO IMU driver, and Intel OPA Gen1 Infiniband driver.
Issues discovered in the AMD Audio CoProcessor driver, Qualcomm FastRPC driver, Cascoda CA8210 SPI 802.15.4 wireless controller driver, AMD Display Engine driver, and Chelsio T4/T5 RDMA driver were also addressed in this new kernel security update. The majority of these flaws could allow a local attacker to cause a denial of service (memory exhaustion or system crash).
Microsoft has fixed a vulnerability in its login system, which security researchers say could have been used to trick unsuspecting victims into giving over complete access to their online accounts.
The bug allowed attackers to quietly steal account tokens, which websites and apps use to grant users access to their accounts without requiring them to constantly re-enter their passwords. These tokens are created by an app or a website in place of a username and password after a user logs in. That keeps the user persistently logged into the site, but also allows users to access third-party apps and websites without having to directly hand over their passwords.
Researchers at Israeli cybersecurity company CyberArk found that Microsoft left open an accidental loophole which, if exploited, could’ve been used to siphon off these account tokens used to access a victim’s account — potentially without ever alerting the user.
This time last year, the Australian Labor Party waved through the government's encryption Bills, formally known as the Assistance and Access Bill, and threw out the line that it to keep the nation safe.
"Let's just make Australians safer over Christmas," then Labor leader Bill Shorten said at the time.
If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday tomorrow, the FBI wants you to know a few things.
Smart TVs are like regular television sets but with an internet connection. With the advent and growth of Netflix, Hulu and other streaming services, most saw internet-connected televisions as a cord-cutter’s dream. But like anything that connects to the internet, it opens up smart TVs to security vulnerabilities and hackers. Not only that, many smart TVs come with a camera and a microphone. But as is the case with most other internet-connected devices, manufacturers often don’t put security as a priority.
It was really hard to avoid all the Black Friday and Cyber Monday deals, wasn’t it? You may have even been tempted with some great deals on smart TVs, whether as a gift or as a purchase for yourself.
Knowing this, it seems the Federal Bureau of Investigation (FBI) picked a curious time to issue a warning to consumers about smart TVs. Just before Black Friday, the bureau posted a warning to its website about the risks and dangers of owning a smart TV.
The use of facial recognition technology is continuing to expand, despite concerns about its accuracy and fairness and about how it could be used by governments...
Just under three years ago, Techdirt wrote about China's plan to install satnav tracking devices on vehicles in Xinjiang. That was just one of several early signs of the human rights abuses happening there. Today, people are finally waking up to the fact that the indigenous turkic-speaking Uyghur population is subject to some of the harshest oppression anywhere on the planet. Tracking huge numbers of vehicles might seem to be a typically over-the-top, money-no-object Chinese approach to total surveillance. Unfortunately, there are signs the idea is starting to spread, as this story in RFID Journal explains:
Ring may say it's not getting into the facial recognition business, but its internal documents say otherwise. The company has a head of facial recognition tech in its Ukraine office. And its answers to Senator Edward Markey's questions make it clear Ring hasn't ruled out adding this tech to its doorbell cameras. Specifically, the company said it had no plans at the present but was always looking to "innovate" to meet "customer demand."
Like Microsoft, wireless startup Starry -- the brain child of Aereo creator Chet Kanojia -- has decided to view the public's desire for solid privacy rules as a marketing opportunity instead of something to ceaselessly undermine or whine about.
San Francisco—The Electronic Frontier Foundation (EFF) today released a comprehensive report that identifies and explains the hidden technical methods and business practices companies use to collect and track our personal information from the minute we turn on our devices each day.Published on Cyber Monday, when millions of consumers are shopping online, “Behind the One-Way Mirror” takes a deep dive into the technology of corporate surveillance. The report uncovers and exposes the myriad techniques—invisible pixel images, browser fingerprinting, social widgets, mobile tracking, and face
The Facebook Transfer Tool can be found in the menus of your account, if it is available - but remember right now that only means users in Ireland. A full international roll-out based on feedback from this trial will occur sometime next year.
Facebook plans to roll out integration with other services in the future, such as Flickr and Apple Photos, giving you a consistent way of shifting your loyalties whilst keeping your memories.
Lately that conversation has gotten louder and more complicated. Influencers, models, and celebrities — the people who Instagram was supposed to work best for — are realizing that they have been made complicit in an app that feeds its users a poison of narcissism and envy and prevents them from ever logging off. They try to reveal what happens outside the camera frame; that no, their lives aren’t perfect either; that Instagram makes them feel bad, too. They share posts about authenticity and honesty and their quiet struggles with mental health that live directly next to posts devoted to toned ab muscles and champagne on yachts, which then makes the whole thing feel fake.
Vladimir Putin has signed legislation that steeply raises the fines on Internet companies that repeatedly refuse to surrender decryption keys to the Federal Security Service. According to the new law, the Russian state can now fine tech firms between 2 and 6 million rubles ($31,100 and $93,340) for declining to share information that would allow the FSB to read users’ private correspondence.
For all of its faults, you do have to praise Android's open ecosystem, especially when compared to Apple's tightly controlled App Store. Virtually anyone with a modicum of programming ability can create an app and upload it to the Google Play store. But that openness makes it especially easy for bad apps to quite regularly find their way into the official Google Play store. Plus, third-party app stores and malicious website can harbor even more nastiness in the form of malware. It is a problem that has plagued the Google Play store, and Android in general, since its inception.
According to an article from Wired.com, Google has enlisted help from three antivirus firms who have extensively monitored Android malware for years. They are ESET, Lookout and Zimperium. In partnership with Google, they have formed an alliance, called the App Defense Alliance. They will scan new apps in the Google Play store before they go live, in an effort to help prevent malware from ever appearing in the Play store.
Since each member of the alliance has different methods and approaches for scanning apps, together they should be able to detect trojans, adware, ransomware, banking malware, and phishing attacks before the apps are allowed to go live in the Play store.
Even though a friendly relationship has existed between Google and the other members of the alliance for over two years, the coordinated effort is just now getting off the ground. So, it remains to be seen how much of a dent can be made in the growing Android malware problem.
But then, it is a start to taming the wild, wild west that the Google Play store has become.
Android Inc. was founded in Palo Alto, California, in October 2003 by Andy Rubin, Rich Miner, Nick Sears and Chris White. Rubin described the Android project as "tremendous potential in the development of smarter mobile devices, more aware of its owner's location and preferences." The company's first intentions were to develop an advanced operating system for digital cameras, and that was the basis of its April 2004 investor presentation. The company then decided that the camera market was not big enough for its goals, and five months later it had diverted its efforts and was launching Android as an operating system for mobile devices, which would rival Symbian and Microsoft Windows Mobile.
Rubin struggled to attract investors from the start, and Android, Inc. was facing eviction from its office.
In July 2005, Google acquired Android Inc. for at least $50 million (US). Its key employees, including Rubin, Miner and White, joined Google as part of the acquisition. Not much was known about the secret Android at the time, with the company providing few details beyond that it was producing mobile software. At Google, the team led by Rubin developed a mobile platform with the Linux kernel. Google, then, marketed the platform to handset makers and carriers with the promise of providing a flexible and upgradeable system. Google had "aligned a number of hardware components providers and software partners and signaled operators that they were open to varying degrees of cooperation."
Android is the world's top selling operating system on smartphones since 2011 and tablets since 2013. As of May 2017, it has more than two billion monthly active users, the largest installed base of any operating system, and by December 2018, the Google Play Store has over 2.6 million apps, indicating the platform's undisputed success. Thanks to Android's "open" nature, many other operating systems have been based on it (FireOS, Indus OS, LeWa OS, LineageOS, MIUI, OmniROM, OxygenOS, Paranoid Android, Replicant, and others).
Both the browser and the server know the combination to that lock, but no one in between does.
With this, even if the messages go through multiple routers in between, only you and the web site will actually be able to read the contents.
This solves a lot of the security issues. But there are still some messages going between your browser and the server that aren't encrypted. This means people along the way can still pry into what you're doing.
One place where data is still exposed is in setting up the connection to the server. When you send your initial message to the server, you send the server name as well (in a field called "Server Name Indication"). This lets server operators run multiple sites on the same machine while still knowing who you are trying to talk to. This initial request is part of setting up encryption, but the initial request itself isn't encrypted.
The other place where data is exposed is in DNS. But what is DNS?
Yes, a bold statement, I know, but this piece by Dr. Elizabeth Fernandez made my conviction even stronger.
For some years now, there have been advancements in computer-generated image recognition. That recognition nowadays goes far beyond optical character recognition. Face recognition, objects, some scenes are things that software such as the Facebook algorithms, Microsoft’s Seeing AI and Google’s image recognition will cope with. In the case of some celebrities, Microsoft’s offering will, for example, even put names to faces.
Google’s service now also ties into Chrome,. In the case of a missing alternative text, users can right-click and request that the image be processed by Google’s artificial intelligence. The result will then be filled in so screen readers will pick it up. For the new Chromium-based Edge browser by Microsoft, that service is disabled, but I guess Microsoft will soon put something similar in place using their backend that Seeing AI also uses.
Especially this browser integration has led to fears that this will make web developers lazy and make them describe their images less. I am convinced that this fear will not be necessary. Some managers or other decision makers may try, but they’ll fail.
The three smartest words that Donald Trump uttered during his presidential campaign are “NATO is obsolete.”
On November 29, Russia’s Federation Council published the draft text of new legislation that would impose additional penalties on domestic violence. Lawmakers have introduced similar bills in the past, but not a single initiative has survived the parliament’s revisions process. The new legislation was co-authored by State Duma deputy Oksana Pushkina and has support from Federation Council Chairwoman Valentina Matviyenko, State Duma Speaker Vyacheslav Volodin (Pushkina has even called him the draft law’s “protective charm”), and Human Rights Commissioner Tatyana Moskalkova. Several women’s rights organizations also helped develop the legislation. The campaign to impose stricter punishments on violence in the home has provoked opposition from Vladimir Zhirinovsky (the leader of the right-wing political party LDPR) and some conservative movements, like the Christian Orthodox group “Forty Times Forty.” After lawmakers finally submitted the bill to the upper house of Russia’s parliament, women’s rights advocates who helped develop the legislation reported that the text omits several key components they supported. The version ultimately introduced to Russia’s Federation Assembly is largely useless, activists say, and panders to “radical conservative groups.”
Thomas Rousseau founded Patriot Front in 2017, when he was age eighteen, and in just two years the group has gained three hundred followers who actively seek to “reclaim America.” Patriot Front quietly discourages mass acts of violence, but instead pushes for members to spread propaganda that promotes American fascism and hate. As Pete Simi, a professor at Chapman University and an expert on white supremacists in the US, told ProPublica, “It is very common for the leadership of these groups to disqualify violence, while doing things that are encouraging violence… It is part of their strategy to avoid liability, while simultaneously promoting hate. When they say they are not violent, this is a lie. They are promoting violence by their goals.”
Ever since 2007, when I first started writing for TomDispatch, I’ve been arguing against America’s forever wars, whether in Afghanistan, Iraq, or elsewhere. Unfortunately, it’s no surprise that, despite my more than 60 articles, American blood is still being spilled in war after war across the Greater Middle East and Africa, even as foreign peoples pay a far higher price in lives lost and cities ruined. And I keep asking myself: Why, in this century, is the distinctive feature of America’s wars that they never end? Why do our leaders persist in such repetitive folly and the seemingly eternal disasters that go with it?
Slipknot and Evanescence decided to abruptly cancel Knotfest in Mexico City because of problems with a security barricade. Which turned out to be a very, very bad idea.
The 27-year-old veterinarian had called her family to say she was stranded with a flat tire in India’s Hyderabad city, and that a truck driver and his friends had offered to help. Then she stopped answering her phone. Later her family learned she had been gang raped and murdered.
The Pakistan army on Saturday targeted forward posts and villages along the Line of Control in Jammu and Kashmir’s Poonch district, violating the ceasefire for the second consecutive day, a defence spokesperson said.
"If Islamists gain power, they will not treat you according to human rights, but according to Sharia law", she stressed. "Love the Muslims, but be aware. Jesus says we should be cunning as snakes and innocent as doves", she concluded, urging not to yield to any pressure. Pastor Basil (also a pseudonym), who has met thousands of Yazidis and Christians fleeing from Daesh*, recalled the Muslim concept of taqiya, a precautionary dissimulation or denial of religious belief. According to him, it is frequently utilised by radical Muslims as well to hide their true intent.
"This means that radicals 'lie low' and adapt to a more non-religious society to gain power", he said, warning of sleeper cells ready for action, while acting to "take over" once a parliamentary majority is in place. According to Islamologist Rickard Lagervall of Lund University and Jönköping University, it is unlikely that Islamists would take over in Sweden any time soon, since they are a minority. Another reason is that Islamists are a divided group that includes not only Daesh sympathisers and jihadists, but also "puritan" Salafists who, he suggested, avoid politics. In addition, "ordinary" Muslims are a fragmented group as well, he stressed.
Spanish Prime Minister Pedro Sánchez kicked off COP 25 in Madrid, Spain on Monday by condemning the "handful of fanatics" who continue to deny the reality of the climate crisis as it wreaks havoc across the globe and threatens to render large swathes of the planet uninhabitable.
Sánchez, leader of the Socialist Workers' Party (PSOE) and proponent of a Green New Deal for Spain, did not condemn any nations or world leaders by name. But Sánchez implored the international community to combat "alternative facts," an apparent shot at the administration of U.S. President Donald Trump.
Social movements were organising their opposition to COP25—in which those most affected by climate violence would be sidelined—even before the popular mobilisation started in Chile and Sebastián Piñera suspended the talks.
"Now is not the time to offer an escape route to polluting Northern country governments and big oil."
In October, as scientists, policymakers and civil society leaders geared up to travel to Chile for the 25th Conference of the Parties of the U.N. Framework Convention on Climate Change (COP 25), which begins today, the country was making headlines for different reasons.
A seemingly endless winter storm that hindered travel across most of the country over the long holiday weekend is delivering a last wallop as it swoops through the Northeast, dumping heavy snow, shuttering hundreds of schools and bedeviling commuters in the region Monday.
"People are taking to the streets across the globe to demand urgent climate action. If politicians ignore their pleas, more people will die, more people will go hungry, and more people will be forced from their homes."
U.S. Environmental Agency (EPA) founding administrator William D. Ruckelshaus died Nov. 27, 2019. EPA was created in 1970; Ruckelshaus served as its head until 1973. A decade later he returned briefly to head the agency during the Reagan administration. As part of a series of events celebrating EPA’s 35th anniversary in April 2006, Indiana University’s School of Public and Environmental Affairs hosted Ruckelshaus in Bloomington for a lecture and panel discussion. Prior to those events he met with journalists to answer questions.
Deutsche Welle reports that that more than 1,000 green activists made their way past police lines and blocked trains at 3 important coal mines in eastern Germany on Saturday. A few clashes took place between police and protesters. | By Juan Cole
As world leaders gather in Spain to discuss how to slow the warming of the planet, a spotlight falls on China — the top emitter of greenhouse gases.
The fossil fuel lobby has actively worked in many countries to protect their subsidies and avoid the imposition of carbon taxes. Doing so protects their profits.
US spent on these subsidies in 2015 is more than the country’s defense budget and 10 times the federal spending for education
Nearly two decades before the Exxon Valdez catastrophe in Alaska, the Arrow oil spill became a public relations black eye for Imperial Oil, a Canadian subsidiary of Exxon, and internal company documents published today by DeSmog and the Climate Investigations Center reveal that the company viewed the environmental disaster more in the context of improving its public image than improving safety measures that would reduce these types of environmental risks.
“Public concern regarding environmental problems is being translated into legislation rapidly,” Imperial Oil warned in an annual research planning document dated January of that year. “The present trend in legislation will require substantial expenditures to reduce emissions and waste discharge for all facilities and reduce the impact on the environment of the products we sell.”
These documents add new context to the groundbreaking investigative reporting by Inside Climate News, and the Columbia School of Journalism in partnership with the Los Angeles Times, that revealed the #ExxonKnew conspiracy. Those journalistic efforts exposed the facts that Exxon’s own climate science research had confirmed the role of fossil fuels in driving global warming, and that the company pivoted away from that advanced knowledge, choosing instead to spend tens of millions of dollars funding climate science denial campaigns.
The U.S. Department of Agriculture’s Wildlife Services arm has put together a plan titled “Reducing Bird Damage in the State of New York” which includes a “preferred alternative” that involves continuing its both “nonlethal and lethal bird management techniques.” The “lethal techniques…may include the use of shooting, live capture and euthanasia, avicides” and “nest/egg destruction.”
Horses sporting gas masks. That, of all things, has been on my mind lately. Bear with me, now. Gaze at the ever-so-cockamamie photo. A horse, wearing a gas mask. Nothing so illustrates the rank absurdity and irrationality of the human condition. It was during World War I—which killed an unheard-of nine million soldiers in just four years—that the armies of Europe still employed horses in an age of machine guns, airplanes (eventually), tanks and poison gas attacks. Rather than call a halt to the inane slaughter in the trenches, the world’s great powers fought that wildly nationalistic war to its macabre conclusion. One result was horses in gas masks. That was only a hundred years ago.
Picture a rhinoceros in the rainforest, add a herd of elephants, families of orangutans swinging through the treetops and tigers prowling the understory, and there is only one place in the world you could be.
Money does grow on trees. The conservation of a native forest is natural capital, its cash value often reaching trillions of dollars.
Greta Thunberg and her speech has sent ripples of awareness all over the globe. Her message has been heard and it has moved people to come out of their comfort zone and do something for the planet. But it is not only Greta’s speech that has kept the attention of people. Many actors have come out in support of Greta and are trying their bit to influence others to save the planet.
Jason Momoa aka Aquaman has made a speech in the UN which is quite similar and powerful in an address at the United Nations. He spoke at the Small Islands Event on 27th September and his message coincided with that of Greta – that our world leaders were not using their powers for environmental welfare. However, he did not only blame the politicians. He blamed Humanity as a whole – he called it a disease.
A year after the WTO protests rocked Seattle, Alexander Cockburn and I assessed the damage to global capitalism and its emissaries in the Democratic Party – JSC
A relevant article by Thierry Meyssan has been published that reveals the deep historical fascist/catholic links leading up to the coup in Bolivia and the danger that may lie ahead as a result. It is important to be aware of this in order to provide informed solidarity with the people of Bolivia and a sharper analysis of the inevitable US intervention in Latin America.
The gas, said one, "doesn't allow us to breathe, so we're only feeling so-so."
Gracie Mansion, the official residence of New York’s mayors since 1942, hosted billionaire Michael Bloomberg for three terms.
Among the tech companies studied, Amazon "stands out as the business with the poorest tax conduct," according to the U.K.-based Fair Tax Mark.
There’s a powerful new player watching what you buy so it can tailor product offerings for you: the bank behind your credit or debit card.
The Prison Policy Initiative study reported that, in 2017, 4.9 million individuals were arrested and booked. Of those, 3.5 million were arrested only once that year, while nearly 930,000 were arrested twice; and nearly 430,000 were arrested three or more times. Those arrested multiple times were, according to the study, disproportionately Black, low-income, less educated, and unemployed. Noting that the vast majority were arrested for non-violent crimes, the study recommended that instead of incarceration, “public investments in employment assistance, education and vocational training, and financial assistance” would better address the conditions that led marginalized individuals to have contact with the police in the first place.
Over the last few decades, companies like Securus have managed to obtain a pretty cozy, government-supported monopoly over prison phone and teleconferencing services. Like any monopoly, this has pretty traditionally resulted in not only sky high rates upwards of $14 per minute for phone calls, but comically poor service as well. Because these folks are in prison, and as we all know everybody in prison is always guilty, drumming up enough sympathy to convert into political momentum has long proven difficult. Recent efforts to do something about it were scuttled by FCC boss Ajit Pai, whose former clients included Securus.
The establishment British media, be it the BBC or the privately-owned Sky News, have marginalized ordinary Britons who are critical of the neoliberalism, known as “capitalism.” They and their allies in the right-wing print media have done so, in large part, by slandering the political representatives of the poor as “Marxist lunatics” and so on. But now, even elements of the establishment are beginning to recognize that the neoliberal system is collapsing itself.
There are a lot of things — like high health care costs, unaffordable housing and crushing student loan debt — which are not going right for people right now. However, it is worth noting one important way in which things are going in the right direction. The low current unemployment rate, coupled with minimum wage increases in many states and cities, is leading to real wage gains at the middle and bottom end of the wage ladder.
In reaction to all the controversy generated by the firing of Gabrielle Union from America’s Got Talent, SAG-AFTRA is now investigating the show.
A new ad from the Pete Buttigieg campaign reignited a social media debate that first began when Sen. Amy Klobuchar criticized free public college for all in the November Democratic debate. Klobuchar had warned that universal higher education was bad because it could mean “sending rich kids to college for free.” Buttigieg’s ad replicates Klobuchar’s critique, but added that free public higher education for all would “[turn] off half the country.”
(Bangkok) – The government of Bangladesh is blocking aid groups from providing any meaningful education to Rohingya children in refugee camps and banning the children from attending schools outside the camps, Human Rights Watch said in a report released today. The government should urgently lift the restrictions that unlawfully deprive almost 400,000 Rohingya refugee children of their right to education.
eaked documents from trade talks between the UK and US make it clear that our online interactions and digital products will be priorities for the negotiations. The UK grandly declares, “We do not want to just go back to existing [digital] trade texts, no matter how ambitious—we want to go beyond.”
The German parliament today passed a bill allowing banks to sell and store cryptocurrencies from next year.
The new legislation will come into force on 1 January 2020, and will require current custody providers and crypto exchanges operating in the country to take steps, before the end of the year, to apply for a German license.
The law will not only put Germany, the world’s fourth biggest economy, at the forefront of regulation in cryptocurrencies, but heralds a milestone in the adoption of cryptocurrencies.
“Germany leads the way in crypto regulation, for sure. This leads to institutional investors coming to Germany, as they want security and regulation,” Sven Hildebrandt, partner at German crypto consultancy DLC, told Decrypt. "Germany is well on its way to becoming a crypto-heaven.”
On November 27, US president Donald Trump signed the Hong Kong Human Rights and Democracy Act.
"No better example of Facebook's power than Zuckerberg being asked here whether Trump lobbied him, rather than whether he lobbied Trump."
For the start of another week at the circus, a warm, wise, movingly real moment with Elizabeth Warren to give us hope. At an Iowa event, a high school girl, tremulous with fear and feeling, asked Warren for a moment in her life when she struggled with acceptance; her own voice cracking, Warren told a story about her divorce...
The California Republican spent months claiming he was the victim of a "witch hunt" before saying Monday he would plead guilty
On Oct. 12, construction worker Delmer Joel Ramirez Palma was working on the Hard Rock Hotel in New Orleans when the structure collapsed, killing three workers and injuring dozens more. He survived a fall of three flights by swinging on a rope, although he sustained serious injuries.
"Grinding my teeth so hard they snap off at the roots."
For the first time in decades, the House of Representatives has a rare chance to rewrite American labor laws, in ways that would actually help workers. Among other benefits, a new bill would abolish right-to-work laws that cripple union organizing, create penalties for employers that punish workers for organizing, and set out rules to eliminate delays in negotiating union contracts.
As “the institutions that have traditionally saved people from their most undemocratic impulses” have declined in the era of social media, unconscious biases, selective listening, and irrational behavior cause people to “drift toward the simple solutions right-wing populists worldwide offer: a deadly mix of xenophobia, racism, and authoritarianism,” Shenkman reported. Though Rosenberg’s position was controversial in the conference, the rise of his hypothesis remains a grave concern.
Anyone who’s been paying attention should get the picture by now. Overall, in subtle and sledgehammer ways, the mass media of the United States—owned and sponsored by corporate giants—are in the midst of a siege against the two progressive Democratic candidates who have a real chance to be elected president in 2020.
In October 2019, with the impeachment of Donald Trump already underway, wealthy ‘centrist’ Democratic Party donors began to fret over the Democrat’s prospects in the 2020 election. Since then Michael Bloomberg and Deval Patrick, both Wall Street Democrats with deep pockets, have entered the race. Meanwhile, the Senate impeachment schedule will keep Bernie Sanders and Elizabeth Warren in Washington— and away from the campaign trail, well into the early state primaries.
House Democrats said they planned to move quickly on impeachment and it appears they really meant it. It’s hard to believe that the process has come this far in just eight weeks, but Nancy Pelosi and the rest of the House leadership seem determined to get this thing over with as soon as possible, so it’s rushing toward completion before we can even catch our breath. (I’m on record disagreeing with that strategy if it means ignoring the gigantic body of evidence pointing to corruption and the obstruction of justice documented in the Mueller report. But nobody asked me my opinion, so…)
"If he has a defense, we on House Judiciary—along with the American people—are eager to hear it," said. Rep. Pramila Jayapal.
“It’s very painful to see to places like the FBI and the Department of Justice that represent so much of what is excellent about this country, not fulfilling the critical obligation that they have to speak truth to power,” she tells me. “The thing about the FBI that is so extraordinary is that it is made up of a group of men and women whose every instinct is to run toward the fight. It’s in the fiber of everybody there. It’s the lifeblood. So it’s particularly devastating to be betrayed by an organization I still care about so deeply. And it’s crushing to see the noble Justice Department, my Justice Department, the place I grew up in, feel like it’s abandoned its principles of truth and independence.”
But in a rare interview, Page, 39, told The Daily Beast that she could no longer silently stomach the president's attacks on her. She said "the straw that broke the camel’s back" came when Trump repeatedly called her name at an Oct. 11 rally in Minneapolis in what she described as a "demeaning fake orgasm" while mocking her and Strzok, who were engaged in an extramarital affair.
"I had stayed quiet for years hoping it would fade away, but instead it got worse," she says. "It had been so hard not to defend myself, to let people who hate me control the narrative. I decided to take my power back."
"I'm done being quiet," she said Sunday night in a tweet linking to the Daily Beast interview.
King also asked Zuckerberg about his dinner with President Donald Trump at the White House three weeks ago and whether Trump lobbied him against banning political ads. " No ... I think some of the stuff that people talk about or think is discussed in these discussions are not really how that works," Zuckerberg said. "I also want to respect that it was also a private discussion."
Griffith was arrested by the FBI at Los Angeles International Airport on 28th November after travelling to North Korea, one of the “United States’ foremost adversaries,” to attend and present a paper at the Pyongyang Blockchain and Cryptocurrency Conference.
The US Department of State denies Griffith had permission for his trip and it's alleged he formulated plans “to facilitate the exchange of cryptocurrency between the DPRK and South Korea,” in violation of sanctions against the DPRK.
Our latest study shows the current state of media consolidation in the United States, the U.K., Australia, and the globe.
We started off by identifying the top 50 most visited news websites in the world as of September 2019, using data from web traffic analysis company Alexa, and market intelligence provider SimilarWeb. We then determined the parent companies behind each of these 50 outlets and identified all of the properties in their online media portfolios to create an accurate picture of the concentration of media around the world.
In order to map out who owns the news in the United States, in the U.K. and in Australia, we isolated the 20 companies with the most popular websites in each geography and filled in the gaps by adding up-and-coming digital media companies. Once this step was complete, we worked our way backwards to identify all of the web properties in their portfolios and the parent companies behind them.
For news sites that are owned by investment firms with a majority stake, the CEO or director of the investment firm was listed as the highest-level owner. For news sites that are owned or directly (or indirectly) controlled by the government (as is the case of the BBC, who since 2017 has had its board members selected by the UK government), the head of government was listed as the highest-level owner.
Jessica Kwong, a reporter for Newsweek, has been fired after her inaccurate reporting of how President Donald Trump spent his Thanksgiving. Wong had reported that Trump was spending his Thanksgiving golfing, but he was actually making an impromptu, surprise trip to Afghanistan to spend time with deployed troops.
[...]
Kwong has not sent out a tweet since correcting her false story. It will be interesting to see if she comments on the events that reportedly led to her ousting from the company.
And on the flip side of things, we know this certainly will fuel Trump’s fake news narrative moving forward.
It has become abundantly clear that Devin Nunes, who once co-sponsored the "Discouraging Frivolous Lawsuits Act," has decided that the best strategy to all of his critics and any reporting that calls him out is to file completely bullshit SLAPP suits against those critics. It started with the lawsuit against a satirical cow and has continued with more lawsuits against reporters, political researchers, newspapers and political strategists. Given that he's gone on all in with that strategy, it's no surprise that he says he's going to sue CNN and the Daily Beast this week, both of whom reported on stories about Nunes that look pretty bad for him.
Russia’s federal censor has added one of the domains operated by the American stock photography provider “Shutterstock” to its registry of banned online resources. According to MBK Media, Roskomnadzor added image.shutterstock.com to its blacklist on the basis of a decision by the Attorney General’s Office on November 13.
Hours earlier, nearly 20,000 Maltese protested outside a courthouse in the capital, Valletta, demanding that he step down in the largest such turnout of nearly daily protests in recent weeks. "As prime minister, I promised two years ago that justice would be done in the case of the murder of Daphne Caruana Galizia," Muscat said, beginning his speech, adding that "today I am here to tell you that I kept my word."
But the slain reporter's family contended Muscat's departure won't satisfy those in the nation who are determined that corruption and cronyism between politicians and business figures be rooted out. "People will be out in the streets again tomorrow," tweeted one of her sons, Matthew Caruana Galizia, who is also a journalist.
The world’s most famous political prisoner continues to resist, despite a system conceived specifically to break him down. John Pilger reports.
The police forces in impoverished urban communities, equipped with military-grade weapons and empowered to harass and kill largely at will, along with mass incarceration, are the principal tools for the social control of the poor. There is little pretense of justice and even less of protection and safety.
Thomas Jefferson may have written that all men were created equal in the Declaration of Independence. But he, along with so many of his fellow plantation owners, was still complicit in the institution of slavery.
The Supreme Court's Rodriguez decision took a lot of fishing line away from law enforcement officers. Thousands of traffic statutes are violated every day. (Or not broken, in some cases.) All an officer needed to do was follow someone around until they violated one and then turn the traffic stop into a Q&A session with an eye on obtaining consent to search drivers, passengers, and vehicles.
In one case, Muslim prisoners known to be fasting were not served breakfast before sunrise; in another prison, fasting inmates were forced to wait at least an hour after sunset to receive dinner.
Susan Deveau saw Mark Papamechail’s online dating profile on PlentyofFish in late 2016. Scrolling through his pictures, she saw a 54-year-old man, balding and broad, dressed in a T-shirt. Papamechail lived near her home in a suburb of Boston and, like Deveau, was divorced. His dating app profile said he wanted “to find someone to marry.”
Deveau had used dating websites for years, but she told her adult daughter the men she met were “dorky.” She joked about how she could get “catfished” if a date looked nothing like his picture. Still Deveau, 53, wanted to grow old with someone. The two were — in the popular dating platform’s jargon — “matched.”
Columbia Journalism Investigations and ProPublica analyzed more than 150 incidents of sexual assault involving dating apps, culled from a decade of news reports, civil lawsuits and criminal records.
A court in the Russian city of Bryansk has sentenced a local doctor named Michelle to three years in prison, a term experts say is likely to result in her death. Michelle, a 53-year-old transgender woman, was convicted of “distributing pornography depicting minors,” which can carry a term of up to six years in Russia. Maria Chashchilova, an attorney for the Moscow Community Center for LGBT Initiatives (MCC), told Novaya Gazeta about the sentence on November 30.
In a followup to the last episode, “Stop Hugging Cops,” Beyond Prisons hosts Brian Sonenstein and Kim Wilson share some resources and discuss alternatives to calling the police.
We talk about the chain reaction that is created by bringing the police to a community or into an individual’s life, and we suggest ways to scrutinize the impulse to call the police. Brian also calls on White people to consider what it means for them to call the police on Black and Brown people and offers some thoughts for how white people can do better in situations that generally don’t require intervention.
Hearing these stories, I have to ask: how is it that the majority of women end up scribbling their names thoughtlessly on one of the most momentous civil contracts they'll ever agree to without so much as reading it?
And just what is in that nikah nama of yours?
I sat down with some lawyers to find out.
While Spencer’s resistance to Trump’s actions is admirable, it was also rooted more in turf protection than in condemnation of the moral enormity of Trump’s embrace of war criminals. “This was a shocking and unprecedented intervention in a low-level review,” Spencer wrote in The Washington Post after his firing. “It was also a reminder that the president has very little understanding of what it means to be in the military, to fight ethically or to be governed by a uniform set of rules and practices.”
The majority of attackers, according to the report, “experienced stressors, exhibited concerning behaviors and made their intentions to attack others known.” “These are not sudden, impulsive acts where a student suddenly gets disgruntled,” said Lina Alathari, the head of the NATC, in an interview with the Associated Press. “The majority of these incidents are preventable.”
In the first full interview he has given since sexual harassment charges partially derailed his career, legendary operatic tenor Plicido Domingo maintained his innocence, calling the accusations a “nightmare.”
If you are familiar with the .org heist, then like me, you’re probably pissed off. Here’s how you can take action: all of these organizations are 501c3 non-profits. The sale of a non-profit to a for-profit entity like this is illegal without very specific conditions being met. Additionally, this kind of behavior is not the sort the IRS likes to see in a tax-exempt organization. Therefore, we can take the following steps to put a stop to this: [...]
The United States Court of Appeals for the Ninth Circuit will hear oral argument from appellant Qualcomm and appellee the Federal Trade Commission (FTC) in the antitrust matter originating from the Northern District of California on Thursday, February 13, 2020, at 9:30 AM Pacific Time.
The court's website does not yet list the circuit judges on the panel. In this case, the composition of the panel will play a far greater role than in most antitrust cases as Qualcomm has managed, through lobbying and PR and with help from its former lawyer and forever-loyal supporter Makan "Macomm" Delrahim (Antitrust Assistant Attorney General), to politicize a case that actually raises business issues without any ideological dimension.
Where an expression in a granted claim, taken literally and in isolation, would have the effect of excluding all of the disclosed embodiments from the scope of protection, but where a definition of the expression may be derived from the patent itself which would locate (at least some of) the disclosed embodiments within the ambit of the claim, and provided this definition is not manifestly unreasonable having regard to the normal meaning of the words used in the expression, then in judging compliance with the requirements of Art. 123(3) EPC, the scope of protection should normally be considered to include at least that which would fall within the terms of the claim understood according to this definition.
First, the Paris Court rejected Lenovo's objection that proceedings on the same subject matter are already pending in California (lis pendens). The case pending in California is an action in chief, while the request in France concerns a preliminary injunction. In addition, the subject matter of the California case are the conditions of a FRAND license, whereas the subject matter of the French proceedings is about "maintaining the patentee's freedom of action and the exercise of the patentee's exclusive rights".
Second, the Paris Court sets forth that an anti-suit injunction by an EU member state against the courts of another member state would be contrary to public policy (ordre public), because of the "mutual trust in the judicial systems of EU member states" (see CJEU C-159/02 – Turner/Grovit). Conversely, an anti-suit injunction coming from a non-EU jurisdiction can be recognized as valid, but only if its purpose is to enforce a contractual jurisdiction clause or an arbitral clause. In all other cases--
Given that, in the case at hand, Lenovo and Motorola are not seeking an anti-suit injunction to enforce a jurisdiction clause or an arbitral clause, but to prevent the patentee from exercising its exclusive rights, IPCom has been granted the requested anti-anti-suit-injunction, but such injunction will apply only to the French part of EP268.the anti-suit injunction constitutes an interference in the jurisdiction of the courts and has the effect of indirectly disregarding the exclusive power of each state to freely define the international jurisdictional competence of their courts.
[...]
It will be worth keeping an eye on the future developments of this case, and not only for IP civil procedure aficionados. It is noteworthy that in the pending US proceedings, the US Department of Justice (Antitrust Division) filed on 25 October 2019 a Statement of Interest (available here) on the antitrust aspects of the anti-suit injunction (arguing that the anti-suit injunction sought by Lenovo and Motorola did not have a basis in antitrust law). Whether this further aspect will now become moot (because Lenovo and Motorola withdraw their respective requests in compliance with the Paris Court's decision) remains to be seen.
On 29 November 2019, the Patents Court of England and Wales handed down it decision revoking Conversant’s UK patent relating to an improved user interface on smartphone devices. Unlike earlier infringement actions brought by Conversant against Huawei and ZTE in the UK, this action brought against Apple (and various of its subsidiaries) concerned a non standards-essential patent.
Against the backdrop of the early smartphones which required a rather involved process of navigating a sequence of menus to access a desired application, the invention involved the idea of using an “application summary window” on a smartphone to provide a list of several commonly used functions within that application and/or stored data commonly accessed for it. The devices alleged to infringe were various models of Apple’s iPhone running various versions of its IOS operating system (in particular, the functionality called “Widgets” and “Home Screen Quick Action Windows”, which allow users to view summary data or access certain features of applications quickly, was said to infringe). Apple counterclaimed that the patent was invalid on the basis of two items of prior art, AgrEvo-obviousness and added matter. Ultimately, the court held the patent to be infringed but invalid over an early smartphone device called SIMON produced by IBM in 1994 (the AgrEvo-obviousness and added matter attacks were dismissed). The main point which is likely to be of interest to patent practitioners relates to the identity of the skilled person in circumstances where a patentee has applied to amend its patent.
One of many lessons this Kat learned from his mentor at the law firm where he started his career was this: in trade mark opposition proceedings at the European Union Intellectual Property Office (EUIPO), be sure to file all your evidence at the Board of Appeal stage at the very latest. Once proceedings reach the General Court (GC), filing new arguments and evidence is more or less categorically excluded. This rule will be familiar to trade mark practitioners and is indeed reflected in many decisions of the Court of Justice of the European Union (CJEU) and the GC [see e.g. C-29/05 P, par. 54 and T-346/04, par. 19].
However, the recent Opinion of Advocate General (AG) Bobek in case C-702/18, Primart Marek à Âukasiewicz v. EUIPO [here] suggests this rule might be subject to significant exceptions. In short: AG Bobek argues that certain matters of fact or law are inextricably linked to the assessment to be carried out by the EUIPO. It may form an opinion on these matters, even if parties do not present arguments on it. The opinion of AG Bobek suggests that parties may present new arguments and evidence on such matters even before the General Court.
[...]
After finding the appeal admissible, the AG began with an analysis of Article 76(1) of Regulation 207/2009, the Community Trade Mark Regulation [now Article 95 of Regulation 2017/1001]. He concluded that this provision ”cannot be read as obliging the Board of Appeal to refrain from examining matters of law or fact that, despite not having been specifically raised by one of the parties, are inextricably linked to those raised by the parties.” [par. 48].
The AG then turned to Article 188 of the Rules of Procedure of the General Court, which states that the appeal before the GC “may not change the subject matter of the proceedings before the Board of Appeal.” He found that this provision “cannot be interpreted as barring the parties from questioning EUIPO’s assessment with regard to elements of law or fact which that office was required to consider (if need be, of its own motion) and was able to adjudicate upon” [par. 55]. The distinctiveness of the earlier mark is an example of such an element in that it is inextricably linked to the assessment of likelihood of confusion.
Drawing on the GC’s decision in Hooligan, AG Bobek distinguished two types of arguments that could be made in the context of distinctiveness of an earlier mark. On the one hand, there are arguments that EUIPO cannot assess without evidence from the parties: an example is increased distinctiveness as a result of reputation. If parties do not make these arguments before the EUIPO, it cannot take them into account of its own motion and parties are also barred from making the argument before the GC [par. 63].
Can simple things become difficult? In a recent decision, the Fourth Board of appeal reaffirmed a basic truth: if your sign has the same concept of another, then there is conceptual identity between these two.
Having recognized that there are indeed differences between the signs, in this case the Board affirmed that such differences constituted minor elements of secondary importance which the average customer would not be likely to identify or remember.
[...]
The earlier EUTM had been registered since 2016 for certain goods in Classes 18, 24 and 25 (clothing for women, men and children, footwear, slippers, pants, underwear, suits, shorts, trousers, shirts, sweaters, jackets, parkas, socks, underwear, swimming costumes, robes, gloves, belts, hats, and caps).
The Opposition Division found that there was a likelihood of confusion pursuant to Article 8(1)(b) of Regulation 2017/1001 (EU Trade Mark Regulation (EUTMR) in respect of the goods covered by the earlier EUTM. It also held that the signs were visually similar to an above average degree as well as conceptually identical because they both depicted a whale.
The new law will be completed by a Decree that will provide implementing Regulations. The new law will come into force the day after the publication of the Decree, which is currently under examination before the Conseil d’Etat (French Council of State) and, at the latest, on December 15, 2019, with respect to all Articles of the law, except those relating to cancellation actions, which will come into force on April 1st, 2020.
The new enactment constitutes a substantial transformation of French trade mark law, modernizing the available trade mark protection mechanisms, as part of the implementation of the EU Directive, whose goal is to harmonize EU national trade mark laws.
[...]
- invalidation actions based on relative grounds, except for actions based on a design, a copyright, or a right of personality (surname, pseudonym, or image);
However, the territorially competent IP specialized courts will have jurisdiction when--
-the cancellation action is based on a design, copyright or right of personality;
-the cancellation action is a counterclaim as part of ongoing proceeding before the court (for example, an ongoing infringement or unfair competition action);
-provisional or injunctive measures have been requested from the court; or
-seizure based on infringement was carried out.
The above are only what we may consider the main innovations found in the new French Trade Mark Law; however, the new legislation involves many substantial changes to the current practice, to which not only practitioners will have to adapt, but also the Trade Mark Office itself as well as the competent courts through the application and interpretation of the new law.
Here, we have “official” annotated code created by Lexis but guided by a mandated state committee. And, as a work-made-for-hire, the State is legally seen as the author for copyright purposes. The crux of the copyright claim here is in the summaries of judicial decisions citing to the Georgia code. Although those summaries do not have the force of law, they are the “official” annotations legally authored by the state.
[...]
All this is easy for activities of U.S. judges and legislators because U.S. Gov’t works are not copyrightable under the Statute. In the state law perspective, we get into a difficult line drawing problem with Justice Breyer’s approach understanding when a judge or legislator is acting in “some other abstract capacity” (using the words of Justice Gorsuch).
In the end, Georgia’s attorney warned the judges not to “blow up” the current system that allows for copyright protection of the official code. Reminds me of an attack on casebooks from a few years ago. WSJ Blog.
The Pirate Bay has delivered some interesting logo changes in recent weeks. The torrent site temporarily swapped the good-old pirate ship to promote a VPN, a file-hosting service, and a blockchain project. While the site hasn't explained its motives it is, at least in part, an attempt to earn some additional income.
The so-called six-strikes anti-piracy scheme in the United States may be dead, but it's about to be used as prime evidence in the lawsuit between ISP Cox and several music labels. A federal court in Virginia has denied a request from the labels to exclude the matter from trial, during which Cox is expected to argue that its own anti-piracy measures went even further than the industry-approved alternative.
The Premier League says it has secured one of the highest copyright-related damages awards in Thailand's history after targeting individuals behind a major 'piracy network' in Asia. A British man and a Thai national pleaded guilty to infringement, paid the Premier League around GBP
I've discussed in the past how problematic it is when people don't recognize the differences between edge providers and infrastructure providers when it comes to internet services. Usually it's policymakers (or the press) getting these things confused, but we've certainly seen our fair share of attempts by copyright maximalists to use this confusion to their advantage. However, this may be the first I recall of seeing a copyright trolling operation trying to effectively do the same.
