Linux apps running on Chromebooks might be more important than you think.
Obviously, it’s good for Chrome users, who now have a broader selection of apps from which to choose. It’s also good for Linux app developers, because it means their projects now have the potential for a much larger base of users. More importantly, for us real Linux desktop users it means we’ll probably see more software choices showing up in our distros’ repositories, as it now makes more sense for developers to port apps to Linux in order to take advantage of the combined Chrome OS/Linux market.
On the down side, Chrome OS is a monoculture controlled by a single corporate juggernault that has shown over and again that it doesn’t share many of the core values of the FOSS communities. Sure, Chromebooks run Linux at their core, and it’s the open source kernel that does most of the heavy lifting, but the operating system itself is proprietary — just like Windows and just like MacOS. It’s also designed take much of the benefits of personal computing out of the hands of the user, and hand them over to cloud operators by pushing Software as a Service and cloud-based storage (that mostly defaults to Google-owned solutions).
One feature that we had been looking forward to in 2019 that doesn't seem to have come to fruition yet are their plans around offering third-party/proprietary software bundle options such as for Google Chrome, Steam, and possibly other Intel closed-source software packages for easier deployment on Clear. I know many others have been looking forward to this third-party software option particularly for Chrome with video support, so hopefully it won't be much longer before officially rolling out.
Now that the battle for container orchestration has waned, what will be the next big front in the container ecosystem? My bet is on container runtimes, which are arguably the one part of containerized application stacks where no de facto frontrunner has emerged.
[...]
There remains a long list of widely used container runtimes, including containerd, CRIO-O, rkt and Kata, to name just the most popular ones. I don’t think you could argue that any of these solutions has emerged as the clear leader at this point.
At first glance, the competition within the space surrounding container runtimes may not actually matter. For the most part, container runtimes are interchangeable. They all do the same basic thing. Kubernetes supports all the mainstream runtimes. Generally speaking, you don’t need to modify your container images or other configurations to switch from one runtime to another.
But when you dive below the surface, container runtimes vary significantly. They are architecturally different—rkt has no central daemon, for example, which makes it very different from containerd. And Kata enforces hardware-level isolation, which is a huge feature that other runtimes lack.
I’m surprised that more is not made of these differences. Perhaps that’s because containerd has done such a good job of pitching itself as the “industry standard” runtime that everyone believes it, even though there are so many competing runtimes out there that also adhere to industry standards.
Among the issues that game developers have been facing in bringing their games to Linux for Google's Stadia cloud gaming service apparently stem from kernel scheduler issues. We've known the Linux kernel scheduler could use some improvements and independent developers like Con Kolivas with BFS / MuQSS have pushed for such, but hopefully in 2020 we'll see some real action.
Game/C++ developer Malte Skarupke wrote a post about how bad the Linux kernel scheduler is and that solutions like MuQSS are an improvement but not complete. Malte noted, "I found that most mutex implementations are really good, that most spinlock implementations are pretty bad, and that the Linux scheduler is OK but far from ideal. The most popular replacement, the MuQSS scheduler has other problems instead. (the Windows scheduler is pretty good though)."
Linux offers two modes for file I/O: buffered and direct. Buffered I/O passes through the kernel's page cache; it is relatively easy to use and can yield significant performance benefits for data that is accessed multiple times. Direct I/O, instead, goes straight between a user-space buffer and the storage device. It can be much faster for situations where caching by the operating system isn't necessary, but it is complex to use and contains traps for the unwary. Now, it seems, Jens Axboe has come up with a way to get many of the benefits of direct I/O with a lot less bother. Direct I/O can give better performance than buffered I/O in a couple of ways. One of those is simply avoiding the cost of copying the data between user space and the page cache; that cost can be significant, but in many cases it is not the biggest problem. The real issue may be the effect of buffered I/O on the page cache.
A process that performs large amounts of buffered I/O spread out over one or more large (relative to available memory) files will quickly fill the page cache (and thus memory) with cached file data. If the process in question does not access those pages after performing I/O, there is no benefit to keeping the data in memory, but it's there anyway. To be able to allocate memory for other uses, the kernel will have to reclaim some pages from somewhere. That can be expensive for the system as a whole, even if "somewhere" is the data associated with this I/O activity.
The saga of get_user_pages() — and the problems it causes within the kernel — has been extensively chronicled here; see the LWN kernel index for the full series. In short, get_user_pages() is used to pin user-space pages in memory for some sort of manipulation outside of the owning process(es); that manipulation can sometimes surprise other parts of the kernel that think they have exclusive rights to the pages in question. This patch series from John Hubbard does not solve all of the problems, but it does create some infrastructure that may make a solution easier to come by.
To simplify the situation somewhat, the problems with get_user_pages() come about in two ways. One of those happens when the kernel thinks that the contents of a page will not change, but some peripheral device writes new data there. The other arises with memory that is located on persistent-memory devices managed by a filesystem; pinning pages into memory deprives the filesystem of the ability to make layout changes involving those pages. The latter problem has been "solved" for now by disallowing long-lasting page pins on persistent-memory devices, but there are use cases calling for creating just that kind of pin, so better solutions are being sought.
Part of the problem comes down to the fact that get_user_pages() does not perform any sort of special tracking of the pages it pins into RAM. It does increment the reference count for each page, preventing it from being evicted from memory, but pages that have been pinned in this way are indistinguishable from pages that have acquired references in any of a vast number of other ways. So, while one can ask whether a page has references, it is not possible for kernel code to ask whether a page has been pinned for purposes like DMA I/O.
Catfish 1.4.12 adds support for running on Wayland. Before now, there were some X-specific dependencies related to handling display sizes. These have now been resolved, and Catfish should run smoothly and consistently everywhere.
GIF animations are a popular way to share fun animations, jokes and short clips of just about anything and it is hard to miss them these days on the Internet. They are used widely in social media, blogs, software documentation, game development etc. to quickly showcase something that cannot be expressed in static images. Even though they are limited to a 256 color palette, their usefulness lies in creating lossless animations that are relatively easy to create and share.
This article will list various offline desktop apps that can be used to create GIF animations on Linux. Some of these apps record a GIF directly while others convert a video file into a GIF animation.
Unfortunately, for the 19.12.0 release, we still had the issue that the mapping of syntax highlighting modes to LSP language names was more or less hard-coded inside the C++ sources. This made it awkward to add other languages for which there is no 1:1 match of these two things (beside casing).
This is now rectified in master and backported to the 19.12 branch (should be in the next patch releases).
The mapping is now specified as a regular expression inside the JSON config that then is applied case-insensitive to the highlighting mode.
The shipped default config was adjusted to this, the current state in master & 19.12 is something like this...
What I’ve built to experiment with this all is Bonsai. It is very much an experiment at this phase but it is getting interesting enough to collaborate with others who would like to join me.
Bonsai consists of a daemon that you run on your “mostly connected” computer. Although that could easily be a raspberry pi quality computer in your home. That computer hosts the “upstream” storage space for files and application content.
Other devices like laptops, phones, or IoT can be paired with that primary device. They communicate using TLS connections using pinned self-signed certificates with point-to-point D-Bus serialization on top. The D-Bus serialization makes it convenient to use gdbus-codegen to generate proxies and services.
One service available to devices is the storage service. It can be consumed from libbonsai-storage to allow applications to browse, create, move, modify and stream file content.
Applications are much better when they can communicate between devices. So a Data-Access-Object library, aptly named libbonsai-dao, provides serializable object storage built upon GVariant and LMDB. It supports primary and secondary indexes, queries, cursors, transactions, and incremental sync between devices. It has the ability to rebase local changes atop changes pulled from the primary Bonsai device.
Bonsai at this stage isn't an official GNOME project but his hosted as part of his GNOME Gitlab and advertising it to help the GNOME desktop in helping with multi-device synchronization of file storage and potentially in the future mail / calendar / TODO / photos / music / videos / search / system migration / VPN / other areas.
GNOME provides a built-in screen recorder that you can use to quickly record your desktop session. Here’s how to use it.
In my last 2018 review, I said Trisquel 8.0 was successful freedom because it is the only one oldest desktop-oriented free distro with latest basis (Ubuntu 16.04 LTS at that time) and active community (Trisquel Forum). Limited to this beta of 9.0 LiveCD, I feel it is smooth already to use and I don't find problems. I see that the desktop operations are functional, we can do things we do everyday like accessing files, writing documents, web browsing, mailing, playing video & audio, and many more. I can say that this new version would benefits all users because it keeps the user experience by its Redmond-like user interface (unlike radical changes between Ubuntu's Unity and GNOME) so no user --either existing or new-- would need to re-learn to use it. I wish the development goes well and quickly releases the final version. I wish I contribute to the whole community by publishing this review. Thank you all Trisquel Developers!
The YaST Software Management tool is the most reliable way to update your openSUSE Leap system via a graphical (GUI) interface. In a future article I will address updating openSUSE (Leap and Tumbleweed) systems via the command line.
Pleased to announce ArchBang Winter Iso.
Firefox returns as well as Gparted, new themes and wallpaper. Packages up to date (as of 01/01/20).
Am going to look at changing autologin for post install as I think it is confusing to new users. Archiso uses a systemd file in /etc/systemd/system/getty@tty1.service.d (autologin.conf).It means that some log in managers (graphical) do not work correctly. This can be disabled via systemctl and then safely removed.
I might remove autologin post install then it forces a user to log in with a username and password. May even go as far as adding lxdm (provided its not gtk2).
We’re pleased to announce the release of Qubes 4.0.2! This is the second stable point release of Qubes 4.0. It includes many updates over the initial 4.0 release, in particular:
All 4.0 dom0 updates to date Fedora 30 TemplateVM Debian 10 TemplateVM Whonix 15 Gateway and Workstation TemplateVMs Linux kernel 4.19 by default
Once upon a time, Linux was installed from a stack of floppy disks—thankfully cassette tape "drives" were long in the past at that point—but floppies were superseded by optical media, first CDs and then DVDs. These days, those options are starting to fade away in most new computer systems; just as it is now rather hard to find a floppy-based Linux installer, not to mention the media and drives themselves, someday optical media installation will disappear as well. For Fedora, that day has not truly arrived, though a somewhat confusingly presented proposal on the Fedora devel mailing list is, to a limited extent, a step in that direction.
In truth, of course, there is not a ton of difference between images meant to boot from USB devices and those built for optical media. A USB device these days can hold more than optical media can, but that is generally not the gating factor; typical Linux distributions can generally fit on a DVD. "Burning" optical media is a time-consuming process that may also consume the media itself, however. For a distribution quality assurance (QA) team, testing that type of media takes time that might be better spent on other things; it also requires testers to have the proper equipment, while USB ports are ubiquitous.
That is the backdrop to the proposal posted by Fedora program manager Ben Cotton to drop the "release blocking" categorization for bugs found installing from optical media in Fedora 32 (and beyond, presumably).
Here is my transparent report for my work on the Debian Long Term Support (LTS) and Debian Extended Long Term Support (ELTS), which extend the security support for past Debian releases, as a paid contributor.
In December, the monthly sponsored hours were split evenly among contributors depending on their max availability - I was assigned 16.5h for LTS (out of 30 max) and 16.5h for ELTS (max).
This is less than usual, AFAICS due to having more team members requesting more hours (while I'm above average), and less unused hours given back (or given back too late).
Moving to OpenStack from VMware can significantly reduce the TCO associated with an initial roll-out and ongoing maintenance of your cloud infrastructure. OpenStack vs VMware economic analysis shows that under certain circumstances, it is possible to bring the costs down an entire order of magnitude. This requires choosing an OpenStack distribution which can be maintained economically. An example of such distribution is Canonical’s Charmed OpenStack.
We have recently published a webinar and a whitepaper where we presented outcomes of our analysis around cost savings resulting from the migration from VMware to OpenStack. You can refer to those materials or, you can just read through this blog to capture the most important information. So let’s start with highlighting OpenStack vs VMware’s differences and elaborate more on how they influence the costs associated with both.
The Barcelona Supercomputing Center has coordinated the manufacture of the first open source chip developed in Spain. Built with TSMC’s 65-nanometer transistors, their RISC-V based Lagarto chip a key step in the center’s strategy to become a benchmark in the open source hardware technologies’ field developed in Europe.
Lagarto is an important step in the search of the BSC, led by the center’s director, Mateo Valero, to develop European computing technology. This project is based on the premise that the instruction set of the future processors must be open source to ensure transparency and minimize dependence. ISAs constitute the basic set of machine language instructions that a processor can understand and execute and is, therefore, the meeting point between software and hardware. The fact that they are open is intended to circumvent the possibility of chips incorporating backdoors or instructions that may be detrimental to the security or privacy of users.
We first found out about GigaDevice GD32V 32-bit RISC-V MCU last summer, as an update/alternative to the earlier STM32 compatible GD32 Arm Cortex-M3 microcontroller from the company...
In the first article of this short series, I explained the reason for wanting to know whether my garage door was open. I also described in detail how to set up an ESP32 to detect the door state (open/closed), and how to send it to a simple back end. In this post, I will tell you how the back end is set up.
You can download the app from GitHub and F-Droid. For those wondering why the app is not available to download on the Google Play Store, the developer says that it used to be present on Google Play but it had to be removed due to the recent permission requirements that would lead to split APKs.
It is worth mentioning that you can download the app for free and it doesn’t have ads.
The 50th anniversary of Unix happened just as predicted; your editor is looking like a true visionary so far. That prediction also suggested that we might see "interesting work in alternative operating-system models" this year. Whether the development of systems like Fuchsia or seL4 qualifies is a matter of perspective. One could also observe, as Toke Høiland-Jørgensen recently did, that "the Linux kernel continues its march towards becoming a BPF runtime-powered microkernel" and conclude that the most viable alternative to the Unix model is developing right under our noses.
The prediction that there would be more hardware vulnerabilities was no less obvious back in January. Holes like MDS, SWAPGS, and TSX async abort duly put in an appearance. It seems unlikely that we are done at this point. A minor consolation might be found in the fact that, by most accounts, communications between the kernel community and hardware vendors regarding these vulnerabilities have improved as predicted.
Did kernel development become more formalized, as we thought might happen in January? Certainly there have been discussions around workflow issues and Change IDs that would point in that direction, as does the increased emphasis on automated testing. One might argue that the kernel community grows up far too slowly, but things do change over time. The suggestion that projects would continue to transition away from the patches-over-email model ties into this as well; even the kernel community is talking about it, though any such change still seems distant at the end of 2019.
Issues with the supportability of BPF APIs did arise as predicted, but the statement that "more kernel APIs will be created for BPF programs rather than exported as traditional system calls" has not been fully borne out. That doesn't mean that we aren't seeing interesting APIs being created for BPF; for example, it may soon be possible to write TCP congestion-control algorithms as BPF programs.
Did somebody try to test out the kernel's code-of-conduct as predicted? As of November 30, there had been no code-of-conduct events in the last three months, and only minor events before. That prediction, happily, has not worked out. Thus far, it seems that the code of conduct may actually have succeeded in making the kernel community a nicer place without the need for any serious enforcement efforts.
Open source isn't just for techies. On your desktop (regardless of your operating system), on your phone, and in your business, open source software can help you become better organized, more productive, more secure, and healthier. Best of all, you don't need to worry about the shackles of proprietary licenses.
Throughout 2019, Opensource.com's team of Correspondents and community of writers have highlighted top-notch open source alternatives to proprietary software. Take a quick look at the best 10 of those articles.
In Intro to Corteza, an open source alternative to Salesforce, Dennis Arh introduces us to Corteza, a powerful and flexible customer relationship management (CRM) system. Dennis outlines what Corteza has to offer, then walks us through how to install and configure the system. While Corteza might not pack all the features of the bigger closed source CRM systems, it's more than enough for the majority of users.
Opensource.com Correspondent Chris Hermansen whips up an overview of a half-dozen instant messaging apps for mobile devices in Choosing an open messenger client: Alternatives to WhatsApp. While each of the six apps has its strengths, Chris recommends Signal for "its open-by-design approach, its serious and ongoing privacy and security stance, and having a Signal app on our GNOME (and Windows) desktops."
Researchers at the University of Tennessee (UT) have developed a free open-source computer program that can be used to create visual and quantitative representations of brain electrical activity in laboratory animals in hopes of developing countermeasures for opioid use disorder.
The program is described in a paper published in JoVE. Lead author Christopher O’Brien is a UT graduate who manages the research laboratory of Helen Baghdoyan and Ralph Lydic, both co-authors on the paper and professors in UT’s Department of Psychology and the Graduate School of Medicine’s Department of Anesthesiology.
DevNation tech talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions and code and sample projects to help you get started. In this talk, you’ll learn about Kubernetes-native Spring apps on Quarkus with Georgios Andrianakis, Software Engineer at Red Hat.
Ever wondered how you could create truly micro microservices using your favorite Spring APIs? In this session, you’ll see how Quarkus speaks Spring through a live-coding demonstration of a Quarkus application using some of the most popular Spring features.
When Java SE 8 (aka core Java 8) was introduced in 2014, it introduced changes that fundamentally impact programming in it. The changes have two closely linked parts: the stream API and the functional programming constructs. This article uses code examples, from the basics through advanced features, to introduce each part and illustrate the interplay between them.
Go is a compiled, statically typed programming language that makes it easy to build simple, reliable, and efficient software. It?s a general purpose programming language with modern features, clean syntax and a robust well-documented common library, making it a good candidate to learn as your first programming language. While it borrows ideas from other languages such as Algol and C, it has a very different character. It?s sometimes described as a simple language.
Go is an open source project developed by a team at Google and many contributors from the open source community. Go?s first release was in 2009, and it?s distributed under a BSD-style license.
he first order of the day was to clean up all the debugging code I peppered across my perl trying to find an answer to my 'Failed Signature' bug.
These are some answers to the Week 41 of the Perl Weekly Challenge organized by Mohammad S. Anwar.
Spoiler Alert: This weekly challenge deadline is due in a couple of days (January 5, 2020). This blog post offers some solutions to this challenge, please don’t read on if you intend to complete the challenge on your own.
Programming languages generally have limits—explicit or implicit—on various aspects of their operation. Things like the maximum length of an identifier or the range of values that a variable can store are fairly obvious examples, but there are others, many of which are unspecified by the language designers and come about from various implementations of the language. That ambiguity has consequences, so nailing down a wide variety of limits in Python is the target of an ongoing discussion on the python-dev mailing list.
Mark Shannon posted a proposal "to impose a limit of one million on various aspects of Python programs, such as the lines of code per module". One million may seem like an arbitrary number (and it is), but part of his thinking is that it is also memorable, so that programmers don't need to consult a reference when wondering about a language-imposed limit. In addition, though, certain values stored by the Python virtual machine (e.g. line numbers) are 32-bit values, which obviously imposes its own limit—but one that may be wasting space for the vast majority of Python programs that never even get close. Beyond that, overflowing those 32-bit values could lead to security and other types of problems.
As Shannon pointed out, a range of -1,000,000 to 1,000,000 could fit in 21 bits and that three of those values could be packed into a 64-bit word. "Memory access is usually a limiting factor in the performance of modern CPUs. Better packing of data structures enhances locality and reduces memory [bandwidth], at a modest increase in ALU usage (for shifting and masking)." He suggested that the data structures for stack-frame objects, code objects, and objects themselves could benefit from packing in that fashion. "There is also the potential for a more efficient instruction format, speeding up interpreter dispatch."
If you've followed along with the previous articles in this series, then you know all the basics of programming video game mechanics. You can build upon these basics to create a fully functional video game all your own. Following a "recipe" like the code samples in this series is helpful when you're first learning, but eventually, the recipe becomes a constraint. It's time to use the principles you've learned and apply them in new ways.
If that sounds easier said than done, this article demonstrates an example of how to leverage what you already know for new purposes. Specifically, it covers how to implement a looting system
I recently learned about a cool formula to calculate the number of trailing zeros in the factorial of a number. It has been a while since I wrote a program to do something like this. So, I decided to change that and write this blog post. Let's jump in.
In the spirit of wring various "calculators" in the book, we will write a "number of trailing zero" calculator. First up though, let's refresh some key relevant concepts.
Factorial: The factorial of a number, n denoted by n! is the product n*(n-1)*(n-2)...*1. For example, 5! = 5*4*3*2*1 = 120.
Trailing zeros: The trailing zeros of a number is the number of zeros at the end of a number. For example, the number 567100 has two trailing zeros.
Floor: The floor of a number is the greatest integer less than or equal to x. That is floor of 3.2 is 3 and that of 3.5 is 3 and the floor of 3 is 3 as well.
In this episode, we started a users app and hooked up the custom user model feature of Django to unlock the full extensibility of that model in the future. The stream was cut short this week because of some crashing issues in the OBS streaming software.
The goal of the episode was to add django-allauth so that users can sign into the service with an email and password instead of the default username and password combination. We’re using Will Vincent's guide on this topic as an aide for this implementation (thanks Will!).
django-allauth makes it possible to add a variety of authentication options like Google or Facebook sign in. My app is not using those modes, but it is taking advantage of the “email as username” feature that the package can provide.
Before getting to the django-allauth integration, we first needed to create a custom User model. This isn’t strictly necessary, but it unlocks a lot of future potential and is a hard change to make later in a project.
Today we've issued the 3.0.2 bugfix release.
The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Mariusz Felisiak: 2EF56372BA48CD1B.
Nihilism is about to become the best worst possible life strategy.
In the study, which Google funded, researchers used anonymized mammograms from more than 25,000 women in the UK and 3,000 women in the US. “We tried to follow the same principles radiologists might follow,” Shetty says. According to Google’s blog post, the team first trained AI to scan X-ray images, then looked for signs of breast cancer by identifying changes in the breasts of the 28,000 women. They then checked the computer’s guesses against the women's’ actual medical outcomes.
Tested on images where the diagnosis was already known, the new system performed better than radiologists. On scans from the United States, the system produced a 9.4 percent reduction in false negatives, in which a mammogram is mistakenly read as normal and a cancer is missed. It also provided a lowering of 5.7 percent in false positives, where the scan is incorrectly judged abnormal but there is no cancer.
Achieving that balance is the aim of a new cross-industry effort, the Confidential Computing Consortium. Founded in 2019, the collaboration operates within The Linux Foundation. Its mission is defining and promoting adoption of confidential computing, which protects sensitive data within system memory, a new favored target for attackers. Backers include industry heavyweights Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, and Tencent.
The official Mariah Carey Twitter account was hacked late New Year’s Eve. The pop diva’s account sent several racist tweets and commented on Nick Cannon’s beef with Eminem.
Here at EFF, we maintain a repository of self-help resources on circumventing surveillance across a variety of different platforms, devices, and threat models. We call it Surveillance Self-Defense, or SSD for short.
SSD covers myriad topics, and is broken up into four main sections:
2019 has been an eventful year for consumer privacy, both in a few key courts and state legislatures as well as in Silicon Valley.€
An important decision by the Ninth Circuit Court of Appeals in August defended the ability of Illinois citizens to protect their biometric data. Meanwhile, a flurry of efforts by technology giants to weaken the California Consumer Privacy Act (CCPA) failed in the state legislature.€
Now the law is officially on the books in the biggest state in the union and the world’s fifth-largest economy. For the average internet user in California, life will not be radically different. But as the mechanisms of the law get finalized, and depending on how it’s enforced, its impact could go a long way to determining whether the 2020s become the decade when the US started taking privacy seriously.
Even for users who aren’t also Google employees, breaking up with the tech giant is hard. The company’s apps work in tandem, which makes adding calendar invites from Gmail incredibly easy. There can be some unwanted side effects, like when spammy emails began populating peoples’ calendars with unwanted calendar invites. But most of the time it’s convenient.
While Google stopped scanning peoples’ emails for targeted advertising in 2017, ProtonMail claims that some companies still use your private calendar to target their ads. “For the longest time, to easily organize these events, you had to let large corporations monitor these special moments. These companies snoop on your calendar and use that information to inform their advertising,” ProtonMail writes in its blog post. “A calendar is more than just a tool. It’s a record of the moments that make up your life.”
Developers
1. Stop embedding the surveillance devices of companies like Google and Facebook in your web sites and apps. Stop exposing the people who use your services to surveillance capitalism.
2. Start looking at alternative ways of funding and building technology that do not follow the toxic Silicon Valley model.
3. Drop “growth” as your success metric. Build tools that individuals own and control, not your company or organisation. Build single-tenant web apps. Support free (as in freedom) and decentralised platforms (without getting mired in the blockchain swamp).
However behind the scene, some SDKs (I'm looking at you Facebook!) inject an iframe in your website to display the Continue as {MyName} or Login with Facebook button. Loading this iframe allows Facebook to know that this specific user is currently on your website. Facebook therefore knows about user browsing behaviour without user's explicit consent. If more and more websites adopt Facebook SDK then Facebook would potentially have user's full browsing history! And as in "With great power comes great responsibility", it's part of our job as developers to protect users privacy even when they don't ask for.
“If you thought the GDPR was bumpy, the CCPA is going to be a real roller coaster,” Reece Hirsch tells The Verge. Hirsch is co-head of Morgan Lewis’ privacy and cybersecurity practice and has been advising clients on how to adapt to the new law. “This is a complex set of new rules, which are still a work in progress.”
The crux of the CCPA is this: if your company buys or sells data on at least 50,000 California residents each year, you have to disclose to those residents what you’re doing with the data, and, they can request you not sell it. Consumers can also request companies bound by the CCPA delete all their personal data. And as The Wall Street Journal reported, websites with third-party tracking are supposed to add a “Do Not Sell My Personal Information” button that if clicked, prohibits the site from sending data about the customer to any third parties, including
The name comes from the strategy of moving money from an Irish subsidiary to a Dutch holding company, and then back to an Irish shell company located in Bermuda that has the rights to license Google intellectual property, thus the “Dutch sandwich” in between. Bermuda has no corporate income tax, making it a lucrative final stop to report income. The whole process effectively avoids paying US income tax and European withholding taxes on overseas profits, although some money is still paid to the Irish government.
Google parent Alphabet (GOOGL.O) will no longer use an intellectual property [sic] licensing scheme, known as the “Double Irish, Dutch sandwich”, which allowed it to delay paying U.S. taxes, 2018 tax filings show.
Just two months ago, Army recruiters were using TikTok as an effective tool for reaching young people of Generation Z even as lawmakers were calling for a national security review of the music video app, which is owned by Beijing-based ByteDance.
In late October, Sen. Tom Cotton R-Arkansas, and Sen. Chuck Schumer, D-New York, asked U.S. intelligence officials to investigate whether TikTok represents a national security risk to the United States.
As of mid-December, the Army began advising soldiers to stop using TikToK on all government-owned phones, Ochoa said. The U.S. Navy recently put out similar guidance, prohibiting the use of TiKTok on government phones, according to reports by Gizmodo and other publications.
The army reportedly used TikTok to recruit members prior to the ban.
’Tis the season for giving. Accordingly, the US has given the Kingdom of Saudi Arabia a gift in the form of the National Defense Authorization Act (NDAA) which President Donald Trump signed into law on December 21.
His kind of leadership is problematic from the viewpoint of a hegemonic political and military power that requires utter and absolute submission.
As the calendar prepared to flip from 2019 to 2020, protesters stormed the US embassy in Baghdad.€ As I write this, the action — a response to US airstrikes in Iraq and Syria which killed at least 25 and wounded more than 50 — hasn’t yet become a reprise of the Iran hostage crisis of 40 years ago, but it’s eerily reminiscent.
Security forces around the U.S. Embassy in Baghdad fired tear gas and stun grenades at demonstrators who gathered for a second day straight.
A tragic airline crash with far-reaching consequences, cataclysmic cyclones that may be a harbinger of the future, the death of an African icon and a new leader who won the Nobel Peace Prize. These African stories captured the world’s attention in 2019 — and look to influence events on the continent in 2020.
"Everything's a grift today. Even, it seems, for pardoned war criminals."
Stories here have exposed countless scams, data breaches, cybercrooks and corporate stumbles. In the ten years since its inception, the site has attracted more than 37,000 newsletter subscribers, and nearly 100 million pageviews generated by roughly 40 million unique visitors.
Some of those 40 million visitors left more than 100,000 comments. The community that has sprung up around KrebsOnSecurity has been truly humbling and a joy to watch, and I’m eternally grateful for all your contributions.
One housekeeping note: A good chunk of the loyal readers here are understandably security- and privacy-conscious, and many block advertisements by default — including the ads displayed here.
Just a reminder that KrebsOnSecurity does not run third-party ads and has no plans to change that; all of the creatives you see on this site are hosted in-house, are purely image-based, and are vetted first by Yours Truly. Love them or hate ’em, these ads help keep the content at KrebsOnSecurity free to any and all readers. If you’re currently blocking ads here, please consider making an exception for this site.
Former members of the agency's Science Advisory Board say EPA Administrator Andrew Wheeler is "sidelining" the panel.
This was a nonbinding statement but nonetheless reflective of a profound shift in the urban narrative around climate change that no longer sees environmental sustainability as disconnected from human rights. “The mayors of the 94 most influential cities in the world are increasingly seeing climate and equity issues as connected," says David Miller, C40’s North America director. While action is to a large degree dependent on national policies, cities can do plenty. By implementing low-carbon measures, they could cut urban emissions in key sectors by almost 90 percent by 2050, according to the Coalition for Urban Transitions.
Of the 184 countries that have published climate goals tied to their participation in the Paris Agreement, only 20 percent have been deemed sufficient to reach the 1.5 degree target, according to a report from the Universal Ecological Fund. By contrast, C40 cities have drafted climate action plans that are as ambitious, if not more so, than the accord’s targets. Copenhagen is working to become the world’s first carbon-neutral city by 2025. New York City aims to reduce its emissions by 80 percent in the next 30 years. Toronto wants all vehicles riding within its city limits to use low-carbon energy by 2050.
Tackling climate change isn’t just about replacing fossil fuels with renewables, or planting more trees. It’s about confronting climate stress across society.
There is a practical, shovel-ready solution to our impasse, powered by a massive leap in grassroots consciousness, a youth-led climate movement and a 2020 ballot box revolution.
It’S 9 A.M. and a grey cloud that had been shrouding one of four mountains surrounding Temacapulín, in the highlands of western Mexico, has begun to lift. “SINCE THE SIXTH CENTURY, TEMACAPULÃÂN WELCOMES YOU.” The bold white letters emblazoned on the side of one of the mountains, Cerro de la Cruz, emerge through the mist, Hollywood-style, as the town’s inhabitants scurry to live up to the promise. It’s the first day of the Tenth Annual Chile de Arból Fair and a steady rain has been threatening to flood the town’s two-day festival of resistance against a mega-dam project nearby. But the townsfolk aren’t about to let a little water get in their way.
What if you were to control an energy business that's also an economic development engine and a grassroots force for advancing social justice?
Scott Morrison can’t handle the bushfires, because he can’t handle climate change itself, writes Ben Eltham. Australia’s leader is failing our nation.
One plant will be able to make 5 gigawatts of solar cells annually in Yiwu city, and the other 10 gigawatts of panels, the company said in a filing to the Shenzhen stock exchange on Wednesday. The company has signed a framework agreement with the management committee of a local industrial zone for the investment.
There it goes, Brothers and Sisters, Lovers and Sinners, another year, along with another whole decade, down the hatch, into the archives and off the table.
[...]
At this most precarious time in human history, as the rich get richer, the Perma Wars go rolling along while the climate crisis hurtles past the “point of no return,” it seems more vital than ever to take a step back from the all-too-human bombast that got us into this jam in the first place—and get some much-needed guidance from a whole different species: our kissing cousins, the bonobos.
In a larger sense, we’d all do well to take some guidance from nonhuman nature in general, so that we might look out for each other like wolves, work productively like beavers, nurture others like the trees, make honey like the bees or tweet like birds… instead of mad, twitter-addicted humans.
But “nature in general” is a lot to handle, especially when your comprehension has been virtually squeezed into the space of a smart phone.
Enter bonobos, humanity’s closest genetic cousins. Some primatologists say they’re even closer to us than common chimpanzees, or at least just as close, which is more than 98% genetically similar to us.
In the 2 1/2 years since Stuber took the job, Netflix has morphed into the largest movie studio in Hollywood, at least in terms of volume. The company plans to release 50 to 60 films a year, and that doesn’t include projects born out of other divisions, such as “El Camino,” a spinoff movie from the TV show “Breaking Bad.”
The company has scored both critical and commercial hits. “Bird Box” and “Murder Mystery” were viewed by more than 70 million people apiece in their first month on the service, according to the company, while “Triple Frontier” and “The Highwaymen” both eclipsed 40 million viewers. Six of the 10 most-watched new titles on the service in the U.S. in 2019 were original films.
Still, it’s hard to measure Netflix’s success. The company is selective in what viewer information it releases and there’s no reliable third-party data source. So it’s all but impossible to verify how any one Netflix project fared. The company points to its continued subscriber growth as evidence of success, but critics note that Netflix still borrows money to fund its productions.
Emerging out of the ashes of the financial crisis, Bitcoin was created as a bypass to the banks and government agencies mired in Wall Street’s greatest calamity in decades. At first, it was slow to break through, muddied by a slew of scandals: fraud, thefts and scams that turned away many and brought closer regulatory scrutiny. But once it burst into the mainstream, it proved to be the decade’s best-performing asset.
The largest digital token, trading around $7,200, has posted gains of more than 9,000,000% since July 2010, according to data compiled by Bloomberg.
She can threaten to reopen the House investigation into the president.
Over the last decade, a national consensus has developed for a progressive left agenda on the economy, social services, the climate crisis and ending wars but the movement has not yet built the power to make that a reality. The next decade will be ripe with opportunities for transformational change due to a combination of expanding popular movements as well as escalating crisis situations.
Marking the end of the year and the one-year anniversary of the day she began her 2020 presidential campaign, Sen. Elizabeth Warren challenged voters to imagine a country that puts the needs and priorities of working people ahead of corporate profits€ in an€ hour-long speech€ in Boston.
The American Democratic Party has a problem with white working-class America – they lost them, or at least large segments of them to Donald Trump’s Republican Party. Policy reasons may explain part of this. But a better explanation may be that these voters fit the description of what Karl Marx used to call the Lumpenproletariat–reactionary working class opposed to revolution or at least progressive politics.€ Understanding who these individuals are may be critical to Democrats winning in 2020.
Republican senators like Mitt Romney, Susan Collins, Lisa Murkowski, Cory Gardner, and Lamar Alexander—history has its eyes on you.
When Kimberly Dudik ran for her fourth term in the Montana House, state officials told her she could not use campaign money to pay for child care for her four young children.
"What we are proving on this campaign is that one does not need to beg the wealthy and the powerful for campaign contributions in order to win elections."
A federal strategy for defending the U.S. government against cyberattacks is one step closer to completion, with lawmakers saying they have a draft form that could be finalized as early as March.
The report has been in the works since 2018 after the National Defense Authorization Act created a commission, consisting of lawmakers and industry leaders, to draw up recommendations.
Rep. Mike Gallagher (R-Wis.), co-chairman of the commission, told The Hill that the commission had recently put together a draft version.
Lisa Porter, who oversees research and development at the defence department, has asked US companies to develop open-source 5G software — in effect opening up their technology to potential rivals — warning they risk becoming obsolete if they do not.
Making 5G tech open-source could threaten American companies such as Cisco or Oracle, the biggest American suppliers of telecoms network equipment.
This technology — known as open radio access networks — would allow telecoms carriers to buy off-the-shelf hardware from a range of vendors, rather than bespoke systems.
Indian Prime Minister Narendra Modi’s government is seeking at least $30 billion in overdue telecom fees from mobile-phone service providers to energy companies and fertilizer makers as it struggles to meet its budget deficit target with economic growth foundering.
The government of the United Kingdom informed United Nations Special Rapporteur on Torture Nils Melzer that they reject any allegation that WikiLeaks founder Julian Assange “has been subjected to torture in any form as a result of actions by the U.K. government.” Officials also reject the findings of the UN Working Group on Arbitrary Detention (WGAD) that Assange was ever “arbitrarily detained.” While living under diplomatic asylum from Ecuador, they contend that Assange was “free to leave the Ecuadorian embassy at any time.” Melzer strongly objected to the UK government’s indifference toward Assange’s ongoing abuse and mistreatment.In April 2019, Assange was expelled from the Ecuadorian embassy and arrested by U.K. authorities. The United States government charged him with conspiracy to commit a computer crime and requested his extradition. U.S. prosecutors subsequently charged him with 17 violations of the Espionage Act in May. All charges related to WikiLeaks’ publication of the Afghanistan War Logs in 2010, which were provided to the media organization by U.S. military whistleblower Chelsea Manning. €
A top UN official has accused the British and US governments of “torture” over their detention of whistleblowers Chelsea Manning and Julian Assange, who between them embarrassed the West...
United Nations Special Rapporteur on Torture Nils Melzer shared on social media Tuesday a letter he sent to the United States government last month expressing concerns that the continued detention of whistleblower Chelsea Manning amounts to torture.
According to a statement issued by the PFUJ and KUJ, the counter-terrorism department of Karachi police raided the house of Nasrullah Chaudhry and arrested him in early November, claiming to have recovered ‘banned literature’. The move was termed by the journalist bodies as an attempt to justify the raid and arrest.
According to a report in Dawn, Nasrullah was in possession of journals and booklets about Afghan Jihad and the Punjabi Taliban, which allegedly contained material intended to create sectarian discord and motivate people for jihad.
The bill also states that publishers and owners of media outlets should be held responsible for the contents of advertisement. Section 25 (2) of the bill proposes up to one year jail and up to Rs 10,000 in fine or both for media publishers and owners of broadcast companies if their media is found publishing any ‘offensive’ advertisement.
Section 5 of the bill states that publication or broadcast of advertisements that include false information or banned content, that affect fair competition in products and services, expose information that is confidential by law, make comparisons between goods, products and services, or fall foul regarding various other issues could land the owner of the offending media in jail.
Ogirima told CPJ that while he was filming protesters at the central hospital in Sapele Road, a district in the state capital, Benin City, at least 10 people whom the journalist described as local security officials, attacked him from behind, slapping him when he turned to confront them, and destroying his camera. The attackers asked Ogirima why he was filming, but attacked before he could answer, Ogirima said.
The year 2019 was consequential for journalism, but less discussed are the young people who have been flexing their journalistic prowess, breaking stories and covering news in ways they felt the mainstream media was not. Students launched community newspapers in places that lacked them; amid layoffs in newsrooms around the country, student papers became community staples, closing a local-news gap. Student journalists battled censorship and won, broke news about their high school’s use of prison labor, and pioneered their own media outlets, including Instagram accounts devoted to distilling the news in easy-to-read ways. Student journalism advocates are also gearing up to protect student press freedom with New Voices, a nonpartisan movement that has 11 state bills being introduced to protect the rights of student reporters, sometimes against policies imposed by their own universities and communities that seek to silence them (according to the Student Press Law Center, currently there are only 14 states with laws protecting the First Amendment rights of student journalists). They aren’t just keeping up with “traditional” news coverage; young reporters are often defining it.
Nearly one year ago, in February 2019, a 24-year-old Honduran woman in Immigration and Customs Enforcement (ICE) custody went into premature labor while 27 weeks pregnant. The federal immigration agency failed to transport the woman to a hospital in a timely manner, and she gave birth to a stillborn at the Port Isabel Detention Center in Texas. Days after the news of this tragic story broke, I spoke to Nancy Cárdenas Peña, the National Latina Institute for Reproductive Health’s (NLIRH) Texas director for policy and advocacy. Peña was raw with emotion and inconsolable. The conversation we had then has haunted me throughout the year, and it has also reaffirmed my commitment to continue covering immigration as a reproductive justice issue and to urge other journalists to do the same.
There's a very real possibility that the same companies that fell down on the job in 2016 will once again be a force for evil in 2020.€
The U.S. far right continued to be very active in 2019. The good news is that, surveying their actions for the year, those far rightists outside of the GOP have had less growth and street presence than in 2018. Doxxing, lawsuits, a loss in interest from conservatives and state repression have all taken their toll. The far right’s boom years of 2016 and 2017 are starting to fade away, but it remains an energized movement. The white nationalist wing was still far more active in 2019 than it was for almost two decades, since its last boom period in the 1990s until its recent revival. Meanwhile, the most militant part of it has crystallized into a neo-Nazi, pro-terrorism faction.
We will unsubscribe to hate Change our password and pray for the dead All the dead
Federal prosecutors have filed hate crime charges against the man accused of stabbing five Jewish worshipers with a machete during a Hanukkah celebration at a rabbi’s home in a heavily ultra-Orthodox New York suburb of Monsey. They say the suspect, Grafton Thomas, kept journals that had references to Adolf Hitler, “Nazi culture” and a drawing of a swastika, and his cellphone showed multiple online searches for “Why did Hitler hate the Jews.” His family and lawyers say he is mentally ill. New York Governor Andrew Cuomo has called the attack “domestic terrorism,” and several Jewish elected officials in New York have asked him to declare a state of emergency and to deploy the National Guard to “visibly patrol and protect” Orthodox Jewish neighborhoods. It was New York’s 13th anti-Semitic incident in three weeks and comes after a shooting at a kosher supermarket in Jersey City in which two assailants killed three people before police shot them dead after an hours-long shootout. A new Associated Press database counts more mass killings in 2019 than any year dating back to at least the 1970s. We speak with Audrey Sasson, executive director of Jews for Racial and Economic Justice, and Alex Yablon, a reporter who covers guns, extremism and mass shootings.
It’s highly subjective, of course, but the sweetest moment of 2019 came late in the year, complete with a personal epiphany, writes Chris Graham.
Illinois’s governor on Tuesday granted more than 11,000 pardons for people convicted of low-level marijuana convictions, ahead of the state legalizing the drug beginning Jan. 1.
Gov. JB Pritzker (D) granted 11,017 pardons for misdemeanor cannabis-related convictions as part of the law, which takes effect Wednesday. The law will make Illinois the 11th state to legalize the use of marijuana for adults who are at least 21 years old.
Pritzker announced the pardons at a church on Chicago’s south side. He said the convictions have held people back from good jobs, housing and financial aid for college.
But if a new kid shows up and bluntly heils Hitler, or fakes a police insult on a god damn cup of McDonald's coffee, because they're young and dumb and reckless and radicalized by 4chan lulz? That makes it easier to clean house. For better, and for worse. Maybe it represents a major shift in police accountability; or maybe it's just a good PR movie. Only time will tell.
In the meantime, there's still a pretty good chance that these terminated rookies will still get hired elsewhere, or at least that their disciplinary files will never be seen. Because that's the way police contracts work.
Keeping with the trend of previous years, the volume of new patent disputes decreased yet again in 2019. However, the number of patent disputes involving Non-Practicing Entities (NPEs) increased by 4% compared to 2018, perhaps fueled in part by the sharp decrease in new PTAB petitions and low institution rates.
Highlights:
- The number of new PTAB proceedings (IPRs, CBMs, and PGRs) is down 23% compared to 2018. Meanwhile, the PTAB’s institution rate in IPRs has remained steady with trial being instituted in 62% of proceedings in 2019.
- District court patent litigation is down 3% compared to 2018 (down 43% compared to the peak in 2015). However, NPEs in Q1-Q4 2019 filed 1,944 new district court cases, slightly higher than the number of new NPE cases in 2018.
- Patent litigation in Delaware District Court increased 16% compared to the same period for 2018 with a total of 989 new cases since the beginning of the year. DED is also the most active venue for NPE disputes which account for 64% of infringement contentions filed there.
- Unified was the 5th most frequent PTAB petitioner in 2019. Unified filed 43 new cases in 2019 against some of the most widely asserted NPE patents.
Unfortunately, the fact that works from 1924 are legally available does not mean they are actually available. After 95 years, many of these works are already lost or literally disintegrating (as with old films5 and recordings), evidence of what long copyright terms do to the conservation of cultural artifacts. In fact, one of the items we feature below, Clark Gable's debut in White Man, apparently no longer exists. For the works that have survived, however, their long-awaited entry into the public domain is still something to celebrate. (Under the 56-year copyright term that existed until 1978, we would really have something to celebrate – works from 1963 would be entering the public domain in 2020!)
Gaming Like It's 1924: The Newly Public Domain Game Jam
The European Commission has published an updated list of foreign countries with problematic copyright policies. One of the highlighted countries is Canada which, according to the EU, has too broad copyright exceptions. In addition, the EU suggests that Canada should implement a takedown requirement to ensure that infringing content is swiftly removed by online services.
FACT, an anti-piracy outfit known for taking action on behalf of clients including Sky and the Premier League, has teamed up with copyright troll outfit Hatton and Berkeley. The surprise pairing is revealed in submissions to the UK's Companies House, which also show that 70% of FACT's shares are now owned by a company that made a significant loan to FACT.
A set of companies that control the rights to a slew of popular songs are suing those that they accuse of using some of this music in documentaries without permission.
On New Year’s Eve, a collection of around 75 unreleased Rolling Stones songs were temporarily posted onto YouTube, in an apparent attempt to extend the term of the songs’ copyrights.