Google has been allowing Chrome OS users to run Linux apps for a few years. But the optional “Crostini” feature which makes this possible sort of feels tacked onto Chrome OS as an afterthought (which… to be fair, it was).
That could change when Chrome OS 82 is released on May 5th. It’s expected to include a major update to the Linux terminal app and user experience.
It has been a busy morning here at the Chrome Unboxed office. Robby made the move over to the Dev channel yesterday and discovered a plethora of new and updated features. Some we’ve been expecting but others are appearing for the first time and a massive update to the Linux terminal is one of the biggest when we’re talking about the latter. For those taking advantage of Linux apps on Chrome OS, you’re familiar with the “terminal” app that looks pretty much like any Command Line Interface on any Linux distro. (Windows and Mac, for that matter.)
Amazon Web Services (AWS) has added a lightweight instance of Linux it calls Bottlerocket to the container services it makes available on its public cloud.
Deepak Singh, vice president of compute services for AWS, says that beyond simply providing a way to host containers that consume less memory, Bottlerocket will make it easier for IT teams to recover from failures because the amount of time required to reconstruct the operating system using a container scheduler such as Kubernetes will be substantially less. Rather than relying on a traditional package update system, Bottlerocket makes use of an image-based model that allows for rapid and complete rollbacks of updates. That approach also makes it easier to apply updates across a fleet of instances of Bottlerocket.
Open-source Bottlerocket from AWS aims to break the bottleneck of installing package updates on containerized apps.
Amazon’s cloud business, Amazon Web Services (AWS) has announced the launch of a new open-source operating system designed to run containers on both virtual machines and bare metal hosts.
Called Bottlerocket, the operating system is still in the developer review phase, with anyone interested in testing it out can do so as an Amazon Image Machine for EC2.
As explained on the Bottlerocket website, most customers nowadays run containerised applications on general-purpose operating systems that are updated package-by-package. That makes updates to the operating system tough to automate.
Bottlerocket addresses this challenge by applying updates in a single step, rather than package-by-package.
FreeBSD on Power, DragonflyBSD 5.8 is here, Unifying FreeNAS/TrueNAS, OpenBSD vs. Prometheus and Go, gcc 4.2.1 removed from FreeBSD base, and more.
covid, 3d printers, old computers
Wendell Wilson is back, and he and Chris are struggling with their automation setups. Also, we chat about ideal home server hardware for a server or a pfSense box.
Mozilla and KaiOS join forces to bring a modern browser engine to the feature phone platform, GCC 9.3 has arrived with mitigations for Intel's LVI vulnerability, and Nextcloud's latest numbers show healthy growth and continued profitability.
While Linux has grown to dominate the server room, Windows and Mac have long been the go-to operating systems in the enterprise desktop space. But that paradigm is beginning to shift, and Linux is emerging as an increasingly attractive option for enterprise users – especially within software engineering teams. This webinar, hosted by Nilay Patel, Product Manager for Ubuntu Desktop, will explore the key areas where Ubuntu Desktop offers compelling benefits to businesses. It will focus on how enterprises can deploy Ubuntu with minimal hardware configuration and while remaining secure, compliant and supported.
I'm announcing the release of the 5.5.9 kernel.
All users of the 5.5 kernel series must upgrade.
The updated 5.5.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.5.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
The kernel development process is based on trust at many levels — trust in developers, but also in the infrastructure that supports the community. In some cases, that trust may not be entirely deserved; most of us have long since learned not to trust much of anything that shows up in email, for example, but developers still generally trust that emailed patches will be what they appear to be. In his ongoing effort to bring more security to kernel development, Konstantin Ryabitsev has proposed a patch attestation scheme that could help subsystem maintainers verify the provenance of the patches showing up in their mailboxes.
One might wonder why this work is needed at all, given that email attestation has been widely available for almost exactly as long as the kernel has existed; Phil Zimmermann first released PGP in 1991. PGP (and its successor, GnuPG) have always been painful to use, though, even before considering their interference with patches and the review process in particular; PGP-signed mail can require escaping characters or be mangled by mail transfer agents. It is safe to say that nobody bothers checking the few PGP signatures that exist on patches sent via email.
Ryabitsev's goal is to make attestation easy enough that even busy kernel developers will be willing to add it to their workflow. The scheme he has come up with is, for now, meant for integration with processes that involve using git send-email to send out a set of patches, though it is not tightly tied to that workflow. A developer can add attestation to their process by creating a directory full of patches and sending them out via git send-email in the usual manner; attestation is then done as a separate step, involving an additional email message.
This patch from Johannes Weiner seemed like a straightforward way to improve memory-reclaim performance; without it, the virtual filesystem layer throws away memory that the memory-management subsystem thinks is still worth keeping. But that patch quickly ran afoul of a feature (or "misfeature" depending on who one asks) from the distant past, one which goes by the name of "high memory". Now, more than 20 years after its addition, high memory may be brought down low, as developers consider whether it should be deprecated and eventually removed from the kernel altogether. A high-memory refresher
The younger readers out there may be forgiven for not remembering just what high memory is, so a quick refresh seems in order. We'll start by noting, for the oldest among our readers, that it has nothing to do with the "high memory" concept found on early personal computers. That, of course, was memory above the hardware-implemented hole at 640KB — memory that was, according to a famous quote often attributed to Bill Gates, surplus to the requirements of any reasonable user. The kernel's notion of high memory, instead, is a software construct, not directly driven by the hardware.
Since the earliest days, the kernel has maintained a "direct map", wherein all of physical memory is mapped into a single, large, linear array in kernel space. The direct map makes it easy for the kernel to manipulate any page in the system; it also, on somewhat newer hardware, is relatively efficient since it is mapped using huge pages.
A problem arose, though, as memory sizes increased. A 32-bit system has the ability to address 4GB of virtual memory; while user space and the kernel could have distinct 4GB address spaces, arranging things that way imposes a significant performance cost resulting from the need for frequent translation lookaside buffer flushes. To avoid paying this cost, Linux used the same address space for both kernel and user mode, with the memory protections set to prevent user space from accessing the kernel's portion of the shared space. This arrangement saved a great deal of CPU time — at least, until the Meltdown vulnerability hit and forced the isolation of the kernel's address space.
One of the basic rules of kernel-module development is that modules can only access symbols (functions and data structures) that have been explicitly exported. Even then, many symbols are restricted so that only modules with a GPL-compatible license can access them. It turns out, though, that there is a readily available workaround that makes it easy for a module to access any symbol it wants. That workaround seems likely to be removed soon despite some possible inconvenience for some out-of-tree users; the reason why that is happening turns out to be relatively interesting. The backdoor in question is kallsyms_lookup_name(), which will return the address associated with any symbol in the kernel's symbol table. Modular code that wants to access a symbol ordinarily denied to it can use kallsyms_lookup_name() to get the address of its target, then dereference it in the usual ways. This function itself is exported with the GPL-only restriction, which theoretically limits its use to free software. But if a proprietary module somewhere were to falsely claim a free license to get at GPL-only symbols, it would not be the first time.
Will Deacon has posted a patch series that removes the export for kallsyms_lookup_name() (and kallsyms_on_each_symbol(), which is also open to abuse). There were some immediate positive responses; few developers are favorably inclined toward module authors trying to get around the export system, after all. There were, however, a couple of concerns expressed.
It's been seven years since Intel launched the "Bay Trail" Atom processors and the Linux fixes for it and the succeeding Cherry Trail continue to materialize for the kernel.
Over the years we have seen Intel Bay Trail support on Linux seeing quite a number of fixes. The Bay Trail work has included belated items like fixing hibernation support, Bay Trail quirky behavior on varying kernels, improved clocking behavior, performance fixes, and other items. Bay Trail continues to stand out as one of the buggier Intel platforms when it comes to the Linux driver support.
We continue to see bits here and there of AMD Family 19h / Zen 3 support coming together for the mainline Linux kernel.
For Linux 5.6 has been some Family 19h PCI IDs being added to existing AMD Zen support code paths. Last month were a few 19h patches for the perf subsystem.
The Turnip Mesa Vulkan driver for Qualcomm Adreno graphics processors can now handle transform feedback.
With Freedreno Gallium3D being in good standing for open-source OpenGL support on Qualcomm Adreno hardware developed by Google engineers and the open-source community, the attention more recently has been focused on the related "Turnip" driver for Vulkan support.
One of the latest patch series being worked on by long-time open-source AMD Linux graphics driver developer Christian König is P2P DMA-BUF support.
On Tuesday the Load Value Injection (LVI) attack was disclosed by Intel and security researchers as a new class of transient-execution attacks and could lead to injecting data into a victim program and in turn stealing data, including from within SGX enclaves. While Intel has publicly stated they don't believe the LVI attack to be practical, one of their open-source compiler wizards did go ahead and add mitigation options to the GNU Assembler as part of the GCC toolchain. Here are benchmarks showing the performance impact of enabling those new LVI mitigation options and the significant impact they can cause on run-time performance in real-world workloads.
Darktable, the open source alternative to Adobe Lightroom, is back with a new feature release — its first update of the year.
Building on the major changes intro’d in Darktable 3.0 last December is Darktable 3.0.1. The new stable uplift adds a further batch of new features, iterative improvements, and other compatibility fixes.
Big thanks to omg! reader Einar who gave me the heads up on this new release. I find it hard to stay on top of half of what’s happening out there in free software land, so all your news tips and article suggestions (even if I can’t get around to writing about them all) are deeply appreciated.
Wasmer 0.16 is released as the newest version of this "universal WebAssembly runtime" for running WebAssembly programs on the desktop that could in turn be written in a number of different programming languages.
Wasmer is one of the leading efforts for providing a WebAssembly run-time on the desktop and leading to great code portability and performance everywhere. Meanwhile Intel, Red Hat, Mozilla, and others continue investing in Wasmtime as a JIT-focused WebAssembly run-time.
It has been close to a year now that I've incorporated my new company, Mergify. I've been busy, and I barely wrote anything about it so far. Now is an excellent time to take a break and reflect a bit on what happened during those last 12 months.
Traefik (which comes pre-bundled with k3s) actually has Let's Encrypt support built-in, so you may be wondering why we are installing a third-party package to do the same thing. At the time of this writing, Traefik's Let's Encrypt support retrieves certificates and stores them in files. Cert-manager retrieves certificates and stores them in Kubernetes secrets. Secrets can be simply referenced by name and, therefore, easier to use, in my opinion. That is the main reason we are going to use cert-manager in this article.
Today I've released Imaginario 0.9. The big feature coming with this new release is a face tagging flow which I believe will be the fastest and simplest you've ever used, despite it being all manual. I even sat down and spent some quality time with Blender to prepare a video to show it off:
I use i3wm with dunst for desktop notifications, but last couple of weeks I missed few meetings due to missed notification bubble from my calendar. I think it’s the new Super Ultra Wide LG monitor that is so huge that I actually miss notifications in the corner. Granted, I could have configured it to appear in the middle of the screen, I wanted some better solution for cases when I am having a coffee or doing something in the kitchen when one arrives. Since I have a smart phone and a smart watch, I thought like rerouting notifications there would be nice.
One Step From Eden from Thomas Moon Kang (developer) and Humble Bundle (publisher) is releasing quite soon on March 26, to get your attention they just released a bunch of new footage.
If you've not seen our previous articles on it, it's a real-time action-strategy game with deck-building. Inspired by some of Megaman Battle Network, the developer decided to fill the void no other game could fill by making one themselves. Combining strategic placement as you move across a board in real-time, you cast spells from your ability cards to take down enemies on the opposite side blending genres together into something unique.
SunRay Games recently announced that their stylish looking 3D puzzle game with an escape-room theme will be releasing soon with Linux support.
Goblinz Studio have now announced that Legend of Keepers: Career of a Dungeon Master will now enter Early Access next week on March 19. Previously they said March without an exact date but it appears this is sooner than they originally planned, as they said that "Early Access has been brought forward".
It's supposed to be like a reverse dungeon crawler, you're the manager of the dungeon and it's your job to prevent heroes getting through your defences. Place traps, hire monsters and watch the turn-based battles when they collide. Goblinz Studio said they were inspired by so many titles to create it including elements of Darkest Dungeon, Slay the Spire, Dungeon Keeper, Final Fantasy, Chroma Squad and more.
From now until the end of March, AMD have cut the price of some popular 3rd Gen Ryzen desktop processors across multiple stores with discounts in many countries.
If you're looking to build a new Linux gaming PC or general Linux desktop, this might just save you some essential funds to perhaps put elsewhere and AMD's Ryzen processors do pack quite a punch in performance. Our current livestreaming rig (follow us on Twitch here) is powered by a AMD Ryzen and it's a real workhorse.
Stadia are now started to finally build up their game collection, as multiple Ubisoft titles will be appearing this month including The Division 2, The Crew 2 and Monopoly as confirmed by Google. Let's have another round-up of news for the Linux-powered game streaming service.
Got the need for speed? Humble Bundle are doing another of their fancy bundles and this time the focus is on racing games with the Humble Just Drive Bundle.
On the Linux side, in terms of numbers it's not a great turnout. Sadly, we just don't have many of the bigger racers supported. I'll note how each game seems to run on Steam Play Proton too, if you want a simple guide for Steam Play Proton—look here.
If you’re a fan of the Arc GTK theme — and there’s a good chance you are as its incredibly popular — you may be concerned to hear that the skin is no-longer in active development.
Indeed, the reader who got in touch with me to point out the theme’s recent code ‘archiving’ tells me there are a couple of major issues affecting the Arc GTK theme when used with the recently released GNOME 3.36, particularly with regards to the message tray/calendar.
But with no active maintainer to work on smoothing out these (and other kinks) could the popularity of this much-loved theme be at risk?
Possible, but it’s not on its own of course.
As we recently reported, the popular Adapta theme is currently shorn of ongoing development. And that’s despite the theme being forked by Google for use in Chrome OS (where it’s used by Linux apps that run in the system’s Linux container tech).
As a product of 6 months of efforts by the GNOME developers, the latest update to this desktop environment is finally here, dubbed as “Gresik” to appreciate the GNOME.Asia 2019 team members.
GNOME certainly needs no introduction as it is one of the most widely-used desktop environments in the Linux world. However, if you’re just getting started with Linux and have yet to stumble upon this software, just know that it’s an easy-to-use desktop environment that you’re going to find with the top Linux-based operating systems, including Ubuntu, Fedora, Debian, and even Kali Linux.
With this update, GNOME is about to get way better, and let’s see just how.
I'm very pleased to announce the new NuTyX 11.4 release.
The 64-bit version contains about 1150 packages upgraded.
The 32-bit version of NuTyX, still actively supported.
In the newest release, base NuTyX comes with the Long-Term Support (LTS) kernel 4.19.108 (4.9.206 for the 32-bit version).
For 64-bit systems,the kernel release 5.5.8 is also available.
Changelogs for the kernels are available here: kernel 4.19.108 changlog kernel 5.5.8 changelog
The gnu c library, glibc, is now glibc 2.30
The graphical server is xorg-server 1.20.7.
The mesa lib is 19.3.4, gtk3 is 3.24.14, and qt has been updated to 5.14.1.
Python interpreters 3.8.2 and 2.7.17 have been included in this release.
The MATE Desktop Environment comes in 1.24.0, the latest version.
The XFCE Desktop Environment comes in 4.14.1, the latest version.
The KDE Plasma Desktop is now 5.18.2, the Framework is now 5.67.0 and applications are now 19.12.3
Available browsers are: firefox 73.0.1, falkon 3.1.0, epiphany 3.34.4, etc
Many desktop applications have been updated as well like thunderbird 68.5.0, Scribus 1.5.5, libreoffice 6.4.1.2, gimp 2.10.18, etc.
5 news ISOs are available.
Calamares 3.2.18 is used on the isos and also kpmcore 4.1. The February release used kpmcore-git. If the March version gives you trouble you can always fall back on the February version. All tests were positive. Encryption should be possible. We have included many more options as you can see in the image below and we will keep adding options.
While Windows and Linux have seen good 802.11ac "WiFi 5" support and these days are focused on 802.11ax "WiFi 6" with the latest wireless chipsets, FreeBSD is still tackling 802.11ac. But the FreeBSD Foundation is prepared to soon begin sponsoring development work on ironing out their 802.11ac support.
Intel has been one of the major hardware vendors ramping up their FreeBSD hardware support and the FreeBSD Foundation has been buying laptops for developers in order to bolster FreeBSD's support on modern laptops. But even with efforts like that and with most FreeBSD installations being on servers, the 802.11ac support has been lagging behind.
In this video, we are looking at the first release of Amarok Linux.
The trust of our customers and partners is the lifeblood of SUSE. This is what has driven our innovation and success over the last 28 years. In the current environment, it is a priority for us to not only maintain, but also grow, this trust and to extend our support.
Over the course of the last month, I’ve heard from many customers and partners who have found their businesses unexpectedly disrupted by the COVID-19 situation. I’d like to take this opportunity to share a personal assurance with all our customers and partners: SUSE remains fully committed to you and your business.
During this time and as always, we are determined to ensuring your mission-critical business is running wherever you may be located. We have established a Business Continuity Committee to ensure you continue to receive outstanding open source innovation, support and services from us.
India was accepted to host the openSUSE.Asia Summit 2020. openSUSE.Asia summit is going to be held for the first time in India, Faridabad.Faridabad is a district of Haryana situated in the National Capital Region bordering the Indian capital New Delhi.
The supporters of openSUSE in India, and of Free/Libre Open Source Software (FLOSS) at large are excited to organize the most awaited openSUSE.Asia Summit event. In this activity, experts, contributors, end users, and technology enthusiasts will gather to share experiences about the development of openSUSE and other things related to FLOSS and have a lot of fun. The venue for the openSUSE.Asia Summit was chosen after being proposed by the Indian community during openSUSE.Asia Summit 2019 in Bali, Indonesia. Finally, the Asian committee decided Faridabad as the host of openSUSE.Asia Summit 2020 from September 25 to September 27, 2020, at Manav Rachna International Institute of Research & Studies, Faridabad.
With this article, I would like to introduce you to my SUSE Hackweek 19 project. If you worked on similar projects or topics, or if you would like to exchange experiences, please feel free to reach out to me.
Linux clothes specialist HELLOTUX from Europe recently signed an agreement with Red Hat to make embroidered Fedora t-shirts, polo shirts and sweatshirts. They have been making Debian, Ubuntu, openSUSE, and other Linux shirts for more than a decade and now the collection is extended to Fedora.
We have successfully migrated the Fedora L10n platform to Weblate, and the previous platform Zanata is at its EOL, and the translation site will be shutdown soon.
It’s necessary for us to migrate all of the required work to the new platform. This will make sure future Fedora releases will not be affected and will be as smooth as before.
Every month, the Fedora Council holds a recorded video meeting where, in addition to normal business, we have a discussion with someone from the community about the area they work on. This month, we’re joined by Aiofe Moloney from Red Hat’s Community Platform Engineering (CPE) team. She walks us through that team’s workflow and plan for interaction with the community, while Matthew reveals secrets of Red Hat’s internal business organization. We also talk briefly about Fedora’s response to COVID-19 and our upcoming event sponsorships and attendance.
Silverblue — a Fedora Workstation variant with a container based workflow central to its functionality — should be an ideal host system for the Quarkus framework.
There are currently two ways to use Quarkus with Silverblue. It can be run in a pet container such as Toolbox/Coretoolbox. Or it can be run directly in a terminal emulator. This article will focus on the latter method.
The plugin will then initialize and spell check your files via yaspeller. It will use the standard .yaspeller.json file for dictionary and settings and automate it for each new commit you work on.
Do you need really serious software-defined storage to handle petabytes of data? Then, Red Hat, with the latest edition of Red Hat Ceph Storage (RHCS), has the technology you need.
RHCS is based on the Nautilus version of the Ceph open-source storage project. It's designed to work on commercial off-the-shelf (COTS) hardware. But, with its ability to handle petabytes of data, you're most likely to use it on data-farms, data-centers, and clouds.
Red Hat Ceph Storage 4 is now generally available. Based on the Nautilus version of the Ceph open source project, Red Hat Ceph Storage 4 delivers simplified, petabyte-scale object storage for cloud-native development and data analytics.
The IBM€® Data Asset eXchange (DAX) is an online hub for developers and data scientists to find free and open data sets under open data licenses. A particular focus of the exchange is data sets under the Community Data License Agreement (CDLA). Since launching the exchange in 2019, the Center for Open-Source Data & AI Technologies (CODAIT) team has been working on steadily adding new data sets to the exchange, as well as resources that help explore these data sets.
IBM and Red Hat have revealed the latest fruit of their tie-up with the announcement of general availability of Red Hat OpenShift on IBM Z and LinuxONE systems.
Red Hat’s OpenShift Container Storage 4 delivers a uniform, persistent storage experience for data-intensive applications in hybrid and multicloud environments. Let's take a look at what differentiates Red Hat OpenShift 4 and why businesses and developers might want to pivot to OpenShift Container Storage.
The appeal of OpenShift Container Storage is that you'll have a uniform set of persistence services for OpenShift applications, independent of the infrastructure on which OpenShift is running.
When speaking about OpenShift Container Storage, we use the term ‘persistence services’ instead of storage services, as OpenShift Container Storage almost always sits above the storage services provided by the infrastructure. So now, with persistence services like multicloud object gateway mirroring, deduplication, encryption, combined with traditional Kubernetes storage classes, we're offering a set of persistence services to the applications running on OpenShift. A uniform set of persistence services.
Red Hat Product Security had a busy year, like many of you most likely did, in 2019. As each year closes we take time to reflect upon all of "the security" we and our subscribers got to interact with throughout the calendar year. We put our findings into the Red Hat Product Security Risk Report and we’re proud to give you readers a quick summary of what we saw and what we did.
The Risk Report catalogues the vulnerabilities that were discovered and patched throughout the Red Hat product portfolio. We provide context to the CVEs that we felt could have the most impact from a real-world risk perspective, as well provide a filter to the fear, uncertainty and doubt that is sometimes sown around high profile vulnerabilities, which in turn introduces additional challenges to your operations.
This release fixes many security vulnerabilities. You should upgrade as soon as possible.
A EUR 500 cash bounty was offered for any evidence of a privacy breach. In our hands, we have a message Lamb himself had sent to somebody outside Debian on 20 September 2018, shortly after a volunteer told him about those personal circumstances. This was no accidental leak by some underling. Lamb had deliberately violated the privacy of a volunteer's family, he did so for a political purpose, he was unrepentant and when the volunteer had the courage to question the matter publicly, Lamb denied it and ridiculed this volunteer. That was a lie to the entire community.
When you consider the effort that this volunteer has contributed over so many years, Lamb's breaches are unacceptable. Since Lamb's actions, there have been an avalanche of privacy leaks and fake news. Could this be the trickle-down impact of poor leadership?
So many people put their trust in the Debian operating system to run their most critical IT infrastructure. A volunteer trusted the DPL when telling him things, he felt transparency was important for us to work together as a team. People in leadership roles sometimes feel that trust gives them the entitlement to behave as they wish. On Sunday, 8 March, Sam Hartman used the Debian Bug Tracking System, his blog, Planet Debian, debian-project and his title as Debian Project Leader to double down on those violations of a family's privacy and also publish gossip, fake news and an accusation of trolling without attempting to provide any credible evidence. It's not good enough.
As promised [1], here is another Bits from the release team. This time, we'll inform you about our updated freeze policy for the bullseye release and our (tentative) freeze dates.
For the bullseye release, we have updated our freeze policy. An up-to-date copy can always be found on our web-site at [2]. There are some changes with respect to the buster freeze policy that we like to mention here (for full details, read [2]).
Last year, FriendlyELEC launched SOM-RK3399 system-on-module (SoM) powered by Rockchip RK3399 hexa-core processor combined with 2GB DDR3 memory, 16to 64GB flash, and a built-in WiFi 5 module. Contrary to most SoM’s on the market, SOM-RK3399 could work in standalone mode thanks to two USB-C ports, although it could also be integrated into a carrier board to create a complete development board with more ports and interfaces.
The company has now introduced an update with SOM-RK3399V2 CPU module with 4GB LPDDR4 RAM, as well as a small change in the layout for the LED’s and buttons, but the rest of the features remain the same.
The company only mentions support for Windows 10 operating system, but I assume Linux should also work on the board depending on drivers’ support.
Late last year, ITEAD launched Sonoff Micro WiFi USB switch that allows you to turn on and off USB powered devices over WiFi using eWelink app for Android or iOS. It integrates with Amazon Alexas and Google Home, and does the job, but people who like to use the open-source Tasmota firmware will be disappointed to learn it’s not based on ESP8266 processor hence not compatible.
No OS support is listed.
[Gui Cavalcanti], whose name you might recognize from MegaBots, got on a call with a medical professional in San Francisco and talked about respirators. The question being, can we design and deploy an open source version in time to help people?
Unnerving reports from Italy show that when the virus hits the susceptible population groups the device that becomes the decider between life and death is a ventilator. Unfortunately they are in short supply.
[KF5N] admits he’s not a digital design engineer; he’s more into the analog RF side of things. But he’s recently taken on a project to communicate between a Ubuntu box and an Intel MAX10 FPGA. He did a presentation at a recent ham radio convention about what he’d learned and how you could get started.
Apparently there are a lot of articles already written on this topic and there is already a shoe-string operations HOWTO seemingly. Strangely enough turnkey solutions exist as well. These are things that normally would never even be considered as being appropriate in the life of the church I normally attend. Having to react to changing circumstances and politicians making things up as they go along means I am having to strike a happy medium as I go especially as I have no budget of any sort.
Development efforts continue. I’m going to have to pull what documentation I can on OBS Studio and study it quickly. Eventually I have to document my efforts for reproducibility.
Plumbers is currently taking place as planned; however, the LPC program committee is actively monitoring the situation with regard to Covid-19. The World Health Organization (WHO) is currently making no projections for the situation at that date, but there is hope that the spread of the disease will slow or stop entirely during the northern-hemisphere summer. Given the uncertainty, we are currently adopting a wait-and-see approach. Rest assured that we’ll be following precautions advised by both the WHO and the local health authorities in Halifax should they still be in effect by the time the conference starts.
In addition to WebAssembly's growing presence outside of the web browser thanks to various desktop run-times and interesting use-cases, WebAssembly is also popping up in other areas. Google has been working on WebAssembly support for extensions within network proxies typically reserved for C/C++ or the likes of Lua scripts.
WebAssembly support has been pulled into their Istio service mesh v1.5 release with WASM extensions in the Envoy service proxy, popular choices for Cloud Native deployments. The Istio 1.5 release notes mention, "Wasm will give developers the ability to safely distribute and execute code in the Envoy proxy – to integrate with telemetry systems, policy systems, control routing and even transform the body of a message. It will be more flexible and more efficient, eliminating the need for running a Mixer component separately (which also simplifies deployments)."
So far another uneventful release on ppc64le; I'm typing this blog post in Fx74. Most of what's new in this release is under the hood, and there are no OpenPOWER specific changes (I need to sit down with some of my other VMX/VSX patches and prep them for upstream). The working debug and optimized .mozconfigs are unchanged from Firefox 67.
Our HOPL paper is done and submitted to the ACM for June 2020 publication in the PACMPL (Proceedings of the ACM on Programming Languages) and presentation at the HOPL 4 conference whenever it actually occurs. PACMPL is an open access journal so there won’t be a paywall preventing people from reading our paper. Regardless, starting right now you can access the preprint at https://zenodo.org/record/3707008. But before you run off and start reading this 190 page “paper” I want to talk a bit about HOPL.
Please meet our newest Friend of Add-ons, Zhengping! A little more than two years ago, Zhengping decided to switch careers and become a software developer. After teaching himself the basics of web development, he started looking for real-world projects where he could hone his skills. After fixing a few frontend bugs on addons.mozilla.org (AMO), Zhengping began contributing code the add-ons code manager, a new tool to help keep add-on users safe.
In the following months, he tackled increasingly harder issues, like using TypeScript with React to create complex UI with precision and efficiency. His contributions helped the add-ons team complete the first iteration of the code manager, and he continued to provide important patches based on feedback from add-on reviewers.
I was interviewed for Matrix Live as part of last week’s This Week in Matrix. I talked a bit about my background and my experiences contributing to Mozilla (as part of Instantbird and Thunderbird projects) as well as what I will be working on for Synapse, the reference implementation for Matrix servers.
Technology companies taking curve-flattening exercises of late has resulted in me digging up my old 2017 talk about working as and working with remote employees. Though all of the advice in it holds up even these three years later, surprisingly little of it seemed all that relevant to the newly-working-from-home (WFH) multitudes.
Thinking about it, I reasoned that it’s because the talk (slides are here if you want ’em) is actually more about working on a distributed team than working from home. Though it contained the usual WFH gems of “have a commute”, “connect with people”, “overcommunicate”, etc etc (things that others have explained much better than I ever will); it also spent a significant amount of its time talking about things that are only relevant if your team isn’t working in the same place.
The first thing users will see after updating to Mozilla's latest browser, Firefox 74, is a prompt to install the Facebook Container add-on.
The Facebook Container add-on is not new, but has been enhanced in its latest version, 2.1.0, with the ability to add custom sites to the container so that you can "login with Facebook wherever you need to".
The purpose of the Facebook Container is to let you continue to use Facebook but without having the social network site track your browsing elsewhere. "Installing this extension closes your Facebook tabs, deletes your Facebook cookies, and logs you out of Facebook," say the docs.
Software developer Stefano Arnone is currently in the process of creating a modern, fully featured Redis Client, which he has made available via Kickstarter, to raise the funds needed to help develop the software. Some of the features and improvements Arnone wants to add include:
– Monitoring tools – Lazy key value loading – Local unix socket connections – Keyboard shortcuts – Real-time key sorting – Support for streams – Support for binary strings – Bulk operations on keys – Improving the tree-view – Improving the overall design of the app – Improving the website especially the documentation section
It's been a bumpy road, but in just three days, LibrePlanet 2020 will continue -- now online-only for the first time, and via a fully free streaming setup. We are excited to hear from our fantastic speakers and connect with the global free software community. Read on to see how you can participate!
Supported by the European Union, the Developer-Centric Knowledge Mining from Large Open-Source Software Repositories (CROSSMINER) project has invested €4.5 million (US$4.9 million) to develop an innovative platform that examines the programming code and interactions surrounding OSS projects.
The new CROSSMINER platform extracts detailed knowledge that assists software engineers in developing and maintaining products and services based on freely available OSS technologies.
The new platform enables major advances in managing software development, such as open source technologies that use innovative and customizable tools for analyzing and monitoring OSS software projects.
A few weeks ago I attended a meeting of the ISO C++ Standards Committee (also known as WG21) in Prague, Czech Republic. This was the first committee meeting in 2020; you can find my reports on 2019’s meetings here (November 2019, Belfast), here (July 2019, Cologne), and here (February 2019, Kona), and previous ones linked from those. These reports, particularly the Belfast one, provide useful context for this post.
This meeting once again broke attendance records, with about ~250 people present. It also broke the record for the number of national standards bodies being physically represented at a meeting, with reps from Austria and Israel joining us for the first time.
The Prague meeting wrapped up the C++20 standardization cycle as far as technical work is concerned. The highest-priority work item for all relevant subgroups was to continue addressing any remaining comments on the C++20 Committee Draft, a feature-complete C++20 draft that was circulated for feedback in July 2019 and received several hundred comments from national standards bodies (“NB comments”). Many comments had been addressed already at the previous meeting in Belfast, and the committee dealt with the remaining ones at this meeting.
The next step procedurally is for the committee to put out a revised draft called the Draft International Standard (DIS) which includes the resolutions of any NB comments. This draft, which was approved at the end of the meeting, is a technically complete draft of C++20. It will undergo a further ballot by the national bodies, which is widely expected to pass, and the official standard revision will be published by the end of the year. That will make C++20 the third standard revision to ship on time as per the committee’s 3-year release schedule.
I’m happy to report that once again, no major features were pulled from C++20 as part of the comment resolution process, so C++20 will go ahead and ship with all the major features (including modules, concepts, coroutines, and library goodies like ranges, date handling and text formatting) that were present in the Committee Draft. Thanks to this complement of important and long-anticipated features, C++20 is widely viewed by the community as the language’s most significant release since C++11.
By most accounts, the freedesktop.org (fd.o) GitLab instance has been a roaring success; lots of projects are using it, including Mesa, Linux kernel graphics drivers, NetworkManager, PipeWire, and many others. In addition, a great deal of continuous-integration (CI) testing is being done on a variety of projects under the fd.o umbrella. That success has come at a price, however. A recent message from the X.Org Foundation, which merged with fd.o in 2019, has made it clear that the current situation is untenable from a financial perspective. Given its current resources, X.Org cannot continue covering those costs beyond another few months.
An updated minor version of the AsioHeaders package arrived on CRAN today. Asio provides a cross-platform C++ library for network and low-level I/O programming. It is also included in Boost – but requires linking when used as part of Boost. This standalone version of Asio is a header-only C++ library which can be used without linking (just like our BH package with parts of Boost).
This release corresponds to a minor upstream update, and is only the second update ever. It may help overcome one santizer warning which David Hall brought to my attention. We tested this version against all reverse depends (which was easy enough as there are only three).The NEWS entry follows.
The GNU Compiler Collection version 9.3 has been released.
GCC 9.3 is a bug-fix release from the GCC 9 branch containing important fixes for regressions and serious bugs in GCC 9.2 with more than 157 bugs fixed since the previous release. This release is available from the FTP servers listed at:
http://www.gnu.org/order/ftp.html
Please do not contact me directly regarding questions or comments about this release. Instead, use the resources available from http://gcc.gnu.org.
As always, a vast number of people contributed to this GCC release -- far too many to thank them individually!
Following last week's release of GCC 8.4, the GCC 9.3 compiler is out in offering the latest fixes to the newer (and current) GCC 9 compiler series.
GNU Compiler Collection 9.3 ships with 157 known bug fixes over the earlier GCC 9.2 point release from last year. The brief GCC 9.3 release announcement can be found on the GCC mailing list. GCC 9.3 is now the latest stable compiler for the GNU toolchain while GCC 10 will be releasing soon as the next feature release.
Structured Query Language (SQL) is a specialized programming language originally developed by IBM in the early 1970s. The language is designed specifically for accessing and manipulating data held in a relational database management system (RDBMS).
Almost all database management systems have a SQL implementation. It is the most popular query language for database administrators, as it provides good functionality, power, and relative ease of use. It is widely used in both industry and academia, often for large, complex databases.
SQL was standardized by the American National Standards Institute (ANSI) in 1986 and has undergone many revisions. The language consists of a data definition language and a data manipulation language. The language is divided into a number of elements: clauses, expressions, predicates, queries, and statements. SQL is one of the easiest languages to learn and use.
Here’s our recommended tutorials to learn SQL. If you’re looking for free SQL programming books, check here.
Remote life isn’t for everyone, and you may find yourself swearing it off entirely after this stint. But please keep in mind: this isn’t normal. If your company sent you home because of COVID-19, chances are you don’t work in a remote-first environment. Which means you aren’t experiencing real remote life.
There is overlap between these three worlds, as well as the differences that I sketched here. Everyone wants good connection security and for weak ciphers and protocol vulnerabilities to be weeded out. Web TLS and non-web public TLS both care a lot about Certificate Authorities being trustworthy, but web TLS has been driving the show on this. There are probably interests and positions shared only by non-web TLS and internal TLS, but I can't think of any right now.
Handling time zones is a pretty messy affair overall, but language runtimes may have even bigger problems. As a recent discussion on the Python discussion forum shows, there are considerations beyond those that an operating system or distribution needs to handle. Adding support for the IANA time zone database to the Python standard library, which would allow using names like "America/Mazatlan" to designate time zones, is more complicated than one might think—especially for a language trying to support multiple platforms.
It may come as a surprise to some that Python has no support in the standard library for getting time-zone information from the IANA database (also known as the Olson database after its founder). The datetime module in the standard library has the idea of a "time zone" but populating an instance from the database is typically done using one of two modules from the Python Package Index (PyPI): pytz or dateutil. Paul Ganssle is the maintainer of dateutil and a contributor to datetime; he has put out a draft Python Enhancement Proposal (PEP) to add IANA database support as a new standard library module.
Ganssle gave a presentation at the 2019 Python Language Summit about the problem. On February 25, he posted a draft of PEP 615 ("Support for the IANA Time Zone Database in the Standard Library"). The original posted version of the PEP can be found in the PEPs GitHub repository. The datetime.tzinfo abstract base class provides ways "to implement arbitrarily complex time zone rules", but he has observed that users want to work with three time-zone types: fixed offsets from UTC, the system time zone, and IANA time zones. The standard library supports the first type with datetime.timezone objects, and the second to a certain extent, but does not support IANA time zones at all.
We are pleased to announce the release of Anaconda Individual Edition (formerly Anaconda Distribution) 2020.02! There are some exciting new features in this release, but first we’ll touch on the name change. Recently, we added a new product to our suite, Anaconda Team Edition, for package management at the enterprise level. We also have Anaconda Enterprise Edition, a full-featured machine learning platform. With these products, it seemed like the natural thing to do to change the name of Anaconda Distribution to Anaconda Individual Edition, to reflect that Anaconda Distribution has always been designed and optimized for individual use.
For some time now, a proposal to change the governance of the Django open-source project has been under discussion and refinement. It was written up as a Django Enhancement Proposal (DEP), and numbered as DEP 10.
Changing the governance of the Django project is not something to do lightly, and not something that could be done lightly. It required the agreement of the Django core team, the Django Technical Board, and the Board of Directors of the Django Software Foundation. All of those groups have now held their deliberations, and voted to accept DEP 10.
In the coming weeks, implementation of DEP 10 will start in earnest, but today it's worth giving a quick summary of what's changing and why. For the full details you can also read the DEP (though keep in mind it's a governance document that tries to be as precise as possible and cover a lot of potential edge cases, and so is a bit long-winded and dry).
As you probably already know, the Coronavirus is spreading throughout Europe and we wanted to give you an update on our current plans around on the situation. We will update this blog post as new information becomes available.
With a month until PyCon US 2020’s scheduled start, the #EuroPython 2020 and #COVID19 : "As you probably already know, the Coronavirus is spreading throughout Europe and we wanted to give you an update on our current plans around on the situation." https://blog.europython.eu/post/612393987829039104/europython-2020-and-covid-19
Software Foundation Board and Staff are working through our options for PyCon US 2020, and will keep you updated as decisions are made.
In the meantime, remember that PyCon US will refund any tickets with no questions asked. You do not need to commit to travel to PyCon US at this point in time if you do not want to.
I'm pleased to announce that uarray is participating in GSoC '20 as a sub-organization under the umbrella of the Python Software Foundation. Our ideas page is up here, go take a look and see if you (or someone you know) is interested in participating, either as a student or as a mentor.
If you haven't seen my earlier posts on the subject, Rich is a terminal rendering framework for Python. It lets you render styled text and a whole bunch of other things (markdown, syntax, tables, tracebacks, etc.) to the terminal.
This latest addition to the lib renders progress bars with additional information such as percentage completed, time remaining, data transfer speed etc. It's highly configurable, so you can customize it to show whatever information you like. And since it's implemented as a Rich renderable, you can easily add color and formatting.
Python programming language is applied in so many areas of computer technology, i.e., Scripting, GUI development, Website development, Artificial Intelligence (AI), Machine Learning, Data Science, Computer Networking, and Network Automation, and Cyber Security.
We have many integrated development environment Python IDEs’ in the market today. All have different qualities and features. For example, some specifically run on Linux systems. Others are Windows-based, while others are cross-platform and can run on both Operating Systems. In this post, we are going to look at Python IDEs’ for Linux systems.
The Rust team is happy to announce a new version of Rust, 1.42.0. Rust is a programming language that is empowering everyone to build reliable and efficient software.
The previous newsletter introduced Visage, a new JavaScript frontend we’re working on that’s written in Rust. Visage has since been renamed to SmooshMonkey, a name that’s known and well accepted by the JavaScript community (#SmooshGate). After a dinner and discussions with project members, it got authoritatively renamed by speaking about it at the All-Hands.
Horror movie specialist Blumhouse Productions has carved its niche weaving cogent themes of socio-political insight through popcorn movies. It has enjoyed a number of blockbuster successes including Jordan Peele’s Oscar-winning “Get Out,” which explores racial tensions and traumas; and more recently Leigh Whannell’s “The Invisible Man,” in which a woman grapples with gaslighting and domestic abuse by an invisible ex, highlighting MeToo-era realities.
Many universities have begun to teach online amid concerns that traditional classes could spread the coronavirus. Yale-NUS lecturer Catherine Shea Sanger explains how it can be done quickly and effectively
We all know webcam zombies—people who may look normal walking down the street, but who, when they sit in front of a webcam for a videoconference, look ghastly. This issue is coming up more frequently as more people work from home or work remotely, and haven't thought about how they look onscreen.
The problem could be the lighting. It could be their sloppy clothing choices. It could be the junk piled in the background that you’d just as soon not see. In any case, they look like someone you’d rather avoid than engage in a web chat.
I didn’t know I was one, until a colleague sent me a screenshot of how I looked online (see above). Yeah, pretty horrifying. I knew I couldn’t keep that look and also keep my clients.
"Heaven forbid they miss a chance to bankrupt sick people."
State Duma deputy Sergey Katasonov recently returned from France without disclosing the trip or self-isolating for two weeks, as required to prevent the spread of coronavirus. This information comes from Vladimir Zhirinovsky, the head of Katasonov’s political party, who says he was informed “by Sheremetyevo [airport].”
Every day without full transparency means we are less prepared and more vulnerable.
Community resilience that emerges in response to the coronavirus crisis may become models to overcome the innate crisis of social isolation under capitalism.
A federal directive that’s supposed to speed up the response to a pandemic is actually slowing down the government’s rollout of coronavirus tests.
The directive, issued by the U.S. Food and Drug Administration, requires that the Centers for Disease Control and Prevention, a sister agency, retest every positive coronavirus test run by a public health lab to confirm its accuracy. The result, experts say, is wasting limited resources at a time when thousands of Americans are waiting in line to get tested for COVID-19.
As the number of coronavirus cases in the United States passes 1,300 cases with 38 deaths, more than 30 million workers lack access to paid sick leave. President Trump addressed the nation Wednesday night, saying he will expand sick leave as part of emergency response to the virus. But the same day, Republican senators blocked an attempt by Senate Democrats to quickly pass legislation requiring employers to grant paid sick leave. Meanwhile, Democrats in the House of Representatives will debate a package of bills Thursday to give workers 14 days of paid sick leave and up to three months of paid family and medical leave. Labor Department data says that one in four workers have no access to paid sick leave, including two-thirds of lowest earners. The U.S. is one of the only wealthy countries that does not require employers to offer its workers paid sick leave. We speak with Elise Gould, senior economist at the Economic Policy Institute; Donna Lieberman, executive director of the New York Civil Liberties Union; and economist Robert Pollin, co-director of the Political Economy Research Institute at the University of Massachusetts Amherst.
In a prime-time televised address so filled with blatant errors that fact-checkers and the White House struggled to keep up and correct the record, President Donald Trump Wednesday night claimed that major U.S. insurance companies “have agreed to waive all copayments for coronavirus treatments” as the disease rapidly spreads across the nation.
Which brings us to President Donald Trump’s speech last night on the new coronavirus.
In the United States, tens of millions of people are at a much greater risk of getting sick from the coronavirus than others. The most vulnerable among us do not have the option to comply with suggestions to stay home from work or work remotely. Most low wage workers do not have any paid sick days and cannot do their work from home. The over two million people in jails and prisons each night do not have these options nor do the half a million homeless people.
Donald Trump’s proposal to cut the payroll contribution rate is a stealth attack on Social Security. Even if the proposal were to replace Social Security’s dedicated revenue with deficit-funded general revenue, the proposal would undermine this vital program.
It started as a joke: Before leaving a post-practice interview session Rudy Gobert touched all the tape recorders that were placed before him on a table, devices that reporters who cover the Utah Jazz were using during an availability with him on Monday before a game with the Detroit Pistons.
The number of people in Russia who have tested positive for the coronavirus has now reached 34, following news of six new cases reported by a federal task force. The new infections include four cases in Moscow, one in Kaliningrad, and one in the Krasnodar region.
Effective at midnight on March 13, Russia is imposing a temporary ban on all travel into the country by Italian nationals and other foreigners arriving from Italy.
This week, the global coronavirus crisis officially became a U.S. economic crisis. Monday saw the Dow’s worst single-day drop in history —€ 2,013 points — and markets continued to convulse at the opening Thursday to the point trading was temporarily halted following a steep drop. It is evident a broad economic contraction, affecting everything from hospitality to shipping, is compounding rising anxiety over the COVID-19 pandemic.
Emboldened by the citizenry’s inattention and willingness to tolerate its abuses, the government has weaponized one national crisis after another in order to expands its powers.
The Latest on the world’s coronavirus pandemic...
After downplaying the threat of coronavirus for days, President Donald Trump addressed the nation Wednesday from the Oval Office, calling COVID-19 a “foreign virus” and announcing an unprecedented travel ban from most of Europe to the U.S. He also said he will expand sick leave. This comes as Senate Republicans blocked paid sick leave legislation. Robert Pollin, distinguished university professor of economics and co-director of the Political Economy Research Institute at the University of Massachusetts Amherst, says the lack of universal healthcare in the U.S. is exacerbating the coronavirus crisis due to “the absurdity that people cannot feel confident that they are going to get medical treatment” when they need it most. In 2018, Pollin co-authored a paper titled “Economic Analysis of Medicare for All.” His forthcoming book, co-authored with Noam Chomsky, is The Climate Crisis and the Global Green New Deal: The Political Economy of Saving the Planet.
If the possibility of a global pandemic is real, how could anyone question the urgency of government investment in the development of a vaccine and then making it universally available?
The state funding may cover monitoring, lab testing, contact tracing and infection control. An additional $15 million will be set aside in a coronavirus response fund and can be appropriated later. The legislation also will authorize the the state to spend up to $50 million in federal coronavirus funding.
Dr. Griffin spoke with Rolling Stone just minutes before the Live Nation/AEG announcement to explain why concerts should be canceled for now as COVID-19 spreads – and why music fans shouldn’t attend them if the shows go on.
When Covid-19 came around, Singapore was, it seems, ready. Along with Hong Kong, Taiwan, Japan, and South Korea, Singapore instituted strict travel controls and protocols for identifying sick individuals—to get them help as well as to find the people they’d been in contact with. The Singaporean government posted detailed accounting for how many people had been tested for the virus, and the locations and natures of those people’s social contacts. All these governments instituted strict social distancing measures, like canceling events, closing schools, and telling people to stay home. As a result (at least in part), all have lower numbers of infected people and lower fatalities than China or Italy, proportionately. They “flattened the curve,” as public health experts now say—lowering a probable spike of infections, perhaps pushing that surge of seriously ill people further out in time so that health care systems don’t get overburdened.
The death toll from an outbreak of coronavirus in Italy has jumped in the last 24 hours by 189 to 1,016, a rise of 23 percent, the country's Civil Protection Agency said on Thursday.
The total number of cases in Italy, the European country hardest hit by the virus, rose to 15,113 from a previous 12,462, an increase of 21.7 percent.
The World Health Organization (WHO) declared the outbreak a pandemic as Italy tightened its strict quarantine and the United States imposed a ban on flights to Europe.
More than 4,613 people have died and over 126,000 have been infected globally, according to the WHO. About 68,000 victims have recovered, according to Johns Hopkins University, which is tracking the virus.
Apple has told its employees worldwide not to discourage but not recommend to consumers at its retail stores to physically try on an Apple Watch or in-ear AirPods, that in an effort to cut down on the spread of coronavirus, according to a published report Wednesday.
Like hundreds of thousands of people across the world, the super-rich are preparing to self-isolate in the face of an escalation in the coronavirus crisis. But their plans extend far beyond stocking up on hand sanitiser and TV boxsets.
As the new coronavirus continues to spread, many people used to working in an office face a new sudden reality: working from home. Instead of interacting with the co-workers whose rhythms and foibles you’ve learned over time, you might find yourself listening in on your partner’s calls. Or trying to chime in on an important conference call while your kid whines for an ice cream sundae at 9 a.m. Even if COVID-19 isn’t in your area, the situation is so fluid that quarantines and strict social distancing measures may soon come your way.
There have been 596 confirmed cases across the country, but health officials have said they believe the actual number of people infected could be between 5,000 and 10,000.
Alluxio 2.2 became generally available today in an open source community edition, as well as an enterprise edition. The San Mateo, Calif.-based vendor is grouping its new capabilities under the name Structured Data Service and extends the existing Alluxio platform capabilities to better enable data pipelines. Data catalog functionality, in particular, has become an increasingly necessary capability for organizations as they attempt to make disparate sets of data available to the business for analytics and business intelligence use cases.
The Linux Foundation said today it has agreed to house the “internet of things” device firmware effort of Project OWL, which aims to create a mesh network of open source devices called “DuckLinks” that can be used to establish an Internet connection during emergency situations.
One of the worst things about being in a disaster zone is that communication links tend to fall apart, and that can cause major headaches for both first responders and anyone who is in trouble and needs help.
Project OWL, which stands for Organization, Whereabouts and Logistics, says its DuckLinks are Wi-Fi-enabled devices that can be deployed rapidly in disaster areas to help re-establish connectivity and facilitate communications for emergency workers. The water-resistant devices, which can be either solar- or battery-powered, work by creating a local area network that powers up a Wi-Fi captive portal using low-frequency Long-range Radio, or LoRa. LoRa has a range of around 10 kilometers, which is greater than standard cellular networks.
Security researchers are warning that networking hardware vendor Zyxel and its Cloud CNM SecuManager software is chock-full of unpatched vulnerabilities that kick open the doors for hackers to exploit. In all, researchers have identified 16 vulnerabilities, ranging from multiple backdoors and default credentials to insecure memory storage.
A Dutch researcher claimed Google’s very first annual Cloud Platform bug-bounty prize, for a clever container escape exploit.
Google has awarded its inaugural annual top prize for the Google Cloud Platform (GCP), for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter Maat.
Are you running a security scanner? It seems like everyone is doing it, maybe it’s time to get with it. It’s looking like automated security scanning is the next stage in the long winding history of the security industry. If you’ve never run one of these scanners that’s OK. I’m going to explain what they are, how they work, how we’re not using them correctly, and most importantly, what you can do about it. If you are running a scanner I’m either going to tell you why you’re doing it wrong, or why you’re doing it REALLY wrong. If you’re a vendor who builds a security scanner I assure you I understand there is a high probability I am indeed an idiot and don’t know what I’m talking about. I’m sure everything will be fine.
Automated scanning IS changing the world, but right now it’s not changing it for the better, it’s currently the security industry version of lead paint. The technology is still REALLY new, so it’s important we have proper expectations and work together to make things better. One of the challenges with new technology is understanding what you have now, and more importantly understanding what you need next. Like any tool, if you use it wrong it can make things worse than doing nothing at all. Let’s talk about how to make things better.
If you’ve never seen the sort of report an automated scanner generates you should probably consider yourself lucky. The best way to describe these reports is if you had a 10 page report that wasn’t very good, then you made 100 copies of every page, shuffled them around a bit and stapled it all together. There are some useful findings in the report, but they’re really hard to find. Expecting anyone to parse a 1000 page report for one or two findings has a terrible return on investment. It’s even less helpful if you send the report to someone else with unrealistic demands, such as requesting they fix all of the findings. By Friday. If you didn’t read the report, why should they?
This post is the first part in a series on automated security scanners. I explain some of the ideas and goals in the intro post, rather than rehashing that post as filler, just go read it, rehashing content isn’t exciting.
There are different kinds of security scanners, but the problem with all of them is basically the same. The results returned by the scanners are not good in the same way catching poison ivy is not good. The more you have, the worse it is. The most important thing to understand, and the whole reason I’m writing this series, is that scanners will get better in the future. How they get better will be driven by all of us. If we do nothing, they will get better in a way that might not make our lives easier. If we can understand the current shortcomings of these systems, we can better work with the vendors to improve them in ways that will benefit everyone.
If you just showed up here, go back and start at the intro post, you’ll want the missing context before reading this article.
The first type of scanner we’re going to cover are source code scanners. It seems fitting to start at the bottom with the code that drives everything. Every software project has source code. It doesn’t matter what language you use. Some is compiled, some interpreted, it’s all still source code. The idea behind a source code scanner is to review the code a human wrote and find potential security problems with it. This sounds easy enough in theory, but it’s extremely difficult in practice.
Strongly typed languages like C, C++, and Java lend themselves to code scanning. An oversimplified explanation would be a strongly typed language is one where a named variable has to be a certain type. For example if I have a variable named “number” that is a number, I can’t assign a string to it. It can only be a number.
Weakly typed languages, such as JavaScript and Python are incredibly difficult to properly scan. These are languages where I can assign the string “potato” to my variable named “number”. While weakly typed languages offer great flexibility to developers, they are a nightmare for code scanners.
If you just showed up here, go back and start at the intro post, you’ll want the missing context before reading this article.
In this post we’re going to talk about a newer type of scanner called a composition scanner. The idea here is when you build an application today it’s never just what you wrote. It also includes source code from a large number of other sources. Usually these other sources are open source.
A composition scanner will look at your project, specifically the things you didn’t write, and attempt to alert you if you are including components that have known security vulnerabilities. It’s very common to not upgrade the open source we put into our projects. Upgrading is hard and can break things, so doing nothing is easier most of the time. Composition scanners let us see what’s hiding in the depths of our project, sometimes it isn’t very pretty.
An easy example we can use is if you are including OpenSSL code in your application. Do you know if the version of OpenSSL you are using is still vulnerable to Heartbleed? You probably can’t say for certain if this is true or not, but a composition scanner probably can.
An overwhelming majority of medical imaging devices are running on old operating systems with little-to-no ability to receive crucial software updates, according to a new report. It’s a small piece of the larger security problem plaguing internet-connected devices.
That’s according to new research from enterprise security firm Palo Alto Networks which analyzed more than 1.2 million devices stationed across thousands of healthcare institutions in the U.S. The 83% of imaging devices running on outdated platforms represents a large uptick from the 56% figure reported in 2018.
Imaging devices run on a wide variety of operating systems, such as Linux and Unix, but much of the jump seen over the past few years is attributable to the Windows 7 operating system reaching its end of life, the report authors noted. And these vulnerable in radiology equipment may open the door for criminals to attack the wider healthcare field.
A day after researchers declared Linux having more vulnerabilities than Windows, Google now makes a free tool to be used by Linux systems to avoid potential USB keystroke attacks. The software would be running background to monitor any suspicious activities from a plugged USB, and notify a user about potential attacks. This was published by Google in its GitHub for Linux PCs.
Here are the biggest breaches to hit the UK in recent years.
The House voted to renew domestic spying tools that expire in four days, overcoming opposition from an array of factions within both parties, in an attempt to wrap up legislative business before leaving town later this week as fears mount over the spread of the novel coronavirus.
Rather than addressing the promising path forward provided by the new Treaty for the Prohibition of Nuclear Weapons to finally ban the bomb, the U.S. launched a new initiative.
Moments after the arrests, MBS ordered the kingdom's princes to tweet their loyalty to him. Three of them have already done so.
President Donald Trump has been comprehensively misinforming the public about the coronavirus.
Trump has littered his public remarks on the life-and-death subject with false, misleading and dubious claims. And he has been joined, on occasion, by senior members of his administration.
We've counted 28 different ways the President and his team have been inaccurate. Here is a chronological list, which may be updated as additional misinformation comes to our attention.
A panel of economic experts brought this message to a handful of senators on Capitol Hill during a March 12 hearing convened by the Senate Democrats’ Special Committee on the Climate Crisis. This hearing on the economic risks of climate change delivered a clear warning that continued inaction on climate will result in enormous economic and societal€ consequences.€ € €
In all major markets from the US to Europe, China, India and Australia, it already costs less to generate power from installing new wind or solar farms than new coal plants, the latest study from think tank Carbon Tracker found.
And it could be cheaper to generate electricity by building new renewable facilities than to run existing coal-fired power stations in all markets by 2030, the researchers predict.
Already, four fifths (82%) of the UK’s remaining 12 gigawatt of operating coal power costs more than new renewables, Carbon Tracker said.
The sell-off bludgeoning financial markets around the world got even worse Thursday as the economic pain caused by the coronavirus became more painfully clear. Worries are rising that the White House and other authorities around the world can’t or won’t help the weakening economy soon.
The owner of some of the UK's biggest shopping centres, Intu, has said there are doubts that it can survive unless it raises extra funds. Its comments came as the firm - which owns Manchester's Trafford Centre and the Lakeside complex in Essex - reported a €£2bn loss in 2019. The weakness in the retail sector meant Intu wrote down the value of its shopping centre sites by nearly €£2bn. Intu will try to raise extra cash after an earlier plan to raise €£1bn failed.
Shares around the world have plunged after central bank actions aimed at cushioning the blow from coronavirus did little to appease investors. At the start of US trading, shares plunged triggering an automatic temporary suspension in trading aimed at curbing panicky selling. The main US and UK share indexes were both 9% lower, with European markets facing their worst ever daily loss. The initial falls came after the US restricted travel from mainland Europe.
At the time of this post, Bitcoin has wiped out all of its 2020 gains (about $30 Billion... gone!) and brought other major cryptocurrencies including ethereum, Ripple’s XRP, bitcoin cash, and litecoin, down ï¸Âwith it. ãâ¬Â½Ã¯Â¸Â
One of the many things that were promised with cryptocurrency was its independence from market conditions and it being a no-brainer asset to invest in times of greater risk and uncertainty. But that is not the case, Bitcoin's sudden sell-off was triggered by the oil crash caused by OPEC members (mainly Russia) messing-up on production cuts agreements.
We know what triggered the sell-off of Bitcoin but what really caused the sudden steep sell-off is because of PlusToken, a Ponzi scheme that swept China and Korea with $2 billion worth of bitcoin and other cryptocurrencies stolen from investors. And those scammers have been liquidating over $100 millions worth of B**coin.
Asia's stock markets were hammered on Friday as panic gripping world financial markets deepened and even safe-haven assets such as gold and bonds were ditched to cover losses in the wipeout triggered by fears of the economic losses caused by the spreading coronavirus pandemic.
Japan's Nikkei plunged 10 percent while Australia's benchmark fell as much as 7 percent and is on track for its worst week on record.
As Joe Biden’s chances of clinching the Democratic nomination continue to rise, environmentalists are absorbing the possibility that they may eventually be faced with the challenge of trying to exert pressure on a nominee with deep ties to the fossil fuel industry.
In the week since his strong showing on Super Tuesday, Joe Biden has collected a raft of new labor union endorsements. As voters in more states head to the polls, it is worth remembering that Biden launched his campaign with a fundraiser co-hosted by the head of an anti-union law firm.
The Democratic presidential nomination race is a fascinating case study in how power works – not least, because the Democratic party leaders are visibly contriving to impose one candidate, Joe Biden, as the party’s nominee, even as it becomes clear that he is no longer mentally equipped to run a local table tennis club let alone the world’s most powerful nation.
There really wasn’t that much doubt about this. Bernie Sanders’ 2020 run sure looked good at the beginning and was catching some serious fire early on. Many people actually dared to believe that this time, he could actually win. But just before “Super Tuesday” it became crystal clear that the establishment Dems were having none of that heat since they – and we – knew that, if Bernie won the nomination, and thus quite plausibly the election, the first burn casualties would be their hold on the Party. This was definitely not going to be allowed, so one by one the remaining challengers were corralled into dropping out of the race and shifting their support to the cognitively compromised Joe Biden. A man who a week ago mistook his sister for his wife, whose regular incoherence was well-documented, and of whom Elizabeth Warren said was “a big risk” because “[n]ominating a man who says we do not need any fundamental change in this country will not meet this moment.” She was right. Reading this morning’s news (about Super Tuesday 2) it is apparent that, as Bernie undergoes a slow fizzle through the remaining primaries, that this movement to gather the wagons around Biden will get€ him€ the nomination, sustaining the Clintonite, neo-liberal hold on the Democratic Party for a little bit longer, and most likely guaranteeing Trump’s second term. There was another movement, though, very different but certain to grow. Sanders captured more than just the imagination of many voters, he kindled their yearning for something better, something more than what the Dems or the Republicans offered.
After disappointing results in primary contests held in six states on Tuesday, Sen. Bernie Sanders held a press conference in his hometown of Burlington, Vermont on Wednesday to offer a “campaign update” and said that while the delegate math to win the Democratic presidential nomination is not in his favor, he intends to stay in the race at least through this Sunday’s one-on-one debate with frontrunner Joe Biden.
The Sanders movement, the DSA (Democratic Socialists of America), the BLM (Black Lives Matter) and BAR (Black Agenda Report) types, the post Occupy Wall Street activated (over-indebted under-employed college educated), the anti-ICE pro-immigrant Latinos (mostly) and Muslims, the anti-pipeline and American Indian and sacred land environmentalists, the anti-gig-slavery pro-upping-the-minimum-wage all-hours ‘flexible’ contingent laborers, and the downwardly mobile climate change and school massacre enraged children of Boomers, are all by and large YOUNG PEOPLE.
Sanders represents a foreign policy where the US does not lead by throwing around its military and economic might to the misfortune of Americans and others across the globe, but works in collaboration to create a more democratic and just world.
Who needs Russian interference in the American Presidential race when the Clintons, Obama, MSNBC, CNN, the NYT, The Atlantic and their numerous henchmen/women are covertly and overtly interfering in the Democrat’s Presidential election?
Trump and his enablers are focused only on mitigating the economic consequences of the outbreak, especially before the election – mulling proposals like corporate tax cuts and bailouts for airlines and the hotel industry, but resisting the needs of average Americans and our broken healthcare system.€
The people criticizing the€ amendment don’t love Russia. The attacks on Tereshkova are attacks on our country because she has introduced a plan that will make Russia stronger. Vladimir Vladimirovich [Putin] is the rod keeping the Russian Federation upright. Internally, Putin can’t let himself just wash his hands of the whole thing and say, “I’m out.” He picked up Russia at a point of no return and took on a responsibility that will stay with him for life. Polling shows that the citizenry supports him, and their opinion shouldn’t be neglected because Putin should have the right to another election. Popular opinion has always been important to the president, and that’s exactly why he didn’t agree to an automatic extension of his authority. The Constitutional Court’s opinion should be affirmative because they must respect the people’s choice. A ban on current presidents running again is a destabilizing factor. Oil and gas prices may fall, but our true resource is Putin, and we must protect him.
The legislative assemblies in more than two-thirds of Russia’s constituent territories have voted in favor of legislation that would introduce sweeping new amendments to the nation’s Constitution. The support of at least as many constituent territories is a constitutional requirement (stated in Article 136) for any amendments to Russia’s Constitution.€
Donald Trump and the massive propaganda apparatus around him — call them "TrumpLand" — cannot decide what lie to tell about the new coronavirus, COVID-19, that is now exploding into a global pandemic. Simply not lying is of course not an acceptable option. The unofficial motto of the Trump administration is quite clearly "Lie about everything, all the time, even for no apparent reason." In this case, Trump is facing a very real PR crisis, and the first instinct of this president and his advocates is always to find some way to lie themselves out of their latest pickle.
The problem this time, as many people have noted, is that you can't lie your way out of a pandemic. Even China, which is an authoritarian one-party state that lies to its population constantly about everything, was unable to bamboozle the public about the virus. (And the epidemic there appears to be receding.) Trump, still saddled with a free press, is stuck snarling "Fake news!" at CNN's Jim Acosta, when the latter pointed out that Trump's lies conflict with the statements of health experts.
"Now is the time to come together with love and compassion for all, including the most vulnerable people in our society."
"Tom Cotton is still using this as a way to build support for a war against China."
"The coronavirus is a global crisis, not limited to any continent, and it requires cooperation rather than unilateral action."
"Unless people are free to stay home, we're flirting with disaster."
"Coronavirus makes clear what so many working Americans already know: our healthcare system is broken."
"We live in a world where 33% of Americans put off medical treatment last year, and we have $1,133 expense just for testing for the coronavirus."
Porter continued, “We live in a world where 40 percent of Americans can’t even afford a $400 unexpected expense. We live in a world where 33 percent of Americans put off medical treatment last year, and we have $1,133 expense, conservatively, just for testing for the coronavirus.”
The congresswoman then turned her attention to the Centers for Disease Control and Prevention (CDC) Director Robert Redfield and asked, “Do you want to know who has the coronavirus and who doesn’t?”
“Yes,” Redfield replied.
“Not just rich people, but everybody who might have the virus?” Porter asked.
“All of America,” Redfield replied.
Porter then pointed to specific federal regulations that give the CDC director the power to authorize government payments for “the care and treatment of individuals subject to exam and quarantine, isolation and conditional release.”
Whatever the true nature may be of the twisted relationship between President Trump and Russian President Vladimir Putin, this much is clear: As the world economy teeters, reeling from the dystopian implications of the coronavirus, Putin has decided this is a good time to stick a shiv deep into the heart of Trumpland by starting an oil-price war that could well decimate the oil-and-gas industry in places like Colorado, North Dakota, and Texas. As Trump groupie Senator Lindsay Graham reportedly told Trump and administration officials, “the Russians are trying to break the back of the American shale oil industry.”
Within minutes after the speech was over, it became clear that not only had Trump misstated his own plan, but that the entire idea — particularly the U.K. exemption — makes no sense whatsoever. Apparently had not consulted with European allies or affected industries.
Under federal law, a recalcitrant witness can only be jailed for civil contempt if there is a reasonable belief that incarceration will coerce the witness into testifying. If the jail time has no coercive effect and is purely punitive, the recalcitrant witness is supposed to be released.
Manning’s lawyers filed a request for her release last month, arguing her detention was unlawfully punitive with no purpose because she would not testify under any circumstances.
A judge has ordered the release of former US Army analyst Chelsea Manning from a Virginia jail. Manning has been imprisoned since May 2019 for refusing to testify before a grand jury.
Ms. Manning, 32, is currently recovering, according to her lawyers, who did not say how Ms. Manning tried to kill herself while at a detention center in Alexandria, Va., where she has been held since May.
Former US army intelligence analyst and Wikileaks source Chelsea Manning has been released from prison.
Manning was remanded for refusing to testify in an inquiry into Wikileaks. She had been held in a detention centre in Virginia since last May.
She was scheduled to appear in court on Friday, but the judge ruled that it was no longer necessary for her to testify.
Manning was found guilty in 2013 of charges including espionage for leaking secret military files to Wikileaks.
She accrued more than $250,000 (€£198,000) in fines for refusing to co-operate with the inquiry. Her legal team had asked for these to be vacated, but the judge said they must be paid in full.
On Wednesday, March 11, 2020, Chelsea Manning attempted to take her own life. She was taken to a hospital and is currently recovering.
Ms. Manning is still scheduled to appear on Friday for a previously-calendared hearing, at which Judge Anthony Trenga will rule on a motion to terminate the civil contempt sanctions stemming from her May, 2019 refusal to give testimony before a grand jury investigating the publication of her 2010 disclosures.
In spite of those sanctions — which have so far included over a year of so-called “coercive” incarceration and nearly half a million dollars in threatened fines — she remains unwavering in her refusal to participate in a secret grand jury process that she sees as highly susceptible to abuse.
Manning has been in jail since May 2019, when she refused to testify in a grand jury investigation into Julian Assange.
Imprisoned activist and former Army intelligence analyst Chelsea Manning attempted suicide on Wednesday in the Alexandria, Virginia, jail where she’s been held for a year following her refusal to testify before a federal grand jury investigating WikiLeaks.
Manning’s legal team confirmed the incident in an statement to Gizmodo. She is currently in the hospital and is recovering, they said. Manning was scheduled to appear before a judge on Friday regarding a motion to terminate the sanctions she’s faced for refusing to testify.
Today marks 365 days of incarceration of Chelsea Manning, with around $256000 in fines. She has not been charged for any crime.
At home, Py (daughter) wanted to know why her Wonder Woman is still in the dungeon? We had to explain Grand jury subpoena to her in simple terms and explain that her Wonder Woman aunty is resisting it, even though that means she is in a dungeon (where most good people go when they fight for truth against the big powers of the world). Py now wants to go to USA and meet Chelsea. The other day, Py also declared that after growing up she will fight for others and go to dungeon just like Chelsea.
Chelsea spoke about her believes and principles again and again, and why did she feel that leaking the war crimes to the world was her duty. By the same principles, she is standing up to the secret hearings of grand juries now. Everyone knows that there is good reason to put her back into the prison system, but the government still did that.
The International Bar Association’s Human Rights Institute (IBAHRI) condemns the reported mistreatment of Julian Assange during his United States extradition trial in February 2020, and urges the government of the United Kingdom to take action to protect him. According to his lawyers, Mr Assange was handcuffed 11 times; stripped naked twice and searched; his case files confiscated after the first day of the hearing; and had his request to sit with his lawyers during the trial, rather than in a dock surrounded by bulletproof glass, denied.
[...]
IBAHRI Co-Chair, the Hon Michael Kirby AC CMG, commented: ‘The IBAHRI is concerned that the mistreatment of Julian Assange constitutes breaches of his right to a fair trial and protections enshrined in the United Nations Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment, to which the UK is party. It is deeply shocking that as a mature democracy in which the rule of law and the rights of individuals are preserved, the UK Government has been silent and has taken no action to terminate such gross and disproportionate conduct by Crown officials. As well, we are surprised that the presiding judge has reportedly said and done nothing to rebuke the officials and their superiors for such conduct in the case of an accused whose offence is not one of personal violence. Many countries in the world look to Britain as an example in such matters. On this occasion, the example is shocking and excessive. It is reminiscent of the Abu Grahib Prison Scandal which can happen when prison officials are not trained in the basic human rights of detainees and the Nelson Mandela Rules.’
The treatment of Wikileaks founder Julian Assange during the hearing into a US extradition request has come under fire from a body representing the global legal profession. In a statement today, the International Bar Association’s Human Rights Institute (IBAHRI) condemns among other alleged abuses the refusal of Assange’s request to sit with his lawyers rather than in the dock of Westminster Magistrates’ Court.
According to his lawyers, Assange was 'handcuffed 11 times; stripped naked twice and searched', the IBAHRI says. Assange’s case files were also confiscated after the first day of the hearing, which will decide whether Assange will be extradited to the US, where he is wanted on 18 charges of attempted hacking and breaches of the 1917 Espionage Act. Proceedings began last month, were adjourned after four days, and are set to resume on 18 May.
I have long deplored the ever burgeoning number of party political hacks – of every political party – which the poor long suffering taxpayer has to stump up for. I recommend the excellent book The Triumph of the Political Class by Peter Oborne, on this and other subjects. There is an ever increasing rise in the number of SPADS. In addition, the offices of members of various parliaments are comfortably staffed both at parliament and in the constituency. Various individuals and groupings have taxpayer-funded but party appointed “Chiefs of Staff”. I have always viewed “Short money” as a constitutional abomination – the state, the poor taxpayer, should not be paying for political party machines. If the members of a party, any party, wish to try to impress their views on voters and to establish themselves in lucrative office, then the party members should fund their activity themselves. The Short money system pays for party HQ staff and machinery according to electoral success, and thus helps cement the establishment. Furthermore, there can be friction between taxpayer funded party appointees and the civil servants they work with – when I worked within the FCO, we career civil servants found SPADs an ill-informed nuisance. Plus the political patronage system can be open to abuse – remarkably, two SNP political appointees on the books of the Scottish civil service, paid for by the Scottish taxpayer, have recently without changing jobs been bumped up two whole pay grades on their taxpayer funded salary, a happening unavailable to ordinary civil servants.
In a recent column in the Saudi Al-Watan daily titled "The Arab Woman Is Not Qualified To Head a Country," journalist Mansour warned against the possibility of a woman president for one of the Arab countries. Arguing that women's physiological changes, including menstruation, estrogen deficiency, or problems during pregnancy are likely to adversely affect her judgment and cause her to make irrational decisions, he said that this could lead to damage to the country's foreign relations and perhaps even the bombing of a neighboring country. If women in Arab countries gain their rights and take positions in government, he continued, the men are apt to find themselves begging for their own rights.
Local press reports said the damage to the interior of the well-loved church near Moria village had caused much sadness in the area. The vandals also wrecked historic Christian religious items and furniture in the church, which residents say has been vandalised several times in the recent past. No arrests have been made for the latest attack.
Aside from detention, the document also describes the forms of surveillance and intelligence gathering CBP is authorized to conduct during a pandemic. In many cases, these CBP personnel have not even been given medical training.
“CBP will monitor domestic and international intelligence information to provide continuous situational awareness of national threats.”
The majority of Montanans cast their ballots through mail, but because Native American reservations in the state are geographically isolated and lack postal service, those who live there rely on voting organizations to collect and transport ballots to election offices that would otherwise be inaccessible, the plaintiffs said. BIPA imposes new restrictions on who can collect ballots and how many ballots can be collected, reducing what used to be 80 ballots to only six.
The American Civil Liberties Union (ACLU) of Montana and the Native American Rights Fund, which filed the lawsuit on behalf of the Western Native Voice and Montana Native Vote, argue the law prevents indigenous people from voting.
Here, exclusionary conduct is defined as conduct that disadvantages “actual or potential competitors” or “tends to foreclose or limit the opportunity of 1 or more actual or potential competitors to compete.” For companies our groups with large market share, we assume that if they undertake exclusionary conduct then it will harm competition unless the procompetitive benefits are proven.
While we await a handful of interesting state copyright law issues from the US Supreme Court, a new petition from the State of Texas asks for some respect as well. In the case, UT sued Boston Scientific for patent infringement in W.D.Tex. Federal Court. However, venue turned out to be improper and the case was transferred to D.Del. Texas has argued that a state has the right to enforce its actions – seek redress for harms against the state — within the borders of its own state.
The USPTO has indicated that it is planning to hire “hundreds” of new patent examiners this calendar year, including individuals with backgrounds in biomedical, computer, electrical, and mechanical engineering.
The EPO’s biennial fee increases come into force on 1 April 2020 and include a 20% hike of the appeal fee. At the same time, new appeal fee refund provisions are being introduced through an amendment to Rule 103 EPC. These are intended to encourage appellants to continuously review whether to continue or withdraw their appeal. The EPO hopes that these measures will help clear the growing backlog of appeals to reduce processing times for pending appeals.
[...]
No more surcharges for bank transfers?
Along with the appeal fee refund changes, the surcharge under the “ten-day fail-safe” provision for fee payments made by bank transfer is being scrapped through an amendment to Article 7(3) RFees.
Currently, a surcharge of 10% of the relevant fee, up to a maximum of €150, must be added to payments made by bank transfer instructed within 10 days before the end of the period for paying the fee, but received in the EPO’s account after expiry of the period.
From 1 April 2020, any such bank transfers instructed on time but received late will not be subject to any surcharge.
As most users of the EPO make payments via a deposit account, this is not envisaged to affect many fee payments. However, it is unclear whether the ten-day fail-safe arrangement still applies to payments replenishing a deposit account as the reference to the ten-day fail-safe provision in the Arrangements for Deposit Accounts has not been updated to reflect the amendment to Article 7(3) RFees.
Preliminary injunction in Germany because of the accusation of patent infringement can only be considered if the allegedly infringed patent has already been confirmed in the first instance as protectable and valid in its property right: a direction-changing decision of the OLG Munich on reasons for a preliminary injunction in Germany- to the disadvantage of the patent owner.
[...]
The applicant is the registered proprietor of European Patent EP 3159974 B1 “Electrical connection terminal”, in the present case the patent at issue “Leiterklemme”. The defendant sells connectors for the detachable connection of an electrical conductor to a printed circuit board in Germany. The applicant considered this to be an infringement of her injunction patent.
However, only 5 days after the grant of the patent in dispute, the plaintiff applied for injunctive relief and a preliminary injunction against the defendant for alleged patent infringement of her own patent of injunction.
The subsequent oral hearing on the application for a preliminary injunction before the Munich Regional Court of First Instance also took place very quickly, only 10 days after the application was filed. The respondent filed an appeal against the subsequent judgment, claiming that the Regional Court had wrongly affirmed a claim for an injunction.
Oral hearing on the issue of a temporary injunction
The OLG Munich first of all confirmed in its decision “Leiterklemme” that an application for a preliminary injunction based on a patent or utility model is usually to be heard orally. However, the respondent must be given sufficient opportunity to comment on the question of infringement and on the validity of the law, 10 days is too short for this, the OLG Munich ruled in its first guiding principle.
Signage is displayed outside the General Electric Co. (GE) Aviation assembly plant in Lafayette, Indiana, July 19, 2019. Bloomberg General Electric Co., Ericsson AB and NTT Docomo Inc. have joined a patent-licensing pool that’s seeking to collect royalties on devices used in the booming movie-streaming market, setting up a potential fight with Google, Apple Inc. and Microsoft Corp. The pool brings together hundreds of patents owned by a dozen companies as a “one-stop shop” for companies that use the VP9 and AV1 video coding formats, according to Sisvel International SA, a global intellectual property company organizing the pool. The patents involved are used to compress video and are key to streaming media.
On March 12, 2020, Unified filed a petition (with Haynes and Boone serving as lead counsel) for inter partes review (IPR) against US Patent 9,641,849, owned by Ideahub Inc. as part of Unified's ongoing efforts in its SEP Video Codec Zone. The '849 patent relates to a video compression technique known as intra prediction.
The '849 patent is a part of the HEVC Advance patent pool. HEVC Advance claims that certain claims of the '849 patent are essential to the HEVC standard. After conducting an independent analysis, Unified has determined that the '849 patent is likely unpatentable.
Tensions between the EU’s legal order and the international investment law regime are not exclusive to the Brexit era, but they certainly gained momentum in the aftermath of this referendum. By incautiously declaring that the UK will remain a party to the Unified Patent System regardless of Brexit, the British government arguably shaped (il)legitimate expectations on the part of investors who aimed at exploiting their intellectual property rights in the UK while benefitting from the judicial protection of the forthcoming Unified Patent Court as much as of the European institutions (and market) as a whole. Indeed, not only the System itself will undergo a process of major rebalancing after London’s departure from the EU, but more importantly, the UK will most probably be unable to retain its membership in the System after the actual delivery of Brexit. These complications trigger a wide spectrum of fundamental dilemmas investing the definition and scope of concepts such as unilateral declaration, indirect expropriation, reasonable expectation, estoppel, and public policy exception, under both EU law and international investment law. It is therefore essential to explore these intersections as to anticipate possible scenarios in the event of both domestic court and international arbitral claims lodged by patent investors pre- and post-Brexit, having due regard for competition concerns on the side of the EU, yet referring to recent Canadian case law which opened the gate to investor-State claims in the field of intellectual property.