Your keyboard is king when it comes to input. It’s responsible for your words and your code, carrying you from A to B faster than your mouse. By making the keyboard more efficient, we’ll vastly improve the way you interact with your computer. We’re approaching our keyboard in 3 different ways: Redesigning the keyboard itself, maximizing your efficiency when using it, and empowering you to fully customize your keyboard to your whims.
[...]
There’s nothing more enjoyable than typing on a keyboard for hours on end without hitting the wrong key. That’s why we strongly opposed adding a ‘WRONG’ key to the keyboard. That’s also why we’re sticking to 3 key sizes in the design of the keyboard: 1U (letter/number keys), 1.5U (tab keys), and 2U (shift keys). Traditional keyboards are laid out with incredibly long space bars so you can’t use your thumbs, your strongest digit, for functions other than space. Our testing revealed that most space bars are much longer than what’s necessary to reliably and consistently hit the bar, so we decided to break up the space bar into 2 2U keys. Not only did this shorten the length of the space bar and bring useful functions closer to the center of the keyboard, but this also allows you to remap another commonly-used key to where it’s easy for you to smash with your other thumb.
The new keyboard is designed to work in harmony with Auto-Tiling on Pop!_OS. CEO Carl Richell describes his experience testing the prototype: “I’ve found using the new keyboard layouts with Auto-Tiling is so addictive that when I go to another computer, it feels like I’m in a foreign land.”
Following in the steps of their hand-crafted Thelio desktops manufactured in-house in Colorado, Linux PC vendor System76 is also working to not only manufacture their own laptops but also other components like their own keyboard.
System76 continues ramping up their manufacturing equipment and capabilities at their Denver facility and it's looking like the premiere of their keyboard isn't far out with already having prototypes internally.
I recently participated in The Linux Foundation Open Source Summit North America, held virtually June 29-July 2, 2020. In the course of that event, I had the opportunity to speak with a fellow attendee about my career in Linux systems administration and how it had led me to a career focused on open source. Specifically, he asked, how does a systems administrator who doesn't do a lot of coding participate in open source projects?
That's a great question!
A lot of focus in open source projects is placed on the actual code, but there's a lot more to it than that. The following are some ways that I've been deeply involved in open source projects, without writing code.
Chris figures out how hot is too hot, Alex performs an extreme remote firewall install, and we share some of our favorite SSH tricks.
Emulex: The Cheapest 10gbe for Your Homelab, In Search of 2.11BSD, as released, Fakecracker: NetBSD as a Function Based MicroVM, First powerpc64 snapshots available for OpenBSD, OPNsense 20.1.8 released, and more.
While we have looked a lot at how the Core i9 10900K performs at the top-end of Intel's Comet Lake line-up as well as with the likes of the i5-10600K and i3-10100, here is our first look at the very bottom of the stack with the new Celeron and Pentium processors. Benchmarked today are the Celeron G5900 as a ~$40 processor and the Pentium Gold G6400 that retails for around $60 and compared against other low-end Intel and AMD processors as well as older Intel Core i3 CPUs.
It’s been a couple of months since the Kodi Foundation last rolled out a major update for its hugely popular home theater software, but today the wait is over as it has a new release for you to install. Kodi 18.8 comes with a number of changes and improvements, as well as some big news regarding the future of the software.
According to the team this new build is "likely to be the final release in the 18.x 'Leia' series, before all effort now shifts to 19.x 'Matrix'". And in keeping with that announcement, it has switched Kodi 19 to the release cycle.
Created with the help of professional historians, Svoboda 1945 tells the story of the events that followed the end of the Second World War in a small Czech village. By uncovering the past, players can explore the experiences of those who survived the war.
If you’re not familiar with Monster Sanctuary, it’s a mix of 2d exploration with RPG mechanics as you befriend and develop your own group of monster allies. Battling against other monsters is a big part of the game as is utilizing unique abilities to access and explore new areas of the map. Initially released into Steam’s Early Access over a year ago, the game has been in constant development since and quite a few significant updates have been made since.
The newest update released earlier this month adds a new late-game area, mechanically-themed and boasts of a new story arc as well as new monsters to encounter and collect. Additionally, there’s also a large amount of new equipment for your party to discover and use.
It should also be easier to sort aforementioned equipment thanks to a new category system in the inventory menu. Add to that beautiful new pixel art for all of the monsters in the in-game journal as well as an extension of the star-rating systems for combat and there’s plenty to love in this update. There’s a slew of balance and bug fixes as well which you might want to read for yourself in the patch notes.
After a successful crowdfunding campaign several years ago, the slick and violent Hellpoint has now released with same-day Linux support.
[...]
As seems all too regular when humanity sticks its nose where it doesn’t belong, the game is set in the aftermath of a cataclysmic event know as the Merge. Stuck on a space station named Irid Novo, the game promises certain dynamism depending on the station’s orbit around a black hole as well as the player’s choices throughout the game. It’s hard to say just how much freedom the game will provide but I can say that, given the demos and trailers we’ve seen so far, there’s a lot of carnage to expect no matter what.
The open source Godot game engine is a really amazing project that’s quickly becoming even more amazing. Development continues unabated and, thanks to dedicated programmers, there’s plenty to look forward to in the works.
The free, open source and cross-platform game engine Godot has been steadily improving for quite some time. The upcoming 4.0 version already promises neat new features such as Vulkan support and real-time global illumination. Now, thanks to Google’s Summer of Code program, a few student developers have been focusing on improving several areas of the engine and editor.
All six of the projects are good improvements and generally add to the available tools but a few caught my attention more than others. Particularly the inclusion of document generation for Godot’s own scripting language as well as improvements to localization tools. Yes, I know, they may not be as obviously pleasing as better animation support or modelling improvements but solid documentation and the ability to painlessly edit a sprawling project is something that’s often sadly overlooked in the development world. Making an engine or editor more accessible is always a noble goal.
While, admittedly, this isn’t the usual fare that we cover, some of you might be interested in this upcoming project by developer Jaime Scribbles. Finding herself in another dimension, protagonist Eleadora struggles to get back to her own world while having to rely on potentially untrustworthy allies. Eleadora may well find herself changed both physically and mentally after her ordeal, mutating into something other than human if things don’t go well.
This god simulator by Abbey Games allows players to create their own religion, cultivate followers and grow the faith into glorious prosperity. Originally crowdfunded, Godhood has come a long way since its original pitch, adding a whole range of options and mechanics to better define your godly cult. Expect to issue commandments, manage disciple and engage in divine combat against other deities in a battle to establish yourself as the one true faith.
The quest for better emulation is never quite done, it seems. The open source PS2 emulator saw its first major stable release in years a few months ago and since then more exciting stuff has been under development.
If you’re not familiar with PCSX2, it’s one of the oldest PlayStation 2 emulators around. While not completely perfect, it’s allowed for reasonably good emulation of titles for a long time and has gotten noticeably better on Linux as of the last few years. Back in May, PCSX2 released its first new stable version in four years and, with it, brought countless improvements and fixes as well.
The development hasn’t slowed since and there’s plenty to love in a recent progress report. While there’s a fair bit of code refactoring and bug fixing, I’m mostly excited about some the accuracy improvements that have been implemented. Z-buffer improvements, for example, solve many text and HUD display issues while dithering support and blending improvements make things look more as they were originally intended.
I’ve got quite a few PS2 games from back in the day and, as PCSX2 has steadily improved, it’s been fun to revisit those titles. While things aren’t quite perfect yet, there’s an impressive amount of compatibility. Even software rendering is relatively manageable for those few picky titles that don’t play nice yet. Still, projects like these are invaluable for preservation of old games even as the original hardware becomes more difficult to find.
The rather pretty open-world space action sim from ROCKFISH games looks to be steadily improving as it nears Beta quality. The developers have shown the adjustments made in response to feedback as well as new content they hope to add soon.
In this article, you will learn how to install Steam on Linux. The guide applies to all the distributions.
Steam is a very popular video game distribution service. It acts as a storefront where users can buy the game, play and update it directly through the Steam application. Apart from that, community features such as friends lists and groups, cloud storage, and in-game voice chat functionalities are also provided by Steam.
The Steam platform is the largest digital distribution platform for PC gaming in the world, accounting around 75% of the market share.
A window manager is software that manages the windows that applications bring up. For example, when you start an application, there will be a window manager running in the background, responsible for the placement and appearance of windows.
It is important not to confuse a window manager with a desktop environment. A desktop environment typically consists of icons, windows, toolbars, folders, wallpapers, and desktop widgets. They provide a collection of libraries and applications made to operate cohesively together. A desktop environment contains its own window manager.
There are a few different types of window managers. This article focuses on compositing window managers.
A compositing window manager, or compositor, is a window manager that provides applications with a separate and independent buffer for each window. The window manager then processes and combines, or composites, output from these separate buffers onto a common desktop. It also controls how they display and interact with each other, and with the rest of the desktop environment.
Compositing window managers may perform additional processing on buffered windows, applying 2D and 3D animated effects such as transparency, fading, scaling, duplicating, bending and contorting, shuffling, and redirecting applications. The addition of a virtual third dimension allows for features such as realistic shadows beneath windows, the appearance of distance and depth, live thumbnail versions of windows, and complex animations.
Here’s our recommendations. All of the software is free and open source goodness.
For five and a half years, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
20.7, nicknamed "Legendary Lion", is a major operating system jump forward on a sustainable firewall experience. This release adds DHCPv6 multi-WAN, custom error pages for the web proxy, Suricata 5, HardenedBSD 12.1, netstat tree view, basic firewall API support (via plugin) and extended live log filtering amongst others.
Download links, an installation guide[1] and the checksums for the images can be found below as well.
OPNsense 20.7 "Legendary Lion" released today as "a major operating system jump forward on a sustainable firewall experience" powered by HardenedBSD.
OPNsense 20.7 adds DHCPv6 multi-WAN capabilities, custom error pages support within the web proxy, Suricata 5, a netstat tree view, a basic firewall API for interfacing via plug-ins, improvements to live log filtering, and various other changes. There is also the latest HardenedBSD 12.1 improvements on the BSD security front plus a variety of package updates.
As with every release, the artwork for Mageia 8 will come from you, the great community that supports and makes Mageia possible. With development well underway, Alpha 1 has just been released, it’s time to start getting the artwork ready. As in previous years, we’re looking for your contributions and ideas, but not just images and photos – if you have icons and logos, or ideas on how login screens or animations should look, then it’s time to discuss or show them off.
GeckoLinux is pleased to announce the 999.200729 update to its ROLLING editions, thus completing the current refresh cycle of the entire GeckoLinux lineup. GeckoLinux ROLLING spins are generated directly from unmodified openSUSE Tumbleweed and Packman repositories, and the installed system can be updated directly from those official sources. This design decision has allowed GeckoLinux ROLLING users to install and update their systems in a constant rolling fashion over the past two years from the cutting edge and highly stable openSUSE Tumbleweed distribution. Now, GeckoLinux users that need an installation ISO to support very new hardware will find what they need in the GeckoLinux ROLLING 999.200729 set of updated spins.
RHEL (Red Hat Enterprise Linux) 7 and CentOS 7 operating system series received an important Linux kernel security and bug fix update that addressees four vulnerabilities and several other issues.
Probably the most important vulnerability patched in this new Linux kernel security update for RHEL and CentOS 7 systems is a flaw (CVE-2020-10757) discovered in the way mremap handled DAX Huge Pages, which could allow a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
Also important is the buffer overflow (CVE-2020-12653) discovered in Linux kernel’s Marvell WiFi-Ex driver, which could allow a local user to escalate their privileges on the system. This was patched as well in the new kernel security update, but you can protect yourself by blacklisting the mwifiex kernel module.
Malwarebytesââ¢, a leading provider of advanced endpoint protection and remediation solutions, today announced that it has achieved Red Hat Enterprise Linux 8 certification for its Malwarebytes Endpoint Protection for Servers product. This key certification gives users the confidence that they may more easily configure and deploy the product within Red Hat Enterprise Linux 8 environments.
[...]
Red Hat Enterprise Linux 8 is the world's leading enterprise Linux platform, designed to span the breadth of deployments across enterprise IT. For nearly any workload running on any environment, Red Hat Enterprise Linux 8 delivers one enterprise Linux experience to meet the unique technology needs of evolving enterprises in hybrid cloud environments. As part of the Red Hat partner ecosystem, Malwarebytes Endpoint Protection for Servers has proven that it can seamlessly deploy and operate within Red Hat Enterprise Linux ecosystems.
The impact: More and more companies are embracing the idea that there are customer problems they just can't solve without help. Maybe that reduces the money that can be made from each individual customer as it expands the opportunities to engage more broadly into more problem spaces.
It’s hard to believe that we are already halfway through the year, and what a year it has been. Thank you to all of our partners for their contributions to drive success for our clients and for demonstrating impressive flexibility and creativity during these difficult times. While this year has certainly been one of continuous change and new challenges, I would like to take the opportunity to reflect on the momentum and innovation seen across our partner ecosystem thus far.
As the marketplace continues to evolve in response to the global pandemic, the need for agility, automation and security in technology has become paramount for the enterprise. Additionally, we are experiencing a new age of organizational change and virtualization as people look for different ways of collaborating and staying connected. We were thrilled to have more than 10,000 members of our partner ecosystem register for the recent Red Hat Summit 2020 Virtual Experience, a testament to the dedication of our partners to the open source community.
New, enhanced, and useful customer experiences are vital to the successful adoption and monetization of new 5G services.
As millions more devices connect to their networks, telecommunications service providers are migrating from hardware-based network appliances to virtualized infrastructure to enable them to rapidly and economically scale to meet ever increasing demands from customers.
To deliver reliable 5G services, one way operators can improve application performance and reduce latency is by extending telco cloud infrastructure from their network core to the edge: closer to customers, devices, and data sources.
Kontron’s fanless EN50155-certified “SR-TRACe-G40x” railway server and router runs a hardened, new hypervisor based on OpenWrt called SEC-Line on a Skylake or Apollo Lake CPU and offers 2x SATA, 2x GbE, LTE, WiFi, and GNSS.
Kontron unveiled an “edge data processing router/server gateway” for the rail industry based on 6th Gen Core or Apollo Lake that offers “data-center grade processing and networking to rolling stock.” The EN50155-certified multi-network SR-TRACe-G40x rail computer is promoted for its new, ultra-secure SEC-Line Open Platform hypervisor based on OpenWrt Linux.
Until now, PINE64 has launched one development, one “Braveheart” limited, and two community editions (Ubuntu Touch, postmarketOS) of Linux smartphone PinePhone. This $150 phone is gradually progressing toward a daily driver phone.
If you have the latest PinePhone with postmarketOS, you can even turn it into a desktop computer with peripherals like a keyboard or mouse connected via USB Type-C dock. But it may look cluttered and even harder to travel with.
[...]
Besides vendors, if you’re a hardware tinkerer who loves to play with PinePhone, you can also share your creativity with PINE64. Mind you, there is also a reward for the selected project with full credit for the design.
Last year at the Mozilla All-Hands in Whistler, Canada I went for a walk with my colleague Mark Reid who manages our Data Platform team. We caught up on personal stuff and discussed ongoing projects as well as shared objectives for the next half-year. These in-person conversations with colleagues are my favorite activity at our semi-annual gatherings and are helpful in ensuring that my team is working on the most impactful projects and that our tests create value for the teams we support.
[...]
For Mozilla, getting reliable data from our products is critical to inform our decision making. Glean is a new product analytics and telemetry solution that provides a consistent experience and behavior across all of our products. Mark and I agreed that it would be fantastic if we had automated end-to-end tests to complement existing test suites and alert us of potential issues with the system as quickly as possible.
Version 5.0 of the popular open source GNU nano text editor has been released. This upgrade offers many enhancements and changes for Linux users, as listed on the nano website...
Intel's open-source ISPC (the Intel SPMD Program Compiler) now has preliminary support for code generation targeting their GPUs.
The Intel SPMD Program Compiler that is focused on C programming with extensions around single program, multiple data programming concepts for leveraging SSE and AVX is now seeing initial support for exploiting the potential of Intel graphics processors.
ISPC has long worked well for exploiting the potential of AVX/AVX2 and AVX-512 as well as SSE4 while now this SPMD program compiler can begin targeting Intel Gen/Xe Graphics.
The ISPC support relies upon Intel's oneAPI Level Zero for managing devices and other orchestration.
The AMD ROCm developer tool engineers have released a new build of AOMP, their LLVM Clang compiler downstream that adds OpenMP support for Radeon GPU offloading until that support ultimately makes it back upstream into LLVM/Clang.
The ROCm engineers working on AOMP have been doing a great job on keeping their code re-based against the newest upstream LLVM code, which with this release is from just two weeks ago prior to the LLVM 11.0 branching. The AMD developers have been working on upstreaming more of their LLVM/Clang changes albeit that is a lengthy process especially with new Radeon OpenMP code continuing to be written and fine tuned.
If you experienced the home and personal computing revolution of the early 1980s, you may have read some books that got you hooked up with programming. These books led you through the intellectual adventure of using computing to explore interesting problem domains.
Next week I plan to continue working on ScrapyTunnelingH2Agent.
We need a system where people with disabilities are universally included by design—not “accommodation.”
In assembling a book on reading Habermas as learning theorist over the last couple of years, I discovered, perhaps more deeply than previous readings, that our human capacity to learn to solve problems at micro-and-macro-levels, as well as stepping back and reflecting on our condition, carries hope forward into the not-yet future. One of our irreducible interests is that of emancipation; this interest—propelled by social struggle—is in-built into our humanness. If this be so, then, clearly even though humans down through history have suffered immensely from overlords, we can organize an enlightenment learning process to reflect on our oppression. We can acquire the verve to act collectively to change the way the rich and powerful misperceive us and the structures that hold us down.
By spinning the intellectual property of large US corporations as something that must be safeguarded rather than something that should be shared, US media are failing to inform their audiences about how corporations are delaying the development of a vaccine—and causing unnecessary deaths.
"Forgive me for repeating myself but it's important," said Rep. Bill Pascrell Jr. "Donald Trump and the Republican party are a threat to your life. They are a threat to your life right now."
Rep. Louie Gohmert, a Republican from Texas who frequently refuses to wear masks or facial coverings to prevent the spread of COVID-19, tested positive for the disease on Wednesday.
The GOP lawmaker was quickly accused of exposing "every single person in yesterday's hearing."
Single-family rentals now comprise the fastest-growing segment of America’s housing market, suggesting that the great housing crisis of 2008 never really ended, but has rather just shifted its terrain of struggle.
The Democratic National Committee’s platform committee approved a draft of the party’s 2020 agenda this week and committee cochair Denis McDonough promptly described it as the “boldest Democratic platform in American history.”
President Donald Trump expressed confusion and disappointment on Tuesday in response to the news that some members of his coronavirus task force are getting higher approval ratings than he is for their responses to the pandemic.
With over 150,000 people in the United States now confirmed to have died after contracting COVID-19, the nation’s estimated 25 million residents who speak little or no English face an additional challenge: accessing critical information.
Language barriers are a hurdle for many immigrants, including refugees from countries that have endured long conflicts such as Iraq and Somalia – a problem compounded by limited translation resources.
Several community outreach workers, language service professionals, and attorneys told The New Humanitarian that language access can mean the difference between life and death.
“People need to hear health information in the language they best understand, so that they can make the best choices to protect the health of themselves, their families, and their communities,” Danushka Wanduragala, international health supervisor at the Minnesota Department of Health, told TNH.
But as cases climb, President Donald Trump’s administration has quietly scaled back federal help that previously guided individuals with limited English proficiency.
The RSS newsreaders may not be much in fashion these days but they have surely not been discontinued. They are still being used, plenty of people still rely upon them to pull together various news stories from different websites.
RSS news readers provide a great way to stay current and updated. Though many websites do not keep an updated RSS feed anymore, there are still some great RSS readers available online.
Through this article, we will introduce you to some of the best and top listed RSS newsreaders which will always keep you up to date.
The Open Mainframe Project (OMP), an open source initiative that enables collaboration across the mainframe community to develop shared tool sets and resources, today announces the complete schedule of the inaugural Open Mainframe Summit. The virtual event takes place September 16-17 and will feature Ross Mauri, General Manager of IBM Z and LinuxONE at IBM; Greg Lotko, Senior Vice President and General Manager, Mainframe Division at Broadcom; Brian Behlendorf, Executive Director of Hyperledger; and The Linux Foundation's Jim Zemlin, Executive Director, and John Mertic, Director of Program Management.
[...]
Conference Sessions Include:
COBOL and the Modern Mainframe Movement - Jessielaine Punongbayan, Senior Software Engineer and Richelle Anne Craw, Senior Software Engineer, Broadcom Beyond the Mainframe Security Features, it is Time to Learn about Open Source Software Security - Javier Perez, Open Source Program Office Manager, IBM How Two Millennials Built a Mainframe Security Model on Top of Zowe in Six Weeks (and yes it works on all ESMs) - Kyle Beausolei, Software Engineer and Jordan Filteau, Software Engineer, Rocket Software Cloud Foundry Orchestrated by Kubernetes on Linux on IBM Z - Vlad Iovanov, Software Engineer, SUSE and Dan Pavel Sinkovicz, Student Mentee How Zowe and Open Source Made me Talk to the Mainframe (literally) - Youngkook Kim, Z/LinuxONE Solutions Architect, Vicom Infinity Zowe Conformance: High-reliability Extensions for Mainframe Tools, Guaranteed - Rose Sakach, Global Product Manager, Broadcom Open Source infrastructure-as-a-Service Automation for IBM z/VM - Mike Friesenegger, Solutions Architect, SUSE and Ji Chen, IBM Cloud Infrastructure Center Architect, IBM A 360 Degree View on LinuxONE Security & Compliance - Pradeep Parameshwaran, Technical Security Lead, LinuxONE & Linux on IBM Z, IBM
Contributed by Bitdefender, a leading global cybersecurity company protecting over 500 million systems worldwide and a Xen Project Advisory Board member company, HVMI allows organizations to make sense of the view of memory provided by Virtual Machine Introspection within both the Xen and KVM hypervisors. While Bitdefender has used the technology for security purposes, open sourcing this technology opens up possibilities to extend HVMI’s value across many industries.
HVMI is a subset of Bitdefender’s HVI which is used to understand and apply security logic to memory events within running Linux and Windows virtual machines. These mechanisms leverage Virtual Machine Introspection APIs at the hypervisor-level.
Also being open sourced is Bitdefender’s ‘thin’ hypervisor technology, known as Napoca, which was used in developing HVI. Napoca may prove useful to researchers and open source efforts as it virtualizes CPU and memory, as opposed to virtualizing all hardware, and can be combined with HVI to protect physical systems.
To learn more, read the Bitdefender press release or watch the webinar outlining details of this contribution.
Bitdefender, a leading global cybersecurity company protecting over 500 million systems worldwide, is proud to announce the contribution of its groundbreaking Hypervisor Introspection (HVI) to the open source community as a subset of Xen Project called Hypervisor-based Memory Introspection (HVMI).
A member of the Advisory Board of the Linux Foundation-hosted Xen Project, Bitdefender is open sourcing the mechanisms of HVI used to understand and apply security logic to memory events within running Linux and Windows virtual machines. These mechanisms leverage Virtual Machine Introspection APIs at the hypervisor level.
The code, formerly intellectual property of Bitdefender, allows organizations to make sense of the view of memory provided by Virtual Machine Introspection within both the Xen and KVM hypervisors. While Bitdefender has used the technology for security purposes, the possibilities extend to a range of other areas that can leverage and extend a unique, powerful sensor.
HVI takes advantage of the position of hypervisors between underlying hardware and virtualized operating systems – Windows, Linux, desktops and servers – to examine memory, in real-time, for signs of memory-based attack techniques that are consistently used to exploit known and unknown vulnerabilities.
The technology, first launched for general availability in 2017, earned widespread acclaim for stopping EternalBlue attacks, without requiring knowledge of the attack or underlying vulnerability. The WannaCry attacks which leveraged EternalBlue, and the success of HVI, make it clear that hypervisor security solutions such as HVI must become part of organizations' security fabric.
Also being open sourced is Bitdefender's 'thin' hypervisor technology, known as Napoca, which was used in developing HVI. Napoca may prove useful to researchers and open source efforts as it virtualizes CPU and memory, as opposed to virtualizing all hardware, and can be combined with HVI to protect physical systems.
"The Xen project is proving extremely fruitful, and the Xen Project hypervisor VMI capabilities have revolutionized security," said Shaun Donaldson, Director of Strategic Alliances at Bitdefender. "We are excited to see the range of uses the community will come up with for the technology, and fully expect to see HVI and Napoca technology used in areas beyond the scope of Bitdefender's security-focused purposes, that we could not anticipate today," he added.
Kurt Roemer, Chief Security Strategist and a member of the Office of the CTO at Citrix, says the creativity of the open-source community will further embed HVMI technology into a wealth of resources with surprising innovations that transcend the limitations of OS-based security models.
"HVI has provided powerful threat insights and remediations into running Xen-based virtual machines. Now that the technology is open-source, the use cases to which HVMI can be applied will result in direct value realized by both security teams and their businesses – especially for emergent threats," Roemer said.
Version 7 of the REMnux toolkit for malware analysts is out. According to the product website, the REMnux Linux distribution, which is maintained by Lenny Zeltser, SANS Faculty Fellow, “is designed for reverse-engineering and analyzing malicious software” including compiled executables, document files, and scripts.
REMnux provides a collection of free tools created by the community, which can be used by security researchers to examine and investigate malware. It also offers Docker images of popular malware analysis tools, so you can run them as containers without having to directly install them on your system.
A new vulnerability has been discovered in Secure Boot that affects most Linux distributions and Windows devices that use the UEFI specification during boot. The vulnerability, called BootHole, was found by an enterprise security research firm, Eclypsium (spotted by Tom’sHardware). The flaw is specifically present in the GRUB2 file in Secure Boot and can be used by attackers to attain “near-total control” of the victim’s system.
The firm says that the problem “extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority”, therefore putting a huge number of Windows desktops, laptops, workstations, servers, and other special-purpose equipment that use the technology are affected.
[...]
The research firm believes that full mitigation of BootHole will require “coordinated efforts from a variety of entities” and that it expects deployment to be slow. For now, the recommendations for organizations include monitoring UEFI bootloaders and firmware, verifying UEFI configurations, testing recovery capabilities, and more.
As we have already pre-announced some time ago this side-project inside the IPFire Project is finally ready for prime time.
It comes with a new implementation to build, organise and access a highly optimised database packages with loads of helpful data for our firewall engines, as well as our analytics to analyse where attacks against the firewall are originating from.
With it, IPFire can block attackers from certain countries, or do the opposite - only permit access to certain servers from certain places. Combining rules with the rate-limiting feature allows to limit connections from certain locations which is very helpful for DoS attacks.
No new features have been added, but those that we had have been massively improved. The database is now being updated once a week which makes it more accurate and we no longer require complicated scripts to convert it into different formats to be used in different parts of the operating system.
Instead the database can be opened and ready extremely quickly which allows access in realtime making pages on the web user interface load significantly faster.
We hope that many other projects choose to use our implementation as well, since we have chosen a truly open license for the data as well as the library that works behind it.
I will talk more about this in a later blog post and explain to you the advantages of libloc.
The world is increasingly interconnected and, as a result of this, the exposure to security vulnerabilities has dramatically increased as well. The intricacies of maintaining today’s Linux-based platforms make it very challenging for developers to cover every potential entry point. In 2019 there was an average of more than 45 Common Vulnerabilities and Exposures (CVEs) logged per day.
How does a development organization keep up with that? In order to stay on top of this, developers must increasingly spend more time and effort integrating CVE patches into their solutions, at the cost of spending time developing their applications.
Earlier this month I noted how the calls to ban TikTok didn't make a whole lot of sense. For one thing, a flood of researchers have shown that TikTok isn't doing anything any different than a flood of foreign and domestic services. Secondly, the majority of the most vocal pearl clutchers over the app (Josh Hawley, etc.) haven't cared a whit about things like consumer privacy or internet security, suggesting it's more about politics than policy. The wireless industry SS7 flaw? US cellular location data scandals? The rampant lack of any privacy or security standards in the internet of things? The need for election security funding?
At the end of last year, the National Institute of Standards and Technology (NIST) released its review of 189 facial recognition algorithms submitted by 99 companies. The results were underwhelming. The tech law enforcement and security agencies seem to feel is a game changer is just more of the same bias we've been subjected to for years without any AI assistance.
They say that only two things are certain in life: death and taxes. But here on Techdirt, we have a third certainty: that governments around the world will always seek ways of gaining access to encrypted communications, because they claim that things are "going dark" for them. In the US and elsewhere, the most requested way of doing that is by inserting backdoors into encryption systems. As everyone except certain government officials know, that's a really bad idea. So it's interesting to read a detailed and fascinating report by Matthias Monroy on how the EU has been approaching this problem without asking for backdoors -- so far. The European Commission has been just as vocal as the authorities in other parts of the world in calling for law enforcement to have access to encrypted communications for the purpose of combating crime. But EU countries such as Germany, Finland and Croatia have said they are against prohibiting, limiting or weakening encrypted connections. Because of the way the EU works, that means the region as a whole needs to adopt other methods of gaining access. Monroy explains that the EU is pinning its hopes on its regional police organization:
In Belarus, law enforcement officers arrested 33 mercenaries from the Russian private military company (PMC) “Wagner,” the state-owned Belarusian news agency BelTA reported.
Law enforcement agencies in Belarus arrested 33 militants from the Russian private military company (PMC) “Wagner”overnight on July 29, reports the state-owned Belarusian news agency BelTA.€
"Make no mistake: the Senate GOP is choosing to let people die in order to line the pockets of weapons manufacturer CEOs."
The UK parliament’s Intelligence and Security Committee (ISC), drawn from MPs and peers of all parties, last week published its report on possible Russian interference in UK politics.
On July 24, 2020, Tesla’s Elon Musk wrote on Twitter that a second U.S. “government stimulus package is not in the best interests of the people.” Someone responded to Musk soon after, “You know what wasn’t in the best interest of people? The U.S. government organizing a coup against Evo Morales in Bolivia so you could obtain the lithium there.” Musk then wrote: “We will coup whoever we want! Deal with it.”
In a nine-and-a-half-year war that has killed hundreds of thousands and forced millions to flee their homes, paperwork might seem like a trivial issue. But for the many Syrians who lack ID cards and other documents crucial for accessing healthcare, education, and aid, it’s anything but.
As families have been splintered and scattered throughout the conflict, papers have been lost or destroyed, and many Syrians have been cut off from the bureaucracy of President Bashar al-Assad’s government – the only authority that can officially register births and deaths and issue the paperwork that keeps track of these events.
For years, UN assessments have found that the majority of Syrians in the country lack various types of civil documentation, and communities polled consistently say they consider this to be a pressing concern.
Laura Cunial, an information, counselling, and legal assistance specialist with the Norwegian Refugee Council (NRC), which has worked extensively on documentation problems in Syria, explained to The New Humanitarian why something as seemingly simple as an ID card is crucial for daily life: “It is necessary for anything related to registering in school, to passing through a checkpoint, to qualifying for certain social security and welfare benefits, to just being able to have some form of personal identity – which everyone has a right to.”
"We can achieve a just transition to a better world out of the wreckage of this economic crisis... The only thing standing in the way is political will."
"Those that defend our land and environment are on the front lines of #ClimateAction. But we are failing them badly."
"We have consistently defeated this administration's relentless, vicious dismantling of safeguards for people and the environment, and we will do so again for this critically important law."
There are no limits to the pernicious ugliness of Donald Trump and his€ administration.€ We have examples of personal ugliness toward the late Senator John McCain and his family as well as the treatment of the Gold Star family during the 2016 presidential campaign.€ There is policy ugliness in the racist Muslim travel ban, which the Supreme Court upheld, and the cruel separation of families at the U.S.-Mexican border, with children held in isolation from their parents. The use of federal forces against peaceful protestors in Washington, D.C. in June and in Portland in July are fascist in their intent. The director of the Federation of American Scientists’ Government Secrecy Project, Steven Aftergood, remarked that the “use of military aircraft in a domestic operation should set off all kinds of alarm bells.”
A regional court in Sakhalin has overturned a lower court’s decision to freeze the assets of the crab companies “Kurilskiy Universal Komplex” (KUK) and “Moneron,” reports the newspaper Vedomosti. Both businesses have been linked to Oleg Kan, who’s wanted by the police.€
Trump perpetuates the rigged-for-the-rich system that’s shafting working Americans at every turn.
New York City—March. I remember Beirut in 2005, after a car bomb went off, trying not to go near parked cars, and stopping, hyperventilating, catching my breath, and drilling into my brain: “Keep walking, keep going; you can’t control it; you have to keep going.” I need to do this now, here.
The analysis comes as Senate Republicans are trying to cut the expanded benefits for workers who have lost jobs during the Covid-19 pandemic.
Whenever internet-law experts see a new Congressional hearing scheduled whose purpose is to explore whether Section 230—a federal statute that’s widely regarded as a foundational law of the internet—needs to be amended or repealed, we shudder. That’s because we know from experience that even some of the most thoughtful and conscientious lawmakers have internalized some broken notions about Section 230 and have the idea that this statute is responsible for everything that bothers us about today’s internet.
Marina Chaika, the wife of former Attorney General Yuri Chaika’s eldest son, Artyom, has released a video message where she asks her husband to return her passport and grant her a divorce. The footage appeared on the YouTube channel of entertainer and women’s rights activist Ekaterina Gordon, who’s legally representing Marina Chaika.
Things look bad for Donald Trump right now.
When an event is unexplained, it can’t be repeated. Cuba’s astonishing internationalism, the “good news” of the pandemic, is talked about (outside Cuba) as if a miracle, without cause. Support grows for the Nobel Prize nomination but the justification for the Henry Reeve Brigade, established in 2005, is left out. The explanation is ideas.
There are many good things in the report of the Biden-Sanders Unity Task Force, but it is fundamentally a fusion of progressive and moderate Democratic ideals from the era before Covid-19. The pandemic figures mainly as an aggravating factor, adding urgency and scale to various proposals. There is a presumption—as there was at the end of the 2008 financial crisis—that the old instincts and time-tested remedies will work as they have in the past, accelerating an economic recovery destined to occur anyway as the virus recedes and the world returns to normal.
Summary: Social media platforms are constantly seeking to remove racist, bigoted, or hateful content. Unfortunately, these efforts can cause unintended collateral damage to users who share surface similarities to hate groups, even though many of these users take a firmly anti-racist stance.
One of the most frustrating claims that critics of Section 230 make is that because of Section 230 the big internet companies have no incentive to deal with awful content (abuse, harassment, bigotry, lies, etc.). Yet, over and over again we see why that's not at all true. First of all, there's strong incentive to deal with crap content on your platform because if you don't your users will go elsewhere. So the userbase itself is incentive. Then, as we've discussed, there are incentives from advertisers who don't want their ads showing up next to such junk and can pressure companies to change.
"The federal occupation of our community has brought a new kind of fear to our streets."
By early June, most of Indiana had already entered Stage 3 for reopening. But at the Indiana Women’s Prison (IWP), the opposite was happening: Women began being locked into their cells for extended periods of time. IWP currently holds 642 women and has tested less than 10 percent for COVID-19. As of July 27, 25 of the 64 women tested at the Indiana Women’s Prison had coronavirus.
Seldom do situations provide so much self-evident clarity that only few words are needed. We are now in such a situation or would be if what words mean had not returned to a new Tower of Babel. There is an anarchy in our thinking and our chosen twittering that makes it difficult to rid ourselves of the demons of our American mass psyche.
Plainclothes officers from the New York City Police Department on Tuesday snatched an 18-year-old protester off the streets, threw her into an unmarked minivan, and sped away without explanation, a disturbing incident that immediately drew comparisons to the authoritarian tactics recently used by federal agents in Portland, Oregon.
On July 29, police arrested Murtazili Medzhidov — the son of former Dagestani Prime Minister Mukhtar Medzhidov — on suspicion of murdering a 21-year-old student at the Moscow State Institute of International Relations (MGIMO) in April 2018. The alleged victim, a woman from Kazakhstan named Tomiris Baisafa, fell from a fourth-story window on the university’s campus and later died in the hospital.
Kelly Hayes: As Black Lives Matter protests continue to play out around the country, images of protesters squaring off with police in Portland have inflamed debates about “peacefulness,” violence and respectability. Some liberal figures have argued that Trump’s law and order narrative is facilitated by imagery of police dueling with protesters, and that unity will be needed to halt the march of fascism. Such critics have pointed to the riots of the late ‘60s, claiming that the Civil Rights Movement was derailed by those who resorted to violent tactics in the streets.
Trump's quest for scenes of urban chaos may not be over, but for now, it could be ending with a whimper not a flashbang.
Like many writers of my socioeconomic, educational, and psychochemical background, I often find myself bound up in mental contortions over problems that, under sober scrutiny, are not problems at all, but that—left to foxtrot about in the recesses of one’s mind—present themselves as urgent questions. Questions like: What is the role of realist fiction in an age of political upheaval? How should a critic’s identity bear on her reading, and how should a writer’s identity bear on how he is read? And what should we do, now, with all the well-heeled, hetereosexualish, white-man writers who, up until quite recently, might have strolled chest first onto the literary scene, but who now find themselves met with a healthy dose of corrective skepticism?
We play highlights from Attorney General William Barr’s grilling by the House Judiciary Committee over how he sent militarized federal forces to confront Black Lives Matter protesters, and his opposition to voting by mail, and get response from a close friend of Congressmember John Lewis who is now running for Senate. “In spite of the machinations of Donald Trump and those who do his bidding, including the attorney general, the good news is that we’re seeing a multiracial coalition of people pouring out into American streets,” responds Rev. Dr. Raphael Warnock, “saying that we’re concerned about the soul of our democracy.” Rev. Warnock is running as a Democrat for Senate in Georgia.
“We make our spaces family-friendly and enable parents to fully participate with their children. We dismantle the patriarchal practice that requires mothers to work “double shifts” so that they can mother in private even as they participate in public justice work.
Federal authorities are using a new tactic in their battle against protesters in Portland, Oregon: arrest them on offenses as minor as “failing to obey” an order to get off a sidewalk on federal property — and then tell them they can’t protest anymore as a condition for release from jail.
The federal agents who have wielded tear gas, rubber bullets and flash-bang devices against protesters nightly for the past two months in Portland, Oregon, will soon be leaving the city, according to an announcement from Gov. Kate Brown.
"This is an urgent matter for American democracy and for the safety of Americans peacefully€ protesting in their communities."
"Our civil liberties are on the brink," said Rep. Alexandria Ocasio-Cortez. "This is not a drill. There is no excuse for snatching women off the street and throwing them into unmarked vans."
In the slums of Mumbai where I grew up, the grocery store in our neighbourhood would fill up every evening, around 6 p.m. The year was€ 2000.€ Small buyers crowded the big shop – for a quarter kilo rice, red chilli powder and salt for one rupee, cooking oil worth a rupee or two, black mustard seeds and turmeric powder for 25-50 paisa, one or two onions, a quarter kilo each of tur dal and wheat flour, and some kerosene for the stove.
"Policymakers and enforcers have allowed these big tech barons to bully workers, consumers, and businesses for far too long."
If Mark Zuckerberg truly believes in giving everyone a voice, the company must integrate a power, race, and social analysis into its policies and their enforcement.
While the Trump administration and its allies (like Josh Hawley) like to talk a lot about monopolization in "big tech," they couldn't actually care less about monopolies or their impact on competition. For example while Hawley and the Trump FCC/DOJ have made an endless stink about the power of "big tech," that's largely for performative political reasons, namely to perpetuate the utterly false claim that Conservatives are being "censored," to bully tech giants away from encryption, or to frighten them away from finally doing something about the (profitable) bigotry and disinformation problems that plague their networks.
On July 28, 2020, the United States Court of Appeals for the Federal Circuit rejected the arguments of Fall Line Patents, LLC that real party-in-interest determinations were reviewable on appeal after Thryv, Inc. v. Click-to-Call Technologies, LP et al, 140 S.Ct. 1367 (2020), and their argument that Arthrex, Inc. v. Smith & Nephew, Inc., No. 2018-2140, 941 F.3d 1320 (Fed. Cir. 2019) was wrongly decided, and remanded for a new Board panel decision, in line with Arthrex. See Fall Line Patents, LLC v. Unified Patents, LLC, No. 19-1956 (July 28, 2020) (Judges O'Malley, Bryson, and Hughes) (slip op.). This appeal came after the PTAB issuing a final written decision in Unified Patents Inc. v. Fall Line Patents, LLC, IPR2018-00043, holding as unpatentable claims 16-19, 21, and 22 of U.S. Patent No. 9,454,748.
In the non-precedential decision, Judge O'Malley noted that ESIP Series 2, LLC v. Puzhen Life USA, LLC, 958 F.3d 1378 (Fed. Cir. 2020) held that Thryv precluded judicial review of the institution-based real party-in-interest determinations of the Patent Trial and Appeal Board. Notably, Fall Line did not appeal any aspect of the merits of the Board's decision concerning the validity of their claims. Unified was represented by James Barney and Daniel Cooley of Finnegan, and by in-house counsel, Jonathan Stroud and Ashraf Fawzy.
It was just days ago that we were discussing Stone Brewing's new campaign to jealously protect all uses of the word "stone" on alcohol branding. The one time advocate brewer claiming to stand up for craft brewing against "Big Beer" has since devolved into a corporate gorilla smashing up the USPTO to get trademarks cancelled and firing off cease and desist notices to small breweries. All this, mind you, as it also wages war on a second front with MillerCoors over Keystone's rebranding as simply "Stone". In that suit, MillerCoors complained that lots of breweries use the word "stone", which appears to have set Stone Brewing off on its bout of aggression.
I was happy to read David Simon's new article, Trademark Law and Consumer Safety, forthcoming in the Florida Law Review. Simon argues trademark law should pay more attention to the physical harms that products pose for consumers, rather than just economic harms. The conventional view is that trademark law exists to prevent consumer confusion and lower consumers' search costs for finding the products they want. At the same time, trademark law protects sellers' investments in product quality and advertising.
Simon's article argues that trademark law does, or should do, a lot more than this: it should protect consumers from physical injury.
Simon begins with the following example. Imagine a consumer seeks a supplement to make her brain work better. By protecting the trademark BRAINSTRONG for a pill claiming to perform this function, trademark law helps consumers find the pill they want by preventing consumers from mistakenly buying a fake version sold by another infringing seller. The law also protects the investments of the real seller of BRAINSTRONG in making its pills work as claimed and in advertising the pills to consumers.
But Simon draws attention to the physical side of this story. He observes that some trademarks, like BRAINTSTRONG in this example, implicate health and safety. There are two avenues for this. First, what if the consumer buys a fake version of the pill by a trademark infringer, and the fake pill has devastating effects on her mind and body? Second, what if the consumer buys the real BRAINSTRONG, and it has devastating effects on her mind and body?
Social media platform TikTok has caused anarchy in the music industry – on the one hand, it is pushing music up the charts but on the hand, it has been in a year long disagreements with industry representatives about copyright. However, TikTok has now signed a copyright licensing agreement with US National Music Publishers' Association (NMPA).
[...]
At the moment, the terms and conditions of TikTok state that when users upload content, they permit other users to re-use it. This is different from other social media platforms such as Instagram, which state that users either upload their own original content or content that they have permission to use. From a social media perspective, these TikTok terms make practical sense because the whole point in the platform is sharing and re-using sound clips to re-create derivative videos. However, of course, from a copyright perspective this is a total evasion.
[...]
In a post last year, our Asia Correspondent Kat Tian reported that the Chinese version of TikTok, called Douyin, successfully argued copyright infringement when a video that was originally uploaded to Douyin was later uploaded to Huopai – a similar video-sharing platform. Huopai argued that there was no infringement because the video was unoriginal and therefore did not qualify as a copyright work, stating that there was limited room for creativity in a 13 second video. However, the Court found that the video did fulfil the requirement of originality as a work created by a process similar to cinematography; stating: “For the works created on the same theme by different authors, the expressions of which are creative and independently completed, the authors enjoy independent copyrights in relation to the corresponding works.”
It is also interesting that the parties in this case were the two platforms and not the individual users, meaning that the licence granted enables the social media platform to enforce the copyright of the creator. s