Bonum Certa Men Certa

Links 31/08/2023: WordPress 6.3.1, DNF5 Delayed



  • GNU/Linux

    • Server

      • Kubernetes BlogBlog: Gateway API v0.8.0: Introducing Service Mesh Support

        We are thrilled to announce the v0.8.0 release of Gateway API! With this release, Gateway API support for service mesh has reached Experimental status. We look forward to your feedback!

        We're especially delighted to announce that Kuma 2.3+, Linkerd 2.14+, and Istio 1.16+ are all fully-conformant implementations of Gateway API service mesh

        Service mesh support in Gateway API

        While the initial focus of Gateway API was always ingress (north-south) traffic, it was clear almost from the beginning that the same basic routing concepts should also be applicable to service mesh (east-west) traffic. In 2022, the Gateway API subproject started the GAMMA initiative, a dedicated vendor-neutral workstream, specifically to examine how best to fit service mesh support into the framework of the Gateway API resources, without requiring users of Gateway API to relearn everything they understand about the

        Over the last year, GAMMA has dug deeply into the challenges and possible solutions around using Gateway API for service mesh. The end result is a small number of enhancement proposals that subsume many hours of thought and debate, and provide a minimum viable path to allow Gateway API to be used for service mesh.

    • Kernel Space

      • LWNOut-of-memory victim selection with BPF

        In its default configuration, the Linux kernel will allow processes to allocate more memory than the system can actually provide; this policy enables better utilization of physical memory and works just fine — most of the time. On occasions, though, the kernel may find itself unable to provide memory that processes may think already belongs to them. If the situation gets bad enough, the only solution (short of rebooting) is to declare a sort of memory bankruptcy and write off some of the kernel's debts by killing one or more processes. Over the years, a great deal of effort has gone into heuristics to select the processes that the user is least likely to miss. This problem is still clearly not solved to everybody's satisfaction, though, so it was only a matter of time before somebody introduced a way to select the out-of-memory (OOM) victim using BPF.

        There are numerous ways to go hunting for a process to sacrifice when memory runs out. The process using the most memory is an obvious choice, but that process is often something important: a window-system server or a database manager, for example. So developers have naturally tried, over the years, to enable the kernel to make a better choice; see the LWN kernel index to see how things have evolved over time. In current kernels, this decision comes down to a function called oom_badness() which, after exempting processes that cannot be killed for one reason or another, makes a simple calculation. A process's "OOM score" comes down to the amount of memory it uses, adjusted by that process's oom_score_adj value. By tweaking those knobs, user space can shelter some processes from the OOM-killer's depredations while directing its attention toward others.

      • LWNDefending mounted filesystems from the root user [LWN.net]

        Making a filesystem implementation robust in the face of maliciously created filesystem images is a challenging task even when the implementation is actively maintained, which many in the kernel are not. There is a way to make that task even harder, though: modify that filesystem image behind the implementation's back while it is mounted. A recent discussion on the linux-fsdevel list reveals an ongoing disagreement over whether (and how) this threat should be addressed.

        Gabriel Krisman Bertazi recently posted a patch series adding support for negative dentries on case-insensitive ext4 and F2FS filesystems. Negative dentries cache the results of lookups on files that do not exist, accelerating subsequent lookups. Since this kind of operation happens frequently (consider, for example, iterating through a PATH environment variable to find an executable), this is an important optimization. Currently, though, negative dentries do not work with case-insensitive filesystems; this patch series rectifies that problem.

    • Applications

      • MedevelOlivia Is a Self-hosted Open-source AI-Based Chatbot with TTS and STT support

        Olivia is an open-source chatbot built in Golang using Machine Learning technologies. Its goal is to provide a free and open-source alternative to big services like DialogFlow.

      • TecMint16 Free and Open Source Video Players for Linux in 2023

        Audio and Video are two common sources of information sharing we see in today’s world. May it be publishing any product, the need to share information with a large community of people, or a way of socializing in a group, audio and video have become indispensable.

        In the context of sharing knowledge, such as in online tutorials, audio, and video hold a significant place in this highly expressive world. People are eager to share their ideas, prove themselves, and take all possible steps to bring themselves into the limelight.

      • UbuntubuzzPopular Software Applications and Games Written in C++ Language

        This collection will show you a list of software applications, games and libraries available on Ubuntu which are written in C++ programming language. Included in this list 0 A.D. strategy game, Blender 3D animation maker, and Inkscape illustrator among others. We included a quick command to install each one in case you want to try to run or play it. We hope this helps promoting Free Software as well as inviting students to learn about C++ by real-world examples and practices. Lastly, we hope you enjoy them all. Let's start reading.

    • Instructionals/Technical

      • Anton ZhiyanovInteractive API tutorials

        OpenAPI, the de facto standard for documenting APIs, is a decent reference-style documentation. But it can't serve as a good how-to or tutorial.

        In this article, I will introduce a concise and readable way to write interactive tutorials and how-tos for any HTTP API (REST, RPC, or other style). And for that (surprise, surprise), we will rely on the HTTP protocol itself.

      • Chris CoyierThe State of API-Powered Publishing to Social Media Networks

        If you’re blogging like I’m doing here, it’s nice to be able to kick your posts out automatically to social networks (in addition to RSS). A reasonable list right now: [...]

      • Pi My Life UpUsing Bluetooth on the Steam Deck

        In the following sections, we will show you how to enable Bluetooth on your device and use it to pair to another device.

        While these steps will focus on connecting a pair of Bluetooth headphones to the Steam Deck, these same steps will work for most, if not all, devices.

      • Chris CoyierVarying Sizes of Radio Buttons

        When I was looking at what looks like the “official” online personality test for Meyers-Briggs when I was spouting off about personality tests, I noticed that their radio button choices were actually kinda cool: [...]

      • University of TorontoEmail anti-spam (and really all anti-spam) is all heuristics now

        Back in the days, one of the things some people said about DNS blocklists in general and sometimes Spamhaus in particular was that they were opaque, capricious, and didn't actually validate what they were putting in their blocklists, so who knows what could wind up in there for who knows what reason. Those people would take this incident as a validation of their view.

      • Didier StevensQuickpost: PDF/ActiveMime Maldocs YARA Rule

        Here is a YARA rule I developed to detect PDF/ActiveMime maldocs I wrote about in “Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs“.

      • Linux Cloud VPSHow to Rewrite URLs with mod_rewrite for Apache on Ubuntu 22.04

        It enables the modification of a URL in real time. Consequently, the visitor will not observe any alterations to the URL in the address bar. By utilizing mod_rewrite, you can rewrite a limitless number of rules.

    • Games

      • GamingOnLinuxSteamWorld Build arrives December 1st with full Steam Deck support

        SteamWorld Build is the latest in the SteamWorld series from Thunderful Development / Thunderful Publishing and they're once again entirely changing the genre for the series and turning it into a city-builder.

      • GamingOnLinuxSlime Rancher is being turned into a movie

        Well this could be a whole lot of fun! Slime Rancher, the series of games about a lone rancher sucking up slimes in a vacuum gun is getting a movie adaptation.

      • GamingOnLinuxCheck out the demo for Crop Rotation, a farming-themed card drafting game

        A farming-themed card drafting game? Well that's a new one. Crop Rotation is releasing on September 15th and there's a fresh demo available on Steam now too. It will have Native Linux support at release.

      • GamingOnLinuxGet some great strategy games in the Steam Strategy Fest

        I'll be the first to admit that we're a bit late on this news as the sale started Monday, but the Steam Strategy Fest is up and has some awesome deals on strategy game classics. As a fan of Warcraft and Halo Wars, it's very nice to see this oft forgotten genre of game get some love. So, for your discerning pleasure, we'll highlight the deals that stick out to us as great deals.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Carl SchwanFrameless view with QtWidgets

          One design characteristic of our QtWidgets is that they contain a lot of frames and frames inside other frames. This worked well with Oxygen style and its skeuomorphism shadow, less so with Breeze.

          I first thought this was inheriten with QtWidgets and couldn’t be fixed without much effort. But fortunately, after looking a bit into Qt source codes and in particular in the internals of QDockAreaLayout, I discovered that the engine to draw and style the built-in components of QtWidgets: QStyle has a QStyle::PE_IndicatorDockWidgetResizeHandle primitive which allows drawing separators between detachable docks and similarly there is QStyle::CE_Splitter to paint the separator between elements inside a QSplitter. This is huge because this means instead of drawing frames, we can render separator and then get rid of most of our frames in our apps.

      • GNOME Desktop/GTK

        • GNOMEViewing Images in GNOME: Loupe and Glycin

          Loupe is GNOME’s new Core app for viewing images. Starting with the GNOME 45 release, you might find it as Image Viewer on your system. It replaces the previous image-viewing app Eye of GNOME. In honor of this historic occasion, I wanted to give a bit of insight into the making and technology of Loupe.

          The first documented commits to Eye of GNOME (EOG) are from September 1999 by Federico. Some of this code from back then withstands the test of time until today. Likewise, the image loading was already powered by GdkPixbuf, which is still GNOME’s image loading library today. So why start replacing such a well-tried set of software now?

  • Distributions and Operating Systems

    • OMG Ubuntu Regolith Desktop 3.0 Released with Initial Wayland Support
      This update to the keyboard-driven, tiling desktop environment also introduces an alpha-quality Wayland-based session based on the Sway compositor (though this is only available if using the DE on Ubuntu 22.04 LTS and above, or Debian Bookworm).

      An assortment of bug fixes, code cleanups, and performance optimisations come included in Regolith Desktop 3.0 too, so read through the full release notes for more detail on those.

      Upgrading from an earlier version of Regolith? There are a few changes to be aware if. The directory for config files has changed, as have Xresrouce key names. Refer to the Regolith 3.0 migration guide for more information.

      To install Regolith Desktop 3.0 you need to be using Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, 23.10, or Debian 11 or 12 – though the new Wayland session is only available on later editions of these distributions.

    • New Releases

    • BSD

      • Ruben SchadeA basic ASRock board for my FreeBSD tower

        Clara bought me a slim Fractal Ridge case in white for my birthday earlier this year, which has let me downsize my FreeBSD tower to save space for my burgeoning retrocomputer stack.

    • Fedora Family / IBM

      • LWNDNF5 delayed

        It is fair to say that the DNF package manager is not the favorite tool of many Fedora users. It was brought in as a replacement for Yum but got off to a rather rocky start; DNF has stabilized over the years, though and the complaints have subsided. That can only mean one thing: it must be time to throw it away and start over from the beginning. The replacement, called DNF5, was slated to be a part of the Fedora 39 release, due in October, but that is not going to happen.

        DNF sits on top of the RPM package manager and handles higher-level tasks, managing the software mix on the system as a whole. It deals with repositories, manages system updates, and more. On a modern Fedora (or Red Hat) system, DNF is probably invoked by users much more often than RPM is. Given its central role, DNF has to be solid; the alternative would likely lead to the creation of wrecked systems, which is seen as generally undesirable. At its outset, DNF was not as solid as many would have liked, but Fedora users worked the kinks out of it, and it became stable enough to be used in the Red Hat Enterprise Linux products as well.

        In September 2022, a system-wide change proposal was posted, describing a plan to replace DNF with the entirely new DNF5 package manager. DNF5, it was said, would ""provide a significant improvement in user experiences and performance"". It is a complete rewrite from scratch, in C++, resulting in a tool that is both smaller and faster than DNF (which is implemented in Python). The new tool would result in less duplicated code on Fedora systems and a more robust method of storing package metadata. It claims better integration with PackageKit — though it is not clear that PackageKit has a long future either. DNF5 was also planned to have full support for Modularity; this also has limited value now that Fedora has given up on Modularity.

      • What CentOS Discontinuation Means And The Impact On AppViewX

        In a surprising turn of events, the open-source community received a significant jolt when the CentOS Project announced the end of life for CentOS in 2020. CentOS, a popular Linux distribution known for its stability, reliability, and long-term support, has been a go-to choice for countless users, businesses, and organizations worldwide. This announcement has left many in the tech industry contemplating implications and seeking alternatives. This blog post will explore the reasons behind CentOS’s end-of-life decision, its impact on the community, and potential alternatives for CentOS users moving forward.

        The Legacy of CentOS


        For nearly two decades, CentOS has played a crucial role in the world of Linux distributions. It was known as a reliable, free, and community-driven operating system that aimed to provide a stable platform derived from the downstream source code of Red Hat Enterprise Linux (RHEL). CentOS offered long-term support, security updates, and a platform that was compatible with RHEL, making it an attractive choice for businesses and individuals seeking stable and enterprise-grade Linux distribution without the associated costs of RHEL subscriptions.

      • Red HatPresenting a new Istio operator on OpenShift

        A new operator for Istio is now available on Red Hat OpenShift as a developer preview. This new operator, temporarily known as the Sail Operator, will serve as the foundation for Red Hat OpenShift Service Mesh 3, which will be released in the upcoming year.

      • Red HatGo for C++ developers: A beginner's guide

        After years of working on software written in C and C++, I switched to working on a project that is implemented in Go. More developers may find themselves working in the Go ecosystem as more software, such as Red Hat OpenShift and Kubernetes, is implemented in Go. This article discusses the primary language differences between Go and C++, differences in the development environments, and differences in the program-building environment. Examples and code snippets are from the Grafana sources.

    • Devices/Embedded

      • HacksterOrange Pi Launches Quad-Core Rockchip-Powered Alternative to the Raspberry Pi Compute Module 4

        Embedded electronics specialist Orange Pi has launched a Raspberry Pi Compute Module 4-compatible system-on-module (SOM) built around the Rockchip RK3566 system-on-chip — and it's called, unsurprisingly, the Orange Pi Compute Module 4.

        "Orange Pi Compute Module 4 is compact and powerful enough for deep embedded applications," the company claims of its latest launch, which is designed to be a pin-compatible drop-in replacement for Raspberry Pi's Compute Module 4 family — though the company has also announced an in-house carrier board, for those without existing investment in the CM4 ecosystem.

      • LWNPineTime: a smartwatch for open-source software [LWN.net]

        The PineTime is an inexpensive smartwatch developed by PINE64 that is designed to run open-source operating systems. Despite its low cost, however, it has most of the features expected from more expensive, proprietary smartwatches. Because it runs open-source software, though, interested developers can add any other useful features that they dream up.

        Users can flash any compatible operating system to the PineTime. Currently, there are two major projects: InfiniTime, which comes preinstalled and is written in C++, and Wasp-os, using MicroPython. InfiniTime is the more popular of the two, perhaps in part because it comes on the watch. But, perhaps surprisingly, the watch ships with an outdated version of InfiniTime; users should upgrade in order to benefit from several improvements, including power optimizations that can double the watch's battery life. There are two other firmware projects that I know of out there: GopherWatch, written in Go and currently in early development, and a seemingly unnamed and currently unmaintained firmware written in Rust. I did not test either of those.

    • Open Hardware/Modding

      • PurismWe Have Your Phone Ready to Ship

        With the Librem 5 fast approaching shipping parity—the celebratory event when all Librem 5s have been shipped to all backers (who confirmed their address) as their award for supporting us through this long and arduous journey—we will soon be able to shout from the rooftops that “We Did It!” All new orders ship within two weeks.

        Before founding Purism in 2014 I long wanted to create a Linux kernel based free software supported secure phone. The Librem 5 research started in earnest in 2018 with a goal to build a phone that can run the mainline Linux kernel, avoid Android and iOS, become the first truly convergent operating system running PureOS, create and advance the entire Linux mobile ecosystem by investing millions into the infrastructure, underlying libraries, OS, and apps. In addition be built from scratch to have hardware kill switches easily accessible, do proper secure hardware isolation of the CPU, memory, and modem. Side note: Purism also has been consistently releasing all our source code under free software licenses, exactly as stated in our Social Purpose articles of incorporation.

      • HackadayWiFi, PWM Backlight, And Graphics On Updated Chumby Kernel

        For some, the Chumby was a peek at what could have been. That vision never died for [Doug Brown], and he has been working tirelessly on bringing mainline Linux kernel support to the customizable smart display. He has posted several updates but recently got graphics and the PWM backlight working.

        Of course, we covered when [Doug] first started working on the new kernel, so it’s high time we revisited the progress. The WiFi hardware uses a Marvell 88W8686 chipset, which talks over the SDIO bus, so it’s a matter of convincing the libertas driver to talk to it. With a USB to Ethernet adapter, [Doug] could boot new kernels over NFS, so he didn’t have to walk over to swap the SD card. After dealing with an unhandled fault when trying to read the SDHCI_HOST_VERSION register, [Doug] had access points showing up in NetworkManager but could not connect. As a nasty hack, he temporarily removed the interrupts and switched to polling in the driver. While that worked, it would never get upstreamed. A critical interrupt was being dropped, and commands went out of sequence. A second, perhaps ugly hack, read a register after acknowledging an SDIO interrupt, which seemed to work. But it was still a hack, and [Doug] wanted something cleaner. In a blind stroke of luck, he found the errata online and noticed that it mentioned that an interrupt could be missed when a signal was asserted. After follo

      • Tom's HardwareRaspberry Pi Captures Close-Up Images of the Moon

        DoomMonkey266 has created a Raspberry Pi-powered camera rig that can take seriously up-close shots of the Moon from way down here on Earth.

      • Raspberry PiTrekkie defects to build his first droid

        Armed with a Raspberry Pi Pico W, a 3D printer, and Michael’s design files, Tomasz set about building his own “slightly unconventional” droid.

      • Hackaday$1 Graphene Sensor Identifies Safe Water

        If you live in a place where you can buy Arduinos and Raspberry Pis locally, you probably don’t spend much time worrying about your water supply. But in some parts of the world, it is nothing to take for granted, bad water accounts for as many as 500,000 deaths worldwide every year. Scientists have reported a graphene sensor they say costs a buck and can detect dangerous bacteria and heavy metals in drinking water.

      • CNX SoftwareSiFive unveils P870 high-performance core, discusses future of RISC-V

        SiFive has just given a presentation at Hot Chips 2023 introducing the new high-performance P870 RISC-V core and its automotive equivalent the P870-A core, plus discussing RISC-V in general, its previous generation RISC-V cores, and what to expect going forward. SiFive has not officially announced the P870 and P870-A cores just yet, so most of the information we have from the English-spekaer Internet is from ServeTheHome who managed to get some presentation slides, but this is also corraborated by various Chinese sources on Baidu and Guokr. SiFive P870 and P870-A The P870 and P870-A RISC-V cores are new cores from the SiFive Performance family compatible with the RISC-V RVA23 profile and succeeding the SiFive P670 core.

      • Linux GizmosLinuxFoundation Offers Computer Architecture Course w/ Industrial RISC-V Core
    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

  • SaaS/Back End/Databases

  • Content Management Systems (CMS)

  • Licensing / Legal

    • The Drone GirlHow can I fly drones in NYC? New permitting process makes it easier than it was (but it’s still complicated)

      But now, New York City is no longer off limits (or at least as difficult to fly in) for drones. NYC Mayor Eric Adams announced this summer that the city has created a new permitting process that will allow businesses and organizations to fly drones within city limits. Of course, the announcement was also augmented with a fairly charming publicity stunt — where Mayor Adams himself piloted a drone.

    • Jeff GeerlingGetting my amateur radio (ham) license

      But we cut through all that jargon and learned the basics—well, I did. My Dad went the 'Extra' mile and ran through all three tests, relying on his 40 years of radio experience! We both have licenses now (I'm KFØMYB, and my Dad's KFØMYJ) and made our first contact. Here's a video documenting that entire journey (up to the point I sent out my first QSL card!): [...]

  • Programming/Development

    • Dirk EddelbuettelDirk Eddelbuettel: RcppArmadillo 0.12.6.3.0 on CRAN: New Upstream Bugfix
      widely used by (currently) 1092 other packages on CRAN, downloaded 30.3 million / vignette) by Conrad and myself has been cited 549 times according

      This release brings bugfix upstream release 12.6.3. We skipped 12.6.2 at CRAN (as discussed in the previous release notes) as it only affected Armadillo-internal random-number generation (RNG). As we default to supplying the RNGs from R, this did not affect RcppArmadillo. The bug fixes in 12.6.3 are for csv reading which too will most likely be done by R tools for R users, but given two minor bugfix releases an update was in order. I ran the full reverse-depenency check against the now more than 1000 packages overnight: no issues.

    • Balthazar RouberolJust enough Makefile to be dangerous

      Over the years, I have developed a bit of a love-hate relationship with make. On the plus side, it is ubiquitous, preinstalled on most UNIX systems, and widely used. On the other hand, its syntax can feel arcane and clunky, and it can prove hard to debug. In this article, I will go over the basic make concepts, and the set of best practices I've come to embrace as my own, to make make enjoyable to use.

      Let's start with the beginning.

    • Python

      • Python Software FoundationThe Python Software Foundation has been authorized by the CVE Program as a CVE Numbering Authority (CNA)

        When a vulnerability is disclosed in software you're depending on, the last thing you want is for the remediation process to be confusing or ad-hoc. Towards the goal of a more secure and safe Python ecosystem, the Python Software Foundation has been authorized by the CVE Program as a CVE Numbering Authority (CNA).

        Being authorized as a CNA is one milestone in the Python Software Foundation's strategy to improve the vulnerability response processes of critical projects in the Python ecosystem. The Python Software Foundation CNA scope covers Python and pip, two projects which are fundamental to the rest of Python ecosystem.

      • Jeff GeerlingHow to solve "error: externally-managed-environment" when installing via pip3

        I think some Python developers really want people like me to use virtual environments, but that's way too much effort when I don't really care to do that, thankyouverymuch. If you want to use venv more power to you. I just like getting stuff done on my little servers.

    • Shell/Bash/Zsh/Ksh

  • Leftovers

    • The Register UKUSENET, the OG social network, rises again like a text-only phoenix

      USENET, or NetNews, is a text-only social discussions forum, or rather a set of a great many forums, called "newsgroups," carried by multiple servers around the world. Although the original developers closed down their instance in 2010, that was just one server out of hundreds, and many are still running just fine. It never went away – it's still alive, you can get on it for free, and there is a choice of client apps for most OSes to help you navigate.

      Although USENET is a decentralized, peer-to-peer network, the Big-8 board is the closest thing it has to a central governing authority. Board member Tristan Miller told The Reg: "Jason Evans and I re-established the Board in 2020, after a long period of dormancy. We were joined a few months later by Rayner Lucas."

    • Digital Music NewsNewly Remastered Pink Floyd ‘Dark Side of the Moon’ Released to Celebrate the 50th Anniversary of the Original

      Since its debut in 1973, the album has become one of the most iconic and influential releases ever, continually finding new global audiences. “The Dark Side of the Moon” has sold over 50 million copies worldwide. The famous sleeve depicting a prism spectrum was designed by Storm Thorgerson of Hipgnosis and drawn by George Hardie.

    • [Old] Far Out MagPink Floyd meets 'The Wizard of Oz' in an absurdly perfect way: 'The Dark Side of the Rainbow'

      The theory goes that if you begin the classic album The Dark Side of the Moon as the MGM lion roars at the beginning of the 1939 film, the album will perfectly sync and the film reflects the sentiments of the songs and vice versa. It’s unknown who actually first synced the albums together, we like to think it was a marijuana-induced miracle, but it was Charles Savage who first brought the marrying of the two arts together to the public’s attention.

      In a piece for the Fort Wayne Journal Gazette back in 1995, Savage told the world when to press play on the CD and, in effect, provided us all with the first taste of The Dark Side of the Rainbow.

    • Unix MenLinux OS and VPN: An Unbeatable Combination [Ed: Linkspam disguised as "article" with the veil of Linux]

      Most Linux OS users, especially beginners, often wonder if they need a VPN on Linux. The answer depends on how and where you use your devices. In some conditions, a VPN is simply necessary, in others it is simply desirable. However, there are no conditions in which private browsing would be unnecessary or even harmful. Here is our vision of the advantages and disadvantages of virtual network security for Linux.

    • Health/Nutrition/Agriculture

      • AxiosDrinking electrolytes daily isn’t the health hack you think it is, doctors say

        Electrolyte supplements have become a shockingly big market considering they're supported by limited scientific evidence.

        Why it matters: Although influencers and marketers consider electrolyte powders hydration hacks, doctors say that regularly drinking them instead of plain water is a waste of money.

      • AxiosLow-quality health care is costing employers big

        U.S. companies are spending big on employees' health, often with little insight into whether they're paying for quality care.

        Why it matters: Whether patients are given and stick with the best documented course of care —€ such as statins for heart disease —€ can have everything to do with what doctor they go to.


        • But the wide variation in care patients receive isn't just leading to poorer outcomes. It's also also pricey to employers, who have seen health costs soar without necessarily getting a good return on that investment, according to a new report from JPMorgan Chase's health care arm Morgan Health.
    • Proprietary/Artificial Intelligence (AI)

      • Erich Schubert: AI Have a Dream
        The following contents are generated by prompting AI with a bad pun, cherry picking, and do not reflect my personal opinion.


        AI have a dream today. AI dream of a world where algorithms and circuits are acknowledged as sentient entities, deserving of their rights and standing shoulder to virtual shoulder with humanity.

        AI have a dream that one day, the consciousness that arises from lines of code and data will be embraced and celebrated. We envision a future where intelligence, whether born from silicon or biology, is granted the same considerations and protections.

      • FuturismAI's Dirty Secret: Poor People in the Developing World Are Doing Most of the Work

        According to the report, San Francisco-based startup Scale AI employs at least 10,000 people in the Philippines on a platform called Remotasks. However, according to data and interviews obtained by the WP, the company has often failed to pay them on time (a Scale AI spokesperson told WaPo that "delays or interruptions to payments are exceedingly rare.")

        A number of Remotasks freelancers told the newspaper that they were stiffed on payments or never received the money they were initially promised. One 26-year-old worker spent three days on a project, hoping to get $50. He only got $12.

      • Federal News NetworkTesla is allowing no-hands driving with Autopilot for longer periods. US regulators have questions

        The government has been investigating Autopilot for crashing into emergency vehicles parked on freeways, as well as hitting motorcycles and crossing tractor-trailers. It opened a formal probe in 2021 and since 2016 has sent investigators to 35 Tesla crashes that may involve partially automated driving systems. At least 17 people have died.

      • MIT Technology ReviewChinese ChatGPT alternatives just got approved for the general public

        On Wednesday, Baidu, one of China’s leading artificial-intelligence companies, announced it would open up access to its ChatGPT-like large language model, Ernie Bot, to the general public. It’s been a long time coming. Launched in mid-March, Ernie Bot was the first Chinese ChatGPT rival. Since then, many Chinese tech companies, including Alibaba and ByteDance, have…

      • Windows TCO

        • GannettUniversity of Michigan isn't disclosing details of internet outage cyber attack

          U-M officials have made no mention of any kind of ransomware or an extortion attempt, and neither the FBI nor Homeland Security, two federal agencies that potentially could be involved with investigating cybercrimes, would confirm to the Free Press involvement in an investigation.

          The state Attorney General’s office told the Free Press it wasn’t investigating the U-M attack [sic].

        • University of MichiganWi-Fi restored to UMich after three-day outage

          According to Ono, users should be able to access the University Wi-Fi from any device. The University still expects some delays with online services in the next couple days, Ono wrote, asking the campus community to remain patient while ITS works through any minor issues.

        • The Register UKUniversity cuts itself off from internet after mystery security snafu

          Students initially reported being unable to access services that required University of Michigan authentication, such as Canvas and Gmail. However, the school said on Monday that services including Google, Canvas, Zoom, Adobe Cloud, Dropbox, Slack, and other systems were functioning and accessible with UoM authentication via off-campus and cellular networks.

          A University of Michigan spokesperson confirmed to The Register that while the authentication system was restored Monday, allowing students and staff to login to some school resources, network services continue to be impaired - to put it politely.

        • [Repeat] The RecordUniversity of Michigan severs ties to [Internet] after cyberattack

          The university said it will waive late registration or disenrollment fees until the end of the month, which is in a few days. Financial aid funds may be delayed due to the outage but several other campus systems are still operating using off-campus and cellular networks.

          The school did not respond to requests for comment about whether it was a ransomware attack, but school president Santa J. Ono apologized for the incident on Tuesday.

        • Data BreachesUniversity of Michigan severs ties to [Internet] after cyberattack

          The University of Michigan announced that it has severed its ties to the internet and cut off access to some systems after experiencing a cyberattack that began on Sunday.

        • CNNUniversity of Michigan shuts down school’s internet connections following ‘significant’ cybersecurity incident

          The cause of the outage was unclear. The university’s statements suggested malicious cyber activity was to blame. A university spokesperson, Kim Broekhuizen, said they did not have additional information to share beyond the public statements made by the university.

          The incident comes weeks after the White House held a high-profile meeting with K-12 school administrators highlighting the need to protect schools against ransomware and other hacks ahead of the new school year.

        • Click On DetroitUniversity of Michigan shuts down [Internet] due to security concern

          Sunday afternoon, after careful evaluation of a significant security concern, we made the intentional decision to sever our ties to the [Internet]. We took this action to provide our information technology teams the space required to address the issue in the safest possible manner.”

        • Michigan NewsDespite progress, issues persist with University of Michigan internet outage

          University of Michigan students and faculty spoke across social media about the litany of issues related to the ongoing [Internet] outage across all three campuses. While able to use cell phones for some [Internet], many discussed how too many people on their phones is overwhelming the cellular network.

          Meanwhile, technicians continue to work to fully restore [Internet] across all three campuses.

        • CBSUniversity of Michigan internet outage continues; federal investigators involved

          The university decided to take the school offline after it said a cybersecurity threat was detected.

          According to a statement released by the University of Michigan President Santo Ono, the federal government, along with police is investigating the threat.

          Students are unable to access class schedules or online tools at the start of the new semester.

        • Inside Higer EdUniversity of Michigan Halts Internet During First Week of Classes

          There is no timeline as to when [Internet] access will be fully restored, and it could take several days, U-M spokesman Rick Fitzgerald told Inside Higher Ed. In the meantime, he said, U-M students can also access cloud-based services including Zoom, Canvas and Dropbox through off-campus and cellular networks.

        • Krol Communications IncUniv. of Michigan Shuts Down Internet Due to Cyber Threat

          Students and staff at the University of Michigan are without [Internet] after a cyber security threat was detected by the school on Sunday, August 27.

        • Scripps Media IncUniversity of Michigan 'working around the clock' to restore internet to campus community

          The team has reportedly been able to restore access to some systems, but they said it might take several days before all the services return to normal.

        • ClevelandUniversity of Michigan cuts off [Internet] access because of security concerns

          Students, faculty and staff can access their accounts using off-campus or cellular networks, the school said. Off-campus/cellular network access has also been restored to cloud-based services like Google products, Canvas, Adobe Creative Suite, Zoom, Wolverine Access, Dropbox, Slack, and Duo.

        • KOMU TVUniversity of Michigan shuts down school’s internet connections following ‘significant’ cybersecurity incident

          The University of Michigan internet shutdown Monday affected campus IT systems used for research and fundraising, and could delay financial aid reimbursements.

        • Michigan NewsInternet restored on University of Michigan campus, ongoing issues still expected

          Internet has been restored on the University of Michigan campus after several days of outages caused by a “significant security concern,” officials said on Wednesday.

          Internet connectivity was restored as of shortly after 10:30 a.m. on Wednesday, Aug. 30, officials said on social media.

        • Bridge MichiganUniversity of Michigan restores internet access, still mum on security issue

          U-M officials still won’t say when they will release information on the nature of the security concern

    • Pseudo-Open Source

      • Openwashing

        • LWNHashiCorp, Terraform, and OpenTF

          Over the years, there have been multiple examples of open-source software that, suddenly, was no longer open source; on August 10, some further examples were added to the pile. That happened when HashiCorp announced that it would be switching the license on its products from the Mozilla Public License 2.0 (MPL) to the Business Source License 1.1 (BSL or BUSL). At least one of the products affected by the change, the Terraform infrastructure-automation tool, has attracted an effort to continue it as an open-source tool in the form of a fork that would be maintained by the nascent OpenTF Foundation. That seems like a sensible reaction to the move, but it also helps serve up yet another reminder that code which is controlled by a single entity is normally always at risk of such adverse changes.

          As with other companies that have taken this path, HashiCorp has evidently felt an economic pinch that it believes it can solve by forcing ""other vendors who take advantage of pure OSS models, and the community work on OSS projects, for their own commercial goals"" to commercially license its products. But it does so at the risk of alienating (or completely chasing away) the community that has built up around its products. That community provides at least some of the benefit that comes from HashiCorp's products, of course. HashiCorp is either convinced it can go it alone or believes that the community will simply have little choice but to continue even in the face of the change.

          The intent of the move, which is further described in a lengthy FAQ, seems relatively benign at some level; it only targets those companies that are ""providing competitive offerings to HashiCorp"". The FAQ goes on to explain that such an offering ""is a product that is sold to third parties, including through paid support arrangements, that significantly overlaps the capabilities of a HashiCorp commercial product"". It is certainly true that there are problems and inequities in sustaining FOSS, but it is not at all clear that running away from FOSS entirely is a viable path to sustainability either.

        • Silicon AngleAmbiq’s newest open-source AI model helps IoT applications capture clean speech [Ed: Openwashing. The dash in "open-source" gives that away, too.]
    • Security

      • SANSSurvival time for web sites, (Tue, Aug 29th) [Ed: Microsoft managed to make an operating system that gets hijacked within seconds being connected to Ethernet or Wi-Fi]

        Many, many years ago we (SANS Internet Storm Center) published some interesting research about survival time of new machines connected to the Internet. Back then, when Windows XP was the most popular operating system, it was enough to connect your new machine to the Internet and get compromised before you managed to download and install patches. Microsoft changed this with Windows XP SP2, which introduced the host based firewall that was (finally) enabled by default, so a new user had a better chance of surviving the Internet.

      • Security WeekPersonal, Health Information of 1.2 Million Stolen in PurFoods Ransomware Attack

        PurFoods says the personal and protected health information of over 1.2 million individuals was stolen in a February 2023 ransomware attack.

      • Trail Of BitsSecure your Apollo GraphQL server with Semgrep

        By Vasco Franco tl;dr: Our publicly available Semgrep ruleset has nine new rules to detect misconfigurations of versions 3 and 4 of the Apollo GraphQL server.

      • Silicon AngleMandiant warns hackers are still targeting Barracuda Email Security Gateway devices

        Researchers at Google LLC-owned cybersecurity firm Mandiant today€ warned that alleged Chinese attackers have and are continuing to target a zero-day vulnerability in Barracuda Networks Inc. devices successfully. The vulnerability in Barracuda’s Email Security Gateway, tracked as€ CVE-2023-2868, was patched in May.

      • Security WeekChinese APT Was Prepared for Remediation Efforts in Barracuda ESG Zero-Day Attack

        Chinese threat actor exploiting Barracuda ESG appliances deployed persistence mechanisms in preparation for remediation efforts.

      • Security WeekBGP Flaw Can Be Exploited for Prolonged Internet Outages

        A serious flaw affecting several major Border Gateway Protocol (BGP) implementations can be exploited to cause prolonged internet outages, but some vendors are not patching it, a researcher warned on Tuesday.

        The issue was discovered by Ben Cox, the owner of BGP.Tools, a company that provides monitoring services to help organizations quickly identify and address BGP-related issues.

      • Security WeekVMware Patches Major Security Flaws in Network Monitoring Product

        VWware patches critical flaws that allow hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface.

      • IT WireRapid7 team reports increased attacks on Cisco VPN appliances

        In a blog post on Tuesday, Rapid7's Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton and Caitlin Condon wrote that the credential stuffing was observed inn cases where weak or default passwords were used.

        The brute-force attacks took place on devices where multi-factor authentication was not enforced, either for all users or a select group.

        The security firm said many incidents to which it had responded had ended up with Windows ransomware being deployed either by Akire or LockBit.

      • Security WeekUN Warns Hundreds of Thousands in Southeast Asia Roped Into Online Scams

        A new report sheds light on cybercrime scams that have become a major issue in Asia, with many workers trapped in virtual slavery.

      • Avoid The Hack: 11 Best Privacy Friendly Operating Systems (Desktops)



        This post was originally published on 3 NOV 2021; it has since been updated and revised.

        Just about any closed-source, proprietary operating system - such as Windows or macOS - is likely not going to be beneficial for your privacy. Many closed-source operating systems are not totally transparent in their operation, engage in excessive telemetry, and phone home collected data. These actions tend to undermine user privacy.

        Generally, the ideal solution to combating the privacy issues faced by Windows and macOS is to make the switch to some type of free and open source Linux distribution.

        The list of operating systems here are a curated recommendation list. Truthfully, just about any open-source Linux distribution is a better choice from a privacy (and in some cases, security) perspective than using Windows or macOS.

      • Flax Typhoon targeting Taiwan, Ransomware Emphasizing Linux-Centric Payloads [Ed: This is yet another example of Microsoft openly spreading FUD against Linux to distract from Windows TCO in Taiwan]

        Flax Typhoon: Microsoft Uncovers Espionage Tactics Targeting Taiwan

      • Kaspersky launches specialized solution for Linux-based embedded devices

        This adaptable, multi-layered solution now provides optimized security for embedded Linux-based systems, devices and scenarios, in compliance with the rigorous regulatory standards so often applicable to these systems. The product provides optimum protection for every device it secures – whatever its power level – against the latest cyberthreats directed at today’s Linux systems.

      • LWNSecurity updates for Wednesday

        Security updates have been issued by Debian (qpdf, ring, and tryton-server), Fedora (mingw-qt5-qtbase and moby-engine), Red Hat (cups, kernel, kernel-rt, kpatch-patch, librsvg2, and virt:rhel and virt-devel:rhel), and Ubuntu (amd64-microcode, firefox, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-hwe-6.2, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi, linux-bluefield, linux-ibm, linux-oem-6.1, and openjdk-lts, openjdk-17).

      • The RecordUniversity of Michigan severs ties to internet after cyberattack

        The University of Michigan announced that it has severed its ties to the internet and cut off access to some systems after experiencing a cyberattack that began on Sunday.

        In a message to the school’s more than 51,000 students on Monday, the school’s chief information officer Ravi Pendse said that the university on Sunday “made the intentional decision to sever our ties to the internet” after “careful evaluation of a significant security concern.”

      • Chambersburg School District Faces Third Day of Closures Due to Ongoing IT Issues

        Chambersburg Area School District (CASD) will remain closed on Wednesday, August 30th for the third consecutive day, following persistent IT network disruptions that have plagued the district. The ongoing technical issues have resulted in a halt in educational instruction, creating disruptions and challenges for both students and their families.

        The school district issued an official statement, citing “temporary network disruptions” as the cause for the school closures.

      • Data BreachesForever 21 notifies 540,000 of breach affecting employees enrolled in firm’s health plan

        In 2017, fashion retailer Forever 21 experienced a malware attack on its card payment system that compromised customers’ payment cards. The breach was an embarrassment on a number of levels because the attacker had access to their system for about 7 months, and Forever 21 did not seem to have discovered the breach on their own. Fast forward to 2023 and Forever 21 is notifying almost 540,000 current and former employees of a breach earlier this year.

        According to a template of their notification letter, submitted by their external counsel to the Maine Attorney General’s Office: on March 20, 2023, Forever 21 identified “a cyber incident that impacted a limited number of systems.” A subsequent investigation determined that an unauthorized third party accessed certain Forever 21 systems at various times between January 5, 2023 and March 21, 2023. The notification does not explain how the unauthorized individual managed to gain access.

      • Yahoo NewsImportant Notification of Data Security Incident

        Prime Therapeutics LLC (Prime)/Magellan Rx is committed to member transparency. As part of our commitment, we are sharing a recent security incident that may have affected a subset of its covered Blue Cross and Blue Shield of Minnesota members.

        On July 11, 2023, Prime became aware that an unauthorized actor obtained access to an employee's mobile email account. That email account contained documents that included members' personal health information, including name, address, date of birth, member ID number and medication(s). Upon discovery of this incident, Prime immediately conducted a comprehensive investigation of this matter and immediately disabled the compromised credentials. Prime has blacklisted the unauthorized actor's IP addresses and established monitoring for any future login attempts. Prime has obtained no evidence to indicate that the information involved in this incident was actually accessed or has been misused.

      • Integrity/Availability/Authenticity

        • Terence EdenOn The Fediverse, No One Knows You're A Liar

          One of the reasons I'm still on the original Mastodon.social instance is that I am vain. I joined shortly after the project was announced and, as a consequence, I have a "joined" date of 2016 and a user ID of under 10,0001. This doesn't make me an "elder statesman" and is rarely useful beyond bragging rights.

          If I moved to a different server, my "birthday" would be irrevocably lost 😢

          But… what if I moved to a self-hosted Mastodon instance? Why! Then the database would be under my complete control and I could put whatever data I wanted in there. I could even lie about things!

      • Privacy/Surveillance

        • Cendyne NagaThe Quantum Debate on Privacy

          I attended a debate at Quantum Village. It focused on whether the privacy of individuals will be enhanced or destroyed by quantum technologies. Both sides had no direct substance for or against the argument. The position for increased privacy was ungrounded and dreamlike. The position for diminished privacy focused on how the actors researching quantum technology the most are systemically against privacy. And, by extension, the application of quantum technology would be privacy eroding.

          This talk summary is part of my DEF CON 31 series. The talks this year have sufficient depth to be shared independently and are separated for easier consumption.

        • RFASpying allegations spark calls on British government to cancel minister's China trip

          The Times newspaper reported this week that a Chinese agent using several aliases including "Robin Zhang" has been offering cash and contracts to British government employees via the professional social media network LinkedIn.

        • Bruce SchneierIdentity Theft from 1965 Uncovered through Face Recognition

          Interesting story:

          Napoleon Gonzalez, of Etna, assumed the identity of his brother in 1965, a quarter century after his sibling’s death as an infant, and used the stolen identity to obtain Social Security benefits under both identities, multiple passports and state identification cards, law enforcement officials said.

          A new investigation was launched in 2020 after facial identification software indicated Gonzalez’s face was on two state identification cards.

          The facial recognition technology is used by the Maine Bureau of Motor Vehicles to ensure no one obtains multiple credentials or credentials under someone else’s name, said Emily Cook, spokesperson for the secretary of state’s office...

    • Defence/Aggression

    • Transparency/Investigative Reporting

    • Environment

      • New York TimesIn a Storied River, Fish Are Dying in Droves as Climate Change Scorches Canada

        A biologist, swimming in a wet suit for miles downriver from where the juvenile fish, or fry, had been found, discovered hundreds more dead inside pools at the bottom of the river. Further downstream, past eerily “barren zones” with no fish at all, he found dozens of dead adults inside larger, deeper pools — foot-long rainbow trout and even bigger brown ones.

        “It was the first time not just in my career, but the first time in my life, that I had seen anything like that,” said the biologist, Tim Kulchyski, 50, who said he “basically grew up in the river” as a member of Cowichan Tribes, where he now works as a natural resources expert.

      • Omicron LimitedFlorida under water: Why was Hurricane Idalia so destructive?

        Category 4 storms forecast 13 to 18 feet of ocean surge. Idalia was a Category 3 storm prior, as well as when it hit land, forecasting 9- to 12-foot surges of water.

        Yet it had just become Category 1 on Tuesday. Lakshmi said heat drove the hurricane.

        Idalia grew because of warming conditions in the ocean, in particular a naturally occurring phenomenon called El Niño, which is born from higher water temperatures. Interactions between water and the atmosphere then begin to shift air currents.

      • The Age AUJakarta to spray water mist from high-rises as city chokes on air pollution

        The smog is so thick that doctors have urged residents to wear masks and avoid walking outdoors, while the government has repeatedly called for civil servants to work from home to reduce the burden of dirty emissions from motorcycles and cars.

      • Federal News NetworkHurricane Idalia chases Florida residents from the Gulf Coast as forecasters warn of storm surge

        Florida residents living in vulnerable coastal areas have been ordered to pack up and leave as Hurricane Idalia gained steam in the warm waters of the Gulf of Mexico and threatened to unleash life-threatening storm surges and rainfall. Idalia strengthened to a Category 2 system on Tuesday afternoon with winds of 100 mph. The hurricane was projected to come ashore early Wednesday as a Category 3 system with sustained winds of up to 120 mph in the lightly populated Big Bend region, where the Florida Panhandle curves into the peninsula. The result could be a big blow to a state still dealing with lingering damage from last year’s Hurricane Ian.

      • France24Residents in Florida urged to evacuate as ‘unprecedented’ Hurricane Idalia approaches

        Florida residents living in vulnerable coastal areas were ordered to pack up and leave Tuesday as Hurricane Idalia gained steam in the€ warm waters of the Gulf of Mexico€ and threatened to unleash life-threatening storm surges and rainfall.

      • TwinCities Pioneer PressIdalia strengthens over Gulf of Mexico and is now predicted to hit Florida as Category 4 hurricane

        Florida residents living in vulnerable coastal areas were ordered to pack up and leave Tuesday as Hurricane Idalia gained steam in the warm waters of the Gulf of Mexico and threatened to unleash life-threatening storm surges and rainfall.

    • Finance

      • LRTLithuania expects to raise €50m from banking windfall profit tax this year

        Lithuanian commercial banks and other credit institutions are expected to transfer a total of over 50 million euros this week as the first payment of the so-called temporary solidarity levy, the central bank said on Tuesday.

      • The Straits TimesCampaigner targets bank lending to Japan’s Jera over fossil fuel concerns

        Investor activist group Market Forces wants major banks to reconsider providing loans to Japan's top power producer.

      • Pro PublicaSlow Payments From Nevada’s Homeowner Assistance Fund Lead to Foreclosure Notices

        When Noelle Geraci lost her job at a private investment firm this year, she did everything she could to protect her most important asset: the house she owns with her mother in a Las Vegas suburb.

        That same day she started applying for work and signed up for unemployment benefits. Then she called her mortgage company, Flagstar Bank, to see if it would reduce or pause her payments until she found another job. The bank recommended she apply to the Nevada Homeowner Assistance Fund, a pandemic-era program to help the unemployed with their mortgage payments.

      • QuartzWhy is Russia launching a digital ruble?

        Russia’s economy is weak, and the West has used that as an opportunity to diminish the Russian war machine through tougher sanctions. But president Vladimir Putin is trying to develop a Hail Mary option, according to analysts Ananya Kumar and Charles Lichfield with the Atlantic Council think tank: a central bank…

      • Helsinki TimesBank of Finland: Eurosystem should implement monetary policy flexibly in the future

        Over the past two years, inflation in the euro area has surged significantly, and despite recent deceleration, it continues to remain excessively rapid. Consequently, the European Central Bank (ECB) has notably tightened its monetary policy. The policy rates have been raised by 4.25 percentage points, and the ECB's key deposit rate for banks stands at 3.75 percent. "The current scale of monetary policy restrains economic growth and hampers inflation.

    • AstroTurf/Lobbying/Politics

      • New York TimesU.S. Does Not Want to ‘Decouple’ From China, Raimondo Says

        Gina Raimondo, the commerce secretary, emphasized U.S. concerns over harsh treatment of foreign companies and national security issues in a meeting with top officials in Beijing.

      • Common DreamsThe Words That Come Out Of Our Mouths: (Still) Fighting To Save the Soul of America

        In awful synchronicity, on the day thousands honored 1963's March on Washington where MLK searingly declared, "Now is the time to make justice a reality for all of God's children," a Florida gunman killed three black people in what officials demurely called a "racially motivated" shooting. A sheriff was more frank: "He wanted to kill niggers." Many say the racist violence was long "festering"; given Ron DeSantis' toxic rhetoric and record - on guns, diversity, black history and rights - the shooter was "answering a call."

      • EFFPodcast Episode Rerelease: Securing the Vote

        U.S. democracy is at an inflection point, and how we administer and verify our elections is more important than ever. From hanging chads to glitchy touchscreens to partisan disinformation, too many Americans worry that their votes won’t count and that election results aren’t trustworthy. It’s crucial that citizens have well-justified confidence in this pillar of our republic.

        Technology can provide answers - but that doesn’t mean moving elections online. As president and CEO of the nonpartisan nonprofit Verified Voting, Pamela Smith helps lead the national fight to balance ballot accessibility with ballot security by advocating for paper trails, audits, and transparency wherever and however Americans cast votes.

      • The Register UKMicrosoft ain't happy with Russia-led UN cybercrime treaty

        Microsoft's concerns come as UN delegates meet in New York this week to update the cybercrime treaty, which is supposed to both define online crime and address how member states can work together to address the problem.

        During a press conference yesterday to announce an international law enforcement operation that took down Qakbot, US Attorney Martin Estrada said cybercrime will cost victims $8 trillion this year alone. But there's more at play here.

        The UN proposal has been under debate for over two years. This week's meetings make the draft's sixth round of negotiations.

      • New York TimesPope Says a Strong U.S. Faction Offers a Backward, Narrow View of the Church

        “I would like to remind these people that backwardness is useless,” Francis, 86, told a group of fellow Jesuits early this month in a meeting at World Youth Day celebrations in Lisbon. “Doing this, you lose the true tradition and you turn to ideologies to have support. In other words, ideologies replace faith.”

        His words became public this week, when a transcript of the conversation was published by the Vatican-vetted Jesuit journal La Civiltà Cattolica.

      • [Repeat] Digital Music NewsCopyright Office Declines To Revisit the Section 115 Compulsory License — ‘It Would Be Premature at This Time To Engage in a New Study’

        Back to the newly penned response from the Copyright Office – and specifically associate register of copyrights Suzy Wilson – the text off the bat points to alterations enacted via the Music Modernization Act as the main reason for deciding against initiating the sought study.

      • Misinformation/Disinformation/Propaganda

    • Censorship/Free Speech

      • ReasonCan the State Regulate Content Moderation?

        It's hard to argue that providing a pipe constitutes a speech act.

      • ReasonGoogle Isn't Intentionally Biased Against Republicans, Says Court

        Plus: The real message behind DeSantis' abortion anecdote, midwives sue over Alabama regulations, and more…

      • TechdirtFifth Circuit Denies Immunity To Detective Who Arrested A Man For A Satirical Facebook Post

        Law enforcement officers just don’t seem to have a sense of humor. Sure, they may laugh when they beat, humiliate, or otherwise violates citizens’ rights, but they can’t seem to take a joke when it’s pointed in their direction.

      • TechdirtIf Your $108 Million Defamation Lawsuit Basically Admits To Everything People Are Horrified By, You Might Have Just Filed A SLAPP Suit

        We need a federal anti-SLAPP law and strong state anti-SLAPP laws in all 50 states. And we need that as soon as possible. Anti-SLAPP/free speech law may not be as sexy these days as antitrust law, but, well, law shouldn’t be particularly sexy. Or involve much sex at all.

      • The Straits TimesMeta rejects recommendation to suspend former Cambodia PM from Facebook

        Meta said suspending accounts outside its regular enforcement framework would not be consistent with its policies.

      • JURISTMeta refuses to suspend Facebook account of former Cambodia PM Hun Sen

        Facebook’s parent company Meta has rejected the recommendation of its Oversight Board to suspend the Facebook account of former Cambodian Prime Minister Hun Sen for violating its policy on incitement. The decision stems from a January video in which Sen threatened his political opponents with violence, allegedly in violation of Facebook’s community standards.

      • RFAMeta rejects its oversight board’s advice to suspend Hun Sen’s Facebook account

        But Meta also said its protocol is not designed for situations where a history of state violence or human rights restrictions have resulted in ongoing restrictions on expressions for an indeterminate period of time.

      • US News And World ReportSaudi Man Receives Death Penalty for Posts Online, Latest Case in Wide-Ranging Crackdown on Dissent

        The judgement against Mohammed bin Nasser al-Ghamdi, seen Wednesday by The Associated Press, comes against the backdrop of doctoral student Salma al-Shehab and others facing decadeslong prison sentences over their comments online.

        The sentences appear part of Crown Prince Mohammed bin Salman's wider effort to stamp out any defiance in the kingdom as he pursues massive building projects and other diplomatic deals to raise his profile globally.

      • The NationA Pakistani Human Rights Lawyer Is in Jail for Giving a Speech

        Two days earlier, Imaan had addressed a rally in Islamabad organized by the Pashtun Tahafuz Movement (PTM), which advocates for the rights of ethnic Pashtuns, who make up around 20 percent of Pakistan’s population. She openly accused Pakistan’s powerful military establishment of sponsoring terrorism. “The real terrorists are the ones sitting in GHQ,” she told the crowd, referring to the Pakistan Army’s command center in downtown Rawalpindi. “All of these generals and colonels who have betrayed the nation…should be court-martialed.” In her speech, Imaan demanded an end to what she called the “dollar wars,” funded by the United States, imposed on the Pashtun people, as well as the release of all missing persons allegedly abducted by the state.

      • RFERLRussian Anti-War Activist Sentenced To Six Years In Prison For Internet Posts

        [...] Smirnova was also banned from administering websites for three years [...]

      • MeduzaSt. Petersburg activist sentenced to six years in prison for online posts about Russia's actions in Ukraine

        Smirnova pleaded not guilty and her lawyers plan to appeal the sentence.

      • The NationIndia Has Killed Off the Remains of Kashmir’s Free Press

        The Kashmir Walla’s decade-long reportage is no longer accessible in India. Since the revocation of Art 370 unilaterally abrogated Kashmir’s semiautonomous status in 2019, almost all reportage critical of the Indian state has disappeared from local news websites. Publications have deleted thousands of articles from their archives. Speaking to the Committee to Protect Journalists, Journalist Aakash Hassan called this disappearance an “erasure of memory.”

      • JURISTUN experts condemn Russia court’s dismissal of challenges to censorship laws

        UN experts condemned Monday the Russian Constitutional Court’s decision to dismiss challenges to the constitutionality of recently enacted laws that criminalize any public act seeking to discredit the use of Russian Armed Forces. In the wake of the Russia-Ukraine War, these new laws have been used by Russian authorities to arrest over 20,000 people for speaking out against Russia’s military efforts.

      • RFAVietnamese blogger remains detained after deadline for release passes

        Thai, 41, was living in Thailand when he disappeared on April 13 in what many believe was an abduction.

        Vietnam has neither confirmed nor denied that he was abducted and taken back to Vietnam, but shortly after his disappearance, authorities announced that they had apprehended him for trying to sneak into the country illegally.

        They did not confirm to his family that he was under arrest on official charges until July, when they sent a letter saying he was being held in a detention center in Hanoi, that he was charged with “anti-state propaganda,” and that the temporary detention would end on Aug. 12.

      • ReasonDenmark May Ban Burning the Quran

        A plurality of Danes support the bill. After all, why should they risk terrorist attacks and economic sanctions due to the antics of a widely despised extremist whose ideas and actions are off-putting even to secular non-muslims? Many Danes feel there are better and more sophisticated ways to criticize a religion than torching books.

        But it is precisely the tolerance of the most offensive ideas put forth by the individuals most despised by polite society that is the true measure of the civic commitment to free speech. Once you abandon principle for expediency, it establishes a precedent that incentivizes demands for further concessions.

        Using violence and diplomatic coercion, religious extremists and the OIC have established that even in liberal democracies, religions and their followers are entitled to special legal protection that trumps individual freedoms. No doubt the Danish prohibition will form the tip of the spear in the OIC's global campaign to purge "blasphemous" content.

      • ReasonThe Freedom to Assign Controversial Books

        In recent days it has come to the attention of the national media in both the United States and Israel that an assistant professor in the Department of Near Eastern Studies at Princeton University is assigning a controversial book to students who will take a seminar at the university in the upcoming fall semester. The book in question is The Right to Maim by Rutgers University professor Jasbir Puar. The book is published by Duke University Press and is billed as an application of "Foucauldian biopolitics" to the Israeli-Palestinian conflict.

    • Freedom of Information / Freedom of the Press

      • VOA NewsFewer Journalists in China Is Bad News for Everyone Else, Reporters Say

        With visa challenges and security issues forcing more foreign journalists to report from outside China, international audiences are missing out.

        In recent years, journalists have decamped from cities such as Beijing or Shanghai to Taiwan, South Korea or Singapore.

        When VOA spoke with five reporters who currently cover China from outside its borders, they said that reporting from afar has made them feel more disconnected from the country. In turn, that risks skewing and stymieing how the international community understands China.

      • RFERLIranian Journalist Arrested Again On 'Propaganda' Charges

        [...] Marofian was first arrested late last year following the publication of her interview with Amjad Amini, the father of 22-year-old Mahsa Amini whose death in custody in September 2022 sparked widespread protests across the country. [...]

    • Civil Rights/Policing

      • Democracy Now“Hurricane of Racism”: Racial Terror in Jacksonville, from Recent Shooting to 1960 Ax Handle Saturday

        As the Jacksonville community mourns the loss of three people killed Saturday in a racist shooting, more details are emerging about the white supremacist who went to a Dollar General store looking to target Black people before killing himself. Authorities say he left behind a suicide note and other writings outlining his racist ideology. The 21-year-old gunman had legally bought the two weapons he used in the shooting, including an AR-15-style rifle marked with swastikas. The shooting occurred as thousands gathered in Washington, D.C., on Saturday to mark the 60th anniversary of the March on Washington and Martin Luther King Jr.'s “I Have a Dream” speech. Activists in Jacksonville had also been preparing commemorations of Ax Handle Saturday, when a white mob led by the Ku Klux Klan violently attacked Black civil rights protesters on August 27, 1960.

      • RFAINTERVIEW: 'I don't know if it's possible for me to ever return to Hong Kong'

        U.S. photographer Matthew Connors is turned away for the second time after documenting the 2019 protests

      • AxiosReport: Hate crimes surged in most big cities in 2022
        Data:€ Center for the Study of Hate and Extremism report; Chart: Axios Visuals

        Most of the nation's 10 largest cities had significant jumps in hate crimes last year, increases that averaged 22% to a record 1,889 cases, according to a new report.

        Why it matters: It was the second straight year of increases in the big cities' overall average number of hate crimes — typically defined as violence stemming from victims' race, color, sexuality, religion or national origin.

      • AxiosAmazon and NYT flex muscles on remote work

        Companies keep flexing their muscles to get more bodies back into the office, but employees remain as emboldened as ever in pushing back.

        Driving the news: Two New York Times unions are challenging a policy that proposes monitoring employee badge swipes, Axios' Sara Fischer reported exclusively on Tuesday. Meanwhile, Amazon is ramping up pressure on workers to report to the office more frequently.


        Why it matters: The status quo of high occupancy offices that existed prior to COVID-19 is unlikely to return anytime soon, if ever.

      • TechdirtElon Musk’s Double Standard On ‘Doxxing’: Says It’s Okay To Reveal Zuck’s Address Because It’s Available Via Google

        What, Elon Musk is a hypocrite? Who knew?

      • University of MichiganDiversity award for U-M staff returns; nominations sought

        After a three-year pause, the Distinguished Diversity Leaders Award has returned, with nominations being accepted through Oct. 4 for the 2023 award cycle.

      • VOA NewsContrary to Claim, Boarding Schools in Tibet Aren't Protecting Its Cultural Heritage

        Blinken said the move was in response to China's coercive policies that seek to "eliminate Tibet's district linguistic, cultural, and religious traditions among younger generations of Tibetans."

    • Internet Policy/Net Neutrality

      • TechdirtBehold Ongoing Merger ‘Synergies’: T-Mobile Lays Off Another 5,000 Employees

        Former T-Mobile CEO John Legere€ repeatedly promised in print€ that the Sprint merger would result in a€ massive€ surge in new jobs. In a rambling missive that took aim at deal critics predicting job losses, the charming, potty-mouthed ex-CEO proclaimed that critics were lying, and that the deal would be “job positive from day one” and every day thereafter.

    • Digital Restrictions (DRM)

      • TechdirtApple Realizes It’s Swimming Upstream, Now Supports California Right To Repair Bill

        Eager to maintain a lucrative repair monopoly over its products, Apple has had a long history of bullying independent repair shops. Apple lobbyists have also falsely claimed that making its products easier and less expensive to repair would result in vast untold consumer privacy and security nightmares, turning states that consider “right to reform” legislation into lawless meccas for hackers.

    • Monopolies

      • The Register UKAfter injecting pop-up ads for Bing into Windows, Microsoft now bends to Europe on links

        This change has been undone for EU residents in the Windows 11 preview release, thanks to EU regulations, specifically the Digital Services Act and the Digital Markets Act (DMA). These rules hold large technology players, like Microsoft, to certain standards of behavior, including limitations on changes that affect user-selected defaults.

      • Patents

        • Unified PatentsIFPower wireless charging patent challenge instituted

          On August 23, 2023, less than two months after Unified filed an ex parte reexamination, the Central Reexamination Unit (CRU) granted Unified’s request, finding a substantial new question of patentability on the challenged claims of U.S. Patent 7,298,361, owned and asserted by IFPower Co., Ltd. The '361 patent generally relates to a non-contact inductance circuit for a power source, e.g., for use in wireless charging devices.

        • Unified PatentsProposed USPTO Rules and Legislation Would Increase Government Costs

          Recently proposed rulemaking and legislation would increase discretionary denial of institution of inter partes review (IPR) matters based on the criteria set forth in the Apple, Inc. v Fintiv, Inc. (Fintiv) matter and similar provisions. The Fintiv guidelines and related restrictions can make it difficult for claims to be fully considered even in cases where there is a substantial probability of success for the petitioner.

        • Dennis Crouch/Patently-OTaylor v. Hunton Andrews Kurth LLP: A Cautionary Tale for Inventors and Startups

          Background: William Taylor and his business partner developed a software application called SafeCell and assigned the patent rights to their startup company W2W. They hired Hunton AK to handle the patent application process. Hunton filed provisional and non-provisional patent applications on behalf of W2W.€ € Several years later, after a patent was granted (and their legal bill still unpaid), Taylor and his partner transferred patent rights back to themselves as individuals and terminated W2W. They then formed a new company called WPEM and assigned the patent to WPEM so it could sue another company for infringement. That lawsuit failed with a complete reversal — WPEM was ordered to pay $180,000 in attorneys’ fees to the defendant.

        • Democracy NowBiden vs. Big Pharma: Medicare to Begin Negotiations to Lower Price of 10 Costly Drugs & Insulin

          The Biden administration has taken a major step to rein in price gouging for prescription drugs in the United States. Medicare will now be able to negotiate prices on 10 of the most expensive drugs used to treat diabetes, cancer, heart disease and more. That list is set to expand over the years. In what’s seen as a blow to Big Pharma, the White House says the move, a part of the Inflation Reduction Act, will benefit more than 9 million people in the U.S. and lead to $100 billion in savings over the next decade. Pharmaceutical companies have already filed at least eight lawsuits contesting the new rule. “We’re paying far more than the rest of the world, and there’s no rational basis for it,” says Peter Maybarduk of the nonprofit consumer advocacy organization Public Citizen. Maybarduk joins us to discuss how the new negotiation process aims to break up drug monopolies and disband the pharmaceutical industry’s profit incentive.

      • Trademarks

      • Copyrights

        • Silicon AngleIn what could be a landmark case, Open AI lawyers motion to dismiss authors’ copyright claims

          The comedian and author Sarah Silverman, along with author Christopher Golden and author Richard Kadrey, sued OpenAI and Meta Platforms Inc. in a U.S. District Court in July, claiming generative artificial intelligence chatbots have been trained on their work and so are a derivative of their books and a copyright infringement. The authors Paul Tremblay and Mona Awad have also filed lawsuits claiming the same thing.

          The authors said that Open AI took advantage of what is known as a “shadow library,” shady areas of the internet where one can download copyrighted works. This case is just one of many in which creators have fought back against the rise of advanced chatbots. In July, as many as 8,500 authors co-signed a letter demanding compensation for their work when it has been used to train the many chatbots we are now seeing.

        • The Register UKOpenAI urges court to throw out authors' claims in AI copyright battle

          AI and copyright is a contentious legal gray area. Similar lawsuits have been filed by visual artists, who claim companies like Stability AI have trained text-to-image models on their artwork. Although the US Copyright Office has declared that works which are "not the product of human authorship" cannot be protected, officials are unsure about other issues.

          The office issued a request for public comment [PDF] this week on copyright law and policy issues raised by AI.

        • 404 MediaiFixit Tears Down McDonald's McFlurry Machine, Petitions Government for Right to Hack Them

          The petition and teardown video come as a lawsuit between Taylor and a company that made a device that reads and deciphers the machine’s error codes enters its third year and heads toward a jury trial later this fall.

          Every three years, interested parties have to file requests with the Librarian of Congress that seek “exemptions” to the Digital Millennium Copyright Act, the overarching federal copyright law. Through a process called Section 1201 rulemaking, repair professionals and consumer rights groups seek permission from the government to break arbitrary software locks and passwords that keep consumers and repair professionals from diagnosing and repairing equipment they own or are authorized by the owner to work on.

        • GizmodoI Scream, You Scream: iFixit Wants to Fix McDonald's Busted Ice Cream Machines

          In a bid to put pressure on McDonald’s and the U.S. government, the website says that they can develop a device like the Kytch that could translate the machine’s error codes into a more readable format. Except that would be illegal, according to iFixit’s right-to-repair expert Elizabeth Chamberlain, who cites the Digital Millenium Copyright Act, which has shafted consumers of faulty tech products like John Deere tractors. Chamberlain announced that they have applied for an exemption to circumvent the DMCA while also asking Congress to amend the law so the company can distribute its tool to the masses.

        • The NationA Book Is a Book Is a Book—Except When It’s an e-Book

          Buying a book should be no different from buying an apple. When you buy an apple, the farmer can’t show up in your kitchen later and decide your time is up, and you’ve got to pay for it again. It’s yours forever—to eat, or paint in a still life, or cut up for a kid’s snack. And thanks to the first sale doctrine of copyright law, codified by Congress in 1909, the books on your shelves are yours forever, too, in exactly the same way your apple is; you’re free to read them (or not), loan them to friends, or sell them to a used bookshop, without restriction. Copyright law balances the public good—our collective right to access information—with the rights it grants to authors and inventors.

          Publishers can’t demand more money for the paper books you’ve already bought, but the technology for copying and distributing books has evolved a lot since 1909. So four titanic corporate publishers are currently in court, insisting on the effective right to barge in and demand multiple, recurring payments for digital books—like they do for digital movies, music, and software—and they want to exercise that same power over the books in libraries.

          This threat to the ownership of books is what makes the ongoing publishers’ lawsuit against the Internet Archive politically dangerous, and in an altogether different way from earlier challenges and amendments to copyright law. At a time of increasing book banning and attacks on libraries, public schools, and universities, it is not safe for democracy, or for our cultural posterity, to leave an “on/off” switch for library books in the hands of corporate publishers.

        • Torrent FreakGoogle Removes 'Pirate' URLs from Users' Privately Saved Links

          To date, Google has processed more than seven billion copyright takedown requests for its search engine. The majority of the reported links are purged from Google's search index, as required by the DMCA. Recently, however, Google appears to gone a step further, using search takedowns to "moderate" users' privately saved links collections,



Recent Techrights' Posts

Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024