EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

05.14.15

Links 15/5/2015: Skrooge Releases, Linux 3.14.42, Linux 3.10.78

Posted in News Roundup at 9:07 pm by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

  • An Unlikely Ambassador

    I would consider myself an unlikely Linux ambassador. Not that I hide any Linux use or fascination but that I am not out there on a mission to encourage or convert people to Linux. Mostly it would be an occasional conversation about me using Linux for something or a conversation where I am explaining that there are more operating systems then just Windows or OS X. Most of the time my Linux conversations are with those that already have some connection to Linux. To be honest I have probably been a much bigger “Ambassador” to LibreOffice than to Linux; and I am not an uber LibreOffice or ODF fan boy but one that believes for most basic users it will work just fine without all the Microsoft expense. All of that has taken a slight detour within the past couple of weeks.

  • Desktop

    • HP is Putin Ubuntu Linux on Russian computers

      Some Windows partners, such as Dell, offer Linux-based operating systems as an alternative, but this is few and far between. HP, however, is planing to sell machines in Russia running the Ubuntu operating system. I suppose you could say the company is Putin (puttin’) Linux on the desktop there!

    • Legacy Modernization Applications for Linux

      Like many companies, your company may depend on Linux for its main operating system. For nearly a quarter century, Linux has been pivotal for organizations all over the world. While it definitely comes with a number of benefits, it’s important to remember that any system built on Linux is still susceptible to old age. After enough time, your software could even become obsolete. According to Gartner, for example, the average data center is nine years old. However, after seven years, Gartner says that these data centers begin becoming outmoded. This helps illustrate why legacy modernization is such a vital process to carry out regularly.

    • Terminal Emulation Applications for Linux

  • Kernel Space

  • Applications

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • Skrooge 1.12.0 released

        The Skrooge Team announces the release 1.12.0 version of its popular Personal Finances Manager based on KDE Frameworks.

      • Skrooge 2.0.0 Beta available

        The Skrooge Team announces the availability of 1.99.75 version of its popular Personal Finances Manager based on KDE Frameworks. This is a Beta version intended for users willing to help us by testing the KF5 port before the final Release.

      • Simple Qt container optimization you should do on your code

        Most of us know we shouldn’t let our containers detach. QList, QVector, QString, etc. are implicitly shared. Copying them is cheap, but when we call a non const member function it will detach and trigger a deep copy.

      • Qt 5.5 Now Plans To Ship At The End Of June

        Qt 5.5 has been running behind schedule for some time while now The Qt Company is trying to get it back on track and to officially ship Qt 5.5 by the end of next month.

    • GNOME Desktop/GTK

      • GNOME Asia 2015 impressio

        I must to congrat all the enthusiasm and effort from many young students supported by experienced people, leaded by Estu Fardani. There are lots of Linux users in Indonesia and I saw the willing to contribute with the GNOME project. I met Estu in person and I found more friendly local people: my new dear friend Deetah, Harris, Utian, Aris, Kukuh, Fahmi, Moco, Pico, Siska, Lenin & the awsome Sendy!

      • GNOME 3.16.2 released

        The second update of GNOME 3.16 is out with many bug fixes, documentation improvements, translations updates, and more. We hope you’ll like it.

      • GNOME 3.16.2 Released

        GNOME 3.16.2 was announced this afternoon by Red Hat’s Matthias Clasen. The GNOME 3.16.2 release contains numerous bug fixes, documentation updates, translation updates, and other minor work. GNOME 3.16.2 release information can be found via this mailing list post.

      • Orca Open Source Screen Reader Receives Major Update for GNOME 3.16.2

        We reported earlier this week that the hard-working developers behind the acclaimed GNOME desktop environment used by default in numerous GNU/Linux distributions, including Ubuntu GNOME and Fedora, are preparing the second and last point release of GNOME 3.16.

      • GNOME Shell and Mutter Get Minor Updates for GNOME 3.16.2

        The GNOME Project has just announced the general availability of the GNOME 3.16.2 desktop environment, the second and last maintenance release of the 3.16 series.

  • Distributions

    • The death of Foresight Linux

      There are many different Linux distributions, and some last for longer periods of time than others. Foresight Linux is a distribution that has finally reached the end of the road, and will no longer be developed.

    • Reviews

    • New Releases

    • Red Hat Family

      • Red Hat Wins SIIA Software CODiE Awards for Best Cloud Management Solution and Best Open Source Innovation

        Red Hat CloudForms and Red Hat Enterprise Linux 7 Earn Prestigious Industry Recognition

      • Fedora

        • The One Problem I Have So Far With Fedora’s DNF Package Manager

          There’s one gripe I continue to have with DNF but at least it doesn’t mean the end of the world… DNF is mostly a drop-in replacement to the Yum command and when calling yum on Fedora 22 it will end up redirecting to dnf. One of the few exceptions though to where DNF is a drop-in replacement for Yum is supporting the –skip-broken argument.

        • Fedora 21 vs. Fedora 22 Benchmarks

          For those curious how the performance of Fedora 22 is shaking out, here’s some early benchmarks comparing the Fedora Workstation 21 and Fedora Workstation 22 (with all updates as of the final freeze) in various workloads.

          Plenty of Fedora 22 benchmarks are in the works now that this Red Hat backed Linux distribution is gearing up for release and has settled down with its many changes and new features. The Fedora 22 state tested was with the Linux 4.0.2 kernel, GNOME Shell 3.16.1, Mesa 10.5.4, and GCC 5.1.1 while using an EXT4 file-system. On the same exact Intel ultrabook, Fedora 21 was also re-benchmarked both in stock form and with all available updates as of 12 May.

    • Debian Family

  • Devices/Embedded

    • Mouser adds to open source board sales channel

      The distributor’s Open Source Hardware Technology website now has an updated product selector which allows users to select a board from 30 different parameters including processor type and speed, memory and expansion capabilities, wireless and wired networking, user interface options, video connectivity.

    • CHIP: $9 Linux ‘micro-computer’ hits $1m Kickstarter funding in four days

      THE CHIP ‘MICRO-COMPUTER’ that costs just $9 (£5.85) has reached over $1m in funding just four days after arriving on Kickstarter.

    • Raspberry Pi Model B+ price cut to just $25

      The Raspberry Pi B+, which was previously priced at $35, has had its price cut to just $25. The price cuts have already gone into effect on the primary Raspberry Pi stockist websites: RS Components in the UK (£16) and MCM Electronics in the US ($25).

      According to Raspberry Pi, the price reduction was made possible by “production optimizations,” though no specifics were given. At first glance, there don’t appear to be any board- or component-level changes, though Raspberry Pi might not have updated its product images yet.

    • Phones

Free Software/Open Source

  • In Free Software, it’s okay to be imperfect, as long as you’re open and honest about it

    In the FOSS world, people seem more likely to really see the person, not just the community they belong to. And from a person, they expect that they really and honestly feel sorry if they made a mistake. And they seem to be more forgiving if a FOSS contributor admits a mistake and apologizes than if a proprietary software company does. It’s not only individuals, though. It seems like even companies in the FOSS field are expected to be more open and honest than those in the proprietary software field.

  • Free Software and Free Culture: Open Source’s Influence on Society

    In an age when Microsoft (MSFT) is floating the idea of open-sourcing even Windows, it’s clear that open source has pretty much conquered the world of software—or the parts of it that matter, at least. But, in a lot of ways, the weight of open source is now extending into many other realms, defining how people interact and collaborate well beyond the context of computers. That’s a fascinating issue, and it gives the key to understanding what could be the ultimate legacy of the free and open source software movements.

  • 5 open source remakes of classic PC games you won’t want to miss

    Buying the latest games will typically get you top-quality graphics and an iTunes-ready soundtrack, but that won’t necessarily translate into compelling gameplay. And even if it does, there’s no guarantee you’ll be kept entertained for more than a few hours. The solution? Try one of these open source takes on classic PC games.

    Sure, the graphics won’t be as good. There is no chance you’ll want to download the soundtrack, and there will probably be odd glitches and bugs here and there. But, you can be sure the central concept will be great (it’s what inspired the remake in the first place). It’ll have been developed by people who love it, rather than just because they want your cash. And as, in most cases, the projects are still evolving — with new features, content, missions, expansion packs — you’ll want to keep playing for a long, long time.

  • Google stomps on scammers — and helps open source

    A recent rules change to Google Adwords may make it easier for open source projects to protect their good reputation

  • Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec

    The Cloud Security Alliance (CSA), a group that promotes security best practices for cloud computing, is making progress on its plans to develop a software-defined perimeter (SDP) framework for protecting Internet-connected systems against a range of security threats.

  • Web Browsers

    • Mozilla

      • Letter To Mozilla

        We are a group of Free Software advocates from Melbourne Australia and supporters of the Mozilla Foundation and its goals. While we would usually hold Mozilla in high esteem, on this International Day Against DRM we feel compelled to join the FSF and Defective By Design in condemning Mozilla’s decision to include proprietary mechanisms (Encrypted Media Extensions) in Firefox.

        We understand that you are trying to do what makes content owners comfortable lest they not allow their content on your browser; you have outlined this in the article “DRM and the Challenge of Serving Users”. However it seems that your focus is on the short term, compromising your values to retain existing users, rather than protecting them in the longer term. That article significantly neglects any mention of the harms caused by such proprietary technologies, and how they lead users to inflict this harm upon themselves.

      • FREE Firefox?

        The challenge is, going from the Firefox start page, find a way to download the FREE version, without using external websites (so no Google search).

  • SaaS/Big Data

    • Nexenta Extends Its Market Leadership in Open Source-driven Software-Defined Storage at OpenStack Summit; End-to-End Integration Into OpenStack Framework
    • Pentaho ignites Apache Spark orchestration

      Orlando-based open source analytics company Pentaho is ‘in the process of being acquired’ by Hitachi Data Systems, but the brand appears strong enough to be retained 100% intact inside of the new parent company.

    • How to become a valued OpenStack contributor

      Most PTL’s are elected because they are the most technical contributor on a particular project. They are rarely elected for leadership skills. Most of our top technical contributors struggle with leadership, and naturally shy away from it. This frequently leads to dysfunction in community dynamics, as the PTL continues to focus on contributing at a very high level, and puts limited effort into leadership work. Doing things like setting project vision, tracking and celebrating milestones, providing team members with actionable feedback, and sharing the project vision with community members outside the project are all good ways of exhibiting leadership. Doing those things as a part time effort can yield limited results in terms of team unity, and effectiveness. My suggestion to open source project leaders is to earmark considerable time for leadership work, and scale back direct contribution work. A well empowered, motivated, and effective team can produce much more velocity than a PTL individually focused on strong contribution, and ignoring leadership responsibilities in order to do it.

  • CMS

    • Open source a clear choice for CMS development

      As time went on, we simply continued to ride the open source path. We assembled a huge collection of functional applications we had built for client sites that could be added to and modified for new ones. Shopping carts, contact forms, opt-in email list managers, employment opportunity listings, content editors, slide shows, all built as open source using PHP.

      A few years later came the emergence of Content Management Systems, which contained—as a package—many of the functional elements we previously had relied upon our own resources to create. Drupal, Joomla!, WordPress, and others were emerging as the default new development platforms for most digital agencies who had followed the same path as ours.

  • FSF/FSFE/GNU/SFLC

    • Free Software Foundation announces deputy director search

      The Free Software Foundation (FSF), a Boston-based 501(c)(3) charity with a worldwide mission to protect freedoms critical to the computer-using public, would love to find an experienced, Boston-based deputy director to expand our leadership team.

  • Licensing

    • Linux Foundation Updates SPDX Compliance Effort

      Back in 2010, the Linux Foundation first launched its Software Package Data Exchange (SPDX) effort that helps to build out and identify software components in a standardized manner. Since then, use of SPDX has grown, and on May 12 the SPDX 2.0 specification was announced. The new specification aims to be even more comprehensive in helping organizations understand the open-source licenses that are used as part of an application deployment.

  • Openness/Sharing

    • Open Source Project Hopes To Offer $23,000 EV With 186 Miles Range

      An open source project is currently in the works to build an electric vehicle powered by in-wheel motors.

      The goals are ambitious: 1) Build an electric vehicle with a minimum range of 186 miles that can theoretically be put into production and sold for under $22,700. 2) Share the design so that others can replicate or customize the platform. 3) Do it all in less than a year.

Leftovers

  • Hardware

  • Security

  • Defence/Police/Secrecy/Aggression

    • The Jeb Bush Adviser Who Should Scare You

      Paul Wolfowitz not only championed the Iraq War—he obsessively promoted a bizarre conspiracy theory.

    • Ignorance and attempts to rewrite WWII history – that’s what makes me sick

      Everybody in this country is perfectly aware of the fact that we were allies with the British, the French, and of course, the Americans whom we gloriously linked-up with on the River Elbe in April 1945. But we also remember how from the very beginning, in 1939, the West was hoping to orient Hitler to the East and make the German socialists and the Russian communists kill each other. Yes, Moscow did get tons of American supplies under the Lend-Lease Act passed in 1941, and the Northern convoys to Murmansk were a manifestation of real heroism by the Royal Navy. We also cherish the memory of the French Normandie-Niemen air squadron and Le Resistance, but the Russians will never forget that we had to suffer three long years, until our brothers in arms finally landed in Normandy in 1944. That reduced the distance between D-day and VE-Day for them to just 10 months, while for the Russians it was 46 long months of war… For the first time since 1941 Moscow really celebrated Victory on March, 26, 1944 – the day the Soviet troops crossed the River Prut and recaptured the state border. By the time the allies crossed the Channel three months later the Red Army had started its victorious march across Europe, liberating Romania, Hungary, Bulgaria, Czechoslovakia, Austria and Norway. The heaviest price we paid during this operation was for ousting German troops from Poland: 600,000 Soviet soldiers were killed on Polish soil.

  • Transparency Reporting

    • Born Kneeling

      Rusbridger and his extraordinary wig go on and on as a pretend opposition outlet, their reputation much dented by recent hysterical unionist output which exceeds the Daily Express. But Rusbridger’s continued usefulness to the establishment is not in doubt. The pose of publishing the most harmless of Prince Charles’ letters does little to help a threadbare disguise.

  • Censorship

    • David Cameron to unveil new limits on extremists’ activities in Queen’s speech

      A counter-terrorism bill including plans for extremism disruption orders designed to restrict those trying to radicalise young people is to be included in the Queen’s speech, David Cameron will tell the national security council on Wednesday.

      The orders, the product of an extremism task force set up by the prime minister, were proposed during the last parliament in March, but were largely vetoed by the Liberal Democrats on the grounds of free speech. They were subsequently revived in the Conservative manifesto.

  • Privacy

    • [tor-relays] Please enable IPv6 on your relay!
    • Exposure to ideologically diverse news and opinion on Facebook

      Exposure to news, opinion and civic information increasingly occurs through social media. How do these online networks influence exposure to perspectives that cut across ideological lines? Using de-identified data, we examined how 10.1 million U.S. Facebook users interact with socially shared news. We directly measured ideological homophily in friend networks, and examine the extent to which heterogeneous friends could potentially expose individuals to cross-cutting content. We then quantified the extent to which individuals encounter comparatively more or less diverse content while interacting via Facebook’s algorithmically ranked News Feed, and further studied users’ choices to click through to ideologically discordant content. Compared to algorithmic ranking, individuals’ choices about what to consume had a stronger effect limiting exposure to cross-cutting content.

    • NSA’s Loudest Defenders Have Financial Ties to NSA Contractors

      The Intercept’s Lee Fang has highlighted a few examples of loud National Security Agency allies that have financial ties to the agency and mass surveillance. The list includes Stewart Baker, the general counsel to the NSA from 1992 through 1994, Fox News military analyst Jack Keane, Retired General Wesley Clark, former Central Intelligence Agency chief James Woolsey, former Republican National Committee chair Jim Gilmore, former NSA director Mike McConnell, and Center for Strategic and International Studies President John Hamre. They have surfaced regularly in the media to denounce Snowden, and in the case of Woolsey, to call for Snowden to be “hanged by his neck”.

    • Many of the NSA’s Loudest Defenders Have Financial Ties to NSA Contractors

      Due to the secretive nature of the agency’s work, NSA contracts are often shielded from public disclosure, and identifying financial links between pundits and the agency’s web of partners is tricky. But the work of journalists and whistleblowers such as James Bamford, who was assigned to an NSA unit while serving in the Navy, gives us a sense of which companies work for U.S. intelligence agencies. Drawing largely from these disclosures, The Intercept has identified several former government and military officials whose voices have shaped the public discourse around government spying and surveillance issues but whose financial ties to NSA contractors have received little attention. These pundits have played a key role in the public debate as the White House and the agency itself have struggled to defend the most controversial spying programs revealed by Snowden’s documents.

    • House votes overwhelmingly to end NSA’s mass collection of phone records

      The House overwhelmingly passed a bipartisan bill Wednesday to dial back the once-secret National Security Agency program that collects and stores data from nearly every landline or cellphone call dialed or received in the United States.

    • Senator Bob Corker Says NSA Should Be Spying On More Americans, Not Fewer

      Senator Bob Corker, who heads the Senate Foreign Relations Committee, appears to now be calling for the NSA to spy on more Americans, rather than fewer, arguing that the metadata collection program that is currently being debated in Congress is so small that he considers it negligent.

    • Corker calls NSA surveillance program shockingly small

      Senate Foreign Relations Committee Chairman Bob Corker said Wednesday he was shocked to learn this week how little data the National Security Agency is actually amassing in its controversial collection of Americans’ phone records.

    • The NSA’s Call Record Program, a 9/11 Hijacker, and the Failure of Bulk Collection

      The fact is, U.S. intelligence agencies knew of al-Mihdhar long before 9/11 and had the ability find him. In the years, months, and days before 9/11, the NSA already had access to a massive database of Americans’ call records. Analysts—at NSA or CIA—could have easily searched the database for calls made from the U.S. to the safehouse in Yemen. They simply didn’t.

  • Civil Rights

    • U.S. marshal involved in road rage incident in South County

      A U.S. marshal was among four people cited for assault in an apparent case of road rage Sunday, authorities said.

      A man who was involved in the incident told a TV reporter that it began with a honk and moved to a parking lot, where a man in another vehicle approached him holding a gun and punched him in the face with it.

  • Internet/Net Neutrality

    • Cable Industry Tries To Distance Itself From Decades Of Poor Service By Eliminating The Word ‘Cable’

      Annoyance with the cable industry appears to have reached the tipping point, with consumers fed up with skyrocketing prices, inflexible programming options and some of the worst customer service in any U.S. industry. The cable industry’s ingenious solution? Stop using the word cable. Last week, the cable industry held its annual trade conference, previously dubbed “The Cable Show.” Trying to distance itself from the aging, negative associations with the word “cable,” the industry has decided to rename the conference The Internet & Television Expo.

“VENOM” FUD Attack — Like “Heartbleed” FUD Attack — Linked to Microsoft

Posted in Microsoft, Security at 7:48 pm by Dr. Roy Schestowitz

VENOM™ and Heartbleed™ do have something in common

Mike Convertino
From Microsoft management to CrowdStrike™ management

Summary: Why CrowdStrike™ is motivated to smear Free software and establish a stigma of insecurity in Free software-based virtual machines/’clouds’

The word/brand “Heartbleed” was made up by a Microsoft-connected firm — a firm that is headed by Microsoft’s former security chief. It basically took credit for a 2-year-old flaw that a Google engineer had found, publishing (along with a logo and a catchy brand name) dangerous details well before a patch could be made available and widely deployed/applied, i.e. it was an irresponsible disclosure.

CrowdStrike™ 'pulled a "Heartbleed"' in the sense that it followed some similar patterns (reminiscent of the above). XFaCE, a regular from our IRC channels, diverted our attention to the press release “CrowdStrike™ Appoints Amol Kulkarni as Vice President Engineering”, dated Dec 9, 2014 (less than half a year ago).

“Former Microsoft Bing Engineering Leader [leaving a dead/dying effort] joins Executive Team at CrowdStrike,” says the press release.

“Why is it that we so often find out-of-proportion scare (or FUD) against Free software linked to Microsoft and its ‘former’ staff or close partners?”More important a find, however, is the background of Mike Convertino from the company’s leadership team. The introduction is very telling; rather than hide his background it is noting: “Prior to his work at CrowdStrike, Convertino was the Senior Director of Network Security at Microsoft where he was responsible for protecting all of the company’s networks from intrusion and exploitation.”

So the apple doesn’t fall too far from the tree.

“They also use Microsoft Office extensively, given their job ads,” XFaCE added.

“Adam Meyers, “VP of Intelligence” at CrowdStrike™, used to work for SRA International,” XFaCE says. According to Wikipedia, “SRA provides information technology services to clients in national security, civil government, and health care and public health. Its largest market, national security, includes the Department of Defense, Homeland Security, US Army, US Air Force, and intelligence agencies.”

“Microsoft is a partner,” says XFaCE. George Kurtz, the CEO and co-founder of CrowdStrike, comes from McAfee, a common and frequent source of anti-Linux and anti-Android FUD. The famed Scottish-American founder of McAfee is now a fugitive.

Why is it that we so often find out-of-proportion scare (or FUD) against Free software linked to Microsoft and its ‘former’ staff or close partners?

Spinning Microsoft’s Inability to Sell Windows (or Office) as a Strength

Posted in Deception, Microsoft at 11:22 am by Dr. Roy Schestowitz

Summary: The ‘cloud’ mindset, which is promoted by surveillance fanatics, increasingly used to pretend that Microsoft has a bright future, despite declining sales

When Microsoft can no longer sell Windows and Office (its cash cows) all it will have left to sell is people’s private data, even Skype audio/chats/video. That’s what the vision of ‘cloud’ seems to be about: subscription (infinitely-recurring payments) and data (with no true promise of privacy).

Yesterday we noted that some IDG journalists are actually Microsoft staff and some are Microsoft MVPs, like this so-called ‘journalist’ who keeps promoting (advertising) Microsoft ‘cloud’ (Matt Weinberger does the same thing in other sites). One ‘analyst’ (like Gartner or IDC, but financial) went as far as hyping up Azure to upgrade Microsoft, using the ludicrous claim (among others) that “Microsoft embraces linux”, despite Microsoft obviously hating Linux. Recall the series below:

Anyone choosing to run GNU/Linux on the NSA-friendly platform called Azure is asking or begging to be snooped on. What would customers say? Microsoft’s love of surveillance is well documented. The whole ‘cloud’ nonsense works well for Microsoft and those claiming that Microsoft will do well “because cloud” are either ignorant or bribed.

Yesterday we found Vista 10 ads (in article form) in the Microsoft-friendly media because they must pretend that Microsoft matters in mobile and that Windows is free or something along those lines. Microsoft’s mouthpiece can’t help spreading the lie that Vista 10 will be 'free' (Microsoft admits it’s “marketing”, i.e. lie). Gartner has been among those promoting the 'free' Vista 10 lie.

Microsoft is simply unable to compete with free (freedom and gratis), so now it pretends that it can devour all of GNU/Linux (in Azure) or that somehow reducing the cost of Windows and moving to a subscription model will magically work out. This is utter nonsense. Only a drunk analyst, an incompetent analyst, or a bribed analyst can claim such a thing.

New Windows Ransomware: No Branding, Not Even a Mention of Windows

Posted in Microsoft, Security at 11:15 am by Dr. Roy Schestowitz

Summary: New example of media bias which completely omits Windows and spares Microsoft as that may lead to bad publicity

The VENOM® hype campaign is still occupying headlines, serving to distract from Microsoft’s ~50 vulnerabilities which were disclosed on Tuesday and hardly received any media attention.

We recently complained that the ToryGraph advertised Microsoft and deleted Netscape from history, thereby hiding Microsoft's criminal shame.

A reader has just told us that the ToryGraph fails to call out Windows when there is negative news. There is Windows ransomware again, but Windows not even named. There is no brand, no name, no logo, etc.

Microsoft Windows does not need to be infected to demand ransom, Microsoft does the job itself and has done exactly that (demanded ransom) since the first of the Vista series (before 7, 8, and 10). Microsoft no longer thinks it can convince people to pay for Windows, so this strategy is seemingly being dropped.

VENOM® is Not a Serious Bug, It’s Just a Marketing Campaign From CrowdStrike

Posted in Security at 10:47 am by Dr. Roy Schestowitz

Bugs
Image courtesy of Red Hat, demonstrating lack of correlation between severity and logos/brands

Summary: Many journalists bamboozled into becoming couriers of CrowdStrike, an insecurity firm which tries to market itself using a name and logo for a very old bug

THERE is a disproportionate level of coverage not of Free software but of bugs in Free software. We last wrote about it only days ago

A firm called CrowdStrike (who? Exactly!) is trying to emulate the ‘success’ of previous FUD campaigns. Now is the time to check who’s a real journalist (fact-checking) and who’s just serving PR campaigns like “VENOM”, a shameless FUD campaign from CrowdStrike.

The whole “VENOM” nonsense was covered in a good article titled “VENOM hype and pre-planned marketing campaign panned by experts”. To quote: “On Wednesday, CrowdStrike released details on CVE-2015-3456, also known as Venom. Venom is a vulnerability in the floppy drive emulation code used by many virtualization platforms.

“However, while it’s possible that a large number of systems are impacted by this flaw, it isn’t something that can be passively exploited.

“Several security experts discussed the flaw online, focusing on the marketing and the media attention that it generated – including some over-hyped headlines. Most media organizations were briefed ahead of time about the discovery and gagged by embargo until the Venom website launched, so they had plenty of time to write.

“Many media articles compared Venom to Heartbleed, which is an apples to oranges comparison. If anything, the only commonality is the fact that both flaws had a pre-planned marketing campaign.”

Here comes the “Heartbleed” brand. Yet again. They’re using names that are scary (even all caps, like “GHOST”) because it’s so much easier to sell than “CVE-2015-3456″. Journalists rarely have the technical knowledge to analyse a bug or a flaw, so they assume bugs and logos are indicative of severity.

This patch Tuesday Microsoft revealed 40+ vulnerabilities. Not a single one had a brand name, logo, etc. Here is how IDG covered 46 flaws publicly disclosed by Microsoft just for this Tuesday (Microsoft hides even more flaws). So many flaws were collectively covered in one article and yet there are no logos; none has any branding.

“VENOM” has become the latest example of what we call bugs with branding. This has got to stop because it corrupts journalism and makes the field of computer security almost synonymous with marketing or advertising. CrowdStrike used ALL CAPS (for emphasis rather than acronym) and connotation with poison to market itself, an insecurity firm, after finding a floppy drive bug from over a decade ago. There is a logo too (the first example we found of it), not just branding for this bug, dubbed “VENOM”.

Bug branding (turning number into branding-friendly FUD) seems to have adopted the ALL CAPS convention from “GHOST”, only for extra scare. This FUD has surfaced even in Linux-centric sites, which played along with the marketing campaign. Red Hat [1] and SJVN [2], even Phoronix [3] and Softpedia [4], have covered it by now, despite no focus on security news there.

Branding for bugs leads to stupid headlines that are more poetic than factual and are very light on facts. There is little substance there. This whole recipe (bug+brand name+logo=lots of publicity without much merit) has been repeatedly exploited to give a bad name to FOSS security. A lot of headlines try to connect this to the “Heartbleed” brand. Headlines that we have found so far (links below) include “New Venom bug hits data centers, but it’s hardly Heartbleed”, “Venom bug could allow hackers to take over cloud servers – and experts say it could be worse than Heartbleed”, “New Venom flaw may be worse than Heartbleed, researchers warn”, and “Venom vulnerability more dangerous than Heartbleed, targets most virtual machines”.

Zack Whittaker (former Microsoft staff) covered it like this in the CBS-owned tech tabloid, ZDNet: “Bigger than Heartbleed, ‘Venom’ security vulnerability threatens most datacenters”

Here is that “Heartbleed” brand again. “Please Stop Comparing Every Security Flaw to Heartbleed,” said one good headline from Gizmodo (that’s just how they covered this marketing campaign).

The word/brand “Heartbleed” was made up by a Microsoft-connected firm. Watch coverage from Microsoft-friendly sites and you will find headlines like: “Heartbleed, eat your heart out: VENOM vuln poisons countless VMs”

Dan Goodin, a foe of FOSS (from a security angle), brings in the NSA and Bitcoin to add FUD amid this branded bug/buzz. He wrote about the latest branded bug not once but twice (see links below). He is squeezing the most FOSS FUD out of it (opportunism). Kim Komando chose the headline “New bug taking over the Internet”. No sensationalism here? One press release said “Better Business Bureau Says Most Don’t Need to Worry” [about the branded bug], so there is some objectivity out there too, or an effort to calm people down.

Watch carefully how the bug is marketed in the media: Logo with SVG-like transparency; for a bug! Looks like it was prepared by graphics/marketing professionals. Are insecurity firms now liaising with marketing firms to professionally draw SVG logos for bugs? More logos for simple bugs (we found several, but one main logo) are circulating, usually with photos of snakes. See the complete list [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36] as of this morning. How much more of this FUD is going to circulate before journalists realise that they make a mountain out of a molehill?

Related/contextual items from the news:

  1. VENOM, don’t get bitten.

    CVE-2015-3456 (aka VENOM) is a security flaw in the QEMU’s Floppy Disk Controller (FDC) emulation. It can be exploited by a malicious guest user with access to the FDC I/O ports by issuing specially crafted FDC commands to the controller. It can result in guest controlled execution of arbitrary code in, and with privileges of, the corresponding QEMU process on the host. Worst case scenario this can be guest to host exit with the root privileges.

  2. For Venom security flaw, the fix is in: Patch your VM today

    The QEMU fix itself is now available in source code. Red Hat has been working on the fix since last week.

  3. VENOM Bug In QEMU Escapes VM Security
  4. 11-Year-Old Bug in Virtual Floppy Drive Code Allows Escape from Virtual Machines

    Popular virtualization platforms relying on the virtual Floppy Disk Controller code from QEMU (Quick Emulator) are susceptible to a vulnerability that allows executing code outside the guest machine.

05.13.15

Links 13/5/2015: GNU/Linux PCs in Russia, Fedora 22 Freeze

Posted in News Roundup at 6:03 pm by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

  • 10 Linux Dream Jobs – What’s Yours?

    What’s your Linux dream job? The Linux Foundation recently asked our Twitter followers to share their ideal Linux careers. Many responded that they’re already living the dream, working as sysadmins and developers (or by simply getting to use Linux in their everyday tasks.) While others imagine fulfilling careers not yet within their grasp. Here are 10 of our favorite responses, along with a few resources for learning more about each dream Linux career path.

  • New to Linux? 5 Apps You Didn’t Know You Were Missing

    When you moved to Linux, you went straight for the obvious browsers, cloud clients, music players, email clients, and perhaps image editors, right? As a result, you’ve missed several vital, productive tools. Here’s a roundup of five umissable Linux apps that you really need to install.

  • From Windows XP to Linux: Adding to the List

    Yesterday on Datamation, Matt Hartley wrote what could best be described as a reminder piece about the folks using Windows XP at home or in small businesses having options when it comes to replacing that particular operating system, and that the best option — go ahead and say it with me — is Linux.

  • Solar Sail Spacecraft Runs Linux and Uses SSH, Says Bill Nye

    The idea of solar sails was first introduced in popular culture by none other than Carl Sagan, more than 40 years ago. This particular technology was not a priority for scientists in the past decades, with very few exceptions, but The Planetary Society and Bill Nye want to change that by launching a small spacecraft called CubeSat that will be powered by light.

  • Desktop

  • Server

    • Rackspace CEO Takes a Positive Spin from AWS for OpenStack Growth

      Rackspace reported its first quarter fiscal 2015 results on May 11, with company executives sounding very optimistic about the company’s future prospects.

      For the quarter, Rackspace reported net revenue of $480 million, for a 14.1 percent year-over-year gain. Net income for the first quarter was reported at $28.4 million, up from $25.4 million in the first quarter of 2014.

      [...]

      Rackspace’s cloud fortunes today are somewhat tied to the open-source OpenStack cloud platform, which it helped to create. Rhodes sees potential for OpenStack both in the public cloud space as well as the private.

  • Kernel Space

  • Applications

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

    • GNOME Desktop/GTK

  • Distributions

    • Goodbye Foresight Linux

      It’s with great sadness in our hearts that we write this article to you all, but it appears that in an email to the Foresight Linux’s mailinglist, Michael K. Johnson announces the retirement of the distribution.

    • Foresight Linux Announces The End Of Development
    • Material Design-Inspired Papyros Shows Great Progress

      It’s been a while since we heard about Papyros, the Linux distribution that used the Material Design concepts from Google, but developers have released a short video that illustrates the work they’ve done so far.

    • New Releases

    • Slackware Family

    • Red Hat Family

      • Fedora

        • End of Foresight and What Makes Fedora Different

          Foresight Linux officially called it quits yesterday due to a lack of developers. The project hasn’t seen a release in over two years, but it’s still sad when a distribution shuts down. Across town, Pete Travis posted a passionate open letter to Fedora on why it should remain true to its philosophy and Bruce Byfield pondered the age old mystery, “Why can’t Ubuntu play well with others?”

        • Fedora 22 Final Freeze

          Today is an important day on the Fedora 22 schedule[1], with a significant cut-offs.

        • Fedora 22 Linux Will Arrive on May 26, Final Freeze Now in Effect

          The Fedora Project is preparing to release their latest and greatest Linux kernel-based operating system, Fedora 22, which will arrive as expected later this month, on May 26, 2015.

        • Fedora 22 Is Now Under Its Final Freeze

          Today marks the final freeze for Fedora 22 with plans to officially release this Red Hat sponsored Linux distribution update later in May.

        • Fedora Workstation 22 Is Looking Great, Running Fantastic

          As the Fedora 22 release approaches, there will be more benchmarks coming along with other tests (e.g. the latest X11 vs. Wayland, Fedora 22 graphics performance, etc). For today’s article I just wanted to make a few remarks about Fedora Workstation 22. Fedora Workstation 22 feels like a nice evolutionary upgrade over Fedora 21. GNOME 3.16 and these upstream improvements represent a bulk of the user-visible changes in Fedora 22. Below the hood there’s the GCC 5.0 compiler, Mesa 10.5, Perl 5.20, Linux 4.0, and many other package updates. If GNOME isn’t your thing, Xfce 4.12 is present along with the premiere of the LXQt desktop environment. The latest KDE Plasma 5 / Frameworks 5 packages are also present in Fedora 22. Many of the other Fedora 22 workstation/desktop changes have already been detailed in numerous Phoronix articles.

    • Debian Family

      • systemd: Type=simple and avoiding forking considered harmful?

        I wonder if systemd shouldn’t do more to detect problems during services initialization, as the transition to proper notification using sd_notify will likely take some time. A possibility would be to wait 100 or 200ms after the start to ensure that the service doesn’t exit almost immediately. But that’s not really a solution for several obvious reasons. A more hackish, but still less dirty solution could be to poll the state of processes inside the cgroup, and assume that the service is started only when all processes are sleeping. Still, that wouldn’t be entirely satisfying…

      • Run Debian 8 Jessie with on Raspberry Pi 2 with RaspEX

        The creator of numerous GNU/Linux distributions are very excited to introduce us to RaspEX today, a distro based on the Debian GNU/Linux 8.0 (Jessie) and created to run on the Raspberry Pi 2 computer board.

      • Derivatives

        • Linux Top 3: Tails 1.4, 4MLinux 12 and TinyCore Linux 6.2

          Nearly a year after Tails 1.0, and the Tails 1.4 release is now available. Tails – short for The Amnesic Incognito Live System and is a privacy focussed Linux distribution.

        • Tails 1.4 is out

          Tails, The Amnesic Incognito Live System, version 1.4, is out.

          This release fixes numerous security issues and all users must upgrade as soon as possible.

        • Tails 1.4 Updates the Windows 8 Camouflage to Work with the I2P and Unsafe Browsers

          Tails 1.4 Updates the Windows 8 Camouflage to Work with the I2P and Unsafe Browsers

        • Canonical/Ubuntu

          • 2015 is shaping up to be the Year of Ubuntu

            Ubuntu has been making big promises since 2011 when they chose Unity to be at the center of their universe. And while they failed to deliver on Ubuntu TV or Ubuntu for Android, they’ve got other tricks up their sleeves.

          • Snappy Ubuntu Linux Now Used in Networking, Refrigerators

            With its number of uses growing, the Snappy Ubuntu Core Linux operating system is now coming to network switches and refrigerators.
            Canonical, the lead commercial sponsor behind the open-source Ubuntu Linux operating system, today announced an expansion of its push to embed Linux in everything from phones to refrigerators—and now network switches. The Snappy Ubuntu Core Linux operating system, a minimal version of Ubuntu Linux that provides an improved updating and security model, is designed for embedded devices and the Internet of things (IoT).

          • ICU Vulnerability Closed in Ubuntu 15.04

            Canonical has published details in a security notice about an ICU vulnerability that has been found and fixed in Ubuntu 15.04, Ubuntu 14.10, and Ubuntu 14.04 LTS.

          • Erle-Copter, Ubuntu Core Edition: the first drone with apps

            Although Ubuntu is best known for its desktop/server distro—which was recently updated to 15.04—the last few years have seen the project’s ambitions have grown considerably. For example, there’s the Ubuntu phone, which is beginning to win plaudits. In turn, solving the particular demands for a mobile platform led to new approaches and technologies that appeared again in Snappy Ubuntu, a “transactionally updated Ubuntu for clouds and devices.”

          • Erle Robotics’ Ubuntu Core Drone Is The First Drone With Support For Third Party Apps
          • The Latest OTA Update For Ubuntu Touch Brings A Huge List Of Changes

            As we had anticipated correctly last week, Canonical has released an OTA update for Ubuntu Touch (OTA 3.5), an update which brings fixes for over 15 bugs, some 3G enhancements, fixes for a bunch oc calendar sync problems, removed some crashes regarding ubuntu-keyboard and indicator-network, fixed the bug that drained the battery when the phone was used in airplane mode, patched some routing problems and the suspend problems have been removed.

          • New Ubuntu Touch Update Brings 3G and Location Services Improvements

            Today, May 12, we are happy to inform all Ubuntu Phone users that the Ubuntu Touch developers have just announced the release of the OTA 3.5 update for Canonical’s mobile operating system.

          • Why Can’t Ubuntu Play Well With Others?

            Last week, founder Mark Shuttleworth opened the Ubuntu Online Summit with a challenge to Linux desktop developers.

            “I’m issuing a call to people who participate in every desktop environment,” he said, “to set aside our differences, to recognize that the opportunity now is bigger than those differences, to create experiences that spans phones and tablets, and PCs, to bring all of our applications, none of which are on one desktop environment or another.”

            His words were rhetorically stirring — and provoked no major response whatsoever. Although some news sites reported his words without comment, probably most companies and projects have heard too many similar calls to action for this one to be effective.

          • Loli Papelk + Ultra Flat Icons, Install In Ubuntu
          • System76 Meerkat is a cute Intel Broadwell-powered Ubuntu Linux computer [Review]

            Imagine if every time you wanted a Windows computer, you had to buy a Mac, format the hard drive and install Microsoft’s operating system. That would suck, right? This is pretty much how it is for Linux users, sadly. If you are a user of a Linux distro such as Fedora or Ubuntu, for the most part — unless you are a system-builder — you have to buy a Windows machine, and install your preferred operating system.

            What if you want to buy a computer with an operating system such as Ubuntu pre-installed? Enter System76. The company sells computers — both desktops and laptops — running the Linux-based Ubuntu operating system. Recently, the company began selling the Meerkat — a mini computer based on Intel’s NUC. I have been using the computer for a few weeks now, with both Ubuntu and Windows 10 and I am ready to share the experience with you.

          • Ubuntu 15.10 with Unity 8 and Linux Kernel 4.0 Runs on a Lenovo Tablet

            Now, we all know that you can use Ubuntu on a tablet device, so this may not come as news to you, but seeing the next-generation Ubuntu 15.10 Desktop Next on a Lenovo ThinkPad 8 Bay Trail tablet might interest you.

          • Ubuntu continues its push into IoT devices

            Today marks the start of IoT World in San Francisco, and TelecomTV is onsite to record a series of executive video interviews and product demos. As the telecoms sector shifts its focus from vertically-aligned M2M solutions towards more horizontal IoT platforms, we expected to see yet more jostling for position amongst platform providers and OS developers.

          • Ubuntu 15.10 (Wily Werewolf) Release Schedule

            Announced by Mark Shuttleworth on May 4, 2015, Ubuntu 15.10 (codename Wily Werewolf) will be released later this year on October 22, 2015, according to the preliminary release schedule that was made public today.

          • Ubuntu 15.10 (Wily Werewolf) to Use Linux Kernel 4.1, Most Likely

          • Flavours and Variants

            • A preview of the MintBox Mini

              CompuLab has a long history of working with the developers of Linux Mint. The MintBox 2 is a good example of their cooperation, and it has gotten very positive reviews on Amazon. Now there’s a new product called the MintBox Mini and one of the Linux Mint developers has a preview of it.

            • Windows Users Are Top Downloaders of elementary OS “Freya”

              A month after elementary OS “Freya” was released to the public, the developers have made public some details about the platforms that download it and the results are pretty surprising. From the looks of it, the Windows users are the main downloaders of this Linux OS.

            • It’s optional for now, but Linux Mint expects to switch to systemd next year

              Despite recent reports suggesting the contrary, Linux Mint isn’t committed to avoiding systemd, the controversial project taking Linux by storm. In fact, Clement Lefebvre, Linux Mint’s project leader, expects the next major releases of Linux Mint to use systemd by default.

              No, Linux Mint isn’t switching to systemd immediately. The Linux Mint 17.x series and Linux Mint Debian Edition 2 will continue to use Upstart and SysV init, with systemd available as an option you can choose yourself. Linux Mint is giving systemd some time to mature before switching, but—with upstream projects and the Linux ecosystem as a whole moving towards systemd—Mint realizes it doesn’t have an option in the long term.

  • Devices/Embedded

Free Software/Open Source

  • Why tools like Docker, Vagrant, and Ansible are hotter than ever

    The complexity of application stacks keeps going up. Way, way up. Application stacks have always been complicated, but never like this. There are so many services, so many tools, so much more compute power available, so many new techniques to try, and always the desire, and the pressure, to solve problems in newer and cooler and more elegant ways. With so many toys to play with, and more coming every day, the toy chest struggles to contain them all.

  • 3 big lessons I learned from running an open source company

    It all sounds so straightforward: Put your code up on GitHub or start/join a project at the Apache Software Foundation (ASF), build a community of like-minded individuals, start a company, take in some funding, and then IPO. Or maybe not. One thing is certain: Running an open source company has unique challenges and opportunities. Although much has been written on the subject of open source and community building, I’d like to share three critical lessons learned in my travels as a co-founder and CTO of a venture-backed open source company.

  • Gaming Community Asks for Open Source GOG Galaxy Client

    GOG Galaxy is a new gaming client for the GOG distributions service, but for now it’s only available for the Windows platform. As a response, the GOG wish list now shows the open source GOG Galaxy client as the most requested item.

  • Events

    • GNOME.Asia summit 2015

      Every moment spent was mesmerizing in the summit. Day 0, 7th May 2015 Thursday was the workshop day in the auditorium of the Computer Science Department. Presentations by Andika Triwidada on “GNOME Indonesia Translation”, Akshai M for “MicroHOPE(Micro-controllers for Hobby Projects and Education)”, David King on “Writing your first GNOME application”, and Ekaterina Gerasimova, Alexandre Franke on the topic “How to make your first contribution” were out of the box informative.

    • LibrePlanet forever! Watch five sessions from 2015 online

      We’re happy to announce that recordings of five sessions from LibrePlanet 2015 are now online. Whether you couldn’t make it to the conference and are watching these for the first time, or attended and want to see them again, we hope you enjoy.

    • Last chance to register for the Randa Meetings 2015

      If you are interested in participating in this year’s Randa Meetings and want to have a chance to be financially supported to travel to Randa then the last 24 hours of the registration period just began.

  • Web Browsers

  • SaaS/Big Data

    • Communication is the key to herding cats

      John Dickinson is Director of Technology at SwiftStack and Program Team Lead (PTL) of the OpenStack Swift project. Last year, he gave us an update on Swift’s progress with Storage policies: Coming to an OpenStack Swift cluster near you for Opensource.com. In this follow up interview, John offers tips for improving community collaboration on open source projects, and gives us a preview of his upcoming OpenStack Summit talk.

    • Mixed Quarterly Results for Hadoop-Focused Hortonworks

      The end of 2014 was a momentous time for Hortonworks, which focuses on the Hadoop Big Data platform. The company had a successful IPO, driving home how focused many enterprises are on yielding more useful insights from their troves of data than standard data mining tools can provide.

    • Q&A Sessions with Cloud and Big Data Thought Leaders

  • Project Releases

  • Openness/Sharing

    • Open Access/Content

      • Open-source texts would have wider use in state colleges

        Students facing eye-popping costs of college textbooks could save substantial amounts of money under a bill that would encourage the use of electronic texts.

        The House on Tuesday approved a pilot program and study of so-called open-source texts that faculty could assign instead of traditional books that can cost students as much as $1,200 a year. The bill, which passed 144-0, next heads to the Senate.

        It would establish a task force to develop plans for the best use of open-source texts through an existing program at Charter Oak State College.

Leftovers

  • Security

    • Google Moves Its Corporate Applications to the Internet

      Google Inc., taking a new approach to enterprise security, is moving its corporate applications to the Internet. In doing so, the Internet giant is flipping common corporate security practice on its head, shifting away from the idea of a trusted internal corporate network secured by perimeter devices such as firewalls, in favor of a model where corporate data can be accessed from anywhere with the right device and user credentials.

    • Tuesday’s security updates
    • Beware the ticking Internet of Things security time bomb

      IBM’s Andy Thurai didn’t quite put the words into former RSA CTO Deepak Taneja’s mouth, but did prompt him by asking at the start of a TIE Startup Con panel in Cambridge, Mass., earlier this month whether Internet of Things security is a “time bomb ready to explode.”

    • VENOM, don’t get bitten.

      CVE-2015-3456 (aka VENOM) is a security flaw in the QEMU’s Floppy Disk Controller (FDC) emulation. It can be exploited by a malicious guest user with access to the FDC I/O ports by issuing specially crafted FDC commands to the controller. It can result in guest controlled execution of arbitrary code in, and with privileges of, the corresponding QEMU process on the host. Worst case scenario this can be guest to host exit with the root privileges.

    • For Venom security flaw, the fix is in: Patch your VM today

      The QEMU fix itself is now available in source code. Red Hat has been working on the fix since last week.

    • VENOM Bug In QEMU Escapes VM Security
    • 11-Year-Old Bug in Virtual Floppy Drive Code Allows Escape from Virtual Machines

      Popular virtualization platforms relying on the virtual Floppy Disk Controller code from QEMU (Quick Emulator) are susceptible to a vulnerability that allows executing code outside the guest machine.

  • Defence/Police/Secrecy/Aggression

    • U.S. Military Proposes Challenge to China Sea Claims

      The U.S. military is considering using aircraft and Navy ships to directly contest Chinese territorial claims to a chain of rapidly expanding artificial islands, U.S. officials said, in a move that would raise the stakes in a regional showdown over who controls disputed waters in the South China Sea.

    • It’s a Conspiracy! How to Discredit Seymour Hersh

      Max Fisher, now at Vox, learned well during his apprenticeship under Marty Peretz at The New Republic. This week, he was among the first to try to smear Seymour Hersh’s piece in the London Review of Books, which argued that pretty much everything we were told about the killing of Osama bin Laden was a lie. Most importantly, Hersh’s report questions the claim that Washington learned of OBL’s whereabouts thanks to torture—a claim popularized in the film Zero Dark Thirty.

      There’s a standard boiler plate now when it comes to going after Hersh, and all Fisher, in “The Many Problems with Seymour Hersh’s Osama bin Laden Conspiracy Theory,” did was fill out the form: establish Hersh’s “legendary” status (which Fisher does in the first sentence); invoke his reporting in My Lai and Abu Ghraib; then say that a number of Hersh’s recent stories—such as his 2012 New Yorker piece that the United States was training Iranian terrorists in Nevada—have been “unsubstantiated” (of course, other reporters never “substantiated” Hersh’s claim that Henry Kissinger was directly involved in organizing the cover-up of the fire-bombing of Cambodia for years—but that claim was true); question Hersh’s sources; and then, finally, suggest that Hersh has gone “off the rails” to embrace “conspiracy theories.”

    • Seymour Hersh Details Explosive Story on Bin Laden Killing & Responds to White House, Media Backlash

      Four years after U.S. forces assassinated Osama bin Laden, Pulitzer Prize-winning investigative reporter Seymour Hersh has published an explosive piece claiming much of what the Obama administration said about the attack was wrong. Hersh claims at the time of the U.S. raid, bin Laden had been held as a prisoner by Pakistani intelligence since 2006. Top Pakistani military leaders knew about the operation and provided key assistance. Contrary to U.S. claims that it located bin Laden by tracking his courier, a former Pakistani intelligence officer identified bin Laden’s whereabouts in return for the bulk of a $25 million U.S. bounty. Questions are also raised about whether bin Laden was actually buried at sea, as the U.S. claimed. Hersh says instead the Navy SEALs threw parts of bin Laden’s body into the Hindu Kush mountains from their helicopter.

    • Sy Hersh’s bin Laden Story First Reported in 2011 — With Seemingly Different Sources

      R.J. Hillhouse, a former professor, Fulbright fellow and novelist whose writing on intelligence and military outsourcing has appeared in the Washington Post and New York Times, made the same main assertions in 2011 about the death of Osama bin Laden as Seymour Hersh’s new story in the London Review of Books — apparently based on different sources than those used by Hersh.

    • Smuggled Syrian documents enough to indict Bashar al-Assad, say investigators

      A three-year operation to smuggle official documents out of Syria has produced enough evidence to indict President Bashar al-Assad and 24 senior members of his regime, according to the findings of an international investigative commission.

      The prosecution cases against the Syrian leaders focus on their role in the suppression of the protests that triggered the conflict in 2011. Tens of thousands of suspected dissidents were detained, and many of them were tortured and killed in the Syrian prison system.

    • Fox News Defends Jeb Bush’s “Disastrous” Iraq War Answer

      Fox News defended Republican presidential hopeful Jeb Bush after he said he would still have authorized the invasion of Iraq “given what we know now,” claiming that Bush simply misunderstood the question.

  • Transparency Reporting

    • Prince Charles’s letters to ministers to be published

      They’ll be examined for evidence of any pressure brought to bear by a hereditary monarch-in-waiting on elected ministers, and for any evidence that government policy was changed following the prince’s intervention.

    • Prince Charles’s black spider memos to be published on Wednesday

      Prince Charles’ secret letters to British government ministers expressing frank views that the government has warned could undermine his political neutrality will finally be published on Wednesday.

    • Prince Charles Asked By Michael Crick About His Secret ‘Black Spider Memos’, It Didn’t Go Well

      Prince Charles clearly doesn’t want to talk about his ‘black spider’ memos to ministers, which are about to be released, after his aide was filmed body blocking a reporter who tried to ambush to ask about the secret letters.

      The memos, written to various government departments between 2004 and 2005, will be released at 4pm after a 10-year legal battle by The Guardian.

      They are understood to show Charles’ disagreeing with government policy.

      As Charles arrived at Marks and Spencer’s flagship store near Marble Arch on Oxford Street in London, Channel 4 News’ Michael Crick asked if he was “worried” about the letters and if he was still writing to ministers – and whether he thought he was behaving “unconstitutionally” in doing so.

    • A battle over these 27 bits of paper has cost you more than £275,000.

      Secret letters that Prince Charles wrote to Tony Blair’s ministers are finally being revealed after a fight lasting several years.

      It’s a battle that’s cost taxpayers more than £275,000 and needed a ruling by Britain’s highest court.

      So why has there been such a long wrangle over some bits of paper? Here are all your questions answered.

    • Release of Prince Charles’s letters shows the point of freedom of information

      The publication of letters Prince Charles sent to government ministers is a triumph – of sorts – for the Freedom of Information Act.

      The point of the act is to enable the public to understand better how those in authority are governing us. The release of the letters allows us a limited peek behind the curtains to see how the heir to the throne has been seeking to influence government policies.

      But boy, what a struggle. The government has fought very hard for a decade to prevent the disclosure of 27 pieces of correspondence between the prince and ministers in Tony Blair’s government.

    • UK Prince Charles’ letters to ministers finally made public

      Prince Charles said British troops were under-resourced during the war in Iraq, according to letters from him published on Wednesday which the government had tried to keep secret in case they cast doubt over the future king’s political neutrality.

      The comment about the armed forces came in a letter from the 66-year-old prince to former Prime Minister Tony Blair in 2004, one of 27 letters he wrote to former ministers in 2004 and 2005 which were released to the public after a decade of government attempts to block publication.

    • Queen’s restraint is exception to rule of meddling monarchs

      The determination of Queen Elizabeth II to avoid any action or utterance that might be deemed “political” has become the status quo. Little is known about her personal passions or politics. If she has any – and she surely has – she keeps them to herself.

      But monarchs and future monarchs, even since the end of executive monarchy, have always meddled. It is Elizabeth, not her son Charles, who is the exception rather than the rule.

    • Prince Charles ‘Black Spider’ letters released: Heir to the throne described opponents to badger cull as ‘intellectually dishonest’

      People opposing a cull of badgers to prevent the spread of tuberculosis in cattle were described by Charles as “intellectually dishonest” in a letter revealing that he has long been in favour of the controversial process.

      In a letter to the then Prime Minister Tony Blair in 2005, the Prince criticised what he described as the “badger lobby” for objecting to the killing of badgers while disregarding the slaughter of cattle which contract the disease.

    • Prince Charles’s ‘black spider memos’ show lobbying at highest political level

      A cache of secret memos between Prince Charles and senior government ministers has been released after a 10-year legal battle, offering the clearest picture yet of the breadth and depth of the heir to the throne’s lobbying at the highest level of politics.

      The 27 memos, sent in 2004 and 2005 and released only after the Guardian won its long freedom of information fight with the government, show the Prince of Wales making direct and persistent policy demands to the then prime minister Tony Blair and several key figures in his Labour government.

      From Blair, Charles demanded everything from urgent action to improve equipment for troops fighting in Iraq to the availability of alternative herbal medicines in the UK, a pet cause of the prince.

    • Prince Charles ‘black spider’ memos reveal lobbying of Tony Blair

      A cache of secret memos sent by Prince Charles to senior UK ministers has finally been published, following a 10-year freedom of information battle between the Guardian and the government. The letters reveal that Charles lobbied ministers, including the former prime minister Tony Blair, on a wide range of issues, including agriculture, the armed forces, architecture and homeopathy.

    • Prince Charles – Letters finally out – conspiracy theorists disappointed?

      There will be many disappointed people today I’d guess. Clarence House has released a statement that the publication of these letters will “only inhibit” the Princes ability to express concerns. Complete rubbish, if a member of the Royal Family is sending letters of a non-personal nature to those in our government, its of utmost importance that UK citizens are privy to their contents.

  • Environment/Energy/Wildlife

    • Energy and the US Dollar: May Issue of TerraJoule.us

      Imported energy as a share of total US energy consumption last year fell to just 11.16%, continuing a dramatic downtrend since 2005, when dependency stood at 30%. This is nothing short of a revolutionary trend-change, especially when you consider the gargantuan energy consumption of the US, which stands just shy of 100 quadrillion btu per year. Because US energy consumption overall has either bottomed, or is set to advance at least a little, the next dramatic move lower in the energy deficit will come in 2017, as LNG exports really get underway. TerraJoule.us believes global currency markets have not yet discounted these coming changes. Viewpoints overall about energy use, production, renewables, and global trade remains firmly anchored to an era that ended roughly a decade ago. Moreover, it’s astonishing that anyone who was watching markets a decade ago could possibly think the US Dollar is headed for trouble today. The US will become energy independent by 2019, according to the TerraJoule.us forecast. While the swings in fossil fuel trade are the driver for this change, the gains in renewables that will start hitting harder in the latter part of the decade will perfect and ensure this new era. Energy independence has typically been a subject for geo-political analysts. However, for our purposes, it’s the effects on the US Dollar and the impact on energy transition more broadly which are the main concerns for energy-focused investment, and the energy mix to 2020.

    • Nepal needs ‘sustainable aid’, says water charity

      In the aftermath of the 7.3-magnitude tremor in Nepal this week, Seattle-based NGO Splash has launched a campaign to raise $500,000 (£320,000) for its water projects in Kathmandu.

  • Finance

    • The Future of Jobs and Wages: A Conversation with Economist Richard Wolff

      WTO, TPP, NAFTA, CAFTA, and a host of trade agreements are causing America to hemorrhage jobs and the resultant downward pressure on wages. Add the productivity gains realized from automation and technology and the future of jobs in America looks pretty bleak. The government is cutting back on social programs and privatized welfare systems dependent upon the whims of the wealthy didn’t work for Louis the XVI or any other aristocracy throughout history. How will American workers support their families and keep our economy vibrant? There is a way but it will take courage. However, the long-term benefits are sustainable and fair. Professor Wolff talks to Tim Danahey and tells us how.

    • European Union VAT and my bookstore

      I really, really dislike this, but EU law leaves me no choice. I’m not comfortable blatantly ignoring tax law. I don’t think the EU could really do anything to me, but I wouldn’t be shocked if a future EU-US treaty were to suddenly make me responsible for years of back VAT. And I would like the option of visiting the EU in the future, rather than risk trouble because I’m evading taxes.

  • PR/AstroTurf/Lobbying

    • Groups Add to Evidence in “Whistleblower” Tax Fraud Claim Against ALEC

      Common Cause and the Center for Media and Democracy sent federal authorities new evidence today that the American Legislative Exchange Council (ALEC) is falsely passing itself off as a tax-exempt charity and effectively using taxpayer dollars to subsidize its lobbying on behalf of private interests.

      Common Cause filed a supplement to its three-year-old tax whistleblower complaint against ALEC, and the two groups sent a joint letter to Internal Revenue Service Commissioner John Koskinen demanding an investigation, collection of fines and back taxes, and the revocation of ALEC’s status as a tax-exempt charity. Supporting evidence available here.

  • Censorship

    • Greatest Threat to Free Speech Comes Not From Terrorism, But From Those Claiming to Fight it

      We learned recently from Paris that the western world is deeply and passionately committed to free expression and ready to march and fight against attempts to suppress it. That’s a really good thing, since there are all sorts of severe suppression efforts underway in the west – perpetrated not by The Terrorists but by the western politicians claiming to fight them.

  • Privacy

    • Welcome to the ad business, Verizon

      AOL’s fastest-growing business is advertising technology, which few people understand, like, or value.

      In its acquisition announcement this morning, Verizon Wireless declared its $4.4 billion acquisition of AOL, the Internet stalwart, to be a driver of its “over the top,” or Internet-delivered, content strategy.

    • Feds drop case in which cops nailed webcam to utility pole to spy on house

      The Justice Department on Tuesday withdrew its appeal of a lower court’s December ruling that said it was illegal for police to attach a webcam to a utility pole and spy on a suspected drug dealer’s house in rural Washington state for six weeks.

      The government did not comment on its decision to drop the appeal in a brief filing to the 9th US Circuit Court of Appeals.

      The video camera operated 24 hours a day. Footage was synced to the computer of a Kennewick Police Department detective who could operate the camera from afar via its pan-and-zoom capabilities.

  • Civil Rights

Does Anyone Still View Cyanogen as Anything But a Microsoft Proxy?

Posted in Courtroom, Europe, GNU/Linux, Google, Microsoft, Patents at 4:33 pm by Dr. Roy Schestowitz

Android and Microsoft

Image from Android Beat

Summary: The marriage of convenience between Microsoft and Cyanogen helps reaffirm CyanogenMod’s status as a Microsoft Trojan horse which must be rejected

MICROSOFT is assaulting Android from numerous angles at the same time. There is no way Microsoft can compete with Android on technical merit, so Microsoft is, as usual, resorting to underhanded tactics and dirty tricks. Our recent article about Microsoft’s assault on Android says that “Cyanogen is confirmed as a Microsoft Trojan horse also elsewhere, so it’s not merely a rumour.”

Stallman asked us for additional references for that, so we provided a few [1, 2, 3], including one from Microsoft’s unofficial mouthpiece ([1] is from the original announcement). Anyone who still thinks of Cyanogen as an independent company is clearly not paying attention. The days of CyanogenMod are gone; now there’s just a proxy called Cyanogen and it is controlled by Microsoft just like Nokia was controlled by Microsoft after Elop had taken charge.

The announcement which unofficially confirmed Cyanogen’s status as a Microsoft proxy was made a few weeks ago, but we think many of the details are still not entirely clear to some negligent observers. It is not stated explicitly, but basically, CyanogenMod would push Microsoft software at the expense of Google et al. software (also Google/Android partners), turning Android into a sort of “Microsoft Android” — a term which some other sites now casually use as well. Android is facing the threat of a classic embrace extend and extinguish manoeuvre by a Microsoft proxy.

“We are having a fundamental miscommunication,” said Stallman. “The CyanogenMod I have heard of is a system distro. Various people have told me about installing in phones.”

That was well before Microsoft harnessed the popularity of CyanogenMod to attack Android, or to turn it into “Microsoft Android” (same thing which was attempted by Amazon, Facebook, and Nokia).

“You are talking about “CyanogenMod” as some sort of entity which can do things,” said Stallman. “That is a total surprise to me. What relationship exists between those two?”

One predates the other and Microsoft needs CyanogenMod to operate like a company, e.g. Cyanogen. Microsoft requires that in order to manipulate CyanogenMod in this turf war against Google and AOSP (Android Open Source Project).

“I will look at those articles,” said Stallman regarding additional links we sent to him. “Does this mean that when people install CyanogenMod on their phones, it standardly includes Skype etc?”

I recently found out that even some companies like HP preinstall Skype on Android tablets (I found out because I bought one for my parents in law). One has to wonder who pays who and what deals are silently being made, not publicly. With respect to Cyanogen’s CM12.1, I think that their latest release contains many Microsoft apps. I have not downloaded CM12.1 or anything like this to confirm it, but it seems like an inevitability. The announcement from Cyanogen (about the Microsoft deal) was made some weeks ago, so we think some of the details are still not entirely clear (they remain to be seen in practice), but basically, CyanogenMod would push Microsoft software (spyware, or ‘cloud’) into phones. We wrote additional articles about it and will continue to write as new details emerge. More Microsoft spyware and surveillance are being spotted by the media even this month, so whatever Microsoft puts on Cyanogen is likely to be as privacy-infringing as is legally allowed (if not well beyond it).

Stallman has been eager to understand what is happening here. We explained that Microsoft ‘embraces’ Cyanogen to make CyanogenMod a distro through which Cyanogen partners will spread Microsoft spyware, hoping that this adequately explains the relationship. Stallman wanted some broader context though. “It leaves the most important question unanswered,” he wrote to us. “Will the CyanogenMod distro that users install contain these Microsoft apps? Does it contain them now?”

Seeing the confusion here, we clarified a little further; CyanogenMod and Cyanogen are synonyms only in the sense that CyanogenMod (CM), previously a username of the guy who founded the company (Cyanogen), are company-product. A quick historical roundup:

  • CyanogenMod (name of person) uses AOSP (Android Open Source [sic] Project) to make his own fork/derivative of Android{tm}
  • CyanogenMod (self named, like Linus and Linux) becomes popular
  • CyanogenMod (the person) is hired by Samsung
  • CyanogenMod leaves Samsung
  • CyanogenMod establishes a company called Cyanogen
  • Microsoft sues Samsung using patents, compelling it to install Microsoft spyware (by default in Android) in order to attain settlement
  • VCs give money for Cyanogen to develop CyanogenMod
  • Microsoft ‘embraces’ Cyanogen to make CyanogenMod a distro through which Cyanogen partners will spread Microsoft spyware
  • (Coinciding with the above) After much lobbying in Europe, Microsoft paralyses Google and dubs Google apps in Android ‘anti-competitive’. This is accompanied by potential legal action.

We hope this adequately explains the relationship between CyanogenMod and Cyanogen and we hope that Microsoft’s strategy in attacking Google is better understood now. It’s an extension of the “Scroogled” PR campaign that Microsoft has sunk so much money and effort into. Microsoft, being Microsoft, is very focused on annihilating the competition rather creating its own products.

We always recommend Replicant and F-Droid, and have done so for years (even at CyanogenMod’s expense). See our articles from 2013. We sort of foresaw what is happening now, including what Microsoft does to Samsung and other Android distributors at the moment (patents as tools of extortion). According to the press in Taiwan, Microsoft now pressures companies to put Microsoft spyware in their distribution of Android or face patent lawsuits/higher patent royalties. This is extortion, blackmail, abuse of retaliatory means etc.

“I think it would help if the FSF issued some kind of statement regarding Microsoft’s behaviour,” I told Stallman, “[especially the attacks which happen] behind the scenes, countering Orwellian charm offensives that seek to paint/frame Windows as “Open Source” and insist that Microsoft “loves” [GNU/]Linux. What Microsoft has been doing recently sure increased the blood pressure levels of many Free software supporters (I wrote a lot about it this year). A high-authority, facts-based response would perhaps help counter Microsoft’s narrative.”

Open Source Revisionism of GNU and Free Software History

Posted in Deception, FSF, Law at 3:20 pm by Dr. Roy Schestowitz

Richard Stallman
Source: Conference by Richard Stallman, “Free Software: Human Rights in Your Computer” (2014)

Summary: Media mistreatment of the very roots of Free/Open Source software (FOSS), which is now approaching 35 years in age and increasingly thriving

IN recent weeks we have found several ‘news’ articles that gave us cause for concern. Some were shared with Richard Stallman, a regular reader of Techrights, for his views to be expressed and portions of the correspondence can be found here (cautiously redacted to reduce potential animosity/tensions).

It is not unusual, especially these days (age of openwashing), to see the label “Open Source” misused. Not too long ago we identified some very gross distortion of the term “open source” to essentially openwash Facebook’s surveillance ambitions, focusing on poor people. Facebook traffic has sunk pretty badly over the past year (based on Alexa it’s a massive drop), so Facebook is trying really hard to frame/paint itself as “ethical”, even when it tries to expand its surveillance to people too poor to get connected to the Internet. This isn’t altruism, it’s opportunism and malice. It’s definitely not “open source” and the dot org suffix (Internet.org) is clearly inappropriate, not just misleading. “Facebook mistreats its users,” Stallman explained. “Facebook is not your friend, it is a surveillance engine.”

There was also an effort to delete GNU from history — an effort that has gone rather aggressive. Stallman was in the process of speaking to editors who jad allowed this to happen (dumb lawyers called GNU and Stallman’s text “Open source Manifesto” in the article “Open source Manifesto turns 30″). Stallman asked me to show him the original publication site and tell him how to write to them. It wasn’t too clear whether to write to the editor/site or the author/law firm. The former can issue some fixes/corrections, we tend to think, superseding what was contributed by lawyers. The article comes from a formal publication which often publishes patent lawyers’ pro-software patents columns (we have seen over 100 of them over the years). The target audience is lawyers. The latest is no exception to the rule. It is an article by Leech Tishman Fuscaldo & Lampl LLC and the Web site is London-based, with Andrew Teague as the Associate Publisher, Mark Lamb as the Publishing Director, and Chris Riley handling subscriptions. When it was first published Stallman was eager to contact “Either one, or both! [editor and writer] But the sooner the better.” No correction has yet been published. It’s nowhere to be found.

GNU and Free software are 30+ years old. A lot of people contribute to the misconception that it all started when Torvalds released Linux or when the term “Open Source” (not open source intelligence) was coined by the likes of O’Reilly. Watch the “Open Source” O’Reilly nonsense starting the clock more than 10 years later than GNU: “Twenty years ago, open source was a cause. Ten years ago, it was the underdog. Today, it sits upon the Iron Throne ruling all it surveys. Software engineers now use open source frameworks, languages, and tools in almost all projects.”

Rachel Roumeliotis is advertising OSCON 2015 (OS stands for “Open Source”), but she should know about GNU and its age. These people conveniently start the clock when O’Reilly and his henchmen got involved. They want all the credit and they want people not to speak about freedom. Eben Moglen already ranted about this, right on stage in an OSCON event nearly a decade ago.

“This shows how “open source” misses the point,” Stallman wrote to us. “If the frameworks, languages and tools they use are free software, that is good for their freedom. But if what they develop with those is nonfree software, it doesn’t respect our freedom.

“So open source “won” by ducking the important battle.”

Well, the “we already won” attitude (or notion) helps a defeatist’s approach; why fight for more freedom if “we won”? That’s what those people (even developers) who open a MacBook or some ‘i’ device want to happen; some would further insist that Apple and Microsoft are now “open source” players, so “game over”…

We have noticed that Microsoft is now googlebombing with “Windows open source”, promoting the ludicrous notion that it’s now “open” (or gratis), or that it will be so one day. It started about a month ago, maybe two; dozens of articles have served this PR strategy. we wrote some rebuttals and will write another one this weekend. There is a gross distortion of what actually happened and what is happening.

“Stallman was unhappy about the increasing prevalence of proprietary software,” said the aforementioned article From Lexology, “software protected by copyright law and usually licensed on a commercial basis by its owners.”

Yes, but Free software too is protected by copyright law, it’s just twisted into copyleft. “Source code is sometimes licensed under GNU GPL terms,” says the article, “a form of
“copyleft” rather than copyright.”

OK, so surely they know what Free software is and where it comes from. Why proceed with statements like: “The “open source” movement emerged in GNU’s wake. As with GNU, users of
open source code can look at the source code and modify it. However, unlike with GNU, they are not required to share their developments with the world at large.”

“We have noticed many articles throughout this past year or so — including some from Linux Foundation staff — that basically start history in 1991 as if GNU/Linux came out of a vacuum or from Torvalds’ bedroom.”Actually, unless they are using something like the BSD licence, they usually must. Then there are issues like SaaS, which are addressed by the AGPLv3, among other licences. But either way, Free software remains Free software, there is no justification for renaming it “Open Source” and calling the GNU Manifesto “Open source Manifesto”. It’s insulting to those who started the whole thing and wish to receive fair coverage or attribution, at the very least.

The Lexology sites presents some other issues, mostly to do with access, not just paywalls. Stallman asked: “Can you email me the full text of that article? I tried to fetch the page and what I got did not include the text.”

Stallman said he “wrote to them”, but more than a month later the article remains uncorrected, not updated, etc.

Another big load of revisionism (changing history) uses the “Open Source” label to delete GNU from history. Published last month, the article titled “At Birth, Open Source Was About Saving Money, Not Sharing Code” focuses on Torvalds (see feature image) and frames the movement as one that is centered around money. Stallman asked: “Is that someone opinionated who won’t listen to me?”

It is of course worthless asking for a correction when you know in advance none would be made. It later turned out to be part of a broader series of articles, some of which did cover GNU. I personally read several hundreds of items from the author and he’s more into ‘practical’ benefits, so I don’t think it would be worth arguing over. Some people just aren’t fond of freedom in the context of computing.

We have noticed many articles throughout this past year or so — including some from Linux Foundation staff — that basically start history in 1991 as if GNU/Linux came out of a vacuum or from Torvalds’ bedroom. Quite frankly, we think it’s an insult to history. We deem it negligent at best. Of course it leads people to deducing that the success of the system in its entirety is owing to the great “Linux values”, not GNU philosophy.

In summary, in our threads of communication with Stallman we were able to reaffirm that there were factual issues in the “Open Source Manifesto” article (it speaks about the GNU Manifesto) and despite Stallman’s request for correction, nothing has been done by the publishers. It’s like people just don’t wish to speak favourably about freedom in computing. Mac Asay, a Mormon (i.e. more superstition a religion than most other religions), compares Free software people to dangerous religions — a typical smear directed at a largely secular Free software community. Perhaps there are just those who are impossible to please because they are inherently opposed to control over one’s machine and would rather buy digital prisons from Apple than work a little harder to gain control or acquire freedom-respecting tools.

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »

Further Recent Posts

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts