EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.19.15

Links 19/3/2015: Linux Mint Debian Edition RC, OpenSSH 6.8 Released

Posted in News Roundup at 6:39 am by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

Free Software/Open Source

  • Events

    • Kolab Summit 2015: Registration Open, Call for Papers

      The Kolab Collaboration Suite has been adopted by companies and governments around the world, making it one of most successful “poster children” for Free Software and Open Standards. In order to chart the next steps forward, the Kolab community is excited to announce the inaugural Kolab Summit to be held in The Hague on May 2-3, 2015.

    • FOSSASIA 2015 Highlights noticed by me
    • [Event Report] FOSSAsia – 2015
    • FOSS & Accessibility: The New Frontier

      Charlie Kravetz said he was a little nervous at SCALE 13x. Not only had his presentation slides gorped about a week ahead of the expo (he got them back together and working, of course), it was Charlie’s first time speaking in front of a group. And the message he wished to convey in his talk, “Accessibility in Software,” was an important one.

  • SaaS/Big Data

    • Cisco Deepens OpenStack Commitment with Deutsche Telekom

      The convergence of OpenStack-based cloud computing and the telecom industry is continuing apace. We’ve reported on Red Hat’s partnership with Telefonica to drive Network Functions Virtualization (NFV) and telecommunications technology into OpenStack. And we’ve covered Canonical and Juniper Networks’ partnership to oversee co-development of a carrier-grade, OpenStack solution.

    • ApacheCon Shaping Up to Be One of the Best Events of the Year

      The Apache Software Foundation is putting together what looks like it will be one of the better open source events of the year: ApacheCon North America, to be held in Austin, Texas, April 13th – 16th. Austin is a fun place to visit, and the agenda for ApacheCon looks excellent. You can register by March 21st to take advantage of the earlybird pricing and here are more details on the event.

  • Project Releases

    • OpenSSH 6.8 released

      OpenSSH 6.8 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly.

      OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support.

    • OpenSSH 6.8 Brings Big Internal Code Changes

      OpenSSH 6.8 was released this morning and with this version a lot of their internal code was refactored to make OpenSSH more library-like.

    • OpenSSH 6.8
    • OpenSSH 6.8 Is a Major Release That Contains Numerous New Features and Bugfixes

      OpenSSH, the world’s most popular open-source, 100% complete SSH (Secure Shell) protocol that also includes SFTP (Secure FTP) client and server support, has been updated today, March 18, to version 6.8. This release includes a great number of new features and many bug fixes to make OpenSSH more reliable and stable than ever.

  • Licensing

    • GitHub sees support of open source licenses pay off

      When you think of GitHub, you think of open source software. Of course, just putting your code on GitHub doesn’t make it open source; you still need to explicitly choose a license for your code that allows others to use it. A new look at the number of projects on GitHub made available under open source licenses reveals that a significant number of developers aren’t doing that. However, recent efforts by GitHub to encourage project maintainers to license their code and to simplify the process appear to be bearing fruit.

  • Openness/Sharing

    • Forking Bach: Opening classical music to remixes

      Today pianist Kimiko Ishizaka and MuseScore.com made their recording and score of Johann Sebastian Bach’s collection of solo keyboard music, called the Well-Tempered Clavier, available to the public domain so anyone can download and fork it.

      The project is called the Open Well-Tempered Clavier. And of the piano performance, critic Grego Applegate Edwards says, “In all the years, all the versions, I have never heard ‘Book 1′ done better than on the new recording by pianist Kimiko Ishizaka.”

    • OpenPower members reveal open source cloud tech mashups

      OpenPower Foundation members pulled the curtain back on a number of open source cloud datacentre technologies including the first commercially available OpenPower-based server, and the first open server spec that combines OpenStack, Open Compute and OpenPower architectures.

    • Open Data

      • Dutch local government financial data published

        The Open State Foundation has published the budgets and spending data of Dutch local governments for the years 2012-2013. Visitors to the openspending.nl portal can download the raw data, view the data of a specific local government, or compare the data of two governments.

    • Open Hardware

      • Arduino vs. Arduino: What We Know About The Open-Source Hardware Fork

        The original founders of Arduino—the popular programmable DIY electronics kit—appear to have had a falling out. And that might bring about what could be the world’s first open-source hardware fork, a sort of developer schism that’s much more common in the software world.

Leftovers

  • Science

  • Security

    • Security advisories for Wednesday
    • Android Security Gets Better with Lollipop

      Android has been around for years, and it has seen its share of malware, even in Google’s official Play store. Although third-party security vendors had to jump in and come up with a line of defense against ill-intended apps, Google had the inspiration to introduce the Bouncer app-vetting system that kicked malicious apps out of its marketplace.

    • Solutions for Internet of Thieves

      So, almost every company do this appears to be giving ease of use priority over any real security. Besides using static keys and trusting broken SSL connections, they don’t include a way to easily update the firmware or software on these IoT devices. That means 90% of the devices will never be updated. That makes thieves happy.

  • Defence/Police/Secrecy/Aggression

    • Senator Cotton and Warmongers Who Do Not Learn From History

      Do you remember Iraq? How about its capital Baghdad? In the campaign to bring “Democracy” to that nation, the United States and its Western allies were able to utterly destroy that country. Now, the Kurds have their own independent region, the Shi’a control Baghdad and the south, and the Sunnis are somewhere in the northeast and eastern part of the country. Iraqi libraries have been destroyed (Baghdad library being a prime example), its monuments pulverized (the ancient city of Babylon was used as parking lots for US tanks, the national museum of Iraq was looted, and its objects can now be purchased on e-bay). Its power grids, roads, bridges, homes and much more were made extinct. The war to bring “Democracy” to Iraq has brought close to a million deaths and injuries in Iraq and an average death toll of 500 a day since 2008. The country has in a sense lost its cultural, social and moral fabric. That is why Daesh has been created and one can say a truly monstrous group, whose moral stance is unlike anything that we have seen in recent times is ravaging it. They have killed people and destroyed the cultural heritage of that region. One only has to mention the Mosul Museum which held artifacts from ancient Assyria amongst others, and the Mosul library which held the treasures of ancient Christianity in the East, which were all destroyed. According to President Bush, at the time of his tenure, about half a million Iraqis had died, and now the numbers may be closer to seven hundred thousand.

    • Corporate Media Sensationalizes ISIS Threat to US

      Although the “violent bona fides” of ISIS are “not in doubt to anyone paying attention,” Adam Johnson, writing for Fairness and Accuracy in Reporting, notes that, “much of the ISIS threat — namely that which targets the West — has been habitually overstated by an uncritical media.”

    • 89% of Drone Victims in Pakistan Not Identifiable as Militants

  • Transparency Reporting

    • Administration sets record for withholding government files

      The Obama administration set a record again for censoring government files or outright denying access to them last year under the U.S. Freedom of Information Act, according to a new analysis of federal data by The Associated Press.

      The government took longer to turn over files when it provided any, said more regularly that it couldn’t find documents and refused a record number of times to turn over files quickly that might be especially newsworthy.

  • Censorship

    • French Government Starts Blocking Websites With Views The Gov’t Doesn’t Like

      We had been noting, in the wake of the Charlie Hebdo attacks in France, how the country that then held a giant “free speech” rally appeared to be, instead, focusing on cracking down on free speech at every opportunity. And target number one: the internet. Earlier this week, the Interior Minister of France — with no court review or adversarial process — ordered five websites to not only be blocked in France, but that anyone who visits any of the sites get redirected to a scary looking government website…

  • Privacy

    • Cisco posts kit to empty houses to dodge NSA chop shops

      The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers.

    • Dick Cheney on the Dangers of Internet Spying

      The man who implemented an illegal dragnet admits that governments (only authoritarian ones, he suggests? or does the use of such methods make a government authoritarian?) might exert control via the Internet.

      If it weren’t for Cheney’s long history implementing just that type of monitoring (certainly on the rest of the world, and to an extent on Americans), I might think he’d been hanging around with Edward Snowden!

    • Mall of America Security Catfished Black Lives Matter Activists, Documents Show

      Documents obtained by The Intercept indicate that security staff at the Mall of America in Bloomington, Minnesota used a fake Facebook account to monitor local Black Lives Matter organizers, befriend them, and obtain their personal information and photographs without their knowledge.

      Evidence of the fake Facebook account was found in a cache of files provided by the Mall of America to Bloomington officials after a large Black Lives Matter event at the mall on December 20 protesting police brutality. The files included briefs on individual organizers, with screenshots that suggest that much of the information was captured using a Facebook account for a person named “Nikki Larson.”

    • Give Me Your Hackers, Your Journos, Your Activists Yearning To Be Only Lightly Surveilled

      Now the uninitiated reader might have formed the impression that the Tor Browser was just some sort of slick repackaging of Firefox plus some add-ons, and that you can just use the browser of your choice with a suitable proxy setup and quit your BSD.whinging. They might assume that. I used to think that long ago but then I started to look into it and realized it’s a little more involved…

    • Twitter puts trillions of tweets up for sale to data miners

      You are travelling by plane to see your newborn grandchild. As you board the aircraft, the cabin crew address you by name and congratulate you on the arrival of a bouncing baby boy. On your seat, you find a gift-wrapped blue rattle with a note from the airline.

      In Twitter data strategy chief Chris Moody’s vision of the future, companies surprising their customers like this could become an everyday occurrence – made possible because Twitter is listening.

    • Chief Information Officers Council Proposes HTTPS By Default For All Federal Government Websites

      In a long-overdue nod to both privacy and security, the administration finally moved Whitehouse.gov to HTTPS on March 9th. This followed the FTC’s March 6th move to do the same. And yet, far too many government websites operate without the additional security this provides. But that’s about to change. According to a recent post by the US government’s Chief Information Officers Council, HTTPS will (hopefully) be the new default for federal websites.

    • NY Court Orders Sheriff To Reveal Details On Stingray Mobile Phone Surveillance

      For quite some time now, we’ve been covering how various law enforcement agencies have been using “Stingray” (or similar) cell tower spoofing devices to track the public. Beyond the questionable Constitutionality of such mass surveillance techniques, what’s been really quite incredible is the level of secrecy surrounding such devices. We’ve written about how the US Marshals have “intervened” in various court cases to hide info about the use of Stingrays — and even telling local law enforcement to lie about their use of the devices. We’ve written about law enforcement officials claiming “terrorism” as the reason for needing Stingrays, but then using them for everyday law enforcement. We’ve written about the company that makes Stingrays, Harris Corp., forcing police to sign non-disclosure agreements barring them from revealing any info about their use. It also appears that Harris Corp. misled the FCC to receive approval for its mobile tower spoofing capabilities. Some police departments have even withdrawn evidence rather than talk about their use of Stingrays.

  • Civil Rights

How the European Patent Office (Management) is Spying on Its Very Own Staff

Posted in Europe, Patents at 5:14 am by Dr. Roy Schestowitz

Summary: EPO surveillance explained by another source, revealing a connection to Blue Coat, the notorious firm that performs surveillance on behalf of private clients

YESTERDAY we published an unconfirmed report about how the EPO conducts surveillance on staff, which has increasingly turned against the corrupt management. We have since been contacted by more sources, some of which reinforce what we wrote but some refute it. In the interest of accuracy, here is another explanation of how the EPO conducts its notorious surveillance. It has been no secret that the EPO spies on its staff, but some allege that it happens even outside of the workplace.

“The EPO monitors all electronic communications,” said one source, “but the suggestion that traffic may be routed through Moscow is rather fanciful, as they wouldn’t need Putin’s help at all.

“The EPOrg acquired a large B-address block in the 1990s, at the time when IP address were cheap and plentiful, with 65536 endpoints of the form 145.64.xx.xx. These are normally routed either to The Hague or Munich. EPO users are thus rather easy to spot in server log files. (Many EPO online services such as Espacenet now use Amazon web services as a front end, but that’s another story).

“Since a few years, web access from within the EPO is preceded in a flash by another one from 8.28.16.254 (US Pennsylvania), which belongs to an infamous US company called Blue Coat.” See the RSF report for more information. The EPO is acting not much more ethically than the BND or the NSA now. To quote RSF, “American Company Blue Coat, specialized in online security, is best known for its Internet censorship equipment. This equipment also allows for the supervision of journalists, netizens and their sources. Its censorship devices use Deep Packet Inspection, a technology employed by many western Internet Service Providers to manage network traffic and suppress unwanted connections.”

“I have a server with some documents occasionally accessed from the EPO,” said our source, “and I started seeing these weird accessions in my log files. A telltale signature of BlueCoat is the dated browser signature, which is “Mozilla 4.0″, usually followed by garbage or obsolete browser IDs.

“It has been no secret that the EPO spies on its staff, but some allege that it happens even outside of the workplace.”“I have also seen strange accesses to the same documents from other continents which seem to correlate with BlueCoat probes, but even though the coincidences are troubling I can’t quite see the connection or the use of these transfers.

“Try giving a look at your own Techrights.org or schestowitz.com log files.

“You can also perform traceroute to an EPO address, and see where it goes through. My own test do not show anything suspicious, but I don’t live in Russia.”

Curiously enough, one source of DDOS against Techrights.org has been looking like this (from less than one minute ago):

10.0.2.11 – - [19/Mar/2015:02:47:01 -0700] “GET /2011/12/ HTTP/1.1″ 200 148164 “-” “Mozilla/4.0 (compatible;)”
10.0.2.11 – - [19/Mar/2015:02:47:00 -0700] “GET /2013/11/ HTTP/1.1″ 200 136439 “-” “Mozilla/4.0 (compatible;)”

These requests basically hit the site almost every second, demanding about 8 aggregated articles (very greedy) at an alarmingly high pace, thus inducing very high load on the server. In addition to that, there are many cracking attempts (several per second, with increase at times of important releases about EPO). As every systems administrator ought to know (I do this also for a living, as part of my daytime job), determining the source of a DDOS attacks of cracking is very hard, especially if one pursues 100% certainty and has no privileged access to routers (like governments have). Let’s leave it all an open question.

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts