01.05.18

Links 5/1/2018: Elive 2.9.22 Beta, Ubuntu 17.10 Re-Released Next Week

Posted in News Roundup at 11:29 pm by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

  • Desktop

    • 7 Best Linux Distributions for Desktop/Laptop 2018

      This would be our first article in 2018 and happy to present you a list of the best Linux distributions to add to your favorite list in 2018 for your Desktop/Laptop, it is important to note that there is no such thing as “best” Linux distribution. People have different tastes which vary from UI experience to the feature set provided by a Linux distribution. As an example, a newbie will have a different preference from an advanced Linux administrator who has worked with a distribution like Gentoo and is obsessed with Linux CLI administration.

      If you’re not sure about a Linux distribution to use, It’s best to test them on VirtualBox or VMware Workstation, you’ll definitely fall for one that suits your needs and preferences.

    • Dell XPS 13 with Ubuntu — The Ultimate Developer Laptop of 2018!

      I’m the proud owner of a new Dell XPS 13 Developer Edition (9630) laptop, pre-loaded from the Dell factory with Ubuntu 16.04 LTS Desktop.

      Kudos to the Dell and the Canonical teams that have engineered a truly remarkable developer desktop experience. You should also check out the post from Dell’s senior architect behind the XPS 13, Barton George.

    • Dell releases Ubuntu Linux-based XPS 13 Developer Edition (9370) laptop

      If you want a computer pre-loaded with a Linux-based operating system, you can never go wrong with System76. After all, that company focuses entirely on Linux — it does not sell Windows machines at all. Hell, System76 even maintains its own Ubuntu-based operating system called Pop!_OS. By supporting that company, you are also supporting the overall Linux community.

      System76 is not the only company selling Linux-powered computers, however. Despite being a major Microsoft partner with Windows, Dell also sells desktops and laptops pre-loaded with Ubuntu. One of the company’s most impressive computers is the svelte XPS 13 laptop. Dell sells a version with Ubuntu that it dubs “Developer Edition,” but non-developers can, of course, use it too. Today, the company announces the the 7th-generation version of this notebook. The 9370, as it is called, can be purchased immediately.

    • Announcing the Dell XPS 13 Developer Edition 9370 with Ubuntu

      We’re excited to see Dell announce the availability of the 7th gen XPS 13 Developer Edition (9370) which comes preloaded with Ubuntu. Canonical have been part of Dell’s Project Sputnik project since Day 1, and five years later we are delighted to see it continue. In fact, our VP of Product Dustin Kirkland was one of the three original developers (or cosmonauts) who provided input into this project and has left some thoughts five years later in his blog.

    • Dell’s new XPS 13 – the ultimate Linux laptop?

      he new Dell XPS 13 (2018) is a compelling Ubuntu laptop. It has a smaller footprint, yet bigger performance. We look at the specs, price and release date.

  • Server

    • Twistlock 2.3 Advances Container Security with Serverless Support

      Container security vendor Twistlock released version 2.3 of its container security platform on Jan. 3, including new features to help protect container workloads.

      Among the new features in the Twistlock 2.3 release in an improved Cloud Native App Firewall (CNAF), per-layer vulnerability analysis functionality, application aware system call defense and new serverless security capabilities.

    • Amazon launches its own open-source OS ‘Linux 2′ for enterprise clients

      In a deviation from its earlier policy of not permitting its cloud services users to run operating systems on its clients’ servers, Amazon has since launched its own version of the Linux OS, according to a report in VCCircle. This move by Amazon Web Services is seen as a response to rivals Oracle and Microsoft who have been offering what is known as Hybrid technology to their clients in which the open platform OS Linux can be used by the clients availing cloud services to run many other programs, on their own severs as well as on the cloud.

      Up to now, Amazon did not provide this facility to its clients directly. Only the Amazon-owned data centers were permitted to run these OSs.

    • Five Linux Server Distributions to Consider in 2018

      These five tried-and-tested Linux server distributions top our list for distros to consider for the data center or server room.

    • Get Started with Spinnaker on Kubernetes

      In the last previous installment of the series, we introduced Spinnaker as the multicloud deployment tool. We will explore how to setup Spinnaker on the Kubernetes open source container orchestration engine and deploy your first application through it.

      In this tutorial, I will walk you through how to setup and configure Spinnaker on Minikube. Once it is up and running, we will deploy and scale a containerized application running in Kubernetes.

      Spinnaker is usually installed in a VM running Ubuntu 14.04 LTS. Thanks to the Helm community, it is now available as a Chart to install with just one command.

    • Know when to implement serverless vs. containers

      Serverless computing is either the perfect answer to an application deployment problem or an expensive disaster waiting to happen.

      VMs, containers and serverless architecture all have distinct pros and cons, but serverless might break everything if the applications aren’t suited for that deployment architecture. To prevent an implosion in IT, give developers an educated assessment of serverless vs. containers for new deployments.

    • Amazon counters hybrid cloud model with Linux 2: Amazon launches next Linux server OS

      Amazon Web Services (AWS) recently launched Linux 2, with access to the latest 4.9 LTS kernel. According to the company, the newest version “provides a high performance, stable, and secure execution environment for cloud and enterprise applications.” The system includes five years of long-term security support and access to software packages through the Amazon Linux Extras repository. It is currently available for all AWS regions.

  • Kernel Space

    • Linux 4.14.12
    • Linux 4.9.75
    • Linux 4.4.110
    • CES preview: Back to the future

      Toyota will showcase its Linux-based infotainment platform that will be included in the 2018 Camry. Automotive Grade Linux is an open-source project by The Linux Foundation, which is the official authority of one of the foundational programming languages for modern computing.

    • Linux Foundation

      • Hyperledger 3 years later: That’s the sound of the devs… working on the chain ga-a-ang

        The Linux Foundation’s Hyperledger project was announced in December 2015. When Apache Web server daddy Brian Behlendorf took the helm five months later, the Foundation’s blockchain baby was still embryonic. He called it “day zero.”

        Driving Hyperledger was the notion of a blockchain, a distributed ledger whose roots are in digital currency Bitcoin, for the Linux ecosystem – a reference technology stack that those comfortable with a command line could experiment with and build their own blockchain systems and applications.

        Behlendorf, the project’s executive director, said upon assuming command in May 2016: “There are lots of things that we want to see built on top.”

    • Graphics Stack

      • AMD Posts Last KFD Kernel Patches For Discrete GPUs, Needed For Upstream ROCm

        AMD has posted their remaining patches for now for getting the discrete GPU support upstream in the AMDKFD “Kernel Fusion Driver” that is part of their ROCm compute stack.

      • Xilinx ZynqMP DisplayPort DRM/KMS Driver Posted

        Xilinx is interested in contributing the latest DRM/KMS driver upstream.

        Xilinx has developed a new DRM/KMS driver for their DisplayPort sub-system that is part of their ZynqMP SoC. The Xilinx ZynqMP SoC has a full display pipeline and two planes and DisplayPort 1.2 encoder.

      • Tessellation Shaders Land For RadeonSI NIR Backend

        The work led by Valve Linux driver developer Timothy Arceri on adding tessellation shader support to RadeonSI’s NIR code-path has been merged to Mesa 17.4-dev Git.

        RadeonSI Gallium3D has been working on a NIR back-end for eventually supporting SPIR-V ingestion as needed for OpenGL 4.6 compliance with code sharing with the RADV Vulkan code. Eventually though RadeonSI may eventually switch to using NIR completely as its intermediate representation. But before that can happen, the RadeonSI NIR support needs to get to parity with its existing OpenGL support when tied to TGSI IR.

      • Broadcom’s Open-Source VC5 OpenGL & Vulkan Support Improving

        Broadcom open-source driver developer Eric Anholt has written his first status update on the VC5 driver activities of the new year.

        VC5 is the new Broadcom GPU capable of Vulkan and much greater OpenGL capabilities than the VC4 graphics processor most well known for being within current-generation Raspberry Pi devices. Eric has been working on the bring-up of the open-source VC5 driver stack for the past half-year and he continues making progress on getting the VC5 OpenGL Gallium3D driver closer to parity to the long-standing VC4 driver as well as working on “BCMV” as the new Broadcom Vulkan driver still in its early stages.

      • NVIDIA Mainlining Tegra186 DRM Support For Linux 4.16

        Nearly one year after rolling out the Jetson TX2 developer board with the “Tegra186″ SoC, the Tegra DRM driver in Linux 4.16 will finally be offering basic display support with this open-source driver.

        NVIDIA has finished prepping the Tegra186 support for their Tegra DRM driver, which is around 4,000 lines of new code or a net gain of 2k. But at this stage the Tegra DRM driver for Linux 4.16 will only support driving displays via HDMI with Tegra186 as DisplayPort and DSI interfaces have yet to be implemented in the driver for this latest SoC.

    • Benchmarks

      • Linux KPTI Tests Using Linux 4.14 vs. 4.9 vs. 4.4

        Yet another one of the avenues we have been exploring with our Linux Page Table Isolation (KPTI) testing has been looking at any impact of this security feature in the wake of the Meltdown vulnerability when testing with an older Linux Long Term Support (LTS) release. In particular, when using a kernel prior to the PCID (Process Context Identifier) support in the Linux kernel that is used to lessen the impact of KPTI.

  • Applications

  • Desktop Environments/WMs

    • K Desktop Environment/KDE SC/Qt

      • Babe Music Player Is Getting a Mobile-Friendly Qml Port

        It’s been almost a year since I publicly stood in front of you all to coo over the Qt-based Babe music player — and now I’m back to coo at it some more.

        You can blame Babe developer Camilo Higuita. He’s shared a new video of his app that has me excited. The clip, which is embedded above, demos the ‘initial work’ he’s made on a Qml port of the Babe that uses Kirgami.

  • Distributions

    • The Best Linux Distributions for 2018

      It’s a new year and the landscape of possibility is limitless for Linux. Whereas 2017 brought about some big changes to a number of Linux distributions, I believe 2018 will bring serious stability and market share growth—for both the server and the desktop.

      For those who might be looking to migrate to the open source platform (or those looking to switch it up), what are the best choices for the coming year? If you hop over to Distrowatch, you’ll find a dizzying array of possibilities, some of which are on the rise, and some that are seeing quite the opposite effect.

      So, which Linux distributions will 2018 favor? I have my thoughts. In fact, I’m going to share them with you now.

      Similar to what I did for last year’s list, I’m going to make this task easier and break down the list, as follows: sysadmin, lightweight distribution, desktop, distro with more to prove, IoT, and server. These categories should cover the needs of any type of Linux user.

      With that said, let’s get to the list of best Linux distributions for 2018.

    • Red Hat Family

      • CentOS Linux Receives Security Updates Against Meltdown and Spectre Exploits

        Free Red Hat clone CentOS Linux has received an important kernel security update that patches the Meltdown and Spectre exploits affecting billions of devices powered by modern processors.

      • Grab scales to meet business demands with open source IT automation and management

        By deploying Red Hat Ansible Tower, an enterprise open source IT automation and management solution, Grab increased its app uptime to 99.99%, reduced development and deployment time, and streamlined infrastructure management with role-based access and automated deployments. As a result, Grab’s users can access the app when needed, and its IT teams can ensure systems are stable and scale to match feature and user base growth.

      • Beta Testing in the Ever-Changing World of Automation

        The International Standards Organization (ISO) has been focused on the standards around quality versus usability over time. In 1998 ISO identified efficiency, effectiveness and satisfaction as major attributes of usability. In 1999 a quality model was proposed, involving an approach to measure quality in terms of software quality and external factors. In 2001 the ISO/IEC 9126-4 standard suggested that the difference between usability and the quality in use is a matter of context of use. ISO/IEC 9126-4 also distinguished external quality versus internal quality and defined related metrics. Metrics for external quality can be obtained only by executing the software product in the system environment for which the product is intended.

        This shows that without usability/human computer interaction (HCI) in the right context, the
        quality process is incomplete. The context referred to here is fundamental to a beta test where you have real users in a real environment, thereby making the case of the beta test stronger.

        Beta Testing Challenges

        Now that we know why beta testing is so very critical, let’s explore the challenges that are involved with a beta stage.

        Any time standards are included, including ISO/IEC 9126, most of these models are static and none of them accurately describe the relationship between phases in the product development cycle and appropriate usability measures at specific project milestones. Any standard also provides relatively few guidelines about how to interpret scores from specific usability metrics. And specific to usability as a quality factor, it is worth noting that usability is that aspect of quality where the metrics have to be interpreted.

      • OpenShift Commons Briefing #112: Kubernetes 1.9 Release Update with Derek Carr (Red Hat)

        In this briefing, Red Hat’s Derek Carr talks us through the recent Kubernetes 1.9 release features and functions and reviews what is in the works for release 1.10. The briefing is a great guide to the 1.9 Release which went out the door at the very end of 2017. The 1.9 release had a strong focus on fixing bugs, maturing existing features to beta or stable. For Kubernetes 1.9, “Stability” is a key feature with an emphasis on refining, polishing, scale, and tightening up production matters.

      • Red Hat’s Latest Nouveau Developer Posts Updated NIR Code

        Not only is RadeonSI working on NIR support but Red Hat has begun working on NIR support for the open-source NVIDIA “Nouveau” driver as part of a compute effort and possible Vulkan support in the future.

        As written about last month, longtime Nouveau contributor Karol Herbst has joined Red Hat and his first public-facing project is developing NIR support for Nouveau. In the original patch series Karol explained he’s working on NIR support for Nouveau in order to get SPIR-V (the Vulkan / OpenCL IR) support moving. Their expressed focus right now is on SPIR-V compute support but this would also be a step towards Vulkan for this open-source, reverse-engineered NVIDIA Linux graphics driver.

      • Finance

      • Fedora

        • Fedora 28 To Work On Better VirtualBox Integration, Hardening Packages & Stronger Crypto

          With more developers returning to their activities after the holidays, feature work on Fedora 28 is heating up.

          Recently proposed for Fedora 28 include:

          VirtualBox Guest Integration – This is aobut having the VirtualBox guest drivers and tools ship by default in Fedora Workstation. This is part of an effort by Red Hat for getting more of the VirtualBox drivers mainlined in the Linux kernel. Basically if all goes well this means a smoother out-of-the-box experience when running Fedora on top of Oracle VM VirtualBox.

        • ABRT team: Link to FAF directly from Fedora Packages
        • Fedora 28 Taking To Modularizing Their Anaconda Installer

          When talking about the Fedora/RedHat Anaconda installer it still brings back bad memories from the Anaconda fallout a few years ago when they went through some painful transitions that also led to release delays. In 2018, Fedora/RedHat developers are taking up the initiative of modularizing the Anaconda installer.

          For the Fedora 28 release due out this spring, the plan is to split the Anaconda installer into several modules that in turn will communicate with eachother using a DBus API. The modularization effort sounds nice as long as it goes smoothly and doesn’t lead to any fallout like with past Anaconda overhaul initiatives (though admittedly Anaconda has been playing nicely the past number of releases and no complaints on my end currently).

    • Debian Family

      • Derivatives

        • Elive 2.9.22 beta released

          The Elive Team is proud to announce the release of the beta version 2.9.22
          This new version includes:

          Keyboard typing to support special languages like Korean, Japanese, Chinese, Vietnamese. If you need an extra Ibus configuration contact us with the details needed
          Network access to your local machines using hostname.local
          Numpad always enabled option in installation
          Desktop right click is assigned to an amazing launcher
          Designs shadow fix, borders more white, less pixelated icons in menus, much improved menus and userfriendly, misc overall improvements
          Userfriendly better organized menus, more friendly icons and names, improved description for the dock launchers

        • Canonical/Ubuntu

          • Ubuntu will fix Meltdown and Spectre by January 9th

            Ubuntu, perhaps the most popular Linux distribution, on the desktop, which has multitudes of other distributions depending on it to send out security updates, has announced that it will update the kernels of all supported releases in order to mitigate the newly publicly disclosed Meltdown and Spectre vulnerabilities, by January 9th.

          • Ubuntu 17.04, the Last Release with Unity 7, Reaches End of Life on January 13

            Canonical announced today that it’s putting an end to the support offered by the Linux company for its Ubuntu 17.04 “Zesty Zapus” operating system next week on January 13.

            Launched last year on April 13, Ubuntu 17.04 was a powerful release, both inside and outside, running the latest (at that time) stable Linux 4.10 kernel series and shipping with an up-to-date graphics stack based on Mesa 17.0 and X.Org Server 1.19 series. It was also the last Ubuntu release to ship with the Unity 7 desktop by default.

            “As a non-LTS release, 17.04 has a 9-month support cycle and, as such, will reach end of life on Saturday, January 13th,” says Steve Langasek, Engineering Manager, Ubuntu Foundations at Canonical. “At that time, Ubuntu Security Notices will no longer include information or updated packages for Ubuntu 17.04.”

          • Ubuntu 17.04 (Zesty Zapus) reaches End of Life on January 13, 2018
          • Canonical Plans to Release Ubuntu 17.10 Respin ISOs for All Flavors Next Week

            Canonical announced on Friday that it plans to release the promised respin ISO images of the Ubuntu 17.10 (Artful Aardvark) operating system early next week on January 11.

            The announcement comes minutes after Canonical announced the end of life of its Ubuntu 17.04 “Zesty Zapus” operating system on January 13, 2018, saying that it’s beneficial to have Ubuntu 17.10 images available in the face of the impending EOL for Ubuntu 17.04, as users will need to upgrade their installations.

            Last month, several users reported broken BIOSes due to a bug in the Ubuntu 17.10 installation images. Laptops from Lenovo, Acer, and Toshiba were affected by the issue, which locked users out of their BIOS settings. The bug could make user’s system unbootable even if the image was booted in live mode.

          • Exceptional respins of Ubuntu 17.10 media; call for testing
          • Ubuntu 17.10 To Be Re-Released Next Week

  • Devices/Embedded

    • January 2018 catalog of hacker-friendly SBCs

      This catalog accompanies our January 2018 round-up of hacker-friendly SBCs. Here, we provide brief descriptions, specs, pricing, and links to further details for all 103 SBCs.

      Our January 2018 hacker-friendly single board computer round-up comprises three resources: an overview of recent SBC market trends; this catalog, which provides descriptions, specs, pricing, and links to related LinuxGizmos coverage and supplier product pages for all 103 SBCs; and a Google docs spreadsheet that tabulates the key features and pricing for all 103 boards. Links to all three parts of our round-up are in the box below.

    • Ringing in 2018 with 103 hacker-friendly SBCs

      Welcome to our latest biannual round-up of hacker-friendly single board computers that run Linux or Android. Included are a brief review of recent SBC market trends, a catalog with key features, specs, and pricing of each SBC, and a table comparing them all.

      Relative to our June report, which was accompanied by a reader survey co-sponsored with Linux.com, our latest hacker-friendly single board computer (SBC) round-up has grown from 98 to 103 boards. Although there’s no survey here, we invite your comments in the discussion area at the bottom of this post.

      There are three parts to this round-up: this post, which provides an overview of recent SBC market trends and discusses our latest crop of hacker-friendly SBCs in general terms; a catalog post with brief descriptions, specs, pricing, and links to related LinuxGizmos coverage and supplier product pages for all 103 SBCs; and a Google docs spreadsheet that tabulates key features and pricing for all 103 boards. Links to each are in the box below.

    • RISC-V Foundation Trumpets Open-Source ISAs In Wake Of Meltdown, Spectre

      The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre and, in the wake of those bugs, stressed the importance of open-source development and a modern ISA in preventing vulnerabilities.

      In consumer computing, we usually only hear about two instruction set architectures (ISA): x86 and ARM. Classified as a complex instruction set, x86 dominates the desktop and server space. Since the rise of smartphones, however, reduced-instruction-set (RISC) ARM processors have dominated the mobile computing market. Beyond x86, there aren’t many complex instruction sets still in use, but there are still many relevant RISC designs despite ARM’s seeming ubiquity.

      The lesser known RISC-V ISA is among those being developed to take on ARM. It was created in the University of California, Berkeley and is unique because it’s open-source. The ISA is actively being worked on and is now overseen by the RISC-V Foundation, which includes companies such as AMD, Nvidia, Micron, Qualcomm, and Microsoft. An ISA alone doesn’t define a CPU design, though. RISC-V being open-source means that anyone is free to build their own CPU to implement the ISA, or their own compiler to build software that can run on RISC-V CPUs.

    • WHY RASPBERRY PI ISN’T VULNERABLE TO SPECTRE OR MELTDOWN

      Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel’s address space (which should normally be inaccessible to user programs).

      Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities, because of the particular ARM cores that we use.

      To help us understand why, here’s a little primer on so

    • All Raspberry Pi Devices Are Immune to the Meltdown and Spectre Vulnerabilities

      Just in case you were wondering, Raspberry Pi Foundation founder Eben Upton confirmed today that none of the Raspberry Pi devices are affected by the recently disclosed Meltdown and Spectre vulnerabilities.

      Earlier this week, two major hardware bugs were unearthed in modern processors, affecting almost all devices powered by some CPUs from Intel, AMD, or ARM made in the past two decades. The Meltdown and Spectre vulnerabilities are considered the worst chip flaw ever discovered, putting billions of devices at risk of attacks.

    • You know what’s not affected by Meltdown or Spectre? The Raspberry Pi

      One or more of the security vulnerabilities disclosed this week affect nearly every modern smartphone, PC, and server processor. Intel processor are vulnerable to both Meltdown and Spectre attacks. AMD chips are vulnerable to Spectre attacks. And the ARM-based processors that are used in most modern smartphones can fall prey to a Spectre attack as well.

    • Hackable, Rockchip-based media player also offers NAS and retro gaming

      Cloud Media’s open source “Popcorn Hour Transformer Media Computer / NAS” computer is based on Pine64’s RK3328-based Rock64 SBC, and supports Linux and Android media player, NAS, and retro gaming.

      Cloud Media has spun a new variant of its Popcorn Hour media player that is open source in hardware and software thanks to its mainboard: Pine64’s open source, quad-core Cortex-A53 Rock64 SBC. It’s available in a Media Computer and NAS (network attached storage) version for the same price of $95.90 (2GB LPDDR3/16GB eMMC) or $115.90 (4GB/32GB), not counting SATA storage.

    • Tizen

    • Android

Free Software/Open Source

  • Cable’s Open Source Flirtation Heats Up

    CableLabs , the heart of cable research and development, has created its own OpenStack platform called the SDN/NFV Application Development Platform and Stack project, or SNAPS for short. That in itself isn’t news — SNAPS has been around since 2016 — but the organization also introduced two related projects as part of its open source effort just three weeks ago. And CableLabs’ lead architect for wired technologies, Randy Levensalor, opened up even more recently about how his team’s approach differs from some of the NFV strategies undertaken by telecom operators when the virtualization craze first took hold.

  • Web Browsers

    • Mozilla

      • Mozilla & Mr. Robot – Insert Freedom Here

        A few weeks ago, Mozilla finally showed us its true skin. No more illusions about its feel-goodie world-loving efforts. Yet another shark in the pond, after its share of filthy dimes. One day, there will be a new browser, and it will be something nice and cool and unspoiled by greed just yet. That will be the moment when I say goodbye to Firefox. For now, it’s still the least annoying turd in the pile, and I’m exercising my rather futile civil duty to complain.

        In a world without real choice, the best you can do, short of a proper bloody revolution, is to bitch and moan and tell your story. Luckily, this seems to work well. If there’s one good use to social media, it’s blowing things out of proportion and making viral, tidal waves of feces. Harness that power. Fight back. Remember, there IS such a thing as bad publicity. When it hits their pocket, you know you’re on the right track. So once again, thank you Mozilla for molesting my browser. Stay fake.

      • Mozilla statement on breach of Aadhaar data

        Mozilla is deeply concerned about recent reports that a private citizen was able to easily access the private Aadhaar data of more than one billion Indian citizens as reported by The Tribune.

        [...]

        Mozilla has been raising concerns about the security risks of companies using and integrating Aadhaar into their systems, and this latest, egregious breach should be a giant red flag to all companies as well as to the UIDAI and the Modi Government.

      • Lessons from the impl period
      • Looking back at Bugzilla and BMO in 2017

        Recently in the Bugzilla Project meeting, Gerv informed us that he would be resigning, and it was pretty clear that my lack of technical leadership was the cause. While I am sad to see Gerv go, it did make me realize I need to write more about the things I do.

  • Databases

    • The State of VACUUM

      In a recent blog post, I talked about why every system that implements MVCC needs some scheme for removing old row versions, and how VACUUM meets that need for PostgreSQL. In this post, I’d like to examine the history of VACUUM improvements in recent years, the state of VACUUM as it exists in PostgreSQL today, and how it might be improved in the future.

      When I first began using PostgreSQL, autovacuum did not exist, and I was not aware of the need for manual VACUUM. After a few months (!), I wondered why my database was so slow. Putting a vacuumdb command in cron, scheduled to run every 6 hours, was sufficient for my needs at the time, but it only worked because my database was small and handled a limited amount of traffic. In many environments, UPDATE and DELETE operations will target some tables much more often than others, and therefore some tables will accumulate dead row versions much more quickly than others, and therefore the interval between one VACUUM and the next should also vary. If a user with this kind of environment were to run a full-database VACUUM frequently enough to meet the needs of their most heavily-updated tables, they would VACUUM lightly-updated tables far more often than necessary, wasting effort. If they were to reduce the frequency of the full-database VACUUM to avoid wasting effort, heavily updated tables wouldn’t get vacuumed often enough and their on-disk size would grow as they filled up with dead row versions, otherwise known as “bloat”.

  • CMS

    • 3 flexible tools for managing hotel reservations and more

      Rezgo is a web-based reservation system that’s designed specifically for tour and activity operators. It provides tour management solutions (such as online booking engines) and supports integration with popular booking engines such as Expedia and Travel Advisor. Rezgo focuses on increasing business efficiency, with no limits on users, bookings, or features for its products. Rezgo’s open source booking engine is available for inspection and download at GitHub. It is built with PHP using the Twitter Bootstrap CSS framework and AJAX. You’ll find Rezgo easy to work with if you’re comfortable with XML API development, PHP, AJAX, and CSS.

  • Education

    • A school in India defies the traditional education model

      Located in a sleepy village just two hours away from the bustling metropolis of Mumbai is a school that defies traditional educational models by collaboratively owning, building, and sharing knowledge and technology. The school uses only open source software and hardware in its approach to learning, and takes pride in the fact that none of its students have used or even seen proprietary software, including the ubiquitous Windows operating system.

      The Tamarind Tree School, located in Dahanu Taluka, Maharashtra, India, is an experiment in open education. Open education is a philosophy about how people produce, share, and build on knowledge and technology, advocating a world in which education is for social good, and everyone has equal opportunity and access to education, training, and knowledge.

  • Pseudo-Open Source (Openwashing)

    • 20 years of the Open Source Initiative (OSI)

      No openwashing, thanks

      With so many vendors claiming to have ‘got the open religion’ but in fact doing nothing more than openwashing a few ‘less than key’ elements of their total technology stacks, the OSI says its next goals to promote open source’s viability/value to issues and look for areas where it can promote and champion implementation and what it calls ‘authentic participation’.

  • Funding

    • WP Engine Raises $250M to Grow WordPress Platform

      The open-source WordPress content management system has grown significantly over the last eight years and along with that growth, one of its leading backers, WP Engine, has also grown. On Jan. 4, WP Engine announced it raised a new $250 million round of funding from Silver Lake Partners.

      Silver Lake is well-known in the private equity world; not only did the firm work with Michael Dell to bring Dell Inc. private in 2013, but it also helped fund Dell’s acquisition of EMC in 2015. WP Engine was founded in 2010, with total funding to date now standing at $291 million.

  • Licensing/Legal

    • Enterprise Roles in Open Source Compliance

      There are generally two teams involved in achieving compliance: a core team and an extended team, with the latter typically being a superset of the former. The core team, often called the Open Source Review Board (OSRB), consists of three key representatives from engineering and product teams, one or more legal counsels, and the compliance officer/ open source program office manager.

  • Openness/Sharing/Collaboration

    • What you didn’t know about Creative Commons

      I attended film school, and later I taught at a film school, and even later I worked at a major film studio. There was a common thread through all these different angles of the creative industry: creators need content. Interestingly, one movement kept providing the solution, and that was free culture, or, as it has been formalized, Creative Commons.

  • Programming/Development

    • An introduction to Eclipse MicroProfile

      Enterprise Java has been defined by two players: Spring on one side and Java Enterprise Edition on the other. The Java EE set of specifications was developed in the Java Community Process under the stewardship of Oracle. The current Java EE 8 was released in September 2017; the prior version came out in 2013.

      Between those releases, the industry saw a lot of change, most notably containers, the ubiquitous use of JSON, HTTP/2, and microservices architectures. Unfortunately there was not much related activity around Java EE; but users of the many Java EE-compliant servers demanded adoption of those new technologies and paradigms.

    • ARM Preps ARMv8.4-A Support For GCC Compiler

      ARM Holdings has submitted patches implementing support for the ARMv8.4-A instruction set update for the GNU Compiler Collection (GCC).

      ARMv8.4-A adds a new Secure EL2 state, more cryptographic hashing algorithms are supported by the instruction set, support for Activity Monitors, improved virtualization support, and Memory Partitioning and Monitoring (MPAM) capabilities.

    • GitHub Issue Notifications on Open Source Projects

      Many Open Source Project maintainers suffer from a significant overdose of GitHub notifications. Many have turned them off completely for that.

      We (GitMate.io) are constantly researching about how people handle a flood of incoming issues in our aim to improve the situation by applying modern technologies to the problem. (Oh and we love free software!)

    • Computer Science Pioneer Bjarne Stroustrup to Receive the 2018 Charles Stark Draper Prize for Engineering

      C++’s combination of expressiveness and efficiency surpasses that of other programming languages, making it a popular choice for complex tasks with resource constraints such as game engines, database implementations, control systems, financial services, graphics, networking, and web servers. C++ is now used by approximately 4.5 million programmers around the world and has revolutionized numerous applications — from web services like Google and Facebook to medical systems such as CAT scanners and blood analyses.

    • Splice Hooking for Unix-Like Systems

      We actively use the Unix splice hooking approach described above in projects we create for our clients here at Apriorit, particularly in the area of cybersecurity. We’ve implemented this hook type for a variety of architectures and kernel versions, including x86_64, x86, and ARM in Linux 2.6.32 to 4.10.

      We hope that you find this approach useful and that you’ll be able to use some of the ideas presented in this article for your own hooking needs.

    • Inside the snake pit with ‘angr’ Python framework creator

      Well, angr is a highly modular Python framework that performs binary analysis using VEX as an intermediate representation. The name ‘angr’ is a pun on VEX, since when something is vexing, it makes you angry. It is made of many interlocking parts to provide useful abstractions for analysis. Under the hood, pretty much every primitive operation that angr does is a call into SimuVEX to execute some code.

      All IoT firmware is binary and only vendors have the source code. But often, IoT vendors don’t share source code, so security teams are left to find their own way to analyse the binary code. That means that, if you want to analyse IoT devices for vulnerabilities, then you need good binary analysis tools.

      Binary analysis goals: program verification; program testing; vulnerability excavation; vulnerability signature generation; reverse engineering; vulnerability excavation; exploit generation.

Leftovers

  • Get your SVGs out of your HTML

    How does a data url work? Normally a url in the background of a CSS element would say “go out and grab this asset at a different URL. A “data” url instead encodes all the data needed to render the image without making a new network request. Here’s an example of what one might look like:

  • Security

    • How Hackers Can Read Your Websites’ Passwords Using Meltdown And Spectre [With Solution]

      ​Everyone is talking about Meltdown and Spectre, the two security flaws found in Intel, AMD(less vulnerable) and ARM CPUs. Using the flaws attackers can read system memory which may have your passwords and other sensitive information. The worst part of it is that most systems are affected by it. So you’re most likely affected by these flaws. Let’s see how much an Internet surfer like you is affected by Meltdown.

    • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

      Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

      But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

      Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

    • Linus Torvalds says Intel needs to admit it has issues with CPUs

      Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company’s processors.

    • We translated Intel’s crap attempt to spin its way out of CPU security bug PR nightmare

      In the wake of The Register’s report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google’s security researchers that afternoon.

      To help put Intel’s claims into context, we’ve annotated the text. Bold is Intel’s spin.

    • When F00F bug hit 20 years ago, Intel reacted the same way

      A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

    • Meltdown, Spectre and the Future of Secure Hardware

      Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

      As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

    • KPTI — the new kernel feature to mitigate “meltdown”
    • Check This List to See If You’re Still Vulnerable to Meltdown and Spectre [Updated]

      Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google’s Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory—which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.

      Intel says that it’s working to update all of the processors it has introduced in the last few years. “By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,” the company said in a statement today.

    • Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk

      After a rollercoaster day of speculation on Jan. 3 about a severe Intel chip flaw, Google’s Project Zero research team revealed later that same day details about the CPU vulnerabilities.

      The CPU flaws have been branded as Meltdown and Spectre and have widespread impact across different silicon, operating system, browser and cloud vendors. The Meltdown flaw, identified as CVE-2017-5754, affects Intel CPUs. Spectre, known as CVE-2017-5753 and CVE-2017-5715, impacts all modern processors, including ones from Intel, Advanced Micro Devices and ARM.

    • Major Intel Kernel flaw may impact performance across Linux, Windows and Mac OS

      New reports have surfaced suggesting that there might be a major security flaw with Intel processors launched in the last decade. The harsh part is that patching the issue might slow down the performance of the CPU by up to 30 percent. Intel hasn’t put out an official statement yet, but Linux Kernel patches are being pushed out to all users.

    • Intel facing class-action lawsuits over Meltdown and Spectre bugs

      Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week.

      The flaws, called Meltdown and Spectre, exist within virtually all modern processors and could allow hackers to steal sensitive data although no data breaches have been reported yet. While Spectre affects processors made by a variety of firms, Meltdown appears to primarily affect Intel processors made since 1995.

      Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel’s delay in public disclosure from when it was first notified by researchers of the flaws in June. They also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor.

    • More about Spectre and the PowerPC (or why you may want to dust that G3 off)

      Most of the reports on the Spectre speculative execution exploit have concentrated on the two dominant architectures, x86 (in both its AMD and Meltdown-afflicted Intel forms) and ARM. In our last blog entry I said that PowerPC is vulnerable to the Spectre attack, and in broad strokes it is. However, I also still think that the attack is generally impractical on Power Macs due to the time needed to meaningfully exfiltrate information on machines that are now over a decade old, especially with JavaScript-based attacks even with the TenFourFox PowerPC JIT (to say nothing of various complicating microarchitectural details). But let’s say that those practical issues are irrelevant or handwaved away. Is PowerPC unusually vulnerable, or on the flip side unusually resistant, to Spectre-based attacks compared to x86 or ARM?

    • Measuring the Intel Management Engine to Create a More Secure Computer

      A modern computer has many different avenues for attack—ranging from local user-level exploits to root and kernel exploits, all the way down to exploits that compromise the boot loader or even the BIOS—but for over ten years the Intel Management Engine—with its full persistent access to all computer hardware combined with its secretive code base—has offered the theoretical worst-case scenario for a persistent invisible attack. The recent exploit from the talented group of researchers at Positive Technologies moves that worst-case scenario from “theoretical” to reality. While the proof-of-concept exploit is currently limited to local access, it is only a matter of time before that same style of stack smash attack turns remote by taking advantage of systems with AMT (Advanced Management Technology) enabled.

    • Linus Torvalds Latest Meltdown: “Is Intel Selling Sh*t And Never Willing To Fix Anything?”

      It’s not surprising to hear that the creator of the open-source Linux kernel couldn’t hold his temper after learning that Intel processors are affected by vulnerabilities that date back more than a decade ago. And why not? He has enough power to criticize Intel as the active development of the 26-year-old Linux kernel can’t go forward without him.

    • Linux Kernel 4.14.12 Released to Disable x86 PTI for AMD Radeon Processors

      It was bound to happen sooner or later, so Greg Kroah-Hartman just announced today the release of the Linux 4.14.12 kernel, which disables the x86 KPTI patches for AMD Radeon processors.

      Submitted over the Christmas holidays by AMD engineer Tom Lendacky, the “x86/cpu, x86/pti: Do not enable PTI on AMD processors” patch has landed today in the Linux 4.14.12 kernel, disabling the kernel page table isolation (KPTI) for all AMD Radeon processors, which were treated as “insecure” until now.

    • More Linux Kernel & GCC Patches Come Out In The Wake Of Spectre+Meltdown

      Besides the already-merged Kernel Page Table Isolation (KPTI) patches, other Linux kernel patches are coming out now in light of the recent Spectre and Meltdown vulnerabilities.

      Paul Turner of Google has posted some “request for comments” patches on a “Retpoline” implementation for the Linux kernel. The Retpoline patches are intended for fending off Spectre, the attack that breaks isolation between different applications. Unfortunately the Retpoline patching does add an additional cost to the kernel performance with the overall overhead being reported up to a 1.5% range.

    • KPTI Intel Chip Flaw Exposes Security Risks

      Operating system vendors are rushing to put out a fix for an alleged Intel chip flaw that could be used to exploit systems.

      Intel has not officially disclosed details on the flaw yet, though a patch already exists in the Linux kernel, with patches for Microsoft Windows and Apple macOS expected by Jan. 9. The Intel flaw doesn’t have a branded name at this point, though security researchers have referred to it as both KPTI (Kernel Page Table Isolation) and KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed).

    • Reading privileged memory with a side-channel

      We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

    • Security updates for Friday
    • ​How the Meltdown and Spectre security holes fixes will affect you
    • More details about mitigations for the CPU Speculative Execution issue
    • Purism Says It’s Releasing Patches to Stop Meltdown Attacks in Its Linux Laptops

      Purism’s response to the Meltdown and Spectre security exploits that put billions of devices at risk of attacks came today in the form of a press release with details on the patches for its PureOS operating system.

      If you own a Librem laptop from Purism, chances are it will get a patch to mitigate the Meltdown hardware exploit. The patch, as expected, consists of a kernel update, which users will have to install from PureOS’s software repositories and make sure they reboot their computers for the patch to be correctly installed.

      “Purism’s PureOS, a Free Software Foundation endorsed distribution, is releasing a patch to stop the Meltdown attack, with thanks to the quick and effective actions of the upstream Linux kernel development team,” says Todd Weaver, Founder and CEO of Purism in the press release.

    • PyCryptoMiner ropes Linux machines into Monero-mining botnet

      A Linux-based botnet that has been flying under the radar has earned its master at least 158 Monero (currently valued around $63,000).

    • Python-Based Botnet Targets Linux Systems with Exposed SSH Ports

      Experts believe that an experienced cybercrime group has created a botnet from compromised Linux-based systems and is using these servers and devices to mine Monero, a digital currency.

      Crooks are apparently using brute-force attacks against Linux systems that feature exposed SSH ports. If they guess the password, they use Python scripts to install a Monero miner.

    • AMD PSP Affected By Remote Code Execution Vulnerability

      While all eyes have been on Intel this week with the Spectre and Meltdown vulnerabilities, a disclosure was publicly made this week surrounding AMD’s PSP Secure Processor in an unrelated security bulletin.

      AMD’s Secure Processor / Platform Security Processor (PSP) that is akin to Intel’s Management Engine (ME) is reportedly vulnerable to remote code execution.

    • DragonFlyBSD Lands Fixes For Meltdown Vulnerability

      Linux, macOS, and Windows has taken most of the operating system attention when it comes down to the recently-disclosed Meltdown vulnerability but the BSDs too are prone to this CPU issue. DragonFlyBSD lead developer Matthew Dillon has landed his fixes for Meltdown.

    • Spectre question

      Could ASLR be used to prevent the Spectre attack?

      The way Spectre mitigations are shaping up, it’s going to require modification of every program that deals with sensitive data, inserting serialization instructions in the right places. Or programs can be compiled with all branch prediction disabled, with more of a speed hit.

      Either way, that’s going to be piecemeal and error-prone. We’ll be stuck with a new class of vulnerabilities for a long time. Perhaps good news for the security industry, but it’s going to become as tediously bad as buffer overflows for the rest of us.

      Also, so far the mitigations being developed for Spectre only cover branching, but the Spectre paper also suggests the attack can be used in the absence of branches to eg determine the contents of registers, as long as the attacker knows the address of suitable instructions to leverage.

    • Intel Deploying Updates for Spectre and Meltdown Exploits

      Intel reports that company has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from “Spectre” and “Meltdown” exploits reported by Google Project Zero. I

    • Capsule8 Launches Open Source Sensor for Real-time Attack Detection Capable of Detecting Meltdown

  • Transparency/Investigative Reporting

    • ‘US needs free press, but has media subservient to Clinton-Obama interests’

      There is a long-standing collusion between the mainstream media and the people in power loyal to the Clintons and the Obamas, who tried to put Hillary Clinton in power as president, investigative journalist Charles Ortel told RT.

      On December 30, WikiLeaks published an e-mail that, it said, showed how the New York Times was providing the State Department and Hillary Clinton with advanced warnings about potentially damaging stories.

  • Environment/Energy/Wildlife/Nature

    • National Bird Day

      Each year, over 45 million Americans take part in birdwatching, spending approximately $41 billion on related trips and equipment—contributing significantly to local communities and the national economy as a whole.

      While avian aficionados admire these special creatures year-round, birds are officially celebrated on National Bird Day—an opportunity to recognize the contributions they make to the health of ecosystems, the economy, and human enjoyment and creativity (just think of how many paintings, songs, and poems are inspired by birds!). January 5, 2018, will mark the 16th annual National Bird Day, and while it’s by no means the only opportunity to make friends of the feathered variety, it’s a good excuse to visit one of the country’s 29 National Estuarine Research Reserves, which are havens for birds and the people who love them.

  • Finance

    • Astounding coincidence: Intel’s CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
    • Intel CEO sold all the stock he could after Intel learned of security bug

      While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were “unrelated” to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That’s a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

    • Death of the American Trucker

      When Donald Trump sidles up to a semi truck, he’s usually selling policy only a plutocrat could love. Campaigning to repeal the Affordable Care Act in March, Trump pinned an iTrucks button to his lapel and honked the horn of a Mack truck outside the White House. “Obamacare,” he said, “has inflicted great pain on American truckers.” In October, at a rally before the “proud men and women of the American Trucking Associations” in Pennsylvania, Trump touted GOP plans to slash corporate taxes by 40 percent and to end “the crushing, horrible and unfair estate tax.” Behind him, positioned for the TV cameras, was an 18-wheeler – emblazoned with an unlikely slogan: truckers for tax reform. He vowed his America First agenda “means putting American truckers first.”

    • Ethereum Price Crosses $1,000 For The First Time To Create New Record

      It’s hard to point out the reason behind this recent rise in Ethereum price. However, as per experts (Via Fortune), this could be due to the push which was given by banking giants who have announced plans to test Ethereum blockchain.

    • Ethereum Rises Above $1,000 for the First Time as Ripple Soars

      Even as the arguable star of 2017 Bitcoin stalls thousands below its all-time high, the third largest cryptocurrency by market value, Ethereum, is soaring to new records Thursday.

      For the first time ever, Ethereum prices rose above $1,000 per unit in early trading Thursday, as investors look increasingly toward alternative currencies such as Ethereum, Ripple, and Litecoin.

    • Ripple Co-Founder Is Now Richer Than Google Co-Founders, Becomes One Of World’s Richest

      Larson holds a 5.19 billion XRP and a 17% stake in Ripple which made him take advantage of XRP’s recent rise. So, in total, he has control over 15.6 billion XRP. As of writing, Larson’s net worth is around $54.2 billion (XRP value $3.48, according to Coinmarketcap). Earlier, the value of XRP reaching $3.84 (net worth $59.9) made him reach just below Mark Zuckerberg who stands fourth on Forbes World’s Richest list.

    • 5 blockchain trends to watch for in 2018

      Few new technologies have raised as much discussion as blockchain. One reason is the controversy, concern, and perceived opportunity around blockchain-based cryptocurrencies such as bitcoin and ether. Another is the growing crop of ventures crowdfunded via initial coin offerings (ICOs).

    • City workers accused of tossing out homeless people’s belongings

      The City of Chicago is being accused of making a heartless attack on the homeless after a video showed crews clearing out a homeless camp along the Kennedy Expressway in the Avondale neighborhood.

      Jeffrey, a homeless Chicagoan, doesn’t have much, but the little that he and several other homeless men did have in the Belmont and Kedzie underpass was hauled off as trash by city cleanup crews Wednesday afternoon.

      A passersby saw what was happening and shot video.

    • Man ordered to stop housing homeless to keep them warm

      A Chicago man who has been helping homeless people get out of the cold by offering “slumber parties” at his home has been ordered to stop helping them.

      City officials are warning Greg Schiller to stop offering “slumber parties” in his basement to homeless people in his neighborhood or else his house will be condemned, NBC 5 reports.

    • Julio Lopez Varona on Puerto Rico’s Predators

      Meanwhile, the New York Times describes the banks and hedge funds that are preying on the situation—scooping up the homes of people unable to pay mortgage, for example—as “bargain hunters.” Different people have very different visions of the way forward for Puerto Rico—depending, to put it simply, on whether you think servicing debt matters more than human beings. It is, as a report from the activist group Hedge Clippers describes it, a story of “pain and profit”—and an important cautionary tale with meaning far beyond the island.

      Julio Lopez Varona works with Hedge Clippers; he’s also the founding organizer with Make the Road Connecticut. We’ll talk with Julio Lopez Varona about those seeking profit in Puerto Rico’s pain, and how we can change that story.

    • Revealed, how a THIRD of Tory donations come from a tiny group of rich men who enjoy lavish dinners with Theresa May

      More than a third of donations to the Tories last year came from a tiny group of super-rich men who enjoy lavish secretive dinners with Theresa May.

      Research reveals how much Britain’s party of government depends on a band of millionaires for survival.

      And it comes despite Mrs May vowing in 2007: “To restore public trust we must remove the dependency of the political parties on all large donors.”

      Labour analysed donations by the 64 people – 62 of them men – who attended ‘Leader’s Group’ dinners, hosted by the Prime Minister and other senior ministers, in the first half of last year.

    • Bitcoin Adoption Rate In Iran Surges Despite Censorship And Protests

      Massive protests erupted across Iran last Thursday, spurred by a stagnant economy and the rising cost of basic necessities. On Wednesday, almost a week later, the BBC reported 21 people were killed in subsequent protests. Iran’s Revolutionary Guards deployed forces to three provinces to quell the anti-government uproar. The government has blocked popular messaging services like Telegram and Signal, in addition to several internet networks. Yet despite censorship and civil unrest, the Iranian bitcoin community is growing rapidly.

    • Iranian Bitcoin Adoption Surges Amid Political Protests and Censorship

      Iran has witnessed widespread protests for the last week, with the media reporting that more than 20 individuals have been killed so far during the demonstrations. The protests have been attributed to popular dissatisfaction with high unemployment, inequality, housing costs, and other economic strains.

      The rebellion has seen the deployment of Iran’s Revolutionary Guard in three provinces, and censorship of numerous online networks – including Telegram and Signal. Despite the restricted access and rolling internet blackouts, Iran’s cryptocurrency community appears to be gaining strength during the turmoil.

  • AstroTurf/Lobbying/Politics

    • Is Facebook Enabling The African Exodus To Europe?

      Firstly, smugglers create accounts and pages on Facebook where they advertise their services and give their phone number, as well as recommend contacting them by WhatsApp application, which guarantees the encryption of messages.

      Secondly, in order to authenticate their message, they publish pictures showing preparations for the journey.

      Thirdly, they publish photos and reports of people who made it to European countries, which is supposed to build trust on the side of potential clients. Important information is also contained in comments under posts. Thanks to them you can find out, among others, who used the smugglers’ services. In this way, through the grapevine, the rumours are spread about planned relocation.

    • Donald Trump Didn’t Want to Be President

      On the afternoon of November 8, 2016, Kellyanne Conway settled into her glass office at Trump Tower. Right up until the last weeks of the race, the campaign headquarters had remained a listless place. All that seemed to distinguish it from a corporate back office were a few posters with right-wing slogans.

      Conway, the campaign’s manager, was in a remarkably buoyant mood, considering she was about to experience a resounding, if not cataclysmic, defeat. Donald Trump would lose the election — of this she was sure — but he would quite possibly hold the defeat to under six points. That was a substantial victory. As for the looming defeat itself, she shrugged it off: It was Reince Priebus’s fault, not hers.

    • The Wolff lines on Trump that ring unambiguously true

      There are definitely parts of Michael Wolff’s “Fire and Fury” that are wrong, sloppy, or betray off-the-record confidence. But there are two things he gets absolutely right, even in the eyes of White House officials who think some of the book’s scenes are fiction: his spot-on portrait of Trump as an emotionally erratic president, and the low opinion of him among some of those serving him.
      Why it matters: Wolff captures the contempt some Trump aides have for the president and his family. Axios’ Jonathan Swan notes that this includes people you see trumpeting their loyalty to him.

      So Wolff’s liberties with off-the-record comments — while ethically unacceptable to nearly all reporters — have the effect of exposing Washington’s insider jokes and secret languages, which normal Americans find perplexing and detestable.

    • ‘He’s totally onboard’: Wolff book describes Trump admin’s collusion with Israel

      Amid the media hype over Steve Bannon’s comments fueling allegations of collusion with Russia, pundits have overlooked an excerpt from the same book that points to collusion between the Trump administration and Israel.

      In the book, titled ‘Fire and Fury: Inside the Trump White House’, author Michael Wolff describes a conversation between former White House chief strategist Steve Bannon and Roger Ailes, the former CEO of Fox News who died in in May 2017.

    • Could It Be? Congress Actually Wants To Do The Right Thing On Electronic Voting!

      One of the topics we’ve talked about longer than any other topic on Techdirt is the problems with basically all electronic voting systems out there. Remember the good old days of Diebold, the well known voting machine maker? We wrote dozens of stories about its insecure machines starting back in 2003 and continued to write about the problems of electronic voting machines for years and years and years. We’ve gone through four Presidential elections since then and lots and lots of other elections — and while the security on e-voting machines has improved, it hasn’t improved that much and still is subject to all sorts of risks and questions. And those questions only serve to make people question the legitimacy of election results.

      And, for all those years, it appeared that basically no one in Congress seemed to have any interest in actually doing anything. Until now. A new bipartisan bill has been introduced, called the Secure Elections Act, that would actually target insecure e-voting machines.

    • Think Tank-Addicted Media Turn to Regime Change Enthusiasts for Iran Protest Commentary

      Since the outbreak of mass demonstrations and unrest in Iran last week, US media have mostly busied themselves with the question of not if we should “do something,” but what, exactly, that something should be. As usual, it’s simply taken for granted the United States has a divine right to intervene in the affairs of Iran, under the vague blanket of “human rights” and “democracy promotion.” (The rare exception, such as an op-ed by ex-Obama official Philip Gordon—New York Times, 12/30/17—still accepted the premise of regime change: “I, too, want to see the government in Tehran weakened, moderated or even removed.”) With this axiom firmly established in Very Serious foreign policy circles, the next question becomes the nature, degree and scope of the “something” being done.

    • Gazing at Iran Through a Distorted Glass

      A truism about U.S. politics and media is that once a foreign leader or a country has been demonized everything written or said about the subject will be skewed to the negative, a rule reflecting Washington’s groupthink and careerism, as ex-CIA analyst Paul R. Pillar notes about Iran.

    • Ohio’s Voter Purge Goes to the Supreme Court: What You Need to Know

      Ohio’s illegal purge practice has disenfranchised thousands already.

      In November 2015, Larry Harmon went to vote on a ballot initiative, only to find that his name was not on the list at his usual polling location.

      He had been purged. The reason? Larry had chosen not to vote in 2012, as he didn’t support either candidate and, he noted, “there isn’t a box on the ballot that says ‘none of the above.’” Larry also did not participate in the 2010 and 2014 midterm elections.

      The right to vote includes the right to decide whether, when, and how to exercise that right. Yet Ohio has adopted a “use it or lose it” policy that violated Larry’s right to choose when to vote, and has disenfranchised thousands of registered, eligible Ohioans.

    • Trump Disbands Sham Election Commission, but Wants Homeland Security to Continue Dirty Work of Voter Suppression

      Good riddance to the fraudulent commission, but we must remain vigilant against what replaces it.

      On Wednesday night, the White House announced that it would disband the Election “Integrity” Commission led by Vice President Pence and Kris Kobach, the Secretary of State of Kansas, citing the refusal of state officials to go along with Kobach’s reckless plan to collect sensitive data on every single voter in the country.

      Donald Trump formed the commission after he falsely claimed that he was the true winner of the national popular vote in the 2016 presidential election, claiming that his nearly 3 million vote deficit was the result of voter fraud. Despite failing to produce any proof of rampant voter fraud, the White House insisted in its statement last night that there is still “substantial evidence” of fraud. The president tweeted this morning that the “System is rigged, must go to Voter I.D.”

      The Trump administration also announced that the Department of Homeland Security will take up the voter fraud cause, and Kobach told Politico that “he expects officials from Immigration and Customs Enforcement and political appointees overseeing that agency to take over the commission’s work and begin efforts to match state voter rolls to federal databases of noncitizen.”

  • Censorship/Free Speech

    • Facebook declines to say why it deletes certain political accounts, but not others

      The fact Facebook has left accounts of other sanctioned individuals untouched suggests the social network may be subject to US government pressure behind the scenes. The company, which has a real name policy on its platform, could easily use screening software to ensure that it doesn’t do business with people or companies on OFAC’s sanctions lists.

    • Rights Groups Raise Alarm Over US Government Role in Facebook’s Selective Censorship

      Civil liberties and digital rights groups are raising concerns over the possible behind-the-scenes influence by the U.S. government in Facebook’s decision to selectively block some sanctioned world leaders from using the social media platform, while allowing others to maintain accounts.

      Facebook deleted the account of Chechen leader Ramzan Kadyrov last week, explaining that the head of the Russian republic had been added to the government’s sanctions list, which bars U.S. companies from providing services to him. Kadyrov has been accused of committing numerous human rights abuses against the LGBT community and his opponents.

    • This ex-NSA hacker is hunting white supremacists and hate groups lurking on Twitter

      Twitter and Facebook say hate speech is a violation of their policies but they also say it can be hard to identify who is engaged in bona fide hate speech and who isn’t.

      Twitter demonstrated the problem earlier this week when it came under fire for blocking a German satirical magazine’s Twitter account after it parodied anti-Muslim comments.

      Enter Emily Crose, a former NSA analyst, cybersecurity professional and former Reddit moderator.

    • German Hate Speech Law Backfires After Twitter Immediately Blocks Satire Account

      2017 was the first year when public sentiment in the West began to shift against media, and large tech companies like Facebook and Google for allegedly enabling “fake news.” While decades of flawed economic policies have resulted in out of control wealth inequality, which has driven the public to populism and nationalism, somehow it is all the content distributors’ fault. But nowhere in the West has the backlash been bigger than Germany, thanks to a compounding refugee crisis that has made the situation worse.

    • Is Germany’s new hate speech law killing press freedom?

      Germany’s tough new social media law was meant to rid Twitter and Facebook of hateful and illegal content. But critics say that at just 96 hours old it is already choking press freedom.

    • Free speech vs. censorship in Germany

      Sophie Passmann is an unlikely poster child for Germany’s new online hate speech laws.

      The 24-year-old comedian from Cologne posted a satirical message on Twitter early on New Year’s Day, mocking the German far right’s fear that the hundreds of thousands of immigrants that have entered the country in recent years would endanger Germany’s culture. Instead of entertaining her more than 14,000 Twitter followers, Passmann’s tweet was blocked within nine hours by the American social media giant, telling users in Germany that Passmann’s message had run afoul of local laws.

    • China’s social media giants want their users to help out with the crushing burden of censorship

      China’s social media giants are ramping up efforts to get their users to turn in people circulating taboo content, as the Communist Party further tightens its grip on the country’s internet.

      On Monday (Jan. 1), China’s tech giant Tencent said it was hiring (link in Chinese) 200 content reviewers to form what the company is calling a “penguin patrol unit,” after the company’s penguin mascot. The brigade, made of 10 journalists, 70 writers who use Tencent’s content platforms, and 120 regular internet users, will flag “low-quality” content.

    • Really Bad Ideas: French President Macron Wants To Ban ‘Fake News’ During The Election

      The transparency idea isn’t such a bad one (though the details would matter quite a bit), but it’s unclear why the amount of money for sponsored content should be capped if it’s clearly labeled and disclosed. But the really troubling part is that last one, allowing for “emergency legal action” to remove content. It may not be surprising that Macron is saying this about fake news — since there were reports of a burst of fake new campaigns that tried to influence the French electorate to vote against Macron in the election.

      But, as we’ve discussed many, many times — the idea of government-mandated censorship, even if for the idea of stopping “fake news” is a terrible idea. It will be abused and abused badly. Remember, while the term “fake news” was first popularized by people who were upset about Donald Trump’s election, he’s now co-opted the term and uses it to argue that any media report that makes him look bad is “fake news.” Imagine what a Trump or a French Trump-like figure would do with this kind of power?

    • Iran Internet Censorship Forces Protesters to Turn to Dark Web

      Internet censorship in Iran has caused thousands of Iranians to turn to specialist software to bypass the restrictions, as anti-government protests continue across the country.

    • Iran’s social media blackout forces apps to submit or face a total ban
    • Netizen Report: Iranian Authorities Blocking International Web Traffic, Messaging Platforms
    • How Iranian protesters are skirting the government’s tech clampdown to continue their fight
    • Censorship stupidity: Trump tries to keep the Wolff from his door

      How fitting it is that Trump’s tinpot totalitarian attempt to block the release of a devastating book roughly parallels Richard Nixon’s attempt to block the release of the Pentagon Papers. Two malignantly unhinged presidents, two frontal assaults on the pillars of the First Amendment.

      Purely by chance yesterday, I was watching Steven Spielberg’s “The Post” while the details of Trump’s desperate bid flooded the news cycle. Inside the theater, a Nixon lawyer was telling the newspaper, “I respectfully request that you publish nothing further of this nature.” Outside the theater, a Trump lawyer was telling the publisher of Michael Wolff’s “Fire and Fury” much the same thing: “Mr. Trump hereby demands that you immediately cease & desist from any further publication, release, or dissemination of the Book.”

    • Speaking as a parent, YouTube’s censorship system is deeply flawed

      Anyone who knows me will tell you that I’m very dedicated to being a “good mom.” For me, this means being emotionally and physically available for my kids, giving them everything they need and some of what they want, and taking an active interest in what appeals to them.

      [...]

      What I found was shocking and upsetting.

      Some videos mimicked the one I’d already seen, but others were much worse. In some, the girls were wearing swimsuits in a bathtub while the same man from before— their father— scared them with frogs and lizards until they cried. Other videos showed them dressed as babies, and involved acts of force-feeding, intentional spitting up, and going to the bathroom in diapers. I was livid that these girls were being filmed and exploited, and after coverage on BuzzFeed News, the account was shut down, the father is being investigated, and hundreds of thousands of other disturbing YouTube videos starring children have been deleted.

    • China’s media watchdog in legal challenge over censorship of gay content

      A member of the public is taking China’s media watchdog to court over new regulations that describe gay relationships as “abnormal”, demanding the regulator provide a legal basis for censoring audiovisual content on the internet that depicts homosexuality.

      In a rare move, the Beijing No 1 Intermediate People’s Court accepted the case from Fan Chunlin, 30, earlier this week and is expected to hand down a verdict within six months, state-run Global Times reported, citing Fan’s lawyer, Tang Xiangqian.

  • Privacy/Surveillance

    • State Child Care Laws Should Not Require Teenage Kids to Submit Biometric Data to the FBI

      Jennifer Parrish, a child care provider in Minnesota who runs a day care out of her home, finds herself at a crossroads due to a recently passed Minnesota law. The law imposes new background check requirements on child care providers, including that they provide biometric information. But the law doesn’t apply just to the providers themselves; it also requires anyone age 13 and up who lives with a family day care provider to submit to the same background check, whether or not they have committed any crime. This means Jennifer’s 14-year-old son, along with about 12,000 other kids in Minnesota, must provide his fingerprints and a face recognition photograph to the state, which will send them to the FBI to be stored for his lifetime in the FBI’s vast biometrics database.

    • NSA chief Mike Rogers expected to retire from agency in spring
    • NSA’s Rogers to retire this spring
    • NSA Chief Mike Rogers’s Classified Retirement Memo Leaks
    • NSA director to leave agency in the spring: Report
    • NSA chief to leave, expects successor this month: Report
    • NSA director Mike Rogers announces his retirement
    • Agency Transformed, NSA Chief Rogers Set for Spring Departure
    • A former hacktivist reveals how a UK spy agency is actively subverting democracy [VIDEO]

      A co-founder of the hacker activist group LulzSec warns how a UK Government cyber warfare unit has been actively engaged in subverting democracy and creating fake news for the last decade. Leaked documents back this up.

      And these revelations highlight the hypocrisy of the statement by British Prime Minister Theresa May, reiterated by Foreign Secretary Boris Johnson, accusing Russia of election meddling.

      Fake accounts

      A presentation [0:15] on 27 December by LulzSec co-founder and security researcher Mustafa Al-Bassam to the Chaos Communication Congress summarises the work of the secretive Joint Threat Research Intelligence Group (JTRIG).

    • Amazon turns over record amount of customer data to US law enforcement

      Amazon has turned over a record amount of customer data to the US government in the first-half of last year in response to demands by law enforcement.

      The retail and cloud giant quietly posted its latest transparency report on Dec. 29 without notice — as it has with previous reports — detailing the latest figures for the first six months of 2017.

      The report, which focuses solely on its Amazon Web Services cloud business, revealed 1,936 different requests between January and June 2017, a rise from the previous bi-annual report.

    • California Senate to Hear EFF’s License Plate Cover Bill

      Across the country, private companies are deploying vehicles mounted with automated license plate readers (ALPRs) to drive up and down streets to document the travel patterns of everyday drivers. These systems take photos of every license plate they see, tag them with time and location, and upload them to a central database. These companies—who are essentially data brokers that scrape information from our vehicles—sell this information to lenders, insurance companies, and debt collectors. They also sell this information to law enforcement, including U.S. Department of Homeland security, which recently released its updated policy for leveraging commercial ALPR data for immigration enforcement.

    • Q&A: Edward Snowden on rights, privacy, secrets and leaks in conversation with Jimmy Wales

      I don’t pass judgment on whether Wikileaks did the right thing or the wrong thing, because I think this kind of experimentation is important. We need to challenge the orthodoxy.

      We need to challenge the presumptions that whatever we’re doing right now, the status quo, is the best of all possible worlds. This is the best anybody could possibly do. Instead, we test our premises again and again in different ways, so what I did was I saw that inside the United States government, the National Security Agency had started violating the Constitution in a very unprecedented and indiscriminate way.

    • Police Scotland to use drones that see in dark for spy missions

      INTELLIGENT drones that can see in the dark will be used for secret police spy missions, Police Scotland has said.

      Drones equipped with “intelligent computer systems and thermal imaging” are being developed by Scottish universities for use by the force.

      Plans are already under way to purchase two relatively low-tech off the shelf drones for Aberdeen and Inverness, primarily for use in missing persons searches.

    • DHS Expands License Plate Dragnet, Streams Collections To US Law Enforcement Agencies

      The DHS has provided the public with a Privacy Impact Assessment (PIA) on its use of license plate readers (LPRs). What the document shows is the DHS’s hasty abandonment of plans for a national license plate database had little impact on its ability to create a replacement national license plate database. The document deals with border areas primarily, but that shouldn’t lead inland drivers to believe they won’t be swept up in the collection.

    • China Plans To Turn Country’s Most Popular App, WeChat, Into An Official ID System

      In one respect at least, China’s embrace of digital technology is far deeper and arguably more advanced than that of the West. Mobile phones are not only ubiquitous, but they are routinely used for just about every kind of daily transaction, especially for those involving digital payments. At the heart of that ecosystem sits Tencent’s WeChat program, which has around a billion users in China. It has evolved from a simple chat application to a complete platform running hugely popular apps that are now an essential part of everyday life for most Chinese citizens.

    • Former NSA worker pleads guilty to biggest theft of data

      Martin has been accused of stealing a massive 50TB of classified data from the NSA over the course of the 20 years that he was working there as a contractor. The government has not said what was done with the stolen data, but it is believed that the data stolen included elite hacking tools that Martin stole while working for Booz Allen Hamilton Holding Corp, the very same firm that employed the whistle blower Edward Snowden.

    • Personal data of a billion Indians sold online for £6, report claims

      The reported breach is the latest in a series of alleged leaks from the Aadhaar database, which has been collecting the photographs, thumbprints, retina scans and other identifying details of every Indian citizen.

    • 36 fake security apps harvesting user data and tracking their location found in Google Play Store

      Security researchers have unearthed 36 malicious Android apps parading as security tools on the Google Play Store that actually harvest user data, track their location and more. According to Trend Micro, these apps offered users a wide range of security capabilities including cleaning junk, saving battery, scanning, CPU cooling, locking apps, Wi-Fi security, message security and more.

    • Yes, Your Amazon Echo Is an Ad Machine
    • Amazon has big plans for Alexa ads in 2018; it’s discussing options with P&G, Clorox and others

      The e-tailer has been in talks with several companies about letting them promote products on the best-selling Echo devices, which are powered by the Alexa voice assistant, according to several people familiar with the matter who asked not to be named because the discussions are private. Consumer companies, including Procter & Gamble and Clorox, have been involved in these talks, according to the people.

  • Civil Rights/Policing

    • The Espionage Act And NSA Whistleblower Reality Winner’s Uphill Battle

      The defense for Reality Winner, a National Security Agency contractor accused of mailing a classified document on Russian hacking to The Intercept, contends the government misstates the law under the Espionage Act. They believe the government ignores “serious constitutional problems” raised by their interpretation of the statute.

      But Winner’s defense faces a tremendous uphill struggle. Under President Barack Obama’s administration, leak prosecutions intensified the government’s ability to wield the Espionage Act as a strict liability offense, which means there is very little the government has to prove beyond the fact that an unauthorized disclosure took place.

      Winner is scheduled to go on trial on March 19, in Augusta, Georgia. Since her arrest in June, she has been held in pretrial detention, with Judge Brian Epps refusing to grant her bail.

      Epps suggested Winner’s “hate” for America and supposed admiration for NSA whistleblower Edward Snowden and WikiLeaks editor-in-chief Julian Assange makes her an ongoing threat to “national security.”

    • An Indiana State Rep’s Indecent Proposal to Get Colts Players to Stop Taking a Knee

      On Sept. 24, Milo Smith took his daughter to an Indianapolis Colts’ game against the Cleveland Browns. Though the Colts won that day — a tragically rare occurrence this year — Smith left the game offended. During the national anthem, a group of players on both teams took a knee in reaction to President Trump’s comments two days earlier, where he called protesting players sons of bitches who should be fired by team ownership.

      “To me when they take a knee during the national anthem, it’s not respecting the national anthem or our country,” Smith told the Indianapolis Star newspaper. “Our government isn’t perfect, but it’s still the best country in the world and I think we need to be respectful of it.”

      But Smith isn’t just an ordinary Colts’ fan. He’s a state representative, and he couldn’t sit idly by while the Colts players knelt during the Star-Spangled Banner. Instead, he’s promised to introduce legislation that would force the team to refund the ticket price to any fan offended by a Colts player protesting during the national anthem.

      If passed, however, that law would be an unconstitutional violation of the First Amendment.

    • Indiana Legislator Wants To Force NFL Team To Hand Out Refunds To Fans ‘Offended’ By Kneeling Players

      Kneeling doesn’t “disrespect” paying customers. If they want to feel offended by it, that’s their prerogative, but it’s not directed towards them. And it has nothing to do with not respecting the national anthem, the United States, the troops fighting for these players’ freedom to express themselves, or anything else related to patriotic jingoism. It’s a protest of ongoing oppression of African Americans in the United States. That’s what has been diluted by attacks on this particular form of protest. Not only have people like Smith managed to turn the protest into an anti-American statement, they’ve shifted the players’ goalposts away from the law enforcement target to an assault the flag, the troops, and every other symbol of unquestioning patriotism.

      Smith is dumb and his proposed law is dumber. Even if it manages to survive a vote on its highly-dubious merits, it certainly won’t survive a Constitutional challenge. As Howard Wasserman of Prawfsblog points out, there are numerous ways the law could be construed as government infringement on free speech rights.

    • For Cops Handing Out Bogus Pedestrian Tickets, Ignorance Of The Law Is The Most Profitable Excuse

      The official reaction to ProPublica’s report has been worse than a shrug. It’s been genuine indifference to the problems it causes people ticketed for non-violations of the law. Most law enforcement agencies said nothing more than recipients were welcome to challenge the bogus tickets in court. But people always could, so it’s not like the agencies are making some sort of concession, much less offering apologies or promises to improve. The “fight it in court” proposal is a non-starter, since it’s likely wages lost due to a day in court will far outweigh the face value of the ticket they never should have received. The potential savings of $55-77 just isn’t worth it for most people, so the government will continue to collect on bogus tickets simply because it’s hit a sweet spot in pricing.

      Then there’s the reaction of this agency, which openly admits pedestrian stops aren’t about pedestrian safety or even actual violations of the law.

  • Internet Policy/Net Neutrality

    • Supporters Aim To Use Net Neutrality To Bludgeon Cash-Compromised Lawmakers In The Midterms

      We’ve already noted that the best route for killing the FCC’s recent attack on net neutrality rests with the courts. Once the repeal hits the Federal Register in January or soon thereafter, competitors and consumer groups will be filing multiple lawsuits against the FCC. Those lawsuits will quite correctly note how the FCC ignored the public, relied on debunked lobbyist data, ignored the people who built the internet, and turned a blind eye to rampant fraud during the comment proceeding as it tried to rush through what may just be the least popular tech policy decision in a generation.

      The hope will be to highlight that the FCC engaged in “arbitrary and capricious behavior” under the Telecommunications Act by reversing such a popular rule — without proving that the broadband market had dramatically changed in just the last two years. They’ll also try to claim that the FCC violated the Administrative Procedure Act, and even went so far as to block law enforcement investigations into numerous instances of comment fraud during the open comment period.

    • Maine Governor Tells 16-Year-Old Worried About Net Neutrality Repeal To ‘Pick Up A Book And Read’

      As more than a few folks have noted, many opponents of net neutrality (from FCC boss Ajit Pai to Mark Cuban) are following blind ideology. Many of them quite honestly believe that no regulation can ever be good, and that government is absolutely never capable of doing the right thing. That kind of simplicity may feel good as you navigate a complicated world, but it’s intellectually lazy. As a result, the decision to use net neutrality rules as an imperfect but necessary stopgap (until we can reduce corruption and drive more competition into the sector) simply befuddles them.

      Of course this kind of blind ideology is particularly handy when you don’t actually know how modern broadband markets or net neutrality even work, but your gut just tells you why the whole nefarious affair is simply bad. That’s why you’ll see folks like Ted Cruz consistently doubling down on bizarre, misleading claims based on repeatedly debunked falsehoods. Needless to say, this sort of lazy thinking is not particularly productive. Especially when you’re a member of the same government purportedly tasked with analyzing real-world data, listening to constituent concerns, and actively tasked with making things better.

    • California The Latest State To Propose Its Own Net Neutrality Rules
    • California Introduces Its Own Bill to Protect Net Neutrality

      2018 has barely begun, and so has the fight to preserve net neutrality. January 3 was the first day of business in the California state legislature, and state Sen. Scott Wiener used it to introduce legislation to protect net neutrality for Californians.

      As the FCC has sought to abandon its role as the protector of a free and open Internet at the federal level, states are seeking ways to step into the void. Prior to December, the FCC’s rules prevented Internet service providers (ISPs) from blocking or slowing down traffic to websites. The rules also kept ISPs from charging users higher rates for faster access to certain websites or charging websites to be automatically included in any sort of “fast lane.” On December 14th, the FCC voted to remove these restrictions and even tried to make it harder for anyone else to regulate ISPs in a similar way.

    • FCC releases final net neutrality repeal order, three weeks after vote

      In 2015, a month passed between the net neutrality order being made public and its appearance in the Federal Register. That means the current net neutrality rules could technically remain on the books until April 2018, although the FCC leadership won’t be going out of its way to enforce them in the meantime.

    • “Vote out” congresspeople who won’t back net neutrality, advocates say

      The website lists which senators have and haven’t supported a plan to use the Congressional Review Act (CRA) to stop the repeal of net neutrality rules. The rules, repealed by the Federal Communications Commission last month, prohibit Internet service providers from blocking or throttling Internet content or prioritizing content in exchange for payment.

  • Intellectual Monopolies

    • Trademarks

      • It Begins: Some Comic Conventions Refusing To Fold After San Diego Comic-Con Gets Its Trademark Win

        After following the saga of what seemed like a truly misguided lawsuit brought by the San Diego Comic-Con against the company putting on the Salt Lake ComiCon, the whole thing culminated in the SDCC getting a win in the courtroom. One of the reasons this verdict threw many, including this writer, for a loop is that the defendant in the case made the argument that the SDCC had allowed the term “comic con” to become generic, an argument buttressed by the reality of there being roughly a zillion comic conventions using the term across America. Despite the SLCC’s public discussions about appealing the decision and the fact that proceedings are already underway to cancel the SDCC’s trademark entirely, much of the media speculation centered around what those zillion other conventions would do in reaction to the verdict.

    • Copyrights

      • Corel Patents System to Monetize Software Piracy

        Canadian software company Corel, known for iconic products such as CorelDRAW and Winzip, has a new anti-piracy patent. Instead of implementing tougher restrictions, the company proposes to reach out to pirates through a messaging system, offering ‘amnesty’ to those who are willing to pay up.

      • White Noise On YouTube Gets FIVE Separate Copyright Claims From Other White Noise Providers

        The implications of YouTube’s ContentID system in an era of user-generated content can sometimes be quite muddy. It is widely known that ContentID is open to abuse, and that it is indeed abused on the regular. However, too many stories about that abuse play far in the margins of what the average person could look at and recognize as a very real problem.

        This is not one of those stories.

        Instead, the story of how one music professor’s upload to YouTube of 10 hours of pure white noise was flagged five times for copyright infringement (FIVE TIMES!) operates as though someone somewhere is trying to bring a reductio ad absurdum argument into physicality.

The EPO’s Attack on the Boards of Appeal Dooms the Unitary Patent (UPC) and Team UPC Alters Its Tactics

Posted in Europe, Patents at 7:18 am by Dr. Roy Schestowitz

Ad hominem tactics are now permitted as well? Has it really come to this?

Ad hominem

Summary: The crisis of the Battistelli regime means that credibility of patent justice is significantly lowered and Team UPC finds itself scrambling for ways to salvage what’s left of the UPC (even if that means mocking the complainants)

THE EPO had a slow start this year. There’s not much report, but there is still plenty to analyse.

Yesterday we found this puff piece about the EPO. “According to a recent study published by the European Patent Office (EPO),” it said, “Europe is the leader within the 4th Industrial Revolution (4IR) technologies industry.”

“What has the EPO turned into? Where is it going?”It makes the EPO sound so benign if not helpful. Well, the EPO was retweering this the following day (this morning); maybe they participated in “placing” it in the media. We have written a great deal about how the EPO handles the media and we are certain that many of these 4IR puff pieces were created in cooperation/participation/coordination with the EPO.

Anything else in the news about the EPO? No. We’re checking these things very closely.

“Experienced examiners and patent attorneys will tutor you throughout the Oral Proceedings workshop,” the EPO wrote yesterday. “Experienced examiners are becoming fewer at EPO,” I told them. The EPO suffers extraordinary brain drain which insiders are telling us about, citing clear evidence. The EPO is unable to recruit talent.

“We will soon close the call for applications for the Judicial internships at the Boards of Appeal,” the EPO also wrote yesterday. “For the Boards of Appeal to actually start functioning,” I responded, “they need not burden of tutoring interns but full-time staff.”

“The bottom line is, the UPC may be in fatal trouble here; what happened to Corcoran is quite likely the very last straw.”This has been said repeatedly over the years, not just here but also the likes of AMBA etc.

What has the EPO turned into? Where is it going? Can it be salvaged? We hope so. And so do insiders.

There is this ongoing conversation about whether members of the Boards of Appeal can deliver a testimony. The latest twist is this:

The Service regulation have changed extensively since June 2017 but the version published on the Internet is still the old one from March 2017.

Article 19 now reads:

“Article 19 – Discretion
(1) A permanent employee or former employee shall exercise the utmost discretion with regard to all facts and information coming to his knowledge in the course of or in connection with his employment.
(2) A permanent employee or former employee shall not, without permission from the President of the Office, disclose, on any grounds whatever, information which has come to his knowledge in the course of or in connection with the performance of his duties and which has not already been made public.
(3) Paragraph 2 shall also apply in legal proceedings. In this case, permission may be refused only where the interests of the Organisation or of a Contracting State so require. It may not, however, be refused if, in the opinion of the court, this would be likely to lead to a miscarriage of justice.
(4) Paragraph 2 shall not apply to an employee or former employee giving evidence before the Administrative Tribunal of the International Labour Organization in a case concerning an employee or former employee of the Office.”

An explanation is then given of why ILO is of relevance here (the EPC notwithstanding, as that too is relevant):

So let me see if I understand this correctly.

The Service Regulations allow the President to cite vague (and ill-defined reasons) for denying his permission for a (former) to provide evidence before a court of law. (Presumably such decisions can be challenged … but only before the ILO AT.)

On the other hand the President is completely unable to deny permission in connection with the provision of evidence to the ILO AT.

Is that correct?

What could possibly be the basis for this difference? I would have thought that it would make more sense for the Regulations to instead rely upon the provisions of national laws for establishing an appropriate balance between the interests of confidentiality and those of justice.

More importantly, what basis in the EPC is there for applying non-disclosure obligations to all “information which has come to his knowledge in the course of or in connection with the performance of his duties and which has not already been made public”? Article 12 of the EPC only indicates that there is a duty not to disclose “information which by its nature is a professional secret”.

For members of the Boards of Appeal to comment upon the issue of their independence, the only “non-public” information that they would be imparting is the manner in which, in practice, the EPO implements the provisions of the EPC (and the Service Regulations, etc.) vis-à-vis the members of the Boards. Is it really credible for anyone to assert that this information would amount to a “professional secret” in the sense of Article 12 EPC? I think not!

The latest on this says:

The article is rather odd and may need a lawyer to dissect. The “on any grounds whatever” sounds rather desperate and child-like in trying to enforce what I imagine may be unenforceable. It would appear that the administration is trying to extend immunity to encompass a self-defined exclusivity.
Paragraph 3 raises an issue beyond my knowledge as to what the term “likely to lead to a miscarriage of justice” means in terms of being a court’s opinion. Surely that can only be assessed after a court case or in full knowledge of all facts. During a case a party will not be able to present their best case unless the court considers a miscarriage of justice will otherwise occur? When is a different decision a miscarriage?
Paragraph 4 doesnot say any case before the ILO but limits it to one involving an employee or former employee. Why the condition? And when did the ILO-AT last take evidence anyway – they seem to religiously refuse to hear witnesses.

Another newer comment said that “it would be interesting that a party demands that Mr Corcoran testifies in front of the BVefG” (which can stop the UPC).

it would be interesting that a party demands that Mr Corcoran testifies in front of the BVefG and presents the court with the concrete example of his own case: eg how he was treated all along: how he was denied the rigth to access documents charging him, how he was denied the right to be heared, how he was not re-instated in DG3 further than the few remaining days of his mandate in 2017 (out of which close to 3 years were lost due to an abusive and vexatious suspension), and then brought back to DG1 under Battistelli’s hierarchical supervision.

This would surely give the Court a smashing insight into a concrete case and it could thus help the BVefG to establish beyond doubt how really “independent” the BoA of the EPO are.

And wait for Battistelli to become the first French President of the UPC Court in Paris soon (the UPC treaty foresees that its first President will be a FR citizen and he is said to want to go for it).

you liked the DG3 saga ? No doubt you will love the independence of the UPC Court under Battistelli !

The bottom line is, the UPC may be in fatal trouble here; what happened to Corcoran is quite likely the very last straw.

We have meanwhile noticed that CIPA’s Stephen Jones leaves IP Kat. Good riddance? He was mostly pushing CIPA's agenda (like UPC) in that blog. “We also thank and say goodbye to Stephen Jones,” they said, “a very experienced IP lawyer and current President of CIPA.”

“UPC lobbying does not strictly depend on Kluwer Patent Blog, where much of this lobbying gets delivered by Bristows staff.”It’s going to be easier to view IP Kat not as a front for CIPA even though their most prolific writer remains an employee of Bristows. Sadly, one of the better writers in there is also leaving, albeit just temporarily. “Nicola Searle will be on sabbatical from The IPKat for the next few months,” it says. We’re not against IP Kat but against particular elements of it; IP Kat is a mixture of many writers from many backgrounds, covering different topics. Their coverage regarding UPC, for instance, has always been appalling and they delete comments that they don’t like (or that Bristows doesn’t like). The same has been happening at Kluwer Patent Blog (Bristows deleting comments about the UPC there). And speaking of which, Kluwer Patent Blog was dead again yesterday. It happened a lot lately, sometimes for as long as a whole day. Lots of UPC lobbying over there became inaccessible. Kluwer Patent Blog was still down when we checked last night. People noticed. “Kluwer down again,” wrote one reader, “apparently since this morning.” I wrote about that twice yesterday and someone also left a comment here to say: “Worlds best IP blog seems to be hacked? Nearly everywhere I get: ¨ Error establishing a database connection¨” (there were other error messages later in the day).

UPC lobbying does not strictly depend on Kluwer Patent Blog, where much of this lobbying gets delivered by Bristows staff. Yesterday we saw Managing IP speaking of “potential timeline for Germany ratifying the UPC” as if it’s only a matter of time. That won’t happen. Self-fulfilling prophecy attempts by Team UPC again? Here is the full paragraph:

Topics discussed at our recent European Patent Forum USA included the potential timeline for Germany ratifying the UPC, FRAND after Unwired Planet v Huawei, the patentability of computer-implemented inventions at the EPO, patent enforcement strategies in Europe and hot tubbing of experts in the UK

Don’t forget that IAM, supported explicitly by the EPO, received money from the EPO’s PR department/external agency to set up a similar event in the US, dedicated purely to UPC lobbying/promotion. It was grotesque. And speaking of IAM, watch what they published yesterday: “The second five IP personalitirs of 2017 named by IAM – Patel, Qualcomm, Shore, Stjerna and Xi.”

Ingve Björn Stjerna, who exposed the UPC for the undemocratic sham that it was, is among “The IAM IP personalities of 2017″ (many of the other top personalities are patent trolls, like we said yesterday). To quote the article:

Ingve Björn STJERNA – As a new year begins, the future of the Unified Patent Court (UPC) remains up in the air; not because of Brexit but due to a complaint currently before the German Constitutional Court asking it to rule that the country’s ratification of the UPC agreement would be illegal. The case was brought by IP lawyer Ingve Björn Stjerna, a long-time critic of the UPC, and has a number of strands – including alleged flaws in the vote to ratify taken in the German parliament and concerns over the independence of the UPC and its judges. In April 2017, it caused the constitutional court to ask Germany’s president to suspend implementation of ratification. Then, later in the year, it requested that interested parties should submit comments – so delaying consideration of the arguments. If the court now decides that the case should proceed it is likely that it will not be heard until the summer, at the earliest, with a decision not to be expected until months later. That would effectively torpedo the UPC in its current form, as even a ruling that membership of the system is compatible with the German constitution is unlikely to leave time for the country to ratify the agreement before the UK leaves the EU in March 2019 (currently, UPC member states also have to be EU member states). One man can move a mountain, so the saying goes: in 2018, Stjerna could well prove this to be true.

Very gentle on the UPC there, IAM. As one might expect. IAM has, over the years, been an integral part of the UPC lobby or “Team UPC” as we often call that lobby. It even spread false information in order to promote the UPC and compel readers to go along with it.

“IAM has, over the years, been an integral part of the UPC lobby or “Team UPC” as we often call that lobby. It even spread false information in order to promote the UPC and compel readers to go along with it.”And speaking of Team UPC, this week (yesterday) it kept lying about what Britain wants. In order to promote litigation it cited this front group and then said (courtesy pf Edward Nodder) that “UK IP organisations request government action on IP (including the UPC) in light of Brexit”

In the same vein, makers of cluster bombs want endless wars and makers of particular vaccinations sometimes want particular diseases to spread.

It wasn’t enough for Bristows; on the same day it used this slant about France as if UPC acceptance in France is a new thing. France has already been in it for years; it’s one of the first, being the home country of Battistelli and Barnier, both of whom pushed incredibly hard for the UPC. Bristows did the the same for Belgium (also not new), but the Unitary Patent is dead due to Germany and the UK, not France or Belgium. The dishonesty of Bristows is noteworthy, but it’s no longer surprising.

“In the same vein, makers of cluster bombs want endless wars and makers of particular vaccinations sometimes want particular diseases to spread.”Speaking of British boosters of the UPC (law firms, obviously), watch this new rant from Team UPC. It seeks to prop up a smear or promote a false moral equivalence; it’s almost ad hominem, trying to frame Dr. Stjerna as a hypocrite, as if complaining about the UPC is as bad as the UPC itself. No wonder Stjerna did not want his name known…

Here is what the UPC booster wrote: “While I’m thinking about the topic of the UPC 3rd-party submissions, I continue to be astonished that the grounds for the constitutional complaint at #BVerfG haven’t been made public [...] I know summaries have been published by (e.g.) @KluwerBlogger but it seems absurd that we have to rely on third-party summaries rather than seeing the complaint “in the flesh” [...] In the UK it’s a relatively simple matter for non-parties to court proceedings to get hold of statements of case. It seems perverse that something which is allegedly of fundamental constitutional significance in Germany, and thus a matter of public interest, should be kept secret [...] I also note heavy irony in that Stjerna – having long criticised lawmakers for alleged lack of transparency in negotiations & discussions behind the framing of the UPCA and unitary patent regulations – is apparently upset about the publication of details of his case (see image!)”

“The dishonesty of Bristows is noteworthy, but it’s no longer surprising.”So I decided to reply, but did not (obviously) managed to convince those dyed-in-the-wool UPC folks (who are paid not not understand why UPC is wrong). The reply: “[] Wrong, Roy. Try reading the thread again. I take no position on the validity of the complaint – how can I, when I’ve not seen it? That’s the point. It’s a matter of considerable public and legal interest, and therefore I’m astonished that it’s not been published [] “Compare and contrast: the grounds for the “Miller” Article 50 case were online and available for scrutiny by the public, as they should have been – and even if they hadn’t have been published, members of the UK public can easily obtain court documents [] Whereas in Germany, an allegation of a *breach of the German constitution* is kept private despite the clearly fundamental significance [] This seems odd, to put it mildly. As I noted previously, it’s also rather ironic that Mr Stjerna has (in my opinion, correctly) criticised lawmakers for a lack of transparency in the proceedings leading up to the UPC legislation… [] …and yet he has refused to publicly confirm that he is the author of the complaint and apparently he’s upset that outline details of it have been made available.”

“Maybe they anticipate that the response will be UPC tribalism,” I told him. He responded: “If by “UPC tribalism” you mean “reporting on facts in plain view”… as I say, I take no position on the complaint, but it is surely in the public interest for it to be made available for analysis both by supporters *and* by critics.”

“Having seen the antics of Team UPC for nearly a decade,” I told him, “I can relate to the low-profile complaint…”

“It should be noted that many members of Team UPC now post anonymous blog posts (we are guessing, based on numerous things in their text, that those are Bristows staff).”He just laughed it off: “LOL. “Low profile”? He has literally appealed to the highest constitutional authority in the country. If that’s low-profile, I’m a banana. [] Transparency cuts both ways. I know you’re a vocal critic of the secrecy of EPO and UPC discussions – and I’m all for transparency too. Do you only dislike secrecy when it suits your ends to do so?”

So what they basically wanted is the ability to scrutinise the complaint and person (complainant). Because they operate very much like some sects or cults. “I wouldn’t have done this like that,” I told him (keeping the complaint sealed), “but I can understand why he did.”

It should be noted that many members of Team UPC now post anonymous blog posts (we are guessing, based on numerous things in their text, that those are Bristows staff). So they want to push the UPC agenda with the mask of anonymity. Hypocrisy knows no bounds. For the record, I always posted under my name (my real name) and letters that I sent I always made publicly accessible. In contrast to the UPC gravy train…

Links 5/1/2018: Mesa 17.3.2 RC, Meltdown/Spectre

Posted in News Roundup at 2:12 am by Dr. Roy Schestowitz

GNOME bluefish

Contents

GNU/Linux

Free Software/Open Source

  • An Open Source Startup Dies as Mapping Gets Hotter Than Ever

    For at least one startup, 2018 opened with a thud. On Tuesday, the open source mapping company Mapzen announced it would shut down at the end of the month, with its hosted APIs and support services going dark on February 1.

    That’s a real pain for Mapzen users, whose ranks include civic tech organizations like Code for America, app developers, and government agencies like the Portland-area transportation agency TriMet. And it’s a bummer for those who contributed to Mapzen’s wide-ranging data sets, which included detailed info on public transportation.

  • Events

    • Gentoo News: FOSDEM 2018

      Put on your cow bells and follow the herd of Gentoo developers to Université libre de Bruxelles in Brussels, Belgium. This year FOSDEM 2018 will be held on February 3rd and 4th.

      Our developers will be ready to candidly greet all open source enthusiasts at the Gentoo stand in building K. Visit this year’s wiki page to see which developer will be running the stand during the different visitation time slots. So far seven developers have specified their attendance, with most-likely more on the way!

  • Web Browsers

    • Mozilla

      • New flexbox guides on MDN

        In preparation for CSS Grid shipping in browsers in March 2017, I worked on a number of guides and reference materials for the CSS Grid specification, which were published on MDN. With that material updated, we thought it would be nice to complete the documentation with similar guides for Flexbox, and so I updated the existing material to reflect the core use cases of Flexbox.

      • January’s Featured Extensions

  • Pseudo-Open Source (Openwashing)

    • Open source’s security scalability and flexibility [Ed: Hortonworks, which is NSA-connected, continues to pay this NSA-friendly site for sponsored puff pieces like this one]

      In order to stop sophisticated modern threats, organizations need to be flexible and scalable with the way they handle their data. Network flows and data need to be collected and examined at cloud scale in order to let defenders identify anomalous behavior, but getting to that stage is a heavy lift.

      Henry Sowell, technical director for Hortonworks, spoke with CyberScoop on how open source systems allow for that flexibility and scalability, especially at a time where the onslaught of threats has never been greater.

  • Programming/Development

    • Announcing Rust 1.23

      The Rust team is happy to announce a new version of Rust, 1.23.0. Rust is a systems programming language focused on safety, speed, and concurrency.

    • Source{d} Applies Machine Learning to Help Companies Manage Their Code Bases

      If you go to GitHub, the most popular developer platform today, and search for a piece of code, it is a plain-text search.

      “It’s like how we used to search on the web in 1996,” said Eiso Kant, CEO and co-founder at source{d}, a startup focused on applying machine learning on top of source code.

      “We have been writing trillions of lines of source code across the world, but none of the systems or developer tools or programming languages we’ve designed actually learn from all the source code we have written.”

    • What is agile methodology? Modern software development explained

      Every software development organization today seems to practice the agile software development methodology, or a version of it. Or at least they believe they do. Whether you are new to application development or learned about software development decades ago using the waterfall software development methodology, today your work is at least influenced by the agile methodology.

      But what exactly is agile methodology, and how should it be practiced in software development?

    • PHP version 5.6.33, 7.0.27, 7.1.13 and 7.2.1

      RPM of PHP version 7.2.1 are available in the remi-php72 repository for Fedora 25-27 and Enterprise Linux ≥ 6 (RHEL, CentOS) and as Software Collection in the remi-safe repository.

    • What is Perl?

      Perl is a bit battle-scarred, but it’s battle-tested, too. If you want to experiment with the latest, flashiest technologies, Perl may not be your first choice. However, if your business depends on having solid software with a track record of getting things done, Perl’s often a great choice.

Leftovers

  • Why Teens Aren’t Partying Anymore

    That means iGen’ers were seeing their friends in person an hour less a day than GenX’ers and early Millennials did. An hour a day less spent with friends is an hour a day less spent building social skills, negotiating relationships, and navigating emotions. Some parents might see it as an hour a day saved for more productive activities, but the time has not been replaced with homework; it’s been replaced with screen time.

  • Science

    • Most Americans Are Still Afraid of Self-Driving Cars

      Impressively, according to this survey by the Pew Research Center, 94% of Americans have at least heard about self-driving cars, with 35% saying they’ve heard “a lot” about them. Yet, not everyone is thrilled to hear the news. A slight majority of 56% of Americans say they would not want to ride in a driverless car, largely due to trust issues. 42% of people who don’t want to ride in a driverless car say they “Don’t trust it” or are “Worried about giving up control.”

    • Leaving flatland – quantum Hall physics in 4-D

      In literature, the potential existence of extra dimensions was discussed in Edwin Abbott’s satirical novel “Flatland: A Romance of Many Dimensions” (1884), portraying the Victorian society in 19th century England as a hierarchical two-dimensional world, incapable of realizing its narrow-mindedness due to its lower-dimensional nature.

      In physics, on the other hand, the possibility that our universe comprises more than three spatial dimensions was first proposed in the wake of Albert Einstein’s theory of general relativity in the 1920s. Modern string theory – trying to reconcile Einstein’s ideas with the laws of quantum mechanics – even postulates up to 10 dimensions.

    • ‘Silent code’ of nucleotides, not amino acids, determines functions of vital proteins

      Humans possess six forms of the protein actin, which perform essential functions in the body. Two in particular, β-actin and γ-actin, are nearly identical, only differing by four amino acids. Yet these near-twin proteins carry out distinct roles. A long standing question for biologists has been, how is this possible?

    • Submarine Cable Goes for Record: 144,000 Gigabits From Hong Kong to L.A. in 1 Second

      When a new undersea communications cable becomes operational late this year, it will break the record for a key metric: data rate times distance. In a single second, its six fiber-optic pairs, stretching roughly 13,000 kilometers (8,000 miles) between Hong Kong and Los Angeles, will be able to send some 144 terabits in both directions. That’s as much data as you’d find in several hundred Blu-ray discs. The cable’s main purpose is to connect Facebook and Google data centers in East Asia with those in the United States.

      The new cable is part of an ongoing transformation of the submarine fiber-optic cable network. Originally, that network carried telephone calls and faxes. Later those subsea conduits served primarily to shuttle data between Internet users and a myriad of service providers. Now, it’s mostly transferring content and cloud-computing offerings between the data centers of a handful of tech giants.

    • In the Tech World, It Really Helps When People Think You’re Male

      The cofounders of Witchsy, an online marketplace for dark or funny art that wasn’t a good fit for other arts marketplaces, last year accidentally conducted an experiment on sexism in tech. Fast Company briefly described their experience in an August 2017 article—a story that quickly went viral. And last month, at the Atlantic Inclusion in Tech summit, the Witchsy cofounders—Penelope Gazin and Kate Dwyer—filled in the fascinating details.

    • Dude, you broke the future!

      We’re living in yesterday’s future, and it’s nothing like the speculations of our authors and film/TV producers. As a working science fiction novelist, I take a professional interest in how we get predictions about the future wrong, and why, so that I can avoid repeating the same mistakes. Science fiction is written by people embedded within a society with expectations and political assumptions that bias us towards looking at the shiny surface of new technologies rather than asking how human beings will use them, and to taking narratives of progress at face value rather than asking what hidden agenda they serve.

  • Security

    • ​Major Linux redesign in the works to deal with Intel security flaw

      Long ago, Intel made a design mistake in its 64-bit chips — and now, all Intel-based operating systems and their users must pay the price.

      Linux’s developers saw this coming early on and patched Linux to deal with it. That’s the good news. The bad news is it will cause at least a 5-percent performance drop. Applications may see far more serious performance hits. The popular PostgreSQL database is estimated to see at least a 17-percent slowdown.

      How bad will it really be? I asked Linux’s creator Linus Torvalds, who said: “There’s no one number. It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation.”

    • Red Hat Says Security Updates for Meltdown & Spectre Bugs May Affect Performance

      Red Hat’s John Terrill informs Softpedia today that Red Hat is aware of the two hardware bugs (Meltdown and Spectre) affecting most modern microprocessors and they’re working on security updates to mitigate them on their supported operating systems.

      The Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) were publicly disclosed earlier today as critical hardware flaws affecting modern microprocessors made in the last two decades. These can be exploited by an unprivileged attacker to bypass hardware restrictions through three unique attack paths and gain read access to privileged memory.

      Red Hat Product Security provided us with several resources to better understand the impact of these hardware bugs on any of their supported Linux-based operating systems from an open source technology perspective. They said that Intel, AMD, POWER 8, POWER 9, IBM System z, and ARM chips are affected by the newly discovered vulnerabilities.

    • Google Makes Disclosure About The CPU Vulnerability Affecting Intel / AMD / ARM

      We’re finally getting actual technical details on the CPU vulnerability leading to the recent race around (K)PTI that when corrected may lead to slower performance in certain situations. Google has revealed they uncovered the issue last year and have now provided some technical bits.

      Google says their Project Zero team last year discovered serious flaws in speculative execution that could lead to reading system memory where it shouldn’t be authorized. Google was also able to demonstrate an attack where one VM could access the physical memory of the host machine and in turn read memory of other VMs on the same host.

    • Meltdown And Spectre CPU Flaws Put Computers, Laptops, Phones At Risk

      Today Google security blog has posted about the two vulnerabilities that put virtually many computers, phones, laptops using Intel, AMD and ARM CPUs at risk. Using the two major flaws hackers can gain read access to the system memory that may include sensitive data including passwords, encryption keys etc.

    • Linux Kernels 4.14.11, 4.9.74, 4.4.109, 3.16.52, and 3.2.97 Patch Meltdown Flaw

      Linux kernel maintainers Greg Kroah-Hartman and Ben Hutchings have released new versions of the Linux 4.14, 4.9, 4.4, 3.16, 3.18, and 3.12 LTS (Long Term Support) kernel series that apparently patch one of the two critical security flaws affecting most modern processors.

      The Linux 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91, and 3.2.97 kernels are now available to download from the kernel.org website, and users are urged to update their GNU/Linux distributions to these new versions if they run any of those kernel series immediately. Why update? Because they apparently patch a critical vulnerability called Meltdown.

    • Processor flaw exposes 20 years of devices to new attack
    • A Major Security Vulnerability Has Plagued ‘Nearly All’ Intel CPUs For Years
    • That Pervasive Chip Bug Is Worse Than Originally Feared
    • Fixing Serious Bugs in Widely Used Computer Chips Means Slowing Down Your Machine

      A flaw in many chips leaves devices vulnerable to attack unless they’re patched with software that will make them sluggish. Some semiconductors from ARM, whose chips are popular with mobile phone makers, are also affected. AMD chips may also be affected, though the company told Axios there is a “near zero” risk to its products.

    • Researchers Discover Two Major Flaws in the World’s Computers
    • SUSE Responds to Meltdown and Spectre CPU Vulnerabilities in SLE and openSUSE
    • The inventor of Linux is furious at Intel

      Linux inventor and founder Linus Torvalds is not known for holding back strong opinions he has about computers, which is why he’s become one of the loudest voices critical of Intel’s handling of the so-called Meltdown bug, which was revealed on Wednesday and could enable an attacker to steal confidential information, including passwords.

      “I think somebody inside of Intel needs to really take a long hard look at their CPU’s, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed,” Torvalds wrote in a sharply-worded email sent on to a Linux list on Wednesday.

    • Canonical Will Soon Patch all Supported Ubuntu Releases Against Meltdown/Spectre
    • Ubuntu Updates for the Meltdown / Spectre Vulnerabilities
    • Current Status: openSUSE and “Spectre” & “Meltdown” vulnerabilities
    • Ouch

      So we have an attack (Meltdown) which is arbitrary memory read from unprivileged code, probably on Intel only, fairly easy to set up, mitigated by KPTI.

      Then we have another, similar attack (Spectre) which is arbitrary memory read from unprivileged code, on pretty much any platform (at least Intel, AMD, Qualcomm, Samsung), complicated to set up, with no known mitigation short of “wait for future hardware which might not be vulnerable, until someone figures out an even more clever attack”. It even can be run from JavaScript, although Chrome is going to ship mitigations from that to happen.

    • Red Hat responds to the Intel processor flaw

      These problems seem to have come about as a result of “speculative execution” — an optimization technique that involves doing work before it is known whether that work will be needed. Correcting the vulnerabilities, therefore, comes at a performance price. More information on this tradeoff is available from this Red Hat post. Patches could slow down systems by as much as 30% — a hit that most users are likely to feel. However, the specific performance impact will be workload dependent. To address Spectre in the short term, Red Hat has modified the kernel by default to not use the performance features that enable the vulnerability. Their customers do have the option to disable the patch and use the performance features. While Red Hat is working with chip manufacturers and OEMs on a longer-term solution, this option gives customers a way to make their own security and performance decisions

    • Red Hat, tech giants move to counter major security flaws Meltdown, Spectre

      Computer security experts have discovered two major security flaws in the microprocessors inside nearly all of the world’s computers.

      The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers, servers running in so-called cloud computer networks.

    • Speculative Execution Exploit Performance Impacts – Describing the performance impacts to security patches for CVE-2017-5754 CVE-2017-5753 and CVE-2017-5715

      The recent speculative execution CVEs address three potential attacks across a wide variety of architectures and hardware platforms, each requiring slightly different fixes. In many cases, these fixes also require microcode updates from the hardware vendors. Red Hat has delivered updated Red Hat Enterprise Linux kernels that focus on securing customer deployments. The nature of these vulnerabilities and their fixes introduces the possibility of reduced performance on patched systems. The performance impact depends on the hardware and the applications in place.

    • Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers
    • Massive Intel Chip Security Flaw Threatens Computers

      A design flaw in all Intel chips produced in the last decade is responsible for a vulnerability that puts Linux, Windows and macOS-powered computers at risk, according to multiple press reports. The flaw reportedly is in the kernel that controls the chip performance, allowing commonly used programs to access the contents and layout of a computer’s protected kernel memory areas. The Linux kernel community, Microsoft and Apple have been working on patches to their operating systems to prevent the vulnerability.

    • What Linux Users Must Know About Meltdown and Spectre Bugs Impacting CPUs

      While these bugs impact a huge number of devices, there has been no widespread attacks so far. This is because it’s not straightforward to get the sensitive data from the kernel memory. It’s a possibility but not a certainty. So you should not start panicking just yet.

    • Loose threads about Spectre mitigation

      KPTI patches are out from most vendors now. If you haven’t applied them yet, you should; even my phone updated today (the benefits of running a Nexus phone, I guess). This makes Meltdown essentially like any other localroot security hole (ie., easy to mitigate if you just update, although of course a lot won’t do that), except for the annoying slowdown of some workloads. Sorry, that’s life.

      Spectre is more difficult. There are two variants; one abuses indirect jumps and one normal branches. There’s no good mitigation for the last one that I know of at this point, so I won’t talk about it, but it’s also probably the hardest to pull off. But the indirect one is more interesting, as there are mitigations popping up. Here’s my understanding of the situation, based on random browsing of LKML (anything in here may be wrong, so draw your own conclusions at the end):

      Intel has issued microcode patches that they claim will make most of their newer CPUs (90% of the ones shipped in the last years) “immune from Spectre and Meltdown”. The cornerstone seems to be a new feature called IBRS, which allows you to flush the branch predictor or possibly turn it off entirely (it’s not entirely clear to me which one it is). There’s also something called IBPB (indirect branch prediction barrier), which seems to be most useful for AMD processors (which don’t support IBRS at the moment, except some do sort-of anyway, and also Intel supports it), and it works somewhat differently from IBRS, so I don’t know much about it.

    • The disclosure on the processor bugs

      The rumored bugs in Intel (and beyond) processors have now been disclosed: they are called Meltdown and Spectre, and have the requisite cute logos. Stay tuned for more.

      See also: this Project Zero blog post. “Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01.”

      See also: this Google blog posting on how it affects users of Google products in particular. “[Android] devices with the latest security update are protected. Furthermore, we are unaware of any successful reproduction of this vulnerability that would allow unauthorized information disclosure on ARM-based Android devices. Supported Nexus and Pixel devices with the latest security update are protected.”

    • How the Meltdown Vulnerability Fix Was Invented

      A major security flaw has surfaced that’s thought to affect all Intel microprocessors since at least 2011, some ARM processors and, according to Intel, perhaps those of others. Unusually, the exploit, called Meltdown, takes advantage of the processors’ hardware rather than a software flaw, so it circumvents security schemes built into major operating systems.

    • Why Intel x86 must die: Our cloud-centric future depends on open source chips

      Two highly publicized security flaws in the Intel x86 chip architecture have now emerged. They appear to affect other microprocessors made by AMD and designs licensed by ARM.

      And they may be some of the worst computer bugs in history — if not the worst — because they exist in hardware, not software, and in systems that number in the billions.

      These flaws, known as Meltdown and Spectre, are real doozies. They are so serious and far-reaching that the only potential fix in the immediate future is a software workaround that, when implemented, may slow down certain types of workloads as much as 30 percent.

    • Intel Acknowledges Chip-Level Security Vulnerability In Processors

      Security researchers have found serious vulnerabilities in chips made by Intel and other companies that, if exploited, could leave passwords and other sensitive data exposed.

    • ​How Linux is dealing with Meltdown and Spectre

      He’s not the only one unhappy with Intel. A Linux security expert is irked at both Google and Intel. He told me that Google Project Zero informed Intel about the security problems in April. But neither Google nor Intel bothered to tell the operating system vendors until months later. In addition, word began to leak out about the patches for these problems. This forced Apple, the Linux developers, and Microsoft to scramble to deliver patches to fundamental CPU security problems.

      The result has been fixes that degrade system performance in many instances. While we don’t know yet how badly macOS and Windows will be affected, Michael Larabel, a Linux performance expert and founder of the Linux Phoronix website, has ran benchmarks on Linux 4.15-rc6, a Linux 4.15 release candidate, which includes Kernel Page Table Isolation (KPTI) for Intel’s Meltdown flaw.

    • [Fedora] Protect your Fedora system against Meltdown

      You may have heard about Meltdown, an exploit that can be used against modern processors (CPUs) to maliciously gain access to sensitive data in memory. This vulnerability is serious, and can expose your secret data such as passwords. Here’s how to protect your Fedora system against the attack.

    • Today’s CPU vulnerability: what you need to know

      The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

    • Apple says Spectre and Meltdown vulnerabilities affect all Mac and iOS devices

      Technology companies are working to protect their customers after researchers revealed that major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data — including passwords and other sensitive information — on desktops, laptops, mobile phones and cloud networks around the globe.

      The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which cannot be fully resolved as of yet. Experts say the disclosure of the critical flaws underscores the need to keep up with software updates and security patches and highlights the role independent research plays in prodding tech companies to minimize security weaknesses.

    • Intel CEO Sold $24 Million In Stocks After Google Exposed 10 Year Old Vulnerabilities

      In the month of November last year, Intel CEO Brian Krzanich sold off a big chunk of his company stocks worth $24 million (245,743 shares). The stocks were valued at $11 million back then. Now, the CEO is left with just 250,000 shares which fulfill the minimum requirement to continue his job.

    • “Meltdown” And “Spectre” Flaws: Affecting Almost All Devices With Intel, AMD, & ARM CPUs

      Just yesterday, a report from The Register disclosed a massive security screwup on behalf of Intel, which impacted nearly all chips manufactured in the past ten years. It was also reported that future patches released by the developers of Windows and Linux kernel could reduce the performance of devices up to 5-30%. That’s a lot.

    • Security updates for Thursday

      As might be guessed, a fair number of these updates are for the kernel and microcode changes to mitigate Meltdown and Spectre. More undoubtedly coming over the next weeks.

    • A collection of Meltdown/Spectre postings
    • Mitigations landing for new class of timing attack

      Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins. The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes. Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.

    • Is PowerPC susceptible to Spectre? Yep.

      Meltdown is specific to x86 processors made by Intel; it does not appear to affect AMD. But virtually every CPU going back decades that has a feature called speculative execution is vulnerable to a variety of the Spectre attack. In short, for those processors that execute “future” code downstream in anticipation of what the results of certain branching operations will be, Spectre exploits the timing differences that occur when certain kinds of speculatively executed code changes what’s in the processor cache. The attacker may not be able to read the memory directly, but (s)he can find out if it’s in the cache by looking at those differences (in broad strokes, stuff in the cache is accessed more quickly), and/or exploit those timing changes as a way of signaling the attacking software with the actual data itself. Although only certain kinds of code can be vulnerable to this technique, an attacker could trick the processor into mistakenly speculatively executing code it wouldn’t ordinarily run. These side effects are intrinsic to the processor’s internal implementation of this feature, though it is made easier if you have the source code of the victim process, which is increasingly common.

  • Defence/Aggression

    • Remaining Peaceful Was Their Choice

      People living now in Yemen’s third largest city, Taiz, have endured unimaginable circumstances for the past three years. Civilians fear to go outside lest they be shot by a sniper or step on a land mine. Both sides of a worsening civil war use Howitzers, Kaytushas, mortars and other missiles to shell the city. Residents say no neighborhood is safer than another, and human rights groups report appalling violations, including torture of captives. On Dec. 26th, 2017, a Saudi-led coalition bomber killed between 20 and 50 people in a crowded marketplace.

    • Giving War Too Many Chances

      As the new year begins, it is important for the U.S. to acknowledge its troubling history of global war-making, especially over the past two-decades, as Nicolas J.S. Davies delineates.

    • Erasing Obama’s Iran Success

      Those wishing to kill the Joint Comprehensive Plan of Action (JCPOA), the agreement that restricts Iran’s nuclear program, have never given up. The agreement’s ever-lengthening successful record, now more than two years old, of keeping closed all possible pathways to an Iranian nuclear weapon ought to have discouraged would-be deal-slayers. But the slayers got a new lease on life with the election of Donald Trump, who, as part of his program of opposing whatever Barack Obama favored and destroying whatever he accomplished, has consistently berated the JCPOA.

    • North and South Korean Leaders Agree to Direct Negotiations as Trump Provokes Kim Jong-un on Twitter

      President Trump tweets that his “nuclear button” is “much bigger & more powerful” than North Korean leader Kim Jong-un’s. Meanwhile, North and South Korea have opened lines of communication, saying they are open to direct negotiations. We speak with Bruce Cumings, professor of history at the University of Chicago, author of “North Korea: Another Country.”

  • Transparency/Investigative Reporting

  • Environment/Energy/Wildlife/Nature

    • ‘Aggressive’ marine mammal assaults pressure officers to ban swimming at common San Francisco cove

      For San Francisco tourists, Aquatic Park Cove is one of the city‘s most iconic areas, a popular spot to watch enormous sea lions and harbor seals frolicking in the water across from Ghirardelli Square.

      For locals – or those who can brave the brisk waters, in any case – the cove is known as one of the best places for an open-water swim, especially favored by triathletes.

      But last week, the cove‘s most prominent features clashed in a harrowing manner, when “aggressive” marine mammals attacked three swimmers in the span of about five days, officials said.

    • How Harvey Hurt Houston, in 10 Maps

      Even before Hurricane Harvey hit, Houston was no stranger to devastating rainstorms. The city got two “100-year” storms in the two years before Harvey made landfall. All three storms flooded thousands of houses, many outside of the Federal Emergency Management Agency’s flood plains.

  • Finance

    • Intel admits vulnerability, but plays down effects; stock slides, AMD gains

      Intel Corp. admitted Wednesday that its chips have a vulnerability that will require software patches, but denied a media report that said other companies’ chips were not affected and that the software updates will have a major effect on devices’ performance.

    • Intel Says CEO Dumping Tons of Stock Last Year ‘Unrelated’ to Big Security Exploit

      According to a report published by the Register yesterday, “a fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.” Windows and Linux developers have reportedly been working to address the issue since November.

      As our friends at Gizmodo ES pointed out (via Hacker News), Intel’s CEO Brian Krzanich sold roughly $11 million in company stock at the end of November. Counting the employee stock options Krzanich exercised, the CEO unloaded 245,743 shares, leaving him with 250,000 remaining shares—the minimum Krzanich is required to own according to the company’s bylaws, the Motley Fool reported.

    • Google’s ‘Dutch Sandwich’ Shielded 16 Billion Euros From Tax

      Alphabet Inc.’s Google moved 15.9 billion euros ($19.2 billion) to a Bermuda shell company in 2016, regulatory filings in the Netherlands show — saving the company billions of dollars in taxes that year.

      Google uses two structures, known as a “Double Irish” and a “Dutch Sandwich,” to shield the majority of its international profits from taxation. The setup involves shifting revenue from one Irish subsidiary to a Dutch company with no employees, and then on to a Bermuda mailbox owned by another Ireland-registered company.

      The amount of money Google moved through this tax structure in 2016 was 7 percent higher than the year before, according to company filings with the Dutch Chamber of Commerce dated Dec. 22 and which were made available online Tuesday. News of the filings was first reported by the Dutch newspaper Het Financieele Dagblad.

    • The U.S. Is Blocking a Chinese Fintech Giant from Buying MoneyGram

      American authorities have decided that Alibaba’s digital payment firm, Ant Financial, won’t be allowed to acquire the cash transfer company Moneygram.

      Ant Financial, which was one of our 50 Smartest Companies in 2017, is a Chinese tech company that handles mountains of data generated by its mobile payment business and other banking services. It was created in 2014 by e-commerce giant Alibaba to operate Alipay, a dominant mobile payment platform in China with 520 million users, and uses tools like computer vision and natural-language processing to reimagine financial services (see “Meet the Chinese Finance Giant That’s Secretly an AI Company.”)

    • Merrill Lynch bans its clients, advisors from trading bitcoin-related investments

      Merrill Lynch financial advisors cannot buy bitcoin-related investments for their clients, The Wall Street Journal reported Wednesday.

      The ban prevents the financial giant’s roughly 17,000 advisors from pitching investments related to bitcoin and executing client requests to trade Grayscale’s bitcoin investment trust (GBTC), the newspaper said, citing a person familiar with the matter.

      “The decision to close GBTC to new purchases is driven by concerns pertaining to suitability and eligibility standards of this product,” according to an internal memo the newspaper reviewed.

    • In the World of Cryptocurrencies, Something’s Gotta Give in 2018

      In 2017 we were told that blockchain technology and cryptocurrencies were going to save the world, disrupting just about anything with a digital fingerprint. But we saw very few tangible examples that justified the hype. In 2018, many of the intriguing pitches we heard will still be around, only now the challenge is going to be finding a way to deliver real products and services. Here are some of the biggest issues that members of the blockchain world will have to work through if the new year is going to realize the potential that was so highly touted in the last.

    • The subtle rhetoric of Barnier’s now-famous graph

      And as one goes downward (of course) from left to right one can only blame the UK for adopting such positions.

      At the base of the stair is where the UK must end up, by reason of its “red lines”.

    • Minimum Wage Increases Could Speed Up Robot Adoption in the U.K.

      British government policies to boost income for poorly paying jobs could actually incentivize firms to automate instead.

  • AstroTurf/Lobbying/Politics

    • Making China Great Again

      As Donald Trump surrenders America’s global commitments, Xi Jinping is learning to pick up the pieces.

    • Orrin Hatch Was Never a ‘Public Servant’

      The retiring senator has always been a shameless tool of billionaire campaign donors and a partisan errand boy for the likes of Donald Trump.

    • The Most Irresponsible Tweet in History

      This may be the most irresponsible tweet in history. Julian Sanchez articulated the best-case scenario: “The good news is, other countries won’t take talk like this too seriously because they understand Trump is a small man who blusters to make himself feel potent. That’s also the bad news; there’s nowhere left to go rhetorically when we need to signal that we’re serious.” Most likely, that’s the fallout.

      But what if this needless social-media saber rattling escalates into war?

      The Gimlet Media host P.J. Vogt asks a key question: “Imagine if you were the person who invented Twitter.” If I were that person, I would ban President Trump immediately.

      And I would ban all other world leaders, too.

    • Donald Trump Hires Charles Harder To Threaten Steve Bannon With A Lawsuit, Block Publication Of New Book

      It goes on. Normally, none of this would be Techdirt-worthy, but late last night, a new twist was added. According to ABC News, President Donald Trump has hired lawyer Charles Harder to threaten Steve Bannon with a lawsuit for defamation, breach of confidentiality and non-disparagement agreements. And, then, this morning, more news broke of another letter, written by Harder, sent to Wolff and the book’s publisher, demanding that the book not be published at all — and that they send Harder a complete copy of the book.

      So, let’s lay our cards on the table here: the lawyer, Charles Harder, is still the lawyer representing a plaintiff in an ongoing lawsuit against us — and we’ve written about many of his other lawsuits, including representing the First Lady, Melania Trump. Not much more needs to be said about him. We’re also not huge fans of Steve Bannon. Or Donald Trump. Or, for that matter, of Michael Wolff, who has a long history of… not being very good at his job. So, if you want to accuse us of bias in this post, consider it spread all around.

    • You Want an Infowar, Fine

      Now, however, I do subscribe to the notion that Russia interfered with the US election on Trump’s behalf. It passes all of my sniff tests. It does not move the BS needle on my Truthometer. Putin put Trump in office. All the meetings, the indictments, the lies from Trump and his family and so much more are overwhelming. It’s Mueller Time, as they say.

      Yes, Hillary conspired, unwittingly, with her own iniquitous collusion to bump off Bernie and with her bloodstained foreign policy record. Like so many, I voted for her as a purely defensive and highly emetic act.

  • Censorship/Free Speech

    • Fordham Students Sue over Free Speech Rights to Establish Students for Justice in Palestine Group

      In a case that highlights what some are calling the “Palestine exception” to free speech on college campuses across the nation, we look at students who are suing Fordham University’s Lincoln Center campus in New York for their right to start a Students for Justice in Palestine group. The student government approved the group unanimously, but the dean of students overruled the approval, saying the group would “stir up controversy” and be “polarizing.” On Wednesday, the students asked a judge to reinstate the student government’s approval. We speak with Ahmad Awad, who has graduated from Fordham University and is the lead petitioner, now a law student at Rutgers University. We also speak with Dima Khalidi, director of Palestine Legal.

    • This Ex-NSA Hacker Is Building an AI to Find Hate Symbols on Twitter

      In August of this year, a white supremacist plowed through a crowd of protesters gathered in downtown Charlottesville, Virginia. The attack injured around 20 people and killed 32-year-old Heather Heyer. The violent clashes that weekend shocked Americans, among them Emily Crose, who wanted to be there to protest against the white supremacists but couldn’t make it. A friend of hers was there, and was attacked and hurt by neo-Nazis.

      Crose is a former NSA analyst and ex-Reddit moderator who now works at a cybersecurity startup. Inspired by her friend’s courage, and horrified by the events in Charlottesville, Crose now spends her free time teaching an AI how to automatically spot Nazi symbols in pictures spread online, be it on Twitter, Reddit, or Facebook.

    • Iran blocks encrypted messaging apps amid nationwide protests

      Even before the protest, Iran’s government blocked large portions of the internet, including YouTube, Facebook, and any VPN services that might be used to circumvent the block. The government enforced the block through a combination of centralized censorship by the country’s Supreme Cybercouncil and local ISP interference to enforce more specific orders. The end result is a sometimes haphazard system that can still have devastating effects on any service the regime sees as a threat.

    • German ‘hate-speech’ law tries to regulate Facebook and others – will it work?

      In September 2017, a law with the euphonious name ‘Netzwerkdurchsetzungsgesetz’ (‘network enforcement law’) was adopted in Germany. Its goal is to force social networks to remove hate speech and certain other unlawful content within 24 hours in obvious cases, otherwise within 7 days upon being notified. The transition period ended on 31 December 2017 – meaning the new rules can now be enforced. Failure to delete content within the given deadlines can result in heavy administrative fines of up to EUR 50m.

    • Who’s Afraid of the Big Bad Words?

      Unlike hate language, taboo words, dirty words, or fighting words that may cause harm, offense, or incite violence, the dangerous seven are not only surprisingly innocuous, but one might even say necessary to describe the present concerns of modern life and science. Astonishingly, “science-based” and “evidence-based” are on the list of the so-called banned words, along with “vulnerable,” “entitlement,” “diversity,” “transgender,” and “fetus.” The Post reports further that in some instances, semantically manipulative mouthfuls were offered, such as “CDC bases its recommendations on science in consideration with community standards and wishes,” in place of the widely accepted “science-based” or “evidence-based.” For the rest of the words to be avoided, such as “fetus,” there are no other suggested alternatives.

    • Editors’ picks for 2017: ‘Internet censorship: how China does it’

      Last month, Chinese state media published articles commemorating the 30th anniversary of China’s first-ever email: ‘Across the Great Wall, we can reach every corner in the world.’

      The email was sent from a research institute under China North Industries Group Corporation in Beijing on 14 September 1987 and received by the University of Karlsruhe in Germany at 8.55 pm on 20 September 1987.

      Techno-optimists believed that the internet would ensure a free flow of information and ultimately a democratic society in authoritarian states like China. Thirty years on, however, China has instead built a Great Firewall, a vast hardware and software system that aims to prevent access to undesirable websites and censors sensitive content.

    • German Hate Speech Law Goes Into Effect, Turning Social Media Platforms Into Gov’t Revenue Generators

      The law gives social media platforms 24 hours to remove “obviously illegal” content. This, of course, raises the question about how obvious “obviously illegal” content needs to be to trigger the 24-hour deletion requirement. Presumably, the government gets to decide how “obvious” the illegality is and how often it gets to collect millions of euros.

      In what must be considered a show of government largesse, one week will be allowed to handle “complex” removal orders — again, something likely determined solely by the German government. Given Germany’s ultra-weird relationship with its Nazi past, the difference between complex and simple takedown demands isn’t likely to be clear cut, putting companies in the path of fines and further German government grousing.

      I understand that American companies are somewhat obliged to follow local laws when providing services overseas, but they should not be put in the position of being held criminally and civilly liable for the posts of their users. They can attempt to moderate content with an eye on local statutes, but the fines for posting “obviously illegal” content should be levied on the person posting it, rather than the service provider.

    • Censorship in Venezuela Fuels Social Media Growth

      Freedom of the press in Venezuela has been threatened by the government for more than a decade. Even though the constitution of Venezuela protects freedom of expression and press freedom, Reporters without Borders found in 2017 that oppressive leader Nicolas Maduro “does his utmost to silence independent media outlets.”

      The accumulation of power in the executive branch has enabled the Venezuelan government to intimidate, harass, and criminally prosecute the opposition, human rights defenders, and independent media outlets. While traditional media outlets are being threatened, social media serves as an alternative tool to transmit and consume news.

    • ‘Sounds more like North Korea’: Anti-censorship Toronto subway art delayed over hate speech fears

      Two artists behind a controversial art installation commissioned for a newly opened subway station in Toronto say the city’s refusal to greenlight the project has ironically achieved what the art was meant to do — spark a debate about free speech.

      German brothers Jan and Tim Edler, owners of realities:united, a Berlin-based art studio, say they’d been working with the Toronto Transit Commission on the project since 2009. But they say it was only days before the new Pioneer Village subway station’s scheduled opening last month that they were told authorities had concerns about the art piece.

      At issue is LightSpell, a public art installation that would allow users to enter eight characters on a control panel in the station that show up on giant light screens that hang from the ceiling.

    • Social media plays ‘extremely important’ role in Iranian protests despite censorship

      Since the 2009 Green Movement protests in Iran, internet connections have grown significantly, which is why social media is likely playing an important role in the anti-government demonstrations rocking the country.

      “I believe that has made a tremendous difference between now and then,” said Hadi Ghaemi, executive director for the New York-based Center for Human Rights in Iran. “One difference between now and 2009 is that almost the whole nation is now plugged online.

      “I think for these protests it’s extremely important.”

    • Legal challenge to state censorship opens up gay rights debate in China

      China’s media regulator is being taken to court over its view that homosexual activities are “abnormal”, in a rare public case that pits state censorship against gay rights.

      Following a crackdown on showing homosexuality in the country’s media, a Beijing court has made the unusual move of accepting a legal challenge brought by a member of the public hoping to raise awareness in a country still gripped by dated conservative views on homosexuality.

    • How can scholars tackle the rise of Chinese censorship in the West?

      The extraordinary rise of Xi Jinping was, understandably, the main talking point of the 19th National Congress of the Communist Party of China (CPC) in October. Thanks to the president’s relentless consolidation of his personal power base within the party and the official encouragement of something approaching a cult of personality, comparisons with Mao were inevitably made by Western media outlets.

      The symbolic culmination of Xi’s ever-tightening grip on power was the unprecedented incorporation of his personal political theory, known as his “Thought on Socialism with Chinese Characteristics for a New Era”, into the party’s constitution. Xi’s 14-point plan to turn China into a “great modern socialist country” that is “prosperous, strong, democratic, culturally advanced, harmonious and beautiful” has been accompanied by equally strong ambitions on the international stage. At the 2017 World Economic Forum annual meeting in Davos, he cast himself as the leading champion of free trade and the fight against climate change, sensing the vacancy created by Donald Trump’s America First foreign policy and a European Union increasingly looking inward as it grapples with Brexit. Trump’s extravagant courting of Xi during his recent Asian tour and his refusal even to broach the issue of human rights only underscored China’s rising global standing.

    • Election censorship to apply to social media

      Election candidates will be required to register for vote-canvassing on electronic and social media, according to the current draft of the organic law governing the election of MPs.

      The National Legislative Assembly (NLA) committee vetting the bill has finished the first round of deliberation for all 178 sections of the law, said spokesman Taweesak Suthakavatin.

      The bill was submitted to the NLA by the Constitution Drafting Committee (CDC) on Nov 28, along with another organic bill related to the Senate.

      The panel’s next task will be to ask those NLA members who proposed changes to the law to elaborate on their amendments.

    • Artist compares TTC censorship on installation to North Korea
    • Revealed: Vietnam’s 10,000-Strong Internet Monitoring Force, Tasked With Stamping Out ‘Wrongful Views’
    • In Rhode Island Schools, Censorship Continues Online

      By filtering internet content, schools diminish the academic freedom of teachers and students.

      Imagine a school administrator telling a high school political science teacher that a whole range of timely topics — for example, medical marijuana, terrorism in the Middle East, gun control, or even politics in general — was off-limits for class discussion. The pedagogical absurdity of it, not to mention the upending of academic freedom it embodies, would seem obvious to most. In school districts across the country, however, a similar type of censorship takes place in the classroom every day, with little dissent.

      The censorship takes place invisibly, through the use of internet filtering programs that block certain categories of websites — or even websites that mention specific words — when students use school computers to access the internet. Although primarily designed to prevent access to pornography, the deeply flawed software, and school districts’ widespread embrace of it, has a significant impact on classroom teaching.

    • U-Haul Sends Bogus Legal Threats To Moving Assistance Company Run And Operated By Military Veterans
    • Why Can’t I Represent Incarcerated Arizonians if I Boycott Israel?

      Each year, I renew a contract to provide legal services to incarcerated people in an Arizona county jail.

      I have been doing this for 12 years without complications. Lately, though, there has been some extra paperwork that has nothing to do with my work as an attorney. Now, in order to renew my contract, I am being asked to promise that I will not participate in a boycott of Israel.

      [...]

      My interest in the Israeli-Palestinian issue isn’t new. I have visited the region previously. I raised a Jewish son. Last spring, he and I traveled together to Israel and Palestine. We met journalists, human rights advocates, Israelis, and Palestinians living under Israeli occupation in the West Bank. No one we talked to believed that Israel would ever dismantle the more than 100 Israeli settlements peppered through the West Bank. It was painfully clear to us that Israel will not stop, and in fact has accelerated, its de facto policy of permanent Israeli occupation. On the other hand, it will never allow equal rights for the 2.8 million West Bank Palestinians in a single state.

    • Facebook Allowing Israeli Security Forces To Shape The News Palestinians See

      Facebook continues to increase its stranglehold on news delivery, reducing pipelines of info to a nonsensically-sorted stream for its billions of users. Despite the responsibility it bears to its users to keep this pipeline free of interference, Facebook is ingratiating itself with local governments by acting as a censor on their behalf.

      While Facebook has fought back against government overreach in the United States, it seems less willing to do so in other countries. The reporting tools it provides to users are abused by governments to stifle critics and control narratives. And that’s on top of the direct line it opens to certain governments, which are used to expedite censorship.

  • Privacy/Surveillance

  • Civil Rights/Policing

    • China tries Tibetan language advocate featured in NY Times

      An activist promoting the Tibetan language stood trial Thursday in western China for inciting separatism after he appeared in a documentary video produced by The New York Times, highlighting the risks that Chinese citizens often face when speaking to foreign media.

      Tashi Wangchuk’s lawyer Liang Xiaojun told The Associated Press that a judge in Qinghai province heard oral arguments for four hours and will issue a verdict at an unspecified date.

      Tashi has pleaded not guilty. If convicted, he could face a lengthy prison term.

    • Israel’s Knesset Advances Bill Seeking Death Penalty for “Terrorists”

      Meanwhile, members of Israel’s parliament, the Knesset, erupted in a shouting match Wednesday, as Prime Minister Netanyahu and right-wing lawmakers advanced legislation that would make it easier to carry out death sentences against Palestinians convicted on terrorism charges. Capital punishment is legal in Israel but has not been implemented since 1962, when Nazi leader Adolf Eichmann was put to death for his role in the Holocaust.

    • Help Save BAR from Google, Trump, the Democrats and Their Spies

      Sixteen months ago, the Washington Post issued the equivalent of “wanted” posters targeting more than a dozen of the most effective leftwing sites on the internet — including Black Agenda Report, the only Black-managed operation singled out for suppression. Since then, the radical sites slimed as “Russian propaganda outlets and sympathizers” by Prop-or-Not, the Post’s shadowy “source,” report having lost on average nearly half their Google search-generated audiences,. BAR editors have also noted a drastic drop in the number of our own articles that come up in routine Google searches, compared to pre-November, 2016. BAR’s internet profile has been methodically shrunken.

      [...]

      Amazingly, the Democrats attacked Trump from the Right, reprising the McCarthy era of three generations ago. Trump was soft on the Kremlin, which is depicted as the home of Euro-Asiatic totalitarianism, no matter who is actually in charge. However, the new “Red Scare” requires the linking of Trump/Putin with domestic Reds – thus, the vilification of BAR and other Left sites by Prop-or-Not, a toy in the hands of Amazon and Washington Post owner Jeff Bezos, the world’s richest man and business partner with the CIA.

  • Internet Policy/Net Neutrality

    • No, The Death Of Net Neutrality Will Not Be Subtle

      If you listen to Comcast , AT&T, Verizon and their army of paid allies, nothing bad will happen now that the FCC has voted to kill net neutrality protections. In fact, Comcast argues, without government oversight of an uncompetitive market, investment and jobs will soon be miraculously springing forth from the sidewalks. It will, the industry argues, be impossible to even measure the incredible innovation that will be created by letting entrenched ISPs (and their natural monopoly over the broadband last mile) run roughshod over the backs of American consumers and smaller competitors.

      But even among folks that support net neutrality, there’s pretty clearly a contingent that still believes the damage caused by the repeal of the rules will somehow be subtle. Because the net neutrality debate in recent years wandered into more nuanced and quirky areas like interconnection and zero rating, they believe the ultimate impact of the repeal will likely be modest. After all, these harms (like Comcast exempting its own content from usage caps, or Verizon covertly choking interconnection points) were murky and out of the intellectual or technical reach of many Luddite consumers.

    • FCC chair pulls out of Consumer Electronics Show appearance
    • FCC Prepares To Weaken Broadband’s Definition To Hide Competitive, Coverage Issues

      Under Section 706 of the Telecommunications Act, the FCC is required to consistently measure whether broadband is being deployed to all Americans uniformly and “in a reasonable and timely fashion.” If the FCC finds that broadband industry is failing at this task (you may have noticed that it is), the agency is required by law to “take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment” and by “promoting competition in the telecommunications market.”

      Of course given that the telecom sector is often the poster child for regulatory capture, this mandate often gets intentionally lost in the weeds. This is usually accomplished by simply pretending the lack of competition doesn’t exist. Or worse, by meddling with broadband deployment metrics until the numbers show something decidedly different from the reality on the ground. It’s a major reason why broadband ISPs (and the lawmakers who love them) whine incessantly every time we try to update the definition of broadband to a more reasonable and modern metric.

  • Intellectual Monopolies

    • South Africa’s Push For Knowledge-Based Economy Through IP [Ed: This headline and few initial paragraphs conflate knowledge with “IP” (opposite). Mumbo-jumbo ‘religion’ ...]

      This statement was made by Mmboneni Muofhe, Department of Science and Technology (DST) deputy director general for technology and innovation, at the ninth Intellectual Property Summer School held at the University of the Western Cape (UWC) in December. The meeting brought together students, lawyers, scientists and different professionals drawn from Africa and other parts of the developing world for a ten-day intensive programme in intellectual property.

    • Copyrights

      • Software Copyright Back Before Federal Circuit: Time for the Court to Get it Right

        Should a company be able to shut down competition by asserting copyright in a collection of software commands? Tech giant Cisco Systems thinks so: it’s gone to court to try to prevent its competitor, Arista Networks, from building competing Ethernet switches that rely in part on commands Cisco argues it initially developed. Cisco lost the first round in a California district court, but it’s hoping for a better outcome from the Court of Appeals for the Federal Circuit.

        As we explain in a brief we’ve submitted supporting Arista, Cisco is wrong. First, where the collection of commands in question is simply a group of standard, highly functional directives, arranged based on logic and industry standards, it shouldn’t be copyrightable at all. Second, any copyright that does exist must be sharply limited, as a matter of law and good practical policy. Without such limits, the software industries will find themselves embroiled in the same elaborate and expensive cross-licensing arrangements we see in the patent space and/or face an explosion of litigation. Either option will discourage innovation and competition.

      • Confused Judge Says Video Game Play Has No Copyright, Because The Work Is Not ‘Fixed’

        Just last month we joked about how confused the creator of PlayerUnknown’s Battlegrounds, Brendan Greene, was when he claimed that there was no intellectual property for video games. That’s completely wrong, and there are many, many cases to show that it’s wrong. Yet… now there’s a case that bizarrely, argues that video games don’t get copyright (hat tip to Rick Sanders and Owen Barcala for flagging this one). The case is one that’s been dragging through the courts for years, bouncing around, concerning publicity rights of former professional football players when used in EA games like Madden NFL.

        The latest issue involves EA asking for the latest iteration of the case to be dismissed based on another ruling concerning NCAA basketball players and their publicity rights. In that ruling from April of this year, the 9th Circuit ruled (among other things) that federal copyright preempted state-based publicity rights claims. I don’t want to dig too deeply into what all of that means, but suffice it to say that under the 1976 Copyright Act, the law says that federal copyright law now trumps all state copyright or copyright-like laws, and you can’t hide behind some state law when federal law should apply. Here, the court said that the state-based publicity rights claims were blocked because of that, as the only issue should be covered under federal copyright law, where they would fail.

      • Spotify Hit With $1.6 Billion Lawsuit From Publisher Representing Tom Petty, Neil Young

        Music streaming company Spotify was sued by Wixen Music Publishing Inc last week for allegedly using thousands of songs, including those of Tom Petty, Neil Young and the Doors, without a license and compensation to the music publisher.

        Wixen, an exclusive licensee of songs such as “Free Fallin” by Tom Petty, “Light My Fire” by the Doors, “(Girl We Got a) Good Thing” by Weezer and works of singers such as Stevie Nicks, is seeking damages worth at least $1.6 billion along with injunctive relief.

      • Spotify is being sued for £1.18bn over unlicensed songs

        In other words – its defence is that Wixen isn’t acting with the knowledge of artists and that it doesn’t actually have a right to sue Spotify in the first place.

      • Spotify files to go public in New York
      • Google Blocks Pirate Search Results Prophylactically

        Google is accepting “prophylactic” takedown requests to keep pirated content out of its search results. Caleb Donaldson, copyright counsel at Google, explains that the company is ‘removing’ infringing links before they are indexed. Aside from these novel features, the company also has high hopes for artificial intelligence.

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts