Bonum Certa Men Certa

Links 14/8/2018: Virtlyst 1.2.0, Blender 2.8 Planning Update, Zorin OS 12.4, FreeBSD 12.0 Alpha





GNOME bluefish

Contents





GNU/Linux





  • Kernel Space



    • XArray Proposed For Merging In The Linux 4.19 Kernel
      Matthew Wilcox who most recently has been employed by Microsoft is looking to get the new XArray data structure added to the Linux 4.19 kernel.

      Earlier this year Wilcox was hoping for XArray in Linux 4.17 but that didn't pan out but he believes it is ready for Linux 4.19. XArray is intended to eventually replace the radix tree data structure in the Linux kernel. XArray's advantages include locking support as part of its design, memory not being pre-loaded, and page cache improvements in using XArray.


    • Btrfs Gets Fixes & Low-Level Improvements With Linux 4.19
      David Sterba of SUSE sent in the Btrfs file-system updates today for the Linux 4.19 kernel merge window.

      The most noticeable change with Btrfs for Linux 4.19 is that it now supports defragging opened read-only files that have read-write permissions. Btrfs in Linux 4.19 is also carrying some validation improvements, error code handling improvements, tree checker improvements, some fsync fixes, a possible deadlock fix, resetting the on-disk device stats value after replacing a drive, and a variety of other code clean-ups and bug fixes.


    • Linux 4.18 Benefits from Energy-Aware Scheduling on ARM
      The fourth major milestone release for the Linux kernel was officially announced by Linus Torvalds on Aug. 12 with the general availability of Linux 4.18.

      Linux 4.18, required a somewhat uncommon eight release candidates and follows the Linux 4.17 release that was announced on June 3.

      "One week late(r) and here we are - 4.18 is out there," Linus Torvalds wrote in his release announcement. "It was a very calm week, and arguably I could just have released on schedule last week, but we did have some minor updates."

      [...]

      Linux 4.18 also integrated a new asynchronous I/O interface that improves system polling performance.


    • Linux Kernel 4.18 Keeps Things Solid and Secure
      Linus Torvalds published the 4.18 kernel on Sunday, one week later than expected. This has a been a rocky release... and it’s all Android's fault (more or less).

      You see, Android systems lack tmpfs, the temporary file systems you usually see hanging off your /tmp directory. In regular Linux systems, a tmpfs is stored in memory and holds data that applications may need to retrieve at short notice or share with other programs. Instead, Android allocates a chunk of memory (called ashmem) that does the same thing. However, a change introduced to ashmem in 4.18-rc7 made the open source version of Android crash. Unfortunately, all this came to light the week before the final release of 4.18 was due. Nine patches later and the problem was still not totally resolved, so Linus decided to roll back the whole thing and wait another week for the things to calm down.


    • EXT4 & XFS File-System Updates Submitted For Linux 4.19
      The pull requests updating the XFS and EXT4 file-system driver code have been sent in for the recently started Linux 4.19 kernel merge window.

      On the EXT4 file-system front, the documentation on the project's Wiki has been converted into documentation files within the kernel tree. Additionally, there is now 64-bit timestamp support for EXT4's superblock fields, a Spectre gadget fix, hardening against maliciously corrupted file-systems, and various other bug fixes and code improvements.


    • Linux 4.19 Will Fend Off Stack Attacks With STACKLEAK Plugin
      As expected, Linux 4.19 is getting STACKLEAK as a GCC plug-in for the Linux kernel that will fend off various form of stack attacks.

      STACKLEAK is ported from the last open-source code of the GrSecurity/PaX modified kernel and wipes out the kernel stack before returning from system calls.


    • Linux Foundation



      • Open Source cleaning up at the Oscars
        Over the last 25 years, software, and particularly open source software (OSS), has played an increasingly important role in the most successful movies of our time.

        Now this contribution is set to grow, boosted by the introduction on Friday, of the Academy Software Foundation (ASWF), a joint venture of the Academy of Motion Picture Arts and Sciences - the organisation behind the annual Oscar awards and the Linux Foundation.

        This follows a recently concluded two-year investigation by the Academy which found that more than 80% of the motion picture industry uses OSS, particularly for animation and visual effects.


      • AMPAS, Linux Foundation Launch Academy Software Foundation
        “Developers and engineers across the industry are constantly working to find new ways to bring images to life, and open source enables them to start with a solid foundation while focusing on solving unique, creative challenges rather than reinventing the wheel,” said Rob Bredow, SVP, Executive Creative Director and Head of Industrial Light & Magic and Member of the Academy’s Science and Technology Council, Open Source Investigation Committee. “We are very excited to launch the Academy Software Foundation and provide a home for open source developers to collaborate, regardless of where they work, and share best practices which we believe will drive innovation across the industry.”


      • The Academy of Motion Picture Arts and Sciences and The Linux Foundation Launched the Academy Software Foundation, Linux 4.18 and GNU Linux-libre 4.18-gnu Kernels Are Out, DXVK 0.65 Released and Canonical Live Patch Update
        The Academy of Motion Picture Arts and Sciences and The Linux Foundation launched the Academy Software Foundation late last week. The ASF's mission is to "increase the quality and quantity of contributions to the content creation industry's open source software base; to provide a neutral forum to coordinate cross-project efforts; to provide a common build and test infrastructure; and to provide individuals and organizations a clear path to participation in advancing our open source ecosystem". Interested developers can sign up to join the mailing list here.




    • Graphics Stack



      • May the Source Be with You: NVIDIA Open Sources Material Definition Language SDK
        Security, customizability, flexibility and cost are a few of the benefits of open-source software for developers.

        They’ll get all these and more from NVIDIA’s Material Definition Language software development kit, which is available starting today as open source.

        MDL software — a set of tools that integrate the precise look and feel of real-world materials into rendering applications — has long been supported by developers. It gives end-users the freedom to share physically based materials and lights between supporting applications.

        For example, an MDL material — such as a specific piece of carpeting, upholstery or clothing — created in Allegorithmic Substance Designer can be saved to a library and then used in any other supporting application, like Adobe Dimension CC.


      • NVIDIA Announces Open-Source MDL SDK
        In addition to announcing the Turing-based Quadro RTX GPUs with GDDR6 memory, NVIDIA used SIGGRAPH 2018 to announce their open-sourcing of the MDL SDK.

        The MDL SDK is the Material Definition Language and is a programming language for defining physically-based materials for rendering, The MDL code can then be converted into GLSL, NVIDIA PTX, x86 instructions, or LLVM IR for making these assets more portable.


      • Mesa 18.1.6 Released With Build System Updates, Various OpenGL/Vulkan Driver Fixes
        Mesa 18.1.6 is now available as the latest point release for Mesa 18.1 as the Q2'2018 release of this collection of open-source graphics drivers/infrastructure.

        Mesa 18.1.6 just ships with over three dozen fixes compared to v18.1.5 from a few weeks back. The Mesa 18.1.6 release includes various Gallium3D fixes, different Autotools/Meson build system updates, corrections to MSAA corruption with AMD Vega, a DRIRC option to allow Metro Redux to work properly (again), support for using INTEL_DEBUG for setting Intel shader disk cache flags, and various other random fixes throughout.


      • Vulkan 1.1.83 Released With Minor Documentation Updates For SIGGRAPH
        The Khronos Group has released Vulkan 1.1.83 as a routine maintenance update to the Vulkan 1.1 graphics/compute API to coincide with the start of ACM SIGGRAPH 2018 in Vancouver.

        Vulkan 1.1.83 doesn't introduce any new extensions but just corrects a variety of documentation issues. It does prepare for some new extensions though as some extra bits are now reserved for pending vendor extensions. These reserved bits appear to be for some NVIDIA extension work.




    • Benchmarks

      • A Look At The Windows 10 vs. Linux Performance On AMD Threadripper 2990WX
        Complementing the extensive Linux benchmarks done earlier today of the AMD Threadripper 2990WX in our review (as well as on the Threadripper 2950X), in this article are our first Windows 10 vs. Linux benchmarks of this 32-core / 64-thread $1799 USD processor. Tests were done from Microsoft Windows 10 against Clear Linux, Ubuntu 18.04, the Arch-based Antergos 18.7-Rolling, and openSUSE Tumbleweed.






  • Applications



    • Virtlyst 1.2.0 released
      Virtlyst – a Web Interface to manage virtual machines build with Cutelyst/Qt/C++ got a new release.

      This new release includes a bunch of bug fixes, most importantly probably being the ability to warn user before doing important actions to help avoid doing mistakes.

      Most commits came from new contributor René Linder who is also working on a Bootstrap 4 theme and Lukas Steiner created a dockerfile for it. This is especially cool because Virtlyst repository now has 4 authors while Cutelyst which is way older has only 6.


    • Blender 2.8 Planning Update
      At this point we will not have a feature complete Beta release ready in August as we had hoped. Instead, we invested most of our time improving the features that were already there and catching up with the bug tracker. This includes making the viewport and EEVEE work on more graphics cards and platforms.

      The Spring open movie team is also using Blender 2.8 in production, which is helping us ensure the new dependency graph and tools can handle complex production scenes.


    • Blender 2.80 Now Coming In Early 2019 With Many Improvements
      The Blender 3D modeling software is facing a slight set-back in their release schedule for the big Blender 2.80 release, but it's moving along and they intend to have it ready by early next year.


    • HTTP request routing and validation with gorilla/mux
      The Go networking library includes the http.ServeMux structure type, which supports HTTP request multiplexing (routing): A web server routes an HTTP request for a hosted resource, with a URI such as /sales4today, to a code handler; the handler performs the appropriate logic before sending an HTTP response, typically an HTML page.


    • Blender 2.8 Alpha 2 Just Released, but Full Release Pushed to Early 2019
      The free and open-source Blender 3D modeling software, a popular alternative to more expensive suites like Maya LT and 3DS Max, is facing a bit of a delay in their release schedule for Blender 2.80 – however, the developers intend to release it by early next year 2019.

      The devs had hoped to have a feature complete beta ready this August 2018, but that doesn’t look like a possibility either – the team spent most of their time “improving” the currently existing features, and eliminating current bugs within the software. However, a Blender 2.80 Alpha 2 was released just today.


    • Browsh – A Modern Text Browser That Play Videos and Everything
      Browsh is an open source, simple and modern text-based browser that renders in TTY terminal environments. It is made up of a minimal Golang CLI front-end and a browser web-extension (headless Firefox) which actually offers most of the functionality to create a purely text-based version of web pages and web apps.

      This browser renders anything that a modern browser can; HTML5, CSS3, JS, video as well as WebGL. It is importantly a bandwidth-saver, designed to run on a remote server and accessed via SSH/Mosh or the in-browser HTML service so as to notably reduce bandwidth.


    • Chronos Timetracker – An Open-Source Desktop Client for JIRA
      JIRA is an Agile-based management tool that provides developers, designers, and team members with bug tracking, issue tracking, and other project management functions including customizing workflows, collaborating with external teams, and releasing software.


    • Proprietary



      • Dropbox will only Support the Ext4 File System In Linux in November
        Dropbox has announced that starting on November 7th 2018, only the ext4 file system will be supported in Linux for synchronizing folders in the Dropbox desktop app. Those Linux users who have synch on other file systems such as XFS, ext2, ext3, ZFS, and many others will no longer have working Dropbox synchronization after this date.

        This news came out after Linux dropbox users began seeing notifications stating "Dropbox Will Stop Syncing Ext4 File Systems in November." You can see an example of this alert in Swedish below.


      • Dropbox scares users by shrinking synching options
        Dropbox has quietly announced it will soon stop synching files that reside on drives tended by some filesystems.

        The sync ‘n’ share service’s desktop client has recently produced warnings that the software will stop syncing in November 2018.

        Those warnings were sufficiently ambiguous that Dropbox took to its support forums to explain exactly what’s going on, namely that as of November 7th, 2018, “we’re ending support for Dropbox syncing to drives with certain uncommon file systems.”
      • DaVinci Resolve 15 Video/Effects Editor Released With Linux Support
        DaVinci Resolve 15 has been released by Blackmagic Design as the company's professional-grade video editing, visual effects, motion graphics, and audio post-production software.
      • DaVinci Resolve 15 Released for RedHat Enterprise and CentOS Systems
        Video editing on Linux platform just got a whole lot easier, as Blackmagic Design just released their long-awaited DaVinci Resolve 15 software update – a free to use professional-grade video editing, visual effects, motion graphics, and audio post-production software suite.


      • Professional Video Editor DaVinci Resolve 15 Stable Released
        DaVinci Resolve 15 stable has been released for Linux, Windows, and macOS. The new release brings native audio support on Linux and a long list of new features and improvements.

        DaVinci Resolve is a professional video and effects editor. The tool, which can be used for editing, color correction, audio post production and visual effects, has two versions: free to use and paid (DaVinci Resolve Studio).

        The free to use version does not support h26x so you'll need to transcode any such clips before using them in DaVinci resolve. DaVinci Resolve 15 Studio costs $299 and it includes multi-user collaboration features along with 3D tools, dozens of Resolve FX and more.


      • Dropbox plans to drop encrypted Linux filesystems in November
        Linux users are calling on Dropbox to reverse a decision to trim its filesystem support to unencrypted EXT4 only.

        The company's supported file system list, here, is missing some formats – including various encrypted Linux filesystems.

        Until that list was revised, Dropbox said it supported NTFS, HFS, EXT4, and APFS on Linux; as the new requirements makes clear, Linux users will only be able to run unencrypted EXT4.




    • Instructionals/Technical



    • Wine or Emulation



      • DXVK Merges Direct3D 10 API Support
        Separate from the "DXUP" initiative, the popular DXVK project for accelerating Direct3D 11 atop Vulkan now has support itself for Direct3D 10.
      • DXVK expands with Direct3D 10 over Vulkan in Wine, also info on the new Direct3D 9-to-11 project
        There's so many incredible things going on around Wine right now it's hard to keep track. DXVK is now expanding to support Direct3D 10 over Vulkan in Wine.

        Talking about it on the official GitHub account in this issue, the main developer of DXVK said it works in a similar way to DXUP with it being a "very thin wrapper around the existing D3D11 interfaces, while allowing for better interoperability between the two APIs.".
      • DXVK Brings Merged DX10 Support, Benchmarks Show Good Performance
        The approach being used is somewhat similar to DXUP, by means of using a wrapper around the DX3D11 interfaces – which is enough to run DX3D10-based games such as Crysis, Assassin’s Creed 1, and basically any other game that uses DX3D10 (though games are still being tested, and the dev asks for bug reports via the issue ticket if you can pinpoint the issue to the DXVK wrapper).




    • Games



      • Play It Now - Invisible Inc
        Welcome to the another review in the PIN (Play It NOW) series. Conscious that all previous PINs have been action games, this time I’m covering Invisible Inc from Canadian studio Klei Entertainment, a superb stealth/strategy hybrid in the mould of XCOM.


      • A small update on the status of BATTLETECH for Linux
        Back in June, Harebrained Schemes stated that they were making "good progress" with the Linux version. However, we haven't really heard from them since then and so it seems Linux gamers were starting to get a little worried.


      • Blood will be Spilled, a narrative spaghetti western platformer with tactical turn-based combat is coming to Linux
        Blood will be Spilled has you follow Jack, a mosquito bounty hunter on his path of revenge voiced by Elias Toufexis (Adam Jensen from Deus Ex) and it's coming to Linux.


      • 5 open source strategy and simulation games for Linux
        Gaming has traditionally been one of Linux's weak points. That has changed somewhat in recent years thanks to Steam, GOG, and other efforts to bring commercial games to multiple operating systems, but those games are often not open source. Sure, the games can be played on an open source operating system, but that is not good enough for an open source purist.

        So, can someone who only uses free and open source software find games that are polished enough to present a solid gaming experience without compromising their open source ideals? Absolutely. While open source games are unlikely ever to rival some of the AAA commercial games developed with massive budgets, there are plenty of open source games, in many genres, that are fun to play and can be installed from the repositories of most major Linux distributions. Even if a particular game is not packaged for a particular distribution, it is usually easy to download the game from the project's website to install and play it.


      • Open-world vehicle builder 'TerraTech' has left Early Access
        I absolutely love games that let me build something, drive around and blow stuff up so I've been enjoying my time with TerraTech which is now out.

        Unlike Robocraft, TerraTech isn't just about building a powerful vehicle and destroying everyone. While it does have a PvP multiplayer mode, the main dish is actually the open-world single-player environment. That's not all it has to offer, as it also has creative mode to do whatever you want, a sumo fighting mode and a gauntlet challenge mode as well.


      • Rings of Saturn is a hard sci-fi, top-down space simulator coming soon to Linux
        Space sim Rings of Saturn [Official Site] was announced earlier this month, with a promise of a realistic top-down experience and it actually looks surprisingly good.

        Seems to have come out of nowhere, at least to me, I can't remember hearing literally anything about this before discovering it today. While the trailer doesn't really offer all that much, what it does show makes me firmly want to know more.


      • SC Controller, incredibly useful UI/Driver for the Steam Controller has a new release
        If you ever have issues with games not picking up your Steam Controller correctly, you should probably take a look at the excellent SC Controller [GitHub] project.

        The latest release v0.4.4, that was made available yesterday adds in some interesting new features. A pretty important one, is the new "relative joystick camera" mode, which acts just like the Joystick Camera mode on Steam. Some games (like twin-stick shooters) don't always hold the position of your thumb on the right pad to continually fire, this mode should fix it for games where it doesn't work as expected.


      • Insurgency: Sandstorm is looking real good in the latest videos, Linux version should come in the first couple updates
        Insurgency: Sandstorm [Steam] is the new tactical FPS from New World Interactive that will be coming to Linux. There's new videos out to show it off and we have an update for you about Linux support.






  • Desktop Environments/WMs



    • Velt/OS: A Material Design-Themed Desktop Environment
      When it comes to desktop environments, there is a set of popular DEs like GNOME, KDE, Xfce etc. Perhaps Lumina was one of the newest addition to the desktop environment family, until now.

      Let me introduce Velt/OS to you. It’s a material design inspired desktop environment mainly for Arch Linux. The project is in the experimental phase and being ‘slowly’ developed.


    • K Desktop Environment/KDE SC/Qt



      • The Joy of GSoC :)
        Wooo... this is the last day of coding phase of GSoC. I am writing this blog to share my experience and work done in the coding phase. I want to specially thank my mentor David Rosca for his help, suggestions and reviews. This was my first exposure to the KDE community and I am proud that it was great. I really enjoyed the whole program from proposal submission - intermediate evals - then now this final evaluation. Also, I had learned a lot working on my project. Frankly speaking, I didn't knew about i18n and l10n much but with the help of my mentor now I have a quite good understanding of how these works and are implemented. I can truly say this was one of my best summer vacations.


      • What’s next for WikiToLearn?
        Google Summer of Code is finishing and many things have been done on WikiToLearn since previous post. A little recap is needed.

        Talking with mentors has been crucial because they told me to focus on finishing CRUD interaction with API backend instead of working on “history mode” viewer.


      • Akademy 2018 Monday BoF Wrapup


        Monday was the first day of Akademy BoFs, group sessions and hacking. There is a wrapup session at the end of the day so that what happened in the different rooms can be shared with everyone including those not present.




    • GNOME Desktop/GTK



      • GSoC 2018 Final Evaluation
        As GSoC is coming to an end, I am required to put my work altogether in order for it to be easily available and hopefully help fellow/potential contributors work on their own projects.

        [...]

        At its prestige, through this project we will have tests both for most critical and used operations of Nautilus, and for the search engines we use. Further on, I’ll provide links for all of my merge requests and dwell a bit on their ins and outs while posting links to my commits:
      • GTK+ 4 and Nautilus </GSoC>
        Another summer here at GNOME HQ comes to an end. While certainly eventful, it unfortunately did not result in a production-ready Nautilus port to GTK+ 4 (unless you don’t intend to use the location entry or any other entry, but more on that later).
      • Pitivi Video Editor Gains UI Polish, Video Preview Resizing
        The latest Google Summer of Code 2018 is allowing some excellent work to be done on some excellent open source projects.

        Among them Pitivi, the non-linear video editor built using GTK and Gstreamer and offering up a basic video editing feature set.

        Over the past few months, Harish Fulara, a Computer Science student, has worked on improving the application’s greeter dialog and on adding support dynamic resizing of the video preview box.


      • GSoC’18 - Final Report
        Some of the tasks I had originally planned took a lot more time than expected. My last task was to add stats to games that track and store your overall game statistics. I’ve already began working on this and will get it merged after thoroughly getting it reviewed by my mentors.

        [...]

        I had a wonderful time contributing to GNOME since I started this February. The amazing community and even more amazing mentors helped me learn new things and guided me all along the way which I would like to thank them for. I will surely keep contributing to GNOME.




  • Distributions



    • Legacy OS 2017 - Ghost of Linux past


      I am quite sad. I was really looking forward to testing Legacy OS. I like quirky, unique stuff, and the Magic Scripts impressed me so much back in the day that I was more than enthused giving this distro a go. Alas, all my expectations were shattered. From boot problems to network problems to basic browsers, the karma just wasn't there. This feels like an ancient project resurrected into the modern era, but not well adapted to it.

      Hopefully, these issues can be ironed out, and then I'll take Legacy OS for another spin. At the moment, the 2017 edition feels wrong, and it doesn't have enough critical quality to warrant testing and tweaking and trying to work around some of the inherent issues. Just too much trouble. Ah well. Maybe some day. Take care.


    • New Releases



      • Zorin OS 12.4 Released – More Secure and Compatible than Ever Before
        We are pleased to announce the release of Zorin OS 12.4. This new release brings together the latest software updates, bug fixes, performance enhancements and hardware support out of the box.

        Zorin OS 12.4 introduces an updated hardware enablement stack. The newly-included Linux kernel 4.15, as well as an updated X server graphics stack, add compatibility for newer computers and hardware in Zorin OS. In addition, new patches for system vulnerabilities are included in this release, so you can have the peace of mind knowing that you’re using the most secure version of Zorin OS ever.

        After installing Zorin OS 12.4, you will have the latest versions of the pre-installed packages. That means fewer software updates will need to be downloaded after installing Zorin OS onto your computer.


      • Linux 4.18 And Zorin OS 12.4 Released With Big Changes: Get Them Here


        The developers of the beginner-friendly Linux distro Zorin OS have released the latest version — Zorin OS 12.4. Just as you’d expect, it brings better hardware support, bugs and security fixes, and performance improvements.

        Powered by Linux kernel 4.15 and updated X server graphics stack, 12.4 aims to serve users in a better manner.

        It’s worth noting that Zorin OS 12.4 is the last point release before the next major Ubuntu 18.04.1-based release, which is scheduled to arrive in upcoming months.




    • Red Hat Family



      • Red Hat’s Adam Clater Provides Recommendations for DevSecOps Practices in Government
        Adam Clater, chief architect for Red Hat’s North American public sector, has said there is a need for federal agencies to accept the integration of security in software development processes as a cultural change, MeriTalk reported Monday.

        Clater believes it is important that agency managers grasp the need to standardize their way of creating software systems to add stability and security in development and operations or DevOps practices, leading to a new concept called DevSecOps.

        The Red Hat official told agency managers to begin with undertaking easy and uncomplicated steps to determine how they should adapt to DevSecOps.


      • Could your team be managing itself?
        I was engaged recently in a passionate conversation ignited by a simple comment: "A team has to be managed." The comment made me think I wasn't on the same page as my interlocutor.

        I was discussing the importance of designing organizational roles that won't become bottlenecks (roles that won't prevent the organization from delivering efficiently or to adapting quickly to changes). In classic organization design, we tend to think that designing boxes on an organizational chart and putting great people in charge will solve all our problems. That approach could work in static environments, where what you have to deliver is defined once and for all.


      • Improving rsync performance with GlusterFS
        Rsync is a particularly tough workload for GlusterFS because with its defaults, it exercises some of the worst case operations for GlusterFS. GlusterFS is the core of Red Hat Gluster’s scale-out storage solution. Gluster is an open, software-defined storage (SDS) platform that is designed to scale out to handle data intensive tasks across many servers in physical, virtual, or cloud deployments. Since GlusterFS is a POSIX compatible distributed file system, getting the best performance from rsync requires some tuning/tweaking on both sides.

        In this post, I will go through some of the pain points and the different tunables for working around the pain points. Getting rsync to run as fast on GlusterFS as it would on a local file system is not really feasible given its architecture, but below I describe how to get as close as possible.


      • Advice For New Leaders From The CEO Of Red Hat


      • Finance





    • Debian Family

      • Google Summer of Code 2018 with Debian - Final Report
        My project is Wizard/GUI helping students/interns apply and get started and the final application is named New Contributor Wizard. It originated as the brainchild and Project Idea of Daniel Pocock for GSoC 2018 under Debian. I prepared the application task for the same and shared my journey through Open Source till GSoC 2018 in two of my blogs, From Preparations to Debian to Proposal and The Application Task and Results.


      • Reproducible Builds: Weekly report #172


      • Google Summer of Code 2018 Final Report: Automatic Builds with Clang using Open Build Service
        Debian package builds with Clang were performed from time to time through massive rebuilds of the Debian archive on AWS. The results of these builds are published on clang.debian.net. This summer project aimed to automate Debian archive clang rebuilds by substituting the current clang builds in clang.debian.net with Open Build System (OBS) builds.

        Our final product consists of a repository with salt states to deploy an OBS instance which triggers Clang builds of Debian Unstable packages as soon as they get uploaded by their maintainers.


      • Derivatives



        • Canonical/Ubuntu



          • Ubuntu Weekly Newsletter 540


          • Deploying Kubernetes on Public Clouds is hard – or is it?
            Recently, there’s been talk about how Kubernetes has become hard to deploy and run on virtual substrates such as those offered by the public clouds. Indeed, the cloud-specific quirks around infrastructure provisioning, including storage, networking assets such as load balancers, and overall access control (IAM) differs from cloud to cloud provider. It is safe to assume that it also differs between your on-prem IaaS implementation or virtualized infrastructure and the public cloud APIs.

            With all the public Container-as-a-Service (CaaS) offerings available to you, why would you deploy Kubernetes to a generic IaaS substrate anyway? There are many reasons for doing so.


          • Design and Web team summary – 13 August 2018
            Welcome to the latest work and updates from the design and web team.

            The team manages all web projects across Canonical. From www.ubuntu.com to the Juju GUI we help to bring beauty and consistency to all the web projects.


          • MacBuntu 18.04 Transformation Pack Ready for Ubuntu 18.04 Bionic Beaver
            MacBuntu (Macbuntu Mojave/High Sierra/El Capitan/Yosemite) transformation pack is ready for Ubuntu 18.04 Bionic Beaver, we were constantly asked for this pack to be available on our site, so here it is for you guys. In this transformation pack we are featuring many themes for almost every desktop, so you don't have to worry about the desktop you are using whether it is Gnome Shell, Mate, Xfce, Cinnamon or any other desktop. You can simply install it in Ubuntu/Linux Mint or any other Ubuntu based distribution and make your desktop look like Mac OS X. The Unity desktop is still supported in case you are using unofficial version of Unity desktop. In this pack you will find plenty of light variants as well as dark versions, which is managed by different creators and I would like to thank all of them for contributing these themes (McOS-themes, macOS High Sierra, macOS 11, macOS High Sierra - ELBULLAZUL). There are two themes for cursors, for dock we recommend you to install Plank dock and we are providing themes for it as well (credits: KenHarkey and erikdubois. Also we are including themes for Gnome Shell, for Cinnamon, and three icon packs in this transformation pack.










  • Devices/Embedded





Free Software/Open Source



  • Open-source tech has gained significance in powering startup tech infrastructure
    In the last decade or so, there has been an explosion in the number of mobile applications with the total number of apps available on the App Store reaching 2.2 million in January 2017. Mobile experience reached the next level after the launch of the first iPhone in 2007. Since then, there have been a lot of companies creating excellent smartphones enabling users to seamlessly use these applications. A majority of these mobile applications are B2C in nature, i.e they target consumers and not businesses. There is a distinctive characteristic of these consumer-facing apps—SCALE.


  • Tesla Will Open Up Vehicle Security Software To All Automakers


  • Elon Musk says Tesla will open part of its self-driving software to the public as a safety measure
    Tesla CEO Elon Musk told a hacker conference in Las Vegas he plans to "open source" the software Tesla uses to secure autonomous-driving features from hacks or takeovers, eventually allowing other carmakers to use it.

    It's a bid to make autonomous vehicle software safer by opening the software to more scrutiny, he told a private audience of around 100 people on Friday at DEFCON, an annual cybersecurity defense conference held in Las Vegas.


  • Elon Musk plans to open source Tesla's self-driving software
    The Tesla code, once licenced to manufacturers, could turn out to be the beginning of an open standard which would drive down costs. Plus of course every firm that licenced the tech would be adding its expertise to locking it down securely, such is the beauty of the open source.


  • Tesla's Open Source Security Could Protect Against an Autonomous Car Hack


  • Why critics who bash Musk's open source Tesla security project are wrong
    While some have characterized this move as self-serving, a way to make Tesla "look good from a marketing standpoint," this completely misses the point. While some have used open source as a vapid marketing gesture, Musk's move here would have far deeper significance for the industry and, of course, for Tesla.


  • Tesla Plan To Release Source Code For Their In-Car Security Technology
    Elon Musk posted on Twitter that he is planning to open-source Tesla vehicle security software so other car makers can take advantage of their code and potentially collaborate when improving security features.


  • Talend Heads to Open Source Summit to Speak on Apache Beam and Apache Spark
    Talend (NASDAQ: TLND), a global leader in cloud integration solutions, announced today that two of its technology experts, Mark Balkenende and Alexey Romanenko, will be speaking at the Open Source Summit held in the Vancouver Convention Centre from August 29-31. The summit brings together developers, architects and others open source and industry leaders to cover cornerstones in open source technologies, help navigate open source transformation, track business and compliance needs, and delve into the newest technologies and latest trends touching open source.


  • Web Browsers



    • Mozilla



      • Licensing Edgecases
        While I’m not a lawyer – and I’m definitely not your lawyer – licensing questions are on my plate these days. As I’ve been digging into one, I’ve come across what looks like a strange edge case in GPL licensing compliance that I’ve been trying to understand. Unfortunately it looks like it’s one of those Affero-style, unforeseen edge cases that (as far as I can find…) nobody’s tested legally yet.

        I spent some time trying to understand how the definition of “linking” applies in projects where, say, different parts of the codebase use disparate, potentially conflicting open source licenses, but all the code is interpreted. I’m relatively new to this area, but generally speaking outside of copying and pasting, “linking” appears to be the critical threshold for whether or not the obligations imposed by the GPL kick in and I don’t understand what that means for, say, Javascript or Python.


      • Chatting with your website visitors through Chatra
        When I started the blog, I didn’t add a message board below each article because I don’t have the time to deal with spam. Due to broken windows theory, if I leave the spam unattended my blog will soon become a landfill for spammers. But nowadays many e-commerce site or brand sites have a live chatting box, which will solve my problem because I can simply ignore spam, while interested readers can ask questions and provide feedbacks easily. That’s why when my sponsor, Chatra.io, approached me with their great tool, I fell in love with it right away and must share it with everyone.


      • Send: Going Bigger
        Send encrypts your files in the browser. This is good for your privacy because it means only you and the people you share the key with can decrypt it. For me, as a software engineer, the challenge with doing it this way is the limited API set available in the browser to “go full circle”. There’s a few things that make it a difficult problem.

        The biggest limitation on Send today is the size of the file. This is because we load the entire thing into memory and encrypt it all at once. It’s a simple and effective way to handle small files but it makes large files prone to failure from running out of memory. What size of file is too big also varies by device. We’d like everyone to be able to send large files securely regardless of what device they use. So how can we do it?

        The first challenge is to not load and encrypt the file all at once. RFC 8188 specifies a standard for an encrypted content encoding over HTTP that is designed for streaming. This ensures we won’t run out of memory during encryption and decryption by breaking the file into smaller chunks. Implementing the RFC as a Stream give us a nice way to represent our encrypted content.

      • TLS 1.3 Published: in Firefox Today
        On friday the IETF published TLS 1.3 as RFC 8446. It’s already shipping in Firefox and you can use it today. This version of TLS incorporates significant improvements in both security and speed.

        Transport Layer Security (TLS) is the protocol that powers every secure transaction on the Web. The version of TLS in widest use, TLS 1.2, is ten years old this month and hasn’t really changed that much from its roots in the Secure Sockets Layer (SSL) protocol, designed back in the mid-1990s. Despite the minor number version bump, this isn’t the minor revision it appears to be. TLS 1.3 is a major revision that represents more than 20 years of experience with communication security protocols, and four years of careful work from the standards, security, implementation, and research communities (see Nick Sullivan’s great post for the cool details).


      • Firefox Now Supports The Latest Version of Internet Security Protocol
        Internet Engineering Task Force released the final version of TLS 1.3, the latest version of internet security protocol, last week. Today, Mozilla has announced that Firefox now supports TLS 1.3.


      • Symantec Distrust in Firefox Nightly 63
        As of today, TLS certificates issued by Symantec are distrusted in Firefox Nightly.

        You can learn more about what this change means for websites and our release schedule for that change in our Update on the Distrust of Symantec TLS Certificates post published last July by the Mozilla security team.







  • SaaS/Back End



    • Hortonworks Supports JIDO Effort to Adopt Open Source for Capability Dev’t; Shaun Bierweiler Comments
      Hortonworks has helped the Defense Department‘s Joint Improvised Threat Defeat Organization deploy an enterprise information technology platform built on the Hadoop data management software and other open source technologies, ExecutiveBiz reported July 30.

      Federal News Radio reported July 27 that the open source project is in line with JIDO’s effort to deliver capabilities to warfighters and provide updates more quickly amid emerging threats.




  • Pseudo-Open Source (Openwashing)



  • BSD



    • FreeBSD 12.0 Alpha Hits The Web
      The first alpha release of FreeBSD 12.0 was quietly uploaded a few days ago to the project's download servers as the first step to shipping this next major update to the FreeBSD operating system.

      FreeBSD 12.0-ALPHA1 was successfully made back on 10 August as what begins the project's "code slush" period whereby new commits can continue being merged for 12.0 but they shouldn't be introducing new features. The actual code freeze is what's beginning later this month followed by the code branching and then the beta releases start towards the end of September.


    • Badness, Enumerated by Robots

      After my BSDjobs.com entry was posted, there has been an uptick in interest about the security related data generated at the bsdly.net site. I have written quite extensively about these issues earlier so I'll keep this piece short. If you want to go deeper, the field note-like articles I reference and links therein will offer some further insights.

      There are three separate sets of downloadable data, all automatically generated and with only very occasional manual intervention.





  • FSF/FSFE/GNU/SFLC



    • GSoC 2018 - GNUnet Web-based User Interface
      In the context of Google Summer of Code 2018, my mentor (Martin Schanzenbach) and I have worked on creating and extending the REST API of GNUnet. Currently, we mirrored the functionality of following commands:

      gnunet-identity gnunet-namestore gnunet-gns gnunet-peerinfo

      Additionally, we developed a website with the Javascript framework Angular 6 and the design framework iotaCSS to use the new REST API. The REST API of GNUnet is now documented with Sphinx.


    • GSoC 2018 report: Cuirass Web interface
      For the last three months I have been working with the Guix team as a Google Summer of Code intern. The title of my project is "GNU Guix (Cuirass): Adding a web interface similar to the Hydra web interface".

      Cuirass is a continuous integration system which monitors the Guix git repository, schedules builds of Guix packages, and presents the build status of all Guix packages. Before my project, Cuirass did not have a web interface. The goal of the project was to implement an interface for Cuirass which would allow a user to view the overall build progress, details about evaluations, build failures, etc. The web interface of Hydra is a good example of such a tool.

      In this post, I present a final report on the project. The Cuirass repository with the changes made during the project is located at http://git.savannah.gnu.org/cgit/guix/guix-cuirass.git. A working instance of the implemented interface is available at https://berlin.guixsd.org/. You can find more examples and demonstrations of the achieved results below.




  • Openness/Sharing/Collaboration



    • Open Hardware/Modding



      • Run a Linux Terminal on Cheap E-Ink Displays
        If you haven’t kept up with the world of e-ink displays, here’s some good news: they are pretty cheap now. For as little as $15 you can get a small e-ink display that has good enough performance and contrast to actually do something useful. There’s only one problem: figuring out how to drive them in your project.

        Tired of seeing nothing but wiring diagrams and sample code when it came to actually putting these e-ink modules to use, [Jouko Strömmer] decided to try his hand at creating a turn-key application for these gorgeous little displays. The result is PaperTTY, a Python program that allows the user to open up a fully functional Linux virtual terminal on an e-ink display.


      • Open Sourcing Martian Engineering
        One of the more impressive feats accomplished by NASA in recent years has been the plethora of data provided by the Mars Rover. This highly specialized ATV has not only provided some amazing video and images, but its look and maneuverability are just really cool.

        The folks at NASA’s Joint Propulsion Lab agree, and recently unveiled the JPL Open Source Rover (OSR) kit that provides specs and a bill of materials for making a scaled down rover of your very own. The open source Rover follows up on the interest garnered from the ROV-E, an educational model of the Mars Rover that made the rounds of high schools, museums, and universities. The biggest appeal of the OSR is that it can be assembled from commercial off-the-shelf parts for about $2,500.






  • Programming/Development



    • Never patterns, exhaustive matching, and uninhabited types (oh my!)
      One of the long-standing issues that we’ve been wrestling with in Rust is how to integrate the concept of an “uninhabited type” – that is, a type which has no values at all. Uninhabited types are useful to represent the “result” of some computation you know will never execute – for example, if you have to define an error type for some computation, but this particular computation can never fail, you might use an uninhabited type.


    • [Rust] Diagnosing A Weak Memory Ordering Bug
      For the first time in my life I tracked a real bug's root cause to incorrect usage of weak memory orderings. Until now weak memory bugs were something I knew about but had subconciously felt were only relevant to wizards coding on big iron, partly because until recently I've spent most of my career using desktop x86 machines.

      Under heavy load a Pernosco service would assert in Rust's std::thread::Thread::unpark() with the error "inconsistent state in unpark". Inspecting the code led to the disturbing conclusion that the only way to trigger this assertion was memory corruption; the value of self.inner.state should always be between 0 and 2 inclusive, and if so then we shouldn't be able to reach the panic. The problem was nondeterministic but I was able to extract a test workload that reproduced the bug every few minutes. I tried recording it in rr chaos mode but was unable to reproduce it there (which is not surprising in hindsight since rr imposes sequential consistency).


    • IEEE Survey Ranks Programming Languages
      It's been said that programming languages are akin to religion. Engineers and developers will go out of their way to defend the use of their favorite language. (Perhaps it's more the pain of learning a new language that keeps us using the old). Surely you've seen many surveys on programming language preferences. As with all surveys, the results depend on who was asked.


    • Programming Languages May Finally Be Reaching a Status Quo

      The analyst firm RedMonk has tracked programmers' interest in various programming languages since 2011. During that time, Swift and Kotlin grew faster than any other language the firm tracked, including Google's Go and Mozilla's Rust. Earlier this year Swift, which Apple released in 2014, managed to tie with Apple's much more established Objective-C language for tenth place in RedMonk's rankings.



    • Machine learning algorithms can identify anonymous programmers

      Rachel Greenstadt, associate professor of computer science at Drexel University, and Aylin Caliskan, an assistant professor at George Washington University, have found that code can be a form of stylistic expression, a bit like writing, reported Wired.

      As such, the researchers developed a machine learning algorithm to recognise the coding structure used by individual programmers based on samples of their work and spot their traits in compiled binaries or raw source code.







Leftovers

  • Free Airline Tickets: The Latest Internationalized Domain Name-based Homograph Scam

    As part of our continuous monitoring of the Internationalized Domain Name (IDN) space, Farsight recently found evidence of what appears to be an ongoing IDN homograph-based phishing campaign targeting mobile users. The suspected phishing websites purport to be those of commercial airline carriers offering free tickets, but, instead, appear to subject the user to a bait-and-switch scam.



  • JAL Flight 123: When a Seven Year Old Shoddy Repair Job Brought Down a 747
    The accident had a wide-reaching effect in Japan. JAL paid $6.7 million to victim’s relatives without admitting liability for the accident. JAL’s president resigned and a maintenance manager committed suicide. The engineer who inspected the jet and signed off on the repair also committed suicide. Flight number 123 was never used by JAL again. The route became Flight 127. JAL gradually switched from flying 747s to Boeing 767 and 767 aircraft and sent their few remaining 747s to the boneyard in 2011. This video with cockpit voice recorder (CVR) audio of the last minutes of JAL 123 was uploaded to YouTube by KaykEigh. WARNING: Not for the faint of heart.


  • 5 Things I Wish I Could Tell My Past Self

    Hindsight is 20/20, so what's the point if you don't share it with the world? Here's a few things I've been thinking about recently that I wish I could go back and tell fresh-out-of-college Kim. 'Cause man, she could have used a lot of help.



  • When Things Become Bizarre
    This also means I cannot travel to OggCamp. Essentially I have to stay within close range of my Post of Duty right now. Leave grants may be getting revoked soon. Getting shifted over to mandatory training status shortly makes that happen when the stakes are becoming as high as they are right now. Nobody has said this yet at work: "Failure Is Not An Option." With senior ranks in the chain of command coming to the Post of Duty in less than a week, we'll be learning how close things are to running aground. What makes me feel worse is that this was the year I specifically made provision to travel to England. Moving up the ranks at work means I can't escape responsible roles because I'm slowly becoming one of the persons others look up to because everybody else at my rank has either retired or left.


  • Science



    • iSpeak: Automated Authorship and Accountability in the Digital Age
      Automated authors generate content that impacts nearly every part of civil society. Children watch automatically–generated YouTube videos to learn language and social skills. Corporations use automated authors to create logos, slogans, poems, artwork, and even entire books in a multibillion dollar industry. And federal courts increasingly rely on reports generated by automated authors in making life and death decisions for criminal defendants. Despite the growing ubiquity of automated authorship, courts and commentators have yet to successfully theorize attribution for works generated by automated authors. Can a work have a nonhuman author? If so, should the law treat its works differently than works created by humans? The majority of courts simply avoid the question; others simply assume that only humans can be authors; still others do not even recognize a question exists. The result is a dangerous jurisprudential blindspot that rests on unstated, untheorized, and unscrutinized assumptions about speech produced by automated authors.




  • Hardware



    • NVIDIA CUDA 10 Adding nvJPEG, Turing Support
      NVIDIA is capitalizing upon SIGGRAPH 2018 as now in addition to launching the Quadro RTX GPUs and open-sourcing the MDL SDK they have announced their work on CUDA 10.

      CUDA 10 is being geared for release with many improvements over CUDA 9 for building GPU-accelerated applications with this proprietary API alternative to OpenCL.


    • Nvidia Unveils Turing Architecture Based Quadro RTX GPUs


      Introducing parts of the new Quadro RTX family, the Quadro RTX 8000, RTX 6000, and RTX 5000 now stand as Nvidia’s fastest cards and are expected to arrive in Q4 this year. Nvidia says that the Turing-based Quadro RTX is the “world’s first ray-tracing GPU.”


    • AMD Radeon Pro WX 8200 Is 16% Faster Than The Nvidia Quadro P5000 In Adobe Premier
      AMD has officially announced the Radeonâ„¢ Pro WX 8200 at SIGGRAPH 2018. We had earlier reported in an article that the new card would be announced in SIGGRAPH, which you can check out here.


    • NVIDIA Announces Turing-Based Quadro RTX GPUs As The "World's First Ray-Tracing GPU"
      This morning AMD announced the Vega-based Radeon Pro WX 8200 graphics card as the "best workstation GPU under $1,000 USD" while tonight NVIDIA is trying to steal the thunder by announcing the Quadro RTX series as the "world's first ray-tracing GPU" that is also based on their new Turing architecture.




  • Health/Nutrition



    • Trusted Health Sites Spread Myths About a Deadly Pregnancy Complication
      Preeclampsia, a dangerous form of hypertension that can develop during pregnancy or in the days and weeks after childbirth, is one of the most common causes of maternal death and severe complications in the U.S. The large majority of deaths occur after delivery, often from strokes.

      But you’d never know it from the incomplete, imprecise, outdated and sometimes misleading information published by some of the most trusted consumer health sites in the country.

      Instead, you might come away with the impression that, as Harvard Health Publishing says, preeclampsia “occurs only during pregnancy.”


    • Sensors to Smartphones Bring Patent Wars to Diabetes Monitoring
      Fortune and other diabetics are benefiting from an explosion in technology and innovation, from under-the-skin sensors that eliminate the need for painful finger pricks, to smartphone alerts when glucose levels rise too high. But the technology, and its integration with mobile devices, has brought the types of lawsuits typically seen by Silicon Valley companies.


    • Agribiotech Patents in the Food Supply Chain: A U.S. Perspective
      This chapter highlights U.S. agribiotech patent issues as they relate to the food supply chain. Agribiotech patents challenge how we think about fundamental issues of seed ownership, innovation, and when downstream uses are or should be permissible. Part II of this chapter sketches the arc of agribiotech developments in the U.S. from its colonial past to the current day and observes the evolution of protection over seed traits transition from an open socialist-style franchise to a tightly controlled oligarchy subsisting on patent rights. Part III assesses patent exhaustion through the lens of Bowman and the Court’s more recent decision in Impression Prod., Inc. v. Lexmark Int'l, Inc. Part IV offers observations on three issues: (1) patentees and generic seed companies will remain invested in maintaining compliance for transgenic seed exports; (2) the recent spate of mega-mergers continue the transformation set in motion by the privatization of agriculture more than a century ago, with these mergers benefiting agribiotech companies and farmers abroad, unfortunately, at the expense of U.S. farmers at home; and (3) developments such as retaliatory tariffs on transgenic seed exports will affect agribiotech innovation as surely as developments in patent law, and should be part of any comprehensive analysis of dynamic trends in the food value chain. Part V highlights key areas for future study and concludes.




  • Security



    • 25 Smartphone Models Found Shipping With Severe Firmware Flaws: Defcon 2018
      Smartphones from small as well as big OEMs are under the radar. OEMs such as ZTE, Leagoo, and Doogee have been included in the list of insecure Android device manufacturers previously as well. Leagoo and Doogee have been reported to come preinstalled with apps that have banking trojans.


    • Aporeto Security and Red Hat OpenShift in Action


      In this short video, we demonstrate how Aporeto integrates with Red Hat OpenShift and leverages the platform’s native capabilities to extract application identity metadata to enforce security.

      Aporeto enforces security uniformly in hybrid and multi-cloud environments and abstracts away the complexities of the underlying infrastructure. As you leverage OpenShift to expand beyond the data center, you can use Aporeto to extend your security policies no matter where your application and its services run.


    • Oracle has flagged a vulnerability that could “completely compromise” customer databases


      Oracle is calling on its customers to immediately patch a security vulnerability that can lead to “complete compromise of the Oracle Database”.

      The vulnerability was found in the Java VM component of the vendor’s database server, but attacks may “significantly impact additional products”, according to a notice on the US National Vulnerability Database.


    • Hacknet gets 'Educational' pricing plan to help teach students about cyber security
      Although primarily intended for entertainment, Hacknet’s simulation is based on real cyber-security principles, while its user interface implements actual Unix commands


    • Security updates for Monday
    • OpenPGP key expiration is not a security measure
      There seems to be some recurring confusion among Gentoo developers regarding the topic of OpenPGP key expiration dates. Some developers seem to believe them to be some kind of security measure — and start arguing about its weaknesses. Furthermore, some people seem to think of it as rotation mechanism, and believe that they are expected to generate new keys. The truth is, expiration date is neither of those.


    • Vulnerability in Java VM Component of Oracle Database allows for Whole System Compromise


    • #DEFCON Vote Hacking Village Refute NASS 'Unfair' Claims
      DEFCON has hit back at criticisms levied at it by the National Association of Secretaries of State (NASS) over the introduction of an area designed to test voting machines.

      In a statement released on 9th August, the NASS said that while it applauded “the goal of DEFCON attendees to find and report vulnerabilities in election systems" it felt it was important to point out that work has been done by states' own information technology teams, and also named the Department of Homeland Security (DHS), the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), the private sector, the National Guard and universities as being involved “to enhance and reinforce their cyber postures with penetration testing, risk and vulnerability assessments and many other tools.”


    • How to hack an election, according to a former NSA hacker
      As we find out more about Russia's interference in the 2016 United States presidential election, former NSA hacker and TrustedSec CEO David Kennedy reveals what it would take to hack an election. Kennedy also reveals how France was able to protect themselves. Following is a transcript of the video.

      David Kennedy: What's interesting with the election systems is that as they become more and more electronic, and people can use computer systems to actively go in and cast your votes at the actual ballots, those are all susceptible to attack.

      What the government has tried to do is a technique called air gapping, which means that they're not supposed to be hooked up to the internet or have the ability to communicate the internet, so they can be not hacked by hackers. Essential databases that are used to count the ballots and actually cast votes is connected to multiple networks and the internet. And we're seeing intrusions occur, and so as we're using electronic voting as a method to conduct actual voter ballots, it's a very, very susceptible system. Most of the systems are out of date. Most of the systems aren't protected against hacks. There's definitely possibilities for other influences to have a direct impact on our elections themselves.


    • Faxploit: Breaking the Unthinkable


    • HP Fax Protocol Flaw Exposes Whole Enterprise Network to Exploit
      Check Point has discovered a new vulnerability in HP’s range of office fax machines that allow hackers to exploit a fax number related flaw and gain access to the remainder of the company’s enterprise network. This exploit is not limited to any one product or any particular company’s setup, but it encompasses all of HP’s office fax machines and all-in-one devices that have a faxing system integrated within them.


    • Security updates for Tuesday


    • Ex-NSA staffer demonstrates malware bypassing security checks in High Sierra




  • Defence/Aggression



    • Arrest warrant issued for former CIA agent allegedly involved in a failed Russian-backed coup in Montenegro SOFREP Original Content
      Late last week, the government of Montenegro issues an international arrest warrant for Joseph Assad, a U.S. citizen born in Egypt and a former CIA agent, for his alleged role in a failed coup that aimed to prevent Montenegro’s accession into the NATO alliance in 2016. Assad’s was not the only warrant issued, as Montenegro levied 14 other warrants, mostly for allegedly involved Serbs and at least two Russian military officials believed to be the leaders of the endeavor. According to Montenegro’s claims, the coup attempt was organized and backed by Russian military and intelligence agencies, in keeping with Russia’s aggressive rhetoric pertaining to Montenegro’s decision to join NATO.


    • Venezuelan President Asks FBI For Help After Surviving Assassination Attempt


    • UAE responds to AP report on deals with al-Qaida in Yemen
      The United Arab Emirates on Monday said it was actively fighting al-Qaida's branch in Yemen after an Associated Press report outlined how Emirati forces cut secret deals with the militants to get them to abandon territory.

      An Emirati general denied the report while speaking to journalists in Dubai, saying it was based on "nothing." The AP spoke to two dozen witnesses, tribal leaders, mediators, militants and security officials who all described the practice.

      Meanwhile, a top Emirati diplomat acknowledged that war is not a "clean operation" when asked about a Saudi-led airstrike last week in Yemen that killed dozens, including schoolchildren.


    • Montenegro Takes On Russia, America and a Former CIA Officer
      It sounds like a spy novel. A former CIA case officer joins a cabal of pro-Russian rebels attempting to kill the prime minister of a small Balkan country. The coup fails, the officer returns to the U.S. – and now authorities in the Balkans want the former spy for questioning.

      Last week Montenegro announced it is seeking extradition of the retired U.S. spy, Joseph Assad, for his role in an attempted coup there in 2016. If the allegations are true, this story has a twist worthy of an airport-bookstore thriller: The U.S. and Russia may be rivals, but when it comes to Montenegro, they are secret collaborators.


    • Cops record statement of ex-MEIO chief on CIA letter
      Police have taken the statement of the former Malaysian External Intelligence Organisation (MEIO) director-general Hasanah Abdul Hamid on a letter she wrote to the United States’ Central Intelligence Agency (CIA).


    • Letter to CIA: Cops record statement from boss of intelligence body
      Police have taken the statement of former Malaysian External Intelligence Organisation (MEIO) director-general Hasanah Abdul Hamid on a letter she wrote to the United States’ Central Intelligence Agency (CIA).

      Without revealing when Hasanah’s statement was taken, the Inspector-General of Police Mohamad Fuzi Harun said police had also called several other MEIO officers to assist in the investigations.

      He said police would also be taking the statements of several MEIO officers in Washington.


    • Leaked letter to CIA: Cops waiting to record statements from Washington-based officers
      Police are waiting to interview several officers based in Washington DC as part of its investigation into a leaked confidential letter from a top government intelligence agency that has raised security concerns in the country.

      Inspector-General of Police Tan Sri Mohamad Fuzi Harun said the police were waiting for a couple of officers from the Malaysian External Intelligence Organisation (MEIO) to return from their pilgrimage to Mecca to record their statements into a leaked letter to the US Central Intelligence Agency (CIA) ahead of GE14.




  • Transparency/Investigative Reporting



    • Whistleblowers will get five years jail under new cyber law

      Under the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, a draft of which was released this morning for public comment, a wide range of people are covered by this part of the proposed legislation.

      The law appears to aim at discouraging whistleblowers by including public servants — employees of the Federal, State or Territory Governments — among those who could be sent to jail for disclosing information of this kind.



    • The DNC's legal team just subpoenaed WikiLeaks on Twitter
      In a case sure to give “slide into my DMs” a whole new meaning, WikiLeaks just got subpoenaed via Twitter.

      On Friday, a law firm representing the Democratic National Convention in its civil lawsuit against WikiLeaks and other defendants formally notified the organization that it is being sued, CBS News reports. The Twitter account that served Wikileaks online appears to have been set up this month by the DNC’s law firm, Cohen Milstein, for the sole purpose of serving papers to Julian Assange’s organization.


    • WikiLeaks was summoned to court via Twitter
      In a civil lawsuit addresses the fact of interference in the presidential elections in America and work with the Russian government. A Federal court in Manhattan last month several times sent e-mails to WikiLeaks, but to no avail. Then, the lawyers decided to act through social networks. Although the agenda via Twitter not an official document, America was already a similar precedent. The U.S. district court in the Northern district of California held that the defendant can be notified via the social network only if their active use.


    • US Court Authorizes Service By Twitter on Wikileaks
      The Democratic National Committee has obtained leave of court to serve process on Wikileaks via Twitter in its lawsuit against Russia, Wikileaks, Julian Assange and others. I have written previously about the FSIA issue in the case and the issues about serving process on Mr. Assange in the Ecuadoran embassy in London. But serving process on Wikileaks poses difficulties, too.

      The DNC’s motion gives several reasons for seeking leave to serve process by Twitter rather than by a more traditional means. Wikileaks, it says, is an “organization of unknown structure” that has “more of a virtual than a physical presence.” It has post office boxes in California and in Australia, but it is unclear to the DNC whether Wikileaks uses them for business. Lawyers who have represented Wikileaks in prior US litigation have said they no longer represent the organization or are not authorized to accept service. And Wikileaks, or someone purporting to act on its behalf, does have an active Twitter presence.


    • ‘Too Big to Fail’: Russia-gate One Year After VIPS Showed a Leak, Not a Hack
      A year has passed since highly credentialed intelligence professionals produced the first hard evidence that allegations of mail theft and other crimes attributed to Russia rested on purposeful falsification and subterfuge. The initial reaction to these revelations—a firestorm of frantic denial—augured ill, and the time since has fulfilled one’s worst expectations. One year later we live within an institutionalized proscription of proven reality. Our discourse consists of a series of fence posts and taboos. By any detached measure, this lands us in deep, serious trouble. The sprawl of what we call “Russia-gate” now brings our republic and its institutions to a moment of great peril—the gravest since the McCarty years and possibly since the Civil War. No, I do not consider this hyperbole.

      Much has happened since Veteran Intelligence Professionals for Sanity published its report on intrusions into the Democratic Party’s mail servers on Consortium News on July 24 last year. Parts of the intelligence apparatus—by no means all or even most of it—have issued official “assessments” of Russian culpability. Media have produced countless multi-part “investigations,” “special reports,” and what-have-yous that amount to an orgy of faulty syllogisms. Robert Mueller’s special investigation has issued two sets of indictments that, on scrutiny, prove as wanting in evidence as the notoriously flimsy intelligence “assessment” of January 6, 2017.


    • Whistleblower org chief quits over Assange critic boot demand
      The director of whistleblower support outfit the Courage Foundation has quit after being told to pull support from Barrett Brown following some barbed comments he made about Julian Assange.

      Naomi Colvin walked out of the foundation after “three of Courage’s trustees wrote to me demanding that I inform Barrett Brown that he could no longer be a Courage beneficiary, on the basis of ‘nasty adversarial remarks’ about WikiLeaks,” she wrote in a blog post.


    • Can You Serve A Subpoena Over Twitter? Yes, And It Just Happened To WikiLeaks
      Perhaps @Jack should consider a new promotional tag for his company — “Twitter: Not Just For Verifying White Supremacists Anymore.” The microblogging social media platform has let its users double the lengths of their screeds and still gives us a healthy dose of Alex Jones and his gang of morons who can’t figure out what publicly traded companies are, so it’s about time we got something useful out of the product. You can use Twitter to serve subpoenas.

      The DNC, still suing Russia and Donald Trump and the rest of the collusion cadre, has had a hard time getting WikiLeaks to hand over discovery material since Julian Assange is holed up in an embassy overseas. With Assange not answering his emails, Cohen Milstein, representing the DNC, sought and received permission to serve a subpoena over Twitter.


    • The Internet Is Crowdfunding the Release of 4,358 Secret CIA Mind Control Documents
      John Greenewald has spent his life trying to pry secrets out of the US government. Now, he’s asking for some help to get his hands on some of the most elusive documents he’s ever tried to nab.

      On Wednesday of last week, Greenewald, who runs the declassified-document clearinghouse the Black Vault, started a crowdfunding campaign on GoFundMe to raise money for the fee the Central Intelligence Agency is charging him for his latest Freedom of Information Act (FOIA) request. He’s hunting for documents related to the notorious MKUltra program (often referred to as the CIA's "mind control" project), an endeavour he embarked on after realizing that the agency had left out thousands of pages from a FOIA request Greenewald filed about the program back in 2004.

      The fee, based on reproduction costs set at ten cents per page, comes out to $425.80. Greenewald said he was denied a waiver, usually given to members of the media or FOIAs that pass a public-interest test. “There’s really not much I can do besides cut the check,” he told me over the phone.






  • Finance

    • ‘A National Disgrace’: Port Truckers Demand an End to Misclassification

      “The company is the only one who benefits,” Zelaya told me. “It’s my truck, but they put a GPS on it, they tell me what to do, and if I want to work for another company, they retaliate against me.”



    • ‘The Vast Majority of Tipped Workers in America Suffer from Three Times the Poverty Rate of the Rest of the US Workforce’
      Saru Jayaraman is the co-founder and co-director of the Restaurant Opportunities Centers United and director of the Food Labor Research Center at the University of California, Berkeley. She’s author of the books Behind the Kitchen Door and Forked: A New Standard for American Dining. When we spoke with her in 2015, we asked what she thought people should know about the tipped wage for restaurant workers.
    • Peter Phillips Returns
      The product of years of research, Giants identifies the members of the ‘transnational capitalist class,’ which includes the institutions and individuals that control trillions of dollars of the world’s wealth, and wield the political power that these riches confer.


    • Rise of Enterprise

      Fast-forward to 2018, and Dell’s prospects seem far better. Dell is now worth an estimated $70 billion — nearly triple what the buyout valued it at five years ago — and it has announced a bid to return to the public sector in a $22 billion buyout. It’s an astounding transformation. Dell and his investment partners at Silver Lake transformed the company from a struggling consumer electronics company into an enterprise powerhouse.



    • New NAFTA agreement should keep with critical investment protections


      Nothing is more important than modernizing and renegotiating NAFTA and including strong, common sense protections for business.




  • AstroTurf/Lobbying/Politics

    • Archivist rejects Democrats' demand for Kavanaugh documents

      The National Archives is doubling down on its refusal to respond to Democratic requests for documents from Supreme Court nominee Brett Kavanaugh's White House tenure.

      Archivist David Ferriero wrote in a letter to Sen. Dianne Feinstein (Calif.), the top Democrat on the Senate Judiciary Committee, that it is the agency's policy to only respond to requests from a committee chair, all of whom are Republicans.

    • FBI Fires Agent Who Sent Anti-Trump Texts


    • Technocrats Rule: Democracy Is 'OK' As Long As The People Rubberstamp Our Leadership

      We are in a very peculiar ideological and political place in which Democracy (oh sainted Democracy) is a very good thing, unless the voters reject the technocrat class's leadership. Then the velvet gloves come off. From the perspective of the elites and their technocrat apparatchiks, elections have only one purpose: to rubberstamp their leadership.

      As a general rule, this is easily managed by spending hundreds of millions of dollars on advertising and bribes to the cartels and insider fiefdoms who pony up most of the cash.

    • Facebook news chief to media: ‘Work with Facebook or die’

      The Australian reports that Facebook media relations chief Campbell Brown privately disclosed that Mark Zuckerberg is indifferent to publishers and offers the news media a simple choice: "Work with Facebook or die."



    • Facebook exec: media firms that don't work with us will end up 'in hospice'

      During the four-hour meeting, Brown also talked about the company’s decision to prioritise personal posts from family and friends over journalistic content within the news feed. The move has hit some publishers who rely heavily on referrals from Facebook hard.



    • With attacks on independent media, the "thaw" in Belarus is over
      After the start of the Russia-Ukraine conflict in 2014, Belarus gradually began to shed its image as the “last dictatorship of Europe”. The country’s relative liberalisation was expressed through a decreasing level of repression against activists and politicians.

      For Belarus’ independent press, though, the rules of the game have only got worse. Media that didn’t profess a clear political position could rely on a relative level of freedom. But everything changed overnight on 7 and 8 August, when Belarusian law enforcement conducted searches at five editorial offices — including Tut.by and BelaPAN, two of the country’s biggest media resources.

      In Belarus, a journalist’s work was always complicated by a range of legal restrictions. A favourite method of pressure is fining non-accredited journalists working for foreign media — any freelancer can fall foul of this. In this year alone, journalists working for Belsat TV channel, which broadcasts from Poland, have been fined in Belarusian courts 70 times at a cost of $25,000. Moreover, the homes of Belsat journalists are regularly searched by Belarusian law enforcement.

    • Trump Attacks 'Wacky Omarosa' on Twitter — Fmr CIA Director Responds With Comment on What's 'Presidential'
      Former CIA Director, John Brennan, lodged yet another criticism of President Donald Trump on Monday after the president issued a series of tweets attacking former White House adviser, Omarosa Manigault-Newman.

      [...]

      “You’re absolutely right. If you were 'presidential,' you would focus on healing the rifts within our Nation, being truthful about the challenges we face,” he said.

      He appeared to attack Trump's controversial immigration tactics, arguing that it would be presidential for Trump to show that the United States “welcomes all.”
    • Cops to question Washington-based officers over CIA letter
    • IGP: Embassy officers in Washington to be quizzed over leaked CIA letter
      Several Malaysian embassy officers based in Washington will be called up to assist investigation into the leak of the letter to the US Central Intelligence Agency (CIA), says Tan Sri Mohamad Fuzi Harun (pic).

      The Inspector-General of Police said police have so far recorded the statements of several persons of interest, including Datuk Hasanah Abdul Hamid, who is the former head of the Malaysian External Intelligence Organisation (MEIO).

      "We will wait for the officers based in Washington to return, and we will record their statements.
    • Leaked letter to CIA: Cops waiting to record statements from Washington-based officers
    • Stop Telling Yourself Trump's Supporters Are Turning On Him




  • Censorship/Free Speech



    • Can poetry survive outrage culture?

      Sadly, Carlson-Wee also issued an apology on Twitter, which read like a confession at a North Korean showtrial. I have sympathy for him. If you’re not used to dealing with conflict, being attacked by an angry crowd on Twitter can be quite disorientating. He seems a gentle soul who truly meant well, and someone who is probably particularly sensitive to accusations of bigotry. His apology indicates how deeply his faith in his own work has been shaken, showing how much free expression can be hampered by the vitriol of social media.



    • Taibbi: Censorship Does Not End Well


      How America learned to stop worrying and put Mark Zuckerberg in charge of everything

      [...]

      Jones is the media equivalent of a trench-coated stalker who jumps out from from behind a mailbox and starts whacking it in an intersection. His “speech” is on that level: less an idea than a gross physical provocation. InfoWars defines everything reporters are taught not to do.
    • Alex Jones is far from the only person tech companies are silencing


    • Social Media Censorship: A Growing Risk to Tech Stocks


    • True democracy is more valuable than censorship


    • Letters: Banning Alex Jones dangerous censorship


      The recent removal of Alex Jones’s Infowars content from many social media platforms, and the Apple podcast service, sets a bad precedent.

      I completely disagree with Jones’ divisive rhetoric, but does that mean he should be censored? Where does this stop? Will other conservative content creators, like Glenn Beck and Ben Shapiro face the same fate, or will we set a standard of open communication?
    • Fake News is Nothing New: Censorship in the First World War
      Fake news is nothing new. 100 years ago, censorship restrictions in place during the First World War saw newspaper headlines portray disastrous battles like those at Gallipoli as decisive victories.

      A new campaign from WW100 (First World War Centenary Programme) puts wartime censorship itself under the spotlight. The online campaign features a series of animated videos, essays and cartoons which investigate the impacts of censorship historically, as well as considering some of the issues which affect the free flow of information in New Zealand today.
    • Broward County School Board Gets Hit With Anti-SLAPP Suit After Trying To Punish Paper For Exposing Its Redaction Failure
      Last week, the Broward County School Board went after a Florida newspaper, claiming it should be held in contempt of court for publishing information the school district didn't properly redact. The Sun Sentinel obtained a copy of the Parkland school shooter's educational records as the result of a public records suit. Certain information was redacted -- or at least was supposed to be -- to comply with state and federal privacy laws.

      What was delivered to the Sun Sentinel by the district had black redaction bars covering two-thirds of the document. Unfortunately, the redactions were merely cosmetic. Anyone with a copy of the PDF could select the "redacted" text in the PDF and paste it into a text editor to see what was supposed to have been withheld. The school board screwed up, making it possibly liable for privacy law violations, but it went to court claiming it was all the Sun Sentinel's fault anyone's privacy got violated.

      The Sun Sentinel has now responded -- both with an editorial middle finger and a filing in court. (h/t Brittany Wallman) If everything goes the Sun Sentinel's way, not only will it not face contempt charges (there's been no ruling on the motion, so it appears the judge doesn't believe closing barn doors post-livestock exodus qualifies as an emergency), but might collect some cash from the school district for trying to silence the paper.
    • Reddit's co-founder knows trolls. He has advice moderating the noise
      Reddit cofounder Alexis Ohanian is no stranger to the content moderation debate roiling social media. The popular discussion platform, which calls itself the front page of the internet, has long struggled with trolls, misinformation and extremism.

      That gives Ohanian a unique perspective on the national discussion prompted by the recent expulsion of InfoWars founder Alex Jones from several platforms. And it leads him to believe that every platform ought to craft clear content moderation strategies, and have a team of employees dedicated to enforcing them.

      "It's going to be imperative that every one of these social platforms understands what their role is and what their policies are so that they're not subject to the whims of whatever frenzy swirls around at a given moment," he told CNNMoney in a phone interview Monday.
    • Other View: Beware the digital censor


    • Talking Twitter Censorship on FOX




  • Privacy/Surveillance



    • Tech companies earn White House praise for committing to easier health data access

      Amazon, Google, IBM, Microsoft, Salesforce and Oracle, along with the Information Technology Industry Council (ITI), all pledged their support to improving healthcare data interoperability. The pledges came during Monday's Blue Button 2.0 Developer Conference.

    • NSA watchdog details privacy concerns and moves to protect whistleblowers
      The National Security Agency's open source intelligence collection process, which gathers publicly available information from the internet, has "an increased risk of jeopardizing the civil liberties and privacy of [US persons] and compromising classified information," concluded the agency's top watchdog in its first public report for Congress.

      The NSA watchdog criticized facets of the digital spy agency's "Emerging Open Source Activities Branch," which analyzes the information collected. Areas of concern highlighted included insufficient "guidance and training" for analysts to adequately protect Americans' personal data. The IG did not go into further detail about specific violations.

      But the agency is also prioritizing whistleblower protection in new ways, the report revealed, highlighting progress for the secretive spy unit after several high-profile whistleblowers criticized internal protections for those who report wrongdoing.


    • Russian Military Spy Software is on Hundreds of Thousands of Home Routers
      The Russian military is inside hundreds of thousands of routers owned by Americans and others around the world, a top U.S. cybersecurity official said on Friday. The presence of Russian malware on the routers, first revealed in May, could enable the Kremlin to steal individuals’ data or enlist their devices in a massive attack intended to disrupt global economic activity or target institutions.
    • Samsung Galaxy S10's Rumoured Ultrasonic Fingerprint Scanner Detailed in New Patent
      Samsung has been reported earlier to integrate an ultrasonic fingerprint scanner under the display of the upcoming Galaxy S10 flagship, a system that is much more sophisticated than the optical in-display fingerprint reading solution we have seen so far. Now, the US Patent and Trademark Office has published a Samsung patent application that details the in-display fingerprint sensor system, giving us an idea of how it will be integrated on to the Galaxy S10 next year. The smartphone is expected to release in March 2019.


    • We're Bad At Regulating Privacy, Because We Don't Understand Privacy
      It's been an interesting year for those of us who support strong privacy for the public -- in part because we've seen lots of movement on attempts to regulate privacy. However, you may have noticed that we've also regularly criticized almost every attempt to regulate privacy. We've been highly critical of the GDPR, Europe's big privacy regulation that is impacting basically every website globally. And we were even more critical of California's disaster of a privacy bill, that was a rush job with tremendous problems. And now that the news has come out that the White House is working on a domestic version of the GDPR (perhaps in an attempt to preempt California and other states from making a mess of things) we should, perhaps, clarify why nearly all attempts at regulating privacy, are likely to be complete disasters.

      And I know that many people who advocate in favor of privacy issues are supportive of at least some aspects of these bills. And I completely understand where they're coming from. So let's set some parameters: privacy is incredibly important -- and it's something that is often undervalued by those services that collect other people's private information, and a failure to protect privacy can have massive, life-changing consequences. But, I believe that almost everyone is confused about what privacy really is. We've discussed this a few times before, but I think it's important to recognize that the more we fail to properly understand privacy, the more likely it is that every attempt to regulate it will fail badly, often creating significantly bad consequences that will do a lot more harm than good. That doesn't mean we shouldn't protect privacy, however, and towards the end of this post, I'll suggest a better path forward on that front.

      The basic issue is this: privacy is not a "thing," it's a trade-off. Yet, nearly all attempts to regulate privacy treat it as a thing -- a thing that needs "protecting." As such, you automatically focus on regulating "how do we protect this thing" which generally means prohibitions on sharing information or data, or even being willing to delete that data. But, if we view privacy that way, we also lose out on all sorts of situations where someone could benefit greatly from sharing that data, without the downside risks. When I say privacy is a trade-off I mean it in the following way: almost everything we do can involve giving up some amount of private information -- but we often choose to do so because the trade-off is worthwhile.


    • How to find and delete where Google knows you’ve been

      Even if you have "Location History" off, Google often stores your precise location.



    • Google tracks your movements, like it or not

      An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you've used privacy settings that say they will prevent it from doing so.

      Computer-science researchers at Princeton confirmed these findings at the AP's request.

    • AP Exclusive: Google tracks your movements, like it or not
      Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to.

      An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you've used a privacy setting that says it will prevent Google from doing so.

      Computer-science researchers at Princeton confirmed these findings at the AP's request.


    • Disabling Location History Doesn’t Stop Google From Tracking Your Location
      Disabling Google’s Location History doesn’t stop Google from tracking your location on Android and iOS devices.


    • Google Is Tracking You Non-stop Even If You Tell It Not To: Report
      While using your Android or iOS device, if you choose the option to pause the location sharing, what are your expectations? While this option seems pretty straightforward and apparently tells you that your smartphone isn’t collecting your location history, the reality is much scarier.


    • Greens claim new law would undermine privacy

      The Australian Greens appear to be unimpressed with the Federal Government's new cyber law, saying that it would "completely undermine the point of end-to-end encryption and the privacy of every single Australian’s personal information online".

      [...]

      “Installing malware on people’s devices to read encrypted data is not a solution to catching criminals, but it is weakening the defences of every single device that receives encrypted messages, therefore making it easier for criminals who want to steal data!"



    • Govt leaves door open to crack encrypted messages

      The Australian Government has left open the door for enforcement agencies to use specific cracks to gain access to encrypted communications on specific devices, given the language it has used in a draft of a new cyber law.





  • Civil Rights/Policing



    • A Man Wanted to Speak at His Trial. The Judge Taped His Mouth Shut
      All criminal defendants have a right to speak at their sentencing, yet one Ohio judge decided to silence a young Black defendant with duct tape.

      Franklyn Williams is a 32-year-old Black Ohioan who, at his sentencing hearing, was talking. Judge John Russo thought he was talking too much. So with Williams surrounded by six officers, Judge Russo ordered them to place red tape over Williams’ mouth.

      The judge explained his reasoning for having tape put over Williams’ mouth. It was to “maintain decorum.” After silencing Williams with duct tape, Russo proceeded to sentence Williams to 24 years in prison, in absentia, for aggravated robbery, kidnapping, theft, misuse of credit cards, and unlawfully possessing weapons.

      What Russo did to Williams isn’t just humiliating and unnecessary — it’s against the law.

      All criminal defendants have a right to speak at their sentencing hearing. Under both federal and Ohio law, a judge at sentencing must address the defendant personally and ask if he wishes to make a statement on his own behalf or present any information that the judge should take into account before delivering punishment.

      This is why the requirement is so important — it’s the last opportunity for a defendant to influence a judge’s decision about the punishment to be imposed. If the defendant chose not to testify at trial, or go to trial at all, then the sentencing hearing is oftentimes the only opportunity for the judge to hear directly from the person she or he is about to punish.



    • A Fatal Accident Leads to Broader Questions About NYC Trash Hauler’s Operations
      Shortly after a wheel came loose from a Century Waste garbage truck in Brooklyn, killing a motorist in an oncoming car, the New York City agency that oversees the private sanitation industry announced it would help the police investigate the crash.

      There would seem to be much to investigate, for Century Waste trucks have routinely failed safety inspections in recent years. Federal records show that 65 percent of the company’s 32 trucks subjected to government inspection were pulled off the road for safety violations over the past two years.

      But ProPublica has discovered something else the city agency, known as the Business Integrity Commission, could look into as well: Records show that Century Waste’s headquarters sit on land owned by a man the city had run out of New York’s private sanitation industry years ago during a crackdown on mob influence and corruption. The Business Integrity Commission, which oversees New York City’s trash collection industry, bars companies from doing business of any kind with such individuals. In fact, the agency was created with the express purpose of keeping such people out of the garbage industry.


    • Appeals Court: No Immunity For Border Patrol Agent's Murder Of 16-Year-Old Mexican Citizen
      Earlier this year, US Border Patrol agent Lonnie Swartz was acquitted of second degree murder for killing a 16-year-old Mexican resident by firing sixteen bullets across the border into a Nogales, Mexico street. Ten of those hit Jose Antonio Elena Rodriguez, killing him in Mexico, but with bullets fired from the United States.

      The excuse for emptying a clip into another country (and another country's citizen) was that Rodriguez and others were "throwing rocks" at Border Patrol agents. Considering there's a fence separating the US and Mexico side of Nogales -- and a decently sized one at that -- and the BP officers were free to move out of range of the rocks, it would appear there was no physical threat to Swartz's safety. Nonetheless, he felt compelled to shoot across the border 16 times. He may have escaped jail time, but he's not going to escape a lawsuit. (h/t Kevin Gosztola of ShadowProof)

      The Ninth Circuit Court of Appeals has upheld the lower court's stripping of Swartz's qualified immunity. The decision [PDF] points out several things about how far the Constitution expands into Mexico when it involves an American on American soil firing deadly projectiles into another country.


    • Appeals Court: No Reason Why US Border Patrol Officer Should Have Shot And Killed Mexican Boy
      The Ninth Circuit Court of Appeals ruled a United States Border Patrol agent did not have “qualified immunity” and could be sued for violating the Fourth Amendment, when he shot across the border and killed a boy in Mexico.

      “The court made clear that the Constitution does not stop at the border, and that agents should not have constitutional immunity to fatally shoot Mexican teenagers on the other side of the border fence,” declared Lee Gelernt, the deputy director of the American Civil Liberties Union’s Immigrants’ Rights Project. “The ruling could not have come at a more important time, when this administration is seeking to further militarize the border.”

      The ACLU was among attorneys that brought the suit on behalf of the family of Jose Antonio Elena Rodriguez. The 16-year-old boy was killed on October 10, 2012, in Nogales, Mexico, while walking on a street that “runs parallel to the border.”

      According to the allegations against Border Patrol Officer Lonnie Swartz, Rodriguez fired at least 14 bullets across the border. The boy was hit by about 10 bullets.


    • Court Tells Government It Can't Search A House Just Because A Suspected Drug Dealer Once Parked In Its Driveway
      The "good faith" exception can be difficult to overcome. Courts seem willing to grant the government this Fourth Amendment workaround even when it seems apparent the government operated in bad faith.

      Take, for instance, the FBI's Playpen investigation. On the strength of a single warrant issued in Virginia, the FBI, in essence, searched computers all over the nation (and all over the world) to extract identifying info about the devices' users. Even when courts found the warrant to be invalid because of its blatant disregard for jurisdictional limitations (warrants can only be executed in the district they're issued), they still granted the government "good faith" because the FBI agent had relied on the judge's approval of the warrant to execute the search.

      But this was happening while the FBI was petitioning the rest of the government to remove jurisdictional limitations with amendments to Rule 41. So, this warrant was obtained while limits the FBI wanted lifted were in place, but its execution took place before the limits were lifted. Somehow, this was still considered "good faith," even if those overseeing the warrant and investigation knew the FBI planned to violate jurisdictional limitations with the deployment of its PII-scraping malware.


    • 12 Things Other Countries Have Done to Promote Gender Equity
      “You’ve come a long way, baby.” That was a slogan of my youth. It was a marketing campaign for Virginia Slims, a cigarette marketed to women. The ads featured sexist images of the past — “Give women the right to vote and, by heavens, next thing you know, she’ll want to smoke like a man” — to mark progress.

      Now, nearly two decades into the 21st century, I wonder how far we have really come. More than 20 states explicitly prohibit discrimination against LGBTQ people; a Black woman is the candidate of a major party to be governor of Georgia; and sex discrimination is banned in employment, education, housing, and federally funded health care.

      But in America today, a woman makes on average 80 cents to a man’s dollar. A Black woman makes only 62 cents to a white man’s dollar. Federal law prohibits discrimination in places of public accommodation based on race, religion, and other categories, but not based on sex, including sexual orientation or transgender status. There are still police departments in this country that don’t make clear in policies or training materials that on-duty sexual misconduct against civilians is prohibited.
    • US’s Largest Organization of Lawyers Agrees That Courts Must Stop Treating People Like ATMs
      Last week, the ABA unanimously adopted 10 guidelines on ending debtors’ prisons and other practices that criminalize poor people.

      Last year, Attorney General Jeff Sessions signaled federal government retrenchment on ending debtors’ prisons — the unlawful incarceration of poor people who cannot afford to pay court fines and fees — when he withdrew a critical 2016 guidance on the constitutional principles violated by this practice.

      But civil society has stepped in to take the lead.

      Last week, the American Bar Association’s House of Delegates voted unanimously to adopt 10 guidelines on ending debtors’ prisons and related practices that criminalize poor people, marking the 400,000-member organization’s most expansive policy position on a criminal justice issue taken in the past 15 years. This move signals growing bipartisan agreement that no court should lock people up or take away their driver’s licenses or voting rights simply because they do not have money — and that the integrity of our country’s legal system and law enforcement depends on this.

      The ABA’s “Ten Guidelines on Court Fines and Fees” are the outgrowth of a task force convened in 2016 to tackle the problem of growing public distrust in the justice system in the wake of high-profile killings of Black people by police. To counter this distrust, a subsequent working group decided the ABA needed to take a strong stand against court practices that treat poor people like ATM machines — the collection of payments toward court fines and fees through warrants, illegal jailing, the coercive suspension of driver’s licenses, voting prohibitions, and even the separation of children from parents who are simply too poor to pay. The ACLU has exposed these modern-day debtors’ prisons in at least 15 states, including through ongoing federal lawsuits like Brown v. Lexington County, South Carolina, which challenges a county system that locks up hundreds of impoverished people each year simply because they cannot pay fines and fees to courts.


    • ‘Hulking muscled guards’: CIA cable gives steamy description of ‘enhanced’ interrogation
      Haspel’s nomination to head the CIA was opposed by human rights groups and lawmakers who argued that her involvement in the CIA’s clandestine torture program disqualified her from leading the agency. Dubbed the “torture queen” and “bloody Gina” by US media outlets, Haspel vowed that the CIA would not engage in torture under her watch – although declined to describe such techniques as “immoral.”


    • CIA cables detail interrogation at base run by CIA director


      Newly declassified documents released Friday graphically describe how an accused al-Qaida operative was stripped naked, repeatedly slammed against walls, waterboarded and confined in boxes for hours at a covert detention site that CIA Director Gina Haspel briefly oversaw after 9/11.

      The harsh treatment of Abd al Rahim al Nashiri at the secret lockup in Thailand has been revealed before, and came under the spotlight during Haspel’s contentious Senate confirmation this spring. About a dozen new documents, obtained by the nonprofit National Security Archive, provide more detail.


    • Gina Haspel's CIA Torture Cables From Thailand Black Site Finally Declassified After Lawsuit


    • This Woman’s Endless Ordeal Shows How the Watchlisting System Harms Innocent People
      We’re filing a complaint with the government to stop unfair treatment by TSA and U.S. border officers every time she travels.

      Zainab Merchant has a long and growing list of achievements. She is the Orlando-based founder and CEO of ZR Studios, a multimedia site about current affairs, politics, and culture. She is also a graduate student at Harvard University and mother to three young children.

      But for the last two years, Zainab, who is a U.S. citizen, has been subjected to excessive and humiliating searches, questioning, and detention by federal officers every time she has traveled by air or reentered the United States from a trip abroad. This abusive treatment — most likely because she has been placed on a government watchlist — has affected her in profoundly negative ways, both psychologically and professionally. Yet the government refuses to tell her why it keeps happening or give her a meaningful chance to correct whatever error is causing it.

      That’s why we’re filing a formal complaint on Zainab’s behalf with the Department of Homeland Security. You can read more about Zainab’s ordeal and the steps we’re taking to defend her rights here.




  • Internet Policy/Net Neutrality



    • Oh Look, Yet More Efforts To Strangle Broadband Competition
      A major component of the Telecommunications Act of 1996 was the idea of line sharing, or local loop unbundling. Simply put, the rules set forth required that incumbent telcos needed to share their networks with smaller competitors, providing wholesale access to bandwidth. It was an effort to foster something vaguely resembling competition in the broadband space by letting smaller companies piggyback on existing network infrastructure. The thought was that because the barriers to market entry were so high (both politically and financially), this could help smaller competitors gain footholds that would otherwise be impossible.

      The effort didn't work out for several reasons.

      One, incumbent ISPs quickly got to work trying to make the process as difficult as possible, often causing intentional delays as smaller ISPs (CLECs) attempted to connect to incumbent networks (ILECs). Big ISPs also got quickly to work lobbying to kill the effort, and by the early aughts had largely succeeded. Big ISP executives then proudly proclaimed the effort was a failure from conception, ignoring that other countries, like France, took the idea and utilized it to great success (users in Paris can now get TV, broadband and phone service for a small fraction of what users in the States pay).

      That said, there were plenty of terribly-run ISPs from that era that died thanks to their own incompetence and terrible business plans. But by and large line sharing was a concept we never truly tried to make work. Still, some smaller ISPs not only survived, but thrived thanks to the rules.


    • The FCC lied to Congress about an alleged cyberattack and didn’t come clean until now
      It’s been over a year since Ajit Pai and the Federal Communications Commission claimed that the agency’s comment filing system was subjected to a cyberattack during the height of last year’s net neutrality debate. But after waves of speculation from both the public and Congress, the commission has finally come clean. According to a report published by the agency’s inspector general yesterday, there was no distributed denial of service (DDoS) attack, and this relaying of false information to Congress prompted a deeper investigation into whether senior officials at the FCC had broken the law.



    • Ajit Pai admits FCC lied about “DDoS,” blames it on Obama administration


    • FCC Chairman Ajit Pai Passes Blame Over Lying About Public Comment System Being DDoSed


    • Court blocks FCC from cutting broadband subsidies in tribal lands

      The FCC has hit a snag in its plan to curb broadband subsidies for low-income homes. A DC appeals court has issued a stay order temporary blocking the regulator from limiting the $25 monthly Lifeline subsidy in tribal lands, arguing that native groups and small carriers are likely to win their case opposing the cuts. The court agreed with plaintiffs that the FCC's move would likely lead to a "major reduction, or outright elimination" of vital communication for many tribal residents, and "substantial, unrecoverable losses" for providers that might lead to them going out of business.



    • Ajit Pai loses in court—FCC can’t kill broadband subsidy in Tribal areas

      "Petitioners have demonstrated a likelihood of success on the merits of their arguments that the facilities-based and rural areas limitations contained in the Order are arbitrary and capricious," said the stay order issued by the US Court of Appeals for the District of Columbia Circuit. "In particular, petitioners contend that the Federal Communications Commission failed to account for a lack of alternative service providers for many tribal customers."

      The tribes and small carriers that sued the FCC "have shown a substantial risk that tribal populations will suffer widespread loss of vital telecommunications services absent a stay," the court said. The FCC hasn't proven that its plan won't result in "mass disconnection," the court also said.





  • DRM/'Rental'



  • Intellectual Monopolies



    • CJEU’s failure to clear up SPC mess highlights difficulties with non-specialist judges [Ed: Judge bashing by the patent trolls' lobby. The judges didn’t give the SPC extremists what they wanted?]


      Pharmaceuticals rights holders waited anxiously for the Court of Justice for the European Union’s (CJEU’s) judgment regarding the dispute over the validity of Gilead’s supplementary protection certificate (SPC) for Truvada. It was a decision that many hoped would clear up significant legal confusion surrounding the conditions under which SPC rights can be granted.

      However, the ruling recently issued by Europe’s highest court seems to have raised as many questions as it has answered, being described by one of Europe’s top SPC experts as “bitterly disappointing”.


    • Oh why, oh I, wonder if it is a substantial part...
      Ed Sheeran is considered by many in the UK as something of a national treasure, and by others around the world an international star. He’s a singer, songwriter, guitarist, record producer and actor, who has sold more than 26 million albums and 100 million singles worldwide, making him one of the world's best-selling music artists. Sheeran as won 100 music awards, was appointed Member of the Order of the British Empire (MBE) in 2017 for services to music and charity, and earlier this year, recognised by Forbes as the 9th top earning celebrity in the "Celebrity 100 List of The World's Highest-Paid Entertainers”.


    • Counsel’s Removal of Non-Disclosure Footer From Purported Prior Art Document Warrants Award of Monetary and Evidentiary Sanctions
      The court imposed monetary sanctions against defense counsel for removing a non-disclosure footer from an exhibit in support of defendant's motion to dismiss on the ground that the accused device was publicly disclosed prior art.


    • Interview: Duncan Willson, US IP attaché in China, identifies trends to watch


    • Trademarks



      • Chicago Court: Yeah, Billy Goat Tavern Is Probably Going To Lose Trademark Case, But It Can Go Forward Anyway
        Earlier this year, we discussed a trademark lawsuit brought by the famous Billy Goat Tavern in Chicago against a chip company in Missouri called the Billy Goat Chip Co. At issue was the tavern's claim that the chip company's name and logos infringed on its trademarks. Interestingly, Billy Goat Chip Co. countersued with seemingly important information, including that it had been operating for a decade, had trademarks for its business for a decade, and that its branding differences were such that the potential for public confusion didn't exist. The Billy Goat Tavern, on the other hand, only had trademarks for its name for the tavern industry and didn't begin selling packaged food until 2017, at which time the tavern applied for marks in that industry as well.

        Honestly, the whole thing seems fairly cut and dry. Different markets, different products, and the very real potential that the chip company could get the tavern's trademarks cancelled based on its own first use. Yet, despite the Chicago judge presiding over the case essentially agreeing when ruling on Billy Goat Chip's motion to dismiss, the court is allowing all of this to go trial.


      • Protected or Not? Uncertainty Shrouds Louboutin's $800 Million-Plus Red Soles in India
        Christian Louboutin’s red sole shoes are some of the most famous and easily identifiable on the planet. As of last year, 27 years after setting up shop, the Paris-based brand was selling more than 1 million pairs of its $700+ heels, sneakers, and flats, all of which bear a lacquered Chinese red sole, enabling consumers to easily distinguish its products from other shoes on the market. Yet, rights in the red sole – Louboutin’s most valuable asset, with shoes amounting for a reported 95 percent of its annual sales (which amounted to a reported $850 million in 2013) – are influx across the globe, especially India after a court issued 3 different rulings in 3 different cases over the past 9 months.

        In line with the larger trademark infringement litigation tear that Louboutin’s legal team has been on since filing suit against Yves Saint Laurent in a New York federal court in 2011 to protect its red sole, the famed footwear brand filed suit against a handful of Indian defendants in 2016, accusing them of selling red soled shoes without Louboutin’s authorization.




    • Copyrights



      • Use Based Copyright Terms
        I didn't blog last week because, well, I was at Disneyland. But I love IP, and when you're a hammer, everything is a nail. So, I couldn't help but think as I looked at the gigantic Mickey Mouse on the Ferris wheel that things are going to start getting messy when the copyright in Mickey runs out.

        It occurs to me that serial, long term uses of copyrighted works are different than one time publications. To the extent that copyright is intended to incentivize investment in creative works, then losing protection over time can limit the incentive to develop quality long term work. I'm not just talking about Mickey - Superman (and the additional complication of rights clawback) and other serial comics create issues. Star Trek is 50, Rocky and Star Wars are 40, and even Jurassic Park is 25 years old. The solution we got to this problem, a longer term for everything, was not the right one. A better solution is that terms should last as long as copyrights are in use, plus a few years. Works that are simply "sold" without any new derivative work would be capped, so works without improvement could not last forever.

        Now, this is not to say there aren't costs to protecting copyrights while they are still in use. There is a path dependency that can reduce incentives to come up with new works (in other words, bad sequels instead of new creativity). There is also value associated with the public being able to use works in their own ways.

        I'm personally not worried about either of these. On the first, there are plenty of incentives for new entrants to create new works (we got Star Trek, then Star Wars, then Battlestar Galactica (I and II), and now the Expanse), and even serial works become stale after a while (there was no Rocky 50, as some parodies predicted). On the second, I think it is inconsistent with the first concern to worry about path dependence while also worrying that others should be able to use the works. Of course, fresh eyes can bring new ideas to the expression, but hopefully the original owners do that. At this point, non-utilitarian concerns come into play. As between a party who has invested in making a work valuable over a long period of time and a party who would like to use that value, I side with the investor and say newcomers can create their own new value. I realize that many disagree with me on this point. That said, I think there are some noncompetitive uses - fan fiction, say - that can bring new ideas and allow some new works.
      • 6 Best Torrent Search Engine Sites To Find Your Favorite Torrents | 2018 Edition
        If you have been living close to the torrent ecosystem, you might realize the fact that tons of torrent sites exist where you can search torrent files. But if you remember, when FBI nabbed the operators of KAT, many people heard the term torrent search engine for the first time.

        Amid the rising scrutiny, many torrent sites have started calling themselves a search engine for torrents, saying they only provide a way for people to search torrents. It’s a category of torrent sites that don’t host any torrent files but provides a way for the users to find torrents on other torrent sites.
      • Nintendo Using Copyright To Erase Video Game History


        Just recently, Tim Geigner wrote about how Nintendo's success with the relaunched Nintendo NES Classic showed how the company successfully competed with free, because there are plenty of NES emulators that can play ROMs for free. And yet, the NES Classic comes in a neat, easy to use package. And it's worth buying if only because it looks cool -- just like the original, but... tiny. I should know: I have one and it's great. And my wife can't stop playing Mario Bros. on it, though she keeps complaining about other games from her youth that are missing.


      • Facebook Bans The Sale of All Kodi Boxes, Legal or Not

        Facebook has expanded its ban on the sale of piracy-enabling streaming devices. According to the company's latest commerce policies, all streaming devices that use Kodi software are now outlawed, which logically also applies to the many legal streaming boxes that are available.







Recent Techrights' Posts

SoylentNews Grows Up, Registers as a Business, Site Traffic Reportedly Grows
More people realise that social control media may in fact be a passing fad
 
Garden Season Starts Today
Outdoor time, officially...
More Information About Public Talks That Richard Stallman Gave This Week in Europe
Two talks in Switzerland
Engadget is Still a Spamfarm, It's Just an Amazon Catalogue (SPAM/SEO), a Sea of Junk Disguised as "Articles" With Few 'Fillers' (Real Articles) in Between
Engadget writes for bots now, not for humans
Richard Stallman's Talks in Switzerland This Week
We need to put an end to 'cancer culture'; it's trying to kill people and it is even swatting people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 28, 2024
IRC logs for Thursday, March 28, 2024
[Meme] EPO's New Ways of Working (NWoW), a.k.a. You Don't Even Get a Desk at Work and Cannot be Near Known Colleagues
Seems more like union-busting (divide and rule)
Hiding Microsoft's Culpability in Security Breaches and Other Major Blunders (in the United Kingdom, This May Mean You Can't Get Food)
Total Cost of Ownership (TCO) is vast
Giving back to the community
Reprinted with permission from Daniel Pocock
Links 28/03/2024: Sega, Nintendo, and Bell Layoffs
Links for the day
Open letter to the ACM regarding Codes of Conduct impersonating the Code of Ethics
Reprinted with permission from Daniel Pocock
With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
Links for the day
Consent & Debian's illegitimate constitution
Reprinted with permission from Daniel Pocock
The Time Our Server Host Died in a Car Accident
If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
China's New 'IT' Rules Are a Massive Headache for Microsoft
On the issue of China we're neutral except when it comes to human rights issues
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 27, 2024
IRC logs for Wednesday, March 27, 2024
WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
Reprinted with permission from Daniel Pocock
Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
Links for the day
Links 27/03/2024: Ericsson and Tencent Layoffs
Links for the day
Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
Windows has loads of issues, also as a gaming platform
Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
Links for the day
Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
Windows is down to about 2% on the Web-connected client side as measured by statCounter
Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
a social control media 'scandal' this week
IRC Proceedings: Tuesday, March 26, 2024
IRC logs for Tuesday, March 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
Hiding the steep decline of Windows/Client at Microsoft?
Free technology in housing and construction
Reprinted with permission from Daniel Pocock
We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
Microsoft's Collapse in the Web Server Space Continued This Month
Microsoft is the "2%", just like Windows in some countries