Soon hitting the American, Canadian and European markets is the new Dell XPS 13 Developer Edition that comes with a powerful processor and the Ubuntu OS.
Being a product of Project Sputnik’s efforts, the XPS 13 7390 is quite a powerful machine for developers as it brings to the table Intel’s 10th Gen Coreâ⢠U series processors and a Linux-based operating system in Ubuntu 18.04.
On the 5th of September, these machines will be made available in the American and European markets with the 10th Generation Intel€® Coreâ⢠i5-10210U processor (quadcore). The Canadian fans will have to wait for a couple of weeks for its availability. In addition, customers will also find the 10th Generation Intel€® Coreâ⢠i7-10710U processor (hexacore) variant of these systems starting from October.
While you can install desktop Linux on most laptops, what makes Dell systems unique is the fact that they use hardware components – such as wireless chips – that are natively supported on Linux.
In addition, instead of spinning yet another distro to further fragment the desktop Linux ecosystem, Dell offers support for Ubuntu and Red Hat Enterprise Linux. Dell maintains a repository of drivers and customizations that optimize the operating system for these machines.
Dell has announced the 9th generation of the Project Sputnik portfolio – Dell XPS 13 Developer Edition (7390). The high-end machine is powered by a 6 core, Intel Core i7-10710U processor. You can get up to 16GB of RAM. It comes with Ubuntu 18.04 LTS.
The new Linux kernel security update is marked by the Red Hat Product Security team as having an "Important" security impact due to the fact that it patches several critical flaws, including the Spectre SWAPGS gadget vulnerability (CVE-2019-1125) affecting x86 processors.
Also patched are a security vulnerability (CVE-2019-5489) leading to page cache side-channel attacks, an issue in the Salsa20 encryption algorithm that could allow local attackers to cause a denial of service (CVE-2017-17805), and a flaw (CVE-2018-17972) that let unprivileged users inspect kernel stacks of arbitrary tasks.
Red Hat, Inc., the world's leading provider of open source solutions, today announced the general availability of Red Hat OpenShift Service Mesh to connect, observe and simplify service-to-service communication of Kubernetes applications on Red Hat OpenShift 4, the industry’s most comprehensive enterprise Kubernetes platform. Based on the Istio, Kiali and Jaeger projects and enhanced with Kubernetes Operators, OpenShift Service Mesh is designed to deliver a more efficient, end-to-end developer experience around microservices-based application architectures. This helps to free developer teams from the complex tasks of having to implement bespoke networking services for their applications and business logic.
NVIDIA last week quietly released a second update to CUDA 10.1.
CUDA 10.1 Update 2 brings Red Hat Enterprise Linux 8.0 support, continued POWER architecture support improvements, and other additions.
What analysts say they want from IBM stock is Red Hat CEO Jim Whitehurst in current CEO Virginia Rometty’s chair. They want Red Hat running IBM.
That wasn’t the promise when this deal was put together. The promise was that Red Hat would get autonomy from IBM, not that IBM would lose its autonomy to Red Hat. But Whitehurst’s concept of an Open Organization has excited analysts who don’t even know what it is.
If IBM became an Open Organization, these analysts think, it would replace the top-down structure IBM has used for a century with an organic system in which employees and customers are part of the product design process. Instead of selling gear or even solutions, IBM would become a corporate change agent.
IT experts from around the world are headed to VMworld 2019 in San Francisco to learn how they can leverage emerging technologies from VMware and ecosystem partners (e.g. Red Hat, NVIDIA, etc.) to help achieve the digital transformation for their organizations. Artificial Intelligence (AI)/Machine Learning (ML) is a very popular technology trend, with Red Hat OpenShift customers like HCA Healthcare, BMW, Emirates NBD, and several more are offering differentiated value to their customers. Investments are ramping up across many industries to develop intelligent digital services that help improve customer satisfaction, and gain competitive business advantages. Early deployment trends indicate AI/ML solution architectures are spanning across edge, data center, and public clouds.
In the previous post, we looked at the history of Red Hat Enterprise Linux from pre-RHEL days through the rise of virtualization. In this one we'll take a look at RHEL's evolution from early days of public cloud to the release of RHEL 8 and beyond.
Languages used for IT infrastructure don't have expiration dates. COBOL's been around for 60 years - and isn't going anywhere anytime soon. We maintain billions of lines of classic code for mainframes. But we're also building new infrastructures for the cloud in languages like Go.
This week we’ve been experimenting with lean podcasting and playing Roguelikes. We discuss what goes on at a Canonical Roadmap Sprint, bring you some command line love and go over all your feedback.
It’s Season 12 Episode 20 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Stuart Langridge are connected and speaking to your brain.
Intel has started Linux kernel development for what appears to be a new Atom SoC family, codenamed Lightning Mountain. It reportedly will be a network processor based on the 14nm Airmont architecture. Phoronix today reported on the recent Linux kernel patch notes. They state: “A forthcoming product uses a new variant of Atom Airmont CPU model.” Another patch note from August 21 explicitly mentions the Lightning Mountain SoC name. Intel currently does not have product families based on the Mountain suffix, so this would be a brand new line of chips.
The Linux Foundation’s AGL released UCB 8.0 with new improved profiles for telematics and instrument cluster and launched an Instrument Cluster Expert Group. The LF also gobbled up IBM’s OpenPower Foundation as IBM unveiled a royalty-free Power ISA.
Prior to today’s Embedded Linux Conference and Open Source Summit, the Linux Foundation’s Automotive Grade Linux (AGL) group announced Unified Code Base 8.0, which pushes the AGL spec deeper into telematics and instrument clusters. Also at the San Diego event, the Linux Foundation announced it was converting the IBM-backed OpenPower Foundation into a new LF working group. IBM also announced that it was open sourcing the Power CPU ISA (see farther below).
Automotive Grade Linux (AGL), an open source project developing a shared software platform for in-vehicle technology, today announced a new working group focused on Instrument Cluster solutions, as well as the latest code release of the AGL platform, the UCB 8.0.
The AGL Instrument Cluster Expert Group (EG) is working to reduce the footprint of AGL and optimize the platform for use in lower performance processors and low-cost vehicles that do not require an entire infotainment software stack. Formed earlier this year, the group plans to release design specifications later this year with an initial code release in early 2020.
“AGL is now supported by nine major automotive manufacturers, including the top three producers by worldwide volume, and is currently being used in production for a range of economy and luxury vehicles” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “The new Instrument Cluster Expert Group, supported by several of these automakers, will expand the use cases for AGL by enabling the UCB platform to support solutions for lower-cost vehicles, including motorcycles.”
The Confidential Computing Consortium, announced this morning by the Linux Foundation, will work to establish standards, frameworks and tools to encrypt data when it’s in use by applications, devices and online services. Current techniques focus on data at rest, and in transit. The group describes encrypting data in use as “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.”
The Linux Foundation has signed up the likes of Microsoft and Google for its Confidential Computing Consortium, a group with the laudable goal of securing sensitive data.
The group – which also includes Alibaba, Arm, Baidu, IBM, Intel, Red Hat, Swisscom and Tencent – will be working on open-source technologies and standards to speed the adoption of confidential computing.
The theory goes that while approaches to encrypting data at rest and in transit have supposedly been dealt with, assuming one ignores the depressingly relentless splurts of user information from careless vendors, keeping it safe while in use is quite a bit more challenging. Particularly as workloads spread to the cloud and IoT devices.
Some of the world’s biggest technology companies are joining forces to improve the security of files in the cloud. This includes Google, IBM, Microsoft, Intel, and many others.
The news first popped up on the Linux Foundation, where it was said that the Confidential Computing Consortium will work to bring industry standards and identify the proper tools to encrypt data used by apps, devices and online services.
At the moment, cloud security solutions focus to protect data that’s either resting, or is in transit. However, when the data is being used is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.”
Founding members of the group – which unites hardware suppliers, cloud providers, developers, open source experts and academics – include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.
[...]
“The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at the Linux Foundation.
“The Confidential Computing Consortium is a leading indicator of what is to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”
Leaders in information and infrastructure security are well versed in protecting data at-rest or in-flight through a variety of methods. However, data being actively processed in memory is another matter. Whether running on your own servers on-prem, in an edge deployment, or in the heart of a cloud service provider’s data center, this “in-use” data is almost always unencrypted and potentially vulnerable.
Data today moves constantly from on-premises to public cloud and the edge, which is why it is quite challenging to protect. While there are standards available that aim to protect data when it is in rest and transit, standards related to protecting it when in use do not exist. Protecting data while in use is called confidential computing, which the Confidential Computing Consortium is aiming to create across the industry.
The Confidential Computing Consortium, created under the Linux Foundation, will work to build up guidelines, systems and tools to ensure data is encrypted when it’s being used by applications, devices and online services. The consortium says that encrypting data when in use is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.” Members focused on the undertaking are Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.
Apple is conspiciously missing from the consortium, despite using both Intel hardware and inhouse designed ARM-based processors.
Of the first set of commitments, Intel will release its Software Guard Extensions (SGX) software development kit as open source through the CCC.
Some of the biggest names in tech have banded together in an effort to promote industry-wide security standards for protecting data in use.
The Confidential Computing Consortium aims to help define and accelerate open-source technology that keeps data in use secure. Data typically gets encrypted by service providers, but not when it’s in use. This consortium will focus on encrypting and processing the data “in memory” to reduce the exposure of the data to the rest of the system. It aims to provide greater control and transparency for users.
In other words, the operating system could be compromised by some kind of malware, but the data being used in a program would still be encrypted, and therefore safe from an attacker.
The Linux Foundation’s latest project tackles confidential computing with a group of companies that reads like a who’s who of cloud providers, chipmakers, telecom operators, and other tech giants.
Today at the Open Source Summit the Linux Foundation said it will form a new group called the Confidential Computing Consortium. Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent all committed to work on the project, which aims to accelerate the adoption of confidential computing.
It’s a frustrating reality for Linux users that Windows software counterparts tend to be better. They may offer greater functionality, better design, and be easier-to-use. There are some exceptions, such as with the NVIDIA Linux GPU driver, which offers two features the Windows version doesn’t: temperature monitoring, and fan control. For the most part, though, things like driver control panels are a scarcity in Linux.
There are a lot of free and open-source video players available for Ubuntu. Most of them do the basic job pretty well and you do not miss anything from Windows that you could use on Ubuntu. However, some players provide additional features and you can pick which one would suit you best depending on the feature list. In this article, we will give you an introduction to some famous video players for Ubuntu. We will also tell you where to find their websites and how to install them on Ubuntu. All of these players can be reliably downloaded graphically from the Ubuntu Software but we will also explain other methods of installation for educational purposes. Also, some methods let you install the latest available version of the software from the Internet so we will not miss out on those.
Translatium is an open-source translation application that translate words, phrases, and text between over 90 languages.
[...]
For Ubuntu 18.04 and higher, Translatium snap package can be easily installed from Ubuntu Software utility...
Gammy, an adaptive screen brightness GUI tool that that was originally only available for Microsoft Windows, was ported to Linux (X11 only) recently.
The Qt5 application takes a screenshot periodically, then gradually adjusts the pixel brightness based on the screen (screenshot) contents, dimming the screen if its content is too bright, or brightening the screen if its content is too dark. This is especially useful for reducing eye strain when switching between dark and light windows.
The Gammy settings allows setting a minimum and maximum brightness, and an offset (the offset adds to the screen brightness, with a higher value meaning a brighter image). Also, because it conflicts with Redshift, the Gammy developer decided to add basic temperature control, which you'll also find in the application settings.
Feral Interactive announced earlier today that the Eight Princes DLC for Total War: THREE KINGDOMS is now officially available on Linux. Plus there's a nice big Total War sale going on.
Feral Interactive today announced that The Eight Princes Chapter Pack, DLC for the historical strategy game Total Warââ¢: THREE KINGDOMS is out now on macOS and Linux.
Ahead of the upcoming full release of Din's Legacy, Soldak Entertainment aren't forgetting their older titles. They recently gave Zombasite a huge update and a big discount too.
Why? Well Zombasite is turning three years old so they decided to give everyone a little gift for their support.
Yep, it's right there in the notes for Beyond Patch 2.08a: "Fixed Steam VR in Linux."
The game was recently treated to a massive update which makes it almost resemble an MMO. There are new social hubs, 16-32 player multiplayer, the addition of virtual reality, Vulkan API support and quite a bit more of everything.
As you probably know, Hello Games is a fairly small indie game studio, and it never developed a native Linux version of No Man's Sky. But that's OK, because the game proudly bears a "Gold" rating on ProtonDB, a website that tracks Steam Play compatibility with Windows games.
Because Proton translates Windows-exclusive game APIs like DirectX to Vulkan (an API that Linux understands), this allows thousands of games that never appeared on Linux to work anyway, simply by installing it on the Steam for Linux client. Proton also has support for SteamVR, meaning many VR titles also run well.
My GSoC project comes to an end and I am going to conclude this series of articles by announcing the release of a beta version of KDE ISO Image Writer.
When the organisation names got revealed, I started digging into projects to find out which one interests me a lot. Many projects were quite interesting but my restriction was coding language. Still, I started keeping a note of all the projects which interest me with a little note on what interests me in them and what are the skills required for that particular project. After completing the list, I shifted my focus from a huge number of projects to very few (almost 50). Originally, I planned to create a ranking of some sort and then start attacking individually from the top each one of them. But fortunately, I didn't have to do that much. When I was taking a quick look at the list, I notice labplot and it seems a perfect project for me. I had used KDE desktop before and I knew how big the KDE community is. I had already done some work on data analysis before (as a course and during my last year summer internship) and the language requirement was C++ and Qt. Though Qt (more broadly I can say GUI Programming) was new to me, looking at the basic documentation, I realised it would not be much difficult as it is like C++ with extended features, also, the documentation of Qt is quite elaborated.
Max Huang has been GNOME since 2010, starting with forming a GNOME users group in Taiwan. Max has a story you may understand: being a user, meeting the right person, and slowly finding yourself more and more deeply involved with a community in terms of working together and making friends.
My Google Summer of Code (GSOC) project was focused on “Implementing split view” in gnome-gitg. This blog posts serves as my final submission to my Google Summer of Code project.
Following Chromebooks switching to BFQ and other distributions weighing this I/O scheduler for better responsiveness while maintaining good throughput capabilities, beginning with Fedora 31 there will be BFQ used as well.
In-step with today's systemd 243 RC2 update, the Fedora packages in Rawhide and F31 have switched to using BFQ.
The Debian project has removed support for the MIPS architecture. This is the latest CPU architecture to be removed from Debian, betraying their tagline of being “The Universal Operating System”.
I take issue not only with their removal of the MIPS architecture, but of their reasoning for doing it.
It’s not that GPD, a China-based hardware outfit, aren’t skilled at creating diminutive devices that appeal to gadget heads like myself as, clearly they are: both the GPD Win 2 and the GPD Pocket 2 were warmly reviewed by many.
It’s just that I thought that a laptop this small simply wouldn’t be usable.
6-inch screen? What a squint fest! Blackberry phone-style keyboard? Typo city! Intel Celeron processor? What is this, a Chromebook?!
And yet…
After a week of using the GPD MicroPC (with Ubuntu MATE) as a companion device alongside my regular, full-sized computers, I have to say that I totally get it.
This thing is nuts.
The Raspberry Pi began life as a hacker's dream: a cheap, low-power, highly extendable, hackable PC that shipped as a bare circuit board. Intended as one part educational device, one part tinkering tool, it became something of a phenomenon that has been used to power everything from scaled-down Mars rovers to millions of science and hackday experiments in schools around the world.
Logic Supply has launched four Ubuntu-ready “EPM16x” Pico-ITX SBCs with Apollo Lake SoCs starting at $245. The $426 and up EPM163 has a Pentium N4200, 4GB LPDDR4, 64GB eMMC, mSATA, mini-PCIe, and 2x each of GbE, DP, and USB 3.0.
We’ve reported on over a dozen Linux-friendly Pico-ITX boards with Intel Apollo Lake processors over the last few years, including most recently, Axiomtek’s PICO319 and IEI’s Hyper-AL. Yet, as some of our readers have complained, they are rarely announced with ship dates or prices, and if they are, they usually list only volume pricing.
If you’ve been watching the smartphone world, you may know of Huawei’s problems with the United States. Huawei has had a spotty history of spying on American technology, to the point where Huawei products have been banned from being sold in the US.
Huawei responded by saying they would very much like to continue relations with Android and have been hoping they get a second chance with the technology giant. They have stated, however, that if they are officially cut off from Android, they would make their own OS.
An open-source project that aims to create a smart economy based on blockchain technology has unveiled a new program designed to fuel its ecosystem’s growth — while setting out a detailed road map for its new mainnet. Neo says its EcoBoost scheme has been designed to support developers and projects that are already in its ecosystem, as well as those that wish to join. A total of $100 million has been allocated to the initiative — and in the first phase, the firm is seeking to establish long-term partnerships that will fuel the organic growth of its network. Media outlets, exchanges, decentralized application (DApp) distribution platforms and other blockchain infrastructures are being encouraged to express an interest in becoming an EcoBoost Partner, and Neo says it has already received numerous applications from “leading institutions and projects in the industry.”
Square Crypto announced on Twitter that they have hired Matt Corallo, Bitcoin software developer and co-founder of Blockstream.
Open source software has come of age. It has now reached a level of maturity and capability where it simply cannot be ignored. Recent research[1] suggests that 82 percent of large organizations are more receptive to open source than they were five years ago and that C-level IT executives are now most likely to prefer an open source solution over proprietary alternatives. Over the years, everyone’s confidence and trust in open source software has been steadily growing. We’ve now reached the point where open source is the dominant player in many of the key technology trends shaping our world.
[...]
It’s widely acknowledged that Linux is the power behind the vast majority of public internet servers and that Unix-like operating systems are being used by about 70 percent of all web servers, with Linux taking the lion’s share. Why is that important? Because even though we pay them little thought or attention, web and internet servers are responsible for stitching together the digital fabric that most of us rely on for communications and services every day.
[...]
There’s no denying that open source is here to stay. I’ve been working with open source for almost a decade now and over that time I’ve seen how quickly open source solutions have taken off, gained acceptance and become the front runner is so many areas.
Google's Simon Glass who is part of the Chromium / Chrome OS team presented at this week's Embedded Linux Conference in San Diego on U-Boot.
U-Boot continues making good progress particularly on the embedded front for where this bootloader is most well known, but it's also been seeing increasing x86 support. Currently U-Boot supports around 10 different Intel SoCs and can handle booting from Coreboot on most boards. Intel Apollolake support is forthcoming to U-Boot. Additionally, FSP2 support for the newer version of Intel's firmware support package is being worked on for U-Boot. Also new on U-Boot's x86 front is slimbootloader support.
Outreachy is a program that provides paid internships working on FOSS (Free and Open Source Software) to applicants from around the world. Internships are three months long and involve deep, technical work on a mentor-selected project, guided by mentors and other developers working on the FOSS application. At Mozilla, projects include work on Firefox itself, development of associated services and sites like Taskcluster and Treeherder, and analysis of Firefox telemetry data from a data-science perspective.
The program has an explicit focus on diversity: “Anyone who faces under-representation, systemic bias, or discrimination in the technology industry of their country is invited to apply.” It’s a small but very effective step in achieving better representation in this field. One of the interesting side-effects is that the program sees a number of career-changing participants. These people bring a wealth of interesting and valuable perspectives, but face challenges in a field where many have been programming since they were young.
Over the past couple of years, the Silicone-based company has raised a total of $147 million. Since its founding, H2O.ai has gone through a series of funding including its seed round in 2013. In 2017, it saw one of its biggest growth after a Series C funding that raised $75 million. Wells Fargo and NVIDIA led the funding with their $40 million investment. Other participants included Crane Venture Partners, New York Life, Transamerica Ventures, and Nexus Venture Partners.
GNU Parallel 20190822 ('Jesper Svarre') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/
No new functionality was introduced so this is a good candidate for a stable release.
GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17.
The Jupyter Notebook is an incredibly powerful tool for interactively developing and presenting data science projects. This article will walk you through how to set up Jupyter Notebooks on your local machine and how to start using it to do data science projects.
First, though: what is a “notebook”? A notebook integrates code and its output into a single document that combines visualizations, narrative text, mathematical equations, and other rich media. This intuitive workflow promotes iterative and rapid development, making notebooks an increasingly popular choice at the heart of contemporary data science, analysis, and increasingly science at large.
Best of all, as part of the open source Project Jupyter, they are completely free.
The Jupyter project is the successor to the earlier IPython Notebook, which was first published as a prototype in 2010. Although it is possible to use many different programming languages within Jupyter Notebooks, this article will focus on Python as it is the most common use case. (Among R users, R Studio tends to be a more popular choice).
This is the 18th article in my series of articles on Python for NLP. In my previous article, I explained how to create a deep learning-based movie sentiment analysis model using Python's Keras library. In that article, we saw how we can perform sentiment analysis of user reviews regarding different movies on IMDB. We used the text of the review the review to predict the sentiment.
However, in text classification tasks, we can also make use of the non-textual information to classify the text. For instance, gender may have an impact on the sentiment of the review. Furthermore, nationalities may affect the public opinion about a particular movie. Therefore, this associated info, also known as meta data can also be used to improve accuracy of statistical model.
In this article, we will build upon the concepts that we studied in the last two articles and will see how to create a text classification system that classifies user reviews regarding different business, into one of the three predefined categories i.e. "good", "bad", and "average". However, in addition to the text of the review, we will use the associated meta data of the review to perform classifcation. Since we have two different types of inputs i.e. textual input and numerical input, we need to create a multiple inputs model. We will be using Keras Functional API since it supports multiple inputs and multiple output models.
This is not an article. We just want to inform you that we have launched our new platform where you can experiment, play or fiddle with Django Templates.
Word cloud is an image composed of words used in a particular text or subject, in which the size of each word indicates its frequency or importance.
The inception of Git (2005) is more or less the halfway point between the inception of Linux (1991) and today (2019). A lot has happened since. One thing is clear however: software is eating the world and Git is the fork with which it is being eaten. (Yes, pun intended).
CloudBees, the enterprise DevOps leader powering the continuous economy, and Google Cloud, announced that the two companies are collaborating to deliver a modern DevOps platform based on open source technologies powered by Google Cloud’s Anthos.
CloudBees provides companies large and small with Jenkins-based continuous delivery solutions that are secure, open toolchain-enabled and scalable to transform software delivery processes across hybrid computing environments.
Google Cloud is delivering to enterprises a secure, open, intelligent and transformative enterprise cloud platform. Anthos, a hybrid and multi-cloud platform, is built on open source technologies pioneered by Google Cloud and enables consistency between on-premise and cloud environments.
Joi Ito, in an open letter on the MIT Media Lab’s website, acknowledged for the first time that he had several ties to Epstein. Ito said that he had traveled to Epstein’s homes and accepted money from him for both the research center and Ito’s own investments into tech startups.
“I take full responsibility for my error in judgment,” Ito wrote.
Its creators, Jeff Schwartz (Webdog) and Dan Wong (Danno) have decided that as it gets harder to find a secure location to keep it, its also time to let it go. As such, it will breathe its last on the 30th of August.
Not long ago I published an article about Steam vulnerability. I received a lot of feedback. But Valve didn’t say a single word, HackerOne sent a huge letter and, mostly, kept silence. Eventually things escalated with Valve and I got banned by them on HackerOne — I can no longer participate in their vulnerability rejection program (the rest of H1 is still available though).
You can read the story in more detail in previous article, here is a couple of words about current situation.
And it’s sad and simple — Valve keeps failing. Last patch, that should have solved the problem, can be easily bypassed (https://twitter.com/general_nfs/status/1162067274443833344) so the vulnerability still exists. Yes, I’ve checked, it works like a charm.
But this article is not about an old vulnerability, it’s about new one. Since Valve decided to read a public report instead of private report one more time, I won’t take that pleasure away from them.
Security updates have been issued by Fedora (nginx), openSUSE (ImageMagick and putty), Red Hat (Ansible, atomic-openshift-web-console, ceph, and qemu-kvm-rhev), SUSE (kvm, libssh2_org, postgresql96, qemu, and wavpack), and Ubuntu (libzstd and openjpeg2).
With our 2019.3 Kali release imminent, we wanted to take a quick moment to discuss one of our more significant upcoming changes: our selection of metapackages. These alterations are designed to optimize Kali, reduce ISO size, and better organize metapackages as we continue to grow.
Before we get into what’s new, let’s briefly recap what a metapackage is. A metapackage is a package that does not contain any tools itself, but rather is a dependency list of normal packages (or other metapackages). This allows us to group related tools together. For instance, if you want to be able to access every wireless tool, simply install the kali-tools-wireless metapackage.
When it came time to create my CryptocurrencyOS, based on Linux Mint I wanted to solve some practical user and security issues. The end result was for people to have their own crypto wallets in a secure, opensource, environment and encourage more adoption of cryptocurrency. I applied some of my experience with some of the products I developed for compevo and Techrich.
The first problem is that a lot of people don’t even know how to find or download a wallet (at least safely, since there are a lot of fake / malware wallets that steal people’s coins). If they don’t know how to avoid the above, then how would they be able to secure their computer?
A cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times. Hackers downloaded the software, infected it with malware, and subsequently reposted it on the RubyGems platform, industry news outlet Decrypt reported on Aug. 21.
Cryptojacking software has been found in 11 code libraries for the programming language Ruby—exposing thousands of people.
The latest heist, discovered yesterday on code repository Github made use of a package manager called RubyGems, a popular program that allows developers to upload and share improvements on existing pieces of software.
According to a Decrypt report, the malware was discovered on Tuesday inside Github code repository, infecting the language manager called RubyGems.
Radio Balouch — the app in question — is a legitimate radio application serving Balouchi music enthusiasts, except that it also included AhMyth, a remote access espionage tool that has been available on GitHub as an open-source project since late 2017.
Lukas Stefanko, ESET researcher who uncovered the campaign, said the app was uploaded twice on Google Play — once on July 2 and a second time on July 13 — only to be swiftly removed by Google within 24 hours upon being alerted by the security team. It continues to be available on third-party app stores.
While the service’s dedicated website “radiobalouch.com” is no longer accessible, the attackers also seem to have promoted the app on Instagram and YouTube. The app, in total, attracted over 100 installs.
Security researchers have reviewed security advisories for Apache Struts and found that two dozen of them inaccurately listed affected versions for the open-source development framework.
The advisories have since been updated to reflect vulnerabilities in an additional 61 unique versions of Struts that were affected by at least one previously disclosed vulnerability but left off the security advisories for those vulnerabilities.
Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, today announced its sponsorship of Electronic Frontier Foundation’s (EFF) free, open source software tool, Certbot, to support efforts to encrypt the entire internet and build a network that is more structurally private, safe, and protected against censorship.
The Ministry of Communications and Information Technology has slowed down the access to the internet in the two provinces since the protests kicked off on Monday, where the journalists and foreign academics have been granted restricted access.
The EPA and the NHTSA are expected to unveil the final version of the rollback the Trump administration has been promising sometime this year, but The New York Times reports that staff members at those agencies are “struggling to assemble a coherent technical and scientific analysis required by law to implement a rule change of this scope.”
The White House, blindsided by a pact between California and four automakers to oppose President Trump’s auto emissions rollbacks, has mounted an effort to prevent any more companies from joining California.
Toyota, Fiat Chrysler and General Motors were all summoned by a senior Trump adviser to a White House meeting last month where he pressed them to stand by the president’s own initiative, according to four people familiar with the talks.
"In the post-World War II period, societies rebuilt their infrastructures and practices; now we need something similar so that our economies and practices can operate without fossil fuels.
The scientist considers that we have a margin of up to 30 years for this, although in any case it can be understood as an optimistic period that can only be reduced to 15 years.
Not only is the hoax pushing false information, it's missing the point: You already granted Facebook and Instagram those permissions when you signed up. It's in the terms of service you likely didn't read.
Four years after New York announced the state was banning hydraulic fracturing (fracking), Tioga Energy Partners, LLC has filed an application with the state to frack for natural gas, but there's a catch. The company is proposing to swap propane into the industry standard mix that usually calls for water.
Environmental advocates consider this application to use liquefied petroleum gas (LPG), and specifically a propane gel, an attempt to circumvent New York's 2015 ban on fracking for fossil fuels.
“We know China is adept at controlling domestic information, but now they are trying to use Western platforms like Twitter to control the narrative on the international stage,” said Jacob Wallis, a senior analyst at the Australian Strategic Policy Institute’s International Cyber Policy Centre.
LinkedIn announced this week that it had blocked or removed 21.6 million fake accounts on its platform between January and June of this year.
The professional networking platform, which has about 645 million users, wrote in a Tuesday blog post that 95 percent of the face accounts were blocked from being created during the registration process and never went live.
Another 2 million fake accounts were restricted by LinkedIn before a user reported them, while 67,000 accounts were taken down after being flagged by users.
The social networking giant has posted three job openings for "experienced journalists" to be "news curators." The curators will pick content from publishers covering the most important stories of the day; develop plans for news events; analyze data to inform news strategy; and work with product teams to improve user experience.
However, U.S. intelligence officials and some private sector analysts saw indications China was preparing to escalate its efforts. And less than three months later, the U.S. director of national intelligence sounded an additional alarm, accusing China, along with Russia, of actively meddling in the 2018 congressional elections.
Facebook has continued to do the most Facebooky of Facebook things. Faced with almost entirely baseless claims of "anti-conservative bias" in how it moderates content, Facebook claimed to be doing something useful: bringing in a big outside law firm with big name partners (lead by former Republican Senator Jon Kyl) to analyze those claims. In response, they published... a whole lot of nothing. Kyl released an 8 page report that nearly anyone could have written (at much lower hourly rates, I'm sure). In it, it details areas that 133 different conservative users expressed concerns about how Facebook's platform operates.
But the report does literally nothing to say (or better yet, show) whether or not those concerns are valid. It just lists them out. Yes, the "conservatives" interviewed were "concerned" that hate speech designations might disproportionately impact them. Duh. But did it? The report doesn't say. Even more importantly, did such designations lead to disparate treatment for analogous behavior? Again, the report fails to say. it just lists out what "concerns" were raised. Which is about as totally fucking useless as you can imagine. In short, it's Facebook's standard operating procedure.
It cites a consumer backlash against the company, whose second-largest market for long-haul travel is China.
In a small county in Oregon, free speech -- specifically the act of journalism -- is being threatened. The Malheur Enterprise, a weekly newspaper, has been investigating a state lawmaker's ties to business deals and contracts being executed in the county. Doing what journalists do, the paper's reporters have been trying to get answers or statements from people working with State Rep. Greg Smith, whose business dealings are currently under the small paper's microscope.
No one seems to want to talk to the paper, but good journalists are persistent and willing to talk to anyone who might give them a new lead or verify findings. This is how journalism works. Rep. Greg Smith thinks journalism is a criminal act.
Oh come on. Earlier this week we wrote about both Twitter and Facebook shutting down a bunch of Chinese accounts that both companies claimed were state-backed accounts pushing propaganda/misinformation/attacks against Hong Kong protesters. Separately, Twitter also changed its policies to no longer accept advertising from state-backed media operations. The Chinese government -- the very same government famous for aggressively censoring the entire internet -- apparently is not happy about it, arguing that it's a violation of free speech rights.
The most likely explanation points to Marin’s decision to try and boost the number of people following his and his son's accounts last December.
"I had a social media freelancer supporting the start of the accounts,” Marin said, "and I suspect he bought some Twitter followers/bots, which I thought explained the suspension - until today.”
Finnish state railway firm VR is to end cash sales of tickets on long-distance services. The company says ticket machines and conductors will from 1 September only accept cards or contactless payments.
Back in July, Kazakhtelecom, Kazakhstan’s state telecommunications operator, began regularly intercepting encrypted web (HTTPS) connections. Usually, this kind of attack on encrypted HTTPS connections is detectable and leads to loud and visible browser warnings or other safeguards that prevent users from continuing. These security measures work because the certificate used is not trusted by user devices or browsers.
However, Kazakh ISPs also sent instructions telling users to compromise their own security by manually trusting the certificate on their devices and browsers, bypassing the security checks that are built into most devices.
The two-step of Kazakh ISPs deploying an untrusted certificate, and users manually trusting that certificate allows the ISPs to read and even alter the online communication of any of their users, including sensitive user data, messages, emails, and passwords sent over the web. Research and monitoring from Censored Planet found around 40 domains that were being regularly intercepted, including Google services, Facebook services, Twitter, and VK (a Russian social media site).
But how many officers are actually investigated and fired because of these allegations? New York City keeps that information secret, but Buzzfeed got ahold of a data dump of secret disciplinary files last year. Those files showed that between 2011 and 2015, 1,800 NYPD employees were charged with misconduct, but only a handful were ever fired. They showed that 250 employees were charged with excessive force, including employees who work as school safety agents. They showed that over 100 employees lied on official documents or in open court. They showed that the overwhelming majority of these people kept their jobs and received minimal internal discipline.
To put these numbers in context, the NYPD employs around 55,000 officers and civilian auxiliaries. The department made some 200,000 arrests in 2018. Usually, these stats are used to support the ridiculous claim that it’s just a “few bad apples” who are on the police force. But the cops and police boosters around the country misunderstand the meaning of the phrase. The line is “a few bad apples spoils the bunch.” Not “a few bad apples should be overlooked and fed to black and brown citizens until they choke to death on worms.”
None of this, however, seems to have produced the desired effect: As Carrie Lam tried to dismantle the legal firewall between Hong Kong and Beijing by allowing suspected criminals to be extradited to China, all the rage that had been simmering for five years erupted. Yet another protest movement began, only this one has been much more stubborn. Its main demands are for the complete withdrawal of the extradition bill (which is only shelved at the moment) and a full inquiry into police violence, together with an amnesty for all the protesters who have been arrested. But as we enter the third month of the crisis, the impasse shows no signs of abating. The government obfuscates and tries to scare the protesters—and it is aided by Beijing, which also refuses to open a dialogue and keeps distributing videos and photos of military exercises just across the border from Hong Kong, in Shenzhen.
Two Hong Kong police officers were arrested on Tuesday after a video appeared to show them hitting a 62-year-old man in the genitals, stomach and face while he was strapped to a gurney in a hospital in June.
According to a report by tabloid daily Ilta-Sanomat, the guidelines will advise adults working with immigrant-background children (in Finnish) how to ensure that when youngsters travel abroad they are not subjected to female genital mutilation (FGM) or forced marriage and that their studies are not interrupted for extended periods.
In the first half of 2019, the Hong Kong–based China Labour Bulletin, which tracks labor movements in China, recorded 33 strikes by food delivery drivers, compared to 48 in all of 2018 and just eight in 2017, according to researcher Aiden Chau. Approximately 90 percent of these strikes are spurred by sudden wage decreases; in some cases, drivers have claimed their average daily earnings had abruptly dropped by half.
“A lot of drivers never see their employer before they stage a strike,” Chau said. “Companies say it’s just the algorithm. Workers don’t know how to respond to this, because they know nothing about the algorithm.”
Aside from unannounced wage cuts, striking workers also reported being assigned impossibly short delivery times, leading to more road accidents involving delivery drivers. Independent contractors face liability should they get into a collision–and according to multiple drivers, they are docked pay, or suspended by the platform, if even a single order is late.
The North Carolina Appeals Court has revised its earlier decision finding that retaliatory arrests over free speech are a thing that is right and good and supported by case law.
A man flipped the bird at a state trooper while passing him as he performed a traffic stop. The trooper decided this needed further investigation and pursued the passing vehicle. After demanding the rude passenger's identification (and being rebuffed), the trooper arrested him on contempt of cop charges (obstructing a public officer).
The man sued. The appeals court reached the weird-as-fuck conclusion that the officer had probable cause to initiate a traffic stop because one man's extended middle finger could have conceivably resulted in an eventual disturbance of the peace.
The court had to do a lot of work on behalf of the state trooper to reach this conclusion as there were several logical and legal hurdles to jump. It released this opinion to universal derision. Seemingly chastened by the backlash (and a seething dissent), the appeals court hastily withdrew the decision.
John Perry Barlow is all too frequently held up as the patron saint of a sort of "techno-utopian" internet, in which the internet will save us all and open up all sorts of wonderment and good feels -- and all the bad stuff is whisked away on a rainbow cloud of TCP/IP. Critics of Barlow sometimes delight in mocking his flowery language or predictions that didn't come quite true (though many did). They especially delight in pointing to the current internet hellscape as proof that Barlow's vision of the internet-for-good was a vision through impossibly rose-colored glasses. As I noted upon his passing, this is a near total misunderstanding of Barlow, who saw both the promise and the peril of the internet, and his writings were designed as a call to action for those developing the future (i.e., all of us), to embrace the good and avoid the bad. His presentments were an attempt to urge us all in the right direction, not a suggestion that that direction was inevitable, or easy, or guaranteed.
That framing is useful context for reading through an amazing collection of essays and reflections on Barlow put together by Duke's Law & Technology review, in what it has entitled The Past and Future of The Internet: A Symposium for John Perry Barlow. Edited by Jamie Boyle, with some amazing contributions from folks like Cindy Cohn, Cory Doctorow, Yochai Benkler, Pam Samuelson, Jessica Litman, Jonathan Zittrain and more, it's absolutely worth reading, no matter where you stand on Barlow and his legacy. It is not -- as you might think -- a hagiography designed solely to praise Barlow. Indeed, it contains quite a few essays that are critical of Barlow -- arguing that he was over-optimistic, that he didn't recognize the downsides of the internet, and that he was misguided in his views of how the internet and (especially) copyright law might change over time.
As part of the platform, Sanders promised to crack down on the gig economy, which critics say has allowed companies to exploit workers by treating them as contractors instead of offering them the full benefits that come with being an employee.
Under the plan, "companies will no longer be able to ruthlessly exploit workers by misclassifying them as independent contractors or deny them overtime by falsely calling them a ‘supervisor,’ ” it reads. “When Bernie is president, his administration will end the ability of corporations to misclassify workers as ‘independent contractors’ or label them as a ‘supervisor.’ ”
The European Commission would not be the first regulator to have raised concerns about the digital currency, which will be run by a group of companies, including Facebook, as part of the Libra Association. In the US, Facebook’s cryptocurrency chief David Marcus has faced questions from the House Financial Services committee, during which one representative told him that they didn’t think Facebook should launch Libra at all. Lawmakers in France and Germany were also quick to object to Facebook becoming a “shadow bank” with its own sovereign currency. Earlier this month, data privacy regulators around the world asked for transparency about how the Libra Association will process personal data.
The 10-day bench trial (reminiscent of FTC v. Qualcomm) will kick off on October 15, 2021.
The next case management conference will take place on December 18, 2019, and I'll probably be in the area and may stop by out of curiosity (which wasn't possible yesterday).
Also, the defendants' (i.e., Avanci, Nokia, and privateers that Nokia once fed with patents; and meanwhile, Sharp has also been properly served) motion to stay discovery was denied. While their forthcoming motion to dismiss and already-pending venue transfer motion have yet to be adjudicated, it's possible that Avanci's related arguments at least haven't overwhelmed Judge Koh, which may be the reason she doesn't see a point in staying discovery.
The just-mentioned motion to transfer the case from San Jose to Dallas is already the second attempt to avoid Judge Koh's jurisdiction over the case. In June, Law.com's Scott Graham reported on the denial of a venue-internal transfer motion: the Northern District of California has several divisions; Judge Koh is based in San Jose; and Avanci wanted to at least get the case moved out of that place (with San Francisco being their preferred alternative), even before it was formally assigned to Judge Koh (at the time it was still pending with Magistrate Judge Nathaniel Cousins, which already made it likely that it would be assigned to Judge Koh). As Scott Graham mentioned, Nokia's testimony in FTC v. Qualcomm didn't appear credible to Judge Koh (for undestandable reasons as Nokia itself once complained over Qualcomm's practices, at a time when Nokia was still in the mobile handset business).
[...]
When Continental and Avanci briefed Judge Koh ahead of yesterday's case management hearing, Continental listed those German patent infringement actions against Daimler as related cases, while Avanci and its co-defendants deny that there is a link.
The Court of Appeal allowed ZyXEL’s appeal, finding that in light of its waiver of its RAND licence rights, declaratory relief to determine the scope and terms of the licence which TQD was bound to offer to the two ZyXEL parties would no longer serve a useful purpose.
Last week, the Federal Circuit affirmed a decision by the Patent Trial and Appeal Board (PTAB) finding claims of U.S. Patent No. 7,064,197 to be invalid for anticipation or obviousness, in Enzo Life Sciences, Inc. v. Becton, Dickinson and Co. (Fed. Cir. 2019). Because Enzo raised the issue du jour, that subjecting a patent granted prior to enactment of the Leahy-Smith America Invents Act (AIA) to inter partes review (IPR) was unconstitutional, the U.S. government joined the appeal to defend the constitutionality of PTAB proceedings under these circumstances.
[...]
The Board held in a Final Written Decision that all the claims in IPR were invalid for being anticipated by a prior art reference to Fish or obvious by the combination of Fish and secondary references, or a reference to van Prooijen-Knegt ("VPK") with (obviousness) or without (anticipation) reliance on secondary references. The basis for these determinations based on the VPK reference relied, inter alia, on the Board finding that the '197 patent was not entitled to its earliest priority date for failure of the priority application to satisfy the written description requirement for the "non-porous solid support" limitation recited in challenged claims. Enzo appealed.
[...]
The Supreme Court invited patentees to explore the extent to which IPRs could constitute a Taking under the Fifth Amendment, in its Oil States Energy Services, LLC. v. Greene's Energy Group, LLC decision ("our decision should not be misconstrued as suggesting that patents are not property for purposes of the Due Process Clause or the Takings Clause"). Several patentees having taken the Court up on its invitation, it seems the time is ripe for Supreme Court review of the Federal Circuit's determination that IPRs do not raise constitutional takings issues.
The patent here claims voice communication via “packet communication” that is clearly broad enough to encompass the accused Voice-over-Internet-Protocol (VoIP) systems. However, the patent specification does not disclose or discuss VoIP, but rather asynchronous transfer mode (ATM). ATM uses packets, but mimics legacy circuit-switching by establishing a virtual circuit (something not done by an IP system). As IP has proven itself capable and less expensive, it is largely replacing the ATM approach. The petition here argues that the breadth of claims are not supported by the written description.
In its opinion, the majority sided with the patentee — noting that that IP technology “is not expressly excluded” by the specification and that the document refers to ATM as one possible “broadband system.” The “such as” language “strongly suggests that the patents are not limited to ATM technology.” Here, the court also concluded that a lightweight disclosure was acceptable since IP systems were known in the art as a form of broadband.
Judge Mayer wrote in dissent. He concluded that VoIP should not be understood as within the disclosure since the specification repeatedly focused on ATM style virtual circuits with no disclosure of other packet networks. “[T]he specification’s disclosure makes sense only in the context of ATM technology.”
In other words, Apple believes Corellium creates copies of iOS, sells them to anyone willing to pay, including foreign governments, and in the process violates Apple's rights. Apple is demanding the Corellium Apple Product be blocked from sale, all products using Apple copyrights be destroyed, cash compensation be paid, and Corellium customers informed of the violation.
Corellium’s products allow the creation of a virtual Apple device, according to the suit. It copies new versions of Apple works as soon as they are announced, and doesn’t require users to disclose flaws to Apple, the Cupertino, California-based company said in the complaint.
Corellium allows customers to create and interact with virtual iOS devices — a software iPhone, for example, running actual iOS firmware, all within the browser. Apple says this is copyright infringement, and is demanding Corellium stops “all uses of” its iOS virtualization products and pays Apple unspecified “damages and lost profits.”
Apple this week filed a lawsuit against Corellium, a company that offers users a virtual replica of the iOS user experience from within a web browser. While Corellium touts its service as something of a security tool to better enable researchers to unearth serious vulnerabilities, Apple claims that Corellium’s underlying motive is to illegally profit off of Apple’s intellectual property [sic].
Apple is seeking a permanent injunction to prevent Corellium from continuing to offer a product that replicates iOS. Apple also wants Corellium to destroy all infringing materials that it's collected, and pay Apple damages, lost profits, and attorney fees.
Apple on Thursday filed a lawsuit suit against Corellium, a company which creates virtual versions of Apple's operating system, iOS, within a web browser so people can test it for security flaws.
In its suit, filed in the Southern District of Florida and first spotted by Bloomberg, Apple claimed that Corellium's replication of iOS constitutes copyright infringement.
