GNU/Linux

• Desktop

  • With Windows Virtual Desktop, the bad old days are coming back

    This is not a good thing. Ultimately, I want computing power to be in my hands, not Microsoft’s or any other company’s. If you go along with this, as any poor sod working in Venezuela with Adobe products can tell you, you’re asking for pure misery.

  • System76 will ship Coreboot-powered firmware, a new OS for the apocalypse, and more open source news

    The Denver-based Linux PC manufacturer announced plans to start shipping two laptop models with its Coreboot-powered open source firmware later this month. Jason Evangelho, Senior Contributor at Forbes, cited this move as a march towards offering open source software and hardware from the ground up.

    System76, which also develops Pop OS, is now taking pre-orders for its Galago Pro and Darter Pro laptops. It claims that Coreboot will let users boot from power off to the desktop 29% faster.

    Coreboot is a lightweight firmware designed to simplify the boot cycle of systems using it. It requires the minimum number of tasks needed to load and run a modern 32-bit or 64-bit operating system. Coreboot can offer a replacement for proprietary firmware, though it omits features like execution environments. Our own Don Watkins asked if Coreboot will ship on other System76 machines.

• Server

  • IBM

    • Red Hat CFO Loses Out on Retention Bonus Following Standards-Related Ouster

      Red Hat Inc.’s finance chief Eric Shander has been dismissed from the company, forfeiting a $4 million retention award that was agreed to ahead of Red Hat’s acquisition by International Business Machines Corp.

      The Raleigh, N.C.-based software company confirmed late Thursday that Mr. Shander was no longer working at Red Hat. “Eric was dismissed without pay in connection with Red Hat’s workplace standards,” a company spokeswoman said in a statement.

      The company, which said that its accounting and control functions remain healthy, on Friday declined to provide specifics about what led to Mr. Shander’s dismissal.

    • Red Hat CFO ‘Dismissed’ From Company, Forfeits $4M Retention Award

      “Red Hat Inc.’s finance chief Eric Shander has been dismissed from the company, forfeiting a $4 million retention award that was agreed to ahead of Red Hat’s acquisition by IBM,” reports the Wall Street Journal…

    • Top Red Hat official was let go, company confirms as new CFO steps in

• Kernel Space

  • Linux 5.3.6

    I’m announcing the release of the 5.3.6 kernel.

    All users of the 5.3 kernel series must upgrade.

    The updated 5.3.y git tree can be found at:

    git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.3.y

    and can be browsed at the normal kernel.org git web browser:

    https://git.kernel.org/?p=linux/kernel/git/stable/linux-s…

  • Linux 4.19.79

  • Linux 4.14.149

  • Graphics Stack

    • Godot’s Vulkan Renderer Is Getting Into Increasingly Good Shape

      Lead developer of the open-source Godot 2D/3D game engine Juan Linietsky has continued working daily on the engine’s Vulkan renderer ahead of Godot 4.0.

    • GNOME’s Mutter 3.35.1 Fixes The Night Light Mode On Wayland

      With many of the prominent fixes that we’ve talked about for GNOME Shell and Mutter since last month’s 3.34 release having been back-ported to 3.34.1, this weekend’s release of GNOME Shell 3.35.1 and Mutter 3.35.1 as the first steps towards GNOME 3.36 aren’t all that big. But at least in the case of this new Mutter development release are some worthwhile fixes.

      GNOME Shell 3.35.1 has just different bug fixes and clean-ups but nothing particularly special. While no big features yet, at least the useful fixes over recent weeks were back-ported to the 3.34 stable series.

    • Vulkan To Better Handle Variable Rate Displays / Adaptive-Sync In The Future

      While longtime X11 developer Keith Packard is now working for SiFive on RISC-V processors by day, he’s still involved in the Linux graphics world through his contract work for Valve. At the XDC2019 conference earlier this month he presented on display timing, the current Linux plumbing for it, and also bringing up Vulkan will better support variable rate displays in the future.

      Keith for a while now has done contract work for Valve with Linux graphics infrastructure improvements around better supporting VR HMD hardware on the Linux desktop and more recently on display / refresh rate timing and ensure it works punctually.

• Applications

  • Proprietary

    • Hospitals Resume Accepting Patients After Malware Attack [iophk: Windows TCO]

      The DCH Health System said its hospitals in the west Alabama cities of Tuscaloosa, Northport and Fayette resumed admitting patients Thursday, and its imaging and patient scheduling services were going back online Friday.

      The system said key operations were back to normal 10 days after a ransomware attack encrypted information and prevented its computer systems from communicating with each other. The hospitals kept treating people, but new patients were sent to alternative locations in Birmingham or Mississippi.

      The company hasn’t said how much ransom it paid to regain control of its systems, but an executive said insurance covered the cost.

    • What To Do When You Get Sherlocked By Apple

      It’s pretty standard for at least a few third-party developers to get crushed during Apple’s annual press conference. At some point in the presentation, Apple will announce a new OS feature, while some developer watches in disbelief as Apple swindles their entire business.

      It’s a phenomenon widely referred to as getting “sherlocked” (you can read more about how the term came to be here). It’s oddly flattering and intensely infuriating, and I know this first hand because it happened to the company I work for.

• Instructionals/Technical

  • Blue Mail now available for Linux

  • How to Enable EPEL Repository on CentOS 8 and RHEL 8 Server

  • How to set up Cairo dock on the Linux desktop

  • How to verify a Linux ISO image before installing it

  • How to manage Kubernetes resource limits or kubernetes quota limit

  • Configure Touchpad Settings Using gsettings Commandline Utility

  • How to fix high memory usage in Linux ?

  • GScan2PDF 2.5.7 Released! How to Install it in Ubuntu

• Desktop Environments/WMs

  • K Desktop Environment/KDE SC/Qt

    • This week in KDE: Plasma 5.17 approaches

      Lots of great backend work happened this week which is very important, but not terribly flashy. And most of the in-progress work I alluded to last week hasn’t landed yet. So I’m afraid the user-visible changes will have to be a bit light this week. But fear not! For Plasma 5.17 is undergoing its last rounds of final polish and bugfixing before the release next week, and work churns along on lots of great stuff slated for Plasma 5.18 and the next apps versions!

    • KDE Plasma 5.17 Seeing Last Minute Bug Fixing

      With KDE Plasma 5.17 releasing soon, it’s been seeing a lot of last minute fixes while feature activity is also brewing around Plasma 5.18.

      Plasma 5.17 reached beta last month while next week is the anticipated release of Plasma 5.17.0! Just a few days to go for that big update to the KDE desktop. As such, developers have been tidying it up while also brainstorming about what should be in store for Plasma 5.18.

  • GNOME Desktop/GTK

    • 10 Ways to Customize Your Linux Desktop With GNOME Tweaks Tool

      There are several ways you can tweak Ubuntu to customize its looks and behavior. The easiest way I find is by using the GNOME Tweak tool. It is also known as GNOME Tweaks or simply Tweaks.

      I have mentioned it numerous time in my tutorials in the past. Here, I list all the major tweaks you can perform with this tool.

      I have used Ubuntu here but the steps should be applicable to any Linux distribution using GNOME desktop environment.

• Distributions

  • This Website Lets You Test Linux Distros Right from Your Browser

    If you are an avid Linux user who hops distros every weekend, it can be confusing at times to pick a distro to install. Well, not anymore. There exists a website named DistroTest that lets you test Linux operating systems from your web browser without requiring any sort of installation so that you can get a better idea regarding what to expect from the operating system without even downloading it.

    The website offers 807 versions of Linux distros across 244 operating systems and hence, it is more likely that the distro you’re planning to check out will have its version on DistroTest. Cool, right?

    The best part is, it won’t ask any of your personal information and will not require you to create an account on the website. This way, you don’t have to worry about any privacy-related risk.

  • SUSE/OpenSUSE

    • Suse grounds its OpenStack Cloud in favor of Kubernetes and containers

      Open source vendor Suse has pulled the plug on its OpenStack Cloud a few months after its latest release, the company announced on Wednesday.

      Suse is throwing in the towel on OpenStack in favor of its Cloud Application platform, which is based on the open-source Cloud Foundry platform, and a Kubernetes based-container platform.

      As part of that move to Kubernetes, Suse is no longer producing new versions of its OpenStack Cloud while ceasing the sales of its existing OpenStack product.

    • Open source vendor SUSE gives OpenStack the boot

    • SUSE Dropping OpenStack Cloud to Focus on Core Platforms

    • SUSE Dumps OpenStack

      The decision is part of a shift in company strategy from infrastructure enablement to enabling application delivery, the company said in a blog post announcing the decision Wednesday.

      The blog post quotes IDC analyst Al Gillen, who says “applications and experiences, rather than … infrastructure deployments,” are key to differentiation. SUSE’s decision “moves the company’s value-add higher up the technology stack, to a level where customers want and need tools that empower them to achieve differentiation,” Gillen says.

      SUSE is focusing itself on cloud-native and container technologies for application delivery, Kubernetes and DevOps, the company says. Specifically, it’s putting its resources behind its Cloud Application Platform, based on Cloud Foundry, as well as SUSE CaaS Platform, for Kubernetes container management (a.k.a. “containers as a service”).

    • SUSE ditches OpenStack to focus on applications

      Linux company SUSE Group is killing off its OpenStack Cloud product, stopping development in order to focus more on application delivery.

      SUSE OpenStack Cloud is the company’s distribution of the open-source OpenStack platform that provides a framework to create and manage both public cloud and private cloud infrastructure.

      The surprise announcement comes just a few months after the release of SUSE OpenStack Cloud 9, which was based on the most recent OpenStack Rocky release. That version was also the first to integrate with Hewlett-Packard Enterprise Co.’s Helion OpenStack, which was acquired by SUSE along with other cloud assets three years earlier.

    • OpenSUSE’s OBS Can Now Spin Windows Subsystem for Linux Images

      The openSUSE’s Open Build Service (OBS) has been picking up the ability to build Windows Subsystem for Linux (WSL) images for those wishing to craft their own WSL distribution or just rebuild openSUSE from source as a reproducible/verifiable build.

  • Debian Family

    • Canonical/Ubuntu Family

      • Ubuntu 19.10 Provides Good Out-Of-The-Box Support For The Dell XPS 7390 Icelake Laptop

        For those not following on Twitter, recently I picked up one of the new Dell XPS 7390 laptops for finally being able to deliver Linux benchmarks from Intel Ice Lake! Yes, it’s real and running under Linux! For those eyeing the Dell XPS 7390 with this being the first prominent laptop with Ice Lake, here is a brief look at the initial experience with using Ubuntu 19.10.

        The Dell XPS 7390 laptop that’s being used for testing features the Intel Core i7 1065G7 processor, an Icelake quad-core processor with 1.3GHz base frequency and 3.9GHz peak turbo frequency. This Ice Lake processor features Gen11 Iris Plus Graphics, which we are eagerly testing with the latest Linux graphics drivers.

      • Smart storage includes an open-source toolkit for managing data centre storage

        The tools include three components: A plug-in for MaaS, a bare-metal deployment tool from cloud industry leader and Ubuntu creator Canonical Ltd.; a scripted service formula, or ‘charm’, created with Canonical’s Juju modelling tool that enables users to remotely deploy Adaptec ARCCONF in any type of cloud environment so the adapters and connected devices can be configured and managed remotely using the Juju dashboard; and a plug-in for the OpenStack Horizon GUI that enables users to discover, configure and conveniently manage both Adaptec Smart Storage standard adapters and custom embedded solutions.

      • Adaptec® Smart Storage Offering is First to Include Open Source Toolkit for Managing Data Center Storage

      • Microchip Manages its Adaptec Smart Storage Offering with Open Source Toolkit

      • Travis CI throws open ARMs for testing open source software

        Travis CI will now allow developers to test open source software on ARM-based architectures under a just announced alpha program.

        The CI vendor said it has been working with Canonical, ARM and cloud provider Packet “for the past few months” on the programme, the first fruits of which are free ARM-based builds.

  • Devices/Embedded

    • Open source Raspberry Pi microscope project

      Micropalaeontologist Martin Tetard has been developing a Raspberry Pi microscope aptly named the microscoPI. The Raspberry Pi based microscope can capture, process, and store images and image analysis results. Watch the video embedded below to learn more about the unique Raspberry Pi microscope, which features a rechargeable battery secured under the base of the microscope, making the system completely portable and measuring less than 30 cm in height.

    • Mobile Systems/Mobile Applications

      • Huawei is pushing Android 10 to the Mate 20 Pro

      • Android gesture tutorial for developers (Android 10)

      • GeForce NOW Lands on Android; APK Available for Download

      • 18 new Android games from the week of October 7, 2019: DIGIMON ReArise, Lovecraft’s Untold Stories, and Xenowerk Tactics

      • 5 Android apps you shouldn’t miss this week! – Android Apps Weekly

      • New Android Warning: These 15 Malicious Apps May Be Hiding On Your Phone—Uninstall Now

      • Living with Chromebook: Android Apps (Premium)

      • Sneaky Android adware hides its own icon to avoid deletion – here’s how to remove it

      • Top 9 Tips to Customize Lock Screen on Android

      • Android Circuit: New Samsung Galaxy Leaks, Stunning OnePlus 7T Pro, Microsoft’s Android Surprise

      • Mi Mix 3 Android 10 update comes with latest beta, Mi Pilot program second round ahead of MIUI 11 global rollout

      • Android users need to delete these Google Play Store apps right now

      • HP Chromebook x360 Review: A Million Android Apps Make All The Difference

      • Most of the Social Media Ads Targeting the Android Gamers Are ‘Dark’

      • 5 Android apps you shouldn’t miss this week! – Android Apps Weekly

      • Android 10 now rolling out to the Samsung Galaxy S10 and Galaxy S10 Plus

      • Samsung’s Galaxy Watch Active 2 is a solid smartwatch for Android users

• Free, Libre, and Open Source Software

  • ‘Collapse OS’ Is an Open Source Operating System for the Post-Apocalypse

    Between nuclear weapons, climate disaster, and tech bros’ unbridled thirst for control over our lives, it sure does feel like the end is approaching “nigh” status.

    In a post-apocalyptic future, be it nuclear wasteland or Anthropocene nightmare, a common sci-fi trope is that those able to harness old world technology will have the upper hand. Collapse OS is a new open source operating system built specifically for use during humanity’s darkest days. According to its creator, software developer Virgil Dupras, Collapse OS is what the people of the future will need to reconfigure their scavenged iPhones. For now, though, he’s hosting the project on GitHub and looking for contributors.

  • New Open Source ‘Collapse OS’ Can Survive The Post-Apocalyptic World

    Multiple threats like climate disaster, nuclear war, depletion of resources keep looming over the world, and the idea of apocalypse seems inevitable.

    In any case, it’s never a bad idea to prepare for the future in advance. So a software developer named Virgil Dupras has developed a new self-replicating open-source ‘Collapse OS‘ that can survive humanity’s darkest days.

    In the post-apocalyptic world, we’d probably have to return to old-world technology by scavenging whatever we have built so far.

    Dupras envisions a future where the global supply chain collapses — and there won’t be mass production of electronics anymore. But those who manage to get hold if it will have the upper hand.

  • Collapse OS is an open-source operating system for a post-apocalyptic future

    Wondering what kind of operating system you would use in a post-apocalyptic world after the collapse of society might sound like kind of a low priority. But that’s because you’re not actually in the situation and don’t have to worry about how humankind can make a go of it in Earth’s darkest hour yet. This is where Collapse OS, a new Z80 processor-based open-source operating system being developed by software developer Virgil Dupras, comes into play.

  • New Vector to scale open-source alternative to WhatsApp and Slack, where users own their data

    New Vector has announced $8.5 million in funding to scale its open-source, secure communication network, a bid to revolutionise data privacy and ownership in the messaging app space. The investments come from European VCs who specialize in enterprise tech: Notion Capital, Dawn and firstminute capital.

    Necessary for understanding New Vector’s business is to first understand Matrix. Matrix is an open-source project, building a global network for decentralised communication. Users can collaborate securely via end-to-end encryption, and notably, they retain all ownership and control over their data.

  • New Vector raises $8.5 million to develop an open source Slack and WhatsApp

    Tech giants like Facebook, Google, Apple, and Microsoft needn’t be gatekeepers to communication. That’s the idea upon which Matrix, an open standard and decentralized protocol for real-time communication, was formulated. It’s designed to allow users of one service provider to communicate with users of different providers via online chat, voice over IP, and videotelephony, ideally as seamlessly as SMTP (Simple Mail Transfer Protocol) facilitates email exchanges across clients and services.

    Implementing the Matrix protocol at scale requires infrastructure and technical expertise, however — and that’s where startups like New Vector have carved out a niche for themselves. In a little over two years, the startup has helped to grow the Matrix network 400% to 11 million users across 40,000 deployments, including French and U.S. government agencies, Wikipedia parent Wikimedia, KDE, RedHat, and more.

  • Paris uses open source to get closer to the citizen

    Around 35 per cent of Paris’ 1,000 IT applications are Lutece-driven and 15 per cent are based on other open-source software, with the remaining 50 per cent using proprietary systems. As applications are upgraded or new ones added, Lutece and open-source tools will be deployed as much as possible, Lanouar said, noting that this approach enables greater autonomy and agility for the City, as well as the ability to be more transparent and create a better user experience for the citizen.

  • After Dallas County’s TechShare software failure, the future must be open source

    There has been plenty of coverage of the very expensive failures of TechShare, Dallas County’s attempt to create case-tracking software that could be used in any Texas criminal court. Like many battles over operations-level issues, it is easy to miss the forest for the trees.

    One basic principle of good governing was flagrantly violated in this instance: Government shouldn’t be involved in a for-profit operation. TechShare’s leadership sought profit, rather than to merely recoup costs. I hope members of both parties can agree this is a principle we should consciously adopt. A public discussion will help avoid future misadventures that cost the county $30 million for a hot plate of nothing.

    The term “crony capitalism” gets tossed around a lot, and it sometimes unfairly tarnishes good models of public-private partnerships. Crony capitalism usually means the government gives preference to certain favored private firms without seeking the best price (or quality) for a service or good. That preference is odious because it denies taxpayers the best price. Crony capitalism props up firms that would otherwise fail, using taxpayer money as insurance.

  • AI Researchers’ Open-Source Model Explanation Toolkit AllenNLP Interpret

    Although the techniques are generic, AllenNLP Interpret is intended for use in NLP. Inputs to NLP systems are strings of text, usually sentences or whole documents, and the text is parsed into its constituent words or tokens. AllenNLP Interpret includes saliency maps that show each token’s contribution to the model prediction; a use case for this might be explaining which words in a sentence caused its sentiment to be classified as positive or negative. The toolkit also includes two adversarial methods that show how changing the tokens in the input could affect the output. The first, HotFlip, replaces the input word that has the highest gradient with other words until the model output changes. The other attack, input reduction, iteratively removes the word with the smallest gradient without changing the output; this results in input texts that are “usually nonsensical but cause high confidence predictions.”

  • The best open source software of 2019

  • InfoWorld Identifies the Most Innovative Products Available to Developers, Data Analysts, and IT Organizations

    InfoWorld — the technology media brand committed to keeping IT decision-makers ahead of the technology curve — announces the winners of its 2019 Best of Open Source Software Awards, better known as the Bossies. The annual Bossie awards recognize the most important and innovative open source projects for businesses and the IT professionals who serve them. The 26 winners in this year’s Bossie Awards are the next-generation tools and technologies that are enabling digital transformation, allowing businesses to succeed and IT organizations to excel at a time when the technology is more complex than ever.

  • Events

    • Andile Ngcaba urges embracing open source

      Given the growth of data and the Internet of things, insofar as data is concerned, the fibre industry must adopt open source architecture in terms of designing and building networks.

      This is the sentiment shared by Andile Ngcaba, president of the FTTx Council Africa, at the annual Fibre Optic Conference that kicked-off at the Sandton Convention Centre yesterday.

      Ngcaba was speaking about the future of the industry and how to be part of it, pointing out that modern businesses are being built on open source, while modern telcos are going to be built on open source.

    • All Things Open: The ‘hidden tech gem in the Triangle’ that draws thousands

      In its seventh year, All Things Open is preparing for more than 5,000 attendees. The conference will feature more than 250 talks from some of the top technologists and decision-makers discussing open source technology during three days of programming at the Raleigh Convention Center.

    • Six reasons why you should attend All Things Open in Raleigh

      Haven’t decided whether to attend the All Things Open conference in Raleigh? Well, Open Source is growing more important in technology so you might want to keep an open mind about attending. And more than 4,500 people are already scheduled to attend. Action begins Sunday.

    • Tech Village Hosting HacktoberFest Open-Source Meetup This Weekend

      The event will be hosted in Bulawayo in the 1st floor of the NetOne Building, Corner Fife Street and L.Takawira. Opposite Central Police Station.

      Maintainers -the guys/girls who build source code into a binary package for distribution, commit patches, or organize code in a source repository– will be present to help out would-be contributors to help move open-source projects forward.

  • Web Browsers

    • Mozilla

      • Thunderbird to add built-in support for OpenPGP email encryption standard

        Mozilla announced plans this week to add native support for the OpenPGP email encryption standard inside Thunderbird, the organization’s open-source email client.

  • Linux Foundation

    • Open Source Rules the World

      Not too long ago I attended Linux Foundation’s Open Source Summit in San Diego, and this declaration of world dominance (tongue in cheek) was a fairly prominent refrain throughout. From best practices in OS development to emerging technologies to getting started—how to create an open source strategy, sustain it, and the right path to developing an Open Source Program Office (OSPO).

      All open source all the time.

      What became abundantly clear to me through the cacophony of voices representing developers, technologists and enthusiasts is that at the center of all that is open source are three key components critical to ultimate success (however you define it): people, processes, and technology.

      [...]

      The entire tech space is being redesigned by a digital transformation and the emergence of new open source technology platforms. It’s a revolution of sorts, led by groundbreaking innovations in machine learning, open source IoT, cyber security, virtual reality, big data analytics, blockchain and open source development tools. Additionally, there’s technology to help you know what’s in your code and automate the detection and remediation of license compliance and security issues in your DevOps life cycle.

    • Extreme Networks Transitions StackStorm to the Linux Foundation

      Extreme Networks, Inc. (EXTR) today announced it has turned governance of StackStorm™ platform, its popular open-source workflow automation platform, over to The Linux Foundation. In making this transition, Extreme expects the Foundation’s open source community to accelerate development and adoption of the platform so enterprises everywhere can reap the benefits of new applications and use cases.

  • SaaS/Back End/Databases

    • What to expect from Scylla Summit 2019

      Scylla (the company) takes its name directly from Scylla [pronounced: sill-la], a Greek god sea monster whose mission was to haunt and torment the rocks of a narrow strait of water opposite the Charybdis whirlpool.

      Outside of Greek history, Scylla is an open source essentially distributed NoSQL data store that uses a sharded design on each node, meaning each CPU core handles a different subset of data.

    • Licence to grill: A year on, MongoDB’s Eliot Horowitz talks to The Reg about SSPL

      A year after its controversial switch to the Server Side Public License (SSPL), and with new products livening up the summer, MongoDB remains unrepentant.

      The change was aimed at making vendors selling a service using the company’s code share the source of applications used to run the service as well as any tweaks. The move appeared to be aimed squarely at cloud vendors, content to “capture all the value and give nothing back to the community,” as Dev Ittycheria, CEO of MongoDB, told us at the time.

      Elements of the open source community were less than impressed. The Open Source Initiative (OSI) rejected the company’s attempts to get the licence approved and eventually MongoDB withdrew the thing from the process, although the company continued to use it for its own products. Indeed, at MongoDB’s London .Local event, where we met co-founder and CTO Eliot Horowitz, the company was trumpeting the opening up of its Compass GUI for MongoDB under the SSPL.

    • From Russia with OLAP: Percona uses ClickHouse analytics

      At Percona Live Europe last week, one such example came up around the open source scene that is developing in Russia and how one of the projects that is now starting to open up to international use.

    • The love and the lament: Percona CEO details state of open source data

      Open source has changed, obviously it has. Starting from its origins among the hobbyist programmers and hackers who dared to defy the proprietary Silicon Valley behemoths, the open community-centric model for software development has now been widely adopted by the commercial software sector.
      In many cases, open source has become the norm for modern platforms, tools and applications. But how has this affected the nature of open development and what impact has this shift left in its wake on the data landscape that we view today?

    • GraphDB 9.0 Open Sources Its Front End and Engine Plugins to Support Knowledge Graph Solutions

      Ontotext has announced GraphDB 9.0, which is aimed at lowering the effort required for development and continuous operation of knowledge graphs by opening multiple integration extension points for its users and developers.

      GraphDB is a database for managing semantic information with more than 30 large production installations in big enterprises. With the growing complexity of enterprise data integration, many organizations are starting the journey of building knowledge graphs.

    • Ververica Announces Open Source Framework to Enable Lightweight, Stateful Applications at Scale

      Ververica, the original creators of Apache Flink, today announced at Flink Forward Europe the launch of Stateful Functions (statefun.io), an open source framework that reduces the complexity of building and orchestrating stateful applications at scale. Stateful Functions enables users to define loosely coupled, independent functions with a low footprint that can interact consistently and reliably in a shared pool of resources. Ververica will propose the project, licensed under Apache 2.0, to the Apache Flink community as an open source contribution.

    • DataStax offers bidirectional data dexterity for Apache Kafka

      DataStax has opened up ‘early access’ to its DataStax Change Data Capture (CDC) Connector for Apache Kafka, the open source stream-processing (where applications can use multiple computational units, similar to parallel processing) software platform.

      As a company, DataStax offers a commercially supported ‘enterprise-robust’ database built on open source Apache Cassandra.

      Stream processing is all about speed and cadence, so, the DataStax CDC Connector for Apache Kafka gives developers ‘bidirectional data movement’ between DataStax, Cassandra and Kafka clusters.

  • CMS

    • ExpressionEngine Under New Ownership, Will Remain Open Source for Now

      EllisLab founder Rick Ellis announced yesterday that ExpressionEngine has been acquired by Packet Tide, the parent company of EEHarbor, one of the most successful EE add-on providers and development agencies in the community. A year ago EllisLab, the developers of EE core, was acquired by Digital Locations but Ellis said the company ended up not being a good fit for the future of the CMS…

  • Pseudo-Open Source (Openwashing)

    • Weekly Refresh: 3 Acquisitions, and RideAustin Goes Open Source

      RideAustin will make its ride-hailing software open to the public. The company announced Thursday it will open source its platform so other entities can make use of its market-proven non-profit model

    • RideAustin to release rideshare software to jumpstart networks of rideshare alternatives around the globe

    • Why Open Models Can Actually Improve Your Quality Control

      Winsor: What advice would you offer to businesses who are building out open source programs?

      Hlivko: Before you launch, you’ll start running into engineering challenges, funding questions, dev/ops pipeline integration, branding considerations and a host of other small items to work through. I would recommend identifying key talent, both leadership and team members, which are good at leaning into the model and thinking through these problems horizontally. A small core internal team can advocate for the crowd and evangelize it when ready.

    • Open Core Summit: The Value of Cloud and Commercial Open Source Software

    • Fidectus announces open source interoperability for electronic Settlement Matching (EFET eSM)

    • PyTorch 1.3 comes with speed gains from quantization and TPU support

      Facebook today released the latest version of its deep learning library PyTorch with quantization and Google Cloud TPU support for speedier training of machine learning models.

      Tensor processing unit support begins with the ability to train a model with a single chip and will later be extended to Cloud Pods, Facebook CTO Mike Schroepfer said today.

    • Facebook Open-Sources Hydra to Simplify Configuration Management in Python Programs

      Facebook Hydra is a new open-source framework aimed to speed up the creation of Python applications by simplifying the implementation of common functionality such as command-line argument handling, configuration management, and logging.

      Facebook developed Hydra to accelerate development of several research projects where the ability to cope with changing requirements was key.

    • Will big money destroy the open source dream?

      According to the report, open source monetisation strategies vary and evolve. One of the most popular models at present is what is referred to as “open core”. This involves a blend of free open source and proprietary software, with different levels of openness within the model. Docker, Elastic, GitLab, MongoDB and Redis are all identifiable as open core companies.

      Another open source monetisation strategy is the development of a corporate-sponsored open source project which is often used as a business development resource rather than as the company’s primary offering. An example of this is Kubernetes, which has been developed primarily by Google and which, through its widespread adoption, has boosted awareness of Google Cloud Platform.

      “Within the increasingly competitive cloud services market, building developer trust with open source initiatives (like Kubernetes) provides valuable differentiation,” CB Insights comments.

    • Packetcraft Launches Open Source Bluetooth Low Energy Stack, Which is Integrated With Arm Mbed OS for Seamless IoT Connectivity

      “Packetcraft is excited to offer open source Bluetooth protocol stacks that are qualification tested and up to date with the latest specifications,” said John Yi, founder and CEO of Packetcraft. “We are offering BLE software solutions with a combination of quality, features, and licensing flexibility that is unmatched in the industry.”

    • Enea Runs Joint PoC with FlexiWAN and Intel for Secure SD-WAN based on Open Source Applications

      Enea this week announced a joint Proof of Concept (PoC) with flexiWAN and Intel, demonstrating a reference solution for secure SD-WAN based on open source applications. It will be showcased at the SDN NFV World Congress in The Hague, October 14-17.

    • Big list of open-source MacOS apps
      

    • Version 2.0 of eToro’s Open-Source Programming Language Lira Developed to Write Options Contracts

    • Theta Open Source Network Partners With PewDiePie-Supported Streaming Platform

    • Understanding the open source model for CSPs

      How can communication service providers best use open source development and deployment models, and how does the increasing viability and visibility of open source software impact how CSPs and their suppliers do business? Does it really result in lower equipment and development costs for operators, and how much of an investment – in terms of time and money – does a CSP need to make in open source and the community in order to maximise its returns? If open source results in an unmanageable increase in software components with too many variants, then do we instead need a “curated” open source model driven by CSP-led reference designs? Above all, is open source beneficial or detrimental to the telecoms supply chain?

    • AI-enabled drone maps disaster victims’ location, need

    • Fugue Supports Open-Source Policy Engine For Cloud

    • Alluxio Innovation Recognized by Database Trends and Applications’ Big Data Quarterly and Solutions Review

      Alluxio, developer of open source data orchestration technology used by seven of the world’s top 10 Internet companies, today announced it has been named to the Database Trends and Applications “Big Data 50 – Companies Driving Innovation in 2019” list featured in its Big Data Quarterly and Solutions Review “The Top 13 Free Open Source Storage Solutions” list.

    • Google takes AMP to the OpenJS Foundation

      AMP, Google’s somewhat controversial project for speeding up the mobile web, has always been open-source, but it also always felt like a Google project first. Today, however, Google announced that the AMP framework will join the OpenJS Foundation, the Linux Foundation-based group that launched last year after the merger of the Node.js and JS foundations. The OpenJS Foundation is currently the home of projects like jQuery, Node.js and webpack, and AMP will join the Foundation’s incubation program.

    • OpenJS Foundation welcomes AMP project to help improve user experience on the web

      AMP enters the open source foundation to broaden open governance, drive diverse, cross-industry adoption and continue improving the web for all.

    • Google sparks open source unrest over Knative, Istio

      Google is keeping its Knative and Istio projects close to the vest, which could limit their reach long term, early adopters say.

    • Global Amsterdam Exchange Modernises With Open Source Solutions

      “The cost savings of open networking are certainly compelling, but for our team it is the fabric-wide visibility together with the SDN automation that make the Pluribus Networks solution so valuable to us, said Bart Myszkowski, AMS-IX network engineer.

    • EOS developer Block.one releases version 2.0 of its EOSIO open source protocol

    • SD Times Open-Source Project of the Week: ABAP SDK for IBM Watson

      IBM has announced that the ABAP SDK for IBM Watson is now available. The open-source project is designed to allow developers to use IBM Watson Developer Services within SAP environments and directly from Advanced Business Application Programming (ABAP) code.

    • IBM Releases Open Source SDK that Plugs SAP into Watson

      IBM has rolled out a new open source Software Developer Kit (SDK) that lets users call Watson services directly from ABAP code in SAP systems.

      The project’s lead developer, IBM’s Bradley Knapp described the release to Computer Business Review as a “perfect entrance point for the democratisation of AI and machine learning for the SAP ERP space.”

    • IBM and McAfee Spearhead Formation of Open Source Cybersecurity Alliance

      In a bid to provide interoperability and data-sharing across several cybersecurity products and companies, IBM Security and McAfee are spearheading an open-source cybersecurity alliance along with 14 other cybersecurity companies across the globe.

    • IBM and McAfee primary backers of new open source cybersecurity group

      Cybersecurity is headed to open source with a new initiative backed by IBM and McAfee, among other companies.

      The Open Cybersecurity Alliance (OCA) was formed to pull the fragmented elements of the cybersecurity landscape under one roof by using open source code and practices. The new open source group is under the umbrella of the Organization for the Advancement of Structured Information Standards (OASIS).

    • IBM, McAfee among founders of open source security alliance

    • McAfee, IBM join forces for global open source cybersecurity initiative

      That’s about to change as dozens of tech companies have joined together to create the Open Cybersecurity Alliance, which is an effort to share security solutions and increase mutually beneficial security cooperation.

    • Not just a barking dog: Open-source developers grow to embrace software as a service

      The open-source movement has a history that captures both its community spirit and renegade impact. Sometimes, that history even involves a yapping animal.

      In Linux, the “biff” command notifies users when mail arrives and identifies the deliverer. Was “biff” a cleverly conceived acronym for a remarkably sophisticated programming language?

      No. It was named after a dog owned by the developer of Berkeley Software Distribution or BSD, a Unix-similar operating system built in the 1970s. Biff used to run out and bark every time the mailman showed up.

      Open-source code has moved way beyond its early days as a barking dog in the computer world. Today, open-source companies are commanding huge multiples on Wall Street and major players are opening wallets, as evidenced by IBM Corp.’s purchase of Red Hat Inc. in October for $34 billion.

    • Steiner on the hypocrisy of open source parts

      Guenther Steiner has called out Haas’ rivals’ hypocrisy with some teams keen to adopt an open-source approach to parts of their design but not go down the standard parts route.

      As part of the debate over the 2021 regulations, some teams have balked against the idea of introducing more standard parts into Formula 1.

      However, those same teams are keen on putting parts of their designs out on open-source, allowing others to copy them.

    • Why teaming up be a huge benefit to all involved

    • Bingbot goes evergreen

    • Employees ask GitHub to cancel ICE contract: ‘We cannot offset human lives with money’

      Employees sent an open letter to Github’s CEO asking the company to shed its contract with U.S. Immigration and Customs Enforcement

    • GitHub CEO discussed ‘evolving’ position on China in private all-hands meeting

      Tensions continue to grow over a GitHub contract with Immigration and Customs Enforcement, as employee activists pressure the company to cut ties with the agency.

      In a standing-room-only meeting yesterday, executives answered questions from employees on the controversial contract. CEO Nat Friedman fielded questions from employees and attempted to explain why the company would renew a $200,000 contract with the immigration agency. The Verge has obtained a transcript of the conversation.

      “This is an important topic not just because we find this issue of US immigration policy so odious, offensive, abhorrent, cruel, evil, such a meaningful topic,” Friedman said, according to the transcript. “I personally feel that. I know many other Hubbers share that thought.”

    • Reliance Jio steps up open source efforts as it pursues new markets

    • Winding Tree and Travel Forward to host open-source Hackathon at World Travel Market London 2019

      Winding Tree, the open-source travel distribution platform, announces today that it will be hosting its third travel hackathon with Travel Forward, the newly created technology track of World Travel Market (WTM). The hackathon will run throughout the duration of WTM London 2019, one of the largest travel trade shows in the industry, taking place in London from November 4-6, 2019.

  • fOSS/Finance/Currency

    • Chris J. Terry, Internet Industry Veteran, Joins Open Source Blockchain Project Ether1.org

    • UK forcing AML regulations on cryptocurrency exchanges, ATMs, and open-source wallets

    • UNICEF Launches Cryptocurrency Fund to Back Open Source Technology

      UNICEF, the United Nations Children’s Fund, has launched a crypto fund to receive, hold and distribute donations of bitcoin and ether in its aim to back open source technology for children around the world.

      UNICEF said in an announcement on Wednesday that in a first for United Nations organizations, the Cryptocurrency Fund will receive contributions in cryptocurrency and grant out in the same digital currency form.

    • ConsenSys Gives Ethereum A Boost: $175k Given to 7 Open-Source Initiatives

      ConsenSys, a Brooklyn, New York-based Ethereum development studio studio, is awarding $175,000 to seven different open-source projects being developed on the Ethereum (ETH) blockchain.

      Revealed on October 10, the software development projects include Lighthouse, an innovative Ethereum software client, Tellor, an oracle network for handling off-chain data, Alice, a mobile-based platform for developing decentralized applications (dApps).

    • FINOS Spearheads Open Innovation In Fintech Space With Open Source Strategy Forum

      Benzinga is highlighting nominees for the fifth annual Benzinga Global Fintech Awards ahead of the event Nov. 19 in New York City.

      One nominee is the Fintech Open Source Foundation, or FINOS, a nonprofit for the promotion of open innovation in the financial services and tech spaces.

    • 0x introduces OpenZKP, an open-source zk-STARK implementation

    • Minsheng Life partners with open-source blockchain infrastructure project

      Minsheng Life Insurance has come onboard as a partner of the PlatONE open-source blockchain infrastructure, a project recently launched by non-profit research institution Wanxiang Blockchain and the PlatON global computing network.

    • International Day Against DRM 2019 Focuses on Education

    • A programmer explains why he’s willing to quit rather than work with industry legend Richard Stallman, who resigned from MIT after controversial remarks on Jeffrey Epstein

  • Licensing/Legal

    • Invasion of The Ethical Licenses

      About 23 years ago, I created the Debian Free Software Guidelines to help the Debian developers decide what software was permissible to include in Debian, which aspired to be 100% Free Software, and what should be consigned to a “non-free” repository upon which Debian would never depend. Nine months later, those guidelines became the Open Source Definition, and I announced Open Source to the world.

      [...]

      Despite the seeming impossibility of its enforcement, the Vaccine License is the most professionally constructed of this pack, carefully targeting the approval process of the Open Source Initiative – and IMO missing it. But all three licenses appear to be unlikely to obtain the agreement of a court in enforcement, and scaling their requirements would be a sort of full-employment act for lawyers.

      Let’s work through how these licenses would be enforced.

      When these licenses are enforced, the copyright holder is the plaintiff, a fancy word for someone who makes a complaint. Their complaint is that the defendant, the licensee, committed a tort, a violation of civil law. The tort is copyright infringement.

      The important point here is that the complaint isn’t that the license was violated, the complaint is that the defendant did not have a license at all, and is infringing copyright. The defendant then has to prove that they did have a license, and that they were obeying the license’s terms, or that the court should for some reason not honor those terms.

      Licenses are also contracts, and thus the tort can be breach of contract. But contracts require the consent of both parties – the copyright holder, and the licensee. Real consent is indicated by signing the contract, but that doesn’t ever happen with this sort of license. Instead, there is a lesser indication of consent by the action of using, distributing, or modifying the software.

  • Openness/Sharing/Collaboration

    • Open Source Seed, a Hoax or a Wake-Up Call?

      “Open source” is a trend in various industries. It started to take root in the software industry (Mozilla), followed by biotechnology (CAMBIA) and publishing, where the creative commons concepts have taken root. Several of these trends are based in an opposition against corporate power generated by exclusive rights provided by patents and copyright. Others have a positive goal, i.e. to enhance participation by a much wider population to generate, validate and share information (e.g. Wikipedia).

      The seed sector has a very good story to tell with regard to its contributions to societal goals, but in parts of society, the corporate image and the use of patents create questions, so we could expect that also our sector would be challenged. It is there now. The University of Wisconsin developed an Open Source Seed Initiative several years ago, which was followed in Germany more recently. Access to “freed” plant genetic resources is made conditional to users making them available under the same “open source” conditions – that no IP is vested. The system should thus go “viral” and “force” breeders to join and thus stop protecting their products through IP.

    • Open Data

      • Satellite images and open-source programs for mapping during disasters

        A few weeks ago, the states of Assam and Bihar were reeling under floods. Over 200 people were reported dead, with at least 10 million (one crore) of the states’ residents estimated to have been displaced. To save more lives and prevent further infrastructural damage, search and rescue missions during such disasters need to be effective, and more importantly, need to be rapid.

        The answer to this may lie in space.

        Open-source access to satellite images and new technologies to process these images have been a significant breakthrough to help document the true extent of flooding. Getting this information in time is key to plan and conduct evacuation missions, response operations and damage assessments.

        The European Space Agency (ESA)’s Sentinel-1 mission and the web-based Google Earth Engine (GEE) platform are two recent developments that have helped timely capture and analysis of satellite information.

        A research team from the Indian Institute for Human Settlements (IIHS) used this combination (Sentinel and GEE) to come up with an illustrative example of how such mapping can be used in the future to help in rescue missions, through accurate mapping of flood extents.

    • Open Hardware/Modding

      • Open Source Hardware Trends, Arm Takes a Different Tack

        The open-source movement that has driven software innovation is now creating a buzz in the microprocessor realm, thanks to the growing popularity of open-source microprocessor instruction set architecture RISC-V. Although the term “open source” conveys sentiments such as research sharing and community building, leading semiconductor IP provider Arm, which supports 95 percent of smartphone embedded processors, is not a fan.

        Synced recently sat down with Rhonda Dirvin, who is Arm’s senior director of Embedded, IoT and Automotive Marketing. Dirvin believes today’s open source hardware landscape is not as simple and straightforward as it may seem: “We’re starting to see some people say free is not free. Because at the end of the day they have to look at what it takes to verify that and what it takes to implement the instruction or architecture. You don’t have the whole ecosystem out there that supports it the way that you do with Arm or some of the other more established vendors.”

  • Programming/Development

    • Xilinx unveils open source FPGA platform

      The Vitis unified software platform from FPGA vendor Xilinx is the result of five-year project to create software development tools using familiar languages like C++ and Python to develop a wide range of applications for its reprogrammable chip.

    • Listen: How ActiveState is tackling “dependency hell” by providing enterprise-level support for open source programming languages [Podcast]

      “Open source back in the late nineties – and even throughout the 2000s – was really hard to use,” ActiveState CEO Bart Copeland says. “Our job,” he continues, “was to make it much easier for developers to use open source and much easier for enterprises to use open source.”

    • 10 open source projects proving the power of Google Go

      Now 10 years in the wild, Google’s Go programming language has certainly made a name for itself. Lightweight and quick to compile, Go has stirred significant interest due to its generous libraries and abstractions that ease the development of concurrent and distributed (read: cloud) applications.

      But the true measure of success of any programming language is the projects that developers create with it. Go has proven itself as a first choice for fast development of network services, software infrastructure projects, and compact and powerful tools of all kinds.

    • The Eclipse Foundation Launches The Eclipse Cloud Development Tools Working Group for Cloud Native Software

      The Eclipse Foundation today announced the launch of the Eclipse Cloud Development Tools Working Group (ECD WG), a vendor-neutral open source collaboration that will focus on development tools for and in the cloud. The ECD WG will drive the evolution and broad adoption of emerging standards for cloud-based developer tools, including language support, extensions, marketplaces, and developer workspace definition. Founding members of the ECD WG include Broadcom, EclipseSource, Ericsson, IBM, Intel, Red Hat, SAP, Software AG, and Typefox among many others.

    • You cannot cURL under pressure

      With cURL having this many features (with the general mass of them being totally unknown to me, let alone how you use them) got me thinking… What if you could do a game show style challenge for them?

    • Follow-up on ‘ASCII Transliteration without ICU or iconv’

      By an anonymous commenter, I got pointed to that Unicode (in Qt) is slightly more complicated than I had considered when writing the code: I missed to handle planes beyond the Basic Multilingual Plane (BMP) and the ‘surrogates’ between code points 0xD800 and 0xDFFF. In a series of recently pushed Git commits I addressed problem of surrogates and fixed some more issues. Some preparatory work has been done to support more planes in the future, but as of now, only the BMP is supported. For details, please have a look at the five commits posted on 2019-10-12.

• Leftovers

  • Augmented reality (AR) vs. virtual reality (VR): What’s the difference?

    However, AR and VR today are two distinct things – more like cousins than twins. VR gets much more coverage and AR can be more nebulous given the various ways in which it can be deployed, says Leon Laroue, technical product manager of augmented reality solutions for Epson. “For people who’ve never actually seen an AR or VR device, it’s very easy to assume everything is VR.”

    [...]

    “At a high level, AR applications are best suited for use cases where users need to be connected to and present in the real world,” Laroue explains. Some AR enterprise solutions include remote assistance, on-the-job training, remote collaboration, and computer-assisted tasks.

    “In our research of both technologies, we have found AR to be well-suited for industrial use cases, particularly workforce training and product maintenance,” says Michael M. Campbell, executive vice president, augmented reality products, at PTC. In particular, companies that are facing knowledge gaps and expertise loss as workers retire are capturing that knowledge digitally and sharing it with less-experienced workers via AR tools.

  • Security (Confidentiality/Integrity/Availabilitiy)

    • Critical remote code execution flaw fixed in popular terminal app for macOS

      A security audit sponsored by Mozilla uncovered a critical remote code execution (RCE) vulnerability in iTerm2, a popular open-source terminal app for macOS. The flaw can be exploited if an attacker can force maliciously crafted data to be outputted by the terminal application, typically in response to a command issued by the user.

    • Patch now, Mac users: Critical 7-year-old flaw in open-source macOS app iTerm2

      Any developers or admins using the iTerm2 app should install the available patch immediately, judging by Mozilla’s description, and it sounds like the bug could be exploited in as yet unknown ways.

      “An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” Mozilla’s Tom Ritter writes.

    • iTerm2 issues emergency update after MOSS finds a fatal flaw in its terminal code

      The author of popular macOS open source terminal emulator iTerm2 has rushed out a new version (v3.3.6) because prior iterations have a security flaw that could allow an attacker to execute commands on a computer using the application.

      The vulnerability (CVE-2019-9535) was identified through the Mozilla Open Source Support Program (MOSS), which arranged to audit iTerm2 under its remit to review open source projects for security problems. A third-party security biz, Radically Open Security, performed the audit.

    • WireGuard Snapshot `0.0.20191012` Available

      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA256
      
      Hello,
      
      A new snapshot, `0.0.20191012`, has been tagged in the git repository.
      
      Please note that this snapshot is a snapshot rather than a final
      release that is considered secure and bug-free. WireGuard is generally
      thought to be fairly stable, and most likely will not crash your
      computer (though it may).  However, as this is a snapshot, it comes
      with no guarantees; it is not applicable for CVEs.
      
      With all that said, if you'd like to test this snapshot out, there are a
      few relevant changes.
      
      == Changes ==
      
        * qemu: bump default version
        * netns: add test for failing 5.3 FIB changes
        
        Kernels 5.3.0 - 5.3.3 crash (and are probably exploitable) via this one liner:
        
        unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table main suppress_prefixlength 0 && ping -f 1234::1'
        
        We fixed this upstream here:
      
      https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
      
        This is relevant to WireGuard because a very similar sequence of commands is
        used by wg-quick(8).
        
        So, we've now added some tests to catch this code path in the future. While
        the bug here was a random old use-after-free, the test checks the general
        policy routing setup used by wg-quick(8), so that we make sure this continues
        to work with future kernels.
        
        * noise: recompare stamps after taking write lock
        
        We now recompare counters while holding a write lock.
        
        * netlink: allow preventing creation of new peers when updating
        
        This is a small enhancement for wg-dynamic, so that we can update peers
        without readding them if they've already been removed.
        
        * wg-quick: android: use Binder for setting DNS on Android 10
        
        wg-quick(8) for Android now supports Android 10 (Q). We'll be releasing a new
        version of the app for this later today.
      
      This snapshot contains commits from: Jason A. Donenfeld and Nicolas Douma.
      
      As always, the source is available at https://git.zx2c4.com/WireGuard/ and
      information about the project is available at https://www.wireguard.com/ .
      
      This snapshot is available in compressed tarball form here:
      
      https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.xz
      
        SHA2-256: 93573193c9c1c22fde31eb1729ad428ca39da77a603a3d81561a9816ccecfa8e
        BLAKE2b-256: d7979c453201b9fb6b1ad12092515b27ea6899397637a34f46e74b52b36ddf56
      
      A PGP signature of that file decompressed is available here:
      
      https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.asc
      
        Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
      
      If you're a snapshot package maintainer, please bump your package version. If
      you're a user, the WireGuard team welcomes any and all feedback on this latest
      snapshot.
      
      Finally, WireGuard development thrives on donations. By popular demand, we
      have a webpage for this: https://www.wireguard.com/donations/
      
      Thank you,
      Jason Donenfeld
      

    • WireGuard 0.0.20191012 Released With Latest Fixes

      WireGuard is still working on transitioning to the Linux kernel’s existing crypto API as a faster approach to finally make it into the mainline kernel, but for those using the out-of-tree WireGuard secure VPN tunnel support, a new development release is available.

    • SafeBreach catches vulnerability in controversial HP Touchpoint Analytics software

      Now the feature is embroiled in another minor controversy after security researchers at SafeBreach said they uncovered a new vulnerability. HP Touchpoint Analytics comes preinstalled on many HP devices that run Windows. Every version below 4.1.4.2827 is affected by what SafeBreach found.

      In a blog post, SafeBreach Labs security researcher Peleg Hadar said that because the service is executed as “NT AUTHORITY\SYSTEM,” it is afforded extremely powerful permissions that give it wide access.

      “The CVE-2019-6333 vulnerability gives attackers the ability to load and execute malicious payloads using a signed service. This ability might be abused by an attacker for different purposes such as execution and evasion, for example: Application Whitelisting Bypass Signature Validation Bypassing,” Hadar wrote.

      [...]

      The company has long had to defend HP Touchpoint Analytics against critics who say it gives HP unnecessary access to users’ systems. When it first became widely noticed in 2017, dozens of users complained that they had not consented to adding the system.

    • Security Tool Sprawl Reaches Tipping Point

    • How trusted digital certificates complement open source security

      Application developers incorporating open source software into their designs may only discover later that elements of this software have left them (and their customers) exposed to cyber-attacks.

    • Securing the Container Supply Chain

  • Defence/Aggression

    • Turkish ISP Blocks Social Media Sites Near Syrian Border [iophk: preparations for warcrimes and probably genocide]

      Turkey restricted access to Facebook, Instagram, Twitter, and WhatsApp in at least three cities in the southern part of the country for about 48 hours earlier this week as it launched an attack on northern Syria, according to data collected by civil society group NetBlocks and reviewed by WIRED. Turkey moved against Kurdish forces in northern Syria Wednesday, launching an air and ground assault on a militia allied with the US days after President Donald Trump pulled US troops out of the area.

      Turks close to the border rely on those social media services to access and share uncensored [sic] news.

    • Christian Communities in Northeast Syria Are the Target of a Turkish Attack

      Turkey plans to use the Syrian National Army, an alliance of Islamist rebels, for its operations in Northern Syria. The Army of Islam, one of the members of the Syrian National Army, has paraded around hostages from Syria’s religious minorities in cages. Its late leader, Zahran Alloush, once referred to some minorities as “filth” that should be “cleansed,” although he walked back the rhetoric in a later interview.

      “Turkey can only expand outside its current borders by embracing a religious agenda,” Ishak claimed. “What would bring together a Syrian, a Kurd, an Arab, and a Turk together like it was during the Ottoman Empire? It’s the religious identity.”

      Ishak, Vergili and the Assyrian Policy Institute’s statement all accused Turkey of backing ISIS.

    • Clarion Special Report: NY’s Sharia Patrol

      This is where things got interesting. He went on to say that the patrol presence was needed not just for protecting mosques, but also to stop people— Muslim people, in particular—from doing what was harmful and what the Quran considers haram, or forbidden, for Muslims.

      Abdul remembered Wahhaj saying, “The mosques need protection and the MCP cars can help stop people who were not following the rules and regulations of the sharia, doing what they’re not supposed to be doing, but still doing it.”

      That is, they were there to physically enforce “laws” that were not U.S. or New York laws.

    • 300 terrorists active in Kashmir, 500 receiving training in camps at PoK: Gen Ranbir

      [...] He said Pakistan is in a fix over the situation and is trying different ways to send in the weapons. Speaking to mediapersons in Bhaderwah, Singh also refuted reports about infiltration of Afghan militants into the valley. Terrorists are facing a shortage of weapons in Kashmir. So they try to snatch weapons from Special Police Officers (SPO) or loot them from police stations, the Army commander said. Even Pakistan has been caught in a difficult situation so it uses various ways to provide weapons to the terrorists in Kashmir, he said. [...]

    • France to Curtail Some Arms Exports to Turkey

      The Latest on Turkey’s military offensive into northeastern Syria against Syrian Kurdish fighters…

  • Environment

    • Sea levels are rising, so why is coastal construction?

      Yet coastal development, not retreat from rising sea levels, is still ascendant here and in other communities along America’s southeastern coast. The pattern is fueled by money, by age-old human affinity for “blue spaces,” and by government policies such as flood insurance that can subsidize risky residences.

      Now it’s an uneven real estate market. Many at-risk homes are losing value even as others are snapped up. One home near Mr. Cobau’s is being demolished due to frequent flooding. Another just sold for $1 million. Other owners are seeking approval to elevate their homes.

      “The majority of people’s retirement savings is the equity in their house,” says Ryan Lewis, a University of Colorado sea level expert. “And if you think about the timeline of [sea level rise] and people’s savings, those things are converging.”

    • Tokyo Area Shuts Down as Powerful Typhoon Lashes Japan

      A heavy downpour and strong winds pounded Tokyo and surrounding areas on Saturday as a powerful typhoon forecast to be Japan’s worst in six decades made landfall and passed over the capital, where streets, nearby beaches and train stations were long deserted.

  • AstroTurf/Lobbying/Politics

    • Elizabeth Warren targets Facebook’s ad policy — with a Facebook ad [iophk: once again she omits Microsoft from her list of offenders]

      The Warren ad puts Facebook in a challenging position, said Dave Karpf, an associate professor of media and public affairs at George Washington University.

      “Either Facebook doesn’t touch the ad and the ad is therefore noteworthy, or they touch the ad and it’s noteworthy,” he said. “It’s a smart tactical move.”

    • AP Fact Check: Trump’s Shoddy Information on Syria, Impeachment, More

      President Donald Trump spread shoddy information about Syria, the economy and matters at the heart of the impeachment inquiry against him in a week of caustic rhetoric.

    • Ecuador’s Indigenous Leaders Willing to Talk After Fuel-Price Protests

      Indigenous leaders of fuel-price protests that have paralyzed Ecuador’s economy for nearly a week said Saturday they are willing to negotiate with President Lenín Moreno, signaling a possible exit from the crisis even as violence prompted the president to impose a curfew in the capital and surrounding areas.

  • Censorship/Free Speech

    • Hong Kong Protests: Apple CEO Tim Cook defends removal of app used by protesters

      Apple CEO Tim Cook, it apparently giving in to Chinese demands of removing apps used by pro-democracy protesters in Hong Kong. The company removed the HKmap.live app from its app store.

      The app was used by protesters to track police movements inside Hong Kong. The fact came to light after the Communist Party of China owned newspaper China Daily accused the company of listing the app in its App Store.

    • Exclusive: CEO of world’s largest e-sports firm ESL warns staff not to discuss Hong Kong protests

      In September, ESL announced that it was forming a partnership with Huya, a Chinese streaming service backed by Chinese internet conglomerate Tencent. Huya pledged to buy US$30 million (HK$235 million) in ESL shares. The partnership was expected to expand ESL’s access to China’s huge competitive gaming market.

      When asked by HKFP if it was concerned about its China market, and whether it respected free speech, a spokesperson said ESL maintains social media policies for staff.

  • Privacy/Surveillance

    • How Photos of Your Kids Are Powering Surveillance Technology

      The pictures of Chloe and Jasper Papa as kids are typically goofy fare: grinning with their parents; sticking their tongues out; costumed for Halloween. Their mother, Dominique Allman Papa, uploaded them to Flickr after joining the photo-sharing site in 2005.

      None of them could have foreseen that 14 years later, those images would reside in an unprecedentedly huge facial-recognition database called MegaFace. Containing the likenesses of nearly 700,000 individuals, it has been downloaded by dozens of companies to train a new generation of face-identification algorithms, used to track protesters, surveil terrorists, spot problem gamblers and spy on the public at large.

    • Chinese app on Xi Jinping’s ideology allows data access to 100 million users’ phones: Report

      The Chinese Communist Party appears to have “super-user” access to all the data on more than 100 million cellphones, owing to a back door in a propaganda app that the government has been promoting aggressively this year.

      An examination of the code in the app shows it enables authorities to retrieve every message and photo from a user’s phone, browse their contacts and Internet history, and activate an audio recorder inside the device, according to a US-funded analysis.

      [...]

      The app collects and sends detailed log reports on a daily basis, containing a wealth of user data and app activity, the investigation found.

  • Freedom of Information / Freedom of the Press

    • WBAI Signs Off. Its Future Remains Uncertain.

      On Monday, October 7, at around 7 am, WBAI-NY essentially went off the air. A small group organized at the direction of the Pacifica Foundation’s Interim Executive Director John Vernile (who’d only been the job for two months) threw the staff out of the WBAI studios in Brooklyn, handed them termination letters, posted a guard at the door, and switched WBAI programming to a feed from Pacifica’s KPFA station in Berkeley, California. In a style that would make a CIA destabilization crew proud, they went through the station, disconnected computers and the soundboard, placing them in inner rooms with padlocks, took out the Emergency Alert system (required for all broadcast facilities), and told the landlord that the studio would be unoccupied within 24 hours. She was advised to find a new tenant.

      Vernile had given instructions to the facility that housed the station’s antenna, which broadcast at 99.5 FM, to bar any WBAI staff. The WBAI website was redirected to a page that announced that programming would now emanate from Pacifica Across America, presenting the “best” of programming from other Pacifica stations.

      By the close of October 7, WBAI’s Local Station Board (Pacifica has both a National Board and Local Station Boards) had gotten a temporary restraining order barring the takeover, but Pacifica refused to comply. As a contempt-of-court hearing was about to be begin, Pacifica’s lawyers moved the case to Federal Court in Manhattan. Litigation continues.

  • Civil Rights/Policing

    • Nadia Murad and Amal Clooney want ISIS to face Nuremberg-like trials

      Her path to the Nobel Peace Prize began when she joined an activist group in Germany. It took her to the U.N., where she became a human rights ambassador and then wrote a book. The U.N. recognizes the genocide that happened to the Yazidis, but there are more steps to secure a trial. Clooney agreed to help.

      “I saw it as a test of the international system. It was so egregious because it involved ISIS and involved a clear case of genocide. It involved sexual slavery at a scale that we haven’t seen in modern times,” says Clooney. “I thought if the U.N. can’t act in this case then what does the international rule of law even mean?”

    • When Cops Aren’t The Answer to 911 Calls

      The Eugene CAHOOTS team shows up in work boots, jeans and T-shirts — and without police officers — in response to 911 calls diverted to the program.

      “That difference in uniforms can assist folks with letting their guard down and being open to accepting the help that is being offered,” said Tim Black, the Eugene CAHOOTS’ operations coordinator.

      For people with a history of volatile arrests often while in mental health crisis, this could make treatment more accessible, less traumatic and safer. One in 4 deaths from police shootings represent people with mental illness, according to the Treatment Advocacy Center.

    • Are We Sure Women Aren’t Too Fragile To Have The Vote?

      What’s now criminal is being male. All you need to be is male and accused of something, whether or not it fits any definition of a crime. It sounds unbelievable, but it’s increasingly the case.

    • Defining ‘True Islam’ Is Harder Than Progressives Think

      As a review of the book published on Qaradawi’s own website (islamonline.net) explains, jihad is not about “spiritual values and behavioral virtues”; it is an armed struggle, and that “without jihad, the Ummah’s boundaries will be violated, the blood of its people will be as cheap as dust, its sanctuaries will be less worthy than a handful of desert sand, and it will be insignificant in the eyes of its enemies.”

      Qaradawi’s work, by the way, is frequently cited by leading American clerics.

      A 200-year-old book republished in 2016 by Al-Azhar — the most important Islamic seminary in the world — only refers to jihad as an “armed struggle.” And when, as NPR put it in 2003, “around the Muslim world, mainstream Muslim clerics are calling on their followers to make jihad, or holy war, against American troops” in Iraq, were they only asking for Muslims to practice a quiet internal struggle?

    • Young girls forced into sick ‘pleasure marriages’ with dozens of men

      Rusul has been married dozens of times — some marriages lasting just three hours.

      Each time, she’s given a dowry — which can be around $360 — and is forced into a quick wedding ceremony, after which she is expected to have sex with her new husband.

      But her spouses — usually old men — can be violent, with some forcing her to perform their favourite sex acts even when she resists.

      And the marriages always have an end date, leaving Rusul alone following the horrendous assaults.

      The brave teen appears in a new BBC documentary that shines a light on the illegal practice of “pleasure marriage” and how it’s being used to pimp out vulnerable girls in war-torn Iraq. Obviously, the vast majority of Muslims find the practice absolutely abhorrent.

    • Calls to end early marriages dominate Day of the Girl child

      The day, aimed at highlighting the needs and challenges girls face, while promoting girls’ empowerment and fulfilment of their human rights, was observed on Friday under the theme “Girl Force: Unscripted and Unstoppable “. The celebrations were held at Kasana playground in Luweero town.

      At the function, girls and activists decried rampant early marriages, teenage pregnancies and other sexual abuses which have led girls to drop out of school. Shalom Kaitesi, a Senior three student of Janan Secondary School in Luweero said that two of her friends were forced into marriage.

    • The Foreign Office Must Be Challenged Over Sacoolas’ Immunity

  • Monopolies

    • #DeleteUber for Good

      California’s passage of Assembly Bill 5 (AB-5) would effectively force Uber and its many “gig economy” imitators to recognize their workers as employees and, unsurprisingly, they’re doing everything they can stop it. It’s time to bring back the #DeleteUber campaign for good this time — and expand it to Lyft, DoorDash, and all the rest.

    • Copyrights

      • Ebook Piracy Grows, Contrary to The Trend