Desktop/Laptop

• Goodbye Error 83: You Can Now Stream Disney Plus on Linux Devices

  Prior to Disney+ launching, there was some speculation that the service wouldn’t work on Chromebook or Linux Devices. Those streaming on certain devices during the test in the Netherlands received an Error 83 which meant a “device compatibility issue.” This was a result of how Disney+ handled Widevine DRM and the fact that Disney+ required a higher level of security than other streaming services like Netflix and Hulu.

  While Disney was able to add Chromebook support ahead of launch (which is good because, you get 3 free months when you buy one), some Linux devices still did not support the streaming service. But now, according to many Linux users, earlier this week that changed.

• Arm Server CPUs: You Can Now Buy Ampere’s eMAG in a Workstation

  Avantek offers the system with three optional graphics cards: AMD FirePro W2100, a Radeon Pro WX 5100, and the NVIDIA Quadro GV100. OS options are variants of Linux: Ubuntu, CentOS, SUSE SLES, and openSUSE.

Server

• When you’re in the release team, you’re family: the Kubernetes 1.16 release interview

  It is a pleasure to co-host the weekly Kubernetes Podcast from Google with Adam Glick. We get to talk to friends old and new from the community, as well as give people a download on the Cloud Native news every week.

  It was also a pleasure to see Lachlan Evenson, the release manager for Kubernetes 1.16, win the CNCF “Top Ambassador” award at KubeCon. We talked with Lachie when 1.16 was released, and as is becoming a tradition, we are delighted to share an abridged version of that interview with the readers of the Kubernetes Blog.

  If you’re paying attention to the release calendar, you’ll see 1.17 is due out soon. Subscribe to our show in your favourite podcast player for another release interview!

• IBM

  • Containers and Kubernetes can be essential to a hybrid cloud computing strategy

    Hybrid cloud is gaining ground among enterprises that want to expand computing resources with public cloud infrastructure while still using their on-premise, data center environments. Adding public cloud can mean more elasticity, scalability, and even faster time to market. But if you want to improve the chances that your hybrid cloud can deliver on its promise, you need to think about adding containers to the mix.

    Linux containers provide a way to encapsulate application code in a way that makes the code more portable and faster to deploy. More and more organizations are using containers as part of the infrastructure for microservices-based, cloud-native applications.

    Containers can be portable across environments such as Red Hat OpenShift Container Platform and consistent, so they can speed application delivery times and make it easier for teams to collaborate, even if those teams are working in different deployment environments. And they can serve as a bridge between your data center and public cloud environments.

  • Systemd-homed Looks Like It Will Merged Soon For systemd 245

    Announced back in September at the All Systems Go event in Berlin was systemd-homed as a new effort to improve home directory handling. Systemd-homed wants to make it easier to migrate home directories, ensure all user data is self-contained, unify user-password and encryption handling, and provide other modern takes on home/user directory functionality. That code is expected to soon land in systemd.

    Systemd-homed was talked about by Lennart as being ready for versions 244 or 245. Now that systemd 244 shipped at the end of November, systemd-homed is looking like it will soon land in Git.

  • Understanding Red Hat AMQ Streams components for OpenShift and Kubernetes: Part 3

    In the previous articles in this series, we first covered the basics of Red Hat AMQ Streams on OpenShift and then showed how to set up Kafka Connect, a Kafka Bridge, and Kafka Mirror Maker.

  • What personality trait most defines a sysadmin?

    When you think of a system administrator, who do you think of?

    Chances are, most of us have taken a Myers-Briggs Type Indicator (MBTI) test at some point in our careers. For me, my results typically come up as INTJ, and I’ve always thought the traits associated with that type (introversion, intuition, thinking, judging) have aligned with my interest in technology and the kind of work I enjoy.

    But that doesn’t mean that those are the only characteristics that make a good sysadmin. Far from it. A successful team is made up of a diversity of skills, viewpoints, and personal characteristics.

  • How to identify a strong sysadmin job applicant

    When a company looks for new resources with skills in a specific focus area—especially in IT—the challenge is on. Why? Because only a few in the company, if any, have even a vague notion of how to verify the skills they are looking for. The work of a system administrator is a key function, and if it goes wrong, the very existence of the company is at stake (something I’ve been unfortunate to witness when called in on an emergency rescue effort).

Audiocasts/Shows

• 2019-12-06 | Linux Headlines

  The W3C puts forward WebAssembly as an official standard, Azure Sphere gains support for Ubuntu developers, CodeWeek reports back in with this year’s results, and Manjaro has some exciting news for PinePhone backers.

• Playing “Teeny Titans 2″

  I love “Teen Titans GO,” even if I am a grown up adult human male with teenagers. So, when I saw this in my Play Store suggested list, I could not resist. I mean, come on! So, I downloaded it, installed it, and began playing.

• Destination Linux 150 – Librem 5, Zorin OS, Private Internet Access, UBports, Fedora, Bitwarden

  Topics covered in this episode:

  ZorinOS Privacy Concerns
  Ubuntu Touch Runs On Raspberry Pi
  Librem 5 Birch Has Shipped
  Fedora Users Concerned GNOME Software Proprietary Software
  Linux Powered Handheld Returns

• Linux Apps I Use Daily

  In this video, I go over all the Linux distributions and apps that I use every single day. I could not imagine my life without any of this software.

• 411 DevSecOps: Karthik Gaekwad | Jupiter Extras 37

  Ell and Wes sit down with Karthik Gaekwad to sort through the buzzword bingo and explain what DevSecOps is, what it isn’t, and why security should be part of the full lifecycle of your apps.

• Imaginary Turkey | User Error 80

  Talking to ourselves, delicious family meals, and the complexities of modern work.

  Plus inexpensive acquisitions, the price we put on security, and popey refusing to answer the simplest of questions.

• LHS Episode #315: The Weekender XXXVIII

  It’s time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we’re doing. We’d love to hear from you.

Kernel Space

• A General Notification Queue Was Pushed Back From Linux 5.5 Introduction

  Red Hat has been working on a “general notification queue” that is built off the Linux kernel’s pipe code and will notify the user-space of events like key/keyring changes, block layer events like disk errors, USB attach/remove events, and other notifications without user-space having to continually poll kernel interfaces. This general notification queue was proposed for Linux 5.5 but has been pushed back to at least 5.6.

  This Linux kernel general notification queue builds off a standard pipe and allows user-space applications to efficiently become aware of changes to block devices (disks), keys, USB subsystem happenings, and other possible events. The proposed documentation spells out more of the planned functionality and behavior.

• Graphics Stack

  • NVIDIA presenting a talk at GTC 2020 about Linux drivers and possibly some open source news

    Both AMD and Intel already have their drivers open, with developers paid to work on them and so perhaps NVIDIA will finally follow along? Stranger things have happened, so I wouldn’t completely count NVIDIA out on that, although I’m not expecting them to make such a big shift. What do you think they’re planning?

    GTC is being hosted in San Jose, California and runs from March 23 – 26, 2020. The talk doesn’t seem to have a set time or date yet.

Benchmarks

• RadeonSI NIR Benchmarks Show Great Progress With Mesa 20.0

  With AMD last week having enabled OpenGL 4.6 for their RadeonSI OpenGL Linux driver when enabling the NIR intermediate representation support, you may be wondering how using NIR is stacking up these days compared to the default TGSI route. Here are some benchmarks on Polaris, Vega, and Navi for comparing this driver option that ultimately allows OpenGL 4.6 to be flipped on.

  NIR is the modern intermediate representation used by a majority of Mesa drivers now in some capacity as an alternative to the likes of TGSI as what had been the default IR for Gallium3D drivers. With RadeonSI they have been transitioning to NIR since that has been the growing trend of these open-source drivers for sharing IR optimizations and the like. As well, NIR is being wired up in order to re-use some code-paths used currently by the “RADV” Radeon Vulkan driver to share some of the SPIR-V work that was needed in order for RadeonSI to have OpenGL 4.6 support. Like on the Intel side when they crossed the OpenGL 4.6 milestone recently, the big blocker to GL 4.6 on these drivers was handling SPIR-V ingestion with GL_ARB_gl_spirv / GL_ARB_spirv_extensions.

Applications

• Terminal File Manager nnn Adds Session Management, Rclone Cloud Storage Integration

  nnn is a very fast file manager created to work seamlessly with desktop environments and GUI utilities. The ncurses based keyboard-driven terminal application should run smoothly on the Raspberry Pi, Termux on Android, Linux, macOS, BSD, Cygwin and WSL.

  Besides basic file manager features (with tabs/contexts, bookmarks, search, and so on), the tool also various handy utilities like a disk usage analyzer (block/apparent), a fuzzy application launcher, batch renamer, and more. It’s also extensible via a plugin system, and comes with many built-in plugins. For navigation, nnn supports navigate-as-you-type with directory auto-select. Search-as-you-type is also supported.

  Other features include SSHFS mounts support, support for navigating using the mouse, batch operations on selections, multiple sorting options and a lot more.

• A 25K commit gift

  The other day we celebrated curl reaching 25,000 commits, and just days later I received the following gift in the mail.

• curl speaks etag

  That’s a quote from the mozilla ETag documentation. The header is defined in RFC 7232.

  In short, a server can include this header when it responds with a resource, and in subsequent requests when a client wants to get an updated version of that document it sends back the same ETag and says “please give me a new version if it doesn’t match this ETag anymore”. The server will then respond with a 304 if there’s nothing new to return.

  It is a better way than modification time stamp to identify a specific resource version on the server.

Instructionals/Technical

• Copying files into a container at run time

• How to Automatically Disconnect Idle or Inactive SSH Sessions After Five Minutes of Inactivity

• Potential pitfalls with multi-NIC and cloud-netconfig

• PenTesting: Gaining Root Privileges on Kioptrix

• Read only rootfs

• How to Install Fonts on Ubuntu

• How to setup SUSE Manager in AWS server

• How to fix “sub process usr/bin/dpkg returned an error code 1″ Error in Ubuntu

• Removing and Disabling Modular RPMs on Fedora

• How to Install Joomla with Nginx on Ubuntu 18.04

• How To Install Elasticsearch on Debian 10

• How to Install Prometheus Monitoring and node_exporter on CentOS 8

• How to Install The Latest KDE Plasma 5.17.4 in KUbuntu 19.10

• How to Improve Notebook Battery Life in Debian with TLP

• How to Setup an L2TP/IPsec VPN Client on Linux

• How to Simplify 7z Compression with Bash Aliases

• How to install Skype on elementary OS 5.1 Hera

• Understand basic modules in ansible

Wine or Emulation

• Wine 5.0 Code Freeze To Begin Next Week

  As expected by Wine’s annual release cadence, next week Wine 5.0 will enter its code freeze followed by release candidates until this next stable Wine release is ready to ship around early 2020.

  Wine project leader Alexandre Julliard shared that following next week’s development release will mark the expected code freeze season for Wine 5.0. Wine 4.22 will be out one week from today and the last point by which Wine developers can land any features they want to see in this annual stable release. Following that will be weekly Wine 5.0 release candidates until the 5.0.0 release is ready to ship, likely in January or February.

Games

• Aquiris Game Studio ending support for their online FPS Ballistic Overkill

  Ballistic Overkill, an easy pick up and play first-person shooter from Aquiris Game Studio is now essentially being killed off.

  In an announcement on Steam, the team noted that “supporting a game like this with frequent updates is no easy task, nor is it something cheap, especially for an independent studio like us” and they’re certainly not wrong about that. Keeping a multiplayer game going, with constant updates to keep people interested and fighting against cheaters certainly isn’t easy for a smaller team.

• Roadwarden, an upcoming illustrated text-based exploration fantasy RPG with a Linux demo

  Roadwarden certainly grabs your attention! A game that blends together features from a ton of different genres to create a mix of an RPG, interactive fiction, adventure, exploration and a lot more. It doesn’t really fit into any clear genre.

  Somehow, I completely missed it being announced with a demo a good few months ago. Thankfully, I did notice it popping up on Steam just recently and they have a new announcement trailer:

• Gloomy and surreal adventure game Mosaic from Krillbite Studio is out now

  Krillbite Studio, developer of the creepy Among the Sleep have released Mosaic, a dark and surreal adventure game about life in a cold overpopulated and ever-expanding city. Note: Key provided to us by GOG.com.

  I was a big fan of Among the Sleep, the story telling and the atmosphere they made with it was brilliant and to this day the ending still makes me think. With Mosaic, they’ve done quite the opposite in terms of the story. Life is hard, it can often be quite dull and Mosaic is showing it all off with a dystopian near-future setting. This is a game about adult life, how it’s often monotonous as we go through it just trying to survive. Things get a little weird though, as you expected it to with such a game.

• The Humble Choice game bundle subscription has launched replacing Humble Monthly

  Humble Bundle have today replaced their Humble Monthly subscription service with Humble Choice, offering subscription tiers and more.

• The Llama of Wall Street has invaded Tropico 6 in a new DLC out now, plus a free update

  Limbic Entertainment and Kalypso Media today released the first expansion to the humurous city building sim Tropico 6, along with a free update for everyone.

  Firstly, the Seguridad Social update is free for everyone who owns Tropico 6 and adds in a new Warehouse building, a sandbox map ‘Rio’, and a community-requested Social Security edict, which helps prevent in-game student and retiree NPCs from going broke. There’s also quite a healthy amount of bug fixing in this update.

Desktop Environments/WMs

• K Desktop Environment/KDE SC/Qt

  • Plasma Pass 1.1.0

    Plasma Pass, a Plasma applet for the Pass password manager version 1.1.0 is out.

    There’s only one bugfix, but an important one – the applet now no longer freezes during filtering, so searching for your passwords is faster and more comfortable. The new release also contains new and updated translations.

  • Plasma Mobile: weekly update: part 9-10

    Calindori, the calendar application, now offers a flat event view which allows to show all events in single card list view. The events are sorted by start date.

• GNOME Desktop/GTK

  • GNOME 3 won’t unlock

    Every couple days something on my RHEL 7 box goes into a swapstorm and uses up all the memory. I think it’s Firefoxe, but I never figured out why, generally I have four different Firefoxes running with four different profiles, so it’s hard to tell which one’s failing (if it even is that). Anyway, sometimes it makes the screen lock crash or something, and I can’t get in, and I can never remember what process you have to kill to get back in, so here it is: gnome-shell. You have to killall -9 gnome-shell, and it lets you back in. Also killall -STOP firefox and killall -STOP “Web Content” are handy if the swapstorm is still under way.

  • LaTeX or ConTeXt for writing documents

    If I wanted to re-implement GNOME LaTeX, it would target the ConTeXt language instead. If there are any ConTeXt user reading this, I would be interested to know what application you use for writing ConTeXt documents, and what features are important to you.

  • GNOME Outreachy 2019

    The Outreachy program provides internship to work in Free and Open Source Software. This year I’ve proposed two projects as part of the GNOME project and we’ve two interns working for three months, so we’ll have a lot of improvements in the following months!

    I’ll be mentoring these interns, so I will need to spend some time helping them to work on the existing codebase, but it worth it, if this makes more people to collaborate in free software development and if this help us to improve some useful apps.

    These two projects are Fractal and the GNOME translation editor. You can take a look to the list of outreachy interns.

  • Barcelona: LAS 2019

    This November I was in Barcelona for the Linux App Summit 2019. It was awesome \o/. I really liked that the conference was a joint event by GNOME and KDE, I met so many cool new people. During the conference I volunteered to show the “time left” signs to speakers, and helped out at the registration desk.

    Aside from normal conference stuff I also managed to do quite a bit of hacking during the week. I made my first contribution to Gnome Initial Setup, and cleaned up Teleport a bit so I can hopefully get a new release out soon.

    I’m bad at taking pictures, so here’s a picture of a tree in the middle of the stairs on the slopes of Mount Montjuic.

  • Open source case prompts patent troll litigation fears

    The Gnome Foundation, an organisation that aims to develop a desktop platform based on free software, announced in October that it was being sued by NPE Rothschild Patent Imaging (RPI) for developing the Shotwell, an application for managing images.

    RPI filed its action in the Northern District of California over US patent number 9,936,086, which is allegedly infringed by Gnome’s product that, among other things, uses an image-capturing device to perform a method.

    Mike Dolan, vice president of strategic programmes at the Linux Foundation, tells Patent Strategy that open software is becoming a larger component of most software projects and is growing every year.

    Recent open source activity such as RPI suing Gnome over an open source project, he says, points to the level of indifference inherent in the litigious NPE business model.

Distributions

• Screenshots/Screencasts

  • SparkyLinux 2019.12 Run Through

    In this video, we are looking at SparkyLinux 2019.12.

  • Linux Mint 19.3 “Tricia” Beta First Impressions

    Linux Mint 19.3 is coming soon! In this video I take a quick look at the beta that was recently released, in preparation for the review I’ll be uploading as soon as the final version is released.

• SUSE/OpenSUSE

  • openSUSE Tumbleweed – Review of the weeks 2019/48 & 49

    Once again I’m spanning two weeks; besides the normal work on getting you openSUSE Tumbleweed updated and timely delivered, the release team has been working together with the build service team to implement/stabilize the OBS-internal staging workflow. There is (should) not be any real noticeable difference for the contributors – except the new used URLs. The Factory Staging dashboard can now be found at https://build.opensuse.org/staging_workflows/1

    During the last two weeks, we have pushed out 10 Tumbleweed Snapshots (1121, 1122, 1123, 1124, 1126, 1127, 1128, 1202, 1203 and 1204) containing those changes…

• Fedora Family

  • Fedora 31 Elections Results

    The Fedora 31 election cycle has concluded. Here are the results for each election. Congratulations to the winning candidates, and thank you all candidates for running in this election!

    Council

    One Council seat was open this election. A total of 243 ballots were cast, meaning a candidate could accumulate up to 729 votes (243 * 3).

    # votes Candidate
    520 Dennis Gilmore
    259 Alberto Rodríguez Sánchez
    237 John M. Harris, Jr.

    FESCo

    Five FESCo seats were open this election. A total of 273 ballots were cast, meaning a candidate could accumulate up to 2184 votes (273 * 8).

    # votes Candidate
    1490 Miro Hrončok
    1350 Kevin Fenzi
    1115 Zbigniew Jędrzejewski-Szmek
    879 Fabio Valentini
    877 David Cantrell
    868 Justin Forbes
    813 Randy Barlow
    534 Pete Walter

  • Fedora program update: 2019-49

• Debian Family

  • Debian Developers Take To Voting Over Init System Diversity

    It’s been five years already since the vote to transition to systemd in Debian over Upstart while now there is the new vote that has just commenced for judging the interest in “init system diversity” and just how much Debian developers care (or not) in supporting alternatives to systemd.

    Due to Debian developers having differing opinions on handling non-systemd bugs in 2019 and the interest/commitment to supporting systemd alternatives in the scope of Debian packaging and various related friction points, they’ve taken to a new general resolution over weighing init system diversity.

• Canonical/Ubuntu Family

  • Ubuntu Blog: Introducing the Ubuntu AWS Rolling Kernel

    The linux-aws 4.15 based kernel, which is the default kernel in the Ubuntu 18.04 LTS AMIs, is moving to a rolling kernel model.

    [...]

    The Ubuntu rolling kernel model provides the latest upstream bug fixes and performance improvements around task scheduling, I/O scheduling, networking, hypervisor guests and containers to our users. Canonical has been following this model in other cloud environments for some time now, and have found it to be an excellent way to deliver these benefits while continuing to provide LTS level stability.

  • Ubuntu Podcast from the UK LoCo: S12E35 – Feud

    This week we’ve been talking to the BBC about Thinkpads and Ubuntu goes Pro. We round up the news from the Ubuntu community and discuss our picks from the wider tech news.

    It’s Season 12 Episode 35 of the Ubuntu Podcast! Alan Pope and Martin Wimpress are connected and speaking to your brain.

  • The State of Robotics – November 2019

    November, for robotics, was a good month. We’re seeing new things develop, current projects finish and more cute animals in our future. So who can complain? The news we’re covering here are things that have crossed our path and that we’ve found interesting. If you have suggestions for next months post or your own projects you would like us to highlight, don’t hesitate to get in touch. Send an email and a brief summary to robotics.community@canonical.com and we can start the discussion. As ever we want this to be a highlight reel for cool robot stuff because we like cool robot stuff. Happy December everyone.

  • Simplifying hardware management during Linux development

    Every few months we release a Snapcraft update, with improvements to both Linux development, and snap user experience. Last week, we released Snapcraft 3.9, and this blog post will focus on the remote build feature that is now a fully accessible preview.

    Let’s dig deeper into why you need to try remote build, and how you can use it today.

Devices/Embedded

• Replacing Orange Livebox router by a Linux box

  A few months ago, I moved back to France and I settled for Orange as an ISP with a bundle combining Internet and mobile subscription. In Switzerland, I was using my own router instead of the box provided by Swisscom. While there is an abundant documentation to replace the box provided by Orange, the instructions around a plain Linux box are kludgy. I am exposing here my own variation. I am only interested in getting IPv4/IPv6 access: no VoIP, no TV.

  Orange is using GPON for its FTTH deployment. Therefore, an ONT is needed to encapsulate and decapsulate Ethernet frames into GPON frames. Two form-factors are available. It can be small Huawei HG8010H box also acting as a media converter to Ethernet 1000BASE-T…

• Low-cost, 802.11ac mesh router runs on OpenWrt

  FreeMesh Wireless has launched a “WE1326 LTE FreeMesh Router” that runs OpenWrt on a dual-core MediaTek MT7621AT with 802.11ac, 4x GbE, WAN, USB, and a SIM slot for 4G. It costs $150 with two FreeMesh nodes.

  FreeMesh Wireless has begun selling a $150, OpenWrt based mesh router designed for residential or SOHO environments, billed as “the only open source mesh package.” The hackable software is based on secure 802.11s multi-hop and 802.11r Fast BSS Transition (FT) technologies, which add mesh capability to the 802.11ac router.

• Rugged Coffee Lake PCs offer up to two PCIe slots and two HDD bays

  Nexcom’s fanless, Linux-ready “NISE 3900 Series” features an 8th Gen Coffee Lake CPU with triple display support plus M.2, mini-PCIe, 3x GbE, 10x USB, and 2x serial ports. Six different models have various combinations of PCIe, PCI, and SATA.

  Nexcom announced a new series in its NISE family of industrial computers that follows recent models such as the Apollo Lake based NISE 51. The rugged NISE-3900 Series systems run Linux Kernel 4.9 or Windows 10 on Intel’s 8th Gen Coffee Lake CPUs, including the quad-core Core i3-8100T and the hexa-core, 2.1GHz i5-8500T and 2.4GHz i7-8700T.

• More new books from The MagPi and HackSpace magazines

  If our recent release of Retro Gaming with Raspberry Pi, Getting Started with Arduino, and Coding the Classics isn’t enough for you, today sees the release of TWO MORE publications from Raspberry Pi Press!

• Mobile Systems/Mobile Applications

  • YouTube Music can handle gapless playback on the web and Android

  • YouTube Music gapless playback arrives on Android and the web

  • Android Vulnerability Exposes Almost All Apps To Attacks

  • Security Expert Comments On VPN Bug Lurks In iOS, Android, Linux Distros, MacOS, FreeBSD And OpenBSD

  • ‘Hidden’ Android apps pose big problem for developers

  • 6 cool, new things your next Android phone could do

  • Android’s commitment to Kotlin

  • Nokia 9 PureView begins receiving stable Android 10 update

  • OnePlus has started rolling out Android 10 to the OnePlus 6/6T again

  • Watch Friday’s Android Police Podcast!

  • Android to use Qualcomm chip to store mDLs

  • Android holiday ornaments from Dead Zebra are back, for a limited time (Update: Green too)

  • Android game deals and freebies: Evoland, Battleforce RPG, Demon’s Rise, more

  • Purism Librem 5 USA Linux phone costs as much as a Galaxy Fold

    There are currently two open source Linux phones trying to make their way into regular consumers’ hands and one of them is getting all the spotlight but not all for good reasons. Although it was the first to launch and, on paper, has the better specs, Purism’s Librem 5 is garnering some controversy, raising questions on its capability to ship a finished product in a few months. As if it didn’t have enough to worry about, Purism just started pre-orders for a version of the Librem 5 that’s 100% made in the USA and costs three times the regular Librem 5 that has yet to ship in its final form.

  • Purism Announce $1999 ‘Librem 5 USA’ — Same Librem 5, Just Made in America

    The company is launching a new, premium version of its Linux-powered handset called ‘Librem 5 USA’ that costs $1999 — more than double the price of the regular version.

    And, for that additional cost you get …Er, well, the exact same Linux phone as the regular Librem 5 buyers: same spec; same OS; same phone (mostly).

    The added value comes in the “secure US-based supply chain” used to make it.

    Purism chief Todd Weaver says this effort will extend to “… parts procurement, fabrication, testing, assembly, and fulfillment all from within the same facility” which, he adds offers “…the best possible security story.”

  • American-Made Librem 5 Phone Costs $1,999

    The three main choices when selecting a new phone are: which OS, which brand, and which model? We just assume the handset will inevitably be manufactured in China. Purism is offering an alternative, though, in the form of a (very expensive) smartphone made in America.

    Purism is a US company offering hardware running PureOS, a Linux distribution based on Debian. One of its products is a smartphone called the Librem 5, which can be purchased for $699. However, as the Librem 5 is a phone that “focuses on security by design and privacy protection by default,” the fact it’s assembled in China can be viewed as detrimental to that claim, even though Purism ensures a secure supply chain.

  • Airplane Mode may finally stop shutting down Bluetooth audio, starting with Android 11 R

  • Android’s ‘Focus Mode’ exits beta, adds new scheduling features

  • Google Photos update is exactly what Android and iPhone users wanted for Christmas

  • Nokia launches a 55-inch 4K Android TV with JBL sound in India

  • Google Translate: How to translate text in photos on Android

  • YouTube Music rolls out gapless playback for albums on Android and web

  • Best office suite for Android in 2020

  • The best smartwatches, fitness trackers, and wearables for Android (Winter 2019)

  • Samsung Galaxy Note10 receives yet another Android 10 beta with more bug fixes

  • Android 10 for Nokia 7.1 coming next week, 5 more Nokias are getting it in January

  • You can finally customize your app layout in Android Auto

  • Terrific News for Android OS Users – 80% Android apps encrypting traffic by default

  • Nordic Semi nRF52832 Powered PineTime Dev Kit is Now Available for $24.99

    PineTime was announced as a $25 smartwatch & companion for PinePhone Linux smartphone which itself sells for $150.

Free, Libre, and Open Source Software

• Ardour Digital Audio Workstation Finally Adds Native MP3 Importing Support

  While lossy compression audio formats like MP3 are not recommended for use within professional audio tasks, for those using the open-source Ardour digital audio workstation (DAW) software as of today there is finally native MP3 import support.

  Obviously it’s better working with lossless audio formats as source material for Ardour and other digital audio workstation software suites, but given how common MP3 content is, there certainly is relevance to being able to import MP3s into DAWs. But historically due to licensing/patent issues, MP3 support within Ardour hasn’t been possible — thus leading to common complaints/questions by users over the years.

• Certbot Leaves Beta with the Release of 1.0

  Earlier this week EFF released Certbot 1.0, the latest version of our free, open source tool that helps websites encrypt their traffic. The release of 1.0 is a significant milestone for the project and is the culmination of the work done over the past few years by EFF and hundreds of open source contributors from around the world.

  Certbot was first released in 2015 to automate the process of configuring and maintaining HTTPS encryption for site administrators by obtaining and deploying certificates from Let’s Encrypt. Since its initial launch, many features have been added, including beta support for Windows, automatic nginx configuration, and support for over a dozen DNS providers for domain validation.

• Open Repos provides code metrics on open source projects

  GitClear is offering Open Repos as a free product, though it is not open source. GitClear’s paid product offers many of the same insights and more. Long-term plans include allowing projects to embed an Open Repos view of a project in their site, and “improving data quality before adding features.”

• Productivity Software/LibreOffice/Calligra

  • Improvements in LibreOffice’s PowerPoint presentation support

    LibreOffice’s native file format is OpenDocument, a fully open and standardised format that’s great for sharing documents and long-term data storage. Of course, LibreOffice does its best to open files made by other office software as well, even if they’re stored in pseudo-“standards” with cryptic and obfuscated contents. Compatibility with PowerPoint PPT(X) presentations is therefore a challenge, but developers are working hard on improvements…

    A few months ago, we announced an initiative to improve the support of PPT and PPTX files in LibreOffice. Lots of great work happened since then and the results are collected below!

• CMS

  • People of WordPress: Jill Binder

    Jill Binder never meant to become an activist. She insists it was an accident.

    Despite that, Jill has led the Diversity Outreach Speaker Training working group in the WordPress Community team since 2017. This group is dedicated to increasing the number of women and other underrepresented groups who are stepping up to become speakers at WordPress Meetups, WordCamps, and events.

    [...]

    The following year her internship advisor, who had become a client, was creating the first ever BuddyCamp for BuddyPress. He asked Jill to be on his organizing team. At that event she also moderated a panel with Matt Mullenweg. Then, Jill was invited to be on the core organizing team for WordCamp Vancouver.

    Part of this role meant reviewing and selecting speakers. From 40 speaker applications the team had to pick only 14 to speak.

• FSF

  • GNU Projects

    • GNU Guile 2.9.6 (beta) released

      We are delighted to announce GNU Guile 2.9.6, the sixth beta release in preparation for the upcoming 3.0 stable series. See the release announcement for full details and a download link.

      This release fixes bugs caught by users of the previous 2.9.5 prerelease, and adds some optimizations as well as a guile-3 feature for cond-expand.

    • GCC 10′s C++20 “Spaceship Operator” Support Appears To Be In Good Shape

      The C++20 spaceship operator support was merged in early November for GCC 10. The commits this week meanwhile allow the operator to be used with std::pair and std::array, among other related commits in recent weeks.

      See the GCC C++ status page for the state of C++20/C++2A with GCC 10. Most C++20 functionality is already in place even on GCC 8/9 but some pieces remain around atomic compare-and-exchange with padding bits, modules support, coroutines, using enum, and more implicit moves.
      14 Comments

• Programming/Development

  • A beginner’s guide to using Vagrant

    Vagrant describes itself as “a tool for building and managing virtual machine environments in a single workflow. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases production parity, and makes the ‘works on my machine’ excuse a relic of the past.”

  • Convert CSV to JSON with miller

  • Android’s commitment to Kotlin

    When we announced Kotlin as a supported language for Android, there was a tremendous amount of excitement among developers. Since then, there has been a steady increase in the number of developers using Kotlin. Today, we’re proud to say nearly 60% of the top 1,000 Android apps contain Kotlin code, with more and more Android developers introducing safer and more concise code using Kotlin.

    During this year’s I/O, we announced that Android development will be Kotlin-first, and we’ve stood by that commitment. This is one of the reasons why Android is the gold partner for this year’s KotlinConf.

  • Google Reaffirms Commitment To Kotlin Programming Language For Android

    Google is continuing to embrace Kotlin programming for Android, making more Android APIs accessible by Kotlin, Jetpack Compose as a UI toolkit catered to Kotlin, and Kotlin extensions for more Google libraries. Google is also working to offer more Kotlin + Android learning material, working with JetBrains on improving the Kotlin code compiler, speeding up the build time of Kotlin code, and other improvements.

  • Python

    • New Project, Who Dis? – Building SaaS #38

      In this episode, we started a brand new project! I had some internet troubles so this “stream” is actually a local recording from my computer. We created a new Django project from scratch and set up Heroku to handle deployments.

      In spite of the streaming trouble, we were able to get a bunch done. We started the project from scratch so we made a repository on GitHub with some .gitignore settings tailored for Python projects.

    • RunSnakeRun for Python3 Out

      So I finally pushed out the Python3/wxPython Pheonix compatible release of RunSnakeRun. The Python3 version has to run Python2 in order to load Python2 pstats dumps, and Meliae doesn’t AFAIK support Python3 yet, so I expect I’ll just drop support for it eventually. The code is now living on GitHub rather than Launchpad.

    • Angular 9 CRUD Tutorial: Consume a Python/Django CRUD REST API

      This tutorial is designed for developers that want to use Angular 9 to build front-end apps for their back-end REST APIs. You can either use Python & Django as the backend or use JSON-Server to mock the API if you don’t want to deal with Python. We’ll be showing both ways in this tutorial.

    • Django: Angular 9/8 Tutorial By Example: REST CRUD APIs & HTTP GET Requests with HttpClient

      In this Angular 9 tutorial, we’ll learn to build an Angular 9 CRUD example application going through all the required steps from creating/simulating a REST API, scaffolding a new project, setting up the essential APIs, and finally building and deploying your final application to the cloud.

    • Comparing equivalent Python statements

      While teaching one of my Python classes yesterday I noticed a conditional expression which can be written in several ways. All of these are equivalent in their behavior…

    • Serving Files with Python’s SimpleHTTPServer Module

      Servers are computer software or hardware that processes requests and deliver data to a client over a network. Various types of servers exist, with the most common ones being web servers, database servers, application servers, and transaction servers.

      Widely used web servers such as Apache, Monkey, and Jigsaw are quite time-consuming to set up when testing out simple projects and a developer’s focus is shifted from producing application logic to setting up a server.

      Python’s SimpleHTTPServer module is a useful and straightforward tool that developers can use for a number of use-cases, with the main one being that it is a quick way to serve files from a directory.

      It eliminates the laborious process associated with installing and implementing the available cross-platform web servers.

      Note: While SimpleHTTPServer is a great way to easily serve files from a directory, it shouldn’t be used in a production environment. According to the official Python docs, it “only implements basic security checks.”

• Standards/Consortia

  • Mint: Late-Stage Adversarial Interoperability Demonstrates What We Had (And What We Lost)

    In 2006, Aaron Patzer founded Mint. Patzer had grown up in the city of Evansville, Indiana—a place he described as “small, without much economic opportunity”—but had created a successful business building websites. He kept up the business through college and grad school and invested his profits in stocks and other assets, leading to a minor obsession with personal finance that saw him devoting hours every Saturday morning to manually tracking every penny he’d spent that week, transcribing his receipts into Microsoft Money and Quicken.

    Patzer was frustrated with the amount of manual work it took to track his finances with these tools, which at the time weren’t smart enough to automatically categorize “Chevron” under fuel or “Safeway” under groceries. So he conceived on an ingenious hack: he wrote a program that would automatically look up every business name he entered into the online version of the Yellow Pages—constraining the search using the area code in the business’s phone number so it would only consider local merchants—and use the Yellow Pages’ own categories to populate the “category” field in his financial tracking tools.

In memoriam: D. C. Fontana, the creator of Mr. Spock from Star Trek

Kat readers younger than I will have come to know the original series through broadcast syndication and, later, via internet access. Whatever the medium, for many, one character stood out, Starfleet officer Spock, as portrayed by Leonard Nimoy.

The son of a human mother and a Vulcan father, Spock embodied the tension between the emotional (his human side) and the analytical (his Vulcan side), a dichotomy that reaches back to the foundations of the Western philosophical tradition, and which sets the tone for the series.

[...]

One wonders to what extent her gender influenced the ultimate decision how to credit her contribution. Indeed, her preference for “D.C. Fontana” over “Dorothy” (or “Dorothy Catherine”) might have been a concession to the challenge of being identified as a woman. Also, in the third season, she worked as a freelance scriptwriter and was credited as Michael Richards.

Fontana went on to have a distinguished career as a script writer in several genres (including westerns), as well as a producer and novelist. In the words of her husband—
She was a very, very tough lady. She carried a phaser with her right to the end.
But it was for her work on Star Trek and the development of the Spock character that she will likely be best remembered. In doing so, as The New York Times reported, Fontana realized only later to what extent-
she had gone where no woman had gone before.

Health/Nutrition

• The Big Deal in Warren’s Prescription Drug Plan

  Earlier this month, Senator Warren put out a set of steps that she would put forward as president as part of a transition to Medicare for All. The items that got the most attention were including everyone over age 50 and under age 18 in Medicare, and providing people of all ages with the option to buy into the program. This buy-in would include large subsidies, and people with incomes of less than 200 percent of the poverty level would be able to enter the Medicare program at no cost.

• Donald Trump, the US Private Health Giant, and Top NHS Officials—Special Relationships?

  In the UK, we have a simple take on the US healthcare system as a for-profit, private system that fleeces its customers and fails the poor.But here’s the secret: the US has its own ‘mini NHS’. Smaller than the UK’s system, but still a government funded, (mostly) publicly-run system that serves people according to their need.

• Catholic Ban on Contraception Is Driving Doctors to Fabricate Diagnoses

  “I don’t know how else to put it, except that people lied all the time.”

• As Abortion Access Dwindles, App Offers Safe and Discreet Options

  Each year, 25 million unsafe abortions are performed around the world. The rate of unsafe abortions is higher where access to skilled providers and effective contraception is limited or unavailable, or where sexual education is lacking.

• Avicii Tribute Concert to Be Streamed to Raise Mental Health Awareness

  The Avicii tribute concert was live-streamed on YouTube, Facebook, and Instagram. Tickets to the concert sold out instantly, and proceeds will go to raising mental health awareness.

• Don’t Look, Don’t See: Time for Honest Media Reporting on Impacts of Pesticides

  The UK-based Independent online newspaper recently published an article about a potential link between air pollution from vehicles and glaucoma. It stated that according to a new study air pollution is linked to the eye condition that causes blindness.

• Trump Administration Considering Reduction in Biologics Exclusivity Period

  On Monday, The Wall Street Journal reported that the Trump administration is considering reducing the 12-year data exclusivity period for biologic drugs set forth in the Biologics Price Competition and Innovation Act (BPCIA) to ten years. According to The Wall Street Journal, the Trump administration is considering the change in order to persuade Democrats to support the U.S.-Mexico-Canada Agreement (USMCA), a replacement for the North American Free Trade Agreement (NAFTA), that the administration negotiated last year. The USMCA would establish at least a 10-year data exclusivity period for biologic drugs, which would double the exclusivity period in Mexico and increase the exclusivity period in Canada by two years.

Integrity/Availability

• Proprietary

  • Former Oracle product manager says he was forced out for refusing to deceive customers. Now he’s suing the biz

    A former Oracle employee filed a lawsuit against the database giant on Tuesday claiming that he was forced out for refusing to lie about the functionality of the company’s software.

    The civil complaint [PDF], filed on behalf of plaintiff Tayo Daramola in US District Court in San Francisco, contends that Oracle violated whistleblower protections under the Sarbanes-Oxley Act and the Dodd-Frank Act, the RICO Act, and the California Labor Code.

    According to the court filing, Daramola, a resident of Montreal, Canada, worked for Oracle’s NetSuite division from November 30, 2016 through October 13, 2017. He served as a project manager for an Oracle cloud service known as the Cloud Campus BookStore initiative and dealt with US customers. Campus bookstores, along with ad agencies, and apparel companies are among the market segments targeted by Oracle and NetSuite.

    Daramola’s clients are said to have included the University of Washington, the University of Oregon, the University of Texas at Austin, Brigham Young University and the University of Southern California.

    The problem, according to the complaint, is that Oracle was asking Daramola to sell vaporware – a charge the company denies.

    “Daramola gradually became aware that a large percentage of the major projects to which he was assigned were in ‘escalation’ status with customers because Oracle had sold his customers software products it could not deliver, and that were not functional,” the complaint says.

  • Canonical makes Ubuntu for Windows SubSystem for Linux a priority [Ed: GNU/Linux volunteers worked hard to make an alternative to Windows and now comes Ubuntu helping Microsoft make it just an “app” or a “feature” of Windows, with Windows-only “extensions”]

    Ubuntu was the first Linux supported by WSL on Windows 10. Since then, many other Linux distros have appeared on WSL. These include Debian, Fedora, Kali, openSUSE, and SUSE Linux Enterprise Server (SLES), and the WSL-specific distribution, PengWin. Now, from a recent Canonical job advertisement, we know Ubuntu’s founding company wants to be the leading WSL Linux.

  • Still in preview, but look! You can now develop Azure Sphere apps in Linux – if you dare [Ed: Several Microsoft lies packed into one article, even the feature image, and they help googlebomb "Linux" to sell proprietary software of Microsoft]

    Ominously, Microsoft warns that “your success using different distributions may vary”, so Ubuntu it is then. This is preview stuff after all.

  • OAS Expands Its Platform Compatibility with Runtime Support for Linux

    Open Automation Software, a well-established IoT Automation Company, has further expanded its platform compatibility with runtime support for Linux. With this recent development, the company aims to offer superior services to customers who have mixed platform environments. Over the years, Open Automation Software has set a benchmark in the field of industrial automation. Now, the company has expanded its platform compatibility for the enterprises that have both Windows and Linux OS servers.

  • Security

    • Hackers Can Hijack VPN Connections Using A New Linux Vulnerability

      Researchers have found a vulnerability on most Linux distros and *NIX devices which allow hackers to hijack the VPN connections and inject malicious data into the TCP stream.

      The security researchers found the vulnerability in most Linux distributions and operating systems such as Linux, FreeBSD, OpenBSD, macOS, iOS, and Android.

    • Linux security flaw could let VPN connections be hacked

      The Breakpointing Bad cybersecurity research team from the University of New Mexico discovered and reported on a security flaw which could allow malicious actors to hack Virtual Private Network (VPN) connections.

      William J. Tolley, Beau Kujath, and Jedidiah R. Crandall said the flaw impacts Linux, Android, macOS and other Unix-based operating systems and could allow attackers to sniff, hijack and tamper with VPN-tunnelled connections. The vulnerability was named CVE-2019-14899, with the researchers claiming it takes advantage of how operating systems handle unexpected network probes.

    • OpenBSD devs patch authentication bypass bug

      One of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability.

      OpenBSD allowed people access to its smtpd, ldapd, and radiusd programs – which send mail, allow access to user directories, and allow remote access to the computer system. All an attacker needed to do was enter a specific word prefixed by a hyphen as a username.

      Qualys Research Labs found four bugs in BSD Authentication, which is the code that OpenBSD uses to authenticate users. Three of them were local privilege escalation bugs, while the other, CVE-2019-19521, bypassed the authentication system altogether. According to its security advisory, BSD Authentication supports four authentication styles: password, a one-time password mechanism called S/Key, and Yubico’s YubiKey hardware token.

    • Linux Flaw Allows VPN Hijacking

      A number of Linux distributions, including Ubuntu, Fedora, and Debian, contain a newly discovered vulnerability that an attacker could use to determine whether an individual is using a VPN and then potentially hijack that encrypted connection.

      A research team from the University of New Mexico discovered the vulnerability and developed an attack to exploit it. The attack has some specific requirements and relies on some analysis of the traffic going to and from the target device running the VPN client. The attack is confirmed to work against WireGuard and OpenVPN, but the researchers said that the VPN a victim is using doesn’t really matter. The main prerequisite for the attack to work is for the attacker to be able to send unsolicited packets to the victim’s VPN client.

    • New Linux vulnerability lets attackers to hijack VPN connections

      Three researchers from the University of New Mexico and Breakpointing Bad have identified vulnerability in the way Unix and Linux-based operating systems like the macOS handle the TCIP connections. Researchers believe that vulnerability can specifically affect VPN users by hijacking encrypted traffic.

    • New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

      A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote ‘network adjacent attackers’ to spy on and tamper with encrypted VPN connections.
      The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams.
      Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed.
      This vulnerability can be exploited by a network attacker — controlling an access point or connected to the victim’s network — just by sending unsolicited network packets to a targeted device and observing replies, even if they are encrypted.

    • VPN Bug Affects “Most” Linux Distros

      A team of security researchers from the University of New Mexico has disclosed a new vulnerability that could allow attackers to probe devices and determine various details about the VPN (Virtual Private Network) connection status of a user.

      The security vulnerability (CVE-2019-14899) appears to affect most GNU/Linux distributions, besides FreeBSD, OpenBSD, Android, iOS and macOS systems. William J. Tolley, one of the security researchers, explained in a post that the vulnerability could let attackers to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and also sniff out whether or not there is an active connection to a given website.

    • VPN hijacking on Linux (and beyond) systems

      Hi all,
      
      I am reporting a vulnerability that exists on most Linux distros, and
      other  *nix operating systems which allows a network adjacent attacker
      to determine if another user is connected to a VPN, the virtual IP
      address they have been assigned by the VPN server, and whether or not
      there is an active connection to a given website. Additionally, we are
      able to determine the exact seq and ack numbers by counting encrypted
      packets and/or examining their size. This allows us to inject data into
      the TCP stream and hijack connections.
      
      Most of the Linux distributions we tested were vulnerable, especially
      Linux distributions that use a version of systemd pulled after November
      28th of last year which turned reverse path filtering off. However, we
      recently discovered that the attack also works against IPv6, so turning
      reverse path filtering on isn't a reasonable solution, but this was how
      we discovered that the attack worked on Linux.
      
      Adding a prerouting rule to drop packets destined for the client's
      virtual IP address is effective on some systems, but I have only tested
      this on my machines (Manjaro 5.3.12-1, Ubuntu 19.10 5.3.0-23). This
      rule was proposed by Jason Donenfeld, and an analagous rule on the
      output chain was proposed by Ruoyu "Fish" Wang of ASU. We have some
      concerns that inferences can still be made using slightly different
      methods, but this suggestion does prevent this particular attack.
      
      There are other potential solutions being considered by the kernel
      maintainers, but I can't speak to their current status. I will provide
      updates as I receive them.
      
      I have attached the original disclosure I provided to 
      distros@vs.openwall.org and security@kernel.org below, with at least
      one critical correction: I orignally listed CentOS as being vulnerable
      to the attack, but this was incorrect, at least regarding IPv4. We
      didn't know the attack worked against IPv6 at the time we tested
      CentOS, and I haven't been able to test it yet.
      
      
      William J. Tolley
      Beau Kujath
      Jedidiah R. Crandall
      
      Breakpointing Bad &
      University of New Mexico
      
      
      *************************************************
      
      
      **General Disclosure:
      
      We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS,
      iOS, and Android which allows a malicious access point, or an adjacent
      user,  to determine if a connected user is using a VPN, make positive
      inferences about the websites they are visiting, and determine the
      correct sequence and acknowledgement numbers in use, allowing the bad
      actor to inject data into the TCP stream. This provides everything that
      is needed for an attacker to hijack active connections inside the VPN
      tunnel.
      
      This vulnerability works against OpenVPN, WireGuard, and IKEv2/IPSec,
      but has not been thoroughly tested against tor, but we believe it is
      not vulnerable since it operates in a SOCKS layer and includes
      authentication and encryption that happens in userspace. It should be
      noted, however, that the VPN technology used does not seem to matter
      and we are able to make all of our inferences even though the responses
      from the victim are encrypted, using the size of the packets and number
      of packets sent (in the case of challenge ACKs, for example) to
      determine what kind of packets are being sent through the encrypted VPN
      tunnel.
      
      We have already reported a related vulnerability to Android earlier
      this year related to the issue, which resulted in the assignment of
      CVE-2019-9461, however, the CVE strictly applies to the fact that the
      Android devices would respond to unsolicited packets sent to the user’s
      virtual IP address over the wireless interface, but this does not
      address the fundamental issue of the attack and did not result in a
      change of the reverse path settings of Android as of the most recent
      security update.
      
      This attack did not work against any Linux distribution we tested until
      the release of Ubuntu 19.10, and we noticed that the rp_filter settings
      were set to “loose” mode. We see that the default settings in
      sysctl.d/50-default.conf in the systemd repository were changed from
      “strict” to “loose” mode on November 28, 2018, so distributions using a
      version of systemd without modified configurations after this date are
      now vulnerable. Most Linux distributions we tested which use other init
      systems leave the value as 0, the default for the Linux kernel.
      
      We have described the procedure for reproducing the vulnerability with
      Linux and included a section illustrating the differences in
      architecture.
      
      
      
      There are 3 steps to this attack:
      
      1. Determining  the  VPN  client’s virtual IP address
      2. Using the virtual IP address to make inferences about active
      connections
      3. Using the encrypted replies to unsolicited packets to determine the
      sequence and acknowledgment numbers of the active connection to hijack
      the TCP session
      
      
      
      There are 4 components to the reproduction:
      
      1. The Victim Device (connected to AP, 192.168.12.x, 10.8.0.8)
      2. AP (controlled by attacker, 192.168.12.1)
      3. VPN Server (not controlled by attacker, 10.8.0.1)
      4. A Web Server (not controlled by the attacker, public IP in a real-
      world scenario)
      
      The victim device connects to the access point, which for most of our
      testing was a laptop running create_ap. The victim device then
      establishes a connection with their VPN provider.
      
      The access point can then determine the virtual IP of the victim by
      sending SYN-ACK packets to the victim device across the entire virtual
      IP space (the default for OpenVPN is 10.8.0.0/24). When a SYN-ACK is
      sent to the correct virtual IP on the victim device, the device
      responds with a RST; when the SYN-ACK is sent to the incorrect virtual
      IP, nothing is received by the attacker.
      
      To quickly demonstrate this difference, we use the nping commands on
      the AP device running create_ap. The source IP is the gateway of our
      AP, the destination IP is the virtual IP assigned to the tun interface
      by the VPN client, ap0 is the interface create_ap created on the
      attacker device, and the destination MAC is the victim’s wireless MAC
      address.
      
      For example:
      
      The correct address generates a RST from the victim:
      
      nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.8 --
      rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
      
      The incorrect address does not elicit a response from the victim:
      
      nping --tcp --flags SA --source-ip 192.168.12.1 --dest-ip 10.8.0.9 --
      rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
      
      Similarly, to test if there is an active connection for any given
      website, such as 64.106.46.56, for example, we send SYN or SYN-ACKs
      from 64.106.46.56 on port 80 (or 443) to the virtual IP of the victim
      across the entire ephemeral port space of the victim. The correct four-
      tuple will elicit no more than 2 challenge ACKs per second from the
      victim, whereas the victim will respond to the incorrect four-tuple
      with a RST for each packet sent to it.
      
      To quickly test this, we suggest creating a netcat connection on the
      victim device, such as this:
      
      Netcat 64.106.46.56 80 -p 40404
      
      The correct four-tuple generates challenge ACKs
      
      nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
      10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
      
      The incorrect four-tuple generates a single RST for each packet sent:
      
      nping --tcp --flags SA --source-ip 64.106.46.56 -g 80 --dest-ip
      10.8.0.8 -p 40405 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
      
      Finally, once the attacker determined that the user has an active TCP
      connection to an external server,  we will attempt to infer the exact
      next sequence number and in-window acknowledgment number needed to
      inject forged packets into the connection. To find the appropriate
      sequence and ACK numbers, we will trigger responses from the client in
      the encrypted connection found in part 2. The attacker will continually
      spoof reset packets into the inferred connection until it sniffs
      challenge ACKs. The attacker can reliably determine if the packets
      flowing from the client to the VPN server are challenge ACKs by looking
      at the size and timing of the encrypted responses in relation to the
      attacker's spoofed packets. The victim’s device will trigger a TCP
      challenge ACK on each reset it receives that has an in-window sequence
      number for an existing connection. For example, if the client is using
      OpenVPN to exchange encrypted packets with the VPN server, then the
      client will always respond with an SSL packet of length 79 when a
      challenge ACK is triggered.
      
      The attacker must spoof resets to different blocks across the entire
      sequence number space until one triggers an encrypted challenge ACK.
      The size of the spoof block plays a significant role in how long the
      sequence inference takes, but should be conservative as to not skip
      over the receive window of the client. In practice, when the attacker
      thinks it sniffs an encrypted challenge-ACK, it can verify this is true
      by spoofing X packets with the same sequence number. If there were X
      encrypted responses with size 79 triggered, then the attacker knows for
      certain it is triggering challenge ACKs (at most 2 packets of size 79
      per second).
      
      After the attacker has inferred the in-window sequence number for the
      client's connection, they can quickly determine the exact sequence
      number and in-window ACK needed to inject. First, they spoof empty
      push-ACKs with the in-window sequence while guessing in-window ACK
      numbers. Once the spoofed packets trigger another challenge-ACK, an in-
      window ACK number is found. Finally, the attacker continually spoofs
      empty TCP data packets with the in-window ACK and sequence numbers as
      it decrements the sequence number after each send. The victim will
      respond with another challenge ACK once the attacker spoofs the exact
      sequence number minus one. The attacker can now inject arbitrary
      payloads into the ongoing encrypted connection using the inferred ACK
      and next sequence number.
      
      This can be tested by observing the behavior from this sequence of
      commands, continuing with the same four-tuple:
      
      Using the four-tuple from the previous steps, we send RSTs in the
      sequence number range in blocks of 50,000 until we trigger a challenge
      ACK.
      
      nping --tcp --flags R --source-ip 64.106.46.56 -g 80 --dest-ip 10.8.0.8
      -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12 --seq [SEQ
      RANGE]
      
      If the packet lands in-window, the victim will respond with at most 2
      challenge ACKs per second. These packets are still encrypted and
      originate from the virtual interface, unlike with Android, but we can
      still determine the contents of these packets by their size. The
      encrypted challenge ACK packets are larger than the encrypted RST
      packets. You can run tcpdump on the victim machine to accelerate the
      testing of his process by viewing the actual sequence and
      acknowledgement numbers.
      
      After we have found an in-window sequence number, we locate an in-
      window acknowledgement by spoofing empty PSH-ACKs with the in-window
      sequence number and guessing the acknowledgement number by dividing the
      acknowledgement number space into eight blocks. In most instances,
      seven of these blocks will trigger challenge ACKs, but one of them will
      not, which allows us to quickly determine which block falls within the
      acknowledgement window. We are interested in the block that  does not
      respond with a challenge ACK. This behavior can be observed by using an
      in-window sequence number and an acknowledgement number in the block
      containing the correct acknowledgement number.
      
      nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
      10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
      -seq 12345678 --ack [ACK RANGE]
      
      Finally, using the in-window sequence and acknowledgement numbers, we
      spoof empty PSH-ACKs using the same in-windows acknowledgement number
      and decrementing the sequence number until we trigger another challenge
      ACK. This sequence number is one fewer than the next expected sequence
      number. We can then arbitrarily inject data into the active TCP
      connection.
      
      Continuing with our toy example:
      
      nping --tcp --flags PA --source-ip 64.106.46.56 -g 80 --dest-ip
      10.8.0.8 -p 40404 --rate 10 -c 10 -e ap0 --dest-mac 08:00:27:9c:53:12
      -seq [EXACT] --ack [IN-WINDOW] --data-string “hello,world.”
      
      
      
      **Operating Systems Affected:
      
      Here is a list of the operating systems we have tested which are
      vulnerable to this attack:
      
      Ubuntu 19.10 (systemd)
      Fedora (systemd)
      Debian 10.2 (systemd)
      Arch 2019.05 (systemd)
      Manjaro 18.1.1 (systemd)
      
      Devuan (sysV init)
      MX Linux 19 (Mepis+antiX)
      Void Linux (runit)
      
      Slackware 14.2 (rc.d) 
      Deepin (rc.d)
      FreeBSD (rc.d) 
      OpenBSD (rc.d) 
      
      This list isn’t exhaustive, and we are continuing to test other
      distributions, but made usere to cover a variety of init systems to
      show this is not limited to systemd.
      
      
      
      **Operating System Variations:
      
      The behavior is slightly different on other operating systems. Here is
      a summary of the differences:
      
      Android: In the first phase of the attack, Android responds with
      unencrypted RSTs to unsolicited SYN-ACKs for the correct port and ICMP
      packets for the incorrect one. For the second phase, it will respond
      with RSTs on the correct four-tuple.
      
      MacOS/iOS: The first phase of the attack does not work as described
      here, but you can use an open port on the Apple machine to determine
      the virtual IP address. We use port 5223, which is used for iCloud,
      iMessage, FaceTime, Game Center, Photo Stream, and push notifications
      etc.
      
      We know the phone will communicate with one of the push notification
      servers on port 5223, and have observed that on MacOS, the port used on
      the victim device is not the same as the port used to connect to the
      VPN server, but is very close (in our testing it has always been within
      10).
      
      nping --tcp --flags SA --source-ip 17.57.144.[84-87] -g 5223 --dest-ip
      10.8.0.8 -p [X] --rate 3 -c 3 -e ap0 --dest-mac 08:00:27:9c:53:12
      
      For iOS devices, it does not follow this convention for choosing the
      client’s source port, but always choose a port between ~48000-50000
      (our testing on iOS 13.1 was between 48162-49555).
      
      FreeBSD: The first two phases work essentially the same as Linux,
      however, for the last phase, the ACK number is not needed at all, so
      that piece of phase three can be skipped.
      
      OpenBSD: OpenBSD responds to spoofed SYN packets to the correct virtual
      IP with unencrypted RST packets, and the incorrect virtual IP elicits
      unencrypted NTP packets or nothing at all for the first part of the
      attack. For the second part, the responses are encrypted, but we can
      still determine which packets are challenge ACKs from the packet size,
      as with Linux. Connections can be reset by sending a RST with the
      correct sequence number.
      
      
      
      **Possible Mitigations:
      
      1. Turning reverse path filtering on
      
      Potential problem: Asynchronous routing not reliable on mobile devices,
      etc. Also, it isn’t clear that this is actually a solution since it
      appears to work in other OSes with different networking stacks. Also,
      even with reverse path filtering on strict mode, the first two parts of
      the attack can be completed, allowing the AP to make inferences about
      active connections, and we believe it may be possible to carry out the
      entire attack, but haven’t accomplished this yet.
      
      2. Bogon filtering
      
      Potential problem: Local network addresses used for vpns and local
      networks, and some nations, including Iran, use the reserved private IP
      space as part of the public space.
      
      3. Encrypted packet size and timing
      
      Since the size and number of packets allows the attacker to bypass the
      encryption provided by the VPN service, perhaps some sort of padding
      could be added to the encrypted packets to make them the same size.
      Also, since the challenge ACK per process limit allows us to determine
      if the encrypted packets are challenge ACKs, allowing the host to
      respond with equivalent-sized packets after exhausting this limit could
      prevent the attacker from making this inference.
      
      
      We have prepared a paper for publication concerning this
      vulnerability and the related implications, but intend to keep it
      embargoed until we have found a satisfactory workaround. Then we will
      report the vulnerability to oss-security@lists.openwall.com. We are
      also reporting this vulnerability to the other services affected, which
      also includes: Systemd, Google, Apple, OpenVPN, and WireGuard, in
      addition to distros@vs.openwall.org for the operating systems affected.
      
      Thanks,
      
      William J. Tolley
      Beau Kujath
      Jedidiah R. Crandall
      
      Breakpointing Bad &
      University of New Mexico
      

    • New Linux vulnerability puts VPN connections at risk of hijacking

      Furthermore, the research team also identified the SEQ and ACK numbers from inspecting the encrypted packet size and number and managed to inject data into the TCP steam, which led to the hijacking of the connection. This means VPN technology was ineffective in preventing the attack since even encrypted packets could be assessed.

      After testing on Manjaro 18.1.1, CentOS, and Ubuntu 19, researchers discovered that the exploit was applicable to both IPv4 and IPv6. Other systems that are vulnerable to exploitation include Void Linux, Debian 10.2, Slackware 14.2, Arch 2019.5, MX Linux 19, Deepin, Fedora, Devuan, FreeBSD, and OpenBSD. They will be testing the effectiveness of the exploit against Tor as well.

    • Attackers using Linux Vulnerability to Hijack VPN Connections

    • Linux VPN connections can be hacked

      Insecurity experts at Breakpointing Bad have found aa new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

      The security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android.

      A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

    • VPN connections could be hacked due to Linux security flaw

      A new vulnerability that could allow potential attackers to hijack VPN connections on affected NIX devices and inject arbitrary data payloads into IPv4 and Ipv6 TCP streams has been discovered by security researchers.

      The researchers disclosed the security flaw they detected, tracked as CVE-2019-14899, to Linux distro makers, the Linux kernel security team and to others that are impacted including systemd, Google, Apple, OpenVPN and WireGuard.

    • Unix-like Systems Vulnerable to VPN Inferring and Hijacking Attacks

      Three researchers from Breakpointing Bad and the University of New Mexico have discovered a vulnerability that exists in Linux and Unix-like operating systems like Android and macOS. Given the tracking code “CVE-2019-14899”, the flaw resides in the routing table code and the TCP code that is present in these systems. The vulnerability allows an attacker to perform traffic analysis via clever use of encrypted DNS queries in conjunction with error messages, leading to the sniffing of open TCP connection information. The attack was discovered quite a while back, but the researchers disclosed it publicly now, and after they allowed the vendors some time to plug the holes.

    • Researchers say VPN bug affects Linux, Unix systems

    • Linux Bug Opens Most VPNs to Hijacking

      In a coffee-shop scenario, attackers can hijack “secure” VPN sessions of those working remotely, injecting data into their TCP streams.

      A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers.

      According to researchers at University of New Mexico and Breakpointing Bad, the bug (CVE-2019-14899), “allows…an attacker to determine if…a user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.”

    • New vulnerability lets attackers sniff or hijack VPN connections

    • Researchers find a new Linux vulnerability that allows attackers to sniff or hijack VPN connections

      On Wednesday, security researchers from the University of New Mexico disclosed a vulnerability impacting most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. This Linux vulnerability can be exploited by an attacker to determine if a user is connected to a VPN and to hijack VPN connections.

      The researchers shared that this security flaw tracked as CVE-2019-14899, “allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website.” Additionally, attackers can determine the exact sequence and acknowledgment numbers by counting encrypted packets or by examining their size. With this information in hand, they can inject arbitrary data payloads into IPv4 and IPv6 TCP streams.

    • Cyber Security Today – An email gift card scam, please stop re-using passwords and more open data found on Amazon storage

      Welcome to Cyber Security Today. It’s Friday December 6th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

    • NetworkManager Adds Support For Enhanced Open / Opportunistic Wireless Encryption

      Opportunistic Wireless Encryption (OWE) provides a means of encrypting wireless data transfers without having any secret/key. Opportunistic Wireless Encryption is advertised as Wi-Fi Certified Enhanced Open.

      This OWE / “Enhanced Open” standard is now supported by NetworkManager for allowing supported devices connecting to Linux systems to make use of this means of opportunistic encryption. The Wi-Fi CERTIFIED Enhanced Open has been around just since summer of 2018 to better secure open WiFi networks. More details on the standard can be found via Wi-Fi.org.

    • Security updates for Friday

      Security updates have been issued by Debian (libav), Fedora (kernel, libuv, and nodejs), Oracle (firefox), Red Hat (firefox and java-1.7.1-ibm), SUSE (clamav, cloud-init, dnsmasq, dpdk, ffmpeg, munge, opencv, and permissions), and Ubuntu (librabbitmq).

    • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

      • Hackers Exploit New Linux Vulnerability To Hijack VPN Connections [Ed: Techworm misreporting, as usual. There are no known attacks]

        The attack has been reported to work against several popular VPN solutions, including OpenVPN, IKEv2/IPSec, and WireGuard.

        However, the researchers are still testing their viability against Tor, as it works in a SOCKS layer and implements authentication and encryption that takes place in userspace.

        “It should be noted, however, that the VPN technology used does not seem to matter and we are able to make all of our inferences even though the responses from the victim are encrypted, using the size of the packets and number of packets sent (in the case of challenge ACKs, for example) to determine what kind of packets are being sent through the encrypted VPN tunnel,” clarifies the research team.

    • Privacy/Surveillance

      • Free Speech Groups Tell Court Trump’s Mandate for Visa Applicants’ Social Media a ‘Life or Death’ Threat for Journalists, Filmmakers

        “The government simply has no legitimate interest in collecting this kind of sensitive information on this immense scale, and the First Amendment doesn’t permit it to do so.”

      • As Moscow’s facial recognition system activates, journalists find access to it for sale on the black market

        Andrey Kaganskikh, a journalist for MBK Media, has found that access to Moscow’s surveillance cameras — and their new facial recognition technology — is being sold on the black market.

      • Colorado Appeals Court: Three Months Of Surveillance Via Pole-Mounted Camera Is Unconstitutional

        How much warrantless surveillance is too much surveillance? It depends on which court you ask.

      • The Fate Of EU Legislation Designed To Bolster Data Protection Beyond The GDPR, The ePrivacy Regulation, Hangs In The Balance

        Whatever your views on the EU’s General Data Protection Regulation (GDPR), there is no denying the impact it has had on privacy around the world. Where the GDPR deals with personal data stored “at rest”, the proposed ePrivacy Regulation deals with with personal data “in motion” — that is, how it is gathered and flows across networks. As Techdirt discussed two years ago, the pushback from Internet companies and the advertising industry against increased consumer protection in this area has been unprecedented. Some details were provided at the time in a report from the Corporate Europe Observatory. Unfortunately, that massive lobbying has paid off. Good ideas in the draft text produced by the European Parliament, like banning encryption backdoors or “cookie walls”, have been dropped, as has the right of Internet users to refuse to accept tracking cookies.

      • TikTok Faces Legal Action for Massive Child Privacy Violations

        The parents of a pair of underage TikTok users are suing the company, claiming that the app has exposed the personal information of children under the age of 13.

      • Roll-out of facial recognition by governments around the world accelerates as privacy experts sound the alarm

        A year ago, this blog wrote about the spread of facial recognition systems, and the danger they represent to privacy. Since then, the roll-out has accelerated, as the technology becomes more accurate, and the products on offer become cheaper. Governments in particular see facial recognition as an easy way to check and control their populations.

Defence/Aggression

• Envisioning a United World

  Let’s bomb Iowa! Or maybe Texas or Michigan or Nebraska . . .

• The Hillsborough Soccer Tragedy: Who is Responsible?

  Who was responsible for the deaths of 96 people and the hundreds injured in the collapse of stands at a soccer match in England in 1989? A jury at the Preston Crown Court in England last week exonerated David Duckenfield for responsibility for the Hillsborough tragedy. A 1991 inquiry said it was accidental and not caused by the rush of Liverpool fans; a 2016 inquest said it was disorganization and negligence by the police who ordered one of the exit gates to be opened, and David Duckenfield, the match commander for the local police, was judged not guilty.

• As Impeachment Looms, 350 Mental Health Professionals Warn Congress That Nuclear-Armed Trump ‘A Threat to Safety of Our Nation’

  “We are convinced that, as the time of possible impeachment approaches, Donald Trump has the real potential to become ever more dangerous.”

• Today’s Republican Party Preserves US Legacy of Slavery and Imperialism

  On the Thursday of the second week of the House Intelligence Committee’s impeachment hearings, former U.S. Attorney Preet Bharara had a special guest on his weekly podcast, Carl Bernstein. It was Bernstein, with fellow Washington Post journalist Bob Woodward, whose reporting broke open the story of how the Committee to Re-elect the President burglarized Democratic Party headquarters at the Watergate office building in Washington, D.C. That reporting and the impeachment hearings that followed eventually forced President Richard Nixon to resign in disgrace in 1974. Bharara wanted to hear about what differences Bernstein sees between the Nixon impeachment proceedings and Donald Trump’s today.

• ICC Holds Hearing on Afghanistan War Crimes, Including US Torture

  The International Criminal Court (ICC) opened a three-day hearing in the The Hague, Netherlands on Wednesday at which prosecutors and Afghan torture victims are attempting to convince the court to overturn a previous decision to refuse to investigate war crimes committed by Taliban, Afghan government and US forces.

• U.S. Considers Sending Several Thousand More Troops to Mideast

  The Pentagon is considering sending several thousand additional troops to the Middle East to help deter Iranian aggression, amid reports of escalating violence in Iran and continued meddling by Tehran in Iraq, Syria and other parts of the region.

• ‘This Isn’t How You End the Endless War’: Trump Weighs Plan to Send 14,000 More US Troops to Middle East

  “Trump ran on ending these endless wars. But he’s sending more troops to the Middle East, making yet another war there more likely.”

• Everyone Should Watch The Report. Take It From a Guantánamo Bay Lawyer

  Here’s a quiz question: how many famous songs, or films, can you name that address the serious contemporary issues of torture and rendition? There aren’t many. When I think of music in connection with our US secret prisons, it is the kind blasted at prisoners at deafening volume, all day and night.

Environment

• ‘David-and-Goliath Story’ as Texas Environmental Activist Diane Wilson Wins $50 Million Judgement Against Plastics Giant Formosa

  The settlement funds will go to environmental projects and cleanup efforts in the Gulf Coast region.

• Amazon Abuses Workers and the Climate—Because It Can

  While online shoppers were busy taking advantage of bargain prices on Black Friday, retail workers in various European cities were walking off their jobs in anger. Hundreds of Amazon workers in six German cities protested, saying that their employer’s demands were making them ill. Similar protests were held by Amazon workers in France, aimed at the environmental cost of Black Friday, and in the U.K., members of the union GMB held signs saying pointedly, “We are not robots.” Here in the U.S., workers picked up on that theme as dozens gathered outside Amazon founder and CEO Jeff Bezos’ Manhattan apartment to insist that they are “human beings, not robots.”

• Coldplay Halts All Touring to Save the Environment – Then Books a Festival

  Last month, Coldplay declared that it would cease all touring, at least until concerts could become ‘environmentally beneficial’.

• Sanders Scores Highest Mark on Sunrise Movement’s Climate Report Card While Biden Told It’s “Parent-Teacher Conference Time”

  Sanders scored 183 points out of 200, followed by Elizabeth Warren with 165 points. Biden landed far behind with just 75 points.

• Energy

  • People Who Want to Ban Fracking Immediately, Says Joe Biden, ‘Oughta Vote for Someone Else’

    “Might I recommend Bernie Sanders: the climate candidate,” responds Vermont senator’s press secretary.

  • Another Utility Disaster Headed Our Way

    Twenty years ago Montana’s Republicans enacted the worst and most costly public policy decision in the state’s history. Overwhelming Republican majorities in the state legislature and Republican Gov. Marc Racicot colluded to launch a very complex bill hundreds of pages long near the very end of the legislative session that would overturn the historic regulation of monopoly public utilities in favor of what they called “consumer choice.”

  • Coal is now too hot for insurers to handle

    Empires were once built on it, but coal is now too hot for many former backers as more insurers withdraw.

• Wildlife/Nature

  • Chris Brown Ordered to Stop Owning Pet Monkeys by a California Judge

    A Los Angeles judge has ruled that Chris Brown must give up all rights to his former pet monkey. Brown must pay for its care and must not buy a new one to have charges dropped.

  • Starving polar bears raid village in search of food after sea fails to freeze

  • Bluebird Houses in Winter

    First I noticed a bluebird clinging to the outside of the downhill bluebird house. He would poke his head in the hole briefly, a couple of times, flutter to the top of the house, flutter back down to cling outside the hole and stick his head in. He never actually went in, and eventually lost interest and flew away.

    Then a few minutes later, there were several bluebirds fluttering around the birdhouse that’s outside the upstairs bedroom. I counted at least five individuals; I think they were all males. (The photos here are of a different, mixed-gender flock.) They were taking turns perching on top of the birdhouse, clinging to the outside and poking their heads in the hole. They attracted a junco, a robin and a flicker who apparently came to see what was so interesting; eventually the big flicker was apparently too intimidating, though she wasn’t doing anything threatening, and all the bluebirds departed.

Finance

• ‘Victory for the People’: Michigan Court Rejects Nestlé’s Claim That Privatizing Local Town’s Water Provides ‘Essential Service’

  “Allowing a corporation to bottle our water just to sell it back to us is hardly an ‘essential service.’”

• The U-Turn That Made America Staggeringly Unequal

  Wealth in America has concentrated — and dramatically so — over the past four decades. Since 1980, note wealth researchers Emmanuel Saez and Gabriel Zucman, the top 0.1 percent share of the nation’s total wealth has more than doubled, from under 10 percent in 1980 to over 20 percent today. In a nation of over 125 million households, just one ten-thousandth of those households — some 12,500 — now control over 10 percent of our wealth.

• Big Rallies and Big Differences in Germany

  Looking out my window at the wide Karl Marx Allee boulevard below, I have seen many a big May Day parade march by in the old GDR days, and many a passing bicycle race or Marathon. Recently, for the first time, I saw a slow, endless column of green or yellow tractors. I learned later that 5600 of them, after blocking traffic while driving in from North, South, East and West Germany, had converged at the Brandenburg Gate, parked in orderly rows and then voiced their demands: “Fewer or better pesticides, OK! Less or better fertilizers, also OK! We too want to save our planet. But not without consulting with us, who are fighting a bitter battle against monopoly agriculture giants and monopoly retailing giants which are threatening the survival of us family farmers.”

• Sweden Offers Free Higher Ed, Universal Health Care, Daycare — Why Can’t the US?

  Medicare for All and tuition-free universities have been at the core of the 2020 Democratic presidential campaigns, creating a stark division between progressive candidates and their centrist counterparts. Senators Bernie Sanders and Elizabeth Warren have proposed to make Medicare for All and public universities cost-free by taxing massive corporations and the super wealthy, and earlier this year, Sanders introduced legislation that would cancel student loan debt. His plan would be paid for with a new tax on Wall Street, he says. It would also make public universities and community colleges free — a key pillar of Sanders’s 2020 education platform. These proposals are not radical ideas in Sweden, a country that has built one of the world’s most extensive social welfare systems. In Sweden, healthcare costs are largely subsided by the state. Daycare and preschool programs are mostly free. College and university are free. Public transportation is subsidized for many users. To explain how Sweden does it, we speak with Mikael Törnwall, Swedish author and journalist focusing on economic issues at Svenska Dagbladet, a Stockholm daily newspaper. His most recent book is titled Who Should Pay for Welfare?

• Denouncing Macron’s Neoliberal Pension Reforms, Hundreds of Thousands of Striking Workers Bring France to a Halt

  “We have one of the best pension systems in the world, if not the best. Yet the president has decided, purely out of ideology, to wipe it out.”

• ‘Flat-Out Corruption’: DeVos Accused of Scheming to Stop Next President From Canceling Student Loan Debt

  “Normally the rich are moderately more subtle about rigging the system in their favor. They’re scared.”

• Trump’s SNAP Cuts

AstroTurf/Lobbying/Politics

• Investigation Uncovers Israel-Based Group Behind Bigoted Facebook Smear Campaign Aimed at US Muslim Congresswomen

  “The goal of these anti-Muslim hate campaigns is clear—they put Muslim lives here and around the world at risk and undermine our country’s commitment to religious pluralism.”

• Inside the Battle for Another World

  A succession of social upheavals over the last decade has radically realigned political power throughout the world. As a result of these tectonic shifts, what had once been on the furthest fringes of the right has now moved toward the center while the left has been pushed to the margins. “Things fall apart; the centre cannot hold,” poet William Yeats wrote…

• Protocols of the Elders of the Republican Party

  How do the horrific events of Charlottesville, the shooting at the Tree of Life Synagogue in Pittsburgh, and a similar hate crime in California directly relate to the eye-rolling pronouncements by Devin Nunes, Rudy Giuliani, and other Republicans in defense of President Donald Trump?

• “It’s On”: Pelosi Officially Asks Nadler to Prepare Articles of Impeachment

  “The president leaves us no choice but to act.”

• The Most Important Election in British History

  Democracy in Britain has never been particularly strong or vibrant. Yet, for the first time in decades, the British people face a real choice at the ballot box in December. It wasn’t long ago that any possibility of radical change was excluded from the outset.

• Bernie Sanders Tops New California Poll—But You Wouldn’t Have Known It By Reading This LA Times Headline

  In latest #BernieBlackout example, Sanders’ deputy campaign manager notes it took major newspaper “three paragraphs to mention who is leading.”

• Kerry Endorses Biden as Ad Cites NATO Leaders Mocking Trump

  John Kerry, the former secretary of state and 2004 Democratic presidential nominee, endorsed Joe Biden for president on Thursday, buoying the former vice president’s argument that his international experience should be a deciding factor for voters in 2020.

• New York’s Other Hopelessly Corrupt Candidate

  For better or worse, New York City has produced some of the biggest names in contemporary U.S. politics. From President Donald Trump and his conspirator-in-corruption Rudy Giuliani, all the way to Rep. Alexandria Ocasio-Cortez and Sen. Bernie Sanders (the latter has spent most of his life in Vermont, of course, but is a New Yorker to the core), politicians from across the political aisle have hailed from the Big Apple.

• A Playboy Misrules Pakistan

  Unlike Western press practices, Pakistan’s privacy traditions constrain a robust discussion of the private lives of celebrities in electronic or print media. However, hush-hush gossip, group text messages, and social media in Pakistan are as brutal as anywhere else in the world. As such private lives of political leaders, such as Prime Minister Imran Khan (IK), remain shrouded in an unsortable mixture of fabrications and truths. For the most part, the Pakistani public ignores the private lives of favored leaders, including IK.

• Biden Campaign’s “World Is Laughing at Donald Trump” Video Wins Viral Moment

  “They see him for what he really is: dangerously incompetent and incapable of world leadership.”

• Burundi: Elections ‘Levy’ Opens Door to Abuse

  Local officials and members of the widely feared youth wing of Burundi’s ruling party have extorted donations for the upcoming 2020 elections, in many cases with threats or force.

• The Mad Activist Impeaches Western Culture

• Look Out for the Drift

  In the mid-nineties, after receiving a BA in psychology, psychopathology was on my mind daily. I worked at a group home for psychiatrically diagnosed teens in Queens, New York; later as a psychiatric rehab counselor for adults transitioning from group homes to independent living in the South Bronx. My experiences were disturbing enough to make me leave that counselor career path and drift from one job to another—finally end up as a poet, with society and politics being main interests. How could they not be: my family is from Puerto Rico. If government is, indeed, now just a big business, the tiny defenseless island of Puerto Rico has received a brutally raw deal since its occupation in 1898. It’s difficult to see your mother raped by someone you are supposed to trust—a neighbor you were taught was moral and good.

• Impeachment of Trump Appears Inevitable in the House

  The House Judiciary Committee convened Wednesday for eight and a half hours of testimony to discuss what the Constitution requires for impeachment. It was an exercise that didn’t reveal any new information on the investigation, but rather laid out the legal justification for Trump’s potential impeachment. The hearing underscored that any eventual impeachment will most likely be partisan. Judiciary Committee Republicans continued the House GOP’s approach of raising procedural complaints and bad-faith attacks on the Democratic witnesses, while the Republican witness argued there isn’t sufficient evidence to justify impeaching Trump. But Democrats made a strong case for the obligation Congress has to impeach, given Trump’s conduct. The three Democratic witnesses all argued that Trump has not only committed impeachable offenses, but that the gravity of the president’s abuse of power made impeachment utterly necessary.

Censorship/Free Speech

• Gen Z and Free Speech

  The Knight Foundation released a study that details the attitudes surrounding free speech in our precious young people today. Generational tension is on the rise as young people confront the richer and more conservative “Boomer” generation. Among the many divides is the attitude towards free speech.

• TikTok Secretly Hid Content From Fat, Queer, and Disabled Users

  TikTok has admitted it adopted a set of policies to suppress the content of ‘vulnerable’ creators. TikTok says the policy was to prevent cyberbullying but hints at censorship.

• Russian lawmakers adopt legislation imposing massively higher fines on violations by ‘foreign agent’ news media

  The State Duma has adopted the third and final draft of legislation that imposes fines as high as 5 million rubles ($78,300) for repeated violations of Russia’s media laws pertaining to “foreign agents.” 

• Russia’s Council of Judges advocates new protections for the judiciary against ‘biased journalists’

  Russia’s Council of Judges has developed a new draft concept for the judicial system’s information policies in the next decade, says the newspaper Vedomosti, citing the document. Among other things, the federal agency wants to impose legal liability on mass media outlets and journalists for “pressuring” courts through “negative content published for money.” The council argues that Russia’s judges need additional protection from “biased publications.”

• [Reposted, different site] We Need To Save .ORG From Arbitrary Censorship By Halting the Private Equity Buy-Out

  The .ORG top-level domain and all of the nonprofit organizations that depend on it are at risk if a private equity firm is allowed to buy control of it. EFF has joined with over 250 respected nonprofits to oppose the sale of Public Interest Registry, the (currently) nonprofit entity that operates the .ORG domain, to Ethos Capital. Internet pioneers including Esther Dyson and Tim Berners-Lee have spoken out against this secretive deal. And 12,000 Internet users and counting have added their voices to the opposition.

  What’s the harm in this $1.135 billion deal? In short, it would give Ethos Capital the power to censor the speech of nonprofit organizations (NGOs) to advance commercial interests, and to extract ever-growing monopoly rents from those same nonprofits. Ethos Capital has a financial incentive to engage in censorship—and, of course, in price increases. And the contracts that .ORG operates under don’t create enough accountability or limits on Ethos’s conduct.

• ‘Let’s look in the mirror’ A young Russian YouTuber who faces four years in prison for ‘extremism’ delivers a powerful courtroom speech

  On December 4, Moscow’s Kuntsevsky District Court continued hearing the case against 21-year-old Higher School of Economics (HSE) student and libertarian YouTube personality Egor Zhukov. Zhukov stands accused of issuing public calls for extremism: Prosecutors have argued that his videos on nonviolent resistance were motivated by “political hatred and enmity to the constitutional structure extant in the Russian Federation” as well as a desire to destabilize the country’s social and political order.

• Devin Nunes’ Virginia SLAPP Suits Causing Virginia Legislators To Consider A New Anti-SLAPP Law

  We’ve been covering all the various SLAPP suits filed by Devin Nunes against his critics, journalists, political operatives, and (most famously) a satirical internet cow. As we’ve noted, despite Nunes being a Representative from California, and despite the fact that many of the people and companies he’s targeting are California-based, he’s filed most of the suits in Virginia state court. The reasons for this seemed fairly obvious to many commentators. Virginia has a very weak anti-SLAPP law. California has a very robust one.

• Kyrgyzstan: Blogger Faces Incitement Charges

  A blogger in Kyrgyzstan who wrote about corruption on social media is facing charges of inter-regional incitement, Human Rights Watch said today. The blogger, Aftandil Zhorobekov, was detained on November 24, 2019 by Kyrgyzstan’s State Committee for National Security (GKNB) and held in pretrial detention until being placed under house arrest on December 5, with the charges against him still standing.

• IP and the controversial “Hate Speech Bill” in Nigeria

  As some readers may be aware, many Nigerians are vehemently opposed to the National Commission for the Prohibition of Hate Speeches Bill, 2019 (SB. 154) (the “Hate Speech Bill”), which recently passed second reading in the Nigerian Senate. There have been complaints that the offences created under the Bill seek to silence criticism and free speech and that the establishment of a Commission to curb hate speech under the Bill is a waste of resources.

  [...]

  IPRs holders may be imprisoned for life or punished with death by hanging where they produce (see section 3 of the Bill for all the verbs) written or visual material that is threatening, abusive or insulting and intended to stir up ethnic hatred against any person or person from an ethnic group in Nigeria. [Death by hanging only applies to where the hate speech leads to the death of another person]. The Bill offers no guidance on how a court may determine what constitutes “threatening, abusive or insulting” material and/or how intention to stir up ethnic hatred may be determined. As opined here, proving the commission of a crime requires that the prosecution show that the accused person(s) is responsible for the actus reus (physical act) and had the mens rea (guilty mind or intention). Proving the intention to stir up ethnic hatred may not be so straightforward. Nigeria has over 250 ethnic groups: would/should the court be invited to consider history of inter-ethnic relations to decide subjects that would stir up ethnic hatred?

  [...]

  However, the powers of the Commission in the case of receiving contravention complaints may in some sense be quasi-judicial. Persons who are directly aggrieved or who claim that the Bill has been contravened may lodge a complaint with the Commission. See sections 37 and 38 of the Bill. The Commission may decline to entertain complaints that are frivolous or lacking in substance or, that may be more appropriately dealt with by the court. See section 39. Under section 45, the Commission must ensure that it attempts conciliation regarding complaints lodged with it. After hearing the representation of the parties to a complaint, the Commission may issue a compliance notice under section 50 of the Bill. Where parties fail to comply with the compliance notice, the Commission needs an order of the Magistrate’s court or other court to compel such compliance. See section 52 of the Bill.

  Given these circumstances, it may be apt to argue the establishment of the Commission is a waste of resources. By and large, the Hate Speech Bill is still going through the legislative process and nothing is cast in stone (yet).

Freedom of Information / Freedom of the Press

• Spying on Assange: the Spanish Case Takes a Turn

  Judge José de la Mata of Spain’s High Court, the Audiencia Nacional, had been facing a good deal of stonewalling on the part of his British colleagues. He is overseeing an investigation into the surveillance activities of a Spanish security firm aimed at WikiLeaks founder, Julian Assange, during his stay at the Ecuadorean embassy in London.

Civil Rights/Policing

• ‘Make America 36th Out of 41 Developed Nations Again’: Social Justice Index of Developed Nations Puts US Near Bottom

  Meanwhile, the democratic-socialist Nordic countries of Iceland, Norway, Denmark, Finland, and Sweden enjoy the top spots in detailed survey of OECD nations.

• The Activists Guiding Us Through These Dark Days

  Over 1,000 people packed into the historic Cirkus Arena in downtown Stockholm Wednesday night. It wasn’t for the building’s original purpose, an actual circus, or for a rock concert, which is one of the contemporary uses of the building. What drew this remarkable cross section of Swedish society, as well as people from around the world? Activism. Courage. Passion.

• US Official Threatens Communities That Don’t ‘Respect’ Police

  On Tuesday, Attorney General of the United States William Barr warned that if Americans don’t give more “support and respect” to police, “they might find themselves without the police protection they need.”

• Indonesia Arrests Yet More Indigenous Papuans

  The list of political prisoners in Indonesia’s West Papua and Papua provinces is growing higher, as at least 110 people were arrested for raising the Papuan national flag over the weekend.

• Edward Snowden: In the US, I Would Likely Die in Prison for Telling the Truth

  The Right Livelihood Awards celebrated their 40th anniversary Wednesday at the historic Cirkus Arena in Stockholm, Sweden, where more than a thousand people gathered to celebrate this year’s four laureates: Swedish climate activist Greta Thunberg; Chinese women’s rights lawyer Guo Jianmei, Brazilian indigenous leader Davi Kopenawa and the organization he co-founded, the Yanomami Hutukara Association; and Sahrawi human rights leader Aminatou Haidar, who has challenged the Moroccan occupation of Western Sahara for decades. The Right Livelihood Award is known as the “Alternative Nobel Prize.” Over the past four decades, it’s been given to grassroots leaders and activists around the globe — among them the world-famous NSA whistleblower Edward Snowden. At Wednesday’s gala, Amy Goodman interviewed Snowden in front of the award ceremony’s live audience via video link from Moscow, where he has lived in exile since leaking a trove of secret documents revealing the U.S. government’s had built an unprecedented mass surveillance system to spy on Americans and people around the world. After sharing the documents with reporters in 2013, Snowden was charged in the U.S. for violating the Espionage Act and other laws. As he attempted to flee from Hong Kong to Latin America, Snowden was stranded in Russia after the U.S. revoked his passport, and he has lived there ever since. Edward Snowden won the Right Livelihood Award in 2014, and accepted the award from Moscow.

• No Free Pass for North Korea’s Abuses

  The United Nations Security Council has an opportunity this month to refocus attention on North Korea’s abysmal human rights record after giving it a pass last year.

• Inside the Cell Where a Sick 16-Year-Old Boy Died in Border Patrol Care

  Carlos Gregorio Hernandez Vasquez, a 16-year-old Guatemalan migrant, was seriously ill when immigration agents put him in a small South Texas holding cell with another sick boy on the afternoon of May 19.

• These Cops are Supposed to Protect Rural Villages. They’re in the Suburbs Instead.

  WASILLA, Alaska — The man appeared around dinnertime in the parking lot of the city Police Department, asking to see a cop. Another fight with his wife. Nothing violent, he said, but she threatened to carve a word in the paint of his luxury pickup: CHEATER.

  Maybe an officer could go talk to her? A routine request on a routine night for the Police Department of this small suburban city, made famous by former Mayor Sarah Palin. (She lives up the road.)

• R. Kelly Accused of Bribing a Public Official to Marry Aaliyah at Age 15

  R&B singer R. Kelly is now facing bribery charges for the fake ID he used to marry Aaliyah. The charges were revealed in an unsealed indictment this afternoon.

• Professor Turley Is Dead Wrong on Impeachment and Here’s Why

  In his opening statement emphasizing the importance of legal standards, George Washington University constitutional law professor Jonathan Turley claimed that impeaching, “a president on this record would expose every future president to the same type of inchoate impeachment” and warned, “I hope you will consider what you will do when the wind blows again…”

• The Twenty-First-Century Legacies of America’s Twin Sins

  On the Thursday of the second week of the House Intelligence Committee’s impeachment hearings, former U.S. Attorney Preet Bharara had a special guest on his weekly podcast, Carl Bernstein. It was Bernstein, with fellow Washington Post journalist Bob Woodward, whose reporting broke open the story of how the Committee to Re-elect the President burglarized Democratic Party headquarters at the Watergate office building in Washington, D.C.  That reporting and the impeachment hearings that followed eventually forced President Richard Nixon to resign in disgrace in 1974. Bharara wanted to hear about what differences Bernstein sees between the Nixon impeachment proceedings and Donald Trump’s today.

• Be Best, My Ass

  OK, we are now and truly done with the con man and his vile hooker squatting in the White House. Having stayed silent through endless atrocities – rapes, lies, cruelty, racism, bullying, leaving families hungry, caging 70,000 children and killing six…

• ‘Impeach Trump for This’: Video Shows Final Hours of Teen’s Horrible Death in US Immigration Detention Center

  Contrary to claims by Border Patrol, “they didn’t take him to the hospital. They didn’t release him. They didn’t even seem to check on him as he was dying on the floor of his cell.”

• Video Shows Teen’s Horrible Death in U.S. Immigration Detention Center

  Footage from an immigrant detention center in Texas obtained by Pro Publica and published online Thursday shows the final hours of 16-year-old Carlos Gregorio Hernandez Vasquez—who died from complications of the flu while in custody—but also strongly indicates the border patrol agents responsible for his care lied about what happened that night.

• Mexican Immigration Officials Destroy Asylum Seekers’ Tents

  Mexican immigration officials arrived at a refugee camp in Matamoros, Mexico early Tuesday morning bearing machetes used to destroy unoccupied tents left behind by Mexican asylum seekers, according to multiple camp residents who witnessed the event.

• France Drops Plan to Give Boats to Libya

  France’s decision last week to withdraw its offer of six boats to the Libyan Coast Guard is good news, as Libya could have used this “gift” to subject even more migrants and refugees to serious abuses in Libya.

• Fred Hampton: “Peace To You…If You’re Willing to Fight For It

  It was 50 years ago that Chicago cops executed Black Panther Chairman Fred Hampton as he slept, firing over 90 shots into his apartment for the crimes of feeding hungry kids, opening medical clinics, forming a Rainbow Coalition and championing black self-determination. Targeted by the FBI as a danger who could “electrify the masses,” Hampton vowed to fight racism with

• NYPD Finally Releases A Body Camera Policy That Gives The Department Plenty Of Ways To Withhold Footage

  The NYPD has finally finalized its body-worn camera footage release policy. It’s not much better than its initial public offering, which sought public input and then ignored every bit of the public’s input to craft an officer-friendly deployment policy that left the act of recording to officer discretion.

• This Judge Is Married to the Sheriff. Ethics Complaints Have Piled Up.

  Two years ago, the Chester County Sheriff’s Office in South Carolina accused a pair of lower-court judges of unfairly blocking the sheriff’s requests for criminal warrants.

  A top deputy planned to file a complaint with the chief magistrate and the local state senator, who controls the county’s judicial appointments. But before doing so, the deputy turned to an unlikely ally to help craft his appeal: Magistrate Angel Underwood.

• American WeChat Users Getting Banned For Celebrating Hong Kong Election Results

  The recent election in Hong Kong may have scored some wins for pro-democracy candidates, but supporters of protesters and newly-elected candidates still aren’t able to do much celebrating on social media. WeChat, the massively popular messaging app owned by China’s Tencent, is apparently censoring posts and shutting down pro-democracy accounts.

• ALEC-Crafted Laws Could Send Me to Prison for a Decade for My Activism

  This week, corporate executives and legislators from around the country are gathering in Scottsdale, Arizona, for the American Legislative Exchange Council’s (ALEC) annual States and Nation Policy Summit, where they will craft policies to introduce into state legislatures. More than a dozen groups have protested outside the meeting. ALEC is a shadowy group — meeting in secret, hiding its membership, and prohibiting journalists and the public from observing its activities. Various watchdogs have increasingly exposed ALEC’s undemocratic nature. What has received less attention, however, are the policies that emerge from ALEC.

• Black Back Room Deals Must Not Stifle Right To Die With Dignity: Philip Nitschke

  Culture is crucial to Indigenous Australia, but it doesn’t give a handful of black leaders the right to scuttle laws to assist everyone the right to die with dignity, writes Dr Philip Nitschke.

Internet Policy/Net Neutrality

• AT&T Says The Real Problem With The Internet Is We Pay Too Much Attention To Giant ISPs

  As Silicon Valley giants like Google and Facebook face all manner of (justified) regulatory scrutiny, telecom has been able to somehow remove itself from the conversation, despite engaging in many of the same (if not worse) behaviors over the years. While Congress obsesses about new ways to regulate “big tech,” the US government has oddly been busy neutering all oversight of “big telecom”. That’s at least partially by design; giants like AT&T and Comcast have spent years pushing for the hyper regulation of companies telecom increasingly competes with in the online ad space.

Monopolies

• CJEU rules that “aceto” and “balsamico” are not individually protectable components of PGI “Aceto Balsamico di Modena”

  Yesterday, the Court of Justice of the EU (CJEU) issued its decision in Case C-432/18, Consorzio Tutela Aceto Balsamico di Modena v Balema GmbH [here]. The decision sets important limitations on the scope of protection of the Protected Geographical Indication (PGI) “Aceto Balsamico di Modena” and for PGI’s registered in a similar manner, because the Court held that individual components of this PGI are not protected.

  Background to the case

  Balema is a German producer of balsamic vinegar and markets its products as “Balsamico” or “Deutscher Balsamico”. The consortium of producers of Modena balsamic vinegar hold the PGI for “Aceto Balsamico di Modena (PGI)”, which enjoys protection under Regulation 1151/2012 (the Agricultural Foodstuff Regulation). It was registered under its predecessor and, as is common practice for European geographical indications, on the conditions set forth in the granting regulation, 583/2009. The consortium sued Balema in Germany and the Federal Supreme Court asked the CJEU whether the protection for “Aceto Balsamico di Modena” extends to the use of individual, non-geographical components of this term.

• One-minute survey: Does judicial recruitment need a shake-up?

  The England and Wales High Court is in need of IP specialist judges. But with the courts facing a wider recruitment issue, filling the gap is not easy.

  Factors including pay and changes to pension arrangements mean there is a lack of candidates who want to become a judge. The UK’s Ministry of Justice has itself cited “very strong evidence” for recruitment difficulties in the High Court.

• Mandatory mediation in Greece: Odysseus reaches Ithaca

  We have previously reported on Greece’s legislative initiative to introduce mandatory mediation in certain civil and commercial disputes, including trademark infringement disputes.

  The respective law, 4512/2018, had been enacted, but its entry into force was postponed, following reactions of lawyers and bar associations. As a result, the drafting of a new law was commenced. After the conclusion of the public consultation, a final draft was submitted to Parliament, and it was approved by the Plenary on November 28, 2019.

  Published the following day, on November 29, 2019, it is now law no 4640/2019 “Mediation on civil and commercial disputes – Further harmonization of Greek legislation with Directive 2008/52/EC of the European parliament and of the council of 21 May 2008 and other provisions” (the Law).

• Patents

  • As 9th Circuit Prepares For Argument, Korean Fine Against Qualcomm Upheld

    Qualcomm’s appeal of the FTC’s success in district court continues to move forward, with the second set of amicus briefs (including CCIA’s) filed the week of Thanksgiving. Qualcomm’s reply brief is due by Friday, December 13th, and oral argument is scheduled for February 13th, 2020. Judge Koh found that Qualcomm had abused its dominant position in baseband modems, harming consumers and competitors alike.

    On appeal, Qualcomm has in essence argued that competition law shouldn’t apply to it because of its importance to cellular standards. Many amici, from technology firms to auto companies to former heads of the FTC, repudiated the argument that maintaining Qualcomm’s position in 5G is more important than ensuring healthy competition. We’ll see if that argument flies in the United States—given the strength of the factual determinations and the evidence in the district court, it shouldn’t—but in the meantime, Qualcomm has been handed another setback.

  • Nokia outmaneuvering Daimler with settlement effort that has zero credibility–but Mannheim court confirms hearing date

    One week ago, Reuters’ Foo Yun Chee (who’s been covering EU competition matters for more than a decade and whom I regard very highly) reported on a statement by Nokia according to which “the Finnish telecoms equipment maker had submitted a proposal for resolving the patent licensing fee row.” This relates to the situation between Nokia and Daimler as well as Daimler’s suppliers. Nokia brought ten German standard-essential patent (SEP) infringement actions against Daimler earlier this year–several months after Daimler had lodged an antitrust complaint with the European Commission’s Directorate-General for Competition (DG COMP) over Nokia’s refusal to extend exhaustive SEP licenses on FRAND terms to Daimler’s suppliers. At around the same time, four suppliers (Continental, Valeo, Gemalto, and BURY Technologies) also filed complaints against Nokia with DG COMP.

  • Supreme Court Hears Appealability Appeal

    The section 315(b) time bar prohibits institution of a petition “filed more than 1 year after the date on which the petitioner … is served with a complaint alleging infringement of the patent.” Years ago (well before the 1-year date) the patentee Click-to-Call sued Thryv’s predecessor-in-interest for infringement and served the complaint as required under § 315(b). That lawsuit, however, was voluntarily dismissed without prejudice. When the defendant later filed its IPR petition, the PTAB found that the dismissal without prejudice effectively nullified the original lawsuit and, as such, did not raise the time-bar. The PTAB then invalidated the claims. On appeal, the Federal Circuit rejected PTAB’s approach — holding that the statute does not allow for any exception to the time-bar for cases dismissed without prejudice. In its petition to the Supreme Court, Thryv asked the court to review both whether (1) the issue is appealable; and (2) the time-bar still applies after a dismissal without prejudice. The Supreme Court granted certiorari, but only as to question 1 – whether the issue is appealable.

  • Another German FRAND Ruling – OLG Karlsruhe, Judgment of 30 October 2019, 6 U 183/16 (Philips v Wiko)

    In its latest ruling on FRAND and the Art. 102 TFEU defense, the OLG (Higher Regional Court) Karlsruhe put an emphasis on the ‘fairness’ of the licensing negotiation procedure and thus on the ‘F’ prong of FRAND. To allow fair and expedient licensing negotiations and avoid a finding of abuse of dominance, the owner of a standard essential patent (SEP) has to explain and substantiate vis-à-vis the willing licensee why its license offer is FRAND in such a way that the implementer can assess the offer and respond with a counter-offer in a meaningful way. Even though both the SEP holder and the implementer may still comply with their ‘negotiation duties’ after filing the complaint, undue pressure by the threat of an injunction has to be avoided, e.g. by suspending the proceedings.

    The case concerned a patent essential for the LTE standard. The OLG Karlsruhe, appeal instance to the Mannheim Regional Court, confirmed patent infringement by defendant’s LTE compatible mobile phones, resulting in a declaration on damages and full claims for information and accounting. However, the defendant’s FRAND/Art. 102 TFEU defense was successful and the court rejected the requests for an injunction, recall and destruction as currently unfounded.

    With this decision, the Karlsruhe court tackles questions on the implementation of the negotiation framework as set out in the landmark decision Huawei v ZTE of the CJEU (case C-170/13) from yet a different angle than the appeal courts in Duesseldorf (with an emphasis on the ‘non-discriminatory’ assessment of the content of the SEP holder’s license offer and stricter requirements on the provision of third party licenses) and the UK (with a focus on the ‘fair and reasonable’ prong of FRAND and a more flexible application of the CJEU negotiation framework; see previous posts here and here). The Karlsruhe court also came to a different conclusion than the Court of Appeal The Hague in the parallel proceedings between the same parties earlier this year. According to public comments, the Dutch court held that the plaintiff was entitled to an injunction as the defendant was not a ‘willing licensee’ prior to the proceedings and had not met its burden to show that the plaintiff’s later license offer was non-compliant with FRAND. In contrast, the OLG Karlsruhe found that the plaintiff had not met its burden to substantiate the FRANDness of its license offer to the defendant. This failure to meet its information and negotiation duties amounts to an abuse of the plaintiff’s dominant position acc. to Art. 102 TFEU.

  • TCL v Ericsson overturned on appeal in US; will go to jury trial

    Readers will remember the news of Christmas 2017: Judge Selna in the Central District of California determined the FRAND royalties that TCL should pay to Ericsson. The decision attracted comment because the rates were very much lower than the findings that Mr Justice Birss had made in relation to Ericsson’s portfolio in Unwired Planet, despite similar evidence

    Today the Court of Appeals of the Federal Circuit overturned that decision.

    Ericsson appealed on two grounds: that it had been deprived of its right to a jury trial, and that Judge Selna’s calculations contained many errors. Happily for Ericsson, but disappointingly for followers of FRAND, the CAFC agreed with the first of those grounds. That means it did not need to look at the second.

• Trademarks

  • Fraudulent Trademarks: How They Undermine the Trademark System and Harm American Consumers and Businesses

    Congress is moving on Trademark Legislation with a number of different potential proposals circling.

  • Counterfeit Goods Seizure Act of 2019

    Copyright, trademark, and “trade name” violations are already listed in the statute; patents and trade secrets are not listed. The basic idea here is that it is pretty easy for CPB to stack design patents atop their current system that looks at copyright and trademark. The hope here is that a layman (e.g., CPB official) can quickly and easily determine design patent infringement at a relatively high level of accuracy. This would be much more difficult for utility patents, and wouldn’t work for trade secrets without disclosing the secret to CPB.

  • AG Campos advises CJEU to rule that Amazon might be potentially liable for trade mark infringement

    Subsequently Coty requested Amazon to provide all perfumes stocked on behalf of the seller. 11 of the 30 perfumes delivered by Amazon to Coty had been stocked on behalf of another seller, whose identity Amazon was not able to confirm.

    Coty sued Amazon for trade mark infringement in Germany, but without success. In fact, both at first instance and on appeal, the German courts found that Amazon had not directly used the trade mark or stocked the goods to sell them; rather, it had just stocked them on behalf of third parties and was unaware that the trade mark rights had not been exhausted.

    On appeal to Germany’s Federal Court of Justice (BGH), a question arose: Does a person who, on behalf of a third party, stores goods which infringe trade mark rights, without having knowledge of that infringement, stock those goods for the purpose of offering them or putting them on the market under Article 9(3)(b) EUTMR, if it is not that person himself but rather the third party alone which intends to offer the goods or put them on the market?

    The BGH was unsure, though it was inclined to answer in the negative in light of what happens in Germany in the patent field. The court also excluded that Amazon’s behaviour would amount to a ‘use’ of the trade mark within the meaning of Article 9(2) EUTMR.

    Despite all this, a referral was made to the CJEU.

• Copyrights

  • When you own an artwork, you don’t own the copyright: Danish artist wins injunction against watchmakers planning to cut up painting

    With thanks to Hanne Kirk and her team at Gorrissen Federspiel (Denmark) for this fascinating post regarding the outer limits of copyright in an artwork:

    On Monday, 2 December 2019, the Danish Maritime and Commercial High Court issued a ruling in a case which explores the fine line between destruction and alteration of existing artwork. The conclusion? Cutting up an existing artwork to repurpose the individual pieces as wristwatch faces constitutes reproduction of the work in an amended form – not destruction followed by the creation of a new, original work.

    [...]

    In its 2 December 2019 ruling, the Danish Maritime and Commercial High Court found in favour of Tal R on all claims, confirming expressly that the insertion of pieces of a painting into wristwatches was, in the view of the Court, not a destruction of the work, but rather a reproduction of the work in an amended form.

    In support of this conclusion, the Court noted that Kanske had itself explained that the very idea of the project was to transform Tal R’s artwork, and had further asked on its website “what happens when you take an original artwork and turn it into something else?” It made no difference in this regard that the artwork, once incorporated into the wristwatches, would no longer be recognizable.

    (This GuestKat finds the last-mentioned statement somehow surprising, given that similarity is a prerequisite for an infringement, and given that similarity calls for a certain recognizability of the original work.)

    The Court further ruled that the project would indeed, as claimed by Tal R, constitute an alteration and making available to the public of Tal R’s artwork “in a manner or in a context which is prejudicial to the author’s literary or artistic reputation or individuality,” thereby violating section 3(2) of the Danish Copyright Act.

    Finally, the Court also agreed that Kanske had violated sections 3(1) and 22(1) of the Danish Marketing Practices Act by marketing and offering for sale the wristwatches, including by making unauthorized use of the “Tal R” brand.

    Overall, the Court dismissed Kanske’s defense that the project was art and should benefit from the protections granted to expressions of artistic freedom.

  • Creative Commons Receives an AWS Imagine Grant to Improve CC Search

    With that in mind, we’re excited and proud to announce that we’ve been awarded an Amazon Web Services (AWS) Imagine Grant—a public grant for non-profit organizations that are “using technology to solve the world’s most pressing challenges.”

  • The Pirate Bay Moves to a Brand New Onion Domain

    The most famous torrent site in the world, The Pirate Bay, has ditched its old and mostly unreadable Onion domain for something more recognizable and potentially more permanent. The switch was reported to TorrentFreak after Pirate Bay proxy sites noticed extended downtime on the old domain.

  • IPTV Service Easily Circumvents First Canadian Piracy Blockade

    Through the Federal Court, Bell, Rogers, and Groupe TVA recently obtained the first Canadian pirate ‘site’ blocking order. The companies argued that ISP blockades are an effective way to deal with copyright infringing sites and services. While that may be true to a certain degree, the targeted GoldTV service simply switched to a new domain and continues to offer its services.

  • Meet the Guy Behind the Libgen Torrent Seeding Movement

    Libgen and Sci-Hub, regularly referred to as the ‘Pirate Bay of Science’, are continually under fire. However, if all of the important data is decentralized, almost any eventuality can be dealt with. Today we meet the guy leading a new movement to ensure that Libgen’s archives are distributed via the highest quality torrent swarms possible.

  • Why Won’t Creative Future’s Members Comment About This Hollywood Front Group Smearing A Well Respected Law Professor?

    If you look in the dictionary, the word “projection” has many different definitions. I find it particularly amusing that in Merriam Webster’s dictionary, the following two are right next to each other: the attribution of one’s own ideas, feelings, or attitudes to other people or to objects; especially : the externalization of blame, guilt, or responsibility as a defense against anxiety the display of motion pictures by projecting an image from them upon a screen This is a story that kind of involves both of those definitions, because it’s all about a front group, created and funded by Hollywood, very much “projecting” its own blame, guilt and responsibility onto one of the most respected and thoughtful copyright law professors. And… almost no one wants to comment on the organization’s shameful tactics. Perhaps some of you might help in my ongoing efforts to get literally any of Creative Future’s members to explain why it still supports the organization after its shameful smear campaign over the past few weeks and months.