Richard Stallman: “Google Can Forcibly Impose Software Changes and the User Can’t Say No.”

Posted in Google, Interview at 6:57 pm by Dr. Roy Schestowitz

First published a decade back

Summary: “This is the same thing that Microsoft has in Windows,” Stallman told me, “so Microsoft can also impose software changes. Any malicious feature that’s not in the program today could be remotely installed tomorrow.”

I think in practice one of the issues is many of the browsers these days have actually got some surveillance built in and one of the usual excuses these days is security, so they try to prevent phishing scams and things like such that are absolute; I think since Internet Explorer version 7 and Google Chrome and other browsers by default they will track the users and leave a trail, or at least provide the corporate maker of the browser, with a list with pages you visit, so the other releases…

“…Google can forcibly impose software changes and the user can’t say no.”Richard Stallman: Those are non-Free programs. Internet Explorer is non-Free and Google Chrome is non-Free. Not only that, Google Chrome has a universal back door, which is another way of saying auto-update; basically it means that Google can forcibly impose software changes and the user can’t say no. This is the same thing that Microsoft has in Windows, so Microsoft can also impose software changes. Any malicious feature that’s not in the program today could be remotely installed tomorrow. So, once a program has a universal back door, you must consider it not merely malware but universal malware.


Ogg Theora

As embedded (HTML5):

It’s Not About Richard Stallman

Posted in Free/Libre Software, FSF at 6:48 pm by Dr. Roy Schestowitz


First they came for the Founder

And I did not speak out
Because I was not an FSF employee

Then they came for the GPL
And I did not speak out
Because I was not into copyleft, let alone a coder

Let's wrestle with the community. Take them down to our level...Then they came for the activists
And I did not speak out
Because I was not among their targets

Then they came for the community
And I did not speak out
Because I was salaried by IBM

Then they came for me
And there was no one left
To speak out for me

Links 2/5/2021: “Landlock” in Linux 5.13, Comics, Patents Catch-up

Posted in News Roundup at 1:03 pm by Dr. Roy Schestowitz

  • GNU/Linux

    • I put all of my comics online!

      There are 273 comics right now which is a lot, so I’ve added a very simple search using list.js. Here’s what it looks like.

      It searches based on the title and also a few keywords I manually added, which is why “authoritative nameservers” matches the search “dns”.

      I wrote a small custom search function that only matches starting at the beginning of the word, so that the search “tar” doesn’t give you “start”. It feels pretty good to use.

      If you want to read the pages from the Bite Size Linux sequel I mentioned that I started writing 2 years ago and never finished, you can search for “linux2”.


      But I felt a bit worried about making all the comics more easily available online because – what if I put them online and then nobody wants to buy the zines anymore?

      I decided this week not to worry about that and just do it because I’m really excited about being able to easily link any comic that I want.

      The zine business is going really well in general so I think it’s a lot nicer to operate with a spirit of abundance instead of a spirit of scarcity.

    • Audiocasts/Shows

      • This Week in Linux 149: Linux 5.12, Fedora 34, elementary OS 6, openSUSE Leap, RHEL 8.4, Pine64

        On this episode of This Week in Linux, we’re going to check out the latest release of the namesake of this show, the Linux Kernel with Linux 5.12 being released. This episode is just stacked with Distro news with the release of Fedora Linux 34, the Release Candidate of openSUSE Leap 15.3, elementary OS 6 Beta has been released, and we’ll check out version 21 of Calculate Linux. That’s not all for Distro news, I did say it was stacked . . . we also got some Enterprise Distros to discuss with Red Hat Enterprise Linux 8.4 aka RHEL then we’ll check out the CentOS alternatives with AlmaLinux 8.4 Beta & Rocky Linux 8.3 RC. We’ve got some cool mobile hardware news this week with updates from Pine64 about the PinePhone Keyboard Addon and the PineTime SmartWatch. There’s just so much good news this week but there’s also a new Linux Backdoor Malware that was found being named RotaJakiro so we’ll talk about that. All that and much more on Your Weekly Source for Linux GNews!

    • Kernel Space

      • Linus Torvalds Reflects In New Interview on Linux’s Earliest Days

        Linus Torvalds gave a long new email interview to Jeremy Andrews, founding partner/CEO of Tag1 (a global technology consulting firm and the second all-time leading contributor to Drupal). Torvalds discusses everything from the creation of Git, licenses, Apple’s ARM64 chips, and Rust drivers, to his own Fedora-based home work environment — and how proud he is of the pathname lookup in Linux’s virtual filesystem. (“Nothing else out there comes even close.”)

      • Intel Proposes Calibrated Timestamps As It Works Towards Vulkan Video – Phoronix

        Since the publishing of the provisional Vulkan Video specification last month, the only driver on Linux to have exposed any early Vulkan Video support is NVIDIA’s Vulkan beta Linux driver. But it would appear that Intel’s open-source developers are working at least towards eventually handling this video acceleration API.

        Given how well Intel has been maintaining their open-source “ANV” Mesa Vulkan driver for Linux systems, it shouldn’t come as much of a surprise that they would likely be supporting Vulkan Video too. While they don’t yet have any public implementation to showcase, a new Vulkan extension proposal this week seems to indicate they are working in that direction.

      • New Realtek Audio Support, VirtIO Sound Driver Ready To Play On Linux 5.13

        While PipeWire continues garnering interest this year for improving Linux sound in user-space, the kernel’s sound drivers continue to be improved upon as well and tacking on support for new devices.

        On Friday the Linux 5.13 sound updates were sent out and subsequently merged to mainline. For this next kernel version there is the introduction of a VirtIO Sound driver that complies with the new VirtIO sound device specification that is part of this I/O virtualization standard. The VirtIO sound is intended for use-cases where audio is needed but device pass-through or emulation is not available or preferred.

    • Applications

    • Instructionals/Technical

      • How To Install Centrifugo on Ubuntu 20.04 LTS

        In this tutorial, we will show you how to install Centrifugo on Ubuntu 20.04 LTS. For those of you who didn’t know, Centrifugo is a scalable real-time messaging server in a language-agnostic way. It can use as a free alternative to pusher.com services. Centrifugo supports WebSocket and SockJS. Websocket or SockJS connections from application clients (from web browsers or other environments like iOS/Android apps). When you need to deliver an event to your clients in real-time you publish it to Centrifugo API and Centrifugo then broadcasts the event to all connected clients interested in this event (i.e. clients subscribed to the event channel). In other words – this is a user-facing PUB/SUB server.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Centrifugo on an Ubuntu 20.04 (Focal Fossa) server. You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

      • 5 ways to use the move command in Linux – LateWeb.Info

        In this article, you will learn 5 common uses of mv command in Linux. The mv command is not only used for moving files but also for renaming files. However there’s more that you can do with this utility command.

      • Docker Commands for Managing Container Lifecycle (Definitive Guide)

        Knowing the various states of the Docker Container is essential for any serious Docker user.

        I’ll explain the container lifecycle and then show the Docker commands for each stage of the lifecycle.

        But before you learn all those things, let’s revisit the concept of the container once more.

      • Delete UEFI boot entry – Remove Unwanted UEFI Entries on Linux using efibootmgr

        This is quick guide howto remove unwanted UEFI entries on Linux using efibootmgr.

        Sometimes just efibootmgr commands are enough to remove UEFI entries, but some UEFIs need EFI System partition modifications or all UEFI entries are regenerated on reboot.

      • How to select all text in qutebrowser using Ctrl+A | Hund

        This is really not a complicated thing to do, but it took me a while to figure out how to bind the command vvG to a key like Ctrl+A.

    • Games

      • Steam on Linux Gaming Marketshare Steady For April

        For those curious about the Steam on Linux gaming marketshare always as we begin a new month, Valve published their April 2021 figures overnight.

        In March the Steam on Linux gaming marketshare was 0.85%… Pretty much since Steam Play came out for running Windows games on Linux, the marketshare grew and has consistently held in the 0.8~0.9% range. It’s flirted with 1% but hasn’t been above that threshold in years since Steam on Linux first came out and had around a 2% marketshare albeit with a smaller overall Steam customer base at that time.

      • The Sunday Section is here for Linux and gaming fans

        Another week down, plenty of items missed that we couldn’t fit in. Here’s your Sunday Section going over a few random bits of news. Grab a coffee and enjoy.

        How about some Linux distribution news?

        siduction, the distribution based on Debian unstable/sid wrote a blog post to announce the death of Axel Beu. Someone who not many will know but Beu was important to siduction, as their major sponsor that made the project actually sustainable. As a result, they now need to take outside donations so they’ve setup a spot on Open Collective – one for the EU and the US. R.I.P Axel Beu.

        Solus, the home-grown distribution with its own Budgie desktop environment has a new development blog post up, which highlights that they’ve now: released Budgie 10.5.3 with plenty of bug fixes, introduced support for the GNOME 40 stack, lots of quality of life changes have also been made along with upgrades to KDE Framework 5.81.0 and Plasma 5.21.4 as well.

      • Running Steam and Windows Games on Slackware Linux without Multilib

        Few years ago, i was quite lucky to get 3 free games from Ubisoft Holiday Bundle, Assasin Creed IV: Black Flag, World in Conflict: Complete Edition, and Watch Dogs. I played Assasin Creed IV for a while under Windows in my spare time, but later on, i rarely login to my Windows machine (it’s only available on my laptop, not in my other machines), so it’s kinda abandoned.

        The arrival of Steam under Linux does give some inspiration, but it also comes with it’s own problems. In order to install/use Steam you need to have 32 bit libraries installed. This can be achieved in Slackware by using multilib provided by Eric Hameleers, but you must be really careful when using Slackware-Current since changes in -current can break your multilib. It’s not officially supported by Slackware, so you must rely on community to help your issues if you encountered them. Many people have been using this approach and it worked just fine for them. I didn’t install multilib on my machines because i’m not really a hard core gamers. I just play games on my spare time and it’s not my highest priority.

      • How To Install Steam on Linux Desktop | Play Your Favorite Games

        If you are a gaming and Linux enthusiast, you have probably been pondering for a long time about how to play professional games in a Linux environment. No wonder earlier gaming was a daydream on Linux distributions. But with the development of Steam, you can now smoothly play games on Linux. Steam had become available for Linux in 2013; since then, the popularity graph of Steam has been increasing. Even if you are not a gamer, you would not mind giving Steam a shot to check how it works on Linux.

        Well, how smooth and good Steam is on Linux? Can it utilize the GPU cores as Widows or Mac can? Do games buffer on Steam? If you are a newbie in Steam, a lot of questions are playing around your head. All the answers are about to end, only if you stay with the post till the end.

    • Distributions

      • IBM/Red Hat/Fedora

        • Rocky Linux 8.3 RC1 – CentOS Replacement Brings First Release Candidate

          The first pre-release of Rocky Linux is here. It is immediately available for download and for you to test.

        • 15 unusual paths to tech | Opensource.com

          The lives we led before we arrived where we are now sometimes feel like a distant land full of memories we can’t quite recall. And sometimes we have lived experiences that we’ll just never forget. Many times those experiences teach us and help us appreciate where we are today. We may even wish for those days as we recount our past lives.

          What did you do before tech? Tell us in the comments.

          I did janitorial work in the university cafeteria after it closed every day, and I got extra pay cleaning it up after live gigs held there (which happened about 4 times a year). We started to clean up for the following morning after the venue was vacated about 4 am, and had to get it cleaned and set up for opening the following morning at 7 am. That was fun. I worked summers in a livestock mart in the West of Ireland, running the office, keeping the account books, minding the cash that came through. I also had stints as a barman, lecturer, and TA at a local university while I was a post-grad, and once spent a few days stocking a ship with boxes of frozen fish in a Dutch port. —Dave Neary

          I was a musician in the Marine Corps, but being a bassoonist in the Corps means that you’re mostly playing bass drum. After burning out, I changed to data comms for my second enlistment. —Waldo

      • Debian Family

        • Debian Have Re-elected Jonathan Carter As The Leader Of The Project

          Developers of the Debian Linux distribution have re-elected Jonathan Carter as the leader of the free operating system project.

          Jonathan Carter is a South African based in Cape Town who works part-time for the African Institute for Mathematical Sciences, where he does system administration work on the institutional network that it uses in its centers across Africa. He has served as the Debian Project Lead since April 2020 and was re-elected for another year.

          Carter had only one opponent, Sruthi Chandran. She contested the elections in 2020 as well, but was unsuccessful that year too. Carter received 421 votes while Chandran was backed by 312 developers. The project has more than 1000 developers spread all over the globe.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • Programming/Development

        • CVE-2021-31799: A command injection vulnerability in RDoc

          There is a vulnerability about Command Injection in RDoc which is bundled in Ruby. It is recommended that all Ruby users update RDoc to the latest version that fixes this issue.


          RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdoc command.

        • HowTo: Using a Pager in the 21st Century | by Dmitrii Eliuseev | May, 2021 | Medium

          In the 90th I was a student and the pager for me was something like a Star Trek Communicator, a piece of the cutting edge technology. It is fun to remember it because now I know that technologically the paging protocol is very straightforward. From the encoding perspective, the pager is not so different from the wireless doorbells that are selling now for 5$ in Aliexpress.


          Bits are encoded with a frequency shift keying (FSK) modulation using 9 kHz bandwidth and 1200 bits per second speed, all this message is transmitting in about 0.5s.

          Looks simple, and it really is. I will skip the details, those who are interested can read the protocol specification. It is even easy to draw all these bits with pen and paper — these protocols were simple in the past, I think nobody can do it with modern GSM or WiFi. In POCSAG messages there is no authentication, no security keys — all messages to all paging company customers are available on-air “as is”, and by the way, can be easily decoded with PC software like PDW.

          How customers are receiving their messages? Every pager has its own unique ID, called CAP — Channel Access Protocol or RIC — Receiver Identification Code. All pagers from the paging provider are listening to the same frequency, let’s say, 164 MHz. If the message code is equal to the pager code, the pager saves the message and makes the loud “beep”. That’s it. It’s a one-way communication, there is no confirmation sending back, the pager has only the receiver and no transmitter at all. The logic and hardware are extremely simple, and because of that, the pager can work for more than a month from a single AAA battery. Interestingly, pagers are still in use in some countries even now — in the hospitals or emergency services, where it is important to have a portable and lightweight device with long battery life.

  • Leftovers

    • Hardware

      • UVA Engineering Computer Scientists Discover New Vulnerability Affecting Computers Globally

        A team of University of Virginia School of Engineering computer science researchers has uncovered a line of attack that breaks all Spectre defenses, meaning that billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced. The team reported its discovery to international chip makers in April and will present the new challenge at a worldwide computing architecture conference in June.

        The researchers, led by Ashish Venkat, William Wulf Career Enhancement Assistant Professor of Computer Science at UVA Engineering, found a whole new way for hackers to exploit something called a “micro-op cache,” which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process. Micro-op caches have been built into Intel computers manufactured since 2011.

      • Computer scientists discover new vulnerability affecting computers globally

        Because all current Spectre defenses protect the processor in a later stage of speculative execution, they are useless in the face of Venkat’s team’s new attacks. Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors.

        “Intel’s suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute,” Venkat said. “But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel.”

    • Health/Nutrition

    • Integrity/Availability

      • Proprietary

        • Apple captures 42% share, Samsung largest smartphone OEM globally

          Riding on the success of its iPhone 12 series, Apple captured 42 per cent market share (by value) in the global smartphone market that posted a record $113 billion in sales for the first time in the first quarter (January-March) this year, according to a new report.

        • Basecamp implodes as employees flee company, including senior staff

          After a controversial blog post in which CEO Jason Fried outlined Basecamp’s new philosophy that prohibited, among other things, “societal and political discussions” on internal forums, company co-founder David Heinemeier Hansson said the company would offer generous severance packages to anyone who disagreed with the new stance. On Friday, it appears a large number of Basecamp employees are taking Hansson up on his offer: according to The Verge contributing editor Casey Newton’s sources, roughly a third of the company’s 57 employees accepted buyouts today. As of Friday afternoon, 18 people had tweeted they were planning to leave.

        • Security

          • “Landlock” Lands In Linux 5.13 For Unprivileged Application Sandboxing

            Going back about a half-decade has been the Landlock Linux Security Module (LSM) as a means of allowing even unprivileged processes to create “powerful security” sandboxes. After a number of rounds of reviews and revisions over the year, Landlock has finally been mainlined for Linux 5.13!

            The Landlock LSM pull request was submitted earlier in the week and wasn’t acted upon right away leaving us to wonder if it would be another cycle where it’s left out… But on Saturday night Linus Torvalds went ahead and merged it.

          • Privacy/Surveillance

            • Google’s FLoC is Based on the Right Idea, but With the Wrong Implementation

              FLoC (Federated Learning of Cohorts) is a new technology that aims to solve the privacy concerns associated with cookies. Unlike the old way of using 3rd party cookies to build an advertising ID, FLoC uses data from your searches to place you into a predefined group (called a cohort) of people interested in similar topics as you.

              Advertisers can then serve the same ads to the group of people that are most likely to purchase their product. Because FLoC is built into Chrome, it can collect much more data than third-party cookies. For the average consumer, this should be a huge concern.

              In simple terms, if cookies were bad, then FLoC is down-right evil.

    • Defence/Aggression

      • In 2018 the US Was at War With Uyghur Terrorists. Now It Claims They Don’t Even Exist

        In the dying months of his administration, President Donald Trump removed from the United States terrorist list a little-known paramilitary organization called ETIM, an acronym that stands for either the East Turkestan Independence Movement or the East Turkestan Islamic Movement, depending on whom one asks. The group is also sometimes known as the [East] Turkestan Islamic Party (TIP or ETIP).

      • Opinion | Bottom-up Politics: Grassroots Activism Behind Pro-Palestine Shift in the US

        A decisive US public opinion shift must also not be ignored, as it is empowering voices within the Democratic Party to speak out more freely without jeopardizing their political careers.

      • Oregon Lawmaker Who Opened State Capitol To Far-Right Protesters Faces Charges

        The decision to charge Nearman follows a monthslong investigation by state police that began Dec. 21. As lawmakers met in a special legislative session to take up COVID-19 relief that day, surveillance footage showed Nearman exiting the locked Capitol building into a throng of protesters who were trying to get inside the statehouse. In doing so, he appeared to purposefully grant entrance to far right groups demanding an end to ongoing restrictions related to COVID-19.

    • Environment

      • Energy

        • Biden toots horn for Amtrak and future of US rail travel

          President Joe Biden — he’d probably be just as happy with his nickname Amtrak Joe — celebrated the national rail system’s 50th anniversary Friday by urging huge funding increases as part of a $2.3 trillion US infrastructure makeover.

          Dubbed the passenger rail system’s best customer, Biden became famous for daily commutes between Washington and his Delaware home during the 36 years he was a senator.

    • Finance

    • AstroTurf/Lobbying/Politics

    • Censorship/Free Speech

      • China blocks mention of Oscar-winner Chloé Zhao

        What happened? The answer is a form of nationalist backlash that is increasingly common. Soon after Ms Zhao won the Golden Globe, internet-users dug up comments she had made in 2013, saying China is “a place where there are lies everywhere”. Censors pounced, removing any mention of her from the Chinese internet.

        Nationalist [astroturfers] have long been intolerant of speech they deem critical of China. The government is now endorsing these attacks, perhaps for fear of looking weak if it doesn’t. It has intervened to cancel the distribution of “Nomadland” in China.

        Ms Zhao is not the first to be dealt with in this way. In June last year Hao Haidong, a Chinese footballer who is the country’s top scorer and now lives abroad, said that the Communist Party’s rule “has caused horrific atrocities against humanity”. Chinese websites swiftly deleted his name.

      • Indigenous activist in Brazil says accused of ‘slandering’ Bolsonaro

        A leading indigenous activist in Brazil said she has been summoned to appear before police after being accused of “slandering” the government of far-right president Jair Bolsonaro.

        Other Bolsonaro critics have been interrogated by police in recent months, part of what one newspaper called an “intimidation campaign” by the government.

        “I was summoned by the Federal Police in connection with an investigation into the Maraca series,” Sonia Guajajara, the coordinator of the Association of Brazil’s Indigenous Peoples (APIB), said Friday on Twitter.

    • Freedom of Information/Freedom of the Press

      • Repressive Laws Trigger Massive Press Freedom Decline for Malaysia

        Since the new leader, Muhyiddin Yassin, was sworn in on March 1, 2020, press freedom has come under attack, with the government relying on pre-existing laws, and a new “anti-fake news” decree targeting journalists, media experts say.

        These measures introduced during the pandemic, along with cases of journalists being questioned or raided by police over their coverage, led to an 18-point decline for Malaysia on the annual World Press Freedom Index. Released by media watchdog Reporters Without Borders (RSF), the index ranked Malaysia 119 out of 180 countries, with 1 being the most free.

    • Civil Rights/Policing

    • Internet Policy/Net Neutrality

    • Monopolies

      • Opinion | Tim Cook, Apple, and Runaway Limitless Corporate Greed

        People must push Congress to address this injustice.

      • Washington keeps close eye as Apple antitrust fight goes to court

        Apple will head to federal court in California on Monday to defend itself in an antitrust trial with Epic Games, a case that is expected to be closely watched in Washington as lawmakers and regulators crack down on the market power of Silicon Valley giants.

        Epic Games is suing Apple over claims of anti-competitive behavior. The dispute stems from Apple’s decision in August to kick Epic’s popular Fortnite game out of its app store after the developer set up its own payment system in an attempt to avoid the 30 percent commission fees charged by Apple.

        The trial comes amid a backdrop of federal and state-led antitrust lawsuits against tech giants, including Facebook and Google, and as Congress weighs steps to revamp antitrust laws after a House Judiciary panel released a blockbuster report alleging Apple and other companies stifled competition.

      • Apple’s App Store Had 78% Margin in 2019, Epic Expert Says

        Apple Inc.’s App Store had operating margins of almost 78% in fiscal year 2019, according to testimony from an Epic Games Inc. expert witness based on documents obtained from the iPhone maker.

        The figure comes from Ned Barnes, a financial and economics researcher, who said he obtained documents “prepared by Apple’s Corporate Financial Planning and Analysis group and produced from the files of Apple CEO Tim Cook.”

      • Explain-away exercise: mention of antisuit injunction case in negotiations may lead to Munich anti-antisuit injunction (IP Bridge v. Huawei)

        It’s antisuit time again. The related case law is evolving in ever shorter intervals, and I’ll give a talk about that topic on May 19 in a European Commission (specifically, DG GROW) webinar, entitled Enforcement of Standard-Essential Patents — current bottlenecks and possible solutions. I’ll be one of the three panelists on antisuit injunctions, and I’m looking forward to providing an overview of extraterritorial issues in standard-essential patent (SEP) litigation and their interdependencies. I’ll talk a