Bonum Certa Men Certa

Links 9/1/2018: CES Products and DRM in Linux





GNOME bluefish

Contents





GNU/Linux



  • The 5 best Linux distros for the enterprise: Red Hat, Ubuntu, Linux Mint and more


    Three of the five Linux distributions discussed offer reliable and professional-grade support, all have frequent updates to ensure that security exploits are addressed in a timely manner, and all have at least some level of corporate connectivity baked in. In addition, all of them can run Windows programs through virtual machines or subsystems such as Wine. That ability might appeal to executives, but it raises the question of whether it’s really necessary or even a good idea.

    There’s also a big cost difference between deploying Linux and Windows: Linux itself is free, so it’s the distributor’s support that you’ll pay for. And, yes, you will want to do that. The price for proper enterprise-ready support still makes Linux desktop a much less expensive option.


  • 9 Best Linux Distros For Programming And Developers (2018 Edition)
    Linux-based operating systems are often used by developers to get their work done and create something new. Their major concerns while choosing a Linux distro for programming are compatibility, power, stability, and flexibility. Distros like Ubuntu and Debian have managed to establish themselves as the top picks. Some of the other great choices are openSUSE, Arch Linux, etc. If you intend to buy a Raspberry Pi and start with it, Raspbian is the perfect way to start.


  • Server



    • Explore private cloud platform options: Paid and open source
      An open source private cloud platform, Apache CloudStack offers a comprehensive management system that features usage metering and image deployment. It supports hypervisors including VMware ESXi, Microsoft Hyper-V, Citrix XenServer and KVM.

      CloudStack also handles features like tiered storage, Active Directory integration and some software-defined networking. As with other open source platforms, it takes a knowledgeable IT staff to install and support CloudStack.


    • 7 systems engineering and operations trends to watch in 2018
      Kubernetes domination

      Kubernetes came into its own in 2017 and its popularity will only grow in 2018. Edward Muller, engineering manager at Salesforce, predicts that building tools on top of Kubernetes is going to be more prevalent next year. “Previously, most tooling targeted one or more cloud infrastructure APIs,” says Muller. “Recent announcements of Kubernetes as a Service (KaaS?) from major cloud providers is likely to only hasten the shift.”


    • 2018: The Year of Kubernetes and Interoperability
      On its own, Kubernetes is a great story. What makes it even better is the soaring interoperability movement it’s fueling. An essential part of enabling interoperable cloud-native apps on Kubernetes is the Open Service Broker API. OSBAPI enables portability of cloud services across offerings and vendors. A collaborative project across multiple organizations, including Fujitsu, Google, IBM, Pivotal, Red Hat and SAP, it enables developers, ISVs, and SaaS vendors to deliver services to applications running within cloud-native platforms. In 2017, we saw adoption of the API by Microsoft and Google. Late in the year, Amazon and Pivotal partnered to enable expose Amazon’s services via the broker as well. Red Hat uses it to support the OpenShift marketplace.






  • Kernel Space



    • Linux 4.17 To Likely Include Intel DRM Driver's HDCP Support
      Back in November a Google developer proposed HDCP content protection support for the Intel Direct Rendering Manager (DRM) Linux driver that is based upon their code from Chrome OS / Chromium OS. It looks like that High-bandwidth Digital Content Protection support in the i915 DRM driver will come for Linux 4.17.

      It's too late to happen for Linux 4.16 considering it would be too tardy for it to be comfortably added to DRM-Next. Google developer Sean Paul who has been spearheading this HDMI/DisplayPort HDCP support for the open-source Intel DRM driver believes the code is now ready for merging.


    • Linux Foundation



      • Linux Foundation LFCS and LFCE: Miltos Tsatsakis
        The Linux Foundation offers many resources for developers, users, and administrators of Linux systems. One of the most important offerings is its Linux Certification Program, which is designed to give you a way to differentiate yourself in a job market that's hungry for your skills.

        How well does the certification prepare you for the real world? To illustrate that, we will be highlighting some of those who have recently passed the certification examinations. These testimonials should help you decide if either the Linux Foundation Certified System Administrator or the Linux Foundation Certified Engineer certification is right for you.




    • Graphics Stack



      • Mesa 17.3.2 Release Notes / January 8, 2018


        Mesa 17.3.2 is a bug fix release which fixes bugs found since the 17.3.1 release.

        Mesa 17.3.2 implements the OpenGL 4.5 API, but the version reported by glGetString(GL_VERSION) or glGetIntegerv(GL_MAJOR_VERSION) / glGetIntegerv(GL_MINOR_VERSION) depends on the particular driver being used. Some drivers don't support all the features required in OpenGL 4.5. OpenGL 4.5 is only available if requested at context creation because compatibility contexts are not supported.


      • Mesa 17.3.2 Released With The Latest Stable Fixes
        While Mesa 18.0 will premiere later this quarter as the first feature update of 2018, Mesa 17.3.2 is now available as the second bug-fix release for last quarter's Mesa 17.3 series.


      • NVIDIA Rolls Out New Vulkan Beta Driver With Conservative Rasterization Support
        NVIDIA is sticking to their pledge of being quick with delivering support for new revisions of Vulkan support in their Windows and Linux drivers.

        Vulkan 1.0.67 was released on Friday and while it's mostly a mundane maintenance update, it does include one new extension: VK_EXT_conservative_rasterization. This extension adds a conservative rasterization mode to Vulkan and is similar to the GL_NV_conservative_raster OpenGL extension (more details on conservative rasterization here).


      • VC5 Gallium3D Driver Is Onto Pushing More Triangles In Simulator
        The VC5 open-source Gallium3D driver designed to support the next generation of Broadcom VideoCore graphics hardware is onto rendering more triangles, at least with the hardware simulator.




    • Benchmarks



      • Benchmarking Clear Linux With KPTI + Retpoline Support
        Yesterday Intel landed KPTI page table isolation and Retpoline support in their Clear Linux distribution. Given that one of the pillars of this Intel Open-Source Technology Center platform is on delivering optimal Linux performance, I was curious to see how its performance was impacted. Here are before/after benchmarks on seven different systems ranging from low-end Pentium hardware to Xeon servers.






  • Applications



  • Desktop Environments/WMs



    • K Desktop Environment/KDE SC/Qt



      • Discover, the KDE Software Center App, is Improving Nicely
        Many KDE fans –maybe even you– consider the app to be too limited, preferring instead to use an alternative tool like Synaptic or the Muon Software Center to handle package management.

        So popular is Muon that Kubuntu 17.10 even re-added it to its install image!

        But Discover shouldn’t be forgotten about.

        It’s important that Plasma desktop has a vibrant, easy to use, “one-stop-shop” for users to discover, install, update and remove software on their desktops.


      • Polishing Discover Software Center
        KDE Discover Software Center is a key element of our Usability and Productivity initiative because it encompasses the basic experience of discovering, installing, and removing software. Most regular people don’t want to use the command line to do this, and for them, we have Discover.






  • Distributions



    • Parted Magic Disk Partitioning, Cloning and Rescue Linux OS Has a New Release
      Coming four months after version 2017_09_05, which was the most successful release to date, Parted Magic 2018_01_08 ships with Linux kernel 4.14.11, a version that includes patches for the newly discovered Meltdown and Spectre security vulnerabilities, as well as better support for newer graphics cards.

      "The 2017_09_05 release was our most successful release to date with very little complaints. Instead of changing a bunch of stuff for the sake of changing a bunch of stuff, we basically kept it the way it was," says developer Patrick Verner in the release announcement. "We only addressed the little issues and updated relevant software."


    • New Releases



      • IPFire Open Source Firewall Linux Distro Gets Huge Number of Security Fixes
        IPFire 2.19 Core Update 117 is now available to download and comes with the latest OpenSSL 1.0.2n TLS/SSL and crypto library, as well as an updated OpenVPN implementation that makes it easier to route OpenVPN Roadwarrior Clients to IPsec VPN networks by allowing users to choose routes in each client’s configuration.

        The update also improves the IPsec implementation by allowing users to define the inactivity timeout time of an idle IPsec VPN tunnel that's being closed and updating the strongSwan IPsec-based VPN solution to version 5.6.1. It also disabled the compression by default and removed support for MODP groups with subgroups.


      • Chakra GNU/Linux Users Get KDE Plasma 5.11.5, KDE Applications 17.12 and Qt 5.10
        If you're using Chakra GNU/Linux, which is a rolling release computer operating system where you install once and receive updates forever, chances are you can upgrade its components to the recently released KDE Plasma 5.11.5 desktop environment, as well as KDE Applications 17.12.0 and KDE Frameworks 5.41.0 software suits, all built against the latest Qt 5.10.0 application framework.

        "You can now upgrade to the latest versions of KDE’s Plasma, Applications and Frameworks series, built against the brand new Qt 5.10.0," says Neofytos Kolokotronis in the forum announcement. "[KDE] Applications 17.12 is the first release of a new series that focuses on introducing enhancements and new features. As always with stability updates, Plasma 5.11.53 and Frameworks 5.41.02 include a month’s worth of bug fixes and improvements."




    • OpenSUSE/SUSE



      • Future Tumbleweed Snapshot to Bring YaST Changes


        Changes to YaST are coming and people using openSUSE Tumbleweed will be the first to experience these planned changes in a snapshot that is expected to be released soon.

        Those following the YaST Team blog may have been read about the implementation changes expected for libstorage-ng, which have been discussed for nearly two years. Libstorage is the component used by YaST; specially used in the installer, the partitioner and AutoYaST to access disks, partitions, LVM volumes and more.

        This relatively low-level component has been a constant source of headaches for YaST developers for years, but all that effort is about to bear fruit. The original design has fundamental flaws that limited YaST in many ways and the YaST Team have been working to write a replacement for it: the libstorage-ng era has begun.

        This document offers an incomplete but very illustrative view of the new things that libstorage-ng will allow in the future and the libstorage limitations it will allow to leave behind. For example, it already makes possible to install a fully encrypted system with no LVM using the automatic proposal and to handle much better filesystems placed directly on a disk without any partitioning. In the short future, it will allow to fully manage Btrfs multi-device filesystems, bcache and many other technologies that were impossible to accommodate into the old system.


      • openSUSE-Based GeckoLinux Receives New, Revamped Releases Built with KIWI
        The biggest change of the new GeckoLinux releases is that they are now built using the KIWI OS image builder instead of the older SUSE Studio, which was merged into SUSE's OBS (Open Build Service) last year. This gives GeckoLinux a smoother and more reliable boot process, better hardware detections, and boot splash screen support.

        Additionally, this major change no longer forces users to enter passwords for the default live session user account, provides a much cleaner ISO build process and structure that's up-to-date with OpenSuSE's standards, and introduces persistence support for Live USBs, allowing users to run GeckoLinux as a portable OS.


      • Libstorage-NG Landing Soon In openSUSE Tumbleweed For Improving The Installer
        Users of the openSUSE rolling-release Linux distribution will soon find an improved installer thanks to Libstorage-NG landing soon and improvements to YaST.

        Libstorage is a low-level storage library used by SUSE's YaST for dealing with disk / partition / LVM management and other storage device interaction. For over the past two years, libstorage-ng has been in development as the next-generation implementation.




    • Red Hat Family



    • Debian Family



      • Debbugs Versioning: Merging
        One of the key features of Debbugs, the bug tracking system Debian uses, is its ability to figure out which bugs apply to which versions of a package by tracking package uploads. This system generally works well, but when a package maintainer's workflow doesn't match the assumptions of Debbugs, unexpected things can happen.


      • Derivatives



        • Canonical/Ubuntu



          • Who Was To Blame For The Ubuntu BIOS Bug?
            So who is to blame for the corruption of the BIOS?

            Ultimately I would put the majority of the blame at the door of the manufacturers and the BIOS developers. You simply should not be able to corrupt the BIOS and there should be a reset option which returns it to factory settings if all else fails. The Ubuntu developers were the unlucky people to instantiate the bug by including a defective driver within the Kernel.

            Some of the blame has to go to the users as well. Maybe we need to be a bit smarter when installing operating systems and not necessarily jump at the latest thing.


          • System76 Continues to Improve HiDPI Support for Their Ubuntu-Based OS in 2018
            Work on the second release of Pop!_OS Linux will continue this year with a rebase on Canonical's upcoming Ubuntu 18.04 LTS (Bionic Beaver) operating system, due for release on April 26, 2018. The distro will also be released this spring, after Ubuntu 18.04 LTS, and will feature out-of-the-box support for HiDPI displays.

            System76 says that it received great feedback from the community in regards to the HiDPI improvements they are adding into Pop!_OS Linux lately, and, besides the fixing many of the reporting issues, they are also working on better integration of the HiDPI daemon into the desktop, including support for tweaking its behavior.


          • Ubuntu Server Development Summary – 09 Jan 2018


            The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubuntu Server Team. If you would like to reach the server team, you can find us at the #ubuntu-server channel on Freenode. Alternatively, you can sign up and use the Ubuntu Server Team mailing list.


          • LXD Weekly Status #29
            And we’re back from the holidays! This “weekly” summary is covering everything that happened the past 3 weeks.

            The big highlight was the release of LXD 2.21 on the 19th of December.

            During the holidays, we merged quite a number of bugfixes and smaller features in LXC and LXD with the bigger feature development only resuming now.

            The end of year was also the deadline for our users to migrate off of the LXD PPAs. Those have now been fully deleted and users looking for newer builds of LXD should use the official basckport packages or the LXD snap.


          • Flavours and Variants



            • Debian vs. Linux Mint: The Winner Is?
              Linux Mint is on track to becoming the most popular desktop distro available. This isn't to suggest that it's already happened, rather that it's on track to happen if Linux Mint continues to find its fans among Windows converts. By contrast, Debian has received almost no credit for this success whatsoever. Worse, neither does Ubuntu, which uses Debian as a base.

              So are Linux Mint and Debian really all that different? After all, Linux Mint is based on Ubuntu, which is based on Debian. One might surmise that the these distros are more similar than different. Fact is stranger than fiction. Linux Mint and Debian may share a common heritage, but that's where the similarities end.












  • Devices/Embedded





Free Software/Open Source



  • Piwik is now Matomo – Announcement
    You may be surprised to read this announcement, but no stress, take a deep breath, nothing big is going to happen, it is just our name that is changing and here are the reasons why.


  • Does DevOps Plus Open Source Equal Security?


  • Events



  • Web Browsers



    • Mozilla



      • Mozilla Marketing Engineering & Ops Blog: Kuma Report, December 2017


        We have a lot of things we have to do in Q1 2018, such as the CDN and Django 1.11 update. We postponed a detailed plan for 2018, and instead will spend some of Q1 discussing goals and priorities. During our discussions in December, a few themes came up.

        For the MDN Web Docs product, the 2018 theme is Reach. We want to reach more web developers with MDN Web Docs data, and earn a key place in developers’ workflows. Sometimes this means making developer.mozilla.org the best place to find the information, and sometimes it means delivering the data where the developer works. We’re using interviews and surveys to learn more and design the best experience for web developers.

        For the technology side, the 2018 theme is Simplicity. There are many seldom-used Kuma features that require a history lesson to explain. These make it more complicated to maintain and improve the web site. We’d like to retire some of these features, simplify others, and make it easier to work on the code and data. We have ideas around zone redirects, asset pipelines, and translations, and we hope to implement these in 2018.

        One thing that has gotten more complex in 2017 is code contribution. We’re implementing new features like browser-compat-data and interactive-examples as their own projects. Kuma is usually not the best place to contribute, and it can be challenging to discover where to contribute. We’re thinking through ways to improve this in 2018, and to steer contributor’s effort and enthusiasm where it will have the biggest impact.


      • Retained Display Lists
        As part of the lead up to Firefox Quantum, we added new telemetry to Firefox to help us measure painting performance, and to let us make more informed decisions as to where to direct our efforts. One of these measurements defined a minimum threshold for a ‘slow’ paint (16ms), and recorded percentages of time spent in various paint stages when it occurred. We expected display list building to be significant, but were still surprised with the results: On average, display list building was consuming more than 40% of the total paint time, for work that was largely identical to the previous frame. We’d long been planning on an overhaul of how we built and managed display lists, but with this new data we decided that it needed to be a top priority for our Painting team.


      • Multilingual Gecko in 2017


        In January 2017, we set the course to get a new localization framework named Fluent into Firefox.

        Below is a story of the work performed on the Firefox engine – Gecko – over the last year to make Fluent in Firefox possible. This has been a collaborative effort involving a lot of people from different teams. It’s impossible to document all the work, so keep in mind that the following is just the story of the Gecko refactor, while many other critical pieces were being tackled outside of that range.

        Also, the nature of the project does make the following blog post long, text heavy and light on pictures. I apologize for that and hope that the value of the content will offset this inconvenience and make it worth reading.






  • CMS



    • A Love Letter to Plain Text

      I have used Hugo, the blog engine this blog runs on top of, more and more lately for less and less typical use cases. Hopefully this post will inspire others in similar ways.

      There was another post on twitter recently that inspired me to write this post. The point of that post was that when your blog is just a pile of textfiles generic Unix tools combine to make many things are trivial that wouldn’t be with a more traditional database backed system.



  • Pseudo-Open Source (Openwashing)



  • Funding



  • BSD



    • LLVM Clang Is Moving Closer To Full OpenMP 4.5 Support
      While it took LLVM's Clang C/C++ compiler initially a long time to supporting OpenMP, the code continues to mature in supporting the latest updates to this parallel programming specification.

      As it stands now Clang has full support for OpenMP 3.1 and only partial support for OpenMP 4.5, but they continue moving closer to supporting OMP 4.5 on CPUs and eventually to NVIDIA GPUs with their CUDA back-end.


    • SPIR-V Support For Upstream LLVM Is Back To Being Discussed
      Next month the Vulkan 1.0 API will turn two years old but a goal that has remained elusive to date has been getting SPIR-V -- the intermediate representation shared by Vulkan and OpenCL -- into upstream LLVM.

      The goal would be upstream support for going between SPIR-V and LLVM IR. There's been various projects working on this SPIR-V and LLVM IR to/from translation support, but nothing has been upstreamed yet in LLVM itself for easier maintenance and focusing on a concerted effort.


    • OpenBSD-current now has 'smtpctl spf walk'

      This feature is still in need of testing, so please grab a snapshot and test!





  • Licensing/Legal



  • Openness/Sharing/Collaboration



  • Programming/Development



    • [Older] Quantum Computers Barely Exist—Here’s Why We’re Writing Languages for Them Anyway


      Quantum computers are still extremely rudimentary, and largely remain intriguing playthings in a few advanced research labs. That hasn’t deterred people from developing new programming languages for them.

      The most recent one comes from Microsoft, which has unveiled Q# (pronounced Q sharp) and some associated tools to help developers use it to create software. It joins a growing list of other high-level quantum programming languages such as QCL and Quipper.


    • This Week in Rust 216
    • #Rust2018
      As part of #Rust2018, I thought I would try to writeup my own (current) perspective. I’ll try to keep things brief.

      First and foremost, I think that this year we have to finish what we started and get the “Rust 2018” release out the door. We did good work in 2017: now we have to make sure the world knows it and can use it. This primarily means we have to do stabilization work, both for the recent features added in 2017 as well as some, ahem, longer-running topics, like SIMD. It also means keeping up our focus on tooling, like IDE support, rustfmt, and debugger integration.


    • GCC 8.0.0 Status Report (2018-01-08), Stage 3 ends Jan 14th
      GCC 8 is in development stage 3 currently but that is going to end at the end of Sunday, Jan 14th after which we go into regression and documentation fixes mode similar as if trunk was a release branch.


    • GCC 8 Will Enter Its Last Stage Of Development Next Week
      The GNU Compiler Collection 8 (GCC 8) is currently in "stage three" development whereby general bug fixing can still happen along with allowing new ports to be added. But that is changing next week as it enters its final stage of development prior to release.

      SUSE's Richard Biener announced that on 14 January, they will be going into their strict "regression and documentation fixes mode similar as if trunk was a release branch."






Leftovers



  • Science



    • Your smartphone is making you stupid, antisocial and unhealthy. So why can't you put it down?

      A decade ago, smart devices promised to change the way we think and interact, and they have – but not by making us smarter. Eric Andrew-Gee explores the growing body of scientific evidence that digital distraction is damaging our minds



    • The UK is still educating different classes for different functions in society
      Historically, the English educational system has educated the different social classes for different functions in society. However, in the 21st century, the expectation is that the English state system is providing roughly the same education for all. In my new book I argue that it does not. Even within a comprehensive school, when young people are all being educated in the same building, the working classes are still getting less education than the middle classes, just as they had when my father was educated at the beginning of the 20th century. We are still educating different social classes for different functions in society.

      The book is based on a mix of statistics, more than 500 interviews and my personal memoir of growing up as a free school meal child living on a council estate. The book argues that, despite a whole plethora of policy initiatives from testing regimes, league tables, school choice, academies and free schools, the return to traditional models of both primary and secondary curriculum and to a preoccupation with ‘school improvement’ and ‘school effectiveness’, little has changed in relation to how the working classes are valued within education. And despite the incessant focus on social mobility, England is at the bottom of the league table for working class children achieving high academic levels.




  • Hardware



  • Health/Nutrition



    • Medicines Patent Pool Launches Search For Next Director
      The Patent Pool, which works with a range of partners to help increase access to HIV, hepatitis C and tuberculosis treatments in developments, negotiates voluntary licences with patent owners and develops patent pooling initiatives, according to the announcement. The Geneva-based agency, spun off from Unitaid several years ago but still funded by it, has saved the international community nearly $400 million, it said.




  • Security



    • MalwareTech Prosecution Appears To Be Falling Apart As Gov't Plays Keep Away With Documents Requested By Defense
      Marcus Hutchins, a.k.a. MalwareTech, went from internet hero (following his inadvertent shutdown of the WannaCry ransomware) to federal government detainee in a surprisingly short amount of time. Three months after saving the world from rampaging malware built on NSA exploits, Hutchins was arrested at the Las Vegas airport as he waited for his flight home to the UK.

      When the indictment was published, many people noted the charges didn't seem to be backed by much evidence. The government accused Hutchins of creating and selling the Kronos malware, but the offered very little to support this claim. While it's true much of the evidence against Hutchins will be produced in court, the indictment appeared to be stretching legal definitions of certain computer crimes to their limits.

      The government's case appears to be weak and reliant on dubious legal theories. It's not even 100% clear that creating and selling malware is an illegal act in and of itself. The charges the government brought rely heavily on proving Hutchins constructed malware with the intent to cause damage to computers. This isn't so easily proven, especially when the government itself is buying malware to deploy for its own purposes and has yet to bring charges against any of the vendors it buys from. Anyone selling exploits to governments could be said to be creating malware with intent to cause harm. That it's a government, rather than an individual, causing the harm shouldn't make any difference -- at least not if the government wants to claim selling of malware alone is a federal offense.


    • ​The Linux vs Meltdown and Spectre battle continues
      Meltdown is a CPU vulnerability. It works by using modern processors' out-of-order execution to read arbitrary kernel-memory location. This can include personal data and passwords. This functionality has been an important performance feature. It's present in many modern processors, moshttps://www.ostechnix.com/check-meltdown-spectre-vulnerabilities-patch-linux/t noticeably in 2010 and later Intel processors. By breaking down the wall between user applications and operating system's memory allocations, it can potentially be used to spy on the memory of other programs and the operating systems.


    • ‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown
      It was late November and former Intel Corp. engineer Thomas Prescher was enjoying beers and burgers with friends in Dresden, Germany, when the conversation turned, ominously, to semiconductors.

      Months earlier, cybersecurity researcher Anders Fogh had posted a blog suggesting a possible way to hack into chips powering most of the world’s computers, and the friends spent part of the evening trying to make sense of it. The idea nagged at Prescher, so when he got home he fired up his desktop computer and set about putting the theory into practice. At 2 a.m., a breakthrough: he’d strung together code that reinforced Fogh’s idea and suggested there was something seriously wrong.


    • Linus Torvalds Is Not Happy About Intel's Meltdown And Spectre Mess
      Meltdown and Spectre exploit an architectural flaw with the way processors handle speculative execution, a technique that most modern CPUs use to increase speed. Both classes of vulnerability could expose protected kernel memory, potentially allowing hackers to gain access to the inner workings of any unpatched system or penetrate security measures.

      The flaw can't be fixed with a microcode update, meaning that developers for major OSes and platforms have had to devise workarounds that could seriously hurt performance.

      In an email to a Linux list this week, Torvalds questioned the competence of Intel engineers and suggested that they were knowingly selling flawed products to the public. He also seemed particularly irritated that users could expect a five to 30 per cent projected performance hit from the fixes.


    • It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs


      Microsoft’s fix for the Meltdown and Spectre bugs may be crocking AMD-powered PCs.

      A lengthy thread on answers.microsoft.com records numerous instances in which Security Update for Windows KB4056892, Redmond’s Meltdown/Spectre patch, leaves some AMD-powered PCs with the Windows 7 or 10 startup logo and not much more.



    • Warning: Microsoft's Meltdown and Spectre patch is bricking some AMD PCs

      We've already seen compatibility issues with some antivirus tools, and now some AMD users are reporting that the KB4056892 patch is rendering their computer unusable. A further issue -- error 0x800f0845 -- means that it is not possible to perform a rollback.



    • Observing interrupts from userland on x86

      In 2016, I noticed a quirk of the x86 architecture that leads to an interesting side channel. On x86, it is possible for a userland process to detect when it has been interrupted by an interrupt handler, without resorting to timing. This is because the usual mechanism for handling interrupts (without using virtualisation) doesn't always preserve all userland registers across an interrupt handler.



    • Twitter promotes 'get verified' phishing scam that actually steals your account, credit card details

      Following backlash and criticism, Twitter banned several Russian organisations including RT and Sputnik from purchasing ads on the platform.



    • Cybersecurity Firm Says Olympics Organizations Were Targeted by Hackers [sic]

      An email campaign, conducted between Dec. 22 and 28 last month, sent infected documents to Olympic associations from an email that was designed to appear as though it came from South Korean authorities, analysts with McAfee’s Advanced Threat Research division found.



    • The new DHS breach illustrates what's wrong with today's cybersecurity practices

      The lines between privacy incident, security incident, insider incident, and fraud are blurry at best.



    • Security updates for Tuesday


    • Hardcoded Backdoor Found In WD My Cloud NAS With Username “MyDlink”
      In yet another revelation of severe loopholes, a security researcher James Bercegay from Gulftech has discovered a backdoor in some models of the My Cloud NAS (Network-attached storage) drive family, manufactured by Western Digital.


    • Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key
      Microsoft has added a new and very important detail on the support page describing incompatibilities between antivirus (AV) products and the recent Windows Meltdown and Spectre patches.

      According to an update added this week, Microsoft says that Windows users will not receive the January 2018 Patch Tuesday security updates, or any subsequent Patch Tuesday security updates, unless the antivirus program they are using becomes compatible with the Windows Meltdown and Spectre patches.

      The way antivirus programs become compatible is by updating their product and then adding a special registry key to the Windows Registry.


    • How To Check For Meltdown And Spectre Vulnerabilities And Patch Them In Linux
    • With WPA3, Wi-Fi will be secure this time, really, wireless bods promise


    • WPA3 Released To Fill KRACKs Of The Wi-Fi WPA2 Protocol
    • NSA Denies Prior Knowledge Of Meltdown, Spectre Exploits; Claims It Would 'Never' Harm Companies By Withholding Vulns
      News surfaced late last week indicating everything about computing is fucked. Two critical flaws with zero perfect fixes -- affecting millions of processors -- were exposed by security researchers. Patches have been deployed and more are on their way, but even the best fixes seem to guarantee a noticeable slowdown in processing speed.

      [...]

      These recently-discovered exploits may be the ones that got away -- ones the NSA never uncovered and never used. But this statement portrays the NSA as an honest broker, which it isn't. If the NSA had access to these exploits, it most certainly would have used them before informing affected companies. That's just how this works. As long as exploits are returning intel otherwise inaccessible, the NSA will use the exploits for as long as possible before disclosing this info to US companies. The agency has historically shown little concern about collateral damage and I don't believe putting someone new in charge of the VEP is going to make that much of a difference in the future.


    • Security notice: Meltdown and Spectre


      If you haven’t already done so, please read “Meltdown and Spectre“.

      These vulnerabilities are critical. They expose all memory data present on the computer to any application running locally (including to scripts run by your web browser).

      Note: Meltdown and Spectre also affect smart phones and tablets. Please seek information on how to protect your mobile devices.


    • Linux Mint Devs Respond to Meltdown and Spectre Security Vulnerabilities
      Linux Mint developers have published today a statement regarding the recently unearthed Meltdown and Spectre security vulnerabilities, informing users on how to keep their PCs secure.

      Last week, two of the most severe security flaws were publicly disclosed as Meltdown and Spectre, affecting billions of devices powered by a modern processor from Intel, AMD, ARM, or Qualcomm. To mitigate these vulnerabilities, OEMs and OS vendors started a two and half months long battle to redesign software and kernels.

      Almost all known operating systems are affected, and all web browsers. Linux Mint is one of the most popular GNU/Linux distributions out there with millions of users, but it hasn't yet been patched against Meltdown and Spectre because it still relies on updates from the Ubuntu operating system.


    • All Supported 4MLinux and TheSSS Releases Now Patched Against Meltdown & Spectre


    • NVIDIA Confirms GPU Driver Fixes For Spectre


    • Linux security concerns rise as hackers target the OS [Ed: This describes merely perceived risks, associated with unpatched system or wrong installation, not inherent issues]




  • Defence/Aggression



    • MSNBC Ignores Catastrophic US-Backed War in Yemen
      For the popular US cable news network MSNBC, the largest humanitarian catastrophe in the world is apparently not worth much attention—even as the US government has played a key role in creating and maintaining that unparalleled crisis.

      An analysis by FAIR has found that the leading liberal cable network did not run a single segment devoted specifically to Yemen in the last nine months of 2017.

      And in these latter three-fourths of the year, MSNBC mentioned Russia 3,000 percent more than it mentioned Yemen.

      Moreover, in all of 2017, MSNBC did not once report on the US-backed Saudi airstrikes that have killed thousands of Yemeni civilians. Nor did it ever mention the impoverished nation’s colossal cholera epidemic, which infected more than 1 million Yemenis in the largest outbreak in recorded history.


    • Pushed to extremes: Cameroon’s escalating Anglophone crisis
      Fifteen months back, when a group of Anglophone lawyers went on strike in Cameroon, few would have predicted how far and how quickly events would escalate.

      Back then, in October 2016, the lawyers were objecting to the appointment of French-educated judges to their courts. A few other frustrated groups joined them later in peaceful protest against other government actions they perceived to be discriminating against the country’s English-speaking regions.

      Fast-forward to today, however, and that initial modest impetus has spiralled into Cameroon’s most alarming internal conflict since independence. In recent months, scores of civilians have been killed. Armed attacks have led to the deaths of at least sixteen army and police officers. The government has deployed the elite Rapid Intervention Battalion, which is usually found combatting Boko Haram, to the area. And thousands of refugees have fled to Nigeria, with the UN Refugee Agency expecting up to 40,000 more.





  • Transparency/Investigative Reporting



    • Julian Assange's stay in London embassy untenable, says Ecuador
      Ecuador’s foreign minister has said Julian Assange’s five-and-a-half-year stay in her country’s London embassy is “untenable” and should be ended through international mediation.

      The WikiLeaks founder has been holed up in Knightsbridge since the summer of 2012, when he faced the prospect of extradition to Sweden over claims that he sexual assaulted two women. He denies the accusations.
    • Daily Mail calls Virgin Trains' decision to stop stocking paper 'censorship'


    • Richard Branson's Virgin Trains is boycotting the Daily Mail because it is 'not compatible' with its beliefs


    • Ecuador seeks mediator to resolve 'untenable' Julian Assange standoff: Foreign minister
    • WikiLeaks Just Illegaly Posted PDF to Fire and Fury, Anyone Who Downloads Could Face Huge Fine
      For those not wanting to pay the $18 for a hardcover version of Michael Wolff‘s new book Fire and Fury: Inside the Trump White House, or the $14 dollars for the Kindle version, don’t be tempted by WikiLeaks’ tweet with the full PDF version of the book. Law&Crime consulted several copyright legal experts who all agree that the tweet amounts to copyright infringement, and anyone who downloads the book could be held liable too.


    • Twitter Still Hasn’t Pulled Wikileaks’ Link to Fire and Fury, Despite Clear Violation of Copyright Policy
      Last night, Wikileaks tweeted a link for people to click if they wanted to download the text of Michael Wolff‘s book Fire and Fury: Inside the Trump White House without paying for it. As Law&Crime Editor-in-Chief Rachel Stockman noted, there are serious legal issues with this, as it looks like a major copyright infringement. On top of legal issues though, it’s also against Twitter’s own policy. Wikileaks deleted their original tweet soon after they posted it, but another one went up later in the evening.
    • WikiLeaks Shared Entire ‘Fire and Fury’ Manuscript Online
      WikiLeaks has shared a link to the tell-all book about Donald Trump’s White House that has made waves in Washington, D.C.

      In a move that appeared to have the success of Michael Wolff’s tome Fire and Fury: Inside the Trump White House firmly in its crosshairs, the organization tweeted out a link to a full PDF of the book, which may have constituted copyright infringement.


    • The Targeting of Wikileaks
      Lamo also claimed that Manning told him he physicially dropped off classified information to WikiLeaks’ “intermediaries” in Boston—who I’m sure George Webb has shared a glass of wine or two with—and yet, after the chat logs were finally published in their entirety, no where does Manning say he dropped off classified information in Boston. Nor do the chats indicate that Assange helped Manning procure any documents. Yet, despite Lamo’s blatant lies that Kevin Poulsen helped cover up, Poulsen was invited to join the Freedom of the Press Foundation’s Technology Advisory Board in 2014 and although he’s no longer listed as such, an FPF webpage for him still exists. Why FPF board members turned a blind eye to what Lamo and Poulsen did to both Manning and Wikileaks, including Glenn Greenwald who, ironically, was the one who called out Poulsen’s questionable behavior in the first place, is inexplicable.



    • Freedom of the Press Foundation Cuts Wikileaks Donations
      So, for those of you that missed it because it didn’t grab a lot of headlines let me give you a head’s up on what’s been happening. The Freedom of the Press Foundation (FPF), the brainchild of Julian Assange and John Perry Barlow, decided to part ways with Wikileaks citing a lack of evidence that Wikileaks is suffering from a financial blockade. Assange addressed the FPF’s move in a letter he later released on pastebin.com but it didn’t stop the FPF board from unanimously voting to cut ties with Wikileaks. Unanimously. Micah Lee later stated that they would continue to fight for the First Amendment rights of Wikileaks “when they’re threatened,” which is the most absurd statement of the century seeing that the FPF is now doing literally nothing to support Julian Assange, Wikileaks, and its staff all of whom have been facing threats from more sides than a ShengShou Megaminx over the course of the last seven years.



    • How to leak information securely?
      As I mentioned at the beginning of the post, SecureDrop is a free software which is developed by an active community, the source code is hosted at github. The primary application is written in Flask, and various other Python modules. Feel free to look at the issues, and contribute to the project as you wish.




  • Environment/Energy/Wildlife/Nature



    • Trump-appointed regulators reject plan to rescue coal and nuclear plants
      The Federal Energy Regulatory Commission on Monday unanimously rejected a proposal by Energy Secretary Rick Perry that would have propped up nuclear and coal power plants struggling in competitive electricity markets.

      The independent five-member commission includes four people appointed by President Trump, three of them Republicans. Its decision is binding.






  • Finance



    • China Has More Plans to Stamp Out Bitcoin
      China’s government plans to crack down on Bitcoin mining, months after rocking the cryptocurrency world by banning initial coin offerings and shutting down exchanges.
    • Your Amazon Order Could Get You in Trouble With Customs
      Amazon’s counterfeit problem is well documented, but it’s easy to forget the myriad ways in which it can become your problem, too. After all, your new face mask probably won’t contain arsenic, your off-brand USB cord probably won’t fry your laptop, your made-in-China hoverboard probably won’t burn your house down, and your designer suitcase probably won’t put you on a US Customs and Border Protection blacklist for importing counterfeit goods.
    • A Crypto Website Changes Its Data, and $100 Billion in Market Value Vanishes
      Prices for some of the most popular cryptocurrencies dropped sharply Monday. One apparent reason: an adjustment from a popular website on its digital-currency price quotes.
    • Australia’s hard choice between China and US
      Australia has always believed that it doesn’t have to choose between its economic relationship with China and its defense alliance with the United States. But 2018 is already shaping up to be the year of the hard choice.

      It would be convenient for Australia if it was able to maintain its balancing act, but a confluence of global factors has stripped away the fiction that it can separate the economic benefits it gets from China and its post-World War II position as one of America’s closest strategic allies.




  • AstroTurf/Lobbying/Politics



    • Donald Trump now spends most of the day in bed
      This week we’ve learned two different pieces of information from two different sources which, when put together, paint a truly disturbing picture about what’s left of Donald Trump’s physical and mental competence. First we learned about what time he tends to start the day when he’s in the White House. Then we separately learned what time he ends each day in the White House. Do the math, and we’re looking at something utterly surreal.
    • 25th Amendment unlikely to be invoked over Trump's mental health
      Donald Trump’s description of himself as a “very stable genius” sparked new debate this weekend about the 25th Amendment, but invoking the provision to remove a president from office is so difficult that it’s highly unlikely to come into play over concerns about Trump’s mental health, a half-dozen lawyers with expertise on the measure said.

      The amendment’s language on what could lead a president to be involuntarily removed from office is spare, saying simply that the vice president and a majority of the Cabinet could take such a step when “the President is unable to discharge the powers and duties of his office.”

      “I think it’s both its strength and its weakness,” said Jay Berman, a former chief of staff to Sen. Birch Bayh (D-Ind.), who helped craft the amendment in the 1960s. “The answer is not provided in the 25th Amendment. ... It just does not provide that certainty or specificity. That might be easier in the context of physical incapacity, but it would be a lot harder in the case of mental incapacity.”
    • The New York Times brings us the looting of America
      Is there any mystery as to what is happening on the domestic front? The tax bill is nothing other than a looting of the nation for the sake of the 1%. It is thinly disguised pillage.

      The associated cuts in social programs represent a giant step in the Republican project of the past 40 years to repeal a century of progressive legislation. In case you wonder, the Republicans’ point of reference is not the 1920s, but rather the Gaslight Era of the 1890s – before the federal income tax was introduced.

      This is historic — a reactionary revolution without precedent. It is reshaping American society in fundamental ways that will endure.




  • Censorship/Free Speech



  • Privacy/Surveillance



    • Former NSA Contractor Pleads Guilty To Taking His National Defense Work Home With Him


      This is the end of one contractor's twenty-year run on supposedly ultra-secure systems. Martin cannot possibly be the only contractor whose work has made its way out of the office. The Intelligence Community's oversight has pointed out the half-assed job being done to secure things post-Snowden. Martin is just an embodiment of the IC's ideals: more focused on collecting data than making sure the collected info remains secure.
    • The Stasi's Tiny Torn-Up Analog Files Defeat Modern Digital Technology's Attempts To Re-Assemble East Germany's Surveillance Records
      It is nearly 30 years since the wall separating East and West Berlin came down, and yet work is still going on to deal with the toxic political legacy of East Germany. As Techdirt readers are well aware, one of the defining characteristics of the regime in East Germany was the unprecedented -- for the time, at least -- level of surveillance inflicted on citizens by the Stasi (short for Staatssicherheitsdienst, or State Security Service). This led to the creation of huge archives holding dossiers about millions of people.

      As it became clear that East Germany's government would fall, and that its long-suffering citizens would demand to know who had been spying on them over the years, Stasi officers began to destroy the most incriminating documents. But there were so many files -- a 2008 Wired article about them says they occupied 100 miles of shelving -- that the shredding machines they used started to burn out. Eventually, Stasi agents were reduced to tearing pages by hand -- some 45 million of them, ripping them into around 600 million scraps of paper.


    • Groups Line Up For Meaningful NSA Surveillance Reform
      Multiple nonprofit organizations and policy think tanks, and one company have recently joined ranks to limit broad NSA surveillance. Though our groups work for many causes— freedom of the press, shared software development, universal access to knowledge, equal justice for all—our voices are responding to the same threat: the possible expansion of Section 702 of the FISA Amendments Act.

      On January 5, the Rules Committee for the House of Representatives introduced S. 139. The bill—which you can read here—is the most recent attempt to expand Section 702, a law that the NSA uses to justify the collection of Americans’ electronic communications during foreign intelligence surveillance. The new proposal borrows some of the worst ideas from prior bills meant to reauthorize Section 702, while adding entirely new bad ideas, too.
    • Supreme Court Won’t Hear Key Surveillance Case
      The Supreme Court announced today that it will not review a lower court’s ruling in United States v. Mohamud, which upheld warrantless surveillance of an American citizen under Section 702 of the Foreign Intelligence Surveillance Act. EFF had urged the Court to take up Mohamud because this surveillance violates core Fourth Amendment protections. The Supreme Court’s refusal to get involved here is disappointing.

      Using Section 702, the government warrantlessly collects billions of communications, including those belonging to a large but unknown number of Americans. The Ninth Circuit Court of Appeals upheld this practice only by creating an unprecedented exception to the Fourth Amendment. This exception allows the government to collect Americans’ communications without a warrant by targeting foreigners outside the United States, known as “incidental collection.”

      We wish the Supreme Court had stepped in to fix this misguided ruling, but its demurral shouldn’t be taken to mean that Section 702 surveillance is totally fine. Some of the most controversial aspects of these programs have never been reviewed by a public court, let alone the Supreme Court. That includes “backdoor searches,” the practice of searching databases for Americans’ incidentally collected communications. Even in deciding Mohamud, the Ninth Circuit refused to address the constitutionality of backdoor searches.
    • How to Assess a Vendor's Data Security
    • OK Google: Copy Amazon and Build a Smart Speaker with a Screen
      Google Assistant is seeking a popularity boost by coming to gadgets with screens—a move Amazon already made with Alexa.


    • Analog Equivalent Privacy Rights (9/21): When the government knows what news you read, in what order, and for how long

      In an attention economy, data about what we pay attention to, how much, and for how long, are absolutely crucial predictive behaviors. And in the hands of a government which makes the crucial mistake of using it to predict pre-crime, the results can be disastrous for the individual and plain wrong for the government.

    • How Amazon Will Put Alexa Everywhere
      It’s no secret that Amazon wants to crush the voice assistant competition, but now we have a better idea how it plans to do it.
    • Whistleblower: New NSA Chief Must Be Given ‘Mandate to Ferret Out Wrongdoing'
      On Friday, a classified memo announcing that Mike Rogers, director of the US National Security Agency (NSA), would be retiring in the spring was leaked to the public.

      Though an official announcement of his retirement has not yet been made, the leaked notice suggests that a successor will be nominated and approved by the US Senate by the end of January.

      However, Kirk Wiebe, a former NSA senior analyst and renowned national security whistleblower, says his focus is more on the next NSA chief's ability to do what's right.


    • Groups Line Up For Meaningful NSA Surveillance Reform


      Multiple nonprofit organizations and policy think tanks, and one company have recently joined ranks to limit broad NSA surveillance. Though our groups work for many causes— freedom of the press, shared software development, universal access to knowledge, equal justice for all—our voices are responding to the same threat: the possible expansion of Section 702 of the FISA Amendments Act.

      On January 5, the Rules Committee for the House of Representatives introduced S. 139. The bill—which you can read here—is the most recent attempt to expand Section 702, a law that the NSA uses to justify the collection of Americans’ electronic communications during foreign intelligence surveillance. The new proposal borrows some of the worst ideas from prior bills meant to reauthorize Section 702, while adding entirely new bad ideas, too.
    • NSA sought to prevent Snowden-style leaks, ended up losing staff – whistleblower to RT
      The NSA has been steadily shedding staff ever since the agency introduced draconian internal rules to stop potential new Snowden-inspired whistleblowers, former NSA technical director William Binney told RT.

      “The NSA has launched an internal program called ‘See something, say something,’” Binney, said, further explaining that the new internal code of conduct encourages agency employees to actually spy not only on their targets, but also on their fellow colleagues. The aim of this new measures were to prevent employees from becoming “another Edward Snowden,” he said.

      However, the new draconian rules actually backfired as employees started leaving the agency in droves, with few people willing to fill the vacant posts. The new rules “create a very hostile, bad working environment,” Binney said. He added that the extreme precautionary measures taken by the NSA to prevent internal leaks after Snowden’s move “destroyed the moral of people doing work there.”


    • ‘Snowden is a traitor’: Former NSA analyst to RT (VIDEOS)
      Former NSA analyst Ira Winkler described whistleblower Edward Snowden as a traitor and a sociopath to RT.com, and said the agency needs to seriously revise its staff security training.

      Speaking to RT as part of our YouTube ‘Cyber Security Series,’ filmed at the European Cyber Threat Summit in Dublin, Winkler argued that anyone could have pulled off Snowden’s leaking of NSA documents “if they were a sociopath themselves.”

      Snowden allegedly accessed classified NSA data on the agency's mass surveillance program, which he later leaked to the world, by persuading up to 25 workers to give him login keys and passwords.
    • New CBP Border Device Search Policy Still Permits Unconstitutional Searches
      U.S. Customs and Border Protection (CBP) issued a new policy on border searches of electronic devices that's full of loopholes and vague language and that continues to allow agents to violate travelers’ constitutional rights. Although the new policy contains a few improvements over rules first published nine years ago, overall it doesn’t go nearly far enough to protect the privacy of innocent travelers or to recognize how exceptionally intrusive electronic device searches are.

      Nothing announced in the policy changes the fact that these device searches are unconstitutional, and EFF will continue to fight for travelers’ rights in our border search lawsuit.

      Below is a legal analysis of some of the key features of the new policy.


    • Police probe sought after India biometric data leak reported


    • EFF Supports Stricter Requirements for DNA Collection From Minors
      When the San Diego police targeted black children for DNA collection without their parents' knowledge in 2016, it highlighted a critical loophole in California law. Now, State Assemblymember Gonzalez Fletcher has introduced legislation—A.B. 1584—that would ensure cops cannot stop-and-swab youth without judicial approval or parental consent. EFF strongly supports this move.

      A.B. 1584 would require law enforcement to obtain a court order, a search warrant, or the written consent of both the minor and their parent or legal guardian before collecting DNA from the minor, except in a few narrow circumstances when DNA collection is already required under existing law.


    • In big push for total surveillance, Beijing bets on facial recognition

      Facial recognition is the new hot tech topic in China. Banks, airports, hotels and even public toilets are all trying to verify people's identities by analysing their faces.



  • Civil Rights/Policing



    • Pacifica Foundation Faces Potential Asset Seizures by NYC Landlord
      Back in the United States, Pacifica Foundation, the owner of radio stations KPFA, KPFK, KPFT, WBAI and WPFW, faces potential asset seizures by New York City landlord Empire State Realty Trust beginning this week. The threat of asset seizures stems from a lawsuit won by Empire State Realty Trust against Pacifica Foundation for $1.8 million in back antenna lease payments owed by the network’s New York City station WBAI. WBAI’s antenna sits on the Empire State Building. Among the assets at risk are California properties that house Pacifica Foundation’s headquarters and its Berkeley station KPFA. Pacifica Foundation is the oldest listener-supported radio network in the country. It was founded in Berkeley, California, in 1949 by war resister Lewis Hill.

    • James Damore sues Google, alleging intolerance of white male conservatives


    • US: Secret Evidence Erodes Fair Trial Rights
      Evidence suggests US authorities deliberately conceal the facts about how they found information in a criminal case and may be doing so regularly, Human Rights Watch said in a report released today. Withholding these facts to cover up investigative practices, including potentially illegal ones, harms defendants’ rights and impedes justice for human rights violations.

    • Portland's top brass said it was OK to swipe your garbage--so we grabbed theirs.
      t's past midnight. Over the whump of the wipers and the screech of the fan belt, we lurch through the side streets of Southeast Portland in a battered white van, double-checking our toolkit: flashlight, binoculars, duct tape, scissors, watch caps, rawhide gloves, vinyl gloves, latex gloves, trash bags, 30-gallon can, tarpaulins, Sharpie, notebook--notebook?

      Well, yes. Technically, this is a journalistic exercise--at least, that's what we keep telling ourselves. We're upholding our sacred trust as representatives of the Fourth Estate. Comforting the afflicted, afflicting the comfortable.Pushing the reportorial envelope--by liberating the trash of Portland's top brass.
    • Tech Backlash Grows as Investors Press Apple to Act on Children’s Use


    • New York City Adopts Historic Policing Reform
      Prompted by a diverse grassroots movement, much of the country continues to debate important proposed policing reforms at the local level. Many local policing campaigns that EFF supports focus on ending the era of law enforcement agencies acquiring surveillance equipment in secret. The latest campaign to prove successful secured a new law advancing transparency in New York City not only in policy, but also on the ground: the Right to Know Act.

      Adopted in a two-part measure, the Right to Know Act responds to the experience of New Yorkers and visitors subjected to law enforcement stops, frisks, and searches of personal possessions including digital devices like cell phones and tablets. The City Council’s passage of the measures comes in spite of fear-mongering and falsehoods promoted by police unions.


    • The Voter Purge Case at the Supreme Court Reveals the Justice Department’s Attack on Voting Rights
      We know the right to vote of every American is sacred and should be safeguarded. Why doesn’t the Trump administration?

      On Wednesday, the ACLU will be in the Supreme Court, defending a victory that preserved the voting rights of thousands of Ohio voters in the 2016 election.

      Along with Dēmos and the ACLU of Ohio, we represent the Ohio A. Philip Randolph Institute, the Northeast Ohio Coalition for the Homeless, and Larry Harmon, an Ohio voter. Together, we’ve challenged a voter purge process in Ohio, under which registered voters who do not vote during a two-year period are targeted for removal from the rolls. Here’s how it works: If you don’t vote for two years, Ohio sends you a nondescript notice in the mail, and if you don’t return it or vote in the next two federal elections cycles, they kick you off the rolls. With respect to your right to vote, Ohio is essentially saying, “Use it or lose it.”


    • In Kentucky, Public-School Bible Courses Look More Like Sunday School
      ACLU of Kentucky warns state department of education to set strict standards and guidelines for elective Bible courses.

      At Letcher County Central High in Whitesburg, Kentucky, students enrolled in the school’s elective Bible courses are instructed by one worksheet to “[d]o your best to build close relationships with other Christians, so that you may help one another through tough times.”

      Another worksheet used in the same class asks students, “What are some promises in the Bible that God gives everyone who believes in him?”

      Both curricular materials were sourced through “Teen Sunday School Place,” an online database of Sunday school lessons. Letcher County Bible course students are also encouraged to take part in religious activities, such as Bible Club.

      This is flagrantly unconstitutional but, unfortunately, not surprising: While it is technically possible for a public school to offer a course focusing solely on the Bible that complies with the Constitution, it’s very difficult to actually do, even with the best of intentions. And many public schools that offer such courses purposefully use them as vehicles to proselytize students and involve them in religious activities.




  • Internet Policy/Net Neutrality

    • The internet doesn’t suck
      It’s easy to think the internet sucks these days. My day job is defending net neutrality and getting people to care about privacy and the like. From that perch, it more often than not feels like things are getting worse on the internet.

      So, I thought I’d share an experience that reminded me that the internet doesn’t suck as much as we might think. In fact, in many moments, the internet still delivers all the wonder and empowerment that made me fall in love with it 25 years ago.

      The experience in question: my two sons Facetimed me into their concert in Toronto last week, lovingly adding me to a show that I almost missed.


    • The Little-Known Congressional Procedure That Could Save Net Neutrality
      There are a few ways to save net neutrality. Only one has a chance at success in the short term.

      Senate Democrats today reached an important milestone in the path to saving net neutrality after the Federal Communications Commission announced last month it would roll back protections from discrimination by internet service providers.

      A variety of proposals have been floated at the local and federal level to chip away at the FCC’s giveaway to the big telecommunications companies. But there are really only three ways to fully roll back the rollback. A federal court could rule in favor of the advocacy groups, states, and tech companies who will challenge the FCC action. However, complex legal challenges can take years. The FCC itself could reverse course and undo its decision. But given that the agency just voted along party lines to do away with net neutrality, it’s very unlikely the FCC would do an about-face until the White House changes hands.

      Restore Net Neutrality Protections

      Only one of the rollback options has a chance of making a difference in the near term. A law called the Congressional Review Act allows Congress to follow special expedited procedures to overturn agency actions with which it disagrees. Congress has 60 legislative days to act once the agency action has been formally posted and presented to the House and Senate. (Given the convoluted way that Congress counts a legislative day, our best guess is that the clock would run out in early to mid-June or so.) While the countdown hasn’t started yet, Democrats announced today that they have succeeded in getting the minimum 30 names necessary to force a vote.


    • Senate will force vote on overturning net neutrality repeal

      Markey announced his intention to file a resolution of disapproval in December, just after the FCC voted on new rules that killed net neutrality protections from 2015. These new rules were officially published last week, and with 30 sponsors, Markey can make the Senate vote on whether to consider overturning them. If this happens, it would lead to a debate and final vote.



    • Restoration of net neutrality rules hits key milestone in Senate


    • How Virgin Media lost me as a supporter
      Part of me wonders if the customer support has got worse recently, or if I’ve just been lucky. We had a problem about 6 months ago which was clearly a loss of signal on the line (the modem failed to see anything and I could clearly pinpoint when this had happened as I have collectd monitoring things). Support were insistent they could do a reset and fix things, then said my problem was the modem and I needed a new one (I was on an original v1 hub and the v3 was the current model). I was extremely dubious but they insisted. It didn’t help, and we ended up with an engineer visit - who immediately was able to say they’d been disconnecting noisy lines that should have been unused at the time my signal went down, and then proceeded to confirm my line had been unhooked at the cabinet and then when it was obvious the line was noisy and would have caused problems if hooked back up patched me into the adjacent connection next door. Great service from the engineer, but support should have been aware of work in the area and been able to figure out that might have been a problem rather than me having a 4-day outage and numerous phone calls when the “resets” didn’t fix things.


    • Uphill Effort To Reverse Net Neutrality Repeal Has The Early Votes
      As we've been tracking, there are several routes net neutrality advocates should support if they want to reverse the FCC's attack on net neutrality. The best path forward remains with the courts, where the FCC will need to explain why it ignored the public, the experts, 1,000 startups, and all objective data as it rushed to give a sloppy kiss to Comcast, AT&T and Verizon. It will also need to explain why it made up a DDOS attack and blocked a law enforcement investigation into rampant comment fraud during the proceeding; both apparently ham-fisted attempts to downplay legitimate public opposition to the plan.

      But we've also noted how there's an effort afoot by net neutrality advocates and Senator Ed Markey to use the Congressional Review Act to overturn the FCC's vote. Under the CRA, Congress can overturn a regulatory action with a majority vote if the Act is used within 60 days of said action. It's what the Trump administration and the GOP used early last year to kill broadband privacy protections before they were scheduled to take effect.




  • Intellectual Monopolies



    • Food Additive Approvals — and Patents
      I spend a lot of time thinking about the intersection of FDA regulation and intellectual property, and I have been constructing a large dataset relating to the patents claiming different types of FDA-regulated products. Recently, I have also been thinking a great deal about the regulation of food (because Mizzou is now allowing me to teach Food Law & Policy, in addition to Drug & Device Law). These two areas of interest intersected this past week, giving me some modest insights into premarket review of food additives and some very modest data to contribute to discussions about the (in?)efficiency of FDA’s food additive review process.

      [...]

      It’s hard to reach any grand conclusions from a set of 15 food additive petitions. But based on this review, I am inclined to be concerned about the length of time FDA takes reviewing food additive petitions and about the impact of the entire process on patent life. Some food additives can play an important role furthering the public health (for instance, artificial sweeteners play an important role for diabetics). Without digging further into FDA’s review of these particular food additives, which I have not done, it is hard to say what is causing the delays. But delays in the interest of chasing down vanishingly small chances of harm, when Congress did not mandate absolute harmlessness, would be concerning.


    • Prosecution History Informs Claim Meaning Even Without Unmistakable Disclaimer
      Although non-precedential, the Federal Circuit decision in Aptalis Pharmatech, Inc. v. Apotex Inc. is worth a read to see how the court “tiptoes” the “fine line between reading a claim in light of the specification, and reading a limitation into the claim from the specification.” Here, the court also notes that the prosecution history can inform claim meaning even without clear and unmistakable disclaimer of claim scope.


    • How Trump’s HHS nominee’s drug company ‘gamed’ a patent
      The drugmaker believed the erectile dysfunction drug might help a rare and deadly muscle-wasting disease that afflicts boys. The drug didn’t work — but under a law that promotes pediatric research, Lilly was able to extend the Cialis patent anyway for six months — and that’s worth a lot when a medication brings in over $2 billion a year.

      Critics say the brand-name drugmakers are “gaming” the patent system, finding all sorts of ways to protect monopolies and delay competition from generics. And Alex Azar — the former president of Eli Lilly's U.S. operations, now poised to become the top U.S. health official — professes to oppose such tactics.

      But the tension between his past actions as a drug executive and his likely future as the nation’s top health official are evident in both the Cialis story and in Lilly’s tripling of the price of insulin.


    • Copyrights



      • Sky Hits Man With €£5k ‘Fine’ For Pirating Boxing on Facebook

        A 34-year-old man from the UK has agreed to pay Sky €£5,000 after the broadcaster tracked an illegal Facebook stream of the 2017 Joshua v Klitschko fight to his account. Craig Foster, who was warned of a potential €£85,000 award should the case go to court, claimed that he wasn't responsible. Backtracking, he says he now wants a fight with Sky.



      • Pirate Bay founder berates Netflix and Spotify

        "Artists can't choose to be or not to be on Spotify in reality, because there's nothing else in the end. If Spotify doesn't follow the rules from these companies, they are f**ked as well. The dependence is higher than ever."

      • Is Radiohead Really Suing Lana Del Rey For Copyright Infringement?
        Though these allegations have since been proven to be inaccurate, the situation seems far from resolved. A spokesperson on behalf of Radiohead has shared with The Sun that “both teams are trying to thrash it out behind the scenes to prevent going to court.” “It’s understood that Radiohead’s team are hoping for the band to either receive compensation or be credited on the list of songwriters to receive royalties.”
      • White noise video on YouTube hit by five copyright claims
        A musician who made a 10-hour long video of continuous white noise - indistinct electronic hissing - has said five copyright infringement claims have been made against him.

        Sebastian Tomczak, who is based in Australia, said he made the video in 2015 and uploaded it to YouTube.

        The claimants accusing him of infringement include publishers of white noise intended for sleep therapy.

        "I will be disputing these claims," he told the BBC.


      • Facebook and Sony/ATV Music Publishing Announce Licensing Agreement

        Under the agreement, users will be able to upload and share videos on Facebook, Instagram and Oculus that contain compositions licensed from Sony/ATV’s catalog as well as personalize their music experiences with songs from the catalog.



      • Facebook strikes music licensing deal with Sony

        Facebook recently inked a similar deal with Universal Music, but Sony is the largest music publisher in the world. With two of the three biggest services signed, it's expected that Zuckerberg & Co. will ink a deal with the last holdout, Warner Music, soon.



      • Facebook and Sony/ATV reach a licensing deal to let people post music videos

        These types of partnerships can help Facebook better challenge tech companies like Spotify and YouTube, which has deals with UMG and Warner Music Group.







Recent Techrights' Posts

Early Retirement Age: Linus Torvalds Turns 55 Next Week
Now he's almost eligible for retirement in certain European countries
 
Links 22/12/2024: North Pole Moving and Debian's Joey Hess Goes Solar
Links for the day
This 'Article' About "Linux Malware" is a Fake Article, It's LLM Slop (Likely Spewed Out by Microsoft Chatbot)
They're drowning out the Web
Gemini Links 22/12/2024: Solstice and IDEs
Links for the day
BetaNews: Microsoft Slop is Your "Latest Technology News"
Paid-for garbage disguised as "journalism"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 21, 2024
IRC logs for Saturday, December 21, 2024
Links 21/12/2024: EU on Solidarity with Ukraine, Focus on Illegal and Unconstitutional Patent Court in the EU (UPC)
Links for the day
[Meme] Microsofters at the End of David's Leash
Hand holding the leash. Whose?
Deciphering Matt's Take on WordPress, Which is Under Attack From Microsofters-Funded Aggravator
the money sponsoring the legal attacks on WordPress and on Matt is connected very closely to Microsoft
Gemini Links 21/12/2024: Projections, Dead Web ('Webapps' Replacing Pages), and Presentation of Pi-hole
Links for the day
American Samoa One of the Sovereign States Where Windows Has Fallen Below 1% (and Stays Below It)
the latest data plotted in LibreOffice
[Meme] Brian's Ravioli
An article per minute?
Links 21/12/2024: "Hey Hi" (AI) or LLM Bubble Criticised by Mainstream Media, Oligarchs Try to Control and Shut Down US Government
Links for the day
LLM Slop is Ruining the Media and Ruining the Web, Ignoring the Problem or the Principal Culprits (or the Slop Itself) Is Not Enough
We need to encourage calling out the culprits (till they stop this poor conduct or misconduct)
Christmas FUD From Microsoft, Smearing "SSH" When the Real Issue is Microsoft Windows
And since Microsoft's software contains back doors, only a fool would allow any part of SSH on Microsoft's environments, which should be presumed compromised
Paywalls, Bots, Spam, and Spyware is "Future of the Media" According to UK Press Gazette
"managers want more LLM slop"
Google Has Mass Layoffs (Again), But the Problem is Vastly Larger
started as a rumour about January 2025
On BetaNews Latest Technology News: "We are moderately confident this text was [LLM Chatbot] generated"
The future of newsrooms or another site circling down the drain with spam, slop, or both?
"The Real New Year" is Now
Happy solstice
Microsoft OSI Reads Techrights Closely
Microsoft OSI has also fraudulently attempted to censor Techrights several times over the years
"Warning About IBM's Labor Practices"
IBM is not growing and its revenue is just "borrowed" from companies it is buying; a lot of this revenue gets spent paying the interest on considerable debt
[Meme] The Easier Way to Make Money
With patents...
The Curse (to Microsoft) of the Faroe Islands
The common factor there seems to be Apple
Electronic Frontier Foundation Defends Companies That Attack Free Speech Online (Follow the Money)
One might joke that today's EFF has basically adopted the same stance as Donald Trump and has a "warm spot" for BRICS propaganda
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 20, 2024
IRC logs for Friday, December 20, 2024
Gemini Links 21/12/2024: Death of Mike Case, Slow and Sudden End of the Web
Links for the day
Links 20/12/2024: Security Patches, Openwashing by Open Source Initiative, Prison Sentence for Bitcoin Charlatan and Fraud
Links for the day
Another Terrible Month for Microsoft in Web Servers
Consistent downward curve
LLM Slop Disguised as Journalism: The Latest Threat to the Web
A lot of it is to do with proprietary GitHub, i.e. Microsoft
Gemini Links 20/12/2024: Regulation and Implementing Graphics
Links for the day
Links 20/12/2024: Windows Breaks Itself, Mass Layoffs Coming to Google Again (Big Wave)
Links for the day
Microsoft: "Upgrade" to Vista 11 Today, We'll Brick Your Audio and You Cannot Prevent This
Windows Update is obligatory, so...
The Unspeakable National Security Threat: Plasticwares as the New Industrial Standard
Made to last or made to be as cheap as possible? Meritocracy or industrial rat races are everywhere now.
Microsoft's All-Time Lows in Macao and Hong Kong
Microsoft is having a hard time in China, not only for political reasons
[Meme] "It Was Like a Nuclear Winter"
This won't happen again, will it?
If You Know That Hey Hi (AI) is Hype, Then Stop Participating in It
bogus narrative of "Hey Hi (AI) arms race" and "era/age of Hey Hi" and "Hey Hi Revolution"
Bangladesh (Population Close to 200 Million) Sees Highest GNU/Linux Adoption Levels Ever
Microsoft barely has a grip on this country. It used to.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 19, 2024
IRC logs for Thursday, December 19, 2024