As much as I love to poke at the inner workings of my computer, I'll admit that until recently, I didn't give much thought to which version of the Linux kernel my desktop system was running.
For most desktop users, this isn't all that odd. Compatibility of kernel modules is often critical for servers and production systems, but day-to-day desktop usage doesn't change much from update to update.
Two things motivated me to scrutinize the kernel version more closely: considerations for specific hardware; and a very scary bug recently identified in the Ubuntu distribution's latest release.
Having picked up a lot of useful tips in exploring different kernel versions, I decided to share what I've learned so far.
There will most likely be a learning curve involved with picking up an open source OS, but the community, customisation and cost (free) should definitely be enough to draw you in.
Automotive Grade Linux (AGL), a collaborative cross-industry effort developing an open platform for the connected car, today announced that AGL is now in Toyota vehicles around the world. AGL also announced five new members, including Amazon Alexa, which joined as a Silver member.
"Having AGL in vehicles on the road globally is a significant milestone for both AGL and the automotive open source community," said Dan Cauchy, Executive Director of Automotive Grade Linux at The Linux Foundation. "Toyota has been a strong proponent of open source for years, and we believe their adoption of an AGL-based infotainment system has set a precedent that other automakers will follow."
While Intel Cannonlake processors aren't out yet with their new "Gen 10" graphics hardware, Intel's Open-Source Technology Center has published their first graphics driver patches for Linux enablement of Icelake "Gen 11" hardware.
Cannonlake CPUs will be shipping this year while Icelake is at least a year out, which will feature further improvements to the Intel onboard graphics. Intel OTC developers had posted their first GPU Linux driver patches last April for Cannonlake in order to get the support reviewed and upstream well ahead of the hardware launch.
If you are looking for a lightweight music player with clean, intuitive user interface and all the standard features, give Sayonara a try. It's first stable version is just out.
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 159.
Version 0.26 of the notmuch email client/indexer is available with a long list of new features. "It's now possible to include the cleartext of encrypted e-mails in the notmuch index. This makes it possible to search your encrypted e-mails with the same ease as searching cleartext."
Jumble Password is an electron-based utility app that you can use to create unique password combinations using your date of birth and name. It uses a random number permutation algorithm called the Fisher-Yates Shuffle Algorithm to jumble up sequences.
A typical case scenario is if you want to create a password for a website project you’re working on. You can choose to enter random names or dates to get unique suggestions each time you hit the submit button.
Tableau said its in-memory data engine, called Hyper, is generally available and will be included in Tableau 10.5. Hyper will be able to boost query speed by 5X and extract data and large data sets faster.
With the move, Tableau gets into the database game. Typically, Tableau is extracting data from multiple data sets and joining them together.
What Tableau is hoping to do is speed up time to insight and visualization. Tableau is also releasing Tableau Server on Linux and the ability to embed multiple visualizations in a single view with Viz in Tooltip.
Tableau announced today that its new Hyper data engine is generally available to customers, providing a massive speed boost for existing processes through its business intelligence and analysis software.
TL;DR: deraadt@ thought it would be nice to have a spf fetch utility in base. Aaron Poffenberger wrote a shell-based `spf_fetch` utility. I wrote a C-based `spfwalk` utility that's `pledge()`-ed. The `spfwalk` utility got merged to `smtpctl`.
A bit over a year ago I started working on smack-omemo as part of my bachelor thesis. Looking back at the past year, I can say there could have hardly been a better topic for my thesis. Working with Smack brought me deep into the XMPP world, got me in contact with a lot of cool people and taught me a lot. Especially the past Google Summer of Code improved my skills substantially. During said event, I took a break from working on smack-omemo, while focussing on a Jingle implementation instead. After the 3 months were over, I dedicated my time to smack-omemo again and realized, that there were some points that needed improvements.
Not getting enough MMOs on Linux? Project: Gorgon [Official Site] looks like a somewhat promising MMORPG that's currently free while it's in Alpha.
The game is being made by Eric Heimburg and his wife Sandra Powers, two veterens who've worked on titles like Asheron’s Call 1 and 2, Star Trek Online, EverQuest II and others. For a little history on their funding: The game was originally funded on Kickstarter with $74,781 secured, this was way back in 2015 and they said in their FAQ even then that they did want to support Linux. On top of that, they secured a further $17,230 from IndieGoGo back in 2016.
Hinterhalt [Steam], a WW2 small-scale strategy game that's currently in Early Access has Linux support and it's showing a lot of promise already.
GXml is a library for XML access and GObject serialization to XML, with a W3C DOM4 API implementation.
As for resent release of Vala 0.39.4, there are huge improvements if we talk about warnings output at Vala code and C code compilation level.
One of the argument against Vala, has been the number of warnings you get for a valid Vala code at C level compilation. As an example you can check warnings for GXml in March 2017 about 230, some were my fault but other at C level.
There are all sorts of reasons people take their pick. It could be based on familiarity, on the UI, on performance, on package availability, on stability, on support, or thousands of other factors. Every year, just once, we let you chime in and tell us your favorite.
This year, in an effort to keep the conversation a little more focused, we're asking specifically, what's your favorite desktop distribution? And we're adding a few more choices this year. To be as fair as possible when it's impossible to list every distribution, we pulled the top 15 distributions according to DistroWatch over the past 12 months. It's not scientific—but it's something to start with, and we had to cull it down somehow.
Fixes to the dual-boot OS selection menu. An error message introduced in Endless OS 3.3.7 is fixed, and hibernated Windows systems are detected in more cases.
Drag and drop for apps. We’ve added drag and drop functionality to the applications displayed in your desktop folders. You can now reorder apps, and add and remove apps from folders more easily.
Dual-boot installation from DVDs. The Endless Installer for Windows now works correctly when run from a DVD.
Vipul Siddharth is an intern at Red Hat. He is pursuing a bachelors degree in computer applications from Christ University in Bengaluru, India. Vipul started using Linux in 2015 His first distribution was Fedora and despite trying Arch, Elementary and others Fedora remains his primary operating system.
Siddarth’s current daily routine starts with working out, the college and finally the office. He is currently working on Fedora Cloud. “Now I am working on building a testing framework for fedora cloud.” Along with this, he regularly contributes to Fedora Quality Assurance. Vipul also organizes FOSS and Fedora events. “I have organized Fedora activity days and fedora-release parties for Fedora 25 and 26.”
Siddharth’s childhood hero was Goku from Dragon Ball Z. “I wanted to eat, laugh and protect the world like him. I kinda still do.” Vipul’s favorite movies are 12 Angry Men and The Godfather (I, II and III)
In the ARM space there was quite a lot of achievements. The big one being the initial support of aarch64 SBCs (finally!), I was very proud of the work we achieved here, it’s a single install path with uEFI/grub2 and a single install path. More work in the short term, by a team of cross team distro people, which took us a lot longer than I’d hoped, but the outcome is a lot better experience for end users and a much more supportable platform for those that need to support it moving forward! It was no means our only achievement with a lot of other ARM improvements including on the Raspberry Pi, accelerated GPUs, initial support for the 96boards platforms. Three is of coarse already LOTS of work in motion for the ARM architectures in 2018 and I’m sure it’ll be as fun and insanely busy as always but I feel we’re now going into it with a good base for the aarch64 SBCs which will rapidly expand in the devices we support moving forward!
TeX Live is a project of long history, starting somewhen back in the 90ies with CDs distributed within user groups till the most recent net-based distribution and updates. Discussion about using a VCS started very early, in 1999. This blog recalls a bit of history of the VCS for TeX Live, and reports on the current status of the Subversion and Git (svn mirror) repositories.
I'll assume everyone's already heard repeatedly about the Meltdown and Spectre security issues that affect many CPUs. If not, see meltdownattack.com. These primarily affect systems that run untrusted code - such as multi-tenant virtual hosting systems. Spectre is also a problem for web browsers with Javascript enabled.
If you are a Debian Maintainer (DM) or Debian Developer (DD) doing source-only uploads to Debian for packages maintained in git, you are probably using some variation of the following...
We hope you've had a Merry Christmas and a Happy New Year!
As you may have noticed, we didn't release an OSMC update in November. After a lot of hard work, OSMC's slightly belated December update is here with Debian Stretch and Kodi 17.6. This yields a number of improvements, and is one of our largest OSMC updates yet:
Better performance A larger number of software packages to choose from More up to date software packages to choose from
We'd like to thank everyone involved with testing and developing this update.
Over the past week I have posted many KPTI and Retpoline benchmarks for showing the performance impact of these patches to combat the Spectre and Meltdown vulnerabilities. But with my testing so far I haven't done any showing the combined impact of KPTI+Retpoline on Ubuntu versus a completely unpatched system. Here are some of those results.
Similar to the Benchmarking Clear Linux With KPTI + Retpoline Support, these tests are similar but with a few different systems and looking at the performance when testing from Ubuntu 17.10. The comparison on each system was to a stock Linux 4.14.0 kernel compared to the Linux 4.14 kernel with the upstream KPTI patches paired with the Retpline v5 patches that have yet to be merged for mitigating Spectre.
I am not joking. I seriously believe that software regressions should be punished. They destroy people's mood and will and desire to use programs, and the users start developing almost PTSD-like effects, not knowing when something is going to crash because no one bothered checking their fresh code. Jail time seems appropriate. Failing that, strict and rigorous validation procedures that currently DO NOT EXIST in the wider Linux world.
Zesty remains the perfect distro and the best Plasma release ever. It's so much ahead, I feel like shedding a tear every time I use it. In comparison, Awful Anteater is a pale shadow of what Kubuntu can do. So yes it works. But it brings crashes and unnecessary nonsense that just spoils everything. It's such a shame, and such a wasted opportunity. The upgrade itself was flawless. But it's not an upgrade. It's a version increase and a definite downgrade. Wait for the LTS. Or something. Oh, the humanity!
Artila’s “Matrix-713” mobile IoT gateway runs Linux on a Cortex-A5 ATSAMA5D35, and provides Fast and Gigabit Ethernet, 2x CAN, 2x mini-PCIe, GPS, and an IMU, and supports -20 to 80€°C temperatures.
Artila’s Mobile IoT Gateway Matrix-713 follows a similarly headless Matrix-710 embedded computer announced last May, which also runs Linux 4.9 on a 536MHz, Cortex-A5 Atmel ATSAMA5D35 SoC, and shares many of the same features. It’s not a replacement, however, but rather a more advanced, mobile-friendly alternative. (Separately, Artila announced a new Aport-213 (PDF) serial-to-WiFi gateway.)
The Raspberry Pi Zero has been a wonder since it was first introduced. So much power (and so much fun!) in such a small package. Ah, but there was the problem, too -- such a small package, that it didn't have room for very many connectors, and the ones that it had were smaller than the standard-sized connectors on the full-sized Pi models.
The biggest of these problems was with USB connections. The Pi Zero has only one USB port (yeah, I know it looks like there are two, but the other one is the power connection and you can't hijack it), and it is not even a standard Type-A port, it is a microUSB (also known as OTG or 'on the go'). That means that Pi Zero owners who needed to connect USB devices and dongles (who doesn't?) had to buy some kind of micro-to-TypeA adapter cable.
Project Linda is basically a dock that lets you seamlessly dock your Android-powered Razer Phone at the place where the touchpad usually resides (see picture below). Once you connect the phone, the 5.7-inch display becomes a touchpad; it can alternatively be used as a second screen. With the press of a button, a USB-C port inserts inside the phone.
In a past life (a couple of weeks ago), we used to report on the previous months Tizen apps that had been downloaded from the Tizen Apps Store. Now, we have a list of the Top 20 Tizen Apps / Games for the whole of 2017. This will be our last round-up of the Tizen Store and I’m doing this more out of nostalgia than anything else.
Android smartphones come with a default music player for audio playback. So, why should you look for an alternate music player? Because the default player might not be feature-rich, it might not provide you with a satisfactory equalizer or its user interface might not be convenient. For instance, most devices nowadays come with Google Play Music as the default music player. It is simple and does the job, but lacks features like folder view in the library, the ability to edit tags for files and many other necessary tools.
Google announced third-party products that run Android Things, Google Assistant, and Cast, including smart speakers from LG and iHome. There are also embedded modules from Qualcomm, MediaTek, and Rockchip that will drive speakers and smart displays from JBL, Lenovo, Sony, and others.
Google has avoided the CES show in recent years, but has shown up big in 2018 to counter-attack Amazon’s voice assistant juggernaut Alexa with news about its rival, second place Google Assistant agent. We’ll focus here on new products that combine the Assistant voice agent with Google’s lightweight Android Things distribution. These include the LG ThinQ WK7 and iHome iGV1 smart speakers, and three new computer-on-modules: the Qualcomm SD212 Home Hub Platform, MediaTek MT8516, and Rockchip RK3229 SoM. The modules will drive speaker and smart displays from JBL, Lenovo, LG, and Sony, as well as smart speaker reference designs from three ODMs: Tymphany, Goertek, and Tonly.
You might be familiar with the expression: So many tools, so little time. In order to try to save you some time, I've outlined some of my favorite tools that help agile teams work better. If you are an agilist, chances are you're aware of similar tools, but I'm specifically narrowing down the list to tools that appeal to open source enthusiasts.
Caution! These tools are a little different than what you may be expecting. There are no project management apps—there is a great article on that already—so there are no checklists, no integrations with GitHub, just simple ways to organize your thoughts and promote team communication.
Whether it be for home or for your workplace, chances are you've encountered an open source firewall. And if you haven't, you really should check out what these open source firewalls have to offer. In this article, I'll share the open source firewalls I've admired, used in the past and heard good things about. Keep in mind that the needs of your workplace may vary, so be sure to review the features of each firewall solution carefully.
For seven years and counting, Gil Yehuda, Senior Director of Open Source at Oath Inc. (which owns the Yahoo and AOL brands), has led the open source program at Yahoo. Now with an expanded scope, he is gearing up to grow his team and improve the program. The company’s formal open source program office serves as a hub to connect all open source activities across the company, he says, but it didn’t start out that way.
As with many other companies, the open source program started informally with a group of diligent engineers and a few legal people. But the ad hoc group soon realized it needed a more formal program if it was going to be able to scale to address more issues and achieve specific business goals. With a formal program in place, they are poised to achieve its goals.
The technical savvy and inventive energy of young programmers is alive and well.
This was clear from the diligent work that I witnessed while participating in this year’s PennApps, the nation’s largest college hackathon. Over the course of 48 hours, my high school- and college-age peers created projects ranging from a blink-based communication device for shut-in patients to a burrito maker with IoT connectivity. The spirit of open source was tangible throughout the event, as diverse groups bonded over a mutual desire to build, the free flow of ideas and tech know-how, fearless experimentation and rapid prototyping, and an overwhelming eagerness to participate.
Why then, I wondered, wasn’t open source a hot topic among my tech geek peers?
To learn more about what college students think when they hear "open source," I surveyed several college students who are members of the same professional computer science organization I belong to. All members of this community must apply during high school or college and are selected based on their computer science-specific achievements and leadership—whether that means leading a school robotics team, founding a nonprofit to bring coding into insufficiently funded classrooms, or some other worthy endeavor. Given these individuals’ accomplishments in computer science, I thought that their perspectives would help in understanding what young programmers find appealing (or unappealing) about open source projects.
EPFL's Blue Brain Project today announces the release of its open source software project 'Blue Brain Nexus', designed to enable the FAIR (Findable, Accessible, Interoperable, and Reusable) data management principles for the Neuroscience and broader scientific community. It is part of EPFL's open-science initiative, which seeks to maximize the reach and impact of research conducted at the school.
The aim of the Blue Brain Project is to build accurate, biologically detailed, digital reconstructions and simulations of the rodent brain and, ultimately the human brain. Blue Brain Nexus is instrumental in supporting all stages of Blue Brain's data-driven modelling cycle including, but not limited to experimental data, single cell models, circuits, simulations and validations. The brain is a complex multi-level system and is one of the biggest 'Big Data' problems we have today. Therefore, Blue Brain Nexus has been built to organize, store and process exceptionally large volumes of data and support usage by a broad number of users.
Devery.io are developing the Devery Protocol, aiming to provide a decentralized verification platform enabling the marking and tracking of items over the Ethereum blockchain.
Christmas may have come a few days early this past December for security advocates with the introduction of the Haven app, bringing with it a fair amount of excitement, criticism, and an excellent opportunity to explore some of the less often discussed aspects of working with open source.
For those who have been off of Twitter since the coverage started since Friday, the Haven app has been proposed as a solution for protecting your physical space from surveillance (or worse). Built for Android by the good folks over at the Guardian Project, the makers of great anonymity apps that help protect their users from surveillance, the app makes use of the phone’s sensors to detect intruders that might attempt to creep on your personal space.
2017 was quite a year beyond the socio-economic, geo-political, and bizarre. I, and many of my colleagues did what we could: find solace in work. I’ve often found that in uncertain times, making forward progress on difficult technical projects provides just enough incentive to continue for a bit longer. With the successful release of Firefox 57, I’m again optimistic about the future for the technical work. The Firefox Layout Engine team has a lot to be proud of in the 57 version. The winning combination was shipping big-ticket investments, and grinding down on many very difficult bugs. Plan “A” all the way!
Facebook has responded to governments' criticism of cryptography by giving the world an open source encrypted group chat tool.
It's hardly likely to endear the ad-farm to people like FBI Director Christopher Wray, who yesterday told an international infosec conference it was “ridiculous” that the Feds have seized nearly 8,000 phones they can't access. UK prime minister Theresa May has also called for backdoors in messaging services and for social networks to stop offering "safe spaces" for extremists.
GNU/Linux was able to fill this gap, truly reshaping software design and development. Rather than writing and updating proprietary, foundational code, various developers working at varying companies or on their own could use and enhance the basic software building blocks, thereby focusing the majority of their resources on higher stack-level innovations.
And, it worked.
The post itself doesn't mention anything about archival or exporting — "they cost us money to maintain", though someone in the comments says they're looking into solutions — but it does mention where to go next
Approximately 50 customers and Apple employees were evacuated from a Swiss battery store after the battery of a device overheated and started emitting smoke.
While it wasn’t disclosed which device was using the faulty battery, local media Watson (via 9to5mac) reports that the emergency services quickly responded to a call from an Apple Store in Zurich at Bahnhofstrasse 77, as no less than seven people reportedly suffered minor injuries.
An Apple Store employee suffered burns when trying to remove the battery, and six other persons, either workers or members of the staff, needed medical care because of smoke inhalation.
Zurich police say the Apple Store staff responded well to the incident and the overheated battery was covered with sand to stop the fire and prevent smoke from being emitted inside the store. Specialists from the Zurich Forensic Institute have already picked up the battery for further investigation in order to determine the actual cause of the incident.
At a factory near the base of Mount Fuji, workers painstakingly assemble transmissions for some of the world’s top-selling cars. The expensive, complex components, and the workers’ jobs, could be obsolete in a couple of decades.
The threat: battery-powered electric vehicles.
Their designs do away with the belts and gears of a transmission, as well as thousands of other parts used in conventional cars. Established suppliers are nervous, especially in Japan, where automaking is a pillar of the economy — and where industrial giants have been previously left behind by technological change.
Hurrah for humans, the apex predator to rule them all. Human Planet rises above the unnerving absence of David Attenborough to pitch a good yarn about homo sapiens and the things people without Netflix do to survive in hostile environments.
The Mornington Peninsula in summertime would have been a good subject for this eight-episode BBC production dating from 2011 but instead this week it veers to the Arctic, where a couple of Greenland Inuit who have never heard of the Portsea Polo are busy catching a 3.6-metre-long Greenland shark, the slow-swimming garbage guts of the frozen north.
Scientists at The University of Manchester have discovered that most people with osteoarthritis can be subdivided into two distinct disease groups, with implications for diagnosis and drug development.
Professor Tim Hardingham, based at The University's Wellcome Trust Centre for Cell-Matrix Research and Division of Cell Matrix Biology and Regenerative Medicine says the team has identified two different patterns of disease activity.
The SpaceX launch of a government spacecraft is reported to have ended in disaster, with the payload burning up in the atmosphere before it reached orbit.
The Linux Mint project has released a guide to address the Meltdown and Spectre bugs offering instructions for users on how they should mitigate the holes in their systems. It explains how to tighten up your web browsers and driver software, as well as providing a status update on when we can expect a patch to the kernel.
The main browser that’s bundled with the operating system is Firefox. The advice is to ensure you update to Firefox 57.0.4, which was released several days ago. As for Chrome and Opera, you should go into the respective flags pages and enable strict site isolation, also called site per process. Google plans to fix the bug next month when it releases the next major edition of Google Chrome. An Opera update will follow.
As promised, Canonical released a few moments ago the new kernel and Nvidia updates to address the Meltdown and Spectre security vulnerability on all supported Ubuntu Linux releases.
The company said last week in a public announcement that it will patch all supported Ubuntu releases against Meltdown and Spectre security vulnerabilities, and the first set of patches are now available in the stable software repositories of Ubuntu 17.10 (Artful Aardvark), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) to address some of these issues.
A security notice was posted on the official Linux Mint blog on January 9, 2017. It informs users of the Linux distribution about the recently discovered security issues in modern processors called Meltdown and Spectre, and how these affect Linux Mint.
The notice contains instructions to protect Linux Mint systems from potential attacks that target the vulnerabilities. It covers web browsers, Nvidia drivers, and the Linux kernel.
The Tails development team announced today the release and general availability of the Tails 3.4 amnesic incognito live system, also known as the anonymous live system.
Tails is a Debian-based live Linux system designed with a single purpose in mind, to hide all your online activity from the prying eyes of the government. For that, it relies on the latest Tor and Tor Browser technologies by allowing users to connect to the Tor anonymous network.
With everything going on in the world these days, it can feel like you are naked when using your computer. If you previously felt safe and secure, these last several years have probably eroded all of your confidence. Between Edward Snowden's revelations and the many vulnerabilities constantly hitting the news, it is tempting to just live in the woods without electricity.
Before you sell your house, buy a tent, and become a nomad, you should consider a Linux distribution the helps you fight back against evil governments, nefarious hackers, and other bad people. Called "Tails," this Linux-based operating system is designed to be run from a live environment, such as on a DVD or flash drive, so you can hide your tracks and enjoy your God-given right to privacy. Today, version 3.4 becomes available and if you are already a Tails user, you should upgrade immediately. Why? Because it includes kernel 4.14.12 which offers fixes for Meltdown and Spectre (partially).
Renowned Linux kernel developer Greg Kroah-Hartman has published an in-depth article on the status of the Meltdown and Spectre patches in the Linux kernel.
As you already know, two severe hardware bugs were unearthed last week as the worst chip flaws in the history of computing. Dubbed Meltdown and Spectre, these security vulnerabilities affect us all, and put billions of devices at risk of attacks by allowing attackers to steal your sensitive data that's stored in kernel memory via locally installed apps or on the Web through malicious scripts.
In another article, I have covered what is Meltdown and Spectre and told you how critical it is for us Linux users. The Linux had been fixed immediately after the two flaws were discovered. But the Ubuntu maintained kernel was not updated against Meltdown and Spectre.
Intel chief executive Brian Krzanich has avoided making any mention of his controversial sale of stock and options in a keynote at the Consumer Electronics Show in Las Vegas, though he did touch on the two vulnerabilities found in most processors produced by the company he heads.
Intel has released an updated microcode patch for Linux-based operating systems to address the Meltdown and Spectre security vulnerabilities.
By now, everyone heard about Meltdown and Spectre, two severe hardware bugs that affect billions of devices, putting them at risk of attacks as unprivileged attackers could steal your sensitive data stored in kernel memory using a locally installed application or via the Internet using malicious scripts. Intel, AMD, and ARM processors are affected by these security exploits.
Linux is considered to be the basis of one of the most secure operating systems around. Out of all the Linux distro options available, Tails is considered to be the most secure. However, due to screwups on behalf of chipmakers, almost all operating systems were affected, including Tails.
Another major security flaw was discovered in Apple's macOS High Sierra 10.13 operating system, which lets anyone accessing the App Store preferences panel with any password if it's locked.
First spotted by MacRumors, there's a bug report about an issue, discovered a couple of days ago by someone and reported on Open Radar, which lets anyone access the App Store panel in System Preferences with literally any password, if the padlock at the bottom left corner is closed and your Mac is unlocked.
Usually, that padlock isn't locked, but its label says "Click the lock to prevent further changes" in the current version of macOS, a.k.a. High Sierra 10.13.2. Locking those settings should prevent someone from disabling automatic updates, as well as installing of new macOS versions, system data files, and security update.
In the wake of Meltdown and Spectre, Intel yesterday released new microcode binaries for Linux systems.
Canonical has released on Wednesday a new Linux kernel update for Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address a regression introduced with yesterday's security patch against the Meltdown vulnerability.
On Tuesday, Canonical published multiple security notices to inform users of the Ubuntu 17.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 ESM operating systems that they can now patch their computers against the Meltdown security vulnerability affecting billions of devices.
Ubuntu Xenial 16.04 users who updated to receive the Meltdown and Spectre patches are reporting they are unable to boot their systems and have been forced to roll back to an earlier Linux kernel image.
The issues were reported by a large number of users on the Ubuntu forums, Ubuntu's Launchpad bug tracker, and Reddit thread. Only Ubuntu users running the Xenial 16.04 series appear to be affected.
For the first time, a malicious Android application built with Kotlin has been discovered in the Google Play store. First noted by Trend Micro researchers in a Tuesday blog post, it's possible that the app has already been downloaded thousands of times.
In late November 2017, it was reported that 17% of the projects in Android Studio were using Kotlin. Because it's becoming easier to convert Java code to Kotlin, and the new language features a null-safety feature that can improve app quality, we'll likely see even more apps developed with the language. However, this also means we could see more malicious apps developed with Kotlin as well.
The Debian Project released updated Linux kernels for Debian GNU/Linux 9 "Stretch" and Debian GNU/Linux 8 "Jessie" operating system series to patch the Meltdown security vulnerability and other issues.
Last week, Debian GNU/Linux 9 "Stretch" users received the Linux kernel patch to mitigate the Meltdown security vulnerability (CVE-2017-5754) that affects billions of devices by allowing attackers to control unprivileged processes and read the memory from random addresses, including the kernel, as well as other processes running on the unpatched machine. To patch the issue, users had to update the kernel to version 4.9.65-3+deb9u2.
Cybersecurity experts believe that a band of experience cybercriminals have created a botnet made of Linux-based systems and is using them to mine Monero, a cryptocurrency.
IBM has outlined a month-long plan to fix datacenter equipment running on its Power CPUs, which the company has now confirmed are vulnerable to the Meltdown and Spectre CPU attacks.
The company today released firmware updates for the Power7+ and Power8 CPUs, with Power9 fixes coming on January 15.
Until now, IBM hadn't fully confirmed its Power systems are affected by the two CPU attacks, though Red Hat said in its January 3 advisory that exploits existed for IBM System Z, Power8, and Power9 systems.
Assange has been holed up in the tiny Ecuadorian embassy in London's Knightsbridge since 2012 to avoid extradition to Sweden over sexual assault charges, which he has denied. The investigation into the WikiLeaks founder was dropped last year. But he remains in self-imposed exile due to fears he could still be arrested by UK police for breaching bail conditions. He claims such an arrest could be followed by extradition to the United States to face espionage charges.
After more than five years holed up in Ecuador’s embassy in London, Wikileaks leader Julian Assange may be wearing out his welcome.
Ecuador is exploring options to resolve his status and is very much interested in mediation by a third party, Foreign Minister Maria Fernanda Espinosa told reporters Tuesday in Quito.
Ecuador is trying to kick Julian Assange out of its London embassy after five years, according to reports.
The WikiLeaks founder has been holed up in the diplomatic building since 2012 when he was granted asylum by Ecuador following sex assault allegations in Sweden, which he denied and were later dropped.
Ecuador’s foreign minister says the country is seeking possible mediation to resolve the case of WikiLeaks founder Julian Assange, who has been in asylum at its London embassy for more than five years.
Maria Fernanda Espinosa said at a news conference on Tuesday that notable asylum cases in recent years have sometimes required mediation by a third country.
Ecuador is working on finding a way for WikiLeaks founder Julian Assange to leave its London embassy after five years.
The South American country is looking for a third-party mediator to help them work out a settlement with Britain regarding Assange, the foreign minister said Tuesday.
Interior has ordered the National Academies of Sciences, Engineering and Medicine to halt two studies that conflict with the administration’s goal of expanding domestic fossil fuel production.
New research by Canadian scientists into the spread of a chemical commonly used in military explosives has confirmed some of the worst fears of U.S. environmental regulators tracking the threat posed by the Pentagon’s handling of its munitions in this country.
The Canadian research analyzed soil and water samples at nine sites where military explosives were detonated between 1990 and 2014, and came up with data about where and in what concentrations the explosive compound known as RDX, a possible human carcinogen, had turned up. Calling RDX “an internationally known problem,” which “has led to an international warning on possible soil, surface water, and groundwater contamination on military training sites,” the research described with actual measurements how RDX floats on the wind and seeps through soils into water supplies.
The researchers took water samples from groundwater at the explosives sites and found that in 26 out of 36 samples, the RDX that had made its way into aquifers exceeded levels considered safe. As a result, the researchers suggest that the data can be used to model RDX contamination at any site where munitions are routinely detonated, and for the first time, give environmental experts a way to quantify how much of it is spreading into surrounding communities.
There’s an old adage in journalism: The most interesting stories aren’t told in the newsroom, they’re the ones that reporters tell each other privately at the bar after work. Shrinking this gap—between what reporters know and what they are allowed to tell the public—amounted to Nick Denton’s founding ethos for his former website Gawker. And it increasingly looks like media gadfly Michael Wolff followed the very same strategy for Fire and Fury, his new, behind-the-scenes account of the chaos, incompetence and dishonesty of the Trump White House.
To be clear, Wolff has a long track record of sloppy reporting, incorrect facts and outright fabulism. This book neatly fits into this canon; in its prologue, it offers a sweeping disclaimer jettisoning much of what would be standard journalistic due diligence. Not surprisingly, mainstream reporters have already found sloppy errors.
What is undeniable, though, is that Wolff sweet-talked his way into Trump’s good graces—and, by extension, the White House—by cannily bashing mainstream media coverage of him last year. As a result, Wolff claims he was able to conduct more than 200 conversations with top Trump White House insiders (he claims to have dozens of hours of recordings), many of whom gave him damning, on-the-record quotes betraying their fear, loathing or some combination of the two for the man currently occupying the Oval Office.
Between flailing over Russia-gate and obsessing over a “tell-all” book, the major U.S. news media continues to miss the more substantive misconduct of the Trump administration, says JP Sottile.
President Trump’s far-right immigration policies have US corporate media reaching to the white nationalist fringes of the faux-think tank world to provide “both sides” coverage on the topic.
The Center for Immigration Studies has, since January 2017, taken an outsized role in American media as Trump’s go-to defender for his overtly white nationalist immigration policies. There’s one problem with this: The Center for Immigration Studies is, according to the Southern Poverty Law Center (SPLC), a hate group with a long, documented history of nativist and white nationalist leanings.
Cook County Assessor Joseph Berrios is facing $41,000 in fines for failing to return campaign contributions from property tax appeals lawyers whose donations exceeded legal limits, according to a pair of new rulings by the county ethics board.
The rulings raise the level of scrutiny on campaign contributions given by appeals lawyers to Berrios, who doubles as chairman of the Cook County Democratic Party and depends heavily on their donations in raising political funds. The action also ignites another high-profile showdown with the county Board of Ethics, with which he previously clashed over nepotism issues.
At the center of the ethics board’s rulings is a 2016 county ordinance stating that donors who seek “official action” with the county may contribute no more than $750 in nonelection years. Attorneys for Berrios are seeking to overturn the rulings, arguing that the county limits are unconstitutional and that higher limits set by state law should apply, among other objections.
President Donald Trump’s son Eric is preparing to capitalize on a windfall he received from his father during the presidential campaign: He’s combining three luxury Manhattan high-rise apartments, one of which he purchased at a throwaway price from his father, into one potentially lucrative penthouse.
In the spring of 2016, Eric Trump got a great deal from his father. He bought two previously unsold condominium apartments at Trump Parc East for just $350,000 each, about half of the price they had recently been listed for.
Such bargain basement sales are usually treated as gifts by the IRS. But they might not have been taxed that way, tax experts said, because of advantages available only to real estate developers.
Last month, Eric transferred ownership of one of the condos — unit 14G — and two other adjacent apartments he owns into a new entity called 100 CPS Penthouse LLC.
Henry Holt is a division of Macmillan (owners of Tor Books, who publish my novels); they're the folks who published Michael Wolff's bestselling Fire and Fury, which has so thoroughly embarrassed Donald Trump that the President of the United States has threatened to sue them.
The Croatian Association of Film Producers and the Society of Croatian Film Directors have sent a letter to the Croatian Radio Television (HRT) concerning the postponement of the broadcast of the Croatian film “The Ministry of Love”, directed by Pavo Marinković, which was co-produced by the public television itself, reports tportal.hr on January 9, 2018.
“The Ministry of Love” was supposed to be broadcast on the HRT2 channel on 4 January 2018, but the broadcast was delayed, which caused concerned by the two film industry associations. The delay was a consequence of protest by war veterans’ associations, which are displeased with the movie’s content.
In China, one study estimated 80% of women had experienced sexual harassment. But as the #MeToo movement has spread across the globe, the Guardian points out that reports from China have been few. Leta Hong Fincher, an expert in feminism in China, told the Guardian she thinks the country's authoritarian government may be the reason why few women have come out under #MeToo, saying censorship may be at play. But as the movement continues into the new year, the Guardian reports stories about sexual harassment and assault are starting to pile up.
The country's entertainment sector is beginning to grapple with sexual harassment in the post-Weinstein era, but cultural barriers like victim shaming, limited legal recourse and the lack of a free press could stand in the way.
For anyone considering filing official complaints of sexual harassment within the Chinese film industry, the 2003 case of actress Zhang Yu is a cautionary tale. As a young woman just starting out in the Beijing-based film industry, Yu claimed that she was pressured into having sex with over a dozen directors with the promise of fame. After filing a number of lawsuits, Zhang provided more than 20 videos and audiotapes to the police, with a number of clips and stills becoming public online. Though it was widely believed that there was enough evidence to prove her case, she still lost her lawsuit and received no compensation. With her career essentially over, Zhang has since disappeared from the public eye.
Last month senior officials at the U.S. Centers for Disease Control and Prevention told staffers to avoid using seven words such as “science-based” and “fetus” in budget-related documents. The backlash was swift and strident; headlines accused the CDC of censoring scientific ideas, of attempting to substitute ideology for truth, of an Orwellian attempt to manufacture an alternate reality under the administration of Donald Trump.
The CDC denies it “banned” any words, and further reporting by The Washington Post cast the “words to avoid” issue as an attempt to make the agency's work more palatable to Republican lawmakers. Even so, the incident provides a telling glimpse of the politicization of the agency's communications. Documents recently obtained via two Freedom of Information Act (FOIA) requests indicate the CDC and other executive branch agencies do, in fact, quietly implement organized strategies to control the flow and tone of scientific information to the press and the public. Moreover, these practices have been in place under both the Trump and Obama administrations. The techniques being used are much more subtle—and sometimes more successful—than mere censorship. Two agencies under the Department of Health and Human Services’ umbrella have erected obstacles to reporters’ access to federal scientists. And by striking backroom deals with favored journalists, press officers try to get reporters to cleave to an official narrative. “They're asking people to be stenographers,” says Ivan Oransky, a health journalist and journalism professor at New York University.
Stories about life in Western Sahara — a disputed territory controlled by the Moroccan government — are rarely told by people who live there.
In a militarized environment with aggressive controls on media and citizen reporting, few stories of Western Sahara reach audiences beyond the immediate region. But a new documentary film that charts one independent media group’s struggle to document human rights violations in Western Sahara has the opportunity to change this.
The film, 3 Stolen Cameras, had its world premiere at the DOK Leipzig Documentary Film Festival in Germany last November, despite threats of censorship and funding challenges.
Yesterday afternoon, the official Twitter account of Brazil’s Federal Police (its FBI equivalent) posted an extraordinary announcement. The bureaucratically nonchalant tone it used belied its significance. The tweet, at its core, purports to vest in the federal police and the federal government that oversees it the power to regulate, control, and outright censor political content on the internet that is assessed to be “false,” and to “punish” those who disseminate it. The new power would cover both social media posts and entire websites devoted to politics.
“In the next few days, the Federal Police will begin activities in Brasília [the nation’s capital] by a specially formed group to combat false news during the [upcoming 2018 presidential] election process,” the official police tweet stated. It added: “The measures are intended to identify and punish the authors of ‘fake news’ for or against candidates.” Top police officials told media outlets that their working group would include representatives of the judiciary’s election branch and leading prosecutors, though one of the key judicial figures involved is the highly controversial right-wing Supreme Court judge, Gilmar Mendes, who has long blurred judicial authority with his political activism.
It was with an extremely heavy heart that we recently learned our friend and former colleague James Dolan—one of the co-creators of SecureDrop and Freedom of the Press Foundation’s first full time employee—took his own life over the holidays. He was 36.
The DHS made two significant announcements late last week, both dealing with the CBP's warrantless searches of electronic devices at the border. The first was a bit of info, showing the exponential increase in device searches in 2016 (jumping from 5,000 in 2015 to 20,000 in 2016) is part of a trend, rather than an anomaly. Searches increased another 59% in 2017, rising to 30,200 total.
The DHS and CBP also released statements justifying the ongoing increase in warrantless searches.
If you remember a few years ago, there was ample hysteria and hand-wringing in Congress regarding Huawei's plan to compete in the American cell phone and network hardware business. But despite near-constant claims by certain lawmakers that Huawei was an intelligence proxy for the Chinese government, numerous, multi-year investigations found absolutely no evidence to support this conclusion. That of course didn't stop certain parties from repeatedly insisting that Huawei was a Chinese government spy, since we all know that in the post-truth era, what your gut tells you is more important than empirical evidence.
Never mind that almost all U.S. network gear is made in (or comprised of parts made in) China. Never mind that obviously NSA allegations show the United States spies on almost everyone, constantly. Never mind that reports have emerged that a lot of the spy allegations originate with Huawei competitor Cisco, which was simply concerned with the added competition. Huawei is a spy. We're sure of it. And covert network snooping is bad. When China does it.
GCHQ tried to open up a privileged channel of communication with the oversight commissioner responsible for monitoring its activities, according to letters released in a surveillance court case.
The government’s monitoring agency in Cheltenham wrote to Sir Adrian Fulford, the investigatory powers commissioner, asking if an “appropriate process or protocol” could be set up to “better liaise” with his office.
The initiative comes amid legal challenges at the investigatory powers tribunal (IPT) brought by Privacy International, Liberty and others over legal safeguards governing the interception and retention of emails and digital data.
GCHQ said in the letter, sent in November, that it did not wish to undermine Fulford’s independence or prejudice court hearings, but it suggested exploring whether “there may be appropriate options for resolving any factual issues which may exist in relation to evidence currently before the IPT”.
Indian authorities have asked the police to investigate The Tribune newspaper and one of its reporters after the publication of a report that claimed personal details of Indian citizens, submitted to the country's Aadhaar authority, were being sold cheaply online.
With major NSA surveillance authorities set to expire later this month, House Republicans are rushing to pass a bill that would not only reauthorize existing powers, but also codify into law some practices that critics have called unconstitutional.
The bill takes aim at reforming how federal law enforcement can use data collected by the National Security Agency, putting a modest constraint on when the FBI can conduct so-called backdoor searches of Americans’ communications. But because such searches make use of a legal loophole, critics say the current bill may do more harm than good by explicitly writing the practice into law.
It’s the NSA’s most cherished mass-surveillance law, albeit one civil libertarians consider dubiously constitutional. And the chairman of the House Intelligence Committee helped jeopardize its renewal, The Daily Beast has learned—by resurrecting a pseudo-scandal of his own invention.
In recent months, congressional negotiators have been working on a bill codifying an umbrella of mass-surveillance activities known as Section 702 of the Foreign Intelligence Surveillance Act. The authorization for those activities is due to expire in a matter of days.
In attempting to both appease the intelligence community and ostensibly roll back its powers, lawmakers are making a mockery of the reform effort.
Matt Hancock, the new culture and digital secretary, said: “We are strengthening Britain’s data protection laws to make them fit for the digital age by giving people more control over their own data. This amendment will safeguard our world-leading cybersecurity researchers to continue their vital work to uncover abuses of personal data.”
Deyshia Hargrave is an English teacher at Rene Rost Middle Schools in Vermilion Parish, Louisiana; on Monday night, she attended a special meeting of the local school board and, when called upon comment period, politely asked why the board superintendants had voted themselves a raise while the teachers in the school district have been subjected to a long-term pay-freeze. The superintendent ruled her question out of order and then a deputy Abbeville city marshal who works in the parish schools dragged her out of the room, put her in handcuffs and threw her to the floor while chanting "stop resisting."
A jury has shrugged its shoulders in response to a farcical effort by local publicity hounds/drug warriors to score a 4/20 marijuana bust, only to end up with a handful of garden supplies and violated rights. The lead-up to the bungled raid of Robert and Addie Harte's house included a law enforcement agency hoping to bury the previous year's 4/20 raid failure (in which tomatoes were seized), a state trooper compiling a freelance database of garden store visitors, two field drug tests that identified tea leaves as marijuana, and a whole lot of might-makes-right drug warrioring.
By the time it was over, the Hartes had been held at gunpoint for two hours while the sheriff's department desperately tried to find something illegal in their home. Nothing was found and the Hartes sued the law enforcement agency. The district court said this was fine: officers should be able to rely on the results of field drug tests, even when said field drug tests are notoriously fallible.
Attorney General Jeff Sessions and senior White House advisor Jared Kushner will officially launch a listening session on prison reform, Axios reported Wednesday.
Kushner, President Donald Trump’s son-in-law, has been quietly exploring the issue for six months.
Policy solutions have yet to be unveiled.
The CRA resolution faces dim prospects in the House and would likely be vetoed by President Trump even if it passes both chambers of Congress. But Democrats want a vote in the Senate to force Republicans to go on the record for or against net neutrality rules. Polls show that net neutrality rules have majority support from both Democratic and Republican voters, and it could be a prominent campaign issue in the congressional elections this year.
A Senate bill that would stop the Federal Communications Commission’s effort to repeal net neutrality has won its first Republican backer on Tuesday, with Sen. Susan Collins
After Trump FCC Chairman Ajit Pai killed Net Neutrality -- a deed so indefensible he literally won't defend it -- activists announced their intention to pressure 30 Senators into calling for a vote to overturn it.
When the FCC delivers the final rules to Congress, Markey’s CRA will provide a focus for intensive lobbying of senators of both parties and every idealogical tendency to reverse the damage done by the FCC.
In fact, AMP keeps users within Google's domain and diverts traffic away from other websites for the benefit of Google. At a scale of billions of users, this has the effect of further reinforcing Google's dominance of the Web.
CRISPR-Cas9 have been reported on and discussed in a plethora of different articles, journals, and blog posts. At the moment it is one of the most central focuses in the conversation on medical advancement and the ethical lines that must be drawn within this field.
What generally doesn’t make as many headlines, however, is the the ongoing battle for intellectual property rights to the groundbreaking medical technology. Can you prove ownership of gene editing technology?
Moreover, could there be costs to this patent war given the nature of the technology?
We had just been talking about the brewing trademark civil war set to break out across the country in the comics conventions space, with Yakima Central City Comic Con choosing not to react to the fiasco of a court case that saw San Diego Comic-Con enforce its trademark against a convention in Salt Lake City. Their decision, publicly revealed relatively soon after the court case outcome, indicated that some comic conventions take the view that SDCC's trademark is invalid for any number of reasons and that they can simply wait for the Salt Lake Comic Con's attempt to invalidate SDCC's trademark to shake out. These would be conventions deciding not to freak out just because one bully got one win.
But of course that stance could never be universal among all comic conventions in America and now we have our first convention deciding to show everyone what a chilling effect trademark bullying can have. The previously-named Phoenix Comicon has announced it will be rebranding as the Phoenix Comic Fest, with the company behind the convention, Square Egg Entertainment, providing only the thinnest of veils over its reasoning for the change.
Last week, in writing about how this should be the last year (for forty straight years) that no old works have moved into the public domain in the US due to repeated copyright term extensions, I noted that there did not appear to be much appetite among the usual folks to push for term extension. Part of this is because the RIAAs and MPAAs of the world know that the fight they'd face this time would be significantly more difficult then when they pushed through the Sonny Bono Copyright Term Extension Act 20 plus years ago. Not only do they know it would be more difficult, they know that they'd lose. Unlike last time, this time the public is paying attention and can mobilize on the internet.
Indeed, we were surprised a few years back when then Copyright Office boss, Maria Pallante -- who has long pushed for copyright maximalism in many different areas -- suggested one tiny aspect of potential copyright reform could be to make the last twenty years (the life plus 50 to life plus 70 years) sort of optional. Even this very, very minor step back from the idea of automatic life plus 70 years (or more!) was fairly astounding for what it represented. Copyright interests have never been willing to budge -- even an inch, and here was a tiny inch that they indicated they were willing to give up.
A federal court in Florida has signed a default judgment against more than two dozen relatively small pirate sites. The order grants media conglomerate ABS-CBN ownership of the associated domain names. In addition, it can keep the sites' previously seized advertising revenue from networks including Google Adsense and MGID.
Representatives from platforms thought to include Google, Facebook and Twitter will meet with five EU Commissioners today to discuss progress in tackling the spread of illegal content online. While focus is being placed on terrorist propaganda and hate speech, intellectual property rights infringements are also high on the agenda.
Twenty-First Century Fox's Fox Sports is partnering with Twitter to stream a live show and Snap Inc's Snapchat to showcase stories with match-day highlights on the FIFA World Cup soccer tournament to be hosted in Russia later this year.