Bonum Certa Men Certa

Links 5/4/2018: Mesa 17.3.8 and WordPress Patches

GNOME bluefish



  • Containerization, Atomic Distributions, and the Future of Linux
    Linux has come a long way since Linus Torvalds announced it in 1991. It has become the dominant operating system in the enterprise space. And, although we’ve seen improvements and tweaks in the desktop environment space, the model of a typical Linux distribution has largely remained the same over the past 25+ years. The traditional package management based model has dominated both the desktop and server space.

    However, things took an interesting turn when Google launched Linux-based Chrome OS, which deployed an image-based model. Core OS (now owned by Red Hat) came out with an operating system (Container Linux) that was inspired by Google but targeted at enterprise customers.

  • The Slimbook Curve is a Stunning All-in-One Linux PC
    Yodel an aloha to the Slimbook Curve — an all-in-one Linux PC with an alluring curved edge-to-edge display.

    Call me old fashioned but I’m (still) a huge fan of desktop computers. I like having something big and bulky on my desk, purring away, helping me crunch through whatever workload I’m trying to avoid tackle.

    So all-in-one PCs are very much up my street — and when they run Linux out of the box, even better!

    Spanish computer company Slimbook, who make the KDE Slimbook pre-loaded with KDE Neon, has pulled the shrink wrap off of its new all-in-one desktop Linux PC.

  • Google’s 5 years of support for older Chromebooks is starting to be a problem

    When Google announced a few years ago that it would offer at least 5 years of software updates for Chromebooks and Chromeboxes, that seemed like good news. After all, most Android phones only get updates for a year or two, if that.

    But compared to Windows and OS X, that 5 year lifespan is pretty short… especially since the clock starts ticking the day a Chromebook is released, not the day that you actually buy it.

  • Linux Needs Deep Pockets
    I love the operating systems revolving around the Linux Kernel. I think it’s amazing that something so good comes to the world so cheap or mostly free. You can do tremendous work on this platform, so it begs the question: Why aren’t more people using it? Here are the known benefits:

  • Desktop

    • Ubuntu 18.04 Will No Longer Do Automatic Suspend By Default Unless On Battery
      Last month I wrote how Ubuntu 18.04 began enabling "automatic suspend" by default on new installations where after 20 minutes systems were suspending without notice and in some cases still causing issues trying to resume with modern x86 hardware in 2018... Fortunately, Ubuntu developers are reverting that behavior when on AC power.

    • Intel Has Been Working To Improve Linux Suspend/Resume, Calls For More Testing
      With Linux suspend/resume support still sometimes being problematic, it's great to hear Intel's Open-Source Technology Center has a team working on continuing to improve the Linux support for this power-saving functionality.

      Zhang Rui and Yu Chen of the Intel OTC Kernel Power team has published a brief whitepaper about their work and methodology to testing Linux suspend/resume performance.

  • Audiocasts/Shows

    • EzeeLinux Show 18.14 | Do You Really Need To Upgrade?
      With all the fuss about Ubuntu 18.04 and it’s many children coming along, you may be wondering if you should upgrade. Let’s chat about it.

    • VIDEO: When Linux Demos Go Wrong
      Full disclosure; this is an edited version of a live broadcast. You've heard me say it, and warn you about it. On this occasion, I decided it would be fun to take you through a tour of Linux based music player applications. To get said music on my system, I was also going to show you how to rip music from CDs using various applications. That's when things fell apart and my desktop lost track of the CD hardware. I do recover however and the whole thing does make for an interesting exercise in trying to figure out just what the heck went wrong so I can fix it before I submit to the growing panic. Because things went horribly wrong, at least for a while, I had to reboot my system which meant the show was suddenly in multiple parts. In assembling said parts into a semi-coherent whole, I may have added things here and there.

    • Facebook Data Collection – Unleaded Hangouts
      Facebook Data Collection. Should we stop using it? If we continue to use Facebook, what can be done to minimize the privacy impact – does it even matter? We discuss.

    • Next DevNation Live: Test Smarter and Gain Some Time Back, April 5th, 12pm EDT

  • Kernel Space

    • Linux kernel lockdown and UEFI Secure Boot
      David Howells recently published the latest version of his kernel lockdown patchset. This is intended to strengthen the boundary between root and the kernel by imposing additional restrictions that prevent root from modifying the kernel at runtime. It's not the first feature of this sort - /dev/mem no longer allows you to overwrite arbitrary kernel memory, and you can configure the kernel so only signed modules can be loaded. But the present state of things is that these security features can be easily circumvented (by using kexec to modify the kernel security policy, for instance).

      Why do you want lockdown? If you've got a setup where you know that your system is booting a trustworthy kernel (you're running a system that does cryptographic verification of its boot chain, or you built and installed the kernel yourself, for instance) then you can trust the kernel to keep secrets safe from even root. But if root is able to modify the running kernel, that guarantee goes away. As a result, it makes sense to extend the security policy from the boot environment up to the running kernel - it's really just an extension of configuring the kernel to require signed modules.

      The patchset itself isn't hugely conceptually controversial, although there's disagreement over the precise form of certain restrictions. But one patch has, because it associates whether or not lockdown is enabled with whether or not UEFI Secure Boot is enabled. There's some backstory that's important here.

    • Btrfs Updates Sent In For The Linux 4.17 Kernel
      David Sterba sent in the Btrfs file-system updates today for the Linux 4.17 kernel merge window.

    • XFS Gets Lazy Time Support In Linux 4.17, Other Improvements
      Darrick Wong has submitted the XFS file-system updates targeting the Linux 4.17 kernel. It's a bit lighter than 4.15 and 4.16 that brought "great scads of new stuff", but there still is a fair amount of feature work taking place.

    • Linux 4.17 Kicks Off Another Busy Cycle
      It's been just about twenty-four hours that Linus Torvalds has been accepting new material for the Linux 4.17 mainline kernel and it's looking indeed like it will be another very busy kernel update.

      Aside from the prominent pull requests issued so far among other early Linux 4.17 coverage on Phoronix, below is a collection of a few other pulls worth pointing out from yesterday but weren't large enough to each warrant their own article.

    • IBM s390 Continues Working On Spectre Defense With Linux 4.17, VirtIO GPU Emulation
      With the Linux 4.17 kernel the s390 architecture updates include more mitigation work around the Spectre Variant One and Two vulnerabilities.

    • Torvalds Expresses Concerns Over Current "Kernel Lockdown" Approach
      The kernel lockdown feature further restricts access to the kernel by user-space with what can be accessed or modified, including different /dev points, ACPI restrictions, not allowing unsigned modules, and various other restrictions in the name of greater security. Pairing that with UEFI SecureBoot unconditionally is meeting some resistance by Linus Torvalds.

      This thread is what has Linus Torvalds fired up today.

    • USB Type-C Improvements On The Way To The Linux 4.17 Kernel
      The Linux 4.17 kernel is bringing further improvements to USB Type-C support.

      USB Type-C work queued for entering the Linux 4.17 kernel includes the promotion of more code from staging to the kernel tree proper, alert and status message handling within the Type-C Port Manager "TPCM" code, various improvements to the Rockchip Type-C driver, new Type-C switch/mux and usb-role-switch functions, a Pericom PI3USB30532 cross switch driver, an API for being able to control USB Type-C multiplexers, and other improvements.

    • SPARC ADI, SELinux SCTP & New BMC Server-Side Driver For Linux 4.17
      The Linux 4.17 kernel cycle is in full swing with many large pull requests pending.

    • Linux 4.16 launches
      Just over a week ago, Linus Torvalds said that the release of Linux 4.16 could take place on Sunday April 1. Ignoring the fact that April Fool's day is a terrible day to do just about anything, he made good on his promise.

      As predicted, there was no RC8 of the kernel, and Torvalds notes that the final release is very similar to RC7. In a post to the Linux Kernel Mailing List, he also said that the merge window for 4.17 is open, but for now, the focus is on 4.16.

    • RISC-V Support Continues Maturing Within The Mainline Linux Kernel
      The initial RISC-V architecture support landed in Linux 4.15 and now this open-source, royalty-free processor ISA is seeing further improvements with the Linux 4.17 cycle.

      Improvements for RISC-V with the newly in-development Linux 4.17 kernel include support for dynamic ftrace, clean-ups to their atomic and locking code, module loading support is now enabled by default, and other fixes.

      The complete list of RISC-V patches for Linux 4.17 can be found via today's pull request.

    • Linux 4.17's Staging Area Loses Some Weight
      While the Linux 4.17 kernel is getting much larger in some areas like the sizable additions to DRM this cycle, when it comes to the kernel's staging area where new/experimental code gets vetted before being officially mainline, it's lost tens of thousands of lines of code this cycle.

      For the 4.17 merge window, the staging area adds in 27,014 lines of code but drops 91,104 lines of code -- or a net loss of about 64 thousand lines of code. This loss comes with some old code being deleted include the CCREE crypto, FSL-DPAA2, IRDA, and other bits. The FSL-MC code meanwhile was promoted out of staging and the MT7261 platform has staging support for DMA, DTS, ETH, GPIO, PCI, PINCTRL, and SPI.

    • Linux Foundation

      • Free Nitrokey cryptographic cards for kernel developers
        The Linux Foundation and Nitrokey have announced a program whereby anybody who appears in the kernel's MAINTAINERS file or who has a email address can obtain a free Nitrokey Start crypto card. The intent, of course, is that kernel developers will use these devices to safeguard their GnuPG keys and, as a result, improve the security of the kernel development process as a whole.

      • Nitrokey digital tokens for kernel developers
        The Linux Foundation IT team has been working to improve the code integrity of git repositories hosted at by promoting the use of PGP-signed git tags and commits. Doing so allows anyone to easily verify that git repositories have not been altered or tampered with no matter from which worldwide mirror they may have been cloned. If the digital signature on your cloned repository matches the PGP key belonging to Linus Torvalds or any other maintainer, then you can be assured that what you have on your computer is the exact replica of the kernel code without any omissions or additions.

      • ONAP, CNCF Come Together on Containers
        ONAP and Kubernetes, two of the fastest growing and in demand open source projects, are coming together at Open Networking Summit this week. To ensure ONAP runs on Kubernetes in any environment, ONAP is now a part of the new Cross-Cloud CI project that integrates, tests and deploys the most popular cloud native projects.

      • OpenShift Commons Briefing: OpenContrail (now Tungsten Fabric) Update with DP Ayyadevara (Juniper)
        In this briefing, DP Ayyadevara, Savithru Lokanath and Vinay Rao from Juniper Networks provide an update to the Juniper Contrail and OpenShift integration. We discussed an application build environment use case along with support for Network Policies leveraging Contrail Security integration. Contrail Security helps minimizes risk to the applications that run in multi-cloud environments. It discovers application traffic flows and drastically reduces policy proliferation across different environments. Contrail Security can also be used for easy monitoring and troubleshooting of inter- and intra-application traffic flows. We also touched on the re-branding of OpenContrail to Tungsten Fabric and the road ahead for the open source project itself.

      • Open Standards, Open Source Come Together With New Tech-World Partnership
        The open-source-focused Linux Foundation is teaming with TM Forum, a communications technology industry group that has upped its open standards game in recent years.

        With a new partnership, the world of telecom is jumping into the world of open source with both feet.

        Last month, TM Forum, an association that represents communications service providers (CSPs) as they interact in the digital supply chain, announced it would team with the Linux Foundation, the nonprofit best known for shepherding its namesake, the open-source operating system on which the modern internet is largely built.

        The foundation is also known as a key steward of major open-source projects, and with the partnership, TM Forum will boost its open-source game, a change advocated by the CSPs it represents.

    • Graphics Stack

      • The Big DRM Pull Request Made It Into Linux 4.17
        Last week David Airlie sent in the big DRM feature update for Linux 4.17 prior to going on holiday. For those wondering whether there was going to be any drama with the DRM updates increasing the size of the Linux kernel by another one hundred thousand lines of code, in large part due to Vega 12 header additions, Linus pulled it in without any fuss.

      • AMDGPU DC Begins Reworking FreeSync Module
        The latest batch of AMDGPU DC display code patches were posted last night on the mailing list. These 32 patches touching around three thousand lines of code have more fixes and also work on the FreeSync module.

        When it comes to the FreeSync module they have been reworking it to better jive with the atomic mode-setting model. Unfortunately though no word on when all of the FreeSync bits will be settled in full for allowing users a pleasant out-of-the-box open-source experience if having a modern Radeon GPU paired with a FreeSync-capable monitor. At least the big item is now in place with Linux 4.17 where AMDGPU DC is enabled by default for all supported GPUs, so hopefully it won't be much longer before the remaining bits are squared away.

      • mesa 17.3.8

        In NIR we have a couple of patches to fix a crash when unrolling loops, as well as a fix for per_vertex_output intrinsic.

      • Mesa 17.3.8 Released With A Handful Of Fixes
        For those waiting until v18.0.1 before upgrading to the Mesa 18.0 series, Mesa 17.3.8 is now available as the latest release off this stable series from the end of 2017.

      • AMDVLK Updated With Fresh Batch Of Fixes
        It's roughly once a week that AMD updates their external and public facing AMDVLK/PAL source tree for this open-source Radeon Vulkan driver while following last week's significant update with Wayland support and more, they have quickly issued another update to this RADV driver alternative.

      • RADV Vulkan Driver Lands Out-of-Order Rasterization Support, Small Performance Boost
        The Mesa-based RADV Vulkan driver has landed initial support for out-of-rasterization support, but it's currently disabled by default.

        Back in 2016 AMD developers introduced the VK_AMD_rasterization_order extension for out-of-order rasterization handling. This VK_AMD_rasterization_order extension has been present since Vulkan 1.0.12 and has already been supported in AMDGPU-PRO.

    • Benchmarks

      • POWER9 Benchmarks vs. Intel Xeon vs. AMD EPYC Performance On Debian Linux
        For several days we've had remote access to one of the brand new Raptor Talos II Workstations that is powered by POWER9 processors and open-source down through the firmware. For those curious how these latest POWER processors compare to AMD EPYC and Intel Xeon processors, here are some benchmarks comparing against of the few other systems in house while all testing was done from Debian GNU/Linux.

  • Applications

  • Desktop Environments/WMs

    • dwm: A Minimalist Tiling Window Manager For Linux
      Tiling window managers have several advantages over their more popular cousins such as Gnome, KDE, XFCE, or Fluxbox. The feature of this post, dwm, takes these advantages to their most extreme.

      While most tiling managers strive to be lightweight, dwm keeps itself on a starvation diet of 2000 lines of code or fewer. All its configuration is done when it’s compiled, so it doesn’t read a runtime configuration file. It uses tags (the numbers 1 through 9), rather than arbitrarily-named window spaces, to group programs together. It can also be run entirely with keyboard commands, though it does incorporate mouse support for selecting and dragging windows when appropriate.

    • K Desktop Environment/KDE SC/Qt

      • KDE Connect – Tips, Tricks and Misconceptions
        Since my first blog post we got an huge amount of feedback and it’s amazing to see that you are as excited about KDE Connect as we are. This way I want to say “Thank you” for all your kind words and tell you that this kind of positive feedback is what keeps us going.

        I would also like to share some tips and tricks about KDE Connect that you might not know yet, but first I would like to clear up a common misconception.

      • [Slackware] New package for qbittorrent, now based on Qt5
        Not related per se to the fall-out of last weekend’s update to the icu4c and poppler packages, my qbittorrent package for slackware-current had stopped working sometime ago – caused by an update in -current of the boost package on which the torrent library depends.

        I needed to update qbittorrent too therefore, after having taken care of the icu4c/poppler breakage. The thing is, I had tried to delay the switch in qbittorrent from Qt4 to Qt5 for as long as possible. The ‘new’ 4.x series of qbittorrent have a hard dependency on Qt5, and Qt4 is no longer supported. So I bit the bullet and made packages for bittorrent-4.0.4 and its dependency, libtorrent-rasterbar-1.1.6. Since the program uses Qt5 now, the dependencies have changed. If you were running qbittorrent 3.x on slackware-current previously then you have to ensure that you have libxkbcommon, qt5 and qt5-webkit packages installed now.

      • Kraft Version 0.80 Released
        I am happy to announce the release of the stable Kraft version 0.80 (Changelog).

        Kraft is desktop software to manage documents like quotes and invoices in the small business. It focuses on ease of use through an intuitive GUI, a well choosen feature set and ensures privacy by keeping data local.

        After more than a dozen years of life time, Kraft is now reaching a new level: It is now completely ported to Qt5 / KDE Frameworks 5 and with that, it is compatible with all modern Linux distributions again.

        KDE Frameworks 5 and Qt5 are the best base for modern desktop software and Kraft integrates seamlessly into all Linux desktops. Kraft makes use of the great KDE PIM infrastructure with KAddressbook and Akonadi.

      • Proposed design for mobile network settings
        While thinking of design, i looked on biggest “competitors” on mobile OS market – Android and iOS. Mainly i am taking design ideas from Android, since i am thinking it has good proportion between usability and functionality, while i am studying/following KDE Human Interface Guidelines, and as recommended i am using Kirigami 2 framework, which implement most of HIG rules by itself.

      • Templates to create your own Plasma Wallpaper plugin

    • GNOME Desktop/GTK

      • Diplomatic Munity - Lethal Gnome 2
        Several things: MATE 1.20 looks way better on Bionic than my early test. A little bit of customization goes a long way, and there's still more room for improvement. Then, Munity, with its Dash and HUD and whatnot, is a smart and practical nod toward Ubuntu and Unity, and it's way better than Gnome 3. Brings MATE up to modern levels, and it easily achieves parity.

        I am quite happy with what MATE is going to bring us, and the 18.04 LTS test might actually prove to be a very sensible and fun distro, with goodies, practicality, speed, and efficiency blended into one compact and solid package. Bugs are to be ironed, for they are Devil's work, and MATE can benefit from extra bling bling. But then, from a bland sub-performer to a nifty desktop, with tons of options and features. Takes some fiddling, and not everything is easily discoverable, but the road to satisfaction is a fairly short and predictable one. Munity is a cool, cool idea, and I'm looking forward to Bionic's official release. Take care.

      • [Slackware] GNOME Library Stack Update

  • Distributions

    • Clear Linux Shedding More Light On Their "Magic" Performance Work
      If you have been a Phoronix reader for any decent amount of time, you have likely seen how well Intel's Clear Linux distribution continues to run in our performance comparisons against other distributions. The developers behind this Linux distribution have begun a new blog series on "behind the magic" for some of the areas they are making use of for maximizing the out-of-the-box Linux performance.

      Their first post in their "behind the magic" series is on transparent use of library packages optimized for Intel's architecture... While they are optimizing for their own hardware as one would expect, let's not forget, Clear Linux does run on AMD hardware too; they are not doing any voodoo magic, which is why it pains me that more Linux distributions have not taken such a stance for better out-of-the-box speed. In fact, it runs on AMD hardware darn well as we have shown with our Ryzen and EPYC benchmarks. Obviously Intel tweaks their software packages for their own x86_64 CPUs, but even when testing on the AMD hardware Clear Linux tends to perform the best in terms of out-of-the-box performance and that Intel isn't doing anything to sabotage the performance otherwise.

    • New Releases

    • Arch Family

      • 10 Reasons to Install an Arch Linux-Based OS on Your PC
        Arch Linux is one of the most popular Linux operating systems (also known as distributions) around, as are the easier-to-install distros that are based on Arch, such as Manjaro and Antergos.

        Whether you’re thinking of installing each component manually or downloading a pre-built Arch-based desktop, here are ten reasons to embrace the Arch ecosystem.

    • Red Hat Family

    • Debian Family

      • Derivatives

        • Canonical/Ubuntu

          • Canonical Outs Major Kernel Update for Ubuntu 17.10 to Fix 22 Vulnerabilities
            According to the security advisory, a total of 22 security vulnerabilities were patched in this new kernel update, including several use-after-free vulnerabilities in Linux kernel's ALSA PCM subsystem, network namespaces implementation, a race condition in the OCFS2 filesystem implementation, as well as a race condition in loop block device implementation.

            Issues were also fixed Linux kernel's KVM implementation, HugeTLB component, HMAC implementation, netfilter component, keyring implementation, the netfilter passive OS fingerprinting (xt_osf) module, the Salsa20 encryption algorithm implementation, the Broadcom NetXtremeII Ethernet driver, Reliable Datagram Socket (RDS) implementation, and the usbtest device driver.

          • Ubuntu Community Theme in Action
            One of the proposed new features in Ubuntu 18.04 was the brand new Community Theme, called Communitheme. As the name suggests, the Community Theme is being developed by the community i.e. volunteers across the globe.

            This new Communitheme uses Adwita theme (GNOME’s default theme) as its base and looks similar to Ubuntu’s own Ambiance theme. Ubuntu Touch inspired Suru is the icon theme here.

          • Ubuntu Server development summary – 4 April 2018

          • LXD weekly status #41

            The highlight for this week is the release of LXD, LXC and LXCFS 3.0!

            Those 3 releases are LTS releases and will be supported for the next 5 years.

          • Git-to-k8s automation for on-prem container deployments

          • Dustin Kirkland: I'm Joining the Google Cloud Team!
            A couple of months ago, I reflected on "10 Amazing Years of Ubuntu and Canonical". Indeed, it has been one hell of a ride, and that post is merely the tip of the proverbial iceberg...

            The people I've met, the things I've learned, the places I've been, the users I've helped, the partners I've enabled, the customers I've served -- these are undoubtedly the most amazing and cherished experiences of my professional career to date.

          • Flavours and Variants

            • Hands-On with System76's New Installer for Ubuntu-Based Pop!_OS Linux 18.04
              System76's engineers worked with the elementary OS team on the new Pop!_OS Linux installer, which is now finally available for public testing. Today we take a first look at the new graphical installer in Pop!_OS Linux 18.04, so we can show you how it stands compared to other GNU/Linux distributions.

              Pop!_OS Linux 18.04 LTS is available to download only for 64-bit systems with either Intel/AMD or Nvidia GPUs. The live ISO images can be either installed on your local disk drive or used as is, directly from the bootable medium. When running the ISO, you'll first be asked to select the system language and keyboard layout.

            • Linux Mint vs. MX Linux: What's Best for You?
              For the past few years, Linux Mint has been unstoppable in terms of attracting new users. I honestly never really understood its appeal over Ubuntu MATE. However, the fact remains that the Cinnamon desktop seems to be a large part of its appeal.

              Recently I had the pleasure of discovering another desktop distro that is aimed at newer uses. It's lightning fast, and offers fantastic support for features that newer Linux users are usually looking for. This distro is called MX Linux and it's latest release is called MX 17.

  • Devices/Embedded

Free Software/Open Source


  • visitor statistics

    For April Fools day, turned into an phpBB-like forum. This also allowed for setting external images as forum signatures, which i did make use of. After the whole thing was over, i grabbed the webserver logs and [...]

  • Latest macOS Update Disables DisplayLink, Rendering Thousands of Monitors Dead

  • Hardware

    • Intel sheds Wind River
      Nine years after Intel announced it was acquiring Wind River Systems for $884 million, the chipmaker quietly sold its software subsidiary to investment firm TPG for an undisclosed sum. Although in recent years, Intel had begun to integrate the Wind River into its Open Source Group, the subsidiary is returning to its status as an independent software company, this time backed by TPG. Current Wind River President, Jim Douglas, and his executive management team will stay on, and Intel says it will continue to collaborate with Wind River once the acquisition is closed later this quarter.

    • For Apple, Quitting Intel Won't Come Easy

      As Gurman reports, Apple hopes to replace the x86 Intel architecture that its Macs have used for over a decade with ARM-based chips, like those that power the iPhone. That transition would pose at least two hurdles, both fairly high.

  • Health/Nutrition

  • Security

    • Security updates for Tuesday

    • Reproducible Builds: Weekly report #153

    • WordPress 4.9.5 Security and Maintenance Release

      WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

    • Richard Stallman's Privacy Proposal, Valve's Commitment to Linux, New WordPress Update and More
      Richard Stallman writes "A radical proposal to keep personal data safe" in The Guardian: "The surveillance imposed on us today is worse than in the Soviet Union. We need laws to stop this data being collected in the first place."

      WordPress 4.9.5 was released yesterday. This is a security and maintenance release, and it fixes 28 bugs, so be sure to update right away. To download or view the changelog, go here.

    • Security updates for Wednesday

    • EXT4 Gets Extra Protection Against Maliciously Crafted Container Images
      Given the booming popularity of Linux containers, it's little surprise but unfortunate that Linux file-systems are having to protect against specially-crafted file-system images by malicious actors looking to exploit vulnerabilities in the code.

      Ted Ts'o today sent in the EXT4 Linux file-system updates and it's mostly mundane maintenance work with no major features this cycle. He did note of the bug fixes to protect against potentially malicious EXT4 file-system images.

    • Walden seeks to bolster cybersecurity on Linux open source software system
      U.S. Rep. Greg Walden (R-OR) has asked the head of The Linux Foundation to explain the nonprofit’s efforts around securing the open source software (OSS) ecosystem against vulnerabilities that could make the sensitive information of hundreds of millions of users vulnerable to cyber attacks.

      “As the last several years have made clear, OSS is such a foundational part of the modern connected world that it has become critical cyber infrastructure. As we continue to examine cybersecurity issues generally, it is therefore imperative that we understand the challenges and opportunities the OSS ecosystem faces, and potential steps that OSS stakeholders may take to further support it,” wrote Rep. Walden, chairman of the U.S. House Energy and Commerce Committee, and U.S. Rep. Gregg Harper (R-MS), chairman of the panel’s Subcommittee on Oversight and Investigations.

    • Better Cyber Security Problematic, Says US Financial Industry: Power Struggle Over Encryption
      A decision to keep third party listeners out of communications on the internet taken by the Internet Engineering Task Force (IETF) at their recent meeting in London elicited an alarmist message from the US financial industry. The premier internet standardisation body would provide “privacy for crooks,” and practically prohibit “bank security guards from patrolling and checking particular rooms” online, BITS, the technology division of the Financial Services Roundtable, argued in a press release last week. Has standardisation gone rogue?

    • Confirmed: Intel Will Not Patch Spectre And Meltdown Flaw In Older Processors
      Intel has published a microcode update guidance that confirms that it won’t be patching up the Spectre and Meltdown design flaws in all of its processors — mostly the older ones.

      The company has rolled out microcode updates to fix the Spectre v2 vulnerability for many of its processors going back to the second generation Core (Sandy Bridge).

  • Defence/Aggression

  • Transparency/Investigative Reporting

    • Nearly 100 Public Interest Organizations Urge Council of Europe to Ensure High Transparency Standards for Cybercrime Negotiations
      EFF along with 93 civil society organizations from across the globe today sent a letter to the Secretary General of the Council of Europe, Thorbjørn Jagland. The letter requests transparency and meaningful civil society participation in the Council of Europe’s (CoE) negotiations of the draft Second Additional Protocol to the Convention on Cybercrime (also known as the “Budapest Convention”) —a new international text that will deal with cross-border access to data by law enforcement authorities. According to to the Terms of Reference for the negotiations, it may include ways to improve Mutual Legal Assistance Treaties (MLATs) and allow “direct cooperation” between law enforcement authorities and companies to access people’s “subscriber information”, order “preservation” of data, and to make “emergency requests”.

      The upcoming Second Additional Protocol is currently being discussed at the Cybercrime Convention Committee (T-CY) of the Council of Europe, a committee that gathers the States Party to the Budapest Convention on Cybercrime and other observer and “ad hoc” countries and organisations. The T-CY aims to finalize the Second Additional Protocol by December 2019. While the Council of Europe has made clear its intention for “close interaction with civil society”, civil society groups are asking to be included throughout the entire process—not just during the Council of Europe’s Octopus Conferences.

    • Celebrities, academics, activists rally to #ReconnectAssange

      Celebrities and political activists have rallied in solidarity around WikiLeaks founder Julian Assange, whose internet access was abruptly suspended by the Ecuadorian government last week, by signing an open letter demanding that it be restored.

      The signatories not only include prominent intellectuals, like Noam Chomsky and Slavoj Zizek, and journalists, but also famous artists. Rapper M.I.A. added her name to the list, alongside filmmaker Oliver Stone, musician Brian Eno, fashion designer Vivienne Westwood, and actress Pamela Anderson.

      “If it was ever clear that the case of Julian Assange was never just a legal case, but a struggle for the protection of basic human rights, it is now,” the letter reads.

  • AstroTurf/Lobbying/Politics

    • The death of the newsfeed

      Unavoidable as it seems, though, this approach has two problems. First, getting that sample ‘right’ is very hard, and beset by all sorts of conceptual challenges. But second, even if it’s a successful sample, it’s still a sample.

    • Here’s How You Can Use Trump Town
      President Donald Trump sits atop a sprawling executive branch, with thousands of hand-picked lieutenants across dozens of agencies who make sure his agenda is pursued and his priorities are followed.

      Presidential appointees have historically wielded a significant amount of power, playing dealmaker on Capitol Hill and handling billion-dollar budgets in federal offices.

      With all of this hiring going on, it’s important that the public gets a chance to know who these new power players are and what conflicts of interest they may have. Figuring that out can be difficult, requiring painstaking, laborious research and public records sleuthing.
    • Help Us Dive Into the Swamp — ‘Trump, Inc.’ Podcast
      This week, we’re doing a couple of things differently on “Trump, Inc.” Instead of focusing on President Donald Trump’s businesses, we’re looking more broadly at business interests in the Trump administration. We’re also giving you, our listeners, homework.

      Last month, ProPublica published the first comprehensive and searchable database of Trump’s 2,684 political appointees, along with their federal lobbying and financial records. It’s the result of a year spent filing Freedom of Information Act requests, collecting staffing lists and publishing financial disclosure reports.
    • How Do You Identify Fake News?

      Remember when 318 people were shot in Chicago on Halloween 2015 and former President Barack Obama declared a state of emergency in the city? Or when Hillary Clinton ran a child sex-trafficking ring from the basement of a Washington, D.C., pizza parlor? Or when first lady Melania Trump used a body double in public appearances?

      All these events received news coverage. All were fake.

      It’s troubling how much traction false news can get. Like when major news sources splashed headlines over the Trump administration’s claims that Chicago’s gun violence was occurring in a “city with the strongest gun laws in our country.” Not true, either. Local media have countered that claim time and again. The nonpartisan political fact-checker PolitiFact called President Donald Trump’s comments about this “Pants on Fire!” the worst rating on its Truth-O-Meter.
    • Facebook’s Targeting System Can Divide Us on More Than Just Advertising
      It’s heartening to see, in the wake of the Cambridge Analytica revelations, growing skepticism about how Facebook handles data and data privacy. But we should take this opportunity to ask the bigger, harder questions, too — questions about discrimination and division, and whether we want to live in a society where our consumer data profile determines our reality.

      In the spring of 2016, a Facebook executive gave a presentation about the success of Facebook’s then-new “ethnic affinity” advertising categories. Facebook had grouped users as white, Black, or Latino based on what they had clicked, and this targeting had allowed the movie “Straight Outta Compton” to be marketed as two completely different films. For Black audiences, it was a deeply political biopic about the members of N.W.A. and their music, framed by contemporary reflections from Dr. Dre and Ice Cube. For white audiences, it was a scripted drama about gangsters, guns, and cops that barely mentioned the names of its real-life characters. From the perspective of Universal Pictures, this dual marketing had been wildly successful. “Straight Outta Compton” earned over $160 million at the U.S. box office.

      When we saw this news in 2016, it immediately raised alarm bells about the effect of such categories on civil rights. We went straight to Facebook with our immediate concern: How was the company ensuring that ads for jobs, housing, and employment weren’t targeted by race, given that such targeting is illegal under the civil rights laws? Facebook didn’t have an answer. We worked with officials from the company for more than a year on solutions that, as it turned out, were not properly implemented. Facebook still makes it possible for advertisers to target based on categories closely linked to gender, family status, and disability, and the company has recently gotten sued for it.

  • Censorship/Free Speech

    • Patronizing censorship
      Unlike Joel Rubinoff, I'm not going to tie labels on anyone (that's a liberal thing). But I'd like to remind him of two sections of the Charter of Rights and Freedoms; free speech and the right to be presumed innocent. Apparently, he doesn't agree with either of them.
    • Negative Criticism, Even When It’s Based on Politics, Is Not the Same as Censorship
      Much of the criticism of the new Roseanne reboot has had less to do with how it works as a traditional sitcom, and more with the ideology behind it. Some are upset that the character of Roseanne Conner is a Trump supporter. Some are discomfited by the way the show sanitizes and whitewashes that support. For others, the problem lies with Roseanne Barr herself, and the fact that ABC gave such a prominent, lucrative platform to a hateful, transphobic woman obsessed with rightwing conspiracy theories.
    • Republican governor forced to stop blocking Facebook users who criticize him

      Four Maryland residents sued the Republican governor in a US District Court in August 2017, with help from the American Civil Liberties Union (ACLU) of Maryland. The ACLU announced yesterday that a settlement has been finalized, requiring Hogan to implement a new social media policy within two weeks. The state is also required to pay $65,000 to the plaintiffs.

    • Maryland governor settles lawsuit with ACLU over Facebook censorship
      In the fall of 2015, James Laurenson of Maryland was so upset that his governor, Larry Hogan, was opposed to the Obama administration's plan to allow Syrian refugees to resettle within the U.S. that he did something he never had before: He aired his grievances on the governor's public Facebook page.

      As part of comments that were also emailed to the governor's office, Laurenson wrote that he was "ashamed to be called a Marylander" and believed that Hogan, a Republican, was "aiding and abetting" the Islamic State.

      No one replied to Laurenson's email, but someone overseeing the Facebook page deleted his comments and then blocked him from posting further, according to a federal lawsuit filed last August on behalf of Laurenson and three others who say they were similarly gagged by the governor's office.
    • Maryland governor settles suit over Facebook censorship

      In the fall of 2015, James Laurenson of Maryland was so upset that his governor, Larry Hogan, was opposed to the Obama administration’s plan to allow Syrian refugees to resettle within the U.S. that he did something he never had before: He aired his grievances on the governor’s public Facebook page.
    • Censorship Conversation

      Derflinger: For me censorship is like the limiting of ideas, whether that is words, thoughts, actions … it could be written, it could be spoken, it could be whatever kind of limitations there are, limiting people to express themselves and their ideas and their beliefs.
    • Associate dean Donald Low of LKY School resigns
      Earlier this year, he wrote a controversial Facebook post, which said that teenage blogger Amos Yee - who had been convicted for derogatory remarks about Christians in a YouTube video - "has all the traits that we want in our youth", drawing criticism online.

    • Goodbye freedom of the press, hello media censorship
      Ariana Grande, Miley Cyrus, Zendaya and Demi Lovato all have two things in common. They are all advocates for the “Me Too” campaign, and two, they were all on the cover of Cosmopolitan in 2017. Is this for their own publicity or is it because they are also advocates for the female empowerment mission Cosmo stands for?

      On the other hand, Walmart has a different opinion about these magazines. At the end of March 2018, one of the biggest stores in the country, Walmart, decided to move Cosmopolitan magazines from the checkout aisles to the back of the store behind barriers, according to the New York Times. Walmart stated that they did not want the customers to be exposed to the sexual content that Cosmopolitan delivers.

      The National Center on Sexual Exploitation (NCOSE) partnered up with Walmart to decrease publications of Cosmopolitan in hopes that the sex magazine will stop degrading women and painting them as sex objects to males, according to the Huffington Post.

    • Yet Another Court Says Victims Don't Need SESTA/FOSTA To Go After Backpage

      We already pointed to a ruling in Massachusetts showing that victims of sex trafficking don't need SESTA/FOSTA to get around CDA 230 and go after Backpage when Backpage is an active participant, and now another court has found something similar. Found via Eric Goldman, a court in Florida has rejected a motion to dismiss by Backpage on CDA 230 grounds. The full order is here (and embedded below).

      As with other cases (including the Massachusetts case) the real issue here is whether or not Backpage was just a service provider, or if it crossed the line into being a content provider itself, and did so in ways that broke the law. To be clear, the court here does seem... confused about CDA 230 and how other courts have ruled, and basically rejects plenty of existing caselaw and the nature of 230:

    • Sex Workers Fighting Back Against SESTA/FOSTA With Their Own Social Network... And Plan To Expose Politicians
      One of the most vocal groups in opposition to SESTA/FOSTA were sex workers, who spoke out about how the bills would put their lives at risk and how it would put the lives of trafficking victims at risk, often making it more difficult for victims to find information on how to get help or to protect themselves. Indeed, there are already reports of information sites shutting down entirely.

    • Sex workers are sick of censorship on social media
      Social media’s a great place — unless you’re a sex worker.

      Sex workers claim they’re being marginalized by Twitter and Instagram, Vice reports.

      Melody Kush, a veteran camgirl, was iced from Twitter in 2017. Despite an earlier tussle over an exposed nipple, she can’t figure out what led to her getting booted, and says she’s also been kicked off Instagram for no obvious reason.

    • Self-Censorship and the State: Evaluating Progress on Free Speech in Uzbekistan
      Last week, the trial of two journalists and two businessmen accused of plotting to overthrow the government began in Tashkent, Uzbekistan. Breaking with past precedent, the trial has been open to press and human rights organizations. As such, it has become a test case for the limits of Uzbekistan’s reforms under President Shavkat Mirziyoyev, particularly as they apply to domestic politics and matters of free speech.

      Bobomurod Abdullaev, a freelance journalist, blogger Hayot Nasriddinov, and businessmen Ravshan Salaev and Shavkat Olloyorov have been charged with “conspiracy to overthrow the constitutional regime.” The charge is rooted in a series of articles published under the byline Usman Haqnazarov, a pseudonym reportedly used by more than one individual. The articles were critical of the regime of Uzbekistan’s first president, Islam Karimov, who died in the fall of 2016.

    • Royal Court dropped Tibet play after advice from British Council

      The Royal Court theatre pulled a play about Tibet after the British Council privately advised that it would coincide with “significant political meetings” in China and could jeopardise the theatre’s ability to work there.

      The West End venue – which had been criticised by the play’s award-winning Indian author, who claimed the play had been shelved – said in February it had had to postpone and then withdraw the production for “financial reasons” in 2017 and that it was now committed to producing the play in spring next year.

      Correspondence released under the Freedom of Information Act now reveals details of discussions about the play, Pah-La, between the theatre and the British Council, the UK government’s cultural diplomacy arm.

      The play’s scheduled West End run, from October to November last year, would have had an impact on a joint arts programme being run in China as well as coinciding with “significant political meetings” in China, the theatre was told by a high-ranking British Council official serving as a first secretary in the UK’s embassy in Beijing.

      Pah-La deals with life in contemporary Tibet, drawing on personal stories of Tibetans with whom the playwright, Abhishek Majumdar, worked in India, which is home to a substantial community of Tibetan exiles including the Dalai Lama.

    • Malaysia just made fake news illegal and punishable by up to six years in jail

    • The world’s largest democracy is out to stifle its already docile press

    • Censorship fears: PMO asks I&B Ministry to withdraw memo on fake news after widespread criticism

    • The Algorithms Take Over: Will Facebook's Private Message Scanning Lead To Autonomous Censorship?

    • Russia blasts Facebook’s ‘totalitarianism & censorship’ after 270 accounts banned for no reason
      Sample of the pages banned by Facebook, which it says did not violate any of its content guidelines / Facebook / Supplied for media use Moscow has chided Facebook and demanded an explanation from the US State Department, after the social media giant banned media and personal accounts that violated no rules but are purportedly linked to a Russian “troll factory.”

  • Privacy/Surveillance

    • Richard Stallman Proposes Ceasing Of Data Collection To Safeguard Privacy And Anonymity
      The aftermath of Facebook CA scandal has attracted several comments and criticism from common people and prominent figures alike.

      Now Richard Stallman, the man behind GNU project and free software movement, has shared his views in a column on The Guardian on restoring privacy through stricter regulations for data accumulation.
    • How Wizards and Muggles Break Free from the Matrix

      Many of those appear more than once, with different prefixes. I've also left off variants of google, doubleclick, facebook, twitter and other familiars.

      Interesting: when I look a second, third or fourth time, the list is different—I suppose because third-party ad servers are busy trying to shove trackers into my browser afresh, as long as a given page is open.

      When I looked up one of those trackers, "moatads", which I chose at random, most of the 1,820,000 search results were about how moatads is bad stuff.
    • Google And Amazon File Creepy Patents That Can Further “Sniff” Your Conversations
      The world hasn’t even recovered from the user data breach following the Facebook CA scandal, meanwhile Google and Amazon’s virtual assistants are getting smarter at a scary speed by adopting advanced data spying methods.

      Recent patent filings of Google and Amazon “outline an array of possibilities” for how their smart devices could observe what users say and do.
    • Facebook Isn’t Telling the Whole Story About Its Decision to Stop Partnering With Data Brokers
      The company publicly announced last week that it was shutting down its Partner Categories program to “help improve people’s privacy on Facebook.” What it didn’t mention was that the move is actually part of the company’s efforts to comply with the GDPR, the new EU data protection law going into effect in May, which imposes consent requirements that make using third-party data more difficult.

      While it’s nice to see Facebook deciding to implement this EU-mandatory privacy change across the globe, it would be missing some of the larger picture to interpret this as a completely voluntary, privacy-protective measure taken wholly in response to Cambridge Analytica. Beyond the stark fact of legal compliance, this isn’t even a move that is likely to affect Facebook’s bottom line: the company may actually stand to benefit from this, in terms of boosted profits and solidified market dominance.

    • HTTPS Everywhere Introduces New Feature: Continual Ruleset Updates
      Today we're proud to announce the launch of a new version of HTTPS Everywhere, 2018.4.3, which brings with it exciting new features. With this newest update, you'll receive our list of HTTPS-supporting sites more regularly, bundled as a package that is delivered to the extension on a continual basis. This means that your HTTPS-Everywhere-protected browser will have more up-to-date coverage for sites that offer HTTPS, and you'll encounter fewer sites that break due to bugs in our list of supported sites. It also means that in the future, third parties can create their own list of URL redirects for use in the extension. This could be useful, for instance, in the Tor Browser to improve the user experience for .onion URLs. This new version is the same old extension you know and love, now with a cleaner behind-the-scenes process to ensure that it's protecting you better than ever before.
    • Data Privacy Policy Must Empower Users and Innovation
      As the details continue to emerge regarding Facebook's failure to protect its users' data from third-party misuse, a growing chorus is calling for new regulations. Mark Zuckerberg will appear in Washington to answer to Congress next week, and we expect lawmakers and others will be asking not only what happened, but what needs to be done to make sure it doesn't happen again.

      As recent revelations from Grindr and Under Armour remind us, Facebook is hardly alone in its failure to protect user privacy, and we're glad to see the issue high on the national agenda. At the same time, it’s crucial that we ensure that privacy protections for social media users reinforce, rather than undermine, equally important values like free speech and innovation. We must also be careful not to unintentionally enshrine the current tech powerhouses by making it harder for others to enter those markets. Moreover, we shouldn’t lose sight of the tools we already have for protecting user privacy.

    • Want to Keep Personal Information Safe Online? Fix the Software

      Code for enforcing security and privacy is tangled up with other code, making it hard for both developers and auditors to look at a code base and determine which policies are being enforced.

    • Facebook apologises for storing draft videos users thought they had deleted

      The bug was first reported last week after users discovered videos they had never posted were being stored by the company. The storage was only uncovered when those users attempted to download all the data the company had on them, and were startled to find that Facebook had stored unused draft videos for years.

    • Facebook says it will not extend GDPR privacy protections beyond EU

      Facebook has no plans to extend the user privacy protections put in place by the far-reaching General Data Protection Regulation, or GDPR, law to users of its social network around the globe, according to Reuters. CEO Mark Zuckerberg told the news agency in an interview that Facebook would like to make such privacy guarantees “in spirit,” but would make exceptions. Zuckerberg declined to explain those exceptions, according to Reuters.

    • Exclusive: Facebook CEO stops short of extending European privacy globally

      Zuckerberg told Reuters in a phone interview that Facebook was working on a version of the law that would work globally, bringing some European privacy guarantees worldwide, but the 33-year-old billionaire demurred when asked what parts of the law he would not extend worldwide.

    • Facebook wants a social media supreme court so it can avoid hard questions

      As Klein points out, Facebook’s failures have consequences on par with government failures. The integrity of elections is threatened; violence is incited; and key communication channels are jammed by bad actors. In America and many other countries, much of this activity goes unregulated by the government. So, what recourse does the average person have? As Klein puts it [...]

    • Here are the moats and walls Facebook has been building for years to defend against #DeleteFacebook

      As we set ourselves to the task of dooming Facebook to the scrapheap of history, it's worth considering the many ways in which Facebook has anticipated and planned for this moment, enacting countermeasures to prevent the rise of a competitor focused on delivering things that help users (making it easy to find people to form interest groups with), rather than focused on "maximizing engagement" and spying on us.

    • Facebook Has Been Preparing for #DeleteFacebook for More Than a Decade

      But Facebook’s nearly 2 billion users have nowhere else to go. That’s because, with a few exceptions, Facebook has managed to squash its competitors, either by cloning or acquiring them—a tactic it’s used to remain relevant and irreplaceable. For the past 14 years, since its inception, Facebook has been preparing for this very moment. And now that it’s here, the company continues to monopolize the way humans interact online.

    • Facebook Is Not the Problem. Lax Privacy Rules Are.

      There’s no need to start from scratch. In 2012, President Barack Obama proposed a privacy bill of rights that included many ideas for giving people more control over their information, making data collection more transparent and putting limits on what business can do with the information they collect. The bill of rights fizzled out when Congress showed little appetite for it. But the European Union has used a similar approach in developing its General Data Protection Regulation, which goes into effect on May 25.

    • Brazil’s ISPs Line up for their Privacy Stars in “Quem Defende Seus Dados”

      InternetLab, the Brazilian independent research center, has published their third edition of “Quem Defende Seus Dados?" (Who defends your data?"), an annual report which evaluates the practices of their local Internet Service Providers (ISPs), and how they treat their customers’ personal data when the government demands it.

      This years' report expanded the number of ISPs covered, and shows Vivo taking a strong lead, followed by Tim and then Claro and Oi close behind. The Brazilian ISPs still have plenty of room for improvement, especially on transparency reports, law enforcement guidelines, and notification to users.
    • State Dept. Wants to Expand Social Media Collection to All Visa Applicants
      The State Department has alarmingly declared that it wants to collect social media information from all visa applicants. This appears to be an expansion of a 2017 program that sought social media information only from a subset of initially suspicious visa applicants. This is also the latest effort in a troubling trend of conducting social media surveillance both domestically and abroad that began with President Barack Obama’s Administration and has continued during President Donald Trump’s Administration.

      The State Department issued two Federal Register notices last week seeking public comments on its proposal to ask all visa applicants—those seeking both immigrant and non-immigrant visas to the United States—for social media information for the past five years. “Social media information” includes the online platforms that visa applicants currently use—or have used in the past—and their account identifiers or handles. This means that visa applicants will have to disclose their use of websites and apps such as Facebook, Twitter, Instagram, Snapchat, and Pinterest. The State Department also wants to ask all visa applicants for the phone numbers and email addresses used for the past five years, among other information.

      This questioning invades the free speech and privacy rights of foreign visitors to the U.S., as well as the rights of their American friends, families, and professional associates. As with other similar programs, EFF opposes this collection of personal information.

    • DNS Resolvers Performance compared: CloudFlare x Google x Quad9 x OpenDNS [Ed: In exchange for leverage, dependence and surveillance they give us 'free' DNS and boast and about "speed" and the likes of that]
      A couple of months ago I did a performance comparison between some of the top free DNS Resolvers available. It was just after Quad9 had launched and I was trying to decide which one to use and recommend to families and friends. Google, OpenDNS, Quad9, .. some many options… I love options …
    • It's Grindr's Turn In The Barrel As America Finally Decides To Care About Consumer Privacy
      Whatever you think about the Facebook Cambridge Analytica kerfuffle, it's pretty obvious that the scandal is causing a long overdue reassessment of our traditionally lax national privacy standards. While most companies talk a good game about their breathless dedication to consumer privacy, that rhetoric is usually pretty hollow and oversight borders on nonexistent. The broadband industry is a giant poster child for that apathy, as is the internet of very broken things sector. For a very long time we've made it abundantly clear that making money was more important than protecting user data, and the check is finally coming due.

      While it may only be a temporary phenomenon, the Cambridge Analytica scandal is finally causing some much-needed soul searching on this front. And given how deep our collective privacy apathy rabbit hole goes, being sloppy with consumer data may actually bear witness to something vaguely resembling accountability for a little while. Case in point is gay dating site Grindr, which this week was hammered in the media after it was revealed that the company was sharing an ocean of data with app optimization partner companies, including location data and even HIV status.

    • Why do people dislike online ads?
      Many people who have shopped online have had the experience of looking for something to buy, and then being followed by ads for that thing for days (or weeks, sometimes months!) afterwards. This is known as behavioral retargeting in the ad industry. The premise for this is as follows: the advertiser is looking for consumers who are interested to buy a product, such as a shirt. They would like to show ads for their shirt to people who would be a good target audience for buying a shirt. In the offline world, if the advertiser were to place such an ad looking for a custom target audience, they would probably look for print magazines specializing in fashion, attire and such, based on the assumption that a subset of people who would buy and read such magazines would probably be interested in buying a shirt. In the online world, however, the online ad industry offers a more lucrative option: showing ads for the shirt to people who have before shown real interest in buying a shirt, possibly a shirt of the same kind, color, size, etc. as the one the advertiser is looking to promote! What could be better than this?! The way the online ad companies do this is typically by tracking users from their online shopping carts through everywhere else on the Web as they browse, so that they can detect who abandoned a shopping cart without buying the products in it, what was in the cart, where that user is going now, which advertisers are interested to show ads for those abandoned products, and match up the two.

  • Civil Rights/Policing

    • The Legal Questions Raised by a Women-Only Workspace
      When it was reported last week that the New York City Commission on Human Rights was investigating The Wing, the co-working space for women, over its women-only membership policy, its members and advocates rushed to the company’s defense. The inquiry has generated controversy given the heightened awareness, resulting from the #MeToo movement, that sexual harassment is still rampant in far too many workplaces.

      Judging by The Wing’s success as both a business venture and a place for women to gather, it has undoubtedly met a real need. Yet the commission’s job is to respond to reports of discrimination it receives, as in this case. By limiting its patrons to women only, The Wing may not be in compliance with New York’s public accommodation law — a law that exists for good reason and furthers gender equality.

      New York, like nearly every state and many cities, provides that places of public accommodation can’t discriminate against members of the public based on characteristics including race, religion, disability — or sex. Antidiscrimination laws like New York’s are why we have the freedom to go about our daily lives without fear of being turned away from retail stores, banks, and hotels simply because of who we are.

    • The Role of Youth in a Hoped-for Transformation
      The massive turnout for the March for Our Lives demonstration in Washington on March 24 has given rise to hope that a new youth movement can spur a social transformation in the United States, write Kevin Zeese and Margaret Flowers.

    • King’s Legacy Betrayed

      Dr. Martin Luther King, Jr. was the preeminent leader of the black liberation movement in the 1950s and 1960s. Millions of people engaged in the struggle against America’s shameful apartheid system but King was the most influential. His actions are remembered, his words are quoted by activists, politicians, and pundits. His birthday is a national holiday. Only the worst and most retrograde racists dare to speak ill of King.

      But the lionizing is mostly a sham. In fact there are very few people who remember the importance of what King said, what he did or why and how they should replicate his work. His legacy has been subverted and is now understood only by the most conscious students of history.

      Nothing illustrated this state of affairs more clearly than the use of King’s words in a Ram truck commercial broadcast during the 2018 Super Bowl football championship. Viewers were told that Ram trucks are “built to serve.”

      The voice over is provided by King himself speaking exactly 50 years earlier, on February 4, 1968. The Drum Major Instinct sermon was a call to reject the ego driven desire for attention in favor of working for more altruistic pursuits. “If you want to say that I was a drum major say that I was a drum major for justice.”

    • 50 Years After MLK’s Assassination, We Remain Two Societies, ‘Separate and Unequal’
      On April 4, 1968, I was 11 and growing up in Memphis when the news came that Martin Luther King had been murdered. My parents couldn’t hide how bad it was – they were angry. They were afraid. And most memorably to my childhood self, they were crying. I couldn’t articulate it at the time, but I know now that I was afraid that killing the dreamer could kill the dream.

      Exactly one year earlier, in a speech at Riverside Church in New York City, Dr. King said, “We are confronted with the fierce urgency of now… Procrastination is still the thief of time. Life often leaves us standing bare, naked, and dejected with a lost opportunity.” A year later, his call for civil rights and racial justice was answered by an assassin’s bullet.

      King understood the urgency of now.

      He graduated from divinity school in 1955 and six months later he was leading the Montgomery Improvement Association during the now-famous Montgomery bus boycott. For the next 12 years he was a tireless public spokesperson for racial justice. He endured being shot at, stabbed, beaten, surveilled and harassed by the government, arrested more than 30 times, subjected to unrelenting media scrutiny, outpourings of hate speech, and death threats.
    • From Chaos in Saigon, to Chaos in Washington: 4/4/68
      As news of the assassination of Dr. Martin Luther King, Jr. in Memphis spread, despondent crowds gathered in the heart of Washington’s business section along 14th street. Orderly at first, the crowds became surly and started breaking windows, looting stores and setting fires.

      I reported immediately to the ABC News bureau on Connecticut Ave. The news editor said, “Good timing Don, we can use a reporter with combat experience. There’s a crew leaving for the riots in a few minutes. There’s room in the car for you.”

    • The Orange County Prosecutor’s Office Ran a Secret, Unconstitutional Jailhouse Informant Scheme for Years
      When Bethany Webb’s sister, Laura, was killed in a mass shooting in 2011, she couldn’t imagine things getting worse. But then-District Attorney Tony Rackauckas of Orange County, California, took the case.

      In his zeal to impose the death penalty — over Webb’s objection — Rackauckas employed jailhouse informants to elicit damning statements from the defendant, Scott Dekraai, while Dekraai was in jail. These informant-defendant interactions violated the Constitution’s right to counsel — no one is allowed to interrogate defendants without their attorneys present. Rackauckas knew that what he was doing was illegal, but he did it anyway. And it wasn’t the first time Rackauckas had broken the law in pursuit of a conviction.

      In fact, Rackauckas and Orange County Sheriff Sandra Hutchens had overseen a systematic, methodical program of using jailhouse informants for years. Their era of impunity ended only in 2014, when Dekraai’s attorney uncovered their illegal jailhouse informant program. Remarkably, even after their unlawful acts were discovered, Rackauckas, Hutchens, and their employees denied it, going so far as to lie about it under oath to Orange County judges and juries.

      Rackauckas’ and Hutchens’ illegal acts corrupted the entire system, making it impossible for crime victims to achieve closure, defendants to receive due process, and the community to trust those charged with protecting them. When law enforcement cheats, we all lose.

      Now, seven years after Laura Webb was killed, Bethany Webb, the sister of a murder victim, has joined forces with the ACLU, the ACLU of Southern California, People for the Ethical Operation of Prosecution and Law Enforcement, and the law offices of Munger, Tolles & Olson LLP, to end this illegal and destructive informant program.

      The Orange County informant program has three primary components, all of which violate the law. First, Orange County deputy sheriffs cultivate relationships with professional jailhouse informants. These informants are facing serious jail time themselves, and therefore have a strong incentive to enter the employ of law enforcement.
    • Judge Tosses Charges Against Journalist Who Published Docs Leaked To Her By A Police Officer

      A police department's retaliatory arrest of a citizen journalist has dead-ended with a courtroom loss. Priscilla Villarreal -- better known as "Lagordiloca" to her thousands of Facebook fans -- was arrested after she published information given to her by police officer Barbara Goodman. The info included the name of Border Patrol agent who had committed suicide -- info never officially released by the Border Patrol.

      While the proper target for Texas prosecutors would have been the officer leaking sensitive info, they decided to pursue Villarreal instead, issuing an arrest warrant for "misuse of official information." Publishing leaks has never really troubled the courts before, usually falling well within the confines of the First Amendment. But prosecutors argued the "misuse" occurred when Villarreal "profited" from it by "gaining popularity" with her exclusive leak.

      "Lagordiloca" operated outside the mainstream, publishing and streaming interactions with officers live to her Facebook page. It's apparent many officers didn't care for her reporting, and this misuse of a "misuse" law seemed like a quick and dirty way to shut her up. It didn't work. As Jason Buch reports for the San Antonio Express-News, a judge has tossed the charges against Villareal, finding them unconstitutional.
    • Judge throws out charges against blogger called La Gordiloca
      A judge in Laredo on Wednesday threw out the charges against the social media personality known as La Gordiloca.

      State District Judge Monica Z. Notzon ruled that part of the law police used to arrest Priscilla Villarreal is unconstitutionally vague.

  • Internet Policy/Net Neutrality

    • Comcast's Top Lobbyist Is Pushing A Net Neutrality 'Compromise' That Isn't

      With net neutrality rules currently on the chopping block, Comcast's top lobbyist is once again trying to sell people on letting giant ISPs pick winners and losers on the internet. The FCC's 2015 net neutrality rules explicitly banned "paid prioritization," or letting one company (say, Disney) buy itself a network advantage over more cash-strapped competitors. While the FCC's 2015 rules carved out vast exceptions for legitimate prioritization (VoIP, medical services), they made it clear that anti-competitive paid prioritization deals of this kind distorted the traditionally level playing field, letting the wealthiest companies buy an unfair edge over competitors.

      And while Comcast used to promise that it would never consider such deals, those promises have slowly but surely evaporated the closer we get to the net neutrality repeal the company has spent millions on. As we get closer to a country without real net neutrality protections, Comcast's promises to avoid such pay-to-play schemes have been not-coincidentally mysteriously disappearing from the company's website.

    • Even the telco industry thinks Ajit Pai is an asshole for maiming Lifeline, a broadband subsidy for poor Americans

      Now, Trump's FCC chairman, Ajit Pai, wants to force Lifeline users to buy access from the big telcos, a move even those very same telcos think is bananas. And as a group of US 10 US senators have pointed out, Pai offered no evidence to support his contention that MNVOs strangle broadband investment (the FCC is only allowed to act on the basis of documented evidence), and Pai's proposal would eliminate the plans used by more than 70% of Lifeline recipients.

    • California’s Legislature Seeks to Protect Network Neutrality and Promote ISP Competition
      In response to the rollback of federal network neutrality protections, this year more than 20 states have taken up the mantle of protector of a free and open Internet. Washington has already passed a law and Oregon’s waits to be enacted. Not to be outdone, California has three bills pending that, if all passed, would create the most comprehensive net neutrality defense of any state while promoting community broadband.

      Those bills, S.B. 420, S.B. 822, and A.B. 1999, will face hearings and votes this month and hopefully make it to the governor’s desk towards the end of the year. If Governor Brown signs all three, California’s would not only restore the ban on blocking, throttling, and paid prioritization the FCC recently repealed, but also secures more protections and options for Californians while making it easier for local governments to engage in community broadband projects to give their residents choice and competition in the ISP market.

    • Digital Justice: Internet Co-ops Resist Net Neutrality Rollbacks
      More than 300 electric cooperatives across the US are building their own internet with high-speed fiber networks. These locally owned networks are poised to do what federal and state governments and the marketplace couldn’t. First, they protect open internet access from the internet service providers (ISP) that stand to pocket the profits from net neutrality rollbacks that the Trump administration announced last November. Second, they bring affordable, fast internet access to anyone, narrowing the digital divide that deepens individual and regional socioeconomic disparities.

      In Detroit, for example, forty percent of the population has no access of any kind to the internet. Because of Detroit’s economic woes, many Big Telecom companies haven’t thought it worthwhile to invest in expanding their network to these communities. Internet connectivity is a crucial economic leveler without which people fall behind in schools, health, and the job market.

      In response, a growing cohort of Detroit resident has started a grassroots movement called the Equitable Internet Initiative, through which locals are build their own high speed internet. It started with enlisting digital stewards—locals who were interested in working for the nonprofit coalition. Many of these stewards started out with little or no tech expertise, but after a 20-week-long training, they’ve become experts able to install, troubleshoot, and maintain a network from end to end. They aim to build shared tools like a forum and a secured emergency communication network—and to educate their communities on digital literacy so people can truly own the network themselves.

      Detroit isn’t the only city with residents who aim to own their internet. Thirty of the 300 tribal reservations in the US have internet access. Seventeen of these tribal reservation communities in San Diego County have secured wireless internet access under the Tribal Digital Village initiative. Another local effort, Co-Mo Electric Cooperative, which was originally established in 1939 to brings electrical power to central Missouri farms, has organized to crowdfund the money necessary to establish its own network. By 2014, members enjoyed connection speeds in the top twenty percent of the US, and the fastest in Missouri. By 2016, Co-Mo’s entire service area was on the digital grid.

  • DRM

    • Intel's new 8th-gen Core vPro business-class processors 'engineered for digital transformation'

      called Intel Runtime BIOS Resilience."

      Intel Authenticate, a "multifactor authentication solution that verifies identities in hardware for added protection below the software layer, now includes support for facial recognition with Windows 10. This enables an intuitive user experience across leading business devices from Dell*, HP*, Lenovo* and more, while also supporting specific IT policies and management consoles."

      "Right out of the box, new Intel vPro platform-based PCs from Lenovo and HP will begin to take advantage of Intel Runtime BIOS Resilience – a hardware enhancement that minimises the risks of malicious code injection. As part of Intel’s commitment to continually advance cybersecurity, this new firmware feature locks BIOS when software is running to help prevent planted malware from gaining traction."

  • Intellectual Monopolies

    • Intel Patents Hardware Accelerator
      On March 29, 2018, the United States Patent and Trademark Office published an application in the name of Intel Corporation, which puts the famous microprocessor company back in the spotlight of crypto mining.

    • Trademarks

      • Is the Limiting of Scandalous Marks a Viewpoint Neutral Government Activity?
        The US Government (USPTO/DOJ) has petitioned for en banc review of the decision – arguing that the immoral/scandalous prohibition should stand. Notably, the US argues that limiting registration of disparaging marks in Tam was more suspect because it was directed toward a particular viewpoint (e.g., disparagement of people …). On the other hand, the prohibition on registering scandalous marks is viewpoint neutral. Despite that difference, the Federal Circuit applied a strict scrutiny test. The Federal Circuit argues that strict scrutiny should not apply here but rather that the Federal Circuit should develop a separate and new test for “the constitutionality of viewpoint-neutral limitations on registrability.”

    • Copyrights

      • Yet Another Case Highlights Yet Another Constitutional Infirmity With The DMCA

        Once again, the Constitutional exceptionalism of the DMCA has reared its ugly head. Thanks to the way it has been interpreted we have already enabled it to become an unchecked system of prior restraint, which is anathema to the First Amendment. And now yet another court has allowed this federal law to supersede states' ability to right the wrongs that misuse of the DMCA's censorship tools inevitably causes, even though doing so arguably gives this federal law more power than the Constitution allows.

        The two problems are of course related. Prior restraint is what happens when speech is censored without ever having being adjudicated to be wrongful. That's what a takedown demand system does: force the removal of speech first, and sort out whether that was the right result later. But because the Ninth Circuit has taken the teeth out of the part of the DMCA that is supposed to punish bogus takedowns, that second part very rarely happens. Section 512(f) was supposed to provide a remedy for those who have been harmed by their content being removed. But in the wake of key rulings, most recently Lenz v. Universal, that remedy is rarely available, leaving online speakers everywhere vulnerable to the censoring whims of anyone inclined to send a takedown demand targeting their speech, no matter how unjustifiably, since there is little ability to ever hold this wrongdoer liable for the harm their censorship causes.
      • Court Says Scraping Websites And Creating Fake Profiles Can Be Protected By The First Amendment
        It's no secret that the Computer Fraud and Abuse Act (CFAA) is a mess. Originally written by a confused and panicked Congress in the wake of the 1980s movie War Games, it was supposed to be an "anti-hacking" law, but was written so broadly that it has been used over and over again against any sort of "things that happen on a computer." It has been (not so jokingly) referred to as "the law that sticks," because when someone has done something "icky" using a computer, if no other law is found to be broken, someone can almost always find some weird way to interpret the CFAA to claim it's been violated. The two most problematic parts of the CFAA are the fact that it applies to "unauthorized access" or to "exceeding authorized access" on any "computer... which is used in or affecting interstate or foreign commerce or communications." In 1986 that may have seemed limited. But, today, that means any computer on the internet. Which means basically any computer.
      • Take-Two Fails To Get NBA2K Tattoo Copyright Lawsuit Dismissed
        I'll forgive you since it's been two years, but hopefully you will remember our posts about a crazy copyright lawsuit back in early 2016 between a company called Solid Oak Sketches and Take-Two Software. At issue were Take-Two's faithful depictions of several NBA stars in its NBA 2K series of games, including LeBron James and Kobe Bryant. The problem is that Solid Oak claims to have copyrights on several tattoos appearing on the skin of these players, all of which show up in the images of the game. Of course, Take-Two negotiates the rights for player likenesses with the NBA Players Association, meaning this lawsuit has the odd smell of a third party bickering over branded cattle. While Solid Oak is asking for $1.2 million in damages, Take-Two has pointed out that these sorts of statutory damages shouldn't apply as the company only registered its copyrights in 2015. This fact leads a reasonable observer to wonder why the copyrights weren't registered much earlier, were Take-Two's use so injurious.

        That question is of course tangent to the most central concern of why in the world any of this isn't obvious fair use? Take-Two has First Amendment rights, after all, and its use of the eight tattoos in each iteration of the game is a hilariously small portion of each work. On top of that, the whole enterprise of the game is to faithfully depict reality with regards to each player whose likeness it has properly licensed through the NBAPA. None of this should strike anybody as a million dollars worth of copyright infringement.

      • Hosting Provider Steadfast is Not Liable for ‘Pirate’ Site

        Hosting provider Steadfast is not liable for the copyright-infringing activities that took place on the server of a customer. A California District Court has dismissed all copyright and trademark infringing claims filed by ALS Scan, concluding that the hosting provider did enough to curb copyright infringement.

      • Canadian BitTorrent Traffic Tanked, But Video Piracy is Still Hot

        New data published by broadband management company Sandvine reveals that while BitTorrent traffic is dropping off in Canada, video piracy remains a significant problem. The data was released as part of the ongoing debate around website blocking, something Sandvine is familiar with.

      • French Universities Cancel Subscriptions to Springer Journals

        French research organizations and universities have cancelled their subscriptions to Springer journals, due to an impasse in fee negotiations between the publisher and, a national consortium representing more than 250 academic institutions in France.

        After more than a year of discussions, and SpringerNature, which publishes more than 2,000 scholarly journals belonging to Springer, Nature, and BioMedCentral, have failed to reach an agreement on subscriptions for its Springer journals. The publisher’s proposal includes an increase in prices, which the consortium refuses to accept.

Recent Techrights' Posts

Why We Republish Articles From Debian Disguised.Work (Formerly Debian.Community)
articles at aren't easy to find
Google: We Run and Fund Diversity Programs, Please Ignore How Our Own Staff Behaves
censorship is done by the recipients of the grants
European Patent Office (EPO) Has Serious Safety Issues, This New Report Highlights Some of Them
9-page document that was released to staff a couple of days ago
Microsoft-Run FUD Machine Wants Nobody to Pay Attention to Microsoft Getting Cracked All the Time
Fear, Uncertainty, Doubt (FUD) is the business model of "modern" media
Links 21/04/2024: Earth Day Coming, Day of Rest, Excess Deaths Hidden by Manipulation
Links for the day
Bad faith: no communication before opening WIPO UDRP case
Reprinted with permission from Daniel Pocock
Bad faith: real origins of harassment and evidence
Reprinted with permission from Daniel Pocock
Links 21/04/2024: Censorship Abundant, More Decisions to Quit Social Control Media
Links for the day
Bad faith: Debian Community domain used for harassment after WIPO seizure
Reprinted with permission from Daniel Pocock
If Red Hat/IBM Was a Restaurant...
Two hours ago in
Paul Tagliamonte & Debian Outreachy OPW dating
Reprinted with permission from
Disguised.Work unmasked, Debian-private fresh leaks
Reprinted with permission from
[Meme] Fake European Patents Helped Fund the War on Ukraine
The European Patent Office (EPO) does not serve the interests of Europe
IRC Proceedings: Saturday, April 20, 2024
IRC logs for Saturday, April 20, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Torvalds Fed Up With "AI" Passing Fad, Calls It "Autocorrect on Steroids."
and Microsoft pretends that it is speaking for Linux
Gemini Links 21/04/2024: Minecraft Ruined
Links for the day
Links 20/04/2024: Apple is Censoring China’s App Store for the Communist Party of China
Links for the day
Links 20/04/2024: Accessibility in Gemini and Focus Time
Links for the day
Congratulations to Debian Project Leader (DPL) Andreas Tille
It would not be insincere to say that Debian has issues and those issues need to be tackled, eventually
20 April: Hitler's Birthday, Debian Project Leader Election Results
Reprinted with permission from Daniel Pocock
September 11: Axel Beckert (ETH Zurich) attacks American freedoms
Reprinted with permission from Daniel Pocock
20,000 victims of unauthorized Swiss legal insurance scheme
Reprinted with permission from Daniel Pocock
Matthew Garrett, Cambridge & Debian: female colleague was afraid
Reprinted with permission from
David Graeber, village wives & Debian Outreachy internships
Reprinted with permission from
Neil McGovern & Ruby Central part ways
Reprinted with permission from
Links 20/04/2024: Chinese Diplomacy and 'Dangerous New Course on BGP Security'
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 19, 2024
IRC logs for Friday, April 19, 2024
The Latest Wave of Microsoft Crime, Bribes, and Fraud
Microsoft is still an evil, highly corrupt company
Links 19/04/2024: Running a V Rising Dedicated Server on GNU/Linux and More Post-"AI" Hype Eulogies
Links for the day
Gemini Links 19/04/2024: Kolibri OS and OpenBSD
Links for the day
[Video] Novell and Microsoft 45 Years Later
what happened in 2006 when Novell's Ron Hovsepian (who had come from IBM) sealed the company's sad fate by taking the advice of Microsoft moles
[Meme] EPO “Technical” Meetings
an institution full of despots who commit or enable illegalities
EPO “Technical” Meetings Are Not Technical Anymore, It's Just Corrupt Officials Destroying the Patent Office, Piecewise (While Breaking the Law to Increase Profits)
Another pillar of the EPO is being knocked down
Red Hat Communicates the World Via Microsoft Proprietary Spyware
Red Hat believes in choice: Microsoft... or Microsoft.
Sven Luther, Lucy Wayland & Debian's toxic culture
Reprinted with permission from
Chris Rutter, ARM Ltd IPO, Winchester College & Debian
Reprinted with permission from
[Video] Microsoft Got Its Systems Cracked (Breached) Again, This Time by Russia, and It Uses Its Moles in the Press and So-called 'Linux' Foundation to Change the Subject
If they control the narrative (or buy the narrative), they can do anything
Links 19/04/2024: Israel Fires Back at Iran and Many Layoffs in the US
Links for the day
Russell Coker & Debian: September 11 Islamist sympathy
Reprinted with permission from
Sven Luther, Thomas Bushnell & Debian's September 11 discussion
Reprinted with permission from
G.A.I./Hey Hi (AI) Bubble Bursting With More Mass Layoffs
it's happening already
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 18, 2024
IRC logs for Thursday, April 18, 2024