Bonum Certa Men Certa

Links 13/8/2018: Linux 4.18 and GNU Linux-libre 4.18 Arrive





GNOME bluefish

Contents





GNU/Linux





  • Kernel Space



    • New ARM SoCs & Boards To Be Supported By The Linux 4.19 Kernel
      Hardware support improvements coming for Linux 4.19 aren't limited to the x86 space but a lot of new ARM hardware support is also being introduced in this imminent kernel cycle.

      While the Linux 4.19 kernel merge window isn't quite open yet -- it should open tonight, following the release of Linux 4.18 -- the new feature work is already staged. There is the for-next arm-soc.git branch.


    • F2FS In Linux 4.19 Will Fix Big Performance Issue For Multi-Threaded Reads
      The Linux 4.19 kernel updates for the Flash-Friendly File-System (F2FS) should bring much faster performance for multi-threaded sequential reads -- as much as multiple times faster.

      Two years ago F2FS dropped its write-pages lock on the basis it could improve multi-threading performance... 4KB writes across 32 threads went up from 25 to 28MB/s on some tests done on the developer's hardware. While it was a minor win for multi-threaded writes, it turns out dropping the write-pages lock took a major toll on the multi-threaded read performance. Now with Linux 4.19, that write-pages lock is being restored.


    • SoundWire For Linux Preps Support For Multiple Masters
      Back in Linux 4.16 the SoundWire subsystem was added to the staging area as the MIPI standard for a low-power, two-wire sound bus that can support multiple audio streams and primarily utilized by small audio peripherals like IoT and mobile devices. With the next Linux kernel cycle, the SoundWire support is being improved upon.


    • GNU Linux-libre 4.18-gnu
      Two new drivers had blob requests and were cleaned up (psp-dev crypto and icn8505 touchscreen), one was removed (atom isp), plenty needed adjustments.

      There are some new firmware loading interfaces starting with firmware_request (rather than request_firmware). The deblob-check script was adjusted to look for uses thereof. firwmare_request_nowarn is one of the new interfaces, and it almost looks like we could use it, since it doesn't log any errors if the firmware is not there, but it still looks for and asks for non-Free Software, so I decided to disable it just like request_firmware.


    • GNU Linux-libre 4.18-gnu Released As The Latest Deblobbed Kernel
      Hot off the release of the upstream Linux 4.18 kernel, the GNU folks have released GNU Linux-libre 4.18-gnu that is their deblobbed version that strips out any "non-free" device driver support, removes the ability to load binary-only kernel modules and not being able to load firmware blobs either.

      With the Linux-libre 4.18 release they had to clean-up some new drivers to fit their strict standards on code freedom, removed one more driver (Atom ISP), and make adjustments to other existing code.


    • Linux 4.18
      One week late(r) and here we are - 4.18 is out there.

      It was a very calm week, and arguably I could just have released on schedule last week, but we did have some minor updates. Mostly networking, but some vfs race fixes (mentioned in the rc8 announment as "pending") and a couple of driver fixes (scsi, networking, i2c). Some other minor random things (arm crypto fix, parisc memory ordering fix). Shortlog appended for the (few) details.

      Some of these I was almost ready to just delay to until the next merge window, but they were marked for stable anyway, so it would just have caused more backporting. The vfs fixes are for old races that are really hard to hit (which is obviously why they are old and weren't noticed earlier). Some of them _have_ been seen in real life, some of them probably need explicit help to ever trigger (ie artificial delays just to show that "yes, this can actually happen in theory").

      Anyway, with this, the merge window for 4.19 is obviously open, and I'll start pulling tomorrow. I already have a couple of dozen pull requests pending due to the one-week delay of 4.18, but keep them coming.

      Linus


    • The 4.18 kernel is out
      Linus has released the 4.18 kernel. "It was a very calm week, and arguably I could just have released on schedule last week, but we did have some minor updates.


    • Linux 4.18 Kernel Officially Released
      Following the one week setback, the Linux 4.18 kernel is now officially available just a little more than two months since the cycle officially began.

      Linux 4.18 is now shipping and the latest kernel carrying the continued "Merciless Moray" codename.


    • New Linux kernel debuts, adds more suspect NSA-sourced crypto
      Adds more Spectre fixes, better power management and a hint of all-day-battery PCs.

      Linux creator and lead developer Linus Torvalds has released a new version of the Linux kernel.

      Version 4.18 went through eight release candidates – one more than usual – on its way to release.

      The biggest change this time around is the omission of the Lustre filesystem, software popular in the high-performance computing community because it helps storage to scale.

      Lustre’s developers emphasized work on the standalone version of the software and it was never fully-integrated with Linux, so this release dumped it.


    • Linux 4.18 Arrives With Some Big Changes


    • IBM S/390 Linux 4.19 Kernel Code Sees More Spectre Updates, Boot Code Rework


      The IBM System/390 "s390" architecture code has seen a number of improvements for Linux 4.19.

      Highlights of the s390 code updates sent in today for the just-opened Linux 4.19 kernel merge window include:


    • Linux Foundation



      • Hollywood Casts Open Source Software in Starring Role
        Amazing news out of Variety, the entertainment website, this weekend: Hollywood is going open source. The Academy of Motion Picture Arts and Sciences — best known for ‘The Oscars’ award ceremony — has teamed up with the Linux Foundation to launch the Academy Software Foundation (ASWF).




    • Graphics Stack



      • XDC2018 Will Have Many Interesting Talks On Vulkan, AR/VR, Wayland & More
        Just over one month away is XDC2018 as the annual X.Org Developers' Conference where a variety of X.Org, Wayland, Mesa, Vulkan, and OpenGL talks will take place. This year's schedule is particularly packed and full of interesting information.

        XDC2018 is being hosted in Spain and running from 26 to 28 September at the University of A Coruña. The proposal for talks at XDC2018 are now over and the proposed sessions can be found on this Wiki page. Below is a look at some of the interesting talks slated for this open-source graphics/driver conference next month.


      • Radeon Pro WX 8200 Launches As "Best Workstation Graphics Performance Under $1,000"
        It's SIGGRAPH week and AMD has used this annual graphics conference to announce the Radeon Pro WX 8200, which they are saying is able to offer the best workstation graphics card performance in the sub-$1,000 USD category.

        The Radeon Pro WX 8200 is intended to be used for visualizations, VR, photo-realistic rendering, and other professional graphics workloads. The Pro WX 8200 features a High Bandwidth Cache Controller (HBCC), enhanced pixel engine on, ECC memory, and is built on their Vega GPU architecture. The WX 8200 features 8GB of HBM2 memory and the graphics card is rated for a 230 Watt TDP.


      • SIGGRAPH 2018: OpenCL-Next Taking Shape, Vulkan Continues Evolving
        It's a busy week folks as besides the AMD Threadripper 2 performance embargo expiring, it is also SIGGRAPH 2018 week in Vancouver and as well the start of the Linux 4.19 kernel cycle... No longer under wraps are the Khronos announcements from this annual graphics conference. Continue reading to learn about the latest happenings for the various Khronos industry-standard APIs and efforts like Vulkan and OpenCL-Next.




    • Benchmarks



      • Threadripper 2900 Series Temperature Monitoring Sent In For Linux 4.19 Then Backported
        As expected, the CPU temperature monitoring support within the "k10temp" hwmon driver has seen the patches sent in today to be updated for the AMD Threadripper 2900 series CPU support. These patches are going into the Linux 4.19 kernel merge window but slated to be back-ported to the currently supported stable kernel series.


      • AMD Threadripper 2950X Offers Great Linux Performance At $900 USD
        The embargo has expired now for talking about Threadripper 2 performance figures... First up are our initial Threadripper 2950X Linux benchmarks. In this article are the most interesting metrics for this 16-core / 32-thread processor while in the just-published AMD Threadripper 2990WX Linux Benchmarks are a lot more figures complemented by the 2950X and other CPUs plus power consumption numbers, etc. This article is most useful if specifically focused on the performance of the Threadripper 2950X that comes in at $899 USD.


      • AMD Threadripper 2990WX Cooling Performance - Testing Five Heatsinks & Two Water Coolers
        The 32-core / 64-thread AMD Threadripper 2990WX carries a 250 Watt TDP rating, thus the cooling performance is quite important especially if you don't want to hit any thermal throttling with this $1799 USD processor. Fortunately, the 2990WX doesn't require water cooling but actually can work quite well with high-end air heatsinks too. For adding some perspective on the cooling requirements of the Threadripper 2990WX, here are benchmarks of five heatsinks and two all-in-one water cooling systems.


      • AMD Threadripper 2990WX Linux Benchmarks: The 32-Core / 64-Thread Beast
        Whether you are compiling a lot of code, rendering models with Blender, or running various scientific workloads with OpenMP or MPI, the AMD Threadripper 2990WX is capable of delivering immersive Linux performance with its 32-cores and 64 total threads. While coming in at $1800 USD, the AMD Threadripper 2990WX can deliver better performance than the more expensive Intel Core i9 7980XE. Beyond being mesmerized about the performance today with this high-end desktop/workstation processor with the many thread-happy Linux workloads we encounter daily, this 32-core Zen+ processor has us even more eager to see AMD's next-generation Zen2-based EPYC CPUs next year.






  • Applications



  • Desktop Environments/WMs



    • K Desktop Environment/KDE SC/Qt



      • Akademy 2018 Day 1
        Akademy 2018 got off to a wet start with rains accompanying all attendees pouring into Vienna for KDE's largest annual community conference. Although the Pre-Registration event was held on Day Zero (Friday the 10th) and it was a fun-filled affair, Akademy kicked off in earnest on Saturday, with talks, panels and demonstrations. Read on to find out about Day 1 of Akademy and all that transpired:


      • Akademy 2018 Day 2
        Day 2 of Akademy started with a wonderfully insightful keynote by Claudia Garad, the Executive Director of Wikimedia Austria. She focused her talk on some of the challenges that organizations like hers face when trying to bring about more inclusivity and diversity within their communities.

        She emphasized the importance of making underrepresented communities feel more welcome and heard within the organization, then went on to speak about how she perceived KDE as being quite ahead of Wikimedia in some aspects, especially when it came to reaching these goals.

        [...]

        Meanwhile, David Edmundson was not only predicting where KDE's Plasma desktop would be going next, but also numbering the potential pitfalls it would have to avoid on its way getting there. One of the things in store for Plasma users is full browser integration.

        Kai Uwe Broulik explained what is working (quite a lot), and how you will be able to control every aspect of your web browser with Plasma's integrated tools. Already working are controls for playback of videos and music on many popular sites using desktop widgets, including the likes of KDE Connect.

        Talking of playing music, Camilo Higuita told us about the progress of VVAVE, a next generation audio player that is fully convergent (it integrates both with your Plasma desktop and on your mobile phone), and is but one part of Camilo's idea for an open audio streaming service.
      • Qt1 CMake port and more Akademy crazyness
        So, my plans was always finish the full KDE1 port, and now on Akademy i have some time to get back to this pet project. Starting on Qt1 porting entirely to CMake because the experience on Qt2 was so good that i decided going back to that and do some of the same love on Qt1.

        KDE 1 for that new port next. For now, i’m working on github, so https://github.com/heliocastro/qt1


      • KDE Plasma 5.14's Lock Screen Will No Longer Eat Your CPU Resources On Old Hardware
        With KDE Plasma 5 right now it turns out that if you have relied upon CPU-based software rendering, when hitting Plasma's lock-screen it would actually go CPU-wild -- as far as maxing out the CPU to 100% utilization, thereby consuming a lot of power and generating excess heat. That will be fixed for KDE Plasma 5.14.0.

        Since May has been a bug report about the KScreenLocker greeter process going to 100% CPU usage and needing to wait 5~10 seconds after entering the user password before the screen would actually unlock. Several others also reported similar issues of this lock-screen managing to consume a lot of the CPU resources, including on ARM boards and older hardware.




    • GNOME Desktop/GTK





  • Distributions



  • Devices/Embedded





Free Software/Open Source



  • Let’s share


    “Information wants to be free” goes the slogan of the social movement encouraging open-source software, file sharing and a permissive legal environment for modifying and distributing the creative works in the form of open content or free content by using the internet and other forms of media. The free software and open access movements are among the most important developments after the rise of the world wide web. Swartz was not the only internet activist who believed in the concept of an open and free internet. There were people like Richard Stallman, who gave birth to the term “free software”, free as in freedom, not free as in no cost.

    The aura of the information age is not just about new ideas but about a shift in the paradigms of communication and control. In this age of digital feudalism, we do not actually own the products we buy, but we are merely granted limited use of them as long as we continue to pay the rent. The radical expansion of intellectual property (IP) rights threatens to reach the point where they suppress any and all other rights of the individual and society. The current copyright laws have hindered creativity and resulted in a read-only internet culture in which we only consume information/content, despite technology advances that make it easy to create and contribute to culture. Copyright law doesn’t extend neatly to the digital world and the digital rights management tools the industry is endeavouring to develop to maintain copyright control are dampening the growth of a rich read-or-write culture.

    We need to bring that open-source mentality to the content layer. Two-thirds of all websites run on open-source software, but most of the premium academic resources remain closed behind digital gates. The Directory of Open Access Journals reports that nearly 4,000 publications are available to the masses via the internet, a number that grows rapidly each year. It is essential to liberate data, liberate knowledge — especially data that taxpayers have already paid for.

    Thanks to the Free Culture movement, vast knowledge repositories like Wikipedia and Stack Exchange and open access efforts like the science article sharing site arXiv.org have flourished as they permit content to be re-used for free and built upon, and many major websites offer Creative Commons (CC) licensing as part of their user interfaces (UI). In 2012, Google launched a worldwide campaign named Take Action for building a free and open world wide web. Here is the kernel of Google’s argument: “A free and open world depends on a free and open internet. Governments alone, working behind closed doors, should not direct its future. The billions of people around the globe who use the internet should have a voice”.


  • Tesla Will Open-Source Its Vehicle Security Software In Push For Safer Vehicles
    Tesla has also directly communicated with hackers to improve its vehicles’ software. Back in 2016, Keen Security Lab, a white hat hacker group based in China, was able to remotely hack a Model S through a compromised WiFi hotspot, conducting one of the first known instances of a Tesla being hacked. Keen Security Lab contacted Tesla after they successfully compromised the electric car, and Tesla promptly pushed an update to address the vulnerability.


  • Tesla Plans to Open-Source Its Vehicle Security Software for Free to Other Automakers
    Believing he has the best solution, Elon Musk plans to make Tesla’s vehicle security software open source so other automakers can adopt the technology for "a safe self-driving future for all." On top of "specialized encryption" for "multiple sub-systems," future Tesla vehicles will ensure drivers always have "override authority" in the event their cars become "wacky."


  • Elon Musk Plans To Open Source Tesla Software Code
    One of the biggest advantages of open sourcing your software is allowing the independent security researchers to access the code and spot the vulnerabilities that might go unnoticed during the internal auditing.


  • Tesla plans to open source its car security software to other automakers for free
    According to the Electrek, with the rise of autonomous driving and car networking technology, the risk of malicious attacks on cars increased. Tesla CEO Elon Musk believes that the company’s car safety software is the best solution, and he plans to open source car safety software to other automakers for a safer autopilot future.

    Musk has publicly expressed concern about hackers attacking car systems. He said that fully blocking ” hacking” is Tesla’s primary security task.


  • Tesla plans to open-source vehicle security software
    In the past Musk has stated that preventing a fleet-wide hack is Tesla’s top security priority “I think one of the biggest concerns for autonomous vehicles is somebody achieving a fleet-wide hack,” on which he elaborated by saying “in principle, if someone was able to say, hack all the autonomous Teslas, they could – just as a prank – say ‘send them all to Rhode Island’ from across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island!”


  • Tesla to release vehicle security source code
    Tesla CEO Elon Musk has voiced his intention to release the source code for Tesla’s car security software in an effort to improve the security of future self-driving cars.


  • Blockchain as an “Open Source Language for Wealth”: Sacred Capital Founder Speaks
    Siddarth Sthalekar explains how Sacred Capital is using blockchain build a system of reputational wealth.


  • Events



    • Why log analytics should be ‘metrics first’
      Open source log file analytics specialist InfluxData is insistent that we should take a ‘metrics first’ approach to log analysis.

      The company says believes in a metrics first approach that provides developers with the means to ingest, correlate and visualise all time series data at three levels:




  • Web Browsers



    • Mozilla



      • TenFourFox FPR9b2 available
        TenFourFox Feature Parity Release 9 beta 2 is now available (downloads, hashes, release notes). This version tightens up the geometry on the date/time pickers a little, adds some more hosts to basic adblock, fixes a rare but easily wallpapered crash bug and further tunes up hash tables using a small patch from Firefox 63 (!). I am looking at a new JavaScript issue which does not appear to be a regression, but I'd like to fix it anyway since it may affect other sites. However, I'm not sure if this is going to make FPR9 final, which is still scheduled on or about September 4 due to the American Labor Day holiday on the usual Monday.




  • Oracle/Java/LibreOffice



    • Running LibreOffice 6.1 on All Distros in AppImage Format
      The latest LibreOffice 6.1 has been released at 8 August 2018 with a bunch of improvements and you can install it on any GNU/Linux distro if you download the AppImage version. As you may know, application in AppImage format is "portable", you do not need to install anything in your OS except give it permission and double-click it! Here's how to download and run it regardless your GNU/Linux distro. Enjoy!




  • BSD



    • Review: NomadBSD 1.1
      One of the most recent additions to the DistroWatch database is NomadBSD. According to the NomadBSD website: "NomadBSD is a 64-bit live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery."

      The latest release of NomadBSD (or simply "Nomad", as I will refer to the project in this review) is version 1.1. It is based on FreeBSD 11.2 and is offered in two builds, one for generic personal computers and one for Macbooks. The release announcement mentions version 1.1 offers improved video driver support for Intel and AMD cards. The operating system ships with Octopkg for graphical package management and the system should automatically detect, and work with, VirtualBox environments.

      Nomad 1.1 is available as a 2GB download, which we then decompress to produce a 4GB file which can be written to a USB thumb drive. There is no optical media build of Nomad as it is designed to be run entirely from the USB drive, and write data persistently to the drive, rather than simply being installed from the USB media.


    • Happy Bob's Libtls tutorial

      libtls is shipped as part of libressl with OpenBSD. It is designed to be simpler to use than other C based tls interfaces (especially native OpenSSL) to do "normal" things with TLS in programs.





  • FSF/FSFE/GNU/SFLC



    • GIMP Photo Editor: Fine-Tune Your Images Like Never Before
      Who doesn’t like to fine-tuning their images and the perfect way for a lot of users is to opt for popular image editing tools. While the count of these offerings is continuing excessively, we are here to talk specifically about GIMP or (the GNU Image Manipulation Program). The free alternative to Adobe Photoshop is no less than its counterparts owing to the set of features it offers to the users.

      The professional is there for the users for adding the perfect shades of color, texture, and highlights in the image. It is a tool that you can use for developing your photos from the scratch. Use the tool for professional quality effect and you will have a whole new set of images to flaunt before others.




  • Openness/Sharing/Collaboration



    • Open Hardware/Modding



      • OTTO Raspberry Pi Powered Open Source Music Production Box
        Musicians searching for a compact music production box may be interested in a Raspberry Pi based open source device called the OTTO which has this week been featured on the Hackaday website. The portable synthesiser workstation created by Topisani started as a clone of the well-known Teenage Engineering OP-1. However over time Topisani has pushed the music box in a new direction and is currently designing a new user interface while still maintaining the small form factor inspiration of the OP-1.






  • Programming/Development



    • Vector Tile Support for OpenStreetMap’s iD Editor
      Protocolbuffer Binary Format(.pbf) and Mapbox Vector Tiles(.mvt) are two popular formats for sharing map data. Prior to this GSoC project, the iD editor in OSM supported GPX data. GPX is an XML schema designed as a common GPS data format for software applications. It can be used to describe waypoints, tracks, and routes.


    • Beautiful maps in minutes: Meet Kepler.gl
      Shan He may hold Silicon Valley's most meta job.

      "When I started out, I was building maps. Then I moved on to build tools to build maps, and now I'm doing tools to do tools that build maps."

      He, who dumped brick-and-mortar architecture studies for computational design, joined Uber as founding member of the data visualization team in 2014. She went on to construct Kepler.gl, a tool that helps make "beautiful maps in like 10 seconds"—without any coding. Built using the deck.gl WebGL data visualization framework, the ride-sharing company recently open sourced the geospatial toolbox that can be used with QGIS, Carto, and Mapbox Studio. Given its origins, it's easy to see why Kepler excels at large-scale visualizations centering on geolocations.


    • Machine Learning Can Uncover Programmers’ Identity
      Just like a painter or author, programmers tend to have their unique style in which they code. As they line up thousands of lines of code, they leave behind a sort of personal “signature” in it.






Leftovers



  • Science



    • Adshir enables real-time ray tracing on mobile devices
      Adshir is announcing that it can demonstrate the holy grail of computer graphics: real-time ray tracing on mobile devices. That means that it can show physically accurate computer animations in real time on mobile devices, such as tablets and smartphones.

      Ray tracing has been possible in high-end computer-animated movies, such as Pixar films, but those films sometime require months of computer processing in high-performance data centers before the animations can be properly rendered. Doing this kind of task in real time requires much more processing, and Adshir’s announcement bodes well for real-time applications, such as realistic games and other interactive apps.




  • Security



    • #DEFCON DHS Says Collaboration Needed for Secure Infrastructure and Elections
      Speaking at DEFCON 26 in Las Vegas on the subject of “Securing our Nation's Election Infrastructure”, Jeanette Manfra, assistant secretary, Office of Cybersecurity and Communications from the Department of Homeland Security stressed the need for public and private sector collaboration.

      She said that “instead of thinking of individual risk and your own part, try to think about enterprise and government as a whole.”

      In terms of critical infrastructure, Manfra said that this is “purely voluntary in the private sector” and includes “everyone working for yourself or your company, and this includes academic institutions and the broader private and public partnership to work together to figure our critical infrastructure.”

      She went on to talk about the concept of collective defense, saying that government is “one player in the community,” and with companies and citizens on the front line with government sectors “we have to share information and be transparent and build trust with individuals and entities that we have not done before.”


    • The Enigma of AI & Cybersecurity
      We've only seen the beginning of what artificial intelligence can do for information security.

      Alan Turing is famous for several reasons, one of which is that he cracked the Nazis' seemingly unbreakable Enigma machine code during World War II. Later in life, Turing also devised what would become known as the Turing test for determining whether a computer was "intelligent" — what we would now call artificial intelligence (AI). Turing believed that if a person couldn't tell the difference between a computer and a human in a conversation, then that computer was displaying AI.

      AI and information security have been intertwined practically since the birth of the modern computer in the mid-20th century. For today's enterprises, the relationship can generally be broken down into three categories: incident detection, incident response, and situational awareness — i.e., helping a business understand its vulnerabilities before an incident occurs. IT infrastructure has grown so complex since Turing's era that it can be months before personnel notice an intrusion.


    • Open-source snafu leaves patient data exposed [Ed: They never generalise like this about proprietary software]
      Researchers at cyber security outfit Project Insecurity discovered dozens of security bugs in the OpenEMR system, which is described as the “most popular open source electronic health records and medical practice management solution”.

      Many of the flaws were classified as being of high severity, leaving patient records and other sensitive information within easy reach of would-be hackers.

      One critical flaw meant that an unauthenticated user was able to bypass the patient portal login simply by navigating to the registration page and modifying the URL, Project Insecurity reported in its findings.


    • Open Source Security Podcast: Episode 109 - OSCon and actionable advice
    • 11-Year-Old Changes Election Results On Florida’s Website: DefCon 2018
      Defcon 2018, one of the most popular hacking conferences, is going on in Las Vegas. The conference, every year, sees famous hackers from around the world exhibiting their skills.

      This year, an 11-year-old shook the whole United States after he hacked and altered election results on a replica of Florida state election website within just 10 minutes.


    • NASS Statement on DEFCON Voting Machine Hacking Events
      As DEFCON 26 attendees begin to gather in Las Vegas this week, the National Association of Secretaries of State (NASS) would like to address the Voting Machine Hacking Village events. While we applaud the goal of DEFCON attendees to find and report vulnerabilities in election systems it is important to point out states have been hard at work with their own information technology teams, the Department of Homeland Security (DHS), the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), the private sector, the National Guard and universities to enhance and reinforce their cyber postures with penetration testing, risk and vulnerability assessments and many other tools.
    • Defcon 2018: Hacker Exploits Vulnerabilities In macOS With “Invisible Clicks”
      The popup that asks user’s permission to grant or deny the access appears despite getting the approval from synthetic clicks. If this happens, the user will get alert automatically. To this, Wardle says that the malware could wait for the inactivity when the user is not sitting in front of the system to notice the permission granted from synthetic clicks. It is also possible that malware could lower the brightness of the screen during that moment to make it almost unnoticeable for the users.


    • Open Sesame Vulnerability in Windows 10 Cortana Allows Hackers to Execute Command using Voice on Locked Device


    • Windows 7 & 10 Face Faulty “Not Enough Virtual Memory” Error Message


    • Critical Oracle Database Flaw Paves the Way for Complete System Hijack


    • Critical vulnerability in Oracle Database, patch without delay!
    • The Ethics of Security
      In the 2018 Stack Overflow Developers’ Survey they asked whether developers felt ultimately responsible for unethical usage of their own code. 80% said no. They presumably left it in the hands of boards, shareholders and Product Owners.




  • Defence/Aggression



    • The French Secret Service Jammed and Crashed a Drone Flying Near the Summer Residence of President Macron
      Terrorist attempt, paparazzi, intrusive droner, or unaware tourist? Whoever conducted a drone flight near the summer residence of French President Macron lost their drone, as the secret service managed to jam the aircraft before it crashed into the sea.

      The Agence France-Presse reported on August 6 that an unknown type of drone flew over the Fort de Brégançon, the official summer retreat of French presidents since the 60s, located on the French Riviera, 20 miles west of Saint-Tropez. President Emmanuel Macron and his wife are currently on vacation in the Fort, but the presence of the president at the time of the incident has not been confirmed. The area is officially marked as a no-fly zone by the French authority (zone R60 and R64A1), but surprisingly, a quick look at the no-fly zone map of DJI reveals that the area is not restricted by geofencing (the model of drone is still unknown at this point). Ironically, the no-fly zones were first introduced by DJI in 2015 after an inebriated intelligence employee crashed his DJI Phantom on the lawn of the White House.


    • Drone strikes on Yemen don’t make my country safer – or yours
      On the bad days, I think my job must be one of the hardest in the world. My country, Yemen, is in the midst of civil war. My government is fighting two extremist groups: al-Qaida and the Houthis. As the minister of human rights, it is my responsibility to ensure that the fundamental rights of Yemenis, spelled out in our constitution, are protected.


    • Montenegro is looking for ex-CIA agent because of a coup attempt
      The Montenegrin authorities issued an international warrant for the arrest of former CIA agent Joseph Assad. Reported by the Associated Press.

      He is suspected of involvement in the attempted coup in Montenegro during the elections of 16 October 2016.


    • NATO's newest member thinks an ex-CIA agent was involved in a Russian-backed coup attempt meant to keep it from joining the alliance
      Montenegro on Thursday issued an international arrest warrant for a former CIA agent for alleged involvement in what the government said was a failed pro-Russia coup designed to prevent the Balkan country's NATO membership.


    • Maduro assassination attempt highlights drone threats
      With the proliferation of consumer-grade drones in recent years, there have been a number of influential voices within the security industry who have expressed concern over the potential threats posed by unmanned aerial vehicles (UAVs) in the wrong hands. From close encounters with jetliners to their use as weapons on the battlefields of the Middle East, the destructive capabilities of drones have already been well-demonstrated in real-world scenarios.

      If these malicious use cases weren’t bad enough, security practitioners can now count drones as tools that can be leveraged for targeted assassination attempts after a group of conspirators attempted to kill Nicolas Maduro, the much-maligned president of Venezuela, using UAVs outfitted with plastic explosives on Sunday. According to reports, security officials were able to bring the drones down using radio signal jamming technology. Although no one was killed in the incident, seven soldiers were wounded, including three who were seriously injured.


    • Secret Israeli Report Reveals Armed Drone Killed Four Boys Playing on Gaza Beach in 2014


    • Secret Israeli Report 'Reveals Armed Drone Killed' Four Children Playing on Gaza Beach in 2014
      According to a confidential Israeli military police report obtained by The Intercept, four cousins were killed in two separate drone strikes after they were mistaken for Hamas fighters


    • Officer killed, 16 injured in Jordan terror attack
      A security officer was killed in an exchange of fire with terrorists in the Jordan’s capital Amman, government officials said late on Saturday.

      Minister of State for Media Affairs Jumana Ghunaimat said the terrorists hiding in a building in Al Salt city opened fire on security forces who were chasing them.


    • Drone strike kills Taliban key commander in E. Afghanistan
      The air attack, according to the statement, was conducted on a tip off early Sunday, killing the commander and injuring three of his guards.


    • Russia Downs Drone Near Its Syria Air Base
      Russia's military said it had shot down a drone that came close to its Syrian air base at Hmeimim on Saturday and was launched from the Idlib "de-escalation" zone controlled by what Moscow calls "illegal military groups", TASS agency reported.

      The drone caused no casualties or damage, and the Hmeimim air base is operating as normal, the agency said.

      On Sunday, Syrian opposition activists say an explosion in the country’s north has killed at least 18 people and wounded many others. The cause of the blast wasn’t immediately known.


    • Ex-CIA officer faces arrest over alleged Montenegro coup plot
      Prosecutors in Montenegro have called for the arrest of a former CIA officer, accusing him of involvement in an alleged Russian-backed coup attempt in 2016.

      The former CIA operative, Joseph Assad, has rejected the charges, saying he had been in Montenegro to provide personal security advice to a western political consultant, and calling on the US to reject any extradition request.

      “This is a deception campaign against a loyal American who had no role in any crimes or coup in Montenegro,” Assad said in a statement issued on Saturday through his lawyer.

      The accusation against Assad is the latest twist in a convoluted year-long trial in the Montenegrin capital, Podgorica, of 14 suspected coup plotters, including two Russians, nine Serbs and three Montenegrins accused of a conspiracy to bring down the country’s pro-Nato government and assassinate its then prime minister Milo Đjukanović.


    • Montenegro seeks ex-CIA agent in alleged pro-Russia coup attempt
      Former operative Joseph Assad was a security adviser to Aron Shaviv, an Israeli-British consultant who was assisting a pro-Kremlin party in country's 2016 elections


    • Montenegro Demands Extradition of Ex-CIA Agent Said to Be Involved in Coup Plot
      In a bizarre twist concerning a convoluted year-long trial into an alleged 2016 Montenegrin coup plot, which Podgorica claims involved "Russian state agencies," Montenegrin prosecutors have called for the arrest of a former CIA officer they say was involved.

      [...]

      According to the former agent, the only "conspiracy" in the coup plot case was one by authorities against the Democratic Front, a Montenegrin opposition alliance, which Podgorica has accused of involvement in the alleged coup plot.

      In a statement, Assad implied that the coup plot case had been turned into a political circus, pointing to the prosecution's destruction of evidence, and other issues, such as the release of an individual earlier claimed to be the plot's leader.




  • Transparency/Investigative Reporting



    • DNC serves WikiLeaks with lawsuit via Twitter after struggling to track the group down
    • DNC serves WikiLeaks with lawsuit via Twitter


      The DNC filed a motion last month in federal court in Manhattan asking for permission to serve the lawsuit to WikiLeaks on the social media platform, which the DNC argued the group remains active, CBS reported at the time. The judge approved of the method.

      A Twitter account associated with the law firm Cohen Milstein Sellers & Toll was established Friday. The account wrote to WikiLeaks that it was being served with several legal documents.

      A spokesman for the law firm directed the Washington Examiner to a spokeswoman for the DNC, who confirmed the account was associated with the law firm.


    • Are you being served? DNC officially gives notice of lawsuit against WikiLeaks via Twitter
      The Democratic National Committee (DNC) has officially served its lawsuit to WikiLeaks through the unconventional means of Twitter.

      The suit, which alleges that the Russian government, the Trump campaign, and WikiLeaks conspired to influence the 2016 presidential election in favour of Donald Trump was filed last April. However, due to the group’s elusive nature, lawyers were unable to officially serve the whistleblowing organization.

      [...]

      Earlier this week, its founder Julian Assange was called to testify before the US Senate Intelligence Committee - an offer that WikiLeaks say is being considered.The letter was delivered to the Ecuadorian Embassy in London, where Assange has been living since he was granted asylum six years ago.


    • DNC lawyers serve lawsuit documents to WikiLeaks via TWITTER accusing it of election cyber attack


    • 'Machinations around Julian are a disgrace especially when it comes to Australian gvt’- journalist by Radio Sputnik
      The US government must guarantee Julian Assange's security if he agrees to give a testimony in the case of alleged Russian meddling in the US elections. This according to the WikiLeaks founder's lawyer Jennifer Robinson. Ms Robinson said that the request by the US Senate Select Committee indicates US interest in Mr Assange's testimony. Earlier, the US Senate Intelligence Committee requested the whistleblower to testify on the purported Russian meddling. Radio Sputnik discussed the ultimate motive behind the request by the US Senate Intelligence Committee for Julian Assange to testify in its probe into Russia’s alleged 2016 election tampering with journalist and documentary filmmaker John Pilger.


    • Senate Intelligence Committee Invites WikiLeaks’ Assange To Testify
      It was signed by Chairman Richard Burr (R) and Vice Chairman Mark Warner (D).

      WikiLeaks’ tweet says the letter was “delivered via the U.S. Embassy in London,” addressed to Assange at the Ecuador Embassy in London.


    • Report: Mueller Subpoenas Roger Stone Associate Randy Credico
      Special counsel Robert Mueller has subpoenaed an associate of Wikileaks founder Julian Assange and longtime Republican operative Roger Stone to appear before a grand jury next month.


    • Fidel Narváez: “Those who think that they will break Julian Assange are mistaken”


    • The DNC’s lawyers subpoena WikiLeaks with a tweet
      In a very unusual move, WikiLeaks has been subpoenaed via Twitter. In a tweet on Friday, a law firm representing the Democratic National Convention in its civil lawsuit against WikiLeaks and other defendants served legal documents formally notifying the non-profit that it is being sued. The lawsuit also names a long list of other people and organizations, including the Russian government and Donald Trump’s presidential campaign, that the DNC claims worked together to sway the 2016 election in Trump’s favor.


    • Julian Assange Went After a Former Ally. It Backfired Epically.
      A botched power play by Julian Assange has led to a split within a key organization supporting whistleblowers and leaves the WikiLeaks founder more isolated than ever among his core constituency of radical transparency activists.

      Assange has grown furious at a one-time ally with substantial moral authority within their movement: the journalist and activist Barrett Brown.


    • Workers and youth in UK speak out against continued persecution of Julian Assange
      August 16 will mark six years to the day since WikiLeaks editor Julian Assange was granted political asylum by the Ecuadorian government, after seeking refuge in Ecuador’s London Embassy on June 19, 2012.

      In recent months, Ecuadorian President Lenín Moreno, who is seeking closer relations with Washington and US investment, has stepped up moves to remove Assange from Ecuador’s Embassy in London. In a tweet and television interview August 6, Moreno declared he will “take measures” against Assange unless he stops “intervening” in the politics and affairs of countries.

      [...]

      “The world is not a safe place. They want to cover up the violations of human rights by the United States that Julian Assange has exposed. The UK is killing democracy and consequently has no right to lecture the developing countries on these issues. They have an 18th century mentality.

      “We live in a digital age where information can be exchanged freely. That is what democracy is meant to be about.

      “The UK is following Trump on everything. This is bad. He denies global warming and argues for trade war. There is the danger we will be dragged into further wars.

      “Under Obama the wars continued. His drone killings claimed the lives of hundreds of innocent civilians. The US is backing Saudi Arabia in its war against Yemen. The Saudi rulers are worse than Saddam Hussein. This whole mess has got to stop.”

      Stephen, a self-employed gardener, was critical of the silence of Jeremy Corbyn and the officially designated left.




  • Environment/Energy/Wildlife/Nature



    • A climate revolution
      While working in tropical crop research in east Africa in the late 1960s I got interested in issues of resource conflict over food, energy, and strategic commodities. It was a bit of a change from my own science background in plant pathology, and one result was that I hoped in the future to work more in the field of environmental security.

      Back in the UK in 1971, I was lucky to do this by getting a post at one of those newly designated and expanded urban technology colleges, the polytechnics. This was a period of relatively well-funded educational initiatives, included the pioneering Open University, that owed a lot to the Labour government of 1964-70.

      [....]

      By the end of the decade, climate change was entering the political agenda, at least in a small way, as new climate models were beginning to confirm early fears. The idea of global impacts was supported in 1983 by confirmation of the specific problem of CFC damage to the ozone layer. Since that threat was so substantial and immediate, and because CFCs could be replaced quite easily, the “ozone-hole” issue resulted in rapid action in the form of the Montreal protocol of 1987. That said, three decades on the problem is only just receding in severity.





  • AstroTurf/Lobbying/Politics



    • Keith Ellison denies allegations of domestic violence


      Rep. Keith Ellison (D-Minn.) on Sunday denied allegations that he had abused an ex-girlfriend — allegations which surfaced after the woman’s son posted about the alleged incident on Facebook.
    • When politics blocks hope
      Our politics continue to go in full cycles, but our dreams are stalled. It is either we are cursed or we are just stupid.
    • Is VIPS Working for Russia?
      A fellow named Duncan Campbell, who many years ago reported on UK officialdom, clearly has had too much free time lately. He has concluded that VIPS is working for the Russians — perhaps as useful idiots...
    • Did You Go to a Washington Nationals Game With Supreme Court Nominee Brett Kavanaugh?
      Supreme Court nominee Brett Kavanaugh accrued as much as $200,000 in debt buying tickets to Washington Nationals baseball games.

      White House spokesman Raj Shah told The Washington Post that Kavanaugh would go to games with a “handful” of friends. These friends then reimbursed him for the tickets, the White House says, and the debts have been paid off.

      But the White House and Kavanaugh are not answering questions about what happened. Who did Kavanaugh buy tickets for? How did they reimburse him? Was this properly disclosed? And how was all of this treated for tax purposes?

      Kavanaugh is up for one of the most powerful positions in the land. A lifelong position.

      We think it’s important to figure out as much as we can about a nominee’s background before he is confirmed. So we’re turning to you.
    • Ex-CIA analyst blasts ‘disregard for national security’ after Omarosa revelation
      Manigault Newman unveiled the 20-second audio clip on Sunday, depicting Kelly firing her inside the Situation Room — the highly sensitive space where phones and electronic devices are prohibited for security reasons.

      Ned Price, a former Obama special assistant and CIA official, tweeted that it wouldn’t be that difficult to sneak a phone into the office because the system is “built on trust."

      “Those are supposed to be the finest public servants we have,” Price tweeted. “The WH wasn’t signed for the Omarosas of the world. Sad we now have to accommodate them.”




  • Censorship/Free Speech



  • Privacy/Surveillance



    • Exposure Of Secret TSA Surveillance Program Nets The Government More Terrorist Watchlist Litigation


      The recent exposure of the TSA's "Quiet Skies" program by the Boston Globe is leading to more terrorist watchlist litigation. The "Quiet Skies" program sends air marshals all over the US to watch travelers swallow, shop, use the restroom, and stare at things. It's suspicionless surveillance even the air marshals disagree with, with some quoted by the Globe calling the program a worthless waste of tax dollars, if not just a vehicle for repeated Constitutional violations.

      The Council of American-Islamic Relations (CAIR) is using this information in two of its lawsuits against the government. Its lawsuit against the Terrorist Screening Center -- which originated in 2016 -- will hopefully be aided by the Globe's reporting. A motion to compel discovery [PDF] seeks details on the program for use in this litigation. The filing notes the government continues to hide information about its many watchlists from the plaintiffs it represents, forcing it to rely on leaked documents to obtain information it has already requested from the government.


    • Reality Winner to be sentenced in NSA leak case on Aug. 23


      Reality Winner, who pleaded guilty in June to leaking top-secret government documents about Russian meddling in the 2016 election, is scheduled to be sentenced in a federal court in Augusta on Aug. 23.

      The first leaker to be prosecuted by the Trump administration, the former National Security Agency contractor’s plea agreement with prosecutors calls for her to serve five years and three months behind bars plus three years of supervised release.


    • An Airline Scans Your Face. You Take Off. But Few Rules Govern Where Your Data Goes.

      The problem confronting Mr. Frankle, as well as thousands of travelers, is that few companies participating in the program, called the Traveler Verification Service, give explicit guarantees that passengers’ facial recognition data will be protected.

      And even though the program is run by the Department of Homeland Security, federal officials say they have placed no limits on how participating companies — mostly airlines but also cruise lines — can use that data or store it, opening up travelers’ most personal information to potential misuse and abuse such as being sold or used to track passengers’ whereabouts.



    • 5 tips for helping children think critically about privacy

      Also, while we often think of “sharing” in the context of social media and the Internet, it can also be helpful to consider more analog applications, like updating relatives in phone calls or sharing pictures and home movies when they come to visit. Thinking about analog sharing can be an important exercise in itself – in an earlier series of blog posts, PIA’s former Head of Privacy, Rick Falkvinge discussed how in the transition from analog to digital, our children are losing some fundamental rights when it comes to privacy.

      Regardless of how much or how little your child engages with the Internet, there are some steps that you can take to help your child understand their privacy rights and feel agency in how they present themselves to the world. Below, we’ve included some suggestions for helping your child analyze and think critically about how and what they share with others.



  • Civil Rights/Policing



  • Internet Policy/Net Neutrality

    • Ajit Pai Does Something Right, Will Reform Stupid Utility Pole Rules To Speed Up Fiber Deployment
      There's several reasons that the hype surrounding Google Fiber has stalled; most notably Alphabet executives growing weary of the slow pace and high costs of traditional fiber deployments (something they should have understood going in). But another major obstacle for Google Fiber was the boring old utility pole. Google Fiber attempted expansion in numerous cities like Nashville and Louisville, but ran face first into an antiquated utility pole attachment process that traditionally favored incumbent operators, and lawyers for AT&T and Comcast, who were eager to sue to keep their dominance intact.

      As it stands, when a new competitor tries to enter a market, it needs to contact each individual ISP to have them move their own utility pole gear. This convoluted and bureaucratic process can take months, and incumbent ISPs (which often own the poles in question) have a long and proud history of then slowing things down even further by intentionally dragging their feet. After all, the very last thing purportedly "free market" adoring entities like AT&T and Comcast want to deal with is honest to goodness competition.

      To help fix this problem, Google Fiber and several other companies proposed new "one touch make ready" rules that would dramatically streamline the pole attachment process. Under this proposal, just one licensed and insured contractor would be allowed to move any company's gear, provided they give advanced notice. When several cities tried to pass such rules regionally, they found themselves on the receiving end of lawsuits by AT&T and Comcast.




  • Intellectual Monopolies





Recent Techrights' Posts

Early Retirement Age: Linus Torvalds Turns 55 Next Week
Now he's almost eligible for retirement in certain European countries
 
Links 22/12/2024: North Pole Moving and Debian's Joey Hess Goes Solar
Links for the day
This 'Article' About "Linux Malware" is a Fake Article, It's LLM Slop (Likely Spewed Out by Microsoft Chatbot)
They're drowning out the Web
Gemini Links 22/12/2024: Solstice and IDEs
Links for the day
BetaNews: Microsoft Slop is Your "Latest Technology News"
Paid-for garbage disguised as "journalism"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 21, 2024
IRC logs for Saturday, December 21, 2024
Links 21/12/2024: EU on Solidarity with Ukraine, Focus on Illegal and Unconstitutional Patent Court in the EU (UPC)
Links for the day
[Meme] Microsofters at the End of David's Leash
Hand holding the leash. Whose?
Deciphering Matt's Take on WordPress, Which is Under Attack From Microsofters-Funded Aggravator
the money sponsoring the legal attacks on WordPress and on Matt is connected very closely to Microsoft
Gemini Links 21/12/2024: Projections, Dead Web ('Webapps' Replacing Pages), and Presentation of Pi-hole
Links for the day
American Samoa One of the Sovereign States Where Windows Has Fallen Below 1% (and Stays Below It)
the latest data plotted in LibreOffice
[Meme] Brian's Ravioli
An article per minute?
Links 21/12/2024: "Hey Hi" (AI) or LLM Bubble Criticised by Mainstream Media, Oligarchs Try to Control and Shut Down US Government
Links for the day
LLM Slop is Ruining the Media and Ruining the Web, Ignoring the Problem or the Principal Culprits (or the Slop Itself) Is Not Enough
We need to encourage calling out the culprits (till they stop this poor conduct or misconduct)
Christmas FUD From Microsoft, Smearing "SSH" When the Real Issue is Microsoft Windows
And since Microsoft's software contains back doors, only a fool would allow any part of SSH on Microsoft's environments, which should be presumed compromised
Paywalls, Bots, Spam, and Spyware is "Future of the Media" According to UK Press Gazette
"managers want more LLM slop"
Google Has Mass Layoffs (Again), But the Problem is Vastly Larger
started as a rumour about January 2025
On BetaNews Latest Technology News: "We are moderately confident this text was [LLM Chatbot] generated"
The future of newsrooms or another site circling down the drain with spam, slop, or both?
"The Real New Year" is Now
Happy solstice
Microsoft OSI Reads Techrights Closely
Microsoft OSI has also fraudulently attempted to censor Techrights several times over the years
"Warning About IBM's Labor Practices"
IBM is not growing and its revenue is just "borrowed" from companies it is buying; a lot of this revenue gets spent paying the interest on considerable debt
[Meme] The Easier Way to Make Money
With patents...
The Curse (to Microsoft) of the Faroe Islands
The common factor there seems to be Apple
Electronic Frontier Foundation Defends Companies That Attack Free Speech Online (Follow the Money)
One might joke that today's EFF has basically adopted the same stance as Donald Trump and has a "warm spot" for BRICS propaganda
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 20, 2024
IRC logs for Friday, December 20, 2024
Gemini Links 21/12/2024: Death of Mike Case, Slow and Sudden End of the Web
Links for the day
Links 20/12/2024: Security Patches, Openwashing by Open Source Initiative, Prison Sentence for Bitcoin Charlatan and Fraud
Links for the day
Another Terrible Month for Microsoft in Web Servers
Consistent downward curve
LLM Slop Disguised as Journalism: The Latest Threat to the Web
A lot of it is to do with proprietary GitHub, i.e. Microsoft
Gemini Links 20/12/2024: Regulation and Implementing Graphics
Links for the day
Links 20/12/2024: Windows Breaks Itself, Mass Layoffs Coming to Google Again (Big Wave)
Links for the day
Microsoft: "Upgrade" to Vista 11 Today, We'll Brick Your Audio and You Cannot Prevent This
Windows Update is obligatory, so...
The Unspeakable National Security Threat: Plasticwares as the New Industrial Standard
Made to last or made to be as cheap as possible? Meritocracy or industrial rat races are everywhere now.
Microsoft's All-Time Lows in Macao and Hong Kong
Microsoft is having a hard time in China, not only for political reasons
[Meme] "It Was Like a Nuclear Winter"
This won't happen again, will it?
If You Know That Hey Hi (AI) is Hype, Then Stop Participating in It
bogus narrative of "Hey Hi (AI) arms race" and "era/age of Hey Hi" and "Hey Hi Revolution"
Bangladesh (Population Close to 200 Million) Sees Highest GNU/Linux Adoption Levels Ever
Microsoft barely has a grip on this country. It used to.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 19, 2024
IRC logs for Thursday, December 19, 2024