Bonum Certa Men Certa

Links 10/1/2019: Linux 4.20.1, GNOME 3.31.4 Released



GNOME bluefish

Contents





GNU/Linux



  • Desktop



    • Where Linux Went in 2018 - and Where It's Going
      Another major development in desktop Linux computing was Steam Play's August announcement of beta testing support for running Windows games on Linux. Steam evidently has been playing the long game (no pun intended) in backing work on the Windows compatibility program Wine, as well as the DirectX translation apparatus Vulkan, over the past couple of years.

      This past summer, we saw these efforts coalesce. In a framework called "Proton," Steam has bundled these two initiatives natively in the Steam Play client. This enables anyone running a Linux installation of Steam Play (who is enrolled in the beta test) to simply download and play a number of Windows games with no further configuration necessary.

      A marked lack of access to top-tier games long has been a sticking point for Linux-curious Windows users considering a switch, so Steam's ambitious embarkation on this project may prove to be the last encouragement this crowd needs to take the penguin plunge.

      Steam has been exercising patience, as it has been maintaining a periodically updated list of the number and degree of Linux-compatible Windows games in its library of titles. It hasn't been afraid to acknowledge that a number of Windows games still need work, another sign of sober expectations on the part of Valve.

      Taken together, these steps suggest that Steam is in this for the long haul, rather than throwing together a quick fix to increase revenue from Linux-bound customers. If that weren't proof enough, Steam even has gone so far as to post the code for Proton on GitHub, which is as good a sign as any that it is invested in the Linux community.


    • 6 Myths That Scare Away New Linux Users
      This is one of the most popular myths about Linux which exists mostly because a lot of people don't even have to bother installing operating systems - they come preinstalled. However, you have to download Linux. There is, of curse, an option on the market for Linux as well but it's not as popular and it's only available if you want a new machine anyways.

      But if you already have a machine and all you need is an operating system, the best thing to do would be to test which distribution you are interested in and see it through Live CD or Live USB. Once you like one of them, you can install it in a way that would allow both Windows or Linux to your laptop or you can replace WIndows completely.

      No matter what you choose, the fact is that the download process is simple and especially for Ubuntu, Fedora, Linux Mint and openSUSE. Most of them also include a step-by-step install wizard and dimple graphical tools. Full installation shouldn't take longer than half an hour, apps included.


    • Chrome OS may soon let companies choose their own distro for Linux apps
      Midway through last year, Google launched one of my favorite features of Chrome OS, Linux app support. As it stands, this support works through a virtualized Linux, based on Debian. However, there’s many, many flavors of Linux out there, each with their own pros and cons. Google seems to be accounting for that with the ability for companies to choose their own Linux distro for Chrome OS’s Linux apps support.

      Some companies are very particular about which operating systems their employees run company programs on, usually in an effort to keep their secrets safely in-house. Google is no exception to this, having their own “gLinux”, a modified Linux distro based on Debian, with Google-specific enhancements. Using this distro is a requirement for many work-related tasks Googlers need to accomplish on a daily basis.

      With these tight restrictions in place, some enterprise users won’t be able to make the most of Chrome OS’s new Linux app support for their work needs. To that end, Google is creating a way for companies to provide an alternative Linux distro for managed Chrome OS devices, using device policy.


    • Is System76 Hardware Reliable? My Lemur Laptop 3, Years Later


    • Just updated Windows 7? Can't access network shares? It isn't just you
      Microsoft has doubled down on efforts to persuade users to migrate to Windows 10 by breaking Windows 7 networking for some.

      Windows Server 2008 R2 is also affected.

      While the last few monthly updates for the soon-to-be-obsolete OSes featured a known issue affecting an "unknown" number of "problematic configurations" that require manual reinstalls of network drivers, January's monthly update seems to have upped the ante somewhat.

      2019's treat has seen some users finding their shares are now inaccessible, with RDP and other connectivity also suffering.

      The issue, which affects both the bonzer monthly roll-up (KB4480970) and the more petite Security-only update (KB4480960, which has no known issues according to Microsoft at time of writing), leaves users receiving an INVALID_HANDLE when attempting to kick off a SMB2 connection.




  • Server



    • Kata Containers, gVisor offer more secure container strategies
      Kata Containers and Google gVisor present two approaches to addressing container security issues that balance the speed of containers with the safety of VMs.

      Containers are fast, lightweight instances that can benefit a variety of workloads, especially ones that include microservices and serverless applications. Organizations that implement containers on bare-metal hardware introduce security risks because containers can expose the underlying infrastructure, which leaves the entire platform vulnerable to attack.


    • Running Kubernetes in the Federal Government
      Tackling security compliance is a long and challenging process for agencies, systems integrators, and vendors trying to launch new information systems in the federal government. Each new information system must go through the Risk Management Framework (RMF) created by the National Institute of Standards and Technology (NIST) in order to obtain authority to operate (ATO). This process is often long and tedious and can last for over a year. Open Control is a new standard by 18F, an agency bringing lean start-up methods to the U.S. Government, in order to address ATO repeatability. Red Hat has worked with 18F to help create a Kuberenetes implementation based on Open Control to automate much of the ATO process for Kubernetes systems.


    • Bose and Kubernetes
      As a way to demonstrate the problem they were trying to solve, O'Mahony spoke to an Amazon "Alexa" device (an Echo Dot) and asked it to play a particular song "on stage". That led the nearby Bose smart speaker to start playing the tune. Since both devices have wireless interfaces, it would seem like making that work would not be all that difficult, he said. But it turns out to be harder than it looks. There is no direct interface between the two devices; it all must be handled in the cloud. So it takes hundreds of miles of cable to bridge the three-foot gap between the two devices on stage.

      The Amazon device does all of its voice processing in the Amazon cloud, which then hands off instructions to the Bose cloud. The speaker is not directly exposed on the internet; it can send out messages, but it is unable to receive random messages from the net. The easiest way to handle that is to have the speaker make a persistent connection to the Bose cloud when it powers up. MQTT was chosen as the protocol; a persistent bidirectional WebSocket connection is made between each speaker and the cloud service.

      The "crux of the problem" is scaling; solutions abound for thousands of connected devices. When he looked around a few years ago for Internet of Things (IoT) products, he couldn't find any that could handle the five-million (or more) connections envisioned for the system. Some managed services would scale to hundreds of thousands of connected devices, but not to millions, he said. That is why Bose engaged with Connected, which was able to help prototype a system that could handle that many connections using Kubernetes.



    • Migrating the Internet Archive to Kubernetes
      The Internet Archive (IA) has been around for over 20 years now; many will know it for its Wayback Machine, which is an archive of old versions of web pages, but IA is much more than just that. Tracey Jaquith said that she and her IA colleague David Van Duzer would relate a "love/hate, long adventure story—mostly love" about the migration of parts of IA to Kubernetes. It is an ongoing process, but they learned a lot along the way, so they wanted to share some of that with attendees of KubeCon + CloudNativeCon North America 2018.

      Jaquith has been with IA for 18 years; she started when IA did, but left for four years and then came back. Van Duzer is a more recent addition, joining IA about a year and a half ago; he works on the web crawling process that feeds the Wayback Machine. Van Duzer said that IA has been around since the beginning of the web and, over that time, has created a daunting pile of code that he has now started to become comfortable with. At this point, IA is "dipping its toes" into the Kubernetes world; any big change like that is going to need to be sold to colleagues, pain points will need to be worked out, and so on. In order to do that, they needed to answer the question: "what's in it for us?"


    • Polyverse Announces Technology Partnership with Red Hat


    • The Firecracker virtual machine monitor
      Cloud computing services that run customer code in short-lived processes are often called "serverless". But under the hood, virtual machines (VMs) are usually launched to run that isolated code on demand. The boot times for these VMs can be slow. This is the cause of noticeable start-up latency in a serverless platform like Amazon Web Services (AWS) Lambda. To address the start-up latency, AWS developed Firecracker, a lightweight virtual machine monitor (VMM), which it recently released as open-source software. Firecracker emulates a minimal device model to launch Linux guest VMs more quickly. It's an interesting exploration of improving security and hardware utilization by using a minimal VMM built with almost no legacy emulation.
    • Canonical Girds Its Cloud-Native Loins as Containers Gain Traction
      Nathan Rader will need to be blessed with the patience of a saint. As the director of NFV Strategy at Canonical, the company behind the Ubuntu open source Linux distribution, he's eager for communications service providers to not just talk about "cloud native" architectures based on containers (packages of self-contained software code and related dependencies), but actually deploy them.

      That's because a shift to cloud-native, container-based microservices by mobile, fixed and cable network operators could well result in greater traction in the communications network operator world for Canonical Ltd. , which has developed a version of the Kubernetes container orchestration system needed to manage multiple containers across multiple cloud platforms.

      Canonical regards itself as particularly well placed to benefit from any shift towards container-based deployments, as its Ubuntu operating system is already widely deployed in existing cloud initiatives and the company believes that Ubuntu is the "optimal choice" to underpin containers.


    • Alternatives when migrating from macOS Server
      DHCP, DNS, FTP, and Websites services are the most important services for enterprises to connect to and utilize the Internet for getting work done. And while their loss is lamented, admins with Mac CLI experience will feel right at home spinning up these services on any Linux distribution. For those still learning their way around Linux or simply prefer a GUI-based package manager, Ubuntu, and CentOS are two excellent Linux distros that offer a nice blend of performance and usability that will have you configuring DHCP scopes and DNS nameservers in no time.



    • Red Hat Unifies Automation Across Hybrid Cloud Management with Latest Version of Red Hat Ansible Tower


    • Assess Kubernetes performance and scalability using Automation Pipeline
      Red Hat's performance and scalability team created an automation pipeline and tooling to help answer these and other questions.




  • Audiocasts/Shows



    • FLOSS Weekly 513: Nextcloud Update
      Nextcloud offers industry-leading on-premises file sync and online collaboration technology. Frank Karlitschek started the Nextcloud project to enable decentralized and secure cloud hosting. He has been involved with a variety of Free Software projects, including having been a board member for the KDE community.


    • The Linux Link Tech Show Episode 791






  • Kernel Space



    • Linus Torvalds Welcomes 2019 with Linux 5.x
      Linus Torvalds has announced the release of Linux 5.0-rc1. The kernel was supposed to be 4.21, but he decided to move to the 5.x series. Torvalds has made it clear that the numbering of the kernel doesn’t make much sense. So don’t get too excited about this release.

      Torvalds explained in the LKML (Linux Kernel Mailing List), “The numbering change is not indicative of anything special. If you want to have an official reason, it's that I ran out of fingers and numerology this time (we're _about_ 6.5M objects in the git repo), and there isn't any major particular feature that made for the release numbering either,” he said.

    • Linux 4.20.1 Kernel Released With Various Fixes
      The first point release to the two-week-old Linux 4.20 kernel is now available.

      For those that wait for a point release before upgrading to a new kernel series, Linux 4.20.1 was just released by Greg Kroah-Hartman with a number of fixes. Linux 4.20.1 offers up a number of Btrfs fixes, a few F2FS and EXT4 file-system fixes too, several ALSA updates, and also some ARM64 work -- some of which fixes in 4.20.1 were back-ported from the in-development Linux 5.0 code. Linux 4.20.1 is a fairly calm first point release with no major regression fixes and fortunately no big security woes.


    • Linux Kernel 4.20 Gets First Point Release, It's Now Ready for Mass Deployments


    • Linux 4.20.1
    • Linux 4.19.14
    • Linux 4.14.92
    • Linux 4.9.149


    • Some unreliable predictions for 2019
      Kernel development will become more formal. One of the things that has traditionally attracted a certain type of developer to kernel work is the fact that many of the normal rules don't apply. Kernel development often requires working with high levels of complexity, combined with the ups and downs of dealing with real-world hardware; in that setting, pulling together any sort of solution can be an accomplishment. The result is a sort of cowboy culture that emphasizes working solutions over formal designs.

      The increasing level of complexity in the kernel and in the hardware it drives has made that approach less tenable over the years. The kernel community has responded in a number of ways, including better documentation and better testing. One real harbinger of the future, though, may be the work that has been quietly happening to develop a formal memory-ordering model that makes it possible to reason about concurrency and ensure that kernel code is correct. If the kernel is going to continue to scale, this kind of approach will have to spread to other areas. There will be grumbling, since adding formality may slow the pace of development. But, with luck, it should also slow the issuance of urgent bug fixes and security updates.

      More kernel APIs will be created for BPF programs rather than exported as traditional system calls; we are heading toward a world where a significant amount of kernel functionality is only available via BPF. The result will be a significant increase in flexibility and efficiency, but some growing pains should also be expected. The BPF API sees even less review than other kernel interfaces, and the community's record with the latter is decidedly less than perfect. This may be the year when we realize that we haven't yet figured out how to provide such low-level access to the kernel in ways that can be supported indefinitely.

      Somebody will attempt to test the kernel community's code of conduct and its enforcement processes in the coming year. The community will handle that test without trouble, though, just as it has been handling the constant stream of trolling emails attempting to stir up strife. At the end of the year, the code of conduct will look pretty much the way it does now: a set of expectations that helps to improve behavior in the community, but not a big deal in general.


    • Some 4.20 development statistics
      This year's holiday gifts will include the 4.20 kernel; that can only mean that it is time for another look at where the code going into this release has come from. This development cycle was typically busy and brought a lot of new code into the kernel. There are some new faces showing up in the statistics this time around, but not a lot of surprises otherwise. As of this writing, 13,856 non-merge changesets have found their way into the mainline repository for the 4.20 release; they were contributed by 1,743 developers. That makes 4.20 the busiest cycle since 4.15, but only by a little bit; both numbers are essentially in line with recent release history. Of those 1,743 developers, 283 were first-time contributors this time around.


    • What's coming in the next kernel release (part 1)
      When the 4.20 kernel was released on December 23, Linus Torvalds indicated that he would try to keep to the normal merge window schedule despite the presence of the holidays in the middle of it. Thus far, he seems to be trying to live up to that; just over 8,700 changesets have been merged for the next release, which seems likely to be called 5.0. A number of long-awaited features are finally landing in the kernel with this release.


    • Live patching for CPU vulnerabilities
      The kernel's live-patching (KLP) mechanism can apply a wide variety of fixes to a running kernel but, at a first glance, the sort of highly intrusive changes needed to address vulnerabilities like Meltdown or L1TF would not seem like likely candidates for live patches. The most notable obstacles are the required modifications of global semantics on a running system, as well as the need for live patching the kernel's entry code. However, we at the SUSE live patching team started working on proof-of-concept live patches for these vulnerabilities as a fun project and have been able to overcome these hurdles. The techniques we developed are generic and might become handy again when fixing future vulnerabilities. For completeness, it should be noted that these two demo live patches have been implemented for kGraft, but kGraft is conceptually equivalent to KLP.

      At the heart of the Meltdown vulnerability is the CPU speculating past the access rights encoded in the page table entries (PTEs) and thereby enabling malicious user-space programs to extract data from any kernel mapping. The kernel page-table isolation (KPTI) mechanism blocks such attacks by switching to stripped-down "shadow" page tables whenever the kernel returns to user space. These mirror the mappings from the lower, user-space half of the address space, but lack almost anything from the kernel region except for the bare minimum needed to reenter the kernel and switch back to the fully populated page tables. The difficulty, from a live-patching perspective, is to keep the retroactively introduced shadow page tables consistent with their fully populated counterparts at all times. Furthermore, the entry code has to be made to switch back and forth between the full and shadow page table at kernel entries and exits, but that is outside of the scope of what is live patchable with KLP.

      For the L1TF vulnerability, recall that each PTE has a _PAGE_PRESENT bit that, when clear, causes page faults upon accesses to the corresponding virtual memory region. The PTE bits designated for storing a page's frame number are architecturally ignored in this case. The Linux kernel swapping implementation exploits this by marking the PTEs corresponding to swapped-out pages as non-present and reusing the physical address part to store the page's swap slot number. Unfortunately, CPUs vulnerable to L1TF do not always ignore the contents of these "swap PTEs", but can instead speculatively misinterpret the swap slot identifiers as physical addresses. These swap slot identifiers, being index-like in nature, tend to alias with valid physical page-frame numbers, so this speculation allows for extraction of the corresponding memory contents. The Linux kernel mitigation is to avoid this aliasing by bit-wise inverting certain parts of the swap PTEs. Unfortunately, this change of representation is again something which is not safely applicable to a running system with KLP's consistency guarantees alone.


    • Improving idle behavior in tickless systems
      Most processors spend a great deal of their time doing nothing, waiting for devices and timer interrupts. In these cases, they can switch to idle modes that shut down parts of their internal circuitry, especially stopping certain clocks. This lowers power consumption significantly and avoids draining device batteries. There are usually a number of idle modes available; the deeper the mode is, the less power the processor needs. The tradeoff is that the cost of switching to and from deeper modes is higher; it takes more time and the content of some caches is also lost. In the Linux kernel, the cpuidle subsystem has the task of predicting which choice will be the most appropriate. Recently, Rafael Wysocki proposed a new governor for systems with tickless operation enabled that is expected to be more accurate than the existing menu governor.


    • Linux Foundation



      • Industry-Scale Collaboration at The Linux Foundation
        Linux and open source have changed the computer industry (among many others) forever. Today, there are tens of millions of open source projects. A valid question is “Why?” How can it possibly make sense to hire developers that work on code that is given away for free to anyone who cares to take it? I know of many answers to this question, but for the communities that I work in, I’ve come to recognize the following as the common thread.


      • Roles and Responsibilities of Cloud Native DevOps Engineers
        Cloud Native DevOps is a relatively new collection of old concepts and ideas that coalesced out of a need to address inadequacies in the “old” way of building applications. To understand what Cloud Native DevOps engineers do on a daily basis, one needs to understand that the objective of the Cloud Native model is to build apps that take advantage of the adaptability and resiliency that are so easy to achieve using cloud tools. There are four main concepts that serve as the basis of cloud native computing: Microservices, Containers, CI/CD, and DevOps.

        Cloud Native DevOps is a relatively new collection of old concepts and ideas that coalesced out of a need to address inadequacies in the “old” way of building applications. To understand what Cloud Native DevOps engineers do on a daily basis, one needs to understand that the objective of the Cloud Native model is to build apps that take advantage of the adaptability and resiliency that are so easy to achieve using cloud tools. There are four main concepts that serve as the basis of cloud native computing: Microservices, Containers, CI/CD, and DevOps.

      • Hyundai Advances Connected Car, Linux AGL Drives Standards
        Automotive Grade Linux, a collaborative open source project sponsored by the Linux Foundation, is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car.

        This week at the Consumer Electronics Show (CES), the project is welcoming its latest member, Hyundai, to contribute to the ongoing harmonization of “connected car” standards, even as the company continues to invest hundreds of millions into making smarter cars more accessible. Not everybody can afford a Tesla.

        With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies.



      • Wipro becomes gold member of Linux Foundation Networking
        Indian IT major Wipro has joined Linux Foundation Networking as a gold member, said a statement. Under this membership, the company will work the development of next-generation Open Networking Automation Platform (ONAP) technologies and use cases for current and future networks.

        Wipro joins six other LFN Gold members, including Accenture, Aptira, Inocybe Technologies, Lumina Networks, Microsoft and Telstra.




    • Graphics Stack





  • Applications



  • Desktop Environments/WMs



    • GNOME Desktop/GTK



      • Phoenix joins the LVFS
        Just like AMI, Phoenix is a huge firmware vendor, providing the firmware for millions of machines. If you’re using a ThinkPad right now, you’re most probably using Phoenix code in your mainboard firmware. Phoenix have been working with Lenovo and their ODMs on LVFS support for a while, fixing all the niggles that was stopping the capsule from working with the loader used by Linux. Phoenix can help customers build deliverables for the LVFS that use UX capsule support to make flashing beautiful, although it’s up to the OEM if that’s used or not.

      • Firmware Vendor Phoenix Tech Joins The LVFS For Linux Firmware Updates
        Last month firmware vendor AMI joined the Linux Vendor Firmware Service (LVFS) while today the other big firmware vendor, Phoenix Technologies, is also backing LVFS for their OEM/ODM partners that want to distribute firmware update capsules on this RedHat-based service.

        Phoenix provides the basic firmware implementation for the likes of Lenovo ThinkPads, Tuxedo Computers, and plenty of other OEM/ODM partners for motherboards. Phoenix has already been helping their partners with UEFI firmware updates on LVFS and now they will continue doing so as an official member. But it will still be up to their actual customers to want to engage with LVFS support for their products.


      • GNOME 3.31.4 released
        Here is GNOME 3.31.4, the first development snapshot of 2019. Try it out, test it, improve it.


      • GNOME 3.31.4 Released As A Big Step Towards GNOME 3.32
        GNOME 3.31.4 is out today as their latest development snapshot towards this March's GNOME 3.32 desktop release. GNOME 3.31.4 comes with several exciting additions ranging from enhancing its default web browser to the GNOME Boxes virtualization component enabling 3D/OpenGL support with VirtIO-GPU.






  • Distributions



    • Gentoo Family



      • Gentoo News: FOSDEM 2019
        It’s FOSDEM time again! Join us at Université libre de Bruxelles, Campus du Solbosch, in Brussels, Belgium. This year’s FOSDEM 2019 will be held on February 2nd and 3rd.




    • Arch Family



      • Arch Linux Kicks Off 2019 with First Snapshot Powered by Linux Kernel 4.20
        Arch Linux 2019.01.01 is now available and it is the first snapshot of the popular Linux-based operating system in 2019, shipping with a new Linux kernel and all the package updates released during December 2018, since the release of the Arch Linux 2018.12.01, which was powered by Linux kernel 4.19.4.

        Considering the fact that Linux kernel 4.20 was just released a couple of weeks ago, near the Christmas holidays, this would be a record for the Arch Linux developers to ship the new ISO snapshot with the most recent Linux kernel series, which can only mean that it successfully passed all tests.




    • OpenSUSE/SUSE



      • Jumpstarting an IT Transformation
        You’ve been convinced. It’s 2019 and your IT department has to undergo transformation so your business can meet the needs of a digital transformation. But do you have the resources for this transformation? After all, you can’t stop paying attention to your business-critical day-to-day operations. It’s crucial to maintain your existing operations while integrating new technology.

        If you have no one to take on these new responsibilities, your IT transformation project can stall, or even fail. Or maybe you have the resources for your transformation project, but they do not have the appropriate knowledge or experience to successfully get your IT transformation off the ground.


      • Six Impressive Candidates Step Up for the 2018-2019 Board Elections
        The Elections Committee, Edwin Zakaria, Ish Sookun, and Gerry Makaro, are pleased to announce today, Thursday, January 10, 2019, that six very impressive Candidates have decided to step up and run for Membership on the openSUSE Board in the 2018-2019 Board Elections. With four days left for Candidates to apply, it is possible that more quality Candidates might throw their hats into the ring to make this a very exciting race.




    • Fedora



      • Fedora Developers Look At Packaging Up The Radeon Open Compute Stack (ROCm)
        While the ROCm "Radeon Open Compute" stack has been fully open-source for a while and in recent months even able to work fine off a mainline Linux kernel, a barrier to its adoption has been officially just have binaries produced by AMD for RHEL/CentOS/Ubuntu and not seeing these components including its OpenCL driver available through Linux distribution repositories. Fortunately, in 2019, that may finally be changing.

        Over the Linux kernel releases in 2019 we saw the AMDKFD "Kernel Fusion Driver" support in the mainline Linux kernel get into good shape so that it's running well with recent discrete graphics cards and jiving with the latest releases of ROCm. Previously, ROCm depended upon an out-of-tree DKMS kernel module due to necessary functionality not being mainlined. That was a blocker to ROCm's wider/easier adoption but is no longer the case and new Linux kernel releases continue tacking on improvements to AMDKFD.


      • Qubes OS 4.0.1 Released, Plasma 5.14.15 Is Out, Software Freedom Conservancy Fundraiser, ClearCube Launches C3xPi Thin Client for RPi 3 Model B+ and Ubuntu Touch Announces OTA-7
        Qubes OS 4.0.1 was released today, marking the first stable point release in the 4.0 series. Updates include all 4.0 dom0 updates, Fedora 29 TemplateVM, Debian 9 Template VM, Whonix 14 Gateway and Workstation TemplateVMs, and Linux kernel 4.14. You can get Qubes 4.0.1 from the Downloads Page.


      • Fedora Is Looking For Your Feedback On A New Logo
        Longtime Red Hat / Fedora designer Máirín Duffy has shared some proposals for a new Fedora logo and the lengths they are going to in coming up with this new logo/marks.

        Máirín Duffy and the Fedora Design Team have been working on their next iteration of the Fedora logo. Fedora has gone through several logo/branding re-designs over its history since 2003 while now for 2019 they are working on a new iteration that's more evolutionary than revolutionary.


      • Máirín Duffy: Which new Fedora logo design do you prefer?
      • How to install Shutter screenshot tool on a Fedora Linux




    • Debian Family



      • Markus Koschany: My Free Software Activities in December 2018
        Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.


      • Derivatives



        • Canonical/Ubuntu



          • Ubuntu Touch OTA-7 Release
            Ubuntu Touch is the privacy and freedom respecting mobile operating system by UBports. Just one month after the OTA-6 release, we are now shipping Ubuntu Touch OTA-7! OTA-7 is appearing as a staged rollout for all supported Ubuntu Touch devices over the next 5 days, completing on Sunday, January 13. You can skip to How to get OTA-7 to get it now if you're impatient, or read on to learn more about this release.



          • Ubuntu Touch OTA-7 brings keyboard themes, browser improvements
            The group of volunteers keeping Canonical’s (canceled) dream of Ubuntu smartphones and tablets alive is rolling out a pretty significant update this week. The UBPorts team says Ubuntu Touch OTA-7 should be available for all supported devices by Sunday, January 13.

            Among other things, it brings new features and improvements to the on-screen keyboard and web browser. But the bigger news may be an update that should make it easier for developers to port the operating system so it can run on newer phones.


          • Flavours and Variants



            • Linux Mint 19.1 Tessa - Adrift
              Fonts aside, Linux Mint 19.1 is an average plus distro, with some good points but not as many awesome advantages over the competition as Mint used to have. I've highlighted this in my best distro of 2018 article, whereby Mint seems to have lost its edge. It does what most other distros do and little else besides. There's no supreme quality factor as once upon time, where Mint did things no other system could. So you get media, phone connectivity, reasonable networking, a good collection of apps, but you also get glitches, only okay performance with high-resource usage, plus niggles and errors here and there.

              But the one thing that totally ruins the deal - the fonts. So pale my eyes hurt. And I have perfect vision. Plus you can't change them, not easily, not anyway. So this makes Mint Tessa simply unusable for me. I spend hours working in front of a computer, writing, gaming, whatnot, and I am extremely aware and sensitive to how one gets the highest level of comfort and productivity. I can do that with Windows 7 or Windows 8 or Kubuntu for example. With Mint Tessa, even 15 minutes feels like a strain. Worst thing, Tara did let you change the fonts, and everything worked fine only six months ago!

              Anyway, Mint used to be Ubuntu on steroids and the friendliest distro around. Not anymore. I can't name even a single distinct killer feature that it has, plus the sweet momentum of innovation and fun is gone. Or going away. And the whole 12% Xorg CPU eater, that sure ain't helping the matters. This is a change, and not a good one, with a steady, gradually increasing loss of quality and coolness. Overall grade, 6/10. On a sad note, here goes the first review of 2019. Oh well.












  • Devices/Embedded





Free Software/Open Source



  • The Best Open-Source Software to Try in 2019
    Open-source software feels like an anomaly in today’s corporate tech world. The idea that a community of developers are happy to work on a piece of software – usually for no money – for literally years seems ludicrous, and speaks to the passion that people have for making technology for the benefit of everyone. Open-source devs, we salute you!

    So to honor these tireless workers who quietly make our day-to-day computer experiences that much better, we’ve decided to write up a multi-platform list of what we deem the best open-source software you can get in 2019.

    Do note that there are tons of open-source software out there, and we can’t possibly cover all of them. That said, here are what we think are the best for the end user. Opinions may differ though.


  • 2019 predictions: Open Source, Instant Payments and PSD2 to spur payments transformation
    Open source technology is second nature to big tech and challenger upstarts who are looking to build ecosystems around their platforms. In 2019, to meet the resiliency and scalability demands of an open, data driven, real-time market, banks will increasingly adopt open source technology. The use of a DevOps approach to deployment, utilising open source tools, will enable greater use of the cloud (public and private) and help banks to provide the flexibility needed to serve customers, partner with fintechs, and leverage the opportunities of platform banking in an open world.


  • Is the End of the Benevolent Dictator for Life in Open-Source Software Here?
    Unlike commercial software, open-source software is designed and built by communities of developers. Communities don’t have vice presidents, directors, managers or corporate committees to guide development.

    There are a number of open-source governance models. One of those is the foundation model, which supports community-led development. Foundations ensure independence and efficiency, and under that model everyday decisions about features and releases don’t come from the top down. Those decisions are made by the project teams themselves and are centered in the community. Consensus is an important part of such community-led efforts.

    There are also company-led open-source projects. A company-led project is controlled and financed by a software company, usually to accelerate development and ensure alignment with customer needs. In such a setup, the company has more control over development than the foundation does in a community-led effort, but governance is still rooted in the community.



  • Protego has a new open source tool to provide serverless security training
    Baltimore startup Protego is looking to provide security for serverless computing. It’s a new field, and so there’s some education involved.



  • CES 2019: Mycroft's privacy-minded smart speaker wants to be your Alexa alternative
    Alexa and the Google Assistant have taken the mainstream by storm -- but some find the idea of sharing their in-home audio data a little unnerving.

    Enter Mycroft, an alternative smart assistant that promises never to collect or store any of your data, not even anonymously. It's a smart assistant without a search history. And now, here at CES 2019, we're getting an early look at the upcoming Mycroft Mark II smart speaker that the virtual assistant will soon call home. The asking price: $189.


  • Alibaba Buys Open Source Big Data Firm Data Artisans for $130M
    Founded in 2014, Data Artisans has built an open source framework for enterprise-scale data processing. The startup claims that its framework, Apache Flink, is one of the fastest growing communities within the Apache Software Foundation and has hundreds of contributors. Data Artisans uses Apache Flink to power its dA platform. The platform, which also has an application manager, helps enterprises build, operate, and run streaming applications using stream processing.



  • Meet the Apache Software Foundation’s Top 5 Code Committers
    The Apache Software Foundation (ASF) — which this year celebrates its 20th anniversary — is the meritocratic heart of arguably the world’s most vibrant open source community. The non-profit organisation watches over 350 projects, from the well-known (Hadoop, Kafka) through to more niche “podlings” in the Apache incubator.

    With 200+ million lines of code under its stewardship, the foundation’s success rests on the shoulders of an open source army of contributors; some volunteers, others paid to maintain code bases used in mission-critical applications. (Apache projects are used by blue chips ranging from Cisco to Bloomberg, Netflix to Goldman Sachs).

    Among the organisation’s 7,032 committers (developers who have earned write access to a given project’s code repository) five stood out for their contributions in 2018.


  • Ixis acquires LiberoNet to expand open source expertise
    DIGITAL development, hosting and support company Ixis has acquired Warrington-headquartered LiberoNet as part of ambitious growth plans.


  • Open source the winner in 2018
    The evolution of technology and its increasing importance in business across industry sectors have contributed to open source becoming a focal point for many decision-makers during the past year. As such, it has changed the conversation around how innovation is happening at organisations.


  • 2019: From open source battles to the cloud war
    2019 will increasingly see the areas of open source, open source-based business models and cloud computing collide. It is clear that public cloud providers have benefited from open source more than open source has benefited from public cloud providers – with a lack of a solid business model, innovative open source-based companies have unfortunately been crushed by the waves of disruption. This is not a sustainable equilibrium and while this topic was already quite visible in 2018, it will become a key theme in 2019. And Richard Stallman knew it all along.

  • AT&T, Nokia Tighten 5G Focus on O-RAN, Akraino
    The specific work is to develop a software platform for the RAN Intelligent Controller (RIC). This would provide for a set of functions and interfaces that allow for easier integration through policy-driven closed loop automation and more flexible deployments and programmability within the RAN.

    The platform is being architected as an extensible real-time microservices framework tied to a radio information database and open control plane interfaces. These would be able to handle mobility management, spectrum management, load balancing, radio resource control, and RAN slicing. The open nature will also allow for multiple vendors and third parties to have access to the RAN architecture.



  • AT&T, Nokia team up on RAN controller software platform for O-RAN Alliance
    AT&T is working with Nokia to develop an open source software platform for the RAN Intelligent Controller (RIC) that aligns with the O-RAN Alliance.

    AT&T and Nokia are co-creating the RIC platform to further spur the development of open source software in the 5G Radio Access Network (RAN) sector. The platform will feature a set of functions and interfaces that enable increased optimization through policy-driven, closed-loop automation.

    The RIC software will also create faster, more flexible service deployments and programmability within the RAN. The overarching intent of RIC is to help create a multivendor, open ecosystem of interoperable components for the various RAN elements and vendors.


  • AT&T teams up with Nokia to push the deployment of RAN open source
    AT&T has started developing a software platform for the RAN Intelligent Controller (RIC) with Nokia. The idea is to create open source software aligned with the O-RAN target architecture and to so accelerate innovations and interoperability in the RAN. The RIC platform will provide a set of functions and interfaces that allow for increased optimizations and for faster, more flexible service deployments and programmability within the RAN. AT&T and Nokia want to enable an intelligent rapidly evolvable radio network by fostering the creation of a multi-vendor open ecosystem of interoperable components for the disaggregated RAN. The platform will be architected so that the implementation of functions from different vendors can be mixed and matched on a single network infrastructure. The platform will also enable interfaces to third party applications for enhanced mobility functions such as cross layer optimization and machine learning inferences.



  • AT&T, Nokia Team on O-RAN Code
    In support of 5G, AT&T will begin development of a software platform for the RAN Intelligent Controller (RIC), to enable the creation of open source software that is aligned with the O-RAN target architecture. AT&T and Nokia are co-creating the platform code to accelerate the deployment of open source software for the 5G RAN.

    The RIC platform will provide a set of functions and interfaces that allow for increased optimizations through policy-driven closed loop automation and for faster, more flexible service deployments and programmability within the RAN. The intent is to enable an intelligent rapidly evolvable radio network by fostering the creation of a multi-vendor open ecosystem of interoperable components for the disaggregated RAN.


  • New open source platform to enhance blockchain development in Africa
    The African Digital Asset Foundation has launched an open source platform to establish unified standards for blockchain development in Africa.

    The African Digital Assets Framework (ADAF) platform will seek to ensure that the use of blockchain stimulates digitised pan-African economic integration.

    Several factors are opening local start-ups to the opportunities blockchain promises including limited financial infrastructure, fragility of some African currencies and raising capital after ideation.

    Going forward, more African start-ups' interest could be particularly drawn to the blockchain-backed crowdfunding mechanism known as the initial coin offering (ICO). The ICO model is open and direct but has been widely criticised for a lack of regulation.


  • The best free photo-editing software in 2019 [Ed: Darktable and GIMP top the list.]


  • Taking It Slow: Enterprises Use Open Source, But Are Cautious About Contributing
    Jabil uses open source for application development and piloting, and then switches for production to vendor-backed open source implementations, frequently with proprietary extensions. For example, the company uses Docker for developing applications, but Docker Enterprise Edition for production, Cantrell says.



  • Open source software in the enterprise has never been healthier
    Many companies support their developers who work on open source projects unrelated to the business - showing open source has matured


  • TrueConf Releases Open Source App for Video Kiosks
    TrueConf, a company known for their pioneering developments in meeting room, desktop and mobile video solutions, recently announced a new application. With the support of a community of developers to guide them, TrueConf has opened access to the TrueConf Kiosk source coding. TrueConf plans to use the open source application to make video kiosk software a more accessible reality for companies around the world.

    With the TrueConf Kiosk source code, developers will be able to create their own custom applications for dealing with customer service through immersive video conferencing.


  • 2019 Will Be the Year of Open Source
    From software and even hardware, we saw more activity in open source than ever before in 2018. And the momentum isn't likely to slow down in 2019.


  • Web Browsers



    • Chrome



      • Google Chrome’s Ad Blocker Ready For A Global Launch Starting July 9th
        The in-house Google Chrome ad-blocker, which was initially launched for United States, Canada, and Europe last year, is ready to roll out worldwide on July 9th, Google said in a blog post.

        Google has been following the Better Ads Standards from the Coalition for Better ads for more than a year. This group’s sole purpose is to improve the user experience while surfing the web.




    • Mozilla



      • Eric Rescorla Wins the Levchin Prize at the 2019 Real-World Crypto Conference
        The Levchin Prize awards two entrepreneurs every year for significant contributions to solving global, real-world cryptography issues that make the internet safer at scale. This year, we’re proud to announce that our very own Firefox CTO, Eric Rescorla, was awarded one of these prizes for his involvement in spearheading the latest version of Transport Layer Security (TLS). TLS 1.3 incorporates significant improvements in both security and speed, was completed in August and already secures 10% of sites.

        Eric has contributed extensively to many of the core security protocols used in the Internet, including TLS, DTLS, WebRTC, ACME, and the in development IETF QUIC protocol. Most recently, he was editor of TLS 1.3, which already secures 10% of websites despite having been finished for less than six months. He also co-founded Let’s Encrypt, a free and automated certificate authority that now issues more than a million certificates a day, in order to remove barriers to online encryption and helped HTTPS grow from around 30% of the web to around 75%. Previously, he served on the California Secretary of State’s Top To Bottom Review where he was part of a team that found severe vulnerabilities in multiple electronic voting devices.







  • Baidu's Linux-Powered Car Technology



    • Chinese tech giant Baidu is making a play for the next big thing after cloud computing
      Baidu has just announced China's first open source edge computing platform - reflecting the country's growing open source community.

      Baidu, a cloud company and search giant sometimes known as the "Google of China," unveiled OpenEdge at the Consumer Electronics Show on Wednesday.

      "Edge computing is becoming more commonplace due to the rise of IoT devices," Zun Wang, a Baidu spokesperson, told Business Insider. "It brings different kinds of compute power, especially for AI processing, to the edges of your network, allowing close proximity of your data source with the cloud."

      Edge computing means that the processing power is shifted away from the cloud and towards the "edge" — which is to say closer to the users who are using it. For example, edge devices might be gadgets people use each day, such as PCs, smartphones and tablets, or Internet of Things gadgetry like wearables and smart home appliances.


    • Baidu Cloud launches its open-source edge computing platform
      At CES, the Chinese tech giant Baidu today announced OpenEdge, its open-source edge computing platform. At its core, OpenEdge is the local package component of Baidu’s existing Intelligent Edge (BIE) commercial offering and obviously plays well with that service’s components for managing edge nodes and apps.

      Because this is obviously a developer announcement, I’m not sure why Baidu decided to use CES as the venue for this release, but there can be no doubt that China’s major tech firms have become quite comfortable with open source. Companies like Baidu, Alibaba, Tencent and others are often members of the Linux Foundation and its growing stable of projects, for example, and virtually ever major open-source organization now looks to China as its growth market. It’s no surprise, then, that we’re also now seeing a wider range of Chinese companies that open source their own projects.


    • China's Baidu will help deliver Walmart groceries in self-driving vans
      China's leading search engine will soon be helping make deliveries for Walmart, bringing it into direct competition with Google's driverless technology.

      California startup Udelv announced Tuesday that it will deploy self-driving vans using Baidu's technology in Surprise, Arizona, as part of a pilot program to deliver fresh groceries for Walmart (WMT). Udelv has developed a fleet of autonomous delivery vans on Baidu's (BIDU) open-source autonomous driving platform, Apollo.


    • Baidu's driverless tech to power Walmart delivery: CES 2019
      Chinese search engine giant Baidu will soon see its driverless technology used in Arizona for the likes of Walmart, in the latest example of Chinese technology finding its way into the U.S. market, despite ongoing trade tensions between the two countries.

      Udelv, a California-based autonomous delivery startup, announced that it had built a self-driving operation system using Baidu's open-source Apollo platform at the Consumer Electronics Show in Las Vegas on Tuesday. Later this year, the company will start serving Walmart and other retail giants with delivery vans powered by the technology.


    • Baidu announces Apollo 3.5 and Apollo Enterprise, says it has over 130 partners
      Beijing tech giant Baidu is ramping up its self-driving car initiative. At the 2019 Consumer Electronics Show in Las Vegas this week, it announced Apollo 3.5, the latest version of its Apollo open source driverless car platform, and took the wraps off of Apollo Enterprise, which it described as a suite of “customizable autonomous driving … solutions” for vehicle fleets. It also recommitted to launching a self-driving taxi service in Changsha, China later this year.



    • Baidu announces Apollo Enterprise, its new platform for mass-produced autonomous vehicles
      Baidu made several big announcements about Apollo, its open-source autonomous vehicle technology platform, today at CES. The first is the launch of Apollo Enterprise for vehicles that will be put into mass production. The company claims that Apollo is already used by 130 partners around the world. One of its newest partners, Chinese electric vehicle startup WM Motors, plans to deploy level 3 autonomous vehicles by 2021.

      Apollo Enterprise’s main product lines will include solutions for highway autonomous driving; autonomous valet parking; fully autonomous mini-buses; an intelligent map data service platform; and DuerOS (Baidu’s voice assistant) for cars.


    • Baidu goes open source with Openedge analytics platform and Apollo driverless stack
      Baidu unveiled an open source “OpenEdge” edge computing platform and an open Linux-based “Apollo 3.5” autonomous car stack. OpenEdge dev boards include an Intel-based BIE-AI-Box in-car visual analytics board and NXP-based BIE-AI-Board for IoT.

      Baidu, which is often referred to as the Google of China, has announced an open source, AI-infused OpenEdge edge computing platform with development boards based on Intel and NXP SoCs. The news follows Baidu’s announcement earlier this week that it was releasing version 3.5 of its open source Linux-based Apollo self-driving software stack, as well as a new Apollo Enterprise platform based on it designed for vehicle fleet management (see farther below). The open source platforms were announced at this week’s CES show in Las Vegas.




  • Pseudo-Open Source (Openwashing)



    • AWS gives open source the middle finger
      AWS launched DocumentDB today, a new database offering that is compatible with the MongoDB API. The company describes DocumentDB as a “fast, scalable, and highly available document database that is designed to be compatible with your existing MongoDB applications and tools.” In effect, it’s a hosted drop-in replacement for MongoDB that doesn’t use any MongoDB code.

      AWS argues that while MongoDB is great at what it does, its customers have found it hard to build fast and highly available applications on the open-source platform that can scale to multiple terabytes and hundreds of thousands of reads and writes per second. So what the company did was build its own document database, but made it compatible with the Apache 2.0 open source MongoDB 3.6 API.




  • FSF/FSFE/GNU/SFLC



    • Bish, Bash... gosh! Good ol' Bourne Again Shell takes a bow as it reaches version five-point-zero
      In news that will set the hearts of shell fans all a quiver, Bash 5.0 was released this week, replete with a truckload of fixes along with a few new features.

      The fifth major version in the nearly 30-year history of the GNU Project’s Bourne Again Shell (Bash – geddit?) includes some new variables BASH_ARGV0, which returns $0 on reference and sets $0 on assignment, and EPOCHSECONDS and EPOCHREALTIME which expand to the time in seconds since the Unix epoch, with the latter having microsecond granularity.





  • Public Services/Government



    • EU Bug Bounty - Software Security as a Civil Right
      This EU initiative is part of the Free and Open Source Software Audit (FOSSA) project, thanks to Julia Reda MEP of the EU Pirate Party, who started the project thinking that enough is enough after severe vulnerabilities were discovered in key infrastructure components like OpenSSL. This prompted her to involve the EU Commission in contributing to the security of the Internet.

      It is amazing to think that the OpenSSL Software Foundation which is responsible for the maintenance of the OpenSSL library, the cornerstone of safe transactions on the Internet used by millions of websites and organizations, receives just $2000 of donation money per year and has only ONE full-time employee working on the library. All that was revealed after the discovery of the Heartbleed bug, something that finally shook the waters and motivated the big industry names to support the foundation with proper funding.

      Saying that, aren't Governments supposed to jump in and protect the public when the private sector cannot? That's the philosophy behind this novel initiative.


    • Red Hat’s David Egts Pushes Open Source Software for Cost-Efficient Gov’t IT Training
      David Egts, chief technologist for the North American public sector business at Red Hat (NYSE: RHT), has identified open source training as an approach that the federal government can take to advance the cybersecurity and information technology skills of its workforce, ExecutiveBiz reported Thursday.

      “[The] open source community has put effective training on a number of topics, including cloud migration and deployment and cybersecurity, well within the reach of every agency and IT administrator,” Egts wrote in a Nextgov guest piece published Wednesday.




  • Openness/Sharing/Collaboration



    • Quartz AI Studio launches an open-source platform to help journalists use machine learning
      Imagine you had a personal assistant that you can task with sorting out a pile of messy documents, or ploughing through a mountain of spreadsheets to find what you are looking for.

      Enter the Quartz AI Studio, a US-based project that helps journalists use machine learning to write better stories.

      The initiative, launched in November 2018 with the support of Knight Foundation, is spearheaded by John Keefe, Quartz’s technical architect for bots and machine learning, who previously led the Quartz Bot Studio.



    • Open Hardware/Modding



      • Open-source microscope targets brain imaging and disease diagnosis
        A team of researchers at Tel Aviv University in Israel has developed a new multiphoton microscopy tool, known as Pysight, for rapid 2D and 3D imaging of the brain and other tissues.

        Among other things, the team hopes that the tool could soon boost scientists' efforts to attain a deeper understand of brain dynamics, assisting in the discovery of groundbreaking treatments for a range of health problems including stroke, epilepsy and dementia.

        Pablo Blinder, who heads up the team at the Neurobiology, Biochemistry and Biophysics School and Sagol School for Neuroscience at Tel Aviv University, explains that PySight combines commercially available, off-the-shelf hardware with open-source software tailored for photon-depleted imaging conditions, such as those characteristic of rapid multiphoton microscopy.

        “[PySight’s] commercial hardware converts the noisy output of each photodetector into uniform photon detection events, and registers their absolute arrival time with a temporal precision of 100 picoseconds,” he says.

        “Its software package then reads the resulting list of photon arrival times, determines the respective origin within the brain of each detected photon, and generates volumetric movies over time.”

        In a recent paper published in the journal Optica, Blinder and his co-authors demonstrate the benefits of using PySight for tracking neuronal activity in awake mice and fruit flies. While initially developed with neuroimaging purposes in mind, Blinder reveals that the tool could just as easily be used for a range of other imaging applications - including detection of malignant cells in human patients during surgical procedures.






  • Programming/Development



    • sig-big-data: Apache Spark and Apache Airflow on Kubernetes
      This presentation will cover two projects from sig-big-data: Apache Spark on Kubernetes and Apache Airflow on Kubernetes. Kubernetes became a native scheduler backend for Spark in 2.3 and we have been working on expanding the feature set as well as hardening the integration since then. Apache Airflow on Kubernetes achieved a big milestone with the new Kubernetes Operator for natively launching arbitrary Pods and the Kubernetes Executor that is a Kubernetes native scheduler for Airflow. We will give an overview of the current state and present the roadmap of both projects, and give attendees opportunities to ask questions and provide feedback on roadmaps.



    • GitLab Uses TriggerMesh to Offer Knative-Based Serverless Workflows
      Thanks to the power and flexibility of the recently-launched Knative, GitLab has provided users with the ability to execute their serverless code automatically right from their repositories, onto Kubernetes clusters

      A new start-up called TriggerMesh has provided GitLab with this capability.



    • PHP 7.0 is dead


    • This Week in Rust 268


    • Python: __name__ == “__main__” Explained
      If you have been coding in Python for a while, or just casually browsing Python Github repositories, you probably have come across this snippet of code.


    • Python JSON


    • Django Migrations: A Primer


    • Using Red Hat Application Migration Toolkit to see the impact of migrating to OpenJDK


    • 5 useful Vim plugins for developers
      I have used Vim as a text editor for over 20 years, but about two years ago I decided to make it my primary text editor. I use Vim to write code, configuration files, blog articles, and pretty much everything I can do in plaintext. Vim has many great features and, once you get used to it, you become very productive.

      I tend to use Vim's robust native capabilities for most of what I do, but there are a number of plugins developed by the open source community that extend Vim's capabilities, improve your workflow, and make you even more productive.

      Following are five plugins that are useful when using Vim to write code in any programming language.


    • Programming language of the year? Python is standout in latest rankings
      Python gained 3.62 percentage points year over year in Tiobe's January 2019 index, beating rises by Visual Basic .NET and Java, the second and third biggest gainers. Python was created in 1989 by Dutch programmer Guido van Rossum, who relinquished his role as Python's 'Benevolent dictator for life' in July.

      Python entered the top three in Tiobe's popularity index in September and thanks to its use in a growing number of fields should stay there for some time, alongside mainstays Java, C, and C++, which have been in the top three for two decades.

      Python, it seems, is a hit with everyone. As Tiobe notes, it's often the first language taught at universities and it's the go-to language for statistical analysis, machine learning, scripting, web programming, and scientific computing.


    • Python del Statement
      In this tutorial, you will learn to use the del keyword with the help of examples.


    • FizzBuzz in Python with nested conditional expressions and a generator expression
      The FizzBuzz problem [1] is known to those who test/interview programming candidates, as one simple way to filter out unsuitable people early. One keeps on coming across mentions of it on tech sites.






Leftovers



  • Science



  • Health/Nutrition



    • There’s a Toxic Weedkiller on the Menu in K-12 Schools Across the U.S.
      Ms. Obama’s work — and the work of many other concerned parents, teachers and staff—sparked significant improvements in school menus, some of which are now being undone by the current administration (allowing children to eat food with more salt and less whole grain). Schools must once again take another step forward.

      If you haven’t met glyphosate (Roundup) yet, allow me to introduce you. Glyphosate is the most widely used pesticide in the US. Its use has skyrocketed during the last 20 years because of the popularity of genetically-modified crops that are tolerant of this weedkiller. Health concerns about glyphosate have also skyrocketed since 2015, when the World Health Organization evaluated its ability to cause cancer.




  • Security



    • Minim Launches Open Source Project and Minim Labs, a Free Alternative to Home Network Security Products at CES 2019


    • Free IoT security platform runs on OpenWrt routers and the Raspberry Pi
      Minim unveiled a free version of its router security platform called Minim Labs with an open source, Linux-based, “Unum” agent designed to protect home automation devices. The software is available for the Raspberry Pi and the Gli.Net B1300 router.

      At the Consumer Electronics Show (CES) in Las Vegas, Minim announced a free spin-off of Minim, its cloud-managed WiFi and security Software as a Service (SaaS) platform. Minim Labs is designed to work with a new open source software agent called Unum that runs on Raspbian and OpenWrt Linux devices. Optimized images are available for the OpenWrt-based Gli.Net GL-B1300 router and Raspberry Pi. The first 50 sign-ups will get the B1300 router for free (see below).


    • Security updates for Wednesday
    • Great, you've moved your website or app to HTTPS. How do you test it? Here's a tool to make local TLS certs painless
      A Google cyrptoboffin is close to releasing a tool that will hopefully make all of us more secure online.

      Now that most web traffic travels over HTTPS and browser features increasingly expect security, developers really should be creating and testing apps in an HTTPS environment.

      Doing so requires installing a TLS/SSL certificate locally, but the process isn't as easy as it might be. With a bit of effort, devs can generate their own certificate, self-signed or signed by the local root, and install it. Various online tutorials offers ways to do so. There are also projects like minica that aim to ease the pain.

      But it could be easier still, along the lines of Let's Encrypt, a tool that lets websites handle HTTPS traffic through automated certificate issuance and installation.


    • System Down: A systemd-journald exploit
      We discovered three vulnerabilities in systemd-journald (https://en.wikipedia.org/wiki/Systemd):

      - CVE-2018-16864 and CVE-2018-16865, two memory corruptions (attacker-controlled alloca()s);

      - CVE-2018-16866, an information leak (an out-of-bounds read).

      CVE-2018-16864 was introduced in April 2013 (systemd v203) and became exploitable in February 2016 (systemd v230). We developed a proof of concept for CVE-2018-16864 that gains eip control on i386.

      CVE-2018-16865 was introduced in December 2011 (systemd v38) and became exploitable in April 2013 (systemd v201). CVE-2018-16866 was introduced in June 2015 (systemd v221) and was inadvertently fixed in August 2018.

      We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average. We will publish our exploit in the near future.

      To the best of our knowledge, all systemd-based Linux distributions are vulnerable, but SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC's -fstack-clash-protection.


    • Zerodium Is Offering $2 Million For Remotely Jailbreaking Apple iOS
      Zerodium, an American information security company, which acquires premium zero-day vulnerability, will pay you $2 million if you succeed in jailbreaking Apple iOS remotely.


    • What is DevSecOps?


    • New Side-Channel Attack Is Hardware Agnostic, Targets Windows & Linux, Enables Remote Exfiltration
      Recent findings on Page Cache Attacks by a research team of experts from Graz University of Technology, Boston University, NetApp, CrowdStrike, and Intel detail a first-of-its-type, hardware-agnostic (unlike Spectre & Meltdown) side-channel attack that can remotely target operating systems such as Windows and Linux and effectively exfiltrate data, bypassing security precautions. An expert with Juniper Threat Labs offers perspective.





  • Defence/Aggression



    • A Sculpture Celebrating Saudi Arabia Has Been Erected on Ground Zero
      A sculpture celebrating Saudi Arabia’s place in the G20 Summit was erected on the World Trade Center grounds last week, a stone’s throw away from the 9/11 memorial.

      Shaped to resemble a piece of candy, the nine-foot-tall statue bears the Kingdom’s emerald flag emblazoned with the Arabic inscription, “There is no god but Allah, and Mohammed is the prophet.” It was created by French sculptor Laurence Jenkell in 2011 as part of the larger installation “Candy Nation” which depicts G20 countries as sugary delights, and has since been featured in over 25 countries. All 20 sculptures are currently on display outside the Oculus shopping center.


    • ‘Evacuate the coffee’: A white supremacist classic tale playing out in the Congo
      Cobalt, the mineral sent to France in exchange for the buses – with cash intermediation or not – is essential to both weapons and renewables manufacture. Two-thirds of the world’s cobalt reserves are in the Katanga Copper Belt, running from DRC’s southeastern Katanga Province into Zambia.

      Like “the three Ts” – tin, tungsten and tantalum – which are plentiful in DRC’s North Kivu Province, Lockheed Martin can’t go to work without it. Neither can any of the world’s other big league weapons manufacturers, so cobalt is the most strategic of strategic minerals.



    • Gabon and Coup Mania
      t starts with a presumption, makes its way through a discussion, and becomes a set, moulded stereotype: Africa is the continent of tin pot dictatorships, unstable leaderships, and coups. Latin America, attuned to brigandage and frontier mentalities, is not far behind. Such instances lend themselves to the inevitable opportunity to exploit the exception. Gabon, ruled by the same family without interruption since 1967, is being stated as a possible example.

      The news so far, if one dares trust it, suggests that a coup was put down in the African state with the loss of two lives. Seven of the plotters were captured a mere five hours after they seized a radio station, during which Lieutenant Kelly Ondo Obiang broadcast a message claiming that President Ali Bongo’s New Year’s Eve message “reinforced doubts about the president’s ability to continue to carry out of the responsibilities of his office.” Bongo, for his part, had seemed indisposed, suffering a stroke in October and slurring his words in a speech during a December 31 television appearance.

      As with other attempted coups, the plotters portrayed themselves as up-market planners in the Brutus mould. They were killing Caesar to save Rome. In this case, the men of the Patriotic Movement of the Defence and Security Forces of Gabon were keen to “restore democracy”. The attempt was put down with some speed. “The situation is under control,” came a government statement some hours after security forces regained control of the RTG state broadcasting headquarters. Guy-Betrand Mapangou, true to the sort of form shown by a regime unmoved, insisted that, “The government is in place. The institutions are in place.”

      The coup fascination may not be healthy but is nonetheless fascinatingly morbid. Jonathan Powell and Clayton Thyne from the University of Central Florida and University of Kentucky cannot get enough of the business, and have compiled a register of failure. These political scientists insist on defining coups as “illegal and overt attempts by the military or other elites within the state apparatus to unseat the sitting executive”. But having to presumably stake some exceptional view to the field, the authors insist that those who go through with a coup have power for at least seven days. (Why not six or eight?)

      This cottage industry invariably produces much smoke but a conspicuous lack of fire. In 2016, with the failed coup in Turkey unfolding, James McCarthy, writing for Wales Online, insisted on a guidebook approach, drawing from Thyne and Powell’s research. They, according to McCarthy, “found there were 457 coup attempts between 1950 and 2010. Of those, 227 were successful and 230 failed.” Invariably, the Americas and Africa feature as the prominent zones of coups.



    • Women Politicals of the American Empire
      There have been many women dissenters who have been jailed by the American government as political prisoners. There are women in jail now who are undergoing punishment as perceived enemies of the American Empire. Two such women are nuclear resister Elizabeth McAlister and alleged “terrorist” Aafia Siddiqui. When I wrote about Pakistani-born Aafia Siddiqui as one of the “women politicals (not) in the news” eight years ago, she had just begun her 86-year sentence at Carswell Federal Prison in Texas for allegedly assaulting US soldiers of the Empire in Afghanistan. Now 46, she recently appealed to Pakistani Prime Minister Imran Khan for help: “I want to get out of prison, my imprisonment in the US is illegal as I was kidnapped and taken to the US. . .” Dr. Siddiqui was accused of being a would-be assassin and an Al Qaeda terrorist. But she was the one who was grievously wounded in the stomach. She was the one whose youngest child was killed when she was taken, “disappeared” in Pakistan, and her other two children imprisoned separately for years. She was the one who was beaten, raped, tortured and kept in solitary in black site prisons of the American Empire. Her “crime” was being a doctor in Boston who was a Muslim activist, and who, through a series of unfortunate and skewed connections, ended up on Attorney General Ashcroft’s “watchlist.” For her “crime,” lshe had to endure the consequences of an extreme anti-“terrorist”/anti-Muslim era which began with the September 11, 2001 bombings.

      Crimes against Muslims globally, and immediate repression of Muslims within the US, although not starting then, greatly intensified after 9/11. The FBI, in its zeal to root out Arab “terrorists,” has been involved in questionable activities which fly in the face of civil rights or constitutional law. We’ve seen the use of the grand jury as bullying tactic, wholesale surveillance, sweeps to arrest dissenters, and entrapment to create “terrorists” when real ones do not exist.

      Pro-Palestinian activists have been victimized, along with young Muslim women who have been candidates for entrapment. In 2013, Rasmea Odeh, deputy executive director of the Arab-American Network, was indicted by the US government for “immigration fraud” when she applied for citizenship. Although the State Department was well aware of the circumstances of her moving to the US, Israel Lobbyists worked to get her arrested. Caught in a “security sweep” in Israel in 1969, she was, although innocent, imprisoned for a supermarket bombing. During her 10 years in Israel’s jails, she was tortured and raped. After coming to the US in 1994, she became an activist for Arab-American women, and found herself jailed again. She was deported in September of 2017. In 2015, Asia Siddiqui and Noelle Velentzas were arrested in NYC by the FBI’s Joint Terrorism Task Force, and charged with conspiracy to “use a weapon of mass destruction.” They were skillfully entrapped by an FBI informant, never planning or even thinking about bombings until the agent suggested they should. They await their trial. The climate of fear existing in America, along with “terrorism” charges needing no habeus corpus or rules of evidence, mean no justice and no sanity for Muslim women caught by the US “justice” system.


    • Slip of the Imperial Mask
      I remember the day well. It was the day when the leader “of the free world” gave a hint of the true state of affairs in that allegedly “free” world.

      To this day I’m not sure why he said it. Why would Trump give free ideological ammunition against his own empire? Certainly not out of a feeling of remorse or some sense of historical justice. More likely then it was perhaps as a thinly veiled threat to those, worldwide, who would seek to oppose him? Something like: “You know what we are and we’re so powerful that we no longer even fear publicly telling you up front about it”.

      Yes, on that day President Trump punctured the still pervasive “myth of American innocence”. A topic which has been profusely written about by Noam Chomsky among others.

      American hands are dirty. They drip with blood. They are an Orwellian power continuously existing through totalitarian contradictions. Their carefully constructed mask of freedom, hides the most insidious forms of slavery.

      But they are not alone. To maintain an Empire one needs allies. And these they have in abundance. They are not just the globalized elites who rule the world but any who manage to benefit and prosper through their rule. Thus American Empire is not just an elite phenomenon but, crucially, a class cutting one. Witness the recent election and massive support for Jair Bolsonaro of Brazil, a cliched American puppet that doesn’t even seek to hide that fact egoistically trumpeting his facsimile to Trump. Even here in once radicalized Brazil, Empire is no longer afraid to proudly speak its name.

      The roots of Trump’s remark reach deep into the heart of Empire. Another infamous quote, this time from Karl Rove underpins its formative strength. “We are an Empire now and when we act we create our own reality”. Rove is indeed partially correct. Power does create, shape, and guide subjectivities. It creates persuasive master narratives supported by boots on the ground, blaring media, vast sums of capital, and, most importantly, organizational and technological methods and means of control. Empire manufactures Truth. Empire becomes the ultimate Truth in the hearts and minds of millions. So much so that TINA (There is NO alternative) has become the hymn and mantra of our age.


    • Donald J. Mubarak? Why Trump Declaring a National Emergency over Wall is Very Bad
      The 1976 law under which Trump claims he can declare a state of emergency does require a joint resolution from Congress after 6 months to allow it to continue longer than 180 days (it is a Watergate-era law and originally required a concurrent resolution). But six months is a long time. Any such declaration by Trump would be challenged by the House Democrats in the courts, and the case would pretty swiftly go to the Supreme Court, producing a constitutional crisis. States of emergency in the modern US are common and limited in scope. In Obama’s second term, there were thirty states of emergency, including one pertaining to Iran that had lasted since 1979. The 1979 emergency had allowed President Jimmy Carter to sequester some $50 bn. of Iranian money in US banks. That was the money that Obama returned to Iran (its rightful owner) in 2015 as part of the nuclear deal. It was never America’s money. The US only held it in escrow until the emergency had passed. Trump exaggerates it to $150 bn., and erases from history the fact that the US got this money by freezing Iranian bank accounts in the West. It was always Iran’s money; Trump tries to convince people that it was the taxpayers’ money and that Obama arbitrarily gave it away to Iran as a bribe to sign the nuclear deal. Almost everything Trump asserts is a lie.



    • An Address From the Oval Orifice (Video)
      President Trump’s much vaunted address from the Oval Office didn’t have many fireworks . . . unless you listened to the words he actually said. Even though Trump appeared unusually composed and/or stiff, he didn’t stray too far from his usual demonizing immigrants script. (Thank you, Stephen Miller.)

      The Xenophobe-in-Chief has proved a master at conflating illegal immigration (which is way down) with asylum claims made by families escaping violence in Central America. Claiming asylum is not illegal, it is a legal process that the United States used to be pretty good at.




  • Transparency/Investigative Reporting



    • Dept. Of Interior Wants To Rewrite FOIA Law To Make It Easier To Reject Requests
      The US Department of the Interior wants to do all it can to comply with recent changes to FOIA law. It wants transparency and accountability just as much as US citizens want it. In the comments preceding its proposed changes [PDF] to FOIA response procedures,


    • Fed Up WikiLeaks Emails Media List Of 140 ‘False And Defamatory’ Claims Not To Report As True – OpEd
      Julian Assange and WikiLeaks have not just been targeted by the United States government in response to their publishing of US government secrets. They have also been subjected to false reporting in the media.

      In an email sent to media organizations on Sunday, WikiLeaks details that, due to “a pervasive climate of inaccurate claims about WikiLeaks and Julian Assange, including purposeful fabrications planted in large and otherwise ‘reputable’ media outlets,” Wikileaks is providing in the email a list of false and defamatory claims about WikiLeaks and Assange for journalists and publishers “to ensure they do not spread and have not spread falsehoods about WikiLeaks or Julian Assange.” A Reuters report counts a total of 140 items in the email’s “Defamation List.”

      The email, which is marked at its beginning as a “confidential legal communication” and “not for publication,” has been posted online — something people associated with WikiLeaks, which specializes in publishing information sought to be kept secret, would seem likely to have anticipated.




  • Environment/Energy/Wildlife/Nature



    • Green New Deal Has Broad Bipartisan Support (Though Most Voters Haven't Heard of It)
      A version of the Green New Deal (GND) — an FDR-style plan to address climate change by shifting America to a just and renewably powered 21st century economy — is widely popular with American voters of both parties, according to a recent survey.

      Perhaps unsurprisingly, this proposal has stronger support among Democrats but still polls well with Republicans. The survey found that 81 percent of registered voters said they either “strongly support” or “somewhat support” a rapid transition to 100 percent renewable electricity and other green technology initiatives.

      However, the poll, conducted by the Yale Program on Climate Change Communication (YCCC), also found that very few voters were aware of the Green New Deal: 82 percent said they “knew nothing” of the proposal. Notably, the poll's language focused on renewable electricity and job creation, but made no mention of the full decarbonization and social overhaul of the American economy that also are central tenets of the full Green New Deal.


    • This EPA Rule Change Could Kill Thousands
      While Americans were quietly preparing to ring in the New Year, the EPA gave families a deadly present to start the year off wrong. On December 28, the Environmental Protection Agency announced a proposal that would effectively weaken the Mercury and Air Toxics Standards (MATS), which protect American families from mercury and other harmful air pollutants emitted by power plants. The EPA “proposes to determine that it is not ‘appropriate and necessary’ to regulate” these emissions, the EPA wrote in a statement. This means that the regulations will lose the necessary legal mechanism that actually enables them to actually be enforced. These regulations save a lot of lives — 11,000 every year, according to the EPA’s own data — and they prevent 130,000 asthma attacks annually. Stripping this regulatory power virtually guarantees more asthma attacks and more preventable deaths. For families, those aren’t just numbers.


    • Trump Nomination of Wheeler Ensures EPA Will Continue to Put 'Profits of Polluters' Over Human Health and Planet
      In the six months since he stepped in to oversee the Environmental Protection Agency following Scott Pruitt's resignation last summer, Andrew Wheeler has gutted fuel efficiency standards, rolled back carbon emissions rules for coal plants, and moved to allow more mercury emissions—and President Donald Trump made his approval known Wednesday as he nominated Wheeler to officially head the agency.

      Wheeler has served as acting EPA administrator since July, having served as Pruitt's second-in-command. Before his career in the Trump administration, he was a lobbyist for the fossil fuel industry and an aide for vehement climate denier Sen. James Inhofe (R-Okla.)—resumé items whose influence has been apparent in his actions as acting administrator and will likely to continue to sway his decision-making if he's confirmed.


    • Fracked Shale Oil Wells Drying Up Faster than Predicted, Wall Street Journal Finds
      In 2015, Pioneer Natural Resources filed a report with the federal Securities and Exchange Commission, in which the shale drilling and fracking company said that it was “drilling the most productive wells in the Eagle Ford Shale” in Texas.

      That made the company a major player in what local trade papers were calling “arguably the largest single economic event in Texas history,” as drillers pumped more than a billion barrels of fossil fuels from the Eagle Ford.

      Its Eagle Ford wells, Pioneer’s filing said, were massive finds, with each well able to deliver an average of roughly 1.3 million barrels of oil and other fossil fuels over their lifetimes.


    • Ocean warming speeds vary with depth
      Climate scientists who have found a new way to chart temperature change in the world’s seas over time say ocean warming speeds are much slower in deep water than on the surface.

      Planet Earth is mostly ocean. Human-linked changes have started to raise global temperatures to what could be alarming levels and, as the thermometer rises, so will sea levels. So detailed understanding of temperature and ocean is vital. But two separate studies confirm that the connection is far from simple.

      One study of the Atlantic confirms that in the last 150 years, the oceans have taken up 90% of the excess energy released by the combustion of fossil fuels to drive human economic growth and power − and to fuel potentially-catastrophic global warming and runaway climate change.

      But what the oceans will actually do with that colossal burst of heat has yet to be fully explored. And a separate examination of the deep history of the Pacific Ocean confirms that change may be inexorable, but it is also very slow: the deeper parts of the Pacific are still registering the onset of the so-called “Little Ice Age” several centuries ago.






  • Finance



    • Trump Thinks Federal Workers Can 'Just Ask Their Father for More Money,' Says Pelosi. 'But They Can't.'
      The latest failed meeting between Trump and the Democratic leadership comes as dozens of unions are set to hold a rally in Washington, D.C. on Thursday to highlight to the deep financial pain the president's "senseless and manufactured" shutdown has caused for hundreds of thousands of workers and demand that the government be reopened immediately.

      In addition to the economic impact Trump's shutdown has had on federal employees, a Public Citizen report published Wednesday detailed how the lapse in federal funding has also seriously endangered crucial consumer, health, and safety protections.

      "It's a crisis alright," declared Public Citizen's Rick Claypool, the author of the analysis. "This is just the tip of the iceberg, and I'm sure more ugly details will emerge if the Trump shutdown continues. And the longer it continues, the worse this crisis for consumer and worker safety will get."
    • 'It's a Crisis Alright': Report Details Serious Public Health and Safety Risks of Trump Shutdown
      "Corporate lawbreakers are going unpunished, safety inspections are being postponed, discrimination charges are going uninvestigated, polluters are not being held in check, financial fraudsters are not being policed, consumer complaints are not being received, and accident investigations have ceased," Robert Weissman, president of Public Citizen, said in a statement.

      Authored by Rick Claypool, a research director at Public Citizen, the new report examines how nearly a dozen federal agencies have been impacted by the Trump shutdown, which has furloughed hundreds of thousands of government employees.

      According to Public Citizen's analysis, under-discussed but extremely important federal agencies like the Consumer Product Safety Commission, the Equal Employment Opportunity Commission, and Securities and Exchange Commission are currently operating without over 90 percent of their staff due to the shutdown, which is just days away from becoming the longest in U.S. history.

      "The shutdown is already impeding vital consumer and worker protection priorities. If the shutdown is allowed to persist, the cessation of these essential consumer and worker protections threatens significant public harms, as corporate violators go unpunished and food and product safety inspections are delayed and decreased," Claypool writes. "The importance of these functions makes even slight capacity reductions a serious cause for concern."
    • The Ultimate Test of Trump’s Cronyism Is Unfolding in Beverly Hills
      The Beverly Hills heiress waiting for Ivanka Trump at a Republican soiree last summer should have been at the height of her social powers.

      Lisa Korbatov’s parents had made a fortune redeveloping Los Angeles’ Garment District and were donors for Republican and pro-Israel causes. Korbatov herself was president of the Beverly Hills school board and a trustee of the Jewish Community Foundation, and her local political activism had received swooning coverage from the staid Beverly Hills Courier, the hip LA Weekly and publications in between.

      Three years ago, the local Boy Scouts even chose the blunt-speaking, charcoal-haired Korbatov for their 2015 Distinguished Citizen Award.

    • Shutdown Offers Taste of Suffering the Poor and Vulnerable Know Too Well
      The drama around the shutdown may seem mostly political with the latest news barely touching on the pain felt by real people who believed they worked for all of us. While millions of us celebrated festive holidays, I know that many families had a season of worry that hasn’t ended yet. You probably know it too. And by the time Congress and the dysfunctional man in the White House get anything settled to end the government shutdown—now in its 19th day—the damage done to some families will take months to repair.

      Those of us fighting to achieve improved Medicare for All because we have lived and are living the damage dished out by the U.S. healthcare system relate in a deeply personal way to the federal employees going without pay during the shutdown. And just as the Trumpublicans have moved us in the wrong direction on healthcare reform, many patients and their families have been damaged already by trusting the lousy plans now passing for cheap insurance. By now, sick people have already gone without care, and no doubt, people will die due to changes to the Affordable Care Act (Obamacare) and the associated Medicaid expansion. If we didn’t believe those currently in power would take further steps to harm more people in order to secure their own positions and wealth, that was foolish of us.


    • 30,000 LA Teachers 'Strike Ready' as District Refuses to Spend $1.86 Billion Reserve on Better Pay, Smaller Class Sizes
      Educators and their allies in the second-largest school district in the nation are making a stand for students and education quality this week as more than 30,000 Los Angeles teachers prepare to go on strike, after the school district has refused to use its nearly $2 billion dollar reserve to provide educators with better pay, students with smaller class sizes, and much-needed funding for school programs.

      After working for more than a year without a contract, United Teachers Los Angeles (UTLA) is planning to walk out as early as Thursday if the Los Angeles Unified School District (LAUSD) does not meet their demands. The teachers voted almost unanimously last August to go on strike, and state-mandated mediation since the vote has done little to help further negotiations between the two sides.

      UTLA argues that the school district has plenty of money set aside to provide educators with a 6.5 percent raise, hire more teachers to ensure smaller class sizes, and hire more nurses, school counselors, and librarians to support school communities. District nurses currently split their time between schools, leaving many buildings without a healthcare provider for much of the week.


    • What Are We Working For?
      Ever since I was a young boy, I have wondered why people do the kinds of work they do. I sensed early on that the economic system was a labyrinthine trap devised to imprison people in work they hated but needed for survival. It seemed like common sense to a child when you simply looked and listened to the adults around you. Karl Marx wasn’t necessary for understanding the nature of alienated labor; hearing adults declaim “Thank God It’s Friday” spoke volumes.

      In my Bronx working class neighborhood I saw people streaming to the subway in the mornings for their rides “into the city” and their forlorn trundles home in the evenings. It depressed me. Yet I knew the goal was to “make it” and move away as one moved “up,” something that many did. I wondered why, when some people had options, they rarely considered the moral nature of the jobs they pursued. And why did they not also consider the cost in life (time) lost in their occupations? Were money, status, and security the deciding factors in their choices? Was living reserved for weekends and vacations?


    • Los Angeles Teachers Union Delays Strike Until Monday
      The union representing teachers in Los Angeles — the nation’s second-largest school district — postponed the start of a strike until Monday because of the possibility of a court-ordered delay of a walkout.

      United Teachers Los Angeles previously said its 35,000 members would walk off the job Thursday for the first time in 30 years if a deal wasn’t reached on higher pay and smaller class sizes.

      However, a judge was considering Wednesday whether the union gave legally proper notice of a strike and could have ordered teachers to wait.

      Union officials said they believe they would have prevailed in court but decided to postpone a strike to avoid confusion and give teachers, parents and others time to prepare.

      The Los Angeles Unified School District, with 640,000 students, said the delay provides an opportunity to keep talking and avoid a strike.

      Teachers are hoping to build on the “Red4Ed” movement that began last year in West Virginia, where a strike resulted in a significant raise.

      It moved to Oklahoma, Kentucky, Arizona, Colorado and Washington state, spreading from conservative states with “right to work” laws that limit the ability to strike to the more liberal West Coast with strong unions.




  • AstroTurf/Lobbying/Politics



    • Why Trump's Effort to Eliminate Disparate Impact Rules Is a Terrible Idea
      The Trump administration is reportedly looking for ways to do away with disparate impact rules, a move that could hurt millions of vulnerable people.

      If no one tells you they’re discriminating, is it still discrimination?

      According to the Trump administration, the answer is no. In a memo reported by The Washington Post last week, the administration has placed in its cross hairs a civil rights enforcement tool that has for decades been used to counter discriminatory actions when a bias motive is not obvious.

      Federal civil rights laws protect against discrimination on the basis of race, national origin, religion, sex, disability, and age. Many of these laws were first enacted in the 1960s to prohibit overt discrimination — like restaurants and stores that openly refused to serve Black customers — in housing, employment, and education that not long before had been sanctioned by government. Even at that time, Congress recognized that discriminatory motives could also be easily disguised and that our country’s long history of discrimination made it easy to perpetuate inequality without much thought.
    • DOJ Says It Knows It Fudged Numbers On Its Dangerous Immigrants Report, But Refuses To Correct Them Or Release Underlying Data
      The DOJ doesn't care if it lies to the American people. This isn't exactly a shocking accusation. The DOJ isn't anyone's idea of honest, no matter what its name implies. The DOJ has encouraged and supported parallel construction, entrapment (ATF stash house stings, almost every FBI terrorism bust), and shown itself to be a willing extension of every administration it's attached to. If a narrative needs bolstering, the DOJ will comply.

      When the Trump administration wanted to push its narrative about the southern border crawling with dangerous terrorists and criminals, the DOJ leapt in to help. It had to, since the agency charged with immigration enforcement (ICE) couldn't actually find very many dangerous criminals to detain and deport, even as the President continued to make daily assertions about the national security threat directly across the border.

      The DOJ and DHS presented its "findings" to Congress and the American public -- a bunch of paper masquerading as a set of facts that contained very little factual information. It claimed a "vast majority" of terrorist acts were perpetrated by foreigners illegally in the United States. This was not simply wrong, but an apparently deliberate attempt to inflate numbers into a national security threat-sized problem. To do this, the DOJ and DHS added in foreign citizens who had been extradited to the US to face trial for terrorism-related charges. Subtracting these, the actual percentage was closer to 20% -- not anywhere near the "majority" the agencies claimed.
    • An Update on Facebook’s Smear Campaign Against Critics
      Back in late November, the New York Times revealed that Facebook had paid a corporate PR firm called Definers Public Affairs to develop and peddle a smear campaign aimed at some of its Open Society Foundations-funded critics, including members of the Freedom From Facebook coalition.

      In response, we asked three basic questions of Facebook, all aimed at the same issue: what did Facebook do with the smear campaign information on the Facebook platform itself? Did Facebook promote the smears on its platform? Did Facebook develop different versions to target different audiences, including Congressional staffers and other influencers, as it does for key advertising customers? And, most important, what is the boundary between Facebook’s own policy interests and the operation of the platform?

      Just before the holiday break, Facebook answered our questions in a telephone call with two of its legal and communications staff. The short answer: Facebook asserts that it did not help promote Definers's messages on its own platforms. Facebook said it does not allow its own policy work to be promoted on its platforms (for example, through the ads you see or the posts that show up in your Newsfeed) without clear and unequivocal notice to its users.

      This is good as far as it goes. But Facebook must do much more if it wants to regain any of the trust it lost from this episode, especially given the dangerous waters that it chose to swim in.

      Facebook must do much more if it wants to regain any of the trust it lost from this episode.

    • There's One Encouraging Thought Buried In Zuckerberg's 2019 Challenge
      Not surprisingly, there has been plenty of mocking of this announcement, and perhaps some of it is deserved. Facebook had a bad year in 2018 for mostly deserved reasons. As we've discussed, the company tends to be its own worst enemy and many of its stupid decisions have done tremendous harm to the wider internet. Also it certainly appears that incompetent management, and conflicting priorities may very well be to blame for many of these mistakes. It deserves a wider discussion in another post, but one thing I've heard over and over and over again at this week's CES from other internet companies is how furious they all are at Facebook for making so many bad decisions and dragging everyone else down with them.

      But, the reason I'm at least moderately encouraged by Zuckerberg's statement is that buried within it, he actually mentions a fairly radical idea that, admittedly, I've personally been pushing for years (including trying to suggest the idea directly to Zuckerberg), and that is that the big internet companies really should be moving to a world of protocols, backed by encryption, rather than being a full platform. The argument there, is that this moves the power and control out to the end users, rather than keeping it locked in a more centralized system. It also (conveniently) gets rid of many of the hard choices and policing requirements that are being lumped on the platforms themselves.
    • 'Bye-bye': Trump Stalks Out of Shutdown Session With Democrats
      President Donald Trump stalked out of his negotiating meeting with congressional leaders Wednesday—“I said bye-bye,” he tweeted soon after—as efforts to end the 19-day partial government shutdown fell into deeper disarray over his demand for billions of dollars to build a wall on the U.S.-Mexico border. Hundreds of thousands of federal workers now face lost paychecks on Friday.

      The president is to visit the border in person on Thursday, but he has expressed his own doubts that his appearance and remarks will change any minds.

      The brief session in the White House Situation Room ended almost as soon as it began.
    • Alexandria Ocasio-Cortez and the Politics of Dancing
      “If I can’t dance, I don’t want to be part of your revolution,” are words attributed to the great early 20th-century anarchist thinker, writer and crusading social-justice activist Emma Goldman. While she may not have uttered precisely those words, the sense of the phrase was on full display in Congress last week, as a video circulated of Alexandria Ocasio-Cortez dancing with friends while she was an undergraduate at Boston University, 10 years ago. The video surfaced in a failed attempt to discredit the new member of Congress as she was sworn in as the youngest women ever elected to the U.S. House of Representatives.

      Ocasio-Cortez’s response to the online criticism was short and brilliant, tweeting a video of herself dancing into her new congressional office. The video got tremendous attention. What was largely overlooked was the tune that she was dancing to: the classic 1970 anti-war anthem “War,” sung by Edwin Starr. It rocketed to No. 1 in the summer of 1970, and has been a staple anthem against war ever since. “War, What is it good for, Absolutely nothing,” the chorus goes. Ocasio-Cortez mouths the words as she dances through her congressional office door.

      Ocasio-Cortez’s campaign website details an array of progressive policies, including a “peace economy” that reads, in part: “As of 2018, we are currently involved in military action in Libya, Syria, Iraq, Afghanistan, Yemen, Pakistan, and Somalia. Hundreds of thousands of civilians in these countries have been killed either as collateral damage from American strikes or from the instability caused by U.S. interventions. Millions more have fled their broken countries, contributing to the global refugee crisis … we must end the ‘forever war’ by bringing our troops home, and ending the air strikes that perpetuate the cycle of terrorism throughout the world.”

      She recently corrected Fox News host, and unofficial consigliere to President Donald Trump, Sean Hannity, who accused her of the heresy of calling for an “end to military airstrikes.” She responded in a tweet, saying she supports “ending unjust wars” entirely.

    • Goodbye ‘Divide and Conquer’: With Walker Gone, Wisconsin Begins a New Era
      The Capitol in Madison was packed with ebullient people—education activists in I-heart-my-public-school T-shirts, immigrant-rights activists lobbying to restore driver’s licenses to non-citizens, and many, many smiling Democrats—as Wisconsin’s new governor, Tony Evers, took the oath of office on January 7.

      Departing Governor Scott Walker remained seated, awkwardly, behind Evers, refusing to participate in multiple standing ovations, Democrats, who won every statewide office, gave speeches promising to restore environmental protections, public school funding, and sensible gun-control measures, and to end an era of divisive politics in Wisconsin.

      “It’s hard to believe we nearly lost this constitutional office,” state Treasurer Sarah Godlewski declared, referring to Republican efforts to do away with her post. “But together we made our voices heard.” She promised to be a good-government watchdog for all Wisconsinites, “regardless of where you live, how much you earn, or even who you voted for.”
    • Flawed Terrorism Report Shows Administration’s Skewed Priorities
      The Trump administration has admitted that a report from last year that linked terrorism to immigration was badly flawed. But the episode is the latest to underscore how our approach to fighting terror over-hypes terrorism involving Muslim perpetrators while downplaying domestic terror committed by far-right militants, even though the latter is more common and more deadly.

      The Department of Justice (DOJ) acknowledged last week that the January 2018 report, which was co-authored with the Department of Homeland Security (DHS), contained bad data and misleading assertions, and suffered from a lack of objectivity. But DOJ’s mea culpa falls short of effectively addressing the problem because it doesn't correct or retract the study, which is still available to the public and perpetuates the government’s anti-immigrant and anti-Muslim agenda.

      Shortly after the report was issued, the Brennan Center and other groups sued DOJ and DHS under the Information Quality Act, requesting a retraction or correction of the report.
    • Not One Network Should Have Aired Trump’s Immigration Speech
      Way back in 2014 — a century ago, it feels like — President Barack Obama requested time on major networks for an Oval Office address on immigration reform.

      Fearing the subject was too “political,” the broadcast networks declined, plying viewers instead with The Big Bang Theory and Bones. Few Americans saw the speech. Immigration reform withered on the vines, which were then burned to the ground in the next election.

      Flash forward to January 8, 2019.

      At 8:31 a.m., President Trump tweeted — again — that the “Fake News Media” was “truly the Enemy of the People.” Hours later, at 1:44 p.m., he announced that he was going to give a speech on the “National Security crisis on our Southern Border.”

      By 9 p.m. the next night, all major networks, derided only the day before as “the real Opposition Party,” were carrying the speech.

      [...]

      The man who killed 11 Jews in Pittsburgh cited the congregation’s work settling refugees as a motive. Around the same time, three men in Kansas were arrested for plotting to murder Somali immigrants before the election.

      Hate crimes have increased for three years straight, the FBI notes — continuously since the Trump campaign.
    • The Infantile Politics Of Compulsive Trump Bashing
      Credible sources indicate that Trump didn’t know about Bolton’s contradictory statement until reading about it in The New York Times or watching it on Fox News. But turnabout is fair play as Bolton was blindsided by Trump’s intial order to withdraw 2,000 troops from Syria. No longer trusting his advisors, Trump acted after a phone conversation with Turkish President Erdogan who wondered why U.S. troops were still in Syria, to which Trump reportedly replied “You know what? It’s yours. I’m leaving.”

      (Not part of Trump’s inner circle, superhawk Bolton is a pawn of billionaire, ultra-Zionist Sheldon Adelson who prevailed upon Trump to appoint him as National Security Adviser. Trump has been known to refer to Bolton as “Mike Bolton” and has disparaged his ridiculous ‘stash.)

      In an earlier post, I asked whether we should care about Trump’s motives for withdrawing our troops. First, I agree with Arunhati Roy that focusing so much on Trump’s personality or possible impeachment is a serious mistake because it detracts attention from the structural forces at play in this in-fighting between elites. Second, we can readily assume that Trump doesn’t give a fig about the human costs of war. But then, neither do his globalist-oriented opponents. Perhaps his decision was about pleasing his base by fulfilling a campaign pledge; Did Sen. Rand Paul or Steve Bannon whisper something in his ear or was Trump simply animated by his America First rhetoric? Who cares.


    • Demanding Trump and McConnell #StopTheShutdown, Dozens of Unions to Rally for Struggling Federal Workers
      As the partial government shutdown entered its 19th day on Wednesday—well on its way to becoming the longest in U.S. history—dozens of unions are planning a rally in Washington, D.C., adding to mounting pressure on Senate Majority Leader Mitch McConnell (R-Ky.) to stand up to President Donald Trump, who is refusing to back a budget bill without $5.7 billion in funding for his "ridiculous" border wall.

      Announcing the rally at AFL-CIO's D.C. headquarters, which is scheduled to kick of at noon local time on Thursday, organizers said the union-led event was planned "to protest the continuing shutdown and resulting furloughs that are financially hurting 800,000 federal employees and families." Speakers will included furloughed federal employees, union leaders, and members of Congress.


    • Will Trump Rule by Decree?
      The Republican Party, since its takeover by Reaganauts in the 1980s, has long favored shrinking the federal government to the point at which it can be “drowned in the bathtub,” to use Grover Norquist’s colorful phrase.

      Tax cuts reduce the federal budget. Budget cuts weaken social programs. Even cutting remarks have their effect. Reagan got plenty of laughs when he said, “The nine most terrifying words in the English language are: ‘I’m from the federal government and I’m here to help.’”

      With the partial shutdown of the federal government entering its third week, Americans are learning that the nine most truly terrifying words in the English language are: “I’m the president and I’m here to help…myself.”

      Trump isn’t content to use the executive office to enrich himself and his circle. He’s warping national policy to serve his own interests as well. Trump believes via Fox News that his presidency is doomed (and his second term nipped in the bud) if he doesn’t fulfil his signature promise of building a wall. The government shutdown is all about Trump and his self-serving impulses.

      To that end, Trump has threatened to extend the shutdown as long as it takes in order to squeeze funding out of Congress for his cherished wall. And why wouldn’t he? He’s got the bathtub ready and a funeral oration already written.


    • Revisiting The Steele Dossier On Its Two-Year Anniversary
      The 35-page report, authored by former British spy Christopher Steele and funded by Democrats, is best known for the vast conspiracy it alleges between the Trump campaign and Russian government during the run-up to the 2016 election. Its salacious claim that the Kremlin has blackmail material on President Donald Trump in the form of a sex tape has also captured public attention.

      But even under two years of scrutiny and debate, the dossier remains unverified, at least as far as its core Trump-related allegations are concerned. None of its specific claims about collusion have been verified, and there is ample reason to believe that its main allegation on that front (an alleged trip to Prague by Michael Cohen) is inaccurate.


    • The Wrong Kind of Unity Against Trump
      As the New Year dawned, Donald Trump’s regime appeared to be coming apart at the seams.

      The billionaire’s tariffs against China and threats to fire the head of the Federal Reserve Bank sent the stock market into a panic. Trump then shut down the government over his demand for a racist border wall and spent his holiday home alone in the White House, munching on burgers and binge-watching Fox News.

      The political establishment, which had until recently tolerated Trump’s impulsive statements and erratic policy swings, decisively turned against him over his surprise announcement to withdraw all U.S. troops from Syria and half of the 14,000 occupying Afghanistan.

      Everyone from the generals in his cabinet to the state bureaucracy, the corporate media and both the Republican and Democratic Parties have denounced Trump’s withdrawal as nothing less than the abandonment of U.S. imperialism’s bipartisan strategy to defend global capitalism through a system of alliances against terrorism, so-called rogue states, and great-power rivals.

      Trump’s decision, while made in haste and reportedly over a phone call with Turkey’s president Recep Tayyip ErdoÄŸan, isn’t the accident it has sometimes been portrayed as, but a campaign promise that flows from his “America First” nationalist strategy to put U.S. interests before all else, even if that means disrupting alliances and cutting deals with rivals.

      The establishment’s opposition to his decision — and, indeed, his whole America First strategy — began within his own administration. Defense Secretary Jim Mattis resigned in protest and was soon followed by Brett McGurk, Trump’s envoy to the global coalition to fight ISIS.


    • ‘The Fusion Doctrine’ A Totalitarian Takeover
      It has become increasingly apparent throughout the past decade that the nation state, and the traditional notion that it represents a culturally cohesive citizen’s platform, is no longer a valid supposition.

      In Europe, countries have been stripped of their status as individual nations overseen by elected governments. They have been turned into corporatist fiefdoms having their own agendas and their own means of achieving them. The chief amongst these agendas is the domination of all spheres of the market place via the overt influence of government. And the method of achieving this end is extortion – buying one’s way into positions of leverage.

      This would not be possible, of course, if parliamentarians refused to bend to the temptation of corruption. But as we now see on a virtually daily basis, the great majority of these ‘representatives of the people’ are themselves severely lacking in moral fiber and only too ready to do what is asked of them, in order to remain in power.

      But the problem goes deeper. Other institutions with a remit to inform and educate, such as the media, leaders of national education programmes and the church also appear incapable of realizing a vision of any depth or purpose – equally allowing themselves to be led by the corporatist agenda.

      An increasingly significant number of citizens now feel that there is no trust-worthy party to turn to at election time; whereas those who continue to place their faith in one or other party, allow themselves to be swayed by the ubiquitous nature of state propaganda – and not by their better instincts. This propaganda is corporation infused and is tied-into the deliberate promotion of an increasingly “me, me” agenda. Materialistically inclined consumers and many of those reacting to the dog eat dog political agenda of the day, appear to believe that any sort of resistance to the dominant trend is pointless, preferring to think only about their own needs and wishes and how to get the best out of a bad situation.


    • People Over 65 Years Of Age Share 7 Times More Fake News Than Youngsters, Says A Report
      With fake news becoming a worrying topic after speculations that it influenced US Presidential elections, a study reveals that older people are more likely to share fake news.

      A research conducted by Science Advances analyzed user behavior during the election campaign by monitoring the articles they share on Facebook. 3,500 random people were chosen including Facebook and non-Facebook users.


    • Less than you think: Prevalence and predictors of fake news dissemination on Facebook


    • Uncommon U.S. Justice: The 100th Anniversary of a Tough Lefty’s Victory
      The 1919 misfortune of Woodrow Wilson and good fortune of Scott Nearing are nowhere near enough evidence for the existence of God or for even karma, but these 1919 events do provide some therapy for me—a reminder that life, occasionally, is not completely unjust.

      In 1919, Wilson—who earlier in his administration had racially resegregated several federal government agencies, and then successfully pissed on the First Amendment so as to make anti-war speech illegal—suffered a debilitating stroke. Also in 1919, the tough Lefty warrior Scott Nearing (1883–1983), unlike many other Wilson victims, beat the rap and did no prison time after his arrest for anti-war words. Nearing would go on to see his 100th birthday, along the way co-writing (with his wife Helen) The Good Life and becoming a hero for back-to-the-land homesteaders who sought escape from the madness surrounding them and longed for a meaningful good life.

      Beginning with Wilson’s Espionage Act of 1917 (made even more oppressive by the Sedition Act of 1918), free-speech advocates, anti-war activists, and the entirety of the U.S. anti-authoritarian Left were “shocked and awed” by state terrorism. The Palmer Raids, which began in 1919, resulted in several thousand activists being arrested, with hundreds of them—including the anarchist Emma Goldman—deported. The majority of Americans were unbothered by the arrests, imprisonments, and deportations of immigrant socialists and anarchists; however, the 1919 imprisonment of the gentlemanly Eugene Debs—born and raised in Terre Haute, Indiana—for his 1918 anti-war speech in Canton, Ohio, had a chilling effect on many Americans.





  • Censorship/Free Speech



    • Court Rules Public Officials Can’t Block Critics on Facebook
      The First Amendment prohibits the government from silencing people for their political views. One of the core purposes of the First Amendment is to allow people, regardless of their views, to hold the government accountable through expression. So, if your elected representative has an official Facebook page where she invites comments, can she block you from commenting because you criticize her work?

      According to a federal appeals court, the answer is a resounding no.

      On Monday, the Fourth Circuit Court of Appeals ruled that the interactive portion of a public official’s Facebook page is a “public forum,” so an official cannot block people from it because of the opinions they hold.

      The case arose after the chair of a local board of supervisors in Virginia, Phyllis Randall, briefly blocked a critic from her official Facebook page and deleted a comment he made about her colleagues’ management of public funds.

    • Marco Rubio and His Colleagues Need a Refresher on the First Amendment
      Rubio took to Twitter to spread a number of downright false statements about the First Amendment and the Combating BDS Act. This week, amid a partial government shutdown, senators tried to sneak through a bill that would encourage states to suppress constitutionally protected political boycotts of Israel.

      Ultimately, the Combating BDS Act failed to make it to the Senate floor, largely because enough people exercised their First Amendment right to protest the bill and educate senators that they should get their priorities straight. But it seems that’s not the only education that is in order.

      The recent spate of bills that seek to penalize Israel boycotts is a bipartisan problem. Many Senate Democrats blocked the Combating BDS Act this week, rightly arguing that Congress should end the government shutdown rather than making this the first order of business of the new session. But four Senate Democrats voted to pass the bill, and many others, including Sens. Chuck Schumer (D-N.Y.) and Ben Cardin (D-Md.), have expressed support for other anti-boycott efforts, even when they have come at the expense of our constitutional rights.

    • Voted Down on Tuesday Night, McConnell Raises Alarm by Forcing Second Vote on 'Unconstitutional' Anti-Boycott Bill
      "When was the last time the Senate voted twice in less than 24 hours to consider the same bill?" Josh Ruebner, policy director a the U.S. Campaign for Palestinian Rights, asked on Twitter. "They're doing it right now on S.1, a bill to authorize $38 billion in weapons for Israel and encourage states to deny contracts to people who support boycotts for Palestinian rights."

      "McConnell apparently has no more important business to take care of in the Senate than trying to force a vote twice in 24 hours to strip away our First Amendment right to boycott for Palestinian rights," Ruebner added, alluding to the fact that the Republican leader is refusing to allow a vote on legislation to reopen the government.

      In response to McConnell's rapid attempt to re-vote on a motion that failed Tuesday night, Jewish Voice for Peace (JVP) issued an urgent call for people to contact their representatives and pressure them to oppose the measure again.


    • Facebook Rejects GRIS Launch Trailer For Being Sexually Suggestive When It Clearly Is Not
      It should be well understood at this point that attempts by internet platforms to automagically do away with sexualized content on their sites via algorithms are... imperfect, if we want to be kind. The more accurate description is to say that these filters are so laughably horrible at actually filtering out objectionable content that they seem farcical. When, for instance, Tumblr can't tell the difference between porn and pictures of Super Mario villains, and when Facebook can't do likewise between porn and bronze statues or educational breast cancer images consisting of stick figures...well, it's easy to see that there's a problem.

      Notably, some of the examples above, and many others, are years old. You might have thought that in the intervening years, the most prominent sites would have gotten their shit together. You would be decidedly wrong, as evidenced by Facebook's refusal to allow Devolver Digital, the publishers of the forthcoming video game GRIS, to publish this launch trailer for the game, due to its sexual content.




  • Privacy/Surveillance



    • Finally, a sensible increase in participation for Tor in Mexico!
      There are many hypotheses for this, but all in all, it's mainly economics related: Only a tiny minority of us in this geographic region can spare the time, energy and money needed to donate part of our work and life to a project, no matter how much we agree with it. Of course, this cannot explain it wholly; there are many issues that further contribute with this low participation. Free software development is mostly carried out in English (much more so even than programming in general, although basically any programing language "reeks" of English).


    • Exclusive: How a Russian firm helped catch an alleged NSA data thief
      The 2016 arrest of a former National Security Agency contractor charged with a massive theft of classified data began with an unlikely source: a tip from a Russian cybersecurity firm that the U.S. government has called a threat to the country.

      Moscow-based Kaspersky Lab turned Harold T. Martin III in to the NSA after receiving strange Twitter messages in 2016 from an account linked to him, according to two people with knowledge of the investigation. They spoke with POLITICO on condition of anonymity because they’re not authorized to discuss the case.
    • The Federal Government Offers a Case Study in Bad Email Tracking
      The U.S. government sends a lot of emails. Like any large, modern organization, it wants to “optimize” for “user engagement” using “analytics” and “big data.” In practice, that means tracking the people it communicates with—secretly, thoroughly, and often, insecurely.

      Granicus is a third-party contractor that builds communication tools to help governments engage constituents online. The company offers services for social media, websites, and email, and it boasts of serving over 4,000 federal, state, and local agencies, from the city of Oakland to the U.S. Veterans Administration to HealthCare.gov. In 2016, the company merged with GovDelivery, another government-services provider. It appears that parts of the federal government have been working with GovDelivery, now Granicus, since at least 2012. Last October, we took a closer look at some of the emails sent with Granicus’s platform, specifically those from the whitehouse.gov mailing list, which used the GovDelivery email service until very recently. The White House changed its email management platform shortly after we began our investigation for this article. However, several other agencies and many state and city governments still use Granicus as their mailing list distributors.

      The emails we looked at, sent to subscribers of the Whitehouse.gov email list in October 2018, happen to be an exemplary case study of everything wrong with the email tracking landscape, from unintentional and intentional privacy leaks to a failure to adhere to basic security standards.

      Not only does Granicus know exactly who is opening which email and when, but in the emails we studied, all of that information is sent without encryption by default, so network observers can see it too. Ironically, even the White House’s Privacy Policy is hidden behind one of the tracking links.



    • (Don't) Return to Sender: How to Protect Yourself From Email Tracking
      Tracking is everywhere on the Internet. Over the past year, a drumbeat of tech-industry scandals has acclimated users to the sheer number of ways that personal information can be collected and leaked. As a result, it might not come as a surprise to learn that emails, too, can be vectors for tracking. Email senders can monitor who opens which emails, when, and what device they use to do it. If you work for a business or a non-profit that sends mass emails, maybe you’ve used tools to perform this kind of tracking before. Even if you have used them, this might be the first you’ve heard of it — because unfortunately, in email marketing software, tracking is often enabled by default.

      There are a lot of different ways to track email, and different techniques can lie anywhere on the spectrum from marginally acceptable to atrocious. Responsible tracking should aggregate a minimal amount of anonymous data, similar to page hits: enough to let the sender get a sense of how well their campaign is doing without invading users’ privacy. Email tracking should always be disclosed up-front, and users should have a clear and easy way to opt out if they choose to. Lastly, organizations that track should minimize and delete user data as soon as possible according to an easy-to-understand data retention and privacy policy.

      Unfortunately, that’s often not how it happens. Many senders, including the U.S. government, do email tracking clumsily. Bad email tracking is ubiquitous, secretive, pervasive, and leaky. It can expose sensitive information to third parties and sometimes even others on your network. According to a comprehensive study from 2017, 70% of mailing list emails contain tracking resources. To make matters worse, around 30% of mailing list emails also leak your email address to third party trackers when you open them. And although it wasn’t mentioned in the paper, a quick survey we did of the same email dataset they used reveals that around 80% of these links were over insecure, unencrypted HTTP.
    • Another Day, Another Massive Cellular Location Data Privacy Scandal We'll Probably Do Nothing About
      We've noted a few times now that while Facebook gets a lot of justified heat for its privacy scandals, the stuff going on in the cellular data and app market in regards to location data makes many of Facebook's privacy issues seem like a grade-school picnic. That's something that was pretty well highlighted by the recent Securus and LocationSmart scandals, which showcased perfectly how cellular carriers and location data brokers routinely buy and sell your daily travel habits with only a fleeting effort to ensure all of the subsequent buyers and sellers of that data adhere to basic privacy and security standards.

      This week, Joseph Cox at Motherboard dropped yet another bombshell report on this subject, noting how he was easily able to pay a bounty hunter $300 to obtain the (supposedly) private location data collected by his cellular provider (T-Mobile). Much like the Securus scandal, the problem once again is the countless location data brokers and third party vendors which are being sold this data, then doing pretty much whatever they'd like with it.


    • William Barr Helped Build America’s Surveillance State
      Senators should ask Barr about his support for unconstitutional spying that endangers our rights.

      William Barr, President Trump’s nominee for attorney general, has a history of getting it wrong. From designing warrantless surveillance programs to justifying the president’s power to disregard acts of Congress, Barr has advanced dubious legal theories that have been rejected by the courts, Congress, and the public.

      As Barr begins the confirmation process, senators must question Barr on his record regarding the right to privacy and the Fourth Amendment — which raises serious concerns about his suitability to be attorney general. Barr has violated or supported violations of Americans constitutional rights, leaving a disastrous legacy of warrantless spying and government abuse.




  • Civil Rights/Policing



    • Leaving Legacy of 'World-Altering Work' for Women, 'Godmother of Title IX' Bernice Sandler Dies at 90
      Dr. Bernice Sandler, whose experiences of sex discrimination on a college campus in the 1960s became the basis for sweeping reforms to ensure an equitable learning environment for women, died last weekend at the age of 90.

      Sandler had "embarked on a lifelong mission to change the culture of sex discrimination on college campuses," said the National Organization for Women (NOW) president Toni Van Pelt in a statement. "She spent decades documenting, investigating, and working to change the arbitrary limits and sexist standards that held women back academically and professionally."

      [...]

      Sandler responded by approaching the National Organization for Women (NOW) with research she'd compiled on sex discrimination, forming the foundation of a class action complaint she and the group filed in 1970 with the Labor Department.

      Congressional hearings and Title IX legislation followed, with President Richard Nixon signing it into law in 1972. The law has protected women on college campuses from sexual harassment, required that men and women have equal access to all campus resources, and opened doors for female athletes.

      "Title IX turned out to be the legislative equivalent of a Swiss Army knife," Marty Langelan, an expert in sexual harassment, told the New York Times. "It opened up opportunities in so many areas we didn't foresee, and [Bernice] laid the essential groundwork for it all."


    • ‘People Are Mobilizing Against This Crackdown’ - CounterSpin interview with Chip Gibbons on defending dissent
      A new year means a chance to take a look at where we’re at, and where we hope to go, including thinking about what makes our work possible: the freedom to speak our criticism of the powerful out loud, to protest, to communicate with one another about how to demand the better world we know is possible.

      Corporate media serve up a lot of palaver about free speech, but when people actually act on it, media elites use their megaphones to dismiss and deride, to circumscribe conversation to make it appear that ideas that threaten their interests aren’t serious ideas, and the people fighting for them are marginal or dangerous.

      The power is with us, and our ability to speak and to hear one another. Holding on to that ability is just another part of the work we have to do.



    • Proposal Seeks to Give New York’s Private Trash Industry Watchdog Sharper Teeth
      The chairman of the New York City Council’s Sanitation Committee introduced a bill Wednesday that would authorize the agency overseeing the private trash industry to directly police the labor unions at scores of companies across the city.

      The legislation would allow the oversight agency, the Business Integrity Commission, or BIC, to bar union officials from representing workers in the industry if they are found to be lacking “good character, honesty and integrity.” Any union representing waste industry workers would be required to disclose their officers to the BIC and, in some cases, submit them to fingerprinting. The agency could oust union officials from the industry if they have certain criminal convictions, or for associating with members or associates of organized crime or anyone convicted of a racketeering activity. A disqualified union officer would have to leave their post within 14 days.

      The proposed bill, introduced by City Councilman Antonio Reynoso, comes after a series of reports by ProPublica exposing the backgrounds and business dealings of two unions that together represented workers at many of the industry’s major companies.


    • Trump Administration is Intent on Weakening Civil Rights Enforcement
      When new U.S. Rep. Alexandria Ocasio-Cortez was asked on “60 Minutes” whether she thinks President Donald Trump is a racist, she responded with the candor that makes her a compelling force in Washington:

      “Yeah, yeah, no question.”

      This, of course, lit up the social media, with Trump supporters denouncing Ocasio-Cortez and progressives praising her. One would think after his dog-whistle, race-bait politics — from slurring immigrants to slandering a Hispanic judge to embracing the racist marchers in Charlottesville, Va., to denigrating Haiti and African nations as “s—hole countries” — that the question had been answered long ago.

      What is clear is that, whatever the president’s personal views, the Trump administration is intent on weakening enforcement of civil rights laws across the board. The same week that Ocasio-Cortez spoke, two widely respected reporters from Washington Post, Laura Meckler and Devlin Barrett, reported that the Trump administration is taking the first steps toward rolling back a centerpiece of civil rights enforcement: the doctrine that starkly disparate impact can provide evidence of discrimination even without proof of intent.

      If a government contractor announces that it won’t hire anyone who is living with someone of the same sex, the victims may not be able to provide direct evidence that the employer intended to discriminate, but the disparate impact of the announcement would provide the basis for finding discrimination. Disparate impact isn’t dispositive. Those accused can demonstrate that they have a rational reason for the regulation or action and that there are no less discriminatory alternatives.

      In some areas, like election law, disparate impact is written in the legislation itself. In most areas, however, it derives from regulations on enforcing the 1964 Civil Rights Act, particularly Title VI which bars discrimination based on race, color or national origin by entities, including schools that receive federal funding.


    • FBI Officially Has A Leak Investigation Unit
      The Obama Administration was never a fan of leakers and whistleblowers. The Trump Administration isn't either. And it's continuing to ramp up investigations in response to a steady stream of leaks that tend to arrive moments after executive proclamations in order to undermine or contradict whatever has just been proclaimed. Fired company man Jeff Sessions thought the best plan to tackle leaks was prosecuting the recipients: journalists. Not really the best plan of action in a country with enshrined speech rights, but that's the way things are being done in the nation's capital. True to form, the DOJ has gone after leakers with a vengeance, threatening to rewrite all of Obama's personal prosecution records. The FBI is getting in on the action, according to a document obtained by Ken Klippenstein of The Young Turks. The word "espionage" is tossed around, but most of what the Trump Administration has dealt with has been embarrassing, rather than a concerted effort to hand secret documents over to our country's enemies. Nonetheless, hunting leakers is official FBI business.
    • Long Island Schools Move to Curb Police Role in Detaining Immigrant Students
      In an effort to prevent immigrant students from being detained and deported on questionable evidence of gang involvement, a Long Island school district is taking the lead in negotiating an agreement to limit the role of school-based police officers.

      At a packed, often emotional meeting Monday, the Huntington, New York, school board said it has authorized its superintendent to hammer out a deal between the approximately 50 Suffolk County school districts that allow police in schools and the county Police Department. Board president Jennifer Hebert said that without a formal agreement, she would oppose the continued use of police known as resource officers in Huntington’s schools.

      “We need clarity and guidelines, and if we can’t get those, I’m not comfortable having officers in our building going forward. And many of these trustees feel similarly,” she said.

      Another board member, Xavier Palacios, called for expunging school suspensions from the disciplinary records of students whom school resource officers reported to ICE. “We must make a wrong right. If our district needs to create a new policy to prevent this from happening again, then we must do so,” he said.
    • Senate Committee Memo Details US Marshals Service's Long History Of Misconduct
      Senator Chuck Grassley is leaving his post as the chairman of the Senate Judiciary Committee, firing some parting shots at the US Marshals Service on his way out the door. His 20-page memo [PDF] detailing years of USMS misconduct comes with over 400 pages of exhibits -- source documents, email chains, and other evidence backing up the disturbing narrative.


    • First-Ever Indigenous Peoples March Will Fight Against Injustices Faced Across the Globe
      "It's wonderful—and needed, now more than ever—to see so many tribes and organizations coming together to raise awareness about the ongoing need to preserve and respect the rights of Indigenous peoples," said organizer Phyllis Young of the Lakota People's Law Project.

      Launched by the Indigenous Peoples Movement, a newly formed coalition dedicated to fostering positive change on "issues that directly affect our lands, peoples, and respective cultures," the march will be preceded by a group prayer at 9am and followed by an evening fundraising concert at the Songbird Music House.

      "Indigenous people from North, Central and South America, Oceania, Asia, Africa, and the Caribbean are a target of genocide," the organizers charge. "Currently, many Indigenous people are victims of voter suppression, divided families by walls and borders, an environmental holocaust, sex and human trafficking, and police/military brutality with little or no resources and awareness of this injustice."

      More than 10,000 marchers are anticipated to descend on D.C. for the event, including people from Australia, Guatemala, Papua New Guinea, Canada, the Caribbean and across the United States. Those interested in participating or supporting the march can check for updates on the official Facebook event, and are encouraged to post updates to social media using the hashtags #IPMDC19 and #WHYIMARCH.




  • Intellectual Monopolies



    • Independent economic study suggests HEVC royalties should be comparable to or less than rates for AVC
      Unified is pleased to announce the release of its first comprehensive objective economic evaluation (OVAL) study of HEVC / H.265 standard-essential patent royalty rates. The study is a part of Unified’s Video Codec Zone goals of providing objective, independent evidence refuting unsubstantiated Standard Essential Patents (SEP) licensing demands. In conjunction with Unified’s Objective Patent Landscape (OPAL), companies can now objectively evaluate HEVC implementation cost and risk. OPAL & OVAL are intended to assist a company’s litigation strategy and/or negotiations based on good-faith Fair, Reasonable, And Non-Discriminatory (FRAND) principles.


    • Patent case: Datenversand, Germany
      This decision by the FCJ confirms that the cited prior art should, generally, provide concrete suggestions, hints or at least provide other reasons beyond the recognizability of the technical problem to seek the solution of a technical problem in the way as presented in the patent.


    • Will analysts stop buying Qualcomm's representations of leverage over Apple after Tim Cook's CNBC interview?
      Day Three of the FTC v. Qualcomm antitrust trial was underway in San Jose (a couple of blog posts about it will follow later) when I saw a CNBC interview--Jim "Mad Money" Cramer went to California to interview Apple CEO Tim Cook--going viral. You can find the video and the complete transcript on this CNBC webpage.

      With this unique style and format, Cramer made financial analysis on TV more entertaining than anybody before him. He's to Wall Street what Rush Limbaugh is to Washington politics: aggressive, outspoken, and unconventional, but none of that should discredit anyone's analysis. A hedge fund manager with decades of merger arbitrage experience called me a couple of days after IBM announced its plans to acquire Red Hat, and the first thing he said was: "Believe it or not, Florian, I watched Mad Money with Cramer last night." He was laughing, but it's a fact that even the pros pay attention to Cramer--from time to time at least.


    • Qualcomm CEO Steve Mollenkopf to testify in court on Friday (January 11): FTC v. Qualcomm
      The number two executive, Qualcomm president Cristiano Amon, testified yesterday. Due to the nature of the questions asked, his testimony didn't reveal anything unexpected, though he seemed more cooperative than some other Qualcomm witnesses.

      Mr. Mollenkopf's testimony on Friday will likely result in increased media attention to the trial. The court may even need to make use of the overflow room.
    • Judge Koh enforces transparency, unseals key passages of documents in FTC v. Qualcomm
      There's a flurry of activity surrounding the FTC v. Qualcomm antitrust trial in the Northern District of California. The previous two posts this morning were about Apple CEO Tim Cook's statements regarding Qualcomm in a CNBC interview and Qualcomm CEO Steve Mollenkopf's testimony, which the FTC has scheduled for Friday (January 11).

      There are important developments not only in the courtroom but also on the docket of this case. Thankfully, Judge Lucy H. Koh of the United States District Court for the Northern District of California has identified a problem with Qualcomm (and in some cases maybe also third parties) demanding overredactions. As Judge Koh has already reminded counsel more than once during the trial, it is in principle a public proceeding. Confidential business information, if still competitively relevant today, must and will be protected, but public access to information is also important.

      I complained about overredactions last month in connection with Qualcomm's proposed findings of fact and conclusions of law and expressed my hope that the court would not approve all of those far-reaching redactions. And indeed, the famous Don Quixote proverb ("Tanto va el cántaro a la fuente...") applied again: at trial time Judge Koh just noticed some excessive sealing requests and showed those sealing-happy lawyers that she's the gatekeeper.
    • Seeking to defend "no license-no chips" in FTC trial, Qualcomm says it never actually cut off chip supply
      When a witness testifies in FTC v. Qualcomm, questions related to different ones of the Federal Trade Commission's antitrust allegations and to different ones of Qualcomm's defenses are asked. But yesterday, on Day 3, two topics got particular attention: Qualcomm's "no license-no chips" policy (which this post is about) and its refusal to license rival chipset makers (which the next post will focus on).

      While Qualcomm can't deny that it has a policy of supplying chips only to companies licensed to its patent portfolio, its lawyers have nevertheless come up with a multiplicity of attack vectors to make the case against the case against Qualcomm in this context:

      They try to define the relevant market broadly enough to be able to claim they didn't have a monopoly.

      They deny that the "no license-no chips" policy resulted in the acceptance of supra-FRAND patent royalties by licensees. Qualcomm argues that its standard 5% rate is FRAND anyway. The FTC will have a licensing expert testify to the opposite, and there's Huawei's testimony that Qualcomm's royalties alone account for 80%-90% of its total patent licensing cost, as well as similar testimony from other licensees. In an effort to argue that its royalty rate is accepted regardless of "no license-no chips," Qualcomm points to companies that, at different points in time, accepted that rate despite not being chipset customers at the time (in some cases because Qualcomm wasn't even selling chipsets yet).
    • Court denies motion to clarify obligations when making permitted ex parte contacts
      The ABA Model Rules and most state rules divide the world into “persons represented by counsel,” who may not be contacted about a matter, and “unrepresented persons,” who may. Speaking generally, a lawyer may not communicate about a matter with a person who is “represented by counsel” in that particular matter. See, e.g., A.B.A. Model Rule 4.2. This is true even if the represented person wants to talk to the lawyer: only the person’s lawyer may consent.

      If a person is not “represented by counsel,” in a matter, a lawyer may communicate with that person, subject to requirements of Rule 4.3, which usually include explaining why the lawyer is communicating and not giving legal advice. A comment to that rule states: “In order to avoid a misunderstanding, a lawyer will typically need to identify the lawyer’s client and, where necessary, explain that the client has interests opposed to those of the unrepresented person.”
    • Patent Case: Boehringer Ingelheim v. Teva Pharmaceuticals, The Netherlands
      The Court of Appeal of the Hague confirmed that a technical effect may only be cooroborated by post-filed data if it is sufficiently plausible from the description.








Recent Techrights' Posts

"Security Advantages" Explained by a Scammy "Security" Site That Uses LLMs to Spew Out Garbage
destroying the Web by saturating it with "bullshit".
 
Links 13/10/2024: Science, Politics, and Some Gemini
Links for the day
Links 13/10/2024: Writing, Remembering John Wheeler, Voice Cloning
Links for the day
Certificate Authority Let's Encrypt Falls to 0.7% in Geminispace (It Was Around 12% Just 2 Years Ago and 7.5% This Past February)
Let's Encrypt is down again
Gemini Links 13/10/2024: Self-hosting Snac2 and Invasion of e-ink
Links for the day
SDxCentral, which the Linux Foundation Paid to Produce Marketing SPAM, Has Now Become Slop (LLM Spew) Disguised as 'Articles'
Google should delist it
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 12, 2024
IRC logs for Saturday, October 12, 2024
Links 12/10/2024: More Site Blocking, China's Hostility, and Evan Gershkovich's Upcoming Book
Links for the day
Links 12/10/2024: Boeing to Cut 17,000 Jobs, Medieval Sleeping Habits, Warning About Liquidweb
Links for the day
Links 12/10/2024: Health, Safety and Climate Concerns
Links for the day
Gemini Links 12/10/2024: Ensemble and Assembler
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
Links 12/10/2024: TikTok Layoffs and Risk of More Wars
Links for the day
IRC Proceedings: Friday, October 11, 2024
IRC logs for Friday, October 11, 2024
Gemini Links 11/10/2024: Against Cynicism, on Atheism, and Dropping Off The Internet
Links for the day
IBM Employees Smell Another Wave of Mass Layoffs (and Explain the Signs)
IBM currently has the policy of hiding the layoffs from shareholders and from the press using NDAs
Links 11/10/2024: Lots More Censorship and Growing Concerns About Health Impact of Social Control Media
Links for the day
Going Almost 4.5 Decades Back to Find 'Dirt' on a Person
That incident was 42.5 years ago. Is that how far some people would go in an effort to discredit a person?
XBox is Dead. This is Just the Beginning.
the main reason Microsoft bought Activision/Blizzard was to hide the growing losses and failure of XBox
The Risk to the "Linux" Brand
Brands that are not guarded from misuse/abuse will inevitably lose their original meaning and their value
Gemini Links 11/10/2024: Deploying Common Lisp Programs and Examining FreeBSD
Links for the day
Links 11/10/2024: Discord Still Blocked in Turkey, Google Might be Split
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 10, 2024
IRC logs for Thursday, October 10, 2024