If you have Ubuntu installed on desktop computer then you need to install Webcam externally for making work related video conferencing, connecting with loved ones or broadcasting your video gaming skills to the world. In recent years developers have made much advancement in Ubuntu OS to support more webcams in the market but before buying one for Ubuntu you must make sure it integrates well with Ubuntu drivers.
There are many reliable and high on quality webcams available in market from makers like Logitech, Pro Stream and LOETAD. But there are some things you must consider buying one for your Ubuntu. So before starting with list of webcams for Ubuntu, let’s have a roundup of things you must consider before buying a webcam.
Windows 7 was released a decade ago in 2009. A lot of people consider it to be the best Windows version Microsoft has ever made. Sadly Microsoft announced that Windows 7 will be disconnected in 14th of January, 2020. Being disconnected means that your OS will no longer receive updates, including security updates, at all. Which puts you in danger and under the pressure of switching to another OS as a lot of other apps will gradually stop working on Windows 7 too.
According to NetMarketShare (which is a very horrible source btw), 26% of desktop users are still using Windows 7, which is really huge considering that the OS will become out of service in few days. So, where to go from here? You could pay $100 to upgrade to Windows 10, which is very much heavier, full of data-collection mechanisms and adware. Or, you know, you could switch into using Linux, which is miles ahead of Windows in terms of almost everything.
This article will take you in detailed tour on why you should switch to Linux from Windows 7 (if you still haven’t), how to do it and everything else you may need to know.
The system design is end-to-end UNIX and Linux thereby immunising the systems against malicious threats. The solution has with immense power to control the client locations from central location by way of maintenance tasks, time synchronisation, patch updates and variety of user access requirements thus speeding up the service request handling from a remote location. Service requests can be lodged into the CMS system and are automated through SMS call lodging and reminder mechanisms. At the client side the users are authenticated via a biometric device (thumb impression reader) for logging onto the applications via a kiosk which ensures an audit trail and logging of activities for transparency and accountability.
I have two NUCs – a NUC5i5RYH and a NUC5i5RYK. The YH runs Fedora 31 and the YK Red Hat Enterprise Linux 8. Both have now been updated with the latest BIOS. Updating them was a trivial exercise of first downloading the ZIP file which happens to contain the needed file for the BIOS and fortunately is the same for both the NUCs. Second, copy the unzipped file on to a USB drive and plug that into the NUC and reboot. Hit the F7 button to pick the file from the USB device and proceed. That’s about it. Very easy and as simple as can be.
Now both of the NUCs have the latest BIOS and latest and best operating systems running on them. The two NUCs provide a host of services for the family – a Nextcloud instance, a ssh host, ssh bastion host and as a gateway between my primary broadband provider – the one that I pay for – MyRepublic and a “free” broadband from Starhub which could just as well not be there.
Josh and Kurt talk about security predictions for 2020. None of the predictions are even a bit controversial or unexpected. We're in a state of slow change, without disruptive technology next year will look a lot like this year.
Win conditions in open source
We review the major moments of the year's news, and discuss how they impacted our world.
To absolutely nobody's surprise, last week was very quiet indeed. It's hardly even worth making an rc release, but there are _some_ fixes in here, so here's the usual weekly Sunday afternoon rc.
It's drivers (gpio, i915, scsi, libata), some cifs fixes, and io_uring fixes. And some kunit/selftest updates. And one or two other random small things.
Go test it, you still have some time before the New Year's Eve celebrations commence. Let's all hope for a happy new year, but I suspect the next rc is going to be on the small side too as most people are probably still in holiday mode..
Linus
With New Year's this coming week, Linux 5.5-rc5 is likely to be quite small too. Thus Linux 5.5 will likely see eight release candidates at least depending upon how the next few weeks play out, meaning Linux 5.5 is lining up for its stable release on 26 January or 2 February.
Going back to the start of December with the Linux 5.5 merge window we have encountered several significant performance regressions. Over the weeks since we've reproduced the behavior on both Intel and AMD systems along with large and small CPUs. Following some holiday weekend bisecting fun, here is the cause at least partially for the Linux 5.5 slowdowns.
On a number of different systems this month we've seen several regressions in real-world workloads like NPB and Parboil, PostgreSQL, Memcached, RocksDB, and also synthetic tests like the Hackbench scheduler benchmark. Worth noting, as to be explained, all these systems were running Ubuntu Linux.
But even with hitting these regressions on multiple systems, we're now past mid-way through the Linux 5.5 cycle without any solution in place or much fuss on the kernel mailing list... So perhaps it's something not reproducible by the configurations of many upstream developers. Ultimately, yes, that is partially the cause as to be explained. Yet all the Ubuntu daily kernel images have seemingly been affected by the Linux 5.5 lower performance on these multiple systems.
Introduced with Linux 5.4 was a long-awaited Microsoft exFAT file-system driver albeit within the kernel's staging area and based upon some dated Samsung file-system driver code. That exFAT staging driver was improved upon more with Linux 5.5 but ultimately there is a concurrent effort for replacing it with a driver derived from newer Samsung open-source code and to be merged outside of staging.
With the Wraith Prism heatsink fan included with many modern AMD Ryzen processors there is configurable RGB lighting, which unfortunately AMD hadn't publicly documented or offered a Linux utility for manipulating the RGBs under Linux. Fortunately, there is now a straight-forward solution for dealing with those Wraith Prism RGB LEDs thanks to the open-source and independent CM-RGB project.
Just like AMD doesn't offer any CPU overclocking client from the Linux desktop, they don't offer any RGB control software for Linux. But CM-RGB is a Python-written independent utility that is command-line based and allows easily controlling the heatsink's lighting under Linux. The program allows setting the lighting mode, color based upon hex code, brightness, and other factors.
Mesa 20.0 continues getting more interesting with the infrastructure around the Gallium3D LLVM "Gallivm" and TGSI IR now supporting tessellation.
Thanks to Intel's Jan Zielinski, tessellation shader support was wired up for the TGSI IR with Gallivm code. This is one step away from enabling OpenGL tesselation shader support within their OpenSWR software rasterizer.
It's also then just a stone throw away as well from having OpenGL tessellation support flipped on too for LLVMpipe, when using TGSI over its new NIR code-path.
Last night I shared the results from what's causing one of the performance regressions in Linux 5.5 but sadly more regressions remain that are currently being tracked down.
Later today I hope to have the results to publish on a bisect of a second regression in Linux 5.5 Git. But overnight I did complete a run to rule out the workloads still affected even when disabling the kernel's AppArmor support per yesterday's article. These tests were done on the dual socket Xeon Platinum 8280 Cascade Lake server on Linux 5.5 Git as of yesterday.
A significant update of phpMyAdmin in version 5.0.0 is finally here, and users will now be able to get the taste of a new user interface along with various other features and enhancements.
Before we get to the news itself, let’s have a brief look at what this software is all about. phpMyAdmin is a handy tool that allows users to manage their MySQL and MariaDB databases in a more comfortable, better way with the help of a user interface panel. As you might have guessed from its name, PHP has been used to program this software.
Peter Miller's 1997 essay Recursive Make Considered Harmful persuasively argues that it is better to arrange to have a single make invocation with the project's complete dependency tree, rather than the currently conventional $(MAKE) -C subdirectory approach.
However, I have found that actually writing a project's build system in a non-recursive style is not very ergonomic. So with some help and prompting from Mark Wooding, I have made a tool to help.
PeaZip is an open source file and archive manager. It's freeware and free of charge for any use. PeaZip can extract most of archive formats both from Windows and Unix worlds, ranging from mainstream 7Z, RAR, TAR and ZIP to experimental ones like PAQ/LPAQ family, currently the most powerful compressor available.
This tutorial explains the ways to insert pictures into document in LibreOffice Writer. This is a preparation for you to work with multiple photos, graphics, logos, etc. You will learn how to do it manually and automatically, with menubar, copy-paste, and drag-and-drop, including to resize & arrange them within text, and finally to crop them. I also include download links to beautiful pictures like above and I hope with this article you can compose good documents. Happy learning!
After launching on itch.io while still in development, the impressive dark fantasy open-world RPG, Urtuk: The Desolation, is launching into Early Access on Steam next year.
In the announcement on their itch page, they've set a date for February 14th. This is after it's already been in development for 4 years, with it being live on itch in First Access and now pushing forwards onto Steam to take development even further.
Since I wear many hats, there’s multiple end-of-year retrospectives to have.
Huh, it seems like I’ve been a FreeBSD (ports) committer for a little over two years now. Time flies when you’re having fun and/or doing soul-crushing administrative busywork.
It depends on how you see packaging and tool support – what does it mean and what is your relationship with upstream.
The kde@ team maintains a bunch of C++ and toolkit infrastructure – CMake and Qt to name two – and that means that we have a lot of consumers that are not directly maintained by us. Changes in the infrastructure often affect other packages in some way – CMake no longer finds a specific package, or Boost gets away from us again, or changes in default C++ warning flags cause unmaintained code from 2002 to fail to build. All that is par-for-the-course when participating in a giant group project to maintain over 30000 packages.
As 2019 draws to a close, I’d like to use a blog entry to look back at what happened in Calamares in this year. I’m not doing this on the Calamares website itself, since this is more of a personal-retrospective than anything else.
In this year, there were 16 Calamares releases. There was at least one release every month except march (that one took a long time, and prompted a switch to “short cycle” later) and september (bracketed by august 30 and october 1 releases). I have tried to switch to “short cycle” releases (starting with Calamares 3.2.6) so that there’s faster turn-around on bugfixes and small features can be delivered more easily.
The short-cycles are about three weeks, and that’s held up reasonably well. What I do notice is that the number of small things remains constant and a couple of big-ticket items are still languishing. That’s still something I don’t know how to deal with.
This is the second blog post about my Outreachy internship at Fractal. The project I’m working on is the integration of a video player in Fractal.
[...]
A pipeline in GStreamer seems to be one of those concepts whose basic idea is pretty easy to grasp, but that can get as complicated as you want. As its name suggests, a pipeline is a system of connecting pieces that manipulate the media in one way or another. Those connecting pieces are called elements. The element where the media comes from is called source element and the one(s) where it’s rendered is/are called sink element. An example is shown in the drawing in https://bit.ly/2twW6Ht . As you can see there, every element itself again has a source and/or one or more sinks, that connect the elements among each other. The phenomenon, just described, of finding the same concept at the level of elements and at the level of the pipeline is not uncommon. I’ll give two more examples.
The first example is about buffering. On one hand, when pushing data through the pipeline, an element step by step gets access to the media by receiving a pointer to a small buffer in memory from the preceding element (buffers on the level of elements). Before receiving that, the element cannot start working on that piece of media. On the other hand, one can add a buffer element to the pipeline. That element is responsible for letting bigger chunks of data get stored (buffers on the level of the pipeline). Before that’s done, the pipeline cannot start the playback.
The second example concerns external and internal communication. The way a pipeline communicates internally is by sending events from one element to another. There are different kinds of events. Some of them are responsible for informing all pieces of the pipeline about an instruction that might come from outside the pipeline. An example is wanting to access a certain point of the video and playing the video from there, called seek event. For that to happen, the application can send a seek event to the pipeline (event on the level of pipeline). When that happens, that seek event is put on all sink elements of the pipeline and from there sent upstream, element by element (events on the level of elements), until it reaches the source element, which then pulls the requested data and sends it through the pipeline. But events are just one example of communication. Of course, there are other means. To mention some more: messages the pipeline leaves on the pipeline bus for the application to listen to, state changes and queries on elements or pads.
So I find the concept of pipelines quite interesting. But to practically get media processed the way I want, I’d have to set up a whole pipeline correspondingly. Creating an adequate pipeline and communicating with it and/or its elements can get complicated. But luckily for me, the audio player in Fractal is implemented using a concept called GstPlayer, so that’s what I’ve also used for video. It’s an abstraction of a pipeline that sets up a simple pipeline for you when creating it. It also has a simple API to manipulate certain functionalities of the pipeline once created. And to go beyond those functionalities, you can still extract the underlying pipeline from a GstPlayer and manipulate it manually.
In this video, we are looking at Calculate Linux 20, the KDE edition.
The year is still ending and the perfect time to reflect and look back at some Magazine articles continues. This time, let’s see if the editors chose some interesting ones from 2019. Yes, they did!
[...]
Fedora Magazine exists thanks to our great contributors. And you (yes, you!) can become one, too! Contributions include topic proposals, writing, and editorial tasks. This article shows you how to join the team and help people learn about Linux.
Many people noticed Debian Developers have started making wholesale leaks of material from debian-private.
This finishes off the same year where we saw the death of Lucy Wayland, the cover-up of a controversial $300,000 donation from Google and the blackmailing of Norbert Preining.
What these divisions demonstrate is a maturity gap. The cabals running the project have never really grown up. Like a 15-year-old who receives a Ferrari for his birthday, the Debian Account Managers are not mature enough to handle the power associated with their positions.
Anybody familiar with the content of debian-private can see this is true: some leadership figures who have been in the project for decades are still behaving the same way that they did in the nineteen nineties yet we are about to begin 2020.
RS485 sensor nodes are often used in smart agriculture, environment monitoring, or factory & building automation and work up to 1.2 km when using AWG 18 cables.
Marvell ESPRESSOBin networking board launched in 2016 for as little as $39 with an Armada 3700LP (88F3720) dual-core Arm Cortex A53 processor, up to 1GB RAM, three Gigabit Ethernet ports, SATA...
[...]
The unit will ship with an updated 4.19 mainline Linux with integrated wireless and networking drivers. There’s no Wiki at this time, but I suppose many of the resources and documentation for its little brother (ESPRESSOBin) may be re-used. The Wiki has documentation for up to Linux 4.14 though, and searches for Linux 4.19 support point me to Armbian instead.
The Face ID Unlock Technology in a Smartwatch Kospet, the maker of smartwatches, has developed the Kospet Prime SE, a smartwatch phone with Face Unlock/Face ID technology.
Libre RISC-V, the project aiming to create an open-source accelerator that would run a Vulkan software renderer in being an "open-source GPU" aiming for just 25 FPS @ 720p or 5~6 GFLOPS, has managed to secure 300k EUR in grants for their work.
Last year they already secured a 50k EUR grant for working on this low-end chip that initially was envisioned to be an open-source RISC-V SoC. Though more recently Libre RISC-V is seriously looking at using an OpenPOWER architecture design rather than RISC-V.
At GNU Health Con (now more than two weeks ago) I gave a talk on saturday afternoon about Pine. Thanks to TLLim for providing me we slides (we caught up at Linux App Summit) to start off the talk. I dove down a little more into the products that are available, saying “this is not a sales talk” but ..
At the end of the day there were lots of people seriously interested in Pine hardware. If I can’t even not sell devices, what am I to do?
Let's start off with mentioning that both these new phones are great steps forward for Linux. While they will probably not beat Android and iOS in popularity, they will at least give Linux power users a device that can be called a Linux phone instead of the usual "technically it's running Linux because that's only a kernel". These phones not only run the latest, mainline Linux kernel, they also have the desktop stacks people are already familiar with.
Holy shit! This is the phone I have always wanted. I have never been this excited about the mobile sector before. However: the software side is totally absent — phone calls are very dubious, SMS is somewhat dubious, LTE requires some hacks, and everything will have to be written from the ground up.
I have a PinePhone developer edition model, which I paid for out of pocket1 and which took an excruciatingly long time to arrive. When it finally arrived, it came with no SIM or microSD card (expected), and the eMMC had some half-assed version of Android on it which just boot looped without POSTing to anything useful2. This didn’t bother me in the slightest — like any other computer I’ve purchased, I planned on immediately flashing my own OS on it. My Linux distribution of choice for it is postmarketOS, which is basically the mobile OS I’d build if I wanted to build a mobile OS.
CNBC Explores released a 14-minute documentary this month called "The Rise Of Open-Source Software." It's already racked up 558,802 views on YouTube, arguing that open-source software "has essentially taken over the world. Companies in every industry, from Walmart to Exxon Mobile to Verizon, have open-sourced their projects. Microsoft has completely changed its point of view, and is now seen as a leader in the space. And in 2016 the U.S. government even promised to open-source at least 20% of all its new custom-developed code."
The documentary does mention the 1990s, when Microsoft "even went so far as to call Open Source 'Unamerican' and bad for intellectual property rights." But two and a half minutes in, they also tell the famous story of that 1970s printer jam at MIT which led to the purchase of a proprietary printer that inspired Richard Stallman to quit his job to develop the GNU operating system and spearhead the free software movement. And at three and a half minutes in, they also describe how Linus Torvalds "unceremoniously released" Linux in 1991, and report that "By the turn of the century, NASA, Dell, and IBM were all using it." And at 4:18, they mention "other open source projects" gaining popularity, including MySQL, Perl, and Apache.
[...]
Here's a list (in order of appearance) of the people interviewed: Nat Friedman, CEO of GitHub Devon Zuegel, Open-Source Product Manager, GitHub Chris Wright, CTO of Red Hat Jim Zemlin, Executive Director of the Linux Foundation Feross Aboukhadijeh, Open-Source Maintainer Chen Goldberg, Google's Director of Engineering
In his presentation, Marlinspike basically states that federated systems have the issue of being frozen in time while centralized systems are flexible and easy to change.
As an example, Marlinspike names HTTP/1.1, which was released in 1999 and on which we are stuck on ever since. While it is true, that a huge part of the internet is currently running on HTTP 1.0 and 1.1, one has to consider that its successor HTTP/2.0 was only released in 2015. 4 / 5 years are not a long time to update the entirety of the internet, especially if you consider the fact that the big browser vendors announced to only make their browsers work with HTTP/2.0 sites when they are TLS encrypted.
Marlinspike then goes on listing 4 expectations that advocates of federated systems have, namely privacy, censorship resistance, availability and control. This is pretty accurate and matches my personal expectations pretty well. He then argues, that Signal as a centralized application can fulfill those expectations as well, if not better than a decentralized system.
I wanted to pen something before the year is gone about the recent Linux Application Summit 2019. This is the 3rd iteration of the conference and each iteration has moved the needle forward.
The thing that excites me going forward is what we can do when we work together between our various free and open source communities. LAS represents forming a partnership and building a new community around applications. By itself the ‘desktop’ doesn’t mean much to the larger open source ecosystems not because it isn’t important because the frenetic pace of open source community expansion have moved so fast that these communities do not have organizational history of foundational technologies that our communities have built over the years that they use every day and maintain.
To educate them would be too large of a task instead we need to capitalize on the hunger for technology, toolchains, and experience that build and possess. We can do that by presenting ourselves as the apps community which presents no prejudice to the outside community. We own apps, because we own the mindshare through maturity, experience, and communities that spring around it.
From here, we can start representing apps not just through the main Linux App Summit, but through other venues. Create the Apps tracks at FOSDEM, Linux Foundation events, Plumbers etc.
Linux Mint is a great operating system, but with the most recent version (19.3 "Tricia"), there was some shocking news -- GIMP (GNU Image Manipulation Program) was being removed! Crazy, right? I mean, of all of the great software available for Linux, GIMP is one of the best. It is an essential image editing tool that rivals Adobe Photoshop.
So, why did Linux Mint remove it as a pre-installed program? The developers thought the software was too advanced for newer Linux users. While I think that is a bit of nonsense, I can understand why the Mint developers would want to cater to beginners. Thankfully, it is totally easy to install GIMP on a new Linux Mint 19.3 installation.
I just pushed support for SPV files to the master branch of PSPP.
[...]
I would appreciate experience reports, positive or negative. The main known limitation is that graphs are not yet supported (this is actually a huge amount of work due to the way that SPSS implements graphs).
Just because a license is not the right place to enforce ethical software usage doesn't mean we don't recognize the problem, or respect the people raising it. We should encourage and participate in conversations about the ethical usage of software. With the ground rules of free software as the baseline, anyone can build systems to specifically promote ethical use.
If you’d like a regular certificate, you can do so by attaching your public legal name to your software and sending in a copy of your driver’s license. And that is to say nothing of the risks you take these days online by publishing your legal name.
And even if you do all of this and start signing your executables, I still can’t find any assurance whether Google will begin to treat these executables as safe or not.
freedb.org and its services will be shut down on March 31st of 2020.
Freedb is a free online database of track listings for millions of CDs. Without this type of database, you’d either end up with a bunch of nameless files, or you’d have to manually type the album names, artist info, song titles, and other data into your computer.
While FreeDB isn’t the only game in town, it’s been one of the most prominent services providing track listing data for nearly two decades — and according to a note at the freedb website, it’ll shut down at the end of March, 2020.
Freedb data was originally based on information from the CDDB (Compact Disc Database), which eventually became proprietary software and which prohibited unlicensed applications from using that data. So freedb, which is a free service operated under a GPL license, now consists of user-generated data.
The GNU Compiler Collection (GCC) plans for transitioning from SVN to Git over New Year's Day looks like for sure now that goal will not be realized. There still is no firm consensus over which SVN to Git conversion approach to utilize.
On Christmas Eve, Eric S Raymond announced his Reposurgeon software should be ready for a full and correct GCC conversion of the SVN source tree to Git. Since then, various minors bugs have been pointed out and tweaking to Reposurgeon has continued.
DevNation tech talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions and code and sample projects to help you get started. In this presentation, you’ll learn about the serverless developer experience on Kubernetes with Knative and Apache Kafka from Matthias Wessendorf.
Apache Kafka has emerged as a leading platform for building real-time data pipelines and for high-throughput/low-latency messaging. With its scalable and distributed design, Apache Kafka is a good fit for platforms like Kubernetes. Knative, on the other hand, is a Kubernetes-based platform that comes with a set of building blocks to build, deploy, and manage modern serverless workloads.
I am an avid reader, but I go through periods where I'm so busy that it's hard to find the time to keep up with my reading list. Even during my busiest times, I try to stay up to date on DevOps news since it's one of my areas of focus.
Here, I've summarized key takeaways from the top eight DevOps articles Opensource.com published this year so you can increase your knowledge even if you don't have time to read all of them. Since DevOps is about people, processes, and tools, I've categorized the top eight articles around those themes.
But for this year’s lecture, Knuth did something special. He showed the audience how, throughout the last half of a century, he’s whimsically worked the digits of pi into various exercises in his book — again, and again, and again. Knuth tells the audience that he’s searched the entire text of his own book, The Art of Computer Programming, using the Linux tool egrep, and he’s found a whopping 1,700 occurrences of the word pi, “which mean pi occurs maybe twice every five pages in the book so far.” He feels that using pi in his examples assures readers that the algorithms really will work, even on an arbitrarily chosen cluster of digits.
Opensource.com's six-part guide to Small Scale Scrum (which I helped co-author) advises smaller teams on how to bring agile into their work. The traditional scrum framework outlined in the official Scrum Guide recommends a minimum of three people for the framework to realize its full potential. However, it provides no guidance for how teams of one or two people can follow scrum successfully. Our six-part series aims to formalize Small Scale Scrum and examines our experience with it in the real world. The series was received very warmly by our readers—so much such that the six individual articles comprise 60% of our Top 10 list. So, if you haven't already, make sure to download them from our Introduction to Small Scale Scrum page.
Modules are namespaces. This means that correctly predicting module semantics often just requires familiarity with how Python namespaces work. Classes are namespaces. Objects are namespaces. Functions have access to their local namespace, their parent namespace, and the global namespace.
The simple model, where the . operator accesses an object, which in turn will usually, but not always, do some sort of dictionary lookup, makes Python hard to optimize, but easy to explain.
Indeed, some third-party modules take this guideline and run with it. For example, the variants package turns functions into namespaces of "related functionality." It is a good example of how the Zen of Python can inspire new abstractions.
The post How to use Pandas get_dummies to Create Dummy Variables in Python appeared first on Erik Marsja.
In this post, we will learn how to use Pandas get_dummies() method to create dummy variables in Python. Dummy variables (or binary/indicator variables) are often used in statistical analyses as well as in more simple descriptive statistics.
If you’re one of those people looking forward to a new decade on Wednesday, Lindsay Foyle has no plans to let you anywhere near his finances, although he might let you score for him in cricket.
High school students enter a classroom at Rainier Beach High School in Seattle on an October morning. They sit at their desks, but they’re soon asked to rearrange their chairs into a circle. Today is Thursday, which means they’ll be having their weekly class in restorative justice.
The same Census Bureau report featured an analysis of internet subscription rates in Memphis, Tennessee, showing high connectivity in the suburbs around the city, but noticeably large gaps in both the urban core, and in rural areas. As a recent Washington Post headline put it, “cities, not rural areas, are the real Internet deserts.” And education experts interviewed by Teen Vogue say that internet connectivity is just one of many issues creating a digital divide among students.
Senate Democrats have repeatedly tried to force Senate Majority Leader Mitch McConnell (R-Ky.) to schedule votes on a raft of various election security bills. The House has passed three major pieces of election security legislation this year that have stalled amid Republican objections in the Senate.
With open source software, we’ve grown accustomed to a certain level of trust that whatever we are running on our computers is what we expect it to actually be. Thanks to hashing and public key signatures in various parts in the development and deployment cycle, it’s hard for a third party to modify source code or executables without us being easily able to spot it, even if it travels through untrustworthy channels.
Unfortunately, when it comes to open source hardware, the number of steps and parties involved that are out of our control until we have a final product — production, logistics, distribution, even the customer — makes it substantially more difficult to achieve the same peace of mind. To make things worse, to actually validate the hardware on chip level, you’d ultimately have to destroy it.
On his talk this year at the 36C3, [bunnie] showed a detailed insight of several attack vectors we could face during manufacturing. Skipping the obvious ones like adding or substituting components, he’s focusing on highly ambitious and hard to detect modifications inside an IC’s package with wirebonded or through-silicon via (TSV) implants, down to modifying the netlist or mask of the integrated circuit itself. And these aren’t any theoretical or “what if” scenarios, but actual possible options — of course, some of them come with a certain price tag, but in the end, with the right motivation, money is only a detail.
Whether you're learning the first steps or looking to add to your skills, there's something for you in Opensource.com's top 10 security articles of 2019.
If security is a process (and it is), then it stands to reason that different projects (and contributors) are in different places. Some applications have years of security testing, with design done by people who have worked in information security for decades. Others are brand new projects by developers working on their first open source project. It comes as no surprise that Opensource.com's top security articles of 2019 represent this range of experience. We have articles that introduce basic security practices as well as deep dives into more advanced topics.
Whether you're learning the first steps or looking to add to your skills acquired over a storied career, there's something for you in the top 10 security articles of 2019.
“We’re trying to create order out of chaos,” said CEO Wayne Jackson of his company, Sonatype.
[...]
“We are building the world’s critical infrastructure on software somebody else wrote, a stranger with unknown skills, motivations and desires, but the desire to innovate is so high, we’re willing to accept the risk of using some random person’s software invention,” Jackson said.
Sometimes developers understand the practical use of the open source code they’re creating, and sometimes they don’t, according to Jackson.
Last year, the Supreme Court issued a landmark opinion in a case we’ve written about a lot, called Carpenter v. United States, ruling that the Fourth Amendment protects data generated by our phones called historical cell-site location information or CSLI. The Court recognized that CSLI creates a “detailed chronicle of a person’s physical presence compiled every day, every moment over years.” As a result, police must now get a warrant to access it.€
In the year and a half since the Supreme Court’s ruling, Carpenter has been cited in more than 450 criminal and civil cases across the country. Carpenter caused a sea change in Fourth Amendment law because it expressly recognized that, under the right circumstances, we have a reasonable expectation of privacy in information we share with third parties and in our actions while we’re in public. The question courts began to grapple with in 2019 and will continue to address in 2020 is what those circumstances are.
I generally care relatively little for the personal lives of people of note, but something that always nagged me just slightly about Edward Snowden’s 2013 revelations that the NSA was spying on pretty much everyone was — how angry was his girlfriend?
This February, with Venezuela rocked by economic collapse and a presidential succession crisis, an opposition party put out a call for volunteers. Juan Guaidó, a political leader with the Popular Will party, called on supporters to register at the site “Volunteers for Venezuela”. Guaidó announced that the call was successful, with over 100,000 supporters submitting their contact information to the site.
But according to researchers with Venezuela Inteligente, CrowdStrike, and Kaspersky Lab, bad actors used DNS response injection to route these visitors to a fake version of the site. The fake version of the site looked identical to the real one, but researchers believe that the information collected was sent to the attackers instead of to Guaidó’s party. On February 17th, the identities of the activists were leaked by a media outlet supporting Guaidó’s rival Nicolás Maduro, which the Atlantic Council’s Digital Forensics Research Lab believes had access to the database of phished information.
Along the Line, is a member of the Demcast network, brought to you by the Media Freedom Foundation. On today’s episode€ hosts Nicholas Baham III (Dr. Dreadlocks), Janice Domingo,€ and Nolan Higdon discuss Internet regulation from its inception to California’s 2020 privacy protection law.€ ATL’s€ Creative Director is Dylan Lazaga.€ Mickey Huff is ATL’s producer. ATL’s engineer is Janice Domingo. Adam Armstrong is ATL’s webmaster.
The Indian Express report may spark fears that the state is using the police to prevent democratic protests against a law that bars undocumented Muslims from three neighboring nations seeking Indian citizenship, but allows people of other faiths to do so.
The Taliban’s ruling council agreed Sunday to a temporary cease-fire in Afghanistan, providing a window in which a peace agreement with the United States can be signed, officials from the insurgent group said. They didn’t say when it would begin.
On December 10, A kosher grocery store in Jersey City was attacked and 3 people killed.
This was next door to a Jewish school which appears to have been the real target.
In response to this, and to ongoing attacks over the past several years, New York City Mayor Bill De Blasio announced an increase in patrols in the affected neighborhoods.
[...]
And here’s where I claim blogger’s privilege and write without sourcing: the grocery attack and the Hanukkah attack are not new; there has been ongoing violence against the Jewish communities of New York City and its suburbs for some years now, without outsiders taking much interest in it. Passers-by on the streets — mothers, the elderly, and others considered to be innocent and defenseless, assaulted in ways that range from petty to serious injuries. But those same voices who in other contexts proclaim their opposition to racism and prejudice of all kinds, back off and say, “it’s complicated.”
A knife-wielding man stormed into a rabbi’s home and stabbed five people as they celebrated Hanukkah in an Orthodox Jewish community north of New York City, an ambush the governor said Sunday was an act of domestic terrorism fueled by intolerance and a “cancer” of growing hatred in America.
When Longmont Police Department Detective Sandra Campanella thinks ahead to the new year, she thinks of the work that has to be done to improve resources for domestic violence victims so that they can safely leave abusive relationships.
This feeling surfaced last week , when Campanella reflected on a Colorado Domestic Violence Fatality Review Board report released by the Colorado Office of the Attorney General showed 43 people died from domestic violence in 2018, a number that surged in comparison to 2017, which saw a total of 39 deaths. While Campanella said population growth likely was a factor in the rise, it still points to an issue.
“It’s 43 people too many,” Campanella said.
The Colorado Domestic Violence Fatality Review Board is comprised of experts from the field who work with victims. The board was created in 2017 by the Colorado General Assembly to analyze data and create state policy recommendations. To compile the report, the board worked with the Denver Metro Domestic Violence Fatality Review committee.
“We need to always figure out how to learn from tragedy,” said Attorney General Phil Weiser. “We need to go back and see what happened. What were the warning signs that were missed?”
“All right, Chuck Bonniwell, Julie Hayden here, a little after 1:30, talking about the never-ending impeachment of Donald Trump,” host Chuck Bonniwell said on his show Tuesday, chuckling. “You know you wish for a nice school shooting” to interrupt the impeachment news, he said, as his co-host jumped in, decrying the statement.
“Don’t even — don’t even say that. No, don’t even say that,” Hayden said. “Don’t call us. Chuck didn’t say that.” As he laughed, Bonniwell continued, “– which no one would be hurt.”
On Wednesday evening, 710 KNUS posted on Twitter that Bonniwell’s program was canceled: “Given the history of school violence that has plagued our community, 710 KNUS confirms that an inappropriate comment was made on the Chuck & Julie show by co-host Chuck Bonniwell. A programming decision was made to end the program immediately.”
The U.S. has carried out military strikes in Iraq and Syria targeting a militia blamed for a rocket attack that killed an American contractor, a Defense Department spokesman said Sunday.
In many ways, such gloomy perspectives are appropriate. Millions of people are already being displaced or killed by the human-caused destabilisation of our climate. And yet, as environmental scientists and communication specialists point out, such narratives are problematic because they tend to inspire inertia and anxiety rather than€ action.
Australia's giant kelp beds are literally being cooked by the ocean
Australia is still on fire.
2019 is slated to be the second-warmest year on record, according to the National Oceanic and Atmospheric Administration. This means that, come year’s end, all of the top 10 warmest recorded years will have happened in the last two decades. The climate is worsening as we speak, and the years we have left to prevent even more catastrophic change are flying by.
This is an “All hands on deck!” moment.
Defenders of ocean habitats celebrated Friday after a federal court upheld a lower court ruling defending the right of the U.S. executive branch to set aside marine areas as national monuments.
The global transition to renewable energy and electric vehicles — technologies that are currently powered by lithium-ion batteries — is creating a high demand for lithium, popularly known as white gold, among other minerals. In Portugal, where some of the largest reserves of lithium in Europe are located, the government recently launched a strategy to increase mining and supply of the mineral for this emerging market. However, residents and organizations throughout the country are questioning the impacts of that large-scale mining plan and who will really benefit from it.
Changes in groundwater flows due to climate change could have a very long legacy. This could be described as an environmental time bomb
For the new year, imagine the wondrous possibilities of a truly liberal, post-capitalist, technologically advanced society.
From Boeing to Whole Foods, companies are touting social responsibility as profits soar. Don’t believe a word of it.
The election of President Donald Trump will likely define this decade, but the breakdown in our political system which sowed deeper partisan divisions and ultimately paved the way for his White House victory can be traced back to a single January day almost exactly ten years ago.
The year 2019 has been a nightmare for whistleblower Chelsea Manning and her supporters. While Donald Trump cleared three members of the United States Army who reportedly murdered Afghani civilians, Manning is, once again, confined for acting in accord with her own principles. In 2010, she was imprisoned for leaking classified military and diplomatic documents that exposed U.S. war crimes, including the murder of Iraqi and Afghani civilians.
Reuters is reporting that the British government published the physical addresses of a number of celebrities online by accident, including those of Elton John and Olivia Newton-John.
The media shift on Sanders, matched by a change in attitude among establishment Democrats, is one sign that Sanders has a chance. But there are still hurdles the candidate has to clear. The most important barrier is the concern Democratic primary voters have over electability.
Sri Lanka 2011. It is two years since a brutal civil war ended, with the UN reporting tens of thousands of civilians killed in the final months of battle, mostly by the state military. In the formerly contested territory in the north-east of the island, a refugee called Padmagowry (not her real name) has recently been resettled in a new village. It’s not her land; hers is still occupied by the army.
Marie* was 14 years old and enrolled in a Christian school when she met and became involved with Miguel, a Brazilian soldier working in Haiti as a UN peacekeeper. When she told him that she was pregnant with his baby, Miguel said he would help her with the child. But instead, he returned to Brazil. Marie wrote to him on Facebook but he never responded.
Things aren’t just grim for Instacart workers this winter. Across the United States, gig workers on apps including Uber, Lyft, and UberEats saw precipitous drops in their income this year, as companies slash wages in anticipation of initial public offerings on the stock market. The companies have also flooded the markets with new workers, making “gig” assignments harder to come by. (Both Uber and Lyft made their stock market debuts this year, while Instacart’s CEO hinted earlier this year that the company, which has been valued at $7.8 billion, plans to file for an IPO.)
The changes have left gig workers struggling to pay for food, utilities, and medical bills.
In a thorough decision, Barcelona Commercial Court (Section 15) clarifies important findings on novelty, inventive step and claim construction. A technical feature disclosed in the prior art will not anticipate an identical feature if the exact same functionality is not described in the prior art, even if it is common ground that the prior art’s feature may indeed perform the same function.
CG Technology Development, LLC (CG Tech) appealed the Patent Trial and Appeal Board's Final Written Decision holding that the claims of U.S. Patent RE39,818 would have been obvious. The Federal Circuit found that even though the disputed limitations in the claims were improperly construed, the claims were nevertheless invalid under the proper construction. [...]
The Federal Circuit agreed with CG Tech that the Board erred in construing the "authorize play based on age" limitations. The Board's construction was found to fail to distinguish the two embodiments described in the claims and the specification: authorizing and adjusting. "Authorize" indicates only prohibiting (or not prohibiting) the player from playing the game, a concept distinct from "adjusting" the game. The claims also distinguish between "authorizing" game execution based on user age and "adjusting" the game.
The specification similarly distinguishes between authorizing and adjusting game play. The specification describes a controller that ensures "amusement games designed for a specific age group [are] not operated by an inappropriate user" such that a "video game can be prohibited based on the user age." But it separately explains that "educational video 'games' can be adjusted to the age of the user." The intrinsic record thus supports the conclusion that the "authorize play based on age" limitations do not include adjustment and therefore are properly construed as requiring "a control that prohibits operation of a video game based on the user's age."
Although the Board incorrectly construed the "authorize play based on age" limitations, its findings regarding Kelly were limited to Kelly's disclosure of "prohibiting" game play based on age. The incorrect claim construction was therefore found to be harmless error since substantial evidence supported the Board's finding.
[...]
Thus, because substantial evidence supported the Board's finding that Kelly teaches these limitations under the proper construction, the Federal Circuit affirmed the Board's decision.
This week Australia's Department of Communications and the Arts published its latest consumer survey on copyright infringement. The data reveal that while there are apparently fewer Aussie pirates, overall spending on music, movies and games is down too. Pirate site blocking does seem to have some effect, even though the survey overstates the effectiveness somewhat.
The online piracy wars have claimed many victims over the years, from regular file-sharers to anti-piracy companies that collapsed under their own controversies. But perhaps the most obvious are the many pirate sites, platforms and services that have gone down due to a firestorm of litigation, overwhelming threats, or raids by law enforcement authorities. Here are the Top 19 casualties of 2019.
