Bonum Certa Men Certa

Links 29/1/2020: MPV 0.32, Qt Offering Changes, Thunderbird Gets New Home



  • GNU/Linux

    • Desktop/Laptop

      • Still On Windows 7? Canonical Says It’s Time To Switch To Linux

        Windows 7 reached its end of support deadline quite recently. It clearly means that Windows 7 devices are no longer eligible for technical support and security updates. If you are one of those loyal Windows 7 fans who haven’t upgraded yet, your production machine is prone to serious potential risks.

        However, Microsoft recommends its users that they should upgrade to the latest version of Windows as soon as possible. Notably, there are two ways to switch to Windows 10. You can either clean install the operating system or purchase a new system with pre-installed Windows 10 OS.

        Speaking of Windows 10, we can not deny the fact that thousands of users are still hesitant to upgrade to Windows 10. Their hesitation is pretty much obvious because of the series of bugs that come along with each update.

        This is one of the reasons many people are now looking for a Linux-based operating system. But many of them don’t have any idea about the upgrade process. They are concerned about the hardware incompatibility issues and more.

      • Ubuntu Invites Windows 7 Users With Linux Switch Guides

        Canonical today published the first part of a tutorial series designed to help Windows 7 users migrate to Ubuntu Linux after Microsoft's decade-old OS reached end of support this month and stopped receiving security and bug fixes.

        "We will provide a series of detailed, step-by-step tutorials that should help less tech-savvy Windows 7 users migrate from their old operating system to Ubuntu," Canonical developer advocate Igor Ljubuncic said.

        Today's post covers the steps before the actual migration and the data backup stage, and it will be followed by other tutorials detailing the installation steps as well as the post-install configuration and desktop environment setup process.

        While Windows 7 refugees also have the option to upgrade to Windows 10 or to buy a new computer with an operating system under active support such as macOS or Windows 10, Canonical would gladly have them switch to its free Ubuntu Linux distribution.

      • Official how to switch from Windows 7 to Ubuntu Linux tutorial now available

        If you are still using Windows 7 on your computer, you are making a huge mistake. Running an unsupported operating system is pure foolishness -- there will be countless exploits in the future for which you simply won't receive patches. In other words, your data and overall online safety is now at major risk. If you insist on sticking with Microsoft's operating system, you might as well upgrade to Windows 10 -- either by installing the operating system onyour current computer or buying a new PC with the OS pre-loaded.

        Understandably, many people are scared of Windows 10 -- Microsoft's data collection through extreme telemetry can make it feel like your own computer is spying on you. In that case, a Linux-based operating system should be considered. Today, Canonical releases an official guide for those thinking of switching to Ubuntu from Windows 7. Not only does the guide address potential hardware incompatibilities, but it provides a handy list of popular Windows software and its comparable Linux alternatives.

      • How to upgrade from Windows 7 to Ubuntu – Hardware and software considerations

        A few days ago, Rhys Davies wrote a timely article, titled Why you should upgrade to Ubuntu. In it, he outlined a high-level overview of what the end of support of Windows 7 signifies for the typical user, the consideration – and advantages – of migrating to Ubuntu as an alternative, and the basic steps one should undertake to achieve this.

        We’d like to expand on this idea. We will provide a series of detailed, step-by-step tutorials that should help less tech-savvy Windows 7 users migrate from their old operating system to Ubuntu. We will start with considerations for the move, with emphasis on applications and data backup. Then, we will follow up with the installation of the new operating system, and finally cover the Ubuntu desktop tour, post-install configuration and setup.

      • MintBox 3 debuts with 9th Gen Core CPUs, NVMe and Mint 19.3

        CompuLab and the Linux Mint project have launched a “MintBox 3” version of CompuLab’s fanless Airtop3” mini-tower loaded with Linux Mint 19.3 and a choice of Intel 9th Gen CPUs: a hexa-core i5-9500 for $1,399 and an octa-core i9-9900K with GeForce GTX 1660 graphics for $2,499.

        For years, the Linux Mint project and CompuLab have collaborated on CompuLab mini-PCs pre-loaded with the Mint distro, most recently with its $299-and-up, MintBox Mini 2 based on an Apollo Lake based Fitlet2 mini-PC. Back in 2013 there was a $599-and-up MintBox 2 built around an Intense PC driven by a 3rd Gen Ivy Bridge Core processor. Now, the partners have teamed up on a much more powerful — and expensive — MintBox3 that showcases CompuLab’s recent Airtop3 mini-tower based on Intel’s 9th Gen Core “Coffee Lake Refresh” processors.

      • Chrome OS 81 to allow Linux username selection for Crostini

        I’m not judging but apparently, some Chromebook users have some strange email addresses. And by strange, I mean they don’t allow you to set up the default user when installing Linux in Chrome OS.

        I’m joking a little here. However, this is a real issue for certain Gmail addresses because it’s that account that’s used to create the default user.

        [...]

        Based on the current code merge, when starting the Linux installation process, users will be prompted to supply a username, which is then applied to the Linux container system settings.

      • Linux on Chrome OS: Disk resizing and custom username now working in Canary Channel

        A couple of weeks ago, we unearthed work being done that will give users the ability to set a custom size for the allotted amount of disk space used by Crostini Linux on Chrome OS. Still disabled via a flag, the resizing feature was still just a placeholder at that time. Today, after an update to the Canary Channel, it looks like the resizing function is now live. It’s still behind a flag and disabled by default but enabling it and starting Crostini from scratch now gives you the option to pick the amount of disk space you want to use for Linux.

        [...]

        The renaming feature, like the resizing one, was disabled behind a flag and wasn’t working as of yesterday. With the latest update to Canary, the custom username feature is now working when the flag is enabled and it appears right above the resizing option when you install Crostini for the first time. Some users may like this feature simply because they want to create a unique username for Linux but for others, this will be a crucial update when it hits the Stable Channel in the coming months.

    • Server

      • Just Released: Kube-Scan Open Source Scanning Tool for Kubernetes

        A startup focused on Kubernetes security has released an open source risk assessment tool for the popular container orchestration platform. Cloud-native app security provider Octarine's Kube-Scan is a cluster risk assessment tool for developers that scans Kubernetes configurations and settings to identify and rank potential vulnerabilities in applications in minutes.

        The tool's risk score is based on Octarine's own Kubernetes Common Configuration Scoring System (KCCSS), a framework similar to the widely used Common Vulnerability Scoring System (CVSS). The KCCSS is similar to the CVSS, but it focuses on the configurations and security settings themselves.

      • Catalogic Software Debuts Open Source Backup Tool for Kubernetes

        Catalogic Software has made available the open source KubeDR utility for backing up and recovering Kubernetes cluster configuration, certificates and metadata residing in an etcd repository.

        Company COO Sathya Sankaran says Catalogic Software has been working to extend the reach of its backup and recovery software for Kubernetes and that KubeDR represents an effort to give back to the open source community. The company’s backup and recovery software already have been extended to support instances of Red Hat OpenShift, which is based on a distribution of Kubernetes, running in OpenStack environments.

        As part of that effort, Catalogic Software, which spun out of Syncsort in 2013, has created Catalogic Labs, committed to developing additional open source data protection technologies.

        KubeDR is designed to enable IT organizations to recover Kubernetes configuration, certificates and metadata stored in an S3-compatible object storage system. The idea is to make it easier for IT organizations to recover a Kubernetes cluster in the event of a failure. IT teams still need a separate tool to back and recover any application data that might have been lost as well.

      • Container software startup Anchore raises $20 million

        The open source software evolution that garnered a $150 million buyout by software giant RedHat in 2015 is fueling a second venture for return founder Saïd Ziouani, this time focused on securing the containers at the core of app development.

      • New open-source projects look to secure Kubernetes

        Kubernetes security company Octarine has announced two new open-source projects designed to protect against cloud-native security vulnerabilities. The Kubernetes Common Configuration Scoring System (KCCSS) is a framework for rating security risks, and kube-scan is a workload and assessment tool.

        “Our mission is to make the adoption of DevSecOps best practices simple, understandable, and achievable for any organization running Kubernetes,” said Julien Sobrier, head of product at Octarine. “One glaring blindspot is at the configuration level when building and deploying cloud native apps. We hope these two new projects benefit the Kubernetes practitioners industry-wide and look forward to collaborating with the community to make Kubernetes as secure and compliant as possible.”

      • Explaining Knative, the Project to Liberate Serverless from Cloud Giants

        Today, using serverless means choosing a cloud platform to lock yourself into. The open source project expected to fix that is approaching prime time.

      • IBM

        • OpenShift 4.3: Dashboard refinements and the new Project dashboard

          The Cluster Overview dashboard we introduced in Red Hat OpenShift 4.2 was a significant and well-received addition to the Web Console, and our team has greatly enjoyed seeing how OpenShift users (and even our own developers) have been using it to identify and resolve issues they otherwise may not have noticed.

          We’ve made a number of changes both big and small to the dashboard based on our user research findings and the feedback we’ve collected from readers like you. This post covers some of the key improvements and introduces a new member of the dashboard family that we think developers in particular are going to love.

        • Open Virtual Network unidlingOpen Virtual Network unidling

          Open Virtual Network (OVN) is a project born as a sub-component of Open vSwitch (OVS), which is a performant, programmable, multi-platform virtual switch. OVN allows OVS users to natively create overlay networks by introducing virtual network abstractions such as virtual switches and routers. Moreover, OVN provides methods for setting up Access Control Lists (ACLs) and network services such as DHCP. Many Red Hat products, like Red Hat OpenStack Platform, Red Hat Virtualization, and Red Hat OpenShift Container Platform, rely on OVN to configure network functionalities.

        • Using Red Hat Universal Base Image with Azure Pipelines and Red Hat Quay.io
        • Time to celebrate Data Privacy Day!

          In the words of the National Cyber Security Alliance, Data Privacy Day "is an international effort to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust."

          Data privacy should be at the forefront of everyone's mind. Protecting your personal data and understanding your right to privacy is becoming more and more important as we start to understand how valuable personal data is and how we are all accountable for protecting our privacy.

          Data privacy day is focused on staying safe online, which is a great opportunity to reflect on privacy in a personal way.

        • Overview of syslog-ng RPM repositories

          Most Linux distributions – like openSUSE or Fedora – include a syslog-ng package in their official repositories ready to install. Some others – like SLES and RHEL – include it in semi-official repositories, like SLES Backports and EPEL. What is the use case for unofficial repositories?

          Unless you use the rolling version of a distribution, like openSUSE Tumbleweed or Fedora Rawhide, you will be using an old version of syslog-ng. In some extreme cases, like RHEL 7, it means a six years old syslog-ng release, missing many features – like multi-threading – which are taken now for granted. Even if the included syslog-ng version is up-to-date, it might miss a few features – like the Java and Kafka destinations – due to missing or too old dependencies in the distribution.

          If you are lucky or just have a simple use case, the syslog-ng package included in the distro is sufficient for you. If you need one of the features missing from the distribution package, consider the unofficial syslog-ng repositories.

          What “unofficial” means? While I am a Balabit/One Identity employee, these are not official repositories. They are provided as is, with a best effort level of support.

        • Introducing the TRIRIGA Assistant

          Wouldn’t it be nice if your office started to act more like a team player? For employees, that would mean effortless engagement with workplace services. For facility managers, that would mean more engaged and delighted occupants who provide feedback to keep the workplace not just humming but evolving.

          IBM TRIRIGA just announced numerous enhancements to the workplace experience in the latest release. Among these enhancements, the all new TRIRIGA Assistant. The TRIRIGA Assistant is a smart, conversational AI assistant, which is the same frictionless technology that we all have in our homes, and which is another way to meet the ever-growing expectations of the workforce. This AI assistant can help users find and reserve meeting rooms, report maintenance issues correctly, and even locate where a colleague sits. And that is just the beginning.

        • IBM Champions unlock the power of IBM

          After reviewing nearly 1,400 nominations, IBM is proud and happy to announce the 2020 class of IBM Champions.

          The IBM Champion program recognizes innovative thought leaders in the technical community and rewards these contributors by amplifying their voice and increasing their sphere of influence. The program catalyzes their ongoing contributions by providing education, engagement, and opportunities.

          An IBM Champion is a business partner or customer of IBM — an IT professional, business leader, developer, executive, or educator who influences and mentors others to help them innovate with and make the best decisions around IBM software, solutions, and services.

    • Audiocasts/Shows

      • Success Through Vulnerability | LINUX Unplugged 338

        How did we get from shareware to free software? We jump in the Linux powered time machine and revisit software past.

        Plus a new Plasma focused laptop, and two powerful command-line picks.

      • 2020-01-28 | Linux Headlines

        A partnership to keep open-source secure, Flathub gets social, Kali Linux has a new release and Ubuntu’s first in a series of switch guides.

      • Python Bytes: #166 Misunderstanding software clocks and time

        We all know about bits. Quantum computers use a more sophisticated data representation known as a qubit or quantum bit. Each qubit can exist in state 1 or 0, but also in superpositions of 1 and 0, meaning that the qubit simultaneously occupies both states. Such states can be specified by a two-dimensional vector that contains a pair of complex numbers, making for an infinite number of states. Each of the complex numbers is a probability amplitude, basically the odds that the qubit is a 0 or a 1, respectively.

      • Brunch with Brent: Peter Adams Part 1 | Jupiter Extras 50

        Brent sits down with Peter Adams, professional photographer and former founder and CTO of several internet-technology startups in New York and Silicon Valley. We explore his photography project "Faces of Open Source", his history in the dot-com bubble era, how he came to love open source, and more.

      • 2020-01-27 | Linux Headlines

        Linux 5.5 arrives with support for the Raspberry Pi 4 among many other improvements, Solus and SQLite both see minor version bumps that pack a punch, and The Qt Company has a major update that is not sitting well with its community.

      • LHS Episode #322: YOTA Deep Dive

        Welcome to the 322nd installment of Linux in the Ham Shack. In this episode, the hosts and special guest Neil Rapp, WB9VPG, of Ham Talk Live discuss the very future of amateur radio in the form of YOTA (Youth on the Air). A program started in IARU Region 1 as Youngsters on the Air, Neil and a committee of other amateurs and volunteers in the Americas is trying to foster the idea around the rest of the globe. Learn about these projects which aim to let youth teach youth about the direction of amateur radio and breed interest that will last many lifetimes.

    • Kernel Space

      • Linux 5.5 officially released with a couple of hardware improvements

        A couple of days ago, Linus Torvalds announced that the Linux 5.5 stable version is coming soon. Now, there are reports that the stable version of Linux 5.5 is available. Torvalds pointed out in the release announcement that despite the increase in patches this week and concerns about the possible extension of the Linux 5.5 cycle due to downtime around Christmas and New Year holidays, it chose to release the 5.5 kernel on time.

      • Linux 5.5 “Kleptomaniac Octopus” Officially Launched
        Codenamed Kleptomaniac Octopus, the new Linux release comes with a series of major improvements, including full Raspberry Pi 4 and Chromebook Wake-On-Voice support.

        “Despite the slight worry that the holidays might have affected the schedule, 5.5 ended up with the regular rc cadence and is out now,” Linus Torvalds announced.

      • “Welcome, Kleptomaniac Octopus” – Linux 5.5 Lands, with Improved Hardware Support

        Linux Torvalds has released the first stable Linux kernel update of 2020, Linux 5.5 – and it’s on schedule despite the worries that downtime over the holidays would have an impact on its release.

        The Linux 5.5 kernel update (dubbed “Kleptomaniac Octopus”) brings a host of performance tweaks as well as support for devices like the Raspberry Pi 4 and Broadcom chip BCM2711.

        Depending on your use of Linux the increasing support for Intel processor extensions for its x86-64 line could be of note, as the update includes Intel 5-level paging support as default. This has been done in preparation for the release of Intel servers that will have a significant amount of RAM.

      • AMD Prepares Fix To Address Clicking Issue With Audio Playback On Raven APUs

        Unfortunately it wasn't a trouble-free experience at launch but with time Raven Ridge APUs have been getting cleaned up on Linux for a pleasant experience, thanks in part to the Google Chromebook play that has also seen these newer AMD APUs seeing HDCP content protection support and PSP / TEE trusted execution functionality.

        The latest overdue improvement on the AMD Raven APU front is a fix for a pesky issue during audio playback. If playing audio streams immediately one after another, clicking noises can be heard. That is in the process of being resolved thanks to a new kernel patch.

      • AMD ZEN 3 CPU Added To Official Linux Kernel With ‘Family 19H’ Indicating Launch Of Next-Gen Processors With Higher IPC Gains?

        AMD’s ZEN 3 Architecture, the next-gen evolution of the company’s powerful CPUs, is now officially a part of the Linux Family. Spotted inside the Linux Kernel are direct references to the AMD’s Zen 3 CPU microcode. Given the recent developments about the as-yet-unannounced AMD Architecture that succeeds ZEN 2, it is quite likely the company could release the new CPUs based on ZEN 3 in the coming months. And, if the leaked benchmarks and test scores are to be believed, AMD has truly pushed its processors and managed to achieve a substantial leap in processor power with lesser power draw.

        After giving a tough competition to Intel last year, AMD appears to be readying a new lineup of CPUs that are based on the company’s latest Architecture, the ZEN 3. Based on the 7nm Fabrication Node, the Zen 3 is the 3rd iteration of the ZEN microarchitecture, which is built using the EUV (Extreme Ultraviolet) lithography process.

      • AMD Zen 3 CPU Support Added To Linux Kernel As We Get Closer To Official Announcement

        It looks like we are getting more closer to the launch of AMD's Zen 3 CPUs as microcode for the upcoming lineup has been added to the Linux Kernel, as spotted by Komachi. The AMD Zen 3 line of processors are aimed to hit in the coming quarters and it looks like they are going to be a bigger upgrade than we have anticipated as many leaks and official representatives have stated.

        [...]

        However, this means that in the upcoming months, AMD is definitely bringing us more news as also stated by AMD's CEO, Dr. Lisa Su, in the 'The Bring Up' interview where she states that Zen 3 architecture is doing really well, they are excited about it and that she looks forward to talking more about it later in 2020.

    • Applications

      • MPV 0.32 Released with RAR5 Support & Initial Bash Completion

        MPV media player released version 0.32.0 today with some new features and various bug-fixes.

        MPV 0.32.0 features RAR5 support and initial implementation of bash completion.

      • MPV Player 0.32 Released With RAR5 Support, Bash Completion

        MPV 0.32 is out today as the newest update to this open-source video player based on MPlayer.

        MPV 0.32 adds support for RAR5 compressed content within its libarchive stream implementation. This latest version of RAR supports multi-threaded compression, other compression and decompression speed improvements, and other design improvements.

      • 7 Best Remote Desktop Sharing Applications for Ubuntu

        If you’re a developer or a system administrator and have to travel more then you might be having trouble keeping up with your work. Program or web development and system administration is kind of work which involves continuous attention and it gets even more difficult when you are travelling or have to work from different places.

        Well, for such persons there are some tools called desktop sharing apps which can help to keep up with the work on their computer no matter at which location you are, you can keep track from other computer or smartphone. Many computer manufacturing giants and software developing businesses use these types of tools to troubleshoot problems at customers end.

      • Best Open Source Secure Email Gateway Packages

        Secure Email Gateways or Email security gateways are gateways designed to filter mail traffic. Some mail providers and other types of organizations implement this solution to fight attacks like phishing, email-borne attacks, viruses, malwares and more attacks which can be filtered by an email gateway, but it also can prevent information leak by infidel members of the organization, etc. It is a controller of mail content which rules according to the specified rules and policies. Email Secure Gateways are available as a cloud service, as virtual appliance, locally at the mail server and there are both software and hardware solutions but this article focuses on 5 Email Security Gateways: MailScanner, MailCleaner, Proxmox, Hermes Secure Email Gateway and OrangeAssasin, all them include free versions while some offer additional paid versions with extra features.

    • Instructionals/Technical

    • Games

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Kubuntu Focus Linux Laptop Now Has a Cheaper Version
          The officially recognized Kubuntu Focus Linux laptop now has a cheaper version, which makes the powerful machine more affordable to those who want to buy a Linux computer.

          Announced earlier this month, the Kubuntu Focus laptop now has new configuration options starting a US $1,795 for the base model, which comes with an Nvidia GeForce RTX 2060 6GB GPU, 16GB RAM, 250GB Samsung EVO Plus NVMe storage, one 180W power supply, and one year limited warranty. Previously, the cheapest version cost US $2,285.

        • The Qt Company is stopping Qt LTS releases. We (KDE) are going to be fine
          Obvious disclaimer, this is my opinion, not KDE's, not my employer's, not my parents', only mine ;)

          Big news today is that Qt Long-term-supported (LTS) releases and the offline installer will become available to commercial licensees only.

          Ignoring upcoming switch to Qt6 scenario for now, how bad is that for us?

          Let's look at some numbers from our friends at repology.

          At this point we have 2 Qt LTS going on, Qt 5.9 (5.9.9 since December) and Qt 5.12 (5.12.6 since November).

          How many distros ship Qt 5.9.9? 0. (there's macports and slackbuilds but none of those seem to provide Plasma packages, so I'm ignoring them)

          How many distros ship Qt 5.12.6? 5, Adélie Linux, Fedora 30, Mageia 7, OpenSuse Leap 15.2, PCLinux OS (ALT Linux and GNU Guix also do but they don't seem to ship Plasma). Those are some bigger names (I'd say specially Fedora and OpenSuse).

        • Qt offering changes 2020

          Much is happening around Qt these days: We have just opened the Qt Marketplace, released a new MCU offering as well as Qt 5.14, and the Design Studio is developing rapidly.

          [...]

          Since the Qt Account was introduced, the amount of registered Qt accounts has been growing steadily up to almost one million, today.

          From February onward, everyone, including open-source Qt users, will require valid Qt accounts to download Qt binary packages. We changed this because we think that a Qt account lets you make the best use of our services and contribute to Qt as an open-source user.

          We want open-source users to help improve Qt in one form or another, be that through bug reports, forums, code reviews, or similar. These are currently only accessible from a Qt account, which is why having one will become mandatory.

        • Qt offering changes 2020

          The Qt blog has announced some changes in how the Qt toolkit is offered to consumers. Notably, installation of Qt binaries will require a Qt Account and long-term-supported (LTS) releases and the offline installer will become available to commercial licensees only.

        • About “Qt offering changes 2020”
          When I read “Qt offering changes 2020” yesterday, my first reaction was to write a pissy blog post. I’m still writing a blog post with my thoughts about the changes, but I’ll be nice. There are three parts to this post: a short recap of my history with Qt and then my thoughts on what this means for KDE, for Krita and for free software.

          I started programming using Qt and PyQt when I read about Qt in Linux Journal, which I was subscribing to back in 1996. That means that I’ve been using Qt for about 25 years. I initially wanted to write an application for handling linguistic field data, and I evaluated GTK+, wxWidgets, Qt, Tk, fltk, V and a few others that have been forgotten in the mists of time. I choose Qt because it had great documentation, a consistent API, the most logical (to me…) way of doing things like setting up a window with a menu or handling scrollbars and finally because it made C++ as easy as Java.

        • Interview with Spihon

          That’s an easy one, Which ties in with digital… money. About 2018 I was busy looking for a free art program that I could animate with, since I’m struggling with trying to find a job, so I thought I could do try my hand at making videos for YouTube. And speaking of YouTube, that’s where I found it, from this guy’s video on how to animate, and I was sold so I downloaded it and I’m not going back on it.

          Actually, the anniversary of when I found it is next month, February 18th, so I’ll have been using it for two years.

          Truthfully a bit intimidating at first, until I got the hang of it and it became my go to art program for everything I do, from simple paintings to comics. Heck, David Revoy even got me inspired to do it… Sure, I could have added him to the “who inspires me” section but come on! He needs a special place as my Krita Rockstar…

          Anyhoo, I draw more these days than I play video games.

    • Distributions

      • KnightOS was an interesting operating system

        Still, it was a really interesting operating system which was working under some challenging constraints, and overcame them to offer a rather nice Unix-like environment, with a filesystem, preemptive multiprocessing and multithreading, assembly and C programming environments, and more. The entire system was written in handwritten z80 assembly, almost 50,000 lines of it, on a compiler toolchain we built from scratch.

      • Like its Windows-noob-stabilisers OS, Zorin's cloudy Grid tool is Linux desktop management for idiots

        Zorin, which provides a Linux distro designed to look familiar for migrating Windows and Mac users, has announced a subscription-based management tool for Linux desktops.

        Six desktop layouts in Zorin include Windows, macOS, Touch, Ubuntu, and Gnome 3, though the full range is only available in the paid-for Ultimate edition (€39 + VAT). But the free Core edition is fully usable, includes the Windows-like desktop, and most of the software in Ultimate can be added manually. The main reason to purchase Ultimate is for installation support and to help finance the Ireland-based project.

        Zorin OS is based on Ubuntu and currently at version 15.1, released in mid-December 2019. There are several variants, including one using the lightweight Xfce desktop for best performance on older hardware. We took a look at version 15 in June last year. New stuff in 15.1 includes version 5.0 of the Linux kernel, the ability to use an Android phone as a remote for presentations, new desktop customisation options, and the inclusion of the Sans Forgetica font, which is deliberately hard to read on the grounds, it is claimed, that you remember things better if the brain puts in more effort.

      • Red Hat vs. SUSE vs. Canonical Contributions To The Mainline Linux Kernel Over The 2010s

        After last week looking at the AMD/Intel/NVIDIA contributions to the mainline Linux kernel over the past number of years, there were reader requests for seeing how some of the top distributions compare namely Red Hat, SUSE, and Canonical.

        These graphs today are looking at the contributions by SUSE, Red Hat, and Canonical to the mainline Linux kernel. Keep in mind this is the Git commits made from using the respective corporate domains for each organization.

      • 25/01/2020: This week in KISS (#8)

        Another new addition to the website is the packages page. This is a full listing of each package in the repositories with version and maintainer information.

        The page is updated automatically with changes to the repositories. The raw repository data is also available as a simple tsv file.

      • Reviews

        • FerenOS (2020) | Review from an openSUSE User

          FerenOS undoubtedly focuses on visual aesthetics, user interface and user experience. The last time I looked at FerenOS, it was built on the Cinnamon Desktop Environment. At the time, the Plasma version was called “Feren Next” and and initially I was disappointed I didn’t use the Plasma version, but now I am very glad I did as I can compare this experience with my last FerenOS experience.

          This is my review as an openSUSE User. To say this will be completely objective would essentially be a big giant lie. This will be quite biased as I enjoy openSUSE Tumbleweed with the Plasma desktop, day in and day out on multiple machines, including my daily driver, low end laptops and more powerful workstations and servers. I am happily entrenched but that doesn’t mean I don’t like to look over the fences from time to time to see what other parts of the community are doing. Plus, you can’t go anywhere without bumping in to “FerenOS Dev” on some YouTube chat, Telegram or Discord announcing his enhancements.

          Bottom Line Up Front: FerenOS (2020) is simply fantastic. The way you are greeted and guided through your setup is brilliant. I am not keen on every design decision but that matters not as I am never keen on every design decision presented in any other distribution, to include my own. FerenOS is going for a look that is uniquely its own and is not afraid to experiment, cross toolkit boundaries and stray from the normal. I appreciate the design decisions, more than any other “boutique” distribution I have seen in a long while. Do I like all of them? No. Would I choose many of these? Also, No. But I think they do look great make for an enjoyable experience, just not one I would prefer.

      • New Releases

        • ExTiX 20.2 Linux Distro Released: Now Rebased On Ubuntu 20.04
          The Ultimate Linux System — ExTiX — releases its new version v20.2 with a major shift to the upcoming Ubuntu 20.04. Arne Exton, the ExTiX developer, names the current release as ExTiX 20.2 KDE Plasma Live DVD.

          ExTiX 20.2 replaces the previous Desktop Environment GNOME and Codebase Deepin 15.11 with KDE Plasma 4.19 and Ubuntu 20.04 LTS.

        • Kali Linux 2020.1 Release

          We are here to kick off our first release of the decade, with Kali Linux 2020.1! Available for immediate download.

          Throughout the history of Kali (and its predecessors BackTrack, WHAX, and Whoppix), the default credentials have been root/toor. This is no more. We are no longer using the superuser account, root, as default in Kali 2020.1. The default user account is now a standard, unprivileged, user.

          For more of the reasons behind this switch, please see our previous blog post. As you can imagine, this is a very large change, with years of history behind it. As a result, if you notice any issues with this, please do let us know on the bug tracker.

        • Kali Linux Ethical Hacking OS Gets First 2020 Release
          Offensive Security kicks of 2020 with the first release of their Kali Linux ethical hacking and penetration testing GNU/Linux distribution, Kali Linux 2020.1.

          The Kali Linux 2020.1 release is now available for download and it looks like it packs quite some goodies for fans of the Debian-based operating system, including non-root by default. This means that Kali Linux 2020.1 is the first release to use a standard, unprivileged user account (kali/kali) by default instead of the superuser account (root/toor), except for the ARM images.

          The second biggest change in Kali Linux 2020.1 is the availability of a single installer image for all supported desktop environments. Therefore, there won’t be separate images of Kali Linux for each desktop environment, which means that, when they want to install Kali Linux, users will have to download a single image and choose their preferred desktop environment.

      • Screenshots/Screencasts

      • PCLinuxOS/Mageia/Mandriva/OpenMandriva Family

        • OpenMandriva Lx 4.1 RC is out

          OpenMandriva Lx 4.1 is just around the corner. The team is publishing today the last milestone for current release cycle.

          OMLx 4.1 RC release is mostly bug fixing and update packages.

      • Fedora Family

        • Richard Hughes: Hunting UEFI Implants

          Last week I spent 3 days training on how to detect UEFI firmware implants. The training was run by Alex Matrosov via Hardwear.io and was a comprehensive deep-dive into UEFI firmware internals so that we could hunt for known and unknown implants. I’d 100% recommend this kind of training, it was excelent. Although I understood the general concepts of the protection mechanisms like SMM, HP Sure Start and Intel BIOSGuard before doing the training, it was really good to understand how the technologies really worked, with real world examples of where hardware vendors were getting the implementation wrong – giving the bad guys full control of your hardware. The training was superb, and Alex used lots of hands-on lab sessions to avoid PowerPoint overload. My fellow students were a mixture of security professionals and employees from various government departments from all over the world. We talked, a lot.

          My personal conclusion quite simply is that we’re failing as an industry. In the pursuit to reduce S3 resume time from 2s to 0.5s we introduce issues like the S3 bootscript vulnerability. With the goal to boot as quickly as possible, we only check the bare minimum certificate chain allowing additional malicious DXEs to be added to an image. OEMs are choosing inexpensive EC hardware from sketchy vendors that are acting as root of trust and also emulating hardware designed 30 years ago, whilst sharing the system SPI chip. By trying to re-use existing power management primitives like SMM as a security boundary the leaky abstractions fail us. Each layer in the security stack is assuming that the lower below it is implemented correctly, and so all it takes is one driver with SMM or CSME access to not check a memory address in a struct correctly and everything on top (e.g. BootGuard, ALSR, SELinux, etc) is broken. Coreboot isn’t the panacea here either as to get that to run you need to turn off various protections like BootGuard, and some techniques like Sure Start mean that Coreboot just isn’t a viable option. The industry seems invested into EDK2, for better or worse. This shouldn’t just be important to the few people just buying stuff from Purism – 10,000x laptops are being sold on Amazon for every laptop sold by vendors that care about this stuff.

          Most of the easy-to-exploit issues are just bugs with IBV or ODM-provided code, some of which can be fixed with a firmware update. Worst still, if you allow your “assumed secure” laptop out of sight then all bets are off with security. About a quarter of people at the UEFI training had their “travel laptop” tampered with at some point – with screws missing after “customs inspections” or with tamper seals broken after leaving a laptop in a hotel room. You really don’t need to remove the screws to image a hard drive these days. But, lets back away from the state-sponsored attacker back to reality for a minute.

          The brutal truth is that security costs money. Vendors have to choose between saving 10 cents on a bill-of-materials by sharing a SPI chip (so ~$10K over a single batch), or correctly implementing BIOSGuard. What I think the LVFS now needs to do is provide some easy-to-understand market information to people buying hardware. We already know a huge amount of information about the device from signed reports and from analyzing the firmware binaries. What we’re not doing very well is explaining it to the user in a way they can actually understand. I didn’t understand the nuances between BIOSGuard and BootGuard until a few days ago, and I’ve been doing this stuff for years.

        • Build your own cloud with Fedora 31 and Nextcloud Server



          Nextcloud is a software suite for storing and syncing your data across multiple devices. You can learn more about Nextcloud Server’s features from https://github.com/nextcloud/server.

          This article demonstrates how to build a personal cloud using Fedora and Nextcloud in a few simple steps. For this tutorial you will need a dedicated computer or a virtual machine running Fedora 31 server edition and an internet connection.

      • Canonical/Ubuntu Family

        • How Well Does the HP Dragonfly Elite Run Ubuntu? Very

          If you’re in the market for a powerful new Linux laptop then the 2-in-1 HP Dragonfly Elite (first-gen) might not be your first thought.

          This 13.3-inch notebook isn’t sold with Linux, and instead coms preloaded with Windows 10.

          But Jim Salter at Ars Technica decide to try out the latest Ubuntu 19.10 release on the Dragonfly Elite to see if a non-Windows experience was up to scratch.

          And the result?

          Pretty dang encouraging!

        • Ubuntu Is Now Patched Against Latest Intel Processor Graphics Vulnerabilities

          Canonical has released today new Linux kernel patches to address the latest security vulnerabilities affecting Intel Graphics Processing Units (GPUs) in all of its supported Ubuntu releases.

          Two weeks ago, on January 14th, Intel revealed two new vulnerabilities affecting systems with Intel Graphics Processing Units (GPUs), known as CVE-2020-7053 and CVE-2019-14615. These vulnerabilities were present in the Intel graphics driver (i915) for GNU/Linux systems, and thus having an impact on almost all Linux-based operating systems.

          CVE-2019-14615 did not let the Linux kernel to properly clear data structures on context switches for some Intel GPUs, which could allow a local attacker to expose sensitive information. On the other hand, CVE-2020-7053 is a race condition that could lead to a use-after-free, destroying GEM contexts in the i915 graphics driver. This could allow a local attacker to crash the system or execute arbitrary code.

        • Have an Intel processor? Enjoy two more vulnerabilities

          Intel are not having a good time lately are they? More vulnerabilities in their CPUs have been made public.

          How many is that Intel have had recently that affect them? Quite a lot. This time, it appears AMD are not affected at least. Still, this is a lot of major security problems to go through with Spectre and Meltdown, Foreshadow and ZombieLoad. Currently, Intel are saying that they're "not aware of any use of these issues outside of a controlled lab environment" so you don't need to go and panic just yet. Just keep an eye on updates for your distribution and motherboard BIOS updates.

        • Canonical Releases Ubuntu 16.04 LTS Kernel Security Update to Address 9 Flaws
          Canonical has released today a new Linux kernel security update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system to address several vulnerabilities.

          In addition to mitigating the CVE-2019-14615 vulnerability affecting certain Intel graphics processors, the new Linux kernel security update addresses a race condition (CVE-2019-18683) in the Virtual Video Test Driver (VIVID), which could allow an attacker with access to /dev/video0 to gain administrative privileges.

          Also patched are multiple memory leaks (CVE-2019-19057) in the Marvell WiFi-Ex driver and a NULL pointer dereference (CVE-2019-18885) in the Btrfs file system.

        • Ubuntu 20.04 LTS “Focal Fossa” Artwork for Your Phone by Sylvia Ritter, Made with Krita

          Talented concept artist Sylvia Ritter unveiled today new artwork inspired by Canonical’s upcoming Ubuntu 20.04 LTS “Focal Fossa” operating system, due for release in April 2020.

          Sylvia Ritter is known for her astonishing artwork made for each of the 30 releases of the Ubuntu operating system, and now the artist has published new artwork for the upcoming Ubuntu 20.04 LTS release, dubbed Focal Fossa, which you can download from DeviantArt.

          It’s only a single image, which is perfect for use as a wallpaper on your mobile phone, and you don’t even have to be an Ubuntu fan because the ‘Focal Fossa” inspired artwork is nothing but marvelous. I love it!

        • Ubuntu Weekly Newsletter Issue 615

          Welcome to the Ubuntu Weekly Newsletter, Issue 615 for the week of January 19 – 25, 2020. The full version of this issue is available here.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • The Importance Of Growing Developer Action On Open Source Enterprise Blockchain Solutions

        Since major enterprises started taking blockchain seriously and looking at the technology's potential in their chosen arena, so have a number of popular enterprise-grade blockchain solutions have come to the fore.

        Some of these solutions are sold to companies as an all in one solution, slightly deviating from some of the core decentralized and open-sourced pillars of the technology, but the more popular ones are open-sourced and constantly being developed. The likes of Hyperledger Fabric, as well as Sawtooth and Besu, R3 Corda, and Quorum are all open source solutions that have been tracked for developer activity by Blockchain service firm Chainstack.

      • An Open Source Alternative to AWS SageMaker

        There’s no shortage of resources and tools for developing machine learning algorithms. But when it comes to putting those algorithms into production for inference, outside of AWS’s popular SageMaker, there’s not a lot to choose from. Now a startup called Cortex Labs is looking to seize the opportunity with an open source tool designed to take the mystery and hassle out of productionalizing machine learning models.

        Infrastructure is almost an afterthought in data science today, according to Cortex Labs co-founder and CEO Omer Spillinger. A ton of energy is going into choosing how to attack problems with data – why, use machine learning of course! But when it comes to actually deploying those machine learning models into the real world, it’s relatively quiet.

      • Ambitions for a Unix Shell

        As discussed in the January blog roadmap, I want to concretely describe a reduced Oil language, and see if we can get it "done" in 2020.

        So, to give context to upcoming posts about the language, let's review the project's goals from different perspectives: [...]

      • Inside Open-Source Networking

        In this edition of the Embedded Insiders podcast, Brandon and Rich continue their journey into the world of open source, this time by focusing on Z-Wave that was recently donated to the community by Silicon Labs (who acquired the networking technology from Sigma Designs).

        Later, the Embedded Insiders are joined by Laurens Slats from The Things Industries, who continues the discussion of open source networking technologies by outlining the state of LoRa and LoRaWAN. Their upcoming Things Conference in Amsterdam takes place January 30-31st.

      • Rockstar dev debate reopens: Hero programmers do exist, do all the work, do chat a lot – and do need love and attention from project leaders

        The idea that some software developers matter more to coding projects than others is controversial, particularly among open source projects where community cohesion and participation can suffer if contributors are not treated fairly.

        Scott Hanselman, partner program manager at Microsoft, argued against the notion of rockstar programmers back in 2013, as have many others. But not everyone agrees and it's a difficult debate to settle because there's no consensus about what to measure, much less about the methods used to make the measurements.

        What's more, projects may have different needs at different times – a dominant contributor may help bring projects to life but then become a liability when the project is mature.

        The latest entry into this long-running argument comes from a research paper, "Why Software Projects need Heroes (Lessons Learned from 1000+ Projects)," published last year [PDF] and just revised [PDF] with 16 additional pages.

      • Tierion introduces set of open-source tools to create 'trustless' Lightning apps
      • Nextcloud evolves into Nextcloud Hub to better meet your company's needs

        The Nextcloud developers have unleashed one of their most significant upgrades to their on-premises cloud hosting platform: Nextcloud Hub. I was invited to test the pre-release version and never before have I been so impressed with a piece of open source software. Nextcloud has evolved from a tool that can be installed and expanded with a number of applications, to an out-of-the-box, one-stop shop collaboration suite.

        Once installed, Nextcloud Hub includes built-in video chat, OnlyOffice integration, and so much more--out of the box. Admins will no longer have to install or connect to a separate OnlyOffice server. That's big news for anyone who's taken the time to add business-grade collaboration to the Nextcloud platform. Open source now has a seriously robust and user-friendly web-based office groupware suite.

        This evolution of the hottest on-premises cloud server software will come about with the next release (version 18 is available now) and will bring with it a full-blown, fully-featured cloud-based set of collaboration tools unlike anything you've witnessed in an open source stack.

      • LSD welcomes Knowledge Focus to Planet Open Source

        The strategic integration is the result of a shared vision to unify and further strengthen competencies across key open source solution spaces.

        With this merger, LSD hopes to explore new opportunities with their combined superpowers and will continue to deliver market-leading open-source solutions.

      • Events

        • SUSI.AI release 20200120: Desktop and Smart Speaker

          More than a month has passed, but the winter holidays allowed me to update, fix, and stream line a lot of corners in SUSI.AI. And above all, work on a desktop version that can easily be installed. Thus, the FOSSASIA Team finally can release a SUSI.AI 2020-01-20 of SUSI.AI, the privacy aware personal assistant.

        • FOSDEM by train

          I’ve always loved train journeys, but with flygskam changing people’s travel preferences across Europe (and possibly worldwide, though probably not that much), I decided to take train to FOSDEM this time.

          [...]

          As some of my readers may know, my backpack was stolen from me after FOSDEM two years ago, and with it were gone, among other things, my passport and my residence permit card. With my flight home having been planned two and half hours from the moment when I realised my things are gone, I couldn’t get a replacement travel document quickly enough from the embassy, so I had to stay at my friends in Vilvoorde (thanks a lot again, Jurgen!) and travel with the cheapest ground transportation I could find. In my case, it was a night RegioJet coach to Prague with a connection to (again) RegioJet train to Bratislava. (I couldn’t fly even though I already had my temporary travel document since I might need to somehow prove that I’m allowed to be in the Schengen zone, which is difficult to do without a valid residence permit.) Sleeping on a bus isn’t the best way to travel for long distances, and I was knackered when I finally dropped on my sofa in Bratislava next morning. However, what I learnt was that it was possible, and were it a bit more comfortable, I wouldn’t mind something like this again.

      • Web Browsers

        • Mozilla

          • Mozilla Thunderbird: Thunderbird’s New Home

            As of today, the Thunderbird project will be operating from a new wholly owned subsidiary of the Mozilla Foundation, MZLA Technologies Corporation. This move has been in the works for a while as Thunderbird has grown in donations, staff, and aspirations. This will not impact Thunderbird’s day-to-day activities or mission: Thunderbird will still remain free and open source, with the same release schedule and people driving the project.

            There was a time when Thunderbird’s future was uncertain, and it was unclear what was going to happen to the project after it was decided Mozilla Corporation would no longer support it. But in recent years donations from Thunderbird users have allowed the project to grow and flourish organically within the Mozilla Foundation. Now, to ensure future operational success, following months of planning, we are forging a new path forward. Moving to MZLA Technologies Corporation will not only allow the Thunderbird project more flexibility and agility, but will also allow us to explore offering our users products and services that were not possible under the Mozilla Foundation. The move will allow the project to collect revenue through partnerships and non-charitable donations, which in turn can be used to cover the costs of new products and services.

          • react-content-marker Released – Marking Content with React

            Last year, in a React side-project, I had to replace some content in a string with HTML markup. That is not a trivial thing to do with React, as you can't just put HTML as string in your content, unless you want to use dangerouslySetInnerHtml — which I don't. So, I hacked a little code to smartly split my string into an array of sub-strings and DOM elements.

            More recently, while working on Translate.Next — the rewrite of Pontoon's translate page to React — I stumbled upon the same problem. After looking around the Web for a tool that would solve it, and coming up short handed, I decided to write my own and make it a library.

            [...]

            The first thing to note is that you can pass any number of parsers to the createMarker function, and they will all be called in turn. The order of the parsers is very important though, because content that has already been marked will not be parsed again. Let's look at another example.

            Say you have a rule that matches content between brackets: /({.*})/, and a rule that matches content between brackets that contain only capital letters: /({[A-W]+})/. Now let's say you are marking this content: I have {CATCOUNT} cats. Whichever rule you passed first will match the content between brackets, and the second rule will not apply. You thus need to make sure that your rules are ordered so that the most important ones come first. Generally, that means you want to have the more specific rules first.

          • TenFourFox FPR19b1 available

            TenFourFox Feature Parity Release 19 beta 1 is now available (downloads, hashes, release notes). I was originally going to do more iteration on Reader mode in FPR19, but in a possible recurrence of the issue that broke SourceForge downloads temporarily, a user reported on Tenderapp they had a site that was failing in the same way. On the test system I was able to reproduce the problem and it was due to the selected cipher having insufficient cryptographic strength to pass HTTP/2 TLS profile validation. The selected cipher was one I added as a stopgap for FPR7 to fix another site which was still working (and did not use HTTP/2, hence it didn't exhibit the issue). Disabling that cipher restored the new failing site, but caused the site I put the workaround for in FPR7 to fail, so in no situation could I get both sites to be happy with the set available. Although I didn't really want to do this, the only real solution here was to upgrade NSS, the underlying cryptographic library, to add additional more modern ciphers to replace the older one that now needed to be reverted. With this in place and some other fixes, now both sites work, and this probably fixes others.

          • Chromecast Extension For Firefox fx_cast 0.0.5 Adds Support For YouTube, Subtitles For Local Media

            fx_cast, a tool that enables Chromecast support for Firefox web browser, has been updated to version 0.0.5 with some new features and bug fixes. This release includes support for finding and converting local SubRip (.srt) subtitle files for local media casting, an important fix that gets YouTube casting to work correctly, and more.

            fx_cast is made of two parts: a Firefox extension and a companion application that needs to run in the background on the same machine as the extension. This companion bridge application is needed to connect with the receiver devices in order to get around Google's proprietary protocol.

            It's important to note that fx_cast is in the pre-beta phase, and is considered "incomplete and likely buggy". It supports casting web apps like Netflix or BBC iPlayer, HTML5 video and screen/tab sharing.

          • Mapping the power of Mozilla’s Rebel Alliance

            At Mozilla, we often speak of our contributor communities with gratitude, pride and even awe. Our mission and products have been supported by a broad, ever-changing rebel alliance — full of individual volunteers and organizational contributors — since we shipped Firefox 1.0 in 2004. It is this alliance that comes up with new ideas, innovative approaches and alternatives to the ongoing trends towards centralisation and an internet that doesn’t always work in the interests of people.

            But we’ve been unable to speak in specifics. And that’s a problem, because the threats to the internet we love have never been greater. Without knowing the strength of the various groups fighting for a healthier internet, it’s hard to predict or achieve success.

            We know there are thousands around the globe who help build, localize, test, de-bug, deploy, and support our products and services. They help us advocate for better government regulation and ‘document the web’ through the Mozilla Developer Network. They speak about Mozilla’s mission and privacy-preserving products and technologies at conferences around the globe. They help us host events around the globe too, like this year’s 10th anniversary of MozFest, where participants hacked on how to create a multi-lingual, equitable internet and so much more.

            With the publication of the Mozilla and the Rebel Alliance report, we can now speak in specifics. And what we have to say is inspiring. As we rise to the challenges of today’s internet, from the injustices of the surveillance economy to widespread misinformation and the rise of untrustworthy AI, we take heart in how powerful we are as a collective.

      • Education

        • How I teach physics using open source tools

          The nice aspect of being a physicist and a researcher is the openness of our community. There is a lot of collaboration and sharing of ideas (especially during coffee breaks). We also tend to share the software we write. Since we are very picky about algorithms, we want to modify other people’s code to fix the obvious errors that we find. It feels frustrating when I have to use proprietary tools since I cannot understand their inner workings. Having grown up professionally in such an environment, open source has been my go-to solution for all the software I use.

          When I became the regular teacher of the Physics and Biophysics course at the medical school at my university, I decided to use only open source software to prepare my lectures. Here is my experience so far and the solutions I found.

      • BSD

        • iXsystems' TrueNAS & FreeNAS Hit 11.3

          FreeNAS is a free and open-source NAS software based off of FreeBSD and OpenZFS. It runs on commodity x86-64 hardware, as well as iXsystems gear. FreeNAS supports Window, macOS, and Unix as well as virtualization hosts like XenServer and VMware. TrueNAS is aimed at enterprise storage and supports SMB, AFP, NFS, iSCSI, SSH, rsync and FTP/TFTP sharing protocols over Ethernet and Fibre Channel network fabrics. TrueNAS also supports VMware as well as over protocols such as Microsoft CSV, ODX, and VSS, and Veeam.

          Part of the 11.3 update sees TrueNAS gain several of the features that were already running in FreeNAS, now fully vetted and ready to go to the enterprise. These features include the modernized web UI as well as the ability to use and manage jails, plugins, and VMs. The new features are available in TrueNAS X-Series and M-Series platforms that scale from 10TB to over 10PB with hybrid or all-flash models.

        • The Idealistic Future of HardenedBSD

          In the last status report, we stood up our own git server. Since then, we've migrated our entire infrastructure to point to our self-hosted git as the source-of-truth repo.

      • FSF

        • Microsoft Must Open Source Windows 7, Free Software Foundation Says

          The organization claims that by open-sourcing Windows 7, Microsoft can allow the community to “study, modify, and share” code in the operating system. This would also allow the company to “respect the freedom and privacy” of users, FSF continues.

          “We call on them to release it as free software, and give it to the community to study and improve. As there is already a precedent for releasing some core Windows utilities as free software, Microsoft has nothing to lose by liberating a version of their operating system that they themselves say has ‘reached its end,’” the Free Software Foundation adds.

          At the time of writing, the petition has nearly 5,000 supporters.

          Of course, Microsoft hasn’t responded to the petition, but it goes without saying that you shouldn’t expect the company to open-source Windows 7. There are many reasons the company won’t do this, including the fact that Windows 7 shares much of the code with Windows 10, and open-sourcing the 2009 OS would obviously expose its successors.

        • Microsoft urged: Open-source Windows 7 to 'undo past wrongs'

          But Microsoft is unlikely to cave into the Windows 7 demands that FSF outlined in a petition launched last week, asking Microsoft to "give it to the community to study and improve".

          FSF argues that Microsoft has "nothing to lose by liberating a version of their operating system that they themselves say has reached its end.

          The petition was aiming to gather at least 7,777 supporters and today has exceeded that by 1,000.

          [...]

          Also, as The Register points out, there are still portions of Windows 7 code in Windows 10, so it's probably not in the company's best interests to release a free version of Windows 7.

          A free Windows has been a consistent demand of Stallman, who retired from FSF last year. He gave a speech at Microsoft Research last year outlining 10 demands, including that Microsoft "publicly take back Microsoft's attacks on copyleft made in the 2000s" and to release the source code of Windows under the GNU GPL.

        • Petitioners Demand Microsoft Release a Free Windows 7

          The Free Software Foundation wants Microsoft to keep Windows 7 alive as a free operating system. Microsoft stopped providing free security patches and support for Windows 7 earlier this month.

          Although the popular operating system reached its 10th birthday last fall, some 200 million PCs around the globe still run it, according to industry estimates. Users include small business owners, some larger companies, government agencies, and hordes of consumers worldwide.

          Microsoft expects most Windows 7 users to migrate to Windows 10, but it continues to provide patches and support for Windows 7 Pro and Enterprise, which are eligible for extended security update support for three years, for a fee. Windows 7 Home editions and Ultimate editions are not included in the options to purchase extended support.

          The FSF this week launched the "Upcycle Windows 7" petition. The organization is still collecting signatures, though it has surpassed its goal of getting 7,777 people to sign on to make Windows 7 available for free. The current tally is approaching 10,000.

          Making the OS free would allow users "the freedom to run, copy, distribute, study, change and improve the software," according to the foundation.

        • Microsoft Asked to Unshackle Windows 7 From Proprietary Tyranny

          The Free Software Foundation (FSF) is asking Microsoft to 'upcycle' Windows 7 and allow the community to continue to improve it after its end of life.

          "On January 14th, Windows 7 reached its official 'end-of-life,' bringing an end to its updates as well as its ten years of poisoning education, invading privacy, and threatening user security," says the FSF in a petition published on its website.

          The end of Windows 7's lifecycle gives Microsoft the perfect opportunity to undo past wrongs, and to upcycle it instead."

          The non-profit organization, founded by Richard Stallman in 1985 to support and promote the free software movement, wants Redmond to give its EoL OS to the community, to be studied and improved upon.

          In support of this demand, the FSF uses the release of the Microsoft Calculator app as open-source on GitHub under MIT license.

        • LibrePlanet 2020: We'll see you at the Back Bay Events Center in Boston, MA!

          We at the Free Software Foundation (FSF) are excited to say that the Dorothy Quincy suite of Boston's very own Back Bay Events Center will be the home of this year's LibrePlanet conference! We've taken the grand tour and couldn't be happier about our choice of location. We're confident that the Events Center will be a great host for the technology and social justice conference we've all come to know and love. It's just the right place for us (and the movement) to take our next steps in freeing the future.

          The Events Center is providing LibrePlanet with its own entrance and a dedicated and speedy Internet connection for the livestream, and is close to both public transportation and the FSF headquarters itself. As in past years, we'll have ample space for an exhibit hall and free software workshops, as well as the ever popular "hallway track," where you can engage with other attendees in conversations on contributing to free software projects.

          On the Events Center Web site, you will find accommodation and transportation suggestions that will pair nicely with those we've put up on the LibrePlanet 2020 site. The Back Bay Events Center is located at the corner of Berkeley and Stuart Street, and is close by the Back Bay stop of the Orange Line MBTA train and the Arlington stop of the Green Line MBTA train.

        • LibrePlanet 2020 needs you: Volunteer today!

          The LibrePlanet 2020 conference is coming very soon, on March 14 and 15 at the Back Bay Events Center in Boston, and WE NEED YOU to make the world's premier gathering of free software enthusiasts a success.

          Volunteers are needed for several different tasks at LibrePlanet, from an audio/visual crew to point cameras and adjust microphones, to room monitors to introduce speakers, to a set-up and clean-up crew to make our conference appear and disappear at the Event Center, and more! You can volunteer for as much or as little time as you like, whether you choose to help out for an hour or two, or the entirety of both days. Either way, we'll provide you with a VERY handsome LibrePlanet 2020 shirt in your size, in addition to free admission to the entire conference and lunch and our eternal gratitude.

        • GNU Projects

          • Mark J. Wielaard: A mission statement and social contract for GNU

            2019 was a difficult year for the Free Software Community with lots of questions about the future of GNU. It is hard to come up with good answers unless you know which shared principles you all value. After a very long discussion we finally have a first GNU Social Contract DRAFT and a new public wiki for GNU maintainers to share public discussion documents like this.

          • Pre-release 1.8.90 in alpha.gnu.org

            The pre-release recutils-1.8.90.tar.gz is now available at ftp://alpha.gnu.org/gnu/recutils/recutils-1.8.90.tar.gz The NEWS file in the tarball contains a list of the changes since 1.8. The planned date for releasing 1.9 is Saturday 1 February 2020.

          • GNU Spotlight with Mike Gerwitz: 16 new GNU releases in January!

            bison-3.5.1 gmp-6.2.0 gnuhealth-3.6.2 gnunet-0.12.2 grep-3.4 gsasl-1.8.1 guile-3.0.0 help2man-1.47.12 hyperbole-7.0.8 kawa-3.1.1 libredwg-0.10.1 make-4.3 mes-0.22 parallel-20200122 sed-4.8 unifont-12.1.04

      • Openness/Sharing/Collaboration

        • Now available: Open source solar contracts to simplify transacting

          A team of legal advisors and renewable energy experts contributed to an Open Solar Contracts Initiative to accelerate the deployment of solar power worldwide.

          The open source project was initiated by the Terrawatt Initiative (TWI) and the International Renewable Energy Agency (IRENA) in 2016.

        • joão leão develops the first open source electric skateboard made out of recycled plastic

          designer joão leão constantly ran into plastic waste washing ashore on the beaches of porto; he was also constantly running late due to his endless commute on public transportation. so, he created a faster method of personal transportation using recycled thermoplastics as the main manufacturing material — the PET MINI electric skateboard.

          [...]

          leão took inspiration from the anatomy of an armadillo for the electronics enclosure by designing a series of modular pieces along the bottom of the board. this allows for both the protection of the electronic components, and also maintains the flexibility of the deck — giving it the comfortable ride necessary for the city. other commercial products lose the deck’s flexibility, making it a rough ride through different urban terrains.

        • Open Data

          • How I had a nerdy date night with StreetComplete quests

            StreetComplete is an Android app that makes it fun and easy to contribute to open data by completing quests.

            Quests are used to fill in incomplete or inaccurate information on OpenStreetMap, an open data project dedicated to mapping the world through crowdsourcing. Anyone can contribute to the map and, thanks to free culture and open source licenses, that data can then be used by anyone for anything, from video games to custom map applications and artwork.

            [...]

            Download the app to your phone from F-Droid or Google Play. It’s licensed under GPLv3.

        • Open Access/Content

          • Academic publishing must better serve science and society

            We propose a new vision for scientific publishing that starts with reversing the relationship between authors and publishers. Under this system, authors would be able to make their research freely accessible to everyone immediately. Journal editors would compete to publish it, but publication would not be the end of the story: researchers could continue to update their papers for years afterwards. Nor would publication be the aim of the game: the incentives, recognition and reward systems would not depend on where a paper is published, but rather on its contents and the extent to which it advances knowledge.

            This is already starting to happen. The number of preprints is increasing daily, and most journals now facilitate the submission of papers to preprint servers via their own submission systems. Others have appointed preprint editors to screen preprints and solicit submissions, adopting scoop protection policies that commit them to disregarding, in their editorial decisions, any competing papers published after submission of the paper or preprint.

      • Programming/Development

        • On The Benefits of Static Trace Points

          Years ago IBM coined the term First Failure Data Capture (FFDC). Capture enough data about a failure, just as it occurs the first time, so that reproducing the failure is all but unnecessary. An observability framework is a set of tools that enable system administrators to monitor and troubleshoot systems running in production, without interfering with efficient operation. In other words, it captures enough data about any failure that occurs so that a failure can be root-caused and possibly even fixed without the need to reproduce the failure in vitro.

          Of course, FFDC is an aspirational goal. There will always be a practical limit to how much data can be collected, managed, and analyzed without impacting normal operation. The key is to identify important exceptional events and place hooks in those areas to record those events as they happen. These exceptional events are hopefully rare enough that the captured data is manageable. And the hooks themselves must introduce little or no overhead to a running system.

          The trace point facility

          The trace point facility, also known as ftrace, has existed in the Linux kernel for over a decade. Each static trace point is an individually-enabled call out that records a set of data as a structured record into a circular buffer. An area expert determines where each trace point is placed, what data is stored in the structured record, and how the stored record should be displayed (i.e., a print format specifier string). The format of the structured record acts as a kernel API. It is much simpler to parse than string output by printk. User space tools can filter trace data based on values contained in the fields (e.g., show me just trace events where "status != 0").

          Each trace point is always available to use, as it is built into the code. When triggered, a trace point can do more than capture the values of a few variables. It also records a timestamp and whether interrupts are enabled, and which CPU, which PID, and which executable is running. It is also able to enable or disable other trace points, or provide a stack trace. Dtrace and eBPF scripts can attach to a trace point, and hist triggers are also possible.

          Trace point buffers are allocated per CPU to eliminate memory contention and lock waiting when a trace event is triggered. There is a default set of buffers ready from system boot onward. However, trace point events can be directed into separate buffers. This permits several different tracing operations to occur concurrently without interfering with each other. These buffers can be recorded into files, transmitted over the network, or read from a pipe. If a system crash should occur, captured trace records still reside in these buffers and can be examined using crash dump analysis tools.

        • With SiFive, We Can Change the World

          My quest is to build beautiful things that help change the world, and I’ve been fortunate to spend the last 15 years in Silicon Valley, working with some of the major players shaping all sorts of technology. Today, I’m super excited to join SiFive - the company I believe is best positioned to transform the silicon industry, to lead the Platform Engineering team. With experience building and leading large-scale production systems that power our industry, I’m looking forward to making the dream of customized chips a reality with SiFive’s amazing team of engineers.

          The end of Moore’s Law is a profound time, leading to new accelerators, new demand for custom ASICs, and new opportunities - and I believe that it is time for the semiconductor industry to change its approach to innovation. This industry has been defined by proprietary technologies that are difficult to use, don’t interoperate well, and have poor user experience. I believe that open tooling, world class engineering, and a focus on end-to-end user experience can transform the industry. Similarly, the RISC-V architecture pro-vides unique opportunities for SoC customization at every level. This is only possible with SiFive’s ambi-tious design methodology, which is unmatched in the industry.

          My background includes experience creating and leading a number of large-scale technologies, including compiler technologies like the LLVM Compiler Infrastructure project, the Clang C and C++ compiler, the MLIR machine learning infrastructure, and others. I also spearheaded the creation of Swift - a program-ming language that powers Apple’s ecosystem - and led a team at Tesla that applies a wide range of tech in the autonomous driving space. Most recently, I built and managed an array of AI-related compiler, runtime, and programing language teams for Google Brain and TensorFlow.

        • LLVM Founder Chris Lattner Joins SiFive To Lead Platform Engineering

          This move for Chris comes after serving at Apple more than a decade where he led their LLVM-based toolchain efforts as well as developing the Swift programming language, a brief stint at Tesla focusing on their Autopilot software, and then for the past two and a half years has been at Google. At Google is where he was working on TensorFlow and the Machine Learning IR and other compiler-related efforts.

        • Squashing Django Migrations

          The Django migration system is great for modifying your database schema after a database is live. If you’re like me, you quickly end up with many 10s or 100s of migrations.

        • Episode 2 - Writing README files

          Modern day added formatting. Mostly Markdown, sometimes Restructured Text.

        • Three guys on math
        • Excellent Free Tutorials to Learn Scratch

          Scratch is a visual programming language developed by the Lifelong Kindergarten Group at the MIT Media Lab. Scratch teaches programming concepts to kids, offering a stepping stone to more complicated programming languages. Coding includes dragging and dropping various code blocks and linking them together like jigsaw pieces to form logical scripts. While the MIT Media Lab designed this language for 8-16 year-old children, it’s used by people of all ages.

          Scratch has received many plaudits as an ideal way to introduce kids to computer programming and computational thinking. It’s a fantastic beginner’s language. Scratch is often used to make games, interactive stories, and animations, but it can be used for any purpose. The language uses event-driven programming with multiple active objects. The language helps students to think creatively, reason logically, and work together. The language is frequently used in schools, libraries, community centers, and museums.

          Scratch is released under an open source license.

        • 'Trust no one' is good enough for the X Files but not for software devs: How do you use third-party libs and stay secure, experts mull on stage

          In a chilly conference room at the San Francisco's Hyatt Regency on Monday, legal and digital security pros convened at USENIX's Enigma conference to hold forth on security, privacy, and related matters.

          Following a discussion panel on encrypted messaging, the talk turned to mitigating the risks that come with using third-party code, external vendors, and crowdsourced advice.

          Those risks became more apparent in the security problems spotted in a series of software libraries over the past few years.

          In August last year, a Ruby software package called rest-client was found to be sending credentials to a remote server. In November, 2018, the NPM module event-stream was modified to steal cryptocurrency. There were similar incidents in July last year involving the NPM module electron-native-notify and in September, 2017, when the PyPI, the repository for Python software packages, was found to be hosting malicious software libraries.

        • Technical Debt is Soul-crushing

          The problem starts when companies forget to pay off the debt and let it accumulate and pile up. For good software developers, it is totally demoralizing to work on products that have high tech debt. This aspect isn’t often talked about but it’s effects are very real. Simple things like changing a title tag of a webpage page takes up a whole day because the logic was scattered in five different files. At the end of the day, it’s not a great feeling that it took so much time for a small task. It’s even more upsetting when they have to explain it to their managers, colleagues or the product team why it took so long. Troubleshooting a bug is not just difficult but also painful. Jeff Atwood called it a major disincentive to work on a project: [...]

        • Against unnecessary databases

          In this post, I want to start sharing some of the design principles I discovered for making these scripts robust, generic and flexible. This is part of a series on building your own 'data mirror', and there are also more posts to follow!

        • An update on bradfitz: Leaving Google

          After ~12.5 years at Google and ~10 years working on Go (#golang), it's time for me to do something new. Tomorrow is my last day at Google.

          Working at Google and on Go has been a highlight of my career. Go really made programming fun for me again, and I've had fun helping make it. I want to thank Rob Pike for letting me work on Go full time (instead of just as a distraction on painfully long gBus rides) as well as Russ Cox and Ian Lance Taylor and Robert Griesemer and others for all the patience while I learned my way around. I've loved hacking on various packages and systems with the team and members of the community, giving a bunch of talks, hanging out in Denver, Sydney, MTV, NYC, at FOSDEM and other meet-ups, etc. While I've learned a bunch while working on Go, more excitingly I discovered many things that I didn't know I didn't know, and it was a joy watching the whole team and community work their (to me) magic.

        • 'I am done with open source': Developer of Rust Actix web framework quits, appoints new maintainer

          The maintainer of the Actix web framework, written in Rust, has quit the project after complaining of a toxic web community - although over 100 Actix users have since signed a letter of support for him.

          Actix Web was developed by Nikolay Kim, who is also a senior software engineer at Microsoft, though the Actix project is not an official Microsoft project. Actix Web is based on Actix, a framework for Rust based on the Actor model, also developed by Kim.

          The web framework is important to the Rust community partly because it addresses a common use case (development web applications) and partly because of its outstanding performance. For some tests, Acitx tops the Techempower benchmarks.

          The project is open source and while it is popular, there has been some unhappiness among users about its use of "unsafe" code. In Rust, there is the concept of safe and unsafe. Safe code is protected from common bugs (and more importantly, security vulnerabilities) arising from issues like variables which point to uninitialized memory, or variables which are used after the memory allocated to them has been freed, or attempting to write data to a variable which exceeds the memory allocated. Code in Rust is safe by default, but the language also supports unsafe code, which can be useful for interoperability or to improve performance.

        • Chinese academic suspended for copying programming language
        • Perl / Raku

          • LANraragi v.0.6.8 - Cool Cat

            LANraragi is a web application for archival and reading of manga/doujinshi. It's lightweight and Docker-ready for NAS/servers. There is even a standing offer from the author to send out a free sticker pack for the first person to run the linux/s390x docker image on a real IBM System 390.

          • Making YAML.pm, YAML::Syck and YAML::XS safer by default

            Several YAML modules allow loading and dumping objects. When loading untrusted data, this can be a security vulnerability, if this feature is enabled.

          • 2020.04 Almost Springtime

            Damian Conway is back from sabbatical: in the second week of March, they will be giving some very interesting courses in Switzerland: Presentation Skills courses, redesigned language-neutral versions of the “API Design”, “Better Coding Practices” courses and a free half-day seminar on Raku on 12 March!

        • Python

          • Python Community Interview With Kelly and Sean of Teaching Python

            This week I’m joined by Kelly Paredes and Sean Tibor, the hosts of the Teaching Python podcast. Join us as we discuss the benefits of learning Python outside of the code itself, and what it’s like to learn Python when you’re not planning to become a professional developer. So, without further ado, let’s meet Kelly and Sean!

          • Announcing Mu version 1.0.3

            We didn’t intend to cut this release but changes in the way the latest OSX works meant that code highlighting didn’t work correctly. We also managed to apply a fix to an annoying bug relating to where Mu set the current working directory for scripts run in Python3 mode.

            OSX Catalina has posed a number of problems, from the incorrect rendering mentioned above, to the way the application should be installed and problems with permissions when flashing a BBC micro:bit.

            The simple answer to the installation story is, once you’ve installed Mu in your Applications folder, you should first open it with CTRL-click (not a double click) and select the “Open” button in the resulting pop-up. Subsequent runs of Mu can be started in the usual “double click” way. If you don’t do the “CTRL-click” trick you’ll see a pop-up complaining about Mu not being checked for malicious software.

          • Mike Driscoll: PyDev of the Week: Thomas Wouters

            I’m a self-taught programmer, a high school dropout, a core CPython developer, and a former PSF Board Director from Amsterdam, The Netherlands. I’ve been playing with computers for a long time, starting when my parents got a Commodore 64 with a couple books on BASIC, when I was 6 or 7. I learned a lot by just playing around on it. Then in 1994 I discovered the internet, while I was still in high school. This was before the days of the World Wide Web or (most) graphics, but I was sucked in by a programmable MUD, a text-based “adventure” environment, called LambdaMOO. LambdaMOO lets you create your own part of the world by making rooms and objects, and programming their behaviour, in a programming language that was similar to Python (albeit unrelated to it). One thing led to another and I dropped out of high school and got a job at a Dutch ISP (XS4ALL), doing tech support for customers. A year later I moved to the Sysadmin department, where I worked for ten years. I gradually moved from system administration to programming, even before I learned about Python.

            Besides working with computers I also like playing computer games of all kinds, and non-computer games like board games or card games. I do kickboxing, and I have a bunch of lovely cats, about whom I sometimes tweet. I’m pretty active on IRC as well, and I’m a channel owner of #python on Freenode. I also keep ending up in administration-adjacent situations, like the PSF Board of Directors and the Python Steering Council, not so much because I like it but because I don’t mind doing it, I’m apparently not bad at it, and it’s important stuff that needs to be done well.

          • Dividing Deep Into Enhancing Photos With Python

            Python is the most reliable and renowned content management system for websites of any kind to create dynamically attractive web resources for their uses.

            Python has got everything that developers can ask for to provide reliable user experience to end consumers and develop the business online.

            For any website, maintaining the quality of the images becomes challenging because the high-quality image would result in the slow loading speed of the landing pages, which might result in poor user experience.

            There are many tools available online that can compress the images and makes them uploadable on the website. However, the resulted images would often lose all the visual appeal after they are compressed through an online tool.

          • Text Translation with Google Translate API in Python

            Unless you have been hiding under a rock, you have probably used Google Translate on many occasions in your life. Whenever you try to translate a word or a sentence from a certain language to another, it is the Google Translate API which brings you the desired results in the background. Though you can translate anything by simply going to the Google Translate web page, you can also integrate Google Translate API into your web applications or desktop programs. The best thing about the API is that it is extremely easy to set up and use.

            You can actually do a lot of things with the help of the Google Translate API ranging from detecting languages to simple text translation, setting source and destination languages, and translating entire lists of text phrases. In this article, you will see how to work with the Google Translate API in the Python programming language.

          • Python Modules and Packages: An Introduction

            In this course, you’ll learn about Python modules and Python packages, two mechanisms that facilitate modular programming.

            Modular programming is the process of breaking a large, unwieldy programming task into separate, smaller, more manageable subtasks or modules. Individual modules can then be put together like building blocks to create a larger application.

            Learn how to write and import modules so you can optimize the structure of your own programs and make them easier to maintain and grow.

          • PyCoder’s Weekly: Issue #405 (Jan. 28, 2020)
          • Why Should You Use typing In Python?

            I am using typing at my work project and now trying to use it for my personal or freelance projects only if it is not a one-time script. No sense to invest time in the 15-minute thing. And why you should use it too. Lots of people like Python because it provides a fast way to build software. But on the other hand, after some time of the team development, it can be hard to understand the code for the team members. Especially, for the new ones. I do personally believe that it increases the readability of the code. Seems to me that it is even more about self-documenting the code, not about the type checking. However, yes, it helps to find some obvious bugs. My favorite example is a variable called data. Is it a list? Or maybe a dict? Or maybe something custom? Looks like that you need to invest some time in figuring this out. And probably repeat it one more time in a month or two.

          • Text Classification with BERT Tokenizer and TF 2.0 in Python

            This is the 23rd article in my series of articles on Python for NLP. In the previous article of this series, I explained how to perform neural machine translation using seq2seq architecture with Python's Keras library for deep learning.

            In this article we will study BERT, which stands for Bidirectional Encoder Representations from Transformers and its application to text classification. BERT is a text representation technique like Word Embeddings. If you have no idea of how word embeddings work, take a look at my article on word embeddings.

            Like word embeddings, BERT is also a text representation technique which is a fusion of variety of state-of-the-art deep learning algorithms, such as bidirectional encoder LSTM and Transformers. BERT was developed by researchers at Google in 2018 and has been proven to be state-of-the-art for a variety of natural language processing tasks such text classification, text summarization, text generation, etc. Just recently, Google announced that BERT is being used as a core part of their search algorithm to better understand queries.

            In this article we will not go into the mathematical details of how BERT is implemented, as there are plenty of resources already available online. Rather we will see how to perform text classification using the BERT Tokenizer. In this article you will see how the BERT Tokenizer can be used to create text classification model. In the next article I will explain how the BERT Tokenizer, along with BERT embedding layer, can be used to create even more efficient NLP models.

            Note: All the scripts in this article have been tested using Google Colab environment, with Python runtime set to GPU.

          • PyCharm 2020.1 EAP starts now

            There are two types of people in the world: those who can wait to open a package they’ve received, and people like me, who need to see what’s inside this very second.

            PyCharm isn’t delivered in the mail though, and that’s why we have something even better for impatient people. The early access program (EAP) shows you what’s in the package a couple months before you get it. Take a sneak peek, and get PyCharm’s first EAP now!

          • Webinar Recording: “Advanced Debugging in PyCharm”

            Last week we held a special webinar for “Advanced Debugging in PyCharm”. Special how? In person, in the St. Petersburg office, with the two PyCharm team members in charge of the debugger, and a huge webinar audience. The recording is now available.

  • Leftovers

    • Europe’s easternmost city Photos of life in Vorkuta, one of Russia's fastest dying cities

      The town of Vorkuta, situated in the permafrost belt about 110 miles from the Arctic Ocean, was founded by the Vorkuta River after large coal deposits were discovered in the area. The first detachment of prisoners was dispatched to the spot in the early 1930s, and they soon constructed a workers’ settlement known as Rudnik. By the start of the Stalinist Terror, the area was already home to one of the biggest and harshest camps in the Soviet Gulag: Vorkutlag (which included the Rechlag camp for political prisoners). In 1943, the many settlements around the coal mines, where the high salaries also attracted workers from across the USSR, were reorganized into the town of Vorkuta, now Europe’s easternmost city.

    • Sunset’s Soon
    • At 51, ultraconservative Russian Orthodox figurehead Vsevolod Chaplin has died. Here’s how his critics will remember him.

      On January 26, Vsevolod Chaplin died in Moscow at age 51. He was among the most publicly visible and controversial members of the Russian Orthodox clergy. Initial reports indicate that Chaplin had a heart attack immediately outside the entrance to the Cathedral of St. Fyodor the Studite, where he had been archpriest since 2016. Between 2009 and 2015, Chaplin essentially served as the spokesperson for the entire Russian Orthodox Church. When he was dismissed from that post, the clergymen threw in his lot with the opposition — specifically, with its most extreme right-wing and left-wing members. Alexey Kovalev asked Biblical Studies scholar Andrey Desnitsky and political analyst Alexey Makarkin, who frequently clashed with Chaplin, to illustrate his often self-contradictory character and the way his views shifted from liberalism to extreme conservatism.

    • Bryant's Pilot May Have Gotten Lost in the Fog

      Coroner’s officials worked to recover victims’ remains Monday from the hillside outside Los Angeles where a helicopter carrying former NBA superstar Kobe Bryant and eight others crashed in a wreck that aviation experts said may have been caused by the pilot becoming disoriented in the fog.

    • Science

      • Darktable 3:RGB or Lab? Which Modules? Help!

        Pushing pixel values in either direction is one thing. Merging the corrections so they blend seamlessly together on the whole is another. We’ve seen that Lab or non-linear RGB allow the pixels to be pushed more or less correctly, but that it is always when doing mask blending (aka occlusion) and feathering (aka blurs) that we’re paying the price. It turns out there are a lot of blurs under the hood of darktable, sometimes where you don’t expect them. It’s especially problematic when you’re compositing, e.g. inlaying one image within another, to exchange their background without touching the foreground. And it’s precisely this kind of manipulation that led the movie industry to migrate to a scene-referred linear workflow about twenty years ago.

        So darktable is in transition. It’s long, it’s sometimes painful, there are a lot of little bits to change in different places along with grumbling users who are hungry for consistency. At least now you know the why and the how. You also know what you have to win. I hope this helps you move forward.

        For new users, limit yourself to the above recommended modules, and venture further when you begin to be comfortable. For older users, the new modules have a lot to offer to you, but old Lab modules are still relevant for moderate creative effects and when used with knowledge of their dangers.

    • Education

      • Adani and the Purpose of Education

        Recently, Survival International, the organization that campaigns with ‘tribal peoples,’ ran a story about the Indian conglomerate, Adani Group, setting up a Tribal Residential School for children in Bankishole, Baripada, in Mayurbhanj District in Odisha State – a region in Eastern India known for its tribal communities. Adani is best recognized internationally for its mining activities, particularly its recent struggle to get a mine authorized in coal-addicted Australia in the face of massive popular protests.

    • Health/Nutrition

      • Giving Cover to the Abuses of Big Ag

        A recent commentary promoting agriculture by Brenden Weiner of the Gallatin Valley Land Trust was full of misinformation.

      • Trump’s EPA Is a Huge Cancer Risk

        Industry-friendly regulators are letting chemical companies flood the country with toxins. It should be a scandal.

      • Stocks Tumble as Virus Fears Spark Sell-Off

        U.S. stocks fell sharply Monday, sending the Dow Jones Industrial Average down by more than 450 points, as investors grappled with fresh worries about the spread of a new virus in China that threatens global economic growth.

      • 'Shameful. Disgusting. Disgraceful.': Outrage After Supreme Court Allows Trump's Public Charge Rule to Take Effect

        "The Trump administration's policy could quite literally kill people by making them too afraid to seek life-saving medical care, and the Supreme Court seems to agree such a cruel system is acceptable."

      • Medicare for All 'Is What Patients Need': New Harvard Study Shows Even Those With Private Insurance Can't Afford Care

        "When so many people can't get the care they need even when they have insurance coverage, it says that insurance is not doing what it is supposed to do: ensure that healthcare is affordable when you need it."

      • Gwyneth Paltrow’s Goop Is a Product of Our Crappy Health Care System
      • What Barry Commoner's Four Principles of Ecology Has to Do With China's Coronavirus

        "The present system of production is self-destructive; the present course of human civilization is suicidal."

      • Trump's EPA Poses Huge Cancer Risks

        Earlier this month, President Trump claimed credit€ for new figures from the American Cancer Society showing€  “the sharpest one-year drop in cancer death rate ever recorded” between 2016 and 2017.

      • Trump Steps Up Attacks on Reproductive Rights Amid Impeachment Trial

        Donald Trump on Friday became the first sitting president in U.S. history to attend the so-called March for Life, the annual anti-abortion rally held in Washington, D.C., that draws thousands of participants. President Trump — who once described himself as “pro-choice in every respect” — accused Democrats of infanticide and falsely stated that Virginia Governor Ralph Northam supports an abortion bill that would “execute a baby after birth.” The March for Life began in 1974 in response to the landmark 1973 Supreme Court ruling in Roe v. Wade, which guaranteed the constitutional right to abortion. Past U.S. presidents who opposed abortion considered the march too extreme and divisive to attend, and instead sent surrogates or recorded video messages. The same day that Trump addressed anti-abortion activists in Washington, his administration threatened to cut off federal funding for some health programs in California unless the state ends its requirement that private health insurers cover abortions. California Governor Gavin Newsom said the state would not change its policy. Trump’s Education Secretary Betsy DeVos also recently compared anti-abortion activism to the fight to end slavery. We speak with Fatima Goss Graves, president and CEO of the National Women’s Law Center.

      • Why cancer-spotting AI needs to be handled with care

        These days, it might seem like algorithms are out-diagnosing doctors at every turn, identifying dangerous lesions and dodgy moles with the unerring consistency only a machine can muster. Just this month, Google generated a wave of headlines with a study showing that its AI systems can spot breast cancer in mammograms more accurately than doctors.

        But for many in health care, what studies like these demonstrate is not just the promise of AI, but also its potential threat. They say that for all of the obvious abilities of algorithms to crunch data, the subtle, judgment-based skills of nurses and doctors are not so easily digitized. And in some areas where tech companies are pushing medical AI, this technology could exacerbate existing problems.

      • Veterans group demands Trump apologize for shrugging off soldiers’ brain injuries as “headaches”

        Veterans of Foreign Wars, a prominent veterans group with more than 1.1 million members, called on the president to apologize for his comments.

        "TBI is a serious injury and one that cannot be taken lightly. TBI is known to cause depression, memory loss, severe headaches, dizziness and fatigue — all injuries that come with both short- and long-term effects," VFW National Commander William "Doc" Schmitz said in a statement. "The VFW expects an apology from the president to our servicemen and women for his misguided remarks, and we ask that he and the White House join with us in our efforts to educate Americans of the dangers TBI has on these heroes as they protect our great nation in these trying times. Our warriors require our full support more than ever in this challenging environment."

    • Integrity/Availability

      • Proprietary

        • FilelistCreator is a directory printer for Windows, macOS and Linux

          Many people organize their data into folders to quickly find what they want. The Windows operating system comes with default folders for images, videos, and downloads for example that many users of Windows use.

          Windows does not really provide good easily accessible options to compare the contents of two folders; this is especially the case if root folders contain hundreds of even thousands of files and folders.

        • Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender

          A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.

          Last week, FireEye released a report about new attacks exploiting the now patched Citrix ADC vulnerability to install the new Ragnarok Ransomware on vulnerable networks.

          When attackers can compromise a Citrix ADC device, various scripts would be downloaded and executed that scan for Windows computers vulnerable to the EternalBlue vulnerability.

          If detected, the scripts would attempt to exploit the Windows devices, and if successful, inject a DLL that downloads and installs the Ragnarok ransomware onto the exploited device.

        • Apple is attending a meeting in Washington on Monday as a Board Member of the CARIN Alliance on Health Record Sharing

          The CARIN Alliance is meeting with the Office of Management and Budget (OMB) on Monday, January 27, 2020 at 3:00 pm ET in Washington, D.C., and representatives from Apple and Microsoft will be attending via phone. Apple is an official CARIN Alliance Board Member and what transpires on Monday could affect Apple's work positively regarding their Health Record-Sharing Platform beyond their current work with the U.S. Department of Veterans Affairs.

        • Big tech CEOs are learning the art of the filibuster

          But it’s clear that as prevailing sentiment about big tech companies has darkened, tech CEOs see increasingly little value in having meaningful public conversations. Instead, they grit their teeth through every question, treating every encounter as something in between a legal deposition and a hostage negotiation.

          We saw this in 2018, when the New Yorker profiled Mark Zuckerberg. We saw it again last year, when Jack Dorsey went on a podcast tour. At some point this year Tim Cook will probably give a zero-calorie interview to someone, and if it’s a slow-enough news day I’ll write this column for a fourth time.

        • Pseudo-Open Source

          • Openwashing

            • BT’s ‘open source’ approach will challenge Huawei’s dominance

              BT is seeking to challenge the dominance of Huawei over the industry by throwing its weight behind a new “open source” approach to buying essential network gear, the chief executive of Openreach has claimed.

              Clive Selley, who runs BT’s separate Openreach broadband business, said the company was seeking to push back against the existing industry structure in which a handful of suppliers, including China’s Huawei, Sweden’s Ericsson and Finland’s Nokia, hold too much power over a highly consolidated market.

              “We are trying to challenge them,” he told The Telegraph in an interview last week.

              “Because what you really want is a mix and match approach. We are trying to provoke the industry to move in that direction – more ability to mix and match [suppliers].”

            • Cloudera: Extract Benefit From All Your Data And Work Across Clouds

              We have tracked Cloudera from the very beginning and have watched as it has continually innovated in ways that help both enterprises and the open source community deliver more value. They started off on a mission to make Hadoop safe for the enterprise and then built upon that solid foundation to create full spectrum solutions for data management, security, machine learning and advanced analytics that will work on-prem, in the cloud or across hybrid clouds while maintaining security and business context of the data.

            • Hydro Protocol open-sources its most useful tools for interacting with Ethereum

              The team of Hydro Protocol, an open-source framework for building decentralized exchanges, has now open-sourced three project libraries it found most useful for interacting with the Ethereum blockchain.

              Beyond the three libraries open-sourced today, Hydro Protocol says more will be coming in the months ahead in an effort to give back to the community.

              Listed below are the first three libraries open-sourced. Utilized by the Hydro Protocol team daily, the tools could be useful to a wide spectrum of blockchain developers and enthusiasts.

            • H2O.ai Empowers MarketAxess to Innovate and Inform Trading Strategies

              H2O.ai, the open source leader in artificial intelligence (AI) and machine learning (ML), today announced that its open source platform, H2O, provides critical machine learning capabilities to MarketAxess, the operator of a leading electronic trading platform for fixed-income securities and the provider of market data and post-trade services for the global fixed-income markets. MarketAxess’ Composite+, powered by H2O open source, delivers greater insight and price discovery in real-time, globally, for over 24,000 corporate bonds. Composite+ has won several awards for its use of AI including the Risk Markets Technology Award for Electronic Trading Support Product of the Year and the Waters Technology American Financial Technology Award for Best Artificial Intelligence Technology Initiative.

          • Privatisation/Privateering

            • Linux Foundation

              • XCP-ng Joins the Xen Project as an Incubation Project

                Today, the Xen Project is happy to welcome XCP-ng as an incubation project. XCP-ng is a fully open-source virtualization platform and is a result of the massive cooperation between individuals as well as companies. XCP-ng fits well into the Xen Project ecosystem for many reasons. In the past, the Xen Project was primarily focussed on providing code to system integrators, such as distros. Consequently, the project never connected well with it’s end-user community. XCP-ng includes some key features inherited from Xen Project as the ability to live migrate VMs without interruption, scalability and security but also brings a whole new ecosystem as a modern Web-ui (Xen Orchestra), compatibility with recognized solution on the market (eg. Netdata) and turnkey installer to ease the adoption. XCP-ng provides a central, validated distribution that delivers Xen. Why is this important? It’s a streamlined way for users to gain access and creates a default go-to solution for the community. The inclusion of XCP-ng with its large and active user community into the Xen project creates a bridge between users and developers. The healthy flow of knowledge sharing ensures input from end-users gets incorporated into new releases.

              • Intel Now Part Of CHIPS Alliance

                Intel has joined CHIPS Alliance, the consortium advancing common and open hardware for interfaces, processors and systems. To foster broad adoption, Intel said it is contributing the Advanced Interface Bus (AIB) to CHIPS Alliance.

                CHIPS Alliance is hosted by the Linux Foundation to foster a collaborative environment to accelerate the creation and deployment of open SoCs, peripherals and software tools for use in mobile, computing, consumer electronics and IoT applications.

                Intel is joining CHIPS Alliance to share the Advanced Interface Bus (AIB) as an open-source, royalty-free PHY-level standard for connecting multiple semiconductor die within the same package. This effort should encourage an industry environment in which silicon IP can be developed using any semiconductor process as a “chiplet,” and easily integrated with other chiplets into a single device to deliver new levels of functionality and optimization, the consortium said.

              • New Collaboration Brings Increased Open Source Security Support and Assurances to Software Developers

                The Linux Foundation, the nonprofit organization enabling mass innovation through open source, and the Open Source Technology Improvement Fund (OSTIF) today announced a strategic partnership to advance security for open source software (OSS) that has become critical to the world’s infrastructure.

                The organizations will bring together and build on a depth of their experience supporting security audits for widely deployed open source communities. This formal and strategic agreement will allow the Linux Foundation to augment its work on security audits, of which it has already invested more than $1m across more than 20 security audits for open source projects to date, by including audit sourcing experts through OSTIF’s network. OSTIF will share the resources available through the Linux Foundation’s Community Bridge, a funding and support ecosystem for developers and projects, with its community to help fundraise for new audits.

                “The Linux Foundation’s ability to fundraise across industries to support thousands of developers around the world is unprecedented,” said Amir Montazery, vice president of development at OSTIF. “The Linux Foundation is a pioneer in open source software and one of the few organizations taking the actions required to truly support it for generations to come. We are excited to join forces and increase our collective impact on improving critical software.”

                As part of the strategic partnership, The Linux Foundation will appoint Mike Dolan, vice president of strategic programs, to the OSTIF Advisory Board.

              • How open, trusted edge can help improve data sharing and monetization

                Data is valuable only insofar as you can trust it. If you can’t be confident about its origin or contents, then the information isn’t worth much.That’s a big problem for businesses eyeing the 5G future and developing strategies for monetizing data generated at the edge. Project Alvarium, formed under the Linux Foundation, aims to help organizations disrupt today’s edge business model by quantifying the privacy, accuracy, and security of data flowing into their networks using trust fabrics.

                [...]

                “The concept of a trust fabric will increasingly become critical in order to make reliable and non-damaging business decisions due to the ever-increasing volume and velocity of edge data, as well as the increasing risk of tainted data going undetected,” said Michael Morton, chief technology officer at Boomi.

                Project Alvarium doesn’t reinvent the trust insertion technologies that make up a DCF. Rather, the project focuses on system-level trust, unifying existing and emerging technologies under a framework with open APIs to create refined confidence scoring algorithms.

          • Entrapment (Microsoft GitHub)

            • The Surface Duo SDK is now available for macOS and Linux
            • Microsoft releases open source source code analyzer

              Looking to aid developers who rely on external software components, Microsoft has introduced a source code analyzer, Microsoft Application Inspector, to help surface features and other characteristics of source code.

              Downloadable from GitHub, the cross-platform command-line tool is designed for scanning components prior to use to assist in determining what the software is or what it does. The data it provides can be useful in reducing the time needed to determine what software components do by examining the source code directly rather than relying on documentation.

        • Security

          • Mushtik botnet now shopping for Tomato routers

            A new variant of the Mushtik botnet has been found attacking routers using the open-source Tomato router firmware with about 4.600 routers currently exposed on the internet.

            Musthtik has been operating since March 2018 using a worm-like propagating ability to infect and harvest Linux servers and IoT devices. The good news is the new variant uses its botnet for only a few tasks, cryptocurrency mining as to launch DDoS attacks and it has not been spotted injecting any additional malware onto a system, said Palo Alto Networks Unit 42.

            [...]

            “Botnet developers are increasingly compromising IoT devices installed with the open source firmware, which often lack the security updates and maintenance patches necessary to keep devices safeguarded. End users should be cautious when installing open source firmware and must follow the security guidelines in the firmware manual,” Unit 42 said.

          • Fugue open sources Regula, security and compliance tool for Terraform

            Working with Terraform infrastructure-as-code can sometimes be a bit of a headache when it comes to tracking security misconfigurations and compliance violations, but now Fugue has open sourced their Regula tool to assist engineers with maintaining vigilance. Let’s take a closer look.

            Last week, cloud infrastructure security and compliance solution provider Fugue open sourced one of their tools called Regula. From the press release, it “is a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment. Regula rules are written in Rego, the open source policy language employed by the Open Policy Agent project and can be integrated into CI/CD pipelines to prevent cloud infrastructure deployments that may violate security and compliance best practices.”

          • Security updates for Tuesday

            Security updates have been issued by Debian (iperf3, openjpeg2, and tomcat7), Mageia (ansible, c3p0, fontforge, glpi, gthumb, libbsd, libmediainfo, libmp4v2, libqb, libsass, mbedtls, opencontainers-runc, php, python-pip, python-reportlab, python3, samba, sysstat, tomcat, virtualbox, and webkit2), openSUSE (java-11-openjdk, libredwg, and sarg), Oracle (sqlite), Red Hat (libarchive, nss, and openjpeg2), Scientific Linux (sqlite), SUSE (nodejs6), and Ubuntu (cyrus-sasl2, linux, linux-aws, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-oem, mysql-5.7, mysql-8.0, tcpdump, and tomcat8).

          • Hacker Releases 500,000 IoT Credentials

            One of the biggest issues that IoT has is keeping everything secure. Putting devices online is a double-edged sword: it allows benevolent useful services to connect to it, but it can also allow malicious agents to harvest data from it.

            This was proven a few days ago when a list of 500,000 IoT credentials made their way onto the Internet. The list was posted on a hacker forum for anyone to see and use.

          • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

            • More 2020 Trends for Open Source and SCA [Ed: In order to sell its proprietary software, Flexera is -- as usual -- badmouthing FOSS security]

              A review of the National Vulnerability Database (NVD) shows the number of vulnerabilities contributed to the database is increasing year over year. Let’s be clear. This doesn’t mean that code development is getting worse. To the contrary, the industry is doing a better job of paying attention to finding and reporting issues and, in addition, to finding fixes that address problems. We see this as a trend that will continue into 2020 and beyond.

              Likewise, developers are spending a significant amount of time both reviewing and remediating vulnerabilities as opposed to innovating and improving their applications. Technical debt is more than ever moving to the forefront of application development as engineers are dealing with security issues that were once dormant or unknown but because of raised awareness are now being discovered.

            • The Risks and Potential Impacts Associated with Open Source [Ed: DevOps site gives a platform to Black Duck -- a Microsoft-connected FUD arm against FOSS]
          • Privacy/Surveillance

            • Letter To Judge Details Vault 7 Leaker's Post-Incarceration Leaking

              The accused leaker of CIA phone hacking tools -- the "Vault 7" collection released by Wikileaks in early 2017 -- is still awaiting trial. To pass the time, alleged leaker Joshua Schulte is suing the government for $50 billion and, apparently, generating a whole lot of evidence against himself.

            • Clearview’s Face Surveillance Shows Why We Need a Strong Federal Consumer Privacy Law

              The New York Times’ recent story on Clearview AI, maker of a secretive facial recognition app that markets its product to law enforcement, has raised critical questions about what can be done to protect our privacy online. Clearview claims to have amassed a dataset of over three billion face images by scraping websites like Facebook, YouTube, and Venmo.

              The solution to the Clearview problem is clear: comprehensive federal privacy legislation that gives consumers real power over their data and real power to fight back.

            • The National Cyber Security Alliance’s Data Privacy Day Honeypot on StaySafeOnline.org

              I was preparing to do something for Data Privacy Day on January 28th, when I discovered something truly alarming…

            • Grindr and OKCupid Sell Your Data, but Twitter’s MoPub Is the Real Problem

              On January 15, a Norweigian Consumer Council (NCC) investigative report exposed the ways that Grindr, OKCupid, and eight other apps are collecting and sharing extremely sensitive personal data. Grindr in particular was sharing users’ age and location tied to a device ID that would allow trackers to match that information to a real identity.

              A third-party advertising company called MoPub, owned by Twitter, was responsible for much of the technology that Grindr used to collect and share data. In response to the NCC report, Twitter announced that it was suspending Grindr’s ad account pending an investigation into “the sufficiency of Grindr’s consent mechanism.”

            • Leaked Documents Expose the Secretive Market for Your Web Browsing Data
            • Wladimir Palant: Avast's broken data anonymization approach

              Avast used to collect the browsing history of their users without informing them and turn this data into profits via their Jumpshot subsidiary. After a public outcry and considerable pressure from browser vendors they decided to change their practices, so that only data of free antivirus users would be collected and only if these explicitly opt in. Throughout the entire debacle Avast maintained that the privacy impact wasn’t so wild because the data is “de-identified and aggregated,” so that Jumpshot clients never get to see personally identifiable information (PII).

              [...]

              How Amazon would deanonymize this data

              The example used by OndÅ™ej Vlček makes it very obvious who Avast tries to protect against. I mean, the address identifier they removed there is completely useless to me. Only Amazon, with access to their data, could turn that parameter value into user’s identity. So the concern is that Jumpshot customers (and Amazon could be one) owning large websites could cross-reference Jumpshot data with their own to deanonymize users. Their patent confirms this concern when explaining implicit private information.

              But what if Amazon cannot see that addressID parameter any more? They can no longer determine directly which user the browsing history belongs to. But they could still check which users edited their address at this specific time. That’s probably going to be too many users at Amazon’s scale, so they will have to check which users edited their address at time X and then completed the purchase at time Z. That should be sufficient to identify a single user.

              And if Jumpshot doesn’t expose request times to their clients or merely shows the dates without the exact times? Still, somebody like Amazon could for example take all the products viewed in a particular browser history and check it against their logs. Each individual product has been viewed by a large number of users, yet the combination of them is a sure way to identify a single user. Mission accomplished, anonymization failed.

              How everybody else could deanonymize this data

              Not everybody has access to the same amounts of data as Amazon or Google. Does this mean that in most scenarios Jumpshot data can be considered properly anonymized? Unfortunately not. Researchers already realized that social media contain huge amounts of publicly accessible data, which is why their deanonymization demonstrations such as this one focused on cross-referencing “anonymous” browsing histories with social media.

              And if you think about it, it’s really not complicated. For example, if Avast were collecting my data, they would have received the web address https://twitter.com/pati_gallardo/status/1219582233805238272 which I visited at some point. This address contains no information about me, plenty of other people visited it as well, so it would have been passed on to Jumpshot clients unchanged. And these could retrieve the list of likes for the post. My Twitter account is one of the currently 179 who’s on that list.

            • Big Tech joins up with Big Brother to turn your private health data into $38bn ‘public treasure’

              The US government has officially thrown its weight behind the rollout of FHIR, mandating in 2020 that all medical providers who receive government funding make patient data available through FHIR-compatible apps. This move cements an unspoken alliance between Big Tech and Big Brother that has repeatedly seen the former deployed to circumvent troublesome constitutional restrictions imposed on the latter. The government may not be able to violate Fourth Amendment provisions against unreasonable search and seizure, but if, say, the FBI wants access to a target’s health records, it no longer has to show up at their doctor’s office with a warrant – those records will be sitting in an unsecured corporate database on the cloud, if history isanyguide. Unless the medical records industry seriously overhauls its idea of what constitutes information security, patient data will be fair game for everyone from the NSA to the lowliest basement-bound [cracker].

              Americans’ health data is supposed to be protected under a law called HIPAA (Health Insurance Portability and Accountability Act) that, at least in theory, [...]

            • Find you lost keys anywhere with Amazon's 24-hour blowout on Tile trackers

              First up is a four pack of Tile Sticker for $40. That’s the all time low for this bundle, which often sells for $55 to $60. Tile Sticker is a small Bluetooth beacon that can be slapped on pretty much anything. It has a three-year battery life and a 150-foot range.

            • Confidentiality

              • Ring Doorbell App Packed with Third-Party Trackers

                Ring isn't just a product that allows users to surveil their neighbors. The company also uses it to surveil its customers.

                An investigation by EFF of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers’ personally identifiable information (PII). Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.

              • How Corporate Lawyers Made It Harder to Punish Companies That Destroy Electronic Evidence

                In the early 2000s, a series of civil lawsuits against giant corporations illustrated the disastrous consequences that could ensue if a defendant failed to provide electronic evidence such as company emails or records. In one suit against tobacco giant Philip Morris in 2004, U.S. District Judge Gladys Kessler concluded that the company deliberately deleted troves of emails that contained incriminating information. She fined the company $2.7 million for the breach, levied $250,000 fines against each of the company supervisors found culpable and barred them from testifying at the trial.

                Big corporations rallied for changes and got them. In 2006, the rules that govern federal litigation were changed to create a “safe harbor” that would protect companies from consequences for failing to save electronic evidence as long as they followed a consistent policy and, when put on notice of imminent litigation, preserved all relevant materials.

              • Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

                The Amazon-owned video doorbell uses third-party trackers to serve up rich data to marketers without meaningfully notifying users.

                Amazon’s Ring Doorbell app for Android is a nexus for data-harvesting, according to an investigation by the Electronic Frontier Foundation (EFF). Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn’t have a Facebook account.

    • Defence/Aggression

      • Americans Need to Hear More From Iranians, Here’s Where to Start
      • Saudi Arabia Outsources Cyber Arsenal, Buys Spyware, Experts Say

        While countries like Russia, China and North Korea have invested in developing powerful, tailored cyber weapons, Saudi Arabia has instead opted to purchase them, according to experts and former government officials.

        The Middle Eastern nation’s cyber arsenal is believed to be primarily composed of outsourced espionage tools, which it has combined with disinformation tactics on social media, they said.

      • Ten years on, the Arab Spring has only benefited the Islamists

        However, the rejection of Wahhabism inside Saudi Arabia and its use as a tool of soft power abroad — the Saudis spent tens of billions of dollars, starting in the 1970s, promoting it — is the most positive global ideological change since the fall of communism. From pop concerts to women driving, art exhibitions to mass tourism, the ending of sex segregation to the neutering of the religious police: for those of us who lived in the kingdom when Wahhabism hung over everything like a toxic cloud, the changes are breathtaking.

      • Pakistani Man Is Blinded By His Father, Brothers For Wanting A 'Love Marriage'

        Baqi's horrific tale illustrates that women are not the only victims in Pakistan of so-called "honor crimes" -- a scourge of violence that has included acid attacks, blinding, and murder by relatives of victims accused of dishonoring their families.

        Baqi says he was attacked after his 73-year-old father, Dost Mohammad, learned about his intention to marry the woman he loves. He says his father refused to consent to the marriage because the couple had gotten to know each other by speaking on the telephone during the previous three years.

    • Transparency/Investigative Reporting

      • Harry Dunn’s parents call for Prince Andrew to testify in return for Anne Sacoolas

        The future of transatlantic co-operation in criminal investigations will be discussed when the foreign secretary meets his US counterpart in London tomorrow.

        Dominic Raab will discuss the refusal of the US to extradite Anne Sacoolas to face charges over the death of Harry Dunn with the US Secretary of State Mike Pompeo at their bilateral dinner and talks.

        Mr Raab is also under pressure to withhold British co-operation in the case of Jeffrey Epstein — a convicted sex offender whose friendship with the Duke of York is of interest to the FBI — and to resist the extradition on espionage charges of Wikileaks founder Julian Assange.

    • Environment

      • The convergence: Third-world debt and the climate crisis are intimately connected

        Around the world, dozens of theoretically sovereign nations are hopelessly in debt to a global financial system that is rigged to benefit multinational corporations. Those corporations strip these places of all of their natural resources, like gold, diamonds, oil, bauxite and rare earth elements.

        And once the materials are extracted from the earth, they are sent to the cheapest place on the planet to mould them into sellable products — wherever has the most lax labor and environmental regulations at the moment. Then, to grow and protect the wealth generated by this process, they park their revenues in off-shore tax jurisdictions.

        And with their hidden billions, they leverage their financial power to protect the vast political and economic system that made this miserable scheme possible to begin with. You see their influence in our media, the academy, philanthropy, popular culture, and of coruse in our politics. Like the smog from the planet's burning forests, it covers everything and fills our lungs.

      • Louise Linton publicly calls out husband Steve Mnuchin for insulting teenage activist Greta Thunberg

        Former actress Louise Linton deleted an Instagram post praising teenage climate change activist Greta Thunberg, who her husband Treasury Secretary Steven Mnuchin publicly criticized last week for lacking a college degree.

        "I stand with Greta on this issue. (I don't have a degree in economics either.) We need to drastically reduce our use of fossil fuels. Keep up the fight @gretathunberg," Linton posted Saturday alongside a split-screen image of Thunberg and her husband. She later deleted the post.

        Mnuchin aroused controversy last week after he told reporters at the World Economic Forum in Davos, Switzerland, that he did not consider the outspoken Thunberg to be a legitimate critic of fossil fuel investments.

      • Amazon Employees Share Our Views on Company Business

        364 Amazon employees gave one or more quotes below.

      • Climate crisis offers a green business boom

        The tide is turning against the fossil fuel industry as countries and companies recognise the green business boom of alternative energy.

      • The Two Phenomena Transforming the Climate Conversation

        Let me betray my age for a moment. Some of you, I know, will be shocked, but I still read an actual newspaper. Words on real paper every day. I’m talking about the€ New York Times,€ and something stuck with me from the January 9th edition of that “paper” paper. Of course, in the world of the Internet, that’s already ancient history — medieval times — but (as a reminder) it came only a few days after Donald Trump’s drone assassination of Iranian Major General Qassem Suleimani.

      • 'Extremely Disappointing': New Analysis Offers Scathing Critique of Top Democrat's CLEAN Future Act

        "This framework should really be called the Dirty Future Act. In every way possible, Pallone's proposal fails to address the climate crisis."

      • Energy

      • Wildlife/Nature

    • Finance

    • AstroTurf/Lobbying/Politics

      • Slavs can yell at sneering cats, too An international meme goes to Russia and Ukraine

        Some memes last a day. Others live on for years, forever finding new quirks and variations to keep them floating across the interwebs. The Woman Yelling at a Cat meme, derived from a frame in The Real Housewives of Beverly Hills, falls into the latter category. In fact, Meduza’s readers Russian-speaking named this blond human-feline pair the best meme of 2019. It’s no wonder that the image’s recent ventures into high art have brought Russian and Ukrainian visual traditions right along with them.

      • Controversial former culture minister will lead history and humanities policy for Putin

        Former Culture Minister Vladimir Medinsky was excluded from the new cabinet composed by Russian Prime Minister Mikhail Mishustin. While Medinsky’s former subordinate, Olga Lyubimova, took over his portfolio, the ex-minister became an aide to President Vladimir Putin. On January 27, Kremlin Press Secretary Dmitry Peskov told journalists that in Medinsky’s new position, he will be charged with curating state policy on history and the humanities.

      • Leading by 9 in New Iowa Poll, Sanders Says His Campaign Is 'Worst Nightmare' of Trump and Billionaire Class

        "We got Wall Street nervous. We got the insurance companies nervous. We got the drug companies nervous. We got the fossil fuel industry nervous. We got the military-industrial complex nervous."

      • 'The Rich Have Class Solidarity': Bezos Party Features Billionaires Rubbing Shoulders With Trump Admin Officials, Journalists

        "This town, man."

      • 'Debate Her': As Progressive Democratic Challenger Jessica Cisneros Racks Up Endorsements, Incumbent Henry Cuellar Pretends She Doesn't Exist

        "Our people are waiting,€ Rep. Cuellar.€ Debate me."

      • Tom Perez Stacks 2020 Convention Committees With 'From the Swamp' Nominations

        Perez's nominations clearly show that the swamp seems in it to win for itself, regardless of the electoral outcome for the nation.

      • 'Time for Him to Do His Job': Public Urged to Press Chief Justice Roberts to Subpoena Witnesses Amid GOP 'Cover-Up'

        "Roberts' job is to preside over a fair trial, where relevant witnesses are heard from and jurors actually listen to the evidence. Right now, he's helping Republicans break the rules and cover for Trump. That has to end."

      • Corporate Crap That Doesn't Kill Bernie

        On January 19th the New York Times oddly co-endorsed Senators Elizabeth Warren and Amy Klobuchar for the Democratic presidential nomination. Two days later, the key New Hampshire primary showed Warren down four points. Bernie Sanders’ surge continued. What happened?

      • Young People Are Set to Make History With Bernie Sanders—If They Show

        The youth movement is on the ground in New Hampshire€  showing the nation how it's done.

      • Candidate Detention
      • 'Blow Up the Phones': Demands That #BoltonMustTestify Surge After New Revelations About Ukrainian Aid Freeze

        "We are citizens of the United States of America, and we must indeed unite together to stop this GOP cover-up."

      • Thank You, Adam Schiff

        For a job well done, the nation should be grateful. But…

      • Bernie Sanders, Joe Rogan, Human Rights Campaign, and Truth in Advertising

        On January 20, comedian and podcast host Joe Rogan mentioned that he’ll “probably vote for Bernie” Sanders in the Democratic Party’s presidential primary. Rogan cited Sanders’s decades of “consistency” as a “very powerful structure to operate from.”

      • Palestinians See Trump-Netanyahu Apartheid Plan as End of Oslo Peace Process and "Steal of the Century"

        Palestinians are under Israeli military rule and are being deprived of basic human rights, including the right to have citizenship in a state.

      • The Misuses of Antisemitism in the UK and the USA

        Britain and the USA have had close ties, echoes and parallels from our start, some very good, others nasty. One of the latter may now be threatening. Jeremy Corbyn’s rise in Labour Party leadership offered great hopes for a leftward turn in Britain, away from the worrisome policies of Boris Johnson.

      • Establishment Democrats Panic at Possibility Bernie Sanders Could Be 2020 Nominee

        "The knives are out."

      • The Challenge for Chile and the World
      • Democratic Party Elites Rig 2020 Convention Committees Against Sanders

        An array of lobbyists, corporate consultants, think tank board members, party operatives, and pro-Israel Democrats were nominated to the 2020 Democratic National Convention committees by Democratic National Committee Chair Tom Perez.

        Shadowproof editor Kevin Gosztola shared a thread that explored many of these individuals. Quite a few have connections to Bill and Hillary Clinton’s presidential campaigns. Very few have any connection to Senator Bernie Sanders’ 2016 presidential campaign.

      • Establishment Democrats Are Terrified of a Sanders Win in Iowa

        Bernie Sanders was off the campaign trail over the weekend, stuck in the Senate for impeachment hearings, but if polling is any indication, that didn’t stop his campaign’s momentum. A New York Times/Siena College poll of Iowa Democratic voters shows 25% of respondents would vote for Sanders in the Iowa caucus on Feb. 3. A poll from Boston’s Emerson College of Iowa Democrats and independents found 30% of respondents planning to vote for him.

      • Trump Bought Off the Impeachment Jury With Tax Cuts While Hinting at Bigger Ones

        It’s long been obvious that Republican senators have little interest in serving as impartial jurors in the impeachment trial of Donald Trump. While there is a raft of motivations for such historic perfidy — with several GOP senators politically benefiting from some of the same corrupting influences — one under-examined, non-Russian reason is personal greed.

      • Help Us Cover the Election With Electionland 2020

        We’re 10 months away from the 2020 election. While the stakes are incredibly high and the electorate is more polarized than it has been in decades, Americans’ faith in the legitimacy of the outcome is low — and not without reason. There’s evidence that the forces that sought to influence the electorate in 2016 are at it again, and attempts to shore up the cyber defenses of local election systems have had uneven results.

        Crucially, in a vacuum of trustworthy facts, questions about election integrity, fraud and security can be answered by dishonest players with a stake in the outcome. Local newsrooms, reeling from new rounds of belt-tightening and layoffs, are less able to sustain the effort necessary to cover a fast-moving, complex, technical and data-rich story by themselves.

      • The World Is Burning, But It's Not Front-Page News

        Let me betray my age for a moment. Some of you, I know, will be shocked, but I still read an actual newspaper. Words on real paper every day. I’m talking about the New York Times, and something stuck with me from the January 9th edition of that “paper” paper. Of course, in the world of the Internet, that’s already ancient history — medieval times — but (as a reminder) it came only a few days after Donald Trump’s drone assassination of Iranian Major General Qassem Suleimani.

      • Ahead by 9 in Iowa Poll, Sanders Says His Campaign Is Trump's "Worst Nightmare"

        “We are their worst nightmare,” Sen. Bernie Sanders said Sunday of the corporate and establishment forces allied against his presidential campaign — and the diverse grassroots movement fueling it — as a new Iowa poll showed the Vermont senator leading the 2020 Democratic field by nine points just a week ahead of the state’s Feb. 3 caucuses.

      • The Vile Message Democrats Are Sending With Impeachment

        Of course President Donald Trump should be impeached. In fact, impeachment proceedings should have been initiated as soon as he took office and enacted the Muslim travel ban, or perhaps even before this, as he was in clear violation of the emoluments clause of the Constitution. But what has been frustrating as news of Trump’s impeachment has taken over headlines is not just the fact that Democrats waited until the final year of his first—though perhaps not his last—term in office, or that they ignored calls to “impeach the motherfucker,” as advised by Michigan Rep. Rashida Tlaib.

      • The Ugly Jingoism Marring Trump's Impeachment
      • Allegations in Bolton Book Spark New Calls for Witnesses at Impeachment Trial

        Calls are growing for the Senate to call witnesses in President Trump’s impeachment trial, after The New York Times published details about former national security adviser John Bolton’s forthcoming book. In the book, Bolton writes that President Trump personally told him in August that he wanted to maintain a freeze on $391 million in security assistance to Ukraine until Ukraine turned over materials related to former Vice President Joe Biden and supporters of Hillary Clinton in Ukraine. The New York Times broke the story on Sunday, one day after President Trump’s legal team began its defense of the president. During Saturday’s opening arguments, White House deputy counsel Mike Purpura claimed the Democratic case for impeachment is based on assumptions, and Trump’s attorney Pat Cipollone accused the Democrats of attempting to overturn an election. Trump’s lawyers will continue their opening arguments Monday, after the Democratic House impeachment managers wrapped up their three days of opening arguments on Friday. We speak with Dan Friedman, a reporter in the D.C. bureau of Mother Jones who focuses on foreign influence and national security.

      • Social media accounts of multiple NFL teams [cracked]

        Other teams that appeared to be impacted by the [attack] on Twitter were the Dallas Cowboys, the Philadelphia Eagles, the Houston Texans, the New York Giants, the Chicago Bears, and the official Twitter account of the NFL.

        Prior to having its account suspended, OurMine tweeted out a running list of teams that had been [cracked] on Monday, noting that it had also successfully accessed the Instagram accounts of the Dallas Cowboys, the Buffalo Bills and the Minnesota Vikings.

        The Vikings also had their Facebook account compromised, with OurMine tweeting they had also [cracked] the Facebook accounts of the Green Bay Packers, the NFL, the Buffalo Bills, the Dallas Cowboys and the Houston Texans.

      • Can This Notorious Troll Turn People Away From Extremism?

        Still, there have been times when Bonnell wondered aloud whether the American population is cognitively equipped to govern itself. As he said to one viewer, rather frankly, “I think that people in general are stupid, and I’ve actually lost my appreciation for democracy at this point.” Not too long ago, Bonnell inveighed against efforts to “deplatform” prominent figures on the internet, citing his commitment to freedom of speech. Today he supports, albeit waveringly, the opposite: Those who willingly lie and misinform at great scale should be silenced. His weary cynicism about the ordinary intellect is what you might expect from someone who has spent years trying to get people to change not what they think but how they think. That has always been slow, hard work. And it would be almost understandable, in the midst of so much thankless labor, in a climate so wracked by fear over the dangerous contents of the American mind, to forget why you started in the first place.

      • Lessons Learned From 2016, but U.S. Faces New Election Threats

        It’s been more than three years since Russia’s sweeping and systematic effort to interfere in U.S. elections through disinformation on social media, stolen campaign emails and attacks on voting systems. U.S. officials have made advances in trying to prevent similar attacks from undermining the 2020 vote, but the potential threats have increased and some old problems have not been addressed. A look at what has changed since 2016 and what has not.

      • UK citizens still not safe from outside interference in elections, claims Cambridge Analytica whistleblower

        Speaking to the PA news agency she explained: "I saw in the last British election so much widespread usage of fake news, disinformation and even suppression campaigns that look very similar, if not worse, than what we saw in 2016.

        "Technology has advanced greatly in the past few years and there's now not just one Cambridge Analytica, there are hundreds.

      • Why manipulation campaigns are the biggest threat facing the 2020 election

        This era of political espionage is rooted in manipulative ads, fake news articles and other forms of digital content, which are hardly distinguishable from facts and truths. Today’s espionage is one of the nation’s greatest threats, especially as we approach the 2020 presidential election, and leaders across industries and sectors need to take action now.

        Recent research by the Oxford Internet Institute found that computational propaganda and social media manipulation have proliferated massively in recent years and are now prevalent in more than double the number of countries compared to two years ago. We’ve entered an era where the threat of manipulation on the internet is constant. With the 2020 presidential election looming, it is not only up to the federal government to protect the nation against manipulation campaigns -- the private sector must do its part as well.

    • Censorship/Free Speech

      • Welcome News: DC Circuit Revives The Constitutional Challenge Of FOSTA

        We've written several times before about the constitutional challenge to FOSTA in the case Woodhull Freedom Foundation, et al. v. U.S. That challenge hit a roadblock when the district court dismissed that lawsuit for lack of standing by the plaintiffs. Per the district court, the plaintiffs had not been hurt by the statute, nor were they likely to be hurt by it, and thus they had no right to challenge it in the courts. The plaintiffs appealed, and we supported the appeal with an amicus brief.

      • Is Devin Nunes' Lawyer Using Questionable Subpoenas In An Unrelated Case To Seek Info On Satirical @DevinCow Account?

        Buckle up, because here's a wild one. Over the weekend, a ton of people sent me a tweet from "The Sparrow Project" that many people took to mean that Rep. Devin Nunes -- the Congressional Representative who spent much of 2019 filing highly questionable SLAPP suits against news organizations, journalists, political operatives, critics, and, most famously, a satirical internet cow -- has issued a highly questionable subpoena for The Sparrow Project's private Twitter DMs.

      • In Memory of Lina Ben Mhenni, Tunisian Free Expression Activist and Revolutionary

        Like so many of her friends, colleagues, and admirers around the world, we were devastated to hear of the death of Lina Ben Mhenni at age 36, following a long illness. The Tunisian blogger, activist, athlete, and linguistics lecturer was a friend to several of us.

        Amidst a community of determined and brilliant activists, Lina stood out for her compassion, and her relentless dedication to advocating for freedom of expression and women’s and human rights. She was humble but bold, using her real name online to advocate for democracy and human rights at a time when doing so in Tunisia was a great risk.

      • NewsGuard Can Save You From Putin!

        The New York Times headline was an attention grabber worthy of Sen. Joe McCarthy: “How Amazon, Geico and Walmart Fund Propaganda.” A subhed explained: “Algorithms are sending ads by American brands onto Russian disinformation sites.” The op-ed by L. Gordon Crovitz, a former publisher of the Wall St. Journal, culminated in a sales pitch for his latest venture, NewsGuard. The company’s business plan is to do for internet news sites what Red Channels did for Hollywood movies: maintain a blacklist. Patriotism for personal profit —perfect plan.

      • As Tulsi Gabbard's Silly Attention Seeking Lawsuit Against Google Falters, She Files Equally Silly Lawsuit Against Hillary Clinton

        As you may recall, last year, Presidential candidate and current Congressional Rep. Tulsi Gabbard filed a laughably silly lawsuit against Google. We pointed out at the time that it had no chance at all, and echoed, quite directly, the debunked claims that some conservatives make about how Google censors them... even though Gabbard is not a conservative politician. It still threw the same kitchen sink of dumb legal arguments into the complaint, arguing that Google was a "state actor" (it's not), and that Google's moderation choices were a violation of California's civil rights law, the Unruh Act.

      • Santa Fe Denies Permit for Mural Art Depicting Plight of Palestinian Children

        The stucco wall on Santa Fe’s Old Pecos Trail is now papered with images of Israeli soldiers terrorizing Palestinian women and children. This art was created by Navajo artist Remy at the request of Santa Feans for Justice in Palestine (SFJP), of which I am a member. For the past six years, we have been creating art depicting the conditions of Palestinians under the Israeli occupation. Guthrie Miller, the owner of the wall where the art has been located since 2014, has supported this effort. His wall abuts one of the main thoroughfares leading into Santa Fe, and is also on the cross street leading to Museum Hill, where Native American Art and history are displayed in several prestigious museums.

      • Defying Company Policy, Over 300 Amazon Employees Speak Out

        While Amazon CEO Jeff Bezos was throwing a lavish party at his $23 million mansion in Washington, DC, this weekend—attended by celebrities like Ivanka Trump and Bill Gates—hundreds of his employees were gearing up to revolt.

        At issue was the company’s external communications policy and reports earlier this month that it threatened to fire employees for speaking out about climate change without proper authorization. In protest, more than 350 Amazon workers published statements under their own names in a Medium post on Sunday, intentionally violating the policy en masse.

      • Iran’s regime sentences Christian convert to prison for “insulting Islam”

        Article 18 said Ismaeil, who was arrested at his home in January 2019, faced two additional charges: “propaganda against the the Islamic Republic”, “membership of a group hostile to the regime”.

        A judge said at a November hearing him that criminal chargeof “propaganda against the Islamic Republic” was “applicable”, because he had created a Telegram channel in which he had “promoted evangelical Christianity,” wrote Article 18.

      • Debate Over Freedom of Speech in France as Girl Faces Threats for Branding Islam ‘Religion of Hate’

        As the head of the secular watchdog l'Observatoire de la laïcité, Nicolas Cadène, told the outlet, blasphemy is not a crime in France, so one can insult a religion, albeit not citizens due to their religious affiliation. This is what allowed writer Michel Houellebecq to be let off the hook in 2002 after having called Islam "the most stupid religion in the world".

        Mila’s case, however, has not only sparked debate in France about the freedom of expression, but has also stirred memories of the Charlie Hebdo attack in January 2015, when journalists were killed for having made a caricature about Islam

      • China putting pressure on Swedish media

        Seven out of the country’s eight biggest newsrooms said that in the last two years the Chinese embassy had contacted them and criticised their content on China, according to a survey conducted by Swedish national television.

      • Our crappy healthcare system is to blame for Goop

        When you consider how emotional, divisive, and deeply high stakes the issues like insurance, pharmaceutical regulation, and the opioid epidemic have become – especially this election year – it's not difficult to see the how how critical the conversation around our care has become. There's a reason patients have lost faith in modern medicine. It's easy to laugh off, or more likely shudder, at Paltrow's "Goop Lab" promise of "optimization of self." But know that this juggernaut exists because of the failures of so many other systems. "This series is designed to entertain and inform, not provide medical advice," the show warns at the top of each episode. But in a world where patients where considered people and medical advice could also be entertaining and informative, we wouldn't be suckers for a Goop Lab at all.

    • Freedom of Information / Freedom of the Press

      • ‘Free Gadzhiev!’ Dozens of Russian journalists demand release of Dagestani reporter jailed on terrorism charges

        Dozens of prominent independent journalists in Russia have recorded themselves speaking out in defense of Abuldumin Gadzhiev, the Chernovik.net editor now charged with terrorism.

      • Snowden Warns Targeting of Greenwald and Assange Shows Governments 'Ready to Stop the Presses—If They Can'

        "The most essential journalism of every era," says the NSA whistleblower, "is precisely that which a government attempts to silence."

      • 10 Years After His Passing, Howard Zinn Remains a Threat to the Status Quo

        In Howard Zinn’s play Marx in Soho, Karl Marx remarks, “They are all proclaiming that my ideas are dead! It’s nothing new. These clowns have been saying this for more than a hundred years. Don’t you wonder: why is it necessary to declare me dead again and again?”

      • Remembering My Hero, Howard Zinn

        The renowned historian Howard Zinn died on January 27, 2010. On the occasion of the 10 year anniversary of his passing, we are revisiting the following piece by whistleblower Daniel Ellsberg about his close friend and “the best human being [he’s] ever known,” originally published on January 28, 2010.€ 

      • After Pompeo’s Bullying, Trump Signals a Renewed Push to Defund NPR

        Kelly’s extensive background in world and national security affairs makes Pompeo’s accusation that she lied about knowing where Ukraine is on a map absurd. Kelly graduated from Harvard and holds a master’s degree in European studies from the University of Cambridge in England.

        NPR’s CEO John Lansing defended Kelly saying there are email exchanges with Pompeo’s staff that confirm the pre-approved subject matter that would be covered during the interview.

        Lansing also said Pompeo’s behavior and statement, “goes well beyond tension” between journalists and government. Lansing added, “This goes towards intimidation. And let me just say this. We will not be intimidated.”

    • Civil Rights/Policing

      • The Better Moral Creed

        Last October Attorney General Bill Barr delivered a speech at Notre Dame during which he claimed that “Judeo-Christian moral standards are the ultimate rules for human conduct” and that “the fact is that no secular creed has emerged capable of performing the role of religion.” Barr, like many other Catholic and Evangelical fundamentalists, believes that without the moral standards defined by religion, society is doomed. That simply isn’t true. Look at Sweden and many other countries that are far more secular than American, yet have much lower crime rates. And in America, Christians are 20 times more likely to find themselves incarcerated than atheists. But Barr goes on to say that his moral standards “are like God’s instruction manual for the best running of man and human society.” Are they?

      • Rights Advocates Demand National Attention to 'State of Emergency' in Mississippi Prisons, Where 12 Inmates Have Died In Less Than a Month

        "Parchman Prison is a torture chamber and we cannot afford to be robbed of one more human life at the hands of Mississippi's state corrections system," said Rep. Ayanna Pressley.

      • Supreme Court Asked To Tell Cops That Consenting To A Search Is Not Consenting To Having Your Home Destroyed

        Five years ago, an Idaho police department destroyed a woman's house to end a standoff with her dog. The Caldwell PD -- after having been given permission (along with a house key) to enter the home to see if a suspect was in the home -- decided this meant the Shaniz West had given them permission to fire grenade after tear gas grenade into the house before sending in the SWAT team to confront the family dog.

      • A Historian Reflects on the Return of Fascism

        Back in 1941, the year of my birth, fascism stood on the brink of conquering the world. During the preceding decades, movements of the Radical Right—mobilized by demagogues into a cult of virulent nationalism, racial and religious hatred, and militarism—had made great strides in nations around the globe. By the end of 1941, fascist Germany, Italy, and Japan, having launched massive military invasions of other lands, had conquered much of Europe, Asia, and the Middle East.

      • CIA Contractor Details Torture of 9/11 Suspects

        In his testimony last week in the pre-trial hearing of five men charged with plotting the September 11 attacks on the United States, Dr. James Mitchell vividly described his role in torturing detainees in the program he helped design for the Central Intelligence Agency (CIA).

        Sitting less than 25 feet from Khalid Sheikh Mohamed (referred to as KSM), Mitchell gave a detailed description of how Mohamed was waterboarded. Mitchell read aloud details and repeated the questions he asked Mohamed during a March 2003 interrogation session that included pouring 12 liters of water over Mohamed’s nose and mouth. He even claimed that at one point during a waterboarding session “KSM fell asleep on the waterboard” and thus could not have been scared.

      • Tanzania: World Bank Disregarding Ban on Pregnant Schoolgirls
      • As US Universities Close Confucius Institutes, What’s Next?

        As a Chinese studies graduate of the University of Maryland, I was drawn to the news that the school’s president, Wallace Loh, had decided to close its Confucius Institute – the oldest one in the United States. Confucius Institutes, found at numerous US universities, are Chinese government-funded outposts that offer Chinese language and culture classes.

        Loh emphasized that the university closed its Confucius Institute because of the US 2019 National Defense Authorization Act, which forces schools to choose between keeping their Confucius Institutes or receiving language program funding from the US Defense Department.

      • Women Are Leading the Fight Against Fascism in India

        On the 4th of December 2019 the Hindu nationalist Bharatya Janata Party (BJP)-led government of India introduced the Citizenship Amendment Bill (CAB) in parliament. By the 11th of December the bill had been enacted into law after being pushed through parliamentary votes, and signed by the President. The rules of the law are still being written and yet Home Minister Amit Shah announced on the 10th of January 2020 that the Citizenship Amendment Act (CAA) is now in operation. By doing so, the BJP has chosen to ignore thousands of citizens who have been gathering on the streets to protest against the Act since the 4th of December, and who continue to do so in defiance of state and police violence across the country.

      • Fender Fined $6 Million for Illegal Price-Fixing Scheme

        Fender has been fined 4.5 million pounds (nearly $6 million) in the UK after admitting to price-fixing. The move breaks competition laws and prevents retailers from discounting instruments.

      • Housing Discrimination Is Rising. Trump Is Attacking Protections Against It.

        For the past few months, yet another legislative pillar of the country’s civil rights era, the Fair Housing Act, has been in the Trump administration’s crosshairs. First, in the autumn, the administration unveiled plans to make it harder for tenants, mortgage recipients and community organizations to sue banks and other financial institutions for using algorithms that end up having discriminatory impacts on the basis of race, religion, national origin and other protected categories. Then, a few weeks ago, HUD unveiled additional rule-rewrites diluting the obligation of cities to both develop public infrastructure in poor neighborhoods of color and also to build affordable housing across a range of locales rather than concentrating it all in a handful of places.

      • Diddy Urges a Grammy Boycott: 'Black Music Has Never Been Respected'

        Diddy outright slammed the Recording Academy and Grammys in a 50-minute speech.

      • Tyler, the Creator Calls Grammy Urban Category 'Politically Correct N-Word'

        Tyler, the Creator is happy with his Grammy, but dissatisfied with its categorization.

      • Juice WRLD Wasn't Even Mentioned at the 2020 Grammy Awards

        Juice WRLD was almost entirely ignored the Grammy Awards on Sunday night, partly due to the shocking death of Kobe Bryant. But the rapper wasn’t nominated for any awards, despite a stellar 2019.

      • After declared karo-kari couple seeks protection

        The couple said, their marriage had sparked enmity between their families who had declared them Karo-Kari and wanted to put them to death. Ghulam Rasool Bhutto flanked by his wife, told that he had contracted love marriage with a woman, out of his caste.

      • Pakistan: Pashtun Activist Arrested
      • The debunked "Russian influence" nonsense is infantilizing liberals

        In 2018, Hillary Clinton told Britain's Channel Four News: "The real question is how did the Russians know how to target their messages so precisely to undecided voters in Wisconsin or Michigan or Pennsylvania–that is really the nub of the question." No, the real question is why so much of the US and European establishment accepted and promulgated Clinton's alibi for her failure to follow her husband into the office of president of the United States. A Clinton or a Bush was president, vice president, or secretary of state in every year between 1981 and 2013, an era in which working-class incomes stagnated, offshoring devastated US and European manufacturing, the world suffered the worst economic collapse since the Great Depression of the 1930s, and the US plunged into multiple disastrous wars in the Middle East and Central Asia. Trump became president by running against a Bush in the Republican primaries and a Clinton in the general election. The desire of many American voters to disrupt the quarter-century cycle of nearly identical versions of technocratic neoliberalism under alternating Bushes and Clintons is quite sufficient to explain the presidential election of 2016.

      • Could the Zulus Heal America's Polarization?

        Most of us, who are Americans or Europeans, would answer with our name, hometown, job, and any other information that helps to locate our unique spot on the socio-cultural grid.

        When I describe who I am in enough detail, that description doesn’t fit anybody else.

        But that is just one culture’s way of answering the question, “Who are you?” Other cultures answer the question very differently. Consider the answer given by members of the Zulu tribe in South Africa.

        If you were to ask an individual Zulu, “Who are you?” they would respond with the word “ubuntu.” This is a word that translates, “I am because you are.” The Zulus have no concept of an individual in isolation. They define who they are through community.

    • Internet Policy/Net Neutrality

      • The 'Race To 5G' Is A Giant Pile Of Lobbyist Nonsense

        We've noted for a while that the "race to 5G" is largely just the byproduct of telecom lobbyists hoping to spike lagging smartphone and network hardware sales. Yes, 5G is important in that it will provide faster, more resilient networks when it's finally deployed at scale years from now. But the society-altering impacts of the technology are extremely over-hyped, international efforts to deploy the faster wireless standard aren't really a race, and even if it were, our broadband maps are so terrible (by design) it would be impossible to actually determine who won.

      • Why the BBS is still awesome in 2020

        Here we are. The year 2020. The future. We've got more Internet-based services than you can shake a stick at. And, yet, with all of these modern advancements… there's one decades old technology that is proving surprisingly useful. And fun. The BBS. Back in the 1980s (and a pretty big chunk of the 90s) most people who did something “On-Line” with their computer were doing so via a modem, a POTS phone line, and a dial-up Bulletin Board System (aka “BBS”).

    • Digital Restrictions (DRM)

      • You Don't Own What You Buy: The Tetris Edition

        In the convoluted realm that has become copyright, licensing agreements, and SaaS-style everything, we've had something of a running series of posts that focus on the bewildering concept that we no longer own what we buy. Between movies simply being disappeared, features on gaming consoles being obliterated via firmware update, and entire eBook platforms simply ceasing to work, the benefits of handing over very real dollars have never been more fleeting.

    • Monopolies

      • U.S. and China Approve Trade Agreement: Part 1



        On January 15th, the U.S. and China announced bilateral approval of an agreement resolving some of the trade disputes between the two countries that have developed (or become more evident) over the past three years. One of the most consistent (if sometimes incoherently expressed) policy positions taken by the Trump Administration (and Mr. Trump himself) is that the trade balance between the U.S. and China has been unbalanced and in need of correction. This idea is not unique to Mr. Trump (although its idée fixe nature may be) and has been a feature of the U.S. Trade Representative's Special 301 Report for the past decade (most recently last April). It has been the source of numerous tariffs imposed on China by this Administration (even in the face of criticism from economists and others that U.S. consumers and farmers, not the Chinese, bore the brunt of the consequences and the costs) and the periodic imposition of these tariffs has rattled the financial markets since the time when Mr. Trump first came into office.

        [...]

        As mentioned above, one interesting feature of the agreement is that many of the provisions setting forth standards for protection of party rights contain the affirmative statement (requirement to requirement) that "[t]he United States affirms that existing U.S. measures afford treatment equivalent to that provided for in this Article," indicating that the negotiators conceded to adopt U.S. standards for intellectual property protection and other matters falling within the scope of the agreement. Indeed, it is difficult to ascertain any concessions made by the U.S. for obtaining China's approval of these terms. There is an aphorism that if a deal seems to good to be true then perhaps it isn't (true, that is). It is contrary to this administration's puffery that the U.S. might not get the better part of any agreement it enters, and when making arrangements with economically weaker partners that may tend to be true because the odds tend to be stacked in our country's favor. But in view of China's strengths it might be foolish to think that the Chinese will be as accommodating as the Trump Administration would prefer them to be, and agreements inconsistent with these realities are likely to be ephemeral.

      • Patents

        • New NAFTA top priority as Parliament resumes Monday

          The new North American trade deal is expected to take centre stage when Parliament returns Monday, marking the first challenge for a Liberal minority government that will need Opposition support to pass legislation.

          The House of Commons reconvenes Monday after rising for the holidays in December, giving Canadians their first serious look at Canada's 43rd Parliament in action.

          Moving forward with the Canada-United States-Mexico Agreement (CUSMA) will likely dominate the agenda this week when the Liberals table a bill to approve the deal Wednesday.

        • ABA Opinion Limits Ability of Firms to Restrict Departing Lawyers

          An issue I’ve frequently been asked to discuss is the ethical constraints on firms to impose restrictions or requirements on departing lawyers — such as precluding a lawyer from doing logistical work on setting up a new, separate firm upon departure — as well as the departing lawyer’s obligations to her clients and soon-to-be-former firm. In addition, migrating lawyers create issues for the new employer, such as imputed disqualification of former client conflicts.

        • $85.23 million for WiLAN against Apple.

          The jury awarded a royalty of $.45 per iPhone 6 & 7. This is less than 0.1% royalty rate ($650 per iPhone 7) but things add up when you sell 200 million units.

          This is the second time around on damages. The first jury awarded $145,100,000. However Judge Sabraw gave WiLAN the option of either (1) remitting the damages down to $10 million or (2) holding a new trial on damages. According to the court the problem stemmed from expert opinions regarding apportionment that were not supported by the evidence. Even though it was a single-issue jury trial, the judge still provided the jury with 31 pages of jury instructions: Jury Instructions.

        • Monsanto v. Nuziveedu: A Missed Opportunity by the Supreme Court?

          Monsanto Technology LLC (Monsanto) had a registered patent no. 214436 for Nucleotide Acid Sequence (NAS) containing the gene Bacillus thuringiensis (Bt gene). On insertion into DNA of cotton seeds, NAS killed bollworms from inside the seed and therefore reduced the dependence of farmers on insecticides and pesticides.

          The dispute between Monsanto and Nuziveedu Seeds Limited (Nuziveedu) started in 2016, when Monsanto issued proceedings in the Delhi High Court for patent infringement. In its reply, Nuziveedu filed a counter-claim challenging the validity of the patent. The trial court held that the patent was prima facie valid. Against the order, both the parties appealed to the division bench of the Delhi HC. This Court revoked the patent on the ground that the said invention was not patentable subject matter under Section 3(j) of the Patents Act, 1970 (the Act), which excludes from patentability “plants and animals in whole or any part thereof other than micro-organisms but including seeds, varieties and species and essentially biological processes for production or propagation of plants and animals”. It opined that the product of Monsanto was more suitably protected under the Protection of Plant Variety and Farmers’ Rights Act, 2001 (PPV). Both parties appealed the decision to the Supreme Court.

          On 8th January 2019, the SC remanded the matter to the division bench holding that the Delhi HC was wrong in deciding the validity of the patent merely on the basis of prima facie examination. It held that the question of validity of a patent is a mixed question of fact and law and therefore evidence and expert testimony were to be considered.

          [...]

          The matter is currently pending before the High Court of Delhi. Monsanto’s patent has already expired, leaving Monsanto’s claim for injunction defunct. The only remedy available to it now is damages, that is, if the NAS is held to be patentable subject matter. Though the decision of the Delhi HC may not have any significance for the immediate parties, it would definitely establish the law for future applications involving NAS-like inventions.

        • Cert Denied

          19-522 TRADING TECHNOLOGIES INT’L V. IBG LLC, ET AL. 19-353 TRADING TECHNOLOGIES INT’L V. IBG LLC, ET AL. 19-521 CHARGEPOINT, INC. V. SEMACONNECT, INC. The Supreme Court has denied certiorari in these three eligibility cases largely clearing the docket of pending petitions in patent cases. There are a few remaining:

        • Federal Circuit Disqualifies Litigation Counsel Who Prosecutes Patents for Subsidiary Company

          In an unusual decision, the Federal Circuit has disqualified PerDiem’s appellate counsel – the firm of Davidson Berquist Jackson & Gowdey, LLP – based upon a current client conflict.

          The particular problem here stems from Davidson’s simultaneous performance of patent prosecution work for Trimble Transportation Enterprise Solutions, Inc.. Trimble Transport is a wholly owned subsidiary of appellant Trimble Inc (TRMB).

          Although Davidson has now withdrawn its representation of Trimble, the court judges current-client conflicts as of the filing of the motion to disqualify. At that time Davidson was representing both Trimble Transportation and PerDiem. Also, because the district court case was litigated in California, California professional responsibility rules control conflict situations.

          [...]

          Despite my misgivings noted above, this appears to be the right outcome. Representing a client is a pledge of loyalty that is not easily set aside.

        • Software Patents

          • Prior art found for Blueprint IP

            Unified is pleased to announce the PATROLL crowdsourcing contest winner, Rakon Nahar, who received a cash prize of $1,000 for his prior art submission for U.S. Patent 8,089,980, owned by Blueprint IP Solutions, LLC, a subsidiary of well-known NPE, IP Edge, LLC. The ‘980 patent was acquired as part of a larger portfolio originating with Siemens, was used in an assertion campaign that started in March 2019 over a network redundancy patent, and has been asserted in district court litigation against various companies.

            To help the industry fight bad patents, we have published the winning prior art below.

          • iLife Technologies, Inc. v. Nintendo of America, Inc. (N.D. Tex. 2020)

            With the eligibility rubric of Alice v. CLS Bank, an applicant/patentee must navigate a minefield of pre-issuance and post-issuance validity challenges under 35 U.S.C. ۤ 101 in order to obtain and enforce a patent.

            First, through clever drafting, the applicant must convince a U.S. Patent and Trademark Office (USPTO) examiner to not raise a ۤ 101 rejection during prosecution. If one is raised, the applicant has to persuade the examiner, through amendment or argument, to withdraw it. If the examiner remains unpersuaded, an appeal to the USPTO's Patent Trial and Appeal Board (PTAB) must serve that function. Failing that, appeals to the Federal Circuit (which applies a highly-unpredictable eligibility analysis) and even the Supreme Court (which has not found a patent eligible since 1981) are possible. To be fair, it is unlikely that the high Court will grant certiorari on a ۤ 101 issue these days, as we have recently seen.

            Once issued, the patent might be able to be pulled back into the PTAB for a Post-Grant Review (PGR) or a Covered Business Method (CBM) Review. In addition to that, enforcement proceedings in a district court can subject the patent to further invalidity challenges under ۤ 101 on the pleadings and at summary judgment. If the district court's ۤ 101 decision is appealed, the patent then has to survive said eligibility analysis of the Federal Circuit, the decision of which could potentially be further appealed to the Supreme Court with said unlikely chance of being heard.

            Only once these avenues have been exhausted can the patentee relax and use the surviving patent to enjoin a party from practicing the claimed invention or to seek damages therefrom without the specter of ۤ 101 hanging over the proceedings (this specter is one of stock horror-movie fare -- pale complexion, chunks of missing flesh, sharp claws -- quite non-abstract, if you will). And yes, the patent also has to be found novel, non-obvious, properly specified, and infringed.

            [...]

            Consequently, the Court ruled the '796 patent invalid under ۤ 101 as a matter of law, effectively rendering the jury verdict moot.

            For anyone following ۤ 101 jurisprudence, a quick glance at claim 1 was probably enough to provide an educated guess for which way the Court was going to rule. Recent ۤ 101 opinions from the Federal Circuit have repeated found that claims lacking in technical detail -- ones that recite what an invention does rather than how the invention accomplishes its goals -- are generally abstract. This is not the dictionary definition of the word "abstract," but instead a legal fiction that a concrete and tangible invention can be invalid if it is defined in terms of its outcome rather than the process used to achieve that outcome.

          • Supporting Amendment to 35 U.S.C. Section 102(a) Clarifying Public Disclosure



            Intellectual Property Owners Association (IPO) Board has proposed a “clarifying” amendment to Section 101(a)(1) of the Patent Act:

            [...]

            EPC Art. 54. Note that 54(1) and 54(2) are parallel to 35 U.S.C. 102(a) while 54(3) is parallel to 102(a)(2) which the IPO does not propose to change. Regarding these secret prior patent application filings identified in 54(3) and 102(a)(2); the European approach is broader than the US in some ways because it creates prior art even when the prior filing is the same inventor / owner; at the same time, the European approach is narrower than the US because 54(3) prior art does not apply to the inventive step (obviousness) analysis.

      • Trademarks

        • Hästens Sängar fails in trade mark application concerning its chequered figurative mark

          Starting from the perception of the relevant public (collectively agreed to be the general public of the EU), the Court emphasised the need to assess whether the mark applied for was unrelated to the appearance of the goods.

          It was apparent that the classes of goods and services applied for could be made from fabric bearing the pattern or contain fabric parts which might represent or bear the pattern constituting the mark applied for.

          The Court drew on Louis Vuitton Malletier v OHIM - Nanu-Nana (T-359/12 and T-360/12 (IPKat analysis here), concerning the representation of Vuitton's chequerboard pattern. As affirmed in that case (and in accordance with earlier case law), the more closely the shape for which registration is sought resembles the shape most likely to be taken by the goods in question, the greater the likelihood of the shape being devoid of distinctive character is. Whilst that case law had been developed in relation to 3D trade marks consisting of appearance the goods themselves, the Louis Vuitton case highlighted that it would equally apply to figurative marks consisting of a 2D representation of that product. As such, a figurative mark consisting of a part of the shape (or characteristic) of a product could not be considered unrelated to the appearance of the goods covered by the mark.

          [...]

          It is interesting to see Hästens Sängar's mark back on the IP scene, this time in relation to a different type of IP protection. Hästens Sängar previously unsuccessfully applied to the US Copyright Office for protection of a very similar mark, referred to as a “repeating 2-dimensional fabric pattern”. It therefore serves as a good example of how protection can be sought for (virtually) the same mark in various ways, yet still fail to do so (due to a lack of distinctiveness or a lack of originality).

          As a side note, this case may also be seen to contribute to wider questions raised around the effectiveness of the EU court system. This Kat couldn’t help but be reminded of a point raised by Sir Robin Jacob when he gave his keynote speech at the JIPLP-GRUR Joint Conference in December 2019. When asked whether there could be any improvements to the EU system, he raised the three stage appeal process for trade mark decisions. In retrospect, the General Court Hästens case was, in effect, a reiteration of all of the remarks made by the Board of Appeal, which nonetheless made a reappearance before the EU courts. To a seasoned trade mark expert, the mark was unlikely to achieve the protection sought.

          Obviously, the EU court system is not something that can be changed overnight, nor does this Kat think that this will happen anytime soon. Even so, this acts as an apt illustration of how the process of trade mark registration has the potential to be improved.

      • Copyrights



Recent Techrights' Posts

Disputing the Achievements of IBM's CEO, Who Already Terminated Many Jobs at Red Hat (Which He Had Allegedly Suggested Buying)
Buying a company to gut it within about a year?
Microsoft's GitHub is Losing Traffic, Based on an Extensive Web Survey, and Its Future is Uncertain
Remember that Microsoft keeps close to its chest the operations and finances of GitHub (because it's embarrassing!)
[Meme] Shoestring Budget With Record Profits (Because Hundreds of Thousands of Fake European Patents Get Granted)
Record profits? EPO staff does not benefit!
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, October 14, 2024
IRC logs for Monday, October 14, 2024
Links 14/10/2024: One Year Since Activision Blizzard Demolition 'Officially' Began and Amazon Corporate Layoffs Accelerate
Links for the day
Gemini Links 14/10/2024: Dabbling in GemText, Unit Testing
Links for the day
Links 14/10/2024: Keeping Multiple Blogs, Wrestling With Misinformation
Links for the day
[Meme] Class of Microsoft
"Everything started with Microsoft DOS!"
History Education and Rejecting Creation Myths
The creator of Linux isn't the creator of GNU/Linux
How to Follow Our Updates About EPO (or Everything Else for That Matter)
follow us via RSS feeds
EPO Administration: Wait Several Months or Until Next Year for Clarifications
"After the intranet announcements of 18 September and 27 September and recent emails from CIGNA concerning opting into the VECOZO network, colleagues have been contacting us with queries and requests for guidance."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 13, 2024
IRC logs for Sunday, October 13, 2024
Unrest at the European Patent Office as School Costs Eat Away the Income
"Letter to the administration on the Education Allowance - DISDH - German School"
Gemini Links 13/10/2024: ArcMenu, Emacs decide-mode, Midnight Pub Mass-Deletion Option
Links for the day
Links 13/10/2024: Science, Politics, and Some Gemini
Links for the day
Links 13/10/2024: Writing, Remembering John Wheeler, Voice Cloning
Links for the day
Certificate Authority Let's Encrypt Falls to 0.7% in Geminispace (It Was Around 12% Just 2 Years Ago and 7.5% This Past February)
Let's Encrypt is down again
Gemini Links 13/10/2024: Self-hosting Snac2 and Invasion of e-ink
Links for the day
SDxCentral, which the Linux Foundation Paid to Produce Marketing SPAM, Has Now Become Slop (LLM Spew) Disguised as 'Articles'
Google should delist it
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 12, 2024
IRC logs for Saturday, October 12, 2024