Bonum Certa Men Certa

Links 11/7/2020: Slackel 7.3 Openbox, Kiwi TCMS 8.5, Librem 5 Dogwood Update 3



  • GNU/Linux

    • Server

      • Virtualization Is Key to the Future of IT. Therefore ... What?

        If you look at commercial servers around the world, including those that provide the cloud in all its many forms to consumers of cloud-based infrastructures, platforms, services, and applications, you’ll soon learn that the vast majority of them run some version of Linux on the hardware, and consume a great many more Linux-based VMs than Windows-based ones.

        Even Microsoft has had to become more catholic in its approach: Today, its Azure cloud environment spawns Linux and Windows VMs with equal facility. Windows 10 has also become ever more accommodating of Linux, thanks to the Windows Subsystem for Linux (WSL) support for Linux within the Windows OS, along with Hyper-V’s ability to accommodate both Linux and Windows VMs.

        Specific versions of Linux have been developed as “network operating systems” that run on switches, and provide fully virtualized complex, networking environments. Thus, for example, Nvidia subsidiary Cumulus Networks offers a free virtual appliance called Cumulus VX that runs on KVM (a Linux-based or bare-metal hypervisor), Virtualbox (from a provider or as a local hypervisor), and Vagrant (from a libvirt provider).

        Cumulus Networks’ offering is based around Cumulus Linux, which adds a Network Command Line Utility (NCLU) to the basic Linux environment. This supports configuration, provisioning, and virtualization of network switches to support fully virtualized network infrastructures and let people learn about complex routing protocols such as BGP, XBGP, OSPF, and so forth.

        Other network players also offer virtualized toolsets and learning environments for their networking products and services as well, so they’re worth looking into as well, if networking is your thing.

      • Docker partners with AWS to smooth container deployments

        Docker containers, of course, can be used anywhere. But while developers may use Docker Desktop and the Docker CLI for building applications on their desktop, they may also have used Docker Compose to define and run multi-container applications via a YAML file. So far, so good.

        The problem is that there hasn't been a simple seamless way to use Docker and deploy to AWS from their desktop. That's because essential Amazon ECS constructs were not part of the Docker Compose specification. For instance, to run even a simple Compose file and deploy to ECS, developers are required to leave Docker tools and configure an Amazon VPC, Amazon ECS Cluster, and Amazon ECS Task Definition.

    • Audiocasts/Shows

      • 2020-07-10 | Linux Headlines

        Possible changes on the horizon for LibreOffice are raising concerns in the community, industry players decry Google's gifting of Istio intellectual property to the Open Usage Commons, and both Ubuntu and Docker push further into the AWS ecosystem.

      • Tech Means Business: Best of Series 1

        Artificial intelligence with Darktrace Big data and Splunk IoT with Ubuntu/Canonical The Linux effect with Positive Internet Career paths, with DocuSign

        Thanks go to the people I spoke with, and who featured on the episodes that aren’t featured here. It was literally through lack of time that has meant this “best of” show is necessarily limited in scope.

        Series two already shaping up nicely: MasterCard, Red Hat, ARM, SuperMicro, and plenty more. Watch this space!

    • Kernel Space

      • Linux Might Pursue x86_64 Micro-Architecture Feature Levels

        Stemming from the recent GNU glibc work on better handling modern CPU optimizations with newer instruction set extensions across Intel and AMD product families, the concept of x86-64 micro-architecture feature levels is being talked about by open-source/Linux developers.

        The idea of these feature levels is breaking up the supported instructions beyond base x86_64 into that of what is supported at reasonable times by both Intel and AMD processors. While newer Intel/AMD CPUs generally support more instruction set extensions, there are other headaches involved in the current handling of x86_64 CPU capabilities considering the likes of modern Intel Atom CPUs only supporting a sub-set of the extensions supported by Core and Xeon CPUs, thus coming up with these reasonably sane feature levels is being talked about by Red Hat developers with input from Intel and AMD engineers.

      • NVMe ZNS Support Coming To Linux 5.9

        NVMe ZNS is for the Zoned Namespaces support that is part of the NVMe 2.0 specification debuting in H2'2020. ZNS is similar to existing SMR (Shingled Magnetic Recording) and ZBC (Zoned Block Commands) with allowing applications/software to control the placement of data on the NVMe SSD within zones rather than relying upon the SSD device exclusively for data placement. NVMe ZNS aims to improve solid-state drive lifetime with reducing write amplification, reducing latency, improving throughput, and potential TCO benefits.

      • Graphics Stack

        • Mike Blumenkrantz: Extensions

          Usually I cover in-depth looks at various chunks of code I’ve been working on, but today it’s going to be a more traditional style of modern blogging: memes and complaining.

        • New VA-API H.264 decoder in gst-plugins-bad

          Recently, a new H.264 decoder, using VA-API, was merged in gst-plugins-bad.

          Why another VA-based H.264 decoder if there is already gstreamer-vaapi?

          As usual, an historical perspective may give some clues.

          It started when Seungha Yang implemented the GStreamer decoders for Windows using DXVA2 and D3D11 APIs.

          Perhaps we need one step back and explain what are stateless decoders.

        • NVIDIA open sourced part of NVAPI SDK to aid 'Windows emulation environments'

          NVIDIA sneakily put out a little open source release recently, with a part of the NVAPI SDK now under the MIT license.

          This was mentioned by the crew working on the DXVK translation layer in the VKx Discord, who sent along word to me as well. NVAPI is NVIDIA's core software development kit that allows direct access to NVIDIA GPUs and drivers on all Windows platforms.

          Now, that doesn't sound interesting for Linux obviously but here's why this actually is important: in the NVAPI Open Source SDK, it directly mentions that the contained "nvapi.h" file that's now provided under the MIT license was done to enable "open source re-implementations of NVAPI for Windows emulation environments"—so the Wine and Proton compatibility layers are what they're getting at without naming them directly.

    • Instructionals/Technical

    • Games

      • Help us reach the next funding goal to ensure continued C# Support [Ed: Godot (Engine) took money from Microsoft to help prop up Microsoft monopolies and now it wants your money too (to help Microsoft's monopoly)]

        This was financed thanks to a generous donation from Microsoft. Unfortunately, due to the Covid situation, the renewal of this grant has been suspended and is uncertain.

      • Wasteland 3 for Linux (and Mac) delayed, possible by end of 2020

        inXile entertainment today put out a fresh update to go over Wasteland 3 details and they've decided to delay the Linux and Mac versions.

        After a successful Fig crowdfunding campaign in 2016, it saw inXile manage to pull in over three million dollars although over two million of that was monies from Fig directly. Since then, Microsoft swooped in and acquired inXile (and Obsidian Entertainment) as part of Xbox Game Studios back in 2018.

      • Remembering an indie gem with Osmos over 10 years later

        Ah Osmos, what an absolute gem that was back when it released for Linux in 2010. Looking back, it's one of the first set of new-wave indie games to kick-start Linux gaming.

        I say 'new-wave' because there were of course indie games way before 2010, however, when thinking about the history of Linux gaming back in 2010 there wasn't a great deal available officially at all. Hemisphere Games were practically a pioneer when it came to putting a game on Linux.

      • Go sightseeing in the upcoming Idaho DLC for American Truck Simulator

        Coming out sometime later this month, the Idaho DLC for American Truck Simulator has SCS Software trying something a little different.

        While driving around, you might often want to relax a bit and take in the sights. Rather than be focused on making deadlines, not crashing and trying to keep your business afloat. In the Idaho DLC, that's part of the focus with a new 'Viewpoint' feature, that gives you in-game cutscenes with a showcase of places of interest. The locations include sites of economical and historical importance, such as the capital city of Boise. The spots are identified by a new film-camera 3D green icon visible in the world, which also appears on your GPS route advisor as a purple star.

      • Open source voxel game engine Minetest has a new release

        Inspired by Minecraft and Infiniminer, the open source and highly moddable voxel game engine Minetest has a new release available now.

        Since it's only a game engine, out of the box it's a little bare-bones. It does have a default Minetest Game, which is slowly expanding with more but it's quite basic. In this latest release the Minetest Game itself gained Wild Cotton, Straw Stairs/Slabs became usable as fuel, there's new textures for Dry Shrub and Brake Rail plus some new particle stuff for leaves and TNT.

      • Stadia round-up with F1 2020 out now, Celeste and El Hijo confirmed plus leaks

        Time for another Stadia round-up, as we have a few interesting nuggets to go over for the Linux-powered game streaming service with new games coming.

        Firstly, if you're a big fan of racing games F1 2020 is now available on Stadia so you can play it on Linux. Looks like that's currently the only supported way too, since there's no word from Feral Interactive who ported some previous entries to the Linux desktop and it doesn't work with the Steam Play Proton compatibility layer.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDE Plasma Review: The Swiss Army Knife of Desktops

          As the long-standing rival to GNOME, KDE Plasma is another one of the most popular Linux desktop environments. It’s a lot of the things people may not like about GNOME: resource efficient, unbelievably customizable, and as minimal or complex as you want it to be. This KDE Plasma review will cover performance, user interface, customization, and recommendations on how to use and who should use KDE Plasma.

          [...]

          As great as the defaults are, the strength of KDE lies in its customizability. It’s “have it your way” to the extreme.

          If you don’t like the default Breeze theme, it’s very easy to change it with the “Global Theme” application. You can choose from any that come preinstalled, or you can choose to go out and download more to suit your needs. The customization options are all about choice, and you can easily customize it to any look you want.

          Under System Settings, you can change almost every single aspect of the system, including global themes, window themes, icon themes, and more. You can make Plasma look like the following.

          [...]

          The beauty of all the customization Plasma offers is that everybody can use Plasma. It starts out spartan-simple, but you can change it to suit any workflow or appearance you want. You can make a very resource-efficient Windows or macOS clone. Additionally, those looking to try out Wayland without using GNOME should try out Plasma. It’s the only other full Desktop Environment that supports Wayland (with the addition of some other packages), and it’s a great place to test and experience Wayland on your system.

      • GNOME Desktop/GTK

        • Nour E-Din ElNhass: An Appointment Up the Hill

          In my last post I showed screenshots for contacts appearing in Evolution, and explained that the .source file was created manually and that the credentials were hard coded for retrieving a specific journal form a specific EteSync account.

          After finishing this, I extended so that I can also retrieve calenders and tasks in the same manner which was quite easy as I already understood what should be done. Then I created an etesync-backend file, which generally handles the user’s collection account in evolution (retrieving/ creating /deleting) journals which are address-book or calenders .source files.

          The next step was then to make a user enter his credentials, So it isn’t hard coded. In this stage I had faced some issues regarding the implementation, I asked for my mentors help. Some of the problems that I faced were I needed to create a new dialog that will appear ask the user for his credentials and retrieve the data from EteSync, this had some implementation problems for me at first. Other issues appeared while integrating had to change some pieces.

    • Distributions

      • Linuxfx: an Ubuntu-based operating system that looks like Windows 10

        One of the things that keeps GNU/Linux-based distributions interesting is the fact that you can often customize the look and feel of the operating system by changing desktop environments or themes.

        You can even make a Linux distribution that looks like Windows. And I don’t think I’ve seen one that does that quite as well as Linuxfx, a Brazillian Linux distribution based on Ubuntu.

        A new version released this week is based on Ubuntu 20.04 and skinned to look a lot like Windows 10.

      • New Releases

        • Slackel 7.3 Openbox

          Slackel 7.3 Openbox has been released. Slackel is based on Slackware and Salix.

          Includes the Linux kernel 5.4.50 and latest updates from Slackware's 'Current' tree.

          The new version is available in 64-bit and 32-bit builds.

          The 64-bit iso image support booting on UEFI systems. Iso images are isohybrid. Iso images can be used as installation media.

      • Screenshots/Screencasts

      • SUSE/OpenSUSE

        • SUSE buys Rancher Labs for Kubernetes expertise

          Enterprise Linux provider SUSE plans to acquire Rancher Labs in a bid to gain credibility within the Kubernetes container management market.

          Cupertino, Calif.-based Rancher Labs helps enterprise customers manage their Kubernetes environments at scale. Terms of the pending deal were not disclosed.

          Rancher's open-source based products include Kubernetes distributions, multi-cloud management software as well as operating systems and storage for containerized workloads.

          "The Rancher acquisition allows SUSE to support containerized workloads more effectively across on-premises, public cloud and edge environments based on OSS," said Arun Chandasakaran, a Gartner analyst. "It also provides SUSE a pathway to better engage with platform engineering teams, who are often at the forefront of DevOps efforts."

        • openSUSE Tumbleweed – Review of the week 2020/28

          This week I have been fighting a bit with the size of the DVD. Due to some mistake in the pattern definition, it was for a good chunk ignored. Serves me right for fixing the error and then getting an ISO file that would not ever fit on a DVD, eh? Well, long story short: I needed to save some space, so looked at what the ‘fix’ newly brought on the DVD and aligned to what the DVD looked like before.

      • IBM/Red Hat/Fedora

        • Fedora program update: 2020-28

          Here’s your report of what has happened in Fedora this week. The Nest With Fedora Call for Participation is now open.

          I have weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else.

    • Devices/Embedded

      • Tiny modules unlock i.MX8M Mini and Nano

        Keith & Koep’s Linux-friendly 48 x 32mm “Myon II” and “Myon II Nano” modules feature the i.MX8M Mini and Nano with 8GB and 4GB LPDDR4, respectively, along with eMMC expansion, GbE, MIPI-DSI and -CSI, and up to -40 to 85€°C support.

        Germany-based Keith & Koep has added two new members to its 48 x 32 x 4.2mm Myon family of compute modules. While the Myon I runs Linux on a Snapdragon 4.0, the pin-compatible Myon II and Myon II Nano integrate NXP’s i.MX8M Mini and i.MX8M Nano, respectively. The company previously showcased the i.MX8M Mini in its larger, SODIMM-style Trizeps VIII Mini, which was announced last year along with an i.MX8M-based Trizeps VIII module.

        [...]

        Since Keith & Koep does not post press releases, we are not sure when the Myon II arrived, but they are listed as “new” and we have yet to see any coverage of the modules. Both the Myon II and Myon II Nano support Linux Kernel 4.14, Android 9, and Windows 10 IoT Core.

      • Librem 5 Dogwood Update 3

        The battery shipping with dogwood is 3600mAh, roughly 80% more battery than previous batches. Combined with early kernel optimizations usage is now measured in multiple hours, and with additional kernel work will continue to see leaps forward.

        A diffuser has been added between the screen and the indicator light. This makes notifications easier to notice at extreme viewing angles and overall better appearance.

        The volume buttons have become a volume rocker increasing usability.

        In previous versions, the headphone jack was recessed and not centered. In Dogwood it’s now flush with the top of the phone and centered in the frame.

      • Open Hardware/Modding

        • RFCat N32 Long Range nRF52832 Bluetooth Board Delivers 30x the Transmission Power with an Amplifier

          Bluetooth 5.0 has two main new features: high speed (2Mbps) and long-range. But as we’ve seen in our nRF52840 vs nRF52832 vs nRF52810 comparison is that only nRF52840 supports Bluetooth 5.x long range.

          Bluetooth 5 long range is achieved with two new lower bit rates of 500 kbps and 125 kbps. So what do you do if you’d like a longer range and keep using the higher bit rates? You add a power amplifier and LNA to your board, and that’s exactly what Nikolaj (RFCat) did with RFCat N32 board based on Nordic Semi nRF52832 wireless SoC.

          [...]

          The board is pre-loaded with Adafruit NRF52 bootloader supporting OTA, FreeRTOS, and Arduino. Source code and samples are available on Github. The Arduino library is based on Adafruit nRF52 Arduino Core and for some reason, only shared as a zip file (rfcat.zip in the Github repo).

        • Meet MrK_Blockvader, a little mobile robot that’s lots of fun

          One of the simplest ways to make a mobile robot involves differential steering, where two wheels move at different speeds as needed to turn and a ball caster keeps it from tipping over. The MrK_Blockvader is an excellent take on this type of bot — demonstrated in the first clip below — featuring a nice blocky body comprised out of 3D-printed parts, RC truck wheels driven by tiny gear motors, and an integrated roller on its back.

          The MrK_Blockvader is controlled via an Arduino Nano, along with an nRF24 breakout that allows it to receive signals from a radio transmitter unit. The build includes LED lighting as well as a piezo buzzer for all the beeps and boops. It can also take advantage of various sensors if necessary.

        • PoE FeatherWing Brings PoE, Unique MAC Address to Adafruit Feather Boards (Crowdfunding)

          After the launch of Microchip SAMA5 powered Giant Board last year, Silicognition LLC (Patrick Van Oosterwijck) is back with another Adafruit Feather compatible board.

          PoE FeatherWing is an expansion board that adds PoE support to Adafruit Feather board and can handle up to 4 Watts of power. The expansion board also comes with a built-in globally unique MAC address. It’s similar to the official Ethernet FeatherWing, but with the addition of PoE and a unique MAC address.

          [...]

          Since the board re-uses the same WIZnet W5500 Ethernet controller, it is fully compatible with existing software written for the Adafruit Ethernet FeatherWing meaning it can easily be programmed with Arduino or CircuitPuthong using standard libraries.

      • Mobile Systems/Mobile Applications

    • Free, Libre, and Open Source Software

      • Trademark and the Tempest

        Of the four core legal intellectual property protections, trademarks haven’t received the least attention from the open source community – that title belongs to trade secrets. Relative to copyright and patents, however, trademarks have been paid far more limited attention, historically. It’s not that they’ve been ignored. As has been noted elsewhere, there are specialists that have devoted decades to thought and study around the practice.

        But the industry has typically handled them via common consensus rather than explicit legal mechanism as it has for, say, copyright. For this reason alone, the announcement of the Open Usage Commons (OUC) this week by Google was an interesting development for those who follow the mechanisms that underlie and gird open source ecosystems the world over. Setting the real and legitimate questions of control, execution and implementation aside for a moment, if the question is whether trademark should be an elevated towards a similar status with its copyright and patent counterparts, at least, the answer here at least is clear.

        The most obvious justification is that trademarks have been a brushfire of an issue for open source historically. Never elevated into a legitimate crisis, but igniting without warning every so often and leaving collateral damage like Iceweasel in their wake. From Canonical to Mozilla to Red Hat, trademark has been a chronic issue, an issue that would presumably benefit from some explicit clarification whether or not one believes the OUC is the appropriate mechanism to provide it.

      • What is Application Definition?

        Application definition is the process of creating a codified operational runbook. It formalizes the process of describing in code everything an application needs to be built, run, and managed.

      • Open source contributions face friction over company IP

        Now, the overwhelming majority -- more than 90% -- of proposed open source contributions are approved by the council, said Nithya Ruff, the head of the Comcast open source program office. Under the current advisory council process, once engineers are approved to contribute to existing projects, they can make further contributions without having to go through the process all over again, according to Ruff. The process typically takes a few days at most. And since 2016, Comcast has donated several entire projects to open source, such as its Traffic Control CDN and Web PA client-server interface.

      • Web Browsers

        • Mozilla

          • Mozilla GFX: moz://gfx newsletter #54

            Bonjour à tous et à toutes, this is episode 54 of your favorite and only Firefox graphics newsletter. From now on instead of peeling through commit logs, I will be simply gathering notes sent to me by the rest of the team. This means the newsletter will be shorter, hopefully a bit less overwhelming with only the juicier bits. It will also give yours-truly more time to fix bugs instead of writing about it.

            Lately we have been enabling WebRender for a lot more users. For the first time, WebRender is enabled by default in Nightly for Windows 7 and macOS users with modern GPUs. Today 78% of Nightly users have WebRender, 40% on beta, 22% release enabled. Not all of these configurations are ready to ride the trains yet, but the numbers are going to keep going up over the next few releases.

      • CMS

        • Kiwi TCMS 8.5

          We're happy to announce Kiwi TCMS version 8.5!

          [...]

          Our website has been nominated in the 2020 .eu Web Awards and we've promised to do everything in our power to greet future FOSDEM visitors with an open source billboard advertising at BRU airport.

      • Openness/Sharing/Collaboration

        • Open Data

          • Light OpenStreetMapping with GPS

            Now that lockdown is lifting a bit in Scotland, I’ve been going a bit further for exercise. One location I’ve been to a few times is Tyrebagger Woods. In theory, I can walk here from my house via Brimmond Hill although I’m not yet fit enough to do that in one go.

            Instead of following the main path, I took a detour along some route that looked like it wanted to be a path but it hadn’t been maintained for a while. When I decided I’d had enough of this, I looked for a way back to the main path but OpenStreetMap didn’t seem to have the footpaths mapped out here yet.

            I’ve done some OpenStreetMap surveying before so I thought I’d take a look at improving this, and moving some of the tracks on the map closer to where they are in reality. In the past I’ve used OSMTracker which was great, but now I’m on iOS there doesn’t seem to be anything that matches up.

      • Programming/Development

        • The Magit Git Client Is The "Killer Feature" In Emacs

          Users of other text editors often ask "why should I switch to Emacs?" or, more specifically, "what is the killer feature that Emacs offers?" Depending on your workflow, the killer feature for Emacs could be a number of things, one them being Magit!

        • Alder Lake-S Compiler Update Points to big.LITTLE Desktop Chips

          This design builds upon the big.LITTLE (Big.BIGGER in Intel parlance) design that debuted in the company's 3D Lakefield chips. These designs incorporate one large Sunny Cove core combined with four Atom Tremont smaller cores in an ARM-like design. With the architecture proven and already working its way through the ecosystem, it's rational to expect Intel to scale it up to tackle desktop PCs, too.

          The GNU compiler updates include a list of compatible instructions for both Intel's upcoming data center Sapphire Ridge chips and Alder Lake desktop chips, with the latter noticeably missing support for AVX-512, a SIMD instruction that Intel recently introduced to its desktop chips. These instructions are disabled in Intel's hybrid Lakefield chips to keep the instruction set consistent between cores (Atom doesn't support AVX instructions), therefore easing operating system scheduling routines that target different workloads at the cores best suited for the task. Therefore, the lack of AVX-512 support for Alder Lake could serve as further evidence that Intel will bring its hybrid architecture to desktop PCs.

        • Perl/Raku

          • Listen to Larry Wall's State of the Onion 2000 on YouTube

            It’s a typical Larry talk filled with quirky, humorous observations about life and programming, and notably he announces the Perl 6 project.

            Unfortunately the audio is low quality (hey it was 20 years ago at a low-budget conference); you can read a transcript of the talk here (with mp3 download links at the bottom). We also have collection of attendees’ reports from the conference.

          • Chicago.pm Virtual Meeting: July 23

            In case you are not familiar with gather.town, after you join the conversation, you will have a small avatar on a 2d map and can walk around. When you are close to somebody or a group of people, you can video chat with them over video. Perlmongers is supposed to be a social gathering, and we are experimenting with this venue to see if it'll make that possible!

        • Python

          • The Real Python Podcast – Episode #17: Linear Programming, PySimpleGUI, and More

            Are you familiar with linear programming, and how it can be used to solve resource optimization problems? Would you like to free your Python code from a clunky command line and start making convenient graphical interfaces for your users? This week on the show, David Amos is back with another batch of PyCoder's Weekly articles and projects.

          • Managing Python Environments with direnv and pyenv
          • wxPython by Example – Creating a wx.Notebook (Video)

            In this tutorial, you will learn how to add a wx.Notebook to your GUI application using wxPython. The notebook widget is how you would add a tabbed interface to your application.

          • 12+ Free (or Low-Cost) Websites to Empower Your Programming Education

            Although we still talk about programming as a standalone career, the dominance of technology in our lives makes it clear that coding is much more than a career path. In my opinion, computer science is more than a college major or a high-paid job - it’s a skill, essential for thriving in a modern-day economy.

            Regardless of what you want to do for a living - work in healthcare, marketing, business, or other fields - you will see more coding and have to deal with the growing number of technologies throughout your entire life.

            Now that we live in a tech-driven world, asking “Should I learn to program” is almost synonymous with “Should I learn to speak, read, or count?”. The short answer is: yes.

            How to start your journey in coding? The good news is, there are plenty of resources to support you all the way through. To save you the trouble of looking them up and choosing the right ones, I created my list of learning platforms that offer well-rounded programming education and help you stay competitive on the job market.

            Here are 12+ useful educational resources every coding student should check out.

          • A Hundred Days of Code, Day 003 - Methods

            My understanding about methods? They are functions in classes that help me manipulate the data the objects contain when they are created.

            I have been using something them subconsciously all along. The __init__ method, that is called/run automatically every time an object is created.

          • Another try at a new Python module for OpenPGP aka johnnycanencrypt

            Using OpenPGP from Python is a pain. There are various documentation/notes on the Internet explaining why, including the famous one from isis agora lovecraft where they explained why they changed the module name to pretty_bad_protocol.

            sequoia-pgp is a Rust project to do OpenPGP from scratch in Rust, and as library first approach. You can see the status page to see how much work is already done.

            Using this and Pyo3 project I started writing an experimental Python module for OpenPGP called Johnny Can Encrypt.

          • PSF GSoC students blogs: Weekly Check-in #4
  • Leftovers

    • Health/Nutrition

      • How will the FDA’s new COVID-19 vaccine guidance affect development efforts?

        The FDA’s June 30 guidance broadly details the agency’s requirements for clinical trials of COVID-19 vaccines. These include considerations for trials’ designs and subject populations, measures of efficacy, statistical considerations, and safety thresholds, among other requirements. Notably, the guidance is the first from the FDA to establish such measures for a COVID-19 vaccine specifically. Besides providing vaccine developers, well, guidance for vaccine development, guidances issued early in the development process also bind the FDA to its own evidentiary mast against the siren song of political pressure. (In this way, guidances, too, can serve as an instrument in augmenting public trust.)

        The guidance clearly specifies current areas of scientific uncertainty and expresses what evidence the agency is looking for and how to obtain it. For example, the guidance admits that “[u]nderstanding of SARS-CoV-2 immunology, and specifically vaccine immune responses that might predict protection against COVID-19, is currently limited and evolving”—and, as a consequence, the goal of COVID-19 vaccine trials is not necessarily to demonstrate immunogenicity but “efficacy in protecting humans from SARS-CoV-2 infection and/or disease.”

        More specifically, the June 30 guidance notes a preference for vaccine trials with a 1:1 randomization of vaccine candidate:placebo, rather than trials investigating multiple different treatment arms. It also encourages following up with study participants for “at least” one or two years to determine the length of protection provided by the vaccine as well as to watch for potential adverse events. And the guidance suggests using a lab-confirmed SARS-CoV-2 infection as a trial’s primary endpoint, with incidences of severe COVID-19 as at least a secondary endpoint. The guidance also acknowledges the racial disparity in COVID-19 outcomes by “strongly encouraging” enrolling racial and ethnic minorities in any vaccine clinical trials. Developing a vaccine that is less effective when administered to Black patients, for example, would only exacerbate differential COVID-19 outcomes and contribute to health inequities.

        More controversially, however, the guidance pegs studies’ primary efficacy endpoint at “at least 50%”—a far cry from the 90%+ efficacy for vaccines against polio or HPV. This means, of course, that at least some vaccinated individuals (including high-risk individuals) would become infected. At the same time, an efficacy endpoint of 50% is not unheard of for vaccine development, and is used routinely for seasonal influenza vaccines. In cases like the flu, the goal is not necessarily to inoculate everyone, but to flatten the curve enough (i.e., to bring down R0) so that transmission is effectively halted. Mandating a coronavirus vaccine to demonstrate 90%+ efficacy while the pandemic rages would be allowing the perfect to be the enemy of the good.

        [...]

        The legal and policy issues arising in the context of vaccines for COVID-19 are not entirely unique to the vaccine context. The federal government has already faced questions around the FDA’s approval standards, regulating in the face of uncertainty, and ensuring access to other new healthcare technologies for COVID-19, such as drugs and diagnostics. But the particular facts underlying the development of new vaccines counsel in favor of solutions to this problem that differ from those the federal government has already considered. Now, several months into COVID-19’s spread into the United States, federal policymakers should work to ensure that plans specifically encouraging innovation into and access to vaccines are developed and implemented.

      • Fauci: United States 'is in the middle, right as we speak, of a very serious problem.'

        Living with the coronavirus until a vaccine is developed will require unprecedented community engagement along with onerous individual sacrifices for the common good, global infectious disease experts said Friday at the first major conference on COVID-19.

        International authorities have figured out how to co-exist with the virus and keep it contained. But that takes enormous effort, and many countries — most notably the United States — are flailing, said Dr. Anthony Fauci, the nation’s top infectious disease expert.

        “What we saw before us was the somewhat frightening but nonetheless real emergence of a true global pandemic,” said Fauci of the emergence of the new coronavirus in December and January — and the alarmingly explosive increase in cases worldwide.

        “It just went on and on and got worse and worse. And worse,” he said, clicking through slides showing the spread of disease across the globe in his virtual presentation Friday morning. “There were responses that were sometimes favorable, in that countries got it under control. But my own country is in the middle, right as we speak, of a very serious problem.”

      • ‘People would have starved’: how young volunteers saved Melbourne’s towers

        With officials failing to provide adequate food or care to people living in COVID-19 lockdown of public housing in Melbourne, the job of looking after the community fell to young volunteers.

    • Integrity/Availability

      • Proprietary

        • Malware in Proprietary Software - Latest Additions

          The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

          The introduction of unjust techniques in nonfree software, such as backdoors, DRM, tethering and others, has become ever more frequent. Nowadays, it is standard practice.

          We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

        • Pseudo-Open Source

          • Privatisation/Privateering

            • Linux Foundation

              • Linux Foundation launches Community Specification for creating standards and specifications [Ed: This misses the point that the Linux Foundation outsourced this to Microsoft (Github) proprietary software and monopoly]

                According to the Linux Foundation, Open Standards are “specifications made available to the public, developed, and maintained via an inclusive, collaborative, transparent, and consensus-driven process.” These standards allow for interoperability and data exchange among different products or services.

                The Linux Foundation believes it’s important to have a standards project because items like due process, balance, inclusiveness, and intellectual property clarity are important for developing open-source projects, and a standards project ensures there aren’t any surprises regarding intellectual property down the line.

                “The Community Specification builds on these best practices and brings them to the Git repository development environments that developers are already using. And it makes it easy to get started. You can start using the Community Specification by bringing its terms into your repository and getting to work — just like starting an open source project,” the Linux Foundation wrote.

        • Security

          • Security updates for Friday

            Security updates have been issued by Fedora (curl, LibRaw, python-pillow, and python36), Mageia (coturn, samba, and vino), openSUSE (opera), and Ubuntu (openssl).

          • Comparing 3 Great Web Security Books

            I thought about using a clickbait title like “Is this the best web security book?”, but I just couldn’t do that to you all. Instead, I want to compare and contrast 3 books, all of which I consider great books about web security. I won’t declare any single book “the best” because that’s too subjective. Best depends on where you’re coming from and what you’re trying to achieve.

          • Hardening Firefox against Injection Attacks – The Technical Details

            In a recent academic publication titled Hardening Firefox against Injection Attacks (to appear at SecWeb – Designing Security for the Web) we describe techniques which we have incorporated into Firefox to provide defense in depth against code injection attacks. Within this blogpost we are going to provide insights into the described hardening techniques at a technical level with pointers to the actual code implementing it. Note that links to source code are perma-linked to a recent revision as of this blog post. More recent changes may have changed the location of the code in question.

            [...]

            Firefox ships with a variety of built-in pages, commonly referred to as about: pages. Such about: pages allow the user to view internal browser information or change settings.

            If one were able to inject script into a privileged about: page it would represent a complete browser takeover in many cases. To reduce this injection attack surface, we apply a strong Content Security Policy (CSP) of default-src chrome: to all about: pages. The applied CSP restricts script to only JavaScript files bundled and shipped with the browser and accessible only via the Firefox internal chrome:// protocol. Whenever loading any kind of JavaScript, Firefox internally consults its CSP implementation by calling the function ShouldLoad() for external resources, or GetAllowsInline() for inline scripts. If the script to be executed is not allow-listed by the added CSP then Firefox will block the script execution, rendering the code injection attack obsolete.

            Further, we verify that any newly added about: page within Firefox exposes a strong CSP by consulting the function AssertAboutPageHasCSP(). This function basically acts as a commit guard to our codebase and ensures that no about: page makes it into the Firefox codebase without a strong CSP.

            Before we started to protect about: pages with a CSP we faced a bug where text and markup controlled by a web application was reused in a permission prompt, which led to a Universal Cross-Site Scripting (UXSS) attack in the browser interface (CVE-2018-5124). These scripts run with elevated privileges that get access to internal APIs and can result in a full system compromise. What raises the severity of such bugs is the high-level nature of the vulnerability and the highly deterministic nature of the exploit code which allowed comparably trivial exploitation.

    • Civil Rights/Policing

      • What’s behind the mass protests in Mali?

        Protesters took to the streets of Mali’s capital on Friday afternoon for the latest in a series of mass demonstrations calling for the resignation of President Ibrahim Boubacar Keita, who has struggled to stem rising jihadist and inter-communal violence in northern and central parts of the country after seven years in power.

        Malian analysts say the protests – which began last month – represent the most serious threat 75-year-old Keita, commonly known as IBK, has faced since he was elected president a year after a military coup helped extremist groups take control of large chunks of Mali’s desert north.

        Political tensions have been rising across Mali since a disputed legislative election in March. Some of the results were later overturned by the country’s constitutional court in a decision that was perceived to benefit Keita’s party, sparking protests in different cities.

        Ibrahim Maïga, a Bamako-based researcher at the Institute for Security Studies said the protests have since grown to encompass a broader set of concerns among Malians, in particular a “dissatisfaction linked to the deterioration of the security situation” in the country.

        “This protest movement... was able to crystallise the disappointments, anger, and frustrations of many Malians,” said Maïga.

    • Monopolies

      • Patents

        • USPTO Grants

          For patent issuance, we are just over 1/2 way through the calendar year after passing through 27 of 52 tuesdays. (The USPTO always releases newly issued patents on Tuesday morning just after midnight). The chart below shows the number of utility patents issued per calendar year for the past decade. For 2020, the blue portion shows thus-far in 2020 and the orange forecasts the rest of 2020 based upon the year thus far.

        • New Federal Circuit Appeal Claims PTAB Unconstitutional Because Of Fee Funding—But Ignores The Patent Examination Process

          New Vision argues that, because a portion of the PTAB’s budget depends on post-institution fees that are only collected if the proceeding is instituted, the judges are biased towards institution. But this argument ignores the cost of the work performed by PTAB judges after institution. As a fee-funded agency, the USPTO is supposed to recover the entirety of its costs through the fees it charges, with the fees being commensurate with the costs. Fortunately, the USPTO publishes a unit-cost breakdown of major aspects of everything it does—including IPRs and other AIA trial proceedings.

          The USPTO receives $15,500 pre-institution when an IPR request is filed, but it costs the agency $15,922 to complete all of the work through the institution decision. If instituted, the IPR costs the agency $16,206 to complete the work, but the USPTO only collects $15,000. In other words, if PTAB judges were driven by financial considerations of the agency, the financial incentive would actually be to deny institution, because every grant of institution actually represents a net loss to the agency and there’s no possibility of appeal of a denied institution.

          If PTAB judges are responding to financial incentives, we would expect the institution rate to be artificially low, not high, meaning that a petitioner might have a viable challenge, but New Vision does not.

          [...]

          So if structural financial incentives create due process violations, as New Vision alleges in their appeal, then the entire patent granting process is suspect.

          Every patent in force is a potential due process violation.

          And every patent defendant in existence would bring a due process defense, claiming that the patent granting process deprived them of their liberty to create without receiving due process of law because of the financial incentives of examiners and the USPTO to grant patents.

        • Vaporize your Fingerprints: Toyota’s Invention Inherently Obvious

          Toyota’s US8394618 covers a method of removing fingerprints using a lipase “capable of enzymatically degrading a component of the fingerprint” by vaporization.

          Reactive had previously attempted to trigger an interference proceeding at the PTO and then unsuccessfully sued in Federal Court to have the patent rendered unenforceable (or to transfer ownership rights). Those approaches failed.

          This inter partes review is what worked. After granting the IPR petition, the Board conducted a trial and then issued a Final Written Decision that the challenged claims were unpatentable as obvious.



Recent Techrights' Posts

EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
 
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024
Gemini Links 21/11/2024: Alphabetising 400 Books and Giving the Internet up
Links for the day
Links 21/11/2024: TikTok Fighting Bans, Bluesky Failing Users
Links for the day
Links 21/11/2024: SpaceX Repeatedly Failing (Taxpayers Fund Failure), Russian Disinformation Spreading
Links for the day
Richard Stallman Earned Two More Honorary Doctorates Last Month
Two more doctorate degrees
KillerStartups.com is an LLM Spam Site That Sometimes Covers 'Linux' (Spams the Term)
It only serves to distract from real articles
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 20, 2024
IRC logs for Wednesday, November 20, 2024
Gemini Links 20/11/2024: Game Recommendations, Schizo Language
Links for the day
Growing Older and Signs of the Site's Maturity
The EPO material remains our top priority
Did Microsoft 'Buy' Red Hat Without Paying for It? Does It Tell Canonical What to Do Now?
This is what Linus Torvalds once dubbed a "dick-sucking" competition or contest (alluding to Red Hat's promotion of UEFI 'secure boot')
Links 20/11/2024: Politics, Toolkits, and Gemini Journals
Links for the day
Links 20/11/2024: 'The Open Source Definition' and Further Escalations in Ukraine/Russia Battles
Links for the day
[Meme] Many Old Gemini Capsules Go Offline, But So Do Entire Web Sites
Problems cannot be addressed and resolved if merely talking about these problems isn't allowed
Links 20/11/2024: Standing Desks, Broken Cables, and Journalists Attacked Some More
Links for the day
Links 20/11/2024: Debt Issues and Fentanylware (TikTok) Ban
Links for the day
Jérémy Bobbio (Lunar), Magna Carta and Debian Freedoms: RIP
Reprinted with permission from Daniel Pocock
Jérémy Bobbio (Lunar) & Debian: from Frans Pop to Euthanasia
Reprinted with permission from Daniel Pocock
This Article About "AI-Powered" is Itself LLM-Generated Junk
Trying to meet quotas by making fake 'articles' that are - in effect - based on plagiarism?
Recognizing invalid legal judgments: rogue Debianists sought to deceive one of Europe's most neglected regions, Midlands-North-West
Reprinted with permission from Daniel Pocock
Google-funded group distributed invalid Swiss judgment to deceive Midlands-North-West
Reprinted with permission from Daniel Pocock
Gemini Links 20/11/2024: BeagleBone Black and Suicide Rates in Switzerland
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 19, 2024
IRC logs for Tuesday, November 19, 2024