Language Selection

English French German Italian Portuguese Spanish

Techrights

Syndicate content
Free Software Sentry – watching and reporting maneuvers of those threatened by software freedom
Updated: 3 hours 46 min ago

Patent Troll Finjan Manages to Defend a Patent (on Appeal) and the Trolls’ Lobby is Loving It

Saturday 13th of January 2018 04:26:05 PM

Summary: Blue Coat (now owned by Symantec) has attempted — and failed — to invalidate all of Finjan’s patents using Section 101/Alice; those who are in the business of trolling view that as particularly good news because the judgment came from Timothy Dyk and Todd Hughes (much younger and appointed a few years ago)

THE USPTO had granted software patents far too easily before Alice, so in recent years we saw a lot of patent trolling from the likes of Finjan (such trolling is drying up over time, owing to courts’ decisions which repel further action).

The high-profile patent trolls and their supporters were glad to see that, for a change, after a case reached the Court of Appeals for the Federal Circuit (CAFC) the troll got its way. To give one example: “Finjan v Blue Coat Federal Circuit 1/10/18 reverses-in-part because as to 1 of 4 patents, patentee “failed to apportion damages to the infringing functionality”; court also agrees with def that “$8-per-user royalty rate was unsupported by substantial evidence.”

“Just because Alice isn’t applicable in certain cases doesn’t mean much; sometimes that is just the case.”Another one wrote: “The patentable subject matter ruling is interesting, and also because the opinion was authored by Judge Dyk, and joined by Judge Hughes, both of whom have a pronounced history of finding claims ineligible.”

Another proponent of trolls called them “anti-patent jurists” (as if being selective or expecting high quality makes one “anti-patent”). “But didn’t Dyk and Hughes,” he said, “two of the most anti-patent jurists on the Federal Circuit decide that at least some claims were patent eligible under 101?”

“Turns out that this decision is likely to be cited a lot in the future.”They try to personify it… at least they don’t resort to sexual orientation slant like corporate media does [1, 2].

Just because Alice isn’t applicable in certain cases doesn’t mean much; sometimes that is just the case. “Section 101″ isn’t always a winning argument, obviously…

Media of the patent microcosm covered this 3 days ago. It said:

The U.S. Court of Appeals for the Federal Circuit on Wednesday upset a $39.5 million award in long-running patent litigation between Finjan Inc. and Blue Coat Systems Inc., causing a San Jose federal judge to throw the brakes on another ongoing trial between the cybersecurity rivals.

Turns out that this decision is likely to be cited a lot in the future. “Finjan v Blue Coat Syst (Fed. Cir. 2018) PRECEDENTIAL,” said the above person. “Claims Directed to Computer Virus Detection Held Patent Eligible under 101; Other Issues in Decision: http://www.cafc.uscourts.gov/sites/default/files/opinions-orders/16-2520.Opinion.1-8-2018.1.PDF …”

“Finjan sued the enabler of the EPO’s police state (surveillance and censorship), but we ought to leave that aspect aside in the context of patents.”We don’t have much sympathy for Blue Coat in particular; what we see here one evil firm against another evil company (the latter at least makes and sells something). Finjan sued the enabler of the EPO's police state (surveillance and censorship), but we ought to leave that aspect aside in the context of patents.

Nicole R. Townes and Daniel Kiang from Knobbe Martens took the time to write about it. “After a bench trial,” they said, “the district court concluded that one of the asserted patents is directed to patent-eligible subject matter under Section 101.”

CAFC did not agree about all 4 patents. This is the key part: “With respect to patent-eligibility, the Federal Circuit affirmed the district court’s finding that the claims were not directed toward an abstract idea for two reasons. First, the claims were drawn to behavior-based virus scanning which analyzes a downloadable’s code and determines whether it performs potentially dangerous or unwanted operations. This was different than the traditional method of code-matching virus scanning. The Federal Circuit determined that this was an improvement in computer functionality. Second, the results of the behavior-based virus scan are attached to a new type of file which enables a computer security system to perform tasks that it could not do before. Also, the claims recited more than a mere result and provided specific steps of generating a security profile that identifies suspicious code and links it to a downloadable.”

That’s just software patents.

There might even be another trial. To quote: “The Federal Circuit found that Finjan failed to present a damages case for one of the asserted patents that could support the jury’s verdict and remanded for a determination of whether Finjan waived its right to establish reasonable royalty damages under a new theory and whether to order a new trial on damages.”

“IBM — like Microsoft — is literally in the business of fueling patent trolls these days.”What is also interesting about this case is that there are ramifications for Symantec (Finjan is suing just about the whole security industry, except Microsoft, as it is deeply connected to Finjan).

The Symantec connection is explained here in relation to another Microsoft-connected troll, Intellectual Ventures.

The year’s first substantive patent-eligibility decision from the Federal Circuit is a rare victory for the patentee. It is also further evidence that the outcome of an eligibility analysis may be more dependent upon how the analysis is carried out than the actual language of the claims under review.

[...]

The Court began by distinguishing Finjan’s claim with those of Intellectual Ventures I LLC v. Symantec Corp., where the Court concluded that “by itself, virus screening is well-known and constitutes an abstract idea.” Particularly, claim 1 (as construed) requires that “the security profile includes details about the suspicious code in the received downloadable, such as . . . all potentially hostile or suspicious code operations that may be attempted by the Downloadable.” Thus, “[t]he security profile must include the information about potentially hostile operations produced by a behavior-based virus scan.” In this light, the claimed invention is distinguishable from traditional virus scans that look for previously identified patterns of suspicious code in executable programs.

Here’s a new report which suggests that the above possibley leads to mistrial:

A California federal judge on Wednesday granted Symantec unit Blue Coat’s request for a mistrial in a cybersecurity patent infringement case brought by Finjan, saying a just-issued Federal Circuit decision striking damages in a related case called for a fresh jury, free from certain impressions about damages and willfulness issues.

The presiding judge said she agreed with concerns expressed by Symantec-acquired Blue Coat Systems that the Federal Circuit’s opinion in the prior case affects many of the issues that have been discussed in the current trial…

As we noted in our previous post, IBM was helping the troll last year. IBM — like Microsoft — is literally in the business of fueling patent trolls these days. When these trolls are indebted to IBM and Microsoft they will sue neither; instead, they’re more likely to sue IBM’s and Microsoft’s competitors. That may be an implicit if not explicit part of their agreement.

Top Rank at USPTO Goes to the Biggest Patent Bully, IBM

Saturday 13th of January 2018 03:18:40 PM

Does the US want a patent bully as a flag bearer of its patent system?



Photo source (modified slightly): The 10 Most Powerful Women in Technology Today

Summary: With 2017 figures coming to light (and to the mainstream/corporate media), we scrutinise what has received the most attention and why it’s detrimental to the reputation of the US patent system

THE USPTO, formerly run by a former IBM employee (and current IBM lobbyist for software patents), does no favour to its reputation. David Kappos still working as a lobbyist contributes to the perception of “revolving doors” or brokering.

The latest figures from the USPTO reaffirm such perceptions; there were two angles in corporate media this past week, one being China/India (nationality) and another IBM (by firm). The firm behind the figures wrote that “Chinese companies increased their US #patent count by 28% in 2017 from 2016.”

Here is the original page and the press release that said “IFI CLAIMS Announces 2017 Top U.S. Patent Recipients”.

Michael Loney, apparently visiting Hong Kong this month, wrote: “A record number of patents were granted by the USPTO last year, according to the 2017 IFI Claims US Top 50.”

“China is among top 5 U.S. patent recipients for first time,” said this headline from official/state media in China (the English-speaking site).

“China Becomes One of the Top 5 U.S. Patent Recipients for the First Time,” said Wall Street media, which also focused on nationality of applicants.

Chinese inventors received 11,241 U.S. patents last year, a 28 percent increase over the same period in 2016, according to a report released Tuesday by IFI Claims Patent Services, a unit of Fairview Research LLC. That propels the nation into the top five recipients for the first time, behind the U.S., Japan, Korea and Germany, but ahead of Taiwan.

A lot of it was a PR exercise from IFI and IAM played along with blog posts like this one (“Patents no barrier to Chinese smartphones in the US market”). “For licensors,” it said, “it means that aside from Apple and Samsung, a big swathe of the world’s biggest mobile device sellers simply won’t see the US as a critically important market. That means any effort to enforce patents against them will be most effective somewhere else.”

Most of the press coverage, however, was not about nations but about firms. We did a comprehensive media survey and found that dominant headlines stated things like “IBM Breaks Patent Record in 25th Straight Year as Number One” and “IBM led on patents in 2017, Facebook broke into top 50 for the first time” (Samsung 2nd, Canon 3rd). As IBM has outsourced or sent overseas many jobs, there were also headlines such as “India 2nd largest contributor to IBM’s over 9,000 patents in 2017″ and “IBM tops US patent list in 2017, Indian arm among major contributors”.

9,043 US patents for IBM just this past year. While the company is suing a lot of companies or compelling them to pay 'protection' money to avoid litigation. The USPTO is debased due to this tendency to just sue aplenty, but thankfully the courts have become tougher. Watchtroll wrote this:

IBM inventors received a record number of U.S. patents in 2017, again blowing past their own previous record to sail past 9,000 issued patents. The 9,043 U.S. patents issued to IBM in 2017 represents an average of nearly 25 patents a day. These 9,043 U.s. patents were granted to a diverse group of more than 8,500 IBM researchers, engineers, scientists and designers in 47 different U.S. states and 47 countries.

Imagine that; “25 patents a day” (recall what journalist Dan Gillmor recently said about that; he said that IBM “basically invented patent trolling and employs platoons of patent lawyers”).

So IBM has not much to show now but patents and patent deals/settlements. As if IBM becoming a kind of troll is somehow good for its reputation…

Our next post will revisit Finjan, a very notorious patent troll that IBM fed patents into as recently as last year.

“IBM has no choice,” IAM said. “Imagine the headlines if it ever fell off top place. It could well make a material difference. That may not be a great position to be in.”

Well, IBM used to be known if not renowned/famous for its very many patents. Nowadays it’s known for a lot of patent aggression, so the more patents it gets granted, the worse off society/industry will be.

Dr. Derk Visser’s Book About the European Patent Convention (EPC) Explains What Battistelli Has Done

Saturday 13th of January 2018 01:20:35 PM

The Annotated European Patent Convention


“The 25th edition,” says the reference page, “updated up until 15 November 2017, was published on 18 December 2017.”

Summary: With quality of European Patents (EPs) and of EPO staff in rapid decline if not a freefall, we look back at the best-selling book from Visser, who warned that the Council/Organisation and the Office would “have other priorities than the role of law” if the Boards don’t enjoy true independence (which they no longer do)

EARLIER today we found this British law firm promoting the EPO for assessment of patent validity; but people say that the EPO has become a lot worse/inferior even to the Spanish patent office (which isn’t particularly renowned) and leaks have already shown that the EPO is not reliable for this kind of service because quantity is the mantra under Battistelli.

This has got to be a joke, but here is what they say:

In Europe, opposition at the EPO can be a cost-effective, time-efficient way to centrally challenge a granted European patent. There is a time limit for filing an opposition at the EPO, and if you miss that then each national patent derived from the European patent must instead be attacked individually according to national law. This can result in increased cost, time and effort compared to opposing the patent centrally at the EPO. Importantly, there is no estoppel in European National Courts based on opposition at the EPO.

What good is an assessment of patent validity that isn’t a good assessment? Mr. Herrnst can deny to himself (and in private meetings) that Battistelli destroyed patent quality, but the reality is hard to hide (Battistelli last lied about it some days ago as he heavily depends on that lie).

“So either Visser foresaw Battistelli or someone added it to the latest edition.”With Herrnst and Battistelli basically protecting each other (Herrnst is just another Kongstad so far), what chance is there for the Boards to become independent and actually add much-needed staff that can work independently and not punished/bullied like Patrick Corcoran?

Rule 12b in the above book says “it should be noted that the administrating council and the President of the EPO have decisive roles in a committee that monitors the independence of the Boards whereas both have shown on several occasions to have other priorities than the role of law…”

So either Visser foresaw Battistelli or someone added it to the latest edition. Either way, the EPC is now officially in crisis. Visser’s latest article (co-authored) is titled “A hope to succeed – are the EPO Guidelines misleading?”

Late on a Friday is a Good Time to Spread Misinformation About Unified Patent Court (UPC) Without Being Challenged

Saturday 13th of January 2018 12:45:47 PM

Shoot first, ask questions later (then run and hide)

Summary: The new document from Winfried Tilmann et al (Team UPC) is being defended by Team UPC not only by publicly attacking UPC critics (like the complainant) but also blogs critical of the UPC

OPEN debates or communications are generally essential. Democracy necessitates those. So it’s a shame that in multiple blogs other than its own Bristows is deleting comments about the UPC (its own blog does not allow comments at all). Such is the nature of Team UPC; it’s insular, leaning towards censorship, and cryptic/secretive. Because if only the public knew what it was really up to…

“Such is the nature of Team UPC; it’s insular, leaning towards censorship, and cryptic/secretive.”A couple of days ago we wrote about German UPC proceedings and we beat Team UPC to it, owing to pointers/tips from readers. This seems to have really upset Team UPC, which wanted to control the narrative of this release and treat a bunch of self-serving barristers as neutral or independent domain experts. Some people from Team UPC tried to heckle me publicly. They even use the word “conspiracy” (it’s not a word that I used). Maybe they try to associate truths about the UPC with “conspiracy theory” in order to discredit those truths. Whatever it is, all we’ve said was factual. They did not rebut a single argument. They don’t care that the UPC is neither desirable… nor legal… nor constitutional. All they care about is what fattens their wallet. Some were throwing personal attacks at me and calling “ad hominem” my blog post that does not name anyone but Tillman (very briefly at the top). What are these people even hoping to accomplish? A few weeks ago we noted that they had already begun personal attacks on the complainant himself; all this while moaning that he was keeping his identity secret for a number of months (who can blame him, especially gives those personal attacks he must have foreseen)?

We urge readers to check this whole ‘debate’ from start to finish; it’s Team UPC which operates like some sort of cult in secret events and funding that can sometimes be traced back to the EPO. It’s them who habitually dish/throw insults at those who stand in their way.

“We urge readers to check this whole ‘debate’ from start to finish; it’s Team UPC which operates like some sort of cult in secret events and funding that can sometimes be traced back to the EPO.”One of them has just published this blog post for a firm that stands to benefit from the UPC and pushes for it not only in the UK but also in other countries. And as usual, late on a Friday (sometimes Saturday), such pro-UPC pieces are published, hoping for lack of comment (i.e. challenge) altogether until Monday (or Monday moderation). They seem to have begun publishing these anonymously as they don't wish to be held accountable for misinformation. It probably won’t be long (expect Monday morning) before some rebuttal is posted in the comments (3 days after the original was posted, i.e. no audience to witness the comment/s).

Here we have a copy, posted by a UPC proponent and likely chosen by Bristows (“Kluwer Patent Blogger”) as it suited the agenda, lobbying for his firm/his pockets at Europe’s expense. A day later, still no comment, which is unusual except when there’s pro-UPC stuff during the weekend (all comments automatically go through moderation). It says this: “The constitutional complaint which was filed last year against German ratification of the Unified Patent Court Agreement, has been shrouded in secrecy. The complaint has not been published, nor the observations about the case, which the German Federal Constitutional Court (FCC) requested from goverment and a series of other organizations. Professor Winfried Tilmann gave his personal view on this blog and two days ago, The German Bar Association published its findings (co-authored by Tilmann) as well. Dr Alex Robinson, associate at Dehns, wrote an article about the developments, which Kluwer IP Law is happy to republish here as a guest post.”

“Their presence, which depends on money flow, is a tax on real (operating/producing) firms in Europe.”It is always amusing to see Team UPC attempting to accuse the complainant of secrecy; it’s an old strategy wherein one attributes (im)moral equivalence to one’s opposition in order to distract — sometimes pro-actively — from one’s own. It’s quite frankly laughable.

It’s not hard to imagine who promotes the above document and post. It’s promoted by Weber , “UPC tracker” (Thomas Adam, “Patent litigation aficionado,” by his very own bio of himself) and other UPC pushers; and by the way, to simply name people is not unethical; we are attempting to show that UPC advocacy comes from the same heavily-vested cabal that stands to benefit from UPC and played a role in creating it for self-enrichment. Many are litigation firms. If the UPC’s demise leads to many layoffs in such firms, then good riddance. Their presence, which depends on money flow, is a tax on real (operating/producing) firms in Europe.

The Patent Trolls’ Lobby is Happy That Rep. Darrell Issa is Leaving Because He Fought Against Patent Trolls

Saturday 13th of January 2018 11:49:17 AM

A badge of honour, coming from the likes of them…


Photo in the public domain, via Wikipedia

Summary: Darrell Issa, a man of patent reform in the United States, seems to be ending his political career and patent parasites are jubilant about it

Darrell Issa, who stood for PTAB and was repeatedly attacked by patent propagandists, will not seek reelection.

The news was barely notable enough for general news sites to cover. So who covered it? The patent propagandists of course…

Watchtroll continues its political witch-hunts, this time against Congressman Darrell Issa, who promoted good patent reform.

“The news was barely notable enough for general news sites to cover. So who covered it? The patent propagandists of course…”Paul Morinville, who is a liar and patent extremist, also reared his ugly head, trying to push his Watchtroll lunacy into Patently-O which instead wrote: “I received a funny email from Paul Morinville’s US Inventor group stating that “Thousands of US inventors are applauding Rep. Darrell Issa‘s decision to not run for re-election in California’s 49th district, and they’re hopeful his replacement will fix the job-killing problems the Congressman caused by weakening the nation’s patent system.””

Nonsense. Liar. He could not even pull together a protest of more than a dozen people.

As Patently-O then noted, “Issa is a listed inventor on dozens of patents (utility + design) related to the car alarm company he founded. This background meant that Issa was both knowledgeable and interested in the U.S. patent system.”

“He did a good job and he will be remembered for his role restoring some patent sanity in the United States.”Issa and also Patently-O are now being heckled by Conservative think tanks with trolls’ apologists like Adam Mossoff (he’s not a mere staffer). Those are parasites. Not people who themselves invented or developed anything. They’re more like lobbyists. They lobby for software patents and the interests of patent trolls down in Texas.

Other patent zealots came out with strongly-worded remarks such as “Good Riddance Rep. Issa.” And also “Ding Dong, Darrell Issa’s Gone.”

How very mature. But Issa should rest assured that being mocked by those horrible people is actually a badge of honour. He did a good job and he will be remembered for his role restoring some patent sanity in the United States.

Links 12/1/2018: New *buntu ISOs. KDE Applications 17.12.1

Saturday 13th of January 2018 12:16:43 AM

Contents GNU/Linux
  • Server
    • Thinking Concurrently: How Modern Network Applications Handle Multiple Connections

      The idea behind a process is fairly simple. A running program consists of not only executing code, but also data and some context. Because the code, data and context all exist in memory, the operating system can switch from one process to another very quickly. This combination of code + data + context is known as a “process”, and it’s the basis for how Linux systems work.

      When you start your Linux box, it has a single process. That process then “forks” itself, such that two identical processes are running. The second (“child”) process reads new code, data and context (“exec”), and thus starts running a new process. This continues throughout the time that a system is running. When you execute a new program on the command line with & at the end of the line, you’re forking the shell process and then exec’ing your desired program in its place.

    • New Purist Services – Standard Web Services Done Ethically

      When you sign up for a communication service, you are typically volunteering to store your personal, unencrypted data on someone else’s remote server farm. You have no way of ensuring that your data is safe or how it is being used by the owner of the server. However, online services are incredibly convenient especially when you have multiple devices.

    • Automated compliance testing with InSpec

      Don’t equate compliance through certification with security, because compliance and security are not the same. We look at automated compliance testing with InSpec for the secure operation of enterprise IT.

    • How the Kubernetes Certification Ensures Interoperability

      Dan Kohn, executive director of the Cloud Native Computing Foundation, has called the launch of the new Kubernetes service provider certification program the most significant announcement yet made by the Foundation around the open source container orchestration engine.

      On this new episode of The New Stack Makers from KubeCon + CloudNativeCon 2017, we’ll learn more from Kohn and William Denniss, a product manager at Google, about how the program can help ensure interoperability and why that’s so important.

    • Container Structure Tests: Unit Tests for Docker Images

      Usage of containers in software applications is on the rise, and with their increasing usage in production comes a need for robust testing and validation. Containers provide great testing environments, but actually validating the structure of the containers themselves can be tricky. The Docker toolchain provides us with easy ways to interact with the container images themselves, but no real way of verifying their contents. What if we want to ensure a set of commands runs successfully inside of our container, or check that certain files are in the correct place with the correct contents, before shipping?

    • Prometheus vs. Heapster vs. Kubernetes Metrics APIs

      In this blog post, I will try to explain the relation between Prometheus, Heapster, as well as the Kubernetes metrics APIs and conclude with the recommended way how to autoscale workloads on Kubernetes.

    • Google Introduces Open Source Framework For Testing Docker Images

      Google has announced a new framework designed to help developers conduct unit tests on Docker container images.

      The Container Structure Test gives enterprises a way to verify the structure and contents of individual containers to ensure that everything is as it should be before shipping to production, the company said in the company’s Open Source blog Jan. 9.

      Google has been using the framework to test containers internally for more than a year and has released it publicly because it offers an easier way to validate the structure of Docker containers than other approaches, the company said.

  • Kernel Space
    • Systemd 237 Will Have Support For WireGuard

      The next release of systemd, v237, will introduce support for WireGuard. WireGuard as a reminder is the effort to provide a fast, modern and secure VPN tunnel that eventually plans to be part of the mainline Linux kernel.

      Systemd’s networkd component recently merged patches for supporting WireGuard that have been in the works since September 2016. From the systemd perspective it’s implementing support for the new “wireguard” interface type and supporting key management.

    • Some Of The Other Changes Slated For Linux 4.16

      There’s still a week and a half to go until the Linux 4.15.0 stable kernel release is expected and that rings in the Linux 4.16 merge window. On top of various Linux 4.16 changes already talked about, here’s a look at some of the other kernel features/additions expected for this next release cycle.

    • Linux Foundation
      • SPDX clears confusion around software licenses

        Around this time every year, our minds turn to copyright. Or maybe they turn more to copyright. After all, open source works because of copyright law. As you may already know, copyright laws give the authors of works the exclusive right to copy (among other things) their work. These rights attach as soon as the work is fixed in a tangible medium (written down, saved to disk, etc.). So the rights that open source licenses grant rely on copyright law.

        But what rights are specifically granted? That depends on which license the developer selects. Most projects use one of a few standard licenses, but they’re not always clearly communicated. For example, a project may be released under “the GNU General Public License (GPL).” But which version? And can the recipient choose a later version if they wish?

        The Software Package Data Exchange (SPDX) is a Linux Foundation project to help reduce the ambiguity of software by defining standards for reporting information. The license is one such piece of information. SPDX provides a format for listing the specific license variant and version that applies to a software package. With over 300 licenses, you’re likely to find the one you use. The License List contains a human-friendly name, a short name, and a link to the full license text. SPDX also provides guidelines for matching the text of a license file to the official text of the license.

      • The Linux Foundation announces Linux on Azure training course to speed with Linux and vice versa

        The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced on Thursday the availability of a new training course, LFS205 – Administering Linux on Azure.

        A large number of the virtual machines running in Azure are utilizing the Linux operating system. Both Linux and Azure professionals should make sure they know how to manage Linux workloads in an Azure environment as this trend is likely to continue.

      • The Linux Foundation launches ‘Administering Linux on Azure’ training course

        Linux is very much mainstream nowadays. What was once viewed as a hobby and niche project, is transforming the world. Many of the world’s servers are running Linux-based operating systems. Hell, the most popular mobile operating system on the planet, Android, is Linux-based. Even closed-source champion Microsoft is embracing Linux by integrating it into Windows 10 and offering it on its Azure platform.

      • 4 Days Left to Submit Your Proposal for Open Networking Summit NA 2018

        The call for proposals deadline is quickly approaching! With more than 2000 attendees expected at this year’s event, submit before Sunday, January 14, 2018 at 11:59pm PST to share your ideas and expertise with the open networking community.

    • Graphics Stack
      • Wayland 1.15 & Weston 4.0 Planning For Release Next Month

        Ongoing Wayland/Weston release manager Bryce Harrington of Samsung’s Open-Source Group has laid out plans for the next releases of Wayland and the reference Weston compositor.

        It’s been a half-year since the release of Wayland 1.14 and Weston 3.0, so Bryce is trying to build up interest in getting out new releases in the weeks ahead.

      • NVIDIA Contributes Some New Tegra/Nouveau Patches

        It’s not any re-clocking code or magical improvements for Nouveau’s Pascal support, but on the Tegra side a NVIDIA developer has volleyed some new open-source patches.

      • Initial Intel Ice Lake PCH Support Posted
      • The Linux Graphics Stack Gets Further Meson-ized: Now With Libdrm Support

        The work on adding optional Meson build system support to the Linux graphics stack and other key open-source projects continues…

        Going back to last September has been work for Meson-izing Mesa as an alternative build system rather than Autotools, CMake, or SCons within Mesa. It’s been delivering fast results and since the initial port landed more Mesa components have become supported by the Meson build.

      • Server-Side GLVND Updated While X.Org Server 1.20 Drags On

        Adam Jackson of Red Hat has sent out the second version of the ongoing patches for providing server-side GLVND functionality for the X.Org Server.

        Most of you faithful Phoronix readers should be familiar with GLVND, the OpenGL Vendor Neutral Dispatch Library. That’s the effort led by NVIDIA and supported by others in the ecosystem for improving the “Linux OpenGL driver ABI” by allowing for multiple OpenGL drivers to happily co-exist on the same system without fighting over libGL.so. and the like. That’s been going well but server-side GLVND for the X.Org Server takes things a step further.

    • Benchmarks
  • Applications
  • Desktop Environments/WMs
    • K Desktop Environment/KDE SC/Qt
      • KDE Applications 17.12 Open Source Software Suite Gets First Point Release

        KDE Applications 17.12 is the latest and most advanced version of the open source software suite used in KDE Plasma desktop environments or independently. It was released last month on December 14 with numerous improvements and new features, including HiDPI support for Okular and Dolphin enhancements.

        Now, the KDE Applications 17.12.1 minor bugfix release is out and brings more than 20 improvements to various of the included applications like Ark, Akonadi, Dolphin, Filelight, Gwenview, KGet, K3b, Kate, Kdenlive, Kleopatra, KMix, KMahjongg, Kontact, Okteta, Okular, and Umbrello.

      • KDE Ships KDE Applications 17.12.1
      • Meet Nextcloud Talk, World’s First Self-Hosted, Encrypted Communication Platform

        Nextcloud informs Softpedia today on the general availability of Nextcloud Talk, world’s first self-hosted, enterprise-ready, and end-to-end encrypted audio/video and chat communication platform.

        Meet Nextcloud Talk, the first enterprise-ready, open-source, and end-to-end encrypted, and privacy-focused self-hosted communication technology that promises to give users full control over their data while chatting with others over the communication platform.

        Developed by Nextcloud, the biggest self-hosted and fully open source enterprise file sync and share platform, Nextcloud Talk features text chat and audio/video conferencing support, and it can be hosted on-premise, accessible from the Internet through a web browser and on your mobile device.

      • Krita 4.0 Open-Source Digital Painting Tool Enters Beta, Here’s What to Expect

        The developers of the Krita open-source and cross-platform digital painting software have released today the first beta version of the upcoming Krita 4.0 major release.

        Krita 4.0 will be the biggest update since version 3.0, and today’s first beta release gives users early access to many of its awesome new features and improvements. Right now, Krita 4.0 is in String Freeze development stage, which means that most of the major new features are already implemented.

        “We’ve officially gone into String Freeze mode now! That’s developer speak for “No New Features, Honest.” Everything that’s going into Krita 4.0 now is in, and the only thing left to do is fixing bugs and refining stuff,” reads today’s announcement.

      • This week in Usability and Productivity

        These improvements were landed by KDE Developers Kai Uwe Broulik, Albert Astals Cid, Aleix Pol, Michael Heidelbach, and myself. And that’s not all; the entire KDE community has been busy landing many more bugfixes and features too–more than I can keep track of!

        I want to especially focus on the last Discover change I mentioned above. After my last post about Discover, we got a lot of user feedback that people wanted greater density and to be able to see more apps at once.

      • New Stable Release: Krita 3.3.3

        Today we’re releasing Krita 3.3.3. This will probably be the last stable release in the Krita 3 series.

    • GNOME Desktop/GTK
      • GTK’s Vulkan Renderer Will Now Let You Pick The GPU For Rendering

        One of the features exciting us the most about GTK4 is the Vulkan renderer that will make its premiere. This Vulkan renderer continues getting worked into shape for GTK+ 4.0.

        The most recent addition to this Vulkan renderer is a means to allow specifying a device (GPU) to use for rendering, in the event of having multiple Vulkan graphics processors on the same system.

  • Distributions
    • Top 3 Linux Distributions That ‘Just Work’

      Twenty years ago, when I first started using Linux, finding a distribution that worked, out of the box, was an impossible feat. Not only did the installation take some serious mental acuity, configuring the software and getting connected to the Internet was often a challenge users were reluctant to attempt.

      Today, things are quite different. Linux now offers distributions that anyone can use, right out of the box. But, even among those distros that “just work,” some rise to the top to stand as the best in breed. These particular flavors of Linux are perfect for users hoping to migrate away from Windows or mac OS and who don’t want to spend hours getting up to speed on how the platform works, or (more importantly) making the system perform as expected.

      Read more

    • OpenSUSE/SUSE
      • openSUSE Tumbleweed Now Patched Against Meltdown/Spectre, Adopts LibreOffice 6.0

        openSUSE Project reports today through Douglas DeMaio that the openSUSE Tumbleweed software repositories have been flooded this week by four new snapshots that brought updated components and other improvements.

        According to the developer, much of the efforts of the openSUSE Tumbleweed’s maintainers were focused this week on patching the recently unearthed Meltdown and Spectre security vulnerabilities that put billions of devices at risk of attacks by allowing unprivileged attackers to steal your sensitive data from memory.

    • Red Hat Family
      • Top predictions for 2018 point toward security and innovation

        When thinking about future trends, it’s important to have a strong understanding of the important innovations impacting most sectors, and pair that understanding with an intuition around what impacts those innovations will have to most organizations in 2018.

        Innovation is crucial to federal agencies, but is muted when security becomes a factor. When it comes to impactful trends in the new year, it’s all about three things: security, security, security. Despite the fact that a Ponemon Institute study recently showed that the global average cost of a data breach is down 10 percent over previous years to $3.62 million, according CSO, the average size of a data breach increased nearly two percent. This stat signifies that security will continue to be a top concern for 2018, just as it was in 2017, and will be in 2019.

      • How inner sourcing saved our IT department

        Red Hat is a company with roughly 11,000 employees. The IT department consists of roughly 500 members. Though it makes up just a fraction of the entire organization, the IT department is still sufficiently staffed to have many application service, infrastructure, and operational teams within it. Our purpose is “to enable Red Hatters in all functions to be effective, productive, innovative, and collaborative, so that they feel they can make a difference,”—and, more specifically, to do that by providing technologies and related services in a fashion that is as open as possible.

        Being open like this takes time, attention, and effort. While we always strive to be as open as possible, it can be difficult. For a variety of reasons, we don’t always succeed.

      • Finance
      • Fedora
        • Copr Modularity in retrospect

          his article is about the journey that we made since the Fedora modularity project started and we decided to get involved and provide modularity features in Copr. It has been a long and difficult road and we are still not on its end because the whole modularity project is a living organism that is still evolving and changing. Though, we are happy to be part of it.

        • 10 Fedora Women Days across the world

          Different topics were covered during the events, not only for people already familiar with our community but especially for newcomers intrigued by the open source world and willing to join the Fedora Project. This year we presented in Guwahati, Bangalore, Tirana, Managua, Cusco, Puno, Pune, Lima, Brno and Prishtina, spreading the word about Fedora and saying thank you to all the women contributors to our project.

          Even though the events were dedicated to women, everyone of all identities were welcomed to participate or give a talk. We are glad to see how much interest there was in these events in different local communities and how successful they were, making the decision easier for us to organize them again next year.

        • The Fedora 28 Wallpaper Contest is Open for Entries

          If you’re in any way creative, and want to give something back to the Linux community, here’s your chance!

          Fedora is on the hunt for a new set of desktop wallpapers sourced from the open source community.

          The distro invites open source enthusiasts to submit their very best photographs and illustrations for possible inclusion in the add-on wallpaper pack for its next major release, Fedora 28.

        • Submit Wallpaper for Fedora 28 Supplemental Wallpaper!
        • My FLOSS​ Year in Review

          Thanks to the Fedora Project, GNOME, BacktrackAcademy and the Linux Foundation, I was able to organize FLOSS events mostly in Lima, Peru. Besides that, I did a voluntary work as speaker in FLOSS workshops and IT conference in other parts of the world, being interviewed to reach more newcomers into the challenging Linux world, and do online training.

    • Debian Family
      • Freexian’s report about Debian Long Term Support, December 2017
      • Debian/TeX Live 2017.20180110-1 – the big rework

        In short succession a new release of TeX Live for Debian – what could that bring? While there are not a lot of new and updated packages, there is a lot of restructuring of the packages in Debian, mostly trying to placate the voices that the TeX Live packages are getting bigger and bigger and bigger (which is true). In this release we have introduce two measures to allow for smaller installations: optional font package dependencies and downgrade of the -doc packages to suggests.

      • Derivatives
        • Canonical/Ubuntu
          • Ubuntu 17.10 “Artful Aardvark” Respin ISOs Are Now Available to Download

            Several users reported last month broken BIOSes on their Lenovo, Acer, and Toshiba laptops due to a bug in the Ubuntu 17.10 installation images that won’t allow them to access their BIOS settings. The BIOS could be bricked even if the user ran the Ubuntu 17.10 image in live mode, without installing the OS.

            Canonical was quick to temporarily disable access to Ubuntu 17.10 downloads from their ubuntu.com website warning people about the issue. A workaround and a fix for existing users were available shortly after that, as they had to update the kernel packages in Ubuntu 17.10 to disable the intel-spi driver at boot time.

          • Flavours and Variants
            • Linspire 8.0 and Freespire 4.0 Slated for Release in mid-December 2018

              If you think the release of Linspire 7.0 and Freespire 3.0 were just a one-off, think again because we’re now in possession of the release roadmap for both operating systems, and it looks like we should be able to get our hands on the next major releases at the end of the year. But, in the meanwhile, we’ll be able to test a lot of the beta versions for both Freespire 4.0 and Linspire 8.0, as well as to enjoy new incremental versions of current releases.

              “Today we are releasing the release schedule and roadmap for Linspire and Freespire. These dates are not set in stone and there may be some alterations due to holidays and development mishaps. While the Freespire beta’s will be available publicly the Linspire beta’s will be available to subscription holders and insiders,” says Roberto J. Dohnert in today’s announcement.

  • Devices/Embedded
Free Software/Open Source
  • 7 Open-Source Serverless Frameworks Providing Functions as a Service

    With virtualization, organizations began to realize greater utilization from physical hardware. That trend continued with the cloud, as organization began to get their virtual machines in a pay-as-you-go service.

  • Deep learning wars: Is Facebook-backed PyTorch an answer to Google’s TensorFlow?

    The rapid rise of tools and techniques in Artificial Intelligence and Machine learning of late has been astounding. Deep Learning, or “Machine learning on steroids” as some say, is one area where data scientists and machine learning experts are spoilt for choice in terms of the libraries and frameworks available. A lot of these frameworks are Python-based, as Python is a more general-purpose and a relatively easier language to work with. Keras, Theano, TensorFlow are a few of the popular deep learning libraries built on Python, developed with an aim to make the life of machine learning experts easier.

  • Events
    • Libre in Las Vegas

      It’s no secret that Aleph Objects, by design, does not have trade secrets. As the makers of the LulzBot brand of 3D printers, our industry-leading transparency is born out of a passion for free software, libre innovation, and open source hardware.

      Every software tool we use to make our certified open source hardware is free software. Libre innovation encourages this kind of fanatical transparency, freeing us to share not only our bill of materials and internal assembly documentation, but even things like our research projects on our public development server. We confidently share everything that goes into our products—and more importantly, it lets us show you how they’re made and how to get involved.

    • Ceph Day Germany 2018

      I’m glad to annouce that there will be a Ceph Day on the 7th of February 2018 in Darmstadt. Deutsche Telekom will host the event. The day will start at 08:30 with registration and end around 17:45 with an one hour networking reception.
      We have already several very interesting presentations from SUSE, SAP, CERN, 42.com, Deutsche Telekom AG and Red Hat on the agenda and more to come. If you have an interesting 15-45 min presentation about Ceph, please contact me to discuss if we can add it to the agenda. Presentation language should be German or English.

  • Web Browsers
    • Mozilla
      • Top 5 Firefox extensions to install now

        The web browser has become a critical component of the computing experience for many users. Modern browsers have evolved into powerful and extensible platforms. As part of this, extensions can add or modify their functionality. Extensions for Firefox are built using the WebExtensions API, a cross-browser development system.

        Which extensions should you install? Generally, that decision comes down to how you use your browser, your views on privacy, how much you trust extension developers, and other personal preferences.

      • Not every bit of code you write needs to be optimal

        It’s easy to fall into the trap of obsessing about performance and try to micro-optimize every little detail in the code you’re writing. Or reviewing for that matter. Most of the time, this just adds complexity and is a waste of effort.

        If a piece of code only runs a few (or even a few hundred) times a second, a few nanoseconds per invocation won’t make a significant difference. Chances are the performance wins you’ll gain by micro optimizing such code won’t show up on a profile.

      • Making tab switching faster in Firefox with tab warming

        Since working on the Electrolysis team (and having transitioned to working on various performance initiatives), I’ve been working on making tab operations feel faster in Firefox. For example, I wrote a few months back about a technique we used to make tab closing faster.

        Today, I’m writing to talk about how we’re trying to make tab switching feel faster in some cases.

      • Firefox 60 Is The Next ESR Release, Introducing Policy Engine

        For those sticking to Firefox Extended Support Releases, the Firefox 60 branch will be the next ESR version.

        Firefox 60 will be an ESR release and the plan is to have the ESR 60.0 release out on 8 May, the Firefox 60.1 ESR release on 3 July, and to end Firefox 52 ESR on 28 August when releasing Firefox 60.2.

  • Pseudo-Open Source (Openwashing)
    • #AWChat: How Prebid.org & Open Source Will Shape the Ad Tech Landscape

      Some wrapper solutions are built on open source technology, while others are proprietary. Today, we are here to talk about Prebid, the leading open source solution that enables publishers to quickly implement header bidding.

    • 20 years on, open source hasn’t changed the world as promised

      Open source has officially been a thing for 20 years now. Did anyone notice?

      No, really. For something as revolutionary as open source, you’d think it would have changed the way all software is developed, sold, and distributed. Unfortunately for those party planners looking to celebrate the 20-year anniversary of open source, it hasn’t—changed software, that is. For most developers, most of the time, software remains stubbornly proprietary.

  • BSD
  • Openness/Sharing/Collaboration
  • Programming/Development
    • Exploring Node.js with Mark Hinkle, Executive Director of the Node.js Foundation

      Even though JavaScript has been around for more than 20 years, it’s becoming the first-class citizen for developing enterprise applications. There is a huge developer community behind this technology.

      What makes things even more interesting is that, with Node.js, JavaScript can run on server, so developers can write applications that run end-to-end in JavaScript. Node.js is very well suited for service applications because server applications are increasingly becoming single function event-driven microservices.

    • As Go 2.0 Nears, AWS Launches Developer Preview of Go SDK 2.0
    • PackageKit-Qt Updated With Qt5 Port, Offline Updates & Performance Improvement

      The PackageKit-Qt project that provides Qt bindings for PackageKit has simultaneously released versions v0.10 and v1.0.

    • PackageKitQt 1.0.0 and 0.10.0 released!

      PackageKitQt is a Qt Library to interface with PackageKit

      It’s been a while that I don’t do a proper PackageKitQt release, mostly because I’m focusing on other projects, but PackageKit API itself isn’t evolving as fast as it was, so updating stuff is quite easy.

    • GitHub Knows

      I was reflecting the other day how useful it would be if GitHub, in addition to the lists it has now like Trending and Explore, could also provide me a better view into which projects a) need help; and more, b) can accept that help when it arrives. Lots of people responded, and I don’t think I’m alone in wanting better ways to find things in GitHub.

      Lots of GitHub users might not care about this, since you work on what you work on already, and finding even more work to do is the last thing on your mind. For me, my interest stems from the fact that I constantly need to find good projects, bugs, and communities for undergrads wanting to learn how to do open source, since this is what I teach. Doing it well is an unsolved problem, since what works for one set of students automatically disqualifies the next set: you can’t repeat your success, since closed bugs (hopefully!) don’t re-open.

      And because I write about this stuff, I hear from lots of students that I don’t teach, students from all over the world who, like my own, are struggling to find a way in, a foothold, a path to get started. It’s a hard problem, made harder by the size of the group we’re discussing. GitHub’s published numbers from 2017 indicate that there are over 500K students using its services, and those are just the ones who have self-identified as such–I’m sure it’s much higher.

Leftovers
  • Shareholder Groups Say Apple Should Do More To Address Gadget ‘Addiction’ Among Young People: Should It?

    In an open letter to Apple, two of its major shareholders, Jana Partners and the California State Teachers’ Retirement System, have raised concerns about research that suggests young people are becoming “addicted” to high-tech devices like the iPhone and iPad, and the software that runs on them. It asks the company to take a number of measures to tackle the problem, such as carrying out more research in the area, and providing more tools and education for parents to help them deal with the issue.

  • Security
    • [Ubuntu] Meltdown and Spectre Status Update

      On Tuesday, January 9, 2018 we released Ubuntu kernel updates for mitigation of CVE-2017-5754 (aka Meltdown / Variant 3) for the x86-64 architecture.

    • Lubuntu 17.10.1 (Artful Aardvark) released!

      Lubuntu 17.10.1 has been released to fix a major problem affecting many Lenovo laptops that causes the computer to have BIOS problems after installing. You can find more details about this problem here.

      Please note that the Meltdown and Spectre vulnerabilities have not been fixed in this ISO, so we advise that if you install this ISO, update directly after.

      This release is no different in terms of features from the 17.10 release, and is comparable to an LTS point release in that all updates since the 17.10 release have been rolled into this ISO. You can find the initial announcement here.

    • Check Linux for Spectre or Meltdown vulnerability

      Devices running Linux are affected by Spectre and Meltdown vulnerabilities as much as their Windows counterparts.

      Development teams work on updated kernels for the various distributions, and users need to update browsers and other software to protect data against potential attacks.

      We talked about identifying whether your Windows PC or web browser is vulnerable already. A recently published script does the same for Linux systems. You may use it to check whether your Linux distribution is vulnerable.

    • Meltdown Patch Is Causing Problems for Some Ubuntu Linux Users

      Many Ubuntu Linux users who installed the latest kernel updates to fix the Meltdown CPU vulnerability found themselves stuck in a boot loop and had to revert back to a previous version.

      The problem affected mostly Ubuntu 16.04 (Xenial Xerus), which is a long-term support (LTS) release. Soon after the 4.4.0-108 kernel update was released to fix the Meltdown vulnerability, users flooded the Ubuntu Forums and bug tracker to report booting problems.

    • Meltdown Update Kernel doesnt boot
    • Major Linux distros have Meltdown patches, but that’s only part of the fix

      The Intel Meltdown security problem is the pain that just keeps hurting. Still, there is some good news. Ubuntu and Debian Linux have patched their distributions. The bad news? It’s becoming clearer than ever that fixing Meltdown causes significant performance problems. Worst still, many older servers and appliances are running insecure, unpatchable Linux distributions.

    • How Much Slower Will My PC Become After Meltdown And Spectre Patches?
    • Intel’s Microcode Update for Spectre Exploit Is Now Available in Ubuntu’s Repos

      Canonical announced a few moments ago that Intel’s latest microcode update for the Spectre security vulnerability is now available from the software repositories of all supported Ubuntu Linux releases.

      After releasing earlier this week new kernel updates to mitigate the Meltdown and Spectre security exploits that put billions of devices at risk of attacks by allowing a local, unprivileged attacker to obtain sensitive information from kernel memory, Canonical now released the updated microcode from Intel for supported Intel CPUs.

    • Cisco can now sniff out malware inside encrypted traffic

      Cisco has switched on latent features in its recent routers and switches, plus a cloud service, that together make it possible to detect the fingerprints of malware in encrypted traffic.

      Switchzilla has not made a dent in transport layer security (TLS) to make this possible. Instead, as we reported in July 2016, Cisco researchers found that malware leaves recognisable traces even in encrypted traffic. The company announced its intention to productise that research last year and this week exited trials to make the service – now known as Encrypted Traffic Analytics (ETA) – available to purchasers of its 4000 Series Integrated Service Routers, the 1000-series Aggregation Services Router and the model 1000V Cloud Services Router 1000V.

      Those devices can’t do the job alone: users need to sign up for Cisco’s StealthWatch service and let traffic from their kit flow to a cloud-based analytics service that inspects traffic and uses self-improving machine learning algorithms to spot dodgy traffic.

    • MacOS High Sierra security bug lets you unlock App Store System Preferences with any random password

      According to the bug report, users can simply open System Preferences, go to App Store settings and check the padlock icon. If it is unlocked, lock it and then try unlocking it using your username and any password.

    • Intel tells select customers not to use its bug fixes

      Processor giant Intel has told some of its customers that the microcode patches it issued to fix the Meltdown and Spectre flaws in its products are buggy and that they should not install them.

    • Canonical reissues Meltdown and Spectre patches for Ubuntu after borkage
    • A Step in the Right Direction: House Passes the Cyber Vulnerability Disclosure Reporting Act

      The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate.

      H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would require the Department of Homeland Security to submit a report to Congress outlining how the government deals with disclosing vulnerabilities. Specifically, the mandated report would comprise two parts. First, a “description of the policies and procedures developed [by DHS] for coordinating cyber vulnerability disclosures,” or in other words, how the government reports flaws in computer hardware and software to the developers. And second, a possibly classified “annex” containing descriptions of specific instances where these policies were used to disclose vulnerabilities in the previous year, leading to mitigation of the vulnerabilities by private actors.

      Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities. To date, such evidence has been exceedingly sparse; for instance, Apple received its first ever vulnerability report from the U.S. government in 2016. Assuming the report and annex work as intended, the public’s confidence in the government’s ability to “play defense” may actually increase.

    • FBI Says Device Encryption Is ‘Evil’ And A Threat To Public Safety

      The FBI continues its anti-encryption push. It’s now expanded past Director Christopher Wray to include statements by other FBI personnel. Not that Chris Wray isn’t taking every opportunity he can to portray personal security as a threat to the security of the American public. He still is. But he’s no longer the only FBI employee willing to speak up on the issue.

      Wray expanded his anti-encryption rhetoric last week at a cybersecurity conference in New York. In short, encryption is inherently dangerous. And the FBI boss will apparently continue to complain about encryption without offering any solutions.

    • Canonical Says It’ll Release New Ubuntu Kernels to Further Mitigate Spectre Bugs

      Canonical’s Dean Henrichsmeyer published today an update on the Ubuntu patches for the Meltdown and Spectre security vulnerabilities and what they plan on doing next to mitigate these critical bugs.

      By now, most of you have probably updated your Ubuntu Linux computers to the new kernel versions Canonical released earlier this week, as well as the new Nvidia proprietary graphics driver and Firefox web browser, both including patches to mitigate the Meltdown and Spectre exploits affecting billions of devices powered by modern processors from Intel, AMD, and ARM.

    • Security updates for Friday
    • AMD processors: Not as safe as you might have thought

      In a posting. Mark Papermaster, AMD’s CTO, admitted Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors. But, Papermaster wrote, “We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.”

    • AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2

      Last week in light of the Spectre disclosure. AMD believed they were at “near zero risk” to Variant Two / Branch Target Injection. But now the company confirmed last night that’s not the case: they are at least potentially vulnerable.

    • AMD Confirms Its Chips Are Affected By Spectre Flaw, Starts Pushing Security Patches
    • Intel Releases Linux CPU Microcodes To fix Meltdown & Spectre Bugs

      On January 8th Intel released new Linux Processor microcode data files that can be used to mitigate the Spectre and and Meltdown vulnerabilities in Intel CPUs. Using microcode files, an operating system can fix known bugs in Intel CPU without having to perform a BIOS update on the computer.

    • Power Systems And The Spectre And Meltdown Threats

      Speculative execution is something that has been part of modern processors for well over a decade, and while it is hard to quantify how much of a performance benefit this collection of techniques have delivered, it is obviously significant enough that all CPUs, including IBM Power and System z chips, have them. And that, as the new Spectre and Meltdown security holes that were announced by Google on January 3 show, turns out to be a big problem.

      Without getting too deep into the technical details, there are many different ways to implement speculative execution, which is used to keep the many instruction pipelines and layers of cache in a processor busy doing what is hoped will be useful work. So much of what a computer does is an IF-THEN-ELSE kind of branch, and being able to pre-calculate the answers to multiple possible branches in an instruction stream is more efficient than following each path independently and calculating the answers in series. The speculative part of the execution involves using statistics to analyze patterns in data and instructions underneath an application and guessing which branches and data will be needed. If you guess right a lot of the time, then the CPU does a lot more work than it might otherwise. There are no modern processors (except for the PowerPC A2 chips used in the BlueGene/Q supercomputers from IBM) that we can find that don’t have speculative execution in some form or another, and there is no easy way to quantify how much of a performance boost it gives.

    • Blender 3D open source platform plagued with arbitrary code vulnerabilities

      Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.

    • Technologies That Secure the Home, WiFi and More Debut at CES 2018
    • What is the Future of Wi-Fi?
    • Spectre and Meltdown Attacks Against Microprocessors

      This is bad, but expect it more and more. Several trends are converging in a way that makes our current system of patching security vulnerabilities harder to implement.

    • Four Tips for a More Secure Website

      Security is a hot topic in web development with great reason. Every few months a major website is cracked and millions of user records are leaked. Many times the cause of a breach is from a simple vulnerability that has been overlooked. Here are a few tips to give you a quick overview of standard techniques for making your websites more secure. Note: I do not guarantee a secure website if you follow these suggestions, there are many facets to security that I don’t even touch in this article. This write-up is for increasing awareness about techniques used to correct some common vulnerabilities that appear in web applications.

    • What is DevSecOps? Developing more secure applications

      The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end). For example, this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.

  • Transparency/Investigative Reporting
  • Finance
    • JioCoin: Reliance Jio Planning To Launch Its Own Cryptocurrency

      On one hand, the investment in cryptocurrencies is coming under the radar of Indian government, India’s largest corporate conglomerate is planning to launch its own cryptocurrency named JioCoin in the near future.

      As per a report from Livemint, the JioCoin project is being led by Mukesh Ambani’s elder son Akash Ambani. The company is planning to build a 50-member team of young employees to work on the blockchain technology.

    • Reliance Jio planning its own cryptocurrency called JioCoin

      After disrupting the telecom sector with its free offers and hyper-competitive tariffs, Reliance Jio Infocomm Ltd plans to create its own cyptocurrency, JioCoin.

      With Mukesh Ambani’s elder son Akash Ambani leading the JioCoin project, Reliance Jio plans to build a 50-member team of young professionals to work on blockchain technology, which can also be used to develop applications such as smart contracts and supply chain management logistics.

    • Jeff Bezos Wealthiest Person Ever, Net Worth Over $105B

      Jeff Bezos, the founder and CEO of e-commerce giant Amazon, is now the richest person on Earth, with a net worth of around $105 billion. This is on the back of a sharp increase in his fortunes throughout the first week or so of 2018, to the tune of about $6 billion. Amazon shares rose about 6.6% because of the shopping service managing to net about 89% of the holiday spending among top retailers who see spikes in spending during the season. It should be noted that Bezos’ high net worth is not solely due to his position with Amazon; he also controls the Washington Post and Blue Origin, a somewhat secretive space startup.

  • AstroTurf/Lobbying/Politics
    • Senate report challenges quality of Facebook, Twitter investigations of Russia’s Brexit influence
    • Trump Administration Waives Punishment For Convicted Banks, Including Deutsche — Which Trump Owes Millions

      The waivers were issued in a little-noticed announcement published in the Federal Register during the Christmas holiday week. They come less than two years after then-candidate Trump promised “I’m not going to let Wall Street get away with murder.”

      [...]

      All of these interactions with the Trump administration and the federal government are transpiring as Deutsche serves as a key creditor for the president’s businesses.

    • Pelosi: ‘Five white guys’ leading DACA talks should open a ‘hamburger stand’

      Minority Leader Nancy Pelosi complained Thursday that immigration negotiations are being led by “five white guys” — and was quickly rebuked by her No. 2, Minority Whip Steny Hoyer, himself one of those white guys involved in the talks.

      “The five white guys I call them, you know,” Pelosi said at her weekly news conference. “Are they going to open a hamburger stand next or what?” Pelosi said, complaining that minority members of Congress were not involved in deciding the fate of Dreamers.

    • UN calls Donald Trump’s s***hole immigrants comments ‘racist’
    • Trump Lawyer Arranged $130,000 Payment for Adult-Film Star’s Silence

      A lawyer for President Donald Trump arranged a $130,000 payment to a former adult-film star a month before the 2016 election as part of an agreement that precluded her from publicly discussing an alleged sexual encounter with Mr. Trump, according to people familiar with the matter.

      Michael Cohen, who spent nearly a decade as a top attorney at the Trump Organization, arranged payment to the woman, Stephanie Clifford, in October 2016 after her lawyer negotiated the nondisclosure agreement with Mr. Cohen, these people said.

      Ms. Clifford, whose stage name is Stormy Daniels, has privately alleged the encounter with Mr. Trump took place after they met at a July 2006 celebrity golf tournament in Lake Tahoe, these people said. Mr. Trump married Melania Trump in 2005.

      Mr. Trump faced other allegations during his campaign of inappropriate behavior with women, and vehemently denied them. In this matter, there is no allegation of a nonconsensual interaction.

  • Censorship/Free Speech
  • Privacy/Surveillance
  • Civil Rights/Policing
    • Uber’s Secret Tool for Keeping the Cops in the Dark

      When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they’d obtained a warrant to collect. The investigators left without any evidence.

      Most tech companies don’t expect police to regularly raid their offices, but Uber isn’t most companies.

    • Coverage of Iran Protests Illustrated With Protests Not in Iran––Organized by Fringe Cultists

      Casually throwing around MEK images to represent unrest in Iran is the worst combination of insulting and sloppy. It would be like a Chinese outlet, in 2012, using images of a Westboro Baptist Church protest in a story about Occupy Wall Street, because both opposed the US government. The exact ideology of those protesting in Iran isn’t 100 percent clear—they seem to represent a mix of groups and grievances—but MEK has virtually zero support in Iran itself, having been disowned by the Green Movement (the last major protest movement in Iran) in 2009, and is widely loathed for working with Israeli intelligence and fighting alongside the Iraqi army in Iran’s decade-long war against Saddam in the 1980s that killed a half-million Iranians. The MEK has carried out several bomb attacks in Iran, and was even officially listed by the US State Department as a foreign terrorist organization for 16 years, until it was removed by then-Secretary of State Hillary Clinton in 2012, after a years-long lobbying effort by pro-regime change forces within the US.

      The only major media faction that even pretends the MEK has any legitimacy within Iran is the Murdoch group, which routinely runs MEK’s blatant disinformation (Fox News, 1/1/18) and pro-regime change op-eds (Wall Street Journal, 1/8/18).

    • Jacksonville City Council President and Local Public Defender Call for Suspension of Pedestrian Ticket Writing

      The Jacksonville City Council president and other local lawmakers have called for suspending the issuing of pedestrian tickets in the wake of a state attorney’s office bulletin, the substance of which suggests that hundreds of tickets had been issued in error in recent years.

      Jacksonville Assistant State Attorney Andrew Kantor on Tuesday issued a bulletin to the Jacksonville Sheriff’s Office detailing the proper enforcement of Florida’s pedestrian statutes — a document that supports a recent Times-Union/ProPublica analysis showing police have been issuing certain crosswalk violations in error, ticketing hundreds of pedestrians for failing to cross at formal intersections even when no such option was readily available.

      “I’d like to make sure that we are enforcing the laws appropriately,” City Council President Anna Brosche said shortly after being made aware of the state attorney’s bulletin. “I do support a pause to make sure that everything is being enforced that should be.”

    • FTC Takes Down Another Revenge Porn Site

      There ought to be a law, say many people opposed to revenge porn. And so they craft laws with an eye on prosecution but not so much on the First Amendment, tending to treat collateral damage as acceptable so long as revenge porn site operators are criminally charged. But the proposed laws are more than bad, they’re extraneous. Existing laws are still taking down revenge porn purveyors, as we’ve covered previously at this site.

      The FTC has taken down another revenge porn site and secured a judgment against one of its operations, all without having to having to hack away at protected speech or undermine Section 230 immunity. MyEx.com — a site “dedicated solely to revenge porn” — has been targeted in an FTC complaint.

      [...]

      Paid removals were handled in a similarly shady fashion. The site’s operators made those seeking content removal wire money to someone named “Shelly Mae Garcia” who supposedly lived in the Philippines. Those who refused to pay the extortion were invited to send snail mail to the fake address in the Netherlands.

      [...]

      This revenge porn operation is effectively dead. The nonconsensual part of the operation is blocked by the FTC judgment and the inability to charge removal fees pretty eliminates the most profitable revenue stream. It’s unclear what the future holds for Neil Infante, but it appears the Republican Senate race in Ohio (Infante’s home state) is suddenly in need of a new frontrunner. Perhaps FTC judgment recipient and former revenge porn site operator Craig Brittain could send his colleague a few ideas on to how to MAGA the hell out of the nation as a Senate race bottom-feeder.

  • Internet Policy/Net Neutrality
    • Why Are The People Who Whined About Wheeler’s Net Neutrality Rules Being ’400 Pages’ Silent About Pai’s Being ’539 Pages’

      Yes, as Wendy’s repetition was designed to point out, over and over again, those old rules simply must be extra burdensome, because it’s 400 pages and over 1700 footnotes. Of course, that’s bullshit, and Wendy knows its bullshit — but he wanted to misrepresent the rules and make them seem like a giant regulatory burden. The actual rules were just 8 pages. There were 392 other pages of legally required information including discussions of the various public comments and the various statements from the Commissioners, including lengthy dissent statements from the disagreeing commissioners. In the Wheeler ruling, Ajit Pai’s dissent took up 64 pages and Michael O’Rielly’s was another 15 pages. Yet, somehow, Wendy and others didn’t bother letting people know that 89 pages of the 400 pages were explaining why the rules were (apparently) bad.

      When the draft rules came out, at 210 pages, I wondered why Wendy and others were suddenly silent on the page length.

      Last week, as you may have heard, Pai’s actual final rules were released… and the full document weighs in at 539 pages. Again, those are not the actual rules. Those are just the rules, the legally required (and very detailed) explanation of the rules and all the Commissioners’ statements. And guess who’s suddenly angry about people misrepresenting why the new document is so long?

    • FCC delays review of Sinclair’s purchase of Tribune

      The Federal Communications Commission (FCC) is again delaying its review of Sinclair Broadcast Group’s acquisition of Tribune Media.

    • After Being AWOL From The Fight For Years, Google & Facebook To Fund Lawsuits Over Net Neutrality

      To be clear, that’s a good thing. These upcoming lawsuits, which will focus on the FCC’s blatant disregard for objective data and public interest, are going to need all the help they can get. Said suits will focus extensively on how Ajit Pai and the FCC ignored the nation’s startups, the people who built the internet, and any and all objective data as it rushed to give a sloppy, wet kiss to the nation’s entrenched telecom monopolies.

      That said, several IA member companies’ dedication to net neutrality has been anything but consistent. Google, while often touted as a “net neutrality advocate,” hasn’t truly supported the concept since 2009 or so. As the company pushed into fixed (Google Fiber) and wireless (Project Fi, Android) broadband, its interest in rules that truly protected consumers from duopoly market abuse in the sector magically disappeared. And Google worked with AT&T and Verizon to help craft FCC net neutrality protections in 2010 that were so packed with loopholes as to be largely useless (they didn’t even cover wireless networks).

      Other IA members like Facebook have actively worked to undermine net neutrality overseas as they attempt to corner the ad market in developing nations. Facebook received ample criticism for its behavior in India specifically, when the company tried to trick citizens into supporting Facebook’s push for a zero-rated walled garden platform dubbed “Free Basics.” India ultimately banned such zero rating efforts under its own net neutrality rules, supporting Mozilla’s position that if Facebook is so concerned about the Indian poor, it should help fund access to the entire internet — and not just a Facebook-curated walled garden.

  • Intellectual Monopolies
    • Trademarks
      • JPO Invalidates The Word Mark “Bord’or” In Relation To Bordeaux Wines

        In a decision in an invalidation trial jointly claimed by INSTITUT NATIONAL DE L’ORIGINE ET DE LA QUALITE and CONSEIL INTERPROFESSIONNEL DU VIN DE BORDEAUX, the Invalidation Board of Japan Patent Office (JPO) ordered the invalidation of trademark registration no. 5737079 for a word mark “Bord’or” in script fonts (see below) in violation of Article 4(1)(vii) of the Trademark Law.

      • Appeals Court OKs F-Bombs For Federal Trademark Protection

        The Supreme Court’s decision in The Slants’ trademark case is already beginning to pay off for trademark seekers whose applications were determined to be a bit too racy for the Trademark Office’s (subjective) taste. Section 1052(a) of the US Code used to forbid the registration of trademarks that “disparaged” other persons or groups or anything the USPTO found to be “immoral or scandalous.”

        That’s all gone now, thanks to the Supreme Court, which found this restriction to registrations unconstitutional. The Supreme Court struck down the language limiting “disparaging” trademark registrations. The Federal Circuit Court of Appeals has just struck down the remaining limiting language (“immoral or scandalous”), allowing clothing brand FUCT to finally secure federal trademark protection.

Links 11/1/2018: City of Barcelona Moves to GNU/Linux, Julian Assange Becomes Ecuadorian

Thursday 11th of January 2018 11:55:44 PM

Contents GNU/Linux
  • City Of Barcelona Chooses Linux And Free Software After Ditching Microsoft

    As per the report, Barcelona city plans to replace all user applications on its computers with open source alternatives. After finding a proper replacement for all proprietary software, the final step would be to go ahead with replacing the operating system with Linux.

  • City of Barcelona Kicks Out Microsoft in Favor of Linux and Open Source

    Barcelona city administration has prepared the roadmap to migrate its existing system from Microsoft and proprietary software to Linux and Open Source software.

  • Look Munich, City of Barcelona Is Dumping Windows and Switches to Ubuntu Linux

    While the City of Munich is switching back to Windows after running Linux on their public PCs, a move that will cost them over €100 million euros, the City of Barcelona is making the smart choice of dumping Microsoft’s products and switch to Linux and Open Source.

    First spotted by It’s FOSS, this fantastic news was reported by Spanish newspaper El País, stating that the City of Barcelona is currently in talks of migrating all of their public computer systems to Open Source software products like LibreOffice and Open-Xchange, replacing Microsoft’s expensive products.

  • Desktop
  • Kernel Space
    • Meltdown and Spectre Linux Kernel Status

      By now, everyone knows that something “big” just got announced regarding computer security. Heck, when the Daily Mail does a report on it , you know something is bad…

      Anyway, I’m not going to go into the details about the problems being reported, other than to point you at the wonderfully written Project Zero paper on the issues involved here. They should just give out the 2018 Pwnie award right now, it’s that amazingly good.

    • Linux Kernels 4.14.13, 4.9.76, and 4.4.111 Bring More Security Fixes, Update Now

      As promised, Linux kernel maintainer Greg Kroah-Hartman released today new versions of the Linux 4.14, 4.9, and 4.4 kernel series to address some of the regressions from previous builds and fix more bugs.

      Linux kernels 4.14.13, 4.9.76 LTS, and 4.4.111 LTS are now available for download from kernel.org, and they include more fixes against the Spectre security vulnerability, as well as some regressions from the Linux 4.14.12, 4.9.75 LTS, and 4.4.110 LTS kernels released last week, as some reported minor issues.

    • Freedreno’s MSM DRM Driver Wires In DEVFREQ Re-Clocking Support

      Freedreno open-source Qualcomm Adreno driver creator Rob Clark has sent in the set of updates for the MSM DRM driver targeting the Linux 4.16 kernel.

      The MSM Direct Rendering Manager updates for DRM-Next to go into Linux 4.16 are a bit late for the DRM staging, but these changes are mostly small. Besides some bug fixes and other minor code changes, the main feature addition for MSM in Linux 4.16 is DEVFREQ support for controlling the GPU clock frequency.

    • Linux Foundation
      • The Linux Foundation Announces New Linux on Azure Training Course [Ed: The Linux Foundation works for Microsoft now. Corrupted by the money. Microsoft meanwhile attacks Linux with patents.]
      • Automotive Grade Linux gets support from Toyota and Amazon as it eyes autonomous driving

        Open-source software was once something that large businesses shied away from, but over the course of the last few years, it’s made inroads into virtually every enterprise company. With Automotive Grade Linux (AGL), the Linux Foundation hosts a project that aims to bring open source to the car industry. As the AGL group announced at CES in Las Vegas today, Toyota and Amazon have now signed up to support the project, as well.

        Toyota, which is using AGL in the 2018 Camry, is joining as a platinum member, while Amazon opted for the silver level. Indeed, you may have seen another Toyota and Amazon mashup today, which is probably no coincidence.

    • Graphics Stack
      • R600 Gallium3D Gets More Fixes, Experimental SB Tessellation Support

        If you are still running with a pre-GCN AMD graphics card, a number of R600 Gallium3D commits landed in Mesa Git over night as well as an interesting patch series on the Mesa mailing list.

        Hitting Mesa 17.4-dev Git a few hours ago were a number of R600 Gallium3D fixes. This time around the various fixes come courtesy of VMware’s Roland Scheidegger, a long time Mesa developer. They are a variety of minor fixes. It’s nice to see nevertheless as R600g doesn’t get too much action these days.

      • xf86-video-intel Gets Coffee Lake Support

        The xf86-video-intel DDX driver now has support for the first “Coffee Lake” processors.

      • The Current CPU Driver Usage Difference Between RADV/RadeonSI & NVIDIA

        Yesterday I posted some fresh GPU/driver benchmark results for discrete AMD Radeon and NVIDIA GeForce graphics cards. These were some of the most competitive numbers yet we’ve seen out of the open-source RadeonSI OpenGL and RADV drivers while using the latest Linux 4.15 kernel, especially for the GTX 1060 vs. RX 580 battle. In the comments were requests to see some CPU utilization numbers, including from one of the Radeon Linux developers, so here is a look at how the CPU usage compares.

        With having some spare cycles this morning on that Core i7 8700K “Coffee Lake” desktop, I ran a CPU usage comparison with various Linux games when using the Radeon RX 580 (on Linux 4.15 + Mesa 17.4-dev + LLVM 6.0 SVN) vs. the comparable GeForce GTX 1060 (on Linux 4.15 + NVIDIA 390.12) for showing the latest CPU utilization difference for both OpenGL and Vulkan games.

      • RADV Vulkan Driver Now Supports VK_EXT_discard_rectangles

        RADV co-founder Bas Nieuwenhuizen has landed support for the Vulkan VK_EXT_discard_rectangles extension within Mesa 17.4-dev.

      • RADV Gets Another Optimization For Micro-Benchmarks

        David Airlie and Bas Nieuwenhuizen’s work on the RADV open-source Vulkan driver is quite relentless. David has posted yet another patch working on further optimizing the performance of this unofficial Radeon Vulkan driver living within Mesa.

      • The NVIDIA 390 Driver Is Playing Nicely With Linux 4.15 Kernel

        For those NVIDIA Linux users reliant upon the proprietary driver and wanting to upgrade to the Linux 4.15 kernel that will be officially released within the next two weeks, the 390.12 driver is playing nicely.

        Earlier NVIDIA driver releases ran into compatibility issues with the Linux 4.15 interfaces following the merge window (not due to KPTI, as some other FUD previously passed around by others). But with last week’s NVIDIA 390.12 beta it has been working fine atop the Linux 4.15 Git kernel, including when Kernel Page Table Isolation is enabled for Meltdown prevention. (Retpoline support has yet to be mainlined, haven’t tested the NVIDIA driver there yet to formally confirm if any breakage may happen.)

      • AMDGPU Queues More Fixes For Linux 4.16

        AMD sent in a fair number of AMDGPU updates slated for Linux 4.16 but now hitting the cut-off for major feature updates for DRM-Next code looking to make it into 4.16, AMD has submitted some fixes.

    • Benchmarks
      • NVIDIA GeForce vs. AMD Radeon Linux Gaming Performance At The Start Of 2018

        Here is a fresh look at the NVIDIA GeForce and AMD Radeon Linux graphics card performance as we start 2018. Testing was done using the latest Linux 4.15 Git kernel — including the KPTI page table isolation support — as well as using the newest Mesa 17.4-dev driver code for RadeonSI/RADV and on the NVIDIA side is their brand new 390.12 beta driver.

      • What Linux storage benchmarking tools are best?

        The Linux hdparm tool enables administrators to establish a basic, low-level measure of disk performance. Using hdparm with the -t option takes advantage of the Linux disk cache, while the -t option also accesses the disk through the cache, but doesn’t pre-cache the results. Low-level Linux storage benchmarking tools such as hdparm are very sensitive to file systems and other higher level constructs, however, so results can vary dramatically.

        Admins often use the Linux dd — data duplicator — command for tasks such as backup and copy, but its interaction with storage can also enable sequential throughput for storage performance.

        Flexible I/O Tester (FIO) is perhaps the most versatile and popular tool for benchmarking hard disk drive and solid-state drive devices. It enables administrators to run sequential read/write tests with varied I/O block sizes and queue depths.

      • KPTI + Retpoline Linux Benchmarking On Old Laptops

        Over the past week and a half of running many benchmarks looking at the performance impact of the Linux KPTI and Retpoline patches for Spectre and Meltdown mitigation, one of the most common test requests is some thorough benchmarks on older systems. Why that’s important is with older (pre-Westmere) CPUs there isn’t PCID (Process Context Identifier) support that’s used by KPTI, which helps offset some of the performance loss. So for some test results to share today are two old ThinkPads from the Clarksfield and Penryn days compared to a newer Broadwell ThinkPad in looking at the performance difference.

  • Applications
  • Desktop Environments/WMs
    • K Desktop Environment/KDE SC/Qt
      • KStars 2.9.1 is off to a fantastic start in 2018!

        We’re kicking off 2018 with a new fantastic release of KStars for Windows & MacOS. Linux users should wait a few more days to get the release in the official PPA due to Canonical’s Launchpad downtime because of the Meltdown and Spectre CPU vulnerabilities discovered recently.

        KStars 2.9.1 aka “Lancaster” release is primarily a bugfix release, but it brings with it as well several new features and improvements to existing technologies.

      • Akademy 2018 Call for Participation

        Akademy is the KDE Community conference. The 2018 edition is from Saturday 11th to Friday 17th August in Vienna, Austria. If you are working on topics relevant to KDE or Qt, this is your chance to present your work and ideas at the Conference. The days for talks are Saturday and Sunday, 11th and 12th. The rest of the week will be BoFs, unconference sessions and workshops.

      • Qt 3D Studio Remote Deployment on Android Devices
      • New in Qt 5.10: QThread::create
      • Kdenlive cafés #25 and #26 – Everybody is invited
      • Krita 4.0 Beta 1

        We’ve officially gone into String Freeze mode now! That’s developer speak for “No New Features, Honest”. Everything that’s going into Krita 4.0 now is in, and the only thing left to do is fixing bugs and refining stuff.

        Given how much has changed between Krita 3 and Krita 4, that’s an important part of the job! Let us here repeat a very serious warning.

      • Krita Digital Painting Program Hits The 4.0 Beta Milestone

        The KDE/Qt-aligned Krita digital painting program has released its first beta release of the major 4.0 update that also marks its string freeze. Now marks the period of bug fixing before shipping Krita 4.0 within a few months.

      • Nextcloud Talk is here

        Today is a big day. The Nextcloud community is launching a new product and solution called Nextcloud Talk. It’s a full audio/video/chat communication solution which is self hosted, open source and super easy to use and run. This is the result of over 1.5 years of planing and development.

        For a long time it was clear to me that the next step for a file sync and share solution like Nextcloud is to have communication and collaboration features build into the same platform. You want to have a group chat with the people you have a group file share with. You want to have a video call with the people while you are collaborative editing a document. You want to call a person directly from within Nextcloud to collaborate and discuss a shared file, a calendar invite, an email or anything else. And you want to do this using the same login, the same contacts and the same server infrastructure and webinterface.

      • Introducing a Full Self-hosted Audio/video and Chat Communication Platform: Nextcloud Talk

        We’re very proud to announce today Nextcloud Talk, the first enterprise-ready, self-hosted communication technology giving users the highest degree of control over their data and communication. Nextcloud Talk is a fully open source video meeting software, on-premise hosted and end-to-end encrypted. It features a text chat and is available for web and mobile. In related news, Nextcloud has become the vendor with the greatest momentum in the self-hosted Enterprise File Sync and Share market and increased its customer base by 7 times in 2017. And over 500 individuals contributed more than 6.6 million lines of code to Nextcloud last year!

      • Nextcloud Talk is an Open Source Alternative to Google Hangouts

        Nextcloud has launched a self-hosted open source alternative to Google Hangouts, Skype, and similar chat services.

        Called ‘Nextcloud Talk’, the feature brings audio, video and messaging features based on WebRTC to the personal cloud server software, which was forked from OwnCloud back in 2016.

      • Nextcloud Rolls Out Audio/Video/Chat Support

        The Nextcloud cloud hosting software forked from ownCloud now has audio/video/chat abilities.

    • GNOME Desktop/GTK
      • Phoning home after updating firmware?

        Somebody made a proposal on the fwupd mailing list that the machine running fwupd should “phone home” to the LVFS with success or failure after the firmware update has been attempted.

        This would let the hardware vendor that uploaded firmware know there are problems straight away, rather than waiting for thousands of frustrated users to file bugs. The report should needs to contain something that identifies the machine and a boolean, and in the event of an error, enough debug information to actually be useful. It would obviously involve sending the users IP address to the server too.

        [...]

        This means vendors using the LVFS know first of all how many downloads they have, and also the number of success and failures. This allows us to offer the same kind of staged deployment that Microsoft Update does, where you can limit the number of updated machines to 10,000/day or automatically pause the specific firmware deployment if > 1% of the reports come back with failures.

  • Distributions
    • OpenSUSE/SUSE
      • GeckoLinux: A Polished Distro Just Got Smoother

        I was disappointed in GeckoLinux in only one situation. The practice of including a password for the live session demo mode was a new feature promised in this release. The product description hawks the convenience of not having to enter passwords for the live session user account.

        Yet the brief documentation for the ISO download mentions the user password for the live session as “linux.” I was hoping that the developer merely forgot to update the download information.

        Alas, the new version still needs a password. Oh well, maybe the next release.

        Otherwise, GeckoLinux 423 is a worthy release that provides improvements over the standard openSuse mindset.

      • New Python3, LibreOffice, Google RE2 Packages Released in Tumbleweed

        Several openSUSE Tumbleweed snapshots arrive before and after the new year and this post will focus on the most recent snapshots released this week.

        Much of the efforts of developers this week have focused on patching the Meltdown and Spectre vulnerabilities. openSUSE’s rolling distribution produced four openSUSE Tumbleweed snapshots so far this week.

        While the Long-Term Support 4.4 Linux Kernel has patched many of the vulnerabilities associated with Meltdown and Spectre, the 4.14.12 Linux Kernel released in snapshot 20180107 hasn’t, but Tumbleweed users will likely see the vulnerabilities patched soon.

    • Red Hat Family
    • Debian Family
      • Derivatives
        • Canonical/Ubuntu
          • PSA: Ubuntu 17.04 Zesty Zapus support ends on Saturday

            Support for Ubuntu 17.04 Zesty Zapus will be coming to an end this Saturday, nine months after being pushed out. The end of life applies to all systems no matter whether you’re running it on a desktop or a server. Once the end of life date arrives, you should have a plan to move to Ubuntu 17.10 or downgrade to Ubuntu 16.04.

          • Flavours and Variants
            • Ubuntu Unity Remix Day 1: 27-Dec ISO

              Ubuntu Unity Remix 18.04 is already functional even though it’s still very new. For you who don’t know, Unity Remix is a new Ubuntu distro with Unity 7 desktop created after the official Ubuntu switched to GNOME 3. Unity Remix is based on the effort of Unity 7 Continuation Project by Khurshid Alam and Dale Beaudoin, and it calls for developers & testers right now. Today I, an Ubuntu user who likes Unity Desktop, start a series of article about my days in personal testing Ubuntu Unity Remix. This ‘Day 1′ covers a short overview about the latest ISO from 27-Dec-2017. This series is (again) inspired by Didier Roche’s series at early Artful days. Enjoy!

            • Ubuntu Unity Remix Day 2: Nemo & Caja

              Do you like Nemo and Caja file managers? Good news for you, you can use them at Ubuntu Unity Remix now. More good news is there are 2 ISOs available (for testing purpose) for both Unity Remix Nemo and Unity Remix Caja editions! Having these two is like continuing the 17.04 but with the feels of Linux Mint ‘MATE’ and ‘Cinnamon’ editions. For you who don’t know, you will find Nemo or Caja even more useful than Nautilus, because you’ll have more features you cannot find at (like normal menu bar, F3, and status bar). This ‘Day 2′ covers simple overview about both file managers at Ubuntu Unity Remix 18.04. Enjoy!

  • Devices/Embedded
Free Software/Open Source
  • Telecommunications Infrastructure Project looks to apply open source technologies

    The Telecommunications Infrastructure Project is looking to apply open source technologies to next generation fixed and mobile networks.

    The Telecom Infra Project (TIP), conceived by Facebook to light a fire under the traditional telecommunications infrastructure market, continues to expand into new areas.

    Launched at the 2016 Mobile World Congress in Barcelona, the highly disruptive project takes an open ecosystem approach to foster network innovation and improve the cost efficiencies of both equipment suppliers and network operators.“We know from our experience with the Open Compute Project that the best way to accelerate the pace of innovation is for companies to collaborate and work in the open. We helped to found TIP with the same goal – bringing different parties together and strengthen and improve efficiencies in the telecom industry,” according to Aaron Bernstein, Director of Connectivity Ecosystem Programmmes at Facebook.

  • Introducing Ad Inspector: Our open-source ad inspection tool
  • AI and machine learning bias has dangerous implications

    Algorithms are everywhere in our world, and so is bias. From social media news feeds to streaming service recommendations to online shopping, computer algorithms—specifically, machine learning algorithms—have permeated our day-to-day world. As for bias, we need only examine the 2016 American election to understand how deeply—both implicitly and explicitly—it permeates our society as well.

    What’s often overlooked, however, is the intersection between these two: bias in computer algorithms themselves.

    Contrary to what many of us might think, technology is not objective. AI algorithms and their decision-making processes are directly shaped by those who build them—what code they write, what data they use to “train” the machine learning models, and how they stress-test the models after they’re finished. This means that the programmers’ values, biases, and human flaws are reflected in the software. If I fed an image-recognition algorithm the faces of only white researchers in my lab, for instance, it wouldn’t recognize non-white faces as human. Such a conclusion isn’t the result of a “stupid” or “unsophisticated” AI, but to a bias in training data: a lack of diverse faces. This has dangerous consequences.

  • Events
    • Mozilla Release Management Team: Firefox Release management at FOSDEM 2018
    • Mozilla Reps Community: Reps Council at Austin

      The All Hands is a special time of the year where Mozilla employees along with core volunteers gather for a week of many meetings and brainstorming. The All Hands Wiki page has more information about the general setting. During the All Hands, the Reps Council participated in the Open Innovation meetings as well as had meetings about what 2018 planning. One of our main topics was about the Mission Driven Mozillians proposal.

    • openSUSE Conference Registration, Call For Papers Opens Today

      openSUSE is pleased to announce that registration and the call for papers for the openSUSE Conference 2018 (oSC18), which takes place in Prague, Czech Republic, are open.

      The dates for this year’s conference will be May 25 through May 27 at Faculty of Information Technologies of Czech Technical University in Prague. Submission for the call for papers will be open until April 20. There are 99 day from today to submit a proposal, but don’t wait until the late minute. Registration will be open from today until the day oSC18 begins; make sure to answer the survey question regarding the T-Shirt size.

  • Web Browsers
    • Mozilla
      • Announcing ESR60 with policy engine

        The Firefox ESR (extended support release) is based on an official release of Firefox desktop for use by organizations including schools, universities, businesses and others who need extended support for mass deployments. Since Firefox 10, ESR has grown in popularity and many large organisations rely on it to let their employees browse the Internet securely.

        We want to make customization of Firefox deployments simpler for system administrators and we’re pleased to announce that our next ESR version, Firefox 60, will include a policy engine that increases customization possibilities and integration into existing management systems.

      • Web. Period.

        Seen from here, EPUB is a technical dead end. The ebook market just cannot absorb newer versions of EPUB any more, and I’m not sure when it will be able to absorb even light incremental changes again. EPUB books based on EPUB 3.0.1 or a light and for once backwards-compatible evolution of 3.0.1, are here to stay for a very, very long time.

      • User Style for bugzilla.mozilla.org

        Yesterday, I was talking with Kohei Yoshino (the person behind the Bugzilla Quantum effort that recently landed significant UX improvements to the header strip) about some visual issues I have on bugzilla.mozilla.org which basically boil down to our default view being a bit too noisy for my taste and not emphasizing enough on the key elements I want to glance at immediately when I visit a bug (bug Status, description, comments).

        Given that I spend a significant amount of time on Bugzilla and that I also spend some time on Github issues, I decided to see if I could improve our default theme on Bugzilla with a user style to make it easier on the eyes and also closer visually to Github, which I think is good when you use both on a daily basis.

  • Funding
    • Pineapple Fund Supports Conservancy

      Software Freedom Conservancy thanks the Pineapple Fund and its anonymous backer for its recent donation of over 18 Bitcoin (approximately $250,000). The Pineapple Fund is run by an early Bitcoin adopter to give about $86 million worth of Bitcoin to various charities. Shortly after the fund’s announcement earlier this month, volunteers and Conservancy staff members applied for its support. That application was granted this week.

  • BSD
    • OPNsense® 18.1 Release Candidate 1

      For more than 3 years now, OPNsense is driving innovation through modularising and hardening the open source firewall, with simple and reliable firmware upgrades, multi-language support, HardenedBSD security, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.

      We humbly present to you the sum of another major iteration of the OPNsense firewall. Over the second half of 2017 well over 500 changes have made it into this first release candidate. Most notably, the firewall NAT rules have been reworked to be more flexible and usable via plugins, which is going to pave the way for subsequent API works on the core firewall functionality. For more details please find the attached list of changes below.

      Meltdown and Spectre patches are currently being worked on in FreeBSD[1], but there is no reliable timeline. We will keep you up to date through the usual channels as more news become available. Hang in there!

  • Licensing/Legal
  • Programming/Development
    • Top Programming Languages That Largest Companies Are Hiring Developers For In 2018

      Learning a programming language involves some important decisions on the part of a professional. Gone are the days when one mastered a single popular programming language and it granted job security. Highlighting these limitations of reliance on a single programming language, Coding Dojo coding school has shared the results of an interesting study.

    • Rust in 2018

      I think 2017 was a great year for Rust. Near the beginning of the year, after custom derive and a bunch of things stabilized, I had a strong feeling that Rust was “complete”. Not really “finished”, there’s still tons of stuff to improve, but this was the first time stable Rust was the language I wanted it to be, and was something I could recommend for most kinds of work without reservations.

      I think this is a good signal to wind down the frightening pace of new features Rust has been getting. And that happened! We had the impl period, which took some time to focus on getting things done before proposing new things. And Rust is feeling more polished than ever.

Leftovers
  • Hardware
    • Second iPhone battery explodes at Apple Store in Europe – this time in Spain

      The explosion occurred at Apple’s Calle Colón Store in Valencia, Spain. According to a report in Las Provincias, the battery overheated while being worked upon and started emitting smoke, triggering immediate evacuation from the building. An entire floor in the building was engulfed in smoke, one of the first responders at the site reported.

    • Another iPhone Battery Explodes Right in the Apple Store

      It’s a tough time for Apple Store staff across the world, not only because iPhone owners rush to change their worn-out batteries as part of the $29 discount program, but also due to some batteries actually catching fire right when being serviced.

      It happened earlier this week in Zurich, when an iPhone battery started emitting smoke all of a sudden, and now the same thing took place in Spain at Apple’s store in Valencia.

      A report from local newspaper LasProvincias reveals that the iPhone battery hasn’t just emitted smoke, but it actually exploded, leading to the entire floor being filled with smoke.

      This obviously triggered the store evacuation given the risks of smoke intoxication, and firefighters and police rushed to the scene. Emergency services, however, weren’t required to intervene because Apple Store staff managed to vent the building by opening all windows and to cover the faulty battery with sand. No injuries were caused to Apple employees or store visitors.

  • Health/Nutrition
  • Security
    • macOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password

      A bug report submitted on Open Radar this week reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.

    • Red Hat Researchers: Spectre Chip Vulnerability Likely Worse For VMs Than Containers
    • Watching the meltdown.

      I have been watching Meltdown and Spectre unfold from the sidelines. Other than applying available updates, I’m just watching and absorbing the process of the disclosure. This one appears mid way along a long road.

      I teach mostly administrators. I teach some developers. I teach those in, or desiring to be in, infosec. I like teaching security topics. I think securing systems requires more people thinking about security from the beginning of design and as an everyday, no big deal part of life. A question I ask with these newsworthy issues is what normal practices can mitigate even part of the problems? There are two big basics – least privilege and patch management – to always keep in mind. Issues like ShellShock and Venom were mostly mitigated from the beginning with SElinux enabled (least privilege) and WannaCry had little impact on those systems patched long ago when the SMB bug was first found and fixed.

      However, in some cases, both exploits and accidents come from doing something that no one else thought of trying. This is why I like open source. There is the option (not always used) for more people trying different things and finding better uses as well as potential flaws. Any type of cooperation and collaboration can be the source of some of these findings including pull requests, conference talks, or corporations working with academic research projects.

    • Open Source Security Podcast: Episode 77 – npm and the supply chain

      Josh and Kurt talk about the recent npm happenings. What it means for the supply chain, and we end with some thoughts on how maybe none of this matters.

    • Ubuntu systems also having boot-up issues due to Meltdown and Spectre patches
    • Meltdown and Spectre patch stops Ubuntu computers from booting
    • Meltdown and Spectre patches leave some Ubuntu systems unbootable
    • Linux vs Meltdown: Ubuntu gets second update after first one fails to boot
    • Ubuntu takes two on Meltdown CPU patch after first one bricked machines
    • The Spectre And Meltdown Server Tax Bill

      Much has been written about the nature of the Meltdown and Spectre threats, which leverage the speculative execution features of modern processors to give user-level applications access to operating system kernel memory. This is obviously a very big problem. Chip suppliers and operating system and hypervisor makers have known about these exploits since last June, and have been working behind the scenes to provide corrective countermeasures to block them. The idea was to wait until January 9 to have all the fixes lined up in the industry and then tell the world about the exploits. But rumors about the speculative execution threats forced the hands of the industry, and last week Google put out a notice about the bugs and then followed up with details about how it has fixed them in its own code for its own systems.

    • Answering your questions about “Meltdown” and “Spectre”
    • NSA Didn’t Know of Meltdown, Spectre, Trump Cyber Czar Says

      The National Security Agency didn’t know about the Meltdown or Spectre flaws, White House cybersecurity coordinator Rob Joyce said at the International Conference on Cyber Security at Fordham University Law School here today (Jan. 11).

    • spectre and the end of langsec

      Like many I was profoundly saddened by this analysis. I want to believe in constructive correctness, in math and in proofs. And so with the rise of functional programming, I thought that this historical slide from reason towards observation was just that, historical, and that the “safe” languages had a compelling value that would be evident eventually: that “another world is possible”.

      In particular I found solace in “langsec”, an approach to assessing and ensuring system security in terms of constructively correct programs. One obvious application is parsing of untrusted input, and indeed the langsec.org website appears to emphasize this domain as one in which a programming languages approach can be fruitful. It is, after all, a truth universally acknowledged, that a program with good use of data types, will be free from many common bugs. So far so good, and so far so successful.

      The basis of language security is starting from a programming language with a well-defined, easy-to-understand semantics. From there you can prove (formally or informally) interesting security properties about particular programs. For example, if a program has a secret k, but some untrusted subcomponent C of it should not have access to k, one can prove if k can or cannot leak to C. This approach is taken, for example, by Google’s Caja compiler to isolate components from each other, even when they run in the context of the same web page.

      But the Spectre and Meltdown attacks have seriously set back this endeavor. One manifestation of the Spectre vulnerability is that code running in a process can now read the entirety of its address space, bypassing invariants of the language in which it is written, even if it is written in a “safe” language. This is currently being used by JavaScript programs to exfiltrate passwords from a browser’s password manager, or bitcoin wallets.

    • Is Apple Even Paying Attention To macOS Security Anymore?

      A new Mac security flaw lets you type literally any username and password in order to unlock the Mac App Store panel in System Preferences. It’s probably not a big deal practically speaking—the panel is unlocked by default—but the fact that this issue exists at all is a worrying reminder that Apple isn’t prioritizing security like they used to.

    • Ubuntu Linux Unbootable After Users Install Meltdown And Spectre Patches
    • Ubuntu Update For Meltdown And Spectre Chip Flaws Leaves Some PCs Unbootable

      Sometimes the cure is worse than the disease. Just ask the affected users of older AMD systems who had their PCs bricked after downloading and installing a Windows update that was supposed to protect them from Meltdown and Spectre. It is not just Windows users who are suffering, either. Some Ubuntu Xenial 16.04 users also report that the latest update for their OS has rendered their system unable to boot.

    • How CoffeeMiner Attack Hacks Public Wi-Fi And Uses Your PC For Mining Cryptocurrency

      After a series of ransomware attacks capturing the headlines past year, crypto mining malware and cryptojacking attacks came into the play. Just last month, a Starbucks customer found that the infected Wi-Fi hotspot was trying to mine Monero digital coins. It was a new kind of threat associated with using public hotspots, which are often labeled unsafe and users are advised to use VPN services for extra privacy.

    • Prosecutors say Mac spyware stole millions of user images over 13 years

      An indictment filed Wednesday in federal court in Ohio may answer some of those questions. It alleges Fruitfly was the creation of an Ohio man who used it for more than 13 years to steal millions of images from infected computers as he took detailed notes of what he observed.

    • EMC, VMware security bugs throw gasoline on cloud security fire

      While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell’s EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection—could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server’s file system. These problems can only be fixed with upgrades. While the EMC vulnerabilities were announced late last year, VMware only became aware of its vulnerability last week.

    • Malware based on open source Kotlin language discovered lurking in Google Play [Ed: This has nothing to do with "open source". They don't say "proprietary" when the framework is.]

      Basically, it’s pretty typical of the malware that crops up in dodgy apps that have wormed their way past the digital bouncers on the Play Store.

    • How to increase Linux security by disabling USB support

      This may sound like a crazy way of enhancing security on a server, but if you can get away with it—as in you don’t need any USB devices such as keyboards, mice, external drives—disabling USB support can be an added means of ensuring malicious files do not find their way onto your servers. Obviously, this will only work for headless machines, so you better make certain you can SSH into those servers, otherwise, you’ll find yourself in trouble trying to input anything via keyboard or mouse.

    • Security updates for Thursday
    • Intel Releases Linux CPU Microcodes for Processors Going Back Two Decades
  • Defence/Aggression
    • Ellsberg Takes on US Nuclear Protocol in ‘Confessions of a Nuclear War Planner’

      Former military strategist Daniel Ellsberg, famous for releasing the Pentagon Papers, a top-secret study of U.S. involvement in Vietnam, calls the United States’ nuclear weapons policy “dizzyingly insane and immoral.” In his new memoir, “Doomsday Machine: Confessions of a Nuclear War Planner,” Ellsberg chronicles his years spent as a nuclear policy analyst, which included the near miss of the Cuban Missile Crisis in 1962. Ellsberg joins us to discuss his new book and why he calls for more risk-reduction measures around nuclear weapons. We’ll also get his thoughts on the new movie, “The Post,” which dramatizes the Washington Post’s decision to publish the Pentagon Papers in 1971.

    • A swarm of home-made drones has bombed a Russian airbase

      According to reports, 13 small drones descended on Russian forces, but none did significant damage. Seven were destroyed by anti-aircraft defences and the others were brought down using electronic countermeasures to hijack or jam the drone’s controls and land them intact.

    • Trump Lashes Pakistan over Afghan War

      Though expanding the U.S.-led war in Afghanistan last year, President Trump has shown little interest in the details — until New Year’s Day when he threatened Pakistan in a surprising tweet storm, reports Dennis J Bernstein.

  • Transparency/Investigative Reporting
  • Finance
    • Chinese Workers Abandon Silicon Valley for Riches Back Home

      U.S.-trained Chinese-born talent is becoming a key force in driving Chinese companies’ global expansion and the country’s efforts to dominate next-generation technologies like artificial intelligence and machine learning. Where college graduates once coveted a prestigious overseas job and foreign citizenship, many today gravitate toward career opportunities at home, where venture capital is now plentiful and the government dangles financial incentives for cutting-edge research.

    • Bitcoin falls as one of the world’s biggest cryptocurrency markets readies a bill to ban trading

      South Korea’s justice minister said on Thursday that a bill is being prepared to ban all cryptocurrency trading in the country.

      That news is a major development for the cryptocurrency space, as South Korea is one of the biggest markets for major coins like bitcoin and ethereum.

    • Sadiq Khan’s Brexit warning: UK could lose 500,000 jobs if we crash out of EU without a deal

      A no-deal hard Brexit could cost the UK half a million jobs and £50 billion less investment, according to a study.

      Research for the mayor of London Sadiq Khan warned of a “lost decade” of significantly lower growth.

      The country could have 500,000 fewer jobs in the worst-case scenario and nearly £50 billion less investment by 2030.

      In London alone, there could be 87,000 fewer jobs and the capital’s economic output could be 2% lower by 2030 than predicted under the status quo, it was warned.

    • The ambiguity cannot last – Labour must either back or block a Tory Brexit

      Owen Jones wrote a thoughtful article recently in which he defended Labour for accepting Brexit. He covered electoral triangulation, far-right extremism, and fundamental problems with referenda. Much of what he wrote was spot on. The problem is, like almost all Brexit debate, it looked backwards, not forwards. And here’s why that matters.

      [...]

      Labour should continue to acquiesce – both for votes, and because acquiescence to a referendum result is to a certain extent moral. But rather than look backwards to when Keir Starmer’s six tests were sufficient, we must look forwards – to when Brexit takes shape and acquiescence gets harder.

      For example, consider the criticism of Jeremy Corbyn for not supporting an initial discussion on single market membership. There is a real irony here in that the criticism comes from Remainers and Corbyn pointed out what the Brexiteers denied – i.e. that the single market is not a separate joinable entity.

      Ironic or not, that Remainer criticism matters. As others make better play of being Remain parties – we lose our default “not the Brexit party” position. And worse is to comes as Brexit ceases to be an abstract concept.

      Broadly acquiescing to a referendum result and the word “Brexit” was possible in 2017 but soon we will have to choose between enabling or blocking a specific Tory Brexit.

      That isn’t acquiescence – it is support or opposition. And it could alienate millions of either Brexit or Remain voters who chose Labour in 2017.

    • Publicly funded private school creates “poor kids’ playground” for kids whose parents wouldn’t contribute to new playground equipment

      Wednesdbury Oak Academy in the West Midlands is an “academy school,” similar to a US charter school — a publicly funded, privately operated school, which, theory goes, is able to “experiment” with new educational techniques, by deviating from the standard curriculum, rejecting students on the basis of selection criteria, and hiring teachers without formal qualifications.

      The school solicited £6 contributions from parents to contribute to the cost of new playground apparatus. Contributions from the parents of 80 children out of the 450 who attend the school sent in money. When the school purchased the new equipment, the playground was segregated, with the children whose parents contributed the £6 able to play anywhere, but the remaining majority of children were barred from playing in the area with the new equipment.

  • AstroTurf/Lobbying/Politics
    • Mass Migration: The European Commission’s New “Norm”

      The article illustrates much of what is wrong with European institutions, in particular the European Commission, a mixture of bureaucratic arrogance, false creed based on dogma rather than facts, and a disdain for democratic debate. The Commission, based in Brussels, is not elected but, according to EU treaties, it has a monopoly — yes, a monopoly — on initiating legislation at the European level. Each Commissioner is an appointed bureaucrat, one for each member state — often a former top politician, now sidelined in his country of origin, therefore with very little democratic legitimacy.

    • ‘God Help Us if This Gets Out’: The Full Transcript of Yair Netanyahu’s Wild Tel Aviv Night

      Yair Netanyahu and his friends hoped their night out would not be documented. Accompanied by a bodyguard and a driver provided by the state, the prime minister’s son, the son of gas tycoon Kobi Maimon and Roman Abramov, a representative of billionaire James Packer, went touring strip clubs in Tel Aviv, paying for erotic dances and talking about the natural gas deal that had just been reached. On Monday night, the Israel Television News Company broadcast a recording made that night.

    • Trump uses ‘no collusion’ 7 times in a single Russia answer

      This is a real exchange that happened between President Donald Trump and Fox News’ chief White House correspondent John Roberts in a press conference with the Norwegian prime minister on Wednesday afternoon.

  • Censorship/Free Speech
    • Yelp Accused Of Hiding Positive Reviews For Non-Advertiser

      He said after months of non-stop phone calls from Yelp, he claims his favorable rating dropped after he finally told the company he would not pay for advertising.

    • Trump lawyer: I’m suing ‘BuzzFeed’ over dossier claims

      Cohen also said via Twitter that he is suing the private investigative firm Fusion GPS, which compiled a dossier of claims that say, among other things, that Cohen and Trump had ties with shadowy Russian characters. BuzzFeed published the dossier, which was commissioned in 2016 by Trump’s opponents.

    • No, Trump’s Censorship Bluster Is Truly Worrying

      Your editorial “Book Banning Bunkum” (Jan. 8) is far too serene in dismissing as routine Trumpish “feckless bluster” in his efforts to pressure Michael Wolff’s publisher into abandoning publication of his book. Of course, you are right to recall other such threats by the president which weren’t followed up by actual litigation, including one to this newspaper. But not all publications and journalists can so easily shrug off such threats of financially crippling litigation.

    • New universities minister ‘victim of censorship row’ after inviting Saddam Hussein’s ally to speak at the Oxford Union in 1990s

      But Tariq Aziz, a close ally of Saddam Hussein who served under him for over two decades, was unable to take up the invitation, after he was reportedly refused a visa by the Home Office.

    • Censorship Board is responsible for music and video content

      The Chief censor, Steven Mala says that capacity has been the delaying issue with the PNG Censorship Board.

      The body made a stand last year to work closely with production houses to closely monitor the content of music by local artists.

      Following up on this, Mala revealed that not much focus was given to the industry, to date.

      However he said, recruitment has been completed in 2017 so work should commence this year.

      Mala reiterated that work by artists should be screened by the Censorship Board before being aired.

      He said another circular will be sent to media houses going forward.

    • Psychiatrist Sues A Bunch Of Redditors For Criticizing His Therapy Services

      For reasons only known to the plaintiff, an American psychiatrist offering unlicensed services in Japan is suing a whole bunch of Redditors for defamation. The underlying reason for this lawsuit is obvious: searches for Dr. Douglas Berger or psychiatrists in Japan tend to return lots of links presumably owned by Dr. Berger, but more prominently, a bunch of warnings from Redditors at Japan-focused subreddits to steer clear of his psychiatric services.

    • Trump Once Again Threatens to Change Federal Libel Laws That Don’t Exist

      And even if they did, the First Amendment would stop him in his tracks.

      In the latest in a long line of attacks on freedom of the press, President Trump has once again threatened today to change libel laws to make it easier to sue news organizations, publishers, and others after the publication of an unflattering book.

      “We are going to take a strong look at our country’s libel laws so that when somebody says something that is false and defamatory about someone, that person will have meaningful recourse in our courts,” Trump said.

    • YouTube’s censorship system is flawed

      As internet users in 2018, we are all able to produce content, share it with an audience and be considered “content creators” regardless of background, orientation or qualifications. The internet in the modern day has made it possible for any person with access to it to have the opportunity to create videos for any viewer to see. YouTube is a platform where this opportunity can come to life.

      While YouTube is a positive place where creators put out content in many different genres it is also a place where offensive videos have an opportunity to be shared and reach millions of viewers.

      YouTube currently has a policy that prohibits videos with offensive language, sexual content, or “controversial subjects” including tragedy or violence from being monetized. The algorithm in place is that of a robot, separating the offensive material from the non-offensive. However, like many algorithmic programs, there are flaws within the system.

    • Chuck Johnson Sues Twitter, Copying Dennis Prager’s Lawsuit Against YouTube

      Last summer, we wrote about an important Supreme Court case, Packingham v. North Carolinia, which made the fairly important ruling that the internet was so central to everyday life that courts could not ban people from the internet, even if they were convicted of a horrific crime. It was an important ruling — but almost immediately, some people worried that some would interpret the ruling in a way to suggest that online service providers, themselves, could not kick people off of their service. That’s not what the ruling actually says, but it’s possible to quote it out of context to suggest as much.

      And, indeed, we’ve started to see such cases brought against internet companies. The case Dennis Prager brought against YouTube, for example, cites Packingham to argue that it’s somehow unconstitutional to filter his videos with warning labels. And now we can add famed internet troll Chuck Johnson to the list, as he’s filed a lawsuit against Twitter, long after the site permanently banned Johnson from using their platform.

      As we noted with the Prager/YouTube case, it’s unlikely this case will go anywhere. Courts have held out, repeatedly, that platforms have the right to operate however they want regarding letting people use their services or not (the big distinction with Packingham was that was the government denying individuals access to the internet, not private operators). And there is extensive case law around Section 230 of the CDA as well, which states in fairly plain language that sites not only can filter and moderate however they want without liability, but actually encourages them to do so. There is, of course, at least some amount of irony that it was conservatives who were complaining about “bad stuff” (mainly porn) online who pushed for incentives in the CDA to get internet services to censor via filtering… and now it’s “conservative” commentators like Prager and Johnson, who are suing because those sites are filtering, as is explicitly encouraged by the law.

    • Appeals Court Drives Another Stake Into The Heart Of Idaho’s ‘Ag-Gag’ Law

      The Ninth Circuit Court of Appeals has upheld a 2015 decision finding Idaho’s “ag-gag” law unconstitutional. Despite the protestations of legislators and the state itself, the court finds the law prohibiting people from obtaining access to farms and other agricultural entities under false pretenses a violation of protected speech.

      As the lower court pointed out, the law would have made Upton Sinclair’s expose of the meatpacking industry illegal. The upshot of Sinclair’s book was significant changes to food and employee safety laws. Without the efforts of whistleblowers this law clearly targeted, the safety of the public — both consumers and employees — would be negatively impacted.

      The Appeals Court finds little to like about the state’s arguments the law is meant to protect the privacy of agricultural entities. Instead, it points out statements made by legislators — as well as the law’s wording — indicates the state intended to block speech critical of these entities. The decision [PDF] highlights comments made by legislators during the passage of the law which show the true impetus for the law’s creation.

    • In Keeping And Improving News Comments, The Intercept Shows Websites What Giving A Damn Looks Like

      For the last few years, the trend du jour in online media has been to demonize, vilify, then shutter the traditional news comment section. Usually these closures come with all manner of disingenuous nonsense about how websites are banning comments for the sake of “building relationships” or because the website in question just “really loves conversation.” Usually, on-site users are then shoved toward social media silos at Twitter and Facebook we’re told are “just as good” as an active, on-site community (read: doing this is cheaper and makes it somebody else’s problem).

      Traditionally, readers of these websites are told that news comments simply had to die because it’s impossible to cultivate healthy discourse in the post-truth, mega-troll era. But as Techdirt and countless other websites have made clear for more than a decade, that’s simply not true. And while being lazy, cheap and actively hostile to on-site community is any website’s prerogative, this ignores the fact that online news comments are an excellent avenue for transparency and a tool to hold websites, and authors, accountable.

      [...]

      Again, for better or worse news in the modern era is a conversation. Muting your on-site audience may feel good to editors on tight budgets, tired of trolls, and wistful for the bygone days of carefully-chosen letters to the editor, but it’s doing your community (and the news industry at large) a disservice. As such, the Intercept’s moves are a welcome change of pace for an industry that has spent the last few years insisting that muzzling your readership somehow represents a breathless dedication to quality online discourse.

    • Controversy over Chinese textbook’s Cultural Revolution chapter as state publisher denies censorship

      Changes made to a middle-school history textbook’s chapter on the Cultural Revolution have sparked controversy in China, with its state-run publisher denying it censored the book.

      The furore came after a post widely shared on Chinese social media suggested that politically sensitive content about the political movement had been removed.

      The post showed photographs of the old version of the textbook and a revised text.

      The pictures appeared to show that a chapter formerly devoted to the Cultural Revolution had been taken out.

      The post also suggested that a sentence referring to the political movement in China in the 1960s and 1970s – which caused a decade of violence and political and social violence upheaval – had been altered to remove a reference to the Communist Party.

    • Rights Groups Demand Active Censorship Board After “Rape” Songs Sparks Controversy
    • Senator Portman Promises To Pass Bills To Harm Tech Companies If They Won’t Support SESTA
  • Privacy/Surveillance
    • Intelligence Oversight Tries Again With Zero-Reform Section 702 Bill, Criticizes Reform Efforts As Threats To Security

      The Congressional showdown on Section 702 reforms/renewal continues to generate little actual debate or reform — but plenty of bad proposals. Both the House and Senate Intelligence Committees have decided there should be a renewal — preferably an extended one — with zero actual reform.

      Members of the House offered up some tepid reforms in the USA Liberty Act, only to find this offering blocked by the House Permanent Select Committee on Intelligence (HPSCI), which offered a zero-reform package at the last minute. Fortunately, no one was able to tack a lousy non-reform bill to the tailend of the annual budget bill, thereby dodging reform discussions and giving the NSA a surveillance blank check for the next 5-10 years.

      Having been stiff-armed for a few weeks, the HPSCI has put together another Section 702 “reform” bill that does nothing to change the status quo and actually has the possibility of making things worse.

    • Trump Doesn’t Understand Surveillance Powers; House Votes To Give Him More Of It

      As discussed this morning, the House voted a few hours ago on a bill to reauthorize Section 702 of the FISA Amendments Act that did not reform the widely abused surveillance rules — other than to codify some of the power allowing them to continue to abuse it for warrantless surveillance on Americans. There was a vote on an important Amendment from Reps. Justin Amash and Zoe Lofgren that would have allowed the reauthorization of the underlying program, but (importantly) required a warrant (as per the 4th Amendment) for spying on Americans. And, unfortunately, the amendment was voted down (183-233) and the awful reauthorization passed, 256 to 164.

      The fight over this bill was… weird in so many ways. There was the expected bullshit: politicians outright lying to the public, arguing that the Amash/Lofgren amendment (which again, just said that the program had to be conducted in accordance with the 4th Amendment) would somehow stop the intelligence and law enforcement community from finding terrorists (it wouldn’t). Again: everyone expected that. What was weird was (1) having some of Donald Trump’s loudest detractors in Congress… then argue against the Amash amendment and in favor of giving the Trump administration more power to warrantlessly spy on Americans and share that data widely among law enforcement. And (2) having President Trump tweet a series of confused tweets this morning that demonstrated that he clearly didn’t know what the debate is actually about… and suggesting he was against the reauthorization, despite the fact that the White House (his White House) had issued a statement strongly supporting the reauthorization.

    • House Fails to Protect Americans from Unconstitutional NSA Surveillance

      The House of Representatives cast a deeply disappointing vote today to extend NSA spying powers for the next six years by a 256-164 margin. In a related vote, the House also failed to adopt meaningful reforms on how the government sweeps up large swaths of data that predictably include Americans’ communications.

      Because of these votes, broad NSA surveillance of the Internet will likely continue, and the government will still have access to Americans’ emails, chat logs, and browsing history without a warrant. Because of these votes, this surveillance will continue to operate in a dark corner, routinely violating the Fourth Amendment and other core constitutional protections.

    • House passes NSA spying bill after Trump tweets cause confusion

      The U.S. House of Representatives on Thursday passed a bill to renew the National Security Agency’s warrantless internet surveillance program, overcoming objections from privacy advocates and confusion prompted by morning tweets from President Donald Trump that initially questioned the spying tool.

      The legislation, which passed 256-164 and split party lines, is the culmination of a yearslong debate in Congress on the proper scope of U.S. intelligence collection – one fueled by the 2013 disclosures of classified surveillance secrets by former NSA contractor Edward Snowden.

    • House votes to renew controversial surveillance program that powers the NSA

      After a contentious debate, the House of Representatives has voted to extend a controversial government surveillance program that powers American spying operations, as it voted down a proposal to include new privacy measures.

      The debate centers on Section 702 of the Foreign Intelligence Surveillance Act, which allows for collection of foreign intelligence data, and that privacy advocates say invasively scoops up Americans’ communications. The authorization for the program is set to expire later this month, if not reauthorized. Section 702 allows the National Security Agency to continue controversial surveillance activities like PRISM, which the agency uses to scan through data held by American tech companies.

    • Trump tweet throws today’s House surveillance votes into chaos [Updated]

      As recently as last night, the Trump administration was strongly in favor of legislation to renew one of the federal government’s most controversial spying powers. Known to insiders as Section 702 of the FISA Amendments Act, the law grants the government surveillance powers that are only supposed to be used on targets outside the United States.

      Civil liberties groups say that the law can too easily be used to sweep up the private communications of Americans. And they’re backing legislation called the USA Rights Act to place new restrictions on the use of 702 spying powers—the House of Representatives was voting on that amendment as we published this story. Last night, the White House put out a statement condemning USA Rights.

    • NSA Mass Surveillance Survives Trump Tweet Attack

      It was a delicate and belated legislative minuet, in pursuit of a goal that aligned Donald Trump, his House GOP allies, some Democratic adversaries, and the intelligence agencies he derides as Nazi-like. Perhaps predictably, Trump disrupted all those complex congressional machinations with a tweet.

    • House passes legislation to renew key NSA surveillance program after Trump’s contradictory tweets

      The House voted decisively Thursday to reauthorize a powerful government authority to conduct foreign surveillance on U.S. soil, overcoming opposition from privacy advocates and confusion sown by contradictory and seemingly misinformed tweets from President Trump questioning his administration’s support for the program.

    • How the Government Hides Secret Surveillance Programs

      IN 2013, 18-YEAR-OLD Tadrae McKenzie robbed a marijuana dealer for $130 worth of pot at a Taco Bell in Tallahassee, Florida. He and two friends had used BB guns to carry out the crime, which under Florida law constitutes robbery with a deadly weapon. McKenzie braced himself to serve the minimum four years in prison.

      But in the end, a state judge offered McKenzie a startlingly lenient plea deal: He was ordered to serve only six months’ probation, after pleading guilty to a second-degree misdemeanor. The remarkable deal was related to evidence McKenzie’s defense team uncovered before the trial: Law enforcement had used a secret surveillance tool often called Stingray to investigate his case.

      Stingrays are devices that behave like fake cellphone towers, tricking phones into believing they’re pinging genuine towers nearby. By using the device, cops can determine a suspect’s precise location, outgoing and incoming calls, and even listen-in on a call or see the content of a text message.

    • CBP: More fliers being asked to allow access to phones, devices

      The American Civil Liberties Union praised the policy for requiring officers to have some suspicion before copying and using electronic methods to search a device. But the Constitution still requires that the agency get a search warrant based on probable cause to search a device, according to the ACLU.

    • Surprise: Women watched more porn in 2017
    • Congress Is About to Vote On Expanding the Warrantless Surveillance of Americans

      Section 702 of the Foreign Intelligence Surveillance Act has been abused by the intelligence agencies to spy on Americans. This week the House of Representatives will vote on a bill to make that legal.

    • Western Digital My Cloud drives have a built-in backdoor : Remote access of files is possible

      [...] No fix has been issued to date.

      More troubling is the existence of a hard coded backdoor with credentials that cannot be changed. Logging in to Western Digital My Cloud services can be done by anybody using “mydlinkBRionyg” as the administrator username and “abc12345cba” as the password. Once logged in, shell access is readily available followed with plenty of opportunity for injection of commands.

    • FBI chief calls encryption a ‘major public safety issue’

      He added: “I just do not buy the claim that it’s impossible.”

    • FBI expert lashes Apple ‘jerks’ over iPhone security
    • FBI Hacker [sic] Says Apple Are ‘Jerks’ and ‘Evil Geniuses’ for Encrypting iPhones

      Cybersecurity experts and civil liberties organizations, meanwhile, have long made the case that iPhone encryption keeps the average consumer’s data safe from hackers and authoritarian surveillance, a net benefit for society.

    • WhatsApp Security Flaws Could Allow Snoops to Slide Into Group Chats

      When WhatsApp added end-to-end encryption to every conversation for its billion users two years ago, the mobile messaging giant significantly raised the bar for the privacy of digital communications worldwide. But one of the tricky elements of encryption—and even trickier in a group chat setting—has always been ensuring that a secure conversation reaches only the intended audience, rather than some impostor or infiltrator. And according to new research from one team of German cryptographers, flaws in WhatsApp make infiltrating the app’s group chats much easier than ought to be possible.

      At the Real World Crypto security conference Wednesday in Zurich, Switzerland, a group of researchers from the Ruhr University Bochum in Germany plan to describe a series of flaws in encrypted messaging apps including WhatsApp, Signal, and Threema. The team argues their findings undermine each app’s security claims for multi-person group conversations to varying degrees.

      But while the Signal and Threema flaws they found were relatively harmless, the researchers unearthed far more significant gaps in WhatsApp’s security: They say that anyone who controls WhatsApp’s servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation.

    • Are Your WhatsApp Encrypted Group Chats Exposed To Strangers?

      According to a Wired report, the flaws allow a person with the control of WhatsApp’s servers to add anyone to a WhatsApp group without admin permission.

    • WhatsApp ‘bug’ raises questions over group message privacy

      Anyone in control of WhatsApp’s servers – like an employee instructed by a government, for example – could spoof security processes and add new members to groups and snoop on private conversations, researchers at Germany’s Ruhr University Bochum have claimed.

    • Peers have a chance to make the UK one of the safest places to be online. They should take it.

      Do you remember that time when Uber didn’t tell us that the data of 57 million of their users got exposed? Or that time when Equifax failed to protect data of 400,000 people in the UK? Or those two Yahoo hacks that breached more than one billion accounts? Oh, and that time when TalkTalk was fined £400,000 for inadequately protecting 156,959 accounts of their customers?

      I could go on. These are just a fraction of the data breaches that have caused leaks of people’s data. Every time you provide your name, date of birth, home address or details for an online payment to a company you do so based on trust that they will keep your data safe. But increasingly, companies fail their customers.

      Currently, the Government’s Data Protection Bill will give citizens the power to instruct a select group of not for profit bodies to represent them in complaints to the data protection authority or the judiciary. This is required of the Government – Article 80(1) is a mandatory provision in the EU’s General Data Protection Regulation (GDPR).

    • The House Intelligence Committee’s Section 702 Bill is a Wolf in Sheep’s Clothing
    • US House To Vote On FISA Mass Surveillance Bill Today
    • Surveillance and Privacy Debate Reaches Pivotal Moment in Congress
    • House headed for cliffhanger vote on NSA surveillance
    • Tight Vote Ahead for House on NSA Surveillance
    • Amash, Paul, and Others Trying to Stop Congress from Expanding Domestic Surveillance Powers
    • Congress Seeks to Increase FBI Surveillance Powers, Here’s What They Already Got
    • These are the favorites to become the next NSA director

      With NSA Director Adm. Mike Rogers set to retire later this year, several prominent names are already being floated among government leaders as to who will become the next leader of the country’s premier signals intelligence agency.

    • Analog Equivalent Privacy Rights (10/21): Analog journalism was protected; digital journalism isn’t

      In the analog world of our parents, leaks to the press were heavily protected in both ends – both for the leaker and for the reporter receiving the leak. In the digital world of our children, this has been unceremoniously thrown out the window while discussing something unrelated entirely. Why aren’t our digital children afforded the same checks and balances?

    • Facebook begins testing local news app

      News specific to these communities will be directed to users by both human curators and algorithms. News appearing on each cities’ “Today In” feed will reportedly be vetted by Facebook’s news partnership team.

    • The most powerful internet of things companies
  • Civil Rights/Policing
    • Myanmar prosecutor seeks Official Secrets Act charges against two Reuters reporters

      Myanmar prosecutors sought charges on Wednesday against two Reuters reporters under the Official Secrets Act, which carries a maximum prison sentence of 14 years, the reporters’ lawyer said.

      Wa Lone, 31, and Kyaw Soe Oo, 27, were detained on Dec. 12 after they had been invited to meet police officers over dinner. Family members have said the two told them they were arrested almost immediately after being handed some documents by the officers they had gone to meet.

      The two had worked on Reuters coverage of a crisis in the western state of Rakhine, where – according to U.N. estimates – about 655,000 Rohingya Muslims have fled from a fierce military crackdown on militants.

    • Ninth Circuit Doubles Down: Violating a Website’s Terms of Service Is Not a Crime

      Good news out of the Ninth Circuit: the federal court of appeals heeded EFF’s advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle’s website in a manner it didn’t like. The court ruled back in 2012 that merely violating a website’s terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes—in this case, California and Nevada—to enforce their computer use preferences.

      This decision shores up the good precedent from 2012 and makes clear—if it wasn’t clear already—that violating a corporate computer use policy is not a crime.

      Oracle v. Rimini involves Oracle’s terms of use prohibition on the use of automated methods to download support materials from the company’s website. Rimini, which provides Oracle clients with software support that competes with Oracle’s own services, violated that provision by using automated scripts instead of downloading each file individually. Oracle sent Rimini a cease and desist letter demanding that it stop using automated scripts, but Oracle didn’t rescind Rimini’s authorization to access the files outright. Rimini still had authorization from Oracle to access the files, but Oracle wanted them to access them manually—which would have seriously slowed down Rimini’s ability to service customers.

      Rimini stopped using automatic downloading tools for about a year but then resumed using automated scripts to download support documents and files, since downloading all of the materials manually would have been burdensome, and Oracle sued. The jury found Rimini guilty under both the California and Nevada computer crime statues, and the judge upheld that verdict—concluding that, under both statutes, violating a website’s terms of service counts as using a computer without authorization or permission.

    • New Jersey Prisons Reverse Course on Banning ‘The New Jim Crow’ After ACLU of New Jersey Letter

      The state with the worst racial disparities in incarceration lifts ban on Michelle Alexander’s seminal book.

      Michelle Alexander dedicates her book, “The New Jim Crow,” to the people who have been swept up by America’s racist criminal justice system. “You may be locked up or locked out of mainstream society, but you are not forgotten.” For the first time, all prisoners across New Jersey can read her words.

      The ACLU of New Jersey learned that “The New Jim Crow” was banned as a matter of official policy in at least two prisons: New Jersey State Prison and Southern State Correctional Facility. On Monday, we sent a letter to the Department of Corrections commissioner telling him that the ban was not only unconstitutional as a violation of the First Amendment, but also that it was a deeply disturbing policy, especially since New Jersey has the worst racial disparities in incarceration in the entire country.

    • ICE Abused Somalis for 2 Days On a Plane and Now Wants to Send Them Into Harm’s Way

      It is not only immoral to deport people to countries where they will be violently persecuted. It’s illegal.

      Rahim Mohamed’s daughter was born in October, but the 32-year old father, who has been detained in immigration custody since April, has not seen or held her. If Immigration and Customs Enforcement has its way, he won’t get that chance. Instead, he will be summarily deported to Somalia, despite the fact that Rahim fears persecution by Al-Shabaab, the Somali-based affiliate of Al-Qaeda, and would be leaving behind his U.S. citizen wife, toddler son, and infant daughter.

      Rahim is one of 92 Somali nationals, currently locked up in Florida, who ICE is rushing to deport before they have a chance to ask to reopen their immigration cases so that a judge can consider the danger to their lives. The Somalis have filed a lawsuit against ICE to stop their immediate deportations. In addition to the ACLU, they are represented by the Immigration Clinic at the University of Miami School of Law, Americans for Immigrant Justice, the James H. Binger Center for New Americans at the University of Minnesota Law School, the Legal Aid Service of Broward County, and The Advocates for Human Rights.

      On Tuesday, we appeared in federal court to argue that these men and women must receive a full and fair opportunity to reopen their cases before an immigration judge in keeping with due process and habeas corpus rights. It is against U.S. law to deport anyone to a country where they are likely to be persecuted or tortured. Immigration law also permits the reopening of removal orders based on changed circumstances.

      However, ICE seems intent on ignoring both of these facts.

    • Top U.S. Government Computers Linked to Revenge-Porn Site

      Revenge porn, where people share intimate images of others in order to intimidate, harass, or embarrass, is rampant. Now, data obtained by a security analyst and shared with The Daily Beast reveals the behind-the-scenes of the epicenter of revenge porn: a notorious image board called Anon-IB, where users constantly upload non-consensual imagery, comment on it, and trade nudes like baseball cards.

      The data shows Anon-IB users connecting from U.S. Senate, Navy, and other government computers, including the Executive Office of the President, even as senators push for a bill that would further combat the practice, and after the military’s own recent revenge-porn crisis.

      “Wow tig ol bitties. You have any nudes to share?” someone wrote in November, underneath a photo of a woman who apparently works in D.C., while connecting from an IP address registered to the U.S. Senate.

    • A Fourth Young Immigrant Woman Is Being Blocked by the Trump Administration From Obtaining an Abortion

      The ACLU filed papers on behalf of yet another girl 17-year-old whose right to an abortion is being flagrantly disregarded.

      First there was Jane Doe. Then there were Jane Roe and Poe. Now Jane Moe has come to our attention.

      Earlier this week, we learned that yet another 17-year-old immigrant in government custody was being blocked by the Trump administration from obtaining an abortion.

      Jane Moe, who is believed to be in her second trimester of pregnancy, made clear her desire to terminate her pregnancy two weeks ago. Private funds are available to pay for her abortion, and staff at the shelter where she is being held are willing to accompany Ms. Moe to a clinic, but as in three prior cases, the government is refusing to allow it.

    • How Poor Health Care Turned Walter Jordan’s Prison Sentence into a Death Sentence

      Arizona prisons are causing harm and death because of inadequate medical and mental health care.

      Walter Jordan tried to tell the world he was dying in prison in Arizona when he mailed a handwritten message, titled “Notice of Impending Death,” to the federal court in Phoenix. Nine days later, he was dead. According to Dr. Todd Wilcox, a physician who reviewed Jordan’s case, the 67-year-old might have survived if he had received competent treatment by the Arizona Department of Corrections (ADOC) and its private, for-profit health care contractor, Corizon Health.

      Jordan died of an invasive squamous cell skin cancer that ate through his skull and invaded his brain. Dr. Wilcox identified multiple deficiencies in Jordan’s care, concluding that his death was “unfortunate and horrific” and that he had suffered “excruciating needless pain” in the final months of his life.

      Jordan himself testified to his own impending death in his letter. “ADOC and Corizon delayed treating my cancer,” he wrote. “Now because of there [sic] delay, I may be luckey [sic] to be alive for 30 days.”

      Jordan died in prison, but his words have reached us, and they are a call to action against poor prison conditions that lead to pain and death for prisoners who have a right to proper care from the institutions charged with their custody.

      This is not a new problem.

  • Internet Policy/Net Neutrality
    • Trump’s New Rural Broadband Executive Order Doesn’t Actually Do Much Of Anything

      You have probably noticed by now that the biggest problem in the U.S. broadband market is a lack of vibrant competition in many areas. This lack of competition over the “last mile” is the core reason for the majority of the problems in the sector, from privacy violations to net neutrality infractions. And while lawmakers from both parties adore paying empty lip service to making broadband faster, cheaper, and more available, very few have the courage to stand up to AT&T, Verizon, and Comcast and actually implement policies that improve our competitive options.

      More often than not, government’s “solution” for the broadband market involves first ignoring that there’s any real competition problem whatsoever, then hyping “broadband expansion” efforts that fail to truly address the underlying problems.

      That’s usually accomplished via programs with “goals” that would have been accomplished anyway. Like when Obama promised in 2011 to ensure wireless broadband reached 98% of the public (ignoring the problem of high prices and usage caps, or the fact this coverage was going to occur anyway), or when Obama’s former FCC boss Julius Genachowski promised a gigabit ISP in each one of the fifty states (also something that would have happened without government involvement). Such efforts usually comically ignore how limited competition and high prices are the biggest problem.

    • Nebraska The First ‘Red’ State To Craft Its Own Net Neutrality Law

      So we’ve noted repeatedly how the attack on net neutrality is just one small part of a much larger, dumber plan by major ISPs to neuter nearly all federal and state oversight. A plan that involves gutting all meaningful FCC authority over broadband ISPs, then shoveling any remaining authority to the FTC. An FTC (surprise surprise) the broadband industry is currently in court arguing has no authority over broadband providers. Ajit Pai’s FCC (at Verizon and Comcast lobbyists’ request) also included provisions pre-empting states from trying to protect consumer privacy or net neutrality.

      So far individual states aren’t listening. New York, Washington, Minnesota, Massachusetts and California are all pushing their own net neutrality rules. And since the FCC’s net neutrality repeal prohibits states from passing such laws, many of these states are creatively eyeing provisions that require ISPs adhere to net neutrality if they want to win government contracts, or if they want to keep getting taxpayer subsidies for those fiber networks they always tend to leave half built anyway.

      ISP lobbyists have already begun trying to argue that these individual state efforts create a discordant patchwork of regulations that may be difficult to adhere to. But that’s the sort of thing said lobbyists should have thought about before rushing mindlessly to destroy federal net neutrality rules. Rules that were actually among the more modest of any of the developed nations that have passed such protections (see The Netherlands, India, Japan, Canada, Germany).

  • Intellectual Monopolies
    • How International IP Policy Reconfigured National Politics: An Interview With Prof. Ken Shadlen

      One reading of that is that conflicts are now waged over smaller issues, in that the sorts of things that affect how a pharmaceutical patent system functions are more narrow issues than things such as when to start granting patents and whether to do so retroactively (not to mention the first order question of whether to have a patent system at all). But while that’s all correct, the conflicts remain intense in this more narrow space.

    • Copyrights
      • Judge Issues Devastating Order Against BitTorrent Copyright Troll

        A Washington District Court has issued a devastating order against a copyright holder of the film “Once Upon a Time in Venice,” which chases alleged BitTorrent pirates for cash settlements. The Court points out that one of their experts is unqualified, doubts whether declarants even exist, and highlights that IP-address evidence may have been obtained illegally.

EPO Lobby and Team UPC’s ‘Resistance’ to the UPC Opposition in Germany

Thursday 11th of January 2018 08:42:54 PM

Tilmann and co.

Summary: German UPC proceedings have yielded submissions from Team UPC, but will the court know why they are lobbying the court and what destructive agenda they have in mind?

“The first 3rd party statement in the German court proceedings has been made public,” a reader told us today. The deadline was almost a fortnight ago and they have put a document out there (direct link to the PDF, which is in German). Watch the names on it. So objective a group, eh? They are not concerned citizens but greedy, self-serving people who propelled the UPC to where it got.

The EPO is meanwhile pushing hard its so-called ‘paper’ (which it paid academics to produce, allegedly to help lobby the German court). It wrote about it no less than twice today [1, 2]. “Improved harmonisation of Europe’s patent system has the potential to increase trade & FDI in high-tech sectors by up to 2% & 15% in the EU,” said the first tweet and the second said this: “Stronger patent protection has a significant positive impact on high-IP imports and on the value and number of FDI deals in high-IP sectors.”

“Imagine how many European SMEs would be subjected to worldwide or EU-wide embargoes due to just one single action of one patent bully or patent troll. Based on a judgment delivered in a language that the SME does not even understand…”The EPO is basically trying to buy ‘facts’. It’s a new low for the EPO (it was at the time) because it practically corrupts academia.

The UPC is more or less dead (just not officially). No point pushing it in the UK now that Johnson is out, but they are so deseperate that they will attempt anything, even 39 pages of text (as above) and money for corruptible academics.

What’s at stake here is Europe’s future. Will it harbour innovation or embargo? To use this example from today at IAM, China is the next Eastern District of Texas. Shenzhen facilitates embargoes now:

The Intermediate People’s Court in Shenzhen has handed down the latest milestone Chinese FRAND decision, with local telecom Huawei earning an SEP injunction as part of its wide-ranging assertion campaign against Samsung Electronics.

The decision was announced by an official social media channel of the court today. The short notice describes the ruling as the first SEP injunction to be issued in China on the basis of an “international” SEP. The Beijing IP Court previously granted an injunction against Sony back in March 2017, but the standard at issue there was WAPI, a seldom-used protocol which is only implemented in China.

Now consider the UPC. Imagine how many European SMEs would be subjected to worldwide or EU-wide embargoes due to just one single action of one patent bully or patent troll. Based on a judgment delivered in a language that the SME does not even understand… the entire prospect in its own right is insane.

126th Session of the ILO Administrative Tribunal is Around the Corner and EPO Staff Representatives Will Have Their Cases Heard Soon

Thursday 11th of January 2018 03:29:09 PM

Remember that it can take many years for ILO to process EPO cases and there’s a massive backlog

Reply by Tribunal regarding temporary stay of proceedings in my less urgent cases (relevant page): pic.twitter.com/SBrbAWPuZJ

— Anette Koch (@AnetteKoch) January 10, 2018

Reply to Tribunal's e-mail of 18 (and 13) December 2017 pic.twitter.com/uQpWdy5kfW

— Anette Koch (@AnetteKoch) January 10, 2018

Summary: With infinitesimal chances of justice inside the EPO, workers turn to ILO, which has fallen really badly behind and is unable to correct injustices in a timely manner; there is, however, still hope

THE EPO will no doubt play a big role in the next (and imminent) session of the ILO Administrative Tribunal. It was the “big story” of the last session, where half the decisions concerned the EPO and several were about Judge Corcoran.

“Battistelli and his cabal just want patents issued as fast as possible and with miminal scrutiny/challenge. EPO is becoming INPI or SIPO.”Based on the above tweets, which someone told us about, some former EPO staff representatives are going to have their cases heard and decided on. Also, based on this new article (just promoted by SUEPO), Ciaran McGinley's departure predates or precedes some profoundly inane organisational chaos. McGinley himself used to be in staff representation albeit people we heard from generally regarded him to be somewhat of a “sellout” (to top-level management). Here is the relevant portion from the article:

In an internal memo, the Staff Union of the EPO (SUEPO) has described the merger as a “disaster in the making”, arguing that it has split patent administration staff into much smaller units of around four to seven members, which are required to provide the same service as the much larger units, which contained around 15 to 20 staff, used before the merge.

To cope with rising workloads, 18 months ago the now ex-director of patent administration at the EPO, Ciaran McGinley implemented a structure of hubs in which staff were regrouped into large units with “sufficient manpower and expertise”, according to SUEPO.

Of the new structure, the memo said: “Such division into small units creates obvious issues of unequally distributed expertise (individual patent administration staff cannot master perfectly the many necessary procedures).”

“Even the patent administration procedures that until now were centralised in a dedicated unit, like the receiving office for WIPO in the EPO, will be decentralised to the small units … expertise will be much more diluted than before.”

The memo added: “To solve the problem they have created, management has decided to train intensively all patent administration staff in basically all procedures. This is taking place while patent administration staff is already struggling with the workload, further increasing work strain. In any event, one cannot reasonably expect that a hasty training will allow building up the necessary level of expertise in all the small teams.”

They don’t care about expertise; as we pointed out in several articles last night, Battistelli and his cabal just want patents issued as fast as possible and with miminal scrutiny/challenge. EPO is becoming INPI or SIPO. In other words, it is becoming the very opposite of what it was once renowned for.

The European Parliament JURI Mission to Munich Looks Like Complicity With EPO Abuses

Thursday 11th of January 2018 12:56:36 AM

Programme: Local [PDF] | Original [PDF]

Briefing: Local [PDF] | Original [PDF]

Report: Local [PDF] | Original [PDF]

Summary: A look at newly-released documents from the Committee on Legal Affairs shows a rather disturbing cooperation if not collusion with a highly abusive tyrant

A LITTLE birdie whispered in our ears, noting that the documents above have been made public. The EPO‘s relationship with the EC/EP/EU comes across as complicity; it’s not looking good.

Mind the dates; the way we interpret this data, the European Parliament mission to the EPO was only published 2.5 years later (in December 2017). The programme and report are outlined as follows: “The Committee on Legal Affairs sent a delegation of three Members to Munich on 4-5 May 2015. The Members met with the representatives of the European Patent Office in order to discuss the state of play of the patent package, in particular the cost of the unitary patent.”

“It looks like in order for the UPC agenda to be pushed they were willing to accept Battistelli’s many abuses. TTIP is mentioned there too.”UPC. What we see there is Margot Fröhlinger pushing UPC agenda. “During the course of the morning session, the delegation was welcomed by the EPO’s president, Mr. Benoît Battistelli.” In their own words. It looks like in order for the UPC agenda to be pushed they were willing to accept Battistelli’s many abuses. TTIP is mentioned there too.

So, uploaded earlier this month or last month were all these documents that could probably be made public a long time ago. How come? Were they trying to protect some nefarious agenda? Does transparency come with time constraints? Does it take almost 3 years to process just half a dozen pages? We have made local copies just in case the above expire (or get removed, which is inevitable one day).

The “Committee on Legal Affairs” they call themselves. How about looking into legal abuses of Battistelli? Not important enough? How about constitutional issues associated with UPC?

“How about looking into legal abuses of Battistelli? Not important enough? How about constitutional issues associated with UPC?”While the EC/EP/EU (or the Committee on Legal Affairs) looked the other way more EPO staff committed suicide and the institution became synonymous with lawlessness. Where were these ‘public’ servants when that happened?

Battistelli, as noted in this article from today, further shields his nepotist succession plan so that his mates will continue to control the EPO long after he’s gone. As someone put it:

The European Patent Office (EPO) has completed an internal reorganisation, including the merger of two former Directorates General (DG), which it claims will “enhance the efficiency of its patenting process”.

The new DG 1 merges the old DG 1 Operations and DG 2 Operational Support under the umbrella of DG 1 Patent Granting Process

According to the EPO, the merge will integrate support staff with teams of patent examiners to “reduce hand-over points”, where patent applications are passed between operation units.

The office also plans to create new specialised directorates to deal with opposition procedures.

They conveniently neglect to say that these are promotions of Battistelli’s cabal, disguised as ‘reorg’ which professionals warned against. It’ll only accelerate the demise of the EPO.

“Amid very serious brain drain rest assured that the world’s ‘best’ patent office will allow people with only days or weeks of experience to assess files, raising both confidentiality and professionalism questions.”Once upon a time the EPO attracted Europe’s brightest scientists, but hours ago the EPO announced these vacancies (warning: epo.org link). Jobs? Of course not! Just internships, merely one week after all EPO workers lost their permanent work contract (it’s now time-limited and conditional). The EPO wrote: “A unique possibility for professional representatives to spend three weeks as interns in our Directorate-General Patent Granting Process, work on actual case files and run prior-art searches. Apply for the Praktika Intern programme here…”

Amid very serious brain drain rest assured that the world’s ‘best’ patent office will allow people with only days or weeks of experience to assess files, raising both confidentiality and professionalism questions.

Benoît Battistelli Lies About Patent Quality; the Numbers Speak for Themselves However

Thursday 11th of January 2018 12:17:46 AM

The number of European Patents (EPs) opposed has skyrocketed and may have outrun the capacity to properly deal with oppositions

Summary: The person who is rapidly ruining the quality that the EPO stood for over the years (nearly half a century) lies to his staff and stakeholders today; He has even, in his own words, “chaired our annual Quality Review” to review his own supposed ‘performance’

THE quality of patents at the Office of Benoît Battistelli is as high as the quality of the lies of Benoît Battistelli.

This Liar in Chief continued lying today; he spoke about patent quality yet again. He has lost any sense of shame and he now lies so blatantly that we can imagine the faces of EPO workers who read this ‘blog’ post of his (warning: epo.org link). It was promoted in the Organisation’s Twitter account some hours ago. “In a new blog post President Battistelli reviews 2017 and discusses the year ahead with a strong focus on quality,” it says. They too are lying. Yes, the Organisation. Does Herrnst care at all? Probably not because a few months ago he help defend the same lies about patent quality (in a private event that was publicly reported on). We suppose that a rebuttal to these lies is in order because staff must have noticed these lies. Someone ought to respond to the lies.

“He chairs a meeting in which to discuss himself.”Battistelli is (of course) lying. He chairs a meeting in which to discuss himself. How ludicrous is that? Napoleonic. “At the beginning of December,” he wrote, “I chaired our annual Quality Review, comprised of senior EPO management who are integral to maintaining and developing the Office’s quality.”

So Battistelli controls everything, even things that are tasked with assessing his performance. Amazing, isn’t it? Not at the EPO anyway; this has become the norm and something to be perpetually expected.

Is anyone out there surprised about it? Battistelli is moving his lips again, having returned from his (longer than other staff’s) break. His lips utter words, which leave an odorous puddle of lies afoot.

“Battistelli is moving his lips again, having returned from his (longer than other staff’s) break.”Let’s look at the latest evidence of a decline in patent quality (as the EPO itself is unable to safely investigate the matter; staff representatives who merely brought up the subject were severely reprimanded by two Vice-Presidents). Introspection verboten!

The EPO‘s Patent Prosecution Highway (PPH) with Canada, which we mentioned on Tuesday morning, is now officially “news” (several days after it actually started). It comes from two publications that typically parrot EPO press releases [1, 2]. The first says this:

The European Patent Office (EPO) and the Canadian Intellectual Property Office (CIPO) have extended a patent prosecution highway (PPH) pilot agreement.

The extension of the pilot, which allows applicants who have been successful in obtaining a patent at one office to request accelerated examination at the other, was announced on Friday, January 5.

For those who are not familiar with the concept, PPH will almost always guarantee lowered quality of assessment (and less time for oppositions etc.) in the name of speed, usually in order to better facilitate a patent aggressor rather than a defendant.

When you use the word “products” maybe you intentionally fail to understand what patents really are; so says the second ‘article’ (more like a press release):

Comparatively, the CIPO received 406 requests: 325 based on PCT work products and 81 based on regional work products.

Yes, “products”; Battistelli probably thinks that he is literally running a factory (something which he never did before by the way).

This is an utter embarrassment. PACE, Early Certainty, PPH and so on have basically demolished patent quality. The appeal boards have been systematically diminished (pure sabotage!) and see this new press release titled “European Patent Office Cancels Oral Opposition Proceedings Concerning Cantargia’s Patent for Solid Tumours” as it’s almost self-explanatory. It does not look like the EPO even has the capacity for quality assessment of patents anymore…

In the ongoing opposition proceedings at the European Patent Office (“EPO”) concerning Cantargia AB’s (“Cantargia”) patent for antibody treatment against IL1RAP in solid tumours the EPO has informed the company that the oral proceedings that were due to take place on 22 January 2018 have been cancelled.

Oppositions? What oppositions? The EPO cannot even keep up. Understaffed. Brain-drained. Total chaos.

“The EPO now grants far too many patents in error.”Great job, Battistelli!

The EPO now grants far too many patents in error. And its error-correcting mechanisms have been brought to their knees. Hours ago someone posted this detailed analysis which show how the number of oppositions has soared (indicative of plenty of ‘dissent’ or ‘protest’ against grants). To quote the relevant part (there is a graph there too):

Given the EPO opposition term of nine months from grant and given that by far the greater proportion of oppositions are filed towards the very end of the opposition term, increased grants could be expected to be followed nine months – three quarters of a year – later by an increase in the number of patents opposed.

Though the record of the number of patents opposed in the third quarter of 2017 is not yet finalized, it seems clear that this expected “more patents opposed” effect has occurred.

At the latest from the first quarter of 2017 there has been a marked increase in the number of patents opposed.

We are truly concerned that Battistelli basically ‘broke’ the EPO; everything that had evolved at the Organisation (and Office) to assure checks and balances, self-assessment etc. is now gone. When we publish old documents from staff representatives we gradually go back in time and show how Battistelli did it, scuttling everything that constitutes separation of powers. It’s disturbing. And it’s a good thing that some people meticulously documented these things over the year.

“When we publish old documents from staff representatives we gradually go back in time and show how Battistelli did it, scuttling everything that constitutes separation of powers.”The other day Alexander Esslinger wrote about the Organisation’s Enlarged Board of Appeal and German Federal Court of Justice (FCJ): (see corresponding tweet)

The Enlarged Board of Appeal (EBA) reasoned that such undisclosed disclaimers in most cases constitute added matter, i.e. “the requirements of Article 123(2) EPC leave virtually no chance of an undisclosed disclaimer being allowable” since “introducing any disclaimer per definitionem excludes subject-matter from a claim and, hence, changes the technical content of the claim” (G1-16, point 42). The EBO allowed undisclosed disclaimers under the above-mentioned clearly defined conditions despite the fact that they violate Art. 123(2) EPC, because under these circumstances a violation of Art. 123(2) EPC would not give the patentee or applicant an unwarranted advantage damaging to the legal security of third parties; this being the rationale behind Art. 123(2) EPC (G1-16, point 36).

The German Federal Court of Justice (FCJ), however, applies in the recently published ex-parte decision “Phosphatidylcholin” a different reasoning. In the case the FCJ had to decide upon an appeal on points of law (“Rechtsbeschwerde”) of the applicant of a patent application, which has been rejected both by the GPTO and the Federal Patent Court based on the ground that of an undisclosed disclaimer consisted of an inadmissible extension beyond the content of the original application.

We previously posted evidence that GPTO (in relation to SLAPP, trolls, and quality of patents) had become better than EPO. Where is the EPO going if the Boards of Appeal are being crushed (and shrunk) further and further? Who is going to independently assess patent quality?

German media will look the other way, perhaps because the EPO is a sacred cow (cash cow).

Jo Johnson’s Departure is Another Major Blow for Team UPC (Unified Patent Court)

Wednesday 10th of January 2018 11:11:39 PM

Recent: Battistelli’s ‘Mole’ Lucy Neville-Rolfe is Still Trying to Push Unitary Patent (UPC) Through in the United Kingdom

Summary: Proponents of the UPC, notably patent law firms that are based in London, do not want us to know that Jo Johnson is leaving, thereby assuring that any remaining prospects of UPC ratification are in formal disarray

Jo Johnson knew all along that the UPC was an impossibility, but Team UPC kept lobbying and misleading him. Battistelli even went to London to do photo ops with him (posted in the EPO‘s site at one time).

“In principle, his words/promises too have become more or less invalid, just like Lucy’s (in 2016).”People have already noticed (this week) that Johnson’s shuffle will impact what he said or promised. In principle, his words/promises too have become more or less invalid, just like Lucy’s (in 2016). Are they going to shuffle every single year?

Jo Johnson is out the door. He’s moving. This means that UPC is very dead now. Not just in the UK but everywhere. No matter the lobbying. Even if Germany someone miraculously ratified (some time in the distant future), London’s absence would make it untenable.

One new comment said: “Jo Johnson moved sideways to transport. Haven’t seen if he keeps his IP brief but presumably not. So time to educate another junior minister?”

“Jo Johnson is out the door. He’s moving. This means that UPC is very dead now.”The response to that is that he’s being “replaced by Sam Gyimah, who campaigned for remain, according to the Guardian.”

Lucy and Jo have lasted such a short time on the job. Will Gyimah even last more than 6 months?

The UPC is dead irrespective of “leave” or “remain” for various reasons we’ve covered here before. In fact, UPC is not even on the radar in the UK. The EPO has, so far this week, posted lots of #IPforSMEs nonsense like this, perhaps hoping to perpetuate illusions like “UPC for SMEs” rather than just “IP for SMEs” (both are falsehoods). Earlier today the EPO wrote: “Annual gains of EUR 14.6 billion in trade and EUR 1.8 billion in FDI could be generated by improved harmonisation of Europe’s patent system.”

“The UPC is dead irrespective of “leave” or “remain” for various reasons we’ve covered here before.”This links to that old and disgraced ‘report’. “No need to keep pushing this report you paid to produce for UPC lobbying,” I told them. Some people alleged that the purpose of this paid-for ‘report’ is to help lobby the German court.

Meanwhile, Watchtroll is promoting the UPC in a so-called ‘webiner’, so we instantaneously know it’s good for patent trolls, not for science or for industry (Watchtroll is worse than IAM in that regard). Yesterday it even promoted Supplementary Protection Certificates (SPCs), just like Team UPC habitually does.

As we shall show in the next couple of posts, the UPC lobby of Battistelli also works behind the scenes; with little effort we can expose/unearth that too.

Links 19/1/2018: Cockpit 159, Endless OS 3.3.8, Tails 3.4

Wednesday 10th of January 2018 09:49:34 PM

Contents GNU/Linux
  • With Linux, You Don’t Get One Kernel of Truth… You Get Many

    As much as I love to poke at the inner workings of my computer, I’ll admit that until recently, I didn’t give much thought to which version of the Linux kernel my desktop system was running.

    For most desktop users, this isn’t all that odd. Compatibility of kernel modules is often critical for servers and production systems, but day-to-day desktop usage doesn’t change much from update to update.

    Two things motivated me to scrutinize the kernel version more closely: considerations for specific hardware; and a very scary bug recently identified in the Ubuntu distribution’s latest release.

    Having picked up a lot of useful tips in exploring different kernel versions, I decided to share what I’ve learned so far.

  • Desktop
  • Kernel Space
    • Linux 4.14.13
    • Linux 4.9.76
    • Linux 4.4.111
    • Linux Foundation
      • Automotive Grade Linux Hits the Road Globally with Toyota; Amazon Alexa Joins AGL to Support Voice Recognition

        Automotive Grade Linux (AGL), a collaborative cross-industry effort developing an open platform for the connected car, today announced that AGL is now in Toyota vehicles around the world. AGL also announced five new members, including Amazon Alexa, which joined as a Silver member.

        “Having AGL in vehicles on the road globally is a significant milestone for both AGL and the automotive open source community,” said Dan Cauchy, Executive Director of Automotive Grade Linux at The Linux Foundation. “Toyota has been a strong proponent of open source for years, and we believe their adoption of an AGL-based infotainment system has set a precedent that other automakers will follow.”

    • Graphics Stack
      • Intel Posts Initial Open-Source Graphics Driver Patches For Icelake “Gen 11″ Hardware

        While Intel Cannonlake processors aren’t out yet with their new “Gen 10″ graphics hardware, Intel’s Open-Source Technology Center has published their first graphics driver patches for Linux enablement of Icelake “Gen 11″ hardware.

        Cannonlake CPUs will be shipping this year while Icelake is at least a year out, which will feature further improvements to the Intel onboard graphics. Intel OTC developers had posted their first GPU Linux driver patches last April for Cannonlake in order to get the support reviewed and upstream well ahead of the hardware launch.

  • Applications
  • Desktop Environments/WMs
    • GNOME Desktop/GTK
      • GXml 0.16.0 Released

        GXml is a library for XML access and GObject serialization to XML, with a W3C DOM4 API implementation.

      • Vala Warnings output Improvements

        As for resent release of Vala 0.39.4, there are huge improvements if we talk about warnings output at Vala code and C code compilation level.

        One of the argument against Vala, has been the number of warnings you get for a valid Vala code at C level compilation. As an example you can check warnings for GXml in March 2017 about 230, some were my fault but other at C level.

  • Distributions
    • What is your favorite desktop Linux distribution?

      There are all sorts of reasons people take their pick. It could be based on familiarity, on the UI, on performance, on package availability, on stability, on support, or thousands of other factors. Every year, just once, we let you chime in and tell us your favorite.

      This year, in an effort to keep the conversation a little more focused, we’re asking specifically, what’s your favorite desktop distribution? And we’re adding a few more choices this year. To be as fair as possible when it’s impossible to list every distribution, we pulled the top 15 distributions according to DistroWatch over the past 12 months. It’s not scientific—but it’s something to start with, and we had to cull it down somehow.

    • New Releases
      • Release | Endless OS Version 3.3.8

        Fixes to the dual-boot OS selection menu. An error message introduced in Endless OS 3.3.7 is fixed, and hibernated Windows systems are detected in more cases.

        Drag and drop for apps. We’ve added drag and drop functionality to the applications displayed in your desktop folders. You can now reorder apps, and add and remove apps from folders more easily.

        Dual-boot installation from DVDs. The Endless Installer for Windows now works correctly when run from a DVD.

    • Red Hat Family
      • Finance
      • Fedora
        • Vipul Siddharth: How Do You Fedora?

          Vipul Siddharth is an intern at Red Hat. He is pursuing a bachelors degree in computer applications from Christ University in Bengaluru, India. Vipul started using Linux in 2015 His first distribution was Fedora and despite trying Arch, Elementary and others Fedora remains his primary operating system.

          Siddarth’s current daily routine starts with working out, the college and finally the office. He is currently working on Fedora Cloud. “Now I am working on building a testing framework for fedora cloud.” Along with this, he regularly contributes to Fedora Quality Assurance. Vipul also organizes FOSS and Fedora events. “I have organized Fedora activity days and fedora-release parties for Fedora 25 and 26.”

          Siddharth’s childhood hero was Goku from Dragon Ball Z. “I wanted to eat, laugh and protect the world like him. I kinda still do.” Vipul’s favorite movies are 12 Angry Men and The Godfather (I, II and III)

        • A small 2017 retrospective

          In the ARM space there was quite a lot of achievements. The big one being the initial support of aarch64 SBCs (finally!), I was very proud of the work we achieved here, it’s a single install path with uEFI/grub2 and a single install path. More work in the short term, by a team of cross team distro people, which took us a lot longer than I’d hoped, but the outcome is a lot better experience for end users and a much more supportable platform for those that need to support it moving forward! It was no means our only achievement with a lot of other ARM improvements including on the Raspberry Pi, accelerated GPUs, initial support for the 96boards platforms. Three is of coarse already LOTS of work in motion for the ARM architectures in 2018 and I’m sure it’ll be as fun and insanely busy as always but I feel we’re now going into it with a good base for the aarch64 SBCs which will rapidly expand in the devices we support moving forward!

    • Debian Family
      • Debian LTS work, December 2017
      • Markus Koschany: My Free Software Activities in December 2017
      • TeX Live VCS History and Statistics – Perforce, Subversion, Git

        TeX Live is a project of long history, starting somewhen back in the 90ies with CDs distributed within user groups till the most recent net-based distribution and updates. Discussion about using a VCS started very early, in 1999. This blog recalls a bit of history of the VCS for TeX Live, and reports on the current status of the Subversion and Git (svn mirror) repositories.

      • Meltdown and Spectre in Debian

        I’ll assume everyone’s already heard repeatedly about the Meltdown and Spectre security issues that affect many CPUs. If not, see meltdownattack.com. These primarily affect systems that run untrusted code – such as multi-tenant virtual hosting systems. Spectre is also a problem for web browsers with Javascript enabled.

      • Are you a DD or DM doing source-only uploads to Debian out of a git repository?

        If you are a Debian Maintainer (DM) or Debian Developer (DD) doing source-only uploads to Debian for packages maintained in git, you are probably using some variation of the following…

      • Derivatives
        • OSMC’s December update is here with Debian Stretch and Kodi 17.6

          We hope you’ve had a Merry Christmas and a Happy New Year!

          As you may have noticed, we didn’t release an OSMC update in November. After a lot of hard work, OSMC’s slightly belated December update is here with Debian Stretch and Kodi 17.6. This yields a number of improvements, and is one of our largest OSMC updates yet:

          Better performance
          A larger number of software packages to choose from
          More up to date software packages to choose from

          We’d like to thank everyone involved with testing and developing this update.

        • Canonical/Ubuntu
          • The Combined Impact Of Retpoline + KPTI On Ubuntu Linux

            Over the past week I have posted many KPTI and Retpoline benchmarks for showing the performance impact of these patches to combat the Spectre and Meltdown vulnerabilities. But with my testing so far I haven’t done any showing the combined impact of KPTI+Retpoline on Ubuntu versus a completely unpatched system. Here are some of those results.

            Similar to the Benchmarking Clear Linux With KPTI + Retpoline Support, these tests are similar but with a few different systems and looking at the performance when testing from Ubuntu 17.10. The comparison on each system was to a stock Linux 4.14.0 kernel compared to the Linux 4.14 kernel with the upstream KPTI patches paired with the Retpline v5 patches that have yet to be merged for mitigating Spectre.

          • Flavours and Variants
            • Kubuntu 17.10 upgrade – Should you?

              I am not joking. I seriously believe that software regressions should be punished. They destroy people’s mood and will and desire to use programs, and the users start developing almost PTSD-like effects, not knowing when something is going to crash because no one bothered checking their fresh code. Jail time seems appropriate. Failing that, strict and rigorous validation procedures that currently DO NOT EXIST in the wider Linux world.

              Zesty remains the perfect distro and the best Plasma release ever. It’s so much ahead, I feel like shedding a tear every time I use it. In comparison, Awful Anteater is a pale shadow of what Kubuntu can do. So yes it works. But it brings crashes and unnecessary nonsense that just spoils everything. It’s such a shame, and such a wasted opportunity. The upgrade itself was flawless. But it’s not an upgrade. It’s a version increase and a definite downgrade. Wait for the LTS. Or something. Oh, the humanity!

  • Devices/Embedded
Free Software/Open Source
  • 8 unusual FOSS tools for agile teams

    You might be familiar with the expression: So many tools, so little time. In order to try to save you some time, I’ve outlined some of my favorite tools that help agile teams work better. If you are an agilist, chances are you’re aware of similar tools, but I’m specifically narrowing down the list to tools that appeal to open source enthusiasts.

    Caution! These tools are a little different than what you may be expecting. There are no project management apps—there is a great article on that already—so there are no checklists, no integrations with GitHub, just simple ways to organize your thoughts and promote team communication.

  • Top 5 Open Source Firewalls for Business

    Whether it be for home or for your workplace, chances are you’ve encountered an open source firewall. And if you haven’t, you really should check out what these open source firewalls have to offer. In this article, I’ll share the open source firewalls I’ve admired, used in the past and heard good things about. Keep in mind that the needs of your workplace may vary, so be sure to review the features of each firewall solution carefully.

  • Oath’s Top 5 Open Source Goals

    For seven years and counting, Gil Yehuda, Senior Director of Open Source at Oath Inc. (which owns the Yahoo and AOL brands), has led the open source program at Yahoo. Now with an expanded scope, he is gearing up to grow his team and improve the program. The company’s formal open source program office serves as a hub to connect all open source activities across the company, he says, but it didn’t start out that way.

    As with many other companies, the open source program started informally with a group of diligent engineers and a few legal people. But the ad hoc group soon realized it needed a more formal program if it was going to be able to scale to address more issues and achieve specific business goals. With a formal program in place, they are poised to achieve its goals.

  • Why isn’t open source hot among computer science students?

    The technical savvy and inventive energy of young programmers is alive and well.

    This was clear from the diligent work that I witnessed while participating in this year’s PennApps, the nation’s largest college hackathon. Over the course of 48 hours, my high school- and college-age peers created projects ranging from a blink-based communication device for shut-in patients to a burrito maker with IoT connectivity. The spirit of open source was tangible throughout the event, as diverse groups bonded over a mutual desire to build, the free flow of ideas and tech know-how, fearless experimentation and rapid prototyping, and an overwhelming eagerness to participate.

    Why then, I wondered, wasn’t open source a hot topic among my tech geek peers?

    To learn more about what college students think when they hear “open source,” I surveyed several college students who are members of the same professional computer science organization I belong to. All members of this community must apply during high school or college and are selected based on their computer science-specific achievements and leadership—whether that means leading a school robotics team, founding a nonprofit to bring coding into insufficiently funded classrooms, or some other worthy endeavor. Given these individuals’ accomplishments in computer science, I thought that their perspectives would help in understanding what young programmers find appealing (or unappealing) about open source projects.

  • Blue Brain Nexus: An open-source knowledge graph for data-driven science

    EPFL’s Blue Brain Project today announces the release of its open source software project ‘Blue Brain Nexus’, designed to enable the FAIR (Findable, Accessible, Interoperable, and Reusable) data management principles for the Neuroscience and broader scientific community. It is part of EPFL’s open-science initiative, which seeks to maximize the reach and impact of research conducted at the school.

    The aim of the Blue Brain Project is to build accurate, biologically detailed, digital reconstructions and simulations of the rodent brain and, ultimately the human brain. Blue Brain Nexus is instrumental in supporting all stages of Blue Brain’s data-driven modelling cycle including, but not limited to experimental data, single cell models, circuits, simulations and validations. The brain is a complex multi-level system and is one of the biggest ‘Big Data’ problems we have today. Therefore, Blue Brain Nexus has been built to organize, store and process exceptionally large volumes of data and support usage by a broad number of users.

  • Devery.io – a Blockchain Powered, Open-Source, Product Verification Protocol

    Devery.io are developing the Devery Protocol, aiming to provide a decentralized verification platform enabling the marking and tracking of items over the Ethereum blockchain.

  • What the Haven app shows us about the value of Open Source

    Christmas may have come a few days early this past December for security advocates with the introduction of the Haven app, bringing with it a fair amount of excitement, criticism, and an excellent opportunity to explore some of the less often discussed aspects of working with open source.

    For those who have been off of Twitter since the coverage started since Friday, the Haven app has been proposed as a solution for protecting your physical space from surveillance (or worse). Built for Android by the good folks over at the Guardian Project, the makers of great anonymity apps that help protect their users from surveillance, the app makes use of the phone’s sensors to detect intruders that might attempt to creep on your personal space.

  • Web Browsers
    • Mozilla
      • Jet Villegas: Turning a Corner in the New Year

        2017 was quite a year beyond the socio-economic, geo-political, and bizarre. I, and many of my colleagues did what we could: find solace in work. I’ve often found that in uncertain times, making forward progress on difficult technical projects provides just enough incentive to continue for a bit longer. With the successful release of Firefox 57, I’m again optimistic about the future for the technical work. The Firefox Layout Engine team has a lot to be proud of in the 57 version. The winning combination was shipping big-ticket investments, and grinding down on many very difficult bugs. Plan “A” all the way!

  • Pseudo-Open Source (Openwashing)
    • Facebook has open-sourced encrypted group chat

      Facebook has responded to governments’ criticism of cryptography by giving the world an open source encrypted group chat tool.

      It’s hardly likely to endear the ad-farm to people like FBI Director Christopher Wray, who yesterday told an international infosec conference it was “ridiculous” that the Feds have seized nearly 8,000 phones they can’t access. UK prime minister Theresa May has also called for backdoors in messaging services and for social networks to stop offering “safe spaces” for extremists.

  • Licensing/Legal
    • Open source code recycling: Know your software supply chain

      GNU/Linux was able to fill this gap, truly reshaping software design and development. Rather than writing and updating proprietary, foundational code, various developers working at varying companies or on their own could use and enhance the basic software building blocks, thereby focusing the majority of their resources on higher stack-level innovations.

      And, it worked.

Leftovers
  • Reddit isn’t a discussion forum, and neither is Twitter or Discord

    The post itself doesn’t mention anything about archival or exporting — “they cost us money to maintain”, though someone in the comments says they’re looking into solutions — but it does mention where to go next

  • Device Battery Overheats in Apple Store, Injures Seven

    Approximately 50 customers and Apple employees were evacuated from a Swiss battery store after the battery of a device overheated and started emitting smoke.

    While it wasn’t disclosed which device was using the faulty battery, local media Watson (via 9to5mac) reports that the emergency services quickly responded to a call from an Apple Store in Zurich at Bahnhofstrasse 77, as no less than seven people reportedly suffered minor injuries.

    An Apple Store employee suffered burns when trying to remove the battery, and six other persons, either workers or members of the staff, needed medical care because of smoke inhalation.

    Zurich police say the Apple Store staff responded well to the incident and the overheated battery was covered with sand to stop the fire and prevent smoke from being emitted inside the store. Specialists from the Zurich Forensic Institute have already picked up the battery for further investigation in order to determine the actual cause of the incident.

  • Science
    • As Electric Cars’ Prospects Brighten, Japan Fears Being Left Behind

      At a factory near the base of Mount Fuji, workers painstakingly assemble transmissions for some of the world’s top-selling cars. The expensive, complex components, and the workers’ jobs, could be obsolete in a couple of decades.

      The threat: battery-powered electric vehicles.

      Their designs do away with the belts and gears of a transmission, as well as thousands of other parts used in conventional cars. Established suppliers are nervous, especially in Japan, where automaking is a pillar of the economy — and where industrial giants have been previously left behind by technological change.

    • Human Planet explores the tenuous relationship between humankind and nature

      Hurrah for humans, the apex predator to rule them all. Human Planet rises above the unnerving absence of David Attenborough to pitch a good yarn about homo sapiens and the things people without Netflix do to survive in hostile environments.

      The Mornington Peninsula in summertime would have been a good subject for this eight-episode BBC production dating from 2011 but instead this week it veers to the Arctic, where a couple of Greenland Inuit who have never heard of the Portsea Polo are busy catching a 3.6-metre-long Greenland shark, the slow-swimming garbage guts of the frozen north.

    • Osteoarthritis could be treated as two diseases, scientists reveal

      Scientists at The University of Manchester have discovered that most people with osteoarthritis can be subdivided into two distinct disease groups, with implications for diagnosis and drug development.

      Professor Tim Hardingham, based at The University’s Wellcome Trust Centre for Cell-Matrix Research and Division of Cell Matrix Biology and Regenerative Medicine says the team has identified two different patterns of disease activity.

    • SpaceX May Have Destroyed a U.S. Spy Satellite Worth Billions of Dollars

      The SpaceX launch of a government spacecraft is reported to have ended in disaster, with the payload burning up in the atmosphere before it reached orbit.

  • Security
    • Linux Mint project advises on Meltdown and Spectre

      The Linux Mint project has released a guide to address the Meltdown and Spectre bugs offering instructions for users on how they should mitigate the holes in their systems. It explains how to tighten up your web browsers and driver software, as well as providing a status update on when we can expect a patch to the kernel.

      The main browser that’s bundled with the operating system is Firefox. The advice is to ensure you update to Firefox 57.0.4, which was released several days ago. As for Chrome and Opera, you should go into the respective flags pages and enable strict site isolation, also called site per process. Google plans to fix the bug next month when it releases the next major edition of Google Chrome. An Opera update will follow.

    • Canonical Releases Ubuntu Kernel and Nvidia Updates to Fix Meltdown and Spectre

      As promised, Canonical released a few moments ago the new kernel and Nvidia updates to address the Meltdown and Spectre security vulnerability on all supported Ubuntu Linux releases.

      The company said last week in a public announcement that it will patch all supported Ubuntu releases against Meltdown and Spectre security vulnerabilities, and the first set of patches are now available in the stable software repositories of Ubuntu 17.10 (Artful Aardvark), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) to address some of these issues.

    • Linux Mint security notice on Meltdown and Spectre

      A security notice was posted on the official Linux Mint blog on January 9, 2017. It informs users of the Linux distribution about the recently discovered security issues in modern processors called Meltdown and Spectre, and how these affect Linux Mint.

      The notice contains instructions to protect Linux Mint systems from potential attacks that target the vulnerabilities. It covers web browsers, Nvidia drivers, and the Linux kernel.

    • Tails 3.4 Anonymous Live System Released with Meltdown and Spectre Patches

      The Tails development team announced today the release and general availability of the Tails 3.4 amnesic incognito live system, also known as the anonymous live system.

      Tails is a Debian-based live Linux system designed with a single purpose in mind, to hide all your online activity from the prying eyes of the government. For that, it relies on the latest Tor and Tor Browser technologies by allowing users to connect to the Tor anonymous network.

    • Tails 3.4 is out
    • Tails 3.4 privacy-focused Linux distro now available with Meltdown and Spectre fixes

      With everything going on in the world these days, it can feel like you are naked when using your computer. If you previously felt safe and secure, these last several years have probably eroded all of your confidence. Between Edward Snowden’s revelations and the many vulnerabilities constantly hitting the news, it is tempting to just live in the woods without electricity.

      Before you sell your house, buy a tent, and become a nomad, you should consider a Linux distribution the helps you fight back against evil governments, nefarious hackers, and other bad people. Called “Tails,” this Linux-based operating system is designed to be run from a live environment, such as on a DVD or flash drive, so you can hide your tracks and enjoy your God-given right to privacy. Today, version 3.4 becomes available and if you are already a Tails user, you should upgrade immediately. Why? Because it includes kernel 4.14.12 which offers fixes for Meltdown and Spectre (partially).

    • Greg Kroah-Hartman on Meltdown and Spectre Bugs: Go Update Your Linux Kernel

      Renowned Linux kernel developer Greg Kroah-Hartman has published an in-depth article on the status of the Meltdown and Spectre patches in the Linux kernel.

      As you already know, two severe hardware bugs were unearthed last week as the worst chip flaws in the history of computing. Dubbed Meltdown and Spectre, these security vulnerabilities affect us all, and put billions of devices at risk of attacks by allowing attackers to steal your sensitive data that’s stored in kernel memory via locally installed apps or on the Web through malicious scripts.

    • Ubuntu Releases Security Patch For Meltdown

      In another article, I have covered what is Meltdown and Spectre and told you how critical it is for us Linux users. The Linux had been fixed immediately after the two flaws were discovered. But the Ubuntu maintained kernel was not updated against Meltdown and Spectre.

    • Wi-Fi Will Get a Little More Secure This Year
    • WPA3 is the cure for the cracked WiFi algorithm blues you’ve been waiting for
    • Intel CEO Promises Fix for Serious Chip Security Flaw
    • Intel CEO Addresses Meltdown and Spectre CPU Flaws at CES 2018
    • At CES, Intel chief mum on shares sale after bug disclosure

      Intel chief executive Brian Krzanich has avoided making any mention of his controversial sale of stock and options in a keynote at the Consumer Electronics Show in Las Vegas, though he did touch on the two vulnerabilities found in most processors produced by the company he heads.

    • Intel Releases Processor Microcode Patch for Linux OSes, Here’s How to Update

      Intel has released an updated microcode patch for Linux-based operating systems to address the Meltdown and Spectre security vulnerabilities.

      By now, everyone heard about Meltdown and Spectre, two severe hardware bugs that affect billions of devices, putting them at risk of attacks as unprivileged attackers could steal your sensitive data stored in kernel memory using a locally installed application or via the Internet using malicious scripts. Intel, AMD, and ARM processors are affected by these security exploits.

    • Tails 3.4 Linux Distro Released With Meltdown And Spectre Patches — Get It Here

      Linux is considered to be the basis of one of the most secure operating systems around. Out of all the Linux distro options available, Tails is considered to be the most secure. However, due to screwups on behalf of chipmakers, almost all operating systems were affected, including Tails.

    • Security updates for Wednesday
    • Security Flaw in macOS 10.13 Lets App Store Preferences Access with Any Password

      Another major security flaw was discovered in Apple’s macOS High Sierra 10.13 operating system, which lets anyone accessing the App Store preferences panel with any password if it’s locked.

      First spotted by MacRumors, there’s a bug report about an issue, discovered a couple of days ago by someone and reported on Open Radar, which lets anyone access the App Store panel in System Preferences with literally any password, if the padlock at the bottom left corner is closed and your Mac is unlocked.

      Usually, that padlock isn’t locked, but its label says “Click the lock to prevent further changes” in the current version of macOS, a.k.a. High Sierra 10.13.2. Locking those settings should prevent someone from disabling automatic updates, as well as installing of new macOS versions, system data files, and security update.

    • Microsoft: Be Ready For Significant Slowdown Of Your Old PC After Spectre Security Patches
    • Intel Posts Updated Microcode Files For Linux

      In the wake of Meltdown and Spectre, Intel yesterday released new microcode binaries for Linux systems.

    • Intel Releases Processor Microcode Patch for Linux OSes, Here’s How to Update
    • Updated Intel Microcode Not Causing Any Significant Performance Impact On Linux
    • DragonFlyBSD Posts Initial Kernel Fix For Spectre
    • Meltdown Fixes Will Slow Intel Computers — Here’s All The Proof You Need
    • It’s not just Windows – Linux Ubuntu systems being bricked by Meltdown/Spectre patches, too
    • Canonical Fixes Ubuntu 16.04 LTS Regression Causing Boot Failure on Some PCs

      Canonical has released on Wednesday a new Linux kernel update for Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address a regression introduced with yesterday’s security patch against the Meltdown vulnerability.

      On Tuesday, Canonical published multiple security notices to inform users of the Ubuntu 17.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 ESM operating systems that they can now patch their computers against the Meltdown security vulnerability affecting billions of devices.

    • Meltdown & Spectre Patches Causing Boot Issues for Ubuntu 16.04 Computers

      Ubuntu Xenial 16.04 users who updated to receive the Meltdown and Spectre patches are reporting they are unable to boot their systems and have been forced to roll back to an earlier Linux kernel image.

      The issues were reported by a large number of users on the Ubuntu forums, Ubuntu’s Launchpad bug tracker, and Reddit thread. Only Ubuntu users running the Xenial 16.04 series appear to be affected.

    • First malicious Android app built with open source Kotlin language found wild

      For the first time, a malicious Android application built with Kotlin has been discovered in the Google Play store. First noted by Trend Micro researchers in a Tuesday blog post, it’s possible that the app has already been downloaded thousands of times.

      In late November 2017, it was reported that 17% of the projects in Android Studio were using Kotlin. Because it’s becoming easier to convert Java code to Kotlin, and the new language features a null-safety feature that can improve app quality, we’ll likely see even more apps developed with the language. However, this also means we could see more malicious apps developed with Kotlin as well.

    • Debian Stretch and Jessie Get Kernel Patches to Mitigate Meltdown Security Flaw

      The Debian Project released updated Linux kernels for Debian GNU/Linux 9 “Stretch” and Debian GNU/Linux 8 “Jessie” operating system series to patch the Meltdown security vulnerability and other issues.

      Last week, Debian GNU/Linux 9 “Stretch” users received the Linux kernel patch to mitigate the Meltdown security vulnerability (CVE-2017-5754) that affects billions of devices by allowing attackers to control unprivileged processes and read the memory from random addresses, including the kernel, as well as other processes running on the unpatched machine. To patch the issue, users had to update the kernel to version 4.9.65-3+deb9u2.

    • Linux Systems with Exposed SSH Ports, Targeted by Python-Based Botnets

      Cybersecurity experts believe that a band of experience cybercriminals have created a botnet made of Linux-based systems and is using them to mine Monero, a cryptocurrency.

    • Meltdown-Spectre: IBM preps firmware and OS fixes for vulnerable Power CPUs

      IBM has outlined a month-long plan to fix datacenter equipment running on its Power CPUs, which the company has now confirmed are vulnerable to the Meltdown and Spectre CPU attacks.

      The company today released firmware updates for the Power7+ and Power8 CPUs, with Power9 fixes coming on January 15.

      Until now, IBM hadn’t fully confirmed its Power systems are affected by the two CPU attacks, though Red Hat said in its January 3 advisory that exploits existed for IBM System Z, Power8, and Power9 systems.

    • How to install/update Intel microcode firmware on Linux
  • Transparency/Investigative Reporting
  • Environment/Energy/Wildlife/Nature
    • Interior puts science grants through political review

      Interior has ordered the National Academies of Sciences, Engineering and Medicine to halt two studies that conflict with the administration’s goal of expanding domestic fossil fuel production.

    • Canadian Research Adds to Worry Over an Environmental Threat the Pentagon Has Downplayed for Decades

      New research by Canadian scientists into the spread of a chemical commonly used in military explosives has confirmed some of the worst fears of U.S. environmental regulators tracking the threat posed by the Pentagon’s handling of its munitions in this country.

      The Canadian research analyzed soil and water samples at nine sites where military explosives were detonated between 1990 and 2014, and came up with data about where and in what concentrations the explosive compound known as RDX, a possible human carcinogen, had turned up. Calling RDX “an internationally known problem,” which “has led to an international warning on possible soil, surface water, and groundwater contamination on military training sites,” the research described with actual measurements how RDX floats on the wind and seeps through soils into water supplies.

      The researchers took water samples from groundwater at the explosives sites and found that in 26 out of 36 samples, the RDX that had made its way into aquifers exceeded levels considered safe. As a result, the researchers suggest that the data can be used to model RDX contamination at any site where munitions are routinely detonated, and for the first time, give environmental experts a way to quantify how much of it is spreading into surrounding communities.

  • AstroTurf/Lobbying/Politics
    • Wolff’s Trump Book Highlights White House Press Corps’ Access Trap

      There’s an old adage in journalism: The most interesting stories aren’t told in the newsroom, they’re the ones that reporters tell each other privately at the bar after work. Shrinking this gap—between what reporters know and what they are allowed to tell the public—amounted to Nick Denton’s founding ethos for his former website Gawker. And it increasingly looks like media gadfly Michael Wolff followed the very same strategy for Fire and Fury, his new, behind-the-scenes account of the chaos, incompetence and dishonesty of the Trump White House.

      To be clear, Wolff has a long track record of sloppy reporting, incorrect facts and outright fabulism. This book neatly fits into this canon; in its prologue, it offers a sweeping disclaimer jettisoning much of what would be standard journalistic due diligence. Not surprisingly, mainstream reporters have already found sloppy errors.

      What is undeniable, though, is that Wolff sweet-talked his way into Trump’s good graces—and, by extension, the White House—by cannily bashing mainstream media coverage of him last year. As a result, Wolff claims he was able to conduct more than 200 conversations with top Trump White House insiders (he claims to have dozens of hours of recordings), many of whom gave him damning, on-the-record quotes betraying their fear, loathing or some combination of the two for the man currently occupying the Oval Office.

    • Missing the Trump Team’s Misconduct

      Between flailing over Russia-gate and obsessing over a “tell-all” book, the major U.S. news media continues to miss the more substantive misconduct of the Trump administration, says JP Sottile.

    • In Trump Era, ‘Both Sides’ on Immigration Includes White Nationalists

      President Trump’s far-right immigration policies have US corporate media reaching to the white nationalist fringes of the faux-think tank world to provide “both sides” coverage on the topic.

      The Center for Immigration Studies has, since January 2017, taken an outsized role in American media as Trump’s go-to defender for his overtly white nationalist immigration policies. There’s one problem with this: The Center for Immigration Studies is, according to the Southern Poverty Law Center (SPLC), a hate group with a long, documented history of nativist and white nationalist leanings.

    • Ethics Board Fines Cook County Assessor Over Campaign Contributions

      Cook County Assessor Joseph Berrios is facing $41,000 in fines for failing to return campaign contributions from property tax appeals lawyers whose donations exceeded legal limits, according to a pair of new rulings by the county ethics board.

      The rulings raise the level of scrutiny on campaign contributions given by appeals lawyers to Berrios, who doubles as chairman of the Cook County Democratic Party and depends heavily on their donations in raising political funds. The action also ignites another high-profile showdown with the county Board of Ethics, with which he previously clashed over nepotism issues.

      At the center of the ethics board’s rulings is a 2016 county ordinance stating that donors who seek “official action” with the county may contribute no more than $750 in nonelection years. Attorneys for Berrios are seeking to overturn the rulings, arguing that the county limits are unconstitutional and that higher limits set by state law should apply, among other objections.

    • After a Sweet Deal With Dad, Eric Trump Assembles a Valuable Penthouse

      President Donald Trump’s son Eric is preparing to capitalize on a windfall he received from his father during the presidential campaign: He’s combining three luxury Manhattan high-rise apartments, one of which he purchased at a throwaway price from his father, into one potentially lucrative penthouse.

      In the spring of 2016, Eric Trump got a great deal from his father. He bought two previously unsold condominium apartments at Trump Parc East for just $350,000 each, about half of the price they had recently been listed for.

      Such bargain basement sales are usually treated as gifts by the IRS. But they might not have been taxed that way, tax experts said, because of advantages available only to real estate developers.

      Last month, Eric transferred ownership of one of the condos — unit 14G — and two other adjacent apartments he owns into a new entity called 100 CPS Penthouse LLC.

  • Censorship/Free Speech
    • Donald Trump is suing my publisher, and its response is magnificent

      Henry Holt is a division of Macmillan (owners of Tor Books, who publish my novels); they’re the folks who published Michael Wolff’s bestselling Fire and Fury, which has so thoroughly embarrassed Donald Trump that the President of the United States has threatened to sue them.

    • Croatian Filmmakers Protest Against HRT Censorship

      The Croatian Association of Film Producers and the Society of Croatian Film Directors have sent a letter to the Croatian Radio Television (HRT) concerning the postponement of the broadcast of the Croatian film “The Ministry of Love”, directed by Pavo Marinković, which was co-produced by the public television itself, reports tportal.hr on January 9, 2018.

      “The Ministry of Love” was supposed to be broadcast on the HRT2 channel on 4 January 2018, but the broadcast was delayed, which caused concerned by the two film industry associations. The delay was a consequence of protest by war veterans’ associations, which are displeased with the movie’s content.

    • Chinese Women Share #MeToo Stories Despite Possible Censorship

      In China, one study estimated 80% of women had experienced sexual harassment. But as the #MeToo movement has spread across the globe, the Guardian points out that reports from China have been few. Leta Hong Fincher, an expert in feminism in China, told the Guardian she thinks the country’s authoritarian government may be the reason why few women have come out under #MeToo, saying censorship may be at play. But as the movement continues into the new year, the Guardian reports stories about sexual harassment and assault are starting to pile up.

    • #MeToo Has Reached China, but Will It Have an Impact?

      The country’s entertainment sector is beginning to grapple with sexual harassment in the post-Weinstein era, but cultural barriers like victim shaming, limited legal recourse and the lack of a free press could stand in the way.

      For anyone considering filing official complaints of sexual harassment within the Chinese film industry, the 2003 case of actress Zhang Yu is a cautionary tale. As a young woman just starting out in the Beijing-based film industry, Yu claimed that she was pressured into having sex with over a dozen directors with the promise of fame. After filing a number of lawsuits, Zhang provided more than 20 videos and audiotapes to the police, with a number of clips and stills becoming public online. Though it was widely believed that there was enough evidence to prove her case, she still lost her lawsuit and received no compensation. With her career essentially over, Zhang has since disappeared from the public eye.

    • In Washington Speak, Censorship Is Called “Transparency”

      Last month senior officials at the U.S. Centers for Disease Control and Prevention told staffers to avoid using seven words such as “science-based” and “fetus” in budget-related documents. The backlash was swift and strident; headlines accused the CDC of censoring scientific ideas, of attempting to substitute ideology for truth, of an Orwellian attempt to manufacture an alternate reality under the administration of Donald Trump.

      The CDC denies it “banned” any words, and further reporting by The Washington Post cast the “words to avoid” issue as an attempt to make the agency’s work more palatable to Republican lawmakers. Even so, the incident provides a telling glimpse of the politicization of the agency’s communications. Documents recently obtained via two Freedom of Information Act (FOIA) requests indicate the CDC and other executive branch agencies do, in fact, quietly implement organized strategies to control the flow and tone of scientific information to the press and the public. Moreover, these practices have been in place under both the Trump and Obama administrations. The techniques being used are much more subtle—and sometimes more successful—than mere censorship. Two agencies under the Department of Health and Human Services’ umbrella have erected obstacles to reporters’ access to federal scientists. And by striking backroom deals with favored journalists, press officers try to get reporters to cleave to an official narrative. “They’re asking people to be stenographers,” says Ivan Oransky, a health journalist and journalism professor at New York University.

    • Despite Threats of Censorship, Documentary Filmmakers Show Human Rights Violations in Western Sahara

      Stories about life in Western Sahara — a disputed territory controlled by the Moroccan government — are rarely told by people who live there.

      In a militarized environment with aggressive controls on media and citizen reporting, few stories of Western Sahara reach audiences beyond the immediate region. But a new documentary film that charts one independent media group’s struggle to document human rights violations in Western Sahara has the opportunity to change this.

      The film, 3 Stolen Cameras, had its world premiere at the DOK Leipzig Documentary Film Festival in Germany last November, despite threats of censorship and funding challenges.

    • First France, Now Brazil Unveils Plan to Empower the Government to Censor the Internet in the Name of Stopping “Fake News”

      Yesterday afternoon, the official Twitter account of Brazil’s Federal Police (its FBI equivalent) posted an extraordinary announcement. The bureaucratically nonchalant tone it used belied its significance. The tweet, at its core, purports to vest in the federal police and the federal government that oversees it the power to regulate, control, and outright censor political content on the internet that is assessed to be “false,” and to “punish” those who disseminate it. The new power would cover both social media posts and entire websites devoted to politics.

      “In the next few days, the Federal Police will begin activities in Brasília [the nation’s capital] by a specially formed group to combat false news during the [upcoming 2018 presidential] election process,” the official police tweet stated. It added: “The measures are intended to identify and punish the authors of ‘fake news’ for or against candidates.” Top police officials told media outlets that their working group would include representatives of the judiciary’s election branch and leading prosecutors, though one of the key judicial figures involved is the highly controversial right-wing Supreme Court judge, Gilmar Mendes, who has long blurred judicial authority with his political activism.

    • Virgin Trains drops Daily Mail as it deems paper ‘not compatible with our beliefs
    • Mail attacks Virgin Trains for ‘political censorship’ after operator drops paper
    • Virgin trains accused of censorship after removing Daily Mail from its shops
    • Daily Mail accuses Virgin Trains of censorship over paper ban
    • Daily Mail cries censorship as Virgin Trains halts sales
    • Why ordinary Iranians are turning to internet backdoors to beat censorship
    • How a Toronto app is helping Iranians hack internet censorship
    • Iranians are finding ways to get around the government’s censorship of social media
    • Iran May Be Rethinking Its Internet Censorship but This Is Not Real Change
    • Internet Cut-Off During Recent Unrest in Iran Reveals Tehran’s New Cyber Capabilities
    • Anti-Conservative Censorship Spreads From Campuses To Big Tech
    • Censorship Office Cautions Night Clubs
  • Privacy/Surveillance
    • A tribute to James Dolan, co-creator of SecureDrop, who has tragically passed away at age 36

      It was with an extremely heavy heart that we recently learned our friend and former colleague James Dolan—one of the co-creators of SecureDrop and Freedom of the Press Foundation’s first full time employee—took his own life over the holidays. He was 36.

    • CBP Warrantless Device Searches Continue To Increase And New DHS Guidance Isn’t Going To Bring That Number Down

      The DHS made two significant announcements late last week, both dealing with the CBP’s warrantless searches of electronic devices at the border. The first was a bit of info, showing the exponential increase in device searches in 2016 (jumping from 5,000 in 2015 to 20,000 in 2016) is part of a trend, rather than an anomaly. Searches increased another 59% in 2017, rising to 30,200 total.

      The DHS and CBP also released statements justifying the ongoing increase in warrantless searches.

    • AT&T, Huawei Phone Partnership Killed At Last Second By More Unproven Accusations Of Huawei Spying

      If you remember a few years ago, there was ample hysteria and hand-wringing in Congress regarding Huawei’s plan to compete in the American cell phone and network hardware business. But despite near-constant claims by certain lawmakers that Huawei was an intelligence proxy for the Chinese government, numerous, multi-year investigations found absolutely no evidence to support this conclusion. That of course didn’t stop certain parties from repeatedly insisting that Huawei was a Chinese government spy, since we all know that in the post-truth era, what your gut tells you is more important than empirical evidence.

      Never mind that almost all U.S. network gear is made in (or comprised of parts made in) China. Never mind that obviously NSA allegations show the United States spies on almost everyone, constantly. Never mind that reports have emerged that a lot of the spy allegations originate with Huawei competitor Cisco, which was simply concerned with the added competition. Huawei is a spy. We’re sure of it. And covert network snooping is bad. When China does it.

    • GCHQ sought to ‘better liaise’ with watchdog, court document shows

      GCHQ tried to open up a privileged channel of communication with the oversight commissioner responsible for monitoring its activities, according to letters released in a surveillance court case.

      The government’s monitoring agency in Cheltenham wrote to Sir Adrian Fulford, the investigatory powers commissioner, asking if an “appropriate process or protocol” could be set up to “better liaise” with his office.

      The initiative comes amid legal challenges at the investigatory powers tribunal (IPT) brought by Privacy International, Liberty and others over legal safeguards governing the interception and retention of emails and digital data.

      GCHQ said in the letter, sent in November, that it did not wish to undermine Fulford’s independence or prejudice court hearings, but it suggested exploring whether “there may be appropriate options for resolving any factual issues which may exist in relation to evidence currently before the IPT”.

    • Police probe sought after India biometric data leak reported

      Indian authorities have asked the police to investigate The Tribune newspaper and one of its reporters after the publication of a report that claimed personal details of Indian citizens, submitted to the country’s Aadhaar authority, were being sold cheaply online.

    • NSA Surveillance Bill Would Legalize Loophole That Lets FBI Spy on Americans Without a Warrant

      With major NSA surveillance authorities set to expire later this month, House Republicans are rushing to pass a bill that would not only reauthorize existing powers, but also codify into law some practices that critics have called unconstitutional.

      The bill takes aim at reforming how federal law enforcement can use data collected by the National Security Agency, putting a modest constraint on when the FBI can conduct so-called backdoor searches of Americans’ communications. But because such searches make use of a legal loophole, critics say the current bill may do more harm than good by explicitly writing the practice into law.

    • Devin Nunes Messed With NSA’s Most Cherished Surveillance Power

      It’s the NSA’s most cherished mass-surveillance law, albeit one civil libertarians consider dubiously constitutional. And the chairman of the House Intelligence Committee helped jeopardize its renewal, The Daily Beast has learned—by resurrecting a pseudo-scandal of his own invention.

      In recent months, congressional negotiators have been working on a bill codifying an umbrella of mass-surveillance activities known as Section 702 of the Foreign Intelligence Surveillance Act. The authorization for those activities is due to expire in a matter of days.

    • Congress’s Absurd Quest to Curb the Surveillance State

      In attempting to both appease the intelligence community and ostensibly roll back its powers, lawmakers are making a mockery of the reform effort.

    • Data protection bill amended to protect security researchers

      Matt Hancock, the new culture and digital secretary, said: “We are strengthening Britain’s data protection laws to make them fit for the digital age by giving people more control over their own data. This amendment will safeguard our world-leading cybersecurity researchers to continue their vital work to uncover abuses of personal data.”

  • Civil Rights/Policing
    • Teacher removed from public education meeting in handcuffs after asking why superintendents get raises but teachers don’t

      Deyshia Hargrave is an English teacher at Rene Rost Middle Schools in Vermilion Parish, Louisiana; on Monday night, she attended a special meeting of the local school board and, when called upon comment period, politely asked why the board superintendants had voted themselves a raise while the teachers in the school district have been subjected to a long-term pay-freeze. The superintendent ruled her question out of order and then a deputy Abbeville city marshal who works in the parish schools dragged her out of the room, put her in handcuffs and threw her to the floor while chanting “stop resisting.”

    • Louisiana Teacher Put in Jail After Asking Questions About Poor Salary, Superintendent’s Raise
    • Jury Awards Couple No Damages For Bungled Marijuana Raid Predicated On Wet Tea Leaves

      A jury has shrugged its shoulders in response to a farcical effort by local publicity hounds/drug warriors to score a 4/20 marijuana bust, only to end up with a handful of garden supplies and violated rights. The lead-up to the bungled raid of Robert and Addie Harte’s house included a law enforcement agency hoping to bury the previous year’s 4/20 raid failure (in which tomatoes were seized), a state trooper compiling a freelance database of garden store visitors, two field drug tests that identified tea leaves as marijuana, and a whole lot of might-makes-right drug warrioring.

      By the time it was over, the Hartes had been held at gunpoint for two hours while the sheriff’s department desperately tried to find something illegal in their home. Nothing was found and the Hartes sued the law enforcement agency. The district court said this was fine: officers should be able to rely on the results of field drug tests, even when said field drug tests are notoriously fallible.

    • ‘The issue is personal for Kushner’: Jared and Jeff Sessions to launch prison ‘reform’ listening tour

      Attorney General Jeff Sessions and senior White House advisor Jared Kushner will officially launch a listening session on prison reform, Axios reported Wednesday.

      Kushner, President Donald Trump’s son-in-law, has been quietly exploring the issue for six months.

      Policy solutions have yet to be unveiled.

  • Internet Policy/Net Neutrality
  • Intellectual Monopolies
    • CRISPR Patent Wars: How to Claim a Cure

      CRISPR-Cas9 have been reported on and discussed in a plethora of different articles, journals, and blog posts. At the moment it is one of the most central focuses in the conversation on medical advancement and the ethical lines that must be drawn within this field.

      What generally doesn’t make as many headlines, however, is the the ongoing battle for intellectual property rights to the groundbreaking medical technology. Can you prove ownership of gene editing technology?

      Moreover, could there be costs to this patent war given the nature of the technology?

    • Trademarks
      • The Other Side: Phoenix Comicon Proactively Changes Names To Avoid San Diego Comic-Con Bully

        We had just been talking about the brewing trademark civil war set to break out across the country in the comics conventions space, with Yakima Central City Comic Con choosing not to react to the fiasco of a court case that saw San Diego Comic-Con enforce its trademark against a convention in Salt Lake City. Their decision, publicly revealed relatively soon after the court case outcome, indicated that some comic conventions take the view that SDCC’s trademark is invalid for any number of reasons and that they can simply wait for the Salt Lake Comic Con’s attempt to invalidate SDCC’s trademark to shake out. These would be conventions deciding not to freak out just because one bully got one win.

        But of course that stance could never be universal among all comic conventions in America and now we have our first convention deciding to show everyone what a chilling effect trademark bullying can have. The previously-named Phoenix Comicon has announced it will be rebranding as the Phoenix Comic Fest, with the company behind the convention, Square Egg Entertainment, providing only the thinnest of veils over its reasoning for the change.

    • Copyrights
      • Copyright Maximalists Throw In The Towel On Term Extension; Admit That Maybe Copyright Is Too Long

        Last week, in writing about how this should be the last year (for forty straight years) that no old works have moved into the public domain in the US due to repeated copyright term extensions, I noted that there did not appear to be much appetite among the usual folks to push for term extension. Part of this is because the RIAAs and MPAAs of the world know that the fight they’d face this time would be significantly more difficult then when they pushed through the Sonny Bono Copyright Term Extension Act 20 plus years ago. Not only do they know it would be more difficult, they know that they’d lose. Unlike last time, this time the public is paying attention and can mobilize on the internet.

        Indeed, we were surprised a few years back when then Copyright Office boss, Maria Pallante — who has long pushed for copyright maximalism in many different areas — suggested one tiny aspect of potential copyright reform could be to make the last twenty years (the life plus 50 to life plus 70 years) sort of optional. Even this very, very minor step back from the idea of automatic life plus 70 years (or more!) was fairly astounding for what it represented. Copyright interests have never been willing to budge — even an inch, and here was a tiny inch that they indicated they were willing to give up.

      • Media Giant Can Keep Seized Ad Revenue From Pirate Sites

        A federal court in Florida has signed a default judgment against more than two dozen relatively small pirate sites. The order grants media conglomerate ABS-CBN ownership of the associated domain names. In addition, it can keep the sites’ previously seized advertising revenue from networks including Google Adsense and MGID.

      • Tech Companies Meet EC to Discuss Removal of Pirate & Illegal Content

        Representatives from platforms thought to include Google, Facebook and Twitter will meet with five EU Commissioners today to discuss progress in tackling the spread of illegal content online. While focus is being placed on terrorist propaganda and hate speech, intellectual property rights infringements are also high on the agenda.

      • Twitter, Snapchat Tie Up with Fox to Provide Coverage of FIFA World Cup

        Twenty-First Century Fox’s Fox Sports is partnering with Twitter to stream a live show and Snap Inc’s Snapchat to showcase stories with match-day highlights on the FIFA World Cup soccer tournament to be hosted in Russia later this year.

Links 9/1/2018: CES Products and DRM in Linux

Wednesday 10th of January 2018 12:23:35 AM

Contents GNU/Linux
  • The 5 best Linux distros for the enterprise: Red Hat, Ubuntu, Linux Mint and more

    Three of the five Linux distributions discussed offer reliable and professional-grade support, all have frequent updates to ensure that security exploits are addressed in a timely manner, and all have at least some level of corporate connectivity baked in. In addition, all of them can run Windows programs through virtual machines or subsystems such as Wine. That ability might appeal to executives, but it raises the question of whether it’s really necessary or even a good idea.

    There’s also a big cost difference between deploying Linux and Windows: Linux itself is free, so it’s the distributor’s support that you’ll pay for. And, yes, you will want to do that. The price for proper enterprise-ready support still makes Linux desktop a much less expensive option.

  • 9 Best Linux Distros For Programming And Developers (2018 Edition)

    Linux-based operating systems are often used by developers to get their work done and create something new. Their major concerns while choosing a Linux distro for programming are compatibility, power, stability, and flexibility. Distros like Ubuntu and Debian have managed to establish themselves as the top picks. Some of the other great choices are openSUSE, Arch Linux, etc. If you intend to buy a Raspberry Pi and start with it, Raspbian is the perfect way to start.

  • Server
    • Explore private cloud platform options: Paid and open source

      An open source private cloud platform, Apache CloudStack offers a comprehensive management system that features usage metering and image deployment. It supports hypervisors including VMware ESXi, Microsoft Hyper-V, Citrix XenServer and KVM.

      CloudStack also handles features like tiered storage, Active Directory integration and some software-defined networking. As with other open source platforms, it takes a knowledgeable IT staff to install and support CloudStack.

    • 7 systems engineering and operations trends to watch in 2018

      Kubernetes domination

      Kubernetes came into its own in 2017 and its popularity will only grow in 2018. Edward Muller, engineering manager at Salesforce, predicts that building tools on top of Kubernetes is going to be more prevalent next year. “Previously, most tooling targeted one or more cloud infrastructure APIs,” says Muller. “Recent announcements of Kubernetes as a Service (KaaS?) from major cloud providers is likely to only hasten the shift.”

    • 2018: The Year of Kubernetes and Interoperability

      On its own, Kubernetes is a great story. What makes it even better is the soaring interoperability movement it’s fueling. An essential part of enabling interoperable cloud-native apps on Kubernetes is the Open Service Broker API. OSBAPI enables portability of cloud services across offerings and vendors. A collaborative project across multiple organizations, including Fujitsu, Google, IBM, Pivotal, Red Hat and SAP, it enables developers, ISVs, and SaaS vendors to deliver services to applications running within cloud-native platforms. In 2017, we saw adoption of the API by Microsoft and Google. Late in the year, Amazon and Pivotal partnered to enable expose Amazon’s services via the broker as well. Red Hat uses it to support the OpenShift marketplace.

  • Kernel Space
    • Linux 4.17 To Likely Include Intel DRM Driver’s HDCP Support

      Back in November a Google developer proposed HDCP content protection support for the Intel Direct Rendering Manager (DRM) Linux driver that is based upon their code from Chrome OS / Chromium OS. It looks like that High-bandwidth Digital Content Protection support in the i915 DRM driver will come for Linux 4.17.

      It’s too late to happen for Linux 4.16 considering it would be too tardy for it to be comfortably added to DRM-Next. Google developer Sean Paul who has been spearheading this HDMI/DisplayPort HDCP support for the open-source Intel DRM driver believes the code is now ready for merging.

    • Linux Foundation
      • Linux Foundation LFCS and LFCE: Miltos Tsatsakis

        The Linux Foundation offers many resources for developers, users, and administrators of Linux systems. One of the most important offerings is its Linux Certification Program, which is designed to give you a way to differentiate yourself in a job market that’s hungry for your skills.

        How well does the certification prepare you for the real world? To illustrate that, we will be highlighting some of those who have recently passed the certification examinations. These testimonials should help you decide if either the Linux Foundation Certified System Administrator or the Linux Foundation Certified Engineer certification is right for you.

    • Graphics Stack
      • Mesa 17.3.2 Release Notes / January 8, 2018

        Mesa 17.3.2 is a bug fix release which fixes bugs found since the 17.3.1 release.

        Mesa 17.3.2 implements the OpenGL 4.5 API, but the version reported by glGetString(GL_VERSION) or glGetIntegerv(GL_MAJOR_VERSION) / glGetIntegerv(GL_MINOR_VERSION) depends on the particular driver being used. Some drivers don’t support all the features required in OpenGL 4.5. OpenGL 4.5 is only available if requested at context creation because compatibility contexts are not supported.

      • Mesa 17.3.2 Released With The Latest Stable Fixes

        While Mesa 18.0 will premiere later this quarter as the first feature update of 2018, Mesa 17.3.2 is now available as the second bug-fix release for last quarter’s Mesa 17.3 series.

      • NVIDIA Rolls Out New Vulkan Beta Driver With Conservative Rasterization Support

        NVIDIA is sticking to their pledge of being quick with delivering support for new revisions of Vulkan support in their Windows and Linux drivers.

        Vulkan 1.0.67 was released on Friday and while it’s mostly a mundane maintenance update, it does include one new extension: VK_EXT_conservative_rasterization. This extension adds a conservative rasterization mode to Vulkan and is similar to the GL_NV_conservative_raster OpenGL extension (more details on conservative rasterization here).

      • VC5 Gallium3D Driver Is Onto Pushing More Triangles In Simulator

        The VC5 open-source Gallium3D driver designed to support the next generation of Broadcom VideoCore graphics hardware is onto rendering more triangles, at least with the hardware simulator.

    • Benchmarks
      • Benchmarking Clear Linux With KPTI + Retpoline Support

        Yesterday Intel landed KPTI page table isolation and Retpoline support in their Clear Linux distribution. Given that one of the pillars of this Intel Open-Source Technology Center platform is on delivering optimal Linux performance, I was curious to see how its performance was impacted. Here are before/after benchmarks on seven different systems ranging from low-end Pentium hardware to Xeon servers.

  • Applications
  • Desktop Environments/WMs
    • K Desktop Environment/KDE SC/Qt
      • Discover, the KDE Software Center App, is Improving Nicely

        Many KDE fans –maybe even you– consider the app to be too limited, preferring instead to use an alternative tool like Synaptic or the Muon Software Center to handle package management.

        So popular is Muon that Kubuntu 17.10 even re-added it to its install image!

        But Discover shouldn’t be forgotten about.

        It’s important that Plasma desktop has a vibrant, easy to use, “one-stop-shop” for users to discover, install, update and remove software on their desktops.

      • Polishing Discover Software Center

        KDE Discover Software Center is a key element of our Usability and Productivity initiative because it encompasses the basic experience of discovering, installing, and removing software. Most regular people don’t want to use the command line to do this, and for them, we have Discover.

  • Distributions
    • Parted Magic Disk Partitioning, Cloning and Rescue Linux OS Has a New Release

      Coming four months after version 2017_09_05, which was the most successful release to date, Parted Magic 2018_01_08 ships with Linux kernel 4.14.11, a version that includes patches for the newly discovered Meltdown and Spectre security vulnerabilities, as well as better support for newer graphics cards.

      “The 2017_09_05 release was our most successful release to date with very little complaints. Instead of changing a bunch of stuff for the sake of changing a bunch of stuff, we basically kept it the way it was,” says developer Patrick Verner in the release announcement. “We only addressed the little issues and updated relevant software.”

    • New Releases
      • IPFire Open Source Firewall Linux Distro Gets Huge Number of Security Fixes

        IPFire 2.19 Core Update 117 is now available to download and comes with the latest OpenSSL 1.0.2n TLS/SSL and crypto library, as well as an updated OpenVPN implementation that makes it easier to route OpenVPN Roadwarrior Clients to IPsec VPN networks by allowing users to choose routes in each client’s configuration.

        The update also improves the IPsec implementation by allowing users to define the inactivity timeout time of an idle IPsec VPN tunnel that’s being closed and updating the strongSwan IPsec-based VPN solution to version 5.6.1. It also disabled the compression by default and removed support for MODP groups with subgroups.

      • Chakra GNU/Linux Users Get KDE Plasma 5.11.5, KDE Applications 17.12 and Qt 5.10

        If you’re using Chakra GNU/Linux, which is a rolling release computer operating system where you install once and receive updates forever, chances are you can upgrade its components to the recently released KDE Plasma 5.11.5 desktop environment, as well as KDE Applications 17.12.0 and KDE Frameworks 5.41.0 software suits, all built against the latest Qt 5.10.0 application framework.

        “You can now upgrade to the latest versions of KDE’s Plasma, Applications and Frameworks series, built against the brand new Qt 5.10.0,” says Neofytos Kolokotronis in the forum announcement. “[KDE] Applications 17.12 is the first release of a new series that focuses on introducing enhancements and new features. As always with stability updates, Plasma 5.11.53 and Frameworks 5.41.02 include a month’s worth of bug fixes and improvements.”

    • OpenSUSE/SUSE
      • Future Tumbleweed Snapshot to Bring YaST Changes

        Changes to YaST are coming and people using openSUSE Tumbleweed will be the first to experience these planned changes in a snapshot that is expected to be released soon.

        Those following the YaST Team blog may have been read about the implementation changes expected for libstorage-ng, which have been discussed for nearly two years. Libstorage is the component used by YaST; specially used in the installer, the partitioner and AutoYaST to access disks, partitions, LVM volumes and more.

        This relatively low-level component has been a constant source of headaches for YaST developers for years, but all that effort is about to bear fruit. The original design has fundamental flaws that limited YaST in many ways and the YaST Team have been working to write a replacement for it: the libstorage-ng era has begun.

        This document offers an incomplete but very illustrative view of the new things that libstorage-ng will allow in the future and the libstorage limitations it will allow to leave behind. For example, it already makes possible to install a fully encrypted system with no LVM using the automatic proposal and to handle much better filesystems placed directly on a disk without any partitioning. In the short future, it will allow to fully manage Btrfs multi-device filesystems, bcache and many other technologies that were impossible to accommodate into the old system.

      • openSUSE-Based GeckoLinux Receives New, Revamped Releases Built with KIWI

        The biggest change of the new GeckoLinux releases is that they are now built using the KIWI OS image builder instead of the older SUSE Studio, which was merged into SUSE’s OBS (Open Build Service) last year. This gives GeckoLinux a smoother and more reliable boot process, better hardware detections, and boot splash screen support.

        Additionally, this major change no longer forces users to enter passwords for the default live session user account, provides a much cleaner ISO build process and structure that’s up-to-date with OpenSuSE’s standards, and introduces persistence support for Live USBs, allowing users to run GeckoLinux as a portable OS.

      • Libstorage-NG Landing Soon In openSUSE Tumbleweed For Improving The Installer

        Users of the openSUSE rolling-release Linux distribution will soon find an improved installer thanks to Libstorage-NG landing soon and improvements to YaST.

        Libstorage is a low-level storage library used by SUSE’s YaST for dealing with disk / partition / LVM management and other storage device interaction. For over the past two years, libstorage-ng has been in development as the next-generation implementation.

    • Red Hat Family
    • Debian Family
      • Debbugs Versioning: Merging

        One of the key features of Debbugs, the bug tracking system Debian uses, is its ability to figure out which bugs apply to which versions of a package by tracking package uploads. This system generally works well, but when a package maintainer’s workflow doesn’t match the assumptions of Debbugs, unexpected things can happen.

      • Derivatives
        • Canonical/Ubuntu
          • Who Was To Blame For The Ubuntu BIOS Bug?

            So who is to blame for the corruption of the BIOS?

            Ultimately I would put the majority of the blame at the door of the manufacturers and the BIOS developers. You simply should not be able to corrupt the BIOS and there should be a reset option which returns it to factory settings if all else fails. The Ubuntu developers were the unlucky people to instantiate the bug by including a defective driver within the Kernel.

            Some of the blame has to go to the users as well. Maybe we need to be a bit smarter when installing operating systems and not necessarily jump at the latest thing.

          • System76 Continues to Improve HiDPI Support for Their Ubuntu-Based OS in 2018

            Work on the second release of Pop!_OS Linux will continue this year with a rebase on Canonical’s upcoming Ubuntu 18.04 LTS (Bionic Beaver) operating system, due for release on April 26, 2018. The distro will also be released this spring, after Ubuntu 18.04 LTS, and will feature out-of-the-box support for HiDPI displays.

            System76 says that it received great feedback from the community in regards to the HiDPI improvements they are adding into Pop!_OS Linux lately, and, besides the fixing many of the reporting issues, they are also working on better integration of the HiDPI daemon into the desktop, including support for tweaking its behavior.

          • Ubuntu Server Development Summary – 09 Jan 2018

            The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubuntu Server Team. If you would like to reach the server team, you can find us at the #ubuntu-server channel on Freenode. Alternatively, you can sign up and use the Ubuntu Server Team mailing list.

          • LXD Weekly Status #29

            And we’re back from the holidays!
            This “weekly” summary is covering everything that happened the past 3 weeks.

            The big highlight was the release of LXD 2.21 on the 19th of December.

            During the holidays, we merged quite a number of bugfixes and smaller features in LXC and LXD with the bigger feature development only resuming now.

            The end of year was also the deadline for our users to migrate off of the LXD PPAs.
            Those have now been fully deleted and users looking for newer builds of LXD should use the official basckport packages or the LXD snap.

          • Flavours and Variants
            • Debian vs. Linux Mint: The Winner Is?

              Linux Mint is on track to becoming the most popular desktop distro available. This isn’t to suggest that it’s already happened, rather that it’s on track to happen if Linux Mint continues to find its fans among Windows converts. By contrast, Debian has received almost no credit for this success whatsoever. Worse, neither does Ubuntu, which uses Debian as a base.

              So are Linux Mint and Debian really all that different? After all, Linux Mint is based on Ubuntu, which is based on Debian. One might surmise that the these distros are more similar than different. Fact is stranger than fiction. Linux Mint and Debian may share a common heritage, but that’s where the similarities end.

  • Devices/Embedded
Free Software/Open Source
  • Piwik is now Matomo – Announcement

    You may be surprised to read this announcement, but no stress, take a deep breath, nothing big is going to happen, it is just our name that is changing and here are the reasons why.

  • Does DevOps Plus Open Source Equal Security?
  • Events
  • Web Browsers
    • Mozilla
      • Mozilla Marketing Engineering & Ops Blog: Kuma Report, December 2017

        We have a lot of things we have to do in Q1 2018, such as the CDN and Django 1.11 update. We postponed a detailed plan for 2018, and instead will spend some of Q1 discussing goals and priorities. During our discussions in December, a few themes came up.

        For the MDN Web Docs product, the 2018 theme is Reach. We want to reach more web developers with MDN Web Docs data, and earn a key place in developers’ workflows. Sometimes this means making developer.mozilla.org the best place to find the information, and sometimes it means delivering the data where the developer works. We’re using interviews and surveys to learn more and design the best experience for web developers.

        For the technology side, the 2018 theme is Simplicity. There are many seldom-used Kuma features that require a history lesson to explain. These make it more complicated to maintain and improve the web site. We’d like to retire some of these features, simplify others, and make it easier to work on the code and data. We have ideas around zone redirects, asset pipelines, and translations, and we hope to implement these in 2018.

        One thing that has gotten more complex in 2017 is code contribution. We’re implementing new features like browser-compat-data and interactive-examples as their own projects. Kuma is usually not the best place to contribute, and it can be challenging to discover where to contribute. We’re thinking through ways to improve this in 2018, and to steer contributor’s effort and enthusiasm where it will have the biggest impact.

      • Retained Display Lists

        As part of the lead up to Firefox Quantum, we added new telemetry to Firefox to help us measure painting performance, and to let us make more informed decisions as to where to direct our efforts. One of these measurements defined a minimum threshold for a ‘slow’ paint (16ms), and recorded percentages of time spent in various paint stages when it occurred. We expected display list building to be significant, but were still surprised with the results: On average, display list building was consuming more than 40% of the total paint time, for work that was largely identical to the previous frame. We’d long been planning on an overhaul of how we built and managed display lists, but with this new data we decided that it needed to be a top priority for our Painting team.

      • Multilingual Gecko in 2017

        In January 2017, we set the course to get a new localization framework named Fluent into Firefox.

        Below is a story of the work performed on the Firefox engine – Gecko – over the last year to make Fluent in Firefox possible. This has been a collaborative effort involving a lot of people from different teams. It’s impossible to document all the work, so keep in mind that the following is just the story of the Gecko refactor, while many other critical pieces were being tackled outside of that range.

        Also, the nature of the project does make the following blog post long, text heavy and light on pictures. I apologize for that and hope that the value of the content will offset this inconvenience and make it worth reading.

  • CMS
    • A Love Letter to Plain Text

      I have used Hugo, the blog engine this blog runs on top of, more and more lately for less and less typical use cases. Hopefully this post will inspire others in similar ways.

      There was another post on twitter recently that inspired me to write this post. The point of that post was that when your blog is just a pile of textfiles generic Unix tools combine to make many things are trivial that wouldn’t be with a more traditional database backed system.

  • Pseudo-Open Source (Openwashing)
  • Funding
  • BSD
    • LLVM Clang Is Moving Closer To Full OpenMP 4.5 Support

      While it took LLVM’s Clang C/C++ compiler initially a long time to supporting OpenMP, the code continues to mature in supporting the latest updates to this parallel programming specification.

      As it stands now Clang has full support for OpenMP 3.1 and only partial support for OpenMP 4.5, but they continue moving closer to supporting OMP 4.5 on CPUs and eventually to NVIDIA GPUs with their CUDA back-end.

    • SPIR-V Support For Upstream LLVM Is Back To Being Discussed

      Next month the Vulkan 1.0 API will turn two years old but a goal that has remained elusive to date has been getting SPIR-V — the intermediate representation shared by Vulkan and OpenCL — into upstream LLVM.

      The goal would be upstream support for going between SPIR-V and LLVM IR. There’s been various projects working on this SPIR-V and LLVM IR to/from translation support, but nothing has been upstreamed yet in LLVM itself for easier maintenance and focusing on a concerted effort.

    • OpenBSD-current now has ‘smtpctl spf walk’

      This feature is still in need of testing, so please grab a snapshot and test!

  • Licensing/Legal
  • Openness/Sharing/Collaboration
  • Programming/Development
    • [Older] Quantum Computers Barely Exist—Here’s Why We’re Writing Languages for Them Anyway

      Quantum computers are still extremely rudimentary, and largely remain intriguing playthings in a few advanced research labs. That hasn’t deterred people from developing new programming languages for them.

      The most recent one comes from Microsoft, which has unveiled Q# (pronounced Q sharp) and some associated tools to help developers use it to create software. It joins a growing list of other high-level quantum programming languages such as QCL and Quipper.

    • This Week in Rust 216
    • #Rust2018

      As part of #Rust2018, I thought I would try to writeup my own (current) perspective. I’ll try to keep things brief.

      First and foremost, I think that this year we have to finish what we started and get the “Rust 2018” release out the door. We did good work in 2017: now we have to make sure the world knows it and can use it. This primarily means we have to do stabilization work, both for the recent features added in 2017 as well as some, ahem, longer-running topics, like SIMD. It also means keeping up our focus on tooling, like IDE support, rustfmt, and debugger integration.

    • GCC 8.0.0 Status Report (2018-01-08), Stage 3 ends Jan 14th

      GCC 8 is in development stage 3 currently but that is going to end at the end of Sunday, Jan 14th after which we go into regression and documentation fixes mode similar as if trunk was a release branch.

    • GCC 8 Will Enter Its Last Stage Of Development Next Week

      The GNU Compiler Collection 8 (GCC 8) is currently in “stage three” development whereby general bug fixing can still happen along with allowing new ports to be added. But that is changing next week as it enters its final stage of development prior to release.

      SUSE’s Richard Biener announced that on 14 January, they will be going into their strict “regression and documentation fixes mode similar as if trunk was a release branch.”

Leftovers
  • Science
    • Your smartphone is making you stupid, antisocial and unhealthy. So why can’t you put it down?

      A decade ago, smart devices promised to change the way we think and interact, and they have – but not by making us smarter. Eric Andrew-Gee explores the growing body of scientific evidence that digital distraction is damaging our minds

    • The UK is still educating different classes for different functions in society

      Historically, the English educational system has educated the different social classes for different functions in society. However, in the 21st century, the expectation is that the English state system is providing roughly the same education for all. In my new book I argue that it does not. Even within a comprehensive school, when young people are all being educated in the same building, the working classes are still getting less education than the middle classes, just as they had when my father was educated at the beginning of the 20th century. We are still educating different social classes for different functions in society.

      The book is based on a mix of statistics, more than 500 interviews and my personal memoir of growing up as a free school meal child living on a council estate. The book argues that, despite a whole plethora of policy initiatives from testing regimes, league tables, school choice, academies and free schools, the return to traditional models of both primary and secondary curriculum and to a preoccupation with ‘school improvement’ and ‘school effectiveness’, little has changed in relation to how the working classes are valued within education. And despite the incessant focus on social mobility, England is at the bottom of the league table for working class children achieving high academic levels.

  • Hardware
  • Health/Nutrition
    • Medicines Patent Pool Launches Search For Next Director

      The Patent Pool, which works with a range of partners to help increase access to HIV, hepatitis C and tuberculosis treatments in developments, negotiates voluntary licences with patent owners and develops patent pooling initiatives, according to the announcement. The Geneva-based agency, spun off from Unitaid several years ago but still funded by it, has saved the international community nearly $400 million, it said.

  • Security
    • MalwareTech Prosecution Appears To Be Falling Apart As Gov’t Plays Keep Away With Documents Requested By Defense

      Marcus Hutchins, a.k.a. MalwareTech, went from internet hero (following his inadvertent shutdown of the WannaCry ransomware) to federal government detainee in a surprisingly short amount of time. Three months after saving the world from rampaging malware built on NSA exploits, Hutchins was arrested at the Las Vegas airport as he waited for his flight home to the UK.

      When the indictment was published, many people noted the charges didn’t seem to be backed by much evidence. The government accused Hutchins of creating and selling the Kronos malware, but the offered very little to support this claim. While it’s true much of the evidence against Hutchins will be produced in court, the indictment appeared to be stretching legal definitions of certain computer crimes to their limits.

      The government’s case appears to be weak and reliant on dubious legal theories. It’s not even 100% clear that creating and selling malware is an illegal act in and of itself. The charges the government brought rely heavily on proving Hutchins constructed malware with the intent to cause damage to computers. This isn’t so easily proven, especially when the government itself is buying malware to deploy for its own purposes and has yet to bring charges against any of the vendors it buys from. Anyone selling exploits to governments could be said to be creating malware with intent to cause harm. That it’s a government, rather than an individual, causing the harm shouldn’t make any difference — at least not if the government wants to claim selling of malware alone is a federal offense.

    • ​The Linux vs Meltdown and Spectre battle continues

      Meltdown is a CPU vulnerability. It works by using modern processors’ out-of-order execution to read arbitrary kernel-memory location. This can include personal data and passwords. This functionality has been an important performance feature. It’s present in many modern processors, moshttps://www.ostechnix.com/check-meltdown-spectre-vulnerabilities-patch-linux/t noticeably in 2010 and later Intel processors. By breaking down the wall between user applications and operating system’s memory allocations, it can potentially be used to spy on the memory of other programs and the operating systems.

    • ‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown

      It was late November and former Intel Corp. engineer Thomas Prescher was enjoying beers and burgers with friends in Dresden, Germany, when the conversation turned, ominously, to semiconductors.

      Months earlier, cybersecurity researcher Anders Fogh had posted a blog suggesting a possible way to hack into chips powering most of the world’s computers, and the friends spent part of the evening trying to make sense of it. The idea nagged at Prescher, so when he got home he fired up his desktop computer and set about putting the theory into practice. At 2 a.m., a breakthrough: he’d strung together code that reinforced Fogh’s idea and suggested there was something seriously wrong.

    • Linus Torvalds Is Not Happy About Intel’s Meltdown And Spectre Mess

      Meltdown and Spectre exploit an architectural flaw with the way processors handle speculative execution, a technique that most modern CPUs use to increase speed. Both classes of vulnerability could expose protected kernel memory, potentially allowing hackers to gain access to the inner workings of any unpatched system or penetrate security measures.

      The flaw can’t be fixed with a microcode update, meaning that developers for major OSes and platforms have had to devise workarounds that could seriously hurt performance.

      In an email to a Linux list this week, Torvalds questioned the competence of Intel engineers and suggested that they were knowingly selling flawed products to the public. He also seemed particularly irritated that users could expect a five to 30 per cent projected performance hit from the fixes.

    • It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs

      Microsoft’s fix for the Meltdown and Spectre bugs may be crocking AMD-powered PCs.

      A lengthy thread on answers.microsoft.com records numerous instances in which Security Update for Windows KB4056892, Redmond’s Meltdown/Spectre patch, leaves some AMD-powered PCs with the Windows 7 or 10 startup logo and not much more.

    • Warning: Microsoft’s Meltdown and Spectre patch is bricking some AMD PCs

      We’ve already seen compatibility issues with some antivirus tools, and now some AMD users are reporting that the KB4056892 patch is rendering their computer unusable. A further issue — error 0x800f0845 — means that it is not possible to perform a rollback.

    • Observing interrupts from userland on x86

      In 2016, I noticed a quirk of the x86 architecture that leads to an interesting side channel. On x86, it is possible for a userland process to detect when it has been interrupted by an interrupt handler, without resorting to timing. This is because the usual mechanism for handling interrupts (without using virtualisation) doesn’t always preserve all userland registers across an interrupt handler.

    • Twitter promotes ‘get verified’ phishing scam that actually steals your account, credit card details

      Following backlash and criticism, Twitter banned several Russian organisations including RT and Sputnik from purchasing ads on the platform.

    • Cybersecurity Firm Says Olympics Organizations Were Targeted by Hackers [sic]

      An email campaign, conducted between Dec. 22 and 28 last month, sent infected documents to Olympic associations from an email that was designed to appear as though it came from South Korean authorities, analysts with McAfee’s Advanced Threat Research division found.

    • The new DHS breach illustrates what’s wrong with today’s cybersecurity practices

      The lines between privacy incident, security incident, insider incident, and fraud are blurry at best.

    • Security updates for Tuesday
    • Hardcoded Backdoor Found In WD My Cloud NAS With Username “MyDlink”

      In yet another revelation of severe loopholes, a security researcher James Bercegay from Gulftech has discovered a backdoor in some models of the My Cloud NAS (Network-attached storage) drive family, manufactured by Western Digital.

    • Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key

      Microsoft has added a new and very important detail on the support page describing incompatibilities between antivirus (AV) products and the recent Windows Meltdown and Spectre patches.

      According to an update added this week, Microsoft says that Windows users will not receive the January 2018 Patch Tuesday security updates, or any subsequent Patch Tuesday security updates, unless the antivirus program they are using becomes compatible with the Windows Meltdown and Spectre patches.

      The way antivirus programs become compatible is by updating their product and then adding a special registry key to the Windows Registry.

    • How To Check For Meltdown And Spectre Vulnerabilities And Patch Them In Linux
    • With WPA3, Wi-Fi will be secure this time, really, wireless bods promise
    • WPA3 Released To Fill KRACKs Of The Wi-Fi WPA2 Protocol
    • NSA Denies Prior Knowledge Of Meltdown, Spectre Exploits; Claims It Would ‘Never’ Harm Companies By Withholding Vulns

      News surfaced late last week indicating everything about computing is fucked. Two critical flaws with zero perfect fixes — affecting millions of processors — were exposed by security researchers. Patches have been deployed and more are on their way, but even the best fixes seem to guarantee a noticeable slowdown in processing speed.

      [...]

      These recently-discovered exploits may be the ones that got away — ones the NSA never uncovered and never used. But this statement portrays the NSA as an honest broker, which it isn’t. If the NSA had access to these exploits, it most certainly would have used them before informing affected companies. That’s just how this works. As long as exploits are returning intel otherwise inaccessible, the NSA will use the exploits for as long as possible before disclosing this info to US companies. The agency has historically shown little concern about collateral damage and I don’t believe putting someone new in charge of the VEP is going to make that much of a difference in the future.

    • Security notice: Meltdown and Spectre

      If you haven’t already done so, please read “Meltdown and Spectre“.

      These vulnerabilities are critical. They expose all memory data present on the computer to any application running locally (including to scripts run by your web browser).

      Note: Meltdown and Spectre also affect smart phones and tablets. Please seek information on how to protect your mobile devices.

    • Linux Mint Devs Respond to Meltdown and Spectre Security Vulnerabilities

      Linux Mint developers have published today a statement regarding the recently unearthed Meltdown and Spectre security vulnerabilities, informing users on how to keep their PCs secure.

      Last week, two of the most severe security flaws were publicly disclosed as Meltdown and Spectre, affecting billions of devices powered by a modern processor from Intel, AMD, ARM, or Qualcomm. To mitigate these vulnerabilities, OEMs and OS vendors started a two and half months long battle to redesign software and kernels.

      Almost all known operating systems are affected, and all web browsers. Linux Mint is one of the most popular GNU/Linux distributions out there with millions of users, but it hasn’t yet been patched against Meltdown and Spectre because it still relies on updates from the Ubuntu operating system.

    • All Supported 4MLinux and TheSSS Releases Now Patched Against Meltdown & Spectre
    • NVIDIA Confirms GPU Driver Fixes For Spectre
    • Linux security concerns rise as hackers target the OS [Ed: This describes merely perceived risks, associated with unpatched system or wrong installation, not inherent issues]
  • Defence/Aggression
    • MSNBC Ignores Catastrophic US-Backed War in Yemen

      For the popular US cable news network MSNBC, the largest humanitarian catastrophe in the world is apparently not worth much attention—even as the US government has played a key role in creating and maintaining that unparalleled crisis.

      An analysis by FAIR has found that the leading liberal cable network did not run a single segment devoted specifically to Yemen in the last nine months of 2017.

      And in these latter three-fourths of the year, MSNBC mentioned Russia 3,000 percent more than it mentioned Yemen.

      Moreover, in all of 2017, MSNBC did not once report on the US-backed Saudi airstrikes that have killed thousands of Yemeni civilians. Nor did it ever mention the impoverished nation’s colossal cholera epidemic, which infected more than 1 million Yemenis in the largest outbreak in recorded history.

    • Pushed to extremes: Cameroon’s escalating Anglophone crisis

      Fifteen months back, when a group of Anglophone lawyers went on strike in Cameroon, few would have predicted how far and how quickly events would escalate.

      Back then, in October 2016, the lawyers were objecting to the appointment of French-educated judges to their courts. A few other frustrated groups joined them later in peaceful protest against other government actions they perceived to be discriminating against the country’s English-speaking regions.

      Fast-forward to today, however, and that initial modest impetus has spiralled into Cameroon’s most alarming internal conflict since independence. In recent months, scores of civilians have been killed. Armed attacks have led to the deaths of at least sixteen army and police officers. The government has deployed the elite Rapid Intervention Battalion, which is usually found combatting Boko Haram, to the area. And thousands of refugees have fled to Nigeria, with the UN Refugee Agency expecting up to 40,000 more.

  • Transparency/Investigative Reporting
    • Julian Assange’s stay in London embassy untenable, says Ecuador

      Ecuador’s foreign minister has said Julian Assange’s five-and-a-half-year stay in her country’s London embassy is “untenable” and should be ended through international mediation.

      The WikiLeaks founder has been holed up in Knightsbridge since the summer of 2012, when he faced the prospect of extradition to Sweden over claims that he sexual assaulted two women. He denies the accusations.

    • Daily Mail calls Virgin Trains’ decision to stop stocking paper ‘censorship’
    • Richard Branson’s Virgin Trains is boycotting the Daily Mail because it is ‘not compatible’ with its beliefs
    • Ecuador seeks mediator to resolve ‘untenable’ Julian Assange standoff: Foreign minister
    • WikiLeaks Just Illegaly Posted PDF to Fire and Fury, Anyone Who Downloads Could Face Huge Fine

      For those not wanting to pay the $18 for a hardcover version of Michael Wolff‘s new book Fire and Fury: Inside the Trump White House, or the $14 dollars for the Kindle version, don’t be tempted by WikiLeaks’ tweet with the full PDF version of the book. Law&Crime consulted several copyright legal experts who all agree that the tweet amounts to copyright infringement, and anyone who downloads the book could be held liable too.

    • Twitter Still Hasn’t Pulled Wikileaks’ Link to Fire and Fury, Despite Clear Violation of Copyright Policy

      Last night, Wikileaks tweeted a link for people to click if they wanted to download the text of Michael Wolff‘s book Fire and Fury: Inside the Trump White House without paying for it. As Law&Crime Editor-in-Chief Rachel Stockman noted, there are serious legal issues with this, as it looks like a major copyright infringement. On top of legal issues though, it’s also against Twitter’s own policy. Wikileaks deleted their original tweet soon after they posted it, but another one went up later in the evening.

    • WikiLeaks Shared Entire ‘Fire and Fury’ Manuscript Online

      WikiLeaks has shared a link to the tell-all book about Donald Trump’s White House that has made waves in Washington, D.C.

      In a move that appeared to have the success of Michael Wolff’s tome Fire and Fury: Inside the Trump White House firmly in its crosshairs, the organization tweeted out a link to a full PDF of the book, which may have constituted copyright infringement.

    • The Targeting of Wikileaks

      Lamo also claimed that Manning told him he physicially dropped off classified information to WikiLeaks’ “intermediaries” in Boston—who I’m sure George Webb has shared a glass of wine or two with—and yet, after the chat logs were finally published in their entirety, no where does Manning say he dropped off classified information in Boston. Nor do the chats indicate that Assange helped Manning procure any documents. Yet, despite Lamo’s blatant lies that Kevin Poulsen helped cover up, Poulsen was invited to join the Freedom of the Press Foundation’s Technology Advisory Board in 2014 and although he’s no longer listed as such, an FPF webpage for him still exists. Why FPF board members turned a blind eye to what Lamo and Poulsen did to both Manning and Wikileaks, including Glenn Greenwald who, ironically, was the one who called out Poulsen’s questionable behavior in the first place, is inexplicable.

    • Freedom of the Press Foundation Cuts Wikileaks Donations

      So, for those of you that missed it because it didn’t grab a lot of headlines let me give you a head’s up on what’s been happening. The Freedom of the Press Foundation (FPF), the brainchild of Julian Assange and John Perry Barlow, decided to part ways with Wikileaks citing a lack of evidence that Wikileaks is suffering from a financial blockade. Assange addressed the FPF’s move in a letter he later released on pastebin.com but it didn’t stop the FPF board from unanimously voting to cut ties with Wikileaks. Unanimously. Micah Lee later stated that they would continue to fight for the First Amendment rights of Wikileaks “when they’re threatened,” which is the most absurd statement of the century seeing that the FPF is now doing literally nothing to support Julian Assange, Wikileaks, and its staff all of whom have been facing threats from more sides than a ShengShou Megaminx over the course of the last seven years.

    • How to leak information securely?

      As I mentioned at the beginning of the post, SecureDrop is a free software which is developed by an active community, the source code is hosted at github. The primary application is written in Flask, and various other Python modules. Feel free to look at the issues, and contribute to the project as you wish.

  • Environment/Energy/Wildlife/Nature
    • Trump-appointed regulators reject plan to rescue coal and nuclear plants

      The Federal Energy Regulatory Commission on Monday unanimously rejected a proposal by Energy Secretary Rick Perry that would have propped up nuclear and coal power plants struggling in competitive electricity markets.

      The independent five-member commission includes four people appointed by President Trump, three of them Republicans. Its decision is binding.

  • Finance
    • China Has More Plans to Stamp Out Bitcoin

      China’s government plans to crack down on Bitcoin mining, months after rocking the cryptocurrency world by banning initial coin offerings and shutting down exchanges.

    • Your Amazon Order Could Get You in Trouble With Customs

      Amazon’s counterfeit problem is well documented, but it’s easy to forget the myriad ways in which it can become your problem, too. After all, your new face mask probably won’t contain arsenic, your off-brand USB cord probably won’t fry your laptop, your made-in-China hoverboard probably won’t burn your house down, and your designer suitcase probably won’t put you on a US Customs and Border Protection blacklist for importing counterfeit goods.

    • A Crypto Website Changes Its Data, and $100 Billion in Market Value Vanishes

      Prices for some of the most popular cryptocurrencies dropped sharply Monday. One apparent reason: an adjustment from a popular website on its digital-currency price quotes.

    • Australia’s hard choice between China and US

      Australia has always believed that it doesn’t have to choose between its economic relationship with China and its defense alliance with the United States. But 2018 is already shaping up to be the year of the hard choice.

      It would be convenient for Australia if it was able to maintain its balancing act, but a confluence of global factors has stripped away the fiction that it can separate the economic benefits it gets from China and its post-World War II position as one of America’s closest strategic allies.

  • AstroTurf/Lobbying/Politics
    • Donald Trump now spends most of the day in bed

      This week we’ve learned two different pieces of information from two different sources which, when put together, paint a truly disturbing picture about what’s left of Donald Trump’s physical and mental competence. First we learned about what time he tends to start the day when he’s in the White House. Then we separately learned what time he ends each day in the White House. Do the math, and we’re looking at something utterly surreal.

    • 25th Amendment unlikely to be invoked over Trump’s mental health

      Donald Trump’s description of himself as a “very stable genius” sparked new debate this weekend about the 25th Amendment, but invoking the provision to remove a president from office is so difficult that it’s highly unlikely to come into play over concerns about Trump’s mental health, a half-dozen lawyers with expertise on the measure said.

      The amendment’s language on what could lead a president to be involuntarily removed from office is spare, saying simply that the vice president and a majority of the Cabinet could take such a step when “the President is unable to discharge the powers and duties of his office.”

      “I think it’s both its strength and its weakness,” said Jay Berman, a former chief of staff to Sen. Birch Bayh (D-Ind.), who helped craft the amendment in the 1960s. “The answer is not provided in the 25th Amendment. … It just does not provide that certainty or specificity. That might be easier in the context of physical incapacity, but it would be a lot harder in the case of mental incapacity.”

    • The New York Times brings us the looting of America

      Is there any mystery as to what is happening on the domestic front? The tax bill is nothing other than a looting of the nation for the sake of the 1%. It is thinly disguised pillage.

      The associated cuts in social programs represent a giant step in the Republican project of the past 40 years to repeal a century of progressive legislation. In case you wonder, the Republicans’ point of reference is not the 1920s, but rather the Gaslight Era of the 1890s – before the federal income tax was introduced.

      This is historic — a reactionary revolution without precedent. It is reshaping American society in fundamental ways that will endure.

  • Censorship/Free Speech
  • Privacy/Surveillance
    • Former NSA Contractor Pleads Guilty To Taking His National Defense Work Home With Him

      This is the end of one contractor’s twenty-year run on supposedly ultra-secure systems. Martin cannot possibly be the only contractor whose work has made its way out of the office. The Intelligence Community’s oversight has pointed out the half-assed job being done to secure things post-Snowden. Martin is just an embodiment of the IC’s ideals: more focused on collecting data than making sure the collected info remains secure.

    • The Stasi’s Tiny Torn-Up Analog Files Defeat Modern Digital Technology’s Attempts To Re-Assemble East Germany’s Surveillance Records

      It is nearly 30 years since the wall separating East and West Berlin came down, and yet work is still going on to deal with the toxic political legacy of East Germany. As Techdirt readers are well aware, one of the defining characteristics of the regime in East Germany was the unprecedented — for the time, at least — level of surveillance inflicted on citizens by the Stasi (short for Staatssicherheitsdienst, or State Security Service). This led to the creation of huge archives holding dossiers about millions of people.

      As it became clear that East Germany’s government would fall, and that its long-suffering citizens would demand to know who had been spying on them over the years, Stasi officers began to destroy the most incriminating documents. But there were so many files — a 2008 Wired article about them says they occupied 100 miles of shelving — that the shredding machines they used started to burn out. Eventually, Stasi agents were reduced to tearing pages by hand — some 45 million of them, ripping them into around 600 million scraps of paper.

    • Groups Line Up For Meaningful NSA Surveillance Reform

      Multiple nonprofit organizations and policy think tanks, and one company have recently joined ranks to limit broad NSA surveillance. Though our groups work for many causes— freedom of the press, shared software development, universal access to knowledge, equal justice for all—our voices are responding to the same threat: the possible expansion of Section 702 of the FISA Amendments Act.

      On January 5, the Rules Committee for the House of Representatives introduced S. 139. The bill—which you can read here—is the most recent attempt to expand Section 702, a law that the NSA uses to justify the collection of Americans’ electronic communications during foreign intelligence surveillance. The new proposal borrows some of the worst ideas from prior bills meant to reauthorize Section 702, while adding entirely new bad ideas, too.

    • Supreme Court Won’t Hear Key Surveillance Case

      The Supreme Court announced today that it will not review a lower court’s ruling in United States v. Mohamud, which upheld warrantless surveillance of an American citizen under Section 702 of the Foreign Intelligence Surveillance Act. EFF had urged the Court to take up Mohamud because this surveillance violates core Fourth Amendment protections. The Supreme Court’s refusal to get involved here is disappointing.

      Using Section 702, the government warrantlessly collects billions of communications, including those belonging to a large but unknown number of Americans. The Ninth Circuit Court of Appeals upheld this practice only by creating an unprecedented exception to the Fourth Amendment. This exception allows the government to collect Americans’ communications without a warrant by targeting foreigners outside the United States, known as “incidental collection.”

      We wish the Supreme Court had stepped in to fix this misguided ruling, but its demurral shouldn’t be taken to mean that Section 702 surveillance is totally fine. Some of the most controversial aspects of these programs have never been reviewed by a public court, let alone the Supreme Court. That includes “backdoor searches,” the practice of searching databases for Americans’ incidentally collected communications. Even in deciding Mohamud, the Ninth Circuit refused to address the constitutionality of backdoor searches.

    • How to Assess a Vendor’s Data Security
    • OK Google: Copy Amazon and Build a Smart Speaker with a Screen

      Google Assistant is seeking a popularity boost by coming to gadgets with screens—a move Amazon already made with Alexa.

    • Analog Equivalent Privacy Rights (9/21): When the government knows what news you read, in what order, and for how long

      In an attention economy, data about what we pay attention to, how much, and for how long, are absolutely crucial predictive behaviors. And in the hands of a government which makes the crucial mistake of using it to predict pre-crime, the results can be disastrous for the individual and plain wrong for the government.

    • How Amazon Will Put Alexa Everywhere

      It’s no secret that Amazon wants to crush the voice assistant competition, but now we have a better idea how it plans to do it.

    • Whistleblower: New NSA Chief Must Be Given ‘Mandate to Ferret Out Wrongdoing’

      On Friday, a classified memo announcing that Mike Rogers, director of the US National Security Agency (NSA), would be retiring in the spring was leaked to the public.

      Though an official announcement of his retirement has not yet been made, the leaked notice suggests that a successor will be nominated and approved by the US Senate by the end of January.

      However, Kirk Wiebe, a former NSA senior analyst and renowned national security whistleblower, says his focus is more on the next NSA chief’s ability to do what’s right.

    • Groups Line Up For Meaningful NSA Surveillance Reform

      Multiple nonprofit organizations and policy think tanks, and one company have recently joined ranks to limit broad NSA surveillance. Though our groups work for many causes— freedom of the press, shared software development, universal access to knowledge, equal justice for all—our voices are responding to the same threat: the possible expansion of Section 702 of the FISA Amendments Act.

      On January 5, the Rules Committee for the House of Representatives introduced S. 139. The bill—which you can read here—is the most recent attempt to expand Section 702, a law that the NSA uses to justify the collection of Americans’ electronic communications during foreign intelligence surveillance. The new proposal borrows some of the worst ideas from prior bills meant to reauthorize Section 702, while adding entirely new bad ideas, too.

    • NSA sought to prevent Snowden-style leaks, ended up losing staff – whistleblower to RT

      The NSA has been steadily shedding staff ever since the agency introduced draconian internal rules to stop potential new Snowden-inspired whistleblowers, former NSA technical director William Binney told RT.

      “The NSA has launched an internal program called ‘See something, say something,’” Binney, said, further explaining that the new internal code of conduct encourages agency employees to actually spy not only on their targets, but also on their fellow colleagues. The aim of this new measures were to prevent employees from becoming “another Edward Snowden,” he said.

      However, the new draconian rules actually backfired as employees started leaving the agency in droves, with few people willing to fill the vacant posts. The new rules “create a very hostile, bad working environment,” Binney said. He added that the extreme precautionary measures taken by the NSA to prevent internal leaks after Snowden’s move “destroyed the moral of people doing work there.”

    • ‘Snowden is a traitor’: Former NSA analyst to RT (VIDEOS)

      Former NSA analyst Ira Winkler described whistleblower Edward Snowden as a traitor and a sociopath to RT.com, and said the agency needs to seriously revise its staff security training.

      Speaking to RT as part of our YouTube ‘Cyber Security Series,’ filmed at the European Cyber Threat Summit in Dublin, Winkler argued that anyone could have pulled off Snowden’s leaking of NSA documents “if they were a sociopath themselves.”

      Snowden allegedly accessed classified NSA data on the agency’s mass surveillance program, which he later leaked to the world, by persuading up to 25 workers to give him login keys and passwords.

    • New CBP Border Device Search Policy Still Permits Unconstitutional Searches

      U.S. Customs and Border Protection (CBP) issued a new policy on border searches of electronic devices that’s full of loopholes and vague language and that continues to allow agents to violate travelers’ constitutional rights. Although the new policy contains a few improvements over rules first published nine years ago, overall it doesn’t go nearly far enough to protect the privacy of innocent travelers or to recognize how exceptionally intrusive electronic device searches are.

      Nothing announced in the policy changes the fact that these device searches are unconstitutional, and EFF will continue to fight for travelers’ rights in our border search lawsuit.

      Below is a legal analysis of some of the key features of the new policy.

    • Police probe sought after India biometric data leak reported
    • EFF Supports Stricter Requirements for DNA Collection From Minors

      When the San Diego police targeted black children for DNA collection without their parents’ knowledge in 2016, it highlighted a critical loophole in California law. Now, State Assemblymember Gonzalez Fletcher has introduced legislation—A.B. 1584—that would ensure cops cannot stop-and-swab youth without judicial approval or parental consent. EFF strongly supports this move.

      A.B. 1584 would require law enforcement to obtain a court order, a search warrant, or the written consent of both the minor and their parent or legal guardian before collecting DNA from the minor, except in a few narrow circumstances when DNA collection is already required under existing law.

    • In big push for total surveillance, Beijing bets on facial recognition

      Facial recognition is the new hot tech topic in China. Banks, airports, hotels and even public toilets are all trying to verify people’s identities by analysing their faces.

  • Civil Rights/Policing
    • Pacifica Foundation Faces Potential Asset Seizures by NYC Landlord

      Back in the United States, Pacifica Foundation, the owner of radio stations KPFA, KPFK, KPFT, WBAI and WPFW, faces potential asset seizures by New York City landlord Empire State Realty Trust beginning this week. The threat of asset seizures stems from a lawsuit won by Empire State Realty Trust against Pacifica Foundation for $1.8 million in back antenna lease payments owed by the network’s New York City station WBAI. WBAI’s antenna sits on the Empire State Building. Among the assets at risk are California properties that house Pacifica Foundation’s headquarters and its Berkeley station KPFA. Pacifica Foundation is the oldest listener-supported radio network in the country. It was founded in Berkeley, California, in 1949 by war resister Lewis Hill.

    • James Damore sues Google, alleging intolerance of white male conservatives
    • US: Secret Evidence Erodes Fair Trial Rights

      Evidence suggests US authorities deliberately conceal the facts about how they found information in a criminal case and may be doing so regularly, Human Rights Watch said in a report released today. Withholding these facts to cover up investigative practices, including potentially illegal ones, harms defendants’ rights and impedes justice for human rights violations.

    • Portland’s top brass said it was OK to swipe your garbage–so we grabbed theirs.

      t’s past midnight. Over the whump of the wipers and the screech of the fan belt, we lurch through the side streets of Southeast Portland in a battered white van, double-checking our toolkit: flashlight, binoculars, duct tape, scissors, watch caps, rawhide gloves, vinyl gloves, latex gloves, trash bags, 30-gallon can, tarpaulins, Sharpie, notebook–notebook?

      Well, yes. Technically, this is a journalistic exercise–at least, that’s what we keep telling ourselves. We’re upholding our sacred trust as representatives of the Fourth Estate. Comforting the afflicted, afflicting the comfortable.Pushing the reportorial envelope–by liberating the trash of Portland’s top brass.

    • Tech Backlash Grows as Investors Press Apple to Act on Children’s Use
    • New York City Adopts Historic Policing Reform

      Prompted by a diverse grassroots movement, much of the country continues to debate important proposed policing reforms at the local level. Many local policing campaigns that EFF supports focus on ending the era of law enforcement agencies acquiring surveillance equipment in secret. The latest campaign to prove successful secured a new law advancing transparency in New York City not only in policy, but also on the ground: the Right to Know Act.

      Adopted in a two-part measure, the Right to Know Act responds to the experience of New Yorkers and visitors subjected to law enforcement stops, frisks, and searches of personal possessions including digital devices like cell phones and tablets. The City Council’s passage of the measures comes in spite of fear-mongering and falsehoods promoted by police unions.

    • The Voter Purge Case at the Supreme Court Reveals the Justice Department’s Attack on Voting Rights

      We know the right to vote of every American is sacred and should be safeguarded. Why doesn’t the Trump administration?

      On Wednesday, the ACLU will be in the Supreme Court, defending a victory that preserved the voting rights of thousands of Ohio voters in the 2016 election.

      Along with Dēmos and the ACLU of Ohio, we represent the Ohio A. Philip Randolph Institute, the Northeast Ohio Coalition for the Homeless, and Larry Harmon, an Ohio voter. Together, we’ve challenged a voter purge process in Ohio, under which registered voters who do not vote during a two-year period are targeted for removal from the rolls. Here’s how it works: If you don’t vote for two years, Ohio sends you a nondescript notice in the mail, and if you don’t return it or vote in the next two federal elections cycles, they kick you off the rolls. With respect to your right to vote, Ohio is essentially saying, “Use it or lose it.”

    • In Kentucky, Public-School Bible Courses Look More Like Sunday School

      ACLU of Kentucky warns state department of education to set strict standards and guidelines for elective Bible courses.

      At Letcher County Central High in Whitesburg, Kentucky, students enrolled in the school’s elective Bible courses are instructed by one worksheet to “[d]o your best to build close relationships with other Christians, so that you may help one another through tough times.”

      Another worksheet used in the same class asks students, “What are some promises in the Bible that God gives everyone who believes in him?”

      Both curricular materials were sourced through “Teen Sunday School Place,” an online database of Sunday school lessons. Letcher County Bible course students are also encouraged to take part in religious activities, such as Bible Club.

      This is flagrantly unconstitutional but, unfortunately, not surprising: While it is technically possible for a public school to offer a course focusing solely on the Bible that complies with the Constitution, it’s very difficult to actually do, even with the best of intentions. And many public schools that offer such courses purposefully use them as vehicles to proselytize students and involve them in religious activities.

  • Internet Policy/Net Neutrality
    • The internet doesn’t suck

      It’s easy to think the internet sucks these days. My day job is defending net neutrality and getting people to care about privacy and the like. From that perch, it more often than not feels like things are getting worse on the internet.

      So, I thought I’d share an experience that reminded me that the internet doesn’t suck as much as we might think. In fact, in many moments, the internet still delivers all the wonder and empowerment that made me fall in love with it 25 years ago.

      The experience in question: my two sons Facetimed me into their concert in Toronto last week, lovingly adding me to a show that I almost missed.

    • The Little-Known Congressional Procedure That Could Save Net Neutrality

      There are a few ways to save net neutrality. Only one has a chance at success in the short term.

      Senate Democrats today reached an important milestone in the path to saving net neutrality after the Federal Communications Commission announced last month it would roll back protections from discrimination by internet service providers.

      A variety of proposals have been floated at the local and federal level to chip away at the FCC’s giveaway to the big telecommunications companies. But there are really only three ways to fully roll back the rollback. A federal court could rule in favor of the advocacy groups, states, and tech companies who will challenge the FCC action. However, complex legal challenges can take years. The FCC itself could reverse course and undo its decision. But given that the agency just voted along party lines to do away with net neutrality, it’s very unlikely the FCC would do an about-face until the White House changes hands.

      Restore Net Neutrality Protections

      Only one of the rollback options has a chance of making a difference in the near term. A law called the Congressional Review Act allows Congress to follow special expedited procedures to overturn agency actions with which it disagrees. Congress has 60 legislative days to act once the agency action has been formally posted and presented to the House and Senate. (Given the convoluted way that Congress counts a legislative day, our best guess is that the clock would run out in early to mid-June or so.) While the countdown hasn’t started yet, Democrats announced today that they have succeeded in getting the minimum 30 names necessary to force a vote.

    • Senate will force vote on overturning net neutrality repeal

      Markey announced his intention to file a resolution of disapproval in December, just after the FCC voted on new rules that killed net neutrality protections from 2015. These new rules were officially published last week, and with 30 sponsors, Markey can make the Senate vote on whether to consider overturning them. If this happens, it would lead to a debate and final vote.

    • Restoration of net neutrality rules hits key milestone in Senate
    • How Virgin Media lost me as a supporter

      Part of me wonders if the customer support has got worse recently, or if I’ve just been lucky. We had a problem about 6 months ago which was clearly a loss of signal on the line (the modem failed to see anything and I could clearly pinpoint when this had happened as I have collectd monitoring things). Support were insistent they could do a reset and fix things, then said my problem was the modem and I needed a new one (I was on an original v1 hub and the v3 was the current model). I was extremely dubious but they insisted. It didn’t help, and we ended up with an engineer visit – who immediately was able to say they’d been disconnecting noisy lines that should have been unused at the time my signal went down, and then proceeded to confirm my line had been unhooked at the cabinet and then when it was obvious the line was noisy and would have caused problems if hooked back up patched me into the adjacent connection next door. Great service from the engineer, but support should have been aware of work in the area and been able to figure out that might have been a problem rather than me having a 4-day outage and numerous phone calls when the “resets” didn’t fix things.

    • Uphill Effort To Reverse Net Neutrality Repeal Has The Early Votes

      As we’ve been tracking, there are several routes net neutrality advocates should support if they want to reverse the FCC’s attack on net neutrality. The best path forward remains with the courts, where the FCC will need to explain why it ignored the public, the experts, 1,000 startups, and all objective data as it rushed to give a sloppy kiss to Comcast, AT&T and Verizon. It will also need to explain why it made up a DDOS attack and blocked a law enforcement investigation into rampant comment fraud during the proceeding; both apparently ham-fisted attempts to downplay legitimate public opposition to the plan.

      But we’ve also noted how there’s an effort afoot by net neutrality advocates and Senator Ed Markey to use the Congressional Review Act to overturn the FCC’s vote. Under the CRA, Congress can overturn a regulatory action with a majority vote if the Act is used within 60 days of said action. It’s what the Trump administration and the GOP used early last year to kill broadband privacy protections before they were scheduled to take effect.

  • Intellectual Monopolies
    • Food Additive Approvals — and Patents

      I spend a lot of time thinking about the intersection of FDA regulation and intellectual property, and I have been constructing a large dataset relating to the patents claiming different types of FDA-regulated products. Recently, I have also been thinking a great deal about the regulation of food (because Mizzou is now allowing me to teach Food Law & Policy, in addition to Drug & Device Law). These two areas of interest intersected this past week, giving me some modest insights into premarket review of food additives and some very modest data to contribute to discussions about the (in?)efficiency of FDA’s food additive review process.

      [...]

      It’s hard to reach any grand conclusions from a set of 15 food additive petitions. But based on this review, I am inclined to be concerned about the length of time FDA takes reviewing food additive petitions and about the impact of the entire process on patent life. Some food additives can play an important role furthering the public health (for instance, artificial sweeteners play an important role for diabetics). Without digging further into FDA’s review of these particular food additives, which I have not done, it is hard to say what is causing the delays. But delays in the interest of chasing down vanishingly small chances of harm, when Congress did not mandate absolute harmlessness, would be concerning.

    • Prosecution History Informs Claim Meaning Even Without Unmistakable Disclaimer

      Although non-precedential, the Federal Circuit decision in Aptalis Pharmatech, Inc. v. Apotex Inc. is worth a read to see how the court “tiptoes” the “fine line between reading a claim in light of the specification, and reading a limitation into the claim from the specification.” Here, the court also notes that the prosecution history can inform claim meaning even without clear and unmistakable disclaimer of claim scope.

    • How Trump’s HHS nominee’s drug company ‘gamed’ a patent

      The drugmaker believed the erectile dysfunction drug might help a rare and deadly muscle-wasting disease that afflicts boys. The drug didn’t work — but under a law that promotes pediatric research, Lilly was able to extend the Cialis patent anyway for six months — and that’s worth a lot when a medication brings in over $2 billion a year.

      Critics say the brand-name drugmakers are “gaming” the patent system, finding all sorts of ways to protect monopolies and delay competition from generics. And Alex Azar — the former president of Eli Lilly’s U.S. operations, now poised to become the top U.S. health official — professes to oppose such tactics.

      But the tension between his past actions as a drug executive and his likely future as the nation’s top health official are evident in both the Cialis story and in Lilly’s tripling of the price of insulin.

    • Copyrights
      • Sky Hits Man With £5k ‘Fine’ For Pirating Boxing on Facebook

        A 34-year-old man from the UK has agreed to pay Sky £5,000 after the broadcaster tracked an illegal Facebook stream of the 2017 Joshua v Klitschko fight to his account. Craig Foster, who was warned of a potential £85,000 award should the case go to court, claimed that he wasn’t responsible. Backtracking, he says he now wants a fight with Sky.

      • Pirate Bay founder berates Netflix and Spotify

        “Artists can’t choose to be or not to be on Spotify in reality, because there’s nothing else in the end. If Spotify doesn’t follow the rules from these companies, they are f**ked as well. The dependence is higher than ever.”

      • Is Radiohead Really Suing Lana Del Rey For Copyright Infringement?

        Though these allegations have since been proven to be inaccurate, the situation seems far from resolved. A spokesperson on behalf of Radiohead has shared with The Sun that “both teams are trying to thrash it out behind the scenes to prevent going to court.” “It’s understood that Radiohead’s team are hoping for the band to either receive compensation or be credited on the list of songwriters to receive royalties.”

      • White noise video on YouTube hit by five copyright claims

        A musician who made a 10-hour long video of continuous white noise – indistinct electronic hissing – has said five copyright infringement claims have been made against him.

        Sebastian Tomczak, who is based in Australia, said he made the video in 2015 and uploaded it to YouTube.

        The claimants accusing him of infringement include publishers of white noise intended for sleep therapy.

        “I will be disputing these claims,” he told the BBC.

      • Facebook and Sony/ATV Music Publishing Announce Licensing Agreement

        Under the agreement, users will be able to upload and share videos on Facebook, Instagram and Oculus that contain compositions licensed from Sony/ATV’s catalog as well as personalize their music experiences with songs from the catalog.

      • Facebook strikes music licensing deal with Sony

        Facebook recently inked a similar deal with Universal Music, but Sony is the largest music publisher in the world. With two of the three biggest services signed, it’s expected that Zuckerberg & Co. will ink a deal with the last holdout, Warner Music, soon.

      • Facebook and Sony/ATV reach a licensing deal to let people post music videos

        These types of partnerships can help Facebook better challenge tech companies like Spotify and YouTube, which has deals with UMG and Warner Music Group.

Watchtroll is Where Information and Facts Come to Die in the Name of PTAB Bashing (Trolls’ Lobbying)

Tuesday 9th of January 2018 12:32:16 PM

Summary: The latest anti-PTAB posts from Watchtroll (they make up almost most of the ‘articles’ so far this year) and what can be deduced from Wi-Fi One v Broadcom — a new decision from a high court

THE EPO‘s management is a premier source of lies, but it’s closely matched by Gene Quinn’s Watchtroll. Google News is syndicating far too much trash, or so-called ‘news’ sites that are actually marketing and lobbying. Watchtroll is one of those sites. It can almost give one a headache trying to figure out how Watchtroll comes up with its misleading spin and deceptive headlines. Google, in turn, relays that to a broader audience.

The latest PTAB bashing at Watchtroll (they do this every day now) is beyond moronic. “Professional writers” who do such lobbying disregard fact-checking. What on Earth is this (by Steve Brachmann and Gene Quinn)? It’s an incredibly misleading headline; it says “58 Patents Upheld in District Court Invalidated by PTAB on Same Grounds,” but it’s not on same grounds at all, just different interpretation of same Sections (e.g. 102 and 103).

Then, later in the day, Gene Quinn, Steve Brachmann, Josh Malone and Paul Morinville (the patent 'extremist' who dons a cowboy hat) came up with “PTAB Facts: An ugly picture of an tribunal run amok”.

“Facts”…

Yeah, just keep using that word. “Facts”…

Donald Trump too claims to be tweeting “facts”, even if in less than a year he has already been caught telling about 2,000 lies or misleading statements (some people track them all and keep count).

The patent microcosm and its deceitful lobby (sites like Watchtroll) are clearly losing the debate online; laws are turning against them, courts rule against their interests. So lying seems to have become the last resort. Sorry, not “lying”… but “facts”…

Alternative “facts”…

That’s the role of Watchtroll. Here is what the site wrote about the latest decision from the Court of Appeals for the Federal Circuit (CAFC). It matched his anti-PTAB agenda, so he and other patent extremists amplified it as much as possible. One such person said: “WiFi One; en banc. Finally after all these months! Held: in inter partes review, PTAB time-bar determinations under § 315(b) are appealable.” Prior decisions to the contrary overruled. Remand to panel.”

Another one said: “IMPORTANT en banc #patent case: Wi-Fi One v Broadcom, Federal Circuit en banc 1/8/18: 9-4 vote that sec 315 time bar issues in IPRs *ARE* appealable to FedCir; overruling contrary conclusion of Achates Pub. (2015). http://www.cafc.uscourts.gov/sites/default/files/opinions-orders/15-1944.Opinion.1-4-2018.1.PDF …”

Michael Loney, writing about Wi-Fi One v Broadcom having closely tracked PTAB for years, said this:

In Wi-Fi One v Broadcom, the Federal Circuit has held the time-bar determinations for instituting IPR at the PTAB are appealable. Observers believe this may foreshadow similar decisions for other areas of reviewability

“Observers” in this case means the patent microcosm and “believe” means “hope”. Of course they would cherry-pick all the decisions which suit them, even if these decisions may not be precedential. That’s just how lobbying works.

Judge Paul Michel is Not So Retired; Helps the Patent Trolls’ Lobby Critique His Former Employer

Tuesday 9th of January 2018 11:39:03 AM

Retirement money is not enough to keep Michel from intervening as an outsider with powerful connections

Summary: As the new year begins (and people return from holiday) outlines of Federal Circuit cases are published (3 of them yesterday) and Paul Michel rears his head again (he still meddles by public criticism, wielding influence to impact the court’s direction in absentia)

THE Court of Appeals for the Federal Circuit (CAFC) improved a lot last year. We are very pleased with its work under the new lead (after Rader left in disgrace). Last year it consistently rejected software patents. It’s pretty incredible because only a few years prior to that the opposite was true (under Rader and before Alice).

A very detailed breakdown by Ropes & Gray LLP’s Scott A. McKeown has just been published. He calls it “2017 CAFC Guidance“; it’s fairly objective and reasonably OK. But watch this advice (how to trick examiners);

Patent prosecutors navigate complex USPTO rules and seemingly esoteric examinational requirements to procure patent rights. In doing so, it is easy to lose sight of the fact that the Manual of Patent Examining Procedure (MPEP) does not have the full force and effect of law. Nevertheless, patent examiners (rarely trained lawyers) adhere to their interpretation of the Manual requirements. To budge examiners off of entrenched, legal positions, savvy prosecutors will keep a trained eye on the Federal Circuit for help.

Patent examiners who read this will hopefully take note; this is how legal firms view you…

A similar breakdown was posted by Dan Bagatell at Law 360. It’s titled “Fed. Circ.’s 2017 Patent Decisions: A Statistical Analysis”. Much of it is behind paywall, except this: “After each fiscal year end, the Federal Circuit publishes statistics summarizing where its cases came from, the court’s throughput over the year, and its median times to disposition in cases from different sources.[1] The court even tantalizes court watchers (a bit) by providing reversal rates for each agency and for district courts as a whole.[2] But the court does not explain how it calculates its statistics, and the high level at which the court presents the data obscures the juicy details.”

Are they trying to ‘scandalise’ CAFC too now? Not just PTAB? We’ll write about PTAB-bashing bias in our next post…

Last but not least, IAM has just said: “Former CAFC Chief Judge Michel runs through his top #patent cases to watch in 2018″ (linking to this article from yesterday).

It is extremely disturbing that IAM is connected to and keeps amplifying corrupt judges like Rader and now also Paul Michel. He keeps showing up everywhere (e.g. [1, 2, 3]) even though he retired. He typically sides with the patent maximalists and lobbyists of patent trolls.

This is IAM’s introduction:

As with any news platform focused on the patent world, we keep a close eye on the major court cases in the US, particularly those that have a direct impact on IP value creation. Key decisions from district courts, the Court of Appeals for the Federal Circuit (CAFC) and the Supreme Court, ripple throughout the IP world and so it’s important to know the cases that are coming which are likely to have repercussions for our readers. With all that in mind, we asked former CAFC Chief Judge Paul Michel to cast his eye over the Federal Circuit’s docket to identify what he believes we’re likely to be talking (and writing) about in 2018. Here are his top five.

What compels Michel to indirectly compose articles for IAM now? As a reminder, IAM tried to intervene in the appointment of USPTO Director in order to put a disgraced CAFC judge (Rader) in place of Michelle Lee. Rader is a friend of trolls and it’s not exactly a secret who pays IAM’s bills.

Devices: When Allegations of Software Patent Infringement/s Can Result in Theft (Confiscation) of Physical Devices or Embargo

Tuesday 9th of January 2018 10:38:43 AM

Summary: The embargo dilemma and how bad things have gotten in Europe and North America; products get stolen and booths raided before proper justice is concluded (complete with appeals, expert witnesses and so on)

SANCTIONS against distribution of code are hard, especially in the age of the Internet. Even binaries, not just code (proprietary and Free/libre software, respectively). Software in general is difficult to police. Attempts to ban ‘export’ of encryption to particular countries, for instance, were never successful. These were farcical at best and they vividly demonstrated politicians’ inability to grasp what software is (the notion of ‘export’ is itself inapplicable in such a context).

Over a decade ago we wrote about how codec patents (basically software patents from the likes of MPEG-LA) were used to raid booths and steal products of companies (in bulk). It was despicable and media did pay attention at the time. It happened in Europe. Later it happened in the US as well, thanks to the likes of CES and ITC.

“Over a decade ago we wrote about how codec patents (basically software patents from the likes of MPEG-LA) were used to raid booths and steal products of companies (in bulk)”We are particularly interested in how ITC sanctions export/import on the basis of software. A decade ago Microsoft used the ITC to embargo a rival whose mice it alleged to have infringed patents (hardware), but what happens in the post-Alice age in the US? Can mere allegations result in embargo or — even worse — confiscation? It’s like controversial civil forfeiture on the basis of patents alone (and likely baseless accusations/assumptions).

We aren’t saying that infringement should never result in action. We are not insinuating that all patents are bunk. Consider this new story, which involves hardware and patents. “Skybell Technologies, “it says, “has filed a lawsuit claiming its Santa Monica competitor, Ring, copied its technology and is profiting from advertising and marketing techniques rather than innovative software and hardware.”

No recalls or confiscations but an actual legal process. Like that followed in Cisco v Arista.

“This whole charade will one day backfire on the West; China might start banning lots of US brands such as Apple. “Patents” will be merely a pretext, just as “free speech” already gets used to ban particular foreign products in China (or compel the producers to censor and appease the Communist Party).”There’s this upcoming lecture (a fortnight ahead) titled “Leveraging Patent Rights” — whatever they actually mean by “Leveraging”. “With a growing portion of innovation embodied in software,” says the abstract, perhaps neglecting to take Alice into account. You cannot patent software and also enforce it in a high court anymore. Forget about it. But what if patent bullies actually manage to steal or embargo products before the matter is dealt with by a judge? That’s a legitimate question.

According to yesterday’s two articles [1, 2] from a patent bullies’ Web site (IAM), embargoes are still a ‘thing’.

The first article concerns hasty embargoes using patents (embargoes are not justice; they’re coercion by the powerful oligopoly, typically with connections in government, i.e. customs). It’s about Mobile World Congress, which is a month away:

The Mobile World Congress, the world’s largest gathering of companies in the mobile communications industry, is taking place in Barcelona this year from 26th February to 1st March. Businesses from around the world will be there, exhibiting current products and launching new ones. Over recent years, the Barcelona commercial court has developed a fast track procedure to deal with alleged IP infringements in the lead up to and at the event, which includes the possibility of successful plaintiffs obtaining a range of potential remedies – including preliminary injunctions, as well as the seizure of infringing products. Importantly, as Spanish company Fractus proved last year, these measures work in practice.

This has already caused major embarrassment in the past. Are they planning to do it again this year?

The second article is about the US. This one too (from the same day, yesterday) is about patents as tools of embargo; bad for customers, no doubt, but when an agency like the ITC is a US entity (the “I” stands for “international”, which is laughable) it’s no surprise that it almost always bans products from Asia, not products of US brands (like Apple) which do the manufacturing in Asia and then import everything from there. To quote IAM:

As service providers prepare their annual deep-dives into US patent litigation statistics, it looks like the overall number of new district court cases filed will have fallen by about 10% between 2016 and 2017. But over at the International Trade Commission, the number of new investigations increased by around 13% last year, according to figures from Lex Machina. For major Asian tech companies, the ITC is a continuing concern; but it’s not the number of cases, but rather some recent legal developments that are garnering the most attention.

Governments in South Korea, Taiwan and mainland China have all warned about the effect of ITC probes on domestic industry in recent times. This level of attention speaks to how large tech companies in those jurisdictions gauge business threats from patent enforcement in the United States. Because it sits at the intersection of IP and trade law, an increase in ITC complaints against Asian firms was one of the most common predictions I heard last year when I asked experts around the world what impact the Trump administration might have on the patent world.

Curiously, as we noted here before, China has begun responding (to a lesser degree) by imposing embargoes also from within China. This whole charade will one day backfire on the West; China might start banning lots of US brands such as Apple. “Patents” will be merely a pretext, just as “free speech” already gets used to ban particular foreign products in China (or compel the producers to censor and appease the Communist Party).

Battistelli’s Year 1 at EPO: General Advisory Committee Not Being Provided Crucial Information

Tuesday 9th of January 2018 07:06:29 AM

Original: English [PDF] | German [PDF]

Summary: The General Advisory Committee (GAC) of the EPO was not adequately provided with information, based on which to form decisions or remark on Battistelli’s proposals

Battistelli’s Year 1 at EPO: Using ‘Staff Dignity’ as a Pretext to Attack the Dignity of EPO Staff and Staff Representatives

Tuesday 9th of January 2018 06:52:07 AM

Laurent Prunier (pictured below talking about the scandal at the EPO with Suzette Saint-Marc of the Council of Europe) is the latest staff representative to be controversially sacked by Battistelli

Original: English [PDF] | German [PDF]

Summary: The term “staff dignity” (long used at the EPO to promote the secret police, the IU) as used 7 years ago by the regime of Battistelli; this was later exploited for union-busting activity

Possible Explanation for German Media Barely Covering Very Major EPO Scandals

Tuesday 9th of January 2018 06:35:58 AM

“Politicians traditionally have a big influence on Volkswagen’s management decisions as well, with Lower Saxony owning a fifth of the shares and the state chancellor, Stephan Weil, on the supervisory board.”

Julia Löhr on Volkswagen (VW)

Related: Raw: The European Patent Office (EPO) is a Cash Cow of Germany

Recent: German Media Helps Cover Up — Not Cover — the Latest EPO Scandal

Original: English [PDF] | French [PDF] | German [PDF]

Analysis: English [PDF]

Summary: Old EPO documents reveal the extent to which Germany benefits from the Germany-centric EPO

More in Tux Machines

Linux Kernel Development

  • New Sound Drivers Coming In Linux 4.16 Kernel
    Due to longtime SUSE developer Takashi Iwai going on holiday the next few weeks, he has already sent in the sound driver feature updates targeting the upcoming Linux 4.16 kernel cycle. The sound subsystem in Linux 4.16 sees continued changes to the ASoC code, clean-ups to the existing drivers, and a number of new drivers.
  • Varlink: a protocol for IPC
    One of the motivations behind projects like kdbus and bus1, both of which have fallen short of mainline inclusion, is to have an interprocess communication (IPC) mechanism available early in the boot process. The D-Bus IPC mechanism has a daemon that cannot be started until filesystems are mounted and the like, but what if the early boot process wants to perform IPC? A new project, varlink, was recently announced; it aims to provide IPC from early boot onward, though it does not really address the longtime D-Bus performance complaints that also served as motivation for kdbus and bus1. The announcement came from Harald Hoyer, but he credited Kay Sievers and Lars Karlitski with much of the work. At its core, varlink is simply a JSON-based protocol that can be used to exchange messages over any connection-oriented transport. No kernel "special sauce" (such as kdbus or bus1) is needed to support it as TCP or Unix-domain sockets will provide the necessary functionality. The messages can be used as a kind of remote procedure call (RPC) using an API defined in an interface file.
  • Statistics for the 4.15 kernel
    The 4.15 kernel is likely to require a relatively long development cycle as a result of the post-rc5 merge of the kernel page-table isolation patches. That said, it should be in something close to its final form, modulo some inevitable bug fixes. The development statistics for this kernel release look fairly normal, but they do reveal an unexpectedly busy cycle overall. This development cycle was supposed to be relatively calm after the anticipated rush to get work into the 4.14 long-term-support release. But, while 4.14 ended up with 13,452 non-merge changesets at release, 4.15-rc6 already has 14,226, making it one of the busiest releases in the kernel project's history. Only 4.9 (16,214 changesets) and 4.12 (14,570) brought in more work, and 4.15 may exceed 4.12 by the time it is finished. So far, 1,707 developers have contributed to this kernel; they added 725,000 lines of code while removing 407,000, for a net growth of 318,000 lines of code.
  • A new kernel polling interface
    Polling a set of file descriptors to see which ones can perform I/O without blocking is a useful thing to do — so useful that the kernel provides three different system calls (select(), poll(), and epoll_wait() — plus some variants) to perform it. But sometimes three is not enough; there is now a proposal circulating for a fourth kernel polling interface. As is usually the case, the motivation for this change is performance. On January 4, Christoph Hellwig posted a new polling API based on the asynchronous I/O (AIO) mechanism. This may come as a surprise to some, since AIO is not the most loved of kernel interfaces and it tends not to get a lot of attention. AIO allows for the submission of I/O operations without waiting for their completion; that waiting can be done at some other time if need be. The kernel has had AIO support since the 2.5 days, but it has always been somewhat incomplete. Direct file I/O (the original use case) works well, as does network I/O. Many other types of I/O are not supported for asynchronous use, though; attempts to use the AIO interface with them will yield synchronous behavior. In a sense, polling is a natural addition to AIO; the whole point of polling is usually to avoid waiting for operations to complete.

Security: OpenSSL, IoT, and LWN Coverage of 'Intelpocalypse'

  • Another Face to Face: Email Changes and Crypto Policy
    The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended. One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
  • Some Basic Rules for Securing Your IoT Stuff

    Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked [sic] IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

  • A look at the handling of Meltdown and Spectre
    The Meltdown/Spectre debacle has, deservedly, reached the mainstream press and, likely, most of the public that has even a remote interest in computers and security. It only took a day or so from the accelerated disclosure date of January 3—it was originally scheduled for January 9—before the bugs were making big headlines. But Spectre has been known for at least six months and Meltdown for nearly as long—at least to some in the industry. Others that were affected were completely blindsided by the announcements and have joined the scramble to mitigate these hardware bugs before they bite users. Whatever else can be said about Meltdown and Spectre, the handling (or, in truth, mishandling) of this whole incident has been a horrific failure. For those just tuning in, Meltdown and Spectre are two types of hardware bugs that affect most modern CPUs. They allow attackers to cause the CPU to do speculative execution of code, while timing memory accesses to deduce what has or has not been cached, to disclose the contents of memory. These disclosures can span various security boundaries such as between user space and the kernel or between guest operating systems running in virtual machines. For more information, see the LWN article on the flaws and the blog post by Raspberry Pi founder Eben Upton that well describes modern CPU architectures and speculative execution to explain why the Raspberry Pi is not affected.
  • Addressing Meltdown and Spectre in the kernel
    When the Meltdown and Spectre vulnerabilities were disclosed on January 3, attention quickly turned to mitigations. There was already a clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but the defenses against the two Spectre variants had not been developed in public and still do not exist in the mainline kernel. Initial versions of proposed defenses have now been disclosed. The resulting picture shows what has been done to fend off Spectre-based attacks in the near future, but the situation remains chaotic, to put it lightly. First, a couple of notes with regard to Meltdown. KPTI has been merged for the 4.15 release, followed by a steady trickle of fixes that is undoubtedly not yet finished. The X86_BUG_CPU_INSECURE processor bit is being renamed to X86_BUG_CPU_MELTDOWN now that the details are public; there will be bug flags for the other two variants added in the near future. 4.9.75 and 4.4.110 have been released with their own KPTI variants. The older kernels do not have mainline KPTI, though; instead, they have a backport of the older KAISER patches that more closely matches what distributors shipped. Those backports have not fully stabilized yet either. KPTI patches for ARM are circulating, but have not yet been merged.
  • Is it time for open processors?
    The disclosure of the Meltdown and Spectre vulnerabilities has brought a new level of attention to the security bugs that can lurk at the hardware level. Massive amounts of work have gone into improving the (still poor) security of our software, but all of that is in vain if the hardware gives away the game. The CPUs that we run in our systems are highly proprietary and have been shown to contain unpleasant surprises (the Intel management engine, for example). It is thus natural to wonder whether it is time to make a move to open-source hardware, much like we have done with our software. Such a move may well be possible, and it would certainly offer some benefits, but it would be no panacea. Given the complexity of modern CPUs and the fierceness of the market in which they are sold, it might be surprising to think that they could be developed in an open manner. But there are serious initiatives working in this area; the idea of an open CPU design is not pure fantasy. A quick look around turns up several efforts; the following list is necessarily incomplete.
  • Notes from the Intelpocalypse
    Rumors of an undisclosed CPU security issue have been circulating since before LWN first covered the kernel page-table isolation patch set in November 2017. Now, finally, the information is out — and the problem is even worse than had been expected. Read on for a summary of these issues and what has to be done to respond to them in the kernel. All three disclosed vulnerabilities take advantage of the CPU's speculative execution mechanism. In a simple view, a CPU is a deterministic machine executing a set of instructions in sequence in a predictable manner. Real-world CPUs are more complex, and that complexity has opened the door to some unpleasant attacks. A CPU is typically working on the execution of multiple instructions at once, for performance reasons. Executing instructions in parallel allows the processor to keep more of its subunits busy at once, which speeds things up. But parallel execution is also driven by the slowness of access to main memory. A cache miss requiring a fetch from RAM can stall the execution of an instruction for hundreds of processor cycles, with a clear impact on performance. To minimize the amount of time it spends waiting for data, the CPU will, to the extent it can, execute instructions after the stalled one, essentially reordering the code in the program. That reordering is often invisible, but it occasionally leads to the sort of fun that caused Documentation/memory-barriers.txt to be written.

US Sanctions Against Chinese Android Phones, LWN Report on Eelo

  • A new bill would ban the US government from using Huawei and ZTE phones
    US lawmakers have long worried about the security risks posed the alleged ties between Chinese companies Huawei and ZTE and the country’s government. To that end, Texas Representative Mike Conaway introduced a bill last week called Defending U.S. Government Communications Act, which aims to ban US government agencies from using phones and equipment from the companies. Conaway’s bill would prohibit the US government from purchasing and using “telecommunications equipment and/or services,” from Huawei and ZTE. In a statement on his site, he says that technology coming from the country poses a threat to national security, and that use of this equipment “would be inviting Chinese surveillance into all aspects of our lives,” and cites US Intelligence and counterintelligence officials who say that Huawei has shared information with state leaders, and that the its business in the US is growing, representing a further security risk.
  • U.S. lawmakers urge AT&T to cut commercial ties with Huawei - sources
    U.S. lawmakers are urging AT&T Inc, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies Co Ltd and oppose plans by telecom operator China Mobile Ltd to enter the U.S. market because of national security concerns, two congressional aides said. The warning comes after the administration of U.S. President Donald Trump took a harder line on policies initiated by his predecessor Barack Obama on issues ranging from Beijing’s role in restraining North Korea to Chinese efforts to acquire U.S. strategic industries. Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei [HWT.UL] handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters.
  • Eelo seeks to make a privacy-focused phone
    A focus on privacy is a key feature being touted by a number of different projects these days—from KDE to Tails to Nextcloud. One of the biggest privacy leaks for most people is their phone, so it is no surprise that there are projects looking to address that as well. A new entrant in that category is eelo, which is a non-profit project aimed at producing not only a phone, but also a suite of web services. All of that could potentially replace the Google or Apple mothership, which tend to collect as much personal data as possible.

today's howtos