Language Selection

English French German Italian Portuguese Spanish

Techrights

Syndicate content
Free Software Sentry – watching and reporting maneuvers of those threatened by software freedom
Updated: 1 hour 6 min ago

AIPPI is Led by Team UPC’s People and ‘AIPPI Congress Report’ Published by Team UPC

Sunday 30th of September 2018 05:09:56 PM

Summary: Events set up by a cabal of patent maximalists are perpetuating some of the same old myths about their fantasies becoming reality

THE EPO and USPTO are both being lobbied by AIPPI, a front/pressure/lobby group controlled by patent maximalists, who look to enrich themselves at the expense of everybody else. Team UPC's Wouter Pors is one of the leaders and they actively lobby for software patents in Europe. They’re also connected to António Campinos.

The CIPA/Bristows LLP ‘takeover’ of IP Kat (which we spoke out about several times last year) is worth recalling because earlier today memories of that returned. “First time attendee (and the UK Group’s prize winner),” wrote Bristows LLP staff about colleague “Sarah Blair (Bristows LLP) [who] was at the helm ready to report on the session for the IPKat…”

It’s part of a four-part series, the third part of which has also just been published with misleading claims. The patent maximalists of AIPPI don’t seem to be bothered by facts. It’s just personal agenda disguised as “forum” and “information” or whatnot, just like an arms trade open day or ‘fair’.

Bristows staff is writing about UPC as if the inevitable outcome of the complaint in Germany will be dismissal of this complaint (that’s not the case at all!). They frame this as a question of time/timing. What incredible lies, albeit the usual arrogant assumptions from Bristows. To quote:

2. Judge Dr Klaus Grabinski (German Supreme Court) discussed the Unitary Patent Court (UPC), Brexit implications and the German constitutional complaint.

So far the UPC Agreement has been ratified by the UK and 16 other Participating Members, but crucially not yet Germany. Judge Grabinski reminded us of the importance of the Protocol on the UPC Agreement which so far has also not been ratified by Germany.

The ratification process in Germany is now stalled with matters stayed ahead of a green light to proceed from the federal court. Although the Complaint is listed as for consideration by the Judge Rapporteur in 2018, there is no guarantee or commitment that the case will be decided this year.

There was detailed description of how the UK could possibly stay in the UPC after leaving, with the takeaway point being that the Vienna Convention on the Law of Treaties and EU regulation 1257/2012 would not prohibit or be incompatible with the UK having a status of Participating Member State of the UPC. Watch this space!

Recall British Team UPC’s biggest two lies about the Unitary Patent (UPC); we’re seeing them above again. We’ve written about 4 articles over the past week regarding the latest developments in the UK in light of ‘no deal’ Brexit (the impact on UPC). Other reports about Grabinski’s speech/discussion at AIPPI (not Bristows’ report) painted things quite differently.

The Demise of the Eastern District of Texas as Litigation Venue of Value

Sunday 30th of September 2018 02:34:10 PM

Last year: US Patent Trolls Are Leaving and the Eastern District of Texas Sees Patent Cases Falling by More Than Half


It has been getting a lot harder for patent trolls to ‘milk’ Texas after TC Heartland

Summary: Texas and in particular the Eastern District of Texas are no longer attractive to patent trolls and even if these patent trolls file lawsuits in the Eastern District of Texas the higher courts divert them to other, more suitable and less biased courts (less software patents- and trolls-friendly)

THE previous post alluded to TC Heartland — a SCOTUS decision from last summer. It has since then redirected many patent cases (over USPTO-granted patents) away from trolls-friendly litigation venues.

Over the past week we saw some interesting news from or about Texas. This article from a trolls-infested town in Texas, for example, makes it sound as though the USPTO has just fed another bogus software patent to a highly oppressive company that aids vigilantes. They use some trademarked buzzwords to justify this.

Days prior a blog post by Charles Bieneman spoke of a 35 U.S.C § 101 case in Texas. In the United States nowadays software patents are still, in general, dropping like flies (in courts at least, as software patents are quite worthless there). What’s noteworthy about it is the outcome:

Claims directed to “software fault recovery” are patent-ineligible under 35 U.S.C § 101, said the court in Atticus Research Corp. v. MMSoft Design Ltd., No. 4:17-CV-3387 (S.D. Texas Sept. 6, 2018), granting a Rule 12(b)(6) motion to dismiss allegations that claims of U.S. Patent No. 6,567,937 were infringed. The court agreed with the defendant that the claims were directed to the unpatentable abstract idea, under the Alice/Mayo test, of taking a corrective default action if a remote user does not specify otherwise within a period of time.

So even courts in Texas are recognising Alice (sometimes). Bieneman also wrote about the Eastern District of Texas (more notorious than others in the state because it is infamously biased in favour of software patents). Here’s what happened there 12 days ago:

Patent claims directed to counting steps in an exercise session, including accounting for an incline of a surface on which a user is stepping, have survived a Rule 12(b)(6) motion to dismiss. Uniloc USA Inc. v. Samsung Electronics America, Inc., Civil Action No. 2:17-CV-00651-JRG (E.D. Texas Sept. 18, 2018). Applying the familiar Alice/Mayo abstract idea test, Judge Gilstrap, “drawing all reasonable inferences in favor of” the patent owner, found that claim 1 of US Patent No. 7,690,556is “directed towards the unconventional use of accelerometers in a step counter in order to measure the incline traveled by the user,” and that “such use is not directed to an abstract concept under AliceStep One.”

So let’s see what the Federal Circuit says about these patent claims (if they dare or if there’s an appeal). Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs) typically crush these patents, either before or during cases in district courts.

Matthew Bultman has meanwhile reported that “[t]he Federal Circuit on Tuesday ruled a patent lawsuit against HP Inc. over its Chromebook laptops should be moved from the Eastern District of Texas, finding California was the more convenient…”

In re HP (nonprecedential order) was also mentioned here. It has been getting harder for patent trolls to drag the accused to the Eastern District of Texas where judges boast/brag about being trolls-friendly. The source of this coverage is a patent maximalist, just like the district court. To quote:

The Federal Circuit has granted HP’s petition for writ of mandamus – ordering the E.D. Tex. Judge Schroeder transfer Cypress Lake Software, Inc. v. HP Inc. to N.D. California — HP’s home district.

Venue must be “proper.” 28 U.S.C. 1400(b). But, even when proper, a district court may order a case transferred to another venue for convenience. Although the law follows the traditional doctrine of forum non-conveniens, it has been codified at 28 U.S.C. 1404(a).

So all in all what we see here is a migration out of Texas, widely supported not just by SCOTUS but also the Federal Circuit below it.

Watching Judges Who Get Too Close to the Litigation ‘Industry’ That Promotes Propaganda Terms Like ‘Intellectual Property’, ‘FRAND’ or ‘Life Sciences’

Sunday 30th of September 2018 01:01:09 PM

…As if ideas are “owned”, life and nature are “discoveries” and patent taxes are “fair”, “reasonable” and “nondiscriminatory”

Summary: A look at potential ethical problems, based on the fact that Colin Birss attends and speaks at CIPA events; there are also similar issues in the United States

THE idea that life is a science and nature is an invention is a rather odd idea. We wrote about this many times over the past year. It’s the sort of delusion that EPO and USPTO officials get carried away by, forgetting that patents should exist for inventions, not mere explorations, explanations and interpretations. We recently wrote several articles bemoaning the term “life science/s” — a rather new concept if not buzzword [1, 2].

The Life Sciences Forum is an event of patent extremism, so things that harm patent quality are celebrated there, whereas much-needed fixes against patent trolling are condemned. As one patent maximalists’ site put it: “ANDA lawsuit filing spiked last year, TC Heartland is troublesome, and the USPTO’s Vanda memo is promising – these are some conclusions from a session at our Life Sciences Forum…”

How is TC Heartland “troublesome”? As we shall show in our next post, it has been troublesome mostly to patent trolls.

It has meanwhile turned out that, based on another article from these patent maximalists, Colin Birss is attending an event of patent maximalists. He’s a judge, so that doesn’t seem so appropriate. It’s just hard to see why a judge would wish to associate with CIPA Congress. CIPA is a bunch of lying bullies that send threats to people. It is also rather odd a thing to see him described by a patent troll (of Ericsson) that he happened to rule on. The patent maximalists refer to him in the headline not by his name but as “Unwired Planet judge” and then say this:

Speaking at this year’s CIPA Congress, Mr Justice Birss said that FRAND disputes will be fought in one place in the future and that the UK’s new doctrine of equivalence may not last in its current form

He probably oughtn’t hang out with these people, otherwise he may risk a Rader-type scandal. He is being emboldened by rather radical elements.

Over at Patently-O, days ago a post by Dennis Crouch spoke of patent law firms breaking the rules, as law isn’t the goal but just getting richer and richer if the goal. Here are the details:

In a new order captioned In re Violation of Rule 50, Docket No. 2018-9001 (Fed. Cir. Sept 27, 2018), the Federal Circuit has rebuked an unnamed former law clerk and her law firm for violation of the rule.

The basic setup: When the clerk left the Federal Circuit, she handed over a list of no-no cases to her new law firm. (“No-no cases” are those that were pending during the clerk’s time at the Federal Circuit.) Several years later, the firm stepped-in as new counsel to one of the no-no cases and the former clerk appeared as a lawyer in the lawsuit (though not lead counsel). Some unidentified time later, the clerk realized the violation and immediately withdrew from the case. The clerk and firm then notified the Federal Circuit of the breach — noting that the clerk never saw any briefs, discussed the case, or heard any discussion of the case during her time at the Federal Circuit.

In its decision here, the court noted that R. 50 “must be strictly followed” and that the facts as explained are “proof of the firm’s negligence.” Still, the court decided not to impose discipline since this was a first offence for the clerk and firm and no harm was shown. I expect that it would be personally difficult for the court to actually impose discipline on its former clerks absent egregious factors.

David Hricik, who typically writes about ethics in Patently-O (he himself is a former worker at the court), writes about McKool Smith, which represents a lot of patent trolls. It’s not too shocking to see them violating laws etc. It is only to be expected. They’re thugs and bullies (even if they wear suits) and Hricik put it:

Almost exactly one year ago (here), I explained that McKool Smith had been accused of violating a prosecution bar based upon a disagreement, or misunderstanding, about when the bar-dated ended.

We have been writing about McKool Smith for many years and almost every time they’re mentioned it’s in relation to some sort of blackmail rather than patent justice. It would be nice and perhaps well overdue to see them disbarred.

Team UPC Wants More (Patent) Taxes on Society While Defending/Shielding the Super-rich From Taxes That Might Otherwise Benefit Society

Saturday 29th of September 2018 07:53:30 PM

Guarding the super-rich by pushing new laws that favour their interests

Summary: By actively helping affluent individuals and multinational firms raid the world with patents and helping these individuals and multinational firms get tax exemptions/reliefs the law firms that are shameless about UPC promotion reveal themselves for what they truly are; they’re parasites that take from the poor to give to the rich

THE media has been quiet about the EPO lately (more so than about the USPTO), which left a certain vacuum for law firms that push their marketing as ‘news’. Over the past week this has mostly meant shameless self-promotion in relation to the UPC.

Not everybody played along. “Only 6 months until Brexit on 29 Mar 2019,” one of them wrote. “And the European Unified Patent Court? No German ratification of UPC agreement, no decision of constitutional court yet, no oral hearing scheduled. Time to say goodbye?”

Yes, but Team UPC won’t give up and admit that just yet. Boult Wade Tennant LLP’s Neil Thomson, in addition to Gordon Harris and Kate Swaine (Gowling WLG) and Osborne Clarke’s Arty Rajendra, Robert Guthrie, Clare Robinson and Mark Foreman are the latest to write about ‘unitary’ patents and the UK. Well, their UPC dream is dead. Deep inside they know it, but they keep throwing their ‘analyses’ at Mondaq and Lexology [1, 2, 3]. So did Stephen Bennett and Sahira Khwaja (Hogan Lovells) in JD Supra, as did Anita Polott and Robert Smyth (Morgan Lewis) [1, 2]. For those who aren’t familiar with Mondaq, Lexology and JD Supra, those are basically platforms of lawyers, not journalism. That may seem like honest advice, but it’s just a farm in which to advertise (oneself).

UPC has all along been full of mischief and cheating. Lies, manipulation and dirty tricks behind closed doors. This isn’t going to help the reputation of the profession.

Patrick Wingrove, writing from London about the so-called ‘UK Patent Box’, is basically framing as beneficial a tax evasion mechanism; it’s about using patents and dirty tricks by which to ‘hide’ some ‘assets’ and it’s mostly exploited by large corporations with help of law firms. As Wingrove put it: “Newly-released statistics from the UK’s HMRC indicate a 25% year-on-year increase in Patent Box claims. Large companies are getting better at using the system, but overheads may still be keeping smaller firms from using it…”

So HMRC and some patent law firms facilitate more tax evasion by the rich, making them even richer. The same goes for the UPC in the sense that UPC is designed to help large companies crush SMEs using patents. They ought to call it what it really is, but those sites are megaphones of the litigation ‘industry’. Here’s how another site covered it days ago:

Over 1000 companies claimed almost £1 billion in relief using the UK’s Patent Box initiative.

According to statistics released by from HM Revenue & Customs (HMRC) data, 1,025 companies claimed £942.5 million in relief using the Patent Box in 2016-17.

HMRC revealed in its annual statistics release that the number of companies claiming relief increased from 2013-14 to 2015-16, although the number of companies claiming relief in 2016-17 decreased compared to previous years.

Over a quarter of claiming companies were classified as ‘large’ and accounted for 96.3 percent of relief in 2016-17, up 0.8 percent on the previous year.

That’s just ‘legalised’ tax evasion by the rich, actively and gleefully facilitated by patent lawyers. Are they proud of themselves? Making the poor pay even more tax to make up for these blatant omissions?

Meanwhile, over in the US, there’s this update about a super-rich individual opposing taxes on one’s patent extortion and the role of SCOTUS in it:

I posted an article earlier on Gil Hyatt’s ongoing disputes with the USPTO. He also has ongoing disputes with the California Tax Board that reach back to his early licensing revenue from his 1990 microprocessor patent. The case is back before the Supreme Court for the third time. See Franchise Tax Board v. Hyatt (Hyatt I), 538 U.S. 488 (2003); Franchise Tax Board v. Hyatt (Hyatt II), 136 S.Ct. 1277 (2016).

The basic issue is that a Nevada jury found that California had used improper aggression in pursuing Hyatt for taxes that were not really owed.

So we get it. Rich people don’t want to pay tax. They want to tax the whole of society using patents while contributing just about nothing in terms of taxes. This is the sort of nefarious agenda actively promoted by patent law firms (perhaps with few exceptions). And later they tell us all sorts of fairy tales about their aim of protecting innovation and so on…

Superficially Artificial or Artificially Superficial Patents on ‘AI’ Are Fake Patents

Saturday 29th of September 2018 07:22:02 PM

They won’t hold water (would be rendered invalid if challenged in courts)

Summary: Patent offices on both sides of the Atlantic are using hype waves to facilitate patenting of software that courts would almost certainly deem unpatentable

THE “AI” hype made a big comeback about a year ago. Suddenly a lot of things got called “AI” — even things that weren’t called that before!

The EPO and USPTO were quick to exploit this hype and actively promote it in conjunction with patents, even software patents in Europe and in the post-Alice/US 35 U.S.C. § 101 U.S. Patent and Trademark Office. How come? Well, all they care about is the number of patents. Quality does not seem to matter and rules can be disregarded if the applicant name-drops something like “AI”. We wrote dozens of articles about it.

“EPO software patent party continues,” Benjamin Henrion (FFII) wrote in relation to a puff piece that the EPO keeps linking to (it’s from Watchtroll). “We need help countering this,” I responded, seeing that not enough groups and people point out this lunacy. The article at hand speaks of “ICT inventions”. “ICT” is one of the sneaky terms the EPO uses for software patents and here is what it said: “EPO Chief Operating Officer Mobility & Mechatronics: The challenge of ICT inventions in mobility patent applications is that we have to be able to deal with mixed technology & have our examiners trained to handle them.”

Well, “examiners trained to handle them” as in forced to accept these or risk losing their jobs. “AI” is also one of the sneaky terms that the EPO uses for such patents and Friday was no exception. The EPO wrote: “The main challenge for patent offices from AI will be its rapid growth across a range of technical fields. More on how the EPO is well prepared to face this challenge here…”

It’s pretty remarkable how often the EPO promoted software patents since António Campinos had started his term. He is absolutely fine with it.

Over in the US, patent maximalists (mostly the large law firms) still try 'puling a Berkheimer' (and Aatrix) to lie about software patents having legal ‘teeth’. Here’s the latest example of it that we found earlier today:

One of the hottest and most controversial topics in patent law in recent years has been the question of patentable subject matter: Exactly what innovations can be patented?

In the area of software almost nothing — a subject we’ll explore in greater depth (citing new court cases) later this weekend. A very recent post by Charles Bieneman (“Overcome Alice by Talking up Technical Benefits”) shows how they try to come up with workarounds (around US 35 U.S.C. § 101). From Bieneman’s concluding words: “Anything you can put in your specification about how claimed subject matter makes hardware bigger, better, faster, or stronger may be very helpful supporting a patent-eligibility argument.”

So it’s the classic trick of trying to make code sound physical — the oldest trick at the EPO.

“Are Database Systems Patentable?” That’s Law.com coverage to this effect after a recent high-profile case (finding database patents invalid). Beyond the headline we just have a patent maximalist dancing around the question to which to short answer is “No!” (and these lawyers know it).

This brings us back to the “AI” metaphor or buzz. Watch how, in this new press release [1, 2], Iveda is disguising abstract patents (which are bunk) using buzzwords like "AI". We are going to see lots more of that in months if not years to come. Sometimes they can’t possibly make claims about the code pertaining to hardware (physical), so instead they speak of mere concepts like “AI” — a concept that can cleverly be spun to refer to just about any computer program.

Links 29/9/2018: Wine 3.17, Nuitka 0.60

Saturday 29th of September 2018 02:36:43 PM

Contents GNU/Linux
  • Desktop
    • Lilbits 340: System76 to launch a new open source computer

      It’s been more than a year since Linux computer company System76 announced plans to design and manufacture hardware in-house. Up until now, the company has primarily worked with OEM’s to add custom software to off-the-shelf laptop and desktop PC designs.

      Now the company says it plans to start taking pre-orders for a “new open-source computer” next month. The company isn’t saying much about what kind of computer we’re talking about, but last year System76 said it would probably start with desktops, which are easier to design than notebooks or other portable computers.

    • Linux Apps on High Resolution Chromebooks Getting A Fix

      The advent of Linux apps on Chromebooks is a relatively new phenomenon that feels like its been around for a long time. If you remember, the feature has only been around for the last few versions of Chrome and only began garnering attention in May of 2018 around Google’s yearly developer event: I/O.

      With that in mind, the rapid development has been impressive. It took Android far longer to shake out the major bugs and become relatively usable. Linux apps at this point are working quite well with decent file support and relatively simple setup – assuming you know your way around a Linux terminal. Heck, even if you don’t, getting a software center installed is pretty simple for most people and can give a level of comfort to users not so familiar with the terminal.

  • Server
  • Audiocasts/Shows
  • Kernel Space
    • Linus Torvalds answers 5 questions in BBC letter

      To hear some people talk about it, Linux’s new Code of Conduct (CoC) will destroy Linux by shoving out developers who don’t kowtow to political correctness. Others are sure Linux will remain a haven for abusive jerks. Linus Torvalds, in an e-mail to the BBC, revealed he’s sick of both sides.

      I addressed some of these myths about Torvalds stepping down and the CoC in an earlier piece, but Torvalds is the man on the spot, so let’s look at what he said.

    • Linus Torvalds’ Linux Kernel Departure Marks a Shift in Attitudes Toward Tech Entrepreneurs [Ed: Tomorrow is a fortnight since Torvalds sent out an e-mail about the latest kernel RC and a note about short Linux break. Corporate media keeps doing this mudraking.]

      See, the Linux kernel accepts contributions from a huge team of programmers via a programming repository called Git. Torvalds, until he took his break, was in charge of reviewing every piece of code submitted for consideration as part of the kernel. And Torvalds was a harsh reviewer.

      [...]

      There’s a popular story about Steve Jobs that illustrates this pretty well. The story goes that, during the design process for the iPod, Jobs complained to engineers that the prototype was too large. When the engineers replied that it couldn’t be made any smaller, Jobs irritably dropped the prototype into a fish tank. The Apple founder then pointed out the bubbles that came out as proof the device had empty space in it and reiterated his command: make it smaller.

    • Linux Foundation
      • Open Source Blockchain Project Hyperledger Adds 14 New Members, Including FedEx and Honeywell

        Hyperledger is an open-source platform that promotes cross-industry blockchain growth and adoption. On Sept. 26, the collaborative platform added 14 new members to its growing community. The total number of members who have joined is now over 270, who work together to create open-source distributed ledger frameworks and tools.

      • FedEx joins open source blockchain initiative

        The blockchain “collaborative” added 14 new members to its more than 250 existing members, including Honeywell International. Existing members include Accenture, Airbus, Daimler, IBM and SAP.

        It’s yet unclear what FedEx is looking to do with Hyperledger’s technology, but the company has said in the past it is conducting blockchain pilots, and the possibilities of blockchain technology in the supply chain are at this point well-recognized by its major players.

      • Linux Foundation drives VNF migration to cloud-native functions

        The Linux Foundation is stoking the fire to spur an evolution from virtual network functions to so-called cloud-native network functions.

        In one of several announcements during the Open Networking Summit in Amsterdam this week, The Linux Foundation said it is working with the Cloud Native Computing Foundation to better support this virtual network function (VNF) migration to cloud-native network functions. One example the foundation cited was running network functions on Kubernetes container instances.

      • Thirty-Eight New Organizations Join The Linux Foundation in August
      • Thirty-Eight New Organizations Join The Linux Foundation in August

        The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the addition of 31 Silver members and 7 Associate members in the month of August. Linux Foundation members help support development of the shared technology resources, while accelerating their own innovation through open source leadership and participation. Linux Foundation member contributions help provide the infrastructure and resources that enable the world’s largest open collaboration communities.

      • Blockchain Interoperability Wanchain Joins Hyperledger

        Blockchain interoperability company Wanchain has joined Hyperledger’s platform with the aim of creating modern cross-industry blockchain technology that will run on Linux, the company said in a statement.

      • Open-Source Club: Monero Dodges Yet Another Attack With Community’s Help

        This week, the developers of Monero (XMR) patched a bug that could allow an attacker to ‘burn’ the funds of an organization’s wallet. The breach was initially revealed by a community member, and XMR developers were quick enough to fix it before any damage was done.

    • Graphics Stack
      • There’s A New Libre GPU Effort Building On RISC-V, Rust, LLVM & Vulkan

        Over the past decade and a half of covering the Linux graphics scene, there have been many attempts at providing a fully open-source GPU (or even just display adapter) down to the hardware level, but none of them have really panned out from Project VGA to other FPGA designs. There’s a new very ambitious project trying to create a “libre 3D GPU” built atop RISC-V, leveraging Rust and LLVM on the software side, and would also support Vulkan.

        Luke Kenneth Casson Leighton, the open hardware engineer behind the EOMA68 project, is pursuing an open-source GPU project and is reported to have access to $250k USD in funding to make it happen.

      • Tegra194 “Xavier” Display Support Hits DRM-Next For Linux 4.20~5.0

        Just last week a NVIDIA engineer sent out the initial Tegra194/Xavier SoC display enablement code for the Linux kernel’s Tegra Direct Rendering Manager bits. Those patches have now been queued in DRM-Next for introduction in the next kernel release.

        This enablement work is for getting the Tegra DRM display code working with this latest-generation Tegra SoC. But it isn’t about enabling the Volta GPU support for the 3D acceleration that would come with the Nouveau code.

      • Collabora’s Erik Faye-Lund Outlines The New “Zink” OpenGL-on-Vulkan Gallium3D Effort

        Not to be confused with the also new Zinc crypto code working its way to the mainline kernel as part of WireGuard, Zink is a new effort led by a developer at Collabora for implementing OpenGL on top of Vulkan drivers via Gallium3D.

        Zink is the project we noted earlier this week about getting OpenGL-on-Vulkan using Gallium3D as one of the interesting approaches compared to the other OpenGL over Vulkan projects we’ve seen in months past. Erik Faye-Lund of Collabora briefly talked about this new initiative during a lightning talk as XDC 2018 wraps up in Spain.

      • Vega 20 Compute Driver Support, Picasso DPG Added To Linux 4.20~5.0 Queue

        The red driver team has submitted their presumably last feature pull request to DRM-Next ahead of the Linux 4.20~5.0 kernel cycle. This pull does include some of the recently covered notable additions to the AMDGPU DRM driver.

        This latest pull request builds off the exciting work that’s already been queued in prior weeks for this next kernel version. New additions include VCN dynamic power gating (DPG) support for yet-to-be-out AMD Picasso APUs, clean-ups to the DRM scheduler code, Vega 20 support within AMDKFD, and DC display code clean-ups and fixes.

      • Intel Working To Improve The Reset Experience During GPU Hangs

        Driven to improve the Chrome OS user-experience, Intel open-source developers have been working on improving their GPU reset behavior when encountering problems under 3D/multimedia workloads.

        Carlos Santa of Intel is presenting their latest work on a low-latency GPU engine-based reset mechanism. The current behavior is that the UI freezes followed by a black screen and system reboot, which can happen after unexpected GPU behavior after hours of usage.

      • Heterogeneous Memory Management Is Maturing, AMDGPU Support Coming

        For the past four years now we have been monitoring the development of Heterogeneous Memory Management (HMM) for allowing the mirroring of process address spaces and other functionality particularly designed around modern GPU compute needs but also applicable to other devices/drivers. The HMM kernel code was merged to mainline last year while haven’t seen much activity by the DRM drivers but that now seems to be changing.

        Red Hat’s Jerome Glisse who has been the mastermind behind of Heterogeneous Memory Management presented at this week’s X.Org Developers’ Conference (XDC2018) about this work. For those interested, the slides are now available here (PDF) that go over HMM.

      • A Nice Overview Of The ROCm Linux Compute Stack

        It’s easy to get confused by the Radeon GPU compute stack / OpenCL driver support as there has been multiple offerings over the years from the no longer supported Clover Gallium3D OpenCL driver to a still-maintained PAL-based OpenCL driver to their modern ROCm compute stack. When it comes to ROCm though, besides OpenCL there is also their HCC and HIP approaches and from there support for a variety of frameworks, libraries, etc. Here are some overviews of the current ROCm compute stack those interested.

    • Benchmarks
      • 12-Way Intel / AMD Integrated Graphics Linux Tests On Ubuntu 18.10

        Here is a fresh look at the current Linux OpenGL/Vulkan performance of various new and old Intel/AMD systems with integrated graphics using Ubuntu 18.10.

        With Ubuntu 18.10 around the corner, I’ve been carrying out some fresh benchmarks and do have a low-end Linux system benchmark comparison coming up soon. Today is looking at the graphics performance, which was benchmarked in the state it was a few days ago with the Linux 4.18 kernel, GNOME Shell 3.30.0, X.Org Server 1.20.1, and Mesa 18.1.5. Since then Mesa 18.2.1 was added to the archive, so unfortunately this particular article missed out on that upgrade, but the comparison is still very much relevant with not being many changes for the hardware covered by this comparison and the OpenGL/Vulkan software under test.

  • Applications
  • Desktop Environments/WMs
    • GNOME Desktop/GTK
      • gnome-software mini hackfest

        I am in London this week visiting Richard Hughes. We have been working out of his home office and giving some much needed love to GNOME Software.

  • Distributions
    • Netrunner Builds on KDE for a Unique Linux Spin

      Most every Linux distribution is based on another one. Many are based on Ubuntu or Debian, some are based on Fedora, while others are based on Arch Linux. And, even when a distribution offers different types of releases (stable vs. rolling, or various available desktops), they are generally based on the same base platform.

      Netrunner, however, takes a slightly different approach. If that name sounds slightly familiar, you might remember the Collectable Card Game from the 1990s that pitted two players against each other — one playing a corporation and one playing a hacker attempting to break into the corporation’s network. There is no indication that Blue Systems (the company supporting Netrunner) named the OS after the game, but it’s a great launching point for yet another Linux distribution.

    • Reviews
      • Summary of 5 XFCE Distros: Xubuntu, Mint, Fedora, Manjaro, Porteus

        I write this small review of GNU/Linux distros with XFCE User Interface to help you choose a suitable lightweight, free operating system for your computer. Especially, to empower your old PCs and laptops once again. I present here five distros for you: Xubuntu, Linux Mint XFCE Edition, Fedora Spin XFCE, Manjaro XFCE Edition, and Porteus XFCE. All are lightweight. By looking at my criteria below, like, 32-bit availability and how small the ISO size is, or what special features are available and how satisfying the support is, I hope you can choose one most suitable for you. Let’s revive our old machines and empower more our new ones with an XFCE distro!

    • OpenSUSE/SUSE
      • VIM, Xen, Git Packages Updated in This Week’s Tumbleweed Snapshots

        There were a total of four openSUSE Tumbleweed snapshots this week that updated packages like VIM, Xen, Git and ImageMagick.

        The latest snapshot, 20180925, updated three packages. All the packages updated in this snapshot were zero dot packages. The updated packages were obs-service-set_version 0.5.10, purple-carbons 0.1.6 and shotwell 0.30.0. The obs-service-set_version 0.5.10 version fixed a zip file crash associated with python. The version change regarding purple-carbons 0.1.6 was basically cleaning up the code. The shotwell 0.30.0 package updated translations and fixed random segfaults in GNOME settings.

        The 20180924 snapshot updated a little more than a handful of packages. Among the package updates were hdf5’s jump from version 1.10.1 to 1.10.3. The HDF5 package is a high performance data software library and file format to manage, process, and store heterogeneous data. The version added a few patches and had an upstream fix that dropped a warning patch. The text-mode web browser links 2.17 package had multiple changes. Among some of the most important fixes for the package was verifying SSL certificates for numeric IPv6 addresses and fixing an infinite loop that happened in graphics mode if the user clicked on OK in the “Miscellaneous options” dialog when more than one window was open. The nano 3.1 version fixed a fix a misbinding of ^H that had an effect with some terminals on certain systems. Three rubygem packages were also updated in the snapshot. The packages were rubygem-marcel 0.3.3, rubygem-sass 3.6.0 and rubygem-uglifier 4.1.19.

      • Tor Browser for Android (Alpha) Now Available, Feral Interactive Announces Total War: THREE KINGDOMS Coming to Linux Spring 2019, Ubuntu 18.10 Cosmic Cuttlefish Final Beta Released, Four New openSUSE Tumbleweed Snapshots and More

        This week brought four new openSUSE Tumbleweed snapshots that update packages like vim, Xen, Git and ImageMagick.

    • Red Hat Family
    • Debian Family
      • Lucas Kanashiro: MicroDebConf Brasília 2018

        After I came back to my home city (Brasília) I felt the necessity to promote and help people to contribute to Debian, some old friends from my former university (Univesrity of Brasília) and the local comunnity (Debian Brasília) came up with the idea to run a Debian related event and I just thought: “That sounds amazing!”. We contacted the university to book a small auditorium there for an entire day. After that we started to think, how should we name the event? The Debian Day was more or less one month ago, someone speculated a MiniDebConf but I thought that it was going to be much smaller than regular MiniDebConfs. So we decided to use a term that we used sometime ago here in Brasília, we called MicroDebConf

        MicroDebConf Brasília 2018 took place at Gama campus of University of Brasília on September 8th. It was amazing, we gathered a lot of students from university and some high schools, and some free software enthisiastics too. We had 44 attendees in total, we did not expect all these people in the begining! During the day we presented to them what is Debian Project and the many different ways to contribute to it.

        Since our focus was newcommers we started from the begining explaining how to use Debian properly, how to interact with the community and how to contribute. We also introduced them to some other subjects such as management of PGP keys, network setup with Debian and some topics about Linux kernel contributions. As you probably know, students are never satisfied, sometimes the talks are too easy and basic and other times are too hard and complex to follow. Then we decided to balance the talks level, we started from Debian basics and went over details of Linux kernel implementation. Their feedback was positive, so I think that we should do it again, atract students is always a challenge.

        In the end of the day we had some discussions regarding what should we do to grow our local community? We want more local people actually contributing to free software projects and specially Debian. A lot of people were interested but some of them said that they need some guidance, the life of a newcommer is not so easy for now.

      • Derivatives
        • Canonical/Ubuntu
          • Ubuntu 18.10 “Cosmic Cuttlefish” Beta Released with GNOME 3.30 and Linux 4.18

            Canonical released today the beta version of the upcoming and highly-anticipated Ubuntu 18.10 “Cosmic Cuttlefish” operating system for public beta testers and early adopters.

            Dubbed Cosmic Cuttlefish, Ubuntu 18.10 is the first release of the world’s most popular GNU/Linux distribution to drop the alpha builds from its development cycle and opt only for a single beta release. The beta is now available for public testing and it’s the first and only development milestone for the Ubuntu 18.10 release.

            Ubuntu 18.10 beta is packed with some of the most recent GNU/Linux technologies and Open Source software. It’s powered by the latest Linux 4.18 kernel series, uses the GNOME 3.30 desktop environment, and ships with an up-to-date graphics stack based on Mesa 18.2.1. It also includes Firefox 62.0 and LibreOffice 6.1.

          • Ubuntu 18.10 “Cosmic Cuttlefish” Beta Released: Download All Flavors Here

            After the April release of Ubuntu 18.04 LTS, the Canonical development team has announced the final beta of Ubuntu 18.10 Desktop, Server, and Cloud editions.

            Ubuntu 18.10 was codenamed Cosmic Cuttlefish — a name that doesn’t need any explanation — by Canonical founder Mark Shuttleworth. A highlight point of this beta release is that it’s the final and only beta scheduled for the 18.10 cycle.

          • Cuddle up with Ubuntu Linux 18.10 Cosmic Cuttlefish Beta now!

            Just yesterday, we shared with you the official Ubuntu Linux 18.10 Cosmic Cuttlefish wallpaper. And yeah, while it looks cool, it’s not as exciting as, say, a Beta release of the upcoming operating system. Today, that is exactly what we get.

            If you like to run pre-release Linux-based operating systems for fun — which I do — you can download the ISO immediately. With Ubuntu, these late-stage Beta releases are usually very stable. After all, the final version will drop next month. So while you should install it at your own risk, I would say you are probably safe with it.

          • Canonical releases Ubuntu 18.10 ‘Cosmic Cuttlefish’ beta ISOs

            Canonical has announced the availability of the Ubuntu 18.10 ‘Cosmic Cuttlefish’ beta ISOs. The firm has announced the availability of the beta for Ubuntu Desktop, Server, and Cloud as well as Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu.

            Anyone that wants to test out the beta releases should know that they are “reasonably free” of showstopper or installer bugs and represent the features and software that should be included in the final release that is expected on October 18th. Of course, if you do encounter any bugs you should report these to Canonical so that they can be fixed.

          • Following Mir 1.0, Developers Encouraged To Target Wayland Instead Of Mir Client API

            Last week Canonical developers released Mir 1.0 for the “next-generation of graphical solutions” particularly for IoT device makers. Mir lead developer Alan Griffiths published a bit of a redux today now with the 1.0 release out the door.

          • Announcing the Ubuntu 18.10 Free Culture Showcase winners

            October approaches, and Ubuntu marches steadly along the road from one LTS to another. Ubuntu 18.10 is another step in Ubuntu’s future. And now it’s time to unveil a small part of that change: the community wallpapers to be included in Ubuntu 18.10!

            Every cycle, talented artists around the world create media and release it under licenses that encourage sharing and adaptation. This cycle we had some amazing images submitted to the Ubuntu 18.10 Free Culture Showcase photo pool on Flickr, where all eligible submissions can be found. The competition was fierce; narrowing down the options to the final selections was painful!

          • Flavours and Variants
            • Ubuntu Studio 18.10 (Cosmic Cuttlefish) Beta released

              While this beta is reasonably free of any showstopper CD build or installer bugs, you may find some bugs within. This image is, however, reasonably representative of what you will find when Ubuntu Studio 18.10 is released on October 18, 2018.

              In terms of new features, Ubuntu Studio 18.10 will include the latest release of Ubuntu Studio Controls which will configure the JACK Audio Connection Kit to automatically detect and add hot-plugged USB audio devices as well as allow one to use multiple audio devices simultaneously. This is done independently of QJackCtl and is the first graphical tool to create such a configuration for the user out-of-the-box, making it a unique feature for Ubuntu Studio among operating systems for audio production. Another feature of Ubuntu Studio Controls is its ability to set the CPU governor to “Performance” for performance-heavy tasks such as audio production or to “Ondemand” for default CPU performance to save energy.

            • Kubuntu Cosmic Cuttlefish (18.10) Beta Released

              The beta of the Cosmic Cuttlefish (to become 18.10) has now been released, and is available for download at http://cdimage.ubuntu.com/kubuntu/releases/18.10/beta/

              This milestone features images for Kubuntu and other Ubuntu flavours.

            • Ubuntu Budgie 18.10 Looks Like an Essential Upgrade

              Ubuntu Budgie 18.10 is released in October and it promises to be the best release yet.

              A raft of major improvements are touched on in the preview notes for Ubuntu Budgie 18.10, which spread its wings alongside the regular Ubuntu 18.10 beta on September 27.

              Stock Ubuntu 18.10 might be little sparse on visible changes (sans its spiffy new theme of course) but there’s plenty of foliage to sift through over on Ubuntu Budgie’s branch…

  • Devices/Embedded
Free Software/Open Source
  • Haiku R1/beta1 has been released

    After nearly 6 years since R1/alpha4, Haiku R1/beta1 has been released. See “Release Notes” for the (lengthy) release notes, “Press contact”, for press inquiries … and “Get Haiku!” to skip all that and just download the release.

  • Haiku R1 Beta Released For Reliving The BeOS Experience As Open-Source

    The Haiku operating system after sixteen years in development and six years since their last alpha release, this BeOS-inspired open-source operating system has reached its beta milestone.

    Since the Alpha4 release has been countless improvements from better package management to greater hardware support, much better application support, improved media handling, EFI/GPT support, a new thread scheduler, countless new drivers, and frankly a hell of a lot of other improvements.

  • SD Times Open-Source Project of the Week: Snips NLU

    Natural language understanding is a form of natural language processing that enables machine reading comprehension. Common applications of this include AI assistants, chatbots, and voice assistants.

    “Behind every chatbot and voice assistant lies a common piece of technology: Natural Language Understanding (NLU). Anytime a user interacts with an AI using natural language, their words need to be translated into a machine-readable description of what they meant. Voice requires an additional step, which is to transcribe the voice of the user into the corresponding text, prior to running the NLU,” Joseph Dureau, CTO of Snips, wrote in a post.

  • Aqua’s Kube-Bench Wins 2018 InfoWorld Bossie Award for Best Open Source Software
  • Web Browsers
    • Chrome
    • Mozilla
      • Contributing to the European Commission’s review of digital competition

        Following on the heels of our submission to the U.S. Federal Trade Commission last month, we have submitted a written filing to the European Commission Directorate-General for Competition, as part of a public consultation in advance of the Commission’s forthcoming January 2019 conference on competition challenges in the digital era. In our filing, we focus on two specific, related issues: the difficulty of measuring competitive harm in a data-powered and massively vertically integrated digital ecosystem, and the role played by interoperability (in particular, through technical interfaces known as APIs) in powering the internet as we know it.

        Mozilla’s Internet Health Report 2018 explored concentration of power and centralization online through a spotlight article, “Too big tech?” The software and services offered by a few companies are entangled with virtually every part of our lives. These companies reached their market positions in part through massive innovation and investment, and they created extremely popular (and lucrative) user experiences. But we are headed today down a path of excessive centralisation and control, where someday the freedom to code and compete will be realised in full only for those who work for a few large corporations.

      • Hubs by Mozilla: Immersive Communication on Any Device

        Hubs by Mozilla lets people meet in a shared 360-environment using just their browser. Hubs works on any device from head-mounted displays like HTC Vive to 2D devices like laptops and mobile phones. Using WebVR, a JavaScript API, Mozilla is making virtual interactions with avatars accessible via Firefox and other browser that people use every day.

        In the course of building the first online social platform for VR and AR on the web, Mozilla wanted confirm it was building a platform that would bring people together and do so in a low-friction, safe, and scalable way. With her years of experience and seminal studies examining the successes and pitfalls of social VR systems across the ecosystem, Jessica Outlaw and Tyesha Snow of The Extended Mind, set out to generate insights about the user experience and deliver recommendations of how to improve the Hubs product.

      • Support Localization – Top 50 Sprint and More

        I hope you can still remember that last month we kicked off a “Top 20 Sprint” for several locales available on the Support site. You can read more about the reasons behind it here and the way it had been going here.

        In September, the goal has been extended to include a wider batch of articles that quality into the “Top 50” – that is, the 50 most popular Knowledge Base articles globally. You can see their list on this dashboard: https://support.mozilla.org/en-US/contributors/kb-overview

        I wanted to share with you the progress our community has made over the last weeks and call out those who have contributed towards Mozilla’s broader linguistic coverage of support content, making all the possible versions of Firefox easier to use for millions of international users.

      • The Developer Toolbar (or GCLI) is no longer in DevTools

        The DevTools GCLI has been removed from the Firefox codebase (bug), which roughly translates into 20k less lines of code to think about, and the associated tests which are not running anymore, so yay for saving both brain and automation power!

        We triaged all the existing bugs, and moved a bunch worth keeping to DevTools → Shared Components, to avoid losing track of them (they’re mostly about taking screenshots). Then the ever helpful Emma resolved the rest as incomplete, and moved the component to the DevTools Graveyard in Bugzilla, to avoid people filing bugs about code that does not exist anymore.

        During this removal process we’ve heard from some of you that you miss certain features from GCLI, and we’ve taken note, and will aim to bring them back when time and resourcing allow. In the meantime, thank you for your feedback! It helps us better understand how you use the tools.

  • Pseudo-Open Source (Openwashing)
  • BSD
  • FSF/FSFE/GNU/SFLC
    • Happy 35th Birthday GNU!

      The GNU project was officially announced on 27 September 1983 by Richard Stallman. Thirty-five years of a project that has now become the fundamental building block of everything we use and see in technology in 2018. I would not be wrong to say that there isn’t a single proprietary piece of software that anyone is still using from 35 years ago – please post comments if there is something still being used.

      There is only one reason for this longevity: the GNU project was built upon the premise that the code is available to anyone, anywhere with the only restriction that whatever is done to the code, it shall always be available to anyone, forever. Richard Stallman’s genius in crafting the copyleft license is the GNU General Public License is probably the best hack of the 20th century software industry.

  • Public Services/Government
    • The rise of open source use across state and local government

      It’s important to distinguish between “Open Source,” “Free and Open Source (F/OSS)” and “Enterprise Open Source” solutions.

      Open source is a term used to denote software for which the original source code is made freely available and may be redistributed and modified. Additionally, it often consists of a broad community of contributors participating in a collaborative development process, resulting in greater innovation, improved capabilities, and increased interoperability due to the openness of the architecture and interfaces.

  • Programming/Development
    • Nuitka 0.60 released

      Nuitka is a compiler for the Python 2.7 and 3.7 languages…

    • Nuitka Release 0.6.0

      This is to inform you about the new stable release of Nuitka. It is the extremely compatible Python compiler. Please see the page “What is Nuitka?” for an overview.

      This release adds massive improvements for optimization and a couple of bug fixes.

      It also indicates reaching the mile stone of doing actual type inference, even if only very limited.

      And with the new version numbers, lots of UI changes go along. The options to control recursion into modules have all been renamed, some now have different defaults, and finally the filenames output have changed.

    • py3status v3.13

      I am once again lagging behind the release blog posts but this one is an important one.

      I’m proud to announce that our long time contributor @lasers has become an official collaborator of the py3status project!

    • Software disenchantment

      So I want to call it out: where we are today is bullshit. As engineers, we can, and should, and will do better. We can have better tools, we can build better apps, faster, more predictable, more reliable, using fewer resources (orders of magnitude fewer!). We need to understand deeply what are we doing and why. We need to deliver: reliably, predictably, with topmost quality. We can—and should–take pride in our work. Not just “given what we had…”—no buts!

    • The relative performance of C and Rust

      So take all of this as disclaimer: I am not trying to draw large conclusions about “C vs. Rust” here. To the contrary, I think that it is a reasonable assumption that, for any task, a lower-level language can always be made to outperform a higher-level one. But with that said, a pesky fact remains: I reimplemented a body of C software in Rust, and it performed better for the same task; what’s going on? And is there anything broader we can say about these results?

Leftovers
  • Science
    • DNA islands effective as ‘anti-bacterial drones’

      Genomic “islands” that evolved from viruses can be converted into “drones” that disable Staphylococcus aureus, bacteria that are often resistant to antibiotics and pose a threat to safe hospital care, a new study finds.

      Conducted by researchers from NYU School of Medicine and published online in the journal Nature Biotechnology on September 24, the study found that a certain type of bacterial DNA can be engineered to replace disease-causing genes with ones that kill or cripple bacteria.

      The type of DNA featured in the study, a “pathogenicity island,” evolved from viruses that stayed permanently in the bacteria they infected to become a part of their genetic system. The result is a hybrid entity that contains useful genes passed on by the bacteria when they reproduce, but that is also in some cases cut out of the bacterial superstructure, and packaged like a virus in a protein shell (capsid) that can inject its DNA into other bacterial cells.

  • Health/Nutrition
    • What next for marijuana use in SA after landmark court ruling

      There is much more work to be done to design a humane and rational system to regulate cannabis.

    • UN High-Level Meeting On Noncommunicable Diseases: A Call To Action

      The political declaration includes commitments to reduce NCD mortality by one third by 2030, and to scale-up funding and multi-stakeholder responses to treat and prevent NCDs.

      Amina J. Mohammed, deputy secretary-general of the UN, explained in the opening plenary that “NCDs are responsible for 70% of deaths globally,” and that “these include mental health conditions.” The rise of NCDs, she said, can also be linked “with globalization, climate change, and urbanization.”

      “With just under 12 years left to meet our targets and deliver on Sustainable Development Goals,” Mohammed said that the world will need bold commitment, innovation, policies and plans for implementation, and collaboration to overcome barriers.

      Mohammed urged heads of state and ministers “to seize the moment and ensure that NCDs are embedded in health systems, and to move toward universal health coverage.”

      [...]

      On the declaration, health advocacy group Knowledge Ecology International said in an 18 September press release that while the declaration does affirm the rights of states to use intellectual property flexibilities to safeguard public health, “there are areas where the declaration is a disappointment,” including no mention that NCD drugs are “prohibitively high,” only a brief mention to the “risks associated with conflicts of interest” in multi-stakeholder partnerships, and a reference to mobilization of resources only “through the lens of voluntary mechanisms.”

  • Security
    • Security updates for Friday
    • Defcon Voting Village report shows that hacking voting machines takes less time than voting

      Whether it’s showing that “secure” firmware can be dumped with a $15 electronic component or that voting systems can be hacked in minutes, the Voting Village researchers do yeoman duty, compiling comprehensive reports on the dismal state of America’s voting machines, nearly 20 years after Bush v Gore put the country on notice about the defective systems behind our elections.

    • Election Security Remains Just as Vulnerable as in 2016

      The ability to vote for local, state, and federal representatives is the cornerstone of democracy in America. With mid-term congressional elections looming in early November, many voices have raised concerns that the voting infrastructure used by states across the Union might be suspect, unreliable, or potentially vulnerable to attacks. As Congress considers measures critical to consumer rights and the functioning of technology (net neutrality, data privacy, biometric identification, and surveillance), ensuring the integrity of elections has emerged as a matter of crucial importance.

      With mid-term elections in just two months, Secretaries of State should be pressed to do their jobs and increase security before voters cast their ballots.

      On the one hand, the right to vote may not be guaranteed for many people across the country. Historically, access to the ballot has been hard fought, from the Revolution and the Civil War to the movement for civil rights that compelled the Voting Rights Act (VRA). But recent restrictions on voting rights that have proliferated since the Supreme Court struck down the VRA’s pre-clearance provisions in 2013. Coupled with procedural impediments to voting, unresolved problems continue to plague the security of the technology that many voting precincts use in elections. With mid-term elections in just two months, Secretaries of State should be pressed to do their jobs and increase security before voters cast their ballots.

    • Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild

      Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe.

      Dubbed LoJax, the UEFI rootkit is part of a malware campaign conducted by the infamous Sednit group, also known as APT28, Fancy Bear, Strontium, and Sofacy, to target several government organizations in the Balkans as well as in Central and Eastern Europe.

    • First-ever UEFI Rootkit Spotted in the Wild

      UEFI is an overly complex replacement for BIOS, and is often conflated with one of its payloads, Restricted Boot aka Secure Boot.

    • Did You Get Logged Out of Facebook? It’s Because 50 Million People Got Hacked
    • Facebook Hacked [sic], 50 Million Users Affected

      “The vulnerability itself was the result of three distinct bugs and was introduced in July 2017,” Rosen told reporters in a press call. “It’s important to say—the attackers could use the account as if they were the account holder.”

    • Facebook confirms major security breach affecting 50 million users

      And it waited until 6 pm on Friday to tell everyone about it

    • The Facebook Security Meltdown Exposes Way More Sites Than Facebook
    • Facebook Says Breach Affected About 50 Million Accounts

      There was a loophole in Facebook’s code for a feature called “View As” that let people see what their account looks like to someone else. The vulnerability allowed hackers [sic] to steal access tokens — digital keys that keep people logged into Facebook so they don’t need to re-enter passwords. Once logged in, the attackers could take control.

    • Facebook says nearly 50m users compromised in huge security breach

      Articles about the data breach by the Guardian and the Associated Press were temporarily flagged as spam on Facebook, preventing users from sharing news of the attack on their profiles. The company attributed the error to its “automated systems” and apologized, but did not provide further explanation.

    • Everything We Know About Facebook’s Massive Security Breach

      Facebook has yet to identify the hackers [sic], or where they may have originated. “We may never know,” Guy Rosen, Facebook’s vice president of product, said on a call with reporters Friday. The company is now working with the Federal Bureau of Investigations to identify the attackers. A Taiwanese hacker named Chang Chi-yuan had earlier this week promised to live-stream the deletion of Mark Zuckerberg’s Facebook account, but Rosen said Facebook was “not aware that that person was related to this attack.”

    • Facebook is Using Your Phone Number to Target Ads and You Can’t Stop It

      Tech publications are screaming today that giving Facebook your phone number for 2FA allows them to target you for ads. But this misses a bigger point: Facebook is using your phone number to target ads whether you give it to them willingly or not.

      In fact, the problem gets much worse. Researchers have been able to prove that Facebook allows personally identifiable information, like your phone number, to be used to target you based on shadow profiles of information that they build—profiles that you cannot see and have no control over.

    • Facebook’s been caught using their customers’ 2FA information to spam them with text ads

      Just when you thought that Facebook couldn’t get any more greasy, they have outdone themselves in a manner that places them well beyond even the most succulent of French Chef finger-kisses: the phone numbers that many folks gave them in order to activate the service’s two-factor authentication protection? Zuckerberg and his crew are using it to serve up advertisements to unsuspecting users.

    • Yes Facebook is using your 2FA phone number to target you with ads

      Facebook has confirmed it does in fact use phone numbers that users provided it for security purposes to also target them with ads.

      Specifically a phone number handed over for two factor authentication (2FA) — a security technique that adds a second layer of authentication to help keep accounts secure.

    • Hacker [sic] to Live-Stream Attack on Zuckerberg’s Facebook Page

      Self-professed bug bounty-hunter Chang Chi-yuan, who ferrets out software flaws in return for cash, says he’ll live-stream an endeavor to delete the billionaire’s account at 6 p.m. local time from his own Facebook page. He didn’t get into details or respond to an online query.

    • Hacker “Cancels” Plan To Live Stream Attack To Delete Mark Zuckerberg’s Facebook Page

      Update: The Taiwanese hacker has suspended his plans to attack Mark Zuckerberg’s Facebook page and make attempts to delete it. “I am canceling my live feed, I have reported the bug to Facebook and I will show proof when I get bounty from Facebook, to delete it,” he said on his page.

    • Defcon Voting Village report: bug in one system could “flip Electoral College”

      Today, six prominent information-security experts who took part in DEF CON’s Voting Village in Las Vegas last month issued a report on vulnerabilities they had discovered in voting equipment and related computer systems. One vulnerability they discovered—in a high-speed vote-tabulating system used to count votes for entire counties in 23 states—could allow an attacker to remotely hijack the system over a network and alter the vote count, changing results for large blocks of voters. “Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election,” the authors of the report warned.

    • NSA Tools Used to Unleash Crypto Mining Malware by Hackers [Ed: More suitable headline would be, "Microsoft back doors Used to Unleash Crypto Mining Malware by Hackers"]

      Hackers are now using software developed by the US National Security Agency (NSA) to illicitly mine cryptocurrencies. According to a recent report released by the Cyber Threat Alliance (CTA), compiled by a collective of cyber-security experts from McAfee, Cisco Talos, NTT Security, Rapid7 and Sophos, among others, crypto mining malware detections have jumped to over 400 percent within the past one and a half years.

      Malicious actors are hijacking computer processor resources via internet network infrastructure intrusions, and computer hacks, among other means. One of the more worrying trends is the use of an NSA exploit leaked early last year by Shadow Brokers dubbed EternalBlue.

    • Facebook Data Breach Affects At Least 50 Million Users

      If you found yourself logged out of Facebook this morning, you were in good company. Facebook forced more than 90 million Facebook users to log out and back into their accounts Friday morning in response to a massive data breach.

      According to Facebook’s announcement, it detected earlier this week that attackers had hacked a feature of Facebook that could allow them to take over at least 50 million user accounts. At this point, information is scant: Facebook does not know who’s behind the attacks or where they are from, and the estimate of compromised accounts could rise as the company’s investigation continues. It is also unclear the extent to which user data was accessed and accounts misused.

      What is clear is that the attack—like many security exploits—took advantage of the interaction of several parts of Facebook’s code. At the center of this is the “View As” feature, which you can use to see how your profile appears to another user or to the public. (Facebook has temporarily disabled the feature as a precaution while it investigates further.) Facebook tracked this hack to a change it made to its video uploading feature over a year ago in July 2017, and how that change affected View As.

    • Cybersecurity Research Shows Risks Continue to Rise [Ed: Sean Michael Kerner says that cybersecurity market will grow, according to the cybersecurity market]
    • Oracle Improves Security, Performance in Java 11
    • Another Linux Kernel Bug Surfaces, Allowing Root Access [Ed: Far less severe than back doors like Microsoft Windows back doors, which can be remotely exploited without even a local account on the target machine]

      A high-severity cache invalidation bug in the Linux kernel has been uncovered, which could allow an attacker to gain root privileges on the targeted system.

    • Not allowed to code? Really?

      Lots of interesting, but not surprising, information is being made public about the Singhealth data breach.

      The Commitee of Inquiry has been told that there was an IHIS employee who found a bug in the Allscripts “Sunrise Clinic Manager” EMR in 2014 who then made the loophole known to a rival of Allscripts, Epic Systems Corporation. Both of these vendors products are closed, proprietary and, IMHO, unnecessarily and excessively expensive products.

      [...]

      If a bug is reported – whether it is a “the button is of the wrong shape” or “this option dumps out the entire database”, assuming that proprietary vendors have a bug reporting process – nope, they don’t – then things can be moved along without too much excitement. All software have bugs. If a vendor (open or closed) does not offer a way to report bugs, you have to demand that there is a way to do it. Red Hat has both bugzilla.redhat.com and access.redhat.com to submit bug reports on all of the open source projects and open source products (go here for an understanding of the differences between open source projects and an open source products) that Red Hat is involved in and makes available to paying customers (access.redhat.com).

      Maybe there is a some place at Allscripts and at Epic Systems that one can file bug reports, but it is not immediately evident.

  • Defence/Aggression
    • US Airstrike Kills 18 in Southern Somalia

      In general, the claims of self defense are made as a legal justification for US airstrikes in countries like Somalia, as opposed to providing a positive identification of an enemy.

    • New WikiLeaks Release Exposes Corruption in UAE Arms Deal Fueling War on Yemen

      The transparency organization WikiLeaks just released a new document that sheds light on the corruption behind a lucrative French/German arms deal with the United Arab Emirates (UAE), weapons that are currently being used to wage a disastrous and genocidal war against the people of Yemen.

      The document details a court case from the International Chamber of Commerce (ICC) International Court of Arbitration regarding a dispute over a “commission payment” made to Abbas Ibrahim Yousef Al-Yousef, an Emirati businessman, as part of a $3.6 billion arms deal between France’s state-owned weapons company Nexter Systems (then GIAT Industries SA) and the UAE. Per the deal, which was signed in 1993 and set to conclude in 2008, the UAE purchased 388 Leclerc combat tanks, 46 armored vehicles, 2 training tanks, and spare parts, as well as ammunition.

      Those weapons have been an important part of the UAE and Saudi coalition’s war in Yemen since it began in 2015. The war has killed over ten thousand civilians, largely the result of the Saudi/UAE bombing campaign, which has targeted and crippled the country’s civilian infrastructure. The result of those bombings, as well as of the UAE/Saudi blockade of Yemen, has been over 17 million people near starvation – including 5.2 million children – and preventable disease epidemics that have claimed tens of thousands of additional lives.

  • Transparency/Investigative Reporting
    • 27th Annual Pioneer Awards

      The keynote speaker for this year’s awards will be one of Barlow’s many friends, Daniel Ellsberg. Ellsberg is known for his years of work advocating for government transparency, including his efforts towards releasing the Pentagon Papers. Ellsberg and Barlow also co-founded the Freedom of the Press Foundation. You’d be remiss to miss this, if you’ll be in town!

    • With his internet cut off, Julian Assange steps down as editor of WikiLeaks

      Assange created the organization in 2006 and has served as its editor-in-chief ever since. Hrafnsson, an Icelandic journalist, will take over, though he’s not new to leadership at WikiLeaks. In the past, Hrafnsson has “overseen certain legal projects for WikiLeaks” and it is believed that Assange has had less of a day to day role in its operations over time. Assange will remain involved as the organization’s publisher.

      Assange remains holed up in London’s Ecuadorian embassy after first seeking refuge there in 2012 in order to avoid extradition to Sweden over sexual assault allegations. Six months ago, the Ecuadorian government took actions that isolated Assange, cutting off his internet access and disallowing him from seeing visitors.

    • Correction: Ecuador-UK-Assange story

      In a story Sept. 26 about Ecuadorian President Lenin Moreno’s views about Wikileaks founder Julian Assange, The Associated Press reported erroneously that Assange over the past two years had continued to hack the accounts of politicians around the world. It should’ve said Assange had published material from hacked politicians’ accounts.

    • Julian Assange Quits As The Editor Of Wikileaks: Here’s Why

      Assange will continue as a publisher at Wikileaks and has handed over his responsibilities to Kristinn Hrafnsson, who is an Icelandic journalist and has worked as WikiLeaks’ spokesperson between 2010 and 2016.

      Assange has been given refuge at Ecuador’s embassy from where he was carrying forward his task of publishing secret information including stolen emails from Hillary Clinton’s campaign chairman on WikiLeaks.

  • Environment/Energy/Wildlife/Nature
    • “Jobs Alliance,” Funded by Trump Backer, Tries to Block Gas Plants That Would Bring Jobs to West Virginia

      The legal action, it turns out, was funded by Murray Energy Corp., one of the nation’s largest coal producers, one of the group’s leaders testified in a deposition in the case. Murray Energy’s founder and CEO is Robert E. Murray, who is among the nation’s best-known advocates for reviving the coal industry and cutting regulations related to it.

      The OVJA also is seeking to stop two other natural gas power plants proposed for West Virginia, and Murray Energy has acknowledged paying “certain legal fees” for the group. Like the Moundsville plant, the facilities proposed for Harrison and Brooke counties would provide hundreds of construction jobs for several years and then about 30 permanent positions. All told, the three plants would cost more than $2 billion to build.

      Power plants need several kinds of government permits, and the jobs alliance has focused its legal attacks on air-pollution permits issued by the West Virginia Department of Environmental Protection and utility “certificates of need” permits handled by the state Public Service Commission.

      Testimony in the power plant cases before both agencies doesn’t reveal details about Murray Energy’s funding for the OVJA lawyers, and current financial records for the alliance aren’t publicly available.

  • Finance
    • Russia’s Central Bank Revealed Crypto Related Ponzi Scheme

      A group of Russian and foreign companies operating under the name of Cashberry enjoyed spectacular success, but the Central Bank of the Russian Federation found it to be a classic Ponzi scheme that attracted thousands, the Russian media outlet Interfax reports.

      Cashberry’s business is based on multilevel marketing, which implies that those who come later pay dividends to their predecessors. They pose themselves as a P2P investment platform where lenders and borrowers find each other. Cashberry used aggressive marketing techniques, including pushy advertising in mass media and social media, offering highly profitable investments with guaranteed returns in rubles and cryptocurrencies.

    • 35-Year-Old Unknown Creates the World’s Most Valuable Startup

      “The most important thing is that we are not a news business. We are more like a search business or a social media platform,” Zhang said in a 2017 interview, adding that he employs no editors or reporters. “We are doing very innovative work. We are not a copycat of a U.S. company, both in product and technology.”

      What’s remarkable is Zhang was able to do it all without taking money from the twin suns of China’s internet: Alibaba Group Holding Ltd. and Tencent. It’s the first startup to emerge from the dwindling cohort of mobile players that hasn’t sought protection or funds from either of the two. In fact, it’s often locked horns with them, in court and elsewhere.

    • Crypto’s Open Secret: Its Multibillion-Dollar Volume Is Suspect

      Four months ago, BitForex was just one of many obscure exchanges offering users the ability to trade cryptocurrencies like Bitcoin.

      Today, the Singapore-based platform is regularly reporting daily transactions that exceed $5 billion — nearly matching turnover on London’s 217-year-old stock exchange.

    • Tesla CEO Elon Musk Charged For Fraud By The SEC

      Elon Musk, CEO of Tesla, has been charged for fraud by the U.S. Securities and Exchange Commission over his tweets that falsely claimed of taking the company private. These tweets allegedly hurt Tesla investors and also disrupted the market.

      The company is also expected to be sued, but Tesla has not been named as a defendant in the complaint. The SEC says that Musk made a series of “false and misleading statements” in his tweets about taking the company private.

    • Supreme Court to Decide Whether States Can Impose Excessive Fines on the Poor

      The Eighth Amendment protects people from the devastation caused by state and local fines they can’t reasonably pay.

      When it reconvenes this fall, the Supreme Court will decide whether the Eighth Amendment of the U.S. Constitution can help stop state and local authorities from using people who come in contact with the justice system as their piggy banks. The case has ramifications for communities across the country, finally settling a question about whether the Constitution’s prohibition on excessive financial penalties only applies to the federal government or to all public authorities.

      The court will hear Timbs v. Indiana, which shines a light on the government practice of squeezing low-income communities for money they do not have through asset forfeiture. State and local asset forfeitures, along with steep court fines and fees, have exploded over the past three decades, burying people — especially poor and low-income people — under mountains of accumulating debt.

      Earlier this month, the ACLU submitted a friend-of-the-court brief to the U.S. Supreme Court in Timbs, arguing that the Eighth Amendment’s Excessive Fines Clause protects people from exorbitant financial penalties driven by state and local authorities’ quest to generate revenue.

  • AstroTurf/Lobbying/Politics
  • Censorship/Free Speech
    • Digibyte (DGB) – Jared is right about censorship and the need for blockchain technology

      While Alex Jones may not be the best example in pushing for decentralization due to his controversial nature, Jared is right on the need for a censorship free society. That’s because while it could be well intended, entities tasked with such censorship could end up overstepping their boundaries, and that could be a risk to society.

    • Curator João Ribas Resigned Over the Censorship of His Robert Mapplethorpe Show, But the Museum Says It Didn’t Change Anything

      After just eight months on the job, João Ribas has stepped down from his post as artistic director of the Serralves Museum of Contemporary Art in Porto, Portugal, in response to the museum’s censorship of a Robert Mapplethorpe exhibition he initiated.

      The curator told the Portuguese daily newspaper Público that he was “no longer able to continue to lead the institution” after it had removed 20 works from the show “Robert Mapplethorpe: Pictures” and restricted access to certain parts of the exhibition for visitors aged 18 and under.

    • James Woods Is Correct That Twitter Shouldn’t Have Blocked His Account, But Still Hypocritical On Free Speech

      I think we’ve made our general feelings about James Woods perfectly clear. After all, he’s the guy who sued an anonymous Twitter user for a somewhat mild comeback that referenced cocaine usage (leaving aside that Woods himself had tweeted very similar hyperbolic tweets suggesting people he was arguing with were on crack). In the middle of that lawsuit, the (still) anonymous tweeter died, leading Woods to gloat about “winning” the case and about the guy’s death. Suffice it to say, Woods is — in our opinion — a terrible human being. Suing someone for being mildly critical of you is bad. Gloating over their death takes you up a few notches to being a horrible human being.

      That said, when Woods’ own free speech is attacked via a similarly bogus defamation lawsuit over his own tweets, we didn’t support the plaintiff just because it was against Woods. We noted, instead, that we hoped he won the case — and he did.

      Now Woods is in another situation, where — somewhat incredibly — he’s trying to make himself out as a free speech warrior. It seems that Twitter suspended his access to his account because of a meme he had tweeted. It was what appeared to be a fairly obvious satirical fake meme urging men to stay home on election day to let women’s vote have more weight. Woods admitted that it was “not likely” to be real, but still noted “that there is a distinct possibility this could be real.” First of all, there was no such distinct possibility. Second of all… none of it makes any sense. The meme is completely nonsensical no matter what your views on these issues are.

    • Laws Targeting Israel Boycotts Fail Again in Court

      For the second time this year, a federal judge has ruled that anti-boycott laws likely violate the First Amendment.

      A new wave of state laws that try to limit Americans’ constitutional right to engage in political boycotts is now 0 for 2 in federal court.

      On Thursday night, a federal court blocked Arizona from enforcing a law requiring state contractors to certify that they are not participating in boycotts of Israel. The court agreed with the ACLU that the law likely violates contractors’ free speech rights under the First Amendment.

      “A restriction of one’s ability to participate in collective calls to oppose Israel unquestionably burdens the protected expression of companies wishing to engage in such a boycott,” U.S. District Court Judge Diane J. Humetewa wrote in her decision issuing a preliminary injunction against the law.

      This is the second federal court to consider this type of boycott ban, and they both came to the same conclusion. Earlier this year, the ACLU successfully blocked a remarkably similar law in Kansas. In that case, the court held that the First Amendment protects citizens’ right to “band together” and “express collectively their dissatisfaction with the injustice and violence they perceive, as experienced both by Palestinians and Israeli citizens.”

      We filed the Arizona lawsuit on behalf of Mikkel Jordahl, an attorney who has contracted with the state for the last 12 years to provide legal services on behalf of incarcerated individuals at the Coconino County Jail. Jordahl opposes Israel’s settlement expansion in Palestinian territories and what he considers Israel’s unwillingness to ensure the rights of Palestinians under its rule.

    • Washington Post Shows How Not to Talk About Free Speech

      The Washington Post has published a raft of commentary recently lamenting what its authors see as the decline of free speech, largely in response to the New Yorker canceling plans to interview Steve Bannon at its annual festival (FAIR.org, 9/7/18). The magazine had faced criticism for inviting Bannon, former chair of the white supremacist Breitbart News and once the chief strategist for President Donald Trump.

      The Post’s pieces suffer from dubious, superficial understandings of free speech, and function as attacks on the left that whitewash the far right.

      [....]

      If one takes a minimalist approach to free speech, centering on the First Amendment guarantee not to be jailed or otherwise harmed by the state for expressing one’s views, then it’s clear that such a right hasn’t been violated: The New Yorker abandoning plans to host Bannon doesn’t prevent him from thinking or believing anything.

      If one takes a more expansive definition of free speech, holding that the right is only meaningful when a person is allowed access to the (usually privately owned) means of delivering their words, there is still no convincing argument that his freedom is being violated here: As Zakaria himself noted, Bannon was recently showcased by the Economist (9/15/18) and the Financial Times (3/23/18), as well as on 60 Minutes (9/10/17) and CNN (6/1/18). It’s hard to portray Bannon as a free speech martyr based on his lack of access to mass media, since he has had more such access than all but a few people in the United States.

    • Everything Wrong In One Story: Data Silos, Privacy, And Algorithmic Blocking

      Facebook is probably not having a very good week concerning its privacy practices. Just days after it came out that — contrary to previous statements — the company was using phone numbers that were submitted to Facebook for two-factor-authentication as keys for advertising, earlier this morning the company admitted a pretty massive data breach in which its “view as” tool was allowing users to grab tokens of other users and effectively take over their accounts (even if those users had two factor authentication enabled).

      This is, as they say, “really, really bad.” It turned the “view as” feature — which lets you see how your own page looks to other users — into a “take over someone else’s account” feature. That’s a pretty big mistake to make for a product used by approximately half of the entire population of the planet. I’m sure there will be much more on this, but a few hours after the announcement, Facebook had another headache to deal with: numerous reports said that people trying to post articles about this new security mess from either the Guardian or the AP, were getting that action blocked, with Facebook’s systems saying that the action looked like spam…

      [...]

      Tragically, the powers that be are often looking at this the other way: trying to magically “force” big companies to “lock down” data, which actually only increases the value and demands on the silo, while expecting magic algorithms to protect the data. If we’re serious about protecting privacy, we need to start looking at very different solutions that don’t mean letting the giant internet companies control all this data all the time. Move it out to the ends of the network, let individuals control their own data stores (or partner with smaller third parties who can help with security) and then let those users choose when, how and where to allow the large platforms access to that data (if at all). There are better solutions, but there seems to be little interest in actually making them work.

    • Censorship by the mob

      For nearly 90 years, the Institute of Race Relations has stood for classical liberalism, which encompasses eight fundamental tenets.

    • Google Executive Declines to Say If China Censors Its Citizens
    • Ex-googler who quit Google on moral grounds writes to Senate about company’s “Unethical” China censorship plan
    • Former Google Scientist Asks Senators For Answers On China Censorship Search Project
    • BBC News on opening of ‘Hair’ as theatre censorship ended
    • Kuora: Censorship of American tech companies in China, and the question of reciprocity
    • Google confirms ‘Project Dragonfly’ for China
  • Privacy/Surveillance
    • Victory! Gov. Brown Signs Bill Adding Sensible Requirements for DNA Collection From Minors

      California’s kids now have common-sense protections against unwarranted DNA collection. Gov. Jerry Brown this week signed A.B. 1584, a new law requiring law enforcement to get either judicial approval or permission from both the minor and a parent, legal guardian, or attorney before collecting a DNA sample from the minor.

      EFF has supported the bill, introduced earlier this year by Assemblymember Lorena Gonzalez Fletcher, from the beginning. DNA can reveal an extraordinary amount of private information about a person, from familial relationships to medical history to predisposition for disease. Children should not be exposed to this kind of privacy invasion without strict guidelines and the advice and consent of a parent, legal guardian, or attorney. Kids need to have an adult present who represents their interests and can help them understand both their rights and the lifelong implications of handing one’s sensitive genetic material over to law enforcement.

      This law will make sure that happens.

    • Mobile Websites Can Tap Into Your Phone’s Sensors Without Asking

      When apps wants to access data from your smartphone’s motion or light sensors, they often make that capability clear. That keeps a fitness app, say, from counting your steps without your knowledge. But a team of researchers has discovered that the rules don’t apply to websites loaded in mobile browsers, which can often often access an array of device sensors without any notifications or permissions whatsoever.

    • Mobile Websites Can Access Your Smartphone’s Sensors Without Permission

      Your mobile has a swathe of sensors that are used for adjusting your phone’s orientation, movement, detecting IR light, and biometric authentication. While mobile apps require you to grant access if data has to be collected from your phone’s sensors, there are no such rules for mobile websites. And many popular websites are using it selfishly.

      As per a report from Wired.com, researchers from North Carolina State University, Princeton University, the University of Illinois at Urbana-Champaign and Northeastern University have uncovered that out of top 100,000 sites ranked according to Alexa Ranking, 3,695 websites have scrips running on their mobile websites that access your mobile’s sensors.

    • Study Shows Facebook’s Still Miles Away From Taking Privacy, Transparency Seriously

      If the entire Cambridge Analytica scandal didn’t make that clear enough, Facebook keeps doubling down on behaviors that highlight how security and privacy routinely play second fiddle to user data monetization. Like the VPN service Facebook pitches users as a privacy and security solution, but is actually used to track online user behavior when they wander away from Facebook to other platforms. Or that time Facebook implemented two-factor authentication, only to use your provided (and purportedly private) number to spam users (a problem Facebook stated was an inadvertent bug).

      This week, a new report highlighted how Facebook is letting advertisers market to Facebook users by using contact information collected in surprising ways that aren’t entirely clear to the end user, and, according to Facebook, aren’t supposed to work. That includes not only private two-factor authentication contact info users assume to be private, but data harvested from other users about you (like secondary e-mail addresses and phone numbers not directly provided to Facebook). The findings come via a new report (pdf) by Northeastern University’s Giridhari Venkatadri, Alan Mislove, and Piotr Sapiezynski and Princeton University’s Elena Lucherini.

      In it, the researchers highlight how much of the personally identifying information (PII) data collected by Facebook still isn’t really explained by Facebook outside of painfully generic statements.

    • Police consider drones to monitor badger cull protesters

      Police have warned badger cull protesters that they may use drones to try to keep order in the far south-west of England following heightened tensions between activists and officers.

      In an email to protesters seen by the Guardian, a Devon and Cornwall officer said the force would consider using drones “where intelligence dictates”.

      The force said it was considering drones because of a spike in crimes in some areas within cull zones but protesters insisted the move would not stop them from trying to prevent badgers being killed.

      The cull in England has been hugely expanded into 10 new areas, with up to 42,000 animals now due to be shot in an attempt to curb tuberculosis in cattle, up from 32,500 last year.

    • A court upholds but curbs India’s giant biometric ID system

      The court ruled with a majority of 4-1 that Aadhaar was constitutional and could remain obligatory for those wishing to receive public benefits or file taxes. Given that a majority of Indians do one or the other, that in effect makes participation mandatory. To throw out Aadhaar altogether, the court said, “will amount to throwing the baby out of hot water along with the water”.

      Yet the court also struck down sections in the law allowing the use of Aadhaar by private companies, giving critics cause for cheer. For months mobile operators and banks had been threatening to disconnect customers’ phones or close their accounts unless they provided their Aadhaar numbers. [...]

  • Civil Rights/Policing
    • Citizens’ group wants prosecution over CIA rendition program

      North Carolina state and local officials should prosecute participants in a CIA program that ferried terrorism suspects to secret sites where they were tortured, an advocacy group seeking to stir action over the former U.S. policy is demanding.

      Prosecution is one of dozens of recommendations to be released Thursday by the private, 11-member North Carolina Commission of Inquiry on Torture. The academics, lawyers, retired military officers and clergy who make up the self-appointed group held a public teach-in in Raleigh last year.

    • CIA Used Criminal Probe of US Airline for ‘Torture Flights’ – Commission

      A commission established by North Carolina to investigate that state’s role in a CIA torture campaign is urging authorities to launch a criminal probe of a state-based airline used to transport Muslim terror suspects, the American Civil Liberties Union (ACLU) said on Thursday.

      The ACLU press release summarized a report by the North Carolina Commission of Inquiry on Torture dubbed “Torture Flights,” which found that a company named Aero Contractors that was employed by the CIA used a state-owned airport as a base to fly terror suspects to US-run “black sites” around the world following the September 11, 2001 terrorist attacks.

    • Louisville students protest CIA Director Gina Haspel’s links to torture

      CIA Director Gina Haspel didn’t discuss her involvement with coercive interrogations of suspected terrorists during her speech Monday at the University of Louisville, but she couldn’t escape her past.

      While Haspel answered questions ranging from what’s your favorite book and what is your favorite type of bourbon, nearly a dozen students stood outside the Miller Information Technology Center with signs and chants branding her as a “war criminal.”

      Haspel spent decades working for the CIA, and in 2002 oversaw a secret “black site” prison in Thailand during the harsh interrogation — described as torture by critics — of Abd al-Rahim al-Nashiri, who was accused of the bombing the USS Cole. She also advocated for the destruction of more than 100 videotapes that documented interrogations, according to former CIA officers. A special prosecutor decided not to bring charges.

    • Federal Court Victory for Migrant Farmworkers Protects Their Right to Organize

      The court ruled that a North Carolina law targeting a farmworkers union likely violated the 14th Amendment.

      Farmworkers play a vital role in North Carolina’s multibillion dollar agriculture industry, providing essential labor in a state that produces much of the nation’s sweet potatoes, tobacco, Christmas trees, and many other crops.

      More than 90 percent of these workers are Latino. Many are migrants working seasonally under temporary visas, and they are among the lowest paid and most vulnerable workers in the state. They face high risks to their health and safety, substandard living conditions, and abuse and exploitation by their employers.

      This month, they won an important victory in federal court that vindicated their right to fight for safe working conditions and fair pay.

      For years, North Carolina’s only farmworkers union — the Farm Labor Organizing Committee (FLOC) — has worked tirelessly to advocate for the rights of these workers. The union has successfully negotiated on their behalf with major employers, such as the R.J. Reynolds Tobacco Company.

      But in 2017, North Carolina passed a new law that made it all but impossible for FLOC to operate, gutting the union’s ability to collect dues from members and make collective bargaining agreements on their behalf. Not coincidentally, the North Carolina Farm Act of 2017 was sponsored and supported by legislators who have a vested financial interest in suppressing farmworker organizing.

    • Contra Kavanaugh, Redux – emptywheel
    • Alyssa Milano: ‘I did not have my phone confiscated’ at Ford/Kavanaugh hearing

      “I did not have my phone confiscated as proven by the fact that I didn’t stop making social media posts,” Milano said, adding that her sign was taken.

    • Kavanaugh’s opening remarks are a master class in a common sexual abuser defense tactic

      I put myself through the torture of listening to his statement, and it was full of more shit than I expected. However, his defense had a pattern that abusers—especially sexual abusers—often use when facing accountability.

      The tactic is DARVO, which stands for: Deny the behavior, Attack the individual doing the confronting, and Reverse the roles of Victim and Offender. It’s a term coined by Dr. Jennifer Freyd at the University of Oregon.

    • In Plain Terms, Judge Brett Kavanaugh Lies About Everything

      He lied even when he didn’t have to lie. He lied in preposterous ways easily disproven by common sense. (The “Devil’s Triangle”? “Renate Alumnius”?) He lied like a toddler, like a guilty adolescent, and like a privileged scion of the white ruling class, which is a continuum with which we all are far too familiar. He lied and he dared the Democratic members of the committee, and the country, to call him on his lies. And now, he is a couple of easy steps away from having lied his way into a lifetime seat on the United States Supreme Court. This guy is going to be deciding constitutional issues for the next four decades, and the truth is not in him.

    • No Senator Can Uphold Their Oath of Office and Vote for Kavanaugh’s Nomination

      Senators cannot provide advice and consent when basic questions have not been answered.

    • Hannah Hetzer on New War on Drugs, John Conroy & Jamie Kalven on Chicago Police Violence

      Listeners may know that Donald Trump’s big speech at the United Nations General Assembly was met with laughter. But another funny-not-funny event that took place was largely overlooked. At a sort of glorified photo op, Trump announced a new plan for the “world drug problem” that reflects a return to inhumane and disproven approaches. We’ll hear from Drug Policy Alliance’s senior international policy manager, Hannah Hetzer, about what’s going on.

    • Challenged by Long Island Lawmakers, Police Will Look Into Treatment of Immigrant Families Who Reported Missing Children

      At the behest of county lawmakers, the Suffolk County Police Department said Thursday it will look into what went wrong when Latino families came to the department in 2016 and 2017, desperate for help finding teenage children who had disappeared, only to have their concerns ignored and their children labeled runaways.

      It turned out that many of the missing had been murdered by members of the gang MS-13, some of them buried in Suffolk County woods known as the gang’s “killing fields.”

      The county executive and the head of the Police Department also have agreed to meet with advocates for immigrant and Latino Long Islanders in the coming days.

      The developments came in response to radio, text and video reporting from ProPublica, Newsday and This American Life that outlined how police bias against Latinos hindered the department’s ability to stop a wave of MS-13 murders.

      “This whole entire body has seen the video and read the article, and it’s very disturbing,” Legislator Monica Martinez, who chairs the Legislature’s Public Safety Committee, said during the hourlong discussion at a public meeting. “There is commitment from both the commissioner and the executive to meet with advocates and legislators to discuss this further. This is an investigation going on and therefore certain things cannot be said.”

    • Giving Cops The Finger Is Protected Speech, Says Another Federal Court

      Another federal court has given its official approval of flipping the bird to cops. This isn’t to say it’s a wise idea, just a Constitutional one. Extending the middle finger is protected speech. Detentions or arrests that follow bird-flipping are usually unsupported by any of things officers need to have on hand (probable cause, reasonable suspicion, etc.) to deprive someone of their liberty.

      Other cops have argued the hand gesture that pissed them off so much they broke the Constitution is some sort of universal distress signal. The ensuing interaction wasn’t about being offended, but rather their outsized concern someone in the vehicle might be in need of assistance. Courts have found this argument literally unbelievable.

      In this case, the cop being sued made no such argument. Instead, Officer Wayne Minard maintained he had probable cause to pull Debra Cruise-Guylas over again because he had only issued a warning about her speeding. The court doesn’t agree with this assessment. It points out Guylas had already been pulled over for speeding. The citation ultimately issued by Officer Minard may have been for impeding traffic, but the purpose of the original stop was fulfilled when the citation was issued. No further violation had occurred when Minard pulled Guylas over a second time.

    • ‘A Hidden History Runs Through Our Social Movements in This Country’

      September 15 marked ten years since the largest bankruptcy in US history, that of Lehman Brothers, triggering—or exposing—a crisis that cost millions of people their homes, their jobs and their financial futures, followed by a government bailout of the banks behind the damage. The admission in a New York Times op-ed by former Treasury secretaries Henry Paulson and Timothy Geithner and former Federal Reserve chair Ben Bernanke that they “certainly didn’t get everything right” seemed to pass for reflection in corporate media.

      But more substantive conversations are happening, have been happening, elsewhere, among those for whom the 2008 crisis and the response to it highlighted not only the flaws in the current system, but alternative visions.

      We’re joined now by Nathan Schneider. He’s a journalist and assistant professor of media studies at the University of Colorado, Boulder, and author of—among other titles—the new book Everything for Everyone: The Radical Tradition That Is Shaping the Next Economy, out now from Nation Books. He joins us by phone from Boulder. Welcome to CounterSpin, Nathan Schneider.

  • Internet Policy/Net Neutrality
    • Registrar Killing Zoho Over A Few Phishing Claims Demonstrates The Ridiculousness Of Having Registrars Police The Internet

      For years, we’ve pointed out the dangers of the attempts to move the “policing” function up the internet stack (or down the internet stack, depending on your perspective) from the end-user internet services deeper to infrastructure players. We just recently warned about the mess that will be created by focusing on infrastructure players. Indeed, for years, we’ve worried about targeting domain registrars with takedown notices. There are a variety of reasons for this: first off, registrars are not at all prepared to be in the content moderation business. They just run a database. But, more importantly, their only tool to deal with these things is incredibly blunt: to effectively turn off an entire site by not allowing the URL to resolve.

      And yet, there’s increasing pressure for registrars to police the internet. This is mostly because of people (starting with the legacy copyright players, but others as well) over-hyping the fact that if some content/services are taken down, it just pops back up somewhere else. So, those who focus on censorship try to look further and further along the stack to see where they can block even more.

      A story this week shows just how damaging this can be. Zoho is a very popular online service provider of tools for businesses. We’ve used Zoho a bunch at times, as they offer a really nice and fairly comprehensive suite of business apps at prices that are much more affordable than many of the larger players (while often being just as good, if not better). But earlier this week Zoho disappeared from the internet for a lot of users, after its registrar, Tierranet pulled the plug on their service, claiming it had received too many complaints of phishing attempts via Zoho. Zoho points out in response that (1) it had received a grand total of three reports from Tierranet of attempting phishing, and it had promptly removed the first two accounts and was in the process of investigating the third when all this went down, and (2) it received no warning that Tierranet was about to pull the plug on them and was given no way to reach out to the company in this emergency situation (leading the company to take to Twitter to try to get attention).

    • Web Archives As Evidence

      Kieran McCarthy’s Archive.org’s Wayback Machine is legit legal evidence, US appeals court judges rule reports on the gradual process by which US appeals courts are allowing Web pages recovered from the Internet Archive’s Wayback Machine to be entered in evidence:

    • Bloated

      It used to happen sporadically but now it is a daily experience. As I am browsing the net I click on a link (usually a newspaper website). The page starts to load. Then I wait. And I wait. And I wait. It takes several seconds.

      Once loaded, my patience is not rewarded since my MacBook Air mid-2011 seems to barely be able to keep up. Videos start playing left and right. Sound is not even turned off by default anymore. This shitshow festival of lights and sounds is discouraging but I am committed to learn about world news. I continue.

    • Giving people a choice about Accelerated Mobile Pages (AMP) versus the web

      The decentralized nature of the web, as it is, is under serious threat from initiatives like the Accelerated Mobile Pages (AMP) project spearheaded by Google. Search engines are becoming content repositories for large sections of the web. Many major web publishers have already ceded control over their own websites and handed over a treasure trove of data about their audiences to Bing and Google.

      The Redirect AMP to HTML extension for Firefox gives users a choice to opt-out of a centralized web in favor of the wonderful open and decentralized web.

    • Some Apple Employees Think Company’s New TV Service Will Be Dull As Nails

      Like many companies, Apple has been trying to disrupt the traditional television sector for years. But like countless companies before it, Apple has repeatedly run face-first into a cable and broadcast industry that’s aggressively resistant to actual change. As a result, Apple’s efforts to launch a TV service have been comically delayed for years as cable and broadcast companies (worried that what Apple did to the music industry would also happen to the TV sector) tightly restricted how their content could be used if the approach varies too far from accepted industry norms.

      So despite Steve Jobs insisting that Apple had “cracked the code” on a next-gen TV set as early as 2011 — and efforts to strike licensing deals that have been ongoing since at least 2012 — nothing much has really come from Apple’s promised revolution on the television front.

      In the years since, numerous streaming providers (Dish’s Sling TV, AT&T’s DirecTV Now, Sony’s Playstation Vue) have jumped into the sector, and Apple is definitely a late arrival. As such, the looming TV service Apple appears poised to launch seems to be very much a derivative offering that isn’t likely to disrupt the sector all that much. A report in the Wall Street Journal (paywall, see Gizmodo’s alt. take) notes that Apple has set aside $1 billion for original programming, but Tim Cook’s fears that the service could tarnish Apple’s pure brand image appear to be causing some notable problems.

  • Intellectual Monopolies
    • Qualcomm wins patent case against Apple but fails to get import ban on iPhones
    • Qualcomm now facing 232.8 million to 250 million adversaries in the Northern District of California

      If they were all just seeking a few cents per person, that would be much less of a problem. But they seek, besides injunctive relief against Qualcomm’s conduct, to be compensated for having been overcharged whenever they bought a smartphone in the U.S. during the relevant period. A report by the plaintiffs’ licensing expert “found that the incremental overcharge for each of these five OEMs ranged from 1.13% to 3.84% of the total cost of the device.” Maybe some more specific numbers will become known during the further proceedings, but it already appears to be a safe assumption that this is about many billions of dollars (as is Apple’s lawsuit in the Southern District of California).

    • Qualcomm Loses First Round in Apple Patent Fight at ITC

      Apple Inc.’s iPhones shouldn’t be banned from the U.S. even though they infringe a patent owned by Qualcomm Inc., a U.S. International Trade Commission judge found Friday.

      Judge Thomas Pender found that Apple infringed one of three Qualcomm patents in the case but declined to recommend the import ban sought by Qualcomm. The judge’s recommendation “makes no sense,” Qualcomm said.

      The judge’s findings are subject to review by the full commission, which has the final say. If the commission goes along, it would eliminate a powerful bargaining chip Qualcomm could use to push Apple into agreeing to pay license fees.

    • Qualcomm Accuses Apple of Giving Its Intellectual Property to Intel
    • Qualcomm accuses Apple of giving chip secrets to Intel
    • Qualcomm claims Apple stole IP to help Intel fix lower-quality modems
    • Qualcomm claims Apple stole software trade secrets and gave them to Intel
    • Qualcomm accuses Apple of stealing its secrets to help Intel
    • Qualcomm is accusing Apple of stealing its secrets and giving them to its top rival — Intel
    • Analysis of Qualcomm’s AI Technologies, Patents and Strategies, 2018 Report – ResearchAndMarkets.com
    • Qualcomm Accuses Apple of Stealing Secrets to Help Intel
    • Trademarks
    • Copyrights
      • Board statement on harassment, openness, and CC community

        Creative Commons is firmly committed to a workplace, community, and culture of mutual respect, free of harassment. We take all allegations of harassment and misconduct very seriously. We care deeply about the pain and anguish that is felt by victims of harassment, even many years after the fact.

        CC has recently become aware that former intern and employee, Billy Meinke, has published an open letter to the Board of Directors about his experience working at CC from 2012-2013. Mr. Meinke also blogged in 2017 about his experiences. In response to that post last year, the Board carefully reviewed all the facts and processes related to Mr. Meinke’s 2014 complaint to ensure the matter had been handled appropriately and fairly. We were confident that Mr. Meinke’s claims were promptly and thoroughly investigated when first reported, that CC’s response was appropriate, and that all processes and procedures were properly followed.

      • Copyright and Speech Should Be Treated Like Traffic Tickets

        While there may not be consensus on what they are, there is a shared belief that U.S. copyright law has some serious problems. But the CASE Act, which aims to treat copyright claims like traffic tickets, is not the answer.

        On Thursday, August 27, the House Judiciary Committee held a hearing on the CASE Act (H.R. 3945). The CASE Act would create a “small claims” system for copyright, but not within the courts. Instead, cases would be heard by “Claims Officers” at the Copyright Office in Washington, D.C. And the Copyright Office has a history of presuming the interests of copyright holders are more valid than other legal rights and policy concerns, including the free expression values protected by fair use.

        Basically every concern we had about the CASE Act last year remains: Turning over quasi-judicial power, which would include issuing damages awards of up to $15,000 per work infringed or $30,000 per proceeding, and agreements which boil down to binding injunctions, to a body with this history is unwise.

        In addition to the problem of turning the Copyright Office into a quasi-court with jurisdiction over everyone in the U.S., CASE would invite gamesmanship and abuse, magnify the existing problem of copyright’s unpredictable civil penalties, and would put this new group in charge of punishing DMCA abuse, while also limiting the effectiveness of the DMCA’s deterrence factor.

      • Thanks To Streaming Fragmentation, Bittorrent Traffic Is Suddenly Rising In Traffic Share

        When it comes to the type of traffic the content industries are worried about regarding piracy, the present is no longer the past. You can see this in many ways, such as anti-piracy efforts largely focusing on illicit streaming sites, the trend in laws and takedown notices also targeting streaming sites, and the overall messaging coming out of the copyright industries about how evil streaming sites are with little distinction between the legal and illegal. All of this has been built in part on the realization that bittorrent traffic, the piracy metric of a decade ago, has been steadily dropping in its traffic market share for several years. Combined with a drastic rise in streaming traffic share, the takeaway was that pirates weren’t downloading any longer and were instead streaming.

        The other side of that conversation is how good, convenient streaming services like Netflix and Amazon Prime Video have taken away some of the impulse for copyright infringement as well. It turns out that if you give the public access to what they want at a reasonable price and make the content easy to get, there’s no longer a need to pirate that content. Who knew?

        Unfortunately, the past few years have seen a drastic fragmentation of the streaming market. Where there was once the need to essentially have one or two streaming services to get most of the content you want, exclusivity deals and homegrown content created by the streaming companies themselves has carved out more borders in the streaming services industry, often times requiring many streaming services to get the content people now want. And, because every action has an equal and opposite reaction, Canadian broadband management company Sandvine is reporting that bittorrent traffic is suddenly on the rise.

      • FrostWire Team Calls it Quits After Google Deletes Android App

        After more than 14 years developing file-sharing applications, the FrostWire team has dramatically quit following what appears to be an invalid DMCA takedown notice. The notice targeted FrostWire’s Android app, which Google deleted from its Play Store and refuses to reinstate.

      • CBS Shuts Down Stage 9, a Fan-Made Recreation of the USS Enterprise

        Stage 9, a beautiful fan-made recreation of the Enterprise ship from Star Trek: The Next Generation, has been shut down following a cease-and-desist from CBS. The people behind the two-year-old project tried to reason with CBS, offering to make changes to keep their dream project alive, but the broadcasting giant wasn’t interested in discussion.

      • CBS Bullies Fan Star Trek Project To Shut Down Despite Creators’ Pleas For Instructions On Being Legit

        Lawsuits and intellectual property disputes revolving around the Star Trek franchise are legion. This is largely due to just how massive and popular the franchise has been over the past decades and into the present. Still, we’ve seen all kinds of examples of how either the disputes are frivolous or silly, or cases in which IP owners had so many options open to them other than bullying and suing but chose to ignore those alternative routes.

        That brings us to Stage 9, a non-commercial labor of love put together by fans of Star Trek: The Next Generation. Stage 9 is the virtual recreation of TNG’s Enterprise starship that allows fans of the series to explore the beloved vessel and immerse themselves in the chief setting of the series. Stage 9 has been built over the past two years by creators that have taken great pains to state that the project was not affiliated or licensed with CBS or Paramount and that they weren’t doing this to make money, only to artistically demonstrate their fandom.

      • Cox Highlights Double Standard and Wildly Inaccurate Notices in Piracy Case

        Internet provider Cox Communications has responded to the federal complaint filed by several major record labels. The ISP refutes all copyright infringement claims and notes that DMCA notices can be wildly inaccurate. In addition, it mentions that under the “Copyright Alert System,” which the labels were part of, ISPs were not required to terminate subscribers.

How Team UPC is Reacting to the Demise of EPO- and EU-Connected Court That Would Have Put Patent Maximalists in Charge

Friday 28th of September 2018 09:59:20 AM

France at the centre, as usual

Summary: The three Frenchmen above are unlikely to ever see a Unitary Patent or Unified Patent Court; this is only bad news for patent trolls and law firms that represent them, hoping to make a killing across Europe with frivolous litigation and threats of litigation

THE previous post focused on the decline of patent quality at the USPTO — a problem which has spread to Europe. For the time being, however, courts can compensate for that. Patent maximalists are hoping for bogus courts with lack of oversight and a bias in favour of EPO management, software patents etc. (bypassing national courts)

Such courts would fall under a “Unified Patent Court” or UPC as they call it. If only if ever became a reality. After a series of rebrands and a lot of mischief it has ground to a halt and there’s no escaping the reality that UPC is running out of time. Even patent maximalists and firms that pushed hard for UPC (we call them “Team UPC”) are losing hope. Towards the end of this week we saw one law firm saying: “The implications for the Unitary Patent and the Unified Patent Court depend on whether the Unified Patent Court Agreement comes into force – it will do so if it is ratified by Germany. If it does and there is no deal relating to the UK’s involvement in it, then UK businesses will be able to apply for Unitary Patents and enforce them in the Unified Patent Court. However, UK businesses will only have the option of obtaining a UK patent (whether by applying to the UK Patent Office or through the EPC system) and enforcing their UK patent rights in the UK courts.”

These are pretty loaded statements that rely on the false assumption of a 'continental' UPC ever coming into fruition. It cannot, not outside the UK. Published this morning from Mark Bell of Dehns (part of Team UPC) was an article which says this:

Although the unitary patent and the Unified Patent Court have yet to come into force, its subsequent fate may well be affected by the UK leaving the EU.

Were the Unified Patent Court to never come into force, there will be no change for businesses in the UK or the EU at the point that the UK leaves the EU, even though the UK has ratified the Unified Patent Court Agreement.

Were the Unified Patent Court to come into force (once Germany has ratified the Unified Patent Court Agreement), the UK will seek to remain within the Unified Patent Court and the unitary patent system. However, depending on whether this takes place before the UK leaves the EU (the latest thinking on this is that this seems unlikely) or after leaving the EU, may affect the UK’s ability to participate in these systems.

Were the UK to be part of the unitary patent and the Unified Patent Court systems (e.g. before the UK leaves the EU), one scenario is that the UK would need to withdraw from them (e.g. when the UK leaves the EU). Businesses (both in the UK and overseas) would therefore no longer be able to use the unitary patent and the Unified Patent Court to protect their inventions within the UK. Instead, as they are able to now, they are able to seek patent protection in the UK via the UK Intellectual Property Office or the European Patent Office (a non-EU institution).

How can Dehns honestly say this after the release of this paper from the Max Planck Institute? People asked this in the comments (so-called ‘interview’ with other Dehns staff) only to hear some excuse about the ‘interview predating this paper. The reality is, they intentionally ignore anything which doesn’t suit their financial agenda, i.e. more of the usual. Bristows went further and smeared the paper, calling it “controversial” even though no controversy exists.

As we said some days ago, "lost in the noise created by Team UPC this week is the simple fact that the British government now admits it’s willing to abandon all Unified Patent Court (UPC) Agreement (UPCA) plans" and this latest interpretation is more correct than most things lawyers have said about UPC (compare to the infamous two lies). To quote:

The UK has ratified the Unified Patent Court Agreement, but it still needs to be ratified by Germany and it is unclear if this will occur before 29 March 2019. If the UPC does not come into force, there will be no changes for UK and EU businesses at the point that the UK exits the EU.

If the UPC does come into force, the notice confirms that the Government will “explore whether it would be possible to remain within” the UPC and UP systems even in a hard Brexit scenario.

By contrast, see what a totally and completely stuffed/stacked panel at the AIPPI event (as one might expect) said (or is reported to have said):

Carr was one of six panellists (all speaking in a personal capacity) who took part in the “Briefing: hot topics in IP” session during the 2018 AIPPI World Congress in Cancún, Mexico, which finished yesterday, September 26.

While refusing to express any views about the wisdom of Brexit itself, Carr noted that one of the most difficult topics to deal with post-Brexit will be IP exhaustion.

[...]

Finally, on the Unified Patent Court (UPC) Agreement and the unitary patent, Carr said: “In my opinion, if we reach a deal then I think the UK will participate … and we have a valuable contribution to make. If there’s no deal, I think it’s unlikely that we will participate … I don’t think it would be in the interests of other European countries to allow us to do so.”

Also in the session, Judge Klaus Grabinski of the German Federal Court of Justice discussed the UPC Agreement in more depth.

“When you look into the UPC’s life, you may get a feeling that we are now in a situation which is rather unclear. Europe has been struggling to get a common court in the patent field for more than 60 years,” he said, before adding that Brexit and a constitutional complaint in Germany are the two main roadblocks to the UPC.

The above isn’t to be mistaken for the constitutional court, or FCC. A different court, the German Federal Court of Justice, is named above. IP Kat wrote about it a couple of days ago in relation to this case now referred to CJEU. What the above suggests is that even judges can recognise the seriousness of the barriers, and the constitutional complaint isn’t the sole barrier.

It should be noted that the above event promoted patent trolls’ agenda, as one might expect from AIPPI World Congress. Bristows did coverage of it in two parts [1, 2] for IP Kat and irony wasn’t overlooked by Benjamin Henrion, who wrote: “Consumers not invited to the FRAND conference: “Tadanobu Andou concluded by reminding the meeting that patent licence fees are in the end paid by end users. In setting licensing fees have to consider how much end users are ready to pay.””

Well, Bristows are “liars and patent zealots,” I told him, as they “push SEP/FRAND agenda” for their clients that are patent trolls. This is why they’re also pursuing UPC like they’d go bankrupt if it fell through.

In the EPO Under António Campinos and His Predecessor Battistelli Patents Can Almost be Presumed “Invalid” (in Courts)

Friday 28th of September 2018 09:20:42 AM

The EPO’s new “away” uniform?


EPO logo with white background (whitewashing)

Summary: By lowering patent quality for the sake of faked ‘growth’ (in patent awards, not innovation) the patent offices merely harm the perception of patents as valid until/unless proven otherwise

THE EPO and the U.S. Patent and Trademark Office (USPTO) both have a patent quality problem. The new USPTO Director seems not to care if SCOTUS narrowed patent scope (recall Iancu's speech at an IPO event). Neither does the ITC, unlike the Federal Circuit, which typically affirms Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs), citing 35 U.S.C. § 101. As for the EPO, it regularly promotes software patents in Europe, more so under António Campinos. They use all sorts of buzzwords and three-letter acronyms (sometimes two- and four-letter acronyms), but the net effect is the same. Abstract patents, which national courts would likely reject, get granted.

What good are patents if or when there’s no legal certainty associated with them? It almost defeats the very essence and purpose of patents.

Professor Dennis Crouch has just taken note of this utterly ridiculous patent which looks like something a child would draw on a chalkboard. The USPTO would become a laughing stock for patents like these. As Crouch put it: “Morgan Irons patented “Ecological System Model” is pretty cool — although deceptively simple. U.S. patent No. 9,970,208 — focusing on space agriculture.”

Crouch has also just noted a decline in the number of patents granted in the US (as projected earlier this year). The overall number is still far too high and many of these are bunk, bogus, worthless as courts would reject them anyway. “We’ve reached the end of FY2018,” Crouch wrote. “During the year, the USPTO has issued just over 300,000 patents. This is a small drop from FY2017, but the second highest year on record.”

Professor James Bessen has meanwhile noted (on Twitter) a new article titled “China Claims More Patents Than Any Country—Most Are Worthless”. This doesn’t surprise us at all as we have been saying this repeatedly for years. The trouble is, Europe and the US go down the same path now; desperate to ‘catch up’ with China, they too try to lower patent quality and grant a lot of dubious patents.

World Intellectual Property Review has just written about the EPO using China as somewhat of role model for patents (even though Chinese patents are regarded as somewhat of a joke). “EPO and CNIPA sign bilateral co-operation agreement,” IPPro Patents said in its headline.

IP Watch, which stopped covering EPO scandals (and its chief took selfies with Campinos, which may or may not say something), wrote some time yesterday about Korea’s patent office (KIPO) using buzzwords to help applicants bypass their own restrictions on software patenting. They even use the EPO’s favourite buzzword/term, “4IR”. To quote this new interview: “To this end, KIPO will strive to secure strong, high-quality patents to have competitiveness in key technical fields of the 4IR such as artificial intelligence (AI) and the Internet of Things (IoT).”

“They even use the EPO’s favourite buzzword/term, “4IR”.”So does KIPO too lower patent quality, in the name of facilitating/respecting buzzwords? The trouble is, affirmation rates in courts are rather low, which means that a lot of awarded patents can now be presumed invalid. So what good are these really? A paid press release (blocked in EU due to GDPR) was released this week and it’s titled “TFF Pharmaceuticals Receives Notice of Intention to Grant European Patent for Its Thin Film Freezing Process, Providing IP Protection in Europe until 2028″ (but is it valid?)

In the US, even patent maximalists are currently sceptical of the situation. They don’t believe that being more lenient in granting is the ‘solution’ but making the courts more lenient should the goal (i.e. lowering the patent bar). As one patent maximalist put it: “Likely example of what Iancu’s standard will stop: PTO INVENTING NEW categories of judicial exceptions: “claims are directed to the abstract idea of “using categories to organize, store and transmit information” https://e-foia.uspto.gov/Foia/RetrievePdf?system=BPAI&flNm=fd2018001127-09-13-2018-1 …”

That would not, in any way whatsoever, change how courts view these patents. Director Iancu is like a ‘mole’ of lawyers (like himself); he or his firm had worked for Trump before he became Director and IPPro Patents belatedly covered his speech as follows: “The US must stop commingling the categories of invention with the conditions of patentability, according to US Patent and Trademark Office (USPTO) director, Andrei Iancu.” [via]

But again, that would not change what courts decide. “Iancu says guidance is needed on patentable subject matter eligibility to get out of a “rut”, particularly on the how Section 101 is different from Sections 102, 103 and 112,” Michael Loney wrote. Maybe what’s needed is higher patent bar, even if that means far fewer patents being granted. As Benjamin Henrion put it: “Iancu could have just copy/pasted the European Patent Convention art52, but he just wanted software patents back, and abolish Alice for its clients…”

Well, Iancu does not obey courts; like the President who appointed him, he just overrides the courts. He thinks he’s a lawmaker or something.

“Really,” said one reasonable observer, “it’s Iancu who needs to get on the same page as the courts — particularly the Supreme Court, which does get the final say in these matters until and unless Congress acts. Iancu doesn’t get to make the rules; that’s just how it goes.”

She was citing/quoting the maximalists as saying: “So its nice that Iancu is working on 101, but the courts also need to get on the same page. Whats the point of the PTO fixing their 101 issues only to have the courts kill patents on the same 101 issues a few years later when the patents are enforced?”

This maximalist later clarified to her: “I agree. Proposing all of these changes on 101 is a waste if the courts are going to kill on the same issues. What’s the point? IP still not enforceable. [] While issued patents are valid they aren’t worth the ink or the paper unless they can be enforced. So the pto stops rejecting on 101 and issues SW patents again at a higher rate. PO tries to enforce in court down the line and gets killed due to 101. Massive waste of time & money…”

She later added (lots more in there from her): “Issued patents are *presumed* valid; they are not conclusively valid as an evidentiary matter. If a defendant in an infringement case proves by clear and convincing evidence that the patent was erroneously issued, then the presumption is defeated.”

Therein lies the danger to the EPO. What good are European Patents that aren’t presumed valid or likely to be considered invalid by courts? Lawyers may benefit, but nobody else…

“That’s called the “Rule of Law”,” Henrion remarked on the above conversation. “US is lucky, in Europe we have the EPO that is not bound by any court, and don’t give a damn if for ex the French courts are saying their practice to grant swpat [software patents] don’t have a legal ground. So you are lucky.”

“That’s separation of powers and rule of law for you,” another person remarked.

We cannot have patent offices deciding the rules by which they’re governed. That would be even a laughable proposition in a country like China. We’ll say a lot more about it in the weekend (in relation to the US).

Links 28/9/2018: Kubernetes 1.12 Released, Intel DRM in Linux, Krita 4.1.3, Ubuntu Beta

Friday 28th of September 2018 05:41:51 AM

Contents GNU/Linux
  • Desktop
    • Why Nerds Use Linux

      1) A good reason to use Linux is to have the pleasure of saying you do not use Windows when someone asks you to go to your home to fix your computer and you do not know the reason for the problem. You can say that you do not know Windows and can not fix it.

      ​Not infrequently we find an unrecoverable pirated Windows full of malware and everything else, with important data that the user does not want to lose, but of course, did not make a simple backup. After this grim picture, we can only say: “Sorry, my friend, I do not know Windows, I only use Linux.”

    • System76 To Release A “New Open-Source Computer”

      Longtime Linux PC vendor System76 has begun teasing a “new open-source computer” they will release in the coming weeks.

    • Linux hardware vendor System76 has begun teasing their new ‘open-source computer’

      System76 [Official Site], the hardware vendor that focuses on putting out well-supported Linux laptops, desktops and servers are teasing something new.

    • System76 Launching a New Open-Source Computer, Krita 4.1.3 Released, the Hyperledger Project Gains 14 New Members, Distro Maintainers Need to Merge Kernel Security Fixes Faster and Java 11 Now Available

      System76 is launching a new open-source computer, which will be available for pre-order next month. Before announcing the finalized hardware, the company will be releasing a four-part animation each week with “design updates hidden within a game portion of the story”. That story will contain “different worlds, each representing an antithesis to open source ideals. These themes are utilized to draw attention to the importance of open source in the evolution of technology”. If you’re interested, you can sign up here to follow the saga and receive updates leading up to the pre-order.

    • You can pre-order System76′s Linux-powered open source ‘Thelio’ computer next month

      When you buy a System76 computer today, you aren’t buying a machine manufactured by the company. Instead, the company works with other makers to obtain laptops, which it then loads with a Linux-based operating system — Ubuntu or its own Pop!_OS. There’s nothing really wrong with this practice, but still, System76 wants to do better. The company is currently working to manufacture its own computers (“handcrafted”) right here in the USA! By doing this, System76 controls the entire customer experience — software, service, and hardware.

      Today, the company announces that the fruits of its labor — an “open-source computer” — will be available to pre-order in October. Now, keep in mind, this does not mean the desktop will be available next month. Hell, it may not even be sold in 2018. With that said, pre-ordering will essentially allow you to reserve your spot. To celebrate the upcoming computer, System76 is launching a clever animated video marketing campaign.

  • Server
    • Kubernetes 1.12 Released

      Today, the Kubernetes Project released version 1.12. The big updates in this version are the general availability of TLS bootstrapping, a maturing story around scaling, and better multitenancy. Head on over to the CoreOS Blog to check out the full details of this release.

    • Welcome to Kubernetes 1.12

      Today, we celebrate this week’s release of Kubernetes 1.12, which brings a lot of incremental feature enhancements and bug fixes across the release that help close issues encountered by enterprises adopting modern containerized systems. Each release cycle, we’re frequently asked about the theme of the release. There are always exciting enhancements to highlight, but an important theme to note is trust and stability.

      The Kubernetes project has grown immensely over the last few years and has come to be respected as a leader in container orchestration and management solutions. With that stature comes the responsibility to build APIs and tools that are well-tested, easy to maintain, highly performant, and scalable; qualities that are trusted and stable. In each of the upcoming release cycles, we expect to continue to see a community effort around prioritizing the maturation and stabilization of existing functionality over the delivery of new features.

    • Open-source boffins want to do for the IoT edge what Kubernetes did for containers

      Two high-profile open-source collaborations are putting their heads together to work out how to take Kubernetes, more familiar in hyperscale environments, out to Internet of Things edge computing projects.

      The Kubernetes IoT Edge Working Group is the brainchild of the Cloud Native Computing Foundation (CNCF) and the Eclipse Foundation.

      Speaking to The Register, CNCF’s Chris Aniszczyk said the idea of using Kubernetes as a control plane for IoT is “very attractive”.

      That sums up the brief of the working group, he said, “to take the concept of running containers, and expand that to the edge”.

    • Linux Foundation Networking & Cloud Native Computing Foundation Get Jiggy

      Open Networking Summit Europe — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced further collaboration between telecom and cloud industry leaders enabled by the Cloud Native Computing Foundation (CNCF) and LF Networking (LFN), fueling migrations of Virtual Network Function (VNFs) to Cloud-native Network Functions (CNFs).

    • ​Linux now dominates Azure

      Three years ago, Mark Russinovich, CTO ofAzure, Microsoft’s cloud program, said, “One in four [Azure] instances are Linux.” Then, in 2017, it was 40 percent Azure virtual machines (VM) were Linux. Today, Scott Guthrie, Microsoft’s executive vice president of the cloud and enterprise group, said in an interview, “it’s about half now, but it varies on the day because a lot of these workloads are elastic, but sometimes slightly over half of Azure VMs are Linux.” Microsoft later clarified, “about half Azure VMs are Linux.”

  • Audiocasts/Shows
  • Kernel Space
    • Linus Torvalds: ‘I’ll never be cuddly but I can be more polite’ [Ed: Famously Linux-hostile BBC (lots of ex-Microsoft UK managers at BBC) the latest to perpetuate smears against Torvalds and Linux]

      He has always had a reputation as someone who provides blunt feedback to engineers, with expletive-laden emails, once describing an Intel fix as “complete and utter garbage”.

    • Code, conflict, and conduct

      A couple of surprising things happened in the kernel community on September 16: Linus Torvalds announced that he was taking a break from kernel development to focus on improving his own behavior, and the longstanding “code of conflict” was replaced with a code of conduct based on the Contributor Covenant. Those two things did not quite come packaged as a set, but they are clearly not unrelated. It is a time of change for the kernel project; there will be challenges to overcome but, in the end, less may change than many expect or fear.

    • The Woman Bringing Civility to Open Source Projects

      Codes of conduct are designed to make open source projects more inviting to everyone, and the idea is catching on. Today, more than 40,000 projects have adopted the Contributor Covenant, including Google’s artificial intelligence platform TensorFlow and the increasingly popular programming framework Vue. Even Linux is finally on board: Earlier this month the project adopted the Contributor Covenant, and Torvalds apologized for his past behavior.

      André Arko, lead maintainter of the popular Ruby tool Bundler, says the Contributor Covenant has changed the project for the better. Before the project adopted the Covenant, the team struggled to find enough contributors to maintain the project. That changed quickly. “We’ve had dramatically more participation,” he adds. That’s meant more participation from women, minorities, and other underrepresented groups, but also more contributions from white men as well.

    • I’m very disappointed in Linus Torvalds

      It’s similar to how a few days ago 3D gun pioneer Cody Wilson also became wanted for “sexual assault”; it seems the US government, through entrapment, finally found a more effective way to attack him and stop his efforts of getting 3D printed guns to people via the Internet. And of course, this is very similar to what happened to Jacob Applebaum and Julian Assange. You would hope that activists and open-source leaders would have learned by now to avoid such traps, where sexuality and women are (ab)used to damage people’s reputations and gain power over them.

    • The Culture War Comes to Linux

      A small group of programmers are calling for the rescission of code contributed to Linux, the most popular open source operating system in the world, following changes made to the group’s code of conduct. These programmers, many of whom don’t contribute to the Linux kernel, see the new Code of Conduct as an attack on meritocracy—the belief that people should mainly be judged by their abilities rather than their beliefs—which is one of the core pillars of open source software development. Other developers describe these attacks on the Code of Conduct as thinly veiled misogyny.

      It’s a familiar aspect of the culture war that many online and IRL communities are already dealing with, but it has been simmering in the Linux community for years. The controversy came to the surface less than two weeks after Linus Torvalds, the creator of Linux, announced he would temporarily be stepping away from the project to work on “understanding emotions.” Torvalds was heavily involved with day to day decisions about Linux development, so his departure effectively left the community as a body without a head. In Torvalds’ absence, certain developers seem committed to tearing the limbs from this body for what they perceive as an attack on the core values of Linux development.

      [...]

      Over the last three years, however, the verbal abuse among Linux developers, a lot of it coming from Torvalds himself, hardly abated. In fact, Elon University computer science professor Megan Squire even used machine learning to recognize Torvalds’ insults, which numbered in the thousands during a four year period. According to Squire’s analysis, most of this abusive language wasn’t gendered.

    • Compiling kernel UAPI headers with C++

      Linux kernel developers tend to take a dim view of the C++ language; it is seen, rightly or wrongly, as a sort of combination of the worst (from a system-programming point of view) features of higher-level languages and the worst aspects of C. So it takes a relatively brave person to dare to discuss that language on the kernel mailing lists. David Howells must certainly be one of those; he not only brought up the subject, but is working to make the kernel’s user-space API (UAPI) header files compatible with C++.

      If somebody were to ask why this goal is desirable, they would not be the first to do so. The question has not actually gotten a complete answer, but some possible motivations come to mind. The most obvious one is that some developers might actually want to write programs in C++ that need access to the kernel’s API; there is no accounting for taste, after all. For most system calls, the details of the real kernel API (as opposed to the POSIX-like API exposed by the C library) tend to be hidden, but there are exceptions; the most widespread of those is almost certainly the ioctl() system call. There is a large set of structures used with ioctl(); their definition is a big part of the kernel’s UAPI. If a C++ compiler cannot compile those UAPI definitions, then those ioctl() calls cannot be invoked from C++.

    • Fake news: No Linux devs are threatening to pull code

      There was no mention of anyone having yet done so.

      There are a couple of additional points to be borne in mind: one, when corporate contributions are made to the kernel, the developer has to assign copyright to the corporation. Ninety percent of code contributed to Linux fits in this bracket.

      And two, soon after the SCO Group announced its decision in 2003 to sue IBM for copyright over UNIX code that it (SCO) claimed to own, the Linux kernel project decided to ask developers to provide a standard, signed form in which they assigned copyright for code changes they submitted to the project to the people running said project.

      These two factors may not get in the way of some upstart wanting his/her code back. But it definitely will not make it any easier.

      The second source for this article is a man of the past, Eric Raymond, once a luminary of the open source community, but now only a fringe player. Raymond wrote a blog post about the Torvalds episode, and the throwaway line “let me confirm that this threat (ie. developers asking for their code back) has teeth” seems to have got the author of the article in question a little excited.

    • BLK-MQ To Support Runtime Power Management With Linux 4.20~5.0

      The Linux mult-queue block I/O layer (blk-mq) has been working out well for delivering very fast performance particularly for modern NVMe solid-state storage and SCSI drives. But it turns out run-time power management hasn’t been in use when blk-mq is active.

      The multi-queue block code brings per-CPU software queues and these software queues can map to hardware issue queues. These multiple queues can reduce locking contention and the overall blk-mq design jives with current high-performance solid-state drive characteristics. The key drivers have been ported over to using blk-mq for a while now (end of Linux 3.xx / early 4.x kernels) and for Linux systems not using it by default can be activated easily via the scsi_mod.use_blk_mq=1 boot option.

    • FUSE Getting Another Performance Boost In Linux 4.20~5.0

      Separate from the recent FUSE performance work talked about for making FUSE faster with the eBPF in-kernel JIT that hasn’t been staged for mainlined, “File-Systems in User-Space” are set to see better performance on the next kernel (Linux 4.20~5.0) thanks to other changes.

      Already having been queued for this next kernel cycle is copy_file_range support for FUSE to yield more efficient copy operations.

    • Linux Foundation
      • Linux Foundation Moves to Bring Virtual Network Functions to Cloud Native Network Functions on Kubernetes
      • Open Source Culture Starts with Programs and Policies [Ed: "The Linux Foundation sponsored this post."]

        More than anything, open source programs are responsible for fostering “open source culture,” according to a survey The New Stack conducted with The Linux Foundation’s TODO Group. By creating an open source culture, companies with open source programs see the benefits we’ve previously reported, including increased speed and agility in the development cycle, better licence compliance and more awareness of which open source projects a company’s products depend on.

      • New Video Applications Will Represent Majority of Edge Traffic by 2020, Survey Finds

        In an effort to identify early edge applications, we recently partnered with IHS Markit to interview edge thought leaders representing major telcos, manufacturers, MSOs, equipment vendors, and chip vendors that hail from open source, startups, and large corporations from all over the globe. The survey revealed that edge application deployments are still young but they will require new innovation and investment requiring open source.

        The research investigated not only which applications will run on the edge, but also deployment timing, revenue potential and existing and expected barriers and difficulties of deployment. Presented onsite at ONS Europe by IHS Markit analyst Michael Howard, the results represent an early look at where organizations are headed in their edge application journeys.

      • FedEx Joins Hyperledger Blockchain Hub, ‘Big Implications’ for Logistics

        American courier delivery services giant FedEx has joined Hyperledger, an open-source project established to improve cross-industry blockchain technologies, according to a press release published September 26.

        Hyperledger, which is hosted by the Linux Foundation, enables organizations to build blockchain-based industry-grade applications, platforms and hardware systems in the context of their individual business transactions.

      • FedEx joins open-source blockchain project

        Global shipping company FedEx has joined Hyperledger, an open-source blockchain venture that now has more than 270 members, according to a press release.

        FedEx is taking part in the collaborative project “to advance cross-industry blockchain technologies,” which already includes members such as American Express, Deutsche Bank, IBM, Intel and JPMorgan.

      • FedEx joins open source blockchain hub

        Hyperledger, an open source collaborative effort created to advance cross-industry blockchain technologies, has announced 14 members, including FedEx, have joined its growing global community.

        More than 270 organisations are now contributing to the growth of Hyperledgers’ open source distributed ledger frameworks and tools.

      • 14 new members join open source blockchain project Hyperledger

        Hyperledger, an umbrella project of open source blockchains has announced on Wednesday that it will be collaborating with 14 new members who have joined its global community.

        As of now, 270 plus members are contributing to the growth of Hyperledgers’ open source distributed ledger frameworks and tools.

      • FedEx Joins Hyperledger in Blockchain Consortium’s Latest Expansion

        Global shipping giant FedEx has just become one of the 14 newest members to join the Hyperledger consortium.

        Hyperledger announced that FedEx, Honeywell International, as well as a number of crypto startups, have become the newest participants in its mission to to build blockchain platforms and applications for enterprises, according to a press release on Wednesday.

      • Wanchain (WAN) joins Linux Foundation’s Hyperledger

        Linux Foundation’s Hyperledger launched in 2016 has attracted many members to its singular technology, the latest members being FedEx, Honeywell International Inc., and Conste11ation Labs. Wanchain (WAN) also announced today that it has officially joined the hyperledger community where it will focus on “blockchain interoperability”.

        The Hyperledger is an open source project focused on uniting blockchain of different cryptocurrencies and industries to work together and share value. Members of the Hyperledger community come from different sectors of the world economy. In a press release made available by the company, Hyperledger now has 14 new members cutting across different fields of endeavour, one of which is Wanchain.

      • Constellation Joins Hyperledger
      • FedEx Joins Hyperledger in further push for Logistics efficiency

        FedEx the giant US courier company, proactive adopter of blockchain technology and BiTA member, has joined Linux hosted open-source project Hyperledger to further advance the use of distributed ledger in logistics, and transportation.

      • Wanchain 3.0 — Bridging Bitcoin & Ethereum — Alpha Testnet is Live!

        We are very pleased to announce that invite-only testing for Bitcoin Integration (Wanchain 3.0) is now live — see below for registration details. This is the Alpha testnet for Wanchain’s 3.0 launch that has been planned to go live by the end of 2018. We have been making remarkable progress on our technology and are excited to deliver this Alpha testnet ahead of schedule.

      • Hyperledger Continues Strong Momentum with 14 New Members

        Hyperledger, an open source collaborative effort created to advance cross-industry blockchain technologies, today announced 14 members have joined its growing global community. More than 270 organizations are now contributing to the growth of Hyperledgers’ open source distributed ledger frameworks and tools.

      • Linux Foundation helps bring VNFs to Kubernetes

        The Linux Foundation announced further collaboration between the telecom and cloud industries through its Cloud Native Computing Foundation (CNCF) and LF Networking (LFN) in order to fuel migrations of virtual network functions (VNFs) to cloud-native network functions (CNFs).

        Two of the fastest-growing Linux Foundation projects – ONAP (part of LF Networking) and Kubernetes (part of CNCF) – are coming together in next-generation telecom architecture as operators evolve their VNFs into CNFs running on Kubernetes. Compared to traditional VNFs (network functions encapsulated in a virtual machine running in a virtualized environment on OpenStack or VMware, for example), CNFs (network functions running on Kubernetes on public, private, or hybrid cloud environments) are lighter weight and faster to instantiate, the foundation said. Container-based processes are also easier to scale, chain, heal, move and back up.

      • Open source communities unite around Cloud-native Network Functions

        Cloud Native Computing Foundation (CNCF), chiefly responsible for Kubernetes, and the recently established Linux Foundation Networking (LF Networking) group are collaborating on a new class of software tools called Cloud-native Network Functions (CNFs).

        CNFs are the next generation Virtual Network Functions (VNFs) designed specifically for private, public and hybrid cloud environments, packaged inside application containers based on Kubernetes.

      • Blockchain development made easy: Getting started with Hyperledger Iroha

        Our ‘Blockchain development made easy’ series continues with Hyperledger Iroha, a simple blockchain platform you can use to make trusted, secure, and fast applications. What are the advantages and how can developers get started with it? We talked to Makoto Takemiya, co-founder and co-CEO of Soramitsu about what’s under this project’s hood.

      • Open FinTech Forum Offers Tips for Open Source Success

        2018 marks the year that open source disrupts yet another industry, and this time it’s financial services. The first-ever Open FinTech Forum, happening October 10-11 in New York City, focuses on the intersection of financial services and open source. It promises to provide attendees with guidance on building internal open source programs along with an in-depth look at cutting-edge technologies being deployed in the financial sector, such as AI, blockchain/distributed ledger, and Kubernetes.

        Several factors make Open FinTech Forum special, but the in-depth sessions on day 1 especially stand out. The first day offers five technical tutorials, as well as four working discussions covering open source in an enterprise environment, setting up an open source program office, ensuring license compliance, and best practices for contributing to open source projects.

    • Graphics, Hardware and Virtualization
      • Intel Iris Gallium3D Forming As Their Future OpenGL Driver, Promising Early Results

        Last month we noted a new Gallium3D driver in-development by Intel dubbed “Iris” and potentially replacing their existing “classic i965″ Mesa driver for recent generations of Intel HD/UHD/Iris graphics hardware. Intel developers have begun talking about this new open-source Linux GPU driver today at the XDC 2018 conference in A Coruña, Spain.

      • AMD Zen-Based Hygon Dhyana CPU Support Queued Ahead Of Next Linux Cycle

        Support for the Hygon Dhyana, a Chinese x86 server CPU based on AMD Zen/EPYC, will find its way into the next Linux kernel cycle.

        The partnership between AMD and Haiguang IT Co was announced earlier this year for creating x86 CPUs targeting the Chinese server market. Hygon “Dhyana” is the first family of these new x86 CPUs licensed from AMD and based upon their Zen / Family 17h architecture. For the past several months there have been rounds of kernel patches sent out for review adding this Hygon Dhyana support to the Linux kernel.

      • Mesa 18.2.1 Going Into Ubuntu 18.10 For Fresh Open-Source GPU Drivers

        It was a bit nerve-racking seeing Mesa 18.1 still in use by the Ubuntu 18.10 “Cosmic Cuttlefish” in recent days, but fortunately it looks like the feature freeze exception is secured and Mesa 18.2 is on its way to landing.

        Since yesterday, Mesa 18.2.1 is now queued in cosmic-proposed. It’s not in the official “Cosmic” archive yet, but should soon be — well in time for the Ubuntu 18.10 release expected on 18 October.

      • Intel Working On Improving Linux Virtualization With VT-d Scalable Mode

        Intel VT-d revision 3.0 adds a “Scalable Mode” translation mode for enabling Scalable I/O virtualization and the patches have been in the works for supporting this within the Linux kernel.

        Intel open-source developer Ashok Raj has written a detailed block post covering this Intel virtualization enhancement for directed I/O and its benefit on performance and overcoming existing I/O virtualization shortcomings.

      • MoltenVK Updated Against Vulkan 1.1.85, New Features

        For developers interested in delivering cross-platform Vulkan games/applications and using MoltenVK for delivering macOS/iOS support, a new release is available that has a number of feature additions.

      • Intel Opens Up Their Mesa 3D Continuous Integration Test Data To All

        At XDC2018 in Spain this morning the talks were focused on testing of Mesa / continuous integration. During the talk by Mark Janes, the Intel open-source crew announced the public availability of all their CI data.

      • AMD Arcturus Might Be The Codename Succeeding Navi

        While it will be a ways from release, the codename to the successor of the AMD Radeon “Navi” GPUs might be Arcturus.

        Navi is the codename of the next-gen AMD GPUs due out in 2019 and is the nickname of the star Gamma Cassiopeiae. Current generation Vega also ties into the astronomical theme as it’s the brightest star in the Lyra constellation.. It was “Polaris” that kicked off this theme with the Radeon RX 480 series launch. Now it looks like the AMD Navi successor might be Arcturus. Arcturus is a large red star and the brightest of the constellation of Boötes.

      • HDCP 2.2 Support Updated For The Intel DRM Linux Driver

        This year Intel HDCP support was merged into the mainline Linux kernel for those wanting to utilize this copy protection system in combination with a supported Linux user-space application, which for now appears to be limited to Chrome OS. HDCP 2.2 support is the latest revision now being worked on for the open-source Intel Direct Rendering Manager driver.

      • VirtualBox DRM Driver Gets Patches To Go Atomic, Promote Out Of Staging

        We’ve known Red Hat was working on converting the VirtualBox “vboxvideo” DRM/KMS driver to using the atomic APIs for atomic mode-setting to replace the legacy APIs and now those patches are out there.

        Red Hat’s Hans de Goede sent out the 15 patches on Wednesday for wiring up the atomic mode-setting interfaces to replace the legacy APIs. Red Hat developers have been doing this as they were the ones pushing for getting the VirtualBox guest drivers into the mainline kernel itself with Oracle’s developers working on VirtualBox sadly lacking that initiative.

    • Benchmarks
      • macOS 10.14 Mojave vs. Ubuntu 18.04 LTS vs. Clear Linux Benchmarks

        With macOS Mojave having been released earlier this week, I’ve been benchmarking this latest Apple operating system release on a MacBook Pro compared to Ubuntu 18.04.1 LTS with the latest updates as well as Intel’s high-performance Clear Linux rolling-release operating systems to see how the performance compares.

        MacOS Mojave is more focused on delivering the new “dark mode” and various app improvements over a particular performance focus, but from our side it’s always interesting to see how Apple’s latest macOS releases compare to the performance of Linux distributions on Apple’s own hardware. For comparison, macOS 10.13.6 High Sierra was benchmarked alongside macOS 10.14.0 Mojave.

  • Applications
  • Desktop Environments/WMs
    • 5 cool tiling window managers

      The Linux desktop ecosystem offers multiple window managers (WMs). Some are developed as part of a desktop environment. Others are meant to be used as standalone application. This is the case of tiling WMs, which offer a more lightweight, customized environment. This article presents five such tiling WMs for you to try out.

    • K Desktop Environment/KDE SC/Qt
      • KDE Neon Now Based on Ubuntu 18.04 ‘Bionic Beaver’

        The wait is over: the KDE Ubuntu 18.04 release is finally here.

        Developers behind the KDE-centric Linux distro¹ have announced that they’ve successfully rebased KDE Neon on Ubuntu 18.04 LTS ‘Bionic Beaver’, which was released earlier this year.

        With the bump to Bionic KDE Neon users unlock access to newer packages, third-party tools, and hardware drivers. They also benefit from a more recent Linux kernel.

      • Monthly Munchen KDE Hackaton

        The idea is not to hack in complex applications for now, but to integrate wannabe KDE hackers into actually being KDE hackers, so I’ll focus on small tasks at first untill we have a solid base here the same way I did when I joined KDE and had those sessions with Sandro Andrade at the Universities Ruy Barbosa. Also, my german language skills are really weak, I’m also trying to learn some german here and I belive this is a good way to meet people.

      • Krita 4.1.3 Released

        Today we’re releasing the latest version of Krita! In the middle of our 2018 fundraiser campaign, we’ve found the time to prepare Krita 4.1.3. There are about a hundred fixes, so it’s a pretty important release and we urge everyone to update! Please join the 2018 fundraiser as well, so we can continue to fix bugs!

      • Interview on Linux Unplugged podcast

        A few days ago Jupiter Broadcasting’s Chris Fisher approached me about doing an interview for his Linux Unplugged podcast, so I said sure! I talked about the Usability & Productivity initiative, Kubuntu and KDE Neon, my history at Apple, and sustainable funding models for open-source development.

      • Elementary, My Dear Plasma

        We chat with Nate Graham who’s pushing to make Plasma the best desktop on the planet. We discuss his contributions to this effort, and others.

    • GNOME Desktop/GTK
      • Vince – A Stylish GTK Theme for Linux

        Vince is a beautiful modern GTK theme and it is compatible with all GTK3 and GTK2-based Desktop Environments including Xfce, Mate, Gnome, etc.

        It has 3 colour variants which are Materia, Materia-dark, and Materia-light and they all feature a minimalist UI with clean design elements and neat animation effects.

        It is based on the nana-4 Material Design theme (formerly Flat-Plat) which is based on GNOME’s Adwaita theme.

        This is not the first time a theme is what can be referred to as the 3rd-generation fork from another theme. Sometimes the “generation” count goes as high as 6. But this is open-source so more power to the developer.

  • Distributions
    • What’s New in BlankOn 11 Uluwatu

      Blankon 11 Uluwatu is the latest version of Blankon Linux Distribution. This release ships with a custom desktop environment based-on GNOME Shell 3.26.2 called manokwari, Powered by Linux kernel 4.14 series and based-on Debian SID. Blankon installer was improved, developed using HTML5 technology, java and vala. it now support for UEFI partition.

      Includes a new LibreOffice version 6.0.1.1 for default office suite. Firefox Quantum 58 as default browser, GIMP 2.8.20, Inkscape 0.92, Audacious 3.9, Corebird for default twitter app, VLC media Player 3.0, and GNOME apps 3.26.

    • Reviews
      • What’s New in Bodhi Linux 5.0

        Bodhi Linux 5.0 the latest release of Bodhi Linux has been released by Jeff Hoogland. This release ships with a latest Moksha Desktop 0.3, Powered by Linux kernel 4.15 series and Based on Canonical’s long-term supported Ubuntu 18.04 LTS (Bionic Beaver).

        Bodhi Linux 5.0 promises to offer users a rock-solid, Enlightenment-based Moksha Desktop experience, improvements to the networking stack, and a fresh new look based on the popular Arc GTK Dark theme but colorized in Bodhi Green colors. also comes with a new default wallpaper, new login, and boot splash screen themes, as well as an AppPack version for those who want to have a complete application suite installed by default on their new Bodhi Linux installations.

      • New MakuluLinux Deserves a Spot in the Majors

        Since LinDoz is now officially available for download, I will wrap up with a focus on what makes MakuluLinux LinDoz a compelling computing option. I no doubt will follow the Flash and the Core edition releases when those two distros are available in final form.

        One of the more compelling attributes that LinDoz offers is its beautiful form. It is appealing to see. Its themes and wallpapers are stunning.

        For the first time, you will be able to install the new LinDoz once and forget about it. LinDoz is now a semi-rolling release. It receives patches directly from Debian Testing and MakuluLinux.

        Essential patches are pushed to the system as needed.

        Caution: The LinDoz ISO is not optimized for virtual machines. I tried it and was disappointed. It loads but is extremely slow and mostly nonresponsive. Hopefully, the developer will optimize the ISO swoon to provide an additional option for testing or using this distro.

        However, I burned the ISO to a DVD and had no issues with the performance in live session. I installed LinDoz to a hard drive with very satisfying results.

    • New Releases
      • SparkyLinux 5.5 “Nibiru” GameOver, Multimedia, and Rescue Editions Are Out Now

        Initially launched this summer on July 27, 2018, the SparkyLinux 5.5 “Nibiru” Rolling operating system series brought all the latest updates and security fixes from the Debian Testing repositories a.k.a. Debian GNU/Linux 10 “Buster,” and was available as MinimalGUI (Openbox), MinimalCLI, and LXQt editions.

        New ISOs were made available last week with even more recent updates from the Debian Testing repositories, and today the special editions were released too as SparkyLinux 5.5 GameOver, SparkyLinux 5.5 Multimedia, and SparkyLinux 5.5 Rescue, synced with the Debian Buster repositories as of September 24, 2018.

    • Gentoo Family
      • New copyright policy explained

        The policy aims to cover all copyright-related aspects, bringing Gentoo in line with the practices used in many other large open source projects. Most notably, it introduces a concept of Gentoo Certificate of Origin that requires all contributors to confirm that they are entitled to submit their contributions to Gentoo, and corrects the copyright attribution policy to be viable under more jurisdictions.

    • Red Hat Family
      • Indeni to Participate in Red Hat Ansible Automation Community

        Indeni, provider of the crowd-sourced network automation platform, today announced its sponsorship of AnsibleFest 2018 to showcase the collaboration between Indeni and Red Hat Ansible Automation around initiatives designed to benefit IT operations and help advance network automation solutions.

      • Red Hat debuts infrastructure migration

        Red Hat is introducing an offering to help provide an open pathway to digital transformation.

        Designed to help enterprises cut costs and speed innovation through cloud-native and container-based technologies, Red Hat infrastructure migration solution enables enterprises to break down closed technology silos centered on proprietary virtualisation.

      • Hybrid Cloud: As the industry matures, think big, start small, scale fast

        The number one complaint we hear from customers is their struggle to run tomorrow’s workloads on yesterday’s infrastructure. With a lot of new technologies coming to the forefront—containers, microservices, and so on—modern workloads are significantly different than even three or four years ago. They’re now distributed across multiple footprints, and organizations are struggling to keep pace.

      • Orange Spain taps Red Hat for new ‘X by Orange’ B2B unit

        Open source software provider Red Hat announced that it’s been selected as a core technology partner by ‘X By Orange’, the new subsidiary of Orange Spain focused on business-to-business (B2B) digital services. Launched earlier this month, X by Orange is building a greenfield, cloud-native platform, enabling the service provider to embrace DevOps and agile development and more rapidly create and deliver digital services to business customers.

      • Is X by Orange Showing Us the OTT Future for Telcos?
      • X By Orange selects Red Hat as technology partner
      • X by Orange takes cloud-native approach to serving business customers

        Orange Spain subsidiary X by Orange is embracing a cloud-native platform to deliver digital services to its business customers.

        X by Orange is notable because it eschews traditional network infrastructure and legacy hardware by instead creating a separate platform that is software-based. Using Red Hat’s OpenShift Container Platform, along with its consulting team, X by Orange is able to put services in a public cloud by using the greenfield, cloud-native platform.

      • Orange Launches ‘X By Orange’ Venture with Red Hat’s ‘Cloud-Native’ Tech

        Red Hat, Inc. (NYSE: RHT), the world’s leading provider of open source solutions, today announced that X By Orange, a subsidiary of Orange Spain focused on business-to-business (B2B) digital services, selected Red Hat as a core technology partner to help create its software-defined strategy with Red Hat OpenShift Container Platform in collaboration with Red Hat Consulting. With the industry’s most comprehensive enterprise Kubernetes platform, X by Orange is building a greenfield, cloud-native platform, enabling the service provider to embrace DevOps and agile development and more rapidly create and deliver digital services to business customers.

      • Red Hat OpenShift Helps Make X by Orange’s Hardware-Free Vision of Business Communications Services a Reality
      • Source versus binary S2I workflows with Red Hat OpenShift Application Runtimes

        Red Hat OpenShift supports two workflows for building container images for applications: the source and the binary workflows. The binary workflow is the primary focus of the Red Hat OpenShift Application Runtimes and Red Hat Fuse product documentation and training, while the source workflow is the focus of most of the Red Hat OpenShift Container Platform product documentation and training. All of the standard OpenShift Quick Application Templates are based on the source workflow.

        A developer might ask, “Can I use both workflows on the same project?” or, “Is there a reason to prefer one workflow over the other?” As a member of the team that developed Red Hat certification training for OpenShift and Red Hat Fuse, I had these questions myself and I hope that this article helps you find your own answers to these questions.

      • Aging like milk, not wine: The realities of container security

        In many ways, age brings refinement. Wine, cheese, and, in some cases, people, all improve as they grow older. But in the world of enterprise IT, age has a different connotation. Aged systems and software, can bring irrelevance and technical debt and, at worst, increased security risks. With the rise of Linux containers as a functional underpinning to the digitally-transforming enterprise, the ill effects of technological age are front and center.

        To think of it more simply: Containers age like milk, not like wine. Think of it in terms of food: Milk is a key component in cooking, from baking to sauces. If the milk sours or goes bad, so to does the recipe. The same things happens to containers, especially as they are being looked to as key components for production systems. A stale or “soured” container could ruin an otherwise promising deployment.

      • Sticking with HEAD on OpenShift with Image Streams

        Many modern developers have learned that ‘sticking with HEAD’ (the most recent stable release) can be the best way to keep their application more secure. In this new ‘devops’ world there’s a fine line between using the latest and greatest, and breaking changes introduced by an upgrade. In this post we’ll explore some configuration options in Red Hat OpenShift which can make keeping up with the latest release easier, while reducing the impact of breaking changes. For more information on image streams I encourage you to read the source-to-image FAQ by Maciej Szulik.

        [...]

        Using scheduled source-to-image base image streams, along with a build configuration which disables ImageChange triggers, we can strike a nice balance between “sticking with head”, and avoiding breaking changes. Consider updating the pre-installed image streams in the ‘openshift’ project to allow your developers get the latest security updates in language runtimes and build tools.

        While I used CentOS images for demonstration purposes in this post, I’d recommend using RHEL images for your production applications. The Red Hat Container Catalogue contains regularly updated and certified container images, fully supported by Red Hat.

      • Security Technologies: FORTIFY_SOURCE

        FORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all applications and libraries in an operating system. The concept is basically universal meaning it can be applied to any operating system, but there are glibc specific patches available in gcc-4 onwards. In gcc, FORTIFY_SOURCE normally works by replacing some string and memory functions with their *_chk counterparts (builtins). These functions do the necessary calculations to determine an overflow. If an overflow is found, the program is aborted; otherwise control is passed to the corresponding string or memory operation functions. Again all this is normally done in assembly so the overhead is really minimal.

      • Empowered, inspired and energized at the Grace Hopper Celebration of Women in Computing

        Six years ago, when Red Hat sponsored the Grace Hopper Celebration of Women in Computing (GHC) event for the first time, we had a small presence. There were just five Red Hatters in attendance! Being new to the event, few people knew who we were, and they were even less were familiar with open source. It was an exciting time to join this event, because across the industry, the topic of women in tech was beginning to gain momentum.

        Today the idea of diversity and inclusion isn’t a new topic, but it’s still a crucial one. The role that women play in tech and the importance of creating a strong pipeline of talent will be something the industry will need to continue to address.

      • Finance
      • Fedora
        • Fedora reawakens the hibernation debate

          Behavioral changes can make desktop users grumpy; that is doubly true for changes that arrive without notice and possibly risk data loss. Such a situation recently arose in the Fedora 29 development branch in the form of a new “suspend-then-hibernate” feature. This feature will almost certainly be turned off before Fedora 29 reaches an official release, but the discussion and finger-pointing it inspired reveal some significant differences of opinion about how this kind of change should be managed.

        • Fedora 29 Beta

          As is my habit, I upgraded my laptop at Beta time. dnf system-upgrade didn’t work for me because of some dependency issues. In the process of working through a dnf upgrade, I discovered that it was due to some odd homegrown Python RPMs I’d made and forgotten about, and gource, which was still FBTBS. After working those out, it was uneventful.

        • Fedora 29 Atomic and Cloud Test Day 2018-10-01
    • Debian Family
      • Debian Policy call for participation — September 2018

        Here’s a summary of some of the bugs against the Debian Policy Manual that are thought to be easy to resolve.

      • My Work on Debian LTS (September 2018)

        In September 2018, I did 10 hours of work on the Debian LTS project as a paid contributor. Thanks to all LTS sponsors for making this possible.

      • Derivatives
        • Canonical/Ubuntu
          • Canonical unveils the official Ubuntu Linux 18.10 ‘Cosmic Cuttlefish’ wallpaper

            Twice a year, a new version of Ubuntu is released — in April and October. We are currently in September, meaning a new release is just around the corner. As per normal naming guidelines (YY.MM), it will be version 18.10. In addition to a number, Canonical assigns a fun name too — based on an animal, alphabetically, preceded by a word that starts with the same letter. In this case, Ubuntu 18.04 is using the letter “C.” What is it called? Cosmic Cuttlefish.

            The name and version number is only part of the tradition, however, In addition, Canonical releases a special wallpaper based on the name. The animal is often a line drawing with the background using the classic Ubuntu magenta/orange gradient color. Today, on Twitter, Canonical unveils the official Cosmic Cuttlefish wallpaper.

          • Ubuntu 18.10 (Cosmic Cuttlefish) Beta released

            The Ubuntu team is pleased to announce the final beta release of the
            Ubuntu 18.10 Desktop, Server, and Cloud products.

            Codenamed “Cosmic Cuttlefish”, 18.10 continues Ubuntu’s proud tradition
            of integrating the latest and greatest open source technologies into a
            high-quality, easy-to-use Linux distribution. The team has been hard
            at work through this cycle, introducing new features and fixing bugs.

            This beta release includes images from not only the Ubuntu Desktop,
            Server, and Cloud products, but also the Kubuntu, Lubuntu, Ubuntu
            Budgie, UbuntuKylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu flavours.

            The beta images are known to be reasonably free of showstopper CD
            build or installer bugs, while representing a very recent snapshot of
            18.10 that should be representative of the features intended to ship
            with the final release expected on October 18th, 2018.

            Ubuntu, Ubuntu Server, Cloud Images:
            Cosmic Final Beta includes updated versions of most of our core set
            of packages, including a current 4.18 kernel, and much more.

          • Ubuntu 18.10 Beta Now Available For Testing The Cosmic Cuttlefish

            The Ubuntu 18.10 Beta was released today for the official desktop, server, and cloud products. As well, 18.10 betas are out today for Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu.

            It’s been a busy Ubuntu 18.10 cycle while for desktop users the most evident change is the new default theme for the GNOME Shell session. Ubuntu 18.10 brings many “under the hood” upgrades from the GCC 8 compiler, the big X.Org Server 1.20 release, the new Linux 4.18 kernel, and a lot of other package upgrades.

          • Ubuntu 18.10 Beta is Now Available to Download

            Developers, bug battlers, and enthusiastic fans alike are invited to download Ubuntu 18.10 beta to help test the release ahead of its stable release next month.

            This is the only beta build that Ubuntu or its community cohorts have released this cycle. The opt-in beta that flavors like Kubuntu and Ubuntu MATE usually make use of? Well, that was retired from the 18.10 release schedule.

            Anyway, keep reading for a condensed overview of the highlights of Ubuntu 18.10 beta, or scroll on down to the download section to acquire an ISO ripe for throwing on the nearest suitably-sized USB drive.

          • Flavours and Variants
            • Ubuntu MATE 18.10 Beta

              Ubuntu MATE 18.10 is a modest, yet strategic, upgrade over our 18.04 release. If you want bug fixes and improved hardware support then 18.10 is for you. For those who prefer staying on the LTS then everything in this 18.10 release is also important for the upcoming 18.04.2 release. Read on to learn more…

              We are preparing Ubuntu MATE 18.10 (Cosmic Cuttlefish) for distribution on October 18th, 2018 With this Beta pre-release, you can see what we are trying out in preparation for our next (stable) version.

            • Lubuntu Cosmic Cuttlefish Beta has been released!

              Thanks to all the hard work from our contributors, we are pleased to announce that the Lubuntu Cosmic Cuttlefish Beta (soon to be 18.10) has been released!

  • Devices/Embedded
Free Software/Open Source
  • Resource control at Facebook

    Facebook runs a lot of programs and it tries to pack as many as it can onto each machine. That means running close to—and sometimes beyond—the resource limits on any given machine. How the system reacts when, for example, memory is exhausted, makes a big difference in Facebook getting its work done. Tejun Heo came to 2018 Open Source Summit North America to describe the resource control work that has been done by the team he works on at Facebook.

    [...]

    It is difficult to tell whether a process is slow because of some inherent limitation in the program or whether it is waiting for some resource; the team realized it needed some visibility into that. Johannes Weiner has been working on the “pressure stall information” (PSI) metric for the last two years. It can help determine that “if I had more of this resource, I might have been able to run this percentage faster”. It looks at memory, I/O, and CPU resource usage for the system and for individual cgroups to derive information that helps in “determining what’s going on in the system”.

    PSI is used for allocating resources to cgroups, but is also used by oomd, which is the user-space OOM killer that has been developed by the team. Oomd looks at the PSI values to check the health of the system; if those values are too bad, it will remediate the problem before the kernel OOM killer gets involved.

    The configuration of oomd can be workload-dependent; if the web server is being slowed down more than 10%, that is a big problem, Heo said. On the other hand, if Chef or YUM are running 40% slower, “we don’t really care”. Oomd can act in the first case and not in the second because it provides a way to specify context-specific actions. There are still some priority inversions that can occur and oomd can also help ameliorate those.

  • Using Open Source Languages Effectively in the Enterprise

    Those who are enthusiastic about open source languages have been contributing to open source language projects and building versions of languages including Perl, JavaScript, Go, Tcl, Ruby and Python. There has been a massive shift in the adoption of open source languages and genesis of new ones in the last 20 years. Even large corporations such as Microsoft, Google and IBM contribute to open source projects that are hosted on GitHub, and Spotify, Dropbox and Reddit are among the big names that use Python.

  • Enterprise Search Has an Open Source Secret

    A different model emerged in the ’80s: open source software. From the start, the idea was to create software that anyone could download and use for free. On top of that, anyone could modify and use the source code and submit modifications and bug fixes back to the original project. Over time, several different types of open source licenses evolved, and a number of software products we use every day were created.

    [...]

    In the early days of the web, a group known initially as the Apache Group, now the Apache Software Foundation, was developing the first free and open source web server. The organization has since expanded into many other projects. Because many of the projects are assigned names of animals — from Ant to Zookeeper — they are often collectively known as the “Apache Zoo” as I wrote back in 2015.

  • Bossies 2018: The Best of Open Source Software Awards

    Remember Snort? Or Asterisk? Or Jaspersoft or Zimbra? Heck, you might still be using them. All of these open source champions—InfoWorld Best of Open Source Software Award winners 10 years ago—are still going strong. And why not? They’re still perfectly useful.

  • InfoWorld Recognizes Open Source Software Technologies Driving Business Innovation
  • The 2018 InfoQ Editors’ Recommended Reading List: Part One
  • Sysdig Falco, sysdig, and Sysdig Inspect Win InfoWorld Best of Open Source Software Awards
  • Can your organisation benefit from embracing the open source way?

    A recent Forbes article indicates that corporate engagement with open source communities has grown to become a strategic imperative over the past couple of decades. An increasing number of companies are paying their employees to contribute to such communities. This is one manifestation of a broader growing trend toward closer collaboration between companies and open source communities. Well-recognised companies such as Google, Uber, Facebook, and Twitter have open sourced their projects and encouraged their employees to contribute to open source communities. Among software developers who contribute to such communities, estimates suggest that up to 40% of them are paid by their company to do so. Some companies see this as an opportunity to enhance their employees’ skills while others aim to influence open source product development to support their own complementary products and services. Regardless of the motives, managers should consider the impact of such arrangements on the employees involved.

  • Surge Synth Set Free

    Vember Audio tells us that, as of 21th September 2018, Surge stopped being a commerical product and became an open-source project released under the GNU GPL v3 license. They say that, for the existing users, this will allow the community to make sure that it remains compatible as plug-in standards and Operating Systems evolve and, for everyone else, it is an exiting new free synth to use, hack, port, improve or do whatever you want with.

  • Vember Audio’s Surge synth plugin is now free and open-source

    Reviewing Vember Audio’s Surge synth over a decade ago, we said: “This is a big, beautiful-sounding instrument. It’s not cheap, but few plugins of this quality are.” Well, the sound hasn’t changed, but the price has; in fact, Surge has just been made free and open-source.

    Thanks to its wavetable oscillators and FM-style algorithms, Surge is capable of creating some pretty sparkling sounds, but it also has analogue-style functions that make it suitable for producing vintage keyboard tones.

    Vember Audio says that it’s been set free so that it can continue to be developed by the community and remain compatible with current standards and operating systems.

  • Pulsar graduates to being an Apache top-level project

    In Montreal at ApacheCon, the Apache Software Foundation (ASF) announced that Pulsar had graduated to being an Apache top-level project. This pub-sub messaging system boasts a flexible messaging model and an intuitive client application programming interface (API).

    Pulsar is a highly scalable, low-latency messaging platform running on commodity hardware. It provides simple pub-sub and queue semantics over topics, lightweight compute framework, automatic cursor management for subscribers, and cross-datacenter replication. It was designed from day one to address gaps in other open-source messaging systems.

  • Webhint Open Source Linting Tool

    The webhint project provides an open source linting tool to check for issues with accessibility, performance, and security. The creation of websites and web apps has an increasing number of details to perfect, and webhint strives to help developers remember these details.

    webhint is available as either a CLI tool or as an online scanner. The quickest way to get started with webhint is with the online scanner, which requires a public facing URL to run a report and get insights about an application.

  • Mobile app testing tools embrace automation, open source

    Sauce Labs Inc., based in San Francisco, provides automated mobile app testing tools. The company this week announced support for Google Android and Apple iOS native test automation frameworks such as XcuiTest and Espresso. In this Q&A, Steven Hazel, co-founder and CTO of Sauce Labs, discusses best practices and trends around mobile app testing tools.

  • Events
    • KDAB demos at Qt World Summit, Boston

      KDAB is the main sponsor at Qt World Summit Boston and in addition to the Introductory and Advanced one day training courses on Day 1, two talks on Day 2: Creating compelling blended 2D/3D applications – a solution for artists and developers, and KDAB’s Opensource Tools for Qt.

    • 2018 Linux Security Summit North America: Wrapup

      The 2018 Linux Security Summit North America (LSS-NA) was held last month in Vancouver, BC.

      [...]

      Once again, as is typical, the conference was focused around development, somewhat uniquely in the world of security conferences. It’s interesting to see more attention seemingly being paid to the lower parts of the stack: secure booting, firmware, and hardware roots of trust, as well as the continued efforts in hardening the kernel.

  • Web Browsers
    • Chrome
      • Product updates based on your feedback

        We recently made a change to simplify the way Chrome handles sign-in. Now, when you sign into any Google website, you’re also signed into Chrome with the same account. You’ll see your Google Account picture right in the Chrome UI, so you can easily see your sign-in status. When you sign out, either directly from Chrome or from any Google website, you’re completely signed out of your Google Account.

      • Chrome 70 Will Make Browser Sign-In Optional After Privacy Concerns

        Following a major backlash due to questionable privacy settings in Google Chrome 69, Google today announced that it will make the new features optional in the upcoming Chrome 70 release.

        In the blog post, Google said the Chrome 70, which is scheduled for mid-October release, would add sign-in controls in the “Privacy and Security” settings. This will allow users to delink the mandatory web-based sign-in with the browser sign-in. In simple words, users will now have a choice to avoid logging-in into the Chrome browser while logging-in into Google websites like Gmail, YouTube, etc.

    • Mozilla
      • 25,000 Americans Urge Venmo to Update Its Privacy Settings

        Earlier this week, Mozilla visited Venmo’s headquarters in New York City and delivered a petition signed by more than 25,000 Americans. The petition urges the payment app to put users’ privacy first and make Venmo transactions private by default.

        Also this week: A new poll from Mozilla and Ipsos reveals that 77% of respondents believe payment apps should not make transaction details public by default. (More on our poll results below.)

        Millions of Venmo users’ spending habits are available for anyone to see. That’s because Venmo transactions are currently public by default — unless users manually update their settings, anyone, anywhere can see whom they’re sending money to, and why.

        Mozilla’s petition urges Venmo to change these settings. By making privacy the default, Venmo can better protect its seven million users — and send a powerful message about the importance of privacy. But so far, Venmo hasn’t formally responded to our petition and to the 25,000 Americans who signed their names.

      • Mozilla Firefox Account Gets A New Recovery Key Option For Forgotten Passwords

        The Mozilla team has announced a new recovery key option for Firefox accounts that can be used to access Firefox data if users forget their passwords.

        Starting today, users will be able to generate a one-time recovery key associated with their account. Once the key is used to access the account, it becomes invalid, and the user needs to create another one.

        [...]

        Sync encrypts the user’s browser data on a local computer by using Firefox account password. It then sends this encrypted data to Mozilla’s servers for storage making sure that no one can access it without the user’s password (which acts as a decryption key here).

      • WebRender newsletter #23

        Bonjour everyone! Here comes the twenty third installment of WebRender’s very best newsletter. This time I’m trying something a bit different. Instead of going through each pull request and bugzilla entry that landed since the last post, I’m only sourcing information from the team’s weekly meeting. As a result only the most important items make it to the list and not all items have links to their bug or pull request. Doing this allows me to spend considerably less time preparing the newsletter and will hopefully help with publishing it more often.

        Last time I mentioned WebRender being enabled on nightly by default for a small subset of the users, focusing on nVidia desktop GPUs on Windows 10. I’m happy to report that we didn’t set our nightly user population on fire and that WebRender is still enabled in these configurations (as expected, sure, but with a project as large and ambitious as WebRender it isn’t something that could be taken for granted). The choice of this particular configuration of hardware and driver led to a lot of speculation online, so I just want clarify a few things. We did not strike any deal with nVidia. nVidia didn’t send engineers to help us get WebRender to work on their hardware first. No politics, I promise. We learnt from past mistakes and chose to target a small population of Firefox users at first specifically because it is small. Each combination of OS/Vendor/driver exposes its own set of bugs and a progressive and targeted rollout means we’ll be better equipped to react in a timely manner to incoming bugs than we have been with past projects.
        Worry not, the end game is for WebRender to be Firefox’s rendering engine for everyone. Until then, are welcome to enable WebRender manually if your OS, hardware or driver isn’t in the initial target.

  • Oracle/Java/LibreOffice
    • LibreOffice 6.1.2 Open-Source Office Suite Lands with 70 Bug Fixes, Download Now

      Coming only two weeks after the release of the first maintenance update, LibreOffice 6.1.1, the LibreOffice 6.1.2 point release is here to address 70 bugs discovered by the development team or reported by users across several components of the office suite. The release was made during the LibreOffice Conference 2018 that takes place these days in Tirana, Albania, and the full changelog is available here.

      “The Document Foundation announces LibreOffice 6.1.2, the second minor release of the LibreOffice 6.1 family, targeted at early adopters, technology enthusiasts, and power users,” said Italo Vignoli in today’s announcement. “The new release was launched during the LibreOffice Conference 2018, in Tirana, the capital city of Albania. LibreOffice 6.1.2 provides around 70 bug and regression fixes over the previous version.”

  • Pseudo-Open Source (Openwashing)
  • FSF/FSFE/GNU/SFLC
    • Happy Birthday, GNU: Why I still love GNU 35 years later

      GNU was publicly announced on September 27, 1983, and today has a strong following.

      GNU is…

      an operating system
      an extensive collection of computer software
      free software
      licensed under the GNU Project’s own General Public License (GPL)

    • Google is 20, GNU is 35; Why No GNUgle?

      This week 20 years ago Google was born in a garage, so fitting in with the Silicon Valley creation story; 35 years ago the GNU open source project was announced. Two great, but very different, events. Time to look back and ask why?

      The GNU movement was started to create an open source version of Unix. At the time its rationale seemed obvious and desirable. In the academic world there was a real problem in, for example, teaching operating systems. Windows was closed and proprietary and Unix was just going through some copyright upheavals that made it a risky choice for teaching. The only real alternative was Minix, which also had copyright problems.

      The GNU movement would give academics what they wanted – software they could use without worrying about commercial concerns. The GNU project was, and is, a great success – even if it didn’t, and still hasn’t, delivered an open source version of Unix; that was achieved by Linus Torvalds and his Linux project. The GNU project did, however, deliver the GCC – GNU Compiler Collection – and many other tools that were needed to create Linux and are still needed today to make use of Linux. It is why the GNU people still insist that we call Linux “GNU Linux”.

    • GNU Shepherd 0.5.0 releases

      GNU Shepherd, formerly known as GNU dmd, is a service manager written in Guile and looks after the herd of system services. It provides a replacement for the service-managing capabilities of SysV-init (or any other init) with both a powerful and beautiful dependency-based system and a convenient interface.

  • Licensing/Legal
    • Linux code contributions cannot be rescinded: Stallman

      Linux developers who contribute code to the kernel cannot rescind those contributions, according to the software programmer who devised the GNU General Public Licence version 2.0, the licence under which the kernel is released.

      Richard Stallman, the head of the Free Software Foundation and founder of the GNU Project, told iTWire in response to queries that contributors to a GPLv2-covered program could not ask for their code to be removed.

      “That’s because they are bound by the GPLv2 themselves. I checked this with a lawyer,” said Stallman, who started the free software movement in 1984.

      There have been claims made by many people, including journalists, that if any kernel developers are penalised under the new code of conduct for the kernel project — which was put in place when Linux creator Linus Torvalds decided to take a break to fix his behavioural issues — then they would ask for their code to be removed from the kernel.

    • Can You “Take Back” Open Source Code?

      It seems a simple enough concept for anyone who’s spent some time hacking on open source code: once you release something as open source, it’s open for good. Sure the developer might decide that future versions of the project close up the source, it’s been known to happen occasionally, but what’s already out there publicly can never be recalled. The Internet doesn’t have a “Delete” button, and once you’ve published your source code and let potentially millions of people download it, there’s no putting the Genie back in the bottle.

      But what happens if there are extenuating circumstances? What if the project turns into something you no longer want to be a part of? Perhaps you submitted your code to a project with a specific understanding of how it was to be used, and then the rules changed. Or maybe you’ve been personally banned from a project, and yet the maintainers of said project have no problem letting your sizable code contributions stick around even after you’ve been kicked to the curb?

  • Openness/Sharing/Collaboration
    • An interview with Robert Fink, Architect of Foundry, Palantir’s open data platform Part Two: Open Source and Open Approaches

      Open data formats and open-source libraries are the lingua franca of open platforms. Take Hadoop as an example: developed as an open-source alternative to Google’s proprietary MapReduce and GFS systems (thankfully Google published research papers describing them in much detail), the Hadoop ecosystem today covers effectively 100% of the “big data” market in terms of data storage systems like HDFS and S3, data formats like Parquet, and compute systems like Apache Spark. The relationship between HDFS and S3 makes for an interesting case study: both are distributed storage systems, one available at no cost for on-prem deployments and the other available as a paid service from Amazon. Critically, both implement the same Hadoop FileSystem API and are thus interchangeable as far as downstream applications like Spark are concerned. Really a perfect example of the open platform idea! Foundry directly inherits this flexibility: we are happy to work with and write data to HDFS and in S3 interchangeably.

  • Programming/Development
    • Java 11 Is Now Available With New Features: Download JDK 11 Here

      When Oracle released Java 10 earlier this year in March, it marked the beginning of a new era with Java development moving to a new six-month cycle. With the recent release of Java 11, we’ve now dived deeper.

      It’s worth noting that Java Development Kit (JDK) 11 is the first version to be shipped as the Long Term Release Support of Java SE platform. This means that Java 11 will be supported for another eight years by Oracle and the users will be able to enjoy fixes and updates.

    • Oracle pours a mug o’ Java 11 for its addicts, tips pot of Binary Code License down the sink

      Oracle on Tuesday delivered Java 11, in keeping with the six-month release cadence adopted a year ago with Java 9. It is the first “Long Term Support” (LTS) release, intended for Java users who prioritize stability over Zuckerbergian fast movement and breakage.

      Oracle said it will offer commercial support for Java 11 for at least eight more years. The next LTS release, Java 17, is planned for September 2021, assuming civilization is still functioning at that point.

      After January 2019, Oracle will no longer provide free updates to Java 8, which means shifting to a supported version of Java, relying on OS vendors to provide Java patches, paying a third-party for support, building the OpenJDK on your own, or getting builds from AdoptOpenJDK.

    • What containers can teach us about DevOps

      One can argue that containers and DevOps were made for one another. Certainly, the container ecosystem benefits from the skyrocketing popularity of DevOps practices, both in design choices and in DevOps’ use by teams developing container technologies. Because of this parallel evolution, the use of containers in production can teach teams the fundamentals of DevOps and its three pillars: The Three Ways.

    • How naming of variables works in Perl 6

      In the first four articles in this series comparing Perl 5 to Perl 6, we looked into some of the issues you might encounter when migrating code, how garbage collection works, why containers replaced references, and using (subroutine) signatures in Perl 6 and how these things differ from Perl 5.

    • Programming a game on the ZX81

      This took me back as it was my first ever computer and I had no games so I had to program it. I would recommend that David buys a RAMPACK.

    • binb 0.0.2: Now with presento

      As tweeted three days ago, our still-new binb package with crisper Beamer themes for RMarkdown now contains presento. Versions 0.0.2 with this addition just arrived on CRAN.

Leftovers
  • Hardware
    • What comes after Moore’s Law?

      The literal meaning of Moore’s Law is that CMOS transistor densities double every 18 to 24 months. While not a statement about processor performance per se, in practice performance and density have tracked each other fairly well. Historically, additional transistors were mostly put in service of running at higher clock speeds. More recently, microprocessors have mostly gotten more cores instead.

      The practical effect has been that all the transistors delivered by process shrinks, together with design enhancements, meant that we could count on devices getting some combination of faster, cheaper, smaller, or more integrated, at an almost boringly predictable rate.

      At a macro level, we’d simply live in a very different world had the successors to Intel’s first microprocessor, the 4004 released in 1971, improved at a rate akin to automobile fuel efficiency rather than their constant doubling.

  • Health/Nutrition
    • Trump Administration Claims Preventing Young Immigrants from Accessing Abortion is Constitutional

      The Trump administration persists in banning access to abortion for young immigrants in government custody.

      We were in a Washington, D.C., appeals court on Wednesday facing off yet again with the Trump administration over its patently unconstitutional policy of obstructing young immigrant women from accessing abortion.

      Last September, a 17-year-old woman known as Jane Doe arrived in the United States and discovered she was pregnant. Even though she repeatedly made it clear that she wanted an abortion, had received a decision from a state court judge waiving Texas’s requirement that she first obtain parental consent, and had access to private funding, the government refused to allow her to leave the shelter where she was staying to attend any abortion-related appointments.

      We took the administration to court and won. Jane successfully obtained emergency relief from a Washington D.C. district court and was able to get her abortion. The government challenged that decision and it wound up before a three-judge panel of the Court of Appeals for the District of Columbia Circuit that included Judge Brett Kavanaugh, who issued a decision allowing the Trump administration to continue to block Jane’s access to abortion. Fortunately, his decision was later overturned by the full panel of the appeals court.

    • UN General Assembly Adopts High-Level Political Declaration On Noncommunicable Diseases

      At the start of the meeting, the General Assembly adopted the NCD political declaration by acclamation, with no member state objecting. The political declaration includes commitments to reduce NCD mortality by one-third by 2030, and to scale-up funding and multi-stakeholder responses to treat and prevent NCDs.

      María Fernanda Espinosa Garcés of Ecuador, the president of the UN General Assembly, then explained that the high-level meeting today will make a “comprehensive review on the overall theme of scaling up multi-stakeholder responses and prevention of NCDS.”

      “What we need now is political will,” she said, because “ambitious goals require far-reaching measures.”

    • Interview With The President Of Brazil’s Industrial Property Institute

      Luiz Otávio Pimentel is president of the National Institute of Industrial Property (INPI) of Brazil. In Geneva this week for the annual World Intellectual Property Organization General Assemblies he took time to sit down with Intellectual Property Watch’s William New. INPI is part of the Ministry of Industry, Foreign Trade and Services.

      On a breaking issue, Pimentel, speaking through a translator, talked about the case in Brazil involving sofosbuvir, marketed as Sovaldi, Gilead’s effective medicine against hepatitis C that has been known for its exorbitant prices.

    • Equitable Defenses to Legal Claims: Merck v. Gilead Sciences

      On appeal, the Federal Circuit affirmed in a decision that I originally noted had “a few substantial problems — most notably is the fact that unclean-hands traditionally only applies to block a party from seeking equitable relief (as opposed to legal relief).” In its new petition for writ of certiorari, the patentee here seeks to piggy-back on the recent laches decisions that limited laches to issues in equity.

      The pharma giant’s basic argument is that its unclean hands cannot bar the company from asserting its legal rights. As Dan Dobbs explains in his book on remedies: “If judges had the power to deny damages and other legal remedies because a plaintiff came into court with unclean hands, citizens would not have rights, only privileges.”

    • World Leaders Commit To End Tuberculosis At Historic United Nations Meeting

      World leaders and senior representatives came together today for the first-ever High-Level Meeting on the Fight to End Tuberculosis at United Nations headquarters in New York. At the meeting, heads of state adopted a political declaration with commitments to accelerate action and funding to end the tuberculosis epidemic by 2030.

  • Security
    • Critical Linux Kernel Flaw Gives Root Access to Attackers [Ed: Somewhat misleading headline as being an "attacker" isn't enough to pose a threat at all; one needs to already have privileged account on the system. Privilege escalation attacks rely on chaining of holes, where one flaw need to be severe enough for remote access unless you foolishly give accounts to your foes (clients you typically have personal details of, which is enough for deterrence).]

      Multiple Linux distributions including all current versions of Red Hat Enterprise Linux and CentOS contain a newly discovered bug that gives attackers a way to obtain full root access on vulnerable systems.

      The integer overflow flaw (CVE-2018-14634)exists in a critical Linux kernel function for memory management and allows attackers with unprivileged local access to a system to escalate their privileges. Researchers from security vendor Qualys discovered the issue and have developed a proof of concept exploit.

    • Google Project Zero to Linux distros: Your sluggish kernel patching puts users at risk [Ed: Well, at least Linux actually patches (works around) Intel's hardware defects. NSA and Microsoft sit on known BACK DOORS. Until the tools that exploit these leak out of the NSA, shutting down HOSPITALS!]

      Jann Horn, the Google Project Zero researcher who discovered the Meltdown and Spectre CPU flaws, has a few words for maintainers of Ubuntu and Debian: raise your game on merging kernel security fixes, you’re leaving users exposed for weeks.

    • Canonical’s Current Security Certifications

      Canonical has entered the security certifications space by achieving a few important security certifications for the first time on Ubuntu.

      Canonical has achieved FIPS 140-2 Level 1 certification for several cryptographic modules on Ubuntu 16.04. Canonical has also achieved Common Criteria EAL2 certification for Ubuntu 16.04. In addition, Defense Information System Agency (DISA) has published Ubuntu 16.04 Security Technical Implementation Guide (STIG) allowing Ubuntu for use by Federal agencies. Center for Internet Security (CIS) has also been publishing benchmarks for Ubuntu which hardens the configuration of Ubuntu systems to make them more secure.

      Canonical has made its security certification offerings available to all Ubuntu Advantage “Server Advanced” customers.

    • Security updates for Thursday
    • Evidence for the Security of PKCS #1 Digital Signatures

      I don’t think the protocol is “provably secure,” meaning that it cannot have any vulnerabilities. What this paper demonstrates is that there are no vulnerabilities under the model of the proof. And, more importantly, that PKCS #1 v1.5 is as secure as any of its successors like RSA-PSS and RSA Full-Domain.

    • Uber will pay $148 million for 2016 data breach coverup

      The money will be disbursed among all 50 US states as well as Washington, DC.

    • LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group

      UEFI rootkits are widely viewed as extremely dangerous tools for implementing cyberattacks, as they are hard to detect and able to survive security measures such as operating system reinstallation and even a hard disk replacement. Some UEFI rootkits have been presented as proofs of concept; some are known to be at the disposal of (at least some) governmental agencies. However, no UEFI rootkit has ever been detected in the wild – until we discovered a campaign by the Sednit APT group that successfully deployed a malicious UEFI module on a victim’s system.

    • 16-Year-Old Who Hacked Apple Servers Repeatedly Evades Prison

      A 16-year-old Australian teenager who repeatedly hacked Apple servers over a period of two years has evaded jail. He is set to serve a probation period of 8 months.

    • Apple’s Device Enrollment Program Has A Security Flaw; Allows Hackers To Steal Company Passwords

      Researchers have found a security flaw in Apple’s Device Enrollment Program (DEP) that can allow an attacker to gain complete access to a corporate or school network.

    • MDM Me Maybe: Device Enrollment Program Security

      The Device Enrollment Program (DEP) is a service provided by Apple for bootstrapping Mobile Device Management (MDM) enrollment of iOS, macOS, and tvOS devices. DEP hosts an internet-facing API at https://iprofiles.apple.com, which – among other things – is used by the cloudconfigurationd daemon on macOS systems to request DEP Activation Records and query whether a given device is registered in DEP.

      In our research, we found that in order to retrieve the DEP profile for an Apple device, the DEP service only requires the device serial number to be supplied to an undocumented DEP API. Additionally, we developed a method to instrument the cloudconfigurationd daemon to inject Apple device serial numbers of our choosing into the request sent to the DEP API. This allowed us to retrieve data specific to the device associated with the supplied serial number.

    • ARMv8.5-A Support Being Prepped To Battle Spectre-Style Vulnerabilities

      Earlier this month Arm began publishing details of the ARMv8.5-A instruction set update, which is expected to be officially documented and released by the end of Q1’2019, while the LLVM compiler stack has already received initial support for the interesting additions.

      Landing yesterday in LLVM Git/SVN is the new ARMv8.5-A target while hitting the tree today is the more interesting work.

    • Torii Botnet Targeting Poorly Secure IoT Devices [Ed: When all the devices have the exact same default password...]
    • DHS Awards GrammaTech $3.5M to Modernize Open-Source Software Analysis Tools
    • ‘Mutagen Astronomy’ Linux kernel vulnerability sighted [Ed: This is only privilege escalation on RHEL; not as severe as most bugs]
    • Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access

      A local-privilege escalation vulnerability in the Linux kernel affects all current versions of Red Hat Enterprise Linux and CentOS, even in their default/minimal installations. It would allow an attacker to obtain full administrator privileges over the targeted system, and from there potentially pivot to other areas of the network.

  • Defence/Aggression
    • “Boshirov” is probably not “Chepiga”. But he is also not “Boshirov”.

      The evidence mounts that Russia is not telling the truth about “Boshirov” and “Petrov”. If those were real identities, they would have been substantiated in depth by now. As we know of Yulia Skripal’s boyfriend, cat, cousin and grandmother, real depth on the lives and milieu of “Boshirov” and “Petrov” would be got out. It is plainly in the interests of Russia’s state and its oligarchy to establish that they truly exist, and concern for the privacy of individuals would be outweighed by that. The rights of the individual are not prioritised over the state interest in Russia.

      But equally the identification of “Boshirov” with “Colonel Chepiga” is a nonsense.

      The problem is with Bellingcat’s methodology. They did not start with any prior intelligence that “Chepiga” is “Boshirov”. They rather allegedly searched databases of GRU operatives of about the right age, then trawled photos in yearbooks of them until they found one that looked a bit like “Boshirov”. And guess what? It looks a bit like “Boshirov”. If you ignore the substantially different skull shape and nose.

      [...]

      Yet Higgins now claims his facial identification of Chepiga as Boshirov as “definitive” and “conclusive”, despite the absence of moles, scars and blemishes. Higgins stands exposed as a quite disgusting hypocrite. Let me go further. I do not believe that Higgins did not take the elementary step of running facial recognition technology over the photos, and I believe he is hiding the results from you. Is it not also astonishing that the mainstream media have not done this simple test?

      The bulk of the Bellingcat article is just trying to prove the reality of the existence of Chepiga. This is hard to evaluate, but as the evidence to link him to “Boshirov” is non-existent, is a different argument. Having set out to find a GRU officer of the same age who looks a bit like “Boshirov”, they trumpet repeatedly the fact that Chepiga is about the same age as evidence, in a crass display of circular argument.

  • Transparency/Investigative Reporting
  • Environment/Energy/Wildlife/Nature
    • “A Never-Ending Commitment”: The High Cost of Preserving Vulnerable Beaches

      As lawmakers consider disaster relief in the wake of Hurricane Florence, projects to rebuild North Carolina’s shrunken shorelines are likely to get a healthy chunk of government money.

      To their advocates, these so-called beach nourishment initiatives are crucial steps in buffering valuable oceanfront properties from storm damage and boosting local economies that rely on tourism.

      But such projects replenish the same vulnerable areas again and again, and disproportionately benefit wealthy owners of seaside lots.

      Moreover, pumping millions of cubic yards of sand onto beaches can cause environmental damage, according to decades of studies. It kills wildlife scooped up from the ocean floor and smothers mole crabs and other creatures where sand is dumped, said Robert Young, a geology professor at Western Carolina University.

  • Finance
    • ‘We Would Have Had the Most Dramatic Financial Reform You’d Ever Seen’

      When Donald Trump awarded himself top marks for his administration’s disaster response in Puerto Rico, media had little trouble looking askance, contrasting Trump’s assessment with empirical data and presenting him as, at least potentially, an unreliable narrator.

      That critical posture is not much in evidence, though, as Ben Bernanke, Timothy Geithner and Henry Paulson offer their assessment of the country’s financial crisis, the ten-year anniversary of which was marked this week. In an op-ed in the New York Times, the trio of economic decision-makers discuss how, though they “did not foresee the crisis,” they “moved aggressively to stop it,” and now we’re enjoying the effects: banks that are “financially stronger” and regulators “more attuned to system-wide risks.”

    • A “People’s Vote” on Brexit – be careful what you wish for

      When thinking about Brexit and Europe, we should remember the words of Hans Magnus Enzensberger: short term hopes are futile – long term resignation is suicidal.

      Over two years on from the vote, and now heading fast for the Brexit door, progressives are still in a mess when it comes to Europe and are in danger of turning a crisis into a terminal democratic and political catastrophe. How did we get here – and what do we need to consider before we make any future moves, in particular a second referendum?

    • Amazon’s Aggressive Anti-Union Tactics Revealed in Leaked 45-Minute Video

      Amazon, the country’s second-largest employer, has so far remained immune to any attempts by U.S. workers to form a union. With rumblings of employee organization at Whole Foods—which Amazon bought for $13.7 billion last year—a 45-minute union-busting training video produced by the company was sent to Team Leaders of the grocery chain last week, according to sources with knowledge of the store’s activities. Recordings of that video, obtained by Gizmodo, provide valuable insight into the company’s thinking and tactics.

  • AstroTurf/Lobbying/Politics
    • How Effective Is Your Representative?

      Hello, and welcome back to another edition of A User’s Guide to Democracy! If you’re new here, you can check out our previous pieces on what you need to know about political advertising and our round up of the deadlines, rules, and links you need to vote in this year’s midterms.

      Today, let’s talk about who you’re actually voting for in the midterm election: members of Congress. Made up of the House of Representatives and the Senate, Congress is tasked with making laws on our behalf. Since senators keep their jobs for six years at a time, a lot of places don’t have a Senate race this year. But no matter where you live, your congressional district is voting for a House representative in this election. So today I’m going to focus on how you can keep tabs on your representative.

      [...]

      One reason for the gridlock is that, these days, bills on big, national issues are written under the supervision of the Senate majority leader and the House speaker (currently Sen. Mitch McConnell and Rep. Paul Ryan). They receive guidance from only a small group of other congressional power brokers, rather than the rank-and-file lawmakers who used to contribute to the process.

  • Censorship/Free Speech
    • Online censorship is not as bad as claimed – it’s worse

      The open letter to US Attorney General Jeff Sessions from ITIF published in USA Today on 25 September exemplified the lie that permeates America and other parts of the West. The social media censorship debate is not about right versus left as portrayed in the letter but something else entirely.

      True conservatism and liberalism died long ago and no longer exist. Today, the real fight is between freedom of expression and global corporatism.

      The censorship that is taking place on platforms such as Google, Facebook and Twitter, is the silencing and de-platforming of news and opinion sources outside of the corporate media.

    • FOSTA Provides Another Tool For Silencing People You Dislike

      For many years, we’ve discussed all the different ways that putting liability on intermediaries and internet platforms leads to greater censorship. The liability alone creates strong incentive to shut down speech rather than risk the potential of lawsuits and huge payments. The most obvious example of this for years has been the DMCA process, where the takedown process is quite frequently used for censorship purposes. Indeed, there are many cases where people seem to assume that they can (and should) use the DMCA to take down any content they dislike, whether or not it has anything to do with copyright at all.

      This is a big part of the reason why we were so concerned with FOSTA. While the law is officially supposed to be about “sex trafficking” and “prostitution” the bill actually does absolutely nothing to help victims or go after actual traffickers. Instead, it pins massive liability (including criminal liability) on platforms if they’re used for trafficking or prostitution. Given that, it now becomes much easier to take down certain content or close certain accounts by merely suggesting that they are involved in trafficking or prostitution.

      Case in point: Engadget recently had a story talking about how PayPal (and to a lesser extent, Patreon) appeared to be cutting off the accounts of various ASMR YouTubers. Autonomous Sensory Meridian Response (ASMR) is a condition in which people who hear certain noises — often whispering or soft scratching — tend to experience a sort of “tingling” sensation. It’s been talked about for years, and a bunch of YouTubers have built up followings making ASMR recordings. Earlier this year, we wrote about China banning some ASMR videos as “pornography.” However, most ASMR videos are not sexual or pornographic in any way.

    • The Bullshit Rewriting Of History To Claim FOSTA Took Down Backpage

      I was afraid that this was going to happen. If you don’t recall, the official “reason” for why we needed FOSTA (originally SESTA) was that it was necessary to “take down Backpage.” In the original announcement about the bill by Senator Portman, his press release quoted 20 Senators, and 11 of them mentioned Backpage.com as the reason for the bill. Not one of them seemed to mention that Backpage had already shut down its adult section months earlier. And, over the months of debate concerning FOSTA/SESTA, we noted that there was nothing in the existing law preventing federal law enforcement officials from taking down Backpage if it were actually violating the law.

      And, indeed, before FOSTA was even signed into law, the DOJ seized the website and arrested its founders. Incredibly, even though Backpage was shut down before FOSTA was law, some of the bill’s backers tried to credit the bill with taking down the site. The worst was Rep. Mimi Rogers, who directly tried to take credit for FOSTA taking down Backpage (even though FOSTA wasn’t even signed into law at the time she took credit for it).

    • Ex-Google employee warns of ‘disturbing’ China plans

      A former Google employee has warned of the firm’s “disturbing” plans in China, in a letter to US lawmakers.

      Jack Poulson, who had been a senior researcher at the company until resigning in August, wrote that he was fearful of Google’s ambitions.

      His letter alleges Google’s work on a Chinese product – codenamed Dragonfly – would aid Beijing’s efforts to censor and monitor its citizens online.

      Google has said its work in China to date has been “exploratory”.

      Ben Gomes, Google’s head of search, told the BBC earlier this week: “Right now all we’ve done is some exploration, but since we don’t have any plans to launch something there’s nothing much I can say about it.”

  • Privacy/Surveillance
    • Facebook Tells Cops Its ‘Real Name’ Policy Applies To Law Enforcement Too

      If history is any indication, some words will be exchanged (in letter form) and then not much else will happen. Dave Maass notes the EFF brought the DEA’s use of fake profiles to the company’s attention four years ago. Some letter writing ensued then, but there’s nothing on the record indicating the DEA has ceased setting up fake profiles or that Facebook is proactively monitoring accounts for signs of fakery. Since neither side seems to be taking the fake profile issue seriously, fake accounts set up by law enforcement will continue to proliferate.

      On the plus side, law enforcement can no longer pretend it’s unaware setting up fake profiles violates the terms of service. The company’s “Information for Law Enforcement Authorities” has been updated to make it clear there’s no law enforcement exception to the Facebook rules. But it’s likely the use of fake profiles will continue unabated. After all, you can’t catch scofflaws without breaking a few policies, right?

    • You Gave Facebook Your Number For Security. They Used It For Ads.

      Add “a phone number I never gave Facebook for targeted advertising” to the list of deceptive and invasive ways Facebook makes money off your personal information. Contrary to user expectations and Facebook representatives’ own previous statements, the company has been using contact information that users explicitly provided for security purposes—or that users never provided at all—for targeted advertising.

      A group of academic researchers from Northeastern University and Princeton University, along with Gizmodo reporters, have used real-world tests to demonstrate how Facebook’s latest deceptive practice works. They found that Facebook harvests user phone numbers for targeted advertising in two disturbing ways: two-factor authentication (2FA) phone numbers, and “shadow” contact information.

    • Vermont’s New Data Privacy Law

      Data brokers intrude on the privacy of millions of people by harvesting and monetizing their personal information without their knowledge or consent. Worse, many data brokers fail to securely store this sensitive information, predictably leading to data breaches (like Equifax) that put millions of people at risk of identity theft, stalking, and other harms for years to come.

      Earlier this year, Vermont responded with a new law that begins the process of regulating data brokers. It demonstrates the many opportunities for state legislators to take the lead in protecting data privacy. It also shows why Congress must not enact a weak data privacy law that preempts stronger state data privacy laws.

    • WhatsApp Co-founder: I “Sold My Users’ Privacy” And Helped Facebook Betray Users

      A little backstory here — Brian Acton, the co-founder of Whatsapp, sold his company to Facebook for about $22 billion, back in 2014, and turned from a “poor guy” into a multi-billionaire.

      For those who don’t know, this is the same guy who was one of the first ones to support “#delete campaign” back in March, when the whole Cambridge Analytica Fiasco was at its peak.

    • Facebook’s former Messenger boss calls WhatsApp co-founder a ‘new standard of low-class’
    • Press release: UK intelligence agency admits unlawfully spying on Privacy International

      The UK’s domestic-facing intelligence agency, MI5, today admitted that it captured and read Privacy International’s private data as part of its Bulk Communications Data (BCD) and Bulk Personal Datasets (BPD) programmes, which hoover up massive amounts of the public’s data. In further startling legal disclosures, all three of the UK’s primary intelligence agencies – GCHQ, MI5, and MI6 – also admitted that they unlawfully gathered data about Privacy International or its staff.

  • Civil Rights/Policing
    • Study Buried For Four Years Shows Crime Lab DNA Testing Is Severely Flawed

      DNA is supposed to be the gold standard of evidence. Supposedly so distinct it would be impossible to convict the wrong person, yet DNA evidence has been given far more credit than it’s earned.

      Part of the problem is that it’s indecipherable to laypeople. That has allowed crime lab technicians to testify to a level of certainty that’s not backed by the data. Another, much larger problem is the testing itself. It searches for DNA matches in samples covered with unrelated DNA. Contamination is all but assured. In one stunning example of DNA testing’s flaws, European law enforcement spent years chasing a nonexistent serial killer whose DNA was scattered across several crime scenes before coming to the realization the DNA officers kept finding belonged to the person packaging the testing swabs used by investigators.

      The reputation of DNA testing remains mostly untainted, rose-tinted by the mental imagery of white-coated techs working in spotless labs to deliver justice, surrounded by all sorts of science stuff and high-powered computers. In reality, testing methods vary greatly from crime lab to crime lab, as do the standards for declaring a match. People lose their freedom thanks to inexact science and careless handling of samples. And it happens far more frequently than anyone involved in crime lab testing would like you to believe.

    • The Soc Jus Mob Eats Everything In Its Path — Including Its Own

      Welcome to “Shut-up-land,” where nothing about anything of substance can be said; where debate is no longer permitted.

    • The 7 Senators Who Will Decide Kavanaugh’s Fate

      Much of the news coverage about the Supreme Court nomination fight has focused on Christine Blasey Ford, Brett Kavanaugh, Senate Majority Leader Mitch McConnell…

    • “The Strategy Was to Try and Do Something Really Big”: Trump Wanted to Nuke Rosenstein to Save Kavanaugh’s Bacon

      For all the morning’s madness, there may have been an underlying logic. Over the weekend, as Brett Kavanaugh’s prospects appeared increasingly imperiled, Trump faced two tactical options, both of them fraught. One was to cut Kavanaugh loose. But he was also looking for ways to dramatically shift the news cycle away from his embattled Supreme Court nominee. According to a source briefed on Trump’s thinking, Trump decided that firing Rosenstein would knock Kavanaugh out of the news, potentially saving his nomination and Republicans’ chances for keeping the Senate. “The strategy was to try and do something really big,” the source said. The leak about Rosenstein’s resignation could have been the result, and it certainly had the desired effect of driving Kavanaugh out of the news for a few hours.

    • The Government Dropped the Ball on U.S. Torture Accountability. Citizens Picked It Up.

      A new report shows the North Carolina government’s complicity with the CIA torture program and urges a state investigation.

      Sheer stubbornness is required of us when our government violates the law and refuses to recognize it.

      Seeking justice for the U.S. torture program of the post-9/11 period has required a lot of stubbornness. In North Carolina, a 12-year quest has led to a new report, “Torture Flights: North Carolina’s Role in the CIA Rendition and Torture Program.”

      The report was released Thursday by the nongovernmental North Carolina Commission of Inquiry on Torture, a blue-ribbon panel of 10 commissioners established in 2017 after years of official inaction.

      It examines the part that our state played in the CIA rendition, detention, and interrogation (RDI) program. To write it, the commission gathered all available evidence, sought public records from North Carolina government agencies, and heard testimony from torture survivors, former government officials, and legal, medical, and human rights experts.

      After 9/11, the CIA created a global “gulag” of secret “black site” prisons where it systematically and secretly tortured. It also relied on foreign governments to torture prisoners.

    • FBI’s Latest Crime Stats Continue To Undermine AG Sessions’ Criminal Apocalypse Fantasies

      Crime rates continue to remain at historic lows. We’re safer than we’ve been since the mid-1960s. We should be celebrating this. Law enforcement should be celebrating this. But there’s no celebration. Certainly not at the federal level. Attorney General Jeff Sessions has made remarks at a number of law enforcement events in recent months. And they’ve all been loaded with doom, gloom, and questionable citations.

      [...]

      The messages AG Sessions delivers won’t change. As the head of the DOJ, he has something to sell. It isn’t justice, despite the name over the door. It’s prosecution, which is only part of the justice equation. All crime news is bad news, even as crime rates continue to decline. Welcome to America, where the crime rates are at historic lows but everyone thinks each successive year is the worst it’s ever been.

  • Right to Repair
    • A 17-year-old is leading Michigan’s Right to Repair movement

      The change prompted Raghavendran to branch out into politics and advocacy: he’s joined with Environment Michigan and US PIRG to advocate for a Right to Repair bill (previously) in Michigan. Raghavendran meets with state lawmakers and has circulated a petition and compiled personal stories about the need to protect independent repair.

      Repair services account for 4% of US GDP, and they create community jobs that let neighbors help each other get more use out of their own property, while diverting electronics from landfills.

    • This 17-Year-Old Has Become Michigan’s Leading Right to Repair Advocate

      When Surya Raghavendran dropped his iPhone, he learned to repair it himself. Now he wants to protect that right for everyone in his home state of Michigan.

  • Intellectual Monopolies
    • WIPO General Assemblies Mid-Week Notebook: Heating Up

      After two days of general statements, World Intellectual Property Organization delegates delved into more substantial subjects, and convened in small closed informal discussions to try to solve issues left open during the year. Among them is the composition of WIPO Coordination Committee and Program and Budget Committee, both WIPO governing bodies. Others include potential treaties on harmonising international applications by industrial designs creators, and on the protection of broadcasting organisations against signal theft.

    • Copyrights
      • Illuminati Kodi Repository Throws in the Towel After ACE Threats

        The Alliance for Creativity and Entertainment (ACE), the global anti-piracy coalition that counts the major Hollywood studios, Netflix, Amazon, and the BBC among its 30 members, has claimed yet another scalp. The Illuminati Kodi addon repository says that its entire team got hit with ACE letters yesterday so they have shut down with immediate effect.

      • Famous Protest Art Group In Bulgaria Paint Their Feelings About New EU Copyright Law On Gutenberg Statue

        The brave new path to a gatekeeper-manned, non-open internet the EU recently cut with its plainly atrocious new copyright directive was, were you to believe the general media coverage, cheered on by EU artists as a blow to Google and a boon to art because… well, nobody can actually explain that last part. And that’s likely because the proposed new legislation, Article 11 and Article 13, essentially forces internet platforms to play total copyright cops or be liable for infringement while gutting the fair use type allowances that had previously been in place. Much of the European legislation that existed on the national level, and which served as the basis for this continental legislation, has done absolutely zero to provide artists or journalists any additional income. Instead, it’s re-entrenched legacy gatekeepers and essentially created a legal prohibition on innovation. As the directive goes through its final stages for adoption by EU member states, the general coverage has repeated the line that artists and creators are cheering this on.

        But, despite the media coverage, it isn’t true that all of the artistic world is blind to exactly what was just done to the internet and the wider culture. Destructive Creation — a collection of artists most famous for taking a monument in Europe to Soviet soldiers and painting them all as western superheroes and cultural icons — has made its latest work an addition to a statue of Johannes Gutenberg.

      • Protest Song Of The Week: ‘John Brown’ By Marc Ribot Featuring Fay Victor

        Marc Ribot is a guitarist, who has released 25 albums that span more than 40 years. His work fuses genres from soul to punk to jazz to roots music.

        With his latest project, “Songs Of Resistance 1942-2018,” Ribot attempts to connect current resistance against President Donald Trump’s administration to musical traditions of protest.

        The album was released on September 14. It reworks songs popularized by the civil rights movement in the United States as well as songs of the anti-fascist resistance in Italy during World War II. Several original songs are featured as well.

      • Rimini v. Oracle

        The Supreme Court has granted a writ of certiorari in the copyright case Rimini Street Inc. v. Oracle USA Inc. following a Ninth Circuit decision in the case. See Oracle USA, Inc. v. Rimini St., Inc., 879 F.3d 948 (9th Cir. 2018). In the case, the district court sided with Oracle in its copyright suit against the DB service provider Rimini and awarded $50 million in damages, plus an additional $70 million in interest, costs, and fees. The Supreme Court case here focuses on the meaning of “full costs” as used in the Copyright Act: “In any civil action under this title, the court in its discretion may allow the recovery of full costs by or against any party. . . the court may also award a reasonable attorney’s fee to the prevailing party as part of the costs.” 17 U.S.C. § 505.

      • US Supreme Court takes on “full costs” copyright case

        The question in Rimini Street v Oracle is whether the Copyright Act’s allowance of “full costs” to a prevailing party is limited to taxable costs or also authorises non-taxable costs

      • ESPN Has Finally Realized This Whole Streaming Thing Has Legs

        ESPN has personified the cable and broadcast industry’s tone deafness to cord cutting and TV market evolution. Executives not only spent years downplaying the trend as something only poor people do, it sued companies that attempted to offer consumers greater flexibility in how video content was consumed. ESPN execs clearly believed cord cutting was little more than a fad that would simply stop once Millennials started procreating, and ignored surveys showing how 56% of consumers would ditch ESPN in a heartbeat if it meant saving the $8 per month subscribers pay for the channel.

        As the data began to indicate the cord cutting trend was very real, ESPN’s first impulse was often to try and shoot the messenger. Meanwhile, execs doubled down on bloated sports licensing deals and SportsCenter set redesigns, pretty clearly unaware that the entire TV landscape was shifting beneath their feet.

        By the time ESPN had lost 10 million viewers in just a few years, the company was busy pretending they saw cord cutting coming all the while. ESPN subsequently decided the only solution was to fire hundreds of longstanding sports journalists and support personnel, but not the executives like John Skipper (since resigned for other reasons) whose myopia made ESPN’s problems that much worse.

      • Paris tribunal guts Twitter’s T&Cs… including the copyright clause for user-generated content

        Have you ever found yourself clicking– ‘Yes I agree to these terms & conditions’, without actually reading them? Probably yes [everyone does it…even lawyers]. Did that include your registration with Twitter? If so, you may not have realized that you agreed to a licence allowing Twitter (and its partners) to use at will any of the copyright-protected content you created and uploaded on their site. But not to worry, the Paris Tribunal, in a 236-page-long decision, “righted wrongs” last month by going over Twitter’s terms and conditions with a [very] fine-tooth coomb (see for the decision in French language: Tribunal de Grande Instance, Décision du 07 août 2018, 1/4 social N° RG 14/07300). The tribunal’s review declared ‘null and void’ most of the clauses challenged by the claimant, including the contract’s copyright licensing provisions for user-generated content.

        Users are consumers, Twitter is not ‘free’

        The case was brought before the Paris Tribunal by the French Consumers’ Association– ‘Union Fédérale des Consommateurs – QUE CHOISIR’ (UFC), on behalf of the (claimed) collective interest of Twitter’s users. This type of legal action is the closest thing to a class action that exists in France. In this case, UFC’s eligibility to act on behalf of Twitter’s users relied on Article L 621 of the French Consumer Law Code, on the basis of which Twitter users were deemed consumers.

      • BitTorrent Traffic is Not Dead, It’s Making a Comeback

        File-sharing traffic, BitTorrent in particular, is making a comeback. New data from Sandvine, shared exclusively with TorrentFreak, reveals that BitTorrent is still a dominant source of upstream traffic worldwide. According to Sandvine, increased fragmentation in the legal streaming market may play a role in this resurgence.

      • Want the platforms to police bad speech and fake news? The copyright wars want a word with you.

        There are lots of calls for the platforms to police the bad speech on their platform — disinformation and fake news; hate speech and harassment, extremist content and so on — and while that would represent a major shift in how Big Tech relates to the materials generated and shared by its users, it’s not without precedent.

Links 27/9/2018: KDE Neon, Linux Security Patches, and GNU Shepherd 0.5.0

Thursday 27th of September 2018 04:36:45 AM

Contents GNU/Linux
  • Audiocasts/Shows
    • Episode 38 | This Week in Linux

      On this episode of This Week in Linux, we discuss the new Code of Conduct in the Linux kernel. Purism announces a new product offering with the Librem Key. We’ll also check out some distro releases from Solus, Quirky, and Escuelas Linux. Then we’ll cover some of the latest beta releases from elementary OS and Fedora. Later in the show, we’ll cover so great Linux Gaming sales going on this week. All that and much more!

  • Kernel Space
    • ​Linus Torvalds and Linux Code of Conduct: 7 myths debunked

      Since Linus Torvalds announced he was taking time off to work on his behavior in the Linux developer community and a new Linux kernel developer Code of Conduct (CoC) was introduced, there has been endless malarkey written about both moves.

    • Linux kernel’s ‘seat warmer’ drops 4.19-rc5 with – wow – little drama

      Speculation and debate still surround Linus Torvald’s decision to step back from Linux kernel development for a while, but the next kernel release candidate landed with far less sturm und drang.

      Greg Kroah-Hartman, anointed by Torvalds to keep things rolling while the Linux supremo takes a break and gets some help, dropped Linux 4.19-rc5 on Sunday evening.

      Describing his role as “keeping the seat warm for a few weeks”, Kroah-Hartman wrote: “As almost everyone knows, it’s been an ‘interesting’ week from a social point-of-view. But from the technical side, -rc5 looks totally normal.

      “The diffstat is a bit higher than previous -rc5′s, but the number of trees pulled is lower, so overall, pretty much all is on track.”

    • Linux programmers opposed to new Code of Conduct threaten to pull code from project

      Linux’s move from its Code of Conflicts to a new Code of Conduct has not been received well by many of its developers. Some have threatened to pull out their blocks of code important to the project to revolt against the change.

      This could have serious consequences because Linux is one of the most important pieces of open source software in the world. If threats are put into action, large parts of the internet would be left vulnerable to exploits. Applications that use Linux would be like an incomplete Jenga stack that could collapse any minute.

    • Linus Torvalds, the UNIX Wars and history repeating itself

      If Linus can make this change, and we see one less cyberattack because of it, then this is a positive change. If we see more people developing for Linux, this is a positive change. If we see more bugs reported in and fixed, this is also positive.

      More importantly, if Linus can make this change, so can others. We need to make this change so that we can focus our effort on addressing issues and building a better community, not starting Unix Wars II.

    • How Linux Logo “Tux” Came About

      Linux is a very popular topic among computer geeks, especially FOSS enthusiast. It is a kernel that manages the computer hardware at the lowest level. Many associates Linux as another popular Operating System like Microsoft Windows and OS X. It is invented by a Finnish computer science student Linus Torvalds on September 17, 1991 and around that time, there arose the need for creating a Linux logo in the year 1996.

    • WireGuard v6 Might Be Ready For The Mainline Kernel, ARM Changes Added

      The lead developer of the WireGuard in-kernel secure VPN tunnel, Jason Donenfeld, published his sixth round of patches on Tuesday for getting this important networking code and its related Zinc crypto code into the mainline kernel. It’s looking like the code might have baked enough for debut in the upcoming 4.20~5.0 kernel cycle.

    • Linux 4.18.10
    • Linux 4.14.72
    • Linux 4.9.129
    • Linux 4.4.158
    • Linux 3.18.123
    • What happens if you try to take your code out of Linux?

      A side-effect of Linus Torvalds taking leave from Linux to work on how he deals with people and the new Linux contributors’ Code of Conduct (CoC) was one person suggesting that programmers forced out of Linux could take their contributed code out of the operating system. Well, can they?

    • A cache invalidation bug in Linux memory management

      This blogpost describes a way to exploit a Linux kernel bug (CVE-2018-17182) that exists since kernel version 3.16. While the bug itself is in code that is reachable even from relatively strongly sandboxed contexts, this blogpost only describes a way to exploit it in environments that use Linux kernels that haven’t been configured for increased security (specifically, Ubuntu 18.04 with kernel linux-image-4.15.0-34-generic at version 4.15.0-34.37). This demonstrates how the kernel configuration can have a big impact on the difficulty of exploiting a kernel bug.

      The bug report and the exploit are filed in our issue tracker as issue 1664.

      Fixes for the issue are in the upstream stable releases 4.18.9, 4.14.71, 4.9.128, 4.4.157 and 3.16.58.

    • Support for a GNSS and GPS Subsystem

      Recently, there was a disagreement over whether a subsystem really addressed its core purpose or not. That’s an unusual debate to have. Generally developers know if they’re writing support for one feature or another.

      In this particular case, Johan Hovold posted patches to add a GNSS subsystem (Global Navigation Satellite System), used by GPS devices. His idea was that commercial GPS devices might use any input/output ports and protocols—serial, USB and whatnot—forcing user code to perform difficult probes in order to determine which hardware it was dealing with. Johan’s code would unify the user interface under a /dev/gnss0 file that would hide the various hardware differences.

      But, Pavel Machek didn’t like this at all. He said that there wasn’t any actual GNSS-specific code in Johan’s GNSS subsystem. There were a number of GPS devices that wouldn’t work with Johan’s code. And, Pavel felt that at best Johan’s patch was a general power management system for serial devices. He felt it should not use names (like “GNSS”) that then would be unavailable for a “real” GNSS subsystem that might be written in the future.

      However, in kernel development, “good enough” tends to trump “good but not implemented”. Johan acknowledged that his code didn’t support all GPS devices, but he said that many were proprietary devices using proprietary interfaces, and those companies could submit their own patches. Also, Johan had included two GPS drivers in his patch, indicating that even though his subsystem might not contain GNSS-specific code, it was still useful for its intended purpose—regularizing the GPS device interface.

    • Linux Foundation
      • Communications Service Providers Overwhelmingly Confident in Open Source Networking Solutions, Survey Finds

        The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the results of an industry survey to gauge industry perceptions of open source across networking technologies. Top takeaways from the survey indicate an increasing maturity of open source technology use from operators, ongoing innovation in areas such as DevOps and CI/CD, and a glimpse into emerging technologies in areas such as cloud native and more.

      • The Linux Foundation Brings Network Automation and Cloud Native Communities Together as Network Functions evolve to CNFs

        Open Networking Summit Europe — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced further collaboration between telecom and cloud industry leaders enabled by the Cloud Native Computing Foundation (CNCF) and LF Networking (LFN), fueling migrations of Virtual Network Function (VNFs) to Cloud-native Network Functions (CNFs).

      • LF Networking Unites End-to-End Open Network Stack, Simplifies Open Source Software Consumption

        Open Networking Summit Europe — LF Networking (LFN), which facilitates collaboration and operational excellence across open networking projects like ONAP and OPNFV, today announced continued ecosystem value chain disruption across its projects.

      • Linux Foundation helps blend automation and cloud-native communities

        The Linux Foundation announced a deeper collaboration between telecom and cloud industry leaders that should lead to better cloud-native use cases.

        The Linux Foundation’s LF Networking (LFN) is formally working with the Cloud Native Computing Foundation (CNCF) to improve the migration of virtual network function (VNFs) to cloud-native network functions (CNFs).

        ONAP, which is a part of LF Networking, and CNCF’s Kubernetes are coming together as operators start to look at how VNFs could evolve into CNFs running on Kubernetes.

      • Linux Plumbers Conference: Regular Registration Quota Reached

        Thank you all for the extremely strong interest in participation to the 2018 Linux Plumbers Conference this year.

        At this point, all of the regular registration slots for LPC 2018 have sold out.

      • Why didn’t Linux Foundation chief Zemlin pull Torvalds into line?

        Why didn’t Zemlin have a quiet word with Torvalds about his behaviour if it was that big an issue?

        In the first fortnight of September, when Zemlin got wind of the impending publication of a hit job on Torvalds, he must have got a serious jolt.

        Torvalds has been a milch cow for for the Linux Foundation all these years. He has been the drawcard for all the big corporations that have agreed to pay big money to be members of the Foundation.

        In effect, what they were paying for was access. Something that is more typical of the political world. For all these companies that benefitted from using Linux, what could be better than being able, now and then, to drop a few hints into the ear of the man who was heading development of the software?

    • Graphics Stack
      • ZINK: OpenGL Over Vulkan Comes As New Mesa Gallium3D Driver

        Collabora has been developing a new “Zink” Gallium3D driver for Mesa that gets OpenGL running over Vulkan.

        While Google has been working on OpenGL ES translations over Vulkan, VKGL for core OpenGL over Vulkan as a user-space translation library, and also GLOVE for OpenGL ES over Vulkan, there is a new option in development with Zink.

      • Vulkan Working On New Timeline Semaphores Feature

        You may have remembered when the XDC2018 agenda was published there was “Untitled Vulkan break-out kick-off. Topic still under NDA.” We now know what that was about.

        Jason Ekstrand of Intel’s open-source Vulkan driver team just wrapped up presenting at XDC2018 in Spain where the topic ended up being Vulkan Timeline Semaphores.

      • AMDGPU Driver Gets Patches Enabling Two More Interrupt Rings On Vega 10

        While AMD’s open-source Linux driver developers have been busy on bringing up Vega 20 support as well as Picasso APUs, they aren’t done yet optimizing their Vega 10 support.

        Published today were a set of 12 patches that enable two more IH rings for interrupt handling with the Vega 10 hardware. Up to now there’s just been the main interrupt ring programmed by the AMDGPU driver and these two other rings left uninitialized.

      • AMD Picasso APUs To Support VCN Dynamic Power Gating

        Earlier this month AMD sent out the initial Linux graphics driver patches for “Picasso” APUs and now a new patch series today sheds some light on a new capability for these new APUs reported to be similar to current Raven Ridge hardware.

        While the initial AMDGPU DRM driver Picasso code drop happened earlier this month — and it’s already been queued for Linux 4.20~5.0 along with initial Raven 2 support — as is usually the case, over weeks/months that follow are more of the new feature work for the driver gets ironed out beyond the initial hardware enablement.

    • Benchmarks
      • AMD EPYC On Ubuntu 18.10 Putting Up A Stronger Fight Against Xeon Gold

        With hitting the home stretch to Ubuntu 18.10, I’ve started with my usual benchmark process for checking out this next Ubuntu Linux release dubbed the Cosmic Cuttlefish. Yesterday were Ubuntu 18.10 benchmarks on seven desktop systems from Intel and AMD while next on my agenda has been checking out the server performance. Here’s the first of those server tests on Ubuntu 18.10 with some initial AMD EPYC and Intel Xeon Gold tests.

      • Initial Tests: Windows 10 vs. Ubuntu With NVIDIA GeForce GTX 1060 / GTX 1080 Ti / RTX 2080 Ti

        The latest in our GeForce RTX 2080 Ti Linux benchmarking is a look at how the NVIDIA Linux graphics driver performance on Ubuntu 18.04 is comparing to that of Microsoft Windows 10 when using these initial launch drivers. For additional perspective are also some basic Ubuntu vs. Windows NVIDIA tests on the GeForce GTX 1060 and GTX 1080 Ti.

        This article is intended to deliver some basic Windows 10 vs. Ubuntu Linux benchmarks for the new GeForce RTX 2080 Ti high-end Turing graphics card and then the mature GeForce GTX 1060 and GTX 1080 Ti graphics cards to see if there is any disparity in the support between generations and/or operating systems. Windows 10 Pro x64 was running on the Windows side with the newest 411.63 driver as of testing time.

  • Applications
  • Desktop Environments/WMs
    • K Desktop Environment/KDE SC/Qt
      • KDE Plasma 5.12.7 LTS Desktop Environment Released with 65 Changes, Update Now

        The KDE Plasma 5.12.7 point release comes three months after the KDE Plasma 5.12.6 maintenance update to improve the stability and reliability of the KDE Plasma 5.12 LTS desktop environment. Updated components include the Plasma Discover package manager, Plasma Desktop, Plasma Workspace, System Settings, KWin, KScreenlocker, KScreen, Plasma Addons, Info Center, and Breeze GTK theme.

        Highlights include better support for LibreOffice’s scrollbars in the Breeze GTK theme, update notification improvements in Plasma Discover, improved file indexer monitor in Info Center, support for scaling the appearance of the preview widget twice in KScreen, better keyboard navigation of Kicker search results, and the ability for KWin to avoid global static for effects.

      • KDE neon Rebased on Ubuntu 18.04 LTS “Bionic Beaver”

        KDE neon is a project to deliver KDE’s wonderful suite of software quickly. We use modern DevOps techniques to automatically build, QA and deploy our packages. We work directly with the KDE community rather than staying far away in a separate project.

        Our packages are built on the latest Ubuntu LTS edition and today we have moved to their new 18.04 release. This means our users can get newer drivers and third party packages. There is an upgrade process from the previous 16.04 LTS base which we have spent the last few months writing and running QA on to ensure it runs smoothly.

        We have three editions for different use cases. A user edition for those wanting to use the latest released KDE software updated daily but only released when it passes QA tests. And two developer editions built from unstable and beta Git branches without QA checks for those wanting to test or develop our forthcoming software.

        You can use our output via the .deb package archive, installable ISOs and Docker images. We also have work-in-progress Snap packages which we can put more development effort into now that we have rebased on 18.04.

      • KDE Neon Rebased To Ubuntu 18.04 LTS Now Official
      • KDE neon GNU/Linux Distribution Is Now Based on Ubuntu 18.04 LTS (Bionic Beaver)

        KDE neon project leader Jonathan Riddell announced today that the Linux-based operating system is now officially based on the latest Ubuntu 18.04 LTS (Bionic Beaver) operating system series.

        Built on top of an Ubuntu base and using the latest KDE technologies, the KDE neon operating system offers Linux users quick and trustworthy access to the most recent KDE Plasma desktop environment releases on their personal computers while being powered by up-to-date packages from latest Ubuntu releases.

        Using modern DevOps techniques to automatically build, test, and deploy its packages, KDE neon follows a rolling release model where the user installs once and receives updates forever. However, from time to time, the KDE neon developers rebased the entire OS on newer Ubuntu LTS releases, and now they are proud to announce that the latest KDE neon images are based on Ubuntu 18.04 LTS.

      • The State Of Wayland Support For KDE Plasma 5.14

        KDE developer Roman Gilg has shared the current state of Wayland support for the upcoming KDE Plasma 5.14 release as well as an outlook to improvements on the horizon.

        The latest code in the works (awaiting review) has support for drag and drop between native Wayland clients and XWayland clients. Pointer locking and confinement has been merged for Plasma 5.14. There are also input handling improvements and other work.

      • Announcing QtCon Brazil 2018

        We are happy to announce that the 2nd edition of the first Qt conference in America Latina (QtCon Brazil 2018) is gonna happen from 8th to 11th November, in São Paulo. The first edition of QtCon Brazil happened last year, also in São Paulo, and brought together 180 participants from universities, government institutions, and companies acting in the fields of IT services, simulation, medicine and biology, physics, embedded systems, mobile systems, and web services, just to mention a few. It was very revealing to see how much work has been built on top of Qt lately in Brazil. As a indirect result, the “Qt Brasil” telegram group — created during QtCon Brasil 2017 — has currently 320 participants, engaged in a number of daily discussions about all things related to Qt.

      • Bugs.kde.org improvements

        I’d like to share some welcome changes that we’ve recently made to https://bugs.kde.org, KDE’s venerable bug tracker. Improving our bug submission process was one of the ideas I submitted to KDE’s 2017 goal setting initiative, and while it wasn’t formally chosen the way the Usability & Productivity goal was, people seemed to think that it was worthwhile to do anyway. The overall task tracking this effort is https://phabricator.kde.org/T6832.

      • Cisco Confirms 88 Products Vulnerable to FragmentStack Bug, KDE neon Rebased on Ubuntu 18.04 LTS, GNOME 3.30.1 Released, Rust Announces Version 1.29.1 and Mozilla Launches Firefox Monitor

        The KDE neon team announces the rebase of its packages onto Ubuntu 18.04 LTS “Bionic Beaver” and encourages users to upgrade now. You also can download a clean installation from here.

      • Efficient custom shapes in Qt Quick

        QtQuick includes basic visual item to construct many common user-interface components, but people often ask how to create different visual appearances, beyond rectangles, round-rectangles and images. There’s various solutions to this problem, and with Qt 5.10, there’s the new Shapes module which makes it easy to define paths, ellipses and other standard SVG drawing elements.

      • KDE Bugsquad – Kickoff with Krita! – Part 2 on October 2nd, 2018

        Thank you everyone who participated in the first Bugsquad event! We saw the team page on Phabricator double in membership, and had seven people contribute triaging bugs. Thank you xyquadrat, emmet, spaliwal, eoinoneill, and jtamate! Many of them continued triaging past their assigned blocks, knocking out the majority of the bugs. Absolute rockstars!

      • A First Timer Review of KDE neon Operating System

        KDE neon is a stable OS that is pretty, useful, easy to learn and teach, integrated, but powerful when needed, with the latest KDE Software Compilation. Stable, as you can see it’s the official OS of the modern KDE Slimbook Laptop and as one of the basis of Plasma Mobile OS; while at the same time based on a stable Ubuntu LTS version. It’s also lightweight! Pretty, as you can see it uses Plasma desktop with all its benefits for you. Easy, as it’s consistent and modular, easily used while unchanged and powerful if you want customization. Integrated, as it connects to your phone in both ways to easily transfer files and control each other. Plus, its desktop integration is fun either for searching or running programs thanks to KDE features.

        It has a benefit Kubuntu doesn’t have: latest KDE without waiting the next release! It also has benefit over other distros with perhaps rolling KDE version: it’s based on Ubuntu, an easy OS you all are familiar with. What are you waiting for? If you love KDE or simply want to test it, KDE neon is the right OS for you. You can try it in LiveCD first or simply install once and use forever. Happy running!

    • GNOME Desktop/GTK
  • Distributions
    • Spanish Education Distribution Escuelas Linux is Now Available in English

      Escuelas Linux is an educational Linux Distribution based on Bodhi Linux. Escuelas (Escuela is Spanish for “School”) includes a host of educational software.

      It is used by more than 180,000 students and teachers in schools. So what makes Escuelas Linux a preferred choice for educational institutes? Well, apart from a vast selection of educational softwares, Escuelas Linux completely configured user accounts and thus it can be immediately used by a new user (student) without any configuration changes.

    • New Releases
      • Puppy Linux’s Sister Quirky Linux Is Now Binary Compatible with Ubuntu 18.04 LTS

        Being built using DEB packages from Ubuntu 18.04.1 LTS, Quirky Linux 8.7.1 codename “Quirky Beaver” is binary-compatible with the Ubuntu 18.04.1 LTS (Bionic Beaver) operating system and it’s available only for 64-bit (x86_64) hardware architectures. However, Quirky Linux 8.7.1 is quite similar to the Quirky Linux 8.6 “Xerus” series, but with upgraded components.

        “Quirky Linux 8.7.1 is the first in the “Beaver” series, binary-compatible with x86_64 Ubuntu 18.04.1 LTS, though built with woofQ and architecturally very different from Ubuntu,” Barry Kauler wrote in the release announcement. “Quirky is an experimental distribution, that forked from Puppy Linux a few years ago, and has followed a different path, exploring some new ideas.”

      • Linux Lite 4.2 Enters Beta Based on Ubuntu 18.04.1 LTS, Here’s What’s New

        Based on the Ubuntu 18.04.1 LTS (Bionic Beaver) operating system, Linux Lite 4.2 isn’t the major update everyone was waiting for, but a minor, incremental update that brings various small improvements to the Lite Welcome app, an updated Help Manual that will be available in the final release, as well as updated components.

        The Linux Lite 4.2 beta is powered by the Linux 4.15 kernel (Linux kernel 4.18 is also available) and ships with up-to-date apps including the Mozilla Firefox 62.0.2 “Quantum” web browser, Mozilla Thunderbird 52.9.1 email and news client, LibreOffice 6.0.6.2 office suite, VLC 3.0.3 media player, and GIMP 2.10.6 image editor.

    • Red Hat Family
      • Running Microsoft SQL Server on Red Hat OpenShift [Ed: Maybe Torvalds was right about Red Hat “deep-throating” (his words) Microsoft]
      • Connect to service value and pass the competition in the fast lane

        Red Hat provides essential technologies that enable automotive manufacturers to transform their infrastructures and strategically modernize operations. By harnessing open source innovation and architecting solutions that apply information technology and operational technology to solving enterprise challenges, Red Hat powers a new generation of flexible, interoperable manufacturing and supply chain systems.

        Ongoing technology advances are delivering the means to build intelligent communication into automobiles. Red Hat offers a path to achieving this vision by delivering technologies that help automotive manufacturers become more competitive and more efficient.

      • Using Red Hat Identity Management as a Domain Controller for systems in a DMZ

        The IdM server in the DMZ will play the role of the domain controller for Linux systems. To solve the problem of proxying Kerberos traffic make sure that the kdcproxy component is enabled on the IdM server that is inside the firewall. See corresponding documentation for more details.

        Linux systems in the DMZ will be connected to the IdM server by using ipa-client-install or realmd.

        The SSSD component will need to be configured on the clients. After the installation and enrollment the client systems would need to be reconfigured to start leveraging kdcproxy rather than a standard Kerberos protocol. For more details on how to achieve this see Configuring a Kerberos Client section in the System-Level Authentication Guide.

      • Finance
      • Fedora
        • Announcing the release of Fedora 29 Beta

          The Fedora Project is pleased to announce the immediate availability of Fedora 29 Beta, the next big step on our journey to the exciting Fedora 29 release.

          Download the prerelease from our Get Fedora site:

          Get Fedora 29 Beta Workstation
          Get Fedora 29 Beta Server
          Get Fedora 29 Beta Atomic
          Get Fedora 29 Beta Silverblue

          Or, check out one of our popular variants, including KDE Plasma, Xfce, and other desktop environments, as well as images for ARM devices like the Raspberry Pi 2 and 3…

        • Fedora Linux 29 beta rolls out
        • Fedora 29 Beta Released – Begin Trying Out Modularity, Silverblue & Other New Features

          The Fedora project has officially announced the beta release this morning of Fedora 29.

          There are a lot of new features for Fedora 29 from Fedora Silverblue to offering modules to all Fedora users, toolchain updates and other package upgrades, the GNOME Shell 3.30 desktop, and much more.

        • Fedora 29 Beta now available

          We’re pleased to announce that Fedora 29, the latest version of the Fedora operating system, is now available in beta. The Fedora Project is a global community that works together to help the advancement of free and open source software, culminating in the innovative Fedora operating system designed to answer end user needs across the computing spectrum. Delivered as three separate editions (Fedora Server, Fedora Atomic Host, and Fedora Workstation), each is designed to provide a free, Linux-based system tailored to meet specific use cases.

        • Fedora Project announces availability of Fedora 29 beta

          Note that RedHat seeks volunteers to report bugs and in many other aspects of working with this important and popular Linux distro — translating, testing, creating content, marketing, and more. See what they need at What’s your area of interest? page.

        • Fedora 29 Linux Enters Beta, Introduces SilverBlue for Container Workloads

          Fedora 29 also improves on the modularity of the Linux platform which first debuted in from Fedora 28, which was released on May 1. With modularity, Fedora enables system administrators to choose which version of software they want to run.

          In Fedora 28, modularity was limited to the server edition, while in Fedora 29, modularity has been extended to all editions of Fedora, which include “Spins” for different desktop editions including KDE, xFCE, LXDE, MATE and Cinammon desktops.

          The default desktop for the Fedora 29 Workstation edition is the GNOME 3.30 desktop environment, which was first released on Sept. 6. GNOME 3.30, codenamed “Almeria” benefits from improved desktop performance that uses fewer system resources.

        • Fedora 29 Beta Linux distro now available for download with improved Raspberry Pi support

          If you are going to use Linux on the desktop, you might as well use Fedora. Why? Well, it is a pure open source experience. I mean, why switch from Windows to a distro that isn’t entirely focused on FOSS? You should go all in! Not to mention, it uses very modern packages while retaining stability. Oh, and it uses the best overall desktop environment, GNOME, by default. It’s no wonder the father of Linux, Linus Torvalds, uses it.

          The next version of the operating system is Fedora 29, and today, it achieves Beta status. It features updated packages, improved support for Raspberry Pi, and more.

        • LAMP stack for Fedora
    • Debian Family
      • GSoC 2018: Final Report

        This is my final report of my Google Summer of Code 2018, it also serves as my final code submission.

        For the last 3 months I have been working with Debian on the project Extracting Data from PDF Invoices and Bills Details.

      • Derivatives
        • Canonical/Ubuntu
          • Ubuntu 18.10’s New Wallpaper is Cosmically Cute

            The striking new background was attached to a bug report on Launchpad, and arrives just in the nick of time. The sole Ubuntu 18.10 beta is released tomorrow.

            If you’re running the Ubuntu 18.10 daily builds you’ll get the new Ubuntu 18.10 wallpaper as an update to the Ubuntu wallpapers package, so keep an eye on update manager.

          • Ubuntu Minimal Install

            Today we will be going over the installation of the minimalist version of Ubuntu 18.04. You may be thinking of a minimalistic version of a Linux distro as the bare minimum version of a system. If so, you would be correct. The system we are going to install from comes in a 64MB ISO image.
            ​You can find the image to download in the Ubuntu help wiki for minimalist versions. You will find some important information regarding the burning of images to a CD or a USB stick (I use dd), and even a few pointers to get started. You will also see information about installation on UEFI based systems. It does lack support for UEFI; however, for the purposes of this guide, the system will be installed on a virtual machine.

          • Flavours and Variants
            • [Linux Mint] Monthly News – September 2018

              Many thanks to all the people who donate to us. Numbers were lower than normal last month but we’re still getting a tremendous amount of support. We’re at an average of $10,000 per month. Although that average decreased slightly over the last three years it is very high, it covers all our expenses, when we need something money is never an issue (whether it’s to scale slowly, invest in security, hosting, CI services or to tackle an emergency) and it allows us to send money upstream when needed and to donate funds internally within our moderation and development teams. We’re able to facilitate development and boost our productivity by making tools available and delegate aspects which would otherwise get in the way. It’s a real help for us, I know I say it every month but I don’t think we’ll ever be thankful enough. If you’re helping us, thank you.

              Now, without further ado, let’s talk about development. With Mint 19 and LMDE 3 officially released our hands are now free to develop and improve our software on top of the new bases (respectively Ubuntu 18.04 and Debian Stretch).

            • Linux Mint / Cinnamon Speeds Up Its File Manager, Updates Other Apps

              Linux Mint lead developer Clément Lefèbvrehas has issued his latest monthly update concerning the activities within this Ubuntu/Debian-derived camp and their work on the GNOME-forked Cinnamon desktop environment.

              The Linux Mint crew is moving forward with their Cinnamon efforts and original Linux desktop applications now that Linux Mint 19 and Linux Mint Debian Edition 3 have shipped. Of their original applications, the Nemo 4.0 file manager is becoming “lightning fast” with numerous optimizations having been added. Nemo’s start time as well as folder load times are much faster. There has also been user-interface improvements to Nemo along with the ability to show file creation times when on an EXT4 file-system with Linux 4.15 kernel and newer.

  • Devices/Embedded
Free Software/Open Source
  • Orchestration & Open Source for 5G

    A 2016 survey by TMForum, Orchestration: Get Ready for the Platform Revolution, found that “orchestrating services end to end across virtualized and physical infrastructure, including partners’ networks, is proving to be one of the most difficult operational challenges for communications service providers and their suppliers.” As early as 2014, Axel Clauberg, VP of Aggregation, Transport, IP and Infrastructure Cloud Architecture at Deutsche Telekom, coined the phrase “zoo of orchestrators” to describe the mish-mash of management systems vendors were pushing to manage their siloed NFV solutions.

  • 3 open source distributed tracing tools

    Distributed tracing systems enable users to track a request through a software system that is distributed across multiple applications, services, and databases as well as intermediaries like proxies. This allows for a deeper understanding of what is happening within the software system. These systems produce graphical representations that show how much time the request took on each step and list each known step.

    A user reviewing this content can determine where the system is experiencing latencies or blockages. Instead of testing the system like a binary search tree when requests start failing, operators and developers can see exactly where the issues begin. This can also reveal where performance changes might be occurring from deployment to deployment. It’s always better to catch regressions automatically by alerting to the anomalous behavior than to have your customers tell you.

  • OBS Studio Now Supports VA-API For Video Encoding

    For those of you using OBS Studio for screen recording on the Linux desktop or screencasting, the latest code now supports GPU-offloading to VA-API for the H.264 video encode process.

    The Open Broadcaster Software has already supported Intel QuickSync on Windows as well as NVIDIA NVENC on supported platforms for NVIDIA GPU video encoding or AMD AMF as well. But for Intel Linux users, FFmpeg VA-API support has been merged for faster H.264 video encoding by making use of the HD/Iris/UHD Graphics hardware via this Video Acceleration API.

  • Google Open-Sources “GraphicsFuzz” For Helping To Spot GPU Driver Bugs

    Remember GraphicsFuzz? That was the effort started by university students for fuzzing GPU drivers via WebGL in the browser and over the course of their research found various OpenGL driver bugs, including for mobile drivers. Last month the start-up born out of that university research was acquired by Google and now their work is open-source.

  • Open-Source Software In Connected Vehicles: Pros And Cons
  • Lyft Launches Open-Source Design Tool
  • Web Browsers
    • Chrome
      • Chrome 70 Will Let Users Opt Out of the New Auto-Sign In Feature

        An upcoming Chrome option allows users to log into Google accounts without logging into the browser. The change was prompted by a backlash among users and privacy advocates.

        Chrome 69, which came out earlier this month, logs all Google users into Chrome, even if they’ve previously opted out of signing into Chrome. This did not enable Chrome’s sync feature, but some users saw it as intrusive.

      • Google Does Damage Control After Chrome Faces A lot Of Backlash For Automatic Sign In Feature In Recent Update

        The first thing that most of us noticed was the UI redesign in the latest chrome update underlying which were many small and big changes alike that were not as easy to catch the eye. One of these was the feature that would automatically sign people into Chrome when they sign into a spate Google service such as Gmail.

        Google faced a lot of criticism this past week as even security experts are calling out Google for breaching individual’s privacy and point that this is a method which involves tricking the less technically adept people into sharing or rather handing over more data to Google.

      • How to stop Chrome running in the background

        Whilst I use Firefox personally, I understand that some people like to use Chrome due to the availability of a lot more extensions. So what do you do to stop Google tracking your activity even when it’s not signed in?

    • Mozilla
      • Firefox Accounts offer recovery key option

        Firefox Accounts help you get more out of your Firefox experience. With a Firefox Account, you can get all your bookmarks, passwords, open tabs and more — everywhere you use Firefox. Working on your desktop, browsing on your couch with a tablet, out and about in the world on your mobile device.

      • Account recovery keys in Firefox Accounts

        The Firefox Accounts team is in the process of releasing a new feature called Account Recovery. Previously, when a user resets their password, they would be given new encryption keys and could potentially risk losing any synced bookmarks, passwords and browsing history. With Account Recovery, a user can keep their encryption keys and not lose any data.

        A more technical overview of how this feature works can be found here.

        If you are interested in trying it out, simply goto your Firefox Account settings and click Account Recovery. If you do not see the Account Recovery option, you might not be in the rollout group yet. However, it can be manually enabled using these instructions.

      • EU Code published: another step forward in the fight against disinformation

        Today, the advertising and technology sectors presented the world’s first ever Code of Practice on Disinformation. Brokered in Europe, and motivated by the European Commission’s Communication on Tackling Disinformation and the report of the High Level Expert Group on Fake News, the Code represents another step towards countering the spread of disinformation.

        This initiative complements the work we’ve been doing at Mozilla to invest in technologies and tools, research and communities, to fight against information pollution and honour our commitment to an internet that elevates critical thinking, reasoned argument, shared knowledge, and verifiable facts.

      • This Week in Rust 253

        This week’s crate is packed_simd, a crate with portable SIMD vector types. Thanks to Gabriel Majeri for the suggestion!

      • The Rust Programming Language Blog: Announcing Rust 1.29.1

        The Rust team is happy to announce a new version of Rust, 1.29.1. Rust is a systems programming language focused on safety, speed, and concurrency.

      • This Week In Servo 114

        Big shout-out to @eijebong for digging into the underlying cause of an ongoing, frustrating intermittent problem with running websocket tests in CI.

      • Mozilla Launches Firefox Monitor To Alert You When Your Data Is Breached

        Mozilla just launched a free service called Firefox Monitor to help users find out whether their accounts have been a part of the numerous data breaches that occur every year.

        Just enter your email ID on the Firefox Monitor website and get it scanned to find any cases of compromised online accounts.

      • Daniel Stenberg: 10,000 stars

        On github, you can ‘star’ a project. It’s a fairly meaningless way to mark your appreciation of a project hosted on that site and of course, the number doesn’t really mean anything and it certainly doesn’t reflect how popular or widely used or unused that particular software project is. But here I am, highlighting the fact that today I snapped the screenshot shown above when the curl project just reached this milestone: 10,000 stars.

        In the great scheme of things, the most popular and starred projects on github of course have magnitudes more stars. Right now, curl ranks as roughly the 885th most starred project on github. According to github themselves, they host an amazing 25 million public repositories which thus puts curl in the top 0.004% star-wise.

  • BSD
  • FSF/FSFE/GNU/SFLC
    • GNU Shepherd 0.5.0 released

      The GNU Daemon Shepherd or GNU Shepherd is a service manager written in Guile that looks after the herd of system services. It provides a replacement for the service-managing capabilities of SysV-init (or any other init) with a dependency-based system with a convenient interface. The GNU Shepherd may also be used by unprivileged users to manage per-user daemons (e.g., tor, privoxy, mcron, etc.) It is written in Guile Scheme, and is configured and extended using Guile.

    • GNU Shepherd 0.5 Init System Released

      Shepherd, the init/service manager of the GNU system with GNU Herd and can be used as an alternative to systemd on Linux systems as well, is up to version 0.5.

      With GNU Shepherd 0.5, the init system now gracefully halts with Ctrl+Alt+Del when running as PID 1 on Linux systems and restarting a service now also restarts any dependent services… Plus services now have a “replacement” slot as well and there are various other fixes.

  • Licensing/Legal
    • The Software Freedom Conservancy on GPLv2 irrevocability

      For anybody who has been concerned by the talk from a few outsiders about revoking GPL licensing, this new section in the Software Freedom Conservancy’s copyleft guide is worth a read.

    • Conservancy Adds Expanded Section To Copyleft Guide On GPLv2 Irrevocability

      In discussion of the Linux project’s new Code of Conduct, a few people have suggested that contributors who reject the Code of Conduct might disrupt Linux licensing in response. This seems unlikely to most, but to ensure that uncertainty around this issue casts no shadow over contributions to GPLv2 works, Conservancy engaged our outside counsel, Pamela Chestek, to update the Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide (called the Copyleft Guide for short) on copyleft.org to clarify this issue.

      Copyleft.org is an initiative that fosters a collaborative community to share and improve information about copyleft licenses (especially the GNU General Public License (GPL)) and best compliance practices for those licenses. It’s primary output is the Copyleft Guide, an extensive 157 page tutorial on GPL and other forms of copyleft licensing, available as an online book and as a PDF.

  • Openness/Sharing/Collaboration
    • Open Hardware/Modding
      • OTTO modular open source music maker

        If you enjoy making electronic music OTTO the open source music maker offers a complete hardware and software solution offering synthesisers, sampler, effects, sequencers and studio modules. The OTTO has been created to be built in very different ways depending on your skills, requirements and available resources, tools and priorities.

        “Making electronic music is awesome! But for most of us, it requires a lot of setup, a lot of moving a mouse around on a laptop that’s probably not quite equipped to handle realtime audio processing. Don’t you wish you had one single device, which was built to do it all for you, easily and on the fly?”

  • Programming/Development
    • Troubleshooting Node.js Issues with llnode

      The llnode plugin lets you inspect Node.js processes and core dumps; it adds the ability to inspect JavaScript stack frames, objects, source code and more. At Node+JS Interactive, Matheus Marchini, Node.js Collaborator and Lead Software Engineer at Sthima, will host a workshop on how to use llnode to find and fix issues quickly and reliably, without bloating your application with logs or compromising performance. He explains more in this interview.

    • Bytes, Characters and Python 2

      An old joke asks “What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.”

      Now that I’ve successfully enraged all of my American readers, I can get to the point, which is that because so many computer technologies were developed in English-speaking countries—and particularly in the United States—the needs of other languages often were left out of early computer technologies. The standard established in the 1960s for translating numbers into characters (and back), known as ASCII (the American Standard Code for Information Interchange), took into account all of the letters, numbers and symbols needed to work with English. And that’s all that it could handle, given that it was a seven-byte (that is, 128-character) encoding.

    • SDL’s 2D Render API Getting Improved With New Batching System

      Prolific Linux game porter/developer Ryan Gordon has been tackling improvements to the SDL2 library’s 2D rendering code with the introduction of a batching system.

      With the current SDL2 library when using its render API, calls are immediately dispatched where as with this batching system the draw requests are stored in batches and then dispatched to the GPU when needed. Those batches are sent to the GPU when needed via SDL_RenderPresent or other relevant operations.

    • Writing well

      Code gets read more than it gets written, so it’s worth taking extra time so that it’s easy for future developers to read. The same is true of emails that you write to project mailing lists. If you want to make a positive change to development of your project, don’t just focus on the code — see if you can find 3 ways to improve the clarity of your writing.

    • How we rolled out one of the largest Python 3 migrations ever

      Dropbox is one of the most popular desktop applications in the world: You can install it today on Windows, macOS, and some flavors of Linux. What you may not know is that much of the application is written using Python. In fact, Drew’s very first lines of code for Dropbox were written in Python for Windows using venerable libraries such as pywin32.

      [...]

      Initially, we relied on “freezer” scripts to create the native applications for each of our supported platforms. However, rather than use the native toolchains directly, such as Xcode for macOS, we delegated the creation of platform-compliant binaries to py2exe for Windows, py2app for macOS, and bbfreeze for Linux. This Python-focused build system was inspired by distutils: Our application was initially little more than a Python package, so we had a single setup.py-like script to build it.

      Over time, our codebase became more and more heterogenous. Today, Python is no longer the only language used for development. In fact, our code now consists of a mix of TypeScript/HTML, Rust, and Python, as well as Objective-C and C++ for some specific platform integrations. To support all these components, this setup.py script—internally named build-all.py—grew to be so large and messy that it became difficult to maintain.

      The tipping point came from changes to how we integrate with each operating system: First, we began introducing increasingly advanced OS extensions—like Smart Sync’s kernel components—that can’t and often shouldn’t be written in Python. Second, vendors like Microsoft and Apple began introducing new requirements for deploying applications that imposed the use of new, more sophisticated and often proprietary tools (e.g. code signing).

    • Java 11 Released As The First Java LTS Release

      Java 11 (JDK 11) is officially out today as the first Java Long-Term Support (LTS) release under Oracle’s new six month release strategy.

Leftovers
  • Australia’s eftpos ‘Tap & Pay’ fast-tracks for transport

    eftpos managing director Stephen Benton said that while eftpos “had been working on transport for some time, the company had this week formed a dedicated technical and business team to complete the capability rollout to financial institutions across Australia by April 2019, and was already in discussions with a number of State Governments”.

  • Flocking

    When combined, these three simple rules have created complex emergent behavoir.

  • Has the Internet Changed Fact-Checking? Well, It Depends.

    When my friends tell me stories that sound too good to be true, I do what’s in every reporter’s DNA: I ask what their source is for the information. Knowing the source helps me judge the truth of what they’re saying, and whether I should believe, say, that it’s illegal to sell Irish butter in Wisconsin. (Pretty much true until last year, when butter lovers went to court.) The same goes for any story we report. Before we include a fact or a statement, we have to ensure it is correct and the source is credible — even if it takes weeks or months to do so.

    Ms. Beaumont is right. Back in the day, reporters used books and other paper documents to check their facts. You confirmed Pulaski was a road, not a street, on a paper map. You pored over the city of Chicago’s budget to determine what the Police Department was slated to spend on overtime. You called the Illinois Department of Financial and Professional Regulation to check if a doctor had a disciplinary record.

  • We Need to Talk about Indyref2

    A senior SNP elected representative told me a couple of weeks ago that the party hierarchy were intent on making sure there would be strict control over debate at the upcoming conference. The leadership fear pressure from the membership on holding another Independence referendum, using the mandate won at the last Holyrood elections. You will recall that the SNP was elected on a promise of a new referendum in the event of a significant change in the status quo, specifically including Brexit.

    Being well aware from the AUOB marches and other events that the grassroots are ready for another campaign, and with the opinion polls very encouraging, it seemed to me that the foot soldiers deserved at least to be able to voice an opinion on when and how they went into battle. So I suggested back to my friend that, as I am attending as a delegate, I would hold a fringe meeting within the Conference venue on the routes to Independence. This might include how we get a new Indyref in the face of Westminster opposition, its timing, and lessons learned for the Yes movement from 2014 on how to win it. The idea was also to explore other potential routes to Independence including a National Assembly.

    They replied that I would not be allowed to hold a fringe meeting on Indyref2. I thought they were being over-dramatic. So I asked my friend the doughty Peter A Bell to join me as a speaker (he agreed in principle), and I was planning to ask James Kelly and Stuart Campbell as well, but first applied for a room in the Conference Centre so I could give them a date.

  • Health/Nutrition
    • Prisons’ Refusal to Provide Adequate Opioid Treatment is Cruel and Unlawful

      In 2016, after overdosing three times in less than 48 hours, he was scared for his life and committed to recovery. That’s when his physician prescribed methadone, a prescription medication approved by the FDA for treatment of opioid use disorder.

      For nearly two years, Geoffrey has invested in his recovery, rededicated himself to his young son, rebuilt his relationships with his parents, and found a job that he loves. While he also participates in counseling and therapy, he credits his recovery to his medication-assisted treatment (MAT).

      Geoffrey generally relies on his parents to drive him to the clinic where he receives the treatment. But on July 19, his mother was unexpectedly unavailable to drive him, and in fear of a relapse, he drove himself. He was pulled over and charged with driving with a revoked or suspended license.

      He currently faces imprisonment at the Middleton House of Correction in Massachusetts, where his medication will not be made available to him. In fact, the Essex County jail denies MAT to prisoners diagnosed with opioid use disorder, including those who arrive with a prescription for such medication and are already in sustained recovery as a result — like Geoffrey.

      People with opioid use disorder who are denied their medication suffer painful withdrawal. It disrupts their treatment plan, leading to a sevenfold decrease in continued treatment after release. It increases the risk of relapse into active addiction: Over 82 percent of patients who leave methadone treatment relapse within a year. And, most alarming, patients are more likely to suffer from overdose and potential death as a consequence of forced withdrawal.

    • Cancer Center Switches Focus on Fundraising as Problems Mount

      Memorial Sloan Kettering Cancer Center has abruptly changed the focus of an annual fundraising campaign amid a widening crisis that has already led to the resignation of its chief medical officer and a sweeping re-examination of its policies.

      The campaign, initially titled “Harnessing Big Data,” was to have focused on the cancer center’s research into the use of artificial intelligence in cancer treatment, according to a brochure on Memorial Sloan Kettering’s website.

      The move follows an article Thursday by ProPublica and The New York Times about an exclusive deal that Memorial Sloan Kettering made with an artificial intelligence startup to use digital images of 25 million tissue slides analyzed over decades. The company, Paige.AI, was founded by three hospital insiders, and also involved investors who were Memorial Sloan Kettering board members.

      [...]

      Kenneth Manotti, the cancer center’s senior vice president and chief development officer, made a reference to the article in an email sent Friday to board members of the Society of MSK, the hospital’s volunteer fundraising arm, and an affiliated committee. It said the fundraising effort, which would have accelerated the center’s research on artificial intelligence, would be postponed “under the current circumstances, as we navigate through the issues at hand.”

    • WIPO And Pharma Industry Launch Medicines Patent Database For Easier Access To Medicines

      A new initiative, the Patent Information Initiative for Medicines (Pat-INFORMED), was launched today at the World Intellectual Property Organization to help health agencies procure medicines. The collaboration between WIPO and the pharmaceutical industry, a free and open-access database, provides information on the legal status of patents on approved medicines.

    • The Child Abuse Contrarian

      In September 2016, Jenn Thompson and her boyfriend, Robbie Ray, discovered that she was pregnant. They had met just over a month earlier, through the dating app Tinder, and quickly became inseparable. Robbie would stay at Jenn’s place several nights a week, and on the weekends, they tailgated at football games. The pregnancy was unplanned, but both had recently turned 30 and were ready to start a family. When they went in for an ultrasound appointment, a technician pointed out two tiny circles on the screen: twins. They bought a baby Doppler and Robbie would hold the monitor on Jenn’s stomach so they could listen to the two hearts beating in tandem.

      They got married five months later, at the Lutheran church Jenn attended. Robbie moved into her house, in Columbia, South Carolina, across the street from her parents in a tightly packed development of modest, newish homes tucked behind a shopping complex. They converted the second bedroom into a nursery. Jenn found the crib she slept in as an infant and gave it a fresh coat of paint. The babies arrived more than a week early, by C-section — a boy first, and then a girl.

      [...]

      To find an explanation, the Rays said, they searched the Internet and eventually discovered a group called Fractured Families. The website was filled with stories of parents who were accused of abuse — falsely, it said — after their children were found to have bone injuries. Jenn told me that she was struck by how similar their experiences were to her own. Jenn made contact with several of the mothers in Fractured Families. They told her that there was a doctor in Boston who might be able to help her.

      [...]

      Holick regularly diagnoses children with EDS without seeing them in person. “I already know on the phone they have EDS,” he said, adding that he questions the parents about potential symptoms. “I almost don’t have to ask. I know the answer.”

  • Security
    • Security updates for Tuesday
    • Reproducible Builds: Weekly report #178
    • Yubico launches new lineup of multifactor FIDO2 security keys

      It’s an open secret that passwords aren’t the most effective way to protect online accounts. Alarmingly, three out of four people use duplicate passwords, and 21 percent of people use codes that are over 10 years old. (In 2014, among the five most popular passwords were “password,” “123456,” and “qwerty.”) Two-factor SMS authentication adds a layer of protection, but it isn’t foolproof — hackers can fairly easily redirect text messages to another number.

    • The new YubiKey 5 security keys offer physical protection for your private data
    • YubiKey 5’s FIDO2 support will help you ditch passwords entirely
    • Lilbits 338: Multi-factor security

      You may already be using multi-factor authentication to login to some devices or services. Your bank may send you a text message with a security code when you attempt to login to its website. I use a smartphone app that gives me a code to use when logging into Google, LastPass, or a handful of other services.

    • Introducing the YubiKey 5 Series with New NFC and FIDO2 Passwordless Features

      Our new YubiKey 5 Series is comprised of four multi-protocol security keys, including two much anticipated new features: FIDO2 / WebAuthn and NFC (near field communication).

    • New Linux ‘Mutagen Astronomy’ security flaw impacts Red Hat and CentOS distros

      This is a type of vulnerability that requires an attacker to have a foothold on a vulnerable system, but it’s one of those security flaws that can turn a simple hack into a very bad one, as it can be used to give an intruder root access and complete control over infected systems.

    • Responsible disclosure: retrieving a user’s private Facebook friends.

      Data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a pratical side.

      On the pratical side, how we will see, disclose of private data is often a unwanted side effect of an useful feature.

      Facebook and Instagram

      Facebook bought Instagram back in 2012. Since then, a lot of integrations have been implemented between them: among the others, when you suscribe to Instagram, it will suggest you who to follow based on your Facebook friends.

      Your Instagram and Facebook accounts are then somehow linked: it happens both if you sign up to Instagram using your Facebook account (doh!), but also if you sign up to Instagram creating a new account but using the same email you use in your Facebook account (there are also other way Instagram links your new account with an existing Facebook account, but they are not of our interest here).

      So if you want to create a secret Instagram account, create a new mail for it

      Back in topic: Instagram used to enable all its feature to new users, before they have confirmed their email address. This was to do not “interrupt” usage of the website / app, they would have been time to confirm the email later in their usage.

      Email address confirmation is useful to confirm you are signing up using your own email address, and not one of someone else.

    • Security updates for Wednesday
    • Linux Readying Spectre V2 Userspace-Userspace Protection

      While the Linux kernel has been patched for months (and updated CPU microcode available) to mitigate Spectre Variant Two “Branch Target Injection” this has been focused on kernel-space protection while patches are pending now for userspace-userspace protection.

      Spectre V2 mitigation for application to application attacks hasn’t been a priority since its more difficult to exploit due to ASLR (Address Space Layout Randomization). This protection is being worked on and these new patches enable app-to-app mitigation for Spectre Variant Two via IBPB (Indirect Branch Prediction Barrier) and STIBP (Single Thread Indirect Branch Predictors). This protection via the new Linux kernel patches is for both Intel and AMD CPUs.

    • Cisco: Linux kernel FragmentSmack bug now affects 88 of our products

      Cisco has confirmed that more of its products that rely on the Linux kernel are vulnerable to a potentially dangerous denial-of-service flaw.

      The bug, dubbed FragmentSmack, was in August revealed to affect the IP networking stack in the Linux kernel, prompting a round of patches for numerous Linux distributions and patches at Akamai, Amazon, and Juniper Networks, and more.

      The bug can saturate a CPU’s capacity when under a low-speed attack using fragmented IPv4 and IPv6 packets, which could cause a denial-of-service condition on the affected device.

    • More Spectre Variant Two Patches Queued For The Linux Kernel

      Besides the Spectre V2 userspace-userspace mitigation patches revised and sent out earlier today, some related Spectre V2 changes are now queued for soon merging to the mainline Linux kernel.

      Thomas Gleixner has queued a few new patches today in his x86/pti tree for soon calling upon Linus/Greg for merging into the mainline kernel.

    • The Crypto-Criminal Bar Brawl [Ed: NanoVMs marketing disguised as article, where the selling method is badmouthing Linux security]
  • Defence/Aggression
    • Interview With Mike Prysner And Spenser Rapone: Creating Conditions For Resistance Within US Military

      If you would like to support the show and help keep us going strong, please become a subscriber on our Patreon page.

      Hosts of the “Eyes Left” podcast join the “Unauthorized Disclosure” weekly podcast to talk about creating the conditions for more resistance within the United States military.

      Spenser Rapone, known as the “Commie Cadet,” spoke out for NFL quarterback Colin Kaepernick and expressed his support for left-wing politics. He unconditionally resigned from the military a little more than a year ago.

      Michael Prysner enlisted in the military following the 9/11 attacks and later became an antiwar activist after leaving the military. He is also a producer of the “Empire Files.”

      Together, they share their thoughts on antiwar organizing under President Donald Trump and whether the terrain has shifted considerably since President Barack Obama was in office. They share their back stories, address the never-ending war in Afghanistan, discuss U.S. support for a right-wing coup in Venezuela, and more.

  • Transparency/Investigative Reporting
    • Julian Assange and Russia’s UK embassy

      Your article (Revealed: Russia’s Christmas Eve plot to smuggle Assange out of UK, 22 September) claiming that Russian diplomats held secret talks to assess whether they could help Julian Assange flee the UK has nothing to do with the reality. The embassy has never engaged with Ecuadorean colleagues, or with anyone else, in discussions on any kind of Russian participation in ending Mr Assange’s stay within the diplomatic mission of Ecuador. As regards the idea that “the Kremlin was willing to offer support” to a secret plan by “allowing Assange to travel to Russia”, we are puzzled by the sensational attitude of the authors. Russia is always happy to welcome international guests if they arrive in a lawful manner and with good intentions.

      As recently as 18 September, the culture secretary, Jeremy Wright, speaking at the Royal Television Society, called for increased efforts to combat media and online disinformation. Your article is a brilliant example of the kind of journalism that the British reader should be protected from.

    • Being Julian Assange

      In 2016 an accused serial sexual predator ran for the US presidency against the notoriously corrupt wife of a previously impeached President – who is also an accused serial sexual predator.

      That these facts alone were insufficient to invalidate the entire race is testament to the audacity with which corrupt power operates in the West, and how conditioned the public is to consuming the warped byproducts of its naked machinations.

      Arguably the most contentious election in recent history, the accused serial sexual predator won.

      During the race, WikiLeaks Editor-in-Chief Julian Assange aptly described the two candidates as “cholera vs gonorrhoea.” Edward Snowden ran a Twitter poll asking his followers whether they would rather vote for a “calculating villain”, an “unthinking monster” or “literally anyone else”. 67% chose the latter. Yet those who didn’t want to be forced into a false choice between Clinton or Trump became the forgotten voices, the silent majority; largely excluded from the endless, vapid mainstream media debates about the outcome.

      Julian and Edward’s descriptors were flawless metaphors for the Presidential contestants; cartoon-like characters that when paired together and portrayed as a legitimate democratic choice, made a mockery of the entire concept of political representation.

  • Finance
    • Uber scores a big win in legal fight to keep drivers as independent contractors

      A three-judge panel ruled in favor of Uber in a long-standing lawsuit that could have a profound impact on the future of ride-sharing and the gig economy.

      The Ninth US Circuit Court of Appeals issued a decision Tuesday reversing the class certification order in the case of O’Connor v. Uber, in which Uber drivers argued they should be categorized as employees rather than independent contractors. The judges nullified the decision on the ground that Uber’s arbitration clause prohibits class actions.

    • Uber wins key ruling in its fight against treating drivers as employees

      Uber says that its drivers are legally independent contractors, not employees. That’s significant because federal law strictly regulates the relationship between employers and employees. Employees are guaranteed to earn federal minimum wage and are entitled to overtime pay if they work more than 40 hours per week. Uber employees, in contrast, are paid by the ride and might earn much less than minimum wage if they drive at a slow time of day.

      California law also gives employees the right to be reimbursed for expenses they incur on the job, which would be significant for Uber drivers who otherwise are responsible for gas, maintenance, insurance, and other expenses of operating an Uber vehicle.

    • Google to allow certain cryptocurrency advertising next month

      It’s unclear why Google is lifting its ban now, but it would appear that the company thinks the crypto hype over skyrocketing digital currency values and all of the negative side effects associated with that has died down. Facebook, which put in place the first large-scale crypto advertising ban back in January, lifted its ban on certain types of crypto-related ads in June. Similarly, Facebook is still banning ICOs and requires companies to fill out an application to run ads. So Google may be simply following suit in an effort to ensure it does not lose out on valuable ad dollars. The company was not immediately available for comment.

    • Google ends cryptocurrency ad ban — but only for certain kinds of ads

      Google is reversing part of its sweeping ban on cryptocurrency-related advertising and plans to allow regulated crypto exchanges to buy ads in the United States and Japan.

      The new policy starts in October.

    • The contexts of Thatcher’s Bruges speech of 1988

      Last week was the thirtieth anniversary of the “Bruges speech” by the then prime minister Margaret Thatcher.

      Over at the FT I did a piece on the anniversary, contending that the speech was not the start of the road to Brexit (a view put forward by a number of pundits).

      Instead I suggested that it was that by disregarding that speech that Conservatives took us on the road to Brexit.

    • Theresa May’s Bad Faith

      The Salzburg debacle was a low point of British diplomacy, because neither Number 10 nor the Brexit ministers paid any attention to the information being provided by Britain’s Embassies, which was that there is fizzing resentment in major capitals at what is viewed as Theresa May’s rank bad faith.

      Good faith is an intangible, but it is the most important asset you can have in diplomatic negotiations, and building up trust is the most important skill in international relations. The EU remains genuinely concerned for the future of Ireland, which unlike the UK is a continuing member.

      In December, after hard talks, the UK signed up to the Joint Report as the basis for negotiation. This contained the famous “backstop” on North/South Ireland relations. It is worth looking on what the text of the “backstop” actually says.

      [...]

      I have refrained from comment on the Brexit negotiations, but among the rafts of mainstream media coverage, I have not seen this issue of May’s bad faith given the prominence it deserves. Whatever your stance on Brexit, conducting negotiations in this manner – the cliche of perfidious is in fact the best description – is a ludicrously ineffective way to behave. On the most profound political, economic and social transformation the UK has embarked on in decades, the Tory government is an utter shambles.

      I personally changed my rose-tinted view of the EU after seeing its leaders line-up to applaud the Francoist paramilitary forces for clubbing grandmothers over the head for having the temerity to try to vote in Catalonia. My interest in Third Pillar cooperation ended there. But leaving the customs union appears to me a ridiculous act of self harm.

  • AstroTurf/Lobbying/Politics
    • Election security bill won’t pass ahead of midterms, says key Republican [iophk: "voting fraud goes for one more round"]

      Some secretaries of state and election organizations had raised concerns about the legislation, which would have required that states use backup paper ballots and conduct audits after elections to ensure that no votes or voting systems were compromised.

    • Why Am I Seeing This? Interesting Facebook Ads From Our Political Ad Collector

      Norcross is a big buyer of Facebook ads. According to a ProPublica analysis, he is one of the top spenders on Facebook ads in the House. According to the House’s Statement of Disbursements, he spent $24,570 from his office budget on Facebook ads during the first six months of 2018, more than any other member, counting only direct spending. Other members may have spent more through digital marketing agencies, but the disclosure data does not break out spending by advertising platform.

      Constituents of Norcross’ who like “beaches” saw ads focused on the environment, including one referencing his opposition to offshore drilling. Constituents who like “politics & social issues” — a Facebook category often used as a proxy for political engagement — saw ads touting Norcross’ support of protections for people in the LGBTQ community.

    • Facebook’s New Propaganda Partners

      Media giant Facebook recently announced (Reuters, 9/19/18) it would combat “fake news” by partnering with two propaganda organizations founded and funded by the US government: the National Democratic Institute (NDI) and the International Republican Institute (IRI). The social media platform was already working closely with the NATO-sponsored Atlantic Council think tank (FAIR.org, 5/21/18).

      In a previous FAIR article (8/22/18), I noted that the “fake news” issue was being used as a pretext to attack the left and progressive news sites. Changes to Facebook’s algorithm have reduced traffic significantly for progressive outlets like Common Dreams (5/3/18), while the pages of Venezuelan government–backed TeleSur English and the independent Venezuelanalysis were shut down without warning, and only reinstated after a public outcry.

      The Washington, DC–based NDI and IRI are staffed with senior Democratic and Republican politicians; the NDI is chaired by former Secretary of State Madeleine Albright, while the late Sen. John McCain was the longtime IRI chair. Both groups were created in 1983 as arms of the National Endowment for Democracy (NED), a Cold War enterprise backed by then–CIA director William Casey (Jacobin, 3/7/18). That these two US government creations, along with a NATO offshoot like the Atlantic Council, are used by Facebook to distinguish real from fake news is effectively state censorship.

    • US tech think tank lambasts moves to investigate social media giants

      The Information Technology Innovation Foundation, a self-proclaimed non-partisan Washington DC think tank which includes representatives of the largest US tech multinationals on its board, has slammed moves by the Trump Government to investigate the big three US social media giants amid “escalating complaints about anti-conservative bias” on their platforms.

      An ominously titled open letter published in USA Today, which has the undertones of a threat, warned US Federal Attorney-General Jeff Sessions and “conservatives” not to “mess with Google, Facebook or Twitter”.

    • Elliott Broidy’s All-Access Pass — “Trump, Inc.” Podcast

      “Trump, Inc.” is back. Our podcast with WNYC focused earlier this year on the many mysteries around President Donald Trump’s businesses. This season, we’re widening the lens to look at the people around Trump and how they are benefitting from his presidency.

      Our first episode looks at Elliott Broidy. You might remember him as the Republican financier who agreed to pay a Playboy model $1.6 million in return for her silence. (Broidy has said it was just to help her financially.)

      Before that scandal, Broidy was at the center of another one. A decade ago, he pleaded guilty to bribing New York State pension officials — “an old-fashioned payoff,“ as then-state Attorney General Andrew Cuomo put it. (Before the plea was finalized, a judge allowed Broidy to change his plea from a felony to a misdemeanor.)

  • Censorship/Free Speech
    • Twitter Releases New Policy on ‘Dehumanizing Speech’

      The policy will prohibit “content that dehumanizes others based on their membership in an identifiable group, even when the material does not include a direct target.” It expands upon Twitter’s existing hateful conduct policy prohibiting users from threatening violence or directly attacking a specific individual on the basis of characteristics such as race, sexual orientation, or gender. Twitter’s users, especially women and minority groups, long have complained that the company’s rules have been ineffective and inconsistent in addressing harassment and abuse.

    • Facebook failing to protect moderators from mental trauma, lawsuit claims

      Facebook in the past has said all of its content reviewers have access to mental health resources, including trained professionals onsite for both individual and group counseling, and they receive full healthcare benefits.

      It did not respond to a request by Reuters for comment on Monday.

      Currently, more than 7,500 content reviewers work for Facebook, including full-time employees and contractors.

    • Maldives sculpture by British artist torn down for being threat to ‘Islamic unity’

      The islands’ autocratic government said that the work, which included hybrid form sculptures – part-human, part-plant, part-coral – represented “idols” and ordered its demolition. The work had been subject to a series of complaints from religious scholars.

    • Here’s Why ‘The Satanic Verses’ Remains So Controversial 30 Years Later

      One of the most controversial books in recent literary history, Salman Rushdie’s “The Satanic Verses,” was published three decades ago this month and almost immediately set off angry demonstrations all over the world, some of them violent.

    • We must have the right to insult politicians

      It is worth reminding ourselves what MPs actually mean when they say they want to curb online ‘abuse’. Given that it is impossible to harm someone physically online, what they really mean by abuse is criticism, ridicule and insult. They mean bad language and bad words. What qualifies as abuse can encompass anything from death threats and misogyny to levelling jibes like ‘gammon’ or ‘snowflake’. Many politicians hold ordinary members of the public in such contempt that even the mildest criticism is seen as abusive. For instance, when Tory MP Antoinette Sandbach received an email from a constituent rebuking her for backing pro-Remain amendments in a crucial parliamentary vote on Brexit, she replied to say that she had referred the constituent to the police.

    • Louisiana’s Attorney General Wants To Break Up Google Over ‘Bias’

      Again, it’s not at all proven that the internet giants are “suppressing conservative agendas.” If they were, that would be quite remarkable, given that apparent “conservatives” control the White House, both houses of Congress, the judiciary and the vast majority of state houses. It would certainly then suggest that these internet companies aren’t very good at suppressing such an agenda if they really were attempting to do so (and, spoiler alert: they’re not).

      But, of course, the larger point still stands: this is clearly a government official, looking to use not just executive power, but law enforcement powers, to intimidate companies regarding speech on their platforms. That is 100% unconstitutional. I already detailed a variety of cases that make this point, but it appears that law enforcement officials are going to ignore that, so long as they can politically grandstand on this issue.

      But, just to flip this around: would Louisiana Attorney General Jeff Landry agree that Fox News or Breitbart should be hit with legal action for “suppressing liberal agendas?” Of course not.

    • District Court Misses The Forest For The Trees In Dismissing Constitutional Challenge To FOSTA

      It’s like the scene in the Naked Gun, where Leslie Nielsen stands outside the exploding fireworks factory telling everyone, “Nothing to see here. Please disperse.” Such is the decision by the district court dismissing the EFF’s lawsuit challenging the constitutionality of FOSTA.

      [...]

      It’s a statutory parsing that would be a lot more assuring if it didn’t ignore another perfectly plausible read of the statute. Of course it’s ridiculous to say that Maley intended to promote prostitution. But that’s not what the statute forbids. In a subsequent passage the court dismisses the argument that FOSTA’s amendments to 18 U.S.C. Sec. 1591 create any additional legal risk for platforms. But the amendments expand the prohibition against the “participation in a venture” to engage in sex trafficking to include “knowingly assisting, supporting, or facilitating” such a venture. This language suggests that liability does not require knowledge of a specific act of sex trafficking. Instead, merely providing services to sex traffickers – even ones unsuccessful in their sex trafficking venture – would seem to trigger liability. In other words, knowledge seems to hinge not on knowledge of a sex trafficking act but on knowledge of a sex trafficking venture (including one that may even be victimless), yet both the statute and the court are silent as to how much, or how little, a platform would need to actually know in order to have “knowledge” for purposes of the statute. This vagueness is what is so chilling to them, because it forces them to guess conservatively. But the court provides little relief, and in dismissing the case denies the opportunity to even attempt to gain any.

      Also, while these plaintiffs were suing because they feared prospective injury, plaintiff Eric Koszyk has already experienced a tangible injury directly traceable to the changes in the law wrought by FOSTA. He was a massage therapist who relied on Craigslist to advertise his services. In the wake of FOSTA, Craigslist shut down its Therapeutic Services section, thus limiting his ability to find customers. Without FOSTA (which would result if it were declared unconstitutional) it would seem that the shutdown decision could be reversed.

    • FOSTA Case Update: Court Dismisses Lawsuit Without Ruling on Whether the Statute is Unconstitutional

      A federal court considering a challenge to the Allow States and Victims to Fight Online Sex Trafficking Act of 2017, or FOSTA, dismissed the case on Monday.

      EFF and partner law firms filed a lawsuit in June against the Justice Department on behalf of two human rights organizations, a digital library, an activist for sex workers, and a certified massage therapist to block enforcement of FOSTA.

      Unfortunately, a federal court sided with the government and dismissed Woodhull Freedom Foundation et al. v. United States. The court did not reach the merits of any of the constitutional issues, but instead found that none of the plaintiffs had standing to challenge the law’s legality.

    • Age-Appropriate Design Code

      Recital 38 of the General Data Protection Regulation recognizes that children merit “specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data.” The recital goes on to make specific reference to the collection of personal data for marketing or user profiles or for services offered directly to a child.

      The recital lays out that children should be considered differently to the adults online. It is an uncontroversial observation that rarely is the distinction made online between an adult and a child in a meaningful way. This is particularly true when it comes to privacy. Services targeted at children process data in similar ways to services that are mixed or targeted at adults.

      The Age-Appropriate Design Code of Practice provides an opportunity to fix that imbalance. It can address the relationship a child has with online services by creating stronger default settings and working towards better provision of information to children about terms and conditions and privacy notices. It can also operate as a learning experience, preparing children for adulthood as effective participants online with agency and confidence in their rights.

    • What Does “Edited for Content” Mean on Airplane Movies?

      While lots of airlines display the “edited for content” warning before different movies, there’s no single standard that they have to meet. It also depends on the source of the movie.

      Big studios will often release an airplane cut of their tentpole movies, separate from the theatrical cut, that edits out references to terrorists, plane crashes, and the like; basically content that no one really wants to see when they’re hurtling through the air at 4/5ths of the speed of sound in an aluminum tube. Airlines tend to avoid screening movies where these are major plot points anyway—no Con Air or Alive for you—so, for the most part, you’re not going to see much difference.

      Where things get more interesting is when they pass through an editing company that specializes in airplane movies. James Durston, writing for CNN, interviewed Jovita Toh, the CEO of Encore Inflight Limited. Toh claims that they edit movies differently depending on which airline they’re for. European airlines are very accepting of nudity and swearing but tend to dislike overly violent or gory films. In the Middle East, it’s the opposite, with their airlines requiring any sexual content or bare skin scrubbed while not being too worried about violence. Some airlines based in Muslim countries even want references to pigs and pork removed! Toh’s company has also been asked to remove logos of competing airlines.

    • Pro-Israeli Terror Threat at Labour Conference Covered Up By MSM

      A fringe venue at the Labour conference was evacuated last night after the screening of a film about my friend Jackie Walker was cancelled by a terrorist bomb threat. Jackie, a black Jewish prominent critic of Israel, is currently among those suspended from the Labour Party over accusations of anti-semitism which are, in her case, nonsense.

      What is astonishing is that the state and corporate media, which has made huge play around the entirely fake news of threats to pro-Israel MP Luciana Berger leading to her being given a police escort to protect her from ordinary delegates, has completely ignored this actual and disruptive pro-Israeli threat – except where they have reported the bomb threat, using the big lie technique, as a further example of anti-semitism in the Labour Party!

      The Guardian’s report in this respect is simply unbelievable. Headed “Jewish event at Labour conference abandoned after bomb scare” it fails to note that Jewish Voice for Labour is a pro-Corbyn organisation and the film, “The Political Lynching of Jackie Walker”, exposes the evil machinations of the organised witch-hunt against Palestinian activists orchestrated by Labour Friends of Israel and the Israeli Embassy. It is not that the Guardian does not know this – it has carried several articles calling for Jackie Wilson’s expulsion.

    • Legislators Pushing A Patriot Act, But For Human Trafficking In The Wake Of FOSTA

      When you’re looking to expand the government’s power, any crisis will do. Following the 9/11 attacks in 2001, legislators told us the terrorists hated us for our freedom. Then they rushed through the Patriot Act, demonstrating how much our own government hates us for our freedoms.

      In the name of national security, the government was allowed to engage in warrantless searches (and warrantless wiretapping) as the Fourth Amendment was sacrificed to make way for secure skies and secure borders. More of the same is on tap at the federal level, thanks to another “crisis” — one mostly manufactured by a number of government officials who want to expand their power in the name of all the trafficked children in the world.

      Sex trafficking is the name of the game — even if the game board seems mostly devoid of players. A number of grandstanders have taken shots at big online services, playing shoot the message board since it’s easier to serve Craigslist, Backpage, or whoever than track down actual traffickers.

      One of these grandstanders is Rep. Ann Wagner. Wagner has been leading the charge to destroy Section 230 immunity under the pretense of hunting down sex traffickers. Sex traffickers will go on trafficking. They’ll just be harder to find. Meanwhile, the web gets worse for everyone as websites become less willing to provide platforms for third-party content.

    • Years Later, FTC Wins Case Against Roca Labs For Its Bogus Non-Disparagement Clause

      Remember Roca Labs? A few years back we wrote about them extensively. The company (along with Don Juravin, who ran it), had cooked up quite a scheme. They were selling what they claimed was a “weight loss” product, which involved ingesting something that one doctor summarized as “consist[ing] primarily of industrial food thickening agents.” If that wasn’t already sketchy enough, the company more or less required purchasers to agree to a non-disparagement contract in order to order the stuff. Roca claimed that you were just getting a “discount” if you agreed to the non-disaparagement clause, but it was unclear if there was any other way to order. Roca had a “doctor” vouching for its product, but it turned out it was a doctor who had lost his medical license. The company came to our attention when it sued Pissedconsumer because some of its many unhappy customers had ignored the non-disparagement clause and complained about Roca Labs on that site.

      The company then trotted out nearly every sketchy trick in the book — including threatening legal action against us, actually suing PissedConsumer’s lawyer, Marc Randazza (over something that we had written on Techdirt), and filing bogus DMCA notices to try to delete negative reviews — before the FTC finally went after the company in September of 2015.

      That case has continued for years (during which PissedConsumer won its case against Roca) and now the FTC has finally prevailed against Roca and Juravin as well. Eric Goldman has a good write-up on the ruling as well.

    • Twelve Rules For Not Being A Total Free Speech Hypocrite

      I have to say that I’ve never received so many earnest and detailed–but super angry–emails as I did after my article earlier this year calling out Jordan Peterson’s obvious hypocrisy for claiming to fight for free speech, while suing a university for “defamation” over the speech of some of its staff members. So many very, very earnest young men, really, really wanted to debate the finer points of how suing over speech could magically lead to more free speech. Again, to be clear: I thought that what Wilfrid Laurier University did in punishing a teaching assistant for showing a video clip of Peterson was completely asinine and the university and its staff deserved all of the ridicule it got.

      The lawsuit, however, was another story altogether. Beyond it being a completely obvious SLAPP suit — using defamation to try to silence someone — there were all sorts of weird conflicts of interest (it was filed by the same lawyer representing the teaching assistant Lindsay Shepherd, and as some have pointed out, Shepherd and Peterson are clearly in conflict with one another over this, since it was Shepherd who actually “published” the negative comments about Peterson by posting them in a video). But the key point is that it’s blatant hypocrisy to sue someone for criticizing you while basing a large part of your persona on being about freedom of speech. Indeed, much of Peterson’s claim to fame was in loudly protesting a proposed law in Canada that he claimed would be an attack on his own free speech.

      Since then, however, Peterson only seems to be doubling and tripling down on his attacks on free speech. A few weeks ago he filed a second lawsuit against Wilfrid Laurier University arguing (I kid you not) that the University’s own defense to his original lawsuit defamed him again because it claimed that he benefited from the press attention around the controversy (rather than harming him, as required to be defamation). This seems even more ridiculous than his original lawsuit. Canada, like the US, has absolute privilege in judicial proceedings, meaning you can’t claim defamation for things said in the course of ongoing litigation. But, apparently Peterson is going to ignore that.

  • Privacy/Surveillance
    • A Consumer Privacy Hearing With No One Representing Consumers

      The Senate Commerce Committee hearing on consumer privacy this morning was exactly what we and other privacy advocates expected: a chorus of big tech industry voices, with no one representing smaller companies or consumers themselves.

      In his opening remarks, Senator Thune acknowledged the “angst” caused by the Committee’s decisions to convene an industry-only panel, and promised more hearings with more diverse voices. We look forward to a confirmed hearing date with a diverse panel of witnesses from academia, advocacy, and state consumer protection authorities.

      Today’s hearing included witnesses from AT&T, Apple, Amazon, Charter, Google, and Twitter. All of them confirmed their support for a federal law to preempt California’s Consumer Privacy Act. Many recited talking points about the workload required to comply with the “patchwork” of state laws that they anticipate. However, none were able to answer the question of why the U.S. shouldn’t adopt standards along the lines of the EU’s GDPR or California’s CCPA.

      None of this was surprising. The companies represented largely rely on the ability to monetize information about everything we do, online and elsewhere. They are not likely to ask for laws that restrain their business plans.

      In the midst of an otherwise disappointing hearing, some Senators took a strong line on privacy that we applaud. Senator Markey requested that companies discuss a strong, privacy-protective bill before considering preemption of California’s new law. Senator Schatz questioned whether companies were coming to Congress simply to block state privacy laws and raised the prospect of creating an actual federal privacy regulator with broad authority. And Senator Blumenthal pointed out that, while the company representatives present claimed that GDPR and the CCPA imposed unreasonable burdens, they all seemed to be successfully complying.

    • Grindr Playing DMCA Whac-A-Mole With Privacy Threat ‘Fuckr’

      Back in March, it was revealed that Grindr could be exploited to expose the personal information of its users. Two months later, a further report noted that it was still possible to extract personal information from Grindr using a third-party app called “Fuckr”. Following an initial takedown from Github, the problem has continued, a new DMCA notice targeting more than 90 clones reveals.

    • State Attorneys General Really Want To Go After Big Internet Companies; But Claim It’s About Privacy, Not Bias

      Of course, it seems like almost journalistic malpractice to quote Jim Hood talking about going after social media platforms without mentioning the fact that he was the centerpiece of a the conspiracy by the top movie studios to attack Google with nonsensical complaints about illegal things he found while doing searches on Google. If you don’t recall, the Sony hack revealed a plot by the legacy movie studios to have their lawyers effectively run an investigation for Jim Hood — and even the NY Times revealed that his eventual subpoena to Google was written by the MPAA’s lawyers. A judge reviewing Google’s legal fight with Hood noted that it seemed pretty clear that Hood’s actions were done in “bad faith.” So… consider me at least marginally skeptical that Hood is an objective voice on what is and is not appropriate for a state Attorney General to investigate regarding the big internet platforms.

      Obviously, if there are real antitrust violations, then that’s a valid issue to explore. But, so many of the attacks themselves seem to be a hell of a lot more “politically biased” than any of the claims about how the internet companies themselves are politically biased.

      [...]

      So… if tech companies actually protect people’s privacy with strong encryption, they get yelled at and threatened with legal action by Attorneys General. And if they don’t protect people’s privacy… they get yelled at and threatened with legal action by Attorneys General. Just what exactly are they supposed to do?

      Again, it is entirely possible that these companies have violated various laws. Perhaps they’re in violation of antitrust laws, though the evidence there is lacking so far. But, from everything that’s been said coming out of this meeting, it does not inspire much confidence that there are reasonable and objective reasons for taking legal actions against these platforms. Instead — and this is all too typical for state AGs — there appears to be a lot of grandstanding and bluster without much substance.

    • Instagram co-founders’ departure driven by falling out with Zuckerberg: report

      Instagram CEO Kevin Systrom and Chief Technical Officer Mike Krieger left their posts at the image sharing app on Tuesday. The two sold Instagram to Facebook in 2012 for $1 billion.

      “Kevin [Systrom] has been super-pissed-off at Mark,” a top Facebook source reportedly told NBC News.

    • Amazon launches Prime Reading service in India
    • A mixed bag: Mozilla reacts to the Indian Supreme Court’s landmark verdict on Aadhaar

      By holding Section 57 of the Aadhaar Act to be unconstitutional, the Supreme Court of India has recognized the privacy risks created by the indiscriminate use of Aadhaar for private services. While this is welcome, by allowing the State wide powers to make Aadhaar mandatory for welfare subsidies and PAN, this judgment falls short of guaranteeing Indians meaningful choice on whether and how to use Aadhaar. This is especially worrisome given that India still lacks a data protection law to regulate government or private use of personal data. Now, more than ever, we need legal protections that will hold the government to account.

    • India’s Top Court Limits Sweep of Biometric ID Program

      In a landmark ruling on Wednesday, India’s Supreme Court placed strict limits on the government’s national biometric identity system while also finding that the sweeping program did not fundamentally violate the privacy rights of the country’s 1.3 billion residents.

      A five-justice panel of the court decided 4-1 to approve the use of the program, called Aadhaar, for matters involving the public purse, such as the distribution of food rations and other government benefits and the collection of income taxes.

      But the panel struck down Prime Minister Narendra Modi’s efforts to require the digital ID for other purposes, including verifying the identity of students taking exams, and established new protections meant to prevent the government from misusing the data in the name of national security.

    • Indian Supreme Court Rules Aadhaar Does Not Violate Privacy Rights, But Places Limits On Its Use

      Techdirt wrote recently about what seems to be yet another problem with India’s massive Aadhaar biometric identity system. Alongside these specific security issues, there is the larger question of whether Aadhaar as a whole is a violation of Indian citizens’ fundamental privacy rights. That question was made all the more pertinent in the light of the country’s Supreme Court ruling last year that “Privacy is the constitutional core of human dignity.” It led many to hope that the same court would strike down Aadhaar completely following constitutional challenges to the project. However, in a mixed result for both privacy organizations and Aadhaar proponents, India’s Supreme Court has handed down a judgment that the identity system does not fundamentally violate privacy rights, but that its use must be strictly circumscribed.

    • Supreme Court to deliver judgement on validity of Aadhaar tomorrow

      The Supreme Court will on Wednesday give its verdict on Aadhaar, the national identity card project challenged by critics for allegedly violating the constitution.

    • Unintended Consequences: How The GDPR Can Undermine Privacy

      We’ve highlighted a few times now, just how problematic the GDPR is. This is not because we don’t care about privacy — we do very much. We just think that the GDPR’s approach is not a very good one with a lot more downsides than upsides — and, it’s unlikely to do very much to actually protect your privacy. For example, we just wrote about the GDPR being used (successfully!) to try to erase a public court docket.

      But not only do we think that the GDPR doesn’t actually protect your privacy, it might actually put it at much greater risk. Take the story of Jean Yang, who noted that someone hacked her Spotify account and then, thanks to GDPR requirements, was able to download her entire Spotify history.

    • NSA employee who brought hacking [sic] tools home sentenced to 66 months in prison

      Nghia Hoang Pho, a 68-year-old former National Security Agency employee who worked in the NSA’s Tailored Access Operations (TAO) division, was sentenced today to 66 months in prison for willful, unauthorized removal and retention of classified documents and material from his workplace—material that included hacking tools that were likely part of the code dumped by the individual or group known as Shadowbrokers in the summer of 2016.

  • Civil Rights/Policing
    • Remove the Drone Shoot-Down and Biometric Surveillance Sections From the FAA Act

      To keep the Federal Aviation Administration functioning, Congress must pass a reauthorization bill by September 30th. But the current bill has been stuffed with last-minute provisions that would strip people of their constitutional rights.

      In the FAA Reauthorization Act, Congress attached the Preventing Emerging Threats Act, with slightly modified language. But the new provisions do nothing to protect private drone operators—flown by journalists, businesses, and hobbyists—from unprovoked, warrantless take-downs and snooping by DOJ and DHS.

      The FAA Reauthorization also for the first time gives a congressional imprimatur to DHS’ biometric scanning of domestic travelers and U.S. citizens.

      The basic functioning of a government agency should not be taken hostage by controversial legislation that strips people of their rights to speech and privacy. Unless these provisions are removed, Congress should not pass FAA Reauthorization.

    • After Fielding Third Case On Point, Court Finally Decides Curtilage-Violating ‘Knock And Talks’ Are Clearly Unconstitutional

      You can violate Constitutional rights and still dodge liability. You just have to do it in a way that doesn’t immediately summon precedential cases on point. That’s the beauty of qualified immunity, the doctrine the Supreme Court decided was needed because expecting law enforcement to operate within the confines of the Constitution is just too much to ask.

      Fairfield County, Ohio’s SCRAP (Street Crime Reduction and Apprehension Program) unit plays fast and loose with the Constitution — and with the county’s apparent blessing. A case examined by the Sixth Circuit Court of Appeals details a search the SCRAP chose not to call a search that resulted in the discovery of marijuana plants — and further contraband once a warrant was secured. The defendants — Neil Morgan and Anita Graf — asked for the evidence to be suppressed. They argued the initial “knock and talk” violated the Fourth Amendment, tainting the more thorough search that followed.

      Acting on a tip, the county’s SCRAP unit went to the defendants’ residence and basically surrounded it, placing two officers approximately five feet from the house in the backyard. It was from this vantage point the marijuana plants on the second floor balcony were spotted — something not visible to those approaching the house from more “public” directions. The court agreed and vacated their sentences. This lawsuit against the officers and the county ensued.

    • Brooklyn Residents Protest ‘Miniature Rikers’ As City Unveils Plans To Expand Borough Jail

      Brooklyn residents let New York City officials and their corporate partners know on Thursday that, rather than the expansion of the Brooklyn Detention Complex proposed as part of Mayor Bill de Blasio’s plan to shut down Rikers Island, they want “no new jails.”

      The public hearing inside PS 133’s auditorium on September 20 was supposed “to provide the public with an opportunity to comment on the scope of work that outlines how [the] environmental impact statement, or EIS, for [the new jail] will be prepared” according to city officials at the beginning of the hearing. But local activists and residents were not there to just talk about the environmental impact statement.

      Even before the town hall began, activists with the #NoNewJails campaign were at the entrance of the auditorium handing out literature stating that they “support the closure of Rikers” and “oppose new jail construction.” Instead of investing in jails and the criminal justice system, activists demand that NYC “invest in community resources” and “close jails by investing in alternatives to criminalization and imprisonment.”

      The city gave out two small booklets that explained the mayor’s plan “towards a borough-based jail system,” which is supposed to cost an estimated $10.6 billion over 10 years, and attempted to present the idea of new jails in a seemingly progressive way. One booklet described how the new jail in Brooklyn would look, stating that “there would be retail and community space” on the ground floor and even included a rendering of the street level view. The rendering showed a colorful and ultra-gentrified street with civilians nonchalantly walking past the aesthetically-pleasing glass front doors of the jail.

    • Orlando Paramedics Didn’t Go In to Save Victims of the Pulse Shooting. Here’s Why.

      “I need the hospital! Please, why does someone not want to help?”

      The man’s screams inside the Pulse nightclub pierced the chaos in the minutes after the shooting stopped on June 12, 2016. With the shooter barricaded in a bathroom and victims piled on top of one another, Orlando police commanders began asking the Fire Department for help getting dozens of shooting victims out of the club and to the hospital.

      “We need to get these people out,” a command officer said over the police radio.

      “We gotta get ‘em out,” another officer responded. “We got him [the shooter] contained in the bathroom. We have several long guns on the bathroom right now.”

      [...]

      None of that equipment was used at Pulse. Emergency medical professionals stayed across the street from the club. And the bulletproof vests filled with life-saving equipment sat at headquarters.

      In the three and a half years before the shooting, bureaucratic inertia had taken hold. Emails obtained by WMFE and ProPublica lay out a record of opportunities missed. It’s not clear whether paramedics could have entered and saved lives. But what is clear is Saez’s plan to prepare for such a scenario sat unused, like the vests.

      His effort had sputtered and was ultimately abandoned after a new fire chief, Roderick Williams, took over the department in April 2015. Williams named another administrator to finalize and implement the new policy. That administrator declined multiple requests to comment for this story. Saez said he offered to help but never heard back.

    • How the Orlando Fire Department’s Active Shooter Policy Fell Through the Cracks

      Saez files a hostile work environment complaint with the city’s Human Resources Department against the fire chief and the deputy chief who wrote him up. Saez retired in September. The city of Orlando says it is “currently reviewing the facts of this case as it is active and ongoing.”

    • The Reports of Civil Asset Forfeiture’s Death in Philadelphia Have Been Greatly Exaggerated

      Despite a settlement reforming the practice, policing for profit will continue in the City of Brotherly Love.

      Last week, Philadelphia and its district attorney, Larry Krasner, agreed to overhaul the city’s civil asset forfeiture practices after a long history of abuse and subsequent reform efforts thwarted by prosecutors across the state. But no one should be fooled into believing that forfeiture has been “dismantled” in Philadelphia.

      For years, the City of Brotherly Love has been in the national spotlight for its aggressive use of civil asset forfeiture — the police practice of seizing private property merely suspected of having a connection to a crime. For decades, the Philadelphia District Attorney’s Office has amplified its budget with millions of dollars each year from forfeiture.

      Analyses by investigative journalists and the ACLU of Pennsylvania showed that these forfeiture revenues came mostly from taking small amounts of cash —less than $200 at a time — as well as vehicles and houses from people who had not been convicted of any crime but live in heavily policed communities of color. Because civil forfeiture is not a criminal proceeding, property owners have no right to counsel, and most lose their property by default when they fail to formally respond to the government in court.

    • Greyhound Is Still Failing to Protect Customers from Border Patrol Abuse

      The company continues to be complicit in the Trump deportation force’s unconstitutional immigration enforcement on board its buses.

      In January 2018, Border Patrol agents boarded a Greyhound bus in Fort Lauderdale, Florida, and demanded identification from passengers. Videos of the encounter went viral — showing these agents, with “POLICE” emblazoned on their vests, escorting a woman of Caribbean descent in her 60s off the bus. In the background, someone filming says, “This is new?”

      Unfortunately, it wasn’t.

      Customs and Border Protection, which contains the Border Patrol, has a history of boarding buses and subjecting passengers to racial profiling in unjustified interrogations. Greyhound has always let it. After the incident, Greyhound released a statement saying that it was “required to cooperate with the relevant enforcement agencies if they ask to board our buses or enter stations.” Actually, as a private business, Greyhound has the Fourth Amendment right to deny CBP permission to board and search its buses without probable cause or a warrant.

      That’s why, six months ago, the ACLU wrote to Greyhound, urging the company to exercise its rights. Ten of our affiliates took a clear stand, echoed by tens of thousands of ACLU supporters: Greyhound should protect its customers from the racial profiling that characterizes Border Patrol interrogations and tell CBP that its agents need probable cause or a warrant to board a bus, protection that the Fourth Amendment guarantees.

    • Court Won’t Let FBI Dodge Lawsuit By Removing American Citizen From No-Fly List Shortly Shortly After Being Sued

      The FBI uses the “no fly” list as leverage. What should be used to keep threats to national security off airplanes is being used to turn people into informants. If someone travels to a country the US government views with suspicion, citizens and legal residents are often approached by FBI agents who use the threat of revoking flying privileges to obtain new info sources.

      DOJ policy expressly forbids this sort of behavior, but the FBI doesn’t care. It tells the CBP to keep an eye on travelers who visit or originate from certain countries, accost them in the airport, and subject them to invasive searches/interrogations with an eye on converting them to unofficial G-men.

      Earlier this year, the Second Circuit Appeals Court said federal agents could be sued for tossing three men on the “no fly” list for refusing to become informants. The Ninth Circuit Appeals Court is saying the same thing. There are procedural differences between the two cases, but in both, the plaintiffs have been allowed to move forward with their lawsuits.

  • Internet Policy/Net Neutrality
    • No, Next-Gen Wireless (5G) Won’t Magically Fix The Broken U.S. Broadband Market

      We’ve made it pretty clear by now that despite some promising gigabit fiber deployments, the U.S. broadband industry is actually getting less competitive than ever in countless markets nationwide. That’s occurring in part because telcos like Verizon have shifted their focus toward slinging video ads at Millennials (poorly), instead of upgrading antiquated DSL lines in countless states. As a result, the nation’s two dominant cable providers (Charter Spectrum, Comcast) are securing a growing monopoly over broadband, especially at faster speeds.

      The net result is less competition, but more of everything everybody dislikes about American broadband: mindless rate hikes, usage caps, net neutrality violations, terrible customer service, and an obvious, active disdain for the captive customers these companies “serve.”

      Of course there’s many (most notably the broadband industry) that try and argue these problems aren’t that big of a deal because fifth-generation (5G) wireless will soon arrive, basking the country in ubiquitous connectivity and broadband competition.

    • California’s Net Neutrality Bill Should Be Signed Into Law

      Millions of Californians are waiting for Gov. Jerry Brown to affirm their call for a free and open Internet.

      After Congress reversed the Federal Communication Commission’s 2015 Open Internet Order, states have had to step up to ensure that all traffic on the Internet is treated equally. Gov. Brown’s signature would make California the fourth state to pass a law offering net neutrality protections to its residents.

      While EFF applauds the states that have taken steps to provide net neutrality protections, we believe California’s is the strongest measure in the country. It goes beyond the basic protections laid out in Washington and Oregon to prevent blocking and interference to ensure that Internet service providers cannot circumvent net neutrality protections at any point in delivering service to consumers.

      The bill also goes further than other measures by prohibiting ISPs in California from using the practice of discriminatory zero-rating – that is, raising costs on competitive services or apps by exempting their own affiliated products or for companies that pay the Internet access provider for preferential treatment. It also does not allow ISPs to charge other companies for access to their customers, a ban that has been in place for decades.

    • Video streaming experience on smartphones very poor in India: OpenSignal

      A first-of-its-kind measurement in the mobile industry, OpenSignal’s video experience metric was derived from an International Telecommunication Union (ITU)-based approach for measuring video quality.

      For the analysis, OpenSignal examined 69 countries spread throughout the globe to see how they stacked up in video experience.

  • Intellectual Monopolies
    • The Design Patent Bar: An Occupational Licensing Failure

      Although any attorney can represent clients with complex property, tax, or administrative issues, only a certain class of attorneys can assist with obtaining and challenging patents before the U.S. Patent & Trademark Office (PTO). Only those who are members of the PTO’s patent bar can prosecute patents, and eligibility for the patent bar is only available to people with substantial scientific or engineering credentials. However much sense the eligibility rules make for utility patents—those based on novel scientific or technical inventions—they are completely irrational when applied to design patents—those based on ornamental or aesthetic industrial designs. Yet the PTO applies its eligibility rules to both kinds of patents. While chemical engineers can prosecute both utility patents and design patents (and in any field), industrial designers cannot even prosecute design patents. This Article applies contemporary research in the law and economics of occupational licensing to demonstrate how the PTO’s application of eligibility rules to design patents harms the patent system by increasing the costs of obtaining and challenging design patents. Moreover, we argue that the PTO’s rules produce a substantial disparate impact on women’s access to a lucrative part of the legal profession. By limiting design patent prosecution jobs to those with science and engineering credentials, the majority of whom are men, the PTO’s rules disadvantage women attorneys. We conclude by offering two proposals for addressing the harms caused by the current system.

    • Questioning Design Patent Bar Restrictions

      It never occurred to me to think about the qualifications required for prosecuting design patents. The observation that a different set of skills goes into such work is a good one; it makes no sense that a chemistry grad can prosecute design patents but an industrial design grad cannot. There are plenty of outstanding trademark lawyers who could probably do this work, despite not having a science or engineering degree.

      I like that this paper takes the issue beyond this simple observation (which could really be a blog post or op-ed), and applies some occupational licensing concepts to the issue. Furthermore, I like that the paper makes some testable assertions that can drive future scholarship, such as whether these rules have a disparate impact on women. I am skeptical about the negative impact on design patents, but I think that’s testable as well.

    • Trademarks
      • Monster Energy defeated in trademark battle with Toronto Raptors

        Monster Energy has lost a trademark registration opposition against the National Basketball Association (NBA) at the Intellectual Property Office of Singapore (IPOS).

        Monster Energy argued that the Toronto Raptors logo is too similar to its “claw device mark”, and consumers would likely confuse Monster’s three vertical slashes with the NBA Toronto Raptors’ circular logo of a basketball with three horizontal raptor claw marks out of it.

      • Monster Energy Loses Again, This Time To The NBA

        Longtime readers here at Techdirt will be familiar with Monster Energy’s trademark bullying ways, but even relative newcomers will have had the opportunity to witness what has become an impressive losing streak in trademark disputes. This comes with the bullying territory, where the quick trigger finger on the threat letters and oppositions means that many of them are going to be losers. Still, one would think the sheer volume of these cases would mean quite a bit of billable hours going to the legal team that certainly could be spent better elsewhere.

        But the losses keep coming. Monster Energy recently lost an opposition filed by the NBA for the Toronto Raptors team imagery in Singapore, of all places.

    • Copyrights
      • Platform Censorship: Lessons From the Copyright Wars

        There’s a lot of talk these days about “content moderation.” Policymakers, some public interest groups, and even some users are clamoring for intermediaries to do “more,” to make the Internet more “civil,” though there are wildly divergent views on what that “more” should be. Others vigorously oppose such moderation, arguing that encouraging the large platforms to assert and ever-greater role as Internet speech police will cause all kinds of collateral damage, particularly to already marginalized communities.

        Notably missing from most of these discussions is a sense of context. Fact is, there’s another arena where intermediaries have been policing online speech for decades: copyright. Since at least 1998, online intermediaries in the US and abroad have taken down or filtered out billions of websites and links, often based on nothing more than mere allegations of infringement. Part of this is due to Section 512 of the Digital Millennium Copyright Act (DMCA), which protects service providers from monetary liability based on the allegedly infringing activities of third parties if they “expeditiously” remove content that a rightsholder has identified as infringing. But the DMCA’s hair-trigger process did not satisfy many rightsholders, so large platforms, particularly Google, also adopted filtering mechanisms and other automated processes to take down content automatically, or prevent it from being uploaded in the first place.

        As the content moderation debates proceed, we at EFF are paying attention to what we learned from two decades of practical experience with this closely analogous form of “moderation.” Here are a few lessons that should inform any discussion of private censorship, whatever form it takes.

      • After UEFA’s Starball logo, also the EURO Trophy has been denied copyright registration
      • Don’t Make the Register of Copyrights into a Presidential Pawn

        If we’ve learned one thing from this year in American politics, it’s that presidential appointments can be a messy affair. Debates over appointees can become extremely polarized. It’s not surprising: it’s in the President’s best interests to choose a head of the Department of Justice or Education who will loyally carry out the administration’s agenda in those offices. But there’s one office that simply should not be politicized in that way: the Copyright Office.

        Unfortunately, some lawmakers are looking to turn the Register of Copyrights into a political appointee. The Register of Copyrights Selection and Accountability Act (H.R. 1695) passed the House of Representatives last year, and now, the Senate is looking to take the bill up. Under H.R. 1695, the Register of Copyrights would become a presidential appointee, just like the directors of Executive Branch departments. Naturally, the president would appoint a Register who shares their interpretation of copyright law and other policy stances, and the nomination could come with a highly partisan confirmation process in the Senate.

        The Copyright Office is at its best when it has no political agenda: it’s a huge mistake to turn the Office into another political bargaining chip. The Register of Copyrights has two important, apolitical jobs: registering copyrightable works and providing information on copyright law to the government. The Office serves officially as an advisor to Congress, much like the Congressional Research Service (both offices are part of the Library of Congress). It has never been the Register’s job to carry out the president’s agenda. That’s why the Copyright Office is situated in Congress, not in the Executive Branch.

      • Findings from the Discovery phase of CC usability

        In the next two sections, I provide background on the initiative and the process we used to conduct the research. If you’re short on time, you can skip all of it and go directly to the findings. You can also peruse this slide deck for a quick visual summary.

        I’m also pleased to announce that in order to further this work, I have stepped into a new role at CC. As the Director of Product and Research, I will lead the strategy, design, and implementation of CC’s product vision for CC Search and related products. Our work will be driven by a research-based approach, which you can learn more about below.

      • Led Zeppelin might launch a streaming service, trademark application suggests

        The news follows a cryptic tease from the band’s guitarist Jimmy Page last year that 2018 (the band’s 50th anniversary) would see the release of a “Led Zeppelin product” as well as “all manner of surprises.” Jason Bonham, son of the band’s original drummer John Bonham, has confirmed that the remaining members “have plans” for The Led Zeppelin Experience name after he was forced to change the name of his band (which was also called The Led Zeppelin Experience).

EPO Central Staff Committee: 30 Percent of Staff Are in Principle Targetable as ‘Challenging People’

Wednesday 26th of September 2018 04:03:25 PM

Actions speak louder than words

Summary: The Central Staff Committee (CSC) met Campinos more than a couple of months after he had started his job; the outcome is a mixed bag

THE EPO is in the process of staff cuts and many workers are worried. António Campinos very belatedly decided that he can actually face some staff representatives and there’s a new report about it — one that SUEPO links to. To quote:

Campinos and the CSC also discussed the HR policy ‘Challenging People’, which it said has “poisoned the working atmosphere at the office”.

“In our interpretation, about 30 percent of staff are in principle targetable as ‘Challenging People’”, the CSC said, “we reported that more and more colleagues asked us for advice, because they happened to fall into these example patterns and were suffering from doubtful procedures”.

“In practice, this translates into statutory and human rights (for example, the right to strike) being ignored and conduct actually compliant with the Service Regulations being interpreted as disloyalty when it displeases management.”

Campinos responded: “Staff should know what is expected from them and show engagement. In some special cases, managers might need to learn and improve the way they treat their staff, because nobody is perfect.”

“Professional incompetence should be dealt with according to a ‘recuperation plan 12’ and a clear procedure needs to be established.”

He added that the HR policy ‘Challenging People’ belonged to the history of the office, which could not be changed.

But Campinos “clarified that the support of the colleagues should now be key, not the stigmatisation of staff.”

This overlooks what he did at the start of this month and his history of controversial staff cuts.

French Media Confirms Alexandre Benalla Just One of Six Battistelli Bodyguards, Employed at the Cost of €8,000-€10,000 Per Month (for Benalla Alone!)

Wednesday 26th of September 2018 03:30:23 PM

Older: Victim Card Ends up in Another Blunder for Battistelli and His Six Bodyguards


Source: En pleine présidentielle, Benalla dégaine son arme pour un selfie

Summary: A recent article from the French media speaks of the arrangements made in secret by Battistelli, passing an outrageous amount of EPO budget to “a strong-arm Rambo type” (see selfie above)

THE EPO scandals presently surface in French media, which recalls these because of a newer scandal which implicates Macron and — by extension — Battistelli as well. We already wrote about it several times, including in:

  1. Alexandre Benalla, Macron’s Violent Bodyguard, Was Also Battistelli’s Bodyguard
  2. It Wasn’t Judges With Weapons in Their Office, It Was Benoît Battistelli Who Brought Firearms to the European Patent Office (EPO)
  3. Benoît Battistelli Refuses to Talk to the Media About Bringing Firearms to the EPO
  4. Guest Post on Ronan Le Gleut and Benalla at the French Senate (in Light of Battistelli’s Epic Abuses)
  5. The Man Whose Actions Could Potentially Land Team Battistelli in Jail

As we hoped and expected, SUEPO has finally produced a translation of this article. We expected a translation to surface after SUEPO had linked to it. Here is their English [PDF] and German [PDF] translation. As HTML:

Alexandre Benalla, bodyguard of the school of Benoît Battistelli

Published on:

Between two questions about his role at the Elysée, this Wednesday the senators brought up the issue with Alexandre Benalla about his time as a bodyguard to Benoît Battistelli, former President of the European Patent Office, a boss who came in for particular criticism for his heavy-handed treatment of the staff.

On Wednesday 19th, the senators quizzed Alexandre Benalla in particular about his professional background and his position as bodyguard to Benoît Battistelli, President of the European Patent Office from 2010 to 2018.

Alexandre Benalla said that he had “never spoken to Emmanuel Macron” or to his cabinet supremo Alexis Kohler, whom he considers as a “great servant of the State” who “had excellent results”. Benoît Battistelli, on the other hand, had an odious reputation, about which a number of senators needed no reminding.

The man in question, who can be proud of the figures which were achieved during his Presidency, has nevertheless been accused of seriously going off-course, seeking to bring down the staff unions by radical means: Preventing the staff organisations from using the premises or the communications resources of the Patent Office, instituting disciplinary procedures against staff representatives, and even
creating a rival union.

Added to these criticisms was the accusation of an authoritarian personality: “All he ever sees are people who he regards as incompetents and incapables, but you can’t be right all of the time and everybody else be wrong”, a union representative told Libération in 2016. A number of suicides which occurred after Benoît Battistelli was appointed have also been attributed to the hellish performance pressures and targets which the new management enforced in a highly competitive sector.

Reading between the lines, the senators seem to want to find out which “school” Alexandre Benalla went to, so as to come across as a strong-arm Rambo type, a “heavy”. Whatever the need for the President of the European Patent Office to have a bodyguard, he felt it strongly enough to engage six of them in the spring of 2016. Why? Someone cut the brakes of his bicycle in the Office car park.

Internally, at the EPO, this bicycle story is generally regarded as somewhat of a fairy tale, a tall tale, or “fake news” intended to help Battistelli justify the massive costs of his half dozen bodyguards. We wrote about the timing back then. It was about the budget. What still isn’t known, however, is what (if anything) António Campinos did about it and whether Bergot still has bodyguards (yes, plural).

Lots of UPC Noise/News This Week Over a Document Which Merely Weakens Commitment to the UPC

Wednesday 26th of September 2018 10:14:14 AM

Summary: Lost in the noise created by Team UPC this week is the simple fact that the British government now admits it’s willing to abandon all Unified Patent Court (UPC) Agreement (UPCA) plans

AS we noted earlier this week, the EPO no longer mentions the UPC; neither does IP Kat, which used to do so regularly. The latest emergence of this topic, however, was due to a paper on “no deal Brexit” — a subject explored by IP Kat‘s Rosie Burbidge yesterday, in blog posts titled “what does it mean for registered Community designs and trade marks“, “what does it mean for exhaustion of rights?” and what will happen to patents – particularly SPCs and the UPC?”

“As we know, the UPC depends on German ratification,” she wrote in that last part. “This may not happen before 29 March 2019 (or possibly, at all).”

This is not the sole barrier at all. The UPC(A) faces a lot more than one barrier, yet sites that made it their objective to promote (advocacy) UPC carry on with their usual spiel, trying to trivialise the severity of this. Patrick Wingrove, writing for the patent microcosm in the UK, wrote: “In-house and private practice lawyers discussed artificial intelligence, evolving business models, UK UPC compatibility and the proposed SPC waiver at the European Patent Forum in Munich” (“artificial intelligence” just means software patents in Europe and UPC is how they hope to make courts ‘swallow’ such bogus, abstract patents).

Watch what Kluwer (maybe Bristows) wrote around midnight (just an hour before) on Monday. It’s a blog post which says:

The UK Government issued guidance today on patent issues to allow businesses and citizens to understand what to do in a ‘no Brexit deal’ scenario.

The so-called Technical Notice includes information about the Unitary Patent and Unified Patent Court, and explains that it is unclear whether the UP system will start before the Brexit date of 29 March 2019, ’with the start date being dependent on ratification of the Unified Patent Court Agreement by Germany’.

SUEPO has linked to that since. There are no comments.

Well, maybe they missed the ‘memo’, but there’s no UPC for the UK to actually “exit” as the Unitary Patent is dead. Opposition to it has only grown (e.g. in Hungary and Poland).

Looking at other media sites around yesterday, here’s another example. This new article promotes the lie that “small businesses” are hurt the most; the same lies Team UPC fancies pushing…

There were more articles about it this week (e.g. [1, 2]), but virtually all of these were composed by law firms rather than actual journalists. It’s just marketing; self-promotional ‘analyses’…

Graham Burnett-Hall and Tom Taylor of Marks & Clerk (Team UPC) spoke of the challenge in Germany as follows:

The Unified Patent Court (UPC) is not yet established and is dependent on ratification of the Unified Patent Court Agreement by Germany (which itself is dependent on the outcome of an ongoing constitutional challenge). It is currently unknown whether the UPC will be operational before Brexit day, i.e. 29 March 2019. Even in a ‘no deal’ situation, the UK is committed to exploring whether it will be possible to participate in the UPC and unitary patent system. It is worth noting that the UK ratified the Unified Patent Court Agreement in April of this year, i.e. after having started with EU withdrawal process, which indicates that continued participation in the UPC is considered by the UK government to be politically acceptable, notwithstanding the fact that the UPC is required to apply relevant EU law in its decisions. If the UK is prevented from being involved with the UPC and unitary patent then patent protection and enforcement in the UK will continue just as it does now.

Well, the UPC is in very bad shape. UPCA is DOA by now. World Intellectual Property Review thought of no better way to cover this than to say “Lawyers concerned by no-deal Brexit guidance on IP exhaustion” (that’s the headline: “Lawyers concerned”; because who cares about what actual people and companies that really create something feel or think).

The UPC does not exist, for obvious reasons, and it will never materialise anyway, so headlines like this one also do don’t help. But the summary is clear however: “New guidance from UK government shows a change of heart on unified patent court under a ‘no-deal’ scenario.”

Yes, the government now openly admits that it might altogether abandon the UPC. And that’s the real news. This whole thing is actually a blow to Team UPC.

Director Iancu and President Campinos Both Serve the Litigation ‘Industry’ Instead of Science and Technology

Wednesday 26th of September 2018 09:16:23 AM

Campinos at WIPO, whose abuses resemble the EPO's

Summary: When some of the world’s largest patent offices only listen to the new ‘industry’ (created only by virtue of these offices themselves) there’s danger that patents will be granted for the sake of there being more patents and lawsuits rather than for advancement of the sciences

ONCE UPON a time the patent system was conceived/established to (or so we’re told) protect scientists; this predates modern technology where advancements are no longer limited to chemistry and machinery. The USPTO was founded on this principle and EPO is a much more recent construct.

“…it is a major problem that Iancu only ever hangs out with patent zealots like himself, never with actual scientists, which really says a lot.”We have repeatedly expressed concerns about patent policy in the US and in Europe; it’s unfit for purpose if the people who run the system lose sight of the original goals. Days ago the Director of the USPTO spoke at the Intellectual Property Owners Association Annual Meeting, which is a patent maximalists’ hornets’ nest. The EPO was there too (it tweeted a picture from the event yesterday, referring to it as “2018 IPO Annual Meeting”). As we explained yesterday, Director Iancu has a history of advocacy for software patents (on the record). He’s a menace to a USPTO that actually cares about innovation but a blessing to a USPTO as a “litigation factory”. Watchtroll and Kevin Noonan wrote about it some time before last night; they’re clinging onto what their ‘mole’ Iancu intends to do to water down SCOTUS rulings and piles of caselaw, e.g. Federal Circuit on 35 U.S.C. § 101. Their two articles are titled, respectively, “Director Iancu Produces Glimmer of Patent Eligibility Hope” and “What is Director Iancu Proposing the USPTO do for §101 Analysis?” [1, 2]

As we said yesterday, it is a major problem that Iancu only ever hangs out with patent zealots like himself, never with actual scientists, which really says a lot. He barely gets exposed to what ought to have been his primary if not sole stakeholder. Yesterday we learned that “USPTO director Iancu to give speech at IPAS conference,” i.e. another hornets’ nest of the patent maximalists. They keep pressuring him to do what they want. He came from their occupation, so it’s not hard to imagine him just ignoring science and technology in favour of lawyers. The same has happened at the EPO, which is currently run by a banker, chosen by a fellow French politician to succeed him.

As Benjamin Henrion noted yesterday, “US patent office Iancu omits software from the list of unpatentable abstract things, he aims to grant them again https://www.uspto.gov/about-us/news-updates/remarks-director-iancu-intellectual-property-owners-46th-annual-meeting … [] Iancu ( @uspto ) said “as long as the integration is into a practical application, then the 101 analysis is concluded.” That’s the opposite of what the Court has held. https://www.patentprogress.org/2018/09/24/getting-the-future-backwards-iancus-101-comments-at-ipo/ …”

Well, “lawyers are liars,” I told him. “Their job is to manipulate judges and subvert justice. Iancu is a lawyer, so…”

And speaking of the law, Henrion said that “EPO can ignore anti-swpat jurisprudence from France, because the EPO does not follow the rule of law, so they do pretty much whatever they want https://writtendescription.blogspot.com/2018/09/uspto-director-iancu-proposes-revised.html …” (citing an article about Iancu and 35 U.S.C. § 101).

“Being above the law in one thing,” I responded. “The EPO goes further; it actually engages in corruption and commits crimes, hence actively exploiting this immunity…”

Looking at the latest tweets from the EPO, we see no reason for solace. Yesterday it wrote: “AI provides an opportunity for more collaborative innovation and more thoughtful patent protection strategies. That’s one conclusion from our recent conference on patenting #artificialintelligence: http://bit.ly/AIpatents pic.twitter.com/niVbMyxVu0″

“AI” is just a buzzword the EPO misuses to grant software patents in Europe — a subject that IP Watch wrote about several times before (the EPO’s insistence on patenting of algorithms).

Sadly, however, IP Watch seems to be getting close to Team Battistelli. Yesterday it published this tweet (later retweeted by the EPO) to say: “Antonio Campinos, president of the European Patent Office @EPOorg , at the WIPO General Assemblies tonight, with @ipwatch Director William New pic.twitter.com/UYiyblg1q2″

So we don’t suppose IP Watch intends to criticise the EPO (or Campinos) for the abuses as much as before. It has barely done so since Campinos took Office. It always helps the EPO when it makes contacts with the otherwise-inquisitive press. Sometimes the EPO even pays this press.

Meanwhile, the EPO is also associating with patent extremists (Watchtroll in this case), but then again, it has done worse, like letting armed thugs (‘bodyguards’) of Battistelli run amok inside the Office. Roberta Romano-Götsch did this in the above context (IPO).

Perhaps most noteworthy, however, was this tweet about the EPO’s latest news item (warning: epo.org link). It’s about China. It contains group photo op and one of António Campinos, astoundingly similar to the one Battistelli took when he brought it to his other employer, where he later 'laundered' EPO money for him to net. Suffice to say, the corrupt EPO cannot lecture China on human rights or lecture SIPO (now known as CNIP) on patent quality. Here is what the EPO wrote:

The EPO and the China National Intellectual Property Administration (CNIPA, formerly SIPO) have agreed on a co-operation programme for next year as part of their long-term strategic partnership on strengthening the patent system. The 2019 co-operation work plan was signed by EPO President António Campinos and CNIPA Commissioner Shen Changyu on Friday at their annual heads of office meeting in Munich.

[...]

Following a reform of China’s IP agencies, SIPO was recently renamed CNIPA, and in addition to patents, utility models and designs, the office now also processes applications for trade marks and geographical indications.

“Following a reform of China’s IP agencies, SIPO was recently renamed CNIP,” the EPO explains. Not because SIPO became a laughing stock like the EPO for all sorts of reasons? Also, why is the EPO logo white now? Rebrand? Perhaps being careful not to associate too closely with China’s all-red flag?

All in all, seeing the world’s most lenient (by some standards, e.g. permitting software patents) together with the EPO in this fashion inspires not much confidence. It does, however, say a lot about what EPO leadership has become.

Links 25/9/2018: Mesa 18.1.9, New Fedora Beta, and Oracle Solaris 11.4 SRU1

Tuesday 25th of September 2018 07:33:43 PM

Contents GNU/Linux Free Software/Open Source
  • Gnanavelkandan Kathirvel, Director Member Technical Staff, AT&T, Board of Directors at OpenStack, TSC Chair of Akraino Edge Stack [Ed: IDG has been reduced to "sponsored" (fake, ads) 'articles'.]
  • Deutsche Telekom and Aricent to Open-Source Edge Software Platform for 5G
  • KITE conducts training on free and open source software applications

    In continuance with the Public Education Rejuvenation Mission of Kerala Government, a two-day sub-district wise training camp on Free and Open Source Software (FOSS) applications for the Little KITE members would be conducted by KITE (Kerala Infrastructure and Technology for Education).

    As part of the PERM initiative,the Little KITE clubs currently include 58,380 student members from 1901 schools and it would be the 14,000 students out of these who excelled in school level trainings, who have been included for the 2-day camp.
    Training centers have been arranged in each of the 163 sub districts for the 2-day camp, which would only make use of Free and Open Source Software.

  • Does Open Source Resolve the Storage Dilemma?

    Today’s business IT landscape has grown and exceeded beyond the highest estimates, and storage growth is no exception. People and machines are consuming unstructured data more than ever, and businesses have to continually reinforce their storage capabilities to keep up with the challenges of storing large volumes of business data.

    For CIOs, storage systems that can provide greater flexibility and choice, as well as the capability to identify unstructured data better to categorize, utilize and automate the management of it throughout its lifecycle are seen as the ideal solution.

    One answer to solving the storage issue is software-defined storage (SDS) which separates the physical storage hardware (data plane) from the data storage management logic or ‘intelligence’ (control plane). Needing no proprietary hardware components, SDS is the perfect cost-effective solution for enterprises as IT can use off-the-shelf, low-cost commodity hardware which is robust and flexible.

  • French cybersecurity agency open sources security hardened CLIP OS

    After developing it internally for over 10 years, the National Cybersecurity Agency of France (ANSSI) has decided to open source CLIP OS, a Linux-based operating system developed “to meet the specific needs of the [French] administration,” and is asking outside coders to contribute to its development.

  • Knowledge Sharing in Software Projects

    We are extremely grateful to those who filled out the survey. We feel that our research can help create better environments at work, where team members can share knowledge and innovate.

    Purpose of the Study
    Our research is focused on knowledge sharing in ambiguous circumstances. Six Sigma is a method of quality control that should reduce ambiguity, given its structured approach. We ask whether the reduction in ambiguity is coupled with a reduction in knowledge sharing as well.

  • Editor’s Corner—Open source is not ‘one size fits all’ [Ed: But that's a plus, not a minus. With proprietary software it's one unsuitable thing for everything; doesn't scale.]

    Open source communities are no doubt playing a key role in moving the telecommunications industry forward, but not everyone is on board the bandwagon.

    Over the past five months or so, we’ve spent a fair amount of time writing about open source groups and standards development organizations (SDOs) such as the Linux Foundation, MEF, Open Networking Foundation, OpenDaylight, the TM Forum and ETSI, and there’s clearly more cooperation afoot for the good of the industry.

    But artificial intelligence startup B.Yond’s chief marketing officer, Rikard Kjellberg, said his company has to be careful when it comes to choosing which open source community to commit its resources to. Kjellberg spoke to FierceTelecom on the heels of the AT&T Spark conference earlier this month.

  • Collabora Had Another Stellar Year For Open-Source Consulting

    The Collabora open-source consulting firm whose expertise spans from the Linux kernel to LibreOffice and X.Org had another successful year. The UK-based company last week reported their 2017 financial position last week providing a glimpse at the viability of open-source / free software consulting.

  • Daniel Stenberg: The Polhem prize, one year later

    Family and friends have gotten a rudimentary level of understanding of what curl is and what it does. I’m not suggesting they fully grasp it or know what an “internet protocol” is now, but at least a lot of people understand that it works with “internet transfers”. It’s not like people were totally uninterested before, but when I was given this prize – by a jury of engineers no less – that says this is a significant invention and accomplishment with a value that “can not be overestimated”, it made them more interested. The little video that was produced helped:

  • Open Source Voice Assistant, Mycroft AI, Named Top Deal By KingsCrowd
  • Service providers increasingly adopt open source for their networks

    Communications service providers (CSPs) are increasingly keen to adopt open source technologies to deliver their services, according to research.

    At this week’s Open Networking Summit Europe in Amsterdam, delegates heard that DevOps, automation, cloud, big data and analytics, software-defined networking (SDN), and management and orchestration (MANO) were increasingly being supported by open source solutions.

    Commissioned research questioned 150 CSP representatives across 98 companies worldwide. It found that 98% of CSPs are “confident” that open networking solutions can achieve the same level of performance as traditional networking solutions.

  • Communications Service Providers Overwhelmingly Confident in Open Source Networking Solutions, Survey Finds
  • Events
    • Five Talend Open Source Team Members to Speak at ApacheCon North America
    • XDC 2018 Kicks Off Tomorrow In A Coruña

      Tomorrow marks the start of the annual X.Org Developers’ Conference that is not only about the X11 server but also Mesa, Wayland, Linux input, and other areas of the desktop stack.

      It’s set to be another interesting XDC with talks about Vulkan in Mesa, multi-GPU device selection in OpenGL, Virtual KMS, DRM GPU scheduler, continuous integration, the new Intel Iris Gallium3D driver, the state of ARB_gl_spirv for Mesa, OpenCL support via NIR/SPIR-V. HMM, and more.

  • Web Browsers
    • Chrome
      • Why I’m done with Chrome

        When Google launched Chrome ten years ago, it seemed like one of those rare cases where everyone wins. In 2008, the browser market was dominated by Microsoft, a company with an ugly history of using browser dominance to crush their competitors. Worse, Microsoft was making noises about getting into the search business. This posed an existential threat to Google’s internet properties.

        In this setting, Chrome was a beautiful solution. Even if the browser never produced a scrap of revenue for Google, it served its purpose just by keeping the Internet open to Google’s other products. As a benefit, the Internet community would receive a terrific open source browser with the best development team money could buy. This might be kind of sad for Mozilla (who have paid a high price due to Chrome) but overall it would be a good thing for Internet standards.

      • Google secretly logs users into Chrome whenever they log into a Google site

        This system, Sync, allows users to log in with their Google accounts inside Chrome and optionally upload and synchronize local browser data (history, passwords, bookmarks, and other) to Google’s servers.

        Sync has been present in Chrome for years, but until now, the system worked independently from the logged-in state of Google accounts. This allowed users to surf the web while logged into a Google account but not upload any Chrome browsing data to Google’s servers, data that may be tied to their accounts.

      • Here’s How Chrome’s New Auto-Login Puts Your Privacy At Massive Risk

        Google brought in a bunch of new features in the new Chrome 69 version. While many of them were much appreciated, some didn’t go well with the users. Apparently, there is another less advertised tweak that people are not happy about.

      • A Seemingly Small Change to Chrome Stirs Big Controversy
      • Chrome 69 secretly logs you in to Chrome Sync when you visit a Google site

        A number of reports have highlighted that Chrome 69 – the one that made your tabs all curvy – is automatically logging people in as soon as they hit a Google-owned site. In other words, if you use Google, Gmail, YouTube, Google Docs, Google Maps and are logged in, then Chrome will also follow suit.

      • Now Chrome Doesn’t Delete “Google Cookies” Even If You Clear All Cookies

        Yet another privacy concern for Google Chrome users! Previously, we talked about Google’s auto-login mechanism which is hijacking our local Google Chrome data. Now, another Chrome 69 setting has come to light which is risking our freedom to remove data.

    • Mozilla
      • R.I.P., Charles W. Moore, a fine man who liked fine Macs

        A farewell and au revoir to a great gentleman in making the most of your old Mac, Charles W. Moore, who passed away at his home in rural Canada on September 16 after a long illness. Mr Moore was an early fan of TenFourFox, even back in the old bad Firefox 4 beta days, and he really made his famous Pismo PowerBook G3 systems work hard for it.

      • Consent management at Mozfest 2018

        Good news. It looks like we’re having a consent management mini-conference as part of Mozfest next month. (I’m one of the organizers for the Global Consent Manager session, and plan to attend the others.)

      • Introducing Firefox Monitor, Helping People Take Control After a Data Breach

        Data breaches, when information like your username and password are stolen from a website you use, are an unfortunate part of life on the internet today. It can be hard to keep track of when your information has been stolen, so we’re going to help by launching Firefox Monitor, a free service that notifies people when they’ve been part of a data breach. After testing this summer, the results and positive attention gave us the confidence we needed to know this was a feature we wanted to give to all of our users.

      • Firefox Monitor, take control of your data

        That sinking feeling. You’re reading the news and you learn about a data breach. Hackers have stolen names, addresses, passwords, survey responses from a service that you use. It seems like we’re having that sinking feeling more and more. But we don’t have to despair. While technology will never be impervious to attacks, we can make sure that we’re able to respond when we learn that our personal data and passwords are part of a breach.

      • Firefox Quantum, Beta and Nightly Affected by ‘Reap Firefox’ Crash Attack

        A particular vulnerability in the present Firefox browser has been unraveled by the security researcher and basically the creater of this bug, Sabri Haddouche in his blog post. He pointed towards a bug which brings the browser and also the operating system possibly with a ‘Reap Firefox’ attack crash. This vulnerability affects Firefox versions working under Linux, macOS and Windows.

      • $1.6 Million to Connect Unconnected Americans: Our NSF-WINS Grand Prize Winners

        After months of prototyping and judging, Mozilla and the National Science Foundation are fueling the best and brightest ideas for bringing more Americans online

        Today, Mozilla and the National Science Foundation (NSF) are announcing the grand prize winners in our Wireless Innovation for a Networked Society (NSF-WINS) Challenges — an audacious competition to connect millions of unconnected Americans.

        The grand prize winners are as novel as they are promising: An 80-foot tower in rural Appalachia that beams broadband connectivity to residents. And, an autonomous network that fits in two suitcases — and can be deployed after earthquakes and hurricanes.

      • Firefox collects data on you through hidden add-ons

        Mozilla, the organisation that produces the Firefox browser and makes a loud noise about its open source credentials, is quietly collecting telemetry data on its users by the use of hidden add-ons, even though publicly visible telemetry controls are not selected.

      • WLinux Distro for Windows Subsystem for Linux Now Available, openSUSE Call for Hosts, New Firefox Bug, Firefox Collecting Telemetry Data and Creative Commons Releases Significant CC Search Update

        In other Firefox news, the browser evidently is collecting telemetry data via hidden add-ons, ITWire reports. The ITWire post also quotes Mozilla’s Marshall Eriwn, director of Trust and Security: “…we will measure Telemetry Coverage, which is the percentage of all Firefox users who report telemetry. The Telemetry Coverage measurement will sample a portion of all Firefox clients and report whether telemetry is enabled. This measurement will not include a client identifier and will not be associated with our standard telemetry.”

  • Oracle/Java/LibreOffice
    • LibreOffice: A history of document freedom

      My reminiscing led me to reach out to the Document Foundation, which governs LibreOffice, to learn more about the history of this open source productivity software.

      The Document Foundation’s team told me that “StarWriter, the ancestor of the LibreOffice suite, was developed as proprietary software by Marco Börries, a German student, to write his high school final thesis.” He formed a company called Star Division to develop the software.

      In 1999, Sun Microsystems bought Star Division for $73.5 million, changed the software’s name to OpenOffice.org, and released the code as open source. Anyone could download the office suite at no charge for personal use. The Document Foundation told me, “For almost 10 years, the software was developed under Sun stewardship, from version 1.0 to version 3.2. It started with a dual license—LGPL and the proprietary SISSL (Sun Industry Standard Software License)—but it evolved to pure LGPL from version 2.0.”

    • Announcing Oracle Solaris 11.4 SRU1

      Today we’re releasing the first SRU for Oracle Solaris 11.4! This is the next installment in our ongoing support train for Oracle Solaris 11 and there will be no further Oracle Solairs 11.3 SRUs delivered to the support repository. Due to the timing of our releases and some fixes being in Oracle Solaris 11.3 SRU35 but not in 11.4, not all customers on Oracle Solaris 11.3 SRU35 were able to update to Oracle Solaris 11.4 when it was released. SRU1 includes all these fixes and customers can now update to Oracle Solaris 11.4 SRU1 via ‘pkg update’ from the support repository or by downloading the SRU from My Oracle Support Doc ID 2433412.1.

    • Oracle Solaris 11.4 SRU1 Released

      It’s been just under one month since Oracle’s long-awaited debut of Solaris 11.4 and now its first stable release update has been issued.

      Solaris 11.4 SRU1 is mainly intended to fix some early bugs and those that didn’t make the cut for getting in the initial 11.4 release. One new feature is support for “Memory Reservation Pools for Kernel Zones” to help systems with high levels of memory contention or fragmented memory by allowing memory to be reserved ahead of time.

  • Pseudo-Open Source (Openwashing)
  • Funding
    • ‘Netflix for Open Source’ Wants Developers to Get Paid

      Henry Zhu makes software that’s crucial to websites you use every day, even if you’ve never heard of him or his software.

      Zhu manages a program called Babel, which translates code written in one version of the programming language JavaScript into code written for another version of the language. That might not sound like a big deal. But because not all browsers support the latest version of JavaScript, Babel lets programmers use JavaScript’s latest features without worrying about which browsers will run the code. It’s useful enough that it’s been adopted by companies like Facebook, Netflix, and Salesforce.

    • This “Netflix For Open Source” Startup Helps Programmers Get Paid

      Open source developers, especially those who work on lesser known projects, do not get much attention or money for the work they do. While some developers are paid to work on open source projects as a part of their day jobs, they can get overwhelmed by the amount of work these projects require.

  • FSF/FSFE/GNU/SFLC
    • Learn the 37 most frequently used shortcuts in GIMP

      GIMP is a fantastic artist’s tool for editing digital images, especially with the bevy of impressive features in the recent release of version 2.10. Of course, like all creative applications, you can get working more quickly if you can make yourself familiar with the various keyboard shortcuts and hotkeys available. GIMP, of course, gives you the ability to customize these shortcuts to match what you’re personally comfortable with. However, the default shortcuts that GIMP ships with are impressive and generally easy to get used to.

      This cheat sheet is not an exhaustive list of all of the defaults GIMP has available. Instead, it covers the most frequently used shortcuts so you can get to work as fast as possible. Plus, there should be a few in here that make you aware of a few features that maybe you weren’t aware of.

  • Programming/Development
    • Why Linux users should try Rust

      Rust is a fairly young and modern programming language with a lot of features that make it incredibly flexible and very secure. It’s also becoming quite popular, having won first place for the “most loved programming language” in the Stack Overflow Developer Survey three years in a row — 2016, 2017, and 2018.

      Rust is also an open-source language with a suite of special features that allow it to be adapted to many different programming projects. It grew out of what was a personal project of a Mozilla employee back in 2006, was picked up as a special project by Mozilla a few years later (2009), and then announced for public use in 2010.

    • Perl for the Web: Mojolicious 8.0 Released

      Far gone are the days when you wrote Perl for the web in just CGI. Dancer, Catalyst and Mojolicious are the modern ways of going about it, with Mojo’s version 8.0, code-named “Supervillain”, being released just last week.

      Each framework has its own distinct advantages, with Dancer being considered the most lightweight and with the lowest entry barrier; and Catalyst being considered the most heavyweight and with a steep learning curve. Mojo floats somewhere in the middle, its own strongest point being its claim to be a “Real time Web framework” due to its Websockets and non-blocking/async capabilities provided out of the box. With that said, let’s discover what Mojo’s newest version has to offer.

    • Portable Computing Language 1.2 Released For OpenCL On CPUs & More

      The Portable Computing Language (a.k.a. POCL or PortableCL) is the effort for getting OpenCL running on CPUs as well as other hardware for this open-source code-base that supports OpenCL 1.2 with some OpenCL 2.0+ functionality.

      The main “feature” of POCL 1.2 is support for LLVM Clang 7.0 as previously the support was limited to LLVM 6.0, but now this new version of LLVM is supported. The HWLOC 2.0 library is also now supported. There are also some minor feature additions like device-side printf being supported.

    • Robert O’Callahan: More Realistic Goals For C++ Lifetimes 1.0

      Over two years ago I wrote about the C++ Lifetimes proposal and some of my concerns about it. Just recently, version 1.0 was released with a blog post by Herb Sutter.

      Comparing the two versions shows many important changes. The new version is much clearer and more worked-out, but there are also significant material changes. In particular the goal has changed dramatically.

Leftovers
  • Science
    • Google at 20: how two ‘obnoxious’ students changed the [I]nternet

      In 1996 they began experimenting with the Stanford homepage and soon came up with the PageRank algorithm – a ranking system which would prove to be Page and Brin’s breakthrough idea.

      The algorithm was devised to give more weight to links that came from more authoritative pages – the more backlinks a site had, the more likely it was to be a good source, similar to an academic paper. That allowed Page and Brin to rank search results not only by keyword frequency but by authority. And because the system analysed links, the more the web grew the better Backrub got.

      In August 1996, Backrub became Google, a play on the term googol, meaning the large number 10 to the power of 100. The first version appeared on the Stanford site, run from cobbled-together bits of computers scavenged by Page and Brin. The system demanded so much bandwidth it would regularly take down the whole of Stanford’s internet connection, but it succeeded in letting users search all 24m pages it had stored in its database.

  • Health/Nutrition
    • Brazil Signs Deal With Medicines Patent Pool To Share Patent Information

      Brazil yesterday signed an agreement with the Medicines Patent Pool (MPP), through which the country will share patent information with the MPP. The Brazilian IP office joins several others in an effort to regular update of the MPP’s database on patent information. Separately, high-level representatives of Latin American and Iberian countries met on the side of the annual World Intellectual Property Organization General Assemblies taking place this week.

    • The most dangerous drug of addiction

      A few weeks ago I left the house and while driving realised I had forgotten my smartphone. It was not a good feeling – I felt disadvantaged and disconnected. Yet as a younger man I happily travelled around the world with just my wristwatch and a backpack. What has happened to us since those days?

    • In Sickness and In Health: Comparing Patent Protection for Pharmaceuticals and Dietary Supplements [Ed: Patent maximlists' view]
    • Big Pharma Collects Most Canadian Cannabis Patents [Ed: Patents for billionaires, to help them guard their territory by setting up litigious threats, to scare emerging competition like pot]

      Seven of Canada’s top 10 cannabis patent holders are major multi-national pharmaceutical companies, according to a joint research project between Washington D.C. based New Frontier Data, the global authority in data, analytics, and business intelligence for the cannabis industry, and London based cannabis bio-technology firm, Grow Biotech .

      “Big Pharma’s inevitable entrance into the Cannabis space has arrived. The top nine medical conditions for which Cannabis can be used as an alternative treatment could cannibalize as much as $20 billion in U.S. pharmaceutical sales in the next two years. As more medicinal applications for the plant are discovered, and more physicians and patients integrate cannabis into treatment regimes, the potential impact of cannabis on healthcare will continue to grow for years to come,” said New Frontier Data Founder & CEO Giadha Aguirre de Carcer.

    • [Old] Why pharmaceuticals could be the prescription for trade warfare that truly hurts America

      What began as a trade skirmish over Donald Trump’s imposition of a 10-per-cent tariff on Canadian steel and aluminum is now clearly a trade war. The miasma is only just lifting from the G7 summit in Charlevoix, Que., in which a Justin Trudeau press conference over a spiked communiqué sparked a Trump tantrum.

      But the war’s final battle will not be the tariff that our government has already imposed in retaliation on American pizza, whisky, mattresses, coffee, et cetera—in fact, our tit-for-tat tariffs have only caused the White House to double down and promise even more tariffs against Canada soon. That means that Canada’s symmetrical retaliation is not working—and if we do not rethink our strategy now, we could soon be inside a tornado-like spiral of escalating tariffs, causing rising prices, sinking economies, and growing joblessness on both sides of the border.

    • Canadian Officials are Mulling an Attack on U.S. Pharma, Says Ottawa Lawyer
  • Security
    • Security Flaw Found In Microsoft JET Database Engine by ZDE – Patch Expected In Windows October Update

      Zero Day Initiative or ZDI, a division of the Japanese multinational cyber security and defense company recently found a serious security flaw in Microsoft’s JET Database Engine which is inculcated and used in various different Microsoft products.

      ZDI reported that this vulnerability will allow potential attackers to execute an arbitrary code in Microsoft’s JET Database Engine, which is an underlying component of a database, a collection of information stored on a computer in a systematic way, this acts as the groundwork for many of Microsoft’s product, including the most widely used Microsoft Office. ZDI stated this to be an “out-of-bounds (OOB)” write in the JET, “An attacker could leverage this vulnerability to execute code under the context of the current process, however it does require user interaction since the target would need to open a malicious file,” ZDI further added in their report.

    • The Librem Key Makes Tamper Detection Easy

      From the beginning we have had big plans for the Librem Key. When we first announced our partnership with Nitrokey to produce the Librem Key all we could talk about publicly was the standard USB security token features it would have and some of the integration possibilities between the Librem laptop and Librem Key that would make security easier for the average person. What we couldn’t say at the time was that we were also working toward making the Librem Key do something that doesn’t exist anywhere else–integrate it with the tamper-evident Heads BIOS to make it incredibly easy to tell whether your BIOS has been tampered with. In this post I’m going to talk about why we wanted to add this feature, some of the work that went into it, and dive into some of the technologies that are working behind the scenes to help you understand how it works.

    • YubiKey 5 Series Brings FIDO2 Support, NFC Capability

      While last week Purism entered into the hardware security space with the Librem Key as a USB-based smart card, industry veteran Yubico today announced their YubiKey 5 Series.

      The YubiKey 5 Series is the industry’s first multi-protocol security keys with support for FIDO2, the new open authentication standard for passwordless logins. Among the other supported protocols are OpenPGP, FIDO U2F, OATH-HOTP, and others. In addition to USB-C and USB-A interfaces, YubiKey 5 also has near-field communication (NFC) support.

    • YubiKey 5 Series Launched, Google Chrome’s Recent Questionable Privacy Practice, PlayOnLinux Alpha Version 5 Released, Android Turns Ten, and Fedora 29 Atomic and Cloud Test Day

      Yubico announced the launch of the YubiKey 5 series this morning, which are the first multi-protocol security keys to support FIDO2/WebAuthn and allow you to replace “weak password-based authentication with strong hardware-based authentication”. You can purchase them here for $45.

    • Yubico Launches YubiKey 5 Series, the Industry’s First Multi-Protocol Security Keys Supporting FIDO2

      Yubico, the leading provider of hardware authentication security keys, today announced the launch of the YubiKey 5 Series, the industry’s first multi-protocol security keys supporting FIDO2/WebAuthn. With this new addition, the YubiKey 5 Series has the capability to replace weak password-based authentication with strong hardware-based authentication.

    • Recently in Geoclue

      Since people’s location is a very sensitive piece of information, security of this information had been the core part of Geoclue2 design. The idea was (and still is) to only allow apps access to user’s location with their explicit permission (that they could easily revoke later). When Geoclue2 was designed and then developed, we didn’t have Flatpak. Surely, people were talking about the need for something like Flatpak but even with those ideas, it wasn’t clear how location access will be handled.

      Hence we decided for geoclue to handle this itself, through an external app authorizing agent and implemented such an agent in GNOME Shell. Since there is no reliable way to identify an app on Linux, there were mixed reactions to this approach. While some thought it’s good to have something rather than nothing, others thought it’s better to wait for the time when we’ve the infrastructure that allows us to reliably identify apps.

    • macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
    • macOS Mojave Has A Security Flaw That Lets Hackers Access Your Contacts [Ed: Apple already gives all your contacts to the US government (NSA PRISM and beyond); now it'll give these to anyone...]

      A security flaw has been unearthed in macOS Mojave, Apple’s latest desktop OS update, by a well-known security researcher Patrick Wardle.

      As reported by Bleeping Computer, Wardle has discovered a bypass flaw in macOS Mojave using which hackers can gain access to contacts data from the address book with the help of an app that does not have the required permissions.

  • Defence/Aggression
    • UK gov plans cyber warfare unit to tackle threat posed by Russia, North Korea and Iran

      The ‘force’ would have around 2,000 operatives drawn from GCHQ and the armed forces. However, the establishment of the organisation has been held up by internal political wrangling over funding, and which part of government will have ultimate command of the unit.

    • Importing Jihadi Terror to the UK – Cui Bono?

      If Osama Bin Laden was not sufficient warning that decades of money, arms and other support from the Western security services does not render a jihadi a friend of the West, then the Manchester bomber, Salman Abedi, should have opened British eyes forever to the danger. In collaboration with MI5, Abedi had been fighting in the ongoing proxy war for Western oil interests in Libya, before being rescued by the Royal Navy. Back home in Manchester, he carried out an attack of appalling violence against a primarily young and female target group.

      So it would be very foolish indeed to rely on the fact that the jihadi logistic support and propaganda group the White Helmets is largely British government funded, to expect its members who are now, like Abedi, being brought into the UK, to behave as quiet citizens. The links of the White Helmets to Al-Nusra and Al-Shams and other jihadi groups are deep – they chose to be evacuated to Idlib together from numerous sites. The reason there is no substantial corpus of independently filmed evidence of the White Helmets’ work is that they co-operate with people who would chop off western journalists’ heads on sight. In many well-attested cases, they are the same people.

      In ending all funding to the White Helmets, the Dutch government did not wish to be confrontational towards the other neo-conservative governments who are funding and exploiting the propaganda from the White Helmets. Their report was therefore diplomatically phrased. Funding for the White Helmets may have “inadvertently” fallen into the hands of armed extremists, while unacceptable contact between the White Helmets and extreme jihadists was “inevitable” in the ares they operated.

    • Q&A: George Selley’s A Study of Assassination

      Taking its title from a 1950s CIA manual on killing, the young LCC MA graduate’s project reveals the surreal clash of leaked CIA documents, government propaganda, and bananas

      In 1997, a document titled A Study of Assassination was released by the CIA as part of the Freedom of Information Act. It is believed to have been created in 1953 with the purpose of instructing agents on how to kill, and was released with a collection of files relating to the 1954 CIA-backed overthrow of the-then newly-elected leader of Guatemala, Colonel Jacobo Arbenz Guzman. The operation in Guatemala was lobbied for by United Fruit Company, an American corporation that traded in tropical fruit, mainly bananas, and which wielded huge power in Central America at the time.

      When he found out about these documents, George Selley was instantly captivated, and his new project, A Study of Assassination, combines pages from the manual with archival press images, banana advertisements, and Cold War propaganda. BJP caught up with the recent London College of Communication MA graduate to find out more about this project and his approach to images.

  • Transparency/Investigative Reporting
    • Guardian Working for UK Intel Services? ‘MI6 Tool’ Publishes ‘Black Propaganda’

      On September 21, The Guardian ran an absolutely sensational exclusive, based on disclosures made by “multiple” anonymous sources to Luke Harding, one of the paper’s leading journalists – in 2017, Russian diplomats allegedly held secret talks in London with associates of Assange, in an attempt to assist in the Wikileaks founder’s escape from the UK.

      The dastardly conspiracy would’ve entailed Assange being smuggled out of the Ecuadorian embassy in Knightsbridge under cover of Christmas Eve in a diplomatic vehicle and transported to Russia, where he’d be safe from extradition to the US, ending his eight-years of effective arbitrary detention in the process.

      In any event, the audacious plot was eventually aborted after being deemed “too risky” — even for the reckless daredevils of Moscow — mere days before its planned execution date. Rommy Vallejo, head of Ecuador’s intelligence agency, is said to have travelled to the UK around December 15 to supervise the operation, and left when it was called off.

    • Guardian’s ‘deliberate lies’ over Assange Russia plot slammed by Craig Murray

      According to Murray, Narvaez told the Guardian that there was “no truth” in the story. The publication ran the story, which was written by, among others, former Guardian Moscow correspondent Luke Harding, regardless. The piece relied on four separate sources for their claims, though they give no more details than that.

      Of the Guardian’s sources, Murray states: “I strongly suspect that, as usual, MI6 tool Luke Harding’s “anonymous sources” are in fact the UK security services, and this piece is entirely black propaganda produced by MI6.”

      READ MORE: British Media is not waving, it’s drowning…in a sea of its own mendacity

      Harding worked for the Guardian in Russia for four years before his visa expired. After being subsequently refused entry to Russia, Harding claimed he had been expelled from the country for being critical of the Kremlin, a claim denied by the Russian government. He has since wrote extensively on Russia while based in the UK.

    • Roger Stone Offered to Assist His Alleged WikiLeaks Source With Legal Expenses

      Last year, as investigators examined claims by longtime Donald Trump adviser Roger Stone that he was in contact during the 2016 election with WikiLeaks, Stone asserted that he had only learned about the group’s plans through an intermediary: Randy Credico, a comedian and political activist. Credico has denied being Stone’s go-between. And now he tells Mother Jones that Stone offered to help him pay his legal fees in what Credico believed was an effort to stop him from contradicting Stone’s account of their interactions during the 2016 campaign.

      “He knew that I was upset,” Credico says. “He wanted me to be quiet. He wanted me to go along with his narrative. He didn’t want me talking to the press and saying what I was saying.”

      Stone, a Republican operative who cut his teeth working for Richard Nixon’s presidential campaign, and Credico, a standup comic long involved in left-wing causes, met in 2002 through their mutual work on drug legalization efforts and formed an unlikely friendship. They are now embroiled in a bitter conflict ignited by the Russia investigations undertaken by Congress and by special counsel Robert Mueller.

    • Ecuador Named Assange Adviser to Embassy in Russia, Then Annulled Decision – MP

      Assange has been staying at the Embassy of Ecuador in London since 2012, unable to leave for fear of being detained by the UK authorities.

      Since 2006, WikiLeaks, founded by Assange, has revealed a vast number of classified documents, including sensitive information allegedly related to US diplomats and the American intelligence community. This has led to a criminal investigation into its activities, initiated by US authorities.

  • Finance
    • Stripe is testing cash advances, following Square and PayPal’s moves into business finance

      Asked about the cash advance service, Stripe acknowledged that it was testing something out and pointed us to this tweet without elaborating more. So we don’t know if Stripe has been offering other users different premiums or payback percentages, nor if $25,000 is the cap or if it’s loaning more, nor if it’s working with a third-party to provide the financing, or whether it is offering it off its own balance sheet.

    • A Milestone for Global Capitalism

      Exciting news for capitalism is the recent achievement of trillion-dollar value for both Amazon and Apple, making them the first corporations to obtain such a lofty status. Amazon’s skyrocketing growth makes its CEO, Jeff Bezos, the world’s richest person with an $160 billion net worth.

      Driving the engine of global wealth concentration are giant transnational investment management firms. In 2017, seventeen trillion-dollar investment companies collectively controlled $41.1 trillion of capital. These firms are all directly invested in each other, making them a huge cluster of centralized capital managed by just 199 people, who decide how and where that wealth will be invested.

      In the case of Amazon, the top investment management corporations are: Vanguard $56.7 billion, BlackRock $49.5 billion, FMR $33 billion, Capital $33 billion, State Street $29 billion, and most of the other trillion-dollar Giants and many others who hold 58.6% of Amazon shares.

      So, while Bezos is a large tree in the forest, the forest itself is groomed by a few hundred global power elites making investment decisions that drive the concentration of wealth into coffers of the 1%. These elites interact through non-governmental policy-making organizations—privately funded by large corporations—that include the Council of Thirty, Trilateral Commission, and the Atlantic Council. Their role is to facilitate, manage, and protect the free flow of global capital. They do this by providing policy recommendations and instructions to governments, intelligence services, security forces, NATO, the Pentagon, and transnational governmental groups including the G-7 G-20, World Bank, IMF, and International Bank of Settlements.

  • AstroTurf/Lobbying/Politics
    • White House Admits Exec Order To Regulate Social Media Is ‘Real,’ But No Idea Who Wrote It, And Won’t Use It

      On September 14th, we wrote about a draft executive order basically tasking the executive branch with “investigating” the major internet companies for evidence of “bias” that might lead to antitrust activity. As we wrote at the time, the draft executive order was poorly drafted, didn’t make much sense, and was almost certainly unconstitutional. It took a week, but the rest of the tech policy world finally discovered the same draft executive order this past Friday (amusingly with some insisting that they had the “scoop” a week after we wrote about it).

      Now, the White House has admitted that the document is “real”, though they’re not entirely sure who crafted it, it hasn’t gone through any of the normal processes, and there’s no intention of moving forward with it. In other words, it sounds like a pet project of someone in the White House to have in a drawer in case it was needed at some future date.

  • Censorship/Free Speech
    • However extreme your views, you’re never hardcore enough for YouTube

      Nobody who knows anything about YouTube will be surprised. Time and again, researchers have discovered that when videos with political or ideological content are uploaded to the platform, YouTube’s “recommender” algorithm will direct viewers to more extremist content after they have watched the first one. Given that most people probably have the autoplay feature left on by default, that means that watching YouTube videos often leads people to extremist sites.

      Strangely, this doesn’t just hold for political or other types of controversial content. Zeynep Tufekci, a well-known technology commentator, found that videos about vegetarianism led to videos about veganism, videos about jogging led to videos about running ultramarathons, and so on. “It seems,” she wrote, “as if you are never ‘hardcore’ enough for YouTube’s recommendation algorithm. It promotes, recommends and disseminates videos in a manner that appears to constantly up the stakes.”

      Given its billion or so users, she concluded that “YouTube may be one of the most powerful radicalising instruments of the 21st century.”

    • Banned Books Wee with Betsy Gomez, Charles Brownstein, and Abena Hutchful

      In observance of Banned Books Week 2018, Mickey speaks with three guests, all involved in different facets of defending Americans’ right to read. Betsy Gomez is coordinator of Banned Books Week, Charles Brownstein is executive director of the Comic Book Legal Defense Fund, and Abena Hutchful leads the Youth Free Expression Program at the National Coalition Against Censorship.

    • Pennsylvania Legislator Thinks He Can Ban Teachers From Talking About Politics In The Classroom

      So, the braintrust behind this assertion includes three missionaries and their children and 6-12 complaints over the past decade. Obviously, the only conclusion to draw is that indoctrination is out of hand and only the powerful velvet fist of government regulation can stop it. If the First Amendment must be destroyed to save the children, it’s a sacrifice Tallman is willing to make on behalf of the few that agree with him and the large majority of non-idiots who don’t.

      Everyone who isn’t Tallman has already greeted his proposed legislation with Constitution-based ridicule. The law will never pass. If something goes horribly wrong and the bill does pass, the courts will strike it down immediately.

    • WhatsApp Appoints ‘Grievance Officer’ To Tackle Fake News In India

      Whatsapp has been trying to curb fake news on its platform for a long time now. After multiple cases of lynching caused due to fake news, the Indian government asked the company to solve this issue or risk a ban in the country.

      Now the instant messaging service has appointed a ‘grievance officer’ to address complaints regarding false news and misinformation spreading on the platform in India.

  • Privacy/Surveillance
    • Which Sensors Do I Have In My Smartphone? How Do They Work? [Ed: It is almost as though (partly joking here) “smart” phones were first conceived by spies as mass surveillance devices and later marketed to the masses as “phones”]

      The smartphones we use today are sophisticated little machines that have gone through an incredible evolution over the last decade. They are now capable of working as a personal assistant that can monitor our heartbeat, track our movements, and anticipate our needs.

      But have you ever wondered how does your smartphone achieve such remarkable feats? A lot of those coolest feats are accomplished through different sensors in your phone. But do you know how many smartphone sensors are there in your device or what their purpose is?

    • ICE Leads The Nation In Encryption-Cracking Expenditures

      We don’t hear much from anyone other than FBI officials about the “going dark” theory. The DOJ pitches in from time to time, but it’s the FBI’s baby. And it’s an ugly baby. Earlier this year, the FBI admitted it couldn’t count physical devices. The software it used to track uncrackable devices spat out inflated numbers, possibly tripling the number of phones the FBI claimed stood between it and justice. FBI officials like James Comey and Chris Wray said “7,800.” The real number — should it ever be delivered — is expected to be less than 2,000.

      The FBI also hasn’t been honest about its efforts to crack these supposedly-uncrackable phones. Internal communications showed the agency slow-walked its search for a solution to the San Bernardino shooter’s locked iPhone, hoping instead for a precedential federal court decision forcing device manufacturers to break encryption whenever presented with a warrant.

      The FBI appears to have ignored multiple vendors offering solutions for its overstated “going dark” problem. At this point, it’s public knowledge that at least two vendors have the ability to crack any iPhone. Israel’s Cellebrite — the company presumed to have broken into the San Bernardino phone for the FBI — is one of them. The other is GrayShift, which sells a device called GrayKey, which allows law enforcement to bypass built-in protections to engage in brute force password cracking.

      We don’t know how often the FBI avails itself of these services. A pile of locked phones numbering in the thousands (but which thousands?!) suggests it is allowing the serviceable (vendor services) to be the enemy of the perfect (favorable court rulings and/or legislation).

    • UK Surveillance Regime Violated Human Rights

      On September 13, after a five-year legal battle, the European Court of Human Rights said that the UK government’s surveillance regime—which includes the country’s mass surveillance programs, methods, laws, and judges—violated the human rights to privacy and to freedom of expression. The court’s opinion is the culmination of lawsuits filed by multiple privacy rights organizations, journalists, and activists who argued that the UK’s surveillance programs violated the privacy of millions.

      The court’s decision is a step in the right direction, but it shouldn’t be the last. While the court rejected the UK’s spying programs, it left open the risk that a mass surveillance regime could comply with human rights law, and it did not say that mass surveillance itself was unlawful under the European Convention on Human Rights (a treaty that we discuss below).

      But the court found that the real-world implementation of the UK’s surveillance—with secret hearings, vague legal safeguards, and broadening reach—did not meet international human rights standards. The court described a surveillance regime “incapable” of limiting its “interference” into individuals’ private lives when only “necessary in a democratic society.”

      In particular, the court’s decision attempts to rein in the expanding use of mass surveillance. Originally reserved for allegedly protecting national security or preventing serious threats, use of these programs has trickled into routine criminal investigations with no national security element—a lowered threshold that the court zeroed in on to justify its rejection of the UK’s surveillance programs. The court also said the UK’s mass surveillance pipeline—from the moment data is automatically swept up and filtered to the moment when that data is viewed by government agents—lacked meaningful safeguards.

    • China tips the scale of global cybersecurity by hoarding vulnerabilities

      There is little to celebrate for digital rights in China. A seemingly constant stream of developments is putting human rights defenders on high alert, as the Chinese state grows ever more powerful and cultivates its surveillance capabilities, integrates social media monitoring with everyday policing, and appears to be persuading international companies like Apple and Google to comply with Chinese law and practices that harm human rights in order to enter the market. China also runs the largest biometric policing system known to date.

      Somewhat hidden under the din of this overtly dystopian discourse are the small yet powerful moves that China is making that are likely to have a long-term negative impact on global cybersecurity, even beyond the Great Wall. These include the government’s strategic withholding of technology vulnerabilities from the international community.

    • China Actively Collecting Zero-Days For Use By Its Intelligence Agencies — Just Like The West

      It all seems so far away now, but in 2013, during the early days of the Snowden revelations, a story about the NSA’s activities emerged that apparently came from a different source. Bloomberg reported (behind a paywall, summarized by Ars Technica) that Microsoft was providing the NSA with information about newly-discovered bugs in the company’s software before it patched them. It gave the NSA a window of opportunity during which it could take advantage of those flaws in order to gain access to computer systems of interest. Later that year, the Washington Post reported that the NSA was spending millions of dollars per year to acquire other zero-days from malware vendors.

      A stockpile of vulnerabilities and hacking tools is great — until they leak out, which is precisely what seems to have happened several times with the NSA’s collection. The harm that lapse can cause was vividly demonstrated by the WannaCry ransomware. It was built on a Microsoft zero-day that was part of the NSA’s toolkit, and caused very serious problems to companies — and hospitals — around the world.

      The other big problem with the NSA — or the UK’s GCHQ, or Germany’s BND — taking advantage of zero-days in this way is that it makes it inevitable that other actors will do the same.

    • Australian Government Ignores Experts in Advancing Its Anti-Encryption Bill
    • EFF Opposes Industry Efforts to Have Congress Roll Back State Privacy Protections

      The Senate Commerce Committee is holding a hearing on consumer privacy this week, but consumer privacy groups like EFF were not invited. Instead, only voices from big tech and Internet access corporations will have a seat at the table. In the lead-up to this hearing, two industry groups (the Chamber of Commerce and the Internet Association) have suggested that Congress wipe the slate clean of state privacy laws in exchange for weaker federal protections. EFF opposes such preemption, and has submitted a letter to the Senate Commerce Committee to detail the dangers it poses to user privacy.

      Current state laws across the country have already created strong protections for user privacy. Our letter identifies three particularly strong examples from California’s Consumer Privacy Act, Illinois’ Biometric Privacy Act, and Vermont’s Data Broker Act. If Congress enacts weaker federal data privacy legislation that preempts such stronger state laws, the result will be a massive step backward for user privacy.

    • Instagram’s Founders Leaving Facebook After Clashes With Zuckerberg
    • Instagram Founders Exit Facebook as Zuckerberg Involvement Grows

      Krieger and Systrom built Instagram and sold it to Facebook for $715 million six years ago. When the deal was announced, the company had only 13 employees and 30 million registered users. Now more than 1 billion people use the app monthly, and it is the main source of advertising revenue for Facebook outside the social network’s main news feed.

      [...]

      Kevin Systrom and Mike Krieger, who have been at the company since Instagram’s acquisition by Facebook in 2012, had been able to keep the brand and product independent while relying on Facebook’s infrastructure and resources to grow. Lately, they were frustrated with an uptick in day-to-day involvement by Zuckerberg, who has become more reliant on Instagram in planning for Facebook’s future, said the people, who asked not to be identified sharing internal details.

      Without the founders around, Instagram is likely to become more tightly integrated with Facebook, making it more of a product division within the larger company than an independent operation, the people said.

    • Instagram’s co-founders have resigned from Facebook
    • Instagram’s Co-Founders to Step Down From Company

      Mr. Systrom and Mr. Krieger did not give a reason for stepping down, according to the people, but said they planned to take time off after leaving Instagram. Mr. Systrom, 34, and Mr. Krieger, 32, have known each other since 2010, when they met and transformed a software project built by Mr. Systrom into what eventually became Instagram, which now has more than one billion users.

    • Your whiney Twitter DMs to businesses may have been leaking since 2017

      Twitter has revealed that a bug in the Account Activity API could allow private messages sent to businesses between May 2017 and 10 September 2018 to have been accidentally cc’d to the developer of the business’ chosen platform.

      Twitter’s apologetic noises initially sound quite reassuring, until you read between the lines. Yes, the bug was fixed “within hours” of discovery, but when the exploit wasn’t found for 16 months that’s not a great deal of consolation. And sure, the bug affected less than 1 per cent of people on Twitter, but with a user base of 68 million, that could still mean anywhere between one and 680,000 people.

  • Civil Rights/Policing
    • Congress Needs to Take Responsibility for Fixing Harassment in Its Own Halls

      Members of Congress have a duty to protect their staffers from harassment by reforming the Congressional Accountability Act of 1995.

      It’s been nearly one year since the #MeToo movement came into public consciousness and months since the Senate and House of Representatives each passed legislation to reform the way Congress handles claims of harassment in its own workplace. But further action on the bills has stalled, and even after sitting members had to resign over their own misconduct, our elected officials have still not moved to effectively protect the safety of their employees.

      On Thursday, seven former congressional staffers sent a letter to congressional leaders in both the House and Senate, calling for meaningful reform of the Congressional Accountability Act of 1995, a law that applies civil rights and workplace safety laws to Congress. Each of the letter’s signatories experienced harassment or abuse while working for members of Congress. They describe in the letter the trauma and pain exacerbated by the current system that has failed to ensure their safety and hold wrongdoers to account.

      The stories these brave survivors share in their letter are harrowing. Anna Kain, Rebecca Weir, Ally Coll Steele, Katherine Cichy, Winsome Packer, Melanie Sloan, and Lauren Greene — all of whom worked for members of Congress — write of being sexually harassed, verbally berated, and publicly humiliated. They were grabbed and threatened — and they were not protected by the powerful people they served.

    • He Said He Faked Mental Illness to Avoid Prison. Now, Accused in 2 Killings, He’s Sent Back to a State Hospital.

      In 2016, Oregon officials freed Anthony Montwheeler from the Oregon State Hospital, accepting his argument that he had faked mental illness for nearly 20 years to avoid prison.

      Last week, an Oregon judge ruled that Montwheeler, 50, was not competent to stand trial for an assault and two murders that prosecutors say he committed just weeks after his release. The judge ordered him returned to the hospital for treatment of depression brought on by the charges against him.

      The Montwheeler case has raised broader questions about Oregon’s handling of people charged with crimes and judged not guilty by reason of insanity, questions ProPublica and the Malheur Enterprise are examining in a yearlong project.

    • Prosecution Presented Fairly Strong Murder Case Against Former CPD Officer Jason Van Dyke

      State attorneys prosecuting Jason Van Dyke, the former Chicago police officer accused of murdering 17-year-old Laquan McDonald, finished presenting their case on September 20. The defense called its first witness September 24.

      The key moment so far in the trial known for the 16 shots Van Dyke fired—his entire magazine—came near the end of testimony in support of the prosecution’s case.

      A ballistics expert from the FBI testified that a quick movement on video by Van Dyke’s partner, Joseph Walsh, was “consistent with a flinch” commonly seen in people who are near a surprise shot being fired. The expert then used plumes of debris evident in the video to establish a timeline of shots that lasts “at least” 14.2 seconds.

      The expert, Scott Patterson, then showed the jury a video of another agent, one of the FBI’s top marksmen, firing 16 rounds into a target.

    • Hell Forms Bobsled Team After Police Chief Admits Fault In SWAT Raid Targeting Wrong Address

      This is an astounding reaction to incidents that are far too commonplace in this country. This is also an indictment of policing in America. There is no reason this reaction should be as stunning as it is. This should be standard operating procedure when cops screw up. Instead, we’re most often greeted with defense of indefensible actions combined with a multitude of efforts designed to make the SWAT raid victim appear as unsympathetic as possible.

      Wrong address raids, killings of unarmed citizens, excessive force deployment… all of these events are normally handled by police departments with maximum defensiveness and minimal acceptance of culpability. A law enforcement agency immediately stepping up to take responsibility for its errors — especially ones with potentially deadly outcomes — is a breath of fresh air in the fetid, stagnant swamp of US policing.

      But this shouldn’t be the ultra-rare exception. It should be the rule. The public law enforcement serves deserves far better than the condescending, self-serving crap it’s so often handed in the wake of incidents like these.

  • Internet Policy/Net Neutrality
    • How bad maps are ruining American broadband

      The problem is much bigger than Cleveland, but the FCC isn’t ready to do much about it. US customers pay some of the highest prices for broadband in the developed world, and broadband availability is sketchy at best for millions of Americans. But instead of tackling that problem head on, the FCC is increasingly looking the other way, relying on ISP data that paints an inaccurately rosy picture of Americans’ internet access. And as long as regulators are relying on a false picture of US broadband access, actually solving the problem may be impossible.

    • Even Wall Street Is Nervous About Comcast’s Latest Bid To Grow Bigger For Bigger’s Sake

      Comcast’s latest effort to grow even larger is spooking even the company’s investors. “Growth for growth’s sake” has been the mantra of the telecom and TV sectors for years. Once growth in any particular market (like broadband) saturates, companies begin nosing about for efforts to grow larger in other sectors, even if it it’s well outside of their core competencies (see Verizon Sugarstring, Go90). Unfortunately for the end user, such growth isn’t accompanied by any meaningful parallel investment in quality product or customer service, a major reason so many users “enjoy” Comcast services today.

      At the same time, this growing power results in increased efforts to thwart any effort to rein in this power, leaving oversight of the natural monopolies more precarious than ever (see: net neutrality). That’s exceptionally true for Comcast, where the one-two punch of fading state and federal oversight, expiring NBC Universal merger conditions from its last 2011 megadeal, and a growing monopoly over broadband is forging a perfect storm of trouble.

  • Intellectual Monopolies
    • TriZetto secures victory in trade secret lawsuit after discovery refusal

      The TriZetto Group has secured a victory in a trade secrets dispute after Syntel allegedly stole information from them.

      Syntel was previously sanctioned for refusing to comply with discovery orders and in the latest ruling from the US District Court for the Southern District of New York again found that Syntel had failed to comply with court orders.

      TriZettom, who develops and licenses software products in the healthcare industry, provides consulting services and hires contractors to perform some of this work with a previous contractor being Syntel.

    • Qualcomm says FTC motion aims to “radically reshape [standard-essential patent] licensing in the cellular industry”

      The two most important motions for summary judgment that Qualcomm is facing at present (and one might even say has ever faced in its history) are the Federal Trade Commission’s motion to hold that Qualcomm itself committed to extending standard-essential patent licenses to rival chipset makers such as Intel (a motion that has drawn broadbased support from industry) and a motion by Apple and four contract manufacturers to end Qualcomm’s double-dipping practice (selling chipsets and additionally collecting patent license fees). This post is about Qualcomm’s opposition in the Northern District of California to the former, but I’d also like to mention that Qualcomm is trying to duck the latter by means of a motion to dismiss all declaratory judgment claims relating to Qualcomm patents from the Apple (and contract manufacturers) v. Qualcomm case in the Southern District of California. When it turned out that its adversaries were going to insist on an adjudication of their patent exhaustion defense, Qualcomm requested expedited briefing, which Judge Gonzalo Curiel denied. The opposition brief to Qualcomm’s attempt to chicken out is due by the end of next week.

      [...]

      There’s no question that you need an antenna and electricity for mobile telephony. But that doesn’t mean the mobile baseband chip–or “modem chip” in accordance with Qualcomm’s brief–doesn’t implement the standard simply because it’s the central and decisive component. It’s the mastermind (a term that is key to the analysis of an alleged “divided infringement” of a method claim and fits here, too). Once the importance of the mastermind component is downplayed, the ultimate consequence may be that not even a device infringes since electricity must be provided by a utility, which in turn needs some energy source somewhere.

      In a 2014 case, GPNE Corp. v. Apple, Judge Koh herself held “as a matter of law that in [that] case, the baseband processor [was] the proper smallest salable patent-practicing unit.” And in Judge Koh’s court, a 2012 jury sided with Apple against Samsung on patent exhaustion, based on Samsung’s license to Qualcomm and Apple’s use of Qualcomm chips in certain products at issue back then. The same happened to Samsung in the Netherlands and France (where I attended a preliminary injunction hearing in 2011).

    • A Shot at Patents Misses the Mark and New Study Reinforces Need to Examine Federal Tech Transfer

      This month we’ll revisit two issues covered previously: attempts to promote compulsory licensing as a way for lowering the cost of Medicare drugs and increasing the return on investment from federally-supported R&D.

    • Trademarks
      • Abnormal faces legal battle against 3 Floyds

        Indiana brewery owns “IT’S NOT NORMAL” trademark

        [...]

        This afternoon, Abnormal posted the following on Instagram; additional comment by company president and CEO Matt DeLoach follows. 3 Floyds did not immediately return a request for comment.

      • 3 Floyds Brewing Goes After Abnormal Beer Co. All Because Of Its Trademarked Slogan ‘It’s Not Normal’

        It’s no secret that sometimes a company’s lawyers get way out ahead of how their client would want them to behave in protecting their intellectual property. We’ve seen many a story in which threat letters go out, only to have ownership on both sides of a dispute get together and settle things amicably. And if there’s any industry in which this should absolutely happen, it should be the craft brewing industry, where there has long been a tradition of fraternity and peaceful coexistence.

    • Copyrights
      • Don’t share this! EU’s new copyright law could kill the free [I]nternet

        The EU legislation, bad as it is in its own right, must be seen as part of a wider attempt to clamp down on free expression and the free exchange of ideas in the West at a time when fewer people than ever before believe establishment narratives. This month a British MP by the name of Lucy Powell, launched a bill in Parliament entitled the ‘Online Forums Bill’ to ban private Facebook groups which promote “hate”, “racism” and “fake news”. But who defines what these terms actually mean?

      • Annual International Copyright Law Conference returns to London

        If you would like to discuss the present and future of copyright, our friends at KNect365 would like to let you know that the annual International Copyright Law conference is returning to London on 27 and 28 November 2018.

      • UK copyright in a no-deal Brexit scenario: what will happen?

        A few months ago, this blog reported that the EU Commission had issued a Notice to stakeholders on the impact that a no-deal Brexit would have on UK copyright.

        At that time, UK’s withdrawal from the EU without any agreement in place must have seen impossible: if one looks at the comments to the relevant post, a reader who called themselves a ‘Broptimist’ stated that the EU Commission’s document

      • Google, Yandex Discuss Creation of Anti-Piracy Database

        Google, Yandex and other prominent Internet companies in Russia are discussing the creation of a database of infringing content including movies, TV shows, games, and software. The idea is that the companies will automatically query this database every five minutes with a view to removing such content from search results within six hours, no court order required.

Technology Groups and Innovators Bemoan Attempts to Override the Courts to Promote Patent Maximalists’ Agenda by USPTO Director Andrei Iancu

Tuesday 25th of September 2018 11:43:19 AM

Summary: The U.S. Patent and Trademark Office (USPTO) is not listening to the views of actual innovators; it seems to be serving just the patent and litigation ‘industry’ (i.e. those who profit from illegitimate patents and baseless lawsuits)

THE EPO was run by a corrupt tyrant for 8 years; he left his loyal compatriot in charge. At the USPTO, by contrast, a technical person (Michelle Lee) ran the Office for a number of years, undoing decades of injustice. Unlike lawyers or politicians or bankers (Iancu, Battistelli and Campinos, respectively), she persistently backed the appeal boards, which at the US are known as the Patent Trial and Appeal Board (PTAB), a relatively new construct that deals with inter partes reviews (IPRs), typically invalidating bogus patents using 35 U.S.C. § 101, inspired by the highest court in the United States.

“Unlike lawyers or politicians or bankers (Iancu, Battistelli and Campinos, respectively), she persistently backed the appeal boards, which at the US are known as the Patent Trial and Appeal Board (PTAB), a relatively new construct that deals with inter partes reviews (IPRs), typically invalidating bogus patents using 35 U.S.C. § 101, inspired by the highest court in the United States.”Michelle Lee got pushed out, partly by a mob of patent maximalists. When a replacement was found for her IAM pressured him to crush PTAB and now it’s jubilant to say “PTAB reforms latest move by PTO to tackle Board’s “perception problem”” (whose perception?).

“After proposed change in claim construction standard, new procedures may lessen need for Congressional action,” it says. No, there was no need for Congressional action; those who asked for Congressional action are crazed patent maximalists who know no boundaries to patent law.

“Michelle Lee got pushed out, partly by a mob of patent maximalists.”The person who visited Iancu and pressured him on behalf of the patent trolls’ lobby (IAM) wrote: “Both look good for patent owners but will be a lot of focus now on how they work in practice” (because this person, Richard Lloyd, will continue to attack PTAB irrespective of what happens next).‏

A person who advocates access to medicines wrote: “USPTO head wants to limit exceptions to patent subject matter.”

He linked to this tweet from a patent maximalist, who said: “This proposal is for new guidance for @uspto Examniers. It wouldn’t involve any new legislation and would be based on previous court decisions.”

“…this would further widen the gap between USPTO determinations and courts’ decisions. How is that beneficial?”Cherry-picking thereof. That’s what lawyers do. They ignore and disregard what doesn’t suit them. That’s what Iancu is. He’s a lawyer. The same person also said: “Outstanding speech at #IPOAM18 by Director Iancu that outlines a proposal for finally resolving the 101 mess – at least at the @USPTO. The proposal clearly defines the limited, excluded categories.”

Well, that will mean nothing to courts; in fact, this would further widen the gap between USPTO determinations and courts’ decisions. How is that beneficial? Maybe that’s fine for law firms because they profit from litigation no matter if it’s entirely frivolous. Bogus patents, bogus lawsuits… what do they care? They just do the billing. Their finance department is happy.

Lisa Ouellette, a patents (and other things) scholar, was citing Dennis Crouch yesterday. Crouch had posted a full transcript, which included this from Iancu:

So first, what exactly should be captured by the judicial exceptions to §101? In essence, and because we no longer want to mush subject matter with the conditions of patentability, the exceptions should capture only those claims that the Supreme Court has said remain outside the categories of patent protection, despite being novel, nonobvious, and well-disclosed. And what are the categories of inventions that the court told us that we should not patent even where the applicant demonstrates full compliance with Sections 102, 103 and 112? The Supreme Court gave us the answer: the “basic tools of scientific and technological work.”

Ouellette seems a tad concerned by Iancu’s plan, which is trying to bypass the law and the Supreme Court. Iancu is Trump’s “swamp” material (his firm had worked for Trump before he got this job), so this does not exactly shock us.

Quoting Ouellette about the IPO meeting from yesterday (IPO is a front group of patent zealots):

In remarks at the annual IPO meeting today, USPTO Director Andrei Iancu said “the USPTO cannot wait” for “uncertain” legislation on patentable subject matter and is “contemplating revised guidance” to help examiners apply this doctrine. Few are likely to object to his general goal of “increased clarity,” but the USPTO should be sure that any new guidance is consistent with precedent from the Supreme Court and Federal Circuit.

As most readers of this blog are well aware, the Supreme Court’s recent patentable-subject-matter cases—Bilski (2010), Mayo (2012), Myriad (2013), and Alice (2014)—have made it far easier to invalidate patent claims that fall under the “implicit exception” to § 101 for “laws of nature, natural phenomena, and abstract ideas.” Since Alice, the Federal Circuit has held patents challenged on patentable-subject-matter grounds to be invalid in over 90% of appeals, and the court has struggled to provide clear guidance on the contours of the doctrine. Proponents of this shift call it a necessary tool in the fight against “patent trolls”; critics claim it creates needless uncertainty in patent rights and makes it too difficult to patent important innovations in areas such as medical diagnostics. In June, Rep. Thomas Massie (R-KY) introduced the Restoring America’s Leadership in Innovation Act of 2018, which would amend § 101 to largely undo these changes—following a joint proposal of the American Intellectual Property Law Association (AIPLA) and Intellectual Property Owners Association (IPO)—but Govtrack gives it a 2% chance of being enacted and Patently-O says 0%.

In the absence of legislation, can the USPTO step in? In his IPO speech today, Director Iancu decries “recent § 101 case law” for “mush[ing]” patentable subject matter with the other patentability criteria under §§ 102, 103, and 112, and he proposes new guidance for patent examiners because this mushing “must end.” The problem is that the USPTO cannot overrule recent § 101 case law. It does not have rulemaking authority over substantive patent law criteria, so it must follow Federal Circuit and Supreme Court guidance on this doctrine, mushy though it might be.

Under the Supreme Court’s patentable-subject-matter inquiry, as summarized in Alice, once a patent claim is determined to fall within a statutory category of a “process, machine, manufacture, or composition of matter,” step 1 is to “determine whether the claims at issue are directed to a patent-ineligible concept,” and if so, step 2 is to “examine the elements of the claim to determine whether it contains an inventive concept sufficient to transform the [ineligible concept] into a patent-eligible application”—where “simply appending conventional steps, specified at a high level of generality” is “not enough.”

It’s not clear how Iancu thinks or why Iancu believes this will improve things. It will only further exacerbate things as he does not control the courts (nor should he). But it’s all about law firms, not science and technology.

This morning we saw this article titled “Patent 101: Patent Process FAQs For Inventors” (not about Section 101).

“As for the USPTO, it continues to unmask himself as little more than an agent of patent extremists.”“Patent attorneys and patent agents (“patent practitioners”) [EXPLOIT] the best and brightest engineers and scientists on a daily basis,” (for profit) it should say, but it doesn’t use the word “exploit”. That is what the opening paragraph says anyway. Inserting the word “exploit” makes it a lot more sensible. Gene Quinn, another such exploiter, published in Watchtroll an article titled “Are all U.S. Patent Claims Invalid?”

So yesterday too he carried on with strawman arguments as headlines. Of course the answer to this rhetorical question is “no”.

Josh Landau from the CCIA, which represents a lot of technology companies, responded with “Getting The Future Backwards: Iancu’s Comments On § 101 At IPO” and to quote:

This morning, Patent and Trademark Office (PTO) Director Iancu gave remarks at the Intellectual Property Owners Association (IPO) Annual Meeting. Perhaps unsurprisingly, given IPO’s efforts to legislatively overturn the Supreme Court’s recent cases reinforcing the bar on patents on products of nature and abstract ideas, Director Iancu’s remarks focused on patentable subject matter—§ 101.

While the remarks aren’t formal guidance, what Director Iancu has described is concerning. Specifically, he states that the guidance would instruct examiners to “allow[] claims that include otherwise excluded matter as long as that matter is integrated into a practical application.”

As for the USPTO, it continues to unmask himself as little more than an agent of patent extremists. This is what the official account tweeted: “Let’s stop commingling the categories of invention on one hand, with the conditions for patentability on the other. Section 101 is about subject matter,” said #USPTO Director Andrei Iancu at @IPO today. Read his full remarks: http://bit.ly/2QVr7fq .”

“At the end of the day, these people may be dooming their own patent system by looking to broaden patent scope at the Office even though courts push back, leaving patent holders in a limbo, uncertain of the validity or value (if any) of their patent/s.”Dennis Crouch has meanwhile gone ahead and put a dollar sign ($) in “USPTO” to better explain what USPTO is about: it’s all about greed. But he actually made/used the image for other reasons (“SUCCESS ACT”).

Neil Wilkof (IP Kat) has also just revealed that Iancu is still attending and opening events of patent extremists rather than science and technology events. Whose “SUCCESS” is this man pursuing? Maybe the occupation he came from — the one which exploits scientists and technologists. The USPTO certainty got priorities all wrong. Very wrong. To quote:

The initial speaker was Mr. Andrei Iancu, Under Secretary of Commerce for Intellectual Property and Director United States Patent and Trademark Office. Mr. Iancu took the audience back to the 1893 Chicago World’s Fair and Chicago Columbian Exposition, which in his words ushered in the modern world of technology. His focus was on the race over who would provide the lighting for the event? On the one hand, there was Thomas A. Edison and his invention of direct electrical current, on the other, the development of alternating current, by Nikola Tesla (the inventor, not the car), supported by George Westinghouse. As noted by Mr. Iancu, Westinghouse (and Tesla) won the bid.

For Mr. Iancu, what we learn from this story is that the patent system both encourages invention as well as patent design around, both of which are integral parts. But in today’s world, the outcome of the war over electrical currents and the role of patent protection in that contest, are not enough. Now, the USPTO is equally(?) focused on how to incentivize invention (read: innovation), although specifics offered were few, other than to emphasize the role of education.

Watchtroll is of course also engaging in yet more PTAB bashing (as always), e.g. “USPTO Substantially Revises PTAB Standard Operating Procedures” (Iancu cannot change patent law itself, he merely lowers patents’ certainty by lessening scrutiny in the office, not in patent courts, and does so at his own peril, lessening the perception of “danger” while at the same time reducing the appeal of US patents). Here is what Patently-O said about it:

Revised SOP2 includes, among other things:

Creation of the POP, typically comprising the Director, the Commissioner for Patents, and the Chief Judge of the PTAB;
Identification of the circumstances when POP members may delegate their authority, and to whom;
Provision of notice to the parties when POP review takes place, as well as the identification of the POP members in a particular case;
Explanation of the standards, procedures, and timing for requesting POP review in a pending case on rehearing; and
Revised procedures for designating a decision previously issued by the PTAB as precedential or informative.

Michael Loney from another patent maximalists’ site wrote this:

The Patent Trial and Appeal Board has revised its standard operating procedures on panelling of matters and precedential and informative decisions

The Patent Trial and Appeal Board has revised its standard operating procedures (SOPs) on panelling of matters (SOP1) and precedential and informative decisions (SOP2).

Loney’s colleague, Ellie Mertens, then wrote about “PTAB cases to watch for the rest of 2018″ as follows:

Important pending Patent Trial and Appeal Board cases relate to issues ranging from assignor estoppel to the constitutionality of PTAB judges’ appointments

The top nine cases related to the Patent Trial and Appeal Board (PTAB) to watch for the rest of 2018 relate to issues ranging from assignor estoppel as it relates to inter partes reviews (IPRs) to the constitutionality of PTAB…

As readers may recall, Iancu moved the chief judge of PTAB (although it may have been voluntary) after he had been smeared by patent maximalists (maybe that’s the “perception” he was alluding to). He’s an actual scientist, for a change. The maximalists already try to replace him (as always) with someone who better suits their agenda. At the end of the day, these people may be dooming their own patent system by looking to broaden patent scope at the Office even though courts push back, leaving patent holders in a limbo, uncertain of the validity or value (if any) of their patent/s.

Patent Trolls Roundup: Microsoft’s Patent Troll Collapses, Samsung Fuels Patent Troll Sisvel, and Patent Troll VirnetX Wants Apple’s Cash

Tuesday 25th of September 2018 10:22:16 AM

Submerged under the bridge

Summary: Microsoft’s largest patent troll continues to experience a mass exodus (in addition to all the layoffs), Sisvel receives armament from Samsung, and VirnetX carries on pretending — to shareholders at least — that it will get a lot of money out of Apple (albeit an appeal will likely prevent that altogether)

SEEING the trend in US patent courts (which unlike the USPTO reject abstract patents en masse), patent trolls are utterly demoralised. Microsoft’s patent troll Intellectual Ventures keeps imploding based on the patent trolls’ lobby (IAM). Here’s the latest:

Cory Van Arsdale, chief revenue office at Intellectual Ventures and one of the driving forces behind its recent monetisation efforts is leaving the giant NPE. He is set to keep some ties to IV advising the business on a consultancy basis for at least the next year, but his departure effectively hands control of the company’s patent sales and licensing to Mathen Ganesan, executive vice president of the Invention Investment Funds.

Van Arsdale joined IV in 2010 from a consulting business which he co-founded and before that did stints at the likes of Microsoft, Apple and Sun Microsystems. He has taken an active role as the company has ramped up its rate of sales in recent years including the disposals of around 4,000 former Kodak patents and almost 1,000 former American Express grants to Dominion Harbor.

The patent trolls’ lobby has also taken note of Sisvel’s latest activity in “More details emerge of Samsung patent transfer to Sisvel,” but it’s behind a payall and the outline says:

Deal between the two came as Korean tech giant agreed to royalty bearing licence to NPE’s Wi-Fi portfolio

This will certainly be used for extortion and blackmail purposes (which is what Sisvel does). Unlike Apple, Samsung does not engage in patent aggression, at least not directly.

The patent troll VirnetX wants money out of nothing in Eastern Texas, where Apple became its latest high-profile target. It issued the following press release yesterday:

VirnetX™ Holding Corporation (NYSE:VHC), an Internet security software and technology company, announced today that on September 20, 2018, pursuant to a Court’s order, attorneys from VirnetX and Apple have conferred and agree without dispute amounts for Bill of Costs and Prejudgment Interest totaling $93,351,141 to be added to the $502,567,709 jury verdict for VirnetX in the ongoing patent infringement action between VirnetX Inc. (“VirnetX”) and Apple Inc (“Apple”).

“Apple’s versus VirnetX patent infringement case payment balloons to $595.9M,” AppleInsider‘s headline said and there’s also
“VirnetX Holding Corporation: VirnetX Files Notice Regarding Agreed Bill of Costs and Prejudgment Interest of $93.3 Million in Apple Suit” in last night’s headlines.

But this decision will almost certainly be appealed and reach the Federal Circuit, which has a rather different track record than courts in Eastern Texas.

António Campinos Goes to UPC-Hostile Country, UPC Continues to Languish and Team UPC Carries on Pushing for Software Patents in Europe (Courts Also)

Tuesday 25th of September 2018 09:22:50 AM


Source

Summary: The Unified Patent Court (UPC) fantasy has fizzled, but those striving to interject software patents agenda into Europe from the back door (e.g. labeling these “AI” or ignoring the stance of actual courts) aren’t giving up just yet

TODAY will be mostly about USPTO matters (major things have just happened), but before we turn to that, let’s look at the latest developments at the European Patent Office (EPO).

Yesterday, for the first time in a long time, the EPO did not bombard Twitter with software patents advocacy (typically 2-4 times per day, even more so lately). Even though software patents in Europe aren’t allowed “as such”, today’s EPO is quite blatantly ignoring even its own rules, in the name of so-called ‘production’ targets.

Days ago António Campinos went to a nation that opposes the Unitary Patent, a Trojan horse for software patents in European courts (not just patent offices). One of the large nations that oppose the Unitary Patent (there are several, including Poland) is Spain and “[d]uring his official visit to Spain last week, President Campinos met with Ministers to discuss how to further strengthen the patent system and support innovation and economic growth,” according to the EPO’s tweet. From the corresponding article, which merely continues this tweet: (warning: epo.org link)

During his first official visit to Spain last week, EPO President António Campinos met with Ministers to discuss how to further strengthen the patent system and support innovation and economic growth. Meetings on Monday were held with the Spanish Minister of Industry, Trade and Tourism, María Reyes Maroto Illera, the Undersecretary for Industry, Trade and Tourism and President of the Spanish Patent and Trademark Office (SPTO), Fernando Valdés Verelst, and the Director General of the SPTO, José Antonio Gil Celedonio.

“Unitary Patent” or “UPC” isn’t mentioned. The EPO too seems to have come to grips with the Unitary Patent’s death (Campinos hasn't mentioned it in over two months). But Team UPC is still in denial; it is pushing UPC agenda as well as other malicious things. As a pro-UPC site put it yesterday:

In-house and private practice lawyers discussed driverless cars, protection strategies in a digital world, compulsory licences, the UPC and FRAND at the European Patents Forum in Paris

UPC is also mentioned in this new press release and a tweet from Bristows, which links to Alan Johnson. He speaks of a document that “sets out the [no 'Brexit' deal] scenarios as currently foreseen, the implications, and the actions for business and other stakeholders, concluding by recommending that businesses seek legal advice on how these arrangements could affect their business model or Intellectual Property rights.”

One can interpret “recommending that businesses seek legal advice” as “go pay Bristows some money for flawed or intentionally-misleading advice on UPC.”

Team UPC has no remnants of credibility by now. Every prediction it had given turned out to be false. The British Law Gazette‘s Michael Cross then published about this under the headline “Government admits ‘no deal’ could mean exit from patent court” (misleading headline).

No, you cannot “exit” something you never entered in the first place (and which does not even exist, either!). Quoting Cross:

New advice from Whitehall on the consequences for a ‘no deal’ exit from the European Union concedes for the first time that this could mean withdrawal from the embryonic 25-nation Unified Patent Court. Until now the government has insisted that the court, part of which is due to be based in Aldgate Tower, London, was not an EU institution and therefore would be unaffected by Brexit.

However a notice issued today by the Department for Business, Energy and Industrial Strategy states that the UK will have to ‘explore whether it would be possible to remain within the Unified Patent Court and unitary patent systems in a ‘no deal’ scenario’.

The note also points out that there is still a possibility that the court may come into being in any case as ratification by Germany – which is subject to a court challenge – is still outstanding. ‘If the Unified Patent Court is never fully ratified, the domestic legislation to bring it into force will never take effect in the UK.’

Team UPC will carry on misinterpreting government documents to spread the infamous two lies.

Marks & Clerk (Team UPC) has long lied about software patents (to make ‘sales’) and this morning we saw Marks & Clerk’s Stéphane Ambrosini giving misleading advice on software patents in Luxembourg because patent courts would not honour these. Here is the relevant part:

In view of the lack of examination during the Luxembourgish application procedure, notionally all software inventions can be patented in the jurisdiction.

However, to achieve a stronger presumption of validity, embodiments of patented software inventions should exhibit a further technical effect, analogously to the legal test practised under the European Patent Convention. In practice, this means a concrete effect achieved by the software beyond the conventional physical interactions between the program and the computer on which it is run.

That still does not give it presumption of validity; European courts (not UPC) do not view software patents favourably. We have been tracking these matters for well over a decade. Going back to Team UPC’s favourite platform, watch these patent zealots promoting software patents in Europe under the guise of “AI”: (calling algorithms that)

Directors from the European Patent Office gave guidance at this year’s European Patent Forums in Munich and Paris on how inventors can successfully patent their artificial intelligence or machine learning solutions

Well, “AI” is merely a buzzword and one that the EPO habitually promotes as a cover for software patents in Europe. As for “machine learning”, we’ll deal with that in another post later today.

The Man Whose Actions Could Potentially Land Team Battistelli in Jail

Tuesday 25th of September 2018 08:19:00 AM

Older: The Battistelli Mafia and Corsica


Source: En pleine présidentielle, Benalla dégaine son arme pour un selfie

Summary: As new evidence and more material surfaces about Benalla, Battistelli tries hard to hide himself from French media, knowing that he might be criminally culpable

The only person who kept weapons in his office (inside/at the EPO) was Battistelli himself — despite falsely accusing others of the same — employing an immature, aggressive and totally irresponsible (could have shot EPO staff uncontrollably) thug without a gun permit. EPO is a rogue institution. The above is Battistelli’s ‘bodyguard’; imagine arming and paying about 10,000 euros per month to a thug who takes selfies with his pistol that he most likely carried illegally, implicating Battistelli (who no doubt knew about it but refuses to talk about it). Also of relevance to this:

  1. Alexandre Benalla, Macron’s Violent Bodyguard, Was Also Battistelli’s Bodyguard
  2. It Wasn’t Judges With Weapons in Their Office, It Was Benoît Battistelli Who Brought Firearms to the European Patent Office (EPO)
  3. Guest Post on Ronan Le Gleut and Benalla at the French Senate (in Light of Battistelli’s Epic Abuses)

An insider made the following picture yesterday — an image we’ve made a local copy of (just in case the tweet or Twitter itself vanishes in the future).

Reader’s Article: Affaire Benalla Strongly Connected to EPO/OEB/EPA and Former President Benoît Battistelli #Europe #patent https://t.co/e9Ol4t3XSxhttps://t.co/KpwSuyAXmt pic.twitter.com/gtUSBfRfZQ

— Sheikh it Sheikh it (@Sheikh_al_Touar) September 24, 2018

More in Tux Machines

Red Hat: OpenShift and Awards

  • OpenShift Commons Briefing: OpenShift 3.11 Release Update with Scott McCarty (Red Hat)
    In this briefing, Red Hat’s Scott McCarty and numerous other members of the OpenShift Product Management team gave an in-depth look at Red Hat’s OpenShift’s latest release 3.11 and some insights in to the road ahead.
  • Awards roll call: Red Hat awards, June to October 2018
    Depending on the weather in your region, it’s safe to say that the seasons are changing so it’s a good time to look back at what was a busy few months for Red Hat, especially when it came to industry awards for our technical and product leadership. In recent months, Red Hat products and technologies took home twenty awards, highlighting the breadth and depth of our product portfolio as well as the expertise that we provide to our customers. In addition, Red Hat as a company won five awards recognizing its growth and culture as a leader in the industry.
  • More advice from a judge - what it takes to win a Red Hat Innovation Award
    Last year I penned the below post to provide insight into what the judges of the Red Hat Innovation Awards are looking for when reviewing submissions. Looking back, I would give almost the identical advice again this year...maybe with a few tweaks. With all the stellar nominations that we receive, the question I often get is, “how can we make our entry standout?” There’s no magic formula for winning the Red Hat Innovation Awards, but there are things that the other judges and I look for in the entries. Overall, we’re looking for the project that tells a compelling story. It’s not just about sharing what Red Hat products and services you used, we want to hear the full narrative. What challenges did you face; how you implemented the project; and ultimately, what was the true business impact and transformation that took place? Submissions that are able to showcase how open source culture and values were key to success, or how the project is making a difference in the lives of others, are the entries that most often rise to the top.

today's howtos

OSS Leftovers

  • How to be an effective and professional member of the Samba user and development Community
    For many years we have run these lists dedicated to developing and promoting Samba, without any set of clear guidelines for people to know what to expect when participating.  What do we require? What kind of behavior is encouraged?
  • Blockcerts Updates Open Source Blockchain Architecture
    Learning Machine is making changes to its Blockcerts Credential Issuer, Verifier and Wallet to enable native support for records issuance and verification using any blockchain. Blockcerts was launched by Learning Machine and MIT Media Lab in 2016 as new way to allow students to receive digital diplomas through an app, complementing a traditional paper degree. Blockcerts was originally designed to be blockchain-agnostic, which means that open standards can be used to anchor records in any blockchain. The Blockcerts Universal Identifier recognizes which blockchain is being used and verifies accordingly. Currently, the open source project has added support for bitcoin and Ethereum blockchains, but anyone can add support through the project's GitHub page.
  • First full featured open-source Ethereum block explorer BlockScout launched by POA Network
  • Amsterdam-based ING Bank Introduces Open-Source Zero Knowledge Technology
  • ING Bank Launches Open Source Privacy Improvement Add-On for Blockchains
  • Imec tool accelerates DNA sequencing 10x
    As a result, in a typical run, elPrep is up to ten times faster than other software tools using the same resources. It is designed as a seamless replacement that delivers the exact same results as GATK4.0 developed by the Broad Institute. elPrep has been written in the Go programming language and is available through the open-source GNU Affero General Public License v3 (AGPL-3.0).
  • On the low adoption of automated testing in FOSS
    A few times in the recent past I've been in the unfortunate position of using a prominent Free and Open Source Software (FOSS) program or library, and running into issues of such fundamental nature that made me wonder how those issues even made it into a release. In all cases, the answer came quickly when I realized that, invariably, the project involved either didn't have a test suite, or, if it did have one, it was not adequately comprehensive. I am using the term comprehensive in a very practical, non extreme way. I understand that it's often not feasible to test every possible scenario and interaction, but, at the very least, a decent test suite should ensure that under typical circumstances the code delivers all the functionality it promises to. [...] Most FOSS projects, at least those not supported by some commercial entity, don't come with any warranty; it's even stated in the various licenses! The lack of any formal obligations makes it relatively inexpensive, both in terms of time and money, to have the occasional bug in the codebase. This means that there are fewer incentives for the developer to spend extra resources to try to safeguard against bugs. When bugs come up, the developers can decide at their own leisure if and when to fix them and when to release the fixed version. Easy! At first sight, this may seem like a reasonably pragmatic attitude to have. After all, if fixing bugs is so cheap, is it worth spending extra resources trying to prevent them?
  •  
  • Chrome for Linux, Mac, and Windows Now Features Picture-in-Picture by Default
    Chromium evanghelist at Google François Beaufort announced today that Picture-in-Picture (PiP) support is now enabled by defualt in the Google Chrome web browser for Linux, Mac, and Windows platforms. Google's engineers have been working for months to add Picture-in-Picture (PiP) support to the Google Chrome web browser, but the long-anticipated feature is finally here, enabled by default in the latest version for Linux, Mac, and Windows operating systems. The feature lets you detach a video in a floating window so you can watch it while doing something else on your computer.
  • Teaching With an Index Card: the Benefits of Free, Open-Source Tools
  • Decentralized Authentication for Self-Sovereign Identities using Name Systems
    The GNU Name System (GNS) is a fully decentralized public key infrastructure and name system with private information retrieval semantics. It serves a holistic approach to interact seamlessly with IoT ecosystems and enables people and their smart objects to prove their identity, membership and privileges - compatible with existing technologies. In this report we demonstrate how a wide range of private authentication and identity management scenarios are addressed by GNS in a cost-efficient, usable and secure manner. This simple, secure and privacy-friendly authentication method is a significant breakthrough when cyber peace, privacy and liability are the priorities for the benefit of a wide range of the population. After an introduction to GNS itself, we show how GNS can be used to authenticate servers, replacing the Domain Name System (DNS) and X.509 certificate authorities (CAs) with a more privacy-friendly but equally usable protocol which is trustworthy, human-centric and includes group authentication. We also built a demonstrator to highlight how GNS can be used in medical computing to simplify privacy-sensitive data processing in the Swiss health-care system. Combining GNS with attribute-based encryption, we created ReclaimID, a robust and reliable OpenID Connect-compatible authorization system. It includes simple, secure and privacy-friendly single sign-on to seamlessly share selected attributes with Web services, cloud ecosystems. Further, we demonstrate how ReclaimID can be used to solve the problem of addressing, authentication and data sharing for IoT devices. These applications are just the beginning for GNS; the versatility and extensibility of the protocol will lend itself to an even broader range of use-cases. GNS is an open standard with a complete free software reference implementation created by the GNU project. It can therefore be easily audited, adapted, enhanced, tailored, developed and/or integrated, as anyone is allowed to use the core protocols and implementations free of charge, and to adopt them to their needs under the terms of the GNU Affero General Public License, a free software license approved by the Free Software Foundation.
  • Make: an open source hardware, Arduino-powered, 3D-printed wire-bending machine
    How To Mechatronics has pulled together detailed instructions and a great video explaining how to make an Arduino-powered, 3D-printed wire-bending machine whose gears can create arbitrary vector images out of precision-bent continuous lengths of wire.
  • RApiDatetime 0.0.4: Updates and Extensions
    The first update in a little while brings us release 0.0.4 of RApiDatetime which got onto CRAN this morning via the lovely automated sequence of submission, pretest-recheck and pretest-publish. RApiDatetime provides seven entry points for C-level functions of the R API for Date and Datetime calculations. The functions asPOSIXlt and asPOSIXct convert between long and compact datetime representation, formatPOSIXlt and Rstrptime convert to and from character strings, and POSIXlt2D and D2POSIXlt convert between Date and POSIXlt datetime. This releases brings asDatePOSIXct as a seventh courtesy of Josh Ulrich. All these functions are all fairly useful, but not one of them was previously exported by R for C-level use by other packages. Which is silly as this is generally extremely carefully written and tested code.
  • 6 JavaScript books you should know
    If there was ever the potential for a giant book list it's one based on our favorite Javascript books. But, this list is short and easy to digest. Maybe it will help you get started, gently. Plus, check out three of our top Javascript articles with even more books, resources, and tips.

Security: Telstra, Google+ and Facebook Incidents, and Latest Updates