Language Selection

English French German Italian Portuguese Spanish

July 2020

KDE Plasma 5 August 2020 release for Slackware

Filed under
KDE
Slack

New Plasma5 packages for Slackware-current are ready for download & installation. I skipped July (holiday season) and so here is KDE-5_20.08 aka my August 2020 release. Be sure to read the upgrade instructions very carefully to prevent breakage, because starting with my June batch the goal is to remove Slackware’s ConsoleKit2 and replace it with elogind!.

It would not harm if you (re-)read my previous blog article about Plasma5, “Replacing ConsoleKit2 with elogind – first steps“. It has a lot more detail about the reasons for this move as well as guidance on using the Wayland Window Manager (as a test) instead of regular X.Org. Note that Wayland sessions still need a lot of maturing and X.Org will remain Slackware’s default choice.

Read more

IBM/Red Hat/Fedora Leftovers

Filed under
Red Hat

Debian: Ben Hutchings, Chris Lamb, and Jonathan Carter

Filed under
Debian

  • Ben Hutchings: Debian LTS work, July 2020

    I was assigned 20 hours of work by Freexian's Debian LTS initiative, but only worked 5 hours this month and returned the remainder to the pool.

    Now that Debian 9 'stretch' has entered LTS, the stretch-backports suite will be closed and no longer updated. However, some stretch users rely on the newer kernel version provided there. I prepared to add Linux 4.19 to the stretch-security suite, alongside the standard package of Linux 4.9. I also prepared to update the firmware-nonfree package so that firmware needed by drivers in Linux 4.19 will also be available in stretch's non-free section. Both these updates will be based on the packages in stretch-backports, but needed some changes to avoid conflicts or regressions for users that continue using Linux 4.9 or older non-Debian kernel versions. I will upload these after the Debian 10 'buster' point release.

  •        

  • Chris Lamb: Free software activities in July 2020

    As part of being on the board of directors of the Open Source Initiative and Software in the Public Interest I attended their respective monthly meetings and participated in various licensing and other discussions occurring on the internet, as well as the usual internal discussions regarding logistics and policy etc. This month, it was SPI's Annual General Meeting and the OSI has been running a number of remote strategy sessions for the board.

  •        

  • Jonathan Carter: Free Software Activities for 2020-07

    Here are my uploads for the month of July, which is just a part of my free software activities, I’ll try to catch up on the rest in upcoming posts. I haven’t indulged in online conferences much over the last few months, but this month I attended the virtual editions of Guadec 2020 and HOPE 2020. HOPE isn’t something I knew about before and I enjoyed it a lot, you can find their videos on archive.org.

The Best Authenticator Apps for Linux Desktop

Filed under
GNU
Linux
Security

If you have ever used two-factor authentication before, then you have probably heard of tools like Google Authenticator. To make use of many of these services, you’ll have to have your phone near you. Luckily, there are desktop authenticator apps that can provide you with the secret key you need to log in to your account. Below are the best authenticator apps for the Linux desktop.

[...]

Yubico works with a hardware security token known as the Yubikey. You can store your credentials on this as opposed to on your device. This hardware security token can even be further secured by choosing to unlock it with either FaceID or TouchID.

With Yubico, you will also be able to easily transition between devices, even after upgrading. The Yubico app lets you generate multiple secrets across devices, making it simple for you to switch.

I have to admit that the security offered by a physical token like the Yubikey is great. However, users must bear in mind that they must have the key with them if they wish to use two-factor authentication. I know you may argue and say this is no better than having to carry a phone with you. However, you can’t put your phone on a keychain! Additionally, it’s tough to crack a hardware token. Someone would have to steal it from you if they wanted to access your data. Even after doing that, they still won’t know any of your passwords or anything else of the sort.

With Yubico Authenticator, you first have to insert your key before you can add services to the app. After inserting your key, you can then add a security token from a service you want to enable two-factor authentication for. This is an app more for a power user due to the steps that must be taken to get it set up.

Read more

today's leftovers

Filed under
Misc

  • oneAPI compatibility with all openSUSE

    As leader of the openSUSE Innovator initiative, openSUSE member and official oneAPI innovator, I tested the new release of the tool on openSUSE Leap 15.1, 15.2 and Tumbleweed. With the total success of the work, I made available in the SDB an article on how to install this solution on the openSUSE platform. More information here: https://en.opensuse.org/SDB:Install_oneAPI.

    oneAPI is an Unified, Standards-Based Programming Model. Modern workload diversity necessitates the need for architectural diversity; no single architecture is best for every workload. XPUs, including CPUs, GPUs, FPGAs, and other accelerators, are required to extract high performance.

    This technology have the tools needed to deploy applications and solutions across these architectures. Its set of complementary toolkits—a base kit and specialty add-ons—simplify programming and help developers improve efficiency and innovation. The core Intel oneAPI DPC++ Compiler and libraries implement the oneAPI industry specifications available at https://www.oneapi.com/open-source/.

  • openSUSE Tumbleweed – Review of the week 2020/31

    Week 31 has seen a steady flow of snapshots. The biggest snapshot was 0721, for which we had to do a full rebuild due to changes in the krb5 package, that moved some files around. In order for all packages to keep up with this change, the full rebuild was needed. The week in total has seen 7 snapshots being published (0721, 0724, 0726, 0727, 0728, 0729 and 0730)

  • Does Your Organization Need an Open Source Program Office?

    Every modern enterprise uses some open source software, or at the very least uses software that has open-source components. In an enterprise setting, the number of different open source projects an organization might use could easily be in the hundreds of thousands, and there could also easily be just as many engineers using those open source projects.

    While the reality is that enterprises use open source software, open source communities have a completely different culture — one focused on collaboration in a way that is foreign to most standard business environments.

    “As a business, it’s a culture change,” explained Jeff McAffer, who ran Microsoft’s Open Source Program Office for years and now is a director of product at GitHub focused on promoting open source in enterprises. “Many companies, they’re not used to collaboration. They’re not used to engaging with teams outside of their company.”

    What exactly are Open Source Program Offices (OSPOs)? What do they do, who needs them and why? We spoke with a couple of people who lead open source program offices to learn more.

  •        

  • 50 Open Badges awarded for top LibreOffice translators!

    A few months ago, we announced Open Badges for LibreOffice contributors. These are custom images with embedded metadata, awarded to our most active community members to say thanks for their great work!

    The metadata describes the contributor’s work, and the badge can be verified using an external service. Open Badges are used by other free software projects, such as Fedora.

  • Ordering Browser Tabs Chronologically to Support Task Continuity

    Product teams working on Firefox at Mozilla have long been interested in helping people get things done, whether that’s completing homework for school, shopping for a pair of shoes, or doing one’s taxes. We are deeply invested in how we can support task continuity, the various steps that people take in getting things done, in our browser products. And we know that in our browsers, tabs play an important role for people carrying out tasks.

    [...]

    Fast forward to this year and the team working on Firefox for iOS was interested in how we might support task continuity involving leaving tabs open. We continued to see in user research the important role that tabs play in task continuity, and we wanted to explore how to make tab retrieval and overall tab management easier.

    In most web browsers on smartphones, tabs are ordered based on when a person first opened them, with the oldest tabs on one end of the interface (top, bottom, left, or right) and the newest tabs stacking to the opposite end of the interface. This ordering logic gets more complex if a new tab is prompted to open when someone taps on a link in an existing tab. A site may be designed to launch links in new tabs or a person may choose to open new tabs for links. The new tab, in that case, typically will open immediately next to the tab where the link was tapped, pushing all other later tabs toward the other end of the interface. All of this gets even trickier when managing more than just a few tabs. This brief demonstration illustrates tab ordering logic in Firefox for iOS before chronological tabs using the example of someone shopping for a good processor.

  • Tor’s Bug Smash Fund: Year Two!

    The Bug Smash Fund is back for its second year! In 2019, we launched Tor’s Bug Smash Fund to find and fix bugs in our software and conduct routine maintenance. Maintenance isn’t a flashy new feature, and that makes it less interesting to many traditional funders, but it’s what keeps the reliable stuff working--and with your support, we were able to close 77 tickets as a result.

    These bugs and issues ranged from maintenance on mechanisms for sending bridges via email and collecting metrics data to improving tor padding, testing, onion services, documentation, Tor Browser UX, and tooling for development. This work keeps Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.

  • Say hello to the Linux Terminal 2.0 for Chrome OS

    Back in March, prior to the Chrome OS release calendar getting out of whack, the Linux terminal for Chrome OS was undergoing a major facelift that looked to be slated for the release of version 82. Since I generally live in the Canary channel, I was unaware that the update had not taken place. Instead, the refreshed Linux terminal actually arrived in the latest update to Chrome OS 84. Some of you reading this may be thinking “what the heck is a Linux terminal?” and that’s okay. Here’s a quick history lesson.

Linux Mint Monthly News and Ubuntu Leftovers

Filed under
Ubuntu

           

  • Linux Mint Monthly News – July 2020

    I’d like to thank you all for your support. Donations are usually quite high after a release and Linux Mint 20 is no exception. We received 924 donations in a single month! That’s quite an impressive number and it makes us feel really proud, both as a project and a community.

    Linux Mint 20 was well received but it introduced new challenges, both as a release and an upgrade. We’ll be focused on tackling these challenges for the next two years as well as implementing exciting refinements and new features in the upcoming point releases. Some of these are already listed on our Trello boards and roadmaps. I’d rather talk about them once they’re implemented and ready to be shipped though. Hopefully this time next month we’ll be able to give you a preview of some of them.

    In last month’s feedback we noted some users would like Linux Mint to package Chromium. We also observed confusion and lack of empowerment when it comes to dealing with foreign packages during the upgrade. These are two areas we’re looking into at the moment.

    LMDE 4 received many updates lately, including the new features from Linux Mint 20 and Cinnamon 4.6.

    A study on the popularity of Linux Mint releases showed some interested results and comforted some of the perception we had of our user base. 

  •        

  • Charmed OSM Release EIGHT available from Canonical

    Canonical is proud to announce the general availability of OSM release EIGHT images in it’s Charmed OSM distribution. As of Release SEVEN, OSM is able to orchestrate containerised network functions (CNFs) leveraging Kubernetes as the underlying infrastructure for next-generation 5G services. Release EIGHT follows the same direction and brings new features that allow for the orchestration of a broader range of network functions and production environments.

    Open Source MANO (OSM) Release EIGHT is the result of great community work in a project that drives the most complete open source network function virtualisation (NFV) orchestrator in the market.

  • Full Circle Magazine #159

    This month:
    * Command & Conquer
    * How-To : Python, Podcast Production, and Rawtherapee
    * Graphics : Inkscape
    * Graphics : Krita for Old Photos
    * Linux Loopback
    * Everyday Ubuntu
    * Ubports Touch
    * Review : Ubuntu Unity 20.04
    * Ubuntu Games : Mable And The Wood
    plus: News, My Opinion, The Daily Waddle, Q&A, and more.

Hardware and Devices With Linux or Similar

Filed under
Hardware
  • Amazing science from the winners of Astro Pi Mission Space Lab 2019–20
  • What is an IoT-Ready PC?

    Can your PC or laptop handle IoT applications? This means it should have the ruggedness and extra connectivity support for IoT devices such as Arduino or Raspberry Pi, while supporting OS such as Windows 10 IoT Core.

  • The PongMate CyberCannon Mark III is a surefire way to never lose at beer pong

    If you participate in beer pong, and your skills aren’t up to the challenge, you might be in for a rough time. While “practice makes perfect,” if you’d rather shortcut this process then engineers Nils Opgenorth and Grant Galloway have just the solution with their Arduino-powered PongMate CyberCannon Mark III.

    This wrist-mounted launcher uses a time-of-flight sensor, along with an inertial measurement unit to calculate the vertical and horizontal distance to the red Solo cup, marked with a small laser. Bubble levels help users fix the device in the horizontal direction and five programmable RGB LEDs indicate when it’s ready to shoot.

  • BCM MX4305UE Industrial Mini-ITX Motherboard Features Intel Celeron 4305UE Processor

    The board supports both Windows 10 and Linux distributions.

  • Apollo Lake industrial mini-PC supports Linux

    Vecow’s Linux-ready, -40 to 75°C tolerant “SPC-4010C” industrial mini-PC is built around a dual-core Apollo Lake SoC with up to 8GB RAM, 2x GbE, SATA, HDMI, 4x USB, and 2x mini-PCIe with SIM card and mSATA.

    Vecow announced a minor revision to its Apollo Lake based SPC-4010 mini-PC called the SPC-4010C. If you already know about the SPC-4010, all you need to do is read the following paragraph. However, if like us, you are new to the SPC-4000 series, you may be interested in joining us for a brief tour of all six Apollo Lake based SPC-4000 models below. The fanless systems supports Linux and Win 10 for machine vision, robot control, infotainment, factory automation, intelligent control, and other compact AIoT applications.

Programming Leftovers

Filed under
Development
  • New Tax Collection Tech Replaces 50-Year-Old System

    Fried said recent updates to the old system had fallen mainly to a single employee who had worked for the office for most of the five decades the system had been in place - and finding another programmer with similar skills would have been challenging. The old system used the COBOL programming language and a traditional mainframe computer, whereas the new system is cloud-based and can be managed entirely remotely.

  • Call for Code Daily: tech for the disabled, chatbots, and the final push to submission close
  • Godot Release candidate: 3.2.3 RC 3

    Godot 3.2.2 was released on June 26 with over 3 months' worth of development, including many bugfixes and a handful of features. Some regressions were noticed after the release though, so we decided that Godot 3.2.3 would focus mainly on fixing those new bugs to ensure that all Godot users can have the most stable experience possible.

    Here's a third Release Candidate for the upcoming Godot 3.2.3 release. Please help us test it to ensure that no new regressions have slipped through code review and testing.

    Note: The previous 3.2.3 RC 2 was actually not built from the intended commit, and reflected the same changeset as RC 1. Tests made on RC 2 are still valid and useful, but did not help validate the very latest commits, hence this third release candidate. The changes new in this build are thus the ones made between RC 1 and RC 3.

  • What Is Fuzz Testing? A Guide.

    Not all software testing techniques have origin stories, but fuzz testing does: On a stormy evening in 1988, Barton Miller, a computer science professor at the University of Wisconsin-Madison, was using a dial-up connection to work remotely on a Unix computer from his apartment. He was attempting to feed input information into a computer program, only to see the program repeatedly crash.

    He knew that the electrical noise from the thunderstorm was distorting his inputs into the program as they traveled through the phone line. The distorted inputs were different from what the software needed from the user, resulting in errors. But as he describes in his book, Fuzzing for Software Security Testing and Quality Assurance, Miller was surprised that even programs he considered robust were crashing as a result of the unexpected input, instead of gracefully handling the error and asking for input again.

    [...]

    Miller’s concern about what he saw during his thunderstorm experience extended beyond the annoyance of having applications crash unexpectedly. Applications that are not able to handle unexpected input also pose security concerns. Errors that aren’t handled by the program are vulnerabilities that attackers can exploit to hack into systems.

    In fact, attackers often use fuzz testing tools to locate vulnerabilities in applications, according to Jared DeMott, the CEO of VDA Labs security testing company and the instructor of several Pluralsight courses on testing.

    “If you follow what we call a secure development lifecycle… fuzzing is one piece of the lifecycle that relates to the testing portion of it,” DeMott said.

  • [Old] Infinite scrolling on the web is complexity layered on top of complexity layered on top of complexity

    Does all that stuff sound hard? Sorry, but it’s worse.

Games: GNOME, Core Defense, Steam and Monster Crown

Filed under
GNOME

  • Implementing Recently Played Collection in GNOME Games

    In my previous blog post, I talked about how I added a Favorites Collection to Games. Favorites Collection lists all the games that’s marked as favorite. In this post I’ll talk about what went into adding a Recently Played Collection, which helps you get to recently played games more quickly.

    Since most of the ground work for supporting non-user collections are already done as part of introducing Favorites Collection, it required much less work to add another non-user collection. For Recently Played collection, the main differences from Favorites Collection in terms of implementation are...

  • Core Defense offers up a different kind of Tower Defense with deck-building

    Core Defense is a Tower Defense game at it's core but it's quite unusual in how it sprinkles in the content and it's out now with full Linux support. After being in Early Access on itch.io for a few months, it's looking good.

    It takes the usual wave-based approach from your typical TD game but instead of giving you set tower types and specific placements, it's a little more open-ended. As you progress through the waves, you build up your defences based on what cards you pick as rewards, a little like a deck-builder and you use these unlocks to gradually build through the blank canvas of a map you're given.

  • 4 ways to back up Steam games on Linux

    Are you a Linux gamer? Do you play a lot of Steam video games? Trying to figure out how to back up your games so you don’t have to keep re-downloading them? If so, this list is for you! Follow along as we talk about 4 ways to back up Steam games on Linux!

  • Monster Crown has a new adult take on Pokemon and it's now in Early Access

    With a darker tone, a setting aimed at adults and creatures that might give a few pixelated nightmares, Monster Crown has entered Early Access as a new breed in the genre of monster catching.

    Monster Crown definitely captures some of the spirit of early Pokemon games, with a new and unique take on it. Instead of throwing a magical ball to capture creatures and force them to your will, Monster Crown gets you to offer them a contract and see if they want to join you. It's a little odd but an interesting spin.

More in Tux Machines

Arcan 0.6 – ‘M’ – Start Networking

This time around, the changes are big enough across the board that the sub-projects will get individual posts instead of being clumped together, and that will become a recurring theme as the progress cadence becomes less and less interlocked. We also have a sister blog at www.divergent-desktop.org that will slowly cover higher level design philosophy, rants and reasoning behind some of what is being done here. A few observant ones have pieced together the puzzle — but most have not. This release is a thematic shift from low level graphics plumbing to the network transparency related code. We will still make and accept patches, changes and features to the lower video layers, of course — ‘Moby Blit’ is still out there — but focus will be elsewhere. Hopefully this will be one of the last time these massive releases make sense, and we can tick on a (bi-)monthly basis for a while. Read more Also: Arcan 0.6 Display Server Adds Network Transparency, XWayland Client Isolation - Phoronix

Games: HIVESWAP: ACT 2, Gaming Rack Design and Construction, Parkitect and DualSense

  • Amusing adventure game HIVESWAP: ACT 2 is out now | GamingOnLinux

    With no prior knowledge of the Homestuck web comic series needed, the second part of the video game adventure is out now with HIVESWAP: ACT 2. "The artistry and humor of the golden age of adventure games meet hand-drawn 2D animation in this love letter to the point-and-click classics. Bizarre, beautifully illustrated alien landscapes and colorful characters make Alternia a joy to explore."

  • Gaming Rack Design and Construction – CubicleNate's Techpad

    I have collected a number of gaming systems throughout my life and there is little point in having them if they sit in a box or using them takes an annoying level of set-up time, making it fun prohibitive. I was then inspired by Perifractic Retro Recipes video where the computer museum has everything so nicely laid out. I looked at my mess and decided that I had to do something about it because my arrangement just isn’t presentable.

  • Theme park building game Parkitect is getting 8-player online multiplayer | GamingOnLinux

    With the second year release anniversary of the great theme park building game Parkitect coming up, Texel Raptor had a quite a huge surprise ready. Releasing on December 8 is the free cooperative online multiplayer mode. This is absolutely crazy considering the type of game it is, and one I can only imagine right now being ridiculously fun to play online with others. Eight people in total too, that's a lot of building that can get done. Texel Raptor mentioned you can see what everyone else is doing, and it's going to have a full online lobby system it seems too.

  • The DualSense Is Making Even More Sense - Boiling Steam

    As reported earlier this month, the DualSense controller from Sony was already working great out of the box on Linux. However, it wasn’t long after that that Valve added support for the more advanced features of the device. Starting November 12, Valve updated the controller to have basic input functionality with their beta Steam client:

Devices/Embedded and Open Hardware Leftovers

  • Embedded Linux for Teams | Ubuntu

    Developer-friendly embedded Linux should just deliver apps to devices. Satellite companies don’t build their own rockets. They focus on building satellites and lease a rocket to deliver it as a payload. Many developer teams also have to “build the rocket” to deliver embedded applications. Developers would be more successful, if Linux vendors made it their job to provide and maintain the scaffold that teams need to deliver embedded apps. In such a world, teams would focus on creating apps. The resulting app-centric development cycle could boil down to booting, building and deploying. Building on top of vendor-provided scaffolds, developers would create a bootable image for their target boards. Teams would then develop apps. After testing, they will build a system image that delivers all these apps. Then burn, deploy, done.

  • Personal Raspberry Pi music streamer
  • Run Pi-hole as a container with Podman on openSUSE - SUSE Communities

    There is arguably no better way to protect devices on your local network from unwanted content than Pi-hole. Add a machine running Pi-hole to your network, and it will quietly scrub all incoming traffic from pesky stuff like ads and trackers in the background. As the name suggests, Pi-hole was initially designed to run on a Raspberry Pi. But if you already have a machine running openSUSE on your network, you can deploy a Pi-hole container on it instead. And to make things a bit more interesting, you can use Podman instead of Docker for that. Installing Podman on openSUSE 15.2 is a matter of running the sudo zypper install podman command. A Pi-hole container needs the 80 and 53 ports, so make sure that these ports are available on your machine.

  • MorphESP 240 ESP32-S2 board integrates a 1.3-inch color display (Crowdfunding)

    We’ve already seen ESP32 platforms with a color display such as M5Stack, but MorphESP 240 is kind of cute with a 1.3-inch color display, features the more recent ESP32-S2 WiFi processor, and supports battery power & charging.

  • Rockchip RK3588 specifications revealed – 8K video, 6 TOPS NPU, PCIe 3.0, up to 32GB RAM

    Rockchip RK3588 is one of the most anticipated processors for the year on this side of the Internet with the octa-core processor features four Cortex-A76 cores, four Cortex-A55 cores, an NPU, and 8K video decoding support. The roadmap shows an expected launch date in Q3/Q4 2020, but sadly the release date will be pushed back in the future. Having said that, the Rockchip Developer Conference (RKDC) is now taking place, and the company has put up a poster that reveals a bit more about the processor.

  • Arduino Blog » Arduino psychic ‘magically’ guesses random numbers

    Standard Arduino Nanos can be used for many purposes, but they do not feature wireless capabilities. Somehow, though, Hari Wiguna’s Arduino psychic system is apparently able to pass data between two of them. No external communication hardware is implemented, yet one Nano is able to recognize when a random number chosen on the other Nano setup is input via an attached keypad. As noted by Wiguna, it’s easier shown than explained, and you can see this techno-magic trick in action in the first clip. How things work is revealed in the second video, but can you guess how it’s done?

Security, Digital Restrictions (DRM), and Proprietary Problems

  • Best forensic and pentesting Linux distros of 2020

    20.04 LTS and uses the Xfce desktop, and is available as a single ISO only for 64-bit machines. In addition to the regular boot options, the distro’s boot menu also offers the option to boot into a forensics mode where it doesn’t mount the disks on the computer. BackBox includes some of the most common security and analysis tools. The project aims for a wide spread of goals, ranging from network analysis, stress tests, sniffing, vulnerability assessment, computer forensic analysis, exploitation, privilege escalation, and more. All the pentesting tools are neatly organized in the Auditing menu under relevant categories. These are broadly divided into three sections. The first has tools to help you gather information about the environment, assess vulnerabilities of web tools, and more. The second has tools to help you reverse-engineer programs and social-engineer people. The third has tools for all kinds of analysis. BackBox has further customized its application menu to display tooltips with a brief description of each bundled tool, which will be really helpful for new users who aren’t familiar with the tools. As an added bonus, the distro also ships with Tor and a script that will route all Internet bound traffic from the distro via the Tor network.

  • Thanksgiving security updates

    Security updates have been issued by openSUSE (blueman, chromium, firefox, LibVNCServer, postgresql10, postgresql12, thunderbird, and xen), Slackware (bind), SUSE (bluez, kernel, LibVNCServer, thunderbird, and ucode-intel), and Ubuntu (mutt, poppler, thunderbird, and webkit2gtk).

  • Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

    AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Arbitrary PHP code executionCVE IDs: CVE-2020-28949CVE-2020-28948Description: The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2 or .tlz files. This is a different issue than SA-CORE-2019-12, similar configuration changes may mitigate the problem until you are able to patch.

  • Financial software firm cites security, control as reasons for moving from email to Slack [Ed: Unbelievable stupidity; Slack is illegal mass surveillance and it’s centralised proprietary software (whereas E-mail can be encrypted, e2e)]

    ASX-listed financial software firm Iress is moving away from email to Slack for communications and its chief technology officer, Andrew Todd, says this is because the app offers improved security and control.

  • Introducing another free CA as an alternative to Let's Encrypt

    Let's Encrypt is an amazing organisation doing an amazing thing by providing certificates at scale, for free. The problem though was that they were the only such organisation for a long time, but I'm glad to say that the ecosystem is changing.

  • Denuvo's Anti-Piracy Protection Probably Makes Sense For Big-Selling AAA Titles

    A hacking team believed to have obtained data from gaming giant Ubisoft has published documents that claim to reveal the costs of implementing Denuvo's anti-piracy protection. While the service doesn't come cheap, the figures suggest that for a big company putting out big titles with the potential for plenty of sales, the anti-tamper technology may represent value for money.

  • Disappointing: Netflix Decides To Settle With Chooseco LLC Over 'Bandersnatch' Lawsuit

    Well, it's been quite a stupid and frustrating run in the trademark lawsuit between Netflix and Chooseco LLC, the folks behind Choose Your Own Adventure books from our youth. At issue was the Black Mirror production Bandersnatch, in which the viewer takes part in an interactive film where they help decide the outcome. The main character is creating a book he refers to as a "choose your own adventure" book. Chooseco also complained that the dark nature of the film would make the public think less of CYOA books as a result. Netflix fought back hard, arguing for a dismissal on First Amendment grounds, since the film is a work of art and the limited use or reference to CYOA books was an important, though small, part of that art. The court decided that any such argument was better made at trial and allowed this madness to proceed, leading Netflix to petition for the cancellation of Chooseco's trademark entirely. This story all seemed to be speeding towards an appropriately impactful conclusion.

  • TPM circumvention and website blocking orders: An EU perspective

    Website blocking orders in IP cases (mostly, though not solely, in relation to copyright-infringing websites) are routinely granted in several jurisdictions, whether in Europe or third countries. The availability of such relief has been established in case law, administrative frameworks and academic studies alike. The Court of Justice of the European Union ('CJEU') expressly acknowledged the compatibility of such a remedy with EU law in its 2014 decision in UPC Telekabel. Also the European Court of Human Rights recently found that, although it is necessary that this particular remedy is available within a balanced and carefully drafted legislative framework which contains a robust and articulated set of safeguards against abuse, website blocking orders are not per se contrary to the provision in Article 10 ECHR. Over time, courts and other authorities (including administrative authorities in certain EU Member States) have dealt with applications which have: been based on different legal grounds; been aimed at protecting different types of rights; and resulted in different types of orders against internet service providers ('ISPs'). An interesting recent development concerns website blocking orders in relation to websites that market and sell devices and software aimed at circumventing technological protection measures (‘TPMs’). TPMs offer rights holders an ancillary right of protection and are deployed to protect against infringement of copyright in works that subsist in multimedia content such as video games. TPMs are a cornerstone in copyright protection in the digital age where large-scale copying and dissemination of copyright-protected content is so prevalent. [...] In light of the foregoing, copyright owners appear entitled to seek injunctions against intermediaries to also block access to websites dealing with TPM-circumventing devices. The legal basis for that can also be, subject to satisfying all the other requirements under EU and national law, the domestic provision implementing Article 8(3) of the InfoSoc Directive. All in all, it appears likely that we will see more blocking orders in the future, including orders – issued by courts and competent authorities around Europe – targeting websites that provide TPM-circumventing devices. This is an unsurprising and natural evolution of website blocking jurisprudence. It also serves to show the very flexibility of this type of remedy and, matched inter alia with the loose notion of ‘intermediary’, its inherently broad availability.

  • Prolonged AWS outage takes down a big chunk of the internet

    Many apps, services, and websites have posted on Twitter about how the AWS outage is affecting them, including 1Password, Acorns, Adobe Spark, Anchor, Autodesk, Capital Gazette, Coinbase, DataCamp, Getaround, Glassdoor, Flickr, iRobot, The Philadelphia Inquirer, Pocket, RadioLab, Roku, RSS Podcasting, Tampa Bay Times, Vonage, The Washington Post, and WNYC. Downdetector.com has also shown spikes in user reports of problems with many Amazon services throughout the day.