The new Ubuntu Appliance portfolio provides free images to help you turn your Raspberry Pi into an IoT device: just install them to your SD card and you have all the software you need to make a media server, get started with home automation, and more. Canonical’s Rhys Davies is here to tell us all about it.
We are delighted to announce the new Ubuntu Appliance portfolio. Together with NextCloud, AdGuard, Plex, Mosquitto and openHAB, we have created the first in a new class of Ubuntu derivatives. Ubuntu Appliances are software-defined projects that enable users to download everything they need to turn a Raspberry Pi into a device that does one thing – beautifully.
The Ubuntu Appliance mission is to enable you to build your own secure, self-updating, single-purpose devices. Tell us what you want to see next, or let’s talk about turning your project into the next Ubuntu Appliance in Discourse. For now, we are excited to bring these initial appliances to your attention.
The initial portfolio of five
Plex Media Server allows its users to organise and stream their own collection of movies, TV, music, podcasts and more from one place.
Mosquitto is a lightweight open source MQTT message broker, for use on all devices from low power single board computers to full-scale industrial grade servers.
OpenHAB is a pluggable architecture that allows users to design rules for automating their home, with time- and event-based triggers, scripts, actions, notifications and voice control.
AdGuard Home blocks annoying banners, pop-ups and video ads to make web surfing faster, safer and more comfortable.
NextCloud is an on-premise content collaboration platform that allows users to host their own private cloud at home or in the office.
How it all works
Head over to the Ubuntu Appliances website, click the appliance you would like, select download, follow the instructions, and away you go. Once you get to this stage, there are links to tutorials and documentation written by the upstream project themselves, so you can get next steps from the horse’s mouth. If you run into any bother let us know with a new topic and we’ll get on it.
But why bother?
The problem we are trying to solve is to do with the fragmentation in IoT. We want to give publishers and developers a platform to get their software in the hands of their users and into their devices. We work with them to securely bundle the OS, their applications and configurations into a single download that is available for anyone to turn a Raspberry Pi into a dedicated device. You can go to the portfolio and download as many of the appliances as you like and start using them today.
How to add your project to the Ubuntu Appliance portfolio
All of this gives a stage and a secure, production-grade base to projects. There are no restrictions on who can make an Ubuntu Appliance; all you need is an application that runs on a Raspberry Pi or another certified board, and to let us know what you’ve got so we can help you over the line. If you need more information, head to our community page where you’ll find the rules and the exact steps to become featured as an Ubuntu Appliance.
Try them out!
All that’s left to say is to try them out. All five of the initial appliances work on Raspberry Pi, so if you have one, you can get started. And if you don’t have one – maybe your Raspberry Pi is still in the post – then you can also ‘try before you Pi’: install the appliance in a virtual machine and see what you think.
The list of appliances is already growing. This launch marks the first five appliances, but we are already working with developers on the next wave and are looking for more. Start with these ones and go to our discourse to tell us what you think.
Setting up a new repository with all the right linters for the different types of code can be time consuming and tedious. So many tools and configurations to choose from and often more than one linter is needed to cover all the languages used.
The GitHub Super Linter was built out of necessity by the GitHub Services DevOps Engineering team to maintain consistency in our documentation and code while making communication and collaboration across the company a more productive experience. Now we are open sourcing that so everyone can use and improve it!
The Super Linter solves many of these requirements through automation. Some included features:
Prevent broken code from being uploaded to master branches
Help establish coding best practices across multiple languages
Build guidelines for code layout and format
Automate the process to help streamline code reviews
With these basic criteria, we should be shipping better, cleaner, and more stable code internally and to our customers and partners
What is it?
The Super Linter is a source code repository that is packaged into a Docker container and called by GitHub Actions. This allows for any repository on GitHub.com to call the Super Linter and start utilizing its benefits.
The Super Linter will currently support a lot of languages and more coming in the future. For details on languages, check out the README.md.
How it works
When you’ve set your repository to start running this action, any time you open a pull request, it will start linting the code case and return via the Status API. It will let you know if any of your code changes passed successfully, or if any errors were detected, where they are, and what they are. This then allows the developer to go back to their branch, fix any issues, and create a new push to the open pull request. At that point, the Super Linter will run again and validate the updated code and repeat the process. You can configure your branch protection rules to make sure all code must pass before being able to merge as an additional measure.
There’s a ton of customization with flags and templates that can help you customize the Super Linter to your individual repository. Just follow the detailed directions at the Super Linter repository and the Super Linter wiki.
This tool can also be helpful for any repository where multiple types of code and/or documentation all live together (monorepo).
Standardizing a rule set across the Super Linter has been an interesting challenge as each developer is unique in how they code. This is why we allow users to use any rules for the linter as they see fit for their repository. But, if no ruleset is defined, we must default to a certain standard.
The rule set for Ruby and Rails are pulled from the Ruby gem: rubocop-github and follow the same rules and versioning we use on GitHub.com.
For other languages, we choose what is the default when installing the linter such as: coffeelint or yamllint. For others, we try to find a happy middle ground that lays the simple groundwork and helps establish some best practices like: Markdownlint or pylint.
The beauty of this is, out of the box you will start establishing the framework, and your team can decide at any point, if additional customization is needed, you have all the ability to do so.
Just navigate to the Super Linter and copy templates from the TEMPLATES folder to your local repository.
Join in the fun
We encourage you to set up this action and start the process of cleaning up your codebase and building your team’s standards and best practices.
How can I contribute?
We’re always looking to update best practices, add additional languages, and make the tool easier for consumption. If you’d like to help contribute to this action, check out our contributing guide.
We’re thrilled that Coolest Projects is taking place this summer as an online showcase, and registration opens today!
Our world-leading technology fair usually takes place as a free face-to-face event, with thousands of young people coming together to showcase projects they’ve created. After making the tough decision to cancel the Coolest Projects 2020 events in Dublin and Manchester, we began building a solution that would allow us to host our tech showcase for young people online this year.
As so many young people are currently at home all over the world, we wanted to create an online space where they can share their tech projects, be inspired by their peers, and celebrate each other’s achievements as a community.
A chance to be creative and have fun
Coolest Projects is a great opportunity for young people to get creative, have fun, learn from others, and be a part of something truly special.
To get involved in Coolest Projects, all that young people need is an idea that involves tech, and the enthusiasm to bring it to life. If they’re looking for inspiration, they can explore our Digital Making at Home series of free, weekly code-along videos and step-by-step project guides. We’ve also got support for parents who want to learn more about the tools and programs their children could use to create a tech project.
We invite all creators and all project types!
Coolest Projects is open to anyone up to the age of 18, and young people can join wherever they are in the world. Creators at all levels of experience are encouraged, with projects from beginner to advanced, and it doesn’t matter whether the project is a work in progress, a prototype, or a finished product — every participant and every project are welcome!
Young creators get to share their ideas with the world
All submitted projects will be showcased for the whole world to see in the new Coolest Projects online gallery, so that we can all celebrate the effort, enthusiasm, and creativity of young people who have turned an idea into reality using tech.
In the online gallery, you’ll be able to filter projects and explore at your leisure. We’ve enlisted some special judges to help us pick out favourites!
Why do young people take part in Coolest Projects?
Estela Liobikaitė from Strokestown, Co. Roscommon in Ireland took part in Coolest Projects International last year. She began coding at school with her teacher, Ms Gilleran, and developed a love for animation. Estela talks about the possibilities coding gives young people:
“I like coding because it is very entertaining to play to learn about technology. Coding gives a person many opportunities and possibilities.”
Estela at Coolest Projects International 2019
Sofia and Mihai, both aged 9, also took part in Coolest Projects International 2019. They travelled to the Dublin event from Slatina in Romania, where they attend a Code Club in their community. Sofia and Mihai both love animals and created their project, Friendship Saves Endangered Species, to raise awareness about the fragile ecosystem.
Sofia and Mihai at Coolest Projects 2019
Their advice for other young people thinking of getting involved in Coolest Projects is: “Follow your dream, put your ideas into practice, because Coolest Projects is a great opportunity!”
Get involved with Coolest Projects
If you know a young person who has made a digital creation, then encourage them to register it for Coolest Projects, be it an animation, website, game, app, robot, or anything else they’ve built with technology. Projects can be registered in the following categories: Hardware; Scratch; Mobile Apps; Websites; Games; Advanced Programming.
To register a project or find out more about taking part, visit coolestprojects.org. Registration closes on 28 June 2020.
PS This year’s Coolest Projects online showcase wouldn’t be possible without the support of our sponsors — thank you!
Facebook, BNY Mellon, Liberty Global, Blizzard Entertainment, EPAM
Over the last week, GitHub has received reports related to a phishing campaign targeting our customers. We’re publishing this blog to increase awareness of this ongoing threat.
The phishing message claims that a repository or setting in a GitHub user’s account has changed or that unauthorized activity has been detected. The message goes on to invite users to click on a malicious link to review the change. Specific details may vary since there are many different lure messages in use. Here’s a typical example:
Clicking the link takes the user to a phishing site mimicking the GitHub login page, which steals any credentials entered. For users with TOTP-based two-factor authentication enabled, the site also relays any TOTP codes to the attacker and GitHub in real-time, allowing the attacker to break into accounts protected by TOTP-based two-factor authentication. Accounts protected by hardware security keys are not vulnerable to this attack.
The attacker uses the following tactics, but not all tactics are used in every case:
The phishing email is sourced from legitimate domains, using compromised email servers or stolen API credentials for legitimate bulk email providers.
Targeting of currently-active GitHub users across many companies in the tech sector and in multiple countries via email addresses used for public commits.
Use of URL-shortening services to conceal the true destination of the malicious link. Sometimes the attacker chains multiple URL-shortening services for further obfuscation.
Use of PHP-based redirectors on compromised websites to redirect the victim from a less suspicious-looking URL to another malicious one.
If the attacker successfully steals GitHub user account credentials, they may quickly create GitHub personal access tokens or authorize OAuth applications on the account in order to preserve access in the event that the user changes their password.
In many cases, the attacker immediately downloads private repository contents accessible to the compromised user, including those owned by organization accounts and other collaborators.
What GitHub is doing
GitHub Security is monitoring for new phishing sites while filing abuse reports and takedown requests. We’re committed to enabling users and organizations to better secure their accounts and data, and provide assistance securing accounts and investigating activity associated with compromised accounts.
GitHub is working tirelessly to make existing security features more accessible, as well as adding new features designed to make user accounts significantly harder to compromise.
How to protect yourself
If you believe you may have entered credentials on a phishing site:
In order to prevent phishing attacks (which collect two-factor codes) from succeeding, consider using hardware security keys or WebAuthn two-factor authentication. Also consider using a browser-integrated password manager. Many commercial and open-source options exist including browser-based password management native to popular web browsers. These provide a degree of phishing protection by autofilling or otherwise recognizing only a legitimate domain for which you have previously saved a password. If your password manager doesn’t recognize the website you’re visiting, it might be a phishing site.
To verify that you’re not entering credentials in a phishing site, confirm that the URL in the address bar is https://github.com/login and that the site’s TLS certificate is issued to GitHub, Inc.
If you’ve received phishing emails related to this phishing campaign, please contact GitHub Support with details about the sender email address and URL of the malicious site to help us respond to this issue.
Known phishing domains
Currently, we’ve observed the following phishing domains used by the attacker. Most of these are already offline, but the attacker frequently creates new domains and will likely continue to do so:
Like most of the world, we’ve been getting used to life in the lockdown. As an organisation, we’re very lucky that the vast majority of our work can be done remotely. We’ve moved all of our meetings and lots of events online. Yesterday, we held the first-ever Cambridge Computing Education Research Symposium as an online event, bringing together 250 researchers and practitioners to learn from each other.
Many of us have been figuring out how to combine working at home with additional daily caring responsibilities and homeschooling. Honestly, it’s a work in progress (in my house at least). We’ve introduced new flexible working policies, we’re working doubly hard to stay connected to each other, and we’re introducing initiatives to support well-being.
I am so grateful and frankly proud of the way that the Raspberry Pi team and all of our partners have responded to the crisis: taking care of each other, supporting the community, and focusing on how we can make the biggest positive contribution and impact.
Our mission has never been more vital
Our educational mission has never been more vital. Right now, over 1.5 billion young people aren’t able to access learning through schools or clubs due to the restrictions needed to stop the spread of the virus. Teachers and parents are doing their best to provide meaningful learning experiences at home and online. We have a responsibility and the ability to help.
We are taking four immediate actions to help millions of young people to learn at home during the crisis:
Delivering direct-to-student learning experiences
Supporting teachers to deliver remote lessons
Helping volunteers run virtual and online coding clubs
Getting computers into the hands of children who don’t have one at home
Digital Making at Home
Based on feedback from the community, we’ve launched a series of direct-to-student virtual and online learning experiences called Digital Making at Home. The idea is to inspire and support young people aged 7–17 who are learning at home, independently or with their parents, carers, or siblings. Taking our amazing library of free project resources (which are translated into up to 29 languages) as the starting point, we’re producing instructional videos that support different levels of skills. Each week we’re setting a theme that will inspire and engage young people to learn how to solve problems and express themselves creatively with technology.
Please check it out and let us have your feedback. We’ve got loads of ideas, but we really want to respond to what you need, so let us know.
You’ll hear more about Digital Making at Home and our ideas for it in my interview with Cambridge 105:
Supporting teachers to deliver remote lessons
We are working with partners in England (initially) to support teachers to deliver remote lessons on Computing and Computer Science. This work is part of the National Centre for Computing Education. We are adapting the teaching resources that we have developed so that they can be used by teachers who are delivering lessons and setting work remotely. We are designing a programme of online events to support learners using the Isaac Computer Science platform for post-16 students of Computer Science, including small-group mentoring support for both students and teachers.
All of our teaching and learning resources are available for free for anyone to use anywhere in the world. We are interested in working with partners outside England to find additional ways to make them as useful as possible to the widest possible audience.
Helping volunteers run virtual and online coding clubs
We support the world’s largest network of free coding clubs, with over 10,000 Code Clubs and CoderDojos reaching more than 250,000 young people on a regular basis. We are supporting the clubs that are unable to meet in person during the pandemic to move to virtual and online approaches, and we’ve been blown away by the sheer number of volunteers who want to keep their clubs meeting despite the lockdown.
We’re providing training and support to CoderDojo champions, Code Club organisers, educators, and volunteers, including providing free resources, support with handling issues such as safeguarding, and effective design and delivery of online learning experiences. We are also working with our network of 40 international partners to help them support the clubs in their regions.
Access to hardware
We know that a significant proportion of young people don’t have access to a computer for learning at home, and we’re working with incredibly generous donors and fantastic partners in the UK to get Raspberry Pi Desktop Kits distributed for free to children who need them. We’re also in discussions about extending the programme outside the UK.
Everything we do is made possible thanks to an incredible network of partners and supporters. We have been overwhelmed (in a good way) by offers of help since the coronavirus pandemic took hold. Here are some of the ways that you can get involved right now:
Share what we’re doing. We need as many people as possible to know that we are offering free, meaningful learning experiences for millions of young people. Please help us spread the word. Why not start by sharing this blog with your networks or inside your company?
Share your expertise and time. We regularly mobilise tens of thousands of volunteers all over the world to run computing clubs and other activities for young people. We are supporting clubs to continue to run virtually and online. We also need more help with translation of our learning resources. If you have expertise and time to share, get in touch at [email protected].
Support us with funding. Now more than ever, we need financial support to enable us to continue to deliver meaningful educational experiences for millions of young people at home. You can donate to support our work here.
Stay safe and take care of each other
Wherever you are in the world, I hope that you and yours are safe and well. Please follow the local public health guidance. Stay safe and take care of each other.
In this blog post, I want to share an update on how the Raspberry Pi Foundation is responding to the novel coronavirus and what it means for our work to support people all over the planet to change their world through technology.
The situation is changing rapidly, and we’ll update this blog as our response develops.
Follow local public health advice
The main guidance to our teams, partners, and community members is that they should follow the local public health advice in the country or region where they are based.
The spread of the virus is at different stages in different parts of the world. That’s one reason why the public health advice differs so much depending on where you are. This is a new threat and there are competing theories about the best course of action. We see that in the different approaches that are being taken by different governments around the world.
To state what I am sure is obvious, we aren’t epidemiologists or public health experts. That’s why our approach is to follow the local public health advice.
Changes to our schedule of events
We’ve been working closely with venues, partners, sponsors, and community members to keep our programme of events under review. There aren’t currently any restrictions on events that affect the specific dates and places where our events are being held. The problem really is one of uncertainty.
Until now, we’ve taken a ‘wait and see’ approach for events, following the local public health guidance closely and working on the assumption that we will go ahead as planned, unless the local advice is to cancel. However, over the past couple of days, we have become increasingly concerned that we are asking people to book travel and make practical arrangements when we think that there is a high likelihood that we will have to cancel events at the last minute.
We have therefore taken a number of very difficult decisions about our events programme.
Cambridge Computing Education Research Symposium, 1 April 2020
We have decided to hold the Research Symposium as an online-only event. Plans for this are well developed, and we are looking forward to bringing together an amazing community of researchers, academics, and practitioners to discuss cutting-edge research on how young people learn computing and computer science. Registration remains open and we will provide updates on the event via the symposium web page.
Coolest Projects UK, 4 April 2020 in Manchester, and Coolest Projects International, 6 June 2020 in Dublin
We have decided to cancel both upcoming Coolest Projects events. This was a really tough decision. In both cases, there is just too much uncertainty for us to continue to ask young people, parents, mentors, and volunteers to make travel and other arrangements. We are exploring options for providing an online experience that will enable the young creators to still showcase their amazing projects, so please don’t stop work on your project. We will provide further updates on the Coolest Projects website.
Clubs and community-led events
We have issued guidance to the tens of thousands of brilliant human beings that organise Code Clubs, CoderDojos, Raspberry Jams, and other community-led events all over the world. Our message is that they should follow the local public health advice in their country or region and take decisions on whether to cancel their club or event in consultation with the venues that host them. If you are a club leader or an event organiser and you have a concern, please contact us in the usual way, or email us at [email protected]
As a organisation with a global supply chain that makes and sells products all over the world, we have been working with our partners to minimise the impact of the pandemic on the availability of our products, and on the wellbeing of those involved in our supply chain and distribution network. At this stage, I am delighted to report that Raspberry Pi products are still available in all of the usual places and we’re working very hard to make sure that this continues.
We have implemented a range of actions to support our colleagues wherever they work. This has included restricting non-essential international travel, encouraging and supporting flexible and home working, improving the cleaning and hygiene facilities at our offices, and putting in place extra support for colleagues who have increased caring responsibilities because of government or other institutions taking actions to control the spread of the virus, like school closures.
We are following local public health guidance on self-isolation and, for anyone who is unwell, we will provide sick pay as normal. We have committed that none of our employees will be out of pocket because of actions we take to prevent the spread of the virus.
We have encouraged colleagues to consider moving face to face meetings online, including job interviews. So if you’re due to meet anyone at the Foundation, they’ll check in with you about your preferences and agree the best approach with you.
Look out for each other
One of the best things about Raspberry Pi is the amazing community that we have the privilege to work with everyday. That includes our teams, partners and funders, educators, volunteers, businesses, and millions of incredible young digital makers.
Whatever happens over the coming days, weeks, and months, it feels increasingly likely that everyone in this community will be affected in some way. Hopefully, for most people that will be nothing more than being inconvenienced.
Personally, I am finding the uncertainty one of the hardest things to deal with. I’ve really appreciated all of the messages of support and offers of help that I’ve received over the past few days. This has always been an organisation and a community where people genuinely care about and support each other. Let’s all double down on that now.
We’re introducing an easier and more seamless way to work with GitHub from the command line—GitHub CLI, now in beta. Millions of developers rely on GitHub to make building software more fun and collaborative, and gh brings the GitHub experience right to your terminal.
You can install GitHub CLI today on macOS, Windows, and Linux, and there’s more to come as we iterate on your feedback from the beta. It’s available today for GitHub Team and Enterprise Cloud, but not yet available for GitHub Enterprise Server. We’ll be exploring support for Enterprise Server when it’s out of beta.
How can you use GitHub CLI?
We started with issues and pull requests because many developers use them every day. Check out a few examples of how gh can improve your experience when contributing to an open source project and learn more from the manual.
Filter lists to your needs
Find an open source project you want to contribute to and clone the repository. And then, to see where maintainers want community contributions, use gh to filter the issues to only show those with help wanted labels.
Quickly view the details
Find an issue describing a bug that seems like something you can fix, and use gh to quickly open it in the browser to get all the details you need to get started.
Create a pull request
Create a branch, make several commits to fix the bug described in the issue, and use gh to create a pull request to share your contribution.
By using GitHub CLI to create pull requests, it also automatically creates a fork when you don’t already have one, and it pushes your branch and creates your pull request to get your change merged.
View the status of your work
Get a quick snapshot the next morning of what happened since you created your pull request. gh shows the review and check status of your pull requests.
Easily check out pull requests
One of the maintainers reviewed your pull request and requested changes. You probably switched branches since then, so use gh to checkout the pull request branch. We never remember the right commands either!
Make the changes, push them, and soon enough the pull request is merged—congratulations!
Help shape GitHub CLI
We hope you’ll love the foundation we’ve built with pull requests and issues. And we’re even more excited about the future as we explore what it looks like to build a truly delightful experience with GitHub on the command line. As GitHub CLI continues to make it even more seamless to contribute to projects on GitHub, the sky’s the limit on what we can achieve together.
We can’t wait to hear about your experience with GitHub CLI, and we’d love your feedback. Create an issue in our open source repository or provide feedback in our google form. What commands feel like you can’t live without them? What’s clunky or missing? Let us know so we can make GitHub CLI even better.
If you’re reading this, it’s probably because you bagged yourself a brand-new Raspberry Pi for Christmas, and you’re wondering what you should do next.
Well, look no further, for we’re here to show you the ropes. So, sit back, pull on a pair of those nice, warm socks that you found in your stocking, top up your eggnog, and let’s get started.
Do I need an operating system?
Unless your Raspberry Pi came in a kit with a preloaded SD card, you’ll need to download an operating system. Find a microSD card (you may have one lurking in an old phone) and click here to download the latest version of Raspbian, our dedicated Raspberry Pi operating system.
To get Raspbian onto the microSD card, use free online software such as Etcher. Here’s a video from The MagPi magazine to show you how to do it.
Lucy Hattersley shows you how to install Raspberry Pi operating systems such as Raspbian onto an SD card, using the excellent Etcher. For more tutorials, check out The MagPi at http://magpi.cc ! Don’t want to miss an issue? Subscribe, and get every issue delivered straight to your door.
Learn #howto set up your Raspberry Pi for the first time, from plugging in peripherals to setting up #Raspbian.
Insert your microSD card into your Raspberry Pi. The microSD card slot should be fairly easy to find, and you need to make sure that you insert it with the contact side facing the board. If you feel like you’re having to force it in, you have it the wrong way round.
Next, plug your HDMI cable into the Raspberry Pi and your chosen HDMI display. This could be a computer monitor or your home television.
If you’re using a Raspberry Pi Zero or Raspberry Pi Zero W, you’ll need a mini HDMI to HDMI cable or adapter.
If you’re using a Raspberry Pi 4, you’ll need a micro HDMI to HDMI cable or adapter.
Next, plug in any peripherals that you want to use, such as a mouse or keyboard.
Lastly, plug your power cable into your Raspberry Pi. This is any standard micro USB cable (if you have an Android phone, check your phone charger!), or a USB-C power cable if you’re using the Raspberry Pi 4.
Most kits will come with all of the cables and adapters that you need, so look in the box first before you start rummaging around your home for spare cables.
Once the power cable is connected, your Raspberry Pi will turn on. If it doesn’t, check that your SD card is inserted correctly and your cables are pushed in fully.
What is a Raspberry Pi and what do you need to get started? Our ‘How to use a Raspberry Pi’ explainer will take you through the basics of your #RaspberryPi, and how you can get hands-on with Raspbian and #coding language tools such as Scratch and Mu, with our host, Dr Sally Le Page.
Once on, the Raspberry Pi will direct you through a setup process that allows you to change your password and connect to your local wireless network.
And then, you’re good to go!
Now what? Well, that depends on what you want to do with your Raspberry Pi.
Many people use their Raspberry Pi to learn how to code. If you’re new to coding, we suggest trying out a few of our easy online projects to help you understand the basics of Scratch — the drag-and-drop coding platform from MIT — and Python — a popular general-purpose programming language and the reason for the “Pi” in Raspberry Pi’s name.
Maybe you want to use your Raspberry Pi to set up control of smart devices in your home, or build a media centre for all your favourite photos and home movies. Perhaps you want to play games on your Raspberry Pi, or try out various HATs and add-ons to create fun digital making projects.
Whatever you want to do with your Raspberry Pi, the internet is full of brilliant tutorials from the Raspberry Pi Foundation and online creators.
From community events and magazines to online learning and space exploration – there are so many ways to get involved with the Raspberry Pi Foundation.
The Raspberry Pi community is huge, and spreads across the entire globe, bringing people together to share their love of coding, digital making, and computer education. However you use your Raspberry Pi, know that, by owning it, you’ve helped the non-profit Raspberry Pi Foundation to grow, bringing more opportunities to kids and teachers all over the world. So, from the bottom of our hearts this festive season, thank you.
On 29 February 2020, the Raspberry Pi Foundation will celebrate the eighth birthday of the Raspberry Pi computer (or its second birthday, depending on how strict you are about counting leap years).
Like any parent, we feel like time has flown by, and it’s remarkable to think how far we’ve come in such a short space of time.
Since launching the credit-card–sized $35 Raspberry Pi Model B, we have sold 30 million high-quality, low-cost computers worldwide. Raspberry Pi has become the third best-selling general-purpose computer ever, behind only the Mac and the PC.
In many ways, what’s been even more remarkable than the success of the product is the amazing community that has formed around our tiny, low-cost computer. These are the makers, educators, hobbyists, and entrepreneurs from all walks of life and all corners of the globe who share our passion for inspiring the next generation of digital creators. You can often read about them on this blog and in the official community magazine, The MagPi. You can also meet them in person at a Raspberry Jam.
Meet up with other Raspberry Pi enthusiasts!
Celebrate at a Raspberry Jam
Raspberry Jams are community-led meetups that bring people together to share, connect, and learn from each other. The first one was held in Manchester in 2012, and so far Jams have been held in more than 70 countries — and that’s just the ones we know about.
While Jams take place throughout the year, there’s a special tradition of Jams celebrating the birthday of the Raspberry Pi computer. This year, there were over 130 Raspberry Jam events in 39 countries, attended by 8000 people. Now that’s a party!
Register your Birthday Jam and we’ll send you some special swag
Next year, because it’s a big birthday, we’ll be sending a special box of swag to any Jam that is taking place between Saturday 15 February and Sunday 15 March 2020.
Responding to incidents of child sexual abuse material (CSAM) online has been a priority at Cloudflare from the beginning. The stories of CSAM victims are tragic, and bring to light an appalling corner of the Internet. When it comes to CSAM, our position is simple: We don’t tolerate it. We abhor it. It’s a crime, and we do what we can to support the processes to identify and remove that content.
In 2010, within months of Cloudflare’s launch, we connected with the National Center for Missing and Exploited Children (NCMEC) and started a collaborative process to understand our role and how we could cooperate with them. Over the years, we have been in regular communication with a number of government and advocacy groups to determine what Cloudflare should and can do to respond to reports about CSAM that we receive through our abuse process, or how we can provide information supporting investigations of websites using Cloudflare’s services.
Recently, 36 tech companies, including Cloudflare, received this letter from a group of U.S Senators asking for more information about how we handle CSAM content. The Senators referred to influential New York Times stories published in late September and early November that conveyed the disturbing number of images of child sexual abuse on the Internet, with graphic detail about the horrific photos and how the recirculation of imagery retraumatizes the victims. The stories focused on shortcomings and challenges in bringing violators to justice, as well as efforts, or lack thereof, by a group of tech companies including Amazon, Facebook, Google, Microsoft, and Dropbox, to eradicate as much of this material as possible through existing processes or new tools like PhotoDNA that could proactively identify CSAM material.
We think it is important to share our response to the Senators (copied at the end of this blog post), talk publicly about what we’ve done in this space, and address what else we believe can be done.
How Cloudflare Responds to CSAM
From our work with NCMEC, we know that they are focused on doing everything they can to validate the legitimacy of CSAM reports and then work as quickly as possible to have website operators, platform moderators, or website hosts remove that content from the Internet. Even though Cloudflare is not in a position to remove content from the Internet for users of our core services, we have worked continually over the years to understand the best ways we can contribute to these efforts.
The first prong of Cloudflare’s response to CSAM is proper reporting of any allegation we receive. Every report we receive about content on a website using Cloudflare’s services filed under the “child pornography” category on our abuse report page leads to three actions:
We forward the report to NCMEC. In addition to the content of the report made to Cloudflare, we provide NCMEC with information identifying the hosting provider of the website, contact information for that hosting provider, and the origin IP address where the content at issue can be located.
We forward the report to both the website operator and hosting provider so they can take steps to remove the content, and we provide the origin IP of where the content is located on the system so they can locate the content quickly. (Since 2017, we have given reporting parties the opportunity to file an anonymous report if they would prefer that either the host or the website operator not be informed of their identity).
We provide anyone who makes a report information about the identity of the hosting provider and contact information for the hosting provider in case they want to follow up directly.
Since our founding, Cloudflare has forwarded 5,208 reports to NCMEC. Over the last three years, we have provided 1,111 reports in 2019 (to date), 1,417 in 2018, and 627 in 2017.
Reports filed under the “child pornography” category account for about 0.2% of the abuse complaints Cloudflare receives. These reports are treated as the highest priority for our Trust & Safety team and they are moved to the front of the abuse response queue. We are generally able to respond by filing the report with NCMEC and providing the additional information within a matter of minutes regardless of time of day or day of the week.
Requests for Information
The second main prong of our response to CSAM is operation of our “trusted reporter” program to provide relevant information to support the investigations of nearly 60 child safety organizations around the world. The “trusted reporter” program was established in response to our ongoing work with these organizations and their requests for both information about the hosting provider of the websites at issue as well as information about the origin IP address of the content at issue. Origin IP information, which is generally sensitive security information because it would allow hackers to circumvent certain security protections for a website, like DDoS protections, is provided to these organizations through dedicated channels on an expedited basis.
Like NCMEC, these organizations are responsible for investigating reports of CSAM on websites or hosting providers operated out of their local jurisdictions, and they seek the resources to identify and contact those parties as quickly as possible to have them remove the content. Participants in the “trusted reporter” program include groups like the Internet Watch Foundation (IWF), the INHOPE Foundation, the Australian eSafety Commission, and Meldpunt. Over the past five years, we have responded to more than 13,000 IWF requests, and more than 5,000 requests from Meldpunt. We respond to such requests on the same day, and usually within a couple of hours. In a similar way, Cloudflare also receives and responds to law enforcement requests for information as part of investigations related to CSAM or exploitation of a minor.
Among this group, the Canadian Centre for Child Protection has been engaged in a unique effort that is worthy of specific mention. The Centre’s Cybertip program operates their Project Arachnid initiative, a novel approach that employs an automated web crawler that proactively searches the Internet to identify images that match a known CSAM hash, and then alerts hosting providers when there is a match. Based on our ongoing work with Project Arachnid, we have responded to more than 86,000 reports by providing information about the hosting provider and provide the origin IP address, which we understand they use to contact that hosting provider directly with that report and any subsequent reports.
Although we typically process these reports within a matter of hours, we’ve heard from participants in our “trusted reporter” program that the non-instantaneous response from us causes friction in their systems. They want to be able to query our systems directly to get the hosting provider and origin IP information, or better, be able to build extensions on their automated systems that could interface with the data in our systems to remove any delay whatsoever. This is particularly relevant for folks in the Canadian Centre’s Project Arachnid, who want to make our information a part of their automated system. After scoping out this solution for a while, we’re now confident that we have a way forward and informed some trusted reporters in November that we will be making available an API that will allow them to obtain instantaneous information in response to their requests pursuant to their investigations. We expect this functionality to be online in the first quarter of 2020.
Termination of Services
Cloudflare takes steps in appropriate circumstances to terminate its services from a site when it becomes clear that the site is dedicated to sharing CSAM or if the operators of the website and its host fail to take appropriate steps to take down CSAM content. In most circumstances, CSAM reports involve individual images that are posted on user generated content sites and are removed quickly by responsible website operators or hosting providers. In other circumstances, when operators or hosts fail to take action, Cloudflare is unable on its own to delete or remove the content but will take steps to terminate services to the website. We follow up on reports from NCMEC or other organizations when they report to us that they have completed their initial investigation and confirmed the legitimacy of the complaint, but have not been able to have the website operator or host take down the content. We also work with Interpol to identify and discontinue services from such sites they have determined have not taken steps to address CSAM.
Based upon these determinations and interactions, we have terminated service to 5,428 domains over the past 8 years.
In addition, Cloudflare has introduced new products where we do serve as the host of content, and we would be in a position to remove content from the Internet, including Cloudflare Stream and Cloudflare Workers. Although these products have limited adoption to date, we expect their utilization will increase significantly over the next few years. Therefore, we will be conducting scans of the content that we host for users of these products using PhotoDNA (or similar tools) that make use of NCMEC’s image hash list. If flagged, we will remove that content immediately. We are working on that functionality now, and expect it will be in place in the first half of 2020.
Part of an Organized Approach to Addressing CSAM
Cloudflare’s approach to addressing CSAM operates within a comprehensive legal and policy backdrop. Congress and the law enforcement and child protection communities have long collaborated on how best to combat the exploitation of children. Recognizing the importance of combating the online spread of CSAM, NCMEC first created the CyberTipline in 1998, to provide a centralized reporting system for members of the public and online providers to report the exploitation of children online.
In 2006, Congress conducted a year-long investigation and then passed a number of laws to address the sexual abuse of children. Those laws attempted to calibrate the various interests at stake and coordinate the ways various parties should respond. The policy balance Congress struck on addressing CSAM on the Internet had a number of elements for online service providers.
First, Congress formalized NCMEC’s role as the central clearinghouse for reporting and investigation, through the CyberTipline. The law adds a requirement, backed up by fines, for online providers to report any reports of CSAM to NCMEC. The law specifically notes that to preserve privacy, they were not creating a requirement to monitor content or affirmatively search or screen content to identify possible reports.
Second, Congress responded to the many stories of child victims who emphasized the continuous harm done by the transmission of imagery of their abuse. As described by NCMEC, “not only do these images and videos document victims’ exploitation and abuse, but when these files are shared across the internet, child victims suffer re-victimization each time the image of their sexual abuse is viewed” even when viewed for ostensibly legitimate investigative purposes. To help address this concern, the law directs providers to minimize the number of employees provided access to any visual depiction of child sexual abuse.
Finally, to ensure that child safety and law enforcement organizations had the records necessary to conduct an investigation, the law directs providers to preserve not only the report to NCMEC, but also “any visual depictions, data, or other digital files that are reasonably accessible and may provide context or additional information about the reported material or person” for a period of 90 days.
Because Cloudflare’s services are used so extensively—by more than 20 million Internet properties, and based on data from W3Techs, more than 10% of the world’s top 10 million websites—we have worked hard to understand these policy principles in order to respond appropriately in a broad variety of circumstances. The processes described in this blogpost were designed to make sure that we comply with these principles, as completely and quickly as possible, and take other steps to support the system’s underlying goals.
We are under no illusion that our work in this space is done. We will continue to work with groups that are dedicated to fighting this abhorrent crime and provide tools to more quickly get them information to take CSAM content down and investigate the criminals who create and distribute it.
Today is Giving Tuesday. Giving Tuesday takes place on the day following the well-known shopping days of Black Friday and Cyber Monday, as a celebration of the generosity of the human spirit. It’s your chance to give something back, or to pay it forward, whichever feels right to you.
Giving makes you happy
There is now plenty of evidence for what we all know intuitively to be true: giving makes you happy.
Whether it’s giving gifts for Christmas, volunteering your time for a cause that you care about, or donating some of your hard-earned cash to support a nonprofit organisation, there’s a proven neural link between generosity and happiness (if you want to check the science, this recent study is a good place to start).
Help young people get creative with coding and hardware!
This link certainly exists for the tens of thousands of people who give their time to support young people at Code Clubs and CodeDojos; whenever I ask volunteers why they give their time, they consistently talk about the feeling of joy they experience when they see a young person having a breakthrough and learning something new.
Thank you to our supporters
We’re coming to the end of another remarkable year at the Raspberry Pi Foundation, and I wanted to use this Giving Tuesday to say thank you to all of our supporters.
You can become part of a movement that empowers young people to express themselves through creative tech projects.
There are now over 10000 Code Clubs and CoderDojos, supported by more than 20000 amazing educators and volunteers, helping hundreds of thousands of young people all over the world to learn how to create with digital technologies.
Taken together, that’s millions more young people learning how to create with digital technologies, many of whom wouldn’t otherwise have had the opportunity to discover the power of digital making.
We couldn’t achieve any of this without the incredible generosity of our supporters, who give their time, expertise, and money to bring our work to life.
You can become a supporter too
If you’d like to experience some of the unadulterated joy that comes with supporting the mission of the Raspberry Pi Foundation, it couldn’t be easier:
Buy a Raspberry Pi computer: every time you purchase one of our products, you help support the work of the Raspberry Pi Foundation.
Volunteer at a Code Club or CoderDojo: join tens of thousands of people who run free computing clubs for young people.
Donate to us: this year, around a third of the money we spend will come from grants, donations, and sponsorship. Whether you are an individual or an organisation, every Pound, Dollar, and Euro you trust us with makes a huge difference.
If you want to get involved in supporting the next generation of digital makers, you can support us with a one-off or regular donation: www.raspberrypi.org/donate
Grabbing the attention of employees at a security and privacy-focused company on security awareness presents a unique challenge; how do you get people who are already thinking about security all day to think about it some more? October marked Cloudflare’s first Security Awareness Month as a public company and to celebrate, the security team challenged our entire company population to create graphics, slogans, and memes to encourage us all to think and act more securely every day.
Employees approached this challenge with gusto; global participation meant plenty of high quality submissions to vote on. In addition to being featured here, the winning designs will be displayed in Cloudflare offices throughout 2020 and the creators will be on the decision panel for next year’s winners. Three rose to the top, highlighting creativity and style that is uniquely Cloudflarian. I sat down with the winners to talk through their thoughts on security and what all companies can do to drive awareness.
Eugene Wang, Design Team, First Place
Sílvia Flores, Executive Assistant, Second Place
Scott Jones, e-Learning Developer, Third Place
Wipe that whiteboard clean Visitors may come and see Secrets not for them
No tailgating please You may be a nice person But I don’t know that
1. What inspired your design?
Eugene: The friendly “Welcome” cloud seen in our all company slides was a jumping off point. It seemed like a great character that embodied being a Cloudflarian and had tons of potential to get into adventures. I also wanted security to be a bit fun, where appropriate. Instead of a serious breach (though it could be), here it was more a minor annoyance personified by a wannabe-sneaky alligator. Add a pun, and there you go—poster design!
Sílvia: What inspired my design was the cute Cloudflare mascot the otter since there are so many otters in SF. Also, security can be fun and I added a pun for all the employees to remember the security system in an entertaining and respectful way. This design is very much my style and I believe making things cute and bright can really grab attention from people who are so busy in their work. A bright, orange, leopard print poster cannot be missed!
Scott: I have always loved the haiku form and poems were allowed!
2. What’s the number one thing security teams can do to get non-security people excited about security?
Eugene: Make them realize and identify the threats that can happen everyday, and their role in keeping things secure. Cute characters and puns help.
Sílvia: Make it more accessible for people to engage and understand it, possibly making more activities, content, and creating a fun environment for people to be aware but also be mindful.
Scott: Use whatever means available to keep the idea of being security conscious in everyone’s active awareness. This can and should be done in a variety of different ways so as to engage everyone in one way or another, visually with posters and signs, mentally by having contests, multi-sensory through B.E.E.R. meeting presentations and yes, even through a careful use of fear by periodically giving examples of what can happen if security is not followed…I believe that people like working here and believe in what we are doing and how we are doing it, so awareness mixed in with a little fear can reach people on a more visceral and personal level.
3. What’s your favorite security tip?
Eugene: Look at the destination of the return email.
Sílvia: LastPass. Oh my lord. I cannot remember one single password since we need to make them so difficult! With numbers, caps, symbols, emojis (ahaha). LastPass makes it easier for me to be secure and still be myself and not remembering any password without freaking out.
Scott: “See something, say something” because it both reflects our basic responsibility to each other and exhibits a pride that we have as being part of a company we believe in and want to protect.
For security practitioners and engagement professionals, it’s easy to try to boil the ocean when Security Awareness Month comes around. The list of potential topics and guidance is endless. Focusing on two or three key messages, gauging the maturity of your organization, and encouraging company-wide participation makes it a company-wide effort. Extra recognition and glory for those that go over and above never hurts either.
Want to run a security awareness design contest at your company? Reach out to us at [email protected] for tips and best practices for getting started, garnering support, and encouraging participation.
Yesterday, we asked you to share your Raspberry Pi builds on social media using the hashtag #IUseMyRaspberryPiFor. The result was amazing, with so many of you sharing some really interesting projects, inspiring both us, and others, to get creative.
Live digital audio effects processing with @blokaslabs MODEP #IUseMyRaspberryPiFor https://t.co/7HVhxns2p1
We see a lot of music-based Raspberry Pi projects, from guitar pedals to radios, soundboards, and capacitive-touch fruit baskets. This effects processor for Daniel Kraft’s drum kit will have many of the musically inclined members of Raspberry Pi Towers getting code-happy in no time.
IUseMyRaspberryPiFor building autonomous robots, securing our house Internet access, picturing wildlife in our garden, but mostly to introduce IT to my daughter and how much can be accomplished and learned through it (creativity, patience,…), all thanks to the community 🙂 !
Pierre-Yves Baloche uses his Raspberry Pi for a multitude of tasks, including as a tool to introduce his daughter to technology, and to the technical and non-technical skills that come with learning to make stuff.
RT:(@Raspberry_Pi) RT @sarru1291: I’m using raspberry pi for building a visual guide for visually impaired people. It is portable and fully voice-controlled. It can be used for most of the daily life activities. #IUseMyRaspberryPiFor #RaspberryPi https://t.co/QMhBYxzpKJ #don…
This project from Gabriel Cruz is a great example of how Raspberry Pi can be used to create low-cost accessibility aids.
This is how planespotters use their TVs. Log and monitor the planes approaching and landing to an airport with @Raspberry_Pi #IUseMyRaspberryPiFor #AI #flightradar24 Source here: https://t.co/1t5Lau2bt9
Our colleagues at the Raspberry Pi North America office have a similar setup for plane spotting.
IUseMyRaspberryPiFor Loads of things! Everything from home automation with Node-RED, HA touch screens, sensor monitoring with InfluxDB/Grafana, VoIP PBX, Octoprint, fixed & pan/tilt cameras, control of a Cambridge Audio amp, UniFi controller, PiHole, probably missed loads!
Nathan uses a Raspberry Pi for just about everything! Great work!
Technology should be for everyone, but it has to be built by everyone to be for everyone. At Raspberry Pi, we work to empower everyone to become a tech creator and shape our collective digital future, and we hope that our work will help to increase the tech sector’s diversity.
I asked Carrie Anne Philbin, our Director of Educator Support, and Vanessa Vallely OBE, Managing Director at WeAreTheCity, about their thoughts on how we can make the tech sector more diverse, and what part role models, education, and professional development play in this.
Vanessa, WeAreTheCity helps organisations foster a strong female workforce, and provides opportunities for women to network and develop their skills. Why do you think it’s important for women and people from minority backgrounds to support each other in the professional world?
Vanessa Vallely: I believe it is important for everyone to support each other. It is important that we work as a collective and collaborate, as at the end of the day we are all trying to achieve the same goal. 17% women in tech [in the UK] is not enough.
“We want more women in tech, and we want them to represent all aspects of society.” – Vanessa Vallely OBE
We cannot be what we cannot see, therefore asking women who are already working in tech to stand up and own their role model status is a great start.
What can individuals do to address the lack of diversity in the tech sector?
Carrie Anne Philbin: Firstly, let’s recognise that we need the tech sector to be more representative of the population of the world. It’s problematic to have a small subsection of society be the controllers of a growing digital world.
Then, we need to be the change we want to see in the industry. Let’s try different avenues and then let’s be open about our challenges and successes.
VV: I believe every woman in the tech sector is a role model to future generations. There are a number of things individuals can do, for example go back to their schools and tell their tech stories, or contribute/write blogs. This doesn’t just raise their profile, it puts their story out there for others to aspire to. I think this is really important, especially if the individual is from a background where role models are less visible. There are lots of different organisations and networks that facilitate individuals getting involved in their school or early career initiatives which has made it easier to get involved and give back.
CAP: As a woman in the computing field, I think it is important that I hold the door open for other women coming through in my wake, and that I highlight where I can, great work by others.
Ever since I realised that my skills and knowledge in computing were useful and allowed me to be creative in a whole new way, I’ve championed computer science as a subject that everyone should experience. Once you’ve created your first computer program or built your first network, you’ll never want to stop.
Carrie Anne, how does your coding session at WATC’s WeAreTechWomen conference today tie into this?
CAP: At the Raspberry Pi Foundation, I spend a lot of time thinking about how to teach computing well, and about how young people can have great learning experiences so they can become the makers and creators of tomorrow.
“Technology is not a mystery, nor is it hard to learn. I want to dispel this myth for everyone regardless of gender, ethnicity, or economic status.” – Carrie Anne Philbin
During my session at WeAreTechWomen, I hope to support attendees to write their first creative python program, based on a project I wrote for Code Club to create a virtual pet. It is my hope that the session will be the spark of inspiration that gets more women and men from diverse backgrounds excited about being creators of technology.
You’ve built a career in tech education as a teacher, YouTuber, and Director at Raspberry Pi. How can beginners get comfortable creating with tech?
CAP: There isn’t anything magical about technology, and once you know this, you can start to explore with confidence, much like our ancestors when they learned that the earth was round and not flat.
“Phrases like ‘I’m not good with technology’ or ‘It’s all too complicated for me’ are reassuring to say in a society where the accepted view is that maths and science are hard, and where this view is reinforced by our media. But it is OK to be a beginner, it is OK to learn something new, and it is OK to play, explore, fail, and succeed on the journey.” – Carrie Anne Philbin
However you like to learn, be it on your own or with others, there is a way that suits you! I’ve always been quite project-minded: I have ideas about things I want to make, and then go and see if I can. This is how I stumbled across the Raspberry Pi in 2012 — it seemed like an accessible and cheap way to make my automation dreams come true. It also wasn’t too bad at randomly generating poems.
Aside from teacher-led instruction or independent exploration, another way is to learn with others in a relaxed and informal setting. If you’re a young person, then clubs like Code Club and CoderDojo are perfect. If you’re an adult, then attending a Raspberry Jam or conferences like WeAreTechWomen can provide a supportive environment.
“By being kinder to ourselves and seeing ourselves as life-long learners, it is easier to overcome insecurity and build confidence.” – Carrie Anne Philbin
A great way to approach new learning is at your own pace, and thanks to technology, we have access to online training courses with great videos, exercises, and discussion — many of these are completely free and let you connect with a community of learners as well.
How do you think educating the next generation about computing will change the makeup of the tech sector?
CAP: We’re in an exciting phase for computing education. The world has woken up to the importance of equipping our young people with the knowledge and skills for an ever increasing digital landscape. This means computer science is gaining more prominence in school curricula and giving all children the opportunity to discover the subject.
“Education can be democratising, and I expect to see the makeup of the tech sector reflect this movement in the next five to twenty years.” – Carrie Anne Philbin
Unlike physics or music, computing is still a relatively young field, so we need to do more research into what is encouraging and what isn’t, particularly when we work with young people in schools or clubs.
We’re still learning how to teach computing, and particularly programming, well to encourage greater diversity, so it’s great to see such a vast Gender Balance in Computing research project underway as part of the National Centre for Computing Education here in England. It’s not too late for schools in England to get involved in this project either…
Remember 2016? Pokemon Go was all the rage, we lost Prince, and there were surprising election results in both the UK and US. Back in 2016, Blackbird Technologies was notorious in the world of patent litigation. It was a boutique law firm that was one of the top ten most active patent trolls, filing lawsuits against more than 50 different defendants in a single year.
In October 2016, Blackbird was looking to acquire additional patents for their portfolio when they found an incredibly broad software patent with the ambiguous title, “PROVIDING AN INTERNET THIRD PARTY DATA CHANNEL.” They acquired this patent from its owner for $1 plus “other good and valuable consideration.” A little later, in March 2017, Blackbird decided to assert that patent against Cloudflare.
As we have explained previously, patent trolls benefit from a problematic incentive structure that allows them to take vague or abstract patents that they have no intention of developing and assert them as broadly as possible. Instead, these trolls collect licensing fees or settlements from companies who are otherwise trying to start a business, produce useful products, and create good jobs. Companies facing such claims usually convince themselves that settlements in the tens or hundreds of thousands of dollars are quicker and cheaper outcomes than facing years of litigation and millions of dollars in attorneys fees.
The following is how we worked to upend this asymmetric incentive structure.
The Game Plan
After we were sued by Blackbird, we decided that we wouldn’t roll over. We decided we would do our best to turn the incentive structure on its head and make patent trolls think twice before attempting to take advantage of the system. We created Project Jengo in an effort to remove this economic asymmetry from the litigation. In our initial blog post we suggested we could level the playing field by: (i) defending ourselves vigorously against the patent lawsuit instead of rolling over and paying a licensing fee or settling, (ii) funding awards for crowdsourced prior art that could be used to invalidate any of Blackbird’s patents, not just the one asserted against Cloudflare, and (iii) asking the relevant bar associations to investigate what we considered to be Blackbird’s violations of the rules of professional conduct for attorneys.
How’d we do?
As promised, we fought the lawsuit vigorously. And as explained in a blog post earlier this year, we won as convincing a victory as one could in federal litigation at both the trial and appellate levels. In early 2018, the District Court for the Northern District of California dismissed the case Blackbird brought against us on subject matter eligibility grounds in response to an Alice motion. In a mere two-page order, Judge Vince Chhabria held that “[a]bstract ideas are not patentable” and Blackbird’s assertion of the patent “attempts to monopolize the abstract idea of monitoring a preexisting data stream between a server and a client.” Essentially, the case was rejected before it ever really started because the court found Blackbird’s patent to be invalid.
Blackbird appealed that decision to the Court of Appeals for the Federal Circuit, which unceremoniously affirmed the lower court decision dismissing the appeal just three days after the appellate argument was heard. Following this ruling, we celebrated.
As noted in our earlier blog post, although we won the litigation as quickly and easily as possible, the federal litigation process still lasted nearly two years, involved combined legal filings of more than 1,500 pages, and ran up considerable legal expenses. Blackbird’s right to seek review of the decision by the US Supreme Court expired this summer, so the case is now officially over. As we’ve said from the start, we only intended to pursue Project Jengo as long as the case remained active.
Even though we won decisively in court, that alone is not enough to change the incentive structure around patent troll suits. Patent trolls are repeat players who don’t have significant operations, so the costs of litigation and discovery are much less for them.
Funding Crowdsourced Prior Art to Invalidate Blackbird Patents
An integral part of our strategy against Blackbird was to engage our community to help us locate prior art that we could use to invalidate all of Blackbird’s patents. One of the most powerful legal arguments against the validity of a patent is that the invention claimed in the patent was already known or made public somewhere else (“prior art”). A collection of prior art on all the Blackbird patents could be used by anyone facing a lawsuit from Blackbird to defend themselves. The existence of an organized and accessible library of prior art would diminish the overall value of the Blackbird patent portfolio. That sort of risk to the patent portfolio was the kind of thing that would nudge the incentive structure in the other direction. Although the financial incentives made possible by the US legal system may support patent trolls, we knew our secret weapon was a very smart, very motivated community that loathed the extortionary activities of patent trolls and wanted to fight back.
And boy, were we right! We established a prior art bounty to pay cash rewards for prior art submissions that read on the patent Blackbird asserted against Cloudflare, as well as any of Blackbird’s other patents.
We received hundreds of submissions across Blackbird’s portfolio of patents. We were very impressed with the quality of those submissions and think they call the validity of a number of those patents into question. All the relevant submissions we collected can be found here sorted by patent number, and we hope they are put to good use by other parties sued by Blackbird. Additionally, we’ve already forwarded prior art from the collection to a handful of companies and organizations that reached out to us because they were facing cases from Blackbird.
A high-level breakdown of the submissions:
We received 275 total unique submissions from 155 individuals on 49 separate patents, and we received multiple submissions on 26 patents.
40.1% of the total submissions related to the ’335 patent asserted against Cloudflare.
The second highest concentration of prior art submissions (14.9% of total) relate to PUB20140200078 titled “Video Game Including User Determined Location Information.” The vast majority of these submissions note the similarity between the patent’s claims and the Niantic game Ingress.
A few interesting examples of prior art that were submitted that we think are particularly damaging to some of the Blackbird patents:
Internet based resource retrieval system (No. 8996546) The first two sentences of this 2004 patent’s abstract summarize the patent as a “resource retrieval system compris[ing] a server having a searchable database wherein users can readily access region-based publications similar to, but not necessarily limited to, printed telephone directories. The resource retrieval system communicates with at least one user system, preferably via the Internet.”
The Project Jengo community reviewed the incredibly broad language in the patent claims and submitted a reference to an online phone book that allowed for the searching of local results from an online AT&T database. The submission is a link to an archive of a webpage from the year 2000, potentially calling into question the Blackbird patent on eligibility grounds.
Illuminated product packaging (No. 7086751) This patent seeks protection for packaging “intended to hold a product for sale. The product package includes one or more light sources disposed therein and configured to direct light through one or more openings in the exterior of the product package, in order to entice customers to purchase the product.”
In one of the more interesting Project Jengo submissions we received, the following information was provided: The CD packaging for Pink Floyd’s ‘Pulse’ included a blinking LED within the cardboard box that was active and visible on store shelves. We felt that this also spoke to the heart of this broad and seemingly obvious patented product.
Sports Bra (No. 7867058) This Blackbird patent involves a “sports bra having an integral storage pouch.”
The Project Jengo community found that a submission on a public discussion forum that pre-dates the ’058 patent and disclosed an idea of modifying a bra by creating an incision in the inner lining and applying a velcro strip so as to form a resealable pocket within the bra… Or essentially the same invention.
As a Bonus – an Ex Parte Victory
Almost immediately after we announced Jengo, we received an anonymous donation from someone who shared our frustration with patent trolls. As we announced, this gift allowed us to expand Jengo by using some of the prior art to directly challenge other Blackbird patents in administrative proceedings.
We initiated an administrative challenge against Blackbird Patent 7,797,448 (“GPS-internet Linkage”). The patent describes in broad and generic terms “[a]n integrated system comprising the Global Positioning System and the Internet wherein the integrated system can identify the precise geographic location of both sender and receiver communicating computer terminals.” You don’t have to be particularly technical to realize how largely obvious and widely applicable such a concept would be, as many modern Internet applications attempt to integrate some sort of location services using GPS. This was a dangerous patent in the hands of a patent troll.
Based on the strength of the prior art we received from the Project Jengo community and the number of times Blackbird had asserted the ’448 Patent to elicit a settlement from startups, we filed for an ex parte reexamination (EPR) of the ’448 Patent by the US Patent & Trademark Office (USPTO). The EPR is an administrative proceeding that can be used to challenge obviously deficient patents in a less complex, lengthy, or costly exercise than federal litigation.
We submitted our EPR challenge in November 2017. Blackbird responded to the ex parte by attempting to amend their patent’s claims to make them more narrow in an effort to make their patent more defensible and avoid the challenge. In March 2018, the USPTO issued a Non-Final Office Action that proposed rejecting the ’448 Patent’s claims altogether because the claims were found to be preempted by prior art submitted by Project Jengo. Blackbird did not respond to the Office Action. And a few months later, in August 2018, the USPTO issued a final order in line with the office action, which cancelled the ’448 Patent’s claims. The USPTO’s decision means the ‘448 patent is invalid and no one can assert the incredibly broad terms of the ‘448 patent again.
Rewarding the Crowd
As promised, Cloudflare distributed more than $50,000 in cash awards to eighteen people who submitted prior art as part of the crowdsourced effort. We gave out more than $25,000 to people in support of their submissions related to the ’335 patent asserted against Cloudflare. Additionally we awarded more than $30,000 to submitters in support of our efforts to invalidate the other patents in Blackbird’s portfolio.
In general, we awarded bounties based on whether we incorporated the art found by the community into our legal filings, the analysis of the art as provided in the submission, whether someone else had previously submitted the art, and the strength and number of claims the art challenged in the specified Blackbird patent.
We asked many of the recent bounty winners why they decided to submit prior art to Project Jengo and received some of the following responses:
"Over the years I’ve been disappointed and angered by a number of patent cases where I feel that the patent system has been abused by so-called ‘patent trolls’ in order to stifle innovation and profit from litigation. With Jengo in particular, I was a fan of what Cloudflare had done previously with Universal SSL. When the opportunity arose to potentially make a difference with a real patent troll case, I was happy to try and help."
— Adam, Security Engineer
"I read the ’335 patent and thought it basically described a fundamental design principle of the world wide web (proxy servers). I was pretty sure such software was in widespread use by the priority date of the patent (1998). At that point I was curious if that was true so I did some Googling."
– David, Software Developer
"Personally, I believe the vast majority of software patents are obvious and trivial. They should have never been granted. At the same time, fighting a patent claim is costly and time consuming regardless of the patent’s merit, while filing the claim is relatively cheap. Patent trolls exploit this imbalance and, in turn, they stifle innovation. Project Jengo was a great opportunity to use my knowledge of prior academic work for a good cause."
– Kevin, Postdoctoral Research Scientist
"I’m pretty excited, I’ve never won a single thing in my life before. And to do it in service of taking down evil patent trolls? This is one of the best days of my life, no joke. I submitted because software patents are garbage and clearly designed to extort money from productive innovators for vague and obvious claims. Also, I was homeless at the time I submitted and was spending all day at the library anyway."
— Garrett, San Francisco
What was the Impact?
The whole point of Project Jengo was to flip the incentive structure around patent trolls, who assume they can buy broad patents, spend a little money to initiate litigation, and then sit back and expect that a great percentage of defendants will send them a check. Under a proper incentive structure, they should have to expend some effort to prove their claims have merit, and we wanted to make available information that would support other potential defendants who may want to push back against claims under Blackbird patents.
One very simple measure of the impact is to review the number of new lawsuits Blackbird is bringing with its patent portfolio, which is a public record. So what does Blackbird’s activity look like on that point?
In the one-year period immediately preceding Project Jengo, (Q2’16-Q2’17) Blackbird filed more than 65 cases. Since Project Jengo launched more than 2.5 years ago, the number of cases Blackbird has filed has fallen to an average rate of 10 per year.
Not only are they filing fewer cases, but Blackbird as an organization seems to be operating with fewer resources than they did at their peak. When we launched Project Jengo in May 2017, the Blackbird website identified a total team of 12: six lawyers, including two co-founders, four litigation counsel, as well as a patent analysis group of 6. Today, based on a review of the website and LinkedIn, it appears only three staff remain: one co-founder, one litigation counsel, and one member of the patent analysis group.
Ethics Complaints (sectionsubmitted by Cloudflare’s General Counsel, Doug Kramer)
We filed ethics complaints against both of Blackbird’s co-founders before the bar associations in Massachusetts, Illinois, and the USPTO based on their self-described “new model” of pursuing intellectual property claims. Our complaints were based on rules of professional conduct prohibiting lawyers from acquiring a cause of action to assert on their own behalf, or in the alternative, rules prohibiting attorneys to split contingency fees with a non-attorney.
We did not file such complaints lightly, as we take ethical standards seriously and don’t think such proceedings should be used merely to harass. In this case, we think the public perception of patent trolls, who are seen as lawyers chasing an easy buck by taking advantage of distortions in the litigation process, has damaged the public perception of attorneys and respect for the legal profession–the exact sort of values the ethical rules and bar associations are meant to protect.
We based our complaints on the assignment agreement we found filed with the USPTO, where Blackbird purchased the ’335 patent from an inventor in October 2016 for $1. It seemed apparent that the actual but undisclosed compensation between the parties was considerably more than $1, so Blackbird may have simply acquired the cause of action or the agreement involved an arrangement where Blackbird would split a portion of any recovered fees with the inventor. Such agreements are generally prohibited by the ethical rules.
In public statements, Blackbird’s defense to these allegations was that it (i) was not a law firm (despite the fact it is led exclusively by lawyers who are actively engaged in the litigation it pursues) and (ii) does not use contingency fee arrangements for the patents it acquires, but does use something “similar.” Both defenses were rather surprising to us. Isn’t an organization led and staffed exclusively by lawyers who are drafting complaints, filing papers with courts, and arguing before judges amount to a “law firm”? In fact, we found pleadings in other Blackbird cases where the Blackbird leadership asked to be treated as lawyers so they could have access to sensitive technical evidence in those cases that is usually off-limits to anyone but the lawyers. And what does it mean for an agreement to be merely “similar” to a contingency agreement?
The disciplinary proceedings in front of bar associations are generally confidential, so we are limited in our ability to report out developments in those cases. But regardless of the outcome, we’ve only approached bar associations in two states. Getting this back on the right track will require more than successful adjudications in front of such committees. Instead, it will take a broader change in orientation by these professional associations across the country to view such matters as more than mere political disputes or arguments between active litigants.
Our questions go to the very heart of ensuring an ethical legal profession, they are meant to determine what safeguards should be put in place to make sure that attorneys who take the oath are held to a standard beyond mere greed or base opportunism. They go to the question of whether being an attorney is merely a job or if there are higher standards they should be held to, making sure their monopoly over the ability to bring lawsuits as officers of the court (and all the implications, costs, and power that represents) is only wielded by people who can be trusted to do so responsibly. Otherwise, what’s the point of ethical standards?
That’s all … for now
We’ve said from the beginning that Project Jengo was a response to the patent troll litigation and we would end it as soon as the case was over. And now it is. Although we are proud of our work on this issue, we need to turn our focus back to the company’s mission — to help build a better Internet. But we may be back at some point. Patent trolls remain a risk to growing companies like Cloudflare and nothing in this experience has persuaded us that settling a patent lawsuit is ever the right answer. We don’t plan to settle, and if brought into such litigation again at some point in the future, we think we have a pretty good blueprint for how to respond.
The Blackbird prior art will remain available here, and we remain available to consult with our colleagues at other companies who face these issues, as we have done many times over the past few years.
Finally, we would like to express our sincere gratitude to the community who researched the Blackbird patent portfolio and helped us fight this troll. It was our confidence in all of you that inspired the idea of Project Jengo in the first place, so its success belongs to you.
Anyone who uses Git knows that it has a steep learning curve. We’ve learned from developers that most people tend to learn from a buddy, whether that’s a coworker, a professor, a friend, or even a YouTube video. In GitHub Desktop 2.2, we’re releasing the first version of an interactive Git and GitHub tutorial that can be your buddy and help you get started. If you’re new to Desktop, you can download and try out the tutorial at desktop.github.com.
Get set up
To get set up, we help you through two major pieces: creating a repository and connecting an editor. When you first open Desktop, a welcome page appears with a new option to “Create a Tutorial Repository”. Starting with this option creates a tutorial repository that guides you through the core concepts of working with Git using GitHub Desktop.
There are a lot of tools you need to get started with Git and GitHub. The most important of these is your code editor. In the first step of the tutorial, you’re prompted to install an editor if you don’t have one already.
Learn the GitHub flow
Next, we guide you through how to use GitHub Desktop to make changes to code locally and get your work on GitHub. You’ll create a new branch, make a change to a file, commit it, push it to GitHub, and open your first pull request.
We’ve also heard that new users initially experience confusion between Git, GitHub, and GitHub Desktop. We cover these differences in the tutorial and make sure to reinforce the explanations.
Keep going with your own project
In GitHub Desktop 1.6, we introduced suggested next steps based on the state of your repository. Now when you complete the tutorial, we similarly suggest next steps: exploring projects on GitHub that you might want to contribute to, creating a new project, or adding an existing project to Desktop. We always want GitHub Desktop to be the tool that makes your next steps clear, whether you’re in the flow of your work, or you’re a new developer just getting started.
With GitHub Desktop 2.2, we’re making the product our users love more approachable to newcomers. We’ll be iterating on the tutorial based on your feedback, and we’ll continue to build on the connection between GitHub and your local machine. If you want to start building something but don’t know how, think of GitHub Desktop as your buddy to help you get started.
Each year, the European Astro Pi Challenge allows students and young people in ESA Member States (or Slovenia, Canada, or Malta) to write code for their own experiments, which could run on two Raspberry Pi units aboard the International Space Station.
The Astro Pi Challenge is a lot of fun, it’s about space, and so that we in the Raspberry Pi team don’t have to miss out despite being adults, many of us mentor their own Astro Pi teams — and you should too!
So, gather your team, stock up on freeze-dried ice cream, and let’s do it again: the European Astro Pi Challenge 2019/2020 launches today!
ESA astronaut Luca Parmitano is this year’s ambassador of the European Astro Pi Challenge. In this video, he welcomes students to the challenge and gives an overview of the project. Learn more about Astro Pi: http://bit.ly/AstroPiESA ★ Subscribe: http://bit.ly/ESAsubscribe and click twice on the bell button to receive our notifications.
The European Astro Pi Challenge 2019/2020 is made up of two missions: Mission Zero and Mission Space Lab.
Astro Pi Mission Zero
Mission Zero has been designed for beginners/younger participants up to 14 years old and can be completed in a single session. It’s great for coding clubs or any groups of students don’t have coding experience but still want to do something cool — because having confirmation that code you wrote has run aboard the International Space Station is really, really cool! Teams write a simple Python program to display a message and temperature reading on an Astro Pi computer, for the astronauts to see as they go about their daily tasks on the ISS. No special hardware or prior coding skills are needed, and all teams that follow the challenge rules are guaranteed to have their programs run in space!
Mission Zero eligibility
Participants must be no older than 14 years
2 to 4 people per team
Participants must be supervised by a teacher, mentor, or educator, who will be the point of contact with the Astro Pi team
Teams must be made up of at least 50% team members who are citizens of an ESA Member* State, or Slovenia, Canada, or Malta
Astro Pi Mission Space Lab
Mission Space Lab is aimed at more experienced/older participants up to 19 years old, and it takes place in 4 phases over the course of 8 months. The challenge is to design and write a program for a scientific experiment to be run on an Astro Pi computer. The best experiments will be deployed to the ISS, and teams will have the opportunity to analyse and report on their results.
Mission Space Lab eligibility
Participants must be no older than 19 years
2 to 6 people per team
Participants must be supervised by a teacher, mentor, or educator, who will be the point of contact with the Astro Pi team
Teams must be made up of at least 50% team members who are citizens of an ESA Member State*, or Slovenia, Canada, or Malta
Subscribe to our YouTube channel: http://rpf.io/ytsub Help us reach a wider audience by translating our video content: http://rpf.io/yttranslate Buy a Raspberry Pi from one of our Approved Resellers: http://rpf.io/ytproducts Find out more about the #RaspberryPi Foundation: Raspberry Pi http://rpf.io/ytrpi Code Club UK http://rpf.io/ytccuk Code Club International http://rpf.io/ytcci CoderDojo http://rpf.io/ytcd Check out our free online training courses: http://rpf.io/ytfl Find your local Raspberry Jam event: http://rpf.io/ytjam Work through our free online projects: http://rpf.io/ytprojects Do you have a question about your Raspberry Pi?
For both missions, each member of the team has to be at least one of the following:
Enrolled full-time in a primary or secondary school in an ESA Member State, or Slovenia, Canada, or Malta
Homeschooled (certified by the National Ministry of Education or delegated authority in an ESA Member State or Slovenia, Canada, or Malta)
A member of a club or after-school group (such as Code Club, CoderDojo, or Scouts) located in an ESA Member State*, or Slovenia, Canada, or Malta
To take part in the European Astro Pi Challenge, head over to the Astro Pi website, where you’ll find more information on how to get started getting your team’s code into SPACE!
Obligatory photo of Raspberry Pis floating in space!
*ESA Member States: Austria, Belgium, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland and the United Kingdom
Update: GitHub Sponsors is available in every country where GitHub does business, not just the 30 countries supported by Stripe Connect. We’ll continue to use our existing manual payout system for anyone outside of Connect’s list of currently supported countries.
Back in May, we announced GitHub Sponsors, a new way to support the developers who build and maintain the open source software you use every day. We launched in beta as early as possible so we could work closely with the community to address feedback and understand their needs before adding more developers to the program. Today, we’re taking the next step in accelerating the availability of GitHub Sponsors through a new streamlined onboarding and payment experience with Stripe Connect.
The early days of manual payments
Within hours of announcing GitHub Sponsors, thousands of people signed up for the waitlist from all over the world. It was awesome to see so much excitement for the program, but we knew this meant we had a lot of work ahead of us.
We started the beta with a small group of sponsored developers, and every few weeks, we invited more into the program. Everything was a manual process—setting up account information, verifying identity, waiting for approval, running reports, and processing payouts across multiple departments. Due to the manual nature of the process, we were limited to a small number of people in the program until we could automate and streamline our operations.
Onboarding more developers, faster
At GitHub, we do business with companies of all sizes, from Fortune 50 companies to early stage startups from all over the world. Collecting revenue globally is something we’ve done for years, but with GitHub Sponsors, it’s not just about receiving money—it’s also about paying it out. This means providing a seamless and secure experience for sponsored developers to verify their identities, enter banking information, receive funds, and manage payouts. We also know that, for many maintainers, this will be the first time they’ve been financially rewarded for their contributions to open source. We want to ensure the process is easy for developers to complete, so they can spend more time doing what they love, like contributing to open source.
Stripe Connect Express offers a simple, low overhead onboarding experience that complies with web accessibility guidelines, coupled with the ability to localize the experience to simplify payouts in countries with unique tax laws and compliance regulations. And by not building our own onboarding solution, we’re able to save months of engineering and maintenance time, and start onboarding more sponsored developers today.
One of Stripe Connect’s features that’s helped us deliver a great experience to our users is their localization support. Stripe just released international support for 30 countries (with more to come) for Connect Express. With this expanded support, Stripe takes care of adjusting for localized rules and regulations for supported countries—no small feat. We couldn’t be more thrilled to be one of the first to offer support across all 30 countries to serve our global community.
Our maintainer onboarding process can now start to keep up with the growing demand of the program. With Stripe, users can onboard using Connect Express, reducing onboarding time from a week-long process to under five minutes.
And there’s much more to come. While we’re just under four months into the program, we’re focused on making GitHub Sponsors available to even more developers around the world.
Coolest Projects is the world’s leading technology fair for young people. It’s our event series where young creators, makers, and innovators share their projects with fellow creators and the public, and they explore each others’ work. And it’s awesome!
Coolest Projects is a world-leading showcase that enables and inspires the next generation of digital creators and innovators to present the projects that they have created with code. Find out more: http://coolestprojects.org/ Sign up for the latest Coolest Projects news: http://eepurl.com/dG4UJb
Coolest Projects 2020
In 2020, we’ll run three Coolest Projects events:
USA, Discovery Cube Orange County, CA: 7 March 2020
UK, The Sharp Project, Manchester: 4 April 2020
International, RDS Main Hall, Dublin, Ireland: 6 June 2020
Mark the dates of the UK, USA, and International events in your diary today! Our community also runs regional Coolest Projects events in Belgium, Malaysia, and beyond.
Get involved in Coolest Projects
Visit a Coolest Projects event
You’ll get to see first-hand what the next generation is creating with technology. Young people in our community are brimming with new, cutting-edge ideas and enjoy expressing their creativity through making digital projects.
You’ll also get to flex your own technical and maker skills: our Coolest Projects events have a Discovery Zone, where the maker community and local organisations run unique, hands-on activities!
Support a young person to participate
If you’re an educator, maker, or tech professional, you can support young people you know to participate, as individuals or in teams with their friends. Whether you know young tech enthusiasts through Code Club, CoderDojo, another club, or your school — anyone aged 7–18 can enter Coolest Projects, and you can help them get showcase-ready!
This weekend, the Raspberry Pi Foundation hosted Scratch Conference Europe 2019 at Churchill College in Cambridge, UK.
Framing the busy weekend’s schedule were presentations from:
Massachusetts Institute of Technology (MIT) Media Lab’s Mitchel Resnick, co-inventor of Scratch himself
Science presenter Neil Monterio
Raspberry Pi favourite, the fire-loving Fran Scott
Since not everyone was able to travel to Cambridge to attend the conference, we wanted to make sure you’re not missing out, so we filmed their presentations, for you to watch at your leisure.
For the full Scratch Conference experience, we suggest gathering together a group of like-minded people to watch the videos and discuss your thoughts. Alternatively, use #ScratchEurope on Twitter to join in the conversation with the conference attendees online.
Neil Monteiro closes the show on day two of Scratch Conference Europe, hosted by the Raspberry Pi Foundation at Churchill College, Cambridge, UK on 24 August 2019. In this show, Neil takes the audience on a journey into a dangerous labyrinth…in code!
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.