WordPress to show warnings on servers running outdated PHP versions

Found on ZD Net on Tuesday, 15 January 2019
Browse Internet

The current plan is to have the warnings appear for sites using a PHP version prior to the 5.6.x branch (<=5.6).

The reason why the WordPress team wants to push site owners to update their underlying PHP servers is because the PHP team has recently dropped support for security fixes for the PHP 5.6.x and PHP 7.0.x branches.

Obviously the WordPress developers either don't know anything about enterprise grade operating systems, or are blindly riding the "latest is greatest" choo-choo train. Otherwise they would know that relying on version numbers is a grave mistake.

GoDaddy injecting site-breaking JavaScript into customer websites, here's a fix

Found on Tech Republic on Monday, 14 January 2019
Browse Internet

GoDaddy's analytics system is based on W3C Navigation Timing, but the company's practice of unilaterally opting in paying customers to an analytics service—tracking the visitors to websites hosted on GoDaddy services—without forewarning is deserving of criticism.

Kromin notes that he is "not against web host providers monitoring how their servers are running," but that "Injecting JavaScript into pages being served is far from passive and... a violation of trust between the web host and the customer."

Tracking users with methods that sound like a MITM attack are not a smart way to deal with your customers, or the GDPR.

German police ask router owners for help in identifying a bomber's MAC address

Found on ZD Net on Sunday, 13 January 2019
Browse Legal-Issues

In a press release published yesterday, police from the German state of Brandenburg, where the city of Berlin is located, is now asking router owners to comb through their logs for a specific MAC address.

The suspect demanded large sums of money from DHL and threatened to detonate bombs across Germany, at DHL courier stations, private companies, and in public spaces.

Unfortunately, the MAC address is considered as personally identifiable information so it would be covered by the DSGVO/GDPR. So router owners are legally not allowed to store this information, especially not for more than a year.

Amazon Dash Buttons Ruled Illegal in Germany

Found on Gizmodo on Saturday, 12 January 2019
Browse Legal-Issues

The watchdog organization complained that Amazon’s terms enable the company to switch out an ordered product with something else, and the buttons break laws protecting shoppers from buying things they are not fully informed about, according to Reuters.

“The decision is not only against innovation, it also prevents customers from making an informed choice for themselves about whether a service like Dash Button is a convenient way for them to shop,” the spokesperson said.

Of course Amazon thinks the ruling is bad. On the other hand, ordering a specific product and instead getting some replacement without notification isn't what the majority of consumers would like. Same for price changes. Generally, shopping everyday products via Amazon is pretty retarded anyway; and even if you have to order them, looking at the seller's own, non-Amazon shop can be a really good idea because more often than not, the identical product is sold for less there.

Dozens of .gov HTTPS certs expire, webpages offline, FBI on ice, IT security slows...

Found on The Register on Friday, 11 January 2019
Browse Internet

According to internet services biz Netcraft, more than 80 TLS certificates used on .gov websites have expired and have not been renewed.

But other websites sport more recently lapsed certs like NASA's Rocket Test website, which expired on January 5, 2019. The Lawrence Berkeley Lab website, expired on January 8, 2019.

In some way, that shutdown may be actually good here because it shows that the renewal processes are not (within certain limits) automated, and that certificates could be signed for longer periods of time.

The Feds Cracked El Chapo's Encrypted Comms Network by Flipping His System Admin

Found on Gizmodo on Thursday, 10 January 2019
Browse Legal-Issues

On Tuesday it was revealed that the FBI had lured Rodriguez into a meeting with an agent posing as a potential customer much earlier, in February 2010, according to a report in the New York Times. Later, they flipped Rodriguez, having him transfer servers from Canada to the Netherlands in a move masked as an upgrade. During that process, Rodriguez slipped investigators the network’s encryption keys.

Rodriguez won't have much chance to turn into an old man. Cartels are not very nice to people who play tricks on them.

Climate change: 'Right to repair' gathers force

Found on BBC News on Wednesday, 09 January 2019
Browse Technology

The European proposals refer to lighting, televisions and large home appliances.

At least 18 US states are considering similar laws in a growing backlash against products which can’t be prised apart because they’re glued together, or which don’t have a supply of spare parts, or repair instructions.

Manufacturers say the proposed rules on repairability are too strict and will stifle innovation.

If repairs by third parties is so bad for manufacturers, then just set the minimum warranty to 10 years. This will fuel the innovation: of products that last long. However, the manufacturers won't be happy about this either.

Microsoft: Windows 10 to grab 7GB of your storage so big updates don't fail

Found on ZD Net on Tuesday, 08 January 2019
Browse Software

In the next major release of Windows 10, Microsoft will reserve 7GB of your device's storage to resolve a Windows 10 bug thrown up by Windows Update not checking whether a PC has enough storage space before launching after big updates.

That happens because Windows doesn't check if a device has enough space before initializing. Microsoft's current solution is for users to manually delete unnecessary temporary files and temporarily move important files like photos and videos to external storage devices to make enough space for the update.

Microsoft estimates that reserved storage will start at about 7GB, but notes it could need more depending on how a device is used.

So Microsoft basically admits that they are unable to figure out before trying to update if enough free space is available? Really now? Plus, they call this a bugfix?

Google Drive Has a Serious Spam Problem, But Google Says a Fix is Coming

Found on How-to Geek on Monday, 07 January 2019
Browse Internet

Here’s the scenario: a spammer (or anyone else) shares a file or folder with you. This file or folder immediately shows up in the “Quick Access” area of your Drive, as well as in the “Shared with you” section. You can’t stop this from happening—you don’t have to accept the share; it shows up whether you want it or not.

Since there’s no way to remove yourself from the share, you’re stuck with it.

How could one even come up with such a "feature" in the first place? Access control is something essential for both sides.

A Grindr harassment suit could change the legal landscape for tech — and free speech

Found on NBC News on Sunday, 06 January 2019
Browse Legal-Issues

Matthew Herrick, a restaurant worker and aspiring actor in New York, claimed that for months an ex-boyfriend used the dating app Grindr to harass him.

Herrick is pursuing an unusual legal theory as he continues to push back against Grindr, arguing that tech companies should face greater accountability for what happens on their platforms. His lawsuit alleges that the software developers who write code for Grindr have been negligent, producing an app that’s defective in its design and that is “fundamentally unsafe” and “unreasonably dangerous” — echoing language that’s more typically used in lawsuits about, say, a faulty kitchen appliance or a defective car part.

So, Herrick knew who created the fake profiles to harrass him and instead of pushing with all legal options against his ex, he also pulls a platform into the boat? As long as Grindr deactivated the fake profiles as soon as they were pointed out, there's no reason to sue them.