Twins get some 'mystifying' results when they put 5 DNA ancestry kits to the test

Found on CBC on Saturday, 19 January 2019
Browse Various

Last spring, Marketplace host Charlsie Agro and her twin sister, Carly, bought home kits from AncestryDNA, MyHeritage, 23andMe, FamilyTreeDNA and Living DNA, and mailed samples of their DNA to each company for analysis.

Despite having virtually identical DNA, the twins did not receive matching results from any of the companies.

When asked why the twins didn't get the same results given the fact their DNA is so similar, 23andMe told Marketplace in an email that even those minor variations can lead its algorithm to assign slightly different ancestry estimates.

So in other words, the tests are a complete waste of time and money. Not to mention that customers hand over their DNA samples to a profit-focused company who fails to deliver anything substantial.

Firefox to remove UI dark pattern from Screenshot tool after months of complaints

Found on ZD Net on Friday, 18 January 2019
Browse Software

The issue is that the Save button doesn't save the screenshot to the PC, as most users would naturally expect, but uploads the image to a Mozilla server.

This is both a privacy violation, as some users don't appreciate being tricked into uploading sensitive images saved on remote servers, but also an incovenience as users would still have to download the image locally, but in multiple steps afterward.

You have to admit that Mozilla is working as best as it can to totally ruin what is left from the userbase of Firefox. In the past years it has removed features the users liked, added features users don't like while generally trying hard to be a clone of Chrome.

Red Hat gets heebie-jeebies over MongoDB's T&Cs squeeze: NoSQL database dropped

Found on The Register on Thursday, 17 January 2019
Browse Software

Under section 4.7, the release notes say, "Note that the NoSQL MongoDB database server is not included in RHEL 8.0 Beta because it uses the Server Side Public License (SSPL)."

The SSPL differs from other software licenses in that it requires anyone making SSPL software available as a service to publish not only source code and modifications, but also the source code of the infrastructure applications that run SSPL code. This includes, as the license states, "management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available."

That's one way to kill yourself. Not that anything of value will be lost.

Mozilla: Firefox 69 will disable Adobe Flash plugin by default

Found on ZD Net on Wednesday, 16 January 2019
Browse Software

Firefox 69 will be Mozilla's third last step to completely dropping support for the historically buggy plugin, which will reach end of life on December 31, 2020. Flash is the last remaining NPAPI plugin that Firefox supports.

As of Chrome 69, users need to give permission for each site to use Flash every time the browser is restarted.

It's about time. Flash has always been the biggest security issue in any browser. It's amazing how bad and extremely buggy a single plugin can be.

WordPress to show warnings on servers running outdated PHP versions

Found on ZD Net on Tuesday, 15 January 2019
Browse Internet

The current plan is to have the warnings appear for sites using a PHP version prior to the 5.6.x branch (<=5.6).

The reason why the WordPress team wants to push site owners to update their underlying PHP servers is because the PHP team has recently dropped support for security fixes for the PHP 5.6.x and PHP 7.0.x branches.

Obviously the WordPress developers either don't know anything about enterprise grade operating systems, or are blindly riding the "latest is greatest" choo-choo train. Otherwise they would know that relying on version numbers is a grave mistake.

GoDaddy injecting site-breaking JavaScript into customer websites, here's a fix

Found on Tech Republic on Monday, 14 January 2019
Browse Internet

GoDaddy's analytics system is based on W3C Navigation Timing, but the company's practice of unilaterally opting in paying customers to an analytics service—tracking the visitors to websites hosted on GoDaddy services—without forewarning is deserving of criticism.

Kromin notes that he is "not against web host providers monitoring how their servers are running," but that "Injecting JavaScript into pages being served is far from passive and... a violation of trust between the web host and the customer."

Tracking users with methods that sound like a MITM attack are not a smart way to deal with your customers, or the GDPR.

German police ask router owners for help in identifying a bomber's MAC address

Found on ZD Net on Sunday, 13 January 2019
Browse Legal-Issues

In a press release published yesterday, police from the German state of Brandenburg, where the city of Berlin is located, is now asking router owners to comb through their logs for a specific MAC address.

The suspect demanded large sums of money from DHL and threatened to detonate bombs across Germany, at DHL courier stations, private companies, and in public spaces.

Unfortunately, the MAC address is considered as personally identifiable information so it would be covered by the DSGVO/GDPR. So router owners are legally not allowed to store this information, especially not for more than a year.

Amazon Dash Buttons Ruled Illegal in Germany

Found on Gizmodo on Saturday, 12 January 2019
Browse Legal-Issues

The watchdog organization complained that Amazon’s terms enable the company to switch out an ordered product with something else, and the buttons break laws protecting shoppers from buying things they are not fully informed about, according to Reuters.

“The decision is not only against innovation, it also prevents customers from making an informed choice for themselves about whether a service like Dash Button is a convenient way for them to shop,” the spokesperson said.

Of course Amazon thinks the ruling is bad. On the other hand, ordering a specific product and instead getting some replacement without notification isn't what the majority of consumers would like. Same for price changes. Generally, shopping everyday products via Amazon is pretty retarded anyway; and even if you have to order them, looking at the seller's own, non-Amazon shop can be a really good idea because more often than not, the identical product is sold for less there.

Dozens of .gov HTTPS certs expire, webpages offline, FBI on ice, IT security slows...

Found on The Register on Friday, 11 January 2019
Browse Internet

According to internet services biz Netcraft, more than 80 TLS certificates used on .gov websites have expired and have not been renewed.

But other websites sport more recently lapsed certs like NASA's Rocket Test website, which expired on January 5, 2019. The Lawrence Berkeley Lab website, expired on January 8, 2019.

In some way, that shutdown may be actually good here because it shows that the renewal processes are not (within certain limits) automated, and that certificates could be signed for longer periods of time.

The Feds Cracked El Chapo's Encrypted Comms Network by Flipping His System Admin

Found on Gizmodo on Thursday, 10 January 2019
Browse Legal-Issues

On Tuesday it was revealed that the FBI had lured Rodriguez into a meeting with an agent posing as a potential customer much earlier, in February 2010, according to a report in the New York Times. Later, they flipped Rodriguez, having him transfer servers from Canada to the Netherlands in a move masked as an upgrade. During that process, Rodriguez slipped investigators the network’s encryption keys.

Rodriguez won't have much chance to turn into an old man. Cartels are not very nice to people who play tricks on them.