Apple replaces boot-loop watchOS edition with unconnected complications edition

Found on The Register on Tuesday, 06 November 2018
Browse Software

It isn't just Microsoft that has QA issues – so does Apple. The Cupertino giant withdrew a watchOS update that bricked the Apple Watch 4 last week, and has now rushed out a replacement containing things that don't work yet which Apple probably didn't want you to see.

Now in favor of MS you might argue that they cannot possibly test all hard- and software combinations, but here there is no such excuse.

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

Found on The Register on Monday, 05 November 2018
Browse Technology

Basically, the cryptographic keys used to encrypt and decrypt the data are not derived from the owner's password, meaning, you can seize a drive and, via a debug port, reprogram it to accept any password. At that point, the SSD will use its stored keys to cipher and decipher its contents. Yes, it's that dumb.

Unfortunately, the pair also note that some popular data encryption systems, including the BitLocker tool Microsoft uses in Windows 10, do not use software encryption for SSDs and rely on the drive's vulnerable hardware encryption.

That such an absolutely stupid design that it makes you wonder if it was not planned like that all along, seeing how much the government hates encryption and always calls for backdoors.

File-Sharing Software on State Election Servers Could Expose Them to Intruders

Found on ProPublica on Sunday, 04 November 2018
Browse Software

The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries.

The service, known as FTP, provides public access to files — sometimes anonymously and without encryption.

Kentucky left its password-free service running and said ProPublica didn’t understand its approach to security.

It sounds more like Kentucky does not understand the basic approach to security.

Linus Torvalds Shows His New Polite Side While Pointing Out Bad Kernel Code

Found on Phoronix on Saturday, 03 November 2018
Browse Software

Today he took issue with the HID pull request and its introduction of the BigBen game controller driver that was introduced: the developer enabled this new driver by default. Linus Torvalds has always frowned upon random new drivers being enabled by default in the kernel configuration driver. Today he still voiced his opinion over this driver's default "Y" build configuration, but did so in a more professional manner than he has done in the past.

So far it looks like Linus' brief retreat is paying off with still addressing code quality issues -- and not blatantly accepting new code into the kernel as some feared -- but in doing so in a professional manner compared to his past manner of exclaiming himself over capitalized sentences and profanity that at time put him at odds with some in the Linux kernel community.

Not sure if a "softer" Linus is better; at least in the past it was very obvious when he considered something wrong.

Private messages from 81,000 hacked Facebook accounts for sale

Found on BBC News on Friday, 02 November 2018
Browse Internet

The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure.

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum.

The embattled network has had a terrible year for data security and questions will be asked about whether it is proactive enough in responding to situations like this that affect large numbers of people.

It doesn't really make much of a difference if some Russians sell your private data, or if Facebook does it.

Google won't let you sign in if you disabled JavaScript in your browser

Found on ZD Net on Thursday, 01 November 2018
Browse Internet

The reason is that Google uses JavaScript to run risk assessment checks on the users accessing the login page, and if JavaScript is disabled, this allows crooks to pass through those checks undetected.

Further, Google also launched reCAPTCHA v3 this week, a new version of its reCAPTCHA technology, which uses JavaScript to compile "risk scores" on a per-user basis. If JavaScript is turned off, this effectively negates reCAPTCHA's capabilities, hence, the reason to prevent users who intentionally disable JavaScript in their browser.

It's well known that turning off Javascript has often very positive effects such as less tracking, faster loading times and less annoying ads. Some websites break with JS off, but that usually means they webmasters aren't worth a cent; and websites which want to force you to use JS, well, sure they can try, but it's easier to just move on to another site.

Helium implicated in weird iPhone malfunctions

Found on Ars Technica on Wednesday, 31 October 2018
Browse Hardware

The iPhone user guide warns that proximity to helium can impair functionality and that to recover, devices should be left to air out for a week or so in an environment far away from the rogue helium.

Smartphones contain microelectromechanical systems (MEMS): tiny mechanical systems that are integrated into chips.

That's probably the weirdest way to make a smartphone stop working that we've heard. As for why non-Apple devices appear to escape without harm? They might use different seals or perhaps aren't using MEMS devices in such critical roles.

Or they use cheaper MEMs which have a lower quality to maximize profits.

Mac users burned after Nuance drops Dragon speech to text software

Found on The Register on Tuesday, 30 October 2018
Browse Software

Pitched as a productivity tool, Nuance's Dragon software is aimed at everyone from journalists and home users to medical professionals as a way to accurately transcribe spoken words into printed text.

For some users, however, the software is much more than a convenience. Hughes explains that, for him and others whose conditions leave them unable to type with a keyboard, voice dictation software is a line to the outside world.

"Nuance is constantly evaluating its product portfolio to see how we can best meet the needs of our customers and business. After much consideration, we have made the difficult decision to discontinue the Dragon Professional Individual for Mac line-up," the statement reads.

Difficult decision? Some beancounters probably calculated that supporting it does not generate enough revenue.

This is fine: IBM acquires Red Hat

Found on Ars Technica on Monday, 29 October 2018
Browse Software

Red Hat will remain a standalone business unit within IBM, and an IBM spokesperson said that IBM "will remain committed to Red Hat’s open source ethos, its developer community and its open source community relationships." Red Hat will maintain its current leadership team and remain in its current headquarters and facilities. The culture will remain as well—though it's possible IBM and Red Hat may cross-pollinate a bit more than they have in the past.

This isn't good news for everybody. Generally, such aquisitions end with restructuring, layoffs and other changes. Sure, IBM can promise all it want, but the question is if in a few years these promises will be worth anything when all that counds are numbers for the stock markets and shareholders.

From today, it's OK in the US to thwart DRM to repair your stuff – if you keep the tools a secret

Found on The Register on Sunday, 28 October 2018
Browse Various

This week the US Copyright Office ruled it's OK for Americans to break anti-piracy protections in a bunch of home and personal devices, and vehicles, in the course of fixing or tinkering with said equipment.

Up until now manufacturers have tried to lock out unofficial repairs for various reasons: partly to stop people fitting dodgy or backdoored replacements, and mostly to ensure customers fork out for official expensive parts and services.

DRM is also used to ensure people use only official printer ink cartridges or ground coffee beans.

Nobody really cared much about DRM in the first place. If you bought something, you own it, and you are free to do with it whatever you want, or use it however you want. The problem has always been the industry which argued that DRM is a requirement for service, security and whatever.