Apple loses copyright battle against security start-up Corellium

Found on Washington Post on Wednesday, 30 December 2020
Browse Legal-Issues

In a ruling that has wide-reaching implications for iPhone security research and copyright law, a federal judge in Florida threw out Apple’s claims that Corellium had violated copyright law with its software, which helps security researchers find bugs and security holes on Apple’s products.

The judge in the case ruled that Corellium’s creation of virtual iPhones was not a copyright violation, in part because it was designed to help improve the security for all iPhone users. Corellium wasn’t creating a competing product for consumers. Rather, it was a research tool for a comparatively small number of customers.

Security research isn't something you should try to block with copyright/DMCA claims unless you want to make yourself look like an idiot.

Apple Researching Keyboards With Adaptive Displays on Each Key

Found on Mac Rumors on Tuesday, 29 December 2020
Browse Hardware

Apple is researching keyboards with small displays on the keys to dynamically change the label on each key, according to a newly-granted patent filing.

This system would allow the entire keyboard to be "reconfigurable" with labels that can change as needed. The patent highlights that keyboards could be reconfigured "for different languages, to temporarily convert a standard keyboard into a gaming keyboard in which keys correspond to particular in-game actions, or to otherwise modify the behavior associated with pressing the keys in the keyboard."

Changing keyboard layout will make typing without looking much more fun.

2-Acre Vertical Farm Run By AI And Robots Out-Produces 720-Acre Flat Farm

Found on Intelligent Living on Monday, 28 December 2020
Browse Science

Plenty’s climate-controlled indoor farm has rows of plants growing vertically, hung from the ceiling. There are sun-mimicking LED lights shining on them, robots that move them around, and artificial intelligence (AI) managing all the variables of water, temperature, and light, and continually learning and optimizing how to grow bigger, faster, better crops. These futuristic features ensure every plant grows perfectly year-round. The conditions are so good that the farm produces 400 times more food per acre than an outdoor flat farm.

Plenty’s farms grow non-GMO crops and don’t use herbicides or pesticides. They recycle all water used, even capturing the evaporated water in the air. The flagship farm in San Francisco is using 100% renewable energy too.

This is pretty impressive and looks like it could be a useful way to reduce the need for land, which in turn can be returned to nature itself to increase the habitats for plants and animals. Still, you cannot help but to wonder if their name was a hint at Orwell.

How Long Should a Vendor Support a Distro?

Found on Slashdot on Sunday, 27 December 2020
Browse Software

Long-term Slashdot reader couchslug believes that "Howls of anguish from betrayed CentOS 8 users highlight the value of its long support cycles..." Earlier this month it was announced that at the end of 2021, the community-supported rebuild of Red Hat Enterprise Linux, CentOS 8, "will no longer be maintained," though CentOS 7 "will stick around in a supported maintenance state until 2024."

That's up to the vendor, but suddenly axing the EOL in the middle of a release, along with making it effectively beta (from stable) is not the right way to communicate this.

SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before?

Found on The Register on Saturday, 26 December 2020
Browse Various

The two firms owned 70 per cent of SolarWinds, which produces networking monitoring software that was backdoored by what is thought to be state-sponsored Russian spies. This tainted code was installed by thousands of SolarWinds customers including key departments of the US government that were subsequently hacked via the hidden remote access hole.

Infosec giant FireEye announced on Tuesday, December 8 that its systems had been hacked and its penetration tools exfiltrated. On Friday, December 11, as part of an investigation into that intrusion, FireEye started letting it be known that SolarWinds' updates had been tampered with.

Inside information has always meant extra money is about to be made.

France fines Google, Amazon €135m total for slipping ad cookies into people's computers

Found on The Register on Friday, 25 December 2020
Browse Legal-Issues

Google and Amazon have been slapped with €100m and €35m fines respectively after France’s data privacy watchdog declared both companies had placed advertising cookies on people’s computers without their consent.

NIL also said they failed to provide clear explanations disclosing what the cookies were being used for and how users could opt-out, beyond generic messages, specifically Amazon’s “By using this website, you accept our use of cookies allowing us to offer and improve our services,” and Google’s “Privacy reminder from Google” with two buttons labeled “Remind me later” and “Access now”.

Now that's a good start. Let's hope other countries follow to tackle all the profiling and data collection.

German secure email provider Tutanota forced to monitor an account

Found on Techcrunch on Thursday, 24 December 2020
Browse Legal-Issues

German e2e encrypted email provider Tutanota has been ordered by a regional court to develop a function that allows it to monitor an individual account.

The Cologne court order is for a surveillance function to be implemented on a single Tutanota account that had been used for an extortion attempt. The Tutanota spokeswoman said the monitoring function will only apply to future emails this account receives — it will not affect emails previously received.

She added that the account in question appears to no longer be in use.

All that is going to help how?

YouTube Class Action: Same IP Address Used to Upload ‘Pirate’ Movies & File DMCA Notices

Found on Torrentfreak on Wednesday, 23 December 2020
Browse Legal-Issues

YouTube says it has found a "smoking gun" to prove that a class-action lawsuit filed by Grammy award-winning musician Maria Schneider and Pirate Monitor Ltd was filed in bad faith. According to the Google-owned platform, the same IP address used to upload 'pirate' movies to the platform also sent DMCA notices targeting the same batch of content.

Looks like it's time for another lawsuit, coming from YouTube this time.

Apple, Google, Microsoft, and Mozilla ban Kazakhstan's MitM HTTPS certificate

Found on ZD Net on Tuesday, 22 December 2020
Browse Internet

The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block Nur-Sultan residents from accessing foreign sites unless they had a specific digital certificate issued by the government installed on their devices.

While users were able to access most foreign-hosted sites, access was blocked to sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix, unless they had the certificate installed.

Sorry, but snooping is not that easy.

Microsoft: 2021 is the year passwords die

Found on Neowin on Monday, 21 December 2020
Browse Science

The company has highlighted the strides it made to kill off passwords in 2020, and has stated that it plans to make them a thing of the past for all its customers in 2021.

Microsoft noted that almost 80% of all cyberattacks target passwords, and one in 250 corporate accounts get compromised each month due to this. That said, the company is making an effort to transition people to passwordless solutions.

A password only fails if it is weak, or if the underlying OS allows successful attacks and exploits.