Windows XP? Pfff! Parts of the Royal Navy are running Win ME

Found on The Register on Friday, 09 November 2018
Browse Software

“We’re 5-10 years behind the rest of the world,” said one, only half-joking. Enterprise was built in 2003 and most of the IT infrastructure aboard her dates back to then, with new OSes and mission software installed and patched as required.

“All USB ports are locked down,” added PO Parry. The usual network policies to stop people from doing IT-related things they shouldn’t are all enforced here; almost nobody has access to the ship’s CD/DVD-RW drives, while the different networks aboard do not talk to each other and personnel are ordered not to try to move data from, say, the DII network to the maritime survey equipment network.

Maybe they should just let a few really good hackers on board to give it a test.

Windows 10 Pro suddenly downgrading to Windows 10 Home for a growing number of users

Found on Betanews on Thursday, 08 November 2018
Browse Software

The Windows 10 shit show continues with yet more problems with Microsoft’s newest operating system rearing their ugly heads.

Now a growing number of users are complaining on Reddit that their Windows 10 Pro installations are suddenly reverting to Windows 10 Home.

The issue appears to be related to users running Windows 10 Pro after having upgraded from a Windows 7 Pro/Ultimate or Windows 8.1 Pro installation.

It just keeps going on and on.

Police decrypt 258,000 messages after breaking pricey IronChat crypto app

Found on Ars Technica on Wednesday, 07 November 2018
Browse Software

Tuesday’s statement didn’t say how investigators were able to decrypt the IronChat communications. While police said they were able to discover the server used to send the encrypted messages and eventually take it offline, that alone shouldn’t be enough to read communications that are truly end-to-end encrypted.

An article published by Dutch public broadcaster NOS said a version of the IronChat app it investigated suffered a variety of potentially serious weaknesses. Key among them: warning messages that notified users when their contacts’ encryption keys had changed were easy to overlook because they were provided in a font much smaller than the rest of the conversation.

Probably someone without any clue came up with the great idea to outsource the development of a so-called secure app to a $5 developer. If a security product has not gone through a full audit, it cannot be considered secure or reliable.

Apple replaces boot-loop watchOS edition with unconnected complications edition

Found on The Register on Tuesday, 06 November 2018
Browse Software

It isn't just Microsoft that has QA issues – so does Apple. The Cupertino giant withdrew a watchOS update that bricked the Apple Watch 4 last week, and has now rushed out a replacement containing things that don't work yet which Apple probably didn't want you to see.

Now in favor of MS you might argue that they cannot possibly test all hard- and software combinations, but here there is no such excuse.

File-Sharing Software on State Election Servers Could Expose Them to Intruders

Found on ProPublica on Sunday, 04 November 2018
Browse Software

The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries.

The service, known as FTP, provides public access to files — sometimes anonymously and without encryption.

Kentucky left its password-free service running and said ProPublica didn’t understand its approach to security.

It sounds more like Kentucky does not understand the basic approach to security.

Linus Torvalds Shows His New Polite Side While Pointing Out Bad Kernel Code

Found on Phoronix on Saturday, 03 November 2018
Browse Software

Today he took issue with the HID pull request and its introduction of the BigBen game controller driver that was introduced: the developer enabled this new driver by default. Linus Torvalds has always frowned upon random new drivers being enabled by default in the kernel configuration driver. Today he still voiced his opinion over this driver's default "Y" build configuration, but did so in a more professional manner than he has done in the past.

So far it looks like Linus' brief retreat is paying off with still addressing code quality issues -- and not blatantly accepting new code into the kernel as some feared -- but in doing so in a professional manner compared to his past manner of exclaiming himself over capitalized sentences and profanity that at time put him at odds with some in the Linux kernel community.

Not sure if a "softer" Linus is better; at least in the past it was very obvious when he considered something wrong.

Mac users burned after Nuance drops Dragon speech to text software

Found on The Register on Tuesday, 30 October 2018
Browse Software

Pitched as a productivity tool, Nuance's Dragon software is aimed at everyone from journalists and home users to medical professionals as a way to accurately transcribe spoken words into printed text.

For some users, however, the software is much more than a convenience. Hughes explains that, for him and others whose conditions leave them unable to type with a keyboard, voice dictation software is a line to the outside world.

"Nuance is constantly evaluating its product portfolio to see how we can best meet the needs of our customers and business. After much consideration, we have made the difficult decision to discontinue the Dragon Professional Individual for Mac line-up," the statement reads.

Difficult decision? Some beancounters probably calculated that supporting it does not generate enough revenue.

This is fine: IBM acquires Red Hat

Found on Ars Technica on Monday, 29 October 2018
Browse Software

Red Hat will remain a standalone business unit within IBM, and an IBM spokesperson said that IBM "will remain committed to Red Hat’s open source ethos, its developer community and its open source community relationships." Red Hat will maintain its current leadership team and remain in its current headquarters and facilities. The culture will remain as well—though it's possible IBM and Red Hat may cross-pollinate a bit more than they have in the past.

This isn't good news for everybody. Generally, such aquisitions end with restructuring, layoffs and other changes. Sure, IBM can promise all it want, but the question is if in a few years these promises will be worth anything when all that counds are numbers for the stock markets and shareholders.

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Found on The Register on Saturday, 27 October 2018
Browse Software

The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 packets can try to exploit the programming cockup and arbitrarily change parts of memory in vulnerable systems, leading to potential code execution. This code could install malware, spyware, and other nasties, if successful.

Though a number of major admins have in recent years adopted and championed it as the replacement for the old Init era, others within the Linux world seem to still be less than impressed with Systemd and Poettering's occasionally controversial management of the tool.

The question is, why would someone stuff anything network related into what was supposed to be an init replacement? Or all the other crap SystemD contains? Another question is why they wrote DHCPv6 from scratch when IPv6 does not really need DHCP since it has Stateless Address Autoconfiguration (SLAAC) and Neighbor Discovery Protocol (NDP).

Sony goes back on 11-year-old promise to keep Warhawk servers up

Found on Ars Technica on Wednesday, 24 October 2018
Browse Software

If you read Ars Technica (or simply play online games regularly), you're probably accustomed to game makers shutting down online gameplay servers at will, often with little-to-no notice.

Lorenzo B. signed the petition and described himself as "a player of 10 years who has spent money on the game and spent money on all the added extra maps, too. It is important to me to get what I paid for, and what I paid for is the Warhawk game that is now offline on the PlayStation network."

Remember, you're not buying a game; you're just paying money to be allowed to play as long as some beancounters in a company let you.