Goodbye again, Flash—Microsoft makes removal from Windows 10 mandatory

Found on Ars Technica on Wednesday, 19 May 2021
Browse Software

Microsoft, Apple, Google, Mozilla, and even Adobe itself have all deprecated Adobe Flash technology, which reached end of life on January 1 of this year. This July, Microsoft is taking things one step further—KB4577586, aka Update for Removal of Adobe Flash Player, will become mandatory for all versions of Windows 10.

Not one day too late.

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War

Found on Wired on Tuesday, 18 May 2021
Browse Technology

Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks.

The secret menu reveals a business model that goes beyond a right-to-repair issue, O’Sullivan argues. It represents, as he describes it, nothing short of a milkshake shakedown: Sell franchisees a complicated and fragile machine. Prevent them from figuring out why it constantly breaks. Take a cut of the distributors’ profit from the repairs.

That's a more and more common business plan, sadly.

Signal Founder Cracks Cellebrite Phone Hacking Device, Finds It Full Of Vulns

Found on Techdirt on Monday, 17 May 2021
Browse Software

"By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. As I got closer, the dull enterprise typeface slowly came into focus: Cellebrite. Inside, we found the latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy (tells you something about their customers I guess!), and a bizarrely large number of cable adapters."

One DLL used to handle extracted video content hasn't been updated since 2012, ignoring more than 100 patches that have been made available since then.

Further inspection of Cellebrite's software also shows the company has ported over chunks of Apple's proprietary code intact and is using it to assist in iPhone extractions.

Very strange coincidences can happen sometimes.

No Genetic Damage to Kids of Those Exposed to Chernobyl Nuclear Disaster: Study

Found on US News on Sunday, 16 May 2021
Browse Science

There's no evidence of genetic damage in the children of parents who were exposed to radiation from the 1986 Chernobyl Nuclear Power Plant disaster in Ukraine, researchers say.

There was no increase in gene changes in reproductive cells of study participants, and rates of new germline mutations were similar to those in the general population, according to a team led by Meredith Yeager of the U.S. National Cancer Institute, in Rockville, Md.

That's why research is important: so you can respond to fearmongering.

Firefox 88 Enables JavaScript Embedded In PDFs By Default 100

Found on Slashdot on Saturday, 15 May 2021
Browse Software

In addition to the other weird things PDF files can contain, one of them is JavaScript. Putatively offered as a way to create self-validating forms, this scripting capability has been abused over the decades in just about every way you can imagine. Firefox's built-in viewer, although it has apparently had the ability to execute embedded JS for some time, never turned that feature on, making it a safe(r) way to open PDFs... Until now.

To turn off JavaScript execution in PDFs: Enter about:config in the address bar; click "I'll be careful." In the search box near the top, enter pdfjs.enableScripting. Change the setting to False. Close the page.

Sweet. Quietly opening a security hole. Thank you Mozilla.

Google used ‘double-Irish’ to shift $75.4bn in profits out of Ireland

Found on Irish Times on Friday, 14 May 2021
Browse Various

Google shifted more than $75.4 billion (€63 billion) in profits out of the Republic using the controversial “double-Irish” tax arrangement in 2019, the last year in which it used the loophole.

The move allowed Google Ireland Holdings to escape corporation tax both in the Republic and in the United States where its ultimate parent, Alphabet, is headquartered. The holding company reported a $13 billion pretax profit for 2019, which was effectively tax-free, the accounts show.

In the end, the people pay the bill so companies which spy on users can profit more.

The looming software kill-switch lurking in aging PlayStation hardware

Found on Ars Technica on Thursday, 13 May 2021
Browse Hardware

This ticking firmware time bomb has been known in certain PlayStation preservation and hacking circles for a while. But it's gaining new attention amid Sony's recently announced decision to shut down the online stores for PS3, PSP, and Vita software.

Sony could render the problem moot relatively easily with a firmware update that limits the system functions tied to this timing check. Thus far, though, Sony hasn't publicly indicated it has any such plans and hasn't responded to multiple requests for comment from Ars Technica. Until it does, complicated workarounds that make use of jailbroken firmware are the only option for ensuring that aging PlayStation hardware will remain fully usable well into the future.

Planned obsolescence. It would probably require a law that forces the industry to untie hardware from online services when these a shut down, so the customer can keep using the product, at least with reduced functionality.

France is giving citizens $3,000 to get rid of their car and get an ebike

Found on The Next Web on Wednesday, 12 May 2021
Browse Various

Earlier this week, lawmakers in France approved the measure in a preliminary vote. The French Federation of Bicycle Users claims that if France does go ahead with the scheme, it would be the first nation in the world to give people money for old cars to put towards new electric bicycles, Reuters reports.

Discriminating against those who need a car because they live outside bigger cities, have families or need to commute. This only benefits those who already could pay the full price for an e-bike easily.

New Warning For WhatsApp Users Over Account Suspension ‘Hack’

Found on Forbes on Tuesday, 11 May 2021
Browse Internet

Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in. Even two-factor authentication will not stop this. Here’s how the attack works.

Despite its vast user base, WhatsApp is creaking at the seams. Its architecture has fallen behind its rivals, missing key features such as multi-device access and fully encrypted backups.

Clearly, the combination of this verification architecture, the SMS/code limits and the automated, keyword-based actions triggered by incoming emails is open to abuse.

That's probably the best one can do with this WhatsApp bug: pushing users to better alternatives.

Melting ice sheets caused sea levels to rise up to 18 meters

Found on Phys.Org on Monday, 10 May 2021
Browse Nature

Geological records tell us that, at the end of the last ice age around 14,600 years ago, sea levels rose at ten times the current rate due to Meltwater Pulse 1A (MWP-1A); a 500 year, ~18 meter sea-level rise event.

Rising sea levels due to warming climate pose a great risk to society, improving our understand of why and how fast change could happen will help us plan for the impacts.

It won't take 500 years this time until the sea-level rises high enough to cause havoc on most coastal areas.