The Truth is my newsletter on tech news and policy. This is an archive of the issues of week 44 of 2019.

Get the newsletter delivered directly to your inbox every weekday. I promise I won’t send more than one email a day and you won’t get any spam from me. Sign up here:

powered by TinyLetter

The Truth: Adobe Creative Cloud Data Breach, Microsoft Makes $119 Million a Day, The Internet Turns Fifty

Monday, 28 October 2019

Welcome back to The Truth! Sorry for missing about a week there, but I was busy flying around Europe and researching things. But never mind that, I’m back with daily tech news now. Before we get to the current stuff, here’s a quick recap of two stories from my time on the road that I found noteworthy: AWS went down due to DNS troubles caused by a DDoS attack and Avast was again attacked by hackers who, presumably, wanted to breach CCleaner again.

In more current hacker attack news, Adobe has lost control of a database of customer information that included the data of around 7.5 million Creative Cloud users. According to reports, “the exposed records include email addresses, account creation dates, details of products purchased, Creative Cloud subscription statuses, member IDs, countries of origin, subscription payment statuses, whether the user is an Adobe employee, and other bits of metadata.” This was apparently available from a publicly accessible and poorly secured Elasticsearch interface. While there is no payment data or passwords in the database, the information is probably pretty useful for phishing attacks and similar malarkey.

Several D-Link routers have flaws that allow remote code execution. The following models are impacted: DIR-655, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835 and DIR-825. More details here.

Microsoft is being paid $10 billion for a ten year contract to migrate the US armed forces into the cloud. As such, the Pentagon’s new IT infrastructure (nicknamed Joint Enterprise Defense Infrastructure, or JEDI) will soon run on Azure. Microsoft thus beats out Amazon, the only other company qualified under the rigorous security rules for the contract. The US Department of Defense is not adverse to award additional contracts to other cloud providers, though, as The Register reports. Additionally, “Microsoft won’t be guaranteed the full $10bn over 10 years, either. The base period for the contract is two years and just a $1m guarantee, though the Pentagon projects to spend at least $210m over that time. After the base period, the DoD can opt to renew the deal at its discretion. Microsoft could not be reached for comment, possibly because everyone in Redmond was already off to celebrate the massive win and it’s hard to check your email with a bottle of champagne in each hand.”

Not the only cloud deal the executives in Redmond are happy about, it seems. The cloud business is booming. In an earnings statement for its most recent fiscal quarter, Microsoft reported $33.1 billion in revenue, which is a 14% increase year-over-year. Profits are up 21%, at $10.7 billion. That’s a profit of $119 million a day. The Register has details on how the company’s in dividual business segments are doing.

Google is working on an AI nose. What will they think of next?

Readers often complain about the kinds of stock images us journalists use to depict hacker attacks. As it is notoriously hard to find images to convey something as ephemeral as a database hack or a DDoS attack, publications often resort to the good old hacker in a hoodie or some Matrix-like source code on a screen. A competition by collaboration platform OpenIdeo, sponsored by the Hewlett Foundation, was meant to change this and give editors and layout people some alternatives to work with. The results are certainly …different. Not sure, they are necessarily better, though. Some weird shit in there.

The internet is fifty years old. We thought giving everybody access to as much knowledge as possible and giving them the ability to publish their own opinions would create a better future. Turns out it just brings all the problems humanity had all along into a new sphere. Huzzah! Arguments on a whole different level!

And right on clue, The Verge is losing their shit because Facebook isn’t kicking Breitbart off their Facebook News platform: “Facebook News is partnering with a variety of regional newspapers and some major national partners, including USA Today and The Wall Street Journal. But as The New York Times and Nieman Lab report, its trusted sources also include Breitbart, a far-right site whose co-founder Steve Bannon once described it as a platform for the white nationalist alt-right. Breitbart has been criticized for repeated inaccurate and incendiary reporting, often at the expense of immigrants and people of color.” Whereas the New York Times only reports inaccurately and biased when it comes to Trump, which is apparently acceptable.

The Truth: China Trade War Heats Up Again, Fedora 31, EA Games on Steam

Tuesday, 29 October 2019

Dear readers, after a long day of pushing paper around on my desk, I’m finally getting down to presenting you with The Tech News of the Day That Truly Matter™. So without further ado, here’s the lowdown for today.

Fedora 31 is out. But not if you run 32-bit software; that version is forever gone now. They also kicked out Docker and replaced it with the open source version Moby. Podman is now also available. New packages get installed quicker as a new compression algorithm is being used for RPM packages. The freshest GNOME desktop, version 3.34, is also on board.

Heating up Trump’s trade war again, the chairman of the US Federal Communications Commission (FCC) proposes to remove Chinese hardware from all US-based telco networks. A summary on The Register reads: “Under the proposal, telcos would be forbidden from using any money from Universal Service Funds (USF) – a system of telco subsidies and fees overseen by the FCC – to buy hardware or services from companies posing a national security threat, like the Chinese companies Huawei Technologies Co. and ZTE Corp. Networks could continue to use any equipment already in place, but not make new purchases or spend USF dollars to maintain or improve that equipment. The second part of the proposal would see some telcos, which receive USF money, remove equipment from networks.”

Sometimes, just reading the news with open eyes makes you think this shit is coordinated. Because on the same day, in Germany, Heise is reporting (German), that the German foreign intelligence service Bundesnachrichtendienst (BND) is testifying before parliament that having Huawei help with building German mobile networks is “too risky”. According to the BND, this infrastructure “is not suited for companies we can’t fully trust.” I’ve said it before and I will say it again: What makes these idiots think we can trust American manufacturers of network hardware? Germany isn’t even part of the Five Eyes! Numbnuts.

Do you need a new domain? Because Google is now literally selling .new domains to anyone who wants one. They don’t say how high the registration fee is, but a question in the FAQ on the accompanying website says the price is “high”.

Greg Kroah-Hartman, mountain of a man and Linus Torvald’s right hand, says if you really want security when running Linux on Intel hardware, you need to disable hyper-threading. Speaking at the Open Source Summit in Lyons, Greg K-H opined, according to The Register: “I gave a talk last year about Spectre and how Linux reacted to it. These problems are going to be with us for a long time; they’re not going away.” He reckons that OpenBSD was right, because “a year ago they said disable hyper-threading, there’s going to be lots of problems here. They chose security over performance at an earlier stage than anyone else. Disable hyper-threading. That’s the only way you can solve some of these issues. We are slowing down your workloads. Sorry.” Vulnerabilities like Spectre simply can’t be fixed by a single change. “We are still fixing Spectre 1.0 issues almost two years later. It’s taken a couple of thousand patches over almost two years. Always take the latest kernel and always take the latest BIOS update. If you’re not using a supported distro, or a stable long-term kernel, you have an insecure system. It’s that simple. All those embedded devices out there, that are not updated, totally easy to break. If you are running in a secure environment and you trust your applications and you trust your users then get the speed back. Otherwise, running in a shared environment, running untrusted code, you need to be secure.”

Flash is now well and truly dead. Google has announced it will stop indexing Flash sites by the end of the year.

Lots of hells have been freezing over in computing in the last year and there’s another surprising development in the form of EA making their games available on Steam again. “It’ll offer its EA Access games subscription service through Valve’s platform as well. The partnership starts next month with Star Wars Jedi: Fallen Order, and multiplayer games such as Apex Legends and FIFA 20 are on the way to Steam too. When the latter games do arrive, you might find that your Origin and Steam friend lists are integrated”, Engadget reports. It looks like EA gave up on its quest to completely take over the market with Origin. Maybe gaming companies are finally getting it. As in: You get more customers if you make your stuff available everywhere and more customers are a good thing.

An Australian consumer watchdog organisation is going after Google for misleading Android customers on what kinds of location data it collects when. As The Register is reporting, the Australian Competition and Consumer Commission (ACCC) has said in an announcement of a lawsuit against Google: “Our case is that consumers would have understood as a result of this conduct that by switching off their ‘Location History’ setting, Google would stop collecting their location data, plain and simple. We allege that Google misled consumers by staying silent about the fact that another setting also had to be switched off.” They also say Google misrepresented how turning off location data would effect its search and Google Maps and that the company said that the collected data would only be used to help run its apps, when it in fact was used for many other unrelated purposes as well.

Amazon, IBM and Oracle are not happy at all about Microsoft snagging that huge Pentagon cloud deal. As I reported yesterday, Microsoft is getting $10 billion to build the Department of Defense’s huge new cloud infrastructure, nicknamed JEDI. It totally love how The Register is now using all kinds of superior sci-fi series as teaser images for these stories, eschewing all Star Wars imagery.

The Truth: Firefox with JavaScript Issues, Facebook Sues NSO Group, Revolt at Gizmodo, Kotaku and Deadspin

Wednesday, 30 October 2019

Welcome to another hump day edition of The Truth. Today, I once again bring you interesting tidings from the worlds of IT security, hardware, software, Linux and journalism. Let’s dive right in, there’s a lot to cover.

Firefox 70 is having issues with JavaScript loading. According to Mozilla, “dynamic JavaScript (like YouTube or Facebook)” is effected. I’m not quite sure if there is static JavaScript, but there you go… The developers recommend a workaround if you’re having issues. They are also working on a fix, they say.

Remember that AWS downtime caused by a DDoS attack? Amazon still isn’t saying exactly what happened. But according to The Register, somebody was asleep at the wheel over there. “Amazon was slow in reacting to the attack, and that tardiness was likely the result of its looking in the wrong places.” This of course didn’t only have consequences for just Amazon alone: “The attack targeted Amazon’s S3 – Simple Storage Service – which provides object storage through a web interface. It did not directly target the larger Amazon Web Services (AWS) but for many companies the end result was the same: their websites fell over.”

In other Amazon news, the Advertising Standards Authority (ASA) in the UK has ordered Amazon to change its Prime subscription page after customers complained that they were signed up for the service against their wishes. Hold on to you hats, because this thing is about to get complicated. Here’s how the ASA describes the issue: “The option to sign up for the trial of Amazon Prime was a grey box with a gold box inside. Text in the gold box stated Order Now with Prime, and we considered that the average consumer was likely to understand that to be one discrete option. Directly beneath that, and still within the larger grey box, text stated, Continue with FREE One-Day Delivery Pay later. We considered that the presentation and wording of that text meant it was likely to be seen by the average consumer as a separate option. However, we understood that, in fact, both boxes were part of the same option. The option to continue without signing up for the trial was presented as text stating Continue and don’t gain Amazon Prime benefits, which was small and placed in a position which could easily be missed by consumers. It was also in a faint colour, and compared to the option presented in the grey and gold boxes it was significantly less prominent. We considered that the average consumer was likely to view the text within the grey and gold boxes as the only two options available, with the option in the grey box allowing them to continue without signing up to Prime, when that was not the case.” Holy shit. How annoying. Sounds like Amazon is really desperate to have people sign up for Prime.

Facebook is suing Israeli Spyware maker NSO Group over an attack on WhatsApp users that came to light in May and was subsequently patched by the app’s developers. The Register reports: “NSO Group makes a form of snoop-ware called Pegasus. The biz maintains that it sells the software – which silently infects and monitors targets’ phones and devices – only to governments and intelligence agencies to fight terrorism. But human-rights groups have accused the firm of making its surveillance code available for use against lawyers, dissidents, activists, journalists, and other rights advocates. It is thus believed NSO Group, in this case, compromised people’s gadgets on behalf of a mystery customer.” NSO Group, as always, completely denies the allegations. “Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years.” Sure, by hacking into people’s WhatsApp, I’m guessing. They of course roll out child pornography again, which always tells you that someone is full of crap.

Have you ever asked yourself what it’s like to be Linus Torvalds? The head of Linux development has now explained exactly that at the Open Source Summit in Lyon: “I read email. I write email. I do no coding at all any more. Much of the code I write I actually write inside my mail reader.” Doesn’t sound like fun, if you ask me. More insights from Linus at The Register.

Facebook has now agreed to pay a £500,000 fine imposed by the Information Commissioner’s Office (ICO) in the UK over the Cambridge Analytica scandal. “It had originally appealed the penalty, causing the data protection watchdog to pursue its own counter-appeal”, the BBC reports. The fine is the maximum amount of money the ICO can impose. It must be laughably small to a company with revenue exceeding $55 billion a year. They only reason they even tried to oppose it must have been to save face in the public perception of the company.

AMD is making a lot of money on its Ryzen stuff, but revenue ist still only up 9% (at $1.8 billion). This is due to the enterprise, embedded and semi-custom (games consoles) sections of its business being down 25% year-over-year. Apparently this is mostly because people aren’t buying PlayStations and Xboxes as they are waiting for the new console generation to be released.

G/O Media, the company owning Gizmodo, The Onion, Kotaku, Deadspin and Jezebel has an open revolt by its editorial staff on its hands after rolling out horrible autoplay video ads on all its properties and then telling Deadspin writers to stick to writing about sports stories on their sports news site. While the ads thing is horrible, one can kinda understand that the owners of these sites object to the editors at their sports publication writing stories like “Woman Furiously S—s on Floor of Tim Hortons, Throws it At Employees”, “What Did We Get Stuck in Our Rectums Last Year” and “The Hateful Life and Spiteful Death of the Man Who Was Vig the Carpatian”. One could even argue they are having the best interests of their readers at heart. But when senior editor Barry Petchesky was told these stories were not what the guys paying his salary wanted to see, but kept publishing them, he was fired – which is kind of understandable. Now all hell has broken lose and staff at all G/O Media publications seems to be in open revolt. This, of course, extends to gaming site Kotaku, which is notorious among gamers for pushing all kinds of political and social agendas instead of just writing things about video games that readers actually want to know. Here’s to hoping this whole thing ends in a crackdown by the owners that sees these sites covering the topics they were set up to cover instead of writing about things stuck in rectums and Luigi’s penis size.

The Truth: Guido van Rossum Retires, GitLab Apologises, More Catalina Woes for Apple Users

Thursday, 31 October 2019

Boo!! And happy Halloween! Here’s all the spooky stuff that has been happening in the IT world today.

Why do I love this job of mine so much? Because if weird stories like this one: “Twitter says a bug in macOS 10.15.1 aka Catalina stops users of the social network’s desktop Mac app from entering certain letters in account password fields. When attempting to type their passwords into the application to log in, some characters are ignored, specifically ‘b’, ‘l’, ’m’, ‘r’, and ’t’. Other programs may also be similarly affected.” No, I’m not making this up… Apparently macOS is interpreting this key presses as shortcut commands. Apple hasn’t said when it intends to fix this. Man, Catalina is turning out to be a rocky road for macOS users. Maybe hold out a bit if you’re an Apple user and haven’t upgraded yet.

British Telecom (BT) has reported their latest earnings and it looks like the company is treading water with a revenue of £11.41 billion, down 2% from last year. The company is blaming this on “the impact of regulation, declines in legacy products, and strategically reducing low margin business.”

Meanwhile, Huawei is doing great, despite the trade war the US is waging on the Chinese hardware manufacturer. Carried by increased demand in its home market, the company has increased sales by 29% and has shipped 66.8 million devices worldwide in the last twelve months. Huawei is therefore gaining on the smartphone market leader, Samsung, who’s also increased its sales. Meanwhile, Apple, in third place, has been dropping sales over the same period.

Microsoft is taking more steps to further lower the already extremely frigid temperatures in hell. The company has now announced that it has signed the Oracle Contributor Agreement and is ready to contribute to OpenJDK.

GitLab has apologised for trying to crank up the tracking of users of its hosted service. The Register sums it up as follows: “VP of product Scott Williamson announced on 10 October that ‘to make GitLab better faster, we need more data on how users are using GitLab’. Williamson said that while nothing was changing with the free self-hosted Community Edition, the hosted and licensed products would all now ‘include additional JavaScript snippets (both open source and proprietary) that will interact with both GitLab and possibly third-party SaaS telemetry services (we will be using Pendo)’. The only opt-out was to be support for the Do Not Track browser mechanism.” The company’s customers, and its staff, it seems, weren’t pleased by this at all. Unsurprisingly, as many are presumably using GitLab to get away from Microsoft tracking them via GitHub. One of GitLab’s own developers commented: “We have plenty of customers who would not be able to use GitLab if it starts tracking data for on-premises installations.” Maybe they should have asked that guy before announcing this change? Anyway, they’ve reversed the change now. “Based on considerable feedback from our customers, users, and the broader community, we reversed course the next day and removed those changes before they went into effect. Further, GitLab will commit to not implementing telemetry in our products that sends usage data to a third-party product analytics service”, says the company’s CEO.

Guido van Rossum, creator of Python, is leaving Dropbox to retire. He’d already stepped down as the Python project lead in 2018. It is currently not known if he will continue work on Python at all.

The Register wins headline of the day, if not of the week with this beauty – Xiaomi the way to go phone: That would be with a 108MP camera by the looks of things.

The Truth: Fuselage Cracks in Boeing’s 737 NG, No Political Ads on Twitter, Hacker Uses Smart TV to Defraud Amazon Customer

Friday, 1 November 2019

Oh, look at that! It’s already Friday. The weekend is here! But wait, before you go, here’s a quick overview of the tech news from today.

Boeing is in trouble because of the 737 again. This time it isn’t the Max 8 model, but its predecessor, the 737 NG line. It’s developing cracks in the fuselage and several airlines have grounded their planes as a result of it. Forbes writes: “Earlier this month, U.S. regulators ordered the inspection of hundreds of 737 NG planes in the U.S. that had completed more than 30,000 takeoff and landings (or cycles), after the plane maker reported problems with its pickle fork –the section that attaches the main body of the plane to the wings. But the recently grounded Qantas plane had flown less than 27,000 miles, according to the airline, with none of its 737 NG planes had completed 30,000 cycles. The Federal Aviation Administration is now seeking to widen the number of 737 NGs being inspected.” According to Boeing, as quoted in an ABC report, “the cracks do not compromise safety”.

Apples AirPods Pro can’t be repaired at all, because of “Apple’s liberal use of alcohol-resistant adhesives, which makes it almost impossible to separate components without causing serious damage”. The company that continues to pat itself on the back in ads and press releases about how green their tech is apparently just doesn’t want you to repair anything. Better buy new stuff. More money for Apple. But hey, at least these earphones won’t come apart when you drop them in your beer, right?

Twitter is stopping all political ads on its platform. Permanently, world-wide. Apparently they don’t like money. I wonder what their shareholders think of this…

In case you hadn’t noticed: It’s earnings season. Today, it’s Samsung’s turn. They’re not doing so well. In Q3, their profits were down 56%. Due to a “weakness in the memory chip market”, Samsung says. They still made $6.6 billion, though, so I guess they’re drying their tears with hundred dollar bills over there.

A guy on Reddit discovered that hackers are connecting smart TVs to other people’s Amazon accounts to purchase gift cards with the unsuspecting customer’s money. They then presumably sell the gift cards for cash. Apparently this is very hard to detect, even for Amazon, as non-Amazon devices attached to an Amazon account don’t show up in the customer’s settings or, indeed, in Amazon’s internal system. Why the hell Amazon lets people connect devices and then hides them, even from itself, is a mystery, it seems. The Register has the full story, if you’re interested.

“DeepMind’s AlphaStar AI bot has reached Grandmaster level at StarCraft II, a popular battle strategy computer game, after ranking within the top 0.15 per cent of players in an online league”, The Register reports.That means it’s better than 99.8% of all human players. Which, I guess, is about the level of a pro player of the game. It’s hard to say how representative these results are, though, as the AI only played a few hundred matches.

The developer of Notepad++, an open source text editor for Windows, has been pissing people off again. The release of version 7.8.1 of his software caused a Twitter shitstorm and denial of service attacks. Why? “Notepad++ v7.8.1 was designated the Free Uyghur edition, in reference to the predominantly Muslim ethnic group in western China that faces ongoing human rights violations and persecution at the hands of Beijing.” This isn’t the first time, either. “Previous politically-themed Notepad++ releases have focused on Tiananmen Square and the terrorist attack on French satirical publication Charlie Hebdo.”

And that’s it for The Truth for this week. I’ll see you on Monday. Until then, I’ll leave you with a song from Disco Elysium, a video game I’ve been enjoying massively in the last few weeks. In the game, you’re a drunken, heartbroken wreck of a detective …and you can sing karaoke. If you do, here’s the song he sings: The Smallest Church in Saint-Saëns.

Header image credit: Marcus P.