The Truth: OpenSSH 8.1, SAP Gets Two New CEOs, Trump on Twitch

Friday, 11 October 2019

TGIF. Here’s the final edition of The Truth for this week. Reading all the boring tech news, so you don’t have to. The interesting stuff you need to know about is as follows:

If you use the macOS terminal emulator iTerm2, you should patch it. Now. A vulnerability (CVE-2019-9535) in older versions of the app “could allow an attacker to execute commands on a computer using the application”. Version 3.3.6 is safe, get it here. The vulnerability in the open source program was found during an audiot sponsored by Mozilla.

OpenSSH 8.1 is out and some guy wrote about it for Heise (German). It includes protections for crypto keys while they are held in RAM, to protect against side channel shenanigans like Meltdown, Spectre and Rambleed. They specify this in the changelog: “This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large prekey consisting of random data (currently 16KB).”

End-of-Life updates from Microsoft: Windows 10, version 1703 is now no longer supported. Version 1803 will meet its end on 12 November.“You may still have devices running these versions in your environment. To continue to receive quality updates beyond these dates, you will need to update those devices to the current version of Windows 10, version 1903”, say the guys in Redmond.

Bill McDermott, CEO of SAP, is stepping down. They are going for the two-headed giant approach now: “Just like Oracle, SAP has opted to split the CEO roles between two people in a decision already approved by the board. Jennifer Morgan, who was president of the SAP’s cloud business – succeeding Robert Enslin – and oversaw Qualtrics, SuccessFactors and Concur, among other things, takes one half. The other goes to Christian Klein, who was most recently COO.” This apparently makes SAP the first DAX company ever to have a female chief executive. Note: The DAX is the stock market index of the 30 most important German companies. SAP has been a member since 1995; the company was founded in 1972.

Donald Trump has opened a Twitch channel. You can say about the guy what you want, he’s always been on the forefront of new technologies when it comes to politics.

Microsoft is the latest victim of the craze that sweeps the nation over in the US: Lobbying your company to stop selling software to the government agency ICE. “Microsoft and its GitHub subsidiary are under fire from some of their own employees over service contracts with America’s controversial Immigration and Customs Enforcement (ICE) agency. A number of workers at both tech organizations, overseen by Redmond CEO Satya Nadella, have issued open letters demanding executives step in and kill contracts with the agency that has become notorious for its poor treatment of asylum-seeking immigrant families”, The Register reports. And I’m still here wondering why ICE is suddenly controversial now, as opposed to when it was founded and received its current remit under George W. Bush. Or when it started building holding facilities with cages to start separating kids from their parents under the Obama administration.

After the Chaos Computer Club published Ursula von der Leyen’s fingerprint based on a photo, this story shouldn’t surprise me. But it still kinda does. “A Japanese man indicted on Tuesday for allegedly attacking a 21-year-old woman last month appears to have found where his victim lived by analyzing geographic details in an eye reflection captured in one of her social media photos. According to Japanese broadcaster NHK, the man located the woman’s residence by matching the reflected image of a train station she frequented to a Google Street View image and waiting for her so he could follow her and find where she lived.” Incredible.

Eye Reflection Stalker Post

And with that, I’ll wrap up The Truth for the week. Remember: Be careful what’s reflecting in your eyes when you post pictures on social media! As the sun is slowly setting here in Hamburg, I once again leave you with a song, this time by Bruce Springsteen. For everyone who’s currently about twenty-five hundred miles from where they wanna be: Sundown from the Film Western Stars.

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.