The Truth: Emergency IE Patch, Poettering Gunning for /home, DRM for Nerf Darts

Tuesday, 24 September 2019

Welcome to the second ever edition of The Truth. Thanks for subscribing! On this fine Tuesday, we have a couple of dystopian stories including Nerf dart DRM, an emergency Windows patch and two interesting court decisions in Texas and the EU. Additionally, Lennart Poettering is gearing up to get some more flak from the Linux community.

When Microsoft issues security fixes outside of their normal second Tuesday of the month routine, it’s time to pay attention and make sure you’ve gotten these updates on your systems. This time, they’ve fixed Internet Explorer which is still, for better or worse, part of all Windows installations. The vulnerability, designated CVE-2019-1367, is a memory corruption bug that can lead to remote code execution. And there are malicious websites out there that exploit it right now, which explains Redmond’s haste to get the fix out.

Remember yesterday’s Chef story? Well, the company behind the open source configuration management tool is caving to the pressure from the community and has promised never to work with the US government agencies Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) ever again. They are going to honour the contracts that started the whole kerfuffle, but these should run out over the next year.

Not only does “going serverless” involve actual servers somewhere, it can also be worse than using actual servers. And much more work. The Register has a nice field report of a devops engineer on the topic.

IBM is currently involved in a lawsuit in Texas where the plaintiff alledges the company was running an ageist scheme to replace older workers with millenials – this was apparently called “Operation Baccarat”. The company has been trying to limit the discovery in the case and the judge is now so fed up with it, that he has granted the plaintiff access to emails from the company’s CEO Ginni Romettey and her team. As part of his ruling, the judge stated: “The fact that IBM has chopped itself into bits and pieces for organizational purposes does not mean that discovery must remain similarly organized.” Funnily enough, the case is being tried in Austin by federal magistrate judge Andrew W. Austin.

Lennart Poettering, of pulseaudio and systemd notoriety, has announced plans to modernise home directories in Linux. He wants to make them portable (think /home on a USB drive) and give you the ability to more easily encrypt them, which should be especially beneficial for laptop users. His encryption plans should also make home directories more secure in general and prevent privileged processes from having access if they don’t actually need it. Coming from Poettering, there is almost certainly going to be opposition to these ideas as many long-time Linux users are still mad about pulseaudio and hardliners resent systemd for unnecessarily trying to fix problems that do not exist (in their eyes). Side note: I wrote this story up for Heise here (German).

Why are there more and more data leaks happening now? A McAfee study suggests its because a lot of companies are putting their data in the cloud without understanding how the underlying software is configured. Why doesn’t this surprise me at all?

The European Court of Justice has ruled that the EU’s Right To Be Forgotten does not extend outside of the borders of the European Union, because they are no legal mechanisms for that. This comes as the result of a lawsuit by the French data protection agency Commission nationale de l’informatique et des libertés (CNIL) brought against Google. This means that Google does not have to delete information on EU citizens for search users outside of the EU. The decision also limits the perceived broad range of the law inside the EU somewhat by stating that in some cases freedom of information for all web users is more important than the privacy of an individual.

Hasbro has created new Nerf darts that fly much farther than the old ones – up to about 36 metres, they say. The new Ultra One blaster has a substantial downside too, though: It’s got DRM for darts. According to the Wall Street Journal, “if the blaster detects an incompatible dart in the drum, it won’t fire and will skip to the next chamber.” That’s some real Judge Dredd level distopian shit right there.

Speaking of dystopian shit: A company has released 100,000 stock photos of faces that don’t actually exist. These were computer generated with machine learning algorithms based on over 29,000 photos of 69 real people. Since the resulting images are computer generated, you don’t need to clear any pesky rights with the model if you want to use them. The downside is that some of them are very, very creepy, though.

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.