The Truth: Android Patches, Another Data Leak at Facebook, Xerox Wants to Take Over HP

Wednesday, 6 November 2019

Hey, look at that, hump day again! Well, there weren’t that many interesting stories floating around today, but I’ve managed to pick out a good handful anyway. Some crazy stuff in there, too.

First of all, it’s Android Patch Day for November. Google has fixed 38 security vulnerabilities in the two patch levels 2019-11-01 and 2019-11-05. According to Google, “the most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.”

Uber’s self-driving car that hit and killed a woman in 2018 did so, because the AI wasn’t designed to deal with pedestrians in the road. Let that sink in for a minute. It wasn’t designed to deal with pedestrians in the road. What. The. Fuck. “Some 5.6 seconds before hitting her, the car’s radar detected Herzberg, and at 5.2 seconds, she was picked out by the Lidar. However, the machine-learning system more or less ignored her, figuring her to be a non-moving object not in the vehicle’s way. As the robo-vehicle drew nearer, it categorized her variously as a vehicle, a bike, or some other thing that was not, or was only partially, in its way. Just 1.2 seconds before hitting her, it identified her not only as a bicycle but also clearly in the path of its travel, by which point it was far too late to change course.” Yes. AI is definitely the future.

The Register is reporting that Xerox is apparently considering a buyout of HP, which has three times its market cap. Crazy. “According to the Wall Street Journal, the board at Xerox convened yesterday to consider a combined cash and stock offer. NYSE-listed HP currently has a market cap of $27.27bn, but clearly shareholders will want more than that. At this stage, there is no certainty that Xerox – which is itself valued at $8.05bn on the NYSE – will launch an opening bid, loquacious folks close to the situation told the paper.” HP hasn’t been doing so well, as I’ve also written about in The Truth recently. “HP has surfed the wave of the Windows 10 PC refresh to remain the second largest shifter of PCs in the world, behind Lenovo, but HP has been hit hard by the growth of cloned or remanufactured print supplies, and by the general downturn in printing.”

Facebook has had yet another user data leak to third parties. The Verge reports that “Facebook says that even after it locked down its Groups system last year, some app developers retained improper access to information about members. A company blog post reports that roughly 100 developers might have accessed user information since Facebook changed its rules in April of 2018, and at least 11 accessed member data in the last 60 days. It says it’s now cut all partners off from that data.” They keep messing this shit up.

Somebody is trying to make another desktop-focused BSD version: “Joe Maloney of iXsystems has lifted the wraps on FuryBSD, a new desktop BSD focused on tight integration with FreeBSD.” Apparently the guy used to work on TrueOS, formerly PC-BSD.

NPM now has a funding command. From NPM 6.13.0 onwards, “developers creating packages for the JavaScript runtime environment Node.js can declare metadata that describes where would-be donors can go to offer financial support. Doing so involves adding a funding field to package.json, a file that lists various module settings and dependencies. The funding field should be a URL that points to an online funding service, like Patreon, or payment-accepting website. Thereafter, application programmers using these modules can run npm fund <package name></code>, and that will open the designated funding service link in the user’s default browser for credit card input and so on.”


This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.