Welcome to issue 138 of my daily tech and policy newsletter FOXTROT/ALFA! Today is Wednesday, 26 August 2020 and before I get into what else happened today, let me plug the podcast episode I’ve just released before sitting down to write this. On episode 36 of The Private Citizen, I discuss the recent intelligence scandal in Denmark and use it to explain the importance of whistleblowers to the general public. Maybe that’s something you’re interested in. In any case, here’s your overview of what happened in tech today:

OpenZFS is Now in FreeBSD

More file system news! After yesterday’s announcement of Btrfs becoming the default file system in Fedora, today we learn that OpenZFS will be integrated into FreeBSD.

On Tuesday years of work culminated in the integration of OpenZFS, an open-source storage platform, into the code base of the FreeBSD operating system. The union took the form of a code merge committed by Matthew Macy, a senior software engineer at IX Systems who contributes to both projects. “The primary benefit is maintaining a completely shared code base with the community allowing FreeBSD to receive new features sooner and with less effort,” he wrote in the FreeBSD log message.

Back in January, Linus Torvalds, who oversees development of the Linux kernel, indicated the ZFS file system has to remain separate from the kernel tree due to concerns about litigation from ZFS-trademark owner Oracle. “Don’t use ZFS,” he said. “It’s that simple.” Matthew Ahrens, who co-founded the ZFS project at Sun Microsystems back in 2001, told The Register in a phone interview that Torvald’s dismissal of ZFS stemmed from a situation that didn’t actually exist, a proprietary version of ZFS used in conjunction with Linux. Torvalds, he said, is rightfully suspicious of closed source extensions to Linux and of Oracle. But Torvalds didn’t mean OpenZFS, he insisted.

Wikipedia sums up OpenZFS as follows:

OpenZFS is an open-source storage platform that encompasses the functionality of traditional filesystems and volume manager. It includes protection against data corruption, support for high storage capacities, efficient data compression, snapshots and copy-on-write clones, continuous integrity checking and automatic repair, remote replication with ZFS send and receive, and RAID-Z. Illumos, which is derived from OpenSolaris, provides upstream source code for other ZFS implementations. While there are various differences between the illumos ZFS codebase and other open-source implementations of ZFS, OpenZFS is strategically reducing existing platform-related differences in order to ease sharing of the source code.

WordPress Admins Beware of Autoptimize Vulnerabilities

The developers of the Autoptimize plugin for WordPress have released version 2.7.7 of their software, which fixes two critical vulnerabilities. Autoptimize is used to improve loading speeds of WordPress sites and has been installed on millions of WordPress installs. A proof-of-concept for one of the vulnerabilities is imminent and the word is that remote code execution is possible. So you probably will want to patch as soon as possible if you are using this thing.

Jings, crivens, help ma boab!

So apparently the whole Scots language Wikipedia was written by one guy …who doesn’t speak Scots.

In an extraordinary and somewhat devastating discovery, it turns out virtually the entire Scots version of Wikipedia, comprising more than 57,000 articles, was written, edited or overseen by a netizen who clearly had nae the slightest idea about the language. The user is not only a prolific contributor, they are an administrator of sco.wikipedia.org, having created, modified or guided the vast majority of its pages in more than 200,000 edits. The result is tens of thousands of articles in English with occasional, and often ridiculous, letter changes – such as replacing a “y” with “ee.”

That’s right, someone doing a bad impression of a Scottish accent and then writing it down phonetically is the chief maintainer of the online encyclopedia’s Scots edition. And although this has been carrying on for the best part of a decade, the world was mostly oblivious to it all – until today, when one Redditor finally had enough of reading terrible Scots and decided to look behind the curtain. “People embroiled in linguistic debates about Scots often use it as evidence that Scots isn’t a language, and if it was an accurate representation, they’d probably be right,” noted the Reddit sleuth, Ultach. “It uses almost no Scots vocabulary, what little it does use is usually incorrect, and the grammar always conforms to standard English, not Scots.”

It’s not clear whether the Wikipedian – who identifies as a Christian furry living in the US – has spent the past near-decade creating thousands of fake posts as some kind of incredible practical joke, or that they honestly felt they were doing a good job. There have been occasional interactions with real Scottish folk taking exception to pages, and the administrator has responded in a dead-pan fashion.

“The Wikipedian who identifies as a Christian furry living in the US” …I mean …you literally can’t make this shit up. What the hell.

Amazingly, the dreadful quality of the Scots-language version was the focus on an article five years ago when Slate noted that “at first glance, the Scots Wikipedia page reads like a transcription of a person with a Scottish accent,” while covering a request to Wikipedia that the entire sco.wikipedia.org archive be deleted.

Jesus. They delete everything else claiming it ain’t relevant but this shit sticks? My gods.

“Joke project. Funny for a few minutes, but inappropriate use of resources,” argued the proposer for its deletion, before they were attacked by angry Wikipedians who pointed out it was a “real language, lots of people who speak it,” and, they noted, there was “decent activity” on the pages. Decent, it turns out, because it was all being made up by someone who can’t speak a word of Scots. “Proposer should educate him/herself in linguistic diversity,” the Wikipedia collective sniffly concluded.

Great. You fucking Millennial douchebags. Your diversity is a diversity of idiocies.

“This is going to sound incredibly hyperbolic and hysterical,” noted Ultach, “but I think this person has possibly done more damage to the Scots language than anyone else in history. They engaged in cultural vandalism on a hitherto unprecedented scale. Wikipedia is one of the most visited websites in the world. Potentially tens of millions of people now think that Scots is a horribly mangled rendering of English rather than being a language or dialect of its own, all because they were exposed to a mangled rendering of English being called Scots by this person and by this person alone.”

That view was backed up by the chief scientist at text analytics company Luminoso, Robyn Speer, who noted that several large language detectors use Scots Wikipedia as a reference. “I believe that the cld2, cld3, and fastText language detectors all have Scots (sco) as one of the languages they claim to detect, and all of them are getting their belief about what Scots is from Wikipedia,” she noted. In other words, fake Scots language is rapidly becoming real Scots online. And all because of a prolific apparent non-Scot. The jig may be up though: the administrator’s talk page has been taken over by some extremely non-plussed folk: “Please stop before you cause anymore harm. Embarrassing,” says one.

Apple Forces Fortnite Split

Speaking of idiocies, here’s one thanks to Apple’s dumb-ass rules:

Fortnite’s next season arrives tomorrow, but if you’re on iOS or macOS, you won’t be able to play it, Epic announced today. And we’re learning that’s not all: players on iPhone, iPad, and Mac will also lose cross-play Fortnite multiplayer with non-Apple platforms, Epic confirms to The Verge. That means players on Apple platforms will be stuck on the current version of Fortnite, and they’ll only be able to play with one another.

Essentially, the legal fight with Apple will, in short order, split Fortnite into two. On PlayStation 4, Xbox One, Nintendo Switch, PC, and Android, Fortnite players will have access to all of the new content that’s set to arrive with the potentially Marvel-themed new season. Most new Fortnite seasons pack in significant changes, including updates to the map, new cosmetics, and new in-game rewards as part of the game’s battle pass subscription. If you’re a Marvel fan, it could be a particularly interesting one. On Apple devices, though, players will miss out on all of that new content. The game will basically be in stasis.

This dark timeline was anticipated. The trouble started on August 13th when Epic added a direct payment mechanism to Fortnite that violated Apple’s rules. Soon after, Apple booted Fortnite from the App Store, which kicked off Epic’s orchestrated campaign against the iPhone maker. Epic sued Apple; published a short video parodying Apple’s “1984” commercial; posted an extensive blog calling on players to tweet the hashtag #FreeFortnite; and, a week later, announced an in-game tournament with anti-Apple Fortnite cosmetics and real-world swag. Epic was prepared for war.

To complicate things further, Apple has been cleared, at least for now, of any duty to return Fortnite to the iOS App Store, since a judge refused to grant a temporary restraining order against Apple on that basis. The court order did prevent Apple from removing all of Epic’s developer accounts for now, leaving intact the one linked with Epic’s Unreal Engine and its associated licensing business. A hearing on a preliminary injunction is scheduled for September 28th and could change either of these temporary legal decisions into more permanent ones for the length of the trial.

The sheer magnitude of bullshit courts have to concern themselves with these days boggles the mind.

Local File Leak Vulnerability in Safari

Want to trick someone on iOS or macOS to mail you their files without realising it? Now you can:

Pawel Wylecial, a security consultant with Redteam.pl, has published a proof-of-concept exploit for stealing files from iOS and macOS devices via web application code that utilizes the Web Share API. The security flaw, which isn’t too scary as it requires some user interaction, has not yet been repaired, though a patch is being worked on.

The exploit involves getting someone to open in Safari a web page with a button that triggers the WebShareAPI in a way that launches native Mail or Gmail apps. In doing so, the message can attach a file from the local system, such as the browser history and other sensitive files, while hiding the attachment from view. It probably works with other iOS browsers too because Apple forces all iOS browsers to use its WKWebView class, which implements the WebShare API, for rendering web content.

Wylecial claims to have revealed the flaw in April to Apple, which after several unresponsive months recently asked for disclosure to be delayed until Spring 2021, when the company thought it might get around to issuing a security update. Finding it unreasonable to be asked to wait for a year, Wylecial went ahead and published details about the flaw.

Also Noteworthy

Other things I’ve been reading today:

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.