The Truth is my newsletter on tech news and policy. This is an archive of the issues of week 39 of 2019.

Get the newsletter delivered directly to your inbox every weekday. I promise I won’t send more than one email a day and you won’t get any spam from me. Sign up here:

powered by TinyLetter

The Truth: Google Assistant Opt-In, Nintendo Turns 130, YouTube in Trouble Over Verification Changes

Monday, 23 September 2019

Welcome to the inaugural edition of The Truth, my newsletter bringing you the latest from the wild frontier of technological progress. Today, Nintendo turns 130 and Google finally reacts to massive criticism after the discovery that their Assistant sent voice recordings off to the mothership to be analysed by humans. We also mourn actor Aron Eisenberg of Deep Space Nine fame, who has passed away.

After journalists had uncovered that many smart home devices and personal software assistants like Alexa and Google Assistant save voice commands to have them reviewed by humans, Google is now belatedly changing its policy to make all of this behaviour opt-in – as it should have been in the first place. Under the cynical heading of “Doing more to protect your privacy with the Assistant”, the company lays out its new policies. They go so far as to apologise, even if it comes across as a bit grudgingly.

Nintendo was founded today, exactly 130 years ago. The company started in 1889 as a playing card manufacturer.

A Russian hacker who’s been arrested for hacking several banks is claiming that a convicted spy, ex-lawman and ex-head of Kaspersky’s incident investigation department blackmailed him into perpetrating the crime. According to reports, the ex-policeman told the hacker at his arrest: ”Remember me? If you say a word about how we worked, I’ll find you in prison too.”

Meanwhile, members of Bulgarian phishing gangs actually live with their parents – it’s just like the script of a bad comic book.

The old scare story of video games being so addictive, that gamers starve because they forget to stop playing, is back. This time as a PR stunt for food delivery company Deliveroo, as a gaming parlour in Bristol has installed burrito emergency buttons so that gamers won’t die of hunger. At least the burritos are free.

A day after announcing changes to its verification programme, YouTube is now backtracking on the decision. After a massive outcry from creators, all currently verified YouTubers will keep their “verified” badge. The Verge reports: “All YouTubers who are currently verified will get to keep their verification status, and YouTubers who are not yet verified will still be able to apply for it once they hit 100,000 subscribers, as creators have in the past. Only a single key change isn’t being reversed: YouTube will actually verify that channels are authentic, whereas in the past it seemingly has not thoroughly taken this very obvious step.” YouTube had originally tried to limit its version of the blue check mark to big brands and celebrities, which would have meant no chance to get the coveted status for random Joe Shmoes with a webcam and a loyal following.

Spotify is also changing things. The music service will now periodically ask for the users’ address if they use the family subscription. Because, as we all know, you can only be a family if everyone lives in the same house.

Apple has broken things with iOS 13 for games that need precise controls, it seems. It’s so bad that the developers of Fortnite and PUBG are actually urging people not to upgrade to the new version of the OS. Which might be prudent as other reports say they also broke security and privacy features.

In the open source world, the company behind the configuration management tool Chef is in hot water after selling licenses to the US government agency Immigration and Customs Enforcement (ICE). Yeah, the nasty guys who separate kids from their parents. One independent developer was so upset, he pulled his Ruby gem from the software, causing some workflows to break. Telling The Register ”I’m not trying to make a political statement” in those circumstances is a bit rich, though.

Deep Space Nine actor Aron Eisenberg has died at the age of 50. He played Nog, the Ferengi kid and friend of Jake who later joins Starfleet as the first Ferengi to do so. It’s not been publicised why he died, but he’s suffered from kidney problems all of his life. Farewell and thanks for all the memorable scenes!

The Truth: Emergency IE Patch, Poettering Gunning for /home, DRM for Nerf Darts

Tuesday, 24 September 2019

Welcome to the second ever edition of The Truth. Thanks for subscribing! On this fine Tuesday, we have a couple of dystopian stories including Nerf dart DRM, an emergency Windows patch and two interesting court decisions in Texas and the EU. Additionally, Lennart Poettering is gearing up to get some more flak from the Linux community.

When Microsoft issues security fixes outside of their normal second Tuesday of the month routine, it’s time to pay attention and make sure you’ve gotten these updates on your systems. This time, they’ve fixed Internet Explorer which is still, for better or worse, part of all Windows installations. The vulnerability, designated CVE-2019-1367, is a memory corruption bug that can lead to remote code execution. And there are malicious websites out there that exploit it right now, which explains Redmond’s haste to get the fix out.

Remember yesterday’s Chef story? Well, the company behind the open source configuration management tool is caving to the pressure from the community and has promised never to work with the US government agencies Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) ever again. They are going to honour the contracts that started the whole kerfuffle, but these should run out over the next year.

Not only does “going serverless” involve actual servers somewhere, it can also be worse than using actual servers. And much more work. The Register has a nice field report of a devops engineer on the topic.

IBM is currently involved in a lawsuit in Texas where the plaintiff alledges the company was running an ageist scheme to replace older workers with millenials – this was apparently called “Operation Baccarat”. The company has been trying to limit the discovery in the case and the judge is now so fed up with it, that he has granted the plaintiff access to emails from the company’s CEO Ginni Romettey and her team. As part of his ruling, the judge stated: “The fact that IBM has chopped itself into bits and pieces for organizational purposes does not mean that discovery must remain similarly organized.” Funnily enough, the case is being tried in Austin by federal magistrate judge Andrew W. Austin.

Lennart Poettering, of pulseaudio and systemd notoriety, has announced plans to modernise home directories in Linux. He wants to make them portable (think /home on a USB drive) and give you the ability to more easily encrypt them, which should be especially beneficial for laptop users. His encryption plans should also make home directories more secure in general and prevent privileged processes from having access if they don’t actually need it. Coming from Poettering, there is almost certainly going to be opposition to these ideas as many long-time Linux users are still mad about pulseaudio and hardliners resent systemd for unnecessarily trying to fix problems that do not exist (in their eyes). Side note: I wrote this story up for Heise here (German).

Why are there more and more data leaks happening now? A McAfee study suggests its because a lot of companies are putting their data in the cloud without understanding how the underlying software is configured. Why doesn’t this surprise me at all?

The European Court of Justice has ruled that the EU’s Right To Be Forgotten does not extend outside of the borders of the European Union, because they are no legal mechanisms for that. This comes as the result of a lawsuit by the French data protection agency Commission nationale de l’informatique et des libertés (CNIL) brought against Google. This means that Google does not have to delete information on EU citizens for search users outside of the EU. The decision also limits the perceived broad range of the law inside the EU somewhat by stating that in some cases freedom of information for all web users is more important than the privacy of an individual.

Hasbro has created new Nerf darts that fly much farther than the old ones – up to about 36 metres, they say. The new Ultra One blaster has a substantial downside too, though: It’s got DRM for darts. According to the Wall Street Journal, “if the blaster detects an incompatible dart in the drum, it won’t fire and will skip to the next chamber.” That’s some real Judge Dredd level distopian shit right there.

Speaking of dystopian shit: A company has released 100,000 stock photos of faces that don’t actually exist. These were computer generated with machine learning algorithms based on over 29,000 photos of 69 real people. Since the resulting images are computer generated, you don’t need to clear any pesky rights with the model if you want to use them. The downside is that some of them are very, very creepy, though.

The Truth: A New Red Hat Distro, Google on the Warpath with Publishers, TeamViewer IPO

Wednesday, 25 September 2019

Welcome to The Truth, my daily tech newsletter. Today, we have a new Linux distribution being announced by Red Hat, the biggest tech IPO in Germany since the dotcom bubble and Google showing the big publishers what it thinks of their copyright reform. I also rip a PR company a new one for sending me unsolicited crap.

There seems to be a zero-day vulnerability in the much used forum software vBulletin that is being used for attacks as we speak. Versions 5.0.0 to 5.5.4 are vulnerable to having malicious code injected, according to a report on the Full Disclosure mailing list.

Are you still using ColdFusion? If you are, you should deploy some fixes for CVE-2019-8072, CVE-2019-8073 and CVE-2019-8074. Also: WHY THE HELL ARE YOU STILL USING COLDFUSION???

Is Fedora too cutting edge for you, but you find RHEL or CentOS too stale? Well, Red Hat’s got you covered because there is now a new distro called CentOS Stream that is supposed to slot in right between Fedora and RHEL. Red Hat says it’s aimed at developers, rather than admins and devops types. At first I thought “who needs another Red Hat distro?” but the more I think about this, the more sense it makes, actually. I’ve always been more on the developer-y side with my Linux usage and this seems to be right down my alley.

An while we’re on the topic: Concurrently with CentOS Stream, CentOS 8 has also been released.

TeamViewer just IPO’d in Germany. The shares quickly fell under the issue price of 26.25 euros and are currently hovering at around 25 euros. The company say they are happy with the results at what is being reported as the biggest tech IPO in Germany since the dotcom bubble burst. It’s not like there is much competition in this field, though. Germany isn’t exactly known for prodigious tech IPOs.

So, here’s some fun bullshit: This PR company sends me some unsolicited press release about Google’s birthday, which is on Friday (Google was officially founded on 27 September 1998). It was sent to a generic contact address, which means I’ve never agreed to be placed on their PR list – in other words a clear violation of the GDPR. And to make it even better, they specify an embargo date of Friday, 27 September. Which is all well and good, but sadly I never agreed to receive embargoed information from them. Which means I refuse to be bound by their terms, which is what they should have assumed in the first place. So then, what is this secret information they sent me? It’s research that claims less than a fifth of consumers trust search results and only 63% of consumers start “their online journey” with a search engine. Bullshit! You guys do know that entering anything other than a complete URL in a browser address bar will get you to a search engine page, right? And who brings you this groundbreaking research? A company called Yext. Never heard of them? Well, they say they are “leading brands into the future of search.” Well, I think they need to learn more about search first. And they probably need a better PR agency, too.

What’s happening with the Atari VCS console, you ask? Nothing, it seems. People are trying to find out where their pre-order money went, but it isn’t going very well. “Atari responded by… deleting the post. On a Reddit forum that it didn’t run but had been invited to serve as a moderator. That also did not go over well. In fact, it’s safe to say that people went into somewhat of a rage. So Atari responded by… deleting all the subsequent angry comments. At which point its representatives had their moderator rights removed. So Atari responded by… setting up its own subreddit where it has continued to delete posts and comments it doesn’t like.” Ouch. They also need a better PR agency.

If you need some cheering up after that, The Register has published a great review of the book How JavaScript Works. Believe me, it’s a lot less boring than it sounds. Worth a read.

After the EU copyright reform – which was largely pushed through via lobbying from big European publishing companies, many of them in Germany – the publishers thought they’d be in a position to get more money from Google for all the content that Google apparently steals from everyone. Well… “Google will not pay press publishers in France to display their content and will instead change the way articles appear in search results, a senior executive said on Wednesday.” Doesn’t look like Google is going to play ball. On the contrary: “We don’t accept payment from anyone to be included in search results. We sell ads, not search results, and every ad on Google is clearly marked. That’s also why we don’t pay publishers when people click on their links in a search result.” Them’s fighting words. They’re only going to show headlines in France from now on. The country is so far the only member state that has local laws going on the books to satisfy the new EU rules (member countries have two years to pass the EU directive as local laws). Interestingly, this is being reported on Politico which, as they point out in the piece, is owned by Springer – one of the biggest proponents of this reform.

A Silicon Valley company that wanted to build giant fighting robots that cost millions of dollars has gone bankrupt, reports TechCrunch. No shit.

The Russian space agency Roscosmos says they figured out how that mysterious hole got into the Soyuz capsule. Naturally, they won’t tell anyone. I wonder if they told the NASA and ESA astronauts who were also on board? Probably not. Old habits die hard.

Thursday, 26 September 2019

Good evening and thanks for subscribing to The Truth! Here’s your daily look at the madness that is the world of IT. Today we have Google breaking things, patent trolling, Quake II finally coming to Germany and Gmail going dark.

Cisco has published its scheduled half-yearly collection of security patches. This time, the company fixes 29 bugs in devices running the IOS and IOS XE operating systems. If you’re administering these things, you probably know about it already. If not, why are you still reading this? Get patching!

A Chrome update has been breaking the file system on some Mac systems. Google has stopped shipping the misbehaving update for now. Apparently it broke so many Mac Pros used for video and audio editing that Avid, the maker of Media Composer and Pro Tools, started to investigate the problem before Google finally fessed up to it. It only affects Macs with System Integrity Protection (SIP) disabled, which means mostly macOS 10.9 and 10.10 – everyone else should have no problems unless they disabled SIP manually. The Register has a command line fix users can perform from Recovery mode to get their systems to boot again.

Patent troll alert! The GNOME Foundation, who produce arguably the most popular Linux desktop environment, are being sued over their photo management app Shotwell. The case is being handled at the US District Court for Northern California and has been brought by Rothschild Patent Imaging LLC because it has a patent for what it calls “a wireless image distribution system and method”. Apparently software maker Magix has been sued over the same patent. The GNOME Foundation is of the opinion that the patent is “baseless” and will “vigorously defend against” it, they say.

We now live in a time where having a dark mode is a headline feature for an app that you can lead with in the release announcement. Today, Gmail is going dark. Shoot me now.

Dropbox wants to make your workday easier to handle by hiding emails and chat messages from you. The new service is called Dropbox Spaces and uses machine learning. Of course it does. And of course you need to feed it all your data for this to work. And most likely, you’ll be feeding it your data and it won’t work. As The Register aptly sums it up: “Much of this wonderful future capability, like a lot of Silicon Valley announcements these days, is predicated on artificial intelligence capabilities that simply don’t exist right now.”

One of the kids from the TalkTalk hack back in 2015 has now been indicted in the US for allegedly hacking the cryptocurrency exchange EtherDelta in 2017. The guy is now 19 and apparently can’t stop hacking into things. According to The Register he was just in court in the UK last month, also over computer misuse offences.

Samuel L. Jackson will lend his voice to Amazon’s Alexa assistant. I’m not making this up. I’ll be seriously impressed if they actually leave the swearing in.

Magic The Gathering Arena, the best way to play the oldest collectible card game in the world digitally, has left the beta phase today. They’ve also launched Throne of Eldraine, the latest expansion to the game which is themed after classic fairy tales. The physical cards for the expansion come out on 4 October.

For the first time since 1997, id Software is allowed to sell Quake II in Germany. The local censor Bundesprüfstelle für jugendgefährdende Medien (BpjM) has now removed it from the ban list (the original Quake was removed in 2011). This means the original version of the game and the raytracing remake Quake II RTX are now both available on Steam from within Germany. Heise is reporting on it here (German).

Editorial note: It seems TinyLetter has been having problems sending The Truth out to everyone. In case you do not get your email, you can always read any issue of this newsletter on the blog after the fact.

The Truth: GSG 9 Raid on German Server Farm, Samsung Galaxy Fold Broken (Again), Stallman Remains Chief

Friday, 27 September 2019

Welcome to the last edition of The Truth for this week. Reading IT news, so you don’t have to. On today’s docket, there’s Google’s birthday, a raid on a German server farm, more problems with the Samsung Galaxy Fold, US immigration authorities spotting terrorists with Google Translate and much more.

Apple is saying it’s fixed all of those annoying iOS bugs: battery drain, keyboard bugs, the backup restore bug and more. And iOS 13.1.1 is now available for you to install. No word yet if those PUBG and Fortnite touch issues are resolved. I’ll try to keep you updated on that. After all, that’s what we really care about.

Today is Google’s birthday, well at least officially. Google is now 21 years old. The Register celebrates by remembering when they were the good guys and how the company has changed since then.

Reapeat after me: Electronic voting is bad! Never, ever, under any circumstances vote electronically. Paper is good, the computer is evil. Remember that, always. If you needed any more proof, here’s some from this year’s DefCon security conference: “Basically, the organizers say, voting systems are just as vulnerable as they had been shown to be in past years. At this year’s conference, the attendees once again met no or little resistance getting into the machines and manipulating everything from vote counts to the system firmware or BIOS.”

German Federal Police special anti-terrorism unit GSG 9 together with more than 600 other police operators have raided a server farm of Dutch “bulletproof hosting” company Cyberbunker in the tiny Rhineland-Palatinate town of Traben-Trarbach. The servers are located in an old NATO nuclear bunker. Six people were arrested in a restaurant in the town. I’m guessing the guys running the server farm on their lunch break? They are being charged with belonging to a criminal organisation and having aided and abetted “hundreds of thousands of cases of drug sales, money laundering, child pornography and the illegal trading of information”, as Golem is reporting (German). Apparently Cyberbunker had been hosting all kinds of criminal stuff on their servers, with the only requirement allegedly being that it wasn’t terrorism or child porn related. They advertised their service as being resistant against raids by state actors. Well…

US immigration authorities are using Google Translate to check the native language social media posts of refugees. I guess to decide if they are terrorists or not? I mean… What could possibly go wrong?

Richard Stallman: “On September 16 I resigned as president of the Free Software Foundation, but the GNU Project and the FSF are not the same. I am still the head of the GNU Project (the Chief GNUisance), and I intend to continue as such.” Let’s see how long that lasts. But then, the GNU Project is pretty irrelevant these days, if you think about it. Nobody might care.

Boeing and the FAA are in more trouble over the 737 Max. Yeah, right. I’m thinking the same thing: Is that even possible? Apparently, it is: “A whistleblower has claimed America’s Federal Aviation Administration misled investigators checking whether FAA personnel were fully qualified to sign off Boeing 737 Max training standards.” Wow. Just wow.

You know how Samsung introduced the Galaxy Fold, that foldable phone, and gave it to lots of journalists who reported it breaking immediately? They then went back to the drawing board and recently re-introduced it, saying they fixed the problem. How’s that working out, you ask? Let’s see… “My Galaxy Fold display is damaged after a day” – sounds familiar, doesn’t it?

Nintendo’s new Mario Kart for phones apparently nickels and dimes you for everything. That’s one to stay away from, then.

When people tell you “the science says” this or that, remember that there is never such a thing as “the science”. The scientific method works by dreaming up a theory, then devising experiments to check that theory – and very often – going back to the drawing board and reworking your theory because your results say you were wrong in the first place. A good example of how this plays out is the gas giant orbiting a red dwarf star known as GJ 3512 b, which is 31 lightyears out from our planetary system.

As this is the first Friday newsletter, I want to wish you a nice weekend and I’d like to tide you over with a song. So here’s the “Algo Prison Blues” from episode 1176 of the No Agenda podcast. Enjoy! And see you on Monday for more tech news!

Header image credit: Marcus P.