The Truth is my newsletter on tech news and policy. This is an archive of the issues of week 42 of 2019.

Get the newsletter delivered directly to your inbox every weekday. I promise I won’t send more than one email a day and you won’t get any spam from me. Sign up here:

powered by TinyLetter

The Truth: Trade Deal with China, Merkel Defends Huawei, Google Hands Over AMP

Monday, 14 October 2019

Hello and welcome to a fresh week here with The Truth. I apologise for being somewhat late today, but I had a very busy day. Anyway, here’s some tech news you might find interesting. Lots of German stories today for some reason.

The next version of Windows 10 will be called the “November 2019 Update”. And, if The Register is to be believed it might even arrive before November. Which would be in character for Microsoft which has had problems in aligning the names of the releases with the actual release months in the past.

Looks like Trump might actually getting somewhere on a trade deal with China. This might spell an end to the trade war that’s keeping the hardware side of the tech world awake at night. Of course, most of the press is saying it’s all lies from the President. But they would say that even if it wasn’t. As far as I can see, pretty much everyone is all in on anti-Trump rhetoric all the time. And I’m not quite sure how the New York Times or Bloomberg could even know any specifics on the deal. What I’m reading from them certainly doesn’t convince me, it’s too heavy on opinion and way too light on facts. I personally think Trump might actually have gotten somewhere with his pressure on the Chinese. The negotiation strategy seems solid, at least: “A bigger trade deal will come over time in three stages, according to Mr. Trump, with more divisive issues to be addressed later.”

Speaking of the trade war, in Germany the Chancellor herself intervened in plans to exclude Huwawei from 5G networks in the country. Originally, policy papers from the governmental network regulation agency Bundesnetzagentur (BNetzA) had stipulated that only “hardware from trustworthy suppliers” could be used in building and maintaining networks in Germany. Merkel is said to have removed this clause now (German) because, according to press reports, this might have excluded Huawei from supplying tech. I really don’t see how Huawei is a more trustworthy supplier than, say, Cisco. Unless being spied on by the US is OK and only Chinese espionage is horrible. Seeing that Germany isn’t part of the Five Eyes, I would think both cases were undesirable. And since there’s no hard evidence that Huawei is actually putting backdoors in their equipment, I think Merkel is totally right to intervene as she apparently did. If that changes, we just need to rip the hardware out after the fact. As we should do with any other tech, no matter were it was made, if we have hard evidence that it has backdoors that are being used to spy on us.

A developer of mail software is warning people of Apple’s latest macOS release. It looks like those 32-bit problems weren’t the only thing Apple broke with Catalina. Case in point: “Updating Mail’s data store from Mojave to Catalina sometimes says that it succeeded, but large numbers of messages turn out to be missing or incomplete. Moving messages between mailboxes, both via drag-and-drop and AppleScript, can result in a blank message (only headers) on the Mac. If the message was moved to a server mailbox, other devices see the message as deleted. And eventually this syncs back to the first Mac, where the message disappears as well.” Ooops. So much for “it just works”.

In Germany we have this uniquely German thing I like to call Verbotskultur. We love to ban things. On the forefront has always been the Bundesprüfstelle für jugendgefährdende Medien (BPjM), which in the past has outlawed video games for having too much blood or swastikas in them. I’d thought we’d be over this puritan crap, but now there’s a new thing people can get upset about: gambling in video games. It’s the new cool thing we should make verboten! And who should be riding that particular horse? Of course, it’s Jan Böhmermann! Everyone’s favourite comedian-turned-savior. He’s talked about an app called Coin Master on his show, which apparently simulates slot machines and targets children. Won’t somebody think of the children? Well Jan did, and now the BPjM is looking into a ban, which everyone is very happy about (German). Heise is already throwing NBA 2K20 up as a next candidate (German), because loot boxes. Great. I mean, Heise of all people, should see where this is going. Because what we need in Germany is more bans. We definitely don’t have enough of those.

Google’s controversial AMP project is being handed over to a subsidiary of the Linux Foundation. The Register has the details: “Google is a platinum member of the OpenJS Foundation and its parent The Linux Foundation – meaning it provides significant financial support – so the advertising giant can still be expected to have some influence over AMP governance. While placing the technology in the hands of a foundation is a positive move, it does not change the way Google can prioritize AMP pages in search results, and therefore ensure that publishers have to support the standard.”

We have lost cosmonaut Alexei Leonov, the first human to ever go on a spacewalk. And that first spacewalk was a doozy: “Leonov’s pressurised suit had ballooned in space, becoming rigid to the point where he was unable to re-enter the airlock. He was forced to reduce the pressure of his suit below safety limits in order to get back some flexibility in the joints and eventually rejoin Pavel Belyayev in the capsule. Naturally, as soon as things began to go south for Leonov, the authorities cut all transmissions from the spacecraft, replacing them with recordings of Mozart’s Requiem, usually reserved for when a senior politico had died, but before an official announcement was made.” He also landed the damn spaceship on manual, because the automatic guidance system crapped out. At 10 Gs. And then spent two night in deepest Siberia before skiing to safety. Oh yeah, and he painted in space. They don’t make ‘em like this anymore.

The Truth: Sudo and Python Bugs, Libra Incorporated, 5G Scare

Tuesday, 15 October 2019

Hello again! Today, we have some news of a rather dumb problem with Python if you are trying to do science and some stories on smart refrigerators and Facebook’s Libra project.

If you use sudo on Linux to allow users to run commands as any other user except root, you might want to look into CVE-2019-14287: “When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.” Why would you want to set up sudo in such a way, you ask? I have no idea!

I will also never understand why you would buy a smart refrigerator. What amazing feature could it possibly have that make up for its software being horribly insecure and just waiting to be hacked? The Register has spotted one such device from Samsung in a shop, complete with embarrassing certificate errors.

Apparently, if you run the same Python script on different operating systems, it can produce varying results. Which is rather alarming if you are trying to do scientific experiments with it. “There’s actually a problem with the code, to the point that it depends on which computer you’re using.” It turns out that this is due to underlying system call implementations. The guys writing the original Python scripts should have protected them against this.

Despite lots of criticism and the threats of several governments who don’t want Facebook to create its own currency, the Libra project has moved to incorporate its government structure. Andreessen Horowitz, Coinbase, Lyft, Spotify, Uber and Vodafone – among others – are on board. Additionally, “1,500 entities have indicated interest in joining the Libra project effort, and approximately 180 entities have met the preliminary membership criteria”. Founding members PayPal, eBay, Visa and Mastercard had jumped ship recently. The project is based in Switzerland.

The city of Brighton and Hove in the UK has blocked the building of 5G masts based on a petition citing health problems like “increased cancer risk, cellular stress, increase in harmful free radicals, genetic damages, structural and functional changes of the reproductive system, learning and memory deficits, neurological disorders and general negative wellbeing in general on humans” that 5G is supposedly causing. A shame that there seems to be absolutely no scientific basis for any of this. As The Register remarks: “The latest victory in the battleground against common sense”.

The Truth: Adobe Patches, Docker Outage, Google Kills its VR Headset

Wednesday, 16 October 2019

Welcome to this week’s hump day edition of The Truth. As always, I’ve read all the tech news so you don’t have to. Here’s the important stuff:

It turns out that Adobe not having any patches on Patch Tuesday wasn’t down to them not having anything to fix. The patches were simply late. The company has now emitted security updates that address 67 different CVEs. Adobe Acrobat, Reader and Experience Manager are affected.

Symantec brought the blue screen of death back to Windows yesterday, as its Endpoint Protection Client caused an exception in the kernel for some users. The problem has now been fixed with signature version 2019/10/14 r62, they say.

Meanwhile, Cisco’s security group Talos has updated its rules for the network analysis tool Snort. There are 76 new rules, including for the big vBulletin vulnerabilities I’ve been reporting on recently.

Google is discontinuing its virtual reality headset Daydream VR. “Following the company’s annual hardware event today, Google confirmed that the Pixel 4 and Pixel 4 XL do not support the VR platform.” VentureBeat says this is because phone-based VR is dead. I think VR in general is pretty much dead. If it ever was alive.

In the ongoing controversy of tech companies taking money from the notorious U.S. Immigration and Customs Enforcement (ICE) agency, GitLab has said it’s fine with it. “We do not discuss politics in the workplace and decisions about what customer to serve might get political. Efficiency is one of our values and vetting customers is time consuming and potentially distracting”, says GitLab co-founder and CEO Sid Sijbrandij. The Register, meanwhile, is comparing this to IBM providing technology to the Third Reich.

Amazon has moved its last internal database from Oracle to its own AWS service. “75 petabytes of internal data stored in nearly 7,500 Oracle databases were migrated”, according to The Register. There are still “some third-party applications” that they can’t migrate because they are too tightly integrated with Oracle, though. Database market share by revenue has Oracle leading in front of Microsoft’s SQL Server and AWS in third place.

Something, something, Fortnite

“Twitter says it will restrict users from retweeting world leaders who break its rules. The social media giant said it will not allow users to like, reply, share or retweet the offending tweets, but instead will let users quote-tweet to allow ordinary users to express their opinions”, TechCrunch is reporting. Well, at least they aren’t deleting these tweets. Aside from it being debatable if Twitter’s rules should have precedence over the right of people to inform themselves on the net and the ability of world leaders to share their viewpoint, their rules are pretty arbitrary anyway. And their history of enforcing these rules is even more arbitrary.

There was an outage at Docker on Tuesday morning. After the container registry went down and was later fixed, its web portal started having problems. “Docker has been unable to say what exactly the cause of the outage was.”

The german edition of Technology Review is reporting that with all these satellites that everyone (Elon Musk, Airbus, Facebook and Amazon among others) is shooting into orbit, the available radio frequencies are getting sparse. To minimise interference, satellites have to pause their transmissions regularly, as the sky gets fuller and fuller and they keep passing each other in orbit. The competition for the usable spectrum is, apparently, getting tougher and tougher – with large companies naturally being able to outbid other players. The International Telecommunication Union, responsible for regulating radio communications on earth and in orbit, oversees both the frequencies as well as placements of satellites, but companies also need to clear launches with local agencies of the countries the satellites are flying over. It’s becoming a big mess up there.

Speaking of space, NASA has unveiled its future space suit designs. The shoes look suspiciously like Nike sneakers.

The Truth: Foldable ThinkPads, Losing and Making Money in the Linux World, The Smart Rosary

Thursday, 17 October 2019

Welcome to The Truth, your daily source of tech news, delivered right to your inbox! Today I’m sending you the last newsletter for this week, even though it’s only Thursday. Indeed, this will be the last edition of The Truth for a week and a bit as I’m on the road for the next couple of days and will be too busy to keep up with the news. I’ll be back, though, don’t worry! But without further ado, here’s what’s been happening:

There’s a pretty bad bug in Windows Server 2019 that you might run into if you use VMware: “A compatibility issue between VMware’s ESXi hypervisor and Windows Server 2019 will leave some customers unable to safely snapshot their virtual machines.” VMware’s workaround for the underlying problem causes an issue where the VM snapshot might not be saved completely. The Register says there is currently no solution from VMware and you might just be stuck with this problem unless you use an expensive third party product.

Thirty years ago today, the first Australian computer worm WANK (Worms Against Nuclear Killers) spread across DECnet, infecting DEC VMS machines. It was coded not to infect systems in New Zealand. To this day there are rumours that Julian Assange was involved.

Meanwhile, in modern hacker news, the group that allegedly was behind the DNC hack (Cozy Bear / APT29) is said to have infiltrated the embassy of an unnamed EU country in Washington, DC. Two other unnamed EU countries were also targeted, presumably on home soil. This was discovered by the security company Eset, wo says that “APT29 has used Twitter and Reddit to host its command-and-control URLs and also employs steganographic techniques.” After the DNC hack, the group seems to have gone quiet for a while. “Linked to Russian intelligence by just about everyone (except Eset, oddly), APT29 cracked the DNC’s servers by using a SeaDaddy implant developed in Python and compiled with py2exe and another Powershell backdoor. That was then deployed through a variety of remote access tools – and less sophisticated methods, as former US presidential hopeful Hilary Clinton’s campaign manager, John Podesta, found out to his cost.” The whole DNC hack story came up again recently because it is believed that Trump asked about a server involved in the DNC hack – which was, among others, investigated by the security company CrowdStrike – in his much-discussed phone call with Volodymyr Zelensky. In the transcript released by Trump, he’s seen asking about a server connected to the company which he says is in Ukraine (“they say CrowdStrike […] The server, they say Ukraine has it”).

Lenovo is working on a foldable ThinkPad. Well, more foldable than a normal ThinkPad. I think what they mean, mostly, is that it’s one massive screen. Why do they still call it a ThinkPad, when it’s basically a tablet? I have no idea… And there are many more unanswered questions.

Canonical, the makers of Ubuntu Linux, has filed its financials for its previous fiscal year (this, due to some changes, was a 9 month long period) which ended at the end of March. In spite of a $99 million turnover, the company is reporting an operating loss of almost $9 million for the year. Phoronix is reporting that the main company reduced its employee count from 443 to 385 people, why the holding that owns it grew from 427 to 437 employees. They are also speculating about a “possible IPO in the next few years”. Me, I think they’re still looking to get acquired. I think the fact of the company never in its history having made a profit wouldn’t make for a successful IPO storyline. But what do I know?

Speaking of Canonical and Ubuntu, the new version of the Linux distro is out today. In keeping with its horrible code name traditions, Ubuntu 19.10 is called “Eoan Ermine” and will be supported until July of 2020. “Based on the Linux 5.3 kernel, Ubuntu 19.10 comes with an updated developer toolchain including GCC 9.2.1 and most packages have been compiled with additional GCC hardening options enabled for improved security. The default desktop is GNOME 3.34.” There are also more Snap packages all over the distro. Chromium, for example, is only available in the new packaging form because it makes it easier for the developers to update the software.

Meanwhile, in sharp contrast to Canonical, Red Hat is raking in the money for IBM: “revenues were $371m, up 19 per cent”. The rest of IBM is not as hot, though. “Revenues of $18bn were down 3.9 per cent from $18.8bn in Q3 FY2018, and short of the $18.2bn analysts had forecast. That makes this latest quarter the fifth in a row of shrinking revenue.”

“The Pope’s Worldwide Prayer Network has introduced a new way to engage young people in a traditional prayer: a smart rosary. Innovative, app-driven and full of valuable religious content, the Click To Pray eRosary device aims at praying for world peace.” No, I’m not making this up. The Vatican has actually released an internet-connected prayer device. So it’s now a lot easier to pray for peace in the world. Well, in that case, I guess we can all stop worrying. It’s all gonna be OK.

That’s it for The Truth for a while. Hopefully, you should get the next email from me on 28 October. See you then!

Header image credit: Marcus P.