The Truth is my newsletter on tech news and policy. This is an archive of the issues of week 47 of 2019.


Get the newsletter delivered directly to your inbox every weekday. I promise I won’t send more than one email a day and you won’t get any spam from me. Sign up here:

powered by TinyLetter

The Truth: Magic The Gathering Account Leak, Oracle vs. Google Going to the Supreme Court, Free Internet from Labour

Monday, 18 November 2019

Very late newsletter from me today, I know; I apologise. I’ve been on the road most of the day. Anyway, here it is.

It looks like Oko, Thief of Crowns has turned some database admins over at Wizards of the Coast into elks. They uploaded an unencrypted database with the online account information of 452,634 Magic The Gathering players to a public AWS bucket. Included in this are real names, email addresses, usernames and hashed (and salted) passwords. About 470 accounts seem to be associated with Wizards employees, judging by their email addresses. Some of these accounts date back to 2012, suggesting at least a number of them belong to Magic Online rather than Magic The Gathering Arena, although some accounts seem to be newer as well. Techcrunch, which is reporting on the incident, is saying Wizards believes “that this was an isolated incident and we have no reason to believe that any malicious use has been made of the data.” Wizards said they will notify the effected players. They’ve also banned Oko.

HP has turned down Xerox’ takeover bid: “Our Board of Directors has reviewed and considered your unsolicited proposal dated November 5, 2019 at a meeting with our financial and legal advisors and has unanimously concluded that it significantly undervalues HP and is not in the best interests of HP shareholders.” They’re not entirely opposed to a merger, it seems; just not on those terms. In fact, HP’s letter also includes the following passage: “We recognize the potential benefits of consolidation, and we are open to exploring whether there is value to be created for HP shareholders through a potential combination with Xerox.”

Nvidia seems to be bouncing back from what The Register calls “the ill-conceived and costly error of doubling down on the crypto-market”. Turnover is down 5% year-over-year, but up 17% from the previous quarter. And notably it’s better than the stock market’s predictions. Unsurprisingly, this is mostly down to gamers. I’m kinda thinking the fact that the crypto guys bought so many GPUs that gamers were left in the lurch had something to do with the decreased sales. The moral of the story: Always know who your customers actually are.

The UK Labour party is saying it wants to give everyone in Britain free broadband internet access by 2030 if it wins the election. How are Corbyn and his mates planning to do this? By partly nationalising BT (and presumably renaming it back to British Telecom). Experts seem to think that this retro 1980s move would not go down well, The Register quoting an analyst as saying: “This is a spectacularly bad take by the Labour Party. The almost cut throat competition between broadband rivals has meant faster speeds, improved coverage and lower prices for consumers up and down the country. The current government, and independent regulator Ofcom, have spent the last three years incentivising alternative operators to BT to deploy faster fibre technologies. Companies such as Virgin, CityFibre and others have committed billions to rival Openreach. Those plans risk being shelved overnight. Only one other country in the world has come close to going down this route, and for a good reason – it’s hard, expensive and fraught with difficulty. Australia’s NBN is years late, massively over budget and offering speeds and technology a fraction of the original political intention.”

Looks like the Oracle vs. Google fight over Android and Java is finally going to be decided. The US Supreme Court has decided to hear the case. The case has being going on for nine years and has huge ramifications for programming in general as it is basically going to create a precedent if APIs are copyrightable or not. The Register sums up a short history of the proceedings so far: “Google won the first ruling on the case in 2012, only to have that decision overturned in 2014. The Chocolate Factory again prevailed in the 2016 jury trial, but that decision got tossed in 2018 by a circuit court. Now, following an appeal from Google, the nation’s top court will hear the case and decide whether to uphold the circuit court decision or strike it down.”

The Truth: Google Stadia launches, US Telcos Get an Extension for Their Huawei Gear, Microsoft Adopts DoH

Tuesday, 19 November 2019

Well, I’m a bit earlier with the newsletter today… There’s also quite a lot of things happening in the tech world at the moment, so here’s an overview. Especially these DNS over HTTPS developments with Windows are something to keep an eye on, I think.

There’s yet another bugfix update for iOS devices; version 13.2.3 has just been released. Executive summary via Engadget: “This one gives iPads and iPhones fixes meant to address issues with the built-in Mail, Files and Notes apps, as well as a problem that could stop apps from downloading information in the background – Apple didn’t mention any fixes for security issues.”

Apple has also finally seen the light and has reverted to its pre-2016 keyboard design for notebooks, ie. the one that wasn’t totally fucking broken. Took them long enough…

If you are still running an old Pentium-based desktop machine with an Intel board, you might want to consider upgrading now, because Intel is discontinuing older driver and BIOS updates. The Register has more details on this.

Google’s gaming service Stadia is launching today. TL;DR from The Verge: “If you’re expecting it to look or work as well as a high-end gaming PC or even a high-end game console, or if you’re hoping for a killer app, you may come away disappointed. But the overarching reaction I had while playing Stadia was the same I have with half-decent headphones: I’d happily keep playing if I wasn’t already spoiled.” So apparently it’s the best of these streaming services to ever come around – which, to be honest doesn’t count for much – but pretty much any other gaming platform is still superior. I would also caution anyone wanting to try this: Better make sure you have a good internet connection. From my own experiences I can tell you that testing setups of tech journalist nerds don’t line up well with the experience of everyday users.

Microsoft has announced that it will adopt the name resolution security and privacy protocol DNS-over-HTTPS (DoH): “We are making plans to adopt DNS over HTTPS (or DoH) in the Windows DNS client. As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future. For now, we’re prioritizing DoH support as the most likely to provide immediate value to everyone. For example, DoH allows us to reuse our existing HTTPS infrastructure.” The idea of DoH is to prevent other people from seeing which internet addresses you visit. This isn’t without controversy, though, as ISPs for example might have reasons to do so – for example if they are required by law to filter certain content. It is also under fire because the company providing the DoH-enabled DNS servers still gets to collect that data – which in the case of, say, Google clearly isn’t a privacy win. Microsoft says it wants to avoid this by allowing its users to chose which DNS provider they use. They’ll probably collect this data with their own servers by default, though.

The US government has given the country’s telecoms providers an 90-day extension on the trade restrictions with China, allowing those companies to use Huawei equipment for the time being. “According to Secretary of Commerce Wilbur Ross, the stay was necessary because a number of small, regional telcos still rely on Huawei kit for their day-to day-operations, making it necessary for some suppliers to continue to work with the Chinese company”, The Register reports. If the US and China don’t finalise their trade deal until then, telcos will now be able to use Huawei gear until February 16, 2020.

In other geopolitical tech news, the Irish seem to be the clear Brexit winner when it comes to sever, storage and networking sales. UK sales went down 14% in Q3 of this year, generally in line with shrinking sales in the EU. Irish distributors managed to rake in a 26% increase in sales, though. In the previous quarter, Irish sales even jumped by 34.8%.

The Truth: Google Criticised for Stadia Launch, Monero Binaries Included Coin-Stealer Trojan, Rape Allegations Against Assange Dropped

Wednesday, 20 November 2019

I got a bit sidetracked today by Red Dead Redemption 2 after I finally got it to run properly on my PC. I managed to tear myself away long enough to review some tech news for you, though.

“Thousands of Oracle E-Business Suite customers are vulnerable a security bug that can be exploited for bank fraud.” The reflected SQL injection vulnerabilities CVE-2019-2633 and CVE-2019-2648 allow attackers to send arbitrary commands to vulnerable EBS servers, provided they can access them via HTTPS. The Register sees some bank fraud in the making: “While this flaw is dangerous to EBS as a whole, it is particularly bad for servers that use the Payments module included with the suite. The Payments tool allows companies to set up and schedule direct deposits and automatic money transfers to suppliers or partners as well as handle invoices and orders. The bank routing and account numbers for transfer orders are kept on the server as text files and automatically loaded when needed. You can guess where this is going. An attacker who exploited either of the SQL injection flaws would be able to remotely modify those transfer order files to include instructions to move cash to an account of their choosing. Instant bank fraud.”

Mozilla is drastically expanding its bug bounty program.

Google seems to be having a rough launch with its cloud gaming platform Stadia. The Verge is reporting that many early adopters aren’t receiving the codes to activate their accounts and are thus missing out on getting the username they wanted oh so badly. “On June 6th, Google opened up preorders for the $130 Founder’s Edition of its Stadia cloud gaming service, promising those buyers would be the first to experience the future of gaming – and reserve a unique username. Though Stadia went live on November 19th, many buyers are still reporting they haven’t received the most crucial piece of the entire Stadia package: the invite email that opens the door to actually let them in.” Not a good look for Google.

AR outfit Magic Leap has lost its creative director and chief financial officer. This whole VR/AR ship is sinking fast now.

More trouble with drones at Gatwick: “Two airline pilots reported a near-miss with a drone while just 30 seconds from touchdown at London Gatwick airport earlier this year, an official report has revealed. Both the captain and first officer of an Airbus A320 landing at Gatwick in the evening of 8 July this year saw the errant drone, which the first officer said he recognised as a DJI Inspire quadcopter.”

Monero, known pretty much as the crypto currency of choice for criminals and thus the currency most often used by mining trojans, has had its official wallet binaries compromised. Someone snuck Monero-stealing code into their downloads, which to be honest is pretty ironic. The Next Web reports: “Although the investigation is ongoing, core developers for the project have issued an update confirming that the binaries of the CLI wallet had been compromised for a short time.” The developers warn: “If the hashes do not match, do NOT run what you downloaded. If you have already run them, transfer the funds out of all wallets that you opened with the (probably malicious) executables immediately, using a safe version of the Monero wallet (the one online as we speak is safe – but check the hashes).”

Microsoft, IBM, the Linux Foundation and the Open Innovation Network (OIN) have kicked off the anti-patent-troll initiative they’d announced a while back. “Specifically, the group will help fund the Open Source Zone of Unified Patents, an organisation which provides legal services to deter unsubstantiated or invalid patent assertions.” Apparently the currently ongoing litigation against the GNOME Foundation was not the reason to pivot the OIN in this direction. “GNOME is just a further reinforcement of the fact the threat exists. It wasn’t a motivating factor, this has been in the works for a year and very directly for five months. These things take time to put together.”

Sweden has dropped the rape investigation into Assange. The Register reports: “Deputy director of public prosecutions Eva-Marie Persson told journalists that the case against Assange had been discontinued, around seven years after allegations were first made against him by two complainants related to incidents that allegedly took place in August 2010.” Of course, “Assange remains an involuntary guest of HM Prison Belmarsh in southeast London, with American prosecutors seeking his extradition and trial on a charge of conspiracy to commit computer intrusion for agreeing to break a password to a classified US government computer. The Australian was remanded in custody as a flight risk, being refused bail, after famously entering Ecuador’s London embassy to evade the British justice system. That little stunt cost his rich backers more than £90,000 in forfeited bail sureties – and eventually earned him a 50-week prison sentence once British police captured him. He faces a full extradition hearing at Westminster Magistrates’ Court in February 2020, with the inevitable appeal probably being heard at the High Court in the second half of next year.”

The Truth: Apple This, Apple That and Some Exploding Elon Musk Products

Thursday, 21 November 2019

Howdy, folks! Reporting in from my cosy spot at a campfire just outside the little cattle town of Valentine to keep you appraised of the tech news of the day. Here we go!

A security vulnerability in Docker’s cp command (CVE-2019-14271) can be used to gain root rights if the attacker can trick the user to run malicious containers.

British Airways is not having much luck with computers lately. “An unspecified computer system crash has meant some of BA’s fleet has been grounded for hours and counting – it seems to be largely an inbound flight issue. Long-haul flights appear to be have been the worst hit, giving a hint about the cause of the problem.” It seems to be something to do with administrative computer systems on the ground at airports, in some cases preventing the airline to issue flight plans to its pilots. The Register’s article on this is worth a read, if only for the exploits of staff writer Richard Speed, “the unluckiest hack on the planet”.

Don’t get a Ring doorbell. Just don’t. Unless you’re happy with the police being stationed in you house 247, because that’s basically what it amounts to. Money quote: “Amazon’s camera-infused doorbell biz Ring offers virtually nothing in the way of privacy or civil-rights protection for the surveillance video it collects and shares with police.”

Apple is reportedly going to improve its QA process after the bug-ridden releases of iOS recently. It’s really been a mess: “When the company’s iOS 13 was released alongside the iPhone 11 in September, iPhone owners and app developers were confronted with a litany of software glitches. Apps crashed or launched slowly. Cellular signal was inconsistent. There were user interface errors in apps like Messages, system-wide search issues and problems loading emails. Some new features, such as sharing file folders over iCloud and streaming music to multiple sets of AirPods, were either delayed or are still missing. This amounted to one of the most troubled and unpolished operating system updates in Apple’s history.” How about Rockstar Games doing the same thing? I think the recent PC release of Red Dead Redemption 2 warrants it.

Apple has also cancelled the premiere of its Apple TV+ exclusive Samuel L. Jackson movie “The Banker”. It was scheduled to be shown in LA at the American Film Institute Festival. The Hollywood Reporter is saying Apple cancelled the movie because of sexual assault allegations. A co-producer, and son of the real-life inspiration for the movie’s main character, is been accused by his much younger half-sisters of having molested them for years. The man, who was “initially billed as a co-producer of The Banker, was supposed to be one of its faces, along with stars Samuel L. Jackson and Anthony Mackie, during the film’s press tour.” But since appearing on stage at an industry event on 5 November, his “credit has disappeared from publicity materials, further appearances have been canceled, and on Wednesday the film’s Thursday night AFI Film Festival premiere was scrapped by Apple.”

You want more Apple news? Sure, here you go: The company is whinging that it’s actually losing money on those horrendously expensive repairs at the Apple Store. Which isn’t true. And even if it was, the company made $60 billion in profits last year, so it’s a bit rich to complain even if they were losing money on their repairs. Gotta go with The Register on this one: “You don’t get to be the world’s biggest corporation without wringing every last cent out of people while telling them you’re doing them a favor.”

Some scientists at USC have developed software for robots to automatically build IKEA furniture. For now it’s only a simulation, but might become real at some point. Finally a sensible use for AI!

What happens when you total your Tesla? Well, it turns out that is only the beginning of your problems …because these things have a tendency to keep re-igniting and the batteries in the wreck are classed as toxic waste. Austrian public broadcaster ORF is reporting (German) on a guy who crashed his Tesla and had to wait for more then six weeks for specialists from the company to show up and dispose of the wreck. Special waste removal companies who were tasked with dealing with the batteries didn’t have the appropriate licenses and simply don’t know what exactly is in there, it seems. Tesla, on the other hand, wasn’t able to send anyone until now. Meanwhile, the wreck of the car has been sitting in the lot of a towing service. The fire brigade had initially stored the car for three days in a special cooling container to prevent the batteries from re-igniting after they’d put out the fire after the crash. Madness.

In other Elon Musk company news, SpaceX’s Starship prototype has exploded during a test: “SpaceX’s first partially-assembled Starship vehicle, originally built for atmospheric test flights, ruptured in dramatic fashion Wednesday during a cryogenic loading test at the company’s launch facility in South Texas. A cloud of cryogenic fluid, possibly oxygen or nitrogen, erupted from the top of the vehicle, and video captured by nearby spectators appeared to show the upper tank bulkhead launching hundreds of feet into the air before falling to the ground near the Starship test stand.”

The Register has an in-depth report on the sale of the .org domain name registrar to a for-profit equity group that’s well worth reading.

The Truth: Apple for 5G, Xerox Threatening Hostile Takeover of HP, Microsoft Selling to Huawei Again

Friday, 22 November 2019

How are you all doing? I hope you’re well. I’m once again here to bring you a selection of interesting tech news to save you from having to wade though all the crap that’s being propagated out there on your own. This is the last newsletter for this week, of course, but I won’t pick it back up immediately on Monday. I’m away on an short holiday break starting this weekend, which means it will be a few days until the next issue of The Truth. So don’t worry if you don’t hear from me for a few days. Here’s what’s been going on in the news today.

Microsoft is allowed to sell software to Huawei again, Reuters says. “The administration of U.S. President Donald Trump said this week it would allow some suppliers to restart sales to the Chinese telecoms giant, which was placed on a trade blacklist over national security concerns six months ago.” The story doesn’t mention there being any time limit on these licenses, so I guess this is different from the 90-day extension for telecoms providers I reported on in my Tuesday newsletter.

Meanwhile, Trump wants Apple to start producing 5G telecommunications infrastructure for the US, Reuters is reporting. Yeah, because Apple is well known for producing telco infrastructre. I mean, iPhones are basically telco infrastructure right? And those are made in the US, right? I don’t get it… Why didn’t he ask Cisco? At least those guys know how to build routers and wireless access points… Can’t make this shit up.

Lot’s of name changes being suggested or undertaken in the open source world right now. The newest candidate is Docker. Its core open source project was renamed to Moby a few years back. Now that the company is in trouble, there have been suggestions from the community to revert the name change: “Considering the recent news of spinning off Docker Enterprise and the refocusing of the company on developers I personally feel as though Docker needs to move back to its original home of github.com/docker/docker.” So far, it has not been addressed by the company in any official capacity, but the guy who was CTO back when the original change happened has chimed in to defend the move. He isn’t really refuting the arguments for changing the name back, though. If anything, his points underscore the proposal somewhat.

The thing between Xerox and HP is now getting more serious. Xerox is now threatening a hostile takeover of HP: “An open letter to HP’s board posted on Thursday demands that the printer and PC arm of the legendary technology biz agree to enter the next phase of merger talks or face a share buyout campaign. In other words, unless HP agrees to move forward with the merger proposal, Xerox will go directly to its shareholders and buy enough of a stake in HP to oust the board entirely and put its own people in charge.”

Speaking of takeovers… The takeover of the .org registrar by a for-profit company has been approved and has already taken place. It’s a done deal. But there’s now a change.org petition to stop it. Oh good! That will solve it!

Apparently, digital radio waves travel faster than analogue radio waves. At least that’s what DAB radio maker Halfords is claiming: “Digital transmissions contain more information than conventional FM/AM, thanks to the super-fast wavelength of around 220 MHz in the UK, compared to the 75KHz or so wavelength of analogue FM/AM radio broadcasts.” Nice catch by The Register.

I’m leaving you with a song by Sting from 1985 for the weekend. Some very smart lines in that one which are as poignant today as they were back then. See you in a few days.


Header image credit: Marcus P.