Author Archives: pappp

Ask HN: Are we building a tech dystopia?

Source: Hacker News

Article note: Yes.
Comments
Posted in News | Leave a comment

Google IoT Core will be discontinued on Aug. 16, 2023

Source: Hacker News

Article note: Oh look, google killing a product. And this isn't even the fist time around in that space for Google; they had that "Android Things" platform they rug-pulled a couple years back, and migrated everyone who didn't leave onto this one.
Comments
Posted in News | Leave a comment

Apple ad exec wants to more than double ad revenue with new ads across iOS

Source: Ars Technica

Article note: Isn't the supposed value proposition for Apple that you trade paying a premium to lock yourself into their ecosystem for their not selling your attention as their primary product?
Apple's HQ, as seen in Apple Maps.

Enlarge / Apple's HQ, as seen in Apple Maps. (credit: Samuel Axon)

Apple is looking into significantly ramping up its ads business, according to Bloomberg reporter Mark Gurman, and has already internally explored adding ads to the iPhone's Maps app, with other potential expansions also on the horizon.

The shift may be driven in part by a recent change within the company's reporting structure: Gurman wrote in his email newsletter this week that Apple advertising VP Todd Teresi began reporting directly to Apple services head Eddie Cue a few months back. He also wrote that Teresi plans to increase Apple's advertising revenue from $4 billion annually to billions in the double digits.

As Gurman notes, advertising is already a part of Apple's strategy, but it's limited in scope and to certain places. The most traditional advertisements you'll see in an Apple-made app are the ones in the Stocks and News apps. There, you'll see display ads just like those you see on news websites—both outside of stories and inside of them.

Read 7 remaining paragraphs | Comments

Posted in News | Leave a comment

$23 Million YouTube Royalties Scam

Source: Schneier on Security

Article note: It seems like ContentID is so abused it's hard to claim there are significant non-abusive function. It doesn't handle clear fair-use. It keeps being used for scams, both directly and for extortion. It screws up the functioning of the cultural commons.

Scammers were able to convince YouTube that other peoples’ music was their own. They successfully stole $23 million before they were caught.

No one knows how common this scam is, and how much money total is being stolen in this way. Presumably this is not an uncommon fraud.

While the size of the heist and the breadth of the scheme may be very unique, it’s certainly a situation that many YouTube content creators have faced before. YouTube’s Content ID system, meant to help creators, has been weaponized by bad faith actors in order to make money off content that isn’t theirs. While some false claims are just mistakes caused by automated systems, the MediaMuv case is a perfect example of how fraudsters are also purposefully taking advantage of digital copyright rules.

YouTube attempts to be cautious with who it provides CMS and Content ID tool access because of how powerful these systems are. As a result, independent creators and artists cannot check for these false copyright claims nor do they have the power to directly act on them. They need to go through a digital rights management company that does have access. And it seems like thieves are doing the same, falsifying documents to gain access to these YouTube tools through these third parties that are “trusted” with these tools by YouTube.

Posted in News | Leave a comment

Commercial Surveillance and Data Security Rulemaking

Source: Hacker News

Article note: I'm not hopeful that the process won't be captured by companies who have made enormous amounts of money off of exploitative data collection practices and/or private and governmental entities who like buying that data, but at least there's a plan for a plan to regulate.
Comments
Posted in News | Leave a comment

Horizon Linux: arm64 Linux patched to run programs for the Nintendo Switch

Source: Hacker News

Article note: Neat, someone rigged a syscall emulation layer for Switch OS calls on ARM64 Linux. There's some neat discussions with the Wine/Kernel folks about rigging seccomp or BPF to intercept Windows syscalls for WINE acceleration in the same manner, so it might be one of those things that comes in a self-supporting wave.
Comments
Posted in News | Leave a comment

A Taxonomy of Access Control

Source: Schneier on Security

Article note: This is very elegant, let's teach people to reason this way.

My personal definition of a brilliant idea is one that is immediately obvious once it’s explained, but no one has thought of it before. I can’t believe that no one has described this taxonomy of access control before Ittay Eyal laid it out in this paper. The paper is about cryptocurrency wallet design, but the ideas are more general. Ittay points out that a key—or an account, or anything similar—can be in one of four states:

safe Only the user has access,
loss No one has access,
leak Both the user and the adversary have access, or
theft Only the adversary has access.

Once you know these states, you can assign probabilities of transitioning from one state to another (someone hacks your account and locks you out, you forgot your own password, etc.) and then build optimal security and reliability to deal with it. It’s a truly elegant way of conceptualizing the problem.

Posted in News | Leave a comment

FTC aims to counter the “massive scale” of online data collection

Source: Ars Technica

Article note: The effort is commendable, but I'm not really sure how they realistically plan to put this genie back in the bottle.
FTC Chair Lina Khan said the commission intends to act on commercial data collection, which happens at "a massive scale and in a stunning array of contexts."

Enlarge / FTC Chair Lina Khan said the commission intends to act on commercial data collection, which happens at "a massive scale and in a stunning array of contexts." (credit: Getty Images)

The Federal Trade Commission has kicked off the rulemaking process for privacy regulations that could restrict online surveillance and punish bad data-security practices. It's a move that some privacy advocates say is long overdue, as similar Congressional efforts face endless uncertainty.

The Advanced Notice of Proposed Rulemaking, approved on a 3-2 vote along partisan lines, was spurred by commercial data collection, which occurs at "a massive scale and in a stunning array of contexts," FTC Chair Lina M. Khan said in a press release. Companies surveil online activity, friend networks, browsing and purchase history, location data, and other details; analyze it with opaque algorithms; and sell it through "the massive, opaque market for consumer data," Khan said.

Companies can also fail to secure that data or use it to make services addictive to children. They can also potentially discriminate against customers based on legally protected statuses like race, gender, religion, and age, the FTC said. What's more, the release said, some companies make taking part in their "commercial surveillance" required for service or charge a premium to avoid it, employing dark patterns to keep the systems in place.

Read 8 remaining paragraphs | Comments

Posted in News | Leave a comment

Meta starts testing default end-to-end encryption on Messenger

Source: Engadget

Article note: Now what entirely foreseen recent event could have suddenly caused them to do that? It couldn't have to do with the christian nationalist takeover of parts of our government subpoenaing them under our fucked-up third party doctrine to prosecute people for medical care?

Meta has long been working on end-to-end encryption for its messaging products, but so far, only WhatsApp has switched on the privacy feature by default. In its latest update about its efforts, Meta said it will start testing default end-to-end encrypted chats for select users on Messenger. Those chosen to be part of the test will find that some of their most frequent chats have been automatically end-to-end encrypted. That means there's no reason to start "Secret Conversations" with those friends anymore. 

The company is also testing secure storage for encrypted chats, which gives users access to their conversation history in case they lose their phone or want to restore it on a new device. To be able to access their backups through security storage, users will have to create a PIN or generate codes that they'll then have to save. Those two are end-to-end encrypted options and provide another layer of protection. That said, users can also opt to use cloud services to restore conversations — those with iOS devices, for instance, can use iCloud to store the secret key needed to access their backups. Meta will also begin testing secure storage this week, but only on Android and iOS. It's still not available for Messenger on the web or for unencrypted chats. 

Messenger
Meta

The other tests Meta is rolling out in the coming weeks include bringing regular Messenger features to end-to-end encrypted chats. It will test the ability to unsend messages and to send replies to Facebook Stories as encrypted chats, and it's also planning to bring end-to-end encrypted calls to the Calls Tab on Messenger. Ray-Ban Stories users will be able to send encrypted hands-free messages through Messenger, as well.

In addition, Meta is launching a new security feature called Code Verify, which is an open-source browser extension for Chrome, Firefox and Microsoft Edge. As its name implies, it can verify the authenticity of the Messenger website's web code and ensure that it hasn't been tampered with. As for Instagram, the company is retiring the app's vanish mode chats, which aren't encrypted, while also expanding ongoing tests for opt-in end-to-end encrypted messages and calls on the service. 

All of these are part of Meta's preparations as it works its way towards the global rollout of default end-to-end encryption for messages and calls on its services. It plans to launch even more tests and updates before its target rollout sometime in 2023.

Posted in News | Leave a comment

New study overturns 100-year-old understanding of color perception

Source: Hacker News

Article note: I don't feel like fighting my way to the full paper right now, but color perception is so fucky it would not surprise me *at all* if this adaptation was specific to the stride they used for their gradations.
Comments
Posted in News | Leave a comment