Category Archives: News

Shared items and notes from my feeds and browsing. Subscribe as feed.

OpenSSH introduces options to penalize undesirable behavior

Source: Hacker News

Article note: Ooh! More ore less built in Fail2Ban with some sense of IP ranges. Not a magical security panacea, and with some attractive nuisance foot cannons, but given the fraction of automated attack traffic I see that comes from "specific providers and regions" you could get a _lot_ of mileage out of a pretty simple configuration, which is how all good tools work.
Comments
Posted in News | Leave a comment

Microsoft blocks Windows 11 workaround that enabled local accounts

Source: OSNews

Article note: The last couple times I've set up a Windows install that I didn't want coupled to an online account I've used a sophisticated process called "disconnecting it from the network until the install is complete." which will be really hard to disable without making air-gapped Windows machines impossible. (...and this is usually for verifying new hardware that ships with Windows before blowing it away to install something more useful.)

Before PC users can enjoy everything Windows 11 has on tap, they must first enter an e-mail address that’s linked to a Microsoft account. If you don’t have one, you’ll be asked to create one before you can start setting it up.

A frequently used trick to circumvent this block is a small but ingenious step. By entering a random e-mail address and password, which doesn’t exist and causes the link to fail, you end up directly with the creation of a local account and can thus avoid creating an official account with Microsoft.

↫ Laura Pippig at PCWorld

Microsoft has now “fixed” this trick, and it’s no longer possible to use it. The other popular method of circumventing the Microsoft account requirement, by opening the command prompt during installation and running OOBE\BYPASSNRO, still works, but one has to wonder how long it’s going to take before Microsoft plugs that method, too. It seems the company is hell-bent on getting every consumer onto the Microsoft Account train, come hell or high water, so I wouldn’t be surprised seeing local accounts eventually being positioned as a “pro” or even “enterprise” feature that will simply no longer be available on consumer PCs.

I don’t think there’s anything inherently wrong with offering an online account option, but the keyword here is option. You should always be able to set up any computer to run with a regular old local account, even if only because internet access isn’t always a given in many places around the world. Add the obvious privacy concerns to that – an issue amplified by Recall – and I doubt users’ desire to run a local account and jump through hoops to do so will fade any time soon.

Posted in News | Leave a comment

The US doesn’t make bicycles anymore — here’s how to change that

Source: The Verge - All Posts

Article note: This actually sounds pretty reasonable and not likely to just make bikes more expensive and less accessible. Adjust the tariff structure to make it cheaper to import components than completes to onshore at least part of the process, up regulatory scrutiny on bike imports (good on its own to address sketchy ebikes).
Photo by Mu Yu / Xinhua via Getty Images

Good luck finding a bicycle — an especially an e-bike — made in the US.

It only took 30 years for the US to lose its entire bike manufacturing industry. China dominates global bike manufacturing, with imports accounting for 97 percent of bikes purchased in the US, according to one report. Indeed, China has captured some 86.3 percent of the US bike market. And now tariffs threaten that market.

Congressman Earl Blumenauer sees an opportunity. The 75-year-old Democrat from bike-friendly Portland, Oregon, is introducing a new bill that aims to re-shore domestic bike manufacturing by stealing it back from China while also helping protect electric bikes from high tariffs that could put them out of reach for many Americans.

Continue reading…

Posted in News | Leave a comment

PSA: If you’re a fan of ATmega, try AVR Dx

Source: Hacker News

Article note: Oh neat. I've always liked AVRs, and still use the ATmega32uN parts as USB interfaces pretty often, didn't know there were any new products in the family.
Comments
Posted in News | Leave a comment

Photoshop ToS grants Adobe access to user projects for ‘content moderation’

Source: Hacker News

Article note: This week on "Stallman was Right" - All the content you work on in your now exclusively available as a service professional graphics software is automatically licensed to the vendor.
Comments
Posted in News | Leave a comment

Debian’s /tmpest in a teapot

Source: Hacker News

Article note: I've been running like this for quite a while because it's the default on arch and systemd, but I had to change some habits because /tmp used to be in part scratch for shit that would be a problem to fit in RAM.
Comments
Posted in News | Leave a comment

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned

Source: Ars Technica

Article note: It takes some advanced incompetence to make something that seems like a terrible idea at a glance, then just keeps getting worse the more you look. It's like a supercharged Sub7 (an old trojan that kind of prestaged modern malware) built right into the OS. The ill-conceived executive FOMO AI rollouts going on across the tech industry are really destructive dumb-herd-animal behavior.
The Recall feature as it currently exists in Windows 11 24H2 preview builds.

Enlarge / The Recall feature as it currently exists in Windows 11 24H2 preview builds. (credit: Andrew Cunningham)

Microsoft’s Windows 11 Copilot+ PCs come with quite a few new AI and machine learning-driven features, but the tentpole is Recall. Described by Microsoft as a comprehensive record of everything you do on your PC, the feature is pitched as a way to help users remember where they’ve been and to provide Windows extra contextual information that can help it better understand requests from and meet the needs of individual users.

This, as many users in infosec communities on social media immediately pointed out, sounds like a potential security nightmare. That’s doubly true because Microsoft says that by default, Recall’s screenshots take no pains to redact sensitive information, from usernames and passwords to health care information to NSFW site visits. By default, on a PC with 256GB of storage, Recall can store a couple dozen gigabytes of data across three months of PC usage, a huge amount of personal data.

The line between “potential security nightmare” and “actual security nightmare” is at least partly about the implementation, and Microsoft has been saying things that are at least superficially reassuring. Copilot+ PCs are required to have a fast neural processing unit (NPU) so that processing can be performed locally rather than sending data to the cloud; local snapshots are protected at rest by Windows’ disk encryption technologies, which are generally on by default if you’ve signed into a Microsoft account; neither Microsoft nor other users on the PC are supposed to be able to access any particular user’s Recall snapshots; and users can choose to exclude apps or (in most browsers) individual websites to exclude from Recall’s snapshots.

Read 18 remaining paragraphs | Comments

Posted in News | Leave a comment

Research as leisure activity

Source: Hacker News

Article note: I'm a huge fan of this behavior. I have a bunch of complete or partial near-publication-quality thoroughly-referenced documents abut dumb shit I've become fascinated by over the years. Many of them have ended up at least in part on the internet somewhere, some that I haven't even done that with. Some of it is the trill of learning and formulating understanding (See the old 1997 William Gibson essay in Wired "My Obsession" which says it better than anything I could write). Reading other people's obsessive recreational research on topics is _also_ often the best way to get up to speed on a topic. ...And this is why I'm excited to be lining up a teaching position with some opportunity to kibitz in research and not a traditional faculty job, it's very hard to do actual honest research inside a tenure track career arc these days.
Comments
Posted in News | Leave a comment

Libadwaita: splitting GTK and design language

Source: OSNews

Article note: Yeah, it's a problem. Binding the GTK ecosystem to Gnome's (awful - controls-in-whitespace-filled-header) HIG during the Gtk3 era messed all the other GTK-based software up. Making everything else a second-class citizen is _also_ a problem, but at least the GTK4 way might lead to the not-gnome GTK users having a straightforward way to standardize among themselves.

There’s no denying that not everyone is happy with the state of the GTK world, and I, too, have argued that GNOME’s massive presence and seeming unwillingness to cooperate with or even consider the existence of other GTK-based desktop environments is doing real, measurable harm to the likes of Xfce, Cinnamon, and others. A major root cause is a feeling that GTK is nothing but a vessel for GNOME, and that the project doesn’t really seem to care much about anyone else.

GNOME Foundation member and all-round very kind person Hari Rana, also known as TheEvilSkeleton, penned a blog post highlighting the other side of the story. In essence, what it comes down to, according to Rana, is that it’s better for everyone if GNOME-specific widgets are moved out of GTK, and into something else – first libhandy, and now its succesor libadwaita, splitting the toolkit (GTK) from the design language (libadwaita). This allows GNOME developers to focus on, well, GNOME, and frees up time for GTK developers to focus on generic widgets that aren’t specific to GNOME.

Thanks to the removal of GNOME widgets from GTK 4, GTK developers can continue to work on general-purpose widgets, without being influenced or restricted in any way by the GNOME HIG. Developers of cross-platform GTK 3 apps that rely exclusively on general-purpose widgets can be more confident that GTK 4 won’t remove these widgets, and hopefully enjoy the benefits that GTK 4 offers.

↫ Hari Rana

From a GNOME standpoint, this makes perfect sense, and I can obviously see the benefits for them. However, what this entire post seems to ignore is that the main effect of the split between GTK 4 and libadwaita is that various GTK applications, now targeting libadwaita because of GNOME’s immense popularity, simply no longer integrate very well with other desktops, like Xfce or Cinnamon. GNOME is, of course, under no obligation to remedy this situation, but at the very least they could acknowledge this is a very real problem that their fellow developers working on Xfce, Cinnamon, MATE, and others, have to deal with.

It works the other way around too. Developers targeting the Linux desktop, where GNOME is more or less the default, have to choose between making a GTK application that integrates well with GNOME by opting for libadwaita and leaving non-GNOME users with a crappy experience, or opting for ‘pure’ GTK 4 and leaving GNOME users with a worse experience. Neither option is good for the Linux desktop as a whole.

The very real ripple effects of GNOME’s choices regarding GTK and libadwaita are seemingly being stubbornly ignored, neglected, and often not even acknowledged at all, and it’s no surprise this creates an immense amount of friction in the wider desktop Linux community. It just feels smug and careless, and of course that’s going to rub people the wrong way- regardless of the purity of your intentions.

Posted in News | Leave a comment

New head of one of the oldest universities organized a citation cartel

Source: Hacker News

Article note: Fraud Engine go Brrrr...
Comments
Posted in News | Leave a comment