Monthly Archives: January 2020

Linux Star Trek fans, rejoice: CBS All Access now works in your OS [Updated]

Source: Ars Technica

Article note: Those fuckers. I figured I just needed to update Widevine on my TV computer, but no, they intentionally broke it. I don't really want to pay $6/mo to Amazon for my junk TV which is largely covered by the "Free" CBS streaming offerings just because of my platform, now I have to pick user-hostile ripoff or piracy again. Update: Hey! They responded and fixed the issue! I can go back to watching some garbage TV as the provider prefers without excessively shitting up my experience!
A retouched screenshot from Picard portrays Jean-Luc Picard petting a penguin.

Enlarge / No CBS All Access on Linux makes elderly Picard cry. (credit: Aurich Lawson / CBS / Getty)

Update, January 31: After this story went live earlier in the week, an Ars reader reached out to speculate that the problem was most likely due to enabling VMP (Verified Media Path) on CBSi's Widevine server. Verified Media Path, similarly to UEFI Secure Boot, makes certain that content will only be delivered to browsers with sanctioned, verifiable "authentic" framework; this is a configurable behavior, and by default, unverified platforms are allowed to receive licenses.

This morning we asked CBSi executives to check with their engineers and see if this was the problem. While we never received a response, two hours later, CBS All Access was playing successfully on Google Chrome on multiple Linux distributions. (Firefox still crashes.) For now, we have verified that the fix—which, again, may or may not actually have involved VMP—covers all of CBS' content and not merely the first episode of Picard, which CBS released yesterday on YouTube for a limited time. If we hear official word from CBS regarding what happened behind the scenes, we'll update this post accordingly. The original story appears unchanged below.

As of this month, the CBS All Access streaming-video platform—home of popular shows including The Late Show with Stephen Colbert and now Star Trek: Picard—stopped working on Linux PCs, regardless of the choice of browser. Ten years ago, this would have been just another day in the life of a Linux user, but it's a little surprising in 2020. We were originally tipped off to the issue by a few irate readers but quickly found it echoed in multiple threads on Reddit, Stack Exchange, and anywhere else you'd expect to find Linux users congregating.

  • Trailers and ads all work fine on CBS All Access, in any browser. The problem isn't the streaming—it's apparently something to do with the DRM itself. [credit: Jim Salter ]

I'm both a Linux user and a CBS All Access subscriber myself, but I had been unaware of the problem since I do all my own watching on a Roku. Technically, the Roku is a Linux PC in its own right—but CBS has its own app in the Roku store, which works perfectly.

Read 7 remaining paragraphs | Comments

Posted in News | 2 Comments

Your doctor’s computer may have suggested opioids because drugmakers paid to tweak the software, DOJ says

Source: The Verge - All Posts

Article note: Ooh, a horrible consequence of "expert [support] systems" I hadn't thought much about because it's so transparently shitty; intentional manipulation by interest groups.

San Francisco-based medical records startup Practice Fusion allegedly developed software for pharmaceutical companies to help increase the number of prescriptions doctors wrote for pain medications, according to a settlement with the US Department of Justice, Bloomberg reports. The company, which supplied its software to tens of thousands of doctors offices nationwide, admitted doing so as part of a $145 million federal settlement this week to resolve civil and criminal penalties, including $113 million to be paid to the federal government and more than $5 million to states.

Here’s how the software worked: When a health care provider accessed a patient’s electronic health records (EHR) on Fusion’s software, a pop-up window would appear...

Continue reading…

Posted in News | Leave a comment

IBM names Arvind Krishna CEO, replacing Ginni Rometty

Source: OSNews

Article note: Interesting. It's not a "RedHat bought IBM with IBM's money" situation, but has a lean in that direction.... because I think IBM is looking for any kind of credible direction.

IBM named Arvind Krishna as chief executive officer, replacing longtime CEO Virginia Rometty. Krishna is currently the head of IBM’s cloud and cognitive software unit and was a principal architect of the company’s purchase of Red Hat, which was completed last year. Rometty, 62, will continue as executive chairman and serve through the end of the year, when she will retire after almost 40 years with the company, IBM said in a statement Thursday. Good luck to the man, I guess. IBM isn’t exactly the most exciting company in the world.

Posted in News | Leave a comment

The Rust Compilation Model Calamity

Source: Hacker News

Article note: I feel like almost all of those compromises went in the sensible direction. If your code is being used, almost every compromise should favor improving run-time behavior over compiler speed.
Posted in News | Leave a comment

What to do when you don’t trust your data anymore

Source: Hacker News

Article note: It's generally a good tale of responsible academic scrutiny and appropriate reaction. And now the grim, I'm not suggesting the victim/author here should be reprimanded because they more or less did right, but it does demonstrate the "Academic misconduct pays off as long as you get tenure before you get caught" principle that has made academia extra bullshit lately, both in terms of the research people are choosing to do (Machine Learning and Quantum are both "safe" topics because they give results that aren't near-term falsifiable, doing to computing what string theory &co. did to physics years ago) and in terms of the credibility of the promotion process.
Posted in News | Leave a comment

Linus Torvalds pulled WireGuard VPN into the 5.6 kernel source tree

Source: Ars Technica

Article note: Sweet. From my limited playing, WireGuard is good tech that straightforwardly solves real problems, plus it triggered some good cleanup of the kernel crypto tools.
It's not likely to be an accident that "add WireGuard" is number one on this list.

Enlarge / It's not likely to be an accident that "add WireGuard" is number one on this list. (credit: Jim Salter)

Yesterday, Linux creator Linus Torvalds merged David Miller's net-next into his source tree for the Linux 5.6 kernel. This merger added plenty of new network-related drivers and features to the upcoming 5.6 kernel, with No.1 on the list being simply "Add WireGuard."

As previously reported, WireGuard was pulled into net-next in December—so its inclusion into Linus' 5.6 source tree isn't exactly a surprise. It does represent clearing another potential hurdle for the project; there is undoubtedly more refinement work to be done before the kernel is finalized, but with Linus having pulled it in-tree, the likelihood that it will disappear between now and 5.6's final release (expected sometime in May or early June) is vanishingly small.

WireGuard's Jason Donenfeld is also contributing AVX crypto optimizations to the kernel outside the WireGuard project itself. Specifically, Donenfeld has optimized the Poly1305 cipher to take advantage of instruction sets present in modern CPUs.

Read 2 remaining paragraphs | Comments

Posted in News | Leave a comment

Google’s tenth messaging service will “unify” Gmail, Drive, Hangouts Chat

Source: Ars Technica

Article note: OH NO NOT AGAIN. We really, really need a ubiquitous open-standard chat protocol to de-fragment the market - even a mediocre strong default would be better than the current situation. We got close briefly with XMPP (which backed Talk) but it didn't handle the many device/mobile situation well enough fast enough so the proprietary rent-seeking platforms managed to proliferate in the gap. Maybe Matrix will make it if they ever have first class clients that aren't ponderous electron apps?
Google logo seen during Google Developer Days (GDD) in Shanghai, China, September 2019.

Enlarge / Google logo seen during Google Developer Days (GDD) in Shanghai, China, September 2019. (credit: Lyu Liang | VCG | Getty Images)

A report from The Information (subscription required) claims that Google is working on yet another messaging app. The team from GSuite is cooking up a mobile app that "brings together the functions of several standalone apps the company already offers" into a unifying platform. Google reportedly envisions this as an enterprise communications app along the same lines as Slack or Microsoft Teams. It sounds like the same sales pitch given for the "Google Hangouts Chat" service that was developed for GSuite in 2018, but when Google messaging services come and go like the seasons of the year, you can't expect every single one to have a unique premise.

According to the report, this "new unified communications app" will merge functions from Gmail, Drive, Hangouts Chat, and Hangouts Meet. Slack already lets you send messages, share files, and do video chats, which covers most of these apps. Pulling in features from Gmail, though, like the last email you sent the person you're messaging, would be unique and genuinely useful. One alarming thing about the report is that it refers to this service as a "mobile app" and doesn't mention anything about a Web or desktop app, which is how many employees primarily use Slack.

News that the app will pull in Hangouts Chat features makes us wonder what will happen to the actual Hangouts Chat service. One of the current plans in the Google messaging mess is to merge Google's biggest consumer chat platform, Hangouts, with Hangouts Chat, its current enterprise chat platform (despite the similar names, the two apps are unrelated). If Hangouts Chat is merging into something else, does that mean the plan to migrate consumer Hangouts over isn't happening?

Read 2 remaining paragraphs | Comments

Posted in News | Leave a comment

The sad state of screen sharing on desktop Linux

Source: Hacker News

Article note: This article isn't really "Linux" it's "Wayland." I'm still confused by how Wayland development was supposed to be all about addressing the accreted cruft in the X11 plumbing, so they built a minimal protocol that didn't address many even rudimentary use cases, and immediately set about accreting an even more disjoint set of plumbing parts. _Maybe_ Pipewire will work out well enough to standardize Linux AV plumbing around in a reasonable amount of time, but given that Pulseaudio did less and took over 12 years to be more useful than trouble, and Wayland itself is a decade into "Still not ready," I have doubts.
Posted in News | Leave a comment

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Source: Hacker News

Article note: Yet another round of Intel "paying" for designs that prioritized easy performance gains over memory safety, and TSX generally being a shitshow.
Posted in News | Leave a comment

Modern Mass Surveillance: Identify, Correlate, Discriminate

Source: Schneier on Security

Article note: The point about regulating how it is permissible to discriminate thing is important and sticky. So many "amazing AI advancements" turn out to be using clustering to find proxy measures to discriminate in distasteful or prohibited ways. It's going to be very difficult to determine what is a permissible slice if you can obstruct (even to the people doing the slicing) how the decision was made, so it will most likely have to be attacked by controlling the retention, brokering, and use of data in general.

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow). In December, San Diego suspended a facial recognition program in advance of a new statewide law, which declared it illegal, coming into effect. Forty major music festivals pledged not to use the technology, and activists are calling for a nationwide ban. Many Democratic presidential candidates support at least a partial ban on the technology.

These efforts are well-intentioned, but facial recognition bans are the wrong way to fight against modern surveillance. Focusing on one particular identification method misconstrues the nature of the surveillance society we're in the process of building. Ubiquitous mass surveillance is increasingly the norm. In countries like China, a surveillance infrastructure is being built by the government for social control. In countries like the United States, it's being built by corporations in order to influence our buying behavior, and is incidentally used by the government.

In all cases, modern mass surveillance has three broad components: identification, correlation and discrimination. Let's take them in turn.

Facial recognition is a technology that can be used to identify people without their knowledge or consent. It relies on the prevalence of cameras, which are becoming both more powerful and smaller, and machine learning technologies that can match the output of these cameras with images from a database of existing photos.

But that's just one identification technology among many. People can be identified at a distance by their heartbeat or by their gait, using a laser-based system. Cameras are so good that they can read fingerprints and iris patterns from meters away. And even without any of these technologies, we can always be identified because our smartphones broadcast unique numbers called MAC addresses. Other things identify us as well: our phone numbers, our credit card numbers, the license plates on our cars. China, for example, uses multiple identification technologies to support its surveillance state.

Once we are identified, the data about who we are and what we are doing can be correlated with other data collected at other times. This might be movement data, which can be used to "follow" us as we move throughout our day. It can be purchasing data, Internet browsing data, or data about who we talk to via email or text. It might be data about our income, ethnicity, lifestyle, profession and interests. There is an entire industry of data brokers who make a living analyzing and augmenting data about who we are ­-- using surveillance data collected by all sorts of companies and then sold without our knowledge or consent.

There is a huge ­-- and almost entirely unregulated ­-- data broker industry in the United States that trades on our information. This is how large Internet companies like Google and Facebook make their money. It's not just that they know who we are, it's that they correlate what they know about us to create profiles about who we are and what our interests are. This is why many companies buy license plate data from states. It's also why companies like Google are buying health records, and part of the reason Google bought the company Fitbit, along with all of its data.

The whole purpose of this process is for companies --­ and governments ­-- to treat individuals differently. We are shown different ads on the Internet and receive different offers for credit cards. Smart billboards display different advertisements based on who we are. In the future, we might be treated differently when we walk into a store, just as we currently are when we visit websites.

The point is that it doesn't matter which technology is used to identify people. That there currently is no comprehensive database of heartbeats or gaits doesn't make the technologies that gather them any less effective. And most of the time, it doesn't matter if identification isn't tied to a real name. What's important is that we can be consistently identified over time. We might be completely anonymous in a system that uses unique cookies to track us as we browse the Internet, but the same process of correlation and discrimination still occurs. It's the same with faces; we can be tracked as we move around a store or shopping mall, even if that tracking isn't tied to a specific name. And that anonymity is fragile: If we ever order something online with a credit card, or purchase something with a credit card in a store, then suddenly our real names are attached to what was anonymous tracking information.

Regulating this system means addressing all three steps of the process. A ban on facial recognition won't make any difference if, in response, surveillance systems switch to identifying people by smartphone MAC addresses. The problem is that we are being identified without our knowledge or consent, and society needs rules about when that is permissible.

Similarly, we need rules about how our data can be combined with other data, and then bought and sold without our knowledge or consent. The data broker industry is almost entirely unregulated; there's only one law ­-- passed in Vermont in 2018 ­-- that requires data brokers to register and explain in broad terms what kind of data they collect. The large Internet surveillance companies like Facebook and Google collect dossiers on us are more detailed than those of any police state of the previous century. Reasonable laws would prevent the worst of their abuses.

Finally, we need better rules about when and how it is permissible for companies to discriminate. Discrimination based on protected characteristics like race and gender is already illegal, but those rules are ineffectual against the current technologies of surveillance and control. When people can be identified and their data correlated at a speed and scale previously unseen, we need new rules.

Today, facial recognition technologies are receiving the brunt of the tech backlash, but focusing on them misses the point. We need to have a serious conversation about all the technologies of identification, correlation and discrimination, and decide how much we as a society want to be spied on by governments and corporations -- and what sorts of influence we want them to have over our lives.

This essay previously appeared in the New York Times.

EDITED TO ADD: Rereading this post-publication, I see that it comes off as overly critical of those who are doing activism in this space. Writing the piece, I wasn't thinking about political tactics. I was thinking about the technologies that support surveillance capitalism, and law enforcement's usage of that corporate platform. Of course it makes sense to focus on face recognition in the short term. It's something that's easy to explain, viscerally creepy, and obviously actionable. It also makes sense to focus specifically on law enforcement's use of the technology; there are clear civil and constitutional rights issues. The fact that law enforcement is so deeply involved in the technology's marketing feels wrong. And the technology is currently being deployed in Hong Kong against political protesters. It's why the issue has momentum, and why we've gotten the small wins we've had. (The EU is considering a five-year ban on face recognition technologies.) Those wins build momentum, which lead to more wins. I should have been kinder to those in the trenches.

If you want to help, sign the petition from Public Voice calling on a moratorium on facial recognition technology for mass surveillance. Or write to your US congressperson and demand similar action. There's more information from EFF and EPIC.

Posted in News | Leave a comment