Monthly Archives: March 2020

Honda bucks industry trend by removing touchscreen controls

Source: OSNews

Article note: Touchscreens have always been a UX disaster, at least we're finally having to admit it and change course because touchscreen suck is _literally killing people_ in cars (and Naval controls the US DOD got taken on).

Honda has done what no other car maker is doing, and returned to analogue controls for some functions on the new Honda Jazz.

While most manufacturers are moving to touchscreen controls, identifying smartphone use as their inspiration – most recently seen in Audi’s latest A3 – Honda has decided to reintroduce heating and air conditioning controls via a dial rather than touchscreen, as in the previous-generation Jazz.

Unlike what the introduction states, Honda joins fellow Japanese car maker Mazda in not just blindly using touchscreens for everything inside cars. This is a good move, and definitely takes some guts, since I’ve seen countless car reviewers – including my standout favourite, Doug DeMuro – kind of blindly assuming that any car without 100% touchscreen control is outdated, without questioning the safety consequences.

Good on Honda.

Posted in News | Leave a comment

OpenWRT code-execution bug puts millions of devices at risk

Source: Ars Technica

Article note: Eeeh. Not _that_ bad, it's a MITM on the package system because HTTP transport and Checksums was fine in past decades and grossly inadequate now.
Screenshot of OpenWrt.

Enlarge (credit: OpenWRT)

For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital signature verifications are easy to bypass, a researcher said.

OpenWRT has a loyal base of users who use the freely available package as an alternative to the firmware that comes installed on their devices. Besides routers, OpenWRT runs on smartphones, pocket computers and even laptops and desktop PCs. Users generally find OpenWRT to be a more secure choice because it offers advanced functions and its source code is easy to audit.

Security researcher Guido Vranken, however, recently found that updates and installation files were delivered over unencrypted HTTPs connections, which are open to attacks that allow adversaries to completely replace legitimate updates with malicious ones. The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install.

Read 10 remaining paragraphs | Comments

Posted in News | Leave a comment

Zoom’s privacy problems are growing as platform explodes in popularity

Source: Ars Technica

Article note: Zoom, like so many pieces of technology, is a total shit show that got thrust into widespread use when it was _entirely_ unprepared, and it's the modern era tech so a lot of the lack of shit-together is valley-bro data safety hubris. I'm pretty impressed that it's holding up as well as it has technically, and glad they're getting held accountable for policy.
Ominous photograph of multi-story glass office building.

Enlarge / Zoom's San Jose, Calif., headquarters looks like a lovely place to be socially distanced from. (credit: Smith Collection | Gado | Getty Images)

We have several more weeks, if not several more months, to go in this sudden era of Everything from Home. Work from home, school from home, funerals from home, church from home, happy hour from home—you name it, and we as a society are trying as best as we can to pull it off remotely. Tech use as a result is up all over, but arguably the biggest winner to date of the "Oh, crap, where's my webcam" age is videoconferencing platform Zoom.

Zoom's ease of use, feature base, and free service tier have made it a go-to resource not only for all those office meetings that used to happen in conference rooms but also for teachers, religious services, and even governments. The widespread use, in turn, is shining a bright spotlight on Zoom's privacy and data-collection practices, which apparently leave much to be desired.

The challenge is particularly pronounced in the health care and education sectors: Zoom does offer specific enterprise-level packages—Zoom for Education and Zoom for Healthcare—that have compliance with privacy law (FERPA and HIPAA, respectively) baked in. Many users in those fields, however, may be on the free tier or using individual or other types of enterprise licenses that don't take these particular needs into consideration.

Read 16 remaining paragraphs | Comments

Posted in News | Leave a comment

Real learning in a virtual classroom is difficult

Source: Ars Technica

Article note: My own thoughts from the initial effort: - Trying to do all-asynchronous or (much, much worse) all synchronous is a fools errand. You're gonna have to do mixed mode, with some consume-at-leisure delivery and some interactive Q&A time. - You need a document camera, the digital whiteboard things don't cut it. Improvise one if you have to. - Most students aren't as auto-didactic as we'd like to imagine, just like always. Design accordingly. - Make sure you and your students do their best to carve out "work time and place" - Accommodate where you can; your students have access limitations. They have little siblings or children borrowing their computers for their own classes. They have flaky connections. At the same time, hold the line on demonstrating competence. - Spyware "anti cheat" gadgets are harmful bullshit with differential inconvenience, design to deal with the fact that students will be getting reference material and communicating instead of wasting your time trying to stop them.
A virtual classroom setup.

Enlarge / A virtual classroom setup. (credit: Chris Lee)

"Remote teaching sucks. It's yucky, and it is not the future of education."

Thus spake my wife, a high school English teacher with many years of experience. And she's right. I teach at a university, and we have also moved to virtual lessons in the face of COVID-19. Even before the current crisis, I already made extensive use of digital tools in the classroom. However, virtual lessons are a poor substitute for actual in-person instruction. Let me take you on a tour of a future that we all should be trying to avoid. (It isn't all doom and gloom, though; we've discovered some hidden treasures as well.)

The problem is that teaching is an intimate activity: students give up a certain degree of control to the teacher and trust that person to help them master some new topic. It doesn't matter how big the class, that intimacy is unchanged for the teacher. Teaching is personal. Yes, from the student's perspective, a one-on-one lesson is more personal than a lecture delivered to 500 students. But the anonymity and safety in large classes does not mean that teachers are not seeing and modifying their approach via instantaneous feedback from their classes.

Read 20 remaining paragraphs | Comments

Posted in News | Leave a comment

Kentuckians may soon be able to get booze shipped directly to their front door

Source: Kentucky.com -- State

Article note: It's a weird time to get around to it, but YES PLEASE. I would like to finally be able to order weird specialty boozes and cheap internet wine as a KY resident.

Kentuckians would be able to get alcoholic beverages shipped to their front door under a bill the Senate approved Thursday and sent to Gov. Andy Beshear for his consideration. “Let … Click to Continue »

Posted in News | Leave a comment

Masks really work to dramatically reduce the spread of Covid-19

Source: Hacker News

Article note: This has been an interesting double-bind. Clearly, places with ubiquitous mask wearing (not fancy ones either, just surgical masks to prevent spreading infection from projected particles) are doing _dramatically_ better at containing COVID-19 (and also have huge confounding factors). Less-clearly but very likely, the messaging in countries _not_ accustomed to or equipped for ubiquitous mask use is "masks are ineffective" in the face of statistical evidence because they want to conserve their limited supply of masks for high-risk users and prevent runs. And now there's the Czechs, who are attempting a mass DIY mask experiment, which may be the tie-breaker for "right thing to do."
Comments
Posted in News | Leave a comment

Most(ly dead) Influential Programming Languages

Source: Hacker News

Article note: This is the kind of thing we should be teaching our CS undergrads. Other than ones that take Rafi Finkel's CS450 elective, now that most CS students don't take EE380, I don't think UK's get _any_ exposure to how computing came to be the way it is, and that is a real problem.
Comments
Posted in News | Leave a comment

The exFAT filesystem is coming to Linux—Paragon software’s not happy about it

Source: Ars Technica

Article note: As always when someone gets all FUDy about solid open source stacks replacing their rentseekingware business, "Fuck 'em." It's a shame, Paragon has made some nice, useful stuff on top of other people's FOSS work.
Proprietary filesystem vendor Paragon Software seems to feel threatened by the pending inclusion of a Microsoft-sanctioned exFAT in the Linux 5.7 kernel.

Enlarge / Proprietary filesystem vendor Paragon Software seems to feel threatened by the pending inclusion of a Microsoft-sanctioned exFAT in the Linux 5.7 kernel. (credit: MTV / Geffen / Paramount Pictures)

When software and operating system giant Microsoft announced its support for inclusion of the exFAT filesystem directly into the Linux kernel back in August, it didn't get a ton of press coverage. But filesystem vendor Paragon Software clearly noticed this month's merge of the Microsoft-approved, largely Samsung-authored version of exFAT into the VFS for-next repository, which will in turn merge into Linux 5.7—and Paragon doesn't seem happy about it.

Yesterday, Paragon issued a press release about European gateway-modem vendor Sagemcom adopting its version of exFAT into an upcoming series of Linux-based routers. Unfortunately, it chose to preface the announcement with a stream of FUD (Fear, Uncertainty, and Doubt) that wouldn't have looked out of place on Steve Ballmer's letterhead in the 1990s.

Breaking down the FUD

Paragon described its arguments against open source software—which appeared directly in my inbox—as an "article (available for publication in any form) explaining why the open source model didn't work in 3 cases."

Read 18 remaining paragraphs | Comments

Posted in News | Leave a comment

Beware the emergency power grab

Source: The Week: Most Recent Home Page Posts

Article note: Do not let this be a 9/11 "permanently give powers that only harm society to authoritarians in the government because we're panicked" scenario. Do let it catalyze changes to things like healthcare and employment that will revert previous damage and improve society for everyone going forward. Do not let economic concerns override good public health policy. Do let it be an experiment in the role of abstract markets and remote work and disaster response going forward. (and maybe all the panicked first-time gun buyers will take general lessons about intentionally mercurial laws from the experience)

They always do it. Whenever these leeching, sneaking, pompous, presumptuous, supercilious, weaselly would-be despots we call our government spy a chance to grasp some power that is rightly out of any and every person's reach, they lunge for it.

The chance, this time, is the legitimately unprecedented situation occasioned by the pandemic spread of the novel coronavirus. And the power is the functional abrogation of half our Bill of Rights — Amendments Four through Eight — in the form of indefinite detention without trial during emergencies.

This is utterly unjustified by the COVID-19 outbreak. It is not a misguided good-faith effort to protect public health. It is a transparent charge toward authoritarianism, and it must be crushed.

The Trump administration's plan came to light Saturday afternoon with Politico's report on a Justice Department request to Congress. In the documents, the administration reportedly asks lawmakers to give the attorney general authority to direct chief judges of district courts to suspend court proceedings "whenever the district court is fully or partially closed by virtue of any natural disaster, civil disobedience, or other emergency situation." The suspension would override "any statutes or rules of procedure otherwise affecting pre-arrest, post-arrest, pre-trial, trial, and post-trial procedures in criminal and juvenile proceedings and all civil process and proceedings." It would lift the statute of limitations on criminal and civil proceedings throughout the emergency and for one year after it concluded.

This proposes an expansive grant of power to gut some of our most basic rights. It would effectively nullify habeas corpus, our guarantee of a court hearing in which the state must justify our detention or be compelled to release us. This ancient right, secured in our Sixth Amendment and the Magna Carta before it, is foundational to our justice system. Locking people away without due process is the province of tyrants.

The specification of "civil disobedience" as a reason to shut down our courts is as insulting as it is galling. They didn't even bother to say "violent rioting and looting" or "armed rebellion." No, civil disobedience — by definition, a peaceful protest — is here deemed cause enough to demolish due process rights on the president's whim.

Also deeply worrisome is the inclusion of "pre-arrest" procedures among laws that can be suspended. That could mean no Miranda warning, no lawyer, no phone call, just straight to jail for who knows how long. "I find it absolutely terrifying," Norman L. Reimer, executive director of the National Association of Criminal Defense Lawyers, told Politico. "Especially in a time of emergency, we should be very careful about granting new powers to the government."

That is particularly so because times of emergency — in the legal sense — are oft-immortal creatures of the government's own making. Pursuant to the National Emergencies Act of 1976, the president can declare a national emergency whenever he likes and thereby activate a host of new powers for himself. Predictably, presidents do this fairly often, motivated more by a desire to bypass Congress than by whether the circumstances at hand fit any reasonable definition of a national emergency. (Recall President Trump's national emergency declaration after Congress refused to fund his border wall folly.) Thus there are dozens of ongoing national emergencies declared by Trump and his predecessors for situations including trade with Sudan, Albanian insurgents in Macedonia, and alleged election fraud in Belarus in 2006.

The COVID-19 outbreak is clearly far more of a national emergency for the United States, in the ordinary sense of the words, than 14-year-old Belarusian election irregularities. But they share the same legal classification, a classification the president can apply at will. If permitted, the seizure of authority proposed in these Justice Department papers will be abused in concert with all manner of national emergency declarations.

And it will not be undone. The novel coronavirus eventually will be contained, but the state's iron grasp of this power, once allowed, will not loosen. "History demonstrates again and again that governments use a crisis to expand power and violate vital constitutional principles," Scott Bullock, president of the Institute for Justice, told Reason of the DOJ proposal. "And when the supposed emergency is over, the expanded powers often become permanent."

The recent history of indefinite detention itself illustrates this well. Civil libertarians warned that its use by the George W. Bush administration in the war on terror was a dangerous encroachment on constitutional rights, but our alarm was brushed aside with insistence that only terrorists had any reason to worry. Then the Obama administration expanded the practice. Now the Trump administration seeks to expand it further, jettisoning the terrorism justification entirely. It's predictable — and despicable.

Democrats' majority in the House of Representatives, bolstered by enough GOP senators to tip the balance against the DOJ request in the upper chamber, will almost certainly keep the Trump administration from getting what it wants here. That's reassuring, but we cannot let it lull us into false security.

The last three administrations have all inched in this direction. Washington is licking its chops over our due process rights. In this and every crisis, it must be firmly muzzled.

Want more essential commentary and analysis like this delivered straight to your inbox? Sign up for The Week's "Today's best articles" newsletter here.

Posted in News | Leave a comment

Half-Life: Alyx review: The greatest VR adventure game yet—and then some

Source: Ars Technica

Article note: I'm not dropping $1k on a VR rig for one game, but damned if it doesn't look compelling.
The Combine are back, but you face them (and other terrors) from a different perspective—in more ways than one. Welcome to <em>Half Life: Alyx</em>.

Enlarge / The Combine are back, but you face them (and other terrors) from a different perspective—in more ways than one. Welcome to Half Life: Alyx. (credit: Valve)

I am a huge fan of Half-Life: Alyx, the first new Half-Life game in 13 years. But before telling you why, I'd like to take the hype balloon—in this case, shaped like a headcrab that's floating towards your face—and let out a bit of its air.

Half-Life: Alyx is not a must-own video game. It is not the PC world's Super Mario 64 equivalent, a comparison I mention because Valve studio head Gabe Newell has heightened expectations this way multiple times over the years. HL:A does not use virtual reality to transform how we interact with games in a way that might be as universally embraced as Super Mario Bros. 1, DoomZelda: Ocarina of Time, or, of course, the first two Half-Life games.

And yet: Half-Life: Alyx is a must-play video game for anyone in a position to do so. If you already have access to the required technology—a full VR headset system, a robust computer, and a reasonable amount of space to move your arms while otherwise blind to the real world—you are in for a video game that pushes the notion of "full-length VR adventure" to its limits. The 15 hours required to beat HL:A on a first playthrough are dense. They are beautiful. They are full of unique puzzles, immersive combat, bona fide terror, and storytelling beats that all understand what does, and does not, work when translating a "flat-screen" gaming franchise to hand-tracked virtual reality.

Get it? Not universally "must-own," but conditionally "must-play." Comparatively, I'd say the latter praise is higher than, say, most any wild arcade or rhythm-gaming experience that has required additional, bulky hardware. This is not Dance Dance Revolution or Guitar Hero. This is bigger. The sheer tingle I feel when I recall HL:A's brilliant and thrilling moments is up there with any video game experience I've had in my 24 years of gaming criticism.

Read 75 remaining paragraphs | Comments

Posted in News | Leave a comment