Monthly Archives: February 2021

Firefox 86 brings multiple Picture-in-Picture, “Total Cookie Protection”

Source: Ars Technica

Article note: It's a good thing, and it should be the default everywhere. I wish this didn't feel as "starting to close the gate after the horses bolted" - Cookies are a problem, but having turned our little hypertext rendering tool into a runtime full of leaky things like WebGL, it's going to be hard to really confront ubiquitous tracking without re-constraining the scope of the browser.
  • I installed Firefox 86 on my Ubuntu workstation using Snap to be certain I wouldn't accidentally mess with my working system configuration. [credit: Jim Salter ]

Mozilla released Firefox 86 yesterday, and the browser is now available for download and installation for all major operating systems, including Android. Along with the usual round of bug fixes and under-the-hood updates, the new build offers a couple of high-profile features—multiple Picture-in-Picture video-watching support, and (optional) stricter cookie separation, which Mozilla is branding Total Cookie Protection.

Taking Firefox 86 for a spin

Firefox 86 became the default download at mozilla.org on Tuesday—but as an Ubuntu 20.04 user, I didn't want to leave the Canonical-managed repositories just to test the new version. This is one scenario in which snaps truly excel—providing you with a containerized version of an application, easily installed but guaranteed not to mess with your "real" operating system.

As it turns out, Firefox's snap channel didn't get the message about build 86 being the new default—the latest/default snap is still on build 85. In order to get the new version, I needed to snap refresh firefox --channel=latest/candidate.

Read 13 remaining paragraphs | Comments

Posted in News | Leave a comment

Kentucky lawmakers to consider bill curtailing controversial no-knock warrants

Source: Kentucky.com -- Fayette County

Article note: Good. And it's bipartisan, which is also good, let's see if we can not get identity-wedged out of this. No-Knocks should be limited to situations where issuing institution has weighed the goal they are trying to accomplish against everyone involved - police, suspects, bystanders - dying in the process, and still thought it was a good idea. Situations where that is a reasonable conclusion exist, but they are rare.

No-knock search warrants like the one involved in the police shooting death last March of Breonna Taylor in Louisville would be curtailed under legislation filed Monday in the Kentucky General … Click to Continue »

Posted in News | Leave a comment

AT&T and Frontier have let phone networks fall apart, Calif. regulator finds

Source: Ars Technica

Article note: The problem isn't that the POTS network is old and rotting (and basically just a vestigial adapter to a VOIP system). The problem is that we've been paying for replacements for over 25 years, and the incumbent telcos have not been delivering on promised coverage and reliability. Largely by successfully lobbying to not be regulated to an appropriate level, and blithely ignoring the regulations that do exist with no fear of repercussions because of staggeringly successful regulatory capture.
A pair of scissors being used to cut a wire coming out of a landline telephone.

Enlarge (credit: Getty Images | CalypsoArt)

AT&T and Frontier have let their copper phone networks deteriorate through neglect since 2010, resulting in poor service quality and many lengthy outages, a report commissioned by the California state government found. Customers in low-income areas and areas without substantial competition have fared the worst, the report found. AT&T in particular was found to have neglected low-income communities and to have imposed severe price increases adding up to 152.6 percent over a decade.

The report was written in April 2019 but kept private because data submitted by the carriers was deemed confidential and proprietary. The report finally became public after the California Public Utilities Commission (CPUC) ruled in December 2020 that a redacted version had to be released by mid-January.

A summary of the CPUC-commissioned report identified six key findings:

Read 21 remaining paragraphs | Comments

Posted in News | Leave a comment

Daft Punk drops ‘Epilogue’ video announcing retirement

Source: The Week: Most Recent Home Page Posts

Article note: Aw, bummer, they've been a constant. Hopefully they find fun new things to do and/or enjoy their retirement.

After 28 years, the Daft Punk duo are hanging up their helmets.

Daft Punk announced their retirement on Monday by way of an eight-minute video called "Epilogue," which according to Pitchfork was excerpted from Electroma, their 2006 film. In it, the "Harder, Better, Faster, Stronger" duo slowly walk into the desert in total silence before one of them blows up and the other walks into the distance, with "1993-2021" appearing on screen. In case that wasn't definitive enough, Daft Punk's publicist confirmed to Variety they have, indeed, split up after almost three decades.

Thomas Bangalter and Guy-Manuel de Homem-Christo formed Daft Punk in 1993, releasing their most recent studio album, the Grammy-winning Random Access Memories, in 2013. Fans quickly flooded social media Monday to pay tribute and express sadness over the news — not to mention concern that, after Daft Punk's unforgettable work on the Tron: Legacy soundtrack, Tron 3 just won't be the same.

Posted in News | Leave a comment

The modern packager’s security nightmare

Source: OSNews

Article note: I'm less down on static linking schemes (at least they allow for cool optimizations and all their BS happens at build-time) than the variations on the traditional "Give up and throw this recalcitrant software in /opt with it's entire dependency tree" scheme (containers, flatpack/snap, and other sorts of virtual environment with whole dependency trees of dynamically linked shit being bolted on to the system in gross ways). ...that said, the prevalence of dung-beetle programming in the modern era has really created a clusterfuck with dependencies.

One of the most important tasks of the distribution packager is to ensure that the software shipped to our users is free of security vulnerabilities. While finding and fixing the vulnerable code is usually considered upstream’s responsibility, the packager needs to ensure that all these fixes reach the end users ASAP. With the aid of central package management and dynamic linking, the Linux distributions have pretty much perfected the deployment of security fixes. Ideally, fixing a vulnerable dependency is as simple as patching a single shared library via the distribution’s automated update system.

Of course, this works only if the package in question is actually following good security practices. Over the years, many Linux distributions (at the very least, Debian, Fedora and Gentoo) have been fighting these bad practices with some success. However, today the times have changed. Today, for every 10 packages fixed, a completely new ecosystem emerges with the bad security practices at its central point. Go, Rust and to some extent Python are just a few examples of programming languages that have integrated the bad security practices into the very fabric of their existence, and recreated the same old problems in entirely new ways.

This post explains the issue packagers run into very well – and it sure does look like these newer platforms are not very good citizens. I know this isn’t related, but this gives me the same feelings and reservations as Flatpak, Snap, and similar tools.

Posted in News | Leave a comment

Paint-On Copperplating? What is this Sorcery?

Source: adafruit industries blog

Article note: Well that's cool and useful. Looks like it's basically a displacement reaction with not-too-nasty supplies. I wish there were text instructions, it _appears_ to be 10 mg Cupric Oxide (pretty sure it's CuO, it's black so it's not CuO2 or Cu2O) dissolved in hot 20ml 85% Formic Acid + 100mL distilled water that reduces on the surface.

In a follow-up to her recent video where she electroplated the gas tank of her motorcycle with copper, Laura Kampf decided to try a much easier method of simply painting on a copperplate solution.

She saw a video demonstrating the technique and wanted to try it out. It appears to work. Amazing. As she points out, this could lend itself to all sorts of applications.

Posted in News | Leave a comment

A Dishonest, Indifferent, and Toxic Culture

Source: Hacker News

Article note: Damn. I've been watching this at a distance since it went down, at least the guilty parties are being punished (By the ACM, IEEE doesn't give a fuck about anything but money, and I let my membership lapse this year because I've become so cumulatively sick of their shit), which is more than I expected. It really is a perfect "The incentive structure of academia laid bare" situation.
Comments
Posted in News | Leave a comment

Twitch Censors Live Metallica Performance with Dorkiest Music Imaginable

Source: Slashdot

Article note: Our copyright system really is completely absurd.

In the year 2000, Metallica drummer Lars Ulrich answered questions from Slashdot's readers. Late Friday night, the AV Club described Metallica's appearance at the opening ceremonies for the (now online) version of Blizzard Entertainment's annual event BlizzCon: The opening ceremonies were being broadcast online, both through the official BlizzCon page, YouTube, and Twitch. And you know what happens when licensed music gets played on the internet, don't you, folks? That's right: Copyright issues! Per Uproxx, the audio of James, Lars, and the boys' performance apparently went out as per usual on YouTube and the BlizzCon page — although the whole thing appears to have been excised from the YouTube upload of the event. But on Twitch... On Twitch, things did not go so well. Which is to say that, even though it was being hosted on the company's official twitchgaming channel, the performance was ominously preceded by a chyron noting that "The upcoming musical performance is subject to copyright protection by the applicable copyright holder." And then this happened.... Can we prove that someone at Twitch intentionally picked the dorkiest, most Zelda forest-ass music imaginable to have Metallica rock their little hearts out to, instead of broadcasting their extremely copyrighted music (and thus having to deal with the possibility of issuing one of their ubiquitous DMCA takedown notices to themselves)? Obviously not.... On the other hand, we can prove that it is extremely funny to watch this happen, especially — as many people have pointed out — since Metallica is at least partially responsible for the restrictive character of many online musical streaming laws that dominate the internet today, after their high-profile campaign against Napster way back at the dawn of the MP3. In other news, Diablo II is being remastered and re-released later this year.

Read more of this story at Slashdot.

Posted in News | Leave a comment

Congress Escalates Pressure on Tech Giants to Censor,Threatening First Amendment

Source: Hacker News

Article note: "For the same reasons that the Constitution prohibits the government from dictating what information we can see and read (outside narrow limits), it also prohibits the government from using its immense authority to coerce private actors into censoring on its behalf." That is a really interesting take. I think I agree with it, but it's the first time I recall seeing it spelled out like that.
Comments
Posted in News | Leave a comment

New malware found on 30,000 Macs has security pros stumped

Source: Ars Technica

Article note: That is some weird high-polish shit to be running no payloads for that long. Escaped experiment? Nation-state actor testing? Someone clever and nefarious waiting for a large reach before they start dropping payloads?
Close-up photograph of Mac keyboard and toolbar.

Enlarge (credit: Jayson Photography / Getty Images)

A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Also curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question why the mechanism exists.

Read 10 remaining paragraphs | Comments

Posted in News | Leave a comment