Daily Archives: 2022-01-25

Pwnkit: Local Privilege Escalation in polkit’s pkexec (CVE-2021-4034)

Source: Hacker News

Article note: Group ownership of hardware assets wasn't modern enough or something, so we got polkit and it's constant weird state and js/xml config nightmare. ...and the parser that broke is pkexec's sloppy handling of argv.
Posted in News | Leave a comment

Google drops FLoC after widespread opposition, pivots to “Topics API” plan

Source: Ars Technica

Article note: It doesn't look _as_ heinous, but "Let's let the world's largest advertising broker insert ~~spyware~~ behavioral profiling code into browsers running on users' machines" just seems fundamentally gross.
Vivaldi's graphic on FLoC.

Enlarge / Vivaldi's graphic on FLoC. (credit: Vivaldi)

After widespread opposition from the rest of the Internet, Google is killing its "FLoC" plans.

The company wants to get rid of the third-party web cookies used for advertising tracking, so it proposed FLoC ("Federated Learning of Cohorts"), which would have let its browser track you for the benefit of advertising companies. With FLoC dead, Google is floating another proposal to track users for advertisers. This time, the system is called the "Topics API." There are currently no implementation details, but Google has posted info about the Topics API in a blog post, in developer docs, on a GitHub page, and on a "Privacy Sandbox" site.

Google's Topic API plans are just now being shared with the world, and the company says the next step is to build a trial implementation and gather feedback from the Internet. Hopefully, the EFF, Mozilla, the EU, and other privacy advocates that spoke out about FLoC will chime in on Google's new plan. The Topics API gives users more control over the tracking process, but if your core complaint was that browser makers should not build user tracking technology directly into the browser for the benefit of advertising companies, you'll still find fault with Google's plan. Google is the world's biggest advertising company, and it's using its ownership of the world's biggest browser to insert its business model into Chrome.

Read 7 remaining paragraphs | Comments

Posted in News | Leave a comment

Nvidia ready to abandon Arm acquisition, report says

Source: Ars Technica

Article note: IMO, good. Not pure, simple good, but ARM is too much of a cross-entity standard for a company that behaves like nvidia has tended to to be a good steward.
Nvidia ready to abandon Arm acquisition, report says

Enlarge (credit: Pavlo Gonchar/SOPA Images/LightRocket)

Nvidia may be walking away from its acquisition of Arm Ltd., the British chip designer, according to a report from Bloomberg.

The blockbuster deal faced global scrutiny, and Nvidia apparently feels that it hasn’t made sufficient progress in convincing regulators that the acquisition won’t harm competition or national security. “Nvidia has told partners that it doesn’t expect the transaction to close, according to one person who asked not to be identified because the discussions are private,” Bloomberg reported.

In a further sign that the deal is likely to be abandoned, SoftBank is also working to take Arm public, according to the report.

Read 9 remaining paragraphs | Comments

Posted in News | Leave a comment