Miscellaneous Tech News

black3dynamite

Old news but Microsoft abandons semi-annual releases for Windows Server
https://www.theregister.com/2021/07/28/windows_server_2022_sac/

mlnews

Apple employees make US labour watchdog complaints

Two employee complaints against Apple are being considered by the US National Labor Relations Board (NLRB).
One alleges retaliation for raising safety concerns, while the other focuses on alleged suppression of questions about pay equity. Apple has declined to comment on individual cases, but says it investigates when a concern is raised. The complaints come as an online campaign says it's received more than 600 stories of workplace problems. The NLRB is an independent US agency which protects the rights of private sector employees to join together to improve their wages and working conditions, and to prevent unfair labour practices.

scottalanmiller

NextCloud Sync 2.0 Performance Boost

https://nextcloud.com/blog/nextcloud-sync-2-0-brings-10x-faster-syncing/

JaredBusch

@scottalanmiller said in Miscellaneous Tech News:

NextCloud Sync 2.0 Performance Boost

https://nextcloud.com/blog/nextcloud-sync-2-0-brings-10x-faster-syncing/

This will be a huge benefit to one of my clients. They have 50gb of tiny files (manufacturer service manuals), about 60k or so I think.

mlnews

ProtonMail removed “we do not keep any IP logs” from its privacy policy

Swiss courts compelled it to log and disclose a user's IP and browser fingerprint.
This weekend, news broke that security/privacy-focused anonymous email service ProtonMail turned over a French climate activist's IP address and browser fingerprint to Swiss authorities. This move seemingly ran counter to the well-known service's policies, which as recently as last week stated that "by default, we do not keep any IP logs which can be linked to your anonymous email account." After providing the activist's metadata to Swiss authorities, ProtonMail removed the section that had promised no IP logs, replacing it with one saying, "ProtonMail is email that respects privacy and puts people (not advertisers) first."

DustinB3403

@mlnews said in Miscellaneous Tech News:

ProtonMail removed “we do not keep any IP logs” from its privacy policy

Swiss courts compelled it to log and disclose a user's IP and browser fingerprint.
This weekend, news broke that security/privacy-focused anonymous email service ProtonMail turned over a French climate activist's IP address and browser fingerprint to Swiss authorities. This move seemingly ran counter to the well-known service's policies, which as recently as last week stated that "by default, we do not keep any IP logs which can be linked to your anonymous email account." After providing the activist's metadata to Swiss authorities, ProtonMail removed the section that had promised no IP logs, replacing it with one saying, "ProtonMail is email that respects privacy and puts people (not advertisers) first."

I guess I can't really blame them as I'm sure they have to keep something for some duration, even a microsecond.... Which is likely how the lawyers forced this..

Just kind of disappointing

Dashrender

https://www.apple.com/child-safety/

Update as of September 3, 2021: Previously we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them and to help limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.

so they are delaying it - but likely not stopping it.

JaredBusch

@dashrender said in Miscellaneous Tech News:

so they are delaying it - but likely not stopping it.

And changing the process. For better or worse, we shall see.
Nothing wrong with the purpose. Everything wrong with how they were doing it.

scottalanmiller

@jaredbusch said in Miscellaneous Tech News:

@dashrender said in Miscellaneous Tech News:

so they are delaying it - but likely not stopping it.

And changing the process. For better or worse, we shall see.
Nothing wrong with the purpose. Everything wrong with how they were doing it.

I believe that they only committed to maybe changing the process after evaluating it some more.

scottalanmiller

@dashrender said in Miscellaneous Tech News:

https://www.apple.com/child-safety/

Update as of September 3, 2021: Previously we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them and to help limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.

so they are delaying it - but likely not stopping it.

Right. As of right now, nothing is officially changing except for the implementation date.

Which means for me, nothing is changing in my plans to not buy any more of that hardware because until they provide assurances that they won't start spying on me and my kids, I'm done with them. I appreciate the need to bow to unrelenting government pressures and threats, but that's why open source matters. Going closed source put them at risk of this and they have to live with the consequences of that decision, good or bad.

mlnews

WhatsApp “end-to-end encrypted” messages aren’t that private after all

Millions of WhatsApp messages are reviewed by both AI and human moderators.
Yesterday, independent newsroom ProPublica published a detailed piece examining the popular WhatsApp messaging platform's privacy claims. The service famously offers "end-to-end encryption," which most users interpret as meaning that Facebook, WhatsApp's owner since 2014, can neither read messages itself nor forward them to law enforcement. This claim is contradicted by the simple fact that Facebook employs about 1,000 WhatsApp moderators whose entire job is—you guessed it—reviewing WhatsApp messages that have been flagged as "improper."

scottalanmiller

@mlnews said in Miscellaneous Tech News:

WhatsApp “end-to-end encrypted” messages aren’t that private after all

Millions of WhatsApp messages are reviewed by both AI and human moderators.
Yesterday, independent newsroom ProPublica published a detailed piece examining the popular WhatsApp messaging platform's privacy claims. The service famously offers "end-to-end encryption," which most users interpret as meaning that Facebook, WhatsApp's owner since 2014, can neither read messages itself nor forward them to law enforcement. This claim is contradicted by the simple fact that Facebook employs about 1,000 WhatsApp moderators whose entire job is—you guessed it—reviewing WhatsApp messages that have been flagged as "improper."

I saw this one and Ars Technica needs a huge slap for not just click bait title, but flat out lying.

The messages are 100% private in the same way any other message is. The article even mentions how they are so private that the recipient has to COPY the message to a non-secure channel and send it again (e.g. copy/paste essentially) to let someone else see it. Because the privacy is very, very private on WhatsApp.

mlnews

Apple dealt major blow in Epic Games trial

Apple has been dealt a major blow in its ongoing trial against Fortnite-maker Epic Games.
A court in Oakland, California has ruled that Apple cannot stop app developers directing users to third-party payment options. Apple had argued that all apps should use Apple's own in-app payment options. But Epic Games challenged the up-to-30% cut Apple takes from purchases and argued that the App Store was a monopoly. On Friday, Judge Yvonne Gonzalez-Rogers issued a permanent injunction that said Apple could no longer prohibit developers linking to their own purchasing mechanisms. For example, a movie-streaming service will now be able to tell customers to subscribe via their own website, without using Apple's in-app purchasing mechanism. Epic had argued that this was unreasonable, and that the company should be able to inform users that they could make purchases away from the App Store. Epic has also taken legal action against Google over its Play Store.

1337

@mlnews said in Miscellaneous Tech News:

Apple dealt major blow in Epic Games trial

Apple has been dealt a major blow in its ongoing trial against Fortnite-maker Epic Games.
A court in Oakland, California has ruled that Apple cannot stop app developers directing users to third-party payment options. Apple had argued that all apps should use Apple's own in-app payment options. But Epic Games challenged the up-to-30% cut Apple takes from purchases and argued that the App Store was a monopoly. On Friday, Judge Yvonne Gonzalez-Rogers issued a permanent injunction that said Apple could no longer prohibit developers linking to their own purchasing mechanisms. For example, a movie-streaming service will now be able to tell customers to subscribe via their own website, without using Apple's in-app purchasing mechanism. Epic had argued that this was unreasonable, and that the company should be able to inform users that they could make purchases away from the App Store. Epic has also taken legal action against Google over its Play Store.

Good news!

Obsolesce

Apple Issues Emergency Security Updates to Close a Spyware Flaw

Researchers at Citizen Lab found that NSO Group, an Israeli spyware company, had infected Apple products without so much as a click.

FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild

DustinB3403

Apple releases fix for zero click vulnerability in all apple devices

If you haven't seen it, update your apple gear now. A zero click has been discovered, created by NSO, that allows for zero click ownership of any Apple Device.

Obsolesce

Apple issues urgent iPhone software update to address critical spyware vulnerability

If you still haven't seen it, update your apple devices!

mlnews

TikTok faces privacy investigations by EU watchdog

TikTok is under investigation by The Irish Data Protection Commission (DPC) - its lead regulator in the EU - over two privacy-related issues.
The watchdog is looking into its processing of children's personal data, and whether TikTok is in line with EU laws about transferring personal data to other countries, such as China. TikTok said privacy was "our highest priority". The Irish DPC said it was specifically looking into GDPR-related issues. These are the EU privacy laws which can potentially lead to enormous fines of up to 4% of a company's global turnover. It said the first inquiry would examine "the processing of personal data... for users under age 18, and age verification measures for persons under 13". It will also look into how transparent TikTok has been about how it processes such data.

mlnews

Cryptocurrency launchpad hit by $3 million supply chain attack

SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

stacksofplates

@mlnews said in Miscellaneous Tech News:

Cryptocurrency launchpad hit by $3 million supply chain attack

SushiSwap's MISO launchpad hacked via a malicious GitHub commit.
SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi's newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network. Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own "digital tokens" on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

Thats not really a supply chain attack. It sounds like someone who had access to contribute to their private repo committed malicious code that wasn't reviewed.

Guessing they used that term since it's hot news right now.