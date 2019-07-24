Language Selection

Consent Matters: When Tech Takes Remote Control Without Your Permission

In my previous post I talked about why consent matters when it comes to privacy; and yet, privacy is only one of the areas where tech companies take advantage of users without their consent. Recently, tech companies have come to a troubling consensus: that they can change your computer, remotely (and often silently) without your knowledge or permission.

Anyone who has ever worked for a large company in the computer age has experienced first-hand the authoritarian, controlling, and restrictive policies that IT employs to manage company computers. Starting with centralized systems like Active Directory, IT teams were able to create policies that controlled what sorts of passwords employees could use and whether employees could install applications, access printers, and even, in some cases, insert USB drives.

These centralized tools have evolved over the years: they can now add and remove files, install new software and software updates, remotely control machines over the network in order to view what’s on their screens and access local files. This controls extends into Active Management Technology features embedded into the Intel Management Engine, that lets administrators remotely control computers even if they are turned off. Now that smartphones are critical tools in many organizations, MDM (Mobile Device Management) tools are also often employed at enterprises to bring those devices under a similar level of control–with the added benefit of using GPS to track employee phones even outside the office.

The most common justification for these policies is convenience. If you are an IT department and have thousands of employees–each with at least one computer and one smartphone that you need to support–one of the ways to make sure that the appropriate software is on the systems, and updates get applied, is to push them from a central location. Companies often have custom in-house software their employees rely on to do their jobs, and throughout the life of the company more tools are added to their toolbox. You can’t expect the IT team to go desk-by-desk installing software by hand when you have thousands of employees working at offices all over the world: when an employee’s computer breaks, these same tools make it easy for IT to replace the computer so the employee can get back to work quickly.

The main justification for the strictest–and most controlling–IT policies isn’t convenience, though: it’s security. IT pushes software updates for protection against security bugs. They push anti-virus, anti-malware and remote monitoring tools, to protect both employee and company from dangerous email attachments, from software they might download from their web browser. IT removes local administrative privileges from employees in the name of protecting them from installing malware (and, practically speaking, from installing games and other time-wasting apps). They disable USB storage devices so employees can’t insert disks containing malware or copy off sensitive company documents. Each of these practices have valid reasons behind them for companies facing certain threats.

Fitness Trackers and Smartwatches Don't Correctly Track Heart Rate of People with Darker Skin

Programming Leftovers

  • Documentation at the West Coast Hackfest

    Thursday, the first day, we had a brainstorming session. We triaged and then started attacking the GitLab issues for gnome-user-docs. Over the hackfest, we reduced 28 outstanding issues to 12.5. This entailed 33 commits and 105+ user help pages modified (in addition to a few pages in the Sys Admin Guide, and the wiki).

  • Wing Python IDE 7.1 - July 25, 2019

    Wing 7.1 adds support for Python 3.8, warns about unused symbols, improves code warnings configuration, adds new auto-completer, project, and source browser icons, supports Dark Mode on OS X, and makes other improvements.

  • PyPy Development: PyPy JIT for Aarch64

    y for AArch64. This port brings PyPy's high-performance just-in-time compiler to the AArch64 platform, also known as 64-bit ARM. With the addition of AArch64, PyPy now supports a total of 6 architectures: x86 (32 & 64bit), ARM (32 & 64bit), PPC64, and s390x. The AArch64 work was funded by ARM Holdings Ltd. and Crossbar.io. PyPy has a good record of boosting the performance of Python programs on the existing platforms. To show how well the new PyPy port performs, we compare the performance of PyPy against CPython on a set of benchmarks. As a point of comparison, we include the results of PyPy on x86_64.

  • Swift is 2 to 4 times faster than any competitor

    Interesting. It should be noted that performance of Swift is a great match for some workloads, but not for others. In particluar, Swift is weak on small-file workloads, such as Gnocchi, which writes a ton of 16-byte objects again and again. The overhead is a killer there, and not just on the wire: Swift has to update its accounting databases each and every time a write is done, so that "swift stat" shows things like quotas. Swift is also not particularly good at HPC-style workloads, which benefit from a great bisectional bandwidth, because we transfer all user data through so-called "proxy" servers. Unlike e.g. Ceph, Swift keeps the cluster topology hidden from the client, while a Ceph client actually tracks the ring changes, placement groups and their leaders, etc.. But as we can see, once the object sizes start climbing and the number of clients increases, Swift rapidly approaches the wire speed.

Graphics: S3 Graphics and SIGGRAPH 2019

  • xf86-video-s3 0.7.0
    This is a maintenance release of S3 DDX for X.Org X Server.
The DDX compiles cleanly without compilation warnings on X Server 1.19.6.

Kevin Brace
Brace Computer Laboratory blog
https://bracecomputerlab.com

--
Alan Coopersmith (7):
      When checking malloc for success, it helps to use == NULL, instead of =
      s3_bios.c: Simplify code for choosing between 16000 & 16000 for RefClock
      Remove unused BIOS size & address macros
      configure: Drop AM_MAINTAINER_MODE
      autogen.sh: Honor NOCONFIGURE=1
      Update README for gitlab migration
      Update configure.ac bug URL for gitlab migration

Emil Velikov (1):
      autogen.sh: use quoted string variables

Eric S. Raymond (1):
      Fix malformed list syntax.

Gaetan Nadon (1):
      Remove mibstore.h

Kevin Brace (5):
      Discontinue the use of xf86PciInfo.h
      Use const char for xf86GetOptValString return type
      Eliminate set but not used variable compilation warnings
      Eliminate unused variable compilation warning
      Version bumped to 0.7.0

Mihail Konev (1):
      autogen: add default patch prefix

Peter Hutterer (1):
      autogen.sh: use exec instead of waiting for configure to finish

git tag: xf86-video-s3-0.7.0
  • X.Org's S3 Graphics Driver Sees First Release In Seven Years - Still Pre-1.0

    S3 Graphics drivers are still alive and well on Linux, well, sort of. On Thursday was the first new open-source xf86-video-s3 driver update in seven years. Kevin Brace, the open-source contributor known for working on the VIA OpenChrome driver and other vintage open-source graphics drivers, took to releasing xf86-video-s3 0.7.0. While it's been seven years since the previous release (v0.6.5), there isn't all that much in 0.7.0.

  • Zink: Summer Update and SIGGRAPH 2019

    In addition to this, there’s been a pretty significant rewrite, changing the overall design of Zink. The reason for this, was that I made some early design-mistakes, and after having piled a bit too many features on top of this, I decided that it would be better to get the fundamentals right first. Sadly, not all features have been brought forward since the rewrite, so we’re currently back to OpenGL 2.1 support. Fixing this is on my list of things I want to do, but I suspect that cleaning things up and upstreaming will take presedence over OpenGL 3.0 support.

XCP-ng 8.0

The big release is here. After about a month of QA on the Release Candidate, XCP-ng 8.0 is now available and can be safely used in production environments. Most of the new features available in this new version have already been presented in our previous blogpost concerning the RC (some highlights, UEFI support, ZFS support and a new XOA quick deploy). However, some additional features and changes are notable. Read more Also: XCP-ng 8.0 Hypervisor Released - Based On Xen 4.11, Embeds ZFS On Linux, Adds UEFI

today's howtos

