Proprietary Software Abuse and Security Woes

Saturday 22nd of August 2020 08:07:02 PM Filed under
Software

  • [Attackers] eye students returning to virtual classes as easy targets

                 

                   

    Erik Decker, the chief security and privacy officer at University of Chicago Medicine, said during the Proofpoint event that individuals at his institution had been targeted by “weaponized” coronavirus-themed phishing emails, particularly those aimed at stealing credentials or installing malware.

  • Experian breach affects over 24 million customers and businesses in South Africa

    Consumer credit reporting agency Experian has suffered a data breach at their South African branch. The Experian data breach didn’t expose consumer credit or financial information, but other personal information which could be used in phishing attempts were definitely exposed. Experian noted in a statement that they fell victim to a social engineering attack where the attacker claimed to be a client and successfully received the information with a simple request. The statement detailed:

  • Apple Blocks WordPress Updates to Force IAP Support
  • Apple Blocked Updates to Free WordPress App Until It Added In-App Purchases: Matt Mullenweg

    WordPress for iOS finally received a new update yesterday (August 21) after a period of almost a month. Turns out, the Automattic team that runs the app as well as popular WordPress.com blogging service was blocked by Apple from pushing new app updates as it was not offering an in-app purchase option for WordPress.com’s paid plans and domain purchases, the company’s founder and CEO Matt Mullenweg has revealed. The presence of in-app purchases in the WordPress app would allow Apple to take up to 30 percent cut of all revenue that the app generates using the in-app purchases.

  • WordPress founder claims Apple cut off updates to his completely free app because it wants 30 percent

    Now, WordPress founding developer Matt Mullenweg is accusing Apple of cutting off the ability to update that app — until or unless he adds in-app purchases so the most valuable company in the world can extract its 30 percent cut of the money.

  • Apple tells court it "wants Epic on iOS" but Fortnite "hotfix" turned into Epic Games' "hot mess": response to motion for emergency relief

    With respect to Epic's claim of suffering irreparable harm unless the court grants its motion, Apple's opposition brief is consistent with a statement it provided to The Verge a few days ago. The term "status quo" plays a central role here. The purpose of temporary relief is to prevent a party from changing a situation to the moving party's detriment in the absence of an injunction (a TRO is the fastest injunction, even more preliminary than what is called a preliminary injunction). Apple explains to the court that Epic's perspective on the status quo is, in reality, something else: the status quo would be for Epic to simply comply with Apple's App Store terms and policies, and with its developer agreement, while its antitrust complaint challenging those terms is pending. If, however, the court granted Epic's motion, it would allow Epic to get away with a breach of its contractual obligations. The requested TRO would not preserve the status quo. It would force Apple to modify its long-standing App Store terms.

    Another key term--in connection with any type of injunction--is "irreparable harm." Epic's motion for a TRO argued that the unavailability of Fortnite on the App Store and, as a further consequence of Epic's non-compliance, the termination of its developer agreement (which would prevent Epic from using Apple's developer tools in the further development not only of Epic's games but also of its Unreal Engine) would constitute irreparable harm. Apple's opposition brief dismisses that theory and distinguishes between irreparable harm on the one hand and "self-inflicted wounds" on the other hand. The Ninth Circuit, which is the appeals court for (among many others) the Northern District of California, stated earlier this year that "self-inflicted wounds are not irreparable injury," quoting earlier decisions in this circuit and in the Seventh Circuit.

  • Apple says Epic is ‘putting the entire App Store model at risk’

    In a declaration to the court, Apple executive Phil Schiller wrote that Epic CEO Tim Sweeney asked for a “special deal with only Epic” that would “fundamentally change the way in which Epic offers apps on Apple’s iOS platform.” When Apple declined, Epic changed its policies to cut Apple out of in-app purchases. Now, the company argues that Epic’s ban is its own responsibility.

  • Xcode becomes vector for new Mac malware attack

    We’ve seen a similar attack before. The so-called "XCode Ghost" was a malware-infested version of Apple’s developer environment that was distributed outside of Apple’s channels. Apps built using the software were preinstalled with malware.

    While security researchers were rightly concerned about XCode Ghost, the problem was quickly curtailed as Apple used the moment to stress the need to download critical files only from bona fide App Stores. It is much easier to subvert systems via poorly secured third-party app stores, and security is part of what we pay for when we purchase an app.

  • Software Firms Gear Up to Reveal Books Ahead of Busy IPO Season

    Software listings remain a sweet spot within the technology sector, which has fared better than any other through the coronavirus pandemic this year. The 18 companies in the space that have gone public on U.S. exchanges this year have climbed about 91% since their debut on a weighted-average basis, according to data compiled by Bloomberg. Overall, newly listed companies excluding blank-check firms and real estate investment trusts have risen only 52% since their IPOs, the data show.

Kernel: Linux's IO_uring, EXT4, OpenZFS and LPC 2020

  • Intel Xeon Ice Lake, Gen2 Optane + Linux's IO_uring Yielding Up To 2.58M IOPS Per Core

    The Linux IO_uring interface for driving some major efficiency improvements in the Linux I/O stack is really screaming when paired with Intel's next-gen Ice Lake Xeon server platforms and the Intel Gen2 "Alder Stream" Optane solid-state drives.  Jens Axboe of Facebook who serves as the Linux kernel's block subsystem maintainer for all the storage code and also the mastermind behind IO_uring shared some latest figures for IO_uring. In these latest IO_uring reference figures he is using the yet-to-be-released Intel IceLake-SP Xeon platform as well as the Intel Gen2 "Alder Stream" solid-state drives with the four-layer 3D XPoint technology and PCI Express 4.0. Both Ice Lake Xeon and the next-gen Optane SSDs are expected to be released before the end of the calendar year. 

    •        
  • EXT4 Changes Land For Linux 5.9 With Block Allocator Performance Work

    With all the Linux 5.9 kernel changes you may have noticed no major EXT4 file-system pull request was submitted during the kernel merge window the prior two weeks. Fortunately, the EXT4 work has now been sent out and Linus Torvalds honored the late changes for this widely-used Linux file-system.  EXT4 changes don't end up being too terribly exciting given the maturity of the file-system and its widespread use for years, but it does continue seeing new optimizations and other improvements, especially in the areas of FSCRYPT encryption and other new knobs. 

  • OpenZFS File-System Merges Support For Using Zstd Compression

    Zstd compression for OpenZFS has been under review for several months as an alternative to the existing ZFS LZ4 and Gzip compression support. OpenZFS with Zstd has a compression ratio comparable to Gzip but with much greater performance, as we've seen with the likes of now the Linux kernel image supporting Zstd compression for speeding up boot times thanks to the decompression speed.  OpenZFS isn't the first to support Zstd for native file-system compression but can already be found as an option with the F2FS file-system as well as UBIFS, Btrfs, and even Reiser4. 

    •        
  • Linux Plumbers Conference: Watch the LPC 2020 Plenary Session

    Welcome to LPC 2020! This year we have a record number of attendees, around 950. We hope you’ll find the conference as engaging and productive as the ones we had in person for the past 12 years.

Python Programming

today's howtos

FSF Wants LibrePlanet 2021 Talks and FSFE's Google Problem Explained

           
  • Submit your session for LibrePlanet 2021 before Oct. 28

    The thirteenth edition of the Free Software Foundation's (FSF) conference on technology and social justice will be held in spring 2021. The Call for Sessions is now open, and will close on October 28th. Potential talks should examine free software through the lens of this year's theme: Empowering Users. 

    •                
  • LibrePlanet 2021 Call for Sessions
                     
                       

    Every year, LibrePlanet brings together developers, policy experts, activists, hackers and end users. It's a place to learn new skills, share accomplishments, and face challenges to computer user freedom together as a community. LibrePlanet will be held in the spring of 2021 (date TBA). If you're new to the community, check out session descriptions and recordings from the previous LibrePlanet conference.

                       

    [...]

                       

    While the goal is to hold the LibrePlanet 2021: Empowering Users in person in the Boston area, the coronavirus pandemic may still prohibit large-scale gatherings, so our conference planning will incorporate the possibility of an online conference like the one we held in 2020. As such, we will consider applications for remote only sessions, like all others, with the intent of integrating quality sessions into the schedule.

  • Poll experiment: when Google calls, does FSFE jump? A corporate influence learning experiment.

    According to the full budget spreadsheet shared by the Fellowship, Google is contributing approximately twenty percent of the FSFE budget (please also see this analysis from the executive director, Jonas Oberg). People periodically make arguments that this is not something to worry about while at the other extreme, people suggest that FSFE is nothing more than a Google puppet.

