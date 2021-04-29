Proprietary Software, Security, and Monopoly Cyber-Attack on Air India Led to Data Leak of 4.5 Million Fliers [Attackers] infiltrated the servers of Air India Ltd. and gained access to personal data of 4.5 million fliers, the nation’s flag carrier said. Personal data of passengers registered between August 2011 and February 2021 were compromised in the attack, the carrier said in a note to fliers that was shared via Twitter. The details included credit card and contact information and frequent flier data.

Ransomware Moves from ‘Economic Nuisance’ to National Security Threat [iophk: Windows TCO] https://www.voanews.com/silicon-valley-technology/ransomware-moves-economic-nuisance-national-security-threat [...] While Blount, the Colonial Pipeline CEO, defended his decision to pay a ransom as “the right thing to do for the country,” law enforcement officials and cybersecurity experts say such hefty payments embolden cyber criminals to carrying out more attacks.

FBI warns Conti ransomware gang struck health and emergency networks [iophk: Windows TCO] The Federal Bureau of Investigation said that the same group of online extortionists blamed for striking the Irish health system last week have also hit at least 16 U.S. medical and first response networks in the past year. In an alert made public Thursday by the American Hospital Association, the FBI said the cybercriminals using the malicious software dubbed ‘Conti’ have targeted law enforcement, emergency medical services, dispatch centers, and municipalities. The alert did not name the victims or go into detail about the nature or severity of the breaches, saying only that they were among more than 400 organizations worldwide targeted by “Conti actors.”

Application Compatibility Hell: Microsoft set to remove Internet Explorer from Windows 10. (But 99% of it will linger.) Even NPR commented on Microsoft getting ready to remove Internet Explorer from Windows 10, but I thought I’d chime in and mention that you can do that today if you want to. Microsoft Edge has a thing called Internet Explorer Mode that can reload a site using the Trident engine from Internet Explorer. Due to the architecture of Internet Explorer, Trident is an embeddable component and Internet Explorer is just a small shell around that component. Internet Explorer Mode does not require the “Internet Explorer 11” feature to be turned on, so you can “remove” Internet Explorer and this Mode will still work in Microsoft Edge, should you turn it on. I’ve been trying out opening sites in IE Mode in Edge, and it’s pretty clear that Trident has aged quite badly and the only reason why you’d ever do this is if you ended up with some crap web application that nobody is going to fix anytime soon. Like the beneficiary enrollment page on One Walmart.

QBittorrent Developer: “Apple app notarization is extortion pretending to be security. Issue closed.” Bonus: Ancient operating systems. (Windows) A developer of the popular Bittorrent protocol client “QBittorrent” closed the “Won’t run on macOS Catalina” bug (due to Apple’s fake security scam of software signing+notarization) by closing the issue. After a discussion, it wasn’t even about the $100 a year it would cost to get to get an Apple developer account so they could give a program away for free, or wondering if they could even get Apple to sign off on a Bittorrent app if they did, but that the infrastructure that you have to put in place to build, sign, and notarize Mac apps is daunting and not worth the pitiful amount of Mac users that it would bring in. So, the way to make it run is still turn off Gatekeeper, at least for however long Apple allows it. It’s not really your computer anyway. It ain’t done til GNU/Linux won’t run…. Oh wait, this too has happened.

Federal Judge unimpressed with Tim Cook’s testimony. Per NPR, the first day of testimony in Epic’s lawsuit against Apple did not go well for CEO Tim Cook. It seems that the judge was the most skeptical of Cook’s arguments that the program that reduces “commissions” to Apple for small developers were sufficient, or that consumers had sufficient choice in the In-App Payments market because Android phones exist. Of course, that argument is ridiculous. Google’s commissions are exactly the same. The issue here is that the commissions themselves are too high and raise prices for the user. When Epic put it’s own in-app payment system into Fortnite, it passed some of the savings to the user. It cost 20% less than paying through Apple or Google. Jamie Zawinski had previously complained that Apple deliberately did things to discourage developers from giving away apps for iOS that are really free. For example, Google charges $25 once to get a Google developer account, and Apple charges $100 a year. Apple pressures people to make money so that they can take 30% of it. NPR goes on to mention the fact that iPhone sales have been stagnant for years. This is true, and there has not been a “next product” because Apple isn’t an innovative company. If they lose the in-app purchase revenue, money they are effectively stealing from their user (since the developer isn’t just absorbing it), they hit the skids.

“Tim Apple” testifies in court on the App Store monopoly. Today, Tim Cook (“Tim Apple” as Trump called him), testifies on Apple’s App Store monopoly. Of course, people should know that they’re going to try to excuse their behavior on creating a “good experience” for users and to “keep things safe” from malware, and from a child that may not use the computer correctly. The problem with this model is that Apple has been using their monopoly to profit from doing essentially nothing except imposing ridiculous rules on app developers, censoring apps, and taking nearly a third of gross sales for providing a distribution service. Apple’s model makes the user lose on numerous fronts, and it makes software more expensive and costs jobs in the economy. They also can’t guarantee it’s secure. At issue is Fortnite adding its own payment method to bypass Apple’s store siphoning off their revenues. How did it get past app review? The code was set to do nothing for a while, so that it would get through the review and then activate later. If a payment mechanism can do that, so can malware, and once malware runs on a device it’s too late. It can gain more permissions by exploiting bugs in the firmware, and become a rootkit. At that point, it would be difficult for Apple to even get rid of it.

Tim Cook’s Fortnite trial testimony was unexpectedly revealing Epic mustered its own arguments: people can still choose to keep their phones locked down, and they might want to access stores with even more carefully curated apps or even better privacy controls. It’s previously accused Apple of hypocrisy, pointing out anecdotal failures to catch specific apps (like a game called Ganja Farmer: Weed Empire) that violate App Store guidelines. “It’s not 100 percent. It’s not perfect. You will find mistakes being made,” Cook said when Apple’s counsel asked about those incidents. “But if you back up and look at it in the scheme of things, with 1.8 million or so apps on the store, we do a really good job.”

Apple's Tim Cook grilled by judge overseeing Epic's Fortnite trial Apple says its control over the App Store promises security and reliability for users. Epic says it stifles competition.

Apple App Store profits look 'disproportionate,' U.S. judge tells CEO Cook

FOSS Patents: Friday for Fortnite No, I don't want to gloat, but it's mind-boggling what happened yesterday in that Oakland courtroom at the end of the main part (they're done apart from closing arguments on Monday) of the Epic Games v. Apple App Store antitrust trial. It's fair to say that at this point the question is most likely about remedies. Epic is on the winning track with respect to liability as Judge Yvonne Gonzalez Rogers of the United States District Court for the Northern District of California laid bare the bankruptcy of Apple's defenses. Being an App Store complainant myself (though I tried what I could to work things out), that's what I had hoped, but the hurdle was and remains high. After my final pretrial post and Twitter thread, I didn't comment on the trial itself or on the issues in it. I just noted some suspicious Twitter activity. I dialed in only for opening statements (followed by Epic Games CEO Tim Sweeney's testimony, which was almost inaudible) and for Apple CEO Tim Cook's testimony yesterday. In between, I just read other people's tweets (mostly not even in real time), particularly the ones by Protocol's Nick Statt (here's his report on how the judge "saved her best for last") and The Verge's Adi Robertson (here's his article, which contains a partial transcript of how Judge YGR grilled Tim Cook), but also others. After the first couple of days, I was profoundly worried. The judge had tough questions for Epic, and some of the answers might have been tactically suboptimal. The inflection point in the early phase of the trial was the testimony of Lori Wright, a Microsoft Xbox exec. As far as I could see on Twitter, it was just perfect and definitely eye-opening.

Tux Machines Turning 17 Shortly Video download link http://techrights.org/videos/tuxmachines-17.webm T HIS site will turn 17 in a couple of weeks (screenshot below). The video above explains how we got here, who's responsible for it, and where we move from here. ;-) The video is very informal (totally unscripted, unedited, improvised), but it's also the first time we publish such a video in this site (or the blog). We wish to thank all those who have supported or merely read us for many years. Spread the word. We're always eager to reach audiences that don't know much about GNU/Linux and may consider switching to it. In retrospect, as this is composed after making the above video, it's worth noting that the antiX-19.4 page could not be found because of the dash (or hyphen). We rarely miss important news and we're typically very quick to cover/mention important stories. █