Security and Proprietary Software Leftovers
Security updates for Tuesday
Security updates have been issued by CentOS (flatpak and microcode_ctl), Debian (c-ares, lynx, openjdk-8, and tomcat9), Fedora (kernel), openSUSE (apache-commons-compress, aria2, djvulibre, fastjar, kernel, libvirt, linuxptp, mysql-connector-java, nodejs8, virtualbox, webkit2gtk3, and wireshark), Oracle (kernel, kernel-container, and microcode_ctl), Red Hat (glib2, kernel, kernel-rt, kpatch-patch, and rust-toolset-1.52 and rust-toolset-1.52-rust), Scientific Linux (microcode_ctl), SUSE (kernel), and Ubuntu (c-ares, gpsd, and perl).
Phishing Sites Targeting Scammers and Thieves
I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site:
Apps Getting Worse
Too often, a popular consumer app unexpectedly gets worse: Some combination of harder to use, missing features, and slower. At a time in history where software is significantly eating the world, this is nonsensical. It’s also damaging to the lives of the people who depend on these products.
First, a few examples to clarify the kind of thing I’m talking about. These are just the ones I’ve had personal experience with.
Is Apple’s NeuralMatch searching for abuse, or for people?
So what will happen when someone’s iPhone flags ten pictures as suspect, and the Apple contractor who looks at them sees an adult with their clothes on? There’s a real chance that they’re either a criminal or a witness, so they’ll have to be reported to the police. In the case of a survivor who was victimised ten or twenty years ago, and whose pictures still circulate in the underground, this could mean traumatic secondary victimisation. It might even be their twin sibling, or a genuine false positive in the form of someone who just looks very much like them. What processes will Apple use to manage this? Not all US police forces are known for their sensitivity, particularly towards minority suspects.
But that’s just the beginning. Apple’s algorithm, NeuralMatch, stores a fingerprint of each image in its training set as a short string called a NeuralHash, so new pictures can easily be added to the list. Once the tech is built into your iPhone, your MacBook and your Apple Watch, and can scan billions of photos a day, there will be pressure to use it for other purposes. The other part of NCMEC’s mission is missing children. Can Apple resist demands to help find runaways? Could Tim Cook possibly be so cold-hearted as to refuse at add Madeleine McCann to the watch list?
Thousands sign open letter arguing against Apple plan to scan US iPhones for child sexual abuse images
“While child exploitation is a serious problem, and while efforts to combat it are almost unquestionably well-intentioned, Apple's proposal introduces a backdoor that threatens to undermine fundamental privacy protections for all users of Apple products,” the letter reads.
They specifically raised concerns around end-to-end encryption being bypassed and user privacy being compromised through the use of the checks Apple will use on devices to scan for child abuse imagery.
[Crackers] might exploit bug in Amazon Kindle, company issues fix
A team of cyber-security researchers has discovered security flaws in popular e-reading device Amazon Kindle that might have led [crackers] to take full control of a Kindle device, opening a path to stealing information stored.
Challenger RP2040 WiFi board marries ESP8285 with Raspberry Pi RP2040
We’ve already seen Raspberry Pi RP2040 getting WiFi connectivity with boards like Pico Wireless Pack, Wio RP2040 mini, and Arduino RP2040 Connect in ways that do not always make technical and commercial sense as in many cases, the WiFi microcontroller (e.g. ESP32) is more powerful than the Raspberry Pi microcontroller. But Invector Labs’ Challenger RP2040 WiFi board does make more sense, as the company combines Raspberry Pi RP2040 dual-core Cortex-M0+ MCU with an entry-level ESP8285 WiFi microcontroller, and also offers LiPo battery support, all that in the Adafruit Feather form factor. Also: Bring on the documentation
Video Trimmer – A Stupid Simple App to Cut a Clip Out of a Video in Linux
Want to cut a clip out of a video and share with your friends? Try Video Trimmer, a stupid easy way for those working on Linux. In Linux there are quite a few ways to cut clips or trim videos either in graphical or using command line tools. While video editors are heavy to do the job, FFmpeg is the most efficient choice. And Video Trimmer offers an intuitive user interface for those hate Linux commands.
Mousai is an awesome music identification app for Linux
Mousai App is the equivalent of Shazam on Linux. While it is possible to install Shazam on Ubuntu the user experience and performance are far from ideal. Mousai is a native Linux app which means you will not have to fiddle emulators or manoeuvre with a mouse around an interface made for touch. Shazam a god send but getting it on Linux is a pain Shazam is one of the first apps I install on my phone whenever I get a new phone. Before the app came along I often had to memorise a few lines of a given song that I wanted to identify then Google for the song using the memorised words plus the word lyrics at the end and hope for the best. With Shazam, all you need to do is launch the app and have it sample a few seconds of the song and more often than not you get a result. The more popular the song the faster the result. The song sample doesn?t even have to include lyrics.
Why Steam Deck’s change of Linux distros could be a winning move
The Steam Deck will run Steam OS 3.0, and with that new version of the operating system, an important change has been made in terms of the Linux distro that it’s based on – with Valve having clarified exactly why this switch (pun not intended) is crucial in terms of giving its portable PC the best chance of success. Steam OS was based on Debian, but Valve decided to move to the Arch distro with version 3.0, with the Steam Deck’s operating system benefiting from the fact that the latter is based on a rolling release model.
