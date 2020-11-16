Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.

There is one thing I need to mention for anyone going the separate iCloud account route on corp devices: you *probably* should make sure you have it logged in from a personal Mac or something like that, or some other place where you can have passcodes sent. The reason is that if you should quit, you lose access to the authorized devices (phone, laptop) which will receive auth codes.

Fuchsia, Google’s mysterious new OS, is making its way to more and more Nest devices, and if you happen to own the original Nest Hub, your display might already be running on Fuchsia, even if you don’t know it.

Researchers at Abnormal Security identified and blocked a number of emails sent earlier this month to some its customers that offered people $1 million in bitcoin to install DemonWare ransomware. The would-be attackers said they have ties to the DemonWare ransomware group, also known as Black Kingdom or DEMON, they said.

A newly disclosed flaw in software from BlackBerry Ltd. has resulted in warnings from U.S. government authorities due to its serious nature. The flaw, described as a BadAlloc vulnerability, has been founded in BlackBerry’s QNX Real Time Operating System. QNX is a commercial Unix-like real-time operating system primarily used in embedded systems. The software can be found in medical devices, cars, factories and even the International Space Station. According to an alert today from BlackBerry, the vulnerability affects QNX Software Development Platform version 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier. Exploiting the vulnerability, an attacker could perform a denial-of-service attack or execute arbitrary code. BlackBerry noted that it’s not aware of any exploitation of the vulnerability.

Free Software history is full of examples of server software that users could install and run autonomously on their own computers, developed to promote server-side user autonomy and decentralization, but that third parties install and run for multiple users, defeating these motivations. It has happened to such widely-used communication and publishing services as instant messaging, email hosting, blogging, social media, and source code hosting, and to domain-specific software as for managing cities, schools, libraries, shops, restaurants, etc. An important observation is that it has often happened even when software developers and server maintainers embraced decentralized (federated) architectures, and actively promoted decentralization by encouraging users to install their own servers. When users' own computing is performed as a service for the users on a server controlled by a third party, the users relinquish control over their computing and their data. That's SaaSS, and that's why it's freedom-denying. If users ran Free Software on a server under their own control instead, they'd retain freedom and privacy. Alas, when they compare the costs of maintaining their own servers and IT staff with outsourcing the server to a service provider that runs the same software for multiple clients, the economies of scale are irresistible for all but the most freedom-concerned users. These economies of scale tend to lead all server software to outsourcing and (re)centralization, and thus all server-side computing software to SaaSS. Even server software that is Free Software! It doesn't follow that it's unethical to develop Free Software for server-side computing, but even if it's developed with the intent of promoting users' freedoms, the economies of scale it enables play against this goal, driving most users to SaaSS instead. It's a poor strategy to liberate users.

Debian 11 "bullseye" offers more than ~2X performance in certain applications A few days ago Debian 11 (codenamed "bullseye") stable version was released by the Debian Project. The new Linux distro packs a lot of changes under the hood in terms of feature additions, and more. You can find the details here. And it seems the new OS also has optimizations geared towards extracting much more performance out of the hardware resources available to it, according to testing conducted by Phoronix. Using its OpenBenchmarking Linux test suite, the site has assessed the performance of an 80 core-Intel Xeon 8380 Ice Lake 2P system and a 128 core-AMD EPYC 7763 Milan 2P system in the newly unveiled Debian 11 stable compared to the previous Debian 10.10 release.