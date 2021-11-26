Proprietary Software Crimes and Security Issues
Microsoft Is Trying to Force You to Use Its Software Like It's 1998 All Over Again | Inc.com
Microsoft has had a very good run the past few years. It introduced a new browser, Edge, based on Chromium, which is faster and more reliable than what it replaced. It also launched Teams, a competitor to the popular communication platform Slack, which exploded as millions of people moved to working remotely during the pandemic.
Microsoft's Edge browser isn't bad. It's one of the better Chrome alternatives, and it comes with a few interesting features that make it worth a look. Microsoft Teams isn't bad either if what you want is something other than Slack and you're already deeply integrated into Microsoft's productivity ecosystem.
If you're using Windows, however, Microsoft very much wants you to use both. For example, Windows 11 makes it very difficult to get away from Edge as the default. Sure, you can set a different browser as your default, but any link within the system will still open in Edge regardless of your choice. Microsoft even went so far as to block a utility called EdgeDeflector that opened those links in whatever browser you set as default.
CSS Fingerprint
CSS Fingerprinting is a technique of tracking and gathering information on site visitors. This method exploits the nature of CSS to track various characteristics about the visitor's browser and device, which can later be used to either identify or track said visitor.
Auto-update is a bad idea
Automatic updates are bad for privacy and some security aspects. Turning on auto-update on a system puts you in danger of trusting the device manufacturer to behave good. Anything could be contained in the update and the possible harm may not be reversed.
Log4J - What is the most severe vulnerability of 2021?
To close out 2021, a major vulnerability has been discovered that has left the whole world on alert: the Log4J flaw.
The open source platform used by Apple, Twitter, Steam, and Tencent ventures has a serious loophole that allows malicious actors to steal sensitive data, send files to a server, and more.
According to Google, more than 35,000 Java packages, which represents more than 8% of the Maven Central repository (the main Java repository), were affected by the problem. Discovered on December 16, the vulnerability was deemed one of the "most serious" ever seen by Jen Easterly, head of the US Department of Cybersecurity and Infrastructure Security Agency (CISA).
Security updates for Wednesday [LWN.net]
Security updates have been issued by CentOS (xorg-x11-server), Debian (apache2), openSUSE (libvirt), Oracle (grafana, qemu, and xorg-x11-server), Red Hat (idm:DL1, samba, and telnet), SUSE (libvirt), and Ubuntu (python-django).
Reproducible Builds in December 2021
Welcome to the December 2021 report from the Reproducible Builds project! In these reports, we try and summarise what we have been up to over the past month, as well as what else has been occurring in the world of software supply-chain security.
As a quick recap of what reproducible builds is trying to address, whilst anyone may inspect the source code of free software for malicious flaws, almost all software is distributed to end users as pre-compiled binaries. The motivation behind the reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised. As always, if you would like to contribute to the project, please get in touch with us directly or visit the Contribute page on our website.
Programming Leftovers
Raspberry Slideshow 15.0 has been released
Raspberry Slideshow is an operating system for the Raspberry Pi microcomputer lineup used for digital signage when you need images’ or videos’ slideshows. It plays all media contained in a USB key, fetched from a network share, from a webserver, from a folder of your Dropbox account and loaded via scp as well. The operating system can refresh the media list in order to slide images and videos according to any remote change (addition or deletion of a media file). An optional photos’ rotation based on embedded EXIF informations is available.
Android Leftovers
