Language Selection

English French German Italian Portuguese Spanish

Microsoft

Single Points of Failure and Proprietary Entrapment (Microsoft GitHub)

Filed under
Development
Microsoft
  • Ahmad Haghighi: GitLab blocked Iranians’ access.

    On 3rd Oct. 2020 GitLab blocked Iranians’ access (based on IP) without any prior notice! and five days later (8th Oct.) my friend’s account blocked and still he doesn’t have any access to his projects! even after creating a ticket and asks for a temporary access to only export his projects! GitLab refused to unblock him! (screenshot in appendix). My friend is not the only one who blocked by GitLab, with a simple search on the web you can find a growing list of blocked accounts.
    So I decided to move from GtiLab and EVERY Free Software based/hosted/managed on/in USA.

    When it comes to USA policies, Free Software is a Joke Smile

    GitLab is not the only actor in this discrimination against Persian/Iranian people, we also blocked by GitHub, Docker, NPM, Google Developer, Android, AWS, Go, Kubernetes and etc.

  • ‘youtube-dl’ downloading software removed from GitHub by RIAA takedown notice

    This takedown notice does not necessarily spell the permanent end of youtube-dl. GitHub always immediately takes down any source code project that receives a DMCA notice like this, but the project’s creators will have an opportunity to file a counterclaim in the hopes of restoring youtube-dl’s status on GitHub. We’ll be keeping an eye on the situation as it develops.

  • RIAA DMCAs GitHub into nuking popular YouTube video download tool, says it can be used to slurp music

    YouTube-DL is pretty simple to use: you give the command-line program the URL of any YouTube video, and it will fetch the material and save it to your computer for future playback.

  • Recording Industry Association of America Gets Youtube-dl Kicked Off GitHub

    Microsoft GitHub has removed all traces of the very useful youtube-dl utility for downloading videos from YouTube and other websites, including this one, following a questionable DMCA request from the Recording Industry Association of America.

    youtube-dl is a simple command-line utility that lets you easily download audio adn videos from just about any website with a file file embedded in it. It works on sites like this one. A lot of software, including the popular video player mpv, can use it to download video fragments on the fly so videos embedded in web pages can be opened and played as if they were local files.

    The Recording Industry Association of America submitted a DMCA request to Microsoft GitHub demanding that youtube-dl gets removed from the Internet on October 23rd, 2020. The complaint contains this rather misleading claim: [...]

Security Leftovers

Filed under
Microsoft
Security

Proprietary Software and DRM/Monopoly

Filed under
Microsoft
Mac

  • FOSS Patents: Fortnite users continue to make in-app purchases on iOS that bypass Apple's payment system: court filing says "Epic is stealing money from Apple"

    In yesterday's filing, Apple says it has the right to sue Epic not only for breach of contract but also for tort, given that Epic would face tort liability "if [t]c had never executed the contracts with Apple and had instead found another way to smuggle Fortnite and its 'hotfix' payment mechanism into the App Store." Apple argues that a company protecting itself against such behavior through contracts must not be in a weaker legal position than one that doesn't. What Apple does clarify is that it won't seek "multiplicative recovery" if the same conduct on Epic's part constituted both a breach of an agreement and fraud. In other words, Apple would then content itself with only the greater of the two alternative amounts.

    It appears that the "hotfix" was just a simple data point on Epic's servers--not program code, but merely a trigger. When the iOS version of Fortnite checked on that data point, it offered an alternative payment mechanism to end users in circumvention of Apple's in-app payment rules.

    After the "hotfix" that Apple says became Epic's hot mess, Fortnite was removed from the App Store. That means it cannot be downloaded to iOS devices right now, and Epic has already failed twice (with a motion for a temporary restraining order as well as a motion for a preliminary injunction) to get a court to force Apple to tolerate an iOS version of Fortnite that bypasses Apple's in-app payment system.

  • Why Apple’s App Store Is Under Siege

    Fueling the fire was a report issued last week by House Democrats summing up an antitrust probe into four Big Tech companies — Apple, Amazon, Facebook and Google — and urging Congress to enact new laws to curb the companies’ power. The 449-page report called on Congress to enact new laws to curb the companies’ power, including prohibiting companies like Apple from operating “adjacent lines of business” (in other words, preventing it from offering its own apps in the App Store that compete with those from third parties).

    “Apple’s monopoly power over app distribution on iPhones permits the App Store to generate supra-normal profits,” the House Judiciary Committee report said.

  • Microsoft Says Long-Time Deals Executive Brown Leaving Company

    Microsoft Corp. said mergers and acquisitions chief Marc Brown is leaving the company after a more than two-decade stint working on deals ranging from LinkedIn to Nokia Oyj’s handset unit.

    Brown, vice president of corporate development, reported to Chief Financial Officer Amy Hood. Microsoft spokesman Frank Shaw on Friday confirmed Brown’s departure and declined to comment on a replacement. The company is still conducting a search for a senior business development executive to replace Peggy Johnson, who left in July to become chief executive officer at Magic Leap Inc.

  • Your brand new Oculus Quest 2 can’t play Oculus Go games, John Carmack confirms [Ed: Digital Restrictions (DRM) in action]

    If you bought a new Oculus Quest 2 with the hopes of experiencing games from the now-discontinued Oculus Go, I have bad news: the company has decided not to include support for Go titles on the Quest 2, Oculus’ consulting CTO John Carmack confirms on Twitter.

    When the Oculus Quest 2 launched three days ago, some people noticed there was no feature on the UI that allowed users to access Go apps and games, something the original Quest headset featured. Carmack did not go into much detail on why support was not added other than “[he] totally lost the internal debate over backwards compatibility.”

  •    

  • Three npm packages found opening shells on Linux, Windows systems [Ed: The writers at ZDNet are apt at blaming “LINUX” for security threats that have nothing to do with Linux. Now that Microsoft is serving malware ZDNet… blames “NPM” (ssshhhhh… don’t mention Microsoft)]
  •     
      

No Linux for 10 Days

Filed under
GNU
Linux
Microsoft

In my time away from my normal life, I was in a situation where I was without Linux for almost two weeks. I hear of people that consider time away from tech as being “refreshing”. I wouldn’t consider that the case at all but it was enlightening. Using “analog” methods for recording information is super inefficient but it did force me to work on my hand writing as it is atrocious.

Secondly, having to use Windows 10 to do “digital work” was so frustrating, I will say, the points of frustration were not all the fault of Windows 10 but it did make me greatly despise using tech. It confirmed that if Linux went away and I was forced to use Windows 10, I just wouldn’t.In my time away from my normal life, I was in a situation where I was without Linux for almost two weeks. I hear of people that consider time away from tech as being “refreshing”. I wouldn’t consider that the case at all but it was enlightening. Using “analog” methods for recording information is super inefficient but it did force me to work on my hand writing as it is atrocious.

Secondly, having to use Windows 10 to do “digital work” was so frustrating, I will say, the points of frustration were not all the fault of Windows 10 but it did make me greatly despise using tech. It confirmed that if Linux went away and I was forced to use Windows 10, I just wouldn’t.

Read more

Digital Restrictions (DRM) and Proprietary Pushers

Filed under
Microsoft
Mac

     
  • Facebook is accidentally locking some users out of their new Oculus headsets

                     

                       

    As UploadVR reported yesterday, users complained that they had been suspended for unclear reasons while they were trying to set up the Quest 2. One poster on the Oculus subreddit, for instance, described getting banned after creating a Facebook page for the first time and merging it with an existing Oculus account. “I logged into Facebook’s website to lock down my profile, as I had no intention of using the social media site more than was needed, and within minutes of merging accounts and changing profile settings my account was banned without any reason given or cause I can think of,” the user told The Verge in an email — rendering the Quest 2 a “new white paperweight.” Other people in the subreddit chimed in with their own experiences getting locked out.

  •                
         

  • Games Piracy Scene Reinvigorated, Four Denuvo-Protected Titles Released in One Day

           

             

    Late August the piracy Scene was thrown into turmoil when law enforcement raids took place all around Europe. With few hopes of a significant recovery any time soon, in the space of a few minutes yesterday veteran cracking group CPY released four games previously protected by Denuvo. For many pirates, this is the positive signal they'd been waiting for.

  • Microsoft ends support for Office 2010, bangs the Office 365 gong
  • Microsoft is foisting Office web apps on Edge users

    Microsoft is no stranger to using Windows and other software to promote more of its own apps and services. The latest way the company is doing this is via Edge.

    Accusations of using its products as an advertising tool or as a means of forcing products onto users are nothing new for the Windows maker, and the company's latest move with Edge does nothing to shake them off. The browser has been found to install Microsoft Office web apps without asking for permission.

  • JACK2 Audio Server Rolls Out Better Windows + macOS Support - Phoronix

    JACK2 1.9.15 released on Thursday as the newest version of this professional-minded sound server focused on real-time, low-latency connections.

    JACK2 1.9.15 brings a number of bug fixes, improvements to various JACK tools, deprecates JACK-Session, and makes other improvements. JACK1 continues to be in a bug-fix mode while JACK2 continues advancing slowly and incorporating all of its functionality.

  • Has Apple abandoned CUPS, the Linux's world's widely used open-source printing system? Seems so

    After only one public Git commit this year, penguinstas think: Fork it, we don't need Cupertino. The official public repository for CUPS, an Apple open-source project widely used for printing on Linux, is all-but dormant since the lead developer left Apple at the end of 2019.

Microsoft spyware disguised as calculator (spying on keypresses) celebrated in 'Linux' sites

Filed under
Microsoft

Microsoft's Proprietary Software and Security Issues

Filed under
Microsoft
Security
  • Microsoft cloud issues continue with more global outages

    The most recent disruptions seem to be primarily affecting US users, with some individuals noting that they are struggling to access their admin centre dashboards. There were also reports that a number of Microsoft 365 services, as well as Azure Active Directory and Azure Networking services, were experiencing issues.

  • Quickpost: 4 Bytes To Crash Excel

    When you create a text file with content “ID;;”, save it with extension .slk, then open it with Excel, Excel will crash.

  • A CrowdSec Primer: A Modern Replacement for Fail2Ban

    This tells me they’re thinking big and long-term with this thing, and not just as a replacement for a local banning tool.

    So the bottom line—at the very miniumum—is that we seem to have a modern replacement for Fail2Ban, and over time that may turn into something more.

  • Microsoft Took 10 Days to Remove Leaked XP Code From its Own Site

    Last month there was excitement when the source code for Windows XP was leaked online. The big question, however, was how quickly Microsoft would act to have it disappeared from the web. The partial answer is that the company took 10 days to have one public repository taken down. And that was hosted on Github, a platform owned by Microsoft itself.

Yet More Severe Microsoft Outages and Security Issues

Filed under
Microsoft

Proprietary Software and Security Problems

Filed under
Microsoft
Security
  • Coronavirus cases 'lost' in test and trace blunder

    More than 15,000 positive Covid cases have become “lost” in Britain’s tracking systems, resulting in long delays being passed on to Test and Trace handlers.

    It means that tens of thousands of people who should have been told to self-isolate after coming into close contact with an infected case are only now being contacted – in some cases 10 days after transmission occurred.

    The Government blamed “computer issues” for a blunder which saw the number of daily cases appear to double overnight, and has been accused of “shambolic” handling by Labour.

  • Shock and despair follow revelations that ‘world-beating’ Test and Trace system is being run on Excel

    News that Britain’s ‘world-beating’ Test and Trace system is being run on Excel has been met with shock and despair today.

    The weekly rate of new Covid-19 cases soared in dozens of areas of England, following the addition of nearly 16,000 cases that went unreported by because of a technical error with the spreadsheet.

  • John McAfee has been arrested in Spain and is facing extradition

    John McAfee, who built a fortune selling cybersecurity software and has in recent years become a cryptocurrency evangelist, has been indicted on charges of tax evasion by the Department of Justice (DOJ). He has been arrested in Spain and is awaiting extradition, the DOJ said.

  • Kaspersky finds UEFI images that could be used for malware transport

    Microsoft used one feature in the UEFI to introduce what it called secure boot in Windows 8 in 2012, in a manner that effectively prevented easy booting of other operating systems on machines which had secure boot enabled.

    Secure boot was designed so that an exchange of cryptographic keys took place at boot-time; a system could verify the operating system attempting to boot was a genuine one, and not malware. There were further key exchanges along the way.

    But four years later, two researchers cracked the technology when they found a so-called golden key that was protecting the feature.

    Lechtik, Kuznetsov and Parshin wrote: "A sophisticated attacker can modify the firmware in order to have it deploy malicious code that will be run after the operating system is loaded. Moreover, since it is typically shipped within SPI flash storage that is soldered to the computer’s motherboard, such implanted malware will be resistant to OS reinstallation or replacement of the hard drive."

  • Microsoft puts lipstick on a pig to avoid scrutiny over security

    In what appears to be a bid to try and pretend that it is making no big contribution to the abysmal security environment in the tech sector, Microsoft has put out one of those reports, titled Microsoft Digital Defence Report, that aims to quell criticism of its role, at the same time trying to insinuate that security is in a bad state because of every single player.

  • Ransomware attack on Philadelphia firm hits COVID clinical trials

    Several companies, including IQVIA, the firm managing AstraZeneca's COVID vaccine trial, and Bristol Myers Squibb, which is leading a group of companies in developing a quick coronavirus test, have been affected by a ransomware attack on Windows systems at Philadelphia firm eResearchTechnology.

  • Four Malicious Packages In The NPM Repository With Names Similar To Popular Packages Were Phoning User Data Home

    Be careful what you npm install. Four packages in the NPM repository, published by a single author, where caught sending device fingerprint information, IP and geo-location data to a public GitHub page upon installation. All of them used package names similar to popular and widely used NPM packages.

    [...]

    The malicious packages where published to NPM between August 17th and August the 24th. The typesquatting trick fooled more than 400 users into downloading and installing these packages before the software analysis company Sonatype detected it using their automated tools.

Microsoft 365 outage affects multiple services

Filed under
Microsoft

Microsoft Corp MSFT.O said late Monday a recent change it introduced likely caused a major outage, affecting users' access to multiple Microsoft 365 services, including Outlook.com and Microsoft Teams.

The developer of Windows and Office software said it did not “observe an increase in successful connections” even after it rolled back the change to mitigate the impact.

Read more

Syndicate content

More in Tux Machines

Leaving Mozilla and Recalling One's Job in Mozilla

  • yoric.steps.next()

    The web is getting darker. It is being weaponized by trolls, bullies and bad actors and, as we’ve witnessed, this can have extremely grave consequences for individuals, groups, sometimes entire countries. So far, most of the counter-measures proposed by either governments or private actors are even scarier. The creators of the Matrix protocol have recently published the most promising plan I have seen. One that I believe stands a chance of making real headway in this fight, while respecting openness, decentralization, open-source and privacy. I have been offered the opportunity to work on this plan. For this reason, after 9 years as an employee at Mozilla, I’ll be moving to Element, where I’ll try and contribute to making the web a better place. My last day at Mozilla will be October 30th.

  • Working open source | daniel.haxx.se

    I work full time on open source and this is how. Background I started learning how to program in my teens, well over thirty years ago and I’ve worked as a software engineer and developer since the early 1990s. My first employment as a developer was in 1993. I’ve since worked for and with lots of companies and I’ve worked on a huge amount of (proprietary) software products and devices over many years. Meaning: I certainly didn’t start my life open source. I had to earn it. When I was 20 years old I did my (then mandatory) military service in Sweden. After having endured that, I applied to the university while at the same time I was offered a job at IBM. I hesitated, but took the job. I figured I could always go to university later – but life took other turns and I never did. I didn’t do a single day of university. I haven’t regretted it. [...]    I’d like to emphasize that I worked as a contract and consultant developer for many years (over 20!), primarily on proprietary software and custom solutions, before I managed to land myself a position where I could primarily write open source as part of my job. [...] My work setup with Mozilla made it possible for me to spend even more time on curl, apart from the (still going) two daily spare time hours. Nobody at Mozilla cared much about (my work with) curl and no one there even asked me about it. I worked on Firefox for a living. For anyone wanting to do open source as part of their work, getting a job at a company that already does a lot of open source is probably the best path forward. Even if that might not be easy either, and it might also mean that you would have to accept working on some open source projects that you might not yourself be completely sold on. In late 2018 I quit Mozilla, in part because I wanted to try to work with curl “for real” (and part other reasons that I’ll leave out here). curl was then already over twenty years old and was used more than ever before.

Programming: Buzzwords, Meson, Tracealyzer, LLVM, Python and Rust

  • What is DevSecOps? Everything You Need To Know About DevSecOps

    Most people are familiar with the term “DevOps,” but they don’t know how to really utilize it. There’s more to DevOps than just development and operational teams. There’s an essential element of DevOps that is often missing from the equation; IT security. Security should be included in the lifecycle of apps.  The reason you need to include security is that security was once assigned to one team that integrated security near the end-stages of development. Taking such a lax approach to security wasn’t such a problem when apps were developed in months or years. The average development cycle has changed quite a bit, though, and apps can be developed in a matter of days or weeks. Outdated security practices like leaving security too late can bring DevOps initiatives to their knees. 

  •   
  • Nibble Stew: The Meson Manual: Good News, Bad News and Good News

    Starting with good news, the Meson Manual has been updated to a third edition. In addition to the usual set of typo fixes, there is an entirely new chapter on converting projects from an existing build system to Meson. Not only are there tips and tricks on each part of the conversion, there is even guidance on how to get it done on projects that are too big to be converted in one go.

  • Percepio Releases Tracealyzer Visual Trace Diagnostics Solution Version 4.4 with Support for Embedded Linux

    Percepio announced the availability of Tracealyzer version 4.4 with support for embedded Linux. Tracealyzer gives developers insight during software debugging and verification at the system level by enabling visual exploratory analysis from the top down. This makes the software suitable for spotting issues during full system testing and drill down into the details to find the cause. Version 4.4 adds several views optimized for Linux tracing, in addition to a set of visualizations already in Tracealyzer, and leverages Common Trace Format (CTF) and the widely supported LTTng, an open source tracing framework.

  •   
  • LLVM Adds A SPIR-V CPU Runner For Handling GPU Kernels On The CPU - Phoronix

    LLVM has merged an experimental MLIR-based SPIR-V CPU runner that the developers are working towards being able to handle CPU-based execution of GPU kernels.  This new SPIR-V runner is built around the MLIR intermediate representation (Multi-Level Intermediate Representation) with a focus of going from GPU-focused code translated through SPIR-V and to LLVM and then executed on the CPU. The runner focus is similar to that of the MLIR-based runners for NVIDIA CUDA, AMD ROCm, and Vulkan, but just executing on the CPU itself. It was earlier this year LLVM added the MLIR-Vulkan-Runner for handling MLIR on Vulkan hardware. 

  • Python Modulo in Practice: How to Use the % Operator – Real Python

    Python supports a wide range of arithmetic operators that you can use when working with numbers in your code. One of these operators is the modulo operator (%), which returns the remainder of dividing two numbers.

  • Test & Code : Python Testing for Software Engineering 136: Wearable Technology - Sophy Wong

    Wearable technology is not just smart consumer devices like watches and activity trackers. Wearable tech also includes one off projects by designers, makers, and hackers and there are more and more people producing tutorials on how to get started. Wearable tech is also a great way to get both kids and adults excited about coding, electronics, and in general, engineering skills. Sophy Wong is a designer who makes really cool stuff using code, technology, costuming, soldering, and even jewelry techniques to get tech onto the human body.

  • Librsvg's test suite is now in Rust

    Some days ago, Dunja Lalic rewrote the continuous integration scripts to be much faster. A complete pipeline used to take about 90 minutes to run, now it takes about 15 minutes on average. [...] The most complicated thing to port was the reference tests. These are the most important ones; each test loads an SVG document, renders it, and compares the result to a reference PNG image. There are some complications in the tests; they have to create a special configuration for Fontconfig and Pango, so as to have reproducible font rendering. The pango-rs bindings do not cover this part of Pango, so we had to do some things by hand.

ARM32 in Linux and Open Source Hardware Certification

  • ARM32 Page Tables

    As I continue to describe in different postings how the ARM32 start-up sequence works, it becomes necessary to explain in-depth the basic kernel concepts around page tables and how it is implemented on ARM32 platforms. To understand the paging setup, we need to repeat and extend some Linux paging lingo. Some good background is to read Mel Gormans description of the Linux page tables from his book “Understanding the Linux Virtual Memory Manager”. This book was published in 2007 and is based on Mel’s PhD thesis from 2003. Some stuff has happened in the 13 years since then, but the basics still hold. It is necessary to also understand the new layers in the page tables such as the five layers of page tables currently used in the Linux kernel. First a primer: the ARM32 architecture with a classic MMU has 2 levels of page tables and the more recent LPAE (Large Physical Address Extension) MMU has 3 levels of page tables. Only some of the ARMv7 architectures have LPAE, and it is only conditionally enabled, i.e. the machines can also use the classic MMU if they want, they have both. It is not enabled by default on the multi_v7 configuration: your machine has to explicitly turn it on during compilation. The layout is so different that the same binary image can never support both classic and LPAE MMU in the same kernel image.

  • Announcing the Open Source Hardware Certification API – Open Source Hardware Association

    Today we are excited to announce the launch of a read/write API for our Open Source Hardware Certification program. This API will make it easier to apply for certification directly from where you already document your hardware, as well as empower research, visualizations, and explorations of currently certified hardware. OSHWA’s Open Source Hardware Certification program has long been an easy way for creators and users alike to identify hardware that complies with the community definition of open source hardware. Since its creation in 2016, this free program has certified hardware from over 45 countries on every continent except Antarctica. Whenever you see the certification logo on hardware:

LibreOffice: Presentation Size Decreasing and New Presentations About LibreOffice