wlug March 2018

wlug@list.waikato.ac.nz

5 participants
62 discussions

by Lawrence D'Oliveiro

For quite a while now, I’ve been annoyed by the system notification volume going to 100% on my Debian systems, regardless of my attempts to set it to a lower level. For example, when I open the KDE System Settings app, change something, then try to close the window, the sound that accompanies the save/discard/cancel alert is always startlingly loud. I think I have finally found a fix: in your /etc/pulse/daemon.conf, put in a line saying flat-volumes = no (You should find an existing comment “; flat-volumes = yes” that indicates the default.) You can make this new setting take effect in the current session immediately without having to logout or reboot, by executing the following as the currently-logged-in user: pulseaudio -k (This kills and restarts the PulseAudio daemon for your user session.) There are several discussions of the pros and cons of this issue online, going back some years. For example, here <https://bugzilla.redhat.com/show_bug.cgi?id=1265267>. Also a mention about the “flat-volumes” setting in the ever-reliable Arch Linux Wiki here <https://wiki.archlinux.org/index.php/PulseAudio>.

9 months, 1 week

Does Wi-Fi Security Really Matter?

by Lawrence D'Oliveiro

Seems the Wi-Fi Alliance is having yet another crack at coming up with a really secure protocol, this time to be called WPA3 <http://www.theregister.co.uk/2018/01/09/wi_fi_wpa3/>. Does anybody care? Remember that on the Internet, security is implemented between the endpoints, the protocols are designed not to care that everything in-between might be pawed through by eavesdroppers, or even active attackers trying to inject fake data.

2 years, 6 months

Aussie Law >> Maths

by Lawrence D'Oliveiro

"The laws of Australia prevail in Australia, I can assure you of that," [Malcolm Turnbull] said on Friday. "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." <https://www.techdirt.com/articles/20170714/10385237789/aussie-prime-ministe…>

3 years

Ask Slashdot: Is There a Good Alternative to Facebook?

by Peter Reutemann

'Long-time Slashdot reader Lauren Weinstein argues that fixing Facebook may be impossible because "Facebook's entire ecosystem is predicated on encouraging the manipulation of its users by third parties who posses the skills and financial resources to leverage Facebook's model. These are not aberrations at Facebook -- they are exactly how Facebook was designed to operate." Meanwhile one fund manager is already predicting that sooner or later every social media platform "is going to become MySpace," adding that "Nobody young uses Facebook," and that the backlash over Cambridge Analytica "quickens the demise." But Slashdot reader silvergeek asks, "is there a safe, secure, and ethical alternative?" to which tepples suggests "the so-called IndieWeb stack using the h-entry microformat." He also suggests Diaspora, with an anonymous Diaspora user adding that "My family uses a server I put up to trade photos and posts... Ultimately more people need to start hosting family servers to help us get off the cloud craze... NethServer is a pretty decent CentOS based option." Meanwhile Slashdot user Locke2005 shared a Washington Post profile of Mastodon, "a Twitter-like social network that has had a massive spike in sign-ups this week." Mastodon's code is open-source, meaning anybody can inspect its design. It's distributed, meaning that it doesn't run in some data center controlled by corporate executives but instead is run by its own users who set up independent servers. And its development costs are paid for by online donations, rather than through the marketing of users' personal information... Rooted in the idea that it doesn't benefit consumers to depend on centralized commercial platforms sucking up users' personal information, these entrepreneurs believe they can restore a bit of the magic from the Internet's earlier days -- back when everything was open and interoperable, not siloed and commercialized. The article also interviews the founders of Blockstack, a blockchain-based marketplace for apps where all user data remains local and encrypted. "There's no company in the middle that's hosting all the data," they tell the Post. "We're going back to the world where it's like the old-school Microsoft Word -- where your interactions are yours, they're local and nobody's tracking them." On Medium, Mastodon founder Eugene Rochko also acknowledges Scuttlebutt and Hubzilla, ending his post with a message to all social media users: "To make an impact, we must act." Lauren Weinstein believes Google has already created an alternative to Facebook's "sick ecosystem": Google Plus. "There are no ads on Google+. Nobody can buy their way into your feed or pay Google for priority. Google doesn't micromanage what you see. Google doesn't sell your personal information to any third parties..." And most importantly, "There's much less of an emphasis on hanging around with those high school nitwits whom you despised anyway, and much more a focus on meeting new persons from around the world for intelligent discussions... G+ posts more typically are about 'us' -- and tend to be far more interesting as a result." (Even Linus Torvalds is already reviewing gadgets there.) Wired has also compiled their own list of alternatives to every Facebook service. But what are Slashdot's readers doing for their social media fix? Leave your own thoughts and suggestions in the comments. Is there a good alternative to Facebook?' -- source: https://tech.slashdot.org/story/18/03/25/0039218 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 6 months

Adobe Is Helping Some 60 Companies Track People Across Devices

by Peter Reutemann

'Neowin reports of Adobe's recent announcement of its new Marketing Cloud Device Co-op initiative: The announcement of the new solution for tracking customers across devices was made at the Adobe Summit this week in Las Vegas to a digital marketing conference. According to an Adobe blog post released earlier this month citing Forrester, consumers are increasingly accessing multiple devices before making a purchase decision -- an average of 5.5 connected devices per person. This behavior creates a challenge for retailers, who cannot easily target people in their marketing campaigns, ultimately depending on Facebook or Google to track people instead of devices. Both Facebook and Google are able to do this job because of the massive amount of users logged into their ecosystems regularly, so most retailers have been opting to use those platforms as a way to reach potential customers. But Adobe's approach is to provide a platform agnostic solution acting as a glue between the world's biggest brands' own data management platforms. In order for Device Co-op to work, each company that has joined the initiative will provide Adobe with "cryptographically hashed login IDs" and HTTP header data, which Adobe claims will completely hide the customer's identity. This data will be used to create groups of devices used by the same person or household, which will then be made available to all the members of the initiative so they can target people on different devices, instead of creating one customer profile per device, as can be seen from the example given in the image above. Until now, some 60 companies have joined the Adobe initiative, including brands such as Subway, Sprint, NFL, Lenovo, Intel, Barnes & Noble, and Subaru. Also, preliminary measurements made by Adobe indicate that Device Co-op could link up to 1.2 billion devices worldwide, based on the amount of accesses seen by current members. But it is important to note that the initiative is currently collecting data of U.S. and Canada users only. Adobe is claiming the initiative will not disclose a user's identity to its members, including any personal data, but, given the recent Facebook and Cambridge Analytica scandal, many will be skeptical of those claims. Thankfully, Adobe is allowing users to completely opt out all of their devices from the services via this website.' -- source: https://yro.slashdot.org/story/18/03/31/0059259 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 6 months

The Prestigious Free Software Award Goes to Karen Sandler

by Peter Reutemann

'Each year the Free Software award goes to someone making "a great contribution to the progress and development of free software, through activities that accord with the spirit of free software." This year's winner is a former executive of the GNOME Foundation, Karen Sandler. Jeremy Allison - Sam, Slashdot reader #8,157, brought this announcement. Richard Stallman, President of the FSF, presented Sandler with the award during a ceremony. Stallman highlighted Sandler's dedication to software freedom. Stallman told the crowd that Sandler's "vivid warning about backdoored nonfree software in implanted medical devices has brought the issue home to people who never wrote a line of code. Her efforts, usually not in the public eye, to provide pro bono legal advice to free software organizations and [with Software Freedom Conservancy] to organize infrastructure for free software projects and copyleft defense, have been equally helpful." In her acceptance speech, Sandler spoke about her dedication to free software as a patient, advocate and professional. "Coming to terms with a dangerous heart condition should never have cost me fundamental control over the technology that my life relies on", said Sandler... "This issue is personal not just for me but for anyone who relies on software, and today that means every single person." ' -- source: https://news.slashdot.org/story/18/03/31/0322217 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 6 months

Security Experts See Chromebooks as a Closed Ecosystem That Improves Security

by Peter Reutemann

'The founder of Rendition Security believes his daughter "is more safe on a Chromebook than a Windows laptop," and he's not the only one. CNET's staff reporter argues that Google's push for simplicity, speed, and security "ended up playing off each other." mspohr shared this article: Heading to my first security conference last year, I expected to see a tricked-out laptop running on a virtual machine with a private network and security USB keys sticking out -- perhaps something out of a scene from "Mr. Robot." That's not what I got. Everywhere I went I'd see small groups of people carrying Chromebooks, and they'd tell me that when heading into unknown territory it was their travel device... "If you want prehardened security, then Chromebooks are it," said Kenneth White, director of the Open Crypto Audit Project. "Not because they're Google, but because Chrome OS was developed for years and it explicitly had web security as a core design principle...." Drewry and Liu focused on four key features for the Chromebook that have been available ever since the first iteration in 2010: sandboxing, verified boots, power washing and quick updates. These provided security features that made it much harder for malware to pass through, while providing a quick fix-it button if it ever did. That's not to say Chrome OS is impervious to malware. Cybercriminals have figured out loopholes through Chrome's extensions, like when 37,000 devices were hit by the fake version of AdBlock Plus. Malicious Android apps have also been able to sneak through the Play Store. But Chrome OS users mostly avoided massive cyberattack campaigns like getting locked up with ransomware or hijacked to become part of a botnet. Major security flaws for Chrome OS, like ones that would give an attacker complete control, are so rare that Google offers rewards up to $200,000 to anyone who can hack the system. The article argues that "Fewer software choices mean limited options for hackers. Those are some of the benefits that have led security researchers to warm up to the laptops... "Chrome OS takes an approach to security that's similar to the one Apple takes with iOS and its closed ecosystem."' -- source: https://tech.slashdot.org/story/18/03/31/0443257 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 6 months

Open Source RISC V Processor Gets Support From Google, Samsung, Qualcomm, and Tesla

by Peter Reutemann

'Google, Qualcomm, and Samsung "are among 80 tech companies joining forces to develop a new open-source chip design for new technologies like self-driving vehicles," writes Seeking Alpha, citing a (pay-walled) report on The Information. "Western Digital and Nvidia also plan to use the new chip design for some of their products," while Tesla "has joined the RISC-V Foundation and is considering using the tech in its new chip efforts." MIT Technology Review adds that while Arm had hoped to bring their low-power/high performance processors to AI and self-driving cars, "The company that masterminded the processor inside your smartphone may find that a set of free-to-use alternative designs erode some of its future success."' -- source: https://news.slashdot.org/story/18/03/31/0622248 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 6 months

Microsoft's Windows 7 Meltdown Fixes From January and February Made PCs More Insecure

by Peter Reutemann

'Microsoft's January and February security fixes for Intel's Meltdown processor vulnerability opened up an even worse security hole on Windows 7 PCs and Server 2008 R2 boxes. From a report: This is according to researcher Ulf Frisk, who previously found glaring shortcomings in Apple's FileVault disk encryption system. We're told Redmond's early Meltdown fixes for 64-bit Windows 7 and Server 2008 R2 left a crucial kernel memory table readable and writable for normal user processes. This, in turn, means any malware on those vulnerable machines, or any logged-in user, can manipulate the operating system's memory map, gain administrator-level privileges, and extract and modify any information in RAM. The Meltdown chip-level bug allows malicious software, or unscrupulous logged-in users, on a modern Intel-powered machine to read passwords, personal information, and other secrets from protected kernel memory. But the security fixes from Microsoft for the bug, on Windows 7 and Server 2008 R2, issued in January and February, ended up granting normal programs read and write access to all of physical memory' -- source: https://tech.slashdot.org/story/18/03/28/2010240 Time to move to another operating system... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 years, 7 months

Yet Another Microsoft Windows Reorg

by Lawrence D'Oliveiro

From <https://arstechnica.com/gadgets/2018/03/windows-leader-terry-myerson-out-as…>: The Windows platform has many masters. It is important for both Microsoft's client and server businesses, of course, but it's also fundamental to the Azure platform. While it has become increasingly unified, responsibility for its development (and financial reporting) has often been split between divisions. Conway’s Law says that any piece of software reflects the organizational structure that produced it. The fact that there is no single mind in charge of the overall product will inevitably manifest itself in discontinuities in the characteristics of that product. Yes, I know: scratch that future tense. It already has.

3 years, 7 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug March 2018