June 2020 - wlug - University of Waikato Mail Lists

How Qualcomm Shook Down The Cell Phone Industry For Almost 20 Years

by Lawrence D'Oliveiro

A pretty sobering read <https://arstechnica.com/tech-policy/2019/05/how-qualcomm-shook-down-the-cel…>: Qualcomm's first weapon against competitors: patent licensing terms requiring customers to pay a royalty on every phone sold—not just phones that contained Qualcomm's wireless chips. Sound familiar? Judge Koh draws a direct parallel to licensing behavior that got Microsoft in legal trouble in the 1990s. Microsoft would offer PC makers a discount if they agreed to pay Microsoft a licensing fee for every PC sold—whether or not the PC shipped with a copy of MS-DOS. This effectively meant that a PC maker had to pay twice if it shipped a PC running a non-Microsoft operating system. There’s a lot more--the article reads like a catalogue of gangster-like tactics. All of which is perfectly all right under the US interpretation of “Free Enterprise”, of course ... Also, reading the details of how Qualcomm managed to sabotage Intel’s efforts to develop 5G chips, it seems to me that Qualcomm is directly responsible for the situation today where US companies are lagging behind Chinese ones like Huawei in 5G capability.

1 month, 1 week

1
1
0 0

Incognito Mode Detection Still Works in Chrome Despite Promise To Fix

by Peter Reutemann

'Websites are still capable of detecting when a visitor is using Chrome's incognito (private browsing) mode, despite Google's efforts last year to disrupt the practice. From a report: It is still possible to detect incognito mode in Chrome, and all the other Chromium-based browsers, such as Edge, Opera, Vivaldi, and Brave, all of which share the core of Chrome's codebase. Furthermore, developers have taken the scripts shared last year and have expanded support to non-Chrome browsers, such as Firefox and Safari, allowing sites to block users in incognito mode across the board. Currently, there is no deadline for a new Chrome update to block incognito mode detections, however, today, Google might be interested more than ever in fixing this issue' -- source: https://yro.slashdot.org/story/20/06/04/1857211 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 months

2
3
0 0

Google Removes 25 Android Apps Caught Stealing Facebook Credentials

by Peter Reutemann

'Google has removed this month 25 Android apps from the Google Play Store that were caught stealing Facebook credentials. From a report: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games. The apps offered a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what app a user recently opened and had in the phone's foreground. If the app was Facebook, the malicious app would overlay a web browser window on top of the official Facebook app and load a fake Facebook login page (see image below: blue bar = actual Facebook app, black bar = phishing page).' -- source: https://tech.slashdot.org/story/20/06/30/1411202 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 months, 3 weeks

1
0
0 0

Android's AirDrop Competitor Is Coming Soon

by Peter Reutemann

'Android's long-awaited "Nearby Sharing" feature, which allows you to share files between Android devices wirelessly, is rolling out to beta testers. Android Police reports: Nearby Sharing may appear slightly differently depending on the type of content you try to share. In all cases, it shows up as an app in the apps list on the share sheet, but you may also get a smaller prompt just under the content preview, more like it did in the previous Android 11 video leak. We tested it on a Pixel 4 XL and Pixel 3a running Android 10, but the appearance may also vary on other versions of Android. Note that Nearby Share works for both files like photos or videos, as well as other shareable content like Tweets and URLs. It probably works with a lot of things. Select Nearby Share in the share sheet as the target, and you're prompted to turn on the feature, if it's the first time you've used it. The quick setup process lets you configure your default device name and device visibility settings, though those can also be changed later. Once you have it enabled, Nearby Sharing starts looking for other nearby devices. The interface is pretty simple: A big X in the top left corner backs you out, your avatar on the right takes you to a settings pane that lets you configure things like your device name, visibility, and which mechanism to use to make the transfer (i.e., whether to use your internet connection for small files, to stick to Wi-Fi, or to always share offline). Google says Nearby Share is currently in limited testing via the Play Services beta: "We're currently conducting a beta test of a new Nearby Share feature that we plan to share more information on in the future. Our goal is to launch the feature with support for Android 6+ devices as well as other platforms."' -- source: https://mobile.slashdot.org/story/20/06/30/2014259 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 months, 3 weeks

1
0
0 0

Apple Declined To Implement 16 Web APIs in Safari Due To Privacy Concerns

by Peter Reutemann

'Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices. Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices. Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor. Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader. Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes. Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes. Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices. Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors. [...] The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices. ' -- source: https://apple.slashdot.org/story/20/06/29/1456247 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 months, 4 weeks

2
1
0 0

A decidedly non-Linux distro walkthrough: Haiku R1/beta2

by Peter Reutemann

'Earlier this month, the Haiku project released the second beta of its namesake operating system, Haiku. Haiku is the reimagining of a particularly ambitious, forward-looking operating system from 1995—Be, Inc.'s BeOS. BeOS was developed to take advantage of Symmetrical Multi-Processing (SMP) hardware using techniques we take for granted today—kernel-scheduled pre-emptive multitasking, ubiquitous multithreading, and BFS—a 64-bit journaling filesystem of its very own. [...] In June 2020—nineteen years after OpenBeOS was born, and sixteen after its rename to Haiku—the project released its second beta distribution. The project still adheres to backward application compatibility with 1990s BeOS—although only in its 32-bit version, which I did not test.' -- source: https://arstechnica.com/gadgets/2020/06/a-decidedly-non-linux-distro-walkth… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

2 months, 4 weeks

2
1
0 0

Firefox 79 Stable Will Let Users Test Unreleased Features Using 'Experiments'

by Peter Reutemann

'Both Edge and Chrome already allow users to try unreleased, experimental features (by typing about:flags in the address bar). Soon there'll be a similar "Firefox Experiments" option starting in Firefox 79. Slashdot reader techtsp shares this report from the Windows Club: Mozilla has a dedicated Experimental Features page on MDN just for that. But limiting experimental features to Firefox's Nightly channel has a limitation: A fairly limited number of "curious" users. Now, extending some of these experimental features to stable releases will increase the scope of "Firefox Experiments" as a whole... This option will allow users to enable/disable experimental features under Preferences... [In Firefox 79] Navigate to Preferences by entering about:preferences in the browser's address bar or click the gear icon and got to "Preferences." Discover and set browser.preferences.experimental to True. Now, you should be able to see the "Firefox Experiments" menu under Firefox 79 Preferences.' -- source: https://tech.slashdot.org/story/20/06/27/0321206 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 months

1
0
0 0

Journalist's Phone Hacked: All He Had To Do Was Visit a Website. Any Website.

by Peter Reutemann

'The iPhone that Moroccan journalist Omar Radi used to contact his sources also allowed his government to spy on him (and at least two other journalists), reports the Toronto Star, citing new research from Amnesty International. Slashdot reader Iwastheone shares their report: Their government could read every email, text and website visited; listen to every phone call and watch every video conference; download calendar entries, monitor GPS coordinates, and even turn on the camera and microphone to see and hear where the phone was at any moment. Yet Radi was trained in encryption and cyber security. He hadn't clicked on any suspicious links and didn't have any missed calls on WhatsApp — both well-documented ways a cell phone can be hacked. Instead, a report published Monday by Amnesty International shows Radi was targeted by a new and frighteningly stealthy technique. All he had to do was visit one website. Any website. Forensic evidence gathered by Amnesty International on Radi's phone shows that it was infected by "network injection," a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website. In milliseconds, the web browser is diverted to a malicious site and spyware code is downloaded that allows remote access to everything on the phone. The browser then redirects to the intended website and the user is none the wiser. Two more human rights advocates in Morocco have been targeted by the same malware, the article reports.' -- source: https://yro.slashdot.org/story/20/06/27/029222 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 months

1
0
0 0

Comcast Becomes the First ISP To Join Mozilla's TRR Program

by Peter Reutemann

'Comcast has joined Cloudflare and NextDNS in partnering with Mozilla's Trusted Recursive Resolver program, which aims to make DNS more trusted and secure. Neowin reports: Commenting on the move, Firefox CTO Eric Rescorla, said: "Comcast has moved quickly to adopt DNS encryption technology and we're excited to have them join the TRR program. Bringing ISPs into the TRR program helps us protect user privacy online without disrupting existing user experiences. We hope this sets a precedent for further cooperation between browsers and ISPs." With its TRR program, Mozilla said that encrypting DNS data with DoH is just the first step in securing DNS. It said that the second step requires companies handling the data to have appropriate rules in place for handling it. Mozilla believes these rules include limiting data collection and retention, ensuring transparency about any retained data, and limiting the use of the resolver to block access or modify content. Ars Technica notes that joining Mozilla's program means that Comcast agreed that it won't "retain, sell, or transfer to any third party (except as may be required by law) any personal information, IP addresses, or other user identifiers, or user query patterns from the DNS queries sent from the Firefox browser," along with other requirements. When the change happens, it'll be automatic for users unless they've chosen a different DoH provider or disabled DoH altogether. Comcast told Ars yesterday that "Firefox users on Xfinity should automatically default to Xfinity resolvers under Mozilla's Trusted Recursive Resolver program, unless they have manually chosen a different resolver, or if DoH is disabled. The precise mechanism is still being tested and the companies plan to document it soon in an IETF [Internet Engineering Task Force] Draft."' -- source: https://tech.slashdot.org/story/20/06/25/1953252 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

3 months

2
1
0 0

Ubuntu..

by john

One of the moderators asked (after using Simply Mepis) He wanted a more GUI system for another version of Linux OS. After we all gave an opinion favouring Ubuntu or Mint to meet his needs another member posted: "No, don't try Ubuntu. Right in the T&C it says all searches, including those of your own hard drive, go to the BBC and others. You really don't want an invasion of your privacy that includes all your search results including all your personal material effectively being public knowledge." I have a problem with this small "fact" and wonder about it's validity BBC. British broadcasting corporation. Blueberry county. Big beautiful clowns??? .-- Cheers John..

3 months

3
3
0 0

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug June 2020