wlug June 2020

wlug@list.waikato.ac.nz

11 participants
83 discussions

by Lawrence D'Oliveiro

For quite a while now, I’ve been annoyed by the system notification volume going to 100% on my Debian systems, regardless of my attempts to set it to a lower level. For example, when I open the KDE System Settings app, change something, then try to close the window, the sound that accompanies the save/discard/cancel alert is always startlingly loud. I think I have finally found a fix: in your /etc/pulse/daemon.conf, put in a line saying flat-volumes = no (You should find an existing comment “; flat-volumes = yes” that indicates the default.) You can make this new setting take effect in the current session immediately without having to logout or reboot, by executing the following as the currently-logged-in user: pulseaudio -k (This kills and restarts the PulseAudio daemon for your user session.) There are several discussions of the pros and cons of this issue online, going back some years. For example, here <https://bugzilla.redhat.com/show_bug.cgi?id=1265267>. Also a mention about the “flat-volumes” setting in the ever-reliable Arch Linux Wiki here <https://wiki.archlinux.org/index.php/PulseAudio>.

6 months, 1 week

Random Firefox Tweaks

by Lawrence D'Oliveiro

Been looking at various settings changes you can make in the “about:config” page in Firefox. Here are a couple I have found useful: * keyword.enabled -- set to false to stop Firefox trying to do a search on the contents of the address box if it doesn’t match a URL. This is why I have a search box separate from the address box. * browser.fixup.alternate.enabled -- set to false to stop it helpfully tacking on “www.” and “.com” if the original URL you type doesn’t work. I have occasionally been confused by it complaining about not finding a URL, but showing a different one from the one I typed. By the way, when you first try to view this page, Firefox shows you a warning to ensure you understand the consequences of messing about with settings at this level. It remembers it has shown you this warning by adding the following line to the prefs.js file in your profile: user_pref("browser.aboutConfig.showWarning", false); Firefox seems to overwrite this file when it quits, and reloads it when it is launched again.

7 months, 2 weeks

How Qualcomm Shook Down The Cell Phone Industry For Almost 20 Years

by Lawrence D'Oliveiro

A pretty sobering read <https://arstechnica.com/tech-policy/2019/05/how-qualcomm-shook-down-the-cel…>: Qualcomm's first weapon against competitors: patent licensing terms requiring customers to pay a royalty on every phone sold—not just phones that contained Qualcomm's wireless chips. Sound familiar? Judge Koh draws a direct parallel to licensing behavior that got Microsoft in legal trouble in the 1990s. Microsoft would offer PC makers a discount if they agreed to pay Microsoft a licensing fee for every PC sold—whether or not the PC shipped with a copy of MS-DOS. This effectively meant that a PC maker had to pay twice if it shipped a PC running a non-Microsoft operating system. There’s a lot more--the article reads like a catalogue of gangster-like tactics. All of which is perfectly all right under the US interpretation of “Free Enterprise”, of course ... Also, reading the details of how Qualcomm managed to sabotage Intel’s efforts to develop 5G chips, it seems to me that Qualcomm is directly responsible for the situation today where US companies are lagging behind Chinese ones like Huawei in 5G capability.

11 months, 2 weeks

Incognito Mode Detection Still Works in Chrome Despite Promise To Fix

by Peter Reutemann

'Websites are still capable of detecting when a visitor is using Chrome's incognito (private browsing) mode, despite Google's efforts last year to disrupt the practice. From a report: It is still possible to detect incognito mode in Chrome, and all the other Chromium-based browsers, such as Edge, Opera, Vivaldi, and Brave, all of which share the core of Chrome's codebase. Furthermore, developers have taken the scripts shared last year and have expanded support to non-Chrome browsers, such as Firefox and Safari, allowing sites to block users in incognito mode across the board. Currently, there is no deadline for a new Chrome update to block incognito mode detections, however, today, Google might be interested more than ever in fixing this issue' -- source: https://yro.slashdot.org/story/20/06/04/1857211 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year

Google Removes 25 Android Apps Caught Stealing Facebook Credentials

by Peter Reutemann

'Google has removed this month 25 Android apps from the Google Play Store that were caught stealing Facebook credentials. From a report: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games. The apps offered a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what app a user recently opened and had in the phone's foreground. If the app was Facebook, the malicious app would overlay a web browser window on top of the official Facebook app and load a fake Facebook login page (see image below: blue bar = actual Facebook app, black bar = phishing page).' -- source: https://tech.slashdot.org/story/20/06/30/1411202 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year

Android's AirDrop Competitor Is Coming Soon

by Peter Reutemann

'Android's long-awaited "Nearby Sharing" feature, which allows you to share files between Android devices wirelessly, is rolling out to beta testers. Android Police reports: Nearby Sharing may appear slightly differently depending on the type of content you try to share. In all cases, it shows up as an app in the apps list on the share sheet, but you may also get a smaller prompt just under the content preview, more like it did in the previous Android 11 video leak. We tested it on a Pixel 4 XL and Pixel 3a running Android 10, but the appearance may also vary on other versions of Android. Note that Nearby Share works for both files like photos or videos, as well as other shareable content like Tweets and URLs. It probably works with a lot of things. Select Nearby Share in the share sheet as the target, and you're prompted to turn on the feature, if it's the first time you've used it. The quick setup process lets you configure your default device name and device visibility settings, though those can also be changed later. Once you have it enabled, Nearby Sharing starts looking for other nearby devices. The interface is pretty simple: A big X in the top left corner backs you out, your avatar on the right takes you to a settings pane that lets you configure things like your device name, visibility, and which mechanism to use to make the transfer (i.e., whether to use your internet connection for small files, to stick to Wi-Fi, or to always share offline). Google says Nearby Share is currently in limited testing via the Play Services beta: "We're currently conducting a beta test of a new Nearby Share feature that we plan to share more information on in the future. Our goal is to launch the feature with support for Android 6+ devices as well as other platforms."' -- source: https://mobile.slashdot.org/story/20/06/30/2014259 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year

Apple Declined To Implement 16 Web APIs in Safari Due To Privacy Concerns

by Peter Reutemann

'Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices. Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices. Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor. Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader. Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes. Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes. Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices. Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors. [...] The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices. ' -- source: https://apple.slashdot.org/story/20/06/29/1456247 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year

A decidedly non-Linux distro walkthrough: Haiku R1/beta2

by Peter Reutemann

'Earlier this month, the Haiku project released the second beta of its namesake operating system, Haiku. Haiku is the reimagining of a particularly ambitious, forward-looking operating system from 1995—Be, Inc.'s BeOS. BeOS was developed to take advantage of Symmetrical Multi-Processing (SMP) hardware using techniques we take for granted today—kernel-scheduled pre-emptive multitasking, ubiquitous multithreading, and BFS—a 64-bit journaling filesystem of its very own. [...] In June 2020—nineteen years after OpenBeOS was born, and sixteen after its rename to Haiku—the project released its second beta distribution. The project still adheres to backward application compatibility with 1990s BeOS—although only in its 32-bit version, which I did not test.' -- source: https://arstechnica.com/gadgets/2020/06/a-decidedly-non-linux-distro-walkth… Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year

Firefox 79 Stable Will Let Users Test Unreleased Features Using 'Experiments'

by Peter Reutemann

'Both Edge and Chrome already allow users to try unreleased, experimental features (by typing about:flags in the address bar). Soon there'll be a similar "Firefox Experiments" option starting in Firefox 79. Slashdot reader techtsp shares this report from the Windows Club: Mozilla has a dedicated Experimental Features page on MDN just for that. But limiting experimental features to Firefox's Nightly channel has a limitation: A fairly limited number of "curious" users. Now, extending some of these experimental features to stable releases will increase the scope of "Firefox Experiments" as a whole... This option will allow users to enable/disable experimental features under Preferences... [In Firefox 79] Navigate to Preferences by entering about:preferences in the browser's address bar or click the gear icon and got to "Preferences." Discover and set browser.preferences.experimental to True. Now, you should be able to see the "Firefox Experiments" menu under Firefox 79 Preferences.' -- source: https://tech.slashdot.org/story/20/06/27/0321206 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year

Journalist's Phone Hacked: All He Had To Do Was Visit a Website. Any Website.

by Peter Reutemann

'The iPhone that Moroccan journalist Omar Radi used to contact his sources also allowed his government to spy on him (and at least two other journalists), reports the Toronto Star, citing new research from Amnesty International. Slashdot reader Iwastheone shares their report: Their government could read every email, text and website visited; listen to every phone call and watch every video conference; download calendar entries, monitor GPS coordinates, and even turn on the camera and microphone to see and hear where the phone was at any moment. Yet Radi was trained in encryption and cyber security. He hadn't clicked on any suspicious links and didn't have any missed calls on WhatsApp — both well-documented ways a cell phone can be hacked. Instead, a report published Monday by Amnesty International shows Radi was targeted by a new and frighteningly stealthy technique. All he had to do was visit one website. Any website. Forensic evidence gathered by Amnesty International on Radi's phone shows that it was infected by "network injection," a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website. In milliseconds, the web browser is diverted to a malicious site and spyware code is downloaded that allows remote access to everything on the phone. The browser then redirects to the intended website and the user is none the wiser. Two more human rights advocates in Morocco have been targeted by the same malware, the article reports.' -- source: https://yro.slashdot.org/story/20/06/27/029222 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug June 2020