Language Selection

English French German Italian Portuguese Spanish

Proprietary Software, Security, and Monopoly

Filed under
Microsoft
Mac
Security
  • Cyber-Attack on Air India Led to Data Leak of 4.5 Million Fliers

    [Attackers] infiltrated the servers of Air India Ltd. and gained access to personal data of 4.5 million fliers, the nation’s flag carrier said.

    Personal data of passengers registered between August 2011 and February 2021 were compromised in the attack, the carrier said in a note to fliers that was shared via Twitter. The details included credit card and contact information and frequent flier data.

  • Ransomware Moves from ‘Economic Nuisance’ to National Security Threat [iophk: Windows TCO]

    https://www.voanews.com/silicon-valley-technology/ransomware-moves-economic-nuisance-national-security-threat

    [...]

    While Blount, the Colonial Pipeline CEO, defended his decision to pay a ransom as “the right thing to do for the country,” law enforcement officials and cybersecurity experts say such hefty payments embolden cyber criminals to carrying out more attacks.

  • FBI warns Conti ransomware gang struck health and emergency networks [iophk: Windows TCO]

    The Federal Bureau of Investigation said that the same group of online extortionists blamed for striking the Irish health system last week have also hit at least 16 U.S. medical and first response networks in the past year.

    In an alert made public Thursday by the American Hospital Association, the FBI said the cybercriminals using the malicious software dubbed ‘Conti’ have targeted law enforcement, emergency medical services, dispatch centers, and municipalities.

    The alert did not name the victims or go into detail about the nature or severity of the breaches, saying only that they were among more than 400 organizations worldwide targeted by “Conti actors.”

  • Application Compatibility Hell: Microsoft set to remove Internet Explorer from Windows 10. (But 99% of it will linger.)

    Even NPR commented on Microsoft getting ready to remove Internet Explorer from Windows 10, but I thought I’d chime in and mention that you can do that today if you want to.

    Microsoft Edge has a thing called Internet Explorer Mode that can reload a site using the Trident engine from Internet Explorer.

    Due to the architecture of Internet Explorer, Trident is an embeddable component and Internet Explorer is just a small shell around that component. Internet Explorer Mode does not require the “Internet Explorer 11” feature to be turned on, so you can “remove” Internet Explorer and this Mode will still work in Microsoft Edge, should you turn it on.

    I’ve been trying out opening sites in IE Mode in Edge, and it’s pretty clear that Trident has aged quite badly and the only reason why you’d ever do this is if you ended up with some crap web application that nobody is going to fix anytime soon. Like the beneficiary enrollment page on One Walmart.

  • QBittorrent Developer: “Apple app notarization is extortion pretending to be security. Issue closed.” Bonus: Ancient operating systems. (Windows)

    A developer of the popular Bittorrent protocol client “QBittorrent” closed the “Won’t run on macOS Catalina” bug (due to Apple’s fake security scam of software signing+notarization) by closing the issue.

    After a discussion, it wasn’t even about the $100 a year it would cost to get to get an Apple developer account so they could give a program away for free, or wondering if they could even get Apple to sign off on a Bittorrent app if they did, but that the infrastructure that you have to put in place to build, sign, and notarize Mac apps is daunting and not worth the pitiful amount of Mac users that it would bring in.

    So, the way to make it run is still turn off Gatekeeper, at least for however long Apple allows it.

    It’s not really your computer anyway. It ain’t done til GNU/Linux won’t run…. Oh wait, this too has happened.

  • Federal Judge unimpressed with Tim Cook’s testimony.

    Per NPR, the first day of testimony in Epic’s lawsuit against Apple did not go well for CEO Tim Cook.

    It seems that the judge was the most skeptical of Cook’s arguments that the program that reduces “commissions” to Apple for small developers were sufficient, or that consumers had sufficient choice in the In-App Payments market because Android phones exist.

    Of course, that argument is ridiculous. Google’s commissions are exactly the same. The issue here is that the commissions themselves are too high and raise prices for the user. When Epic put it’s own in-app payment system into Fortnite, it passed some of the savings to the user. It cost 20% less than paying through Apple or Google.

    Jamie Zawinski had previously complained that Apple deliberately did things to discourage developers from giving away apps for iOS that are really free. For example, Google charges $25 once to get a Google developer account, and Apple charges $100 a year. Apple pressures people to make money so that they can take 30% of it.

    NPR goes on to mention the fact that iPhone sales have been stagnant for years. This is true, and there has not been a “next product” because Apple isn’t an innovative company. If they lose the in-app purchase revenue, money they are effectively stealing from their user (since the developer isn’t just absorbing it), they hit the skids.

  • “Tim Apple” testifies in court on the App Store monopoly.

    Today, Tim Cook (“Tim Apple” as Trump called him), testifies on Apple’s App Store monopoly.

    Of course, people should know that they’re going to try to excuse their behavior on creating a “good experience” for users and to “keep things safe” from malware, and from a child that may not use the computer correctly.

    The problem with this model is that Apple has been using their monopoly to profit from doing essentially nothing except imposing ridiculous rules on app developers, censoring apps, and taking nearly a third of gross sales for providing a distribution service.

    Apple’s model makes the user lose on numerous fronts, and it makes software more expensive and costs jobs in the economy.

    They also can’t guarantee it’s secure. At issue is Fortnite adding its own payment method to bypass Apple’s store siphoning off their revenues.

    How did it get past app review? The code was set to do nothing for a while, so that it would get through the review and then activate later.

    If a payment mechanism can do that, so can malware, and once malware runs on a device it’s too late. It can gain more permissions by exploiting bugs in the firmware, and become a rootkit. At that point, it would be difficult for Apple to even get rid of it.

  • Tim Cook’s Fortnite trial testimony was unexpectedly revealing

    Epic mustered its own arguments: people can still choose to keep their phones locked down, and they might want to access stores with even more carefully curated apps or even better privacy controls. It’s previously accused Apple of hypocrisy, pointing out anecdotal failures to catch specific apps (like a game called Ganja Farmer: Weed Empire) that violate App Store guidelines. “It’s not 100 percent. It’s not perfect. You will find mistakes being made,” Cook said when Apple’s counsel asked about those incidents. “But if you back up and look at it in the scheme of things, with 1.8 million or so apps on the store, we do a really good job.”

  • Apple's Tim Cook grilled by judge overseeing Epic's Fortnite trial

    Apple says its control over the App Store promises security and reliability for users. Epic says it stifles competition.

  • Apple App Store profits look 'disproportionate,' U.S. judge tells CEO Cook
  • FOSS Patents: Friday for Fortnite

    No, I don't want to gloat, but it's mind-boggling what happened yesterday in that Oakland courtroom at the end of the main part (they're done apart from closing arguments on Monday) of the Epic Games v. Apple App Store antitrust trial. It's fair to say that at this point the question is most likely about remedies. Epic is on the winning track with respect to liability as Judge Yvonne Gonzalez Rogers of the United States District Court for the Northern District of California laid bare the bankruptcy of Apple's defenses. Being an App Store complainant myself (though I tried what I could to work things out), that's what I had hoped, but the hurdle was and remains high.

    After my final pretrial post and Twitter thread, I didn't comment on the trial itself or on the issues in it. I just noted some suspicious Twitter activity.

    I dialed in only for opening statements (followed by Epic Games CEO Tim Sweeney's testimony, which was almost inaudible) and for Apple CEO Tim Cook's testimony yesterday. In between, I just read other people's tweets (mostly not even in real time), particularly the ones by Protocol's Nick Statt (here's his report on how the judge "saved her best for last") and The Verge's Adi Robertson (here's his article, which contains a partial transcript of how Judge YGR grilled Tim Cook), but also others.

    After the first couple of days, I was profoundly worried. The judge had tough questions for Epic, and some of the answers might have been tactically suboptimal. The inflection point in the early phase of the trial was the testimony of Lori Wright, a Microsoft Xbox exec. As far as I could see on Twitter, it was just perfect and definitely eye-opening.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.