đź’ľ Archived View for gemini.osnews.com captured on 2023-09-08 at 15:38:07. Gemini links have been rewritten to link to archived content
➡️ Next capture (2023-09-28)
-=-=-=-=-=-=-
_____ _____ _____
| | __| | |___ _ _ _ ___
| | |__ | | | | -_| | | |_ -|
|_____|_____|_|___|___|_____|___|
Exploring the future of computing
---------------------------------
======Server specifications======
Fedora Linux
2x Intel Xeon E5-2640 v3
32 GB of RAM
=================================
Don’t let Chrome’s big redesign[1] distract you from the fact that Chrome’s invasive new ad platform, ridiculously branded the “Privacy Sandbox,” is also getting a widespread rollout in Chrome today[2]. If you haven’t been following this, this feature will track the web pages you visit and generate a list of advertising topics that it will share with web pages whenever they ask, and it’s built directly into the Chrome browser. It’s been in the news previously as “FLoC[3]” and then the “Topics API[4],” and despite widespread opposition from just about every non-advertiser in the world, Google owns Chrome and is one of the world’s biggest advertising companies, so this is being railroaded into the production builds. Google seemingly knows this won’t be popular. Unlike the glitzy front-page Google blog post that the redesign got, the big ad platform launch announcement is tucked away on the privacysandbox.com[5] page. The blog post says the ad platform is hitting “general availability” today, meaning it has rolled out to most Chrome users. This has been a long time coming, with the APIs[6] rolling out about a month ago and a million incremental steps in the beta and dev builds, but now the deed is finally done.
Don’t use Chrome or any of its derivatives. If you care about privacy and the open web, use Firefox or one of its even more privacy-conscious alternatives, such as LibreWolf[7]. Chrome has always been deeply problematic, but with this ridiculous “Privacy Sandbox”, the browser has effectively become a tool to show you ads first, and a browse second. Mark my words – the total gutting of adblocking in Chrome is up next.
[5] https://privacysandbox.com/news/privacy-sandbox-for-the-web-reaches-general-availability
Created by Mozilla Research in 2012, the Servo project[1] was the first major Rust codebase other than the compiler itself, and has since been a hallmark for experimental web engine design. Major components of Servo have been incorporated into the Firefox web browser, and several of its parsers and other lower-level libraries have become foundational to the Rust ecosystem. As a promising, modern, and open web engine for building applications and immersive experiences using web technologies, stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020. In 2023, Servo experienced renewed activity led by Igalia, a Linux Foundation Europe member that now has a team of engineers working on the project. Today we are pleased to announce that the Servo project has officially joined Linux Foundation Europe[2].
I’m very curious to see where Servo goes in the future.
[2] https://www.igalia.com/2023/09/07/The-Servo-project-is-joining-Linux-Foundation-Europe.html
A month has passed since the last Plasma 6 status update[1], so it’s time for another one! First, what you’ve all been waiting for: a release date! We’ve decided that Plasma 6 will be released in early February of 2024[2]. We don’t have a specific day targeted yet, but it’ll be in that timeframe. I’m feeling quite confident that the release will be in excellent shape by then! It’s already in good shape right now. 5 months should provide enough of a runway for a solid final release.
Following the development of Plasma 6 has been an interesting ride, and it seems it’s in a good state – and these five months will make it even better.
[1] https://pointieststick.com/2023/08/03/august-plasma-6-progress-update/
[2] https://pointieststick.com/2023/09/06/september-plasma-6-update/
Over the past few days, there have been a lot of reports in the media that the UK government was backing down from its requirement that every end-to-end encrypted messenger application inside the country had to give the government backdoor access to these messenger applications. However, after reading the actual words from the UK’s junior minister Stephen Parkinson, it seemed like all she did was give a “pinky promise!” not to enforce this requirement. The law itself did not change, is not changing, and will not change, and the requirement is still in there.
Today, the UK’s technology minister Michelle Donelan made that even clearer than it already was[1].
Donelan, however, denied on Thursday that the bill had been watered down in the final stages before it becomes law. “We haven’t changed the bill at all,” she told Times Radio. “If there was a situation where the mitigations that the social media providers are taking are not enough, and if after further work with the regulator they still can’t demonstrate that they can meet the requirements within the bill, then the conversation about technology around encryption takes place,” she said.
This raises an interesting question – why was everyone so keen on pushing the narrative yesterday that the “technology sector” had won, and that the UK government had backed down? Well, Facebook and Apple have kind of talked themselves into a corner in response to the UK’s requirement for backdoor access to WhatsApp and iMessage. The two companies threatened they would pull these services out of the UK if the government didn’t remove this requirement. When it became clear that the UK government wasn’t going to back down, Facebook and Apple were going to lose a lot of face if they didn’t actually pull WhatsApp and iMessage out of the UK in response. They needed something to get them out of this.
This vague pinky promise is all they needed. Now they can shit all over their supposed morals and values once again, completely abandon their grandstanding and promises about protecting end-to-end encryption in messaging, and continue to operate in the UK as if nothing has changed, despite them legally being obligated to break end-to-end encryption if the UK government asks them to – which they can now do whenever it pleases them.
And entirely unsurprisingly, the general tech media, ever looking to please the corporations they are supposed to do the journalism stuff about, fell for it, hook, line, and sinker. The narrative that the UK backed down and Facebook and Google won is out there now, and that’s all the tech sector needed.
[1] https://www.reuters.com/technology/uk-minister-says-position-encryption-not-changed-2023-09-07/
Based on Ubuntu Core’s FDE design, we have been working on bringing TPM-backed full disk encryption to classic Ubuntu Desktop systems as well[1], starting with Ubuntu 23.10 (Mantic Minotaur) – where it will be available as an experimental feature. This means that passphrases will no longer be needed on supported platforms, and that the secret used to decrypt the encrypted data will be protected by a TPM and recovered automatically only by early boot software that is authorised to access the data. Besides its usability improvements, TPM-backed FDE also protects its users from “evil maid” attacks that can take advantage of the lack of a way to authenticate the boot software, namely initrd, to end users.
I’m not well-versed enough on this topic to make any meaningful comments, other than as long as it’s a choice presented to users, it seems like a good thing.
[1] https://ubuntu.com/blog/tpm-backed-full-disk-encryption-is-coming-to-ubuntu
To address this customer concern, Microsoft is announcing our new Copilot Copyright Commitment[1]. As customers ask whether they can use Microsoft’s Copilot services and the output they generate without worrying about copyright claims, we are providing a straightforward answer: yes, you can, and if you are challenged on copyright grounds, we will assume responsibility for the potential legal risks involved. This new commitment extends our existing intellectual property indemnity support to commercial Copilot services and builds on our previous AI Customer Commitments[2]. Specifically, if a third party sues a commercial customer for copyright infringement for using Microsoft’s Copilots or the output they generate, we will defend the customer and pay the amount of any adverse judgments or settlements that result from the lawsuit, as long as the customer used the guardrails and content filters we have built into our products.
Copilot is the biggest copyright infringement case in human history, but at the same time, it will be very difficult for the thousands and thousands of individual projects and developers on Github to fight Microsoft in court of this infringement. Microsoft knows nobody powerful enough to challenge them is going to sue them over this, so they can easily offer this indemnification.
[2] https://blogs.microsoft.com/blog/2023/06/08/announcing-microsofts-ai-customer-commitments/
ELKS[1] is a project providing a Linux-like OS for systems based on the Intel IA16 architecture (16-bit processors: 8086, 8088, 80188, 80186, 80286, NEC V20, V30 and compatibles). Such systems are ancient computers (IBM-PC XT / AT and clones) as well as more recent SBCs, SoCs, and FPGAs. ELKS supports networking and installation to HDD using both MINIX and FAT file systems.
Version 0.7.0[2] was recently released, and it includes support for several new systems, among which is the Book 8088, a recently released 8088 laptop from China that’s been making the rounds on YouTube. Of course, it also comes with a bunch of new commands and applications, like mail from MINIX, the visual file manager fm, and more, and the usual load of bug fixes.
[1] https://github.com/ghaerr/elks
[2] https://github.com/ghaerr/elks/releases/tag/v0.7.0
Xcom[1] is a crossplatform GUI system: a multi-windowed, multi-tasking environment. Xcom allows you to browse, copy, view and manage your files, start and stop programs, watch and listen basic media content and music. Unlike other windowing systems and protocols, it integrates the basic functionality as a monolithic, cohesive program. Xcom can run on top of various kernel, currently the DOS version is available publicly. Xcom is tiny in size, fast, doesn’t requires installation process. Xcom is hundreds of times faster and smaller than competitive systems – it requires only about 5 MBytes of disk space, and starts up within a few seconds. Xcom has a familiar appearance of classic operating system user interfaces. Xcom is a handy tool to keep it on your retro computer, it can work magnitudes faster than any other modern desktop environment, meanwhile the features are up-to date. Xcom has all the basic tools for browsing pictures, listening to music files, reading and writing text documents and drawing simple graphics.
This is an interesting approach to developing a full… User interface? Operating environment? It currently is only available for DOS, but other systems should follow. It does have a few intrinsic limitations – since it’s entirely contained in one program, you can’t develop for this or create new applications, since it’s not a toolkit and doesn’t have a compiler or anything like that. It’s also not open source, and while that doesn’t mean it’s not good or not interesting, it does limit the interest this will gather in the wider community.
Regardless, it looks great, and it’s clear a lot of work and love went into it.
[1] http://xcom.infora.hu/index.html
We’ve come a long way since then, steadily retreating from openness & user control of devices, and shifting towards a far more locked-down vendor-controlled world. The next step of Android’s evolution is Android 14 (API v34, codename Upside-Down Cake) and it takes more steps down that path. In this new release, the restrictions around certificate authority (CA) certificates become significantly tighter, and appear to make it impossible to modify the set of trusted certificates at all, even on fully rooted devices.[1] If you’re an Android developer, tester, reverse engineer, or anybody else interested in directly controlling who your device trusts, this is going to create some new challenges.
The walls are slowly but surely closing in on Android.
[1] https://httptoolkit.com/blog/android-14-breaks-system-certificate-installation/
On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor had acquired the consumer key, Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our technical investigation has concluded. As part of our commitment to transparency and trust, we are releasing our investigation findings[1]. Our investigation found that a consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (“crash dump”). The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump (this issue has been corrected). The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected). We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network. This is consistent with our standard debugging processes. Our credential scanning methods did not detect its presence (this issue has been corrected). After April 2021, when the key was leaked to the corporate environment in the crash dump, the Storm-0558 actor was able to successfully compromise a Microsoft engineer’s corporate account. This account had access to the debugging environment containing the crash dump which incorrectly contained the key. Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.
That is one hell of a unique string of unfortunate events.
Car makers have been bragging about their cars being “computers on wheels” for years[1] to promote their advanced features. However, the conversation about what driving a computer means for its occupants’ privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car. All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed[2].
Much to the surprise of nobody.
[1] https://www.latimes.com/business/autos/la-fi-hy-musk-computer-on-wheels-20150319-story.html
While the Pixel 6 ushered in three years of major Android OS version updates and an additional two for security patches, that’s still nowhere near the longevity of the iPhone. Google hopes to change that on the Pixel 8 and 8 Pro with noticeably more OS updates[1]. Looking at the mobile Android landscape, three years of OS updates – which was also the case on Qualcomm-powered Pixel phones from 2017-2021 – is less than Samsung’s promise of four, which started last year with the Galaxy S21, S22, Flip 3, and Fold 3 and continued through devices released this year, including some of the company’s more affordable releases. From what we’re hearing, Pixel 8’s update promise should surpass Samsung’s current policy on flagships and meaningfully match the iPhone. Of course, the devil is in the details, especially in those later years. For example, the Galaxy line has, in the past, adopted a quarterly approach towards the end. Even a bump to just five years of OS updates for Pixel would be enough and let the Google phone be at the top of the ecosystem, with anything beyond that squarely going after the iPhone’s record.
The situation has definitely been improving – finally – but I’d still like this to be platform-wide, and not just individual manufacturers making promises. To reduce e-waste, make devices more secure and ensure longer lifespans, I’d like to see 10 years of full software support. The tech industry has a long history of garbage support and low quality – especially when it comes to software – that we would not tolerate from any other industry.
It’s time the tech industry grew up and joined other industries that offer far longer and more comprehensive support.
[1] https://9to5google.com/2023/08/28/google-pixel-8-android-os-updates/
China ordered officials at central government agencies not to use Apple’s iPhones and other foreign-branded devices for work or bring them into the office[1], people familiar with the matter said. In recent weeks, staff were given the instructions by their superiors in workplace chat groups or meetings, the people said. The directive is the latest step in Beijing’s campaign to cut reliance on foreign technology and enhance cybersecurity, and comes amid a campaign to limit flows of sensitive information outside of China’s borders. The move by Beijing could have a chilling effect for foreign brands in China, including Apple. Apple dominates the high-end smartphone market in the country and counts China as one of its biggest markets, relying on it for about 19% of its overall revenue.
iPhones are, for all intents and purposes, a Chinese product. It seems odd they are afraid of a device that’s entirely built by Chinese people in Chinese factories owned by Chinese companies run by the Chinese government. An iPhone is about as American as a MAGA hat with a Made in China label, so why ban its use by Chinese government officials?
The answer is obvious: because the west is banning the use of Huawei and other devices – even though those are made by the same Chinese people in the same Chinese factories owned by the same Chinese companies run by the same Chinese government as iPhones are. This is a tug of war between two superpowers, and western companies heavily reliant on China, such as Apple, is going to be facing some serious consequences.
The European Commission has today designated, for the first time, six gatekeepers – Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft[1] – under the Digital Markets Act[2] (DMA). In total, 22 core platform services provided by gatekeepers have been designated. The six gatekeepers will now have six months to ensure full compliance with the DMA obligations for each of their designated core platform services. Following their designation, gatekeepers now have six months to comply with the full list of do’s and don’ts[3] under the DMA, offering more choice and more freedom to end users and business users of the gatekeepers’ services. However, some of the obligations will start applying as of designation, for example, the obligation to inform the Commission of any intended concentration. It is for the designated companies to ensure and demonstrate effective compliance. To this end, they have  6 months to submit a detailed compliance report in which they outline how they comply with each of the obligations of the DMA.
The EC also notes that due to submissions from Apple and Microsoft arguing that iMessage and Bing, Edge, and Microsoft Advertising respectively, do not qualify to be subject to the DMA, the EC has opened four market investigations into these four services to further assess the situation. On top of that, for Gmail, Outlook.com and the Samsung Internet Browser, the EC has concluded that their owners have successfully argued they should not fall under the DMA.
This is one of the biggest pieces of legislation to hit powerful corporations in a long time – especially in tech, which basically has been a wild west free-for-all regulation-wise – and it’s going to have some massive consequences for all of us.
[1] https://ec.europa.eu/commission/presscorner/detail/en/ip_23_4328
[2] https://digital-markets-act.ec.europa.eu/index_en
From Ars Technica[1]:
Previously, Gizmodo en Español had a small but dedicated team who wrote original content tailored specifically for Spanish-speaking readers, as well as producing translations of Gizmodo’s English articles. The site represented Gizmodo’s first foray into international markets when it launched in 2012 after being acquired from Guanabee. Newly published articles on the site now contain[2] a link to the English version of the article and a disclaimer stating (via our translation from Google Translate), “This content has been automatically translated from the source material. Due to the nuances of machine translation, there may be slight differences. For the original version, click here.”
As both a translator and a tech writer, this article touches upon a lot of aspects of my professional life. As a translator with a master’s degree in translation and over 13 years of experience, I can confidently say these AI-translated articles won’t be anywhere near the quality of a professional translation, let alone that of original content written in Spanish. Computers are actually not that great at language, and every time I play around with machine translation tools – they tend to be integrated into the various translation software suites I use – it’s barely passable as coherent text.
There are things you can do to increase the success rate of machine translation. It’s crucial to write the source text in a very formulaic manner, using short sentences with basic sentence structure any primary schooler can easily follow. Avoid complicated clauses, literary devices, sayings and wordplay, and words that can carry multiple meanings. To further increase the success rate, make sure your writers reuse the same formulaic sentences in different articles, so the machine translation software can learn from earlier corrections.
By the time you instilled all this and more into your writing staff, not only will they quit because writing in such a way is not engaging at all, it will also tank your SEO – something the kind of people who would fire translators to rely exclusively on machine translation would care about – into the ground. It wouldn’t feel natural, and nobody will enjoy reading it but computers.
…it’s going to end up as AIs writing for other AIs.
[2] https://es.gizmodo.com/nypd-drones-espias-dia-del-dia-del-barbacoas-fiestas-1850796672
Speaking of operating systems written in Rust – a popular activity as of late – one of the SoC contributors to Redox is also writing their own operating system in rust, called Aero[1].
Aero is a new modern, experimental, unix-like operating system written in Rust. Aero follows the monolithic kernel design and it is inspired by the Linux Kernel. Aero supports modern PC features such as Long Mode, 5-level paging, and SMP (multicore), to name a few.
Open source, of course, licensed under the GPL, version 3.