Broken Trust

Apple’s iOS team has had a pretty stellar record of secure designs and security-minded intent for a long time now. Android has never been a trustworthy system, and Google doesn’t care. Thanks to the “wutan-flu” as the kids call it, both are leaving vulnerabilities unpatched on purpose and tracking us.

Google did this BEFORE the joint announcement of Google and Apple working on APIs for contract tracing. They did not ask users consent, users didn’t even know this could be done until the datawas already gathered and the report published.

April 3, 2020 – Google’s announced report based on data it had already been gathering for who knows how long:

April 18, 2020 – Google and Apple announce partnership to produce APIs for contract tracing.

The Bluetooth vulnerabilities are critical, but since the companies can make money from tracking us, they won’t be fixing them any time soon.

All this has been a waste of time, as people aren’t installing the apps that use these APIs.

I refuse to update my phone to 13.5 or higher because they’re tracking users without consent, leaving vulnerabilities open, colluding with Google to compromise our privacy and security, and creating unused APIs for apps to track people. A malicious app could be installed which takes advantage of the APIs and the Bluetooth problems.

Obviously the FBI must be loving this “feature” to instantly trace a baddie’s circle of contacts. Just as with the end-to-end encryption debate, once that backdoor is created, there’s just no guarantee that it can’t be used maliciously. Apple & Google did this on purpose, which I would expect from Google, but Apple? Such betrayal will not soon be forgotten.

Git Masters

… some of the weirdest things in the Linux kernel’s git history. There are 1,549 octopus merges, one of which has 66 parents. The most heavily diverged merge has 22,445,760 lines of diff, though it’s a bit of a technicality because it shares no history with the rest of the repo. The kernel has four separate “initial” commits, one of which was a mistake.

This stuff goes to the point I usually make where if you think you’re an expert at something because you’ve worked with it for a decade, you might be surprised that you’re not.

“All-In” with Open Source

Microsoft Acquires GitHub For $7.5B

“… today the company is “all in with open source,” and requested people to judge the company’s commitment to the open source community with its actions in the recent past, today, and in the coming future …” – Satya Nadella, CEO, Microsoft

It may take decades to undo all the burned bridges caused by DECADES of ridiculing, vilifying, and desperately trying to completely eradicate Open Source. To expect people like me to simply forget is just naive. Given their track record of hostility, this could be a long game where they just shut Github down tomorrow. Time will tell.

The Halloween Documents

And don’t get me started on the ever-increasing problem of the corporate oligarchy which truly runs this country.

Apple Abandons WiFi

Apple officially discontinues AirPort router line, no plans for future hardware

It’s almost like they don’t want to have customers. No mag safe power connector, no headphone jack, no SD card slots, no Ethernet ports, no HDMI ports, no replaceable battery, no external monitors, nothing actually “pro” level anymore, Cristiano Ronaldo level prices …

Please tell me Linux has caught up and I can run Photoshop and Battlefield One on the same non-Winblows platform now … please?

A More Secure Domain

Google has a new offering: Introducting .app and I’m not impressed.

“A key benefit of the .app domain is that security is built in …”

I can’t tell if they’re being disingenuous or naive here, but to offer a “secure” domain name without encrypted DNS and WHOIS privacy seems like an idea that missed the mark. A “secure” domain name system must involve security at the domain name level. What they choose to enforce at the browser level is almost completely irrelevant.

That said, the HSTS aspect is a nice touch, assuming you’re going to use the domain for something based on HTTP.