x
This website uses third party cookies exclusively to collect analytics data. If you continue browsing or close this notice, you will accept their use. The EU now requires all sites to display this banner which confuses users and does nothing, actually, to improve your privacy.
Read more on why this law is ignorantLearn about this website's cookiesDisallow cookies
Carlos Fenollosa

Carlos Fenollosa

Engineer, developer, entrepreneur

Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

Links for 2019-11-10

November 10, 2019 — Carlos Fenollosa

Windows backwards compatibility is amazing

The Windows Update Marathon in a VM: From Windows 1.01 to XP (5 min, in German) and Upgrading Windows NT 3.51 to Windows 10 via 2000, XP, Vista, 8 and 8.1 in under a minute (1 min, video) both via

Windows 95 opening Windows 3.1 apps

I can already hear the Windows 3.1, 95, 98 and XP startup sounds in my head. Can you?

Of course, nostalgia paints everything with rose colored glasses. Windows 3.1 was an amazing improvement over DOS. 95 brought real multitasking but it crashed constantly. 98 SE was the shit. XP started a bit wonky but with SP2 became a great OS. And anything that came later just sucks

Which brings us to...

Windows is not for OP

Back to windows after twenty years (2 min, via)

Apple's stubborn four-year refusal to fix the terminally broken butterfly keyboard design led me to a crazy experiment last week: Giving Windows a try for the first time in twenty years.

I have done this, for the same reasons (see link above)

However...

Anyway, I started this experiment on a Monday. I kept going all the way through Friday. Using the laptop as I would any other computer for the internet, and my new hobby of dealing with the stubbed toes of setting up a *nix development environment, but when I got to Saturday I just... gave up

Yup, seems about right.

Several top Spanish companies hit by ransomware

Everis and others hit by ransomware (2 min, Tweetstorm, in Spanish, via and discussion in English)

Two years ago, Telefonica, the Spanish telco, was hit by Wannacry, too

Ransomware is pretty scary. However, when you remember how viruses in the past just deleted your files, it makes you think. Do you prefer total destruction or a possibility of recovery through blackmail?

Remember:

  • Check your backups
  • Keep your OS always up to date
  • Don't use Windows unless strictly necessary

Spain passes its own "PATRIOT Act"

Críptica analyzes the new Spanish Digital Act (2 min, Tweetstorm, in Spanish)

Yes, Spain has hit the tech news twice this week.

Well, it was a matter of time. Spain already had a law which allowed the Government to close websites without a court order, which is outrageous on itself and has recently been used already to silence political dissent.

Now, the Government will have power to cut communications infrastructure (i.e. cellphone signal, internet at the ISP level) in situations where national security is at risk (ok) but also to protect public order (not ok)

Since any protest can disrupt public order, this new mechanism can be used almost indiscriminately.

Note: This law has been tuned by an acting government, during the general elections campaign.

All issues of the now defunct Linux Journal

Linux Journal complete (PDF) collection (RH, via) is an archive of the recently discontinued Linux Journal, a veteran in the industry.

F

Web vs native

Apple Is Trying to Kill Web Technology (2 min, via) is a manifesto that defends web apps.

In my opinion, it is misleading because it blames Apple, not the Electron developers, who are at fault for accessing private APIs. That is another topic of discussion, but hey, isn't it ironic? If you develop a web app that accesses private APIs, maybe you would be better served by a... native app?

Regardless, there a few valid points:

Apple's control over its app ecosystem is a new type of monopoly that's hard to understand for lawmakers, and difficult for us to fight back against — because there simply isn't a way out of these restrictions when the company controls both the distribution method and the platform itself

But again, this has nothing to do with Electron using private APIs to try and suck less.

I hate Electron apps, in case you didn't notice. Sorry. Everybody has their own biases.

Bash toolchain

Library for bash utility methods and tools, Shell Script Library, Bash Automated Testing System and Bash Infinity, a modern boilerplate / framework / standard library for bash (RH, via)

You may know I'm a Bash fan, so these finds are like gold to me.

The moral of the story is: don't dismiss bash without analyzing your requirements first.

Know Thy Computer

There's No Such Thing as Knowing Your Computer 'All the Way to the Bottom' (5 min, via)

I initially thought the title was about blobs in firmware, but no, the article is about programming languages, focusing on C.

Interesting, check it out if you're a systems programming nerd.

Give Firefox a chance

Give Firefox A Chance For A Faster, Calmer And Distraction-Free Internet (10 min, via) is a very good write-up with tips and tricks to maximize the usefulness and also the fun of Firefox.

A must read, and hopefully it may convince some people to switch from Chrome.

Boot sector games

Boot sector games (10 min, video)

The 8-Bit Guy has fantastic tutorials and reviews of cool old tech. If you want to see what can be done in 512 bytes you definitely need to watch this video.

Space Invaders clone that fits in 512 bytes

Use IRC as a private chat

IRC for DMs (2 min, via) is a quick review of current chat systems and why they suck.

I like crazy, statu-quo breaking ideas, though the practicality of using IRC as a private chat system is nuts. Nuts, as in 90's rad.

Tags: roundup

Comments? Tweet  

Links for 2019-11-03

November 03, 2019 — Carlos Fenollosa

Why 80x25?

80×25 (5 min, via is fantastic research where author mhoye puts the puzzle pieces together and discovers why our 2019 console emulators launch with a default resolution of 80x25.

I'm not going to spoil it, you will need to read the article. Here's the first paragraph:

Every now and then, my brain clamps on to obscure trivia like this. It takes so much time. "Because the paper beds of banknote presses in 1860 were 14.5 inches by 16.5 inches, a movie industry cartel set a standard for theater projectors based on silent film, and two kilobytes is two kilobytes" is as far back as I have been able to push this, but let's get started.

7000 DOS games in your browser

The Software Library: MS-DOS (RH, via) is an outstanding collection of DOS software from the Internet Archive playable in-browser via dosbox-js emulation, including, of course, the aforementioned 7000 games.

Go try it out and waste the rest of this Sunday!

Play Simcity in your browser

A Gameboy modern clone

Analogue Pocket, a Gameboy Color/Advance built using modern technology (5 min, via)

An interesting console with hardware for loading original Gameboy cartridges but running with more modern hardware like a hi-res backlit LCD and a rechargeable battery.

I'm always tempted to buy these, but in the end I keep using my NDS Lite as a retro emulator.

The Analogue Pocket

NordVPN and TorGuard hacked

NordVPN confirms it was hacked (2 min, via), NordVPN and TorGuard VPN Breaches: What You Need to Know (5 min, via) and Make yourself an iOS-compatible VPN with OpenBSD

NordVPN told TechCrunch that one of its data centers was accessed in March 2018. "One of the data centers in Finland we are renting our servers from was accessed with no authorization," said NordVPN spokesperson Laura Tyrell.

The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.

And

[NordVPN advisory board member Tom Okman] said it was hard to determine if hackers obtained information on the internet usage of Nord users because the company doesn't collect logs of activity on its servers, a selling-point to privacy-conscious customers. 'I think that the worst case scenario is that they could inspect the traffic and see what kind of websites you could visit,' Okman said. He said this would only apply to Nord users who used its Finnish server and were accessing websites that didn't use the secure protocol HTTPS

HN user safeplanet-fesa also raises questions about Tesonet, the parent company of NordVPN

Twitter user @hexdefined details how an attacker could have performed a MITM attempt given what we know about the breach.

Drew DeVault started an interesting thread discussing alternatives on his Mastodon account.

A homemade PCB

My First PCB! (5 min, via)

Recently I linked to a homemade tutorial on how to make an IC, and this week I found this tutorial where Laura Lindzey explains how to make the jump from a proto-board and make a real PCB at home.

I will always link to these home electronics experiments, I love them.

Spying on children at school

Gaggle Knows Everything About Teens And Kids In School (2 min, via)

I'm sure that future adults will appreciate having a record of every word they uttered at school /s

Very elaborate, state-targeted Whatsapp attack

WhatsApp hacked to spy on top government officials at U.S. allies (2 min, via)

A very high-profile attack used a Whatsapp vulnerability "to take over users' phones". Which users? "High-profile government and military officials spread across at least 20 countries on five continents"

Unfortunately, the article doesn't explain how the app exploit propagated upwards to the OS and take full control of the phone, which is the real key of the question.

StarCraft AIs start beating humans

AlphaStar: Grandmaster level in StarCraft II using multi-agent reinforcement learning (RH, via)

People have been trying to develop Starcraft AIs since forever, but this is the first time that a bot can beat a world champion player.

Our new research differs from prior work in several key regards:

  1. AlphaStar now has the same kind of constraints that humans play under – including viewing the world through a camera, and stronger limits on the frequency of its actions
  2. AlphaStar can now play in one-on-one matches as and against Protoss, Terran, and Zerg
  3. The League training is fully automated, and starts only with agents trained by supervised learning, rather than from previously trained agents from past experiments.
  4. AlphaStar played on the official game server, Battle.net, using the same maps and conditions as human players. All game replays are available here

Go check the replays now!

The Internet is no longer what it was

50 years ago, I helped invent the internet. How did it go so wrong? (5 min, via) and I Miss the Old Internet (1 min, via) are a couple nostalgic pieces about the old internet, defending why it was better, because it was more decentralized, more personal, and wasn't just another way to push ads in front of eyeballs.

On a related note, A History of Personal and Professional Websites (10 min) is a series of screenshots showcasing the author's first websites, real nostalgia fuel.

Face recognition to unlock porn

Australia wants to use face recognition for porn age verification (1 min, via)

What could possibly go wrong?

Chat over the email protocol

Delta Chat, Instant E-Mail Messaging (1 min, via)

Delta Chat is essentially a GUI over email which displays threads as chat conversations. And I really like that!

This is a really interesting project which, although it will rarely take off on the mainstream, can already argue they already took care of the network effects of their platform. Kind of like the old Google Talk, but universal.

It even includes E2E encryption by default by integrating Autocrypt. The project is actively maintained, so why don't you give it a try?

Running out of IPv4 addresses

This Time, There Really Are NO IPv4 Internet Addresses Left (1 min, via)

Is it the boy crying wolf again? Is this the digital equivalent of "we will run out of oil in 25 years"?

Some big ISPs still have a large stockpile of IPv4s but others that haven’t deployed IPv6 may have to stretch that out by adopting awkward solutions like internet address sharing (Carrier Grade NAT), which can in some circumstances create problems for internet systems that use unique IP addresses to identify, process and or block user activity.

In other cases we have seen some commercial trading of retired IPv4 address space and this is likely to become more common, at least until the day comes that IPv4 can finally be put to bed.

It seems that we may be in overtime, but there is still a life for IPv4 after all.

At this point I'm not sure what I prefer. Some years ago I even paid my ISP to have a static IP, which I used to host stuff at home. Nowadays, I have a $5/month VPS to host, and I really want to be anonymous at home, so I appreciate address sharing, which hides my real IP to the server, and can only be deanonymized with a judge order to the ISP.

Tags: roundup

Comments? Tweet  

Mass cellphone surveillance experiment in Spain

October 29, 2019 — Carlos Fenollosa

Spanish Statistics Institute will track all cellphones for eight days (2 min, link in Spanish, via)

A few facts first:

  • Carriers geotrack all users by default, using cell tower triangulation. They also store logs of your calls and sms, but that is a story for another day.
  • This data is anonymized and sold to third parties constantly, it's part of the carriers business model
  • With a court order, this data can be used to identify and track an individual...
  • ... which means that it is stored de-anonymized in the carrier servers
  • This has nothing to do with Facebook, Google or Apple tracking with cookies or apps
  • You cannot disable it with software, it is done at a hardware level. If you have any kind of phone, even a dumbphone, you are being tracked
  • It is unclear whether enabling airplane mode stops this tracking. The only way to make sure is to remove the SIM card and battery from the phone.

This is news because it's not a business deal but rather a collaboration between Spain's National Statistics Institute and all Spanish carriers, and because it's run at a large scale. But, as I said above, this is not technically novel.

On paper, and also thinking as a scientist, it sounds very interesting. The actual experiment consists on tracking most Spanish phones for eight days in order to learn about holiday trips. With the results, the Government expects to improve public services and infrastructures during holiday season.

The agreement indicates that no personally identifiable data will be transferred to the INE, and I truly believe that. There is nothing wrong about using aggregated data to improve public services per se, but I am concerned about two things.

First of all, Spain is a country where Congress passed a law to create political profiles of citizens by scraping social networks —fortunately rejected by the Supreme Court— and also blocked the entire IPFS gateway to silence political dissent.

I'd say it is quite reasonable to be a bit suspicious of the use that the Institutions will make of our data. This is just a first warning for Spanish citizens: if there is no strong backlash, the next experiment will maybe work with some personal identifiable data, "just to improve the accuracy of results". And yada yada yada, slippery slope, we end up tracking individuals in the open.

Second, and most important. This is no longer a topic of debate! We reached a compromise a few years ago, and the key word is consent.

All scientists have to obtain an informed and specific consent to work with personal data, even if it is anonymous, because it is trivially easy to de-anonymize individuals when you cross-reference the anonymous data with known data: credit cards, public cameras, public check-ins, etc. In this case, once again, the Spanish institutions are above the law, and also above what is ethically correct.

No consent, no data shared, end of story. Nobody consented to this nor were we given an option to opt out.

P.S. Of course, this is a breach of GDPR, but nobody cares.

Tags: law, security

Comments? Tweet  

Links for 2019-10-20

October 18, 2019 — Carlos Fenollosa

Bye, Yahoo! Groups

Yahoo is deleting all content ever posted to Yahoo Groups (1 min, via)

I am torn between "You will not be missed" and "This is like the Geocities shutdown all over again"

In any case, this warrants an F

How to disable Linux Intel mitigations

HOWTO make Linux run blazing fast (again) on Intel CPUs (2 min, via) is a quick note on the grub parameters required to make Linux faster by disabling the security mitigations for Intel CPU bugs.

Should you do it? Benchmarks report 10%-15% performance increase with mitigations off. I have personally not taken this trade-off and my mitigations are still on, however, I have not disabled SMT which is the only 100% safe solution.

Personally, on a computer that is constantly running third party code —websites—, I prefer to lose that 15%.

Everything is louder now

Why Everything Is Getting Louder (15 min, via) blames the tech industry for the rising noise baseline we suffer everyday.

The article focuses on electronics-generated noises, but let me twist it to my agenda.

We must fight against noise pollution.

Unfortunately, in our urban modern lifestyles, we are constantly sharing our space with cars, trains, planes, ambulances, noisy cellphones, TVs, and other sources of unwanted noise.

Some things we can't avoid and, well, we just cope with them.

I hate TVs on bars, dislike ambient music, and loathe people using loud cellphones in public. I carry in-ear headphones and regularly use them even when I'm not listening to any music.

Some people just can't be alone with their thoughts and need constant external stimulus. I understand that, and can even empathize with them. But let the rest of us enjoy our moments of silence.

Both our attention and our peace of mind are precious resources, and anything that wants to deprive us of them, without good reason, is an enemy.

As I read somewhere on the Internet: "Nobody is coming to the beach to listen to their towel neighbour's music."

CO2 levels in offices

Literally Suffocating In Meetings, A Little (1 min, via) argues that high CO2 levels, which are common in poorly ventilated meeting rooms, have adverse health effects.

The NYT published a piece on CO2 levels and poor decisions, which can be summarized as "high CO2 levels make you groggy and dumb".

I guess the take home message is, watch your CO2 levels as you'd watch temperature, humidity or pollutants.

pg presents new Lisp

Bel (RH, via)

When one of the Lisp wizards releases a new dialect, you listen.

Of course, read the HN comments as they provide more context.

Hardware implants are becoming cheaper

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 (5 min, via) is kind of a follow-up to the infamous Bloomberg "The Big Hack" unverified piece.

In this article:

At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement.

With only a $150 hot-air soldering tool, a $40 microscope, and some $2 chips ordered online, Elkins was able to alter a Cisco firewall in a way that he says most IT admins likely wouldn't notice, yet would give a remote attacker deep control.

Well, now we will start needing verifiable hardware, probably through other trusted hardware testing devices. This is going to be fun.

As a related note, one HN comment points out to Operation GUNMAN - how the Soviets bugged IBM typewriters which contains full details on how the bug works.

An Ode to the File

Computer Files Are Going Extinct (5 min, via) defends the usefulness of computer files and laments how we are transitioning to different metaphors in the computing world.

Most of the HN comments follow the author's thesis, but I am of a different opinion on this topic.

"Files" are difficult metaphors for most people, and they feel more comfortable when the app hides this structure behind some easier visual object.

This is just another step towards The Great Divide, which will come soon. Computing devices will be split between content creators and content consumers, and consumer devices will be absolutely different in any shape or form to creator devices.

When Steve Jobs' was interviewed at D8 (video, 2:20) where he comes up with the cars/trucks metaphors for PCs and iPads:

"When we were an agrarian nation, all cars were trucks because that's what you needed on the farms." Cars became more popular as cities rose, and things like power steering and automatic transmission became popular.

"PCs are going to be like trucks," Jobs said. "They are still going to be around." However, he said, only "one out of x people will need them."

The move, Jobs said, will make many PC veterans uneasy, "because the PC has taken us a long ways."

You are being tracked

The Fantasy of Opting Out (10 min, via) is an excellent article by two University professors on how you are being tracked online, not only with cookies and javascript, but also with your devices radios and cross-referencing datasets.

Here's the actionable part:

We can apply obfuscation in our own lives by using practices and technologies that make use of it, including:

  • The secure browser Tor, which (among other anti-surveillance technologies) muddles our Internet activity with that of other Tor users, concealing our trail in that of many others.

  • The browser plugins TrackMeNot and AdNauseam, which explore obfuscation techniques by issuing many fake search requests and loading and clicking every ad, respectively.

  • The browser extension Go Rando, which randomly chooses your emotional "reactions" on Facebook, interfering with their emotional profiling and analysis.

  • Playful experiments like Adam Harvey’s HyperFace project, finding patterns on textiles that fool facial recognition systems – not by hiding your face, but by creating the illusion of many faces.

The original Macintosh manual

Thoughts on (and pics of) the original Macintosh User Manual (10 min, via) is a beautiful review of the 1984 Mac manual, complete with high resolution pictures.

1984 Macintosh manual

I miss printed computer manuals like the Macintoshes and the Commodores.

How to pwn

Offense At Scale (5 min, PDF) is a good intro to pentesting techniques.

I found that presentation via Defense at Scale where the author suggests strategies to reduce the attack surface.

Both presentations are good, but I liked the former best.

How file formats work

Designing File Formats (5 min, via) explains how magic numbers and file headers work.

Every programmer should know this. Go read it!

How to make an Integrated Circuit

On First IC :) (RH, via), Sam Zeloof details how he created his first "homemade" chip on his garage, from design to transistor litography.

He has some advanced machinery available, this is not really a project anybody can do "at home", but it's a very insightful read!

integrated circuit

Tags: roundup

Comments? Tweet  

Links for 2019-10-13

October 13, 2019 — Carlos Fenollosa

No common topic this week. Enjoy the links!

New Linux laptops with open source firmware

System76 Will Begin Shipping 2 Linux Laptops With Coreboot-Based Open Source Firmware (2 min, via)

My endgame is to retire early and create an ecosystem of free hardware + software for a laptop, phone and could environment, like iCloud but totally self-hosted.

Meanwhile, we have to be satisfied with small advances like these laptops running Coreboot.

Kudos to System76, and let's hope the market moves towards this goal.

New graphical toy OS

SerenityOS: From zero to HTML in a year (2 min), is a visual tour through the development of SerenityOS, a toy OS with graphical capabilities, now able of rendering a webpage using its own web browser.

As a fan of toy OSs, this is awesome.

Ken Thompson's password

Ken Thompson's Unix password (2 min, via) explains how Nigel Williams hacked Ken Thompson's extremely secure Unix password and it turns out to be a chess move!

From: Nigel Williams Subject: Re: [TUHS] Recovered /etc/passwd files

ken is done:

ZghOT0eRm4U9s:p/q2-q4!

took 4+ days on an AMD Radeon Vega64 running hashcat at about 930MH/s during that time (those familiar know the hash-rate fluctuates and slows down towards the end).

D-Link routers will remain vulnerable

D-Link Home Routers Open to Remote Takeover Will Remain Unpatched (1 min, via)

I am just going to quote HN user jjguy:

This is the new normal, folks. Consumer technology is manufactured for six to twelve months, but live in our homes for three to five years. Today's manufacturers cannot afford to update software for hardware devices they have already moved on from. Changing that requires a significant upheaval in their business models.

This applies to every "connected device:" printers, cell phones, home routers, refrigerators, thermostats -- you name it.

Your router is your gateway to the Internet. Any flaws on its software will open your home computers and phones to remote attackers.

There is little we can do, except starting to treat our routers like any other computer: make sure it's updated regularly, and when it does not get any security updates anymore, replace it with a newer model.

Twitter misusing 2FA phone numbers

Twitter admits it used two-factor phone numbers and emails for serving targeted ads (1 min, via)

Only one month ago, Twitter's CEO Jack's account was hacked exploiting his 2FA phone number via "SIM swap" attack.

Now we discover that, like Facebook did, Twitter also used the phone you provided for 2FA to target you with ads.

Shame on Twitter, this is an absolutely shitty practice which will backfire by letting users associate 2FA with a bad thing.

As HN user danShumway explains:

Virtually the entire security industry agrees that using phone numbers for account security is an antipattern because of sim-jacking, and yet swaths of the biggest tech companies in the industry do it anyway.

[...]

In theory, a 2FA over SMS is better than nothing. In practice, it trains customers to be insecure and should be avoided. It trains customers to think that identity verification over text is OK. In practice, you can't trust companies not to use it for advertising, or to start using it as identity verification in the future. In practice, there are very, very few legitimate reasons why a company should ever need my phone number, and pretty much none of them have anything to do with security. 99% of your users should be using a 2FA app instead of a phone number.

Remote exploit on the wild for Android phones

New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild (2 min)

The zero-day is a use-after-free vulnerability in the Android kernel's binder driver that can allow a local privileged attacker or an app to escalate their privileges to gain root access to a vulnerable device and potentially take full remote control of the device.

According to the researcher, since the issue is "accessible from inside the Chrome sandbox," the Android kernel zero-day vulnerability can also be exploited remotely by combining it with a separate Chrome rendering flaw.

Therefore, most Android devices manufactured and sold by a majority of vendors with the unpatched kernel are still vulnerable to this vulnerability even after having the latest Android updates

  • Pixel 1
  • Pixel 1 XL
  • Pixel 2
  • Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7
  • Samsung S8
  • Samsung S9

To be noted, Pixel 3, 3 XL, and 3a devices running the latest Android kernels are not vulnerable to the issue.

This is really, really bad. Update as soon as the patches are released, and don't browse untrusted websites meanwhile.

Dockerizing ancient OSs

Resurrecting Ancient Operating Systems on Debian, Raspberry Pi, and Docker (1 min, via) is a quick note where the author explains how he has dockerized ancient OSs repo to replicate these old environments and play with them in the modern era.

I like this idea a lot and, actually, I have my own folder of virtualised systems with which I play from time to time. I have a perfect replica of my old computers (a DOS + Win31, a Win98 and a WinXP) and run them regularly to feel that good nostalgia.

Your crappy app wastes my brain glucose

Your app makes me fat (2013, 5 min, via)

This is an extremely interesting article on popular psychology and how willpower is a finite resource which gets depleted.

Willpower and cognitive processing draw from the same pool of resources.

Spend hours at work on a tricky design problem? You're more likely to stop at Burger King on the drive home. Hold back from saying what you really think during one of those long-ass, painful meetings? You'll struggle with the code you write later that day.

Since both willpower/self-control and cognitive tasks drain the same tank, deplete it over here, pay the price over there. One pool. One pool of scarce, precious, easily-depleted resources. If you spend the day exercising self-control (angry customers, clueless co-workers), by the time you get home your cog resource tank is flashing E.

Remember these conclusions: since I read about that link between glucose depletion in the brain and willpower I have been much more aware of my cravings and how to avoid succumbing to them.

The rise of Matebooks

Void Linux (musl) on the Huawei Matebook X Pro (5 min) is a good review of the Matebook, with some bonus opinions on Void Linux.

I've mentioned many times that I'm unhappy with the current state of Apple hardware, and I have been looking for alternatives.

Old Lenovos are cheap, newer Lenovos are pretty good, and it's nice to know that there's a high quality, affordable laptop in between them.

Remembering the BBSs

BBSes: Partying Online Like It's 1989 (10 min, via)

The BBS era is one I barely missed, as my early Internet experiences happened around 1996 via IRC, mail and the early web. The article reminisces of this primeval and very popular form of communication that catered to many niches.

On a side note, I just discovered Paleotronic, and it's a great source of retro nostalgia. The topics are interesting, the text is accessible, and it's full of pictures from old magazines. You will probably see it linked a lot here!

A cynical take on HN

webshit weekly is a weekly commentary on the top HN links.

I really like the author's cynical take, his sense of humor, and the way he interprets comments on the funniest and worst possible way.

You will find gems like:

(Apple Hides Taiwan Flag in Hong Kong)

Whether an old person falls over or a young person stands up, Apple will call the cops.

(Google Cloud is down)

Nobody considers the obvious root cause: Google, being unable to embed ads into TCP packets, has discontinued the product.

(Comparing the Same Project in Rust, Haskell, C++, Python, Scala and OCaml)

Some children play programming language pokemon.

(Facebook reveals its cryptocurrency Libra)

Facebook, unsatisfied with being an unregulated newspaper, post office, and telephone service, decides the only way to recover from years of user-abuse scandals is to become an unregulated bank.

Privacy under attack by US, UK, AU govts

The Open Letter from the Governments of US, UK, and Australia to Facebook is An All-Out Attack on Encryption (1 min, via)

The EFF explains:

Top law enforcement officials in the United States, United Kingdom, and Australia told Facebook today that they want backdoor access to all encrypted messages sent on all its platforms. In an open letter, these governments called on Mark Zuckerberg to stop Facebook's plan to introduce end-to-end encryption on all of the company's messaging products and instead promise that it will "enable law enforcement to obtain lawful access to content in a readable and usable format."

I don't have much more to add other than linking to my 2015 text on "Think of the terrorists" is the new "Think of the children"

More problems with Catalina

In macOS 10.15 Vista (1 min) and Broken (2 min, via), Tyler Hall presents a screenshot of evidence of how low Apple has fallen with its recent UX.

macOS Vista

I will definitely not upgrade to Catalina, and there are many others who think like me

I sincerely hope Apple get its act together and starts producing good software and hardware again. These last 5 years have been an absolute hell as an Apple ecosystem user.

Cloudflare is bad, take two

CloudFlare is ruining the internet (for me) (2016, 2 min, via)

The idea that a single company can negatively influence the experience of such a large portion of the internet for users is kinda scary

I agree with the author. We should stop giving Cloudflare too much power.

This is a company that can cut off internet access for a large amount of users, or seriously hinder it (endless stream of captchas) with the switch of a button.

I would urge everyone to reconsider using CloudFlare as your CDN/DNS/DDOS solution. Being free is not good enough reason to use something, if you are concerned about your site speed there are more important things to look into for optimization before considering a CDN

Most deepfakes are porn

Most Deepfakes Are Used for Creating Non-Consensual Porn, Not Fake News (2 min, via)

We need to figure out how platforms will moderate users spreading malicious uses of AI, and revenge porn in general. We have to solve the problems around consent, and the connection between our bodily selves and our online selves. We need to face the fact that debunking a video as fake, even if it's proven by DARPA, won't change someone's mind if they're seeing what they already believe. If you want to see a video of Obama saying racist things into a camera, that's what you'll see—regardless of whether he blinks.

The Department of Defense can't save us. Technology won't save us. Being more critically-thinking humans might save us, but that's a system that's lot harder to debug than an AI algorithm.

Last month I linked to a Facebook initiative to detect deepfakes and it seems that the deepfake problem is starting to get mainstream.

Good.

Tags: roundup

Comments? Tweet