Facebook stored hundreds of millions of user passwords in plain text for years

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook is a criminal enterprise that needs to be broken up into its constituent parts sooner rather than later.

Remastering Star Trek: Deep Space Nine with machine learning

As a little side-project, I have been working on putting the artificial neural networks of AI Gigapixel to the test and having them upscale another favorite thing of mine… Star Trek: Deep Space Nine (DS9).

Just like Final Fantasy 7, of which I am upscaling the backgrounds, textures, and videos in Remako mod, DS9 was also relegated to a non-HD future. While the popular Original Series and The Next Generation were mostly shot on film, the mid 90s DS9 had its visual effects shots (space battles and such) shot on video.

While you can rescan analog film at a higher resolution, video is digital and can’t be rescanned. This makes it much costlier to remaster this TV show, which is one of the reasons why it hasn’t happened.

Fascinating methodology, and the results speak for themselves. Amazing work.

An exclusive look at an original iPhone prototype

Apple had developed the iPhone in secret over those two and a half years, and for many inside the company, the device had only been known by the codenames “M68” and “Purple 2.” Apple was focused on surprising everyone with the iPhone, and that meant that many of the engineers working on the original handset didn’t even know what it would eventually look like.

To achieve that level of secrecy, Apple created special prototype development boards that contained nearly all of the iPhone’s parts, spread out across a large circuit board. The Verge has obtained exclusive access to the original iPhone M68 prototype board from 2006/2007, thanks to Red M Sixty, a source that asked to remain anonymous. It’s the first time this board has been pictured publicly, and it provides a rare historical look at an important part of computing history, showing how Apple developed the original iPhone.

Amazing exclusive, and a fascinating look at this rare development board.

Google hit with €1.5bn fine from EU over advertising

Google has been hit with a €1.49bn (£1.28bn) fine from the EU for blocking rival online search advertisers.

It is the third EU fine for the search and advertising giant in two years.

The case accuses Google of abusing its market dominance by restricting third-party rivals from displaying search ads between 2006 and 2016.

In response, Google changed its AdSense contracts with large third parties, giving them more leeway to display competing search ads.

I’m glad at least someone has the guts to face megacorporations head-on.

Most of Apple’s touted services revenue comes from microtransations in free-to-play games

There’s an interesting observation in this article that not enough people seem to realise:

Probably one of the biggest contributors to Apple’s revenue is the massively popular App Store, which was estimated as of May 2018 to have seen upward of 170 billion downloads in its 10-year history.

Most of those aren’t straight-up paid purchases — a massive percentage of the App Store’s revenue comes from in-app purchases in free-to-play games like Fortnite and Candy Crush and subscription apps like Netflix, Tinder, and YouTube. According to App Annie’s latest estimates, every single one of the 50 top grossing apps on the platform is either a major service that relies on subscription fees or a free-to-play game. Even the most popular paid apps like Minecraft or Facetune just don’t make the same kind of money as free apps that rely on in-app purchases, even with in-app purchases to help bolster their numbers. And Apple takes a cut of each of those in-app purchases and subscriptions.

As Nilay Patel points out, Apple’s services narrative – the pitch to stockholders that Apple can grow its services revenue – feels rather unpleasant when you realise that most of the App Store revenue is microtransactions in free-to-play and gambling games like Candy Crush. It’s a rather dirty public secret Apple would rather you not focus on too much: Apple’s services revenue comes, in large part, from scummy apps and games trying to trick little kids and less technology savvy people into spending their money on gems or gambling boxes or whatever.

Not exactly the kind of world-changing, holier-than-thou stuff Apple usually touts, now, is it?

As Patel notes, this is a huge problem for Apple, as the recent Spotify antitrust complaint highlights:

There is a clear disconnect between how much money Apple is making by charging a fee for users to take another turn in Candy Crush and how it wants people to think of the “app economy” — no one loves free-to-play games, but all the incentives of the store are aligned around them. So Spotify and Netflix saying the App Store tax is unfair causes a huge problem: if Apple changes the rules and allows alternate payment systems, it will crater App Store revenue because it’s all based on taking a cut of free-to-play games no one really wants to talk about.

Tim Cook’s Apple is a bean counter company, a company with no qualms about giving up their Chinese users’ privacy, working closely with the totalitarian Chinese government, or profiting massively from scammy free-to-play games.

Google to ask Android users in the EU which browser and search engine they want to use

After the Commission’s July 2018 decision, we changed the licensing model for the Google apps we build for use on Android phones, creating new, separate licenses for Google Play, the Google Chrome browser, and for Google Search. In doing so, we maintained the freedom for phone makers to install any alternative app alongside a Google app.

Now we’ll also do more to ensure that Android phone owners know about the wide choice of browsers and search engines available to download to their phones. This will involve asking users of existing and new Android devices in Europe which browser and search apps they would like to use.

Low effort initiative that will only serve to annoy users. I don’t think this addresses the core issue of the power large megacorporations have, but what do I know.

Google formally reveals its new game streaming platform Stadia, works on basically any screen

In case you’re out of the loop, Stadia follows last year’s Project Stream test, which Google views as a resounding success. In essence, Stadia is Project Stream, delivering a similar game-streaming service, but done bigger, better, and with more features.

Like Project Stream, Stadia will allow you to play AAA games at super-high settings, with silky smooth framerates, at up to 4K resolutions — at least, to start. It works remotely, with the actual game being hosted on Google’s remote servers, as it’s streamed to your home. This all comes without a major investment in specialized gaming gear, too.

Google is taking this project quite seriously, as it even relies on custom hardware:

Google’s expanded its data centers to better provide an optimized experience, for even “the most demanding games,” and that includes fresh new hardware in those data centers. Stadia’s stack, revealed on the Stadia.dev site, includes a custom 2.7GHz x86 CPU, custom AMD GPUs (rated at 10.7 teraflops), 16GB of RAM, and SSD cloud storage.

If there’s one company capable of building the infrastructure capable of making game streaming a reality, it’s Google. However, I remain skeptical for now, and will adhere to the mantra of seeing is believing.

Nvidia announces $99 AI computer for developers, makers, and researchers

In recent years, advances in AI have produced algorithms for everything from image recognition to instantaneous translation. But when it comes to applying these advances in the real world, we’re only just getting started. A new product from Nvidia announced today at GTC — a $99 AI computer called the Jetson Nano — should help speed that process.

The Nano is the latest in Nvidia’s line of Jetson embedded computing boards, used to provide the brains for robots and other AI-powered devices. Plug one of these into your latest creation, and it’ll be able to handle tasks like object recognition and autonomous navigation without relying on cloud processing power.

Fascinating little device that could be a great boon for the maker community.

Kryofluxing PC floppies

Last year I finally bought a Kryoflux, unfortunately in the middle of moving house. Now I’m finally able to use it beyond verifying that it’s not completely broken. After imaging a few dozens of floppies, I can say one thing–Kryoflux is surprisingly difficult to use with PC 5¼″disks. There is a distinct impression that Kryoflux was designed to deal primarily with Amiga and C64 floppies, and although PC floppy formats present absolutely no difficulty for the Kryoflux hardware as such, using the software for archiving standard PC 5¼″ media is very far from simple.

Let’s start with the easy part. Imaging 3½″ media is relatively simple because PC 3½″drives are straightforward (well, let’s omit the special Japanese 1.6M media). 3½″ drives always rotate at 300 RPM and usually automatically handle media density based on the floppy itself. But if everything were easy, life wouldn’t be very interesting.

Preserving the data on these ancient floppies is crucial, and it’s great to see various types of specialised hardware exist just for this purpose.

Suse is once again an independent company

Open-source infrastructure and application delivery vendor Suse — the company behind one of the oldest Linux distributions — today announced that it is once again an independent company. The company today finalized its $2.5 billion acquisition by growth investor EQT from Micro Focus, which itself had acquired it back in 2014.

I only remember using SUSE well over 15 years ago, and lost track of it after Ubuntu came onto the scene. Good news, though – I prefer open source companies to be independent. It seems to fit their nature better.

Is computer code a foreign language?

Maryland’s legislature is considering a bill to allow computer coding courses to fulfill the foreign language graduation requirement for high school. A similar bill passed the Florida State Senate in 2017 (but was ultimately rejected by the full Legislature), and a federal version proposed by Senators Bill Cassidy, Republican of Louisiana, and Maria Cantwell, Democrat of Washington, is being considered in Congress.

The animating idea behind these bills is that computer coding has become a valuable skill. This is certainly true. But the proposal that foreign language learning can be replaced by computer coding knowledge is misguided: It stems from a widely held but mistaken belief that science and technology education should take precedence over subjects like English, history and foreign languages.

This is silly. Programming is certainly not a replacement for foreign language skills. That being said, it’s somewhat defensible considering this is an American story, and since they speak English as their first or second language anyway, they can get by in the world pretty well as it is.

A Pi-powered Plan 9 cluster

Plan 9 from Bell Labs comes from the same stable as the UNIX operating system, which of course Linux was designed after, and Apple’s OS X runs on top of a certified UNIX operating system. Just like UNIX, Plan 9 was developed as a research OS — a vehicle for trying out new concepts — with it building on key UNIX principles and taking the idea of devices are just files even further.

In this post, we take a quick look at the Plan 9 OS and some of the notable features, before moving on to the construction of a self-contained 4-node Raspberry Pi cluster that will provide a compact platform for experimentation.

The post is almost a year old, but it hasn’t ever appeared here, and for that I will not stand. Plan 9 gets little attention and press, and that’s decidedly a shame.

Android Q will allow more permissions for third-party apps set as defaults

If you’re setting an app to be your default browser or email client, you probably trust it with your data. However, you still have to manually grant it permission for everything. Starting with Android Q, apps set as defaults will be automatically granted permissions based on what they are the default for.

Android Q introduces a new function called ‘Roles’, which “allows the OS to grant apps elevated access to system functions based on well-understood use cases”.

I’m not entirely sure this is a great idea. I can easily see scammers trying to trick people into setting a malware app as default, granting it easier access to their device.

SweRV: an annotated deep dive

To satisfy the true geeks, Western Digital organized a Swerv Deep Dive at the Bay Area RISC-V Meetup. The meetup was well organized (free food!) and attended by roughly 100 people.

A Webex recording of this meetup is currently still available here. (The first 53 minutes are empty. The meat of the presentation starts at the 53min30 mark.)

Zvonimir Bandic, Senior Director of Next Generation Platform Technologies Department at Western Digital, gave an excellent presentation, well paced, little marketing fluff, with sufficient technical detail to pique my interest to dive deeper in the specifics of the core. I highly recommend watching the whole thing. There was also a second presentation about instruction tracing which I won’t talk about in this post.

In this blog post, I’ll go through the presentation and add some extra details that I noted down at the meetup or that were gathered while going through the SweRV source code on GitHub or while going through the RISC-V SweRV EH1 Programmer’s Reference.

This goes way beyond my comfort level.

Facebook’s data deals are under criminal investigation

Federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some of the world’s largest technology companies, intensifying scrutiny of the social media giant’s business practices as it seeks to rebound from a year of scandal and setbacks.

A grand jury in New York has subpoenaed records from at least two prominent makers of smartphones and other devices, according to two people who were familiar with the requests and who insisted on anonymity to discuss confidential legal matters. Both companies had entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users.

Good.

Spotify files antitrust complaint against Apple in the EU

Spotify, the popular music streaming service from Sweden, has filed an official antitrust complaint against Apple at the European Commission. In a blog post announcing the move, Spotify CEO Daniel Ek writes:

It’s why, after careful consideration, Spotify has filed a complaint against Apple with the European Commission (EC), the regulatory body responsible for keeping competition fair and nondiscriminatory. In recent years, Apple has introduced rules to the App Store that purposely limit choice and stifle innovation at the expense of the user experience—essentially acting as both a player and referee to deliberately disadvantage other app developers. After trying unsuccessfully to resolve the issues directly with Apple, we’re now requesting that the EC take action to ensure fair competition.

Apple operates a platform that, for over a billion people around the world, is the gateway to the internet. Apple is both the owner of the iOS platform and the App Store—and a competitor to services like Spotify. In theory, this is fine. But in Apple’s case, they continue to give themselves an unfair advantage at every turn.

I don’t think I have to explain to anyone here why Spotify’s CEO is right. In the App Store, Spotify can only make use of Apple’s payment system, and for every Spotify subscription purchased through the iOS application, the company is forced to hand over 30% to Apple. To make matters worse, Spotify is not allowed to include a link to, say, a website where users can sign up for Spotify, nor can the company include any language even hinting at where users can sign up.

On top of this, Spotify also states that Apple has blocked new features Spotify wanted to introduce including “locking Spotify and other competitors out of Apple services such as Siri, HomePod, and Apple Watch”. Furthermore, Apple limits the ways in which Spotify and other App Store developers can communicate with their users.

This seems like the perfect moment to go after the big technology giants, and I hope something comes of this complaint. Any handle we can use to limit the power of megacorporations is a handle we should grab with both hands.

Google releases Android Q Beta

Today we’re releasing Beta 1 of Android Q for early adopters and a preview SDK for developers. You can get started with Beta 1 today by enrolling any Pixel device (including the original Pixel and Pixel XL, which we’ve extended support for by popular demand!). Please let us know what you think! Read on for a taste of what’s in Android Q, and we’ll see you at Google I/O in May when we’ll have even more to share.

The first beta for Android Q includes a ton of privacy improvements, support for foldable devices, a new share sheet that isn’t slow as molasses, improvements to ART, and much more.

Google has quietly added DuckDuckGo as a search engine option for Chrome users in 60 markets

The greatest beneficiary of the update appears to be pro-privacy Google rival, DuckDuckGo, which is now being offered as an option in more than 60 markets, per the GitHub instance.

Previously DDG was not offered as an option at all.

Good. DDG is a great search engine and has been my default search engine for a while now. I suggest everyone attempt the same – we need more competition, especially since DDG is far more privacy oriented than Google can ever be.

Graying out

For many years I’ve interacted with my fellow humans, I think perhaps more than any other way, via the medium of Internet chat. But in my chat window, they’re fading, one by one. This problem is technical and personal and I felt it ought not to go unrecognized.

What a bittersweet story. Definitely worth a read.