11.01.22

Red Hat (IBM) Hyped Up a Fair Pair of Flaws That Isn’t Critical, Isn’t Actively Exploited, and Even Red Hat’s Distro Isn’t Patching Yet

Posted in Deception, Free/Libre Software, FUD, GNU/Linux, IBM, Marketing, Microsoft, Red Hat, Rumour, Security, Servers, Standard at 3:14 pm by Dr. Roy Schestowitz

Video download link | md5sum 8de27c8022d55f728a4d1c5eb55026e0
Irresponsible Misinformation About OpenSSL
Creative Commons Attribution-No Derivative Works 4.0

Summary: Fuelling Microsoft-affiliated and sometimes Microsoft-funded “news” (noise) sites, Red Hat — and to a lesser extent Fedora — exaggerated the severity of bugs a week before their details’ release (long and purposeless suspense); it’s a case of a boy who cries “wolf!” to get “likes” in Twitter and media coverage that relies on nothing but lousy (inaccurate) "tweets", where fact-checking is impeded by NDAs/embargo

A few days ago we took note of the overhyped (mostly by Red Hat) impending patch for OpenSSL. Red Hat ended up slipping/changing the release date of Fedora, adding some more to the perceived danger, contributing to the scare, resulting in a week’s worth of media misinformation like calling it "zero day" (even in headlines!). This irresponsible hype turns out to be have been outright disinformation (or at best misinformation) about the severity and it’s worth noting that Red Hat is in no hurry to patch its most important products and there are no actively-exploited aspects; in other words, it is not “0-day” and there is no immediate rush to patch (in some cases there is no patch, either).

“We perceive this to be a bit of a media blunder, taking informal “tweets” at face value and trying to compete over who produces the most scary headline/s for about a week already.”The 8 URLs from the video are listed below in a logical order. To quote [4] below “Q: The 3.0.7 release was announced as fixing a CRITICAL vulnerability, but CVE-2022-3786 and CVE-2022-3602 are both HIGH. What happened to the CRITICAL vulnerability?”

We perceive this to be a bit of a media blunder, taking informal “tweets” at face value and trying to compete over who produces the most scary headline/s for about a week already.

Links from the video above

  1. OpenSSL 3.0 Series Release Notes
  2. Vulnerabilities list
  3. OpenSSL Security Advisory [01 November 2022]
  4. CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
  5. Comments: OpenSSL Outlines Two High Severity Vulnerabilities
  6. OpenSSL 3.0.7 released
  7. OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
  8. OpenSSL 3.0.7 Fixes Two High-CVEs with Buffer Overflow

10.31.22

People Who Adopt Gmail Help Google Attack E-mail in General

Posted in Google, Protocol, Servers at 10:07 am by Dr. Roy Schestowitz

Video download link | md5sum 2f53949551a60a6d9d691f18043d1405
Gmail is Not Email But Attack on Email
Creative Commons Attribution-No Derivative Works 4.0

Summary: Google has become a big problem and Gmail is massive liability to the global E-mail system; its market share needs to be be significantly lowered (the same is true when it comes to Web browsers; therein, whatever Google does becomes a de facto ‘standard’)

THE other day we covered the way Google critics resorted to a partisan framing, basically distracting from Google’s war on independent or small mail relays, the vast majority of which perfectly legitimate ones. Gmail is not a framework for delivering E-mail but for rejecting E-mail, usually based on some flimsy process with a corporate bias. Forget about politics.

All this false partisanship is a Public Relation (PR)) tactic. Google prefers is that way.

Today we deal with this anecdotal story that “90-95% of the spam I receive originates from servers under Google’s control. Do you guys bother to check outgoing messages, or do you just filter and block incoming messages?”

Google is subjecting everyone to vastly higher standards than it subjects itself to. CoC-like thinking of double standards.

There have been similiar agonising stories lately.

“We need to encourage friends, family, colleagues and other peers to shun centralised E-mail systems…”I myself have long experienced the pain of ISPs (or big American companies) discriminating against mail relays like mine. In fact, at one point I was losing a lot of mail or was unable to respond to mail after a close relative lost a family member. It’s hard to forget the amount of damage this caused, even if that was more than 16 years ago!

E-mail is meant to reliably send mail; but the entrepreneurs behind E-mail (the real ones, not the fraud who threatened me for calling him out) did not envision companies like Google hoarding a lot of the system and then blocking loads of relays without any oversight, let alone independent scrutiny and fines. We need to encourage friends, family, colleagues and other peers to shun centralised E-mail systems; the endgame might be the end of E-mail as an open system.

10.11.22

The World Wide Web is a Dying Internet Platform (But Nobody Wants to Admit It Because the Demise is Slow and Gradual)

Posted in Protocol, Servers at 8:56 am by Dr. Roy Schestowitz

Summary: Based on every metric tracked by Netcraft, the Web is going down consistently; this merits discussion or active debate that remaining news sites (fewer of them left, many go offline permanently) barely entertain

The World Wide Web is a transport layer for all sorts of things, ranging from text to video and even very large compressed archives. The Web is also being “extended” for no reason other than some companies’ business model, not performance, security, privacy etc. Today’s Web isn’t made for the user (visitor) but for predators who view people as “products” and advertisers/governments as clients.

Over time more and more Web traffic is consolidated in the hands of companies that don’t even make a profit. They’re connected to governments and their objective seems to be manipulation of the public, including but not limited to censorship and surveillance thereof. In other words, the Web is becoming a tool of observation and social control.

So what’s going on with the “old” Web? It seems to be gradually going away. Having not covered patents so much this year, I took a quick glance at once very busy sites about patents. One is about 20 years old and the other one is way older than 20 years.

Notice how in IP Kat the posting volume is diminishing over time:

IP Kat archives: About 80 days left

The same is true for Watchtroll, ipwatchdog.com (active since the 1990s). It seems like it’s dying. Just 2 or 3 comments this week or in the front page. We remember it being a hub for many professionals or people obsessed with litigation. The editor and original founder left years ago, seeing the demise already, and the new editor, who is barely competent, brought no resurgence/rebound. Dreary:

Watchtroll

We still participate heavily in Geminispace. Unlike the Web, it continues to grow (“There are 2806 capsules,” says Lupa) and it fills a sorely-missed gap: pre-bloat Internet. Here’s a growth graph (last generated earlier today):

capsules_2022-10-11 - Geminispace

By contract, this is the Web:

Netcraft chart

Source: September 2022 Web Server Survey.

To quote the opening paragraph: “In the September 2022 survey we received responses from 1,129,251,133 sites across 271,625,260 unique domains, and 12,252,171 web-facing computers. This month all three metrics have decreased since August, with a loss of 5.82 million sites, 115,512 unique domains and 113,356 web-facing computers.”

As it stands at the moment, Gemini is up, the Web is down. But one is like a million times bigger, so that doesn’t say much.

We cannot tell for sure what replaces the Web or takes people’s attention online, but “apps” seem to be a thing*. They are attention-grabbing (or “screen time”-hogging) bunch of garbage and noise for the most part. They demonstrate a transition from computing as a productivity toolset into an apparatus of serfdom.
______
* Our associate argues that “apps” are “outdated, insecure, bug-ridden single-site browsers running insecure, bug-ridden JavaScript over HTTPS and not even a stateful protocol.”

10.09.22

[Meme] There is No Such Thing as Social Control Media; It’s Not Social, It’s Not Media, It’s Just Other People’s Computers (Servers)

Posted in Deception, Servers, Site News at 4:08 pm by Dr. Roy Schestowitz

Fediverse; Self-hosted blog; Diaspora

Summary: Just like “clown computing”, the “social” “media” bubble relies on false assumptions [1, 2] made by those who adopt “trendy” or “fashionable” things

The Promise of Data (and Accounts’) Portability in Federated Networks Like Fediverse and Diaspora is Still Unfulfilled

Posted in Free/Libre Software, Protocol, Servers at 3:33 pm by Dr. Roy Schestowitz

Video download link | md5sum 45f7440fb45003c310202bfbf38004c8
Mastodon False Promises
Creative Commons Attribution-No Derivative Works 4.0

Summary: Account migration in Mastodon (the foremost Fediverse player) does not work as advertised; this means that users are partly locked in/indebted to a platform and a “vendor”, which might stay online for just months or a few years (users don’t get to vote on that)

THIS morning we wrote about the shutdown of a large Mastodon instance. The site Tux Machines is among the casualties.

What does this mean? It’s important to discuss the ramifications, as at the very least it can serve as a cautionary tale.

“It’s important to discuss the ramifications, as at the very least it can serve as a cautionary tale.”The video published this morning was recorded several hours before a migration from one instance to another was attempted. So how did the migration go? Well, it may not be entirely complete just yet, but so far it doesn’t look good. Then again, my expectations were low to begin with, having explained the false promise of free speech [1, 2] and having experienced similar issues in Diaspora. When it comes to migration of accounts from one instance/pod to another, Mastodon is only a little better than Diaspora (no account migration facility at all). Maybe they should stop advertising that. Don’t give people false hopes.

Work in progress is shown in the video above (many open tabs), but it seems like only about 800 connections (out of ~1,300) got migrated and not a single “toot” got migrated. There seems to be no plan to correct this either, based on the official documentation.

Is it reasonable to start again from scratch (zero content) each time an account is migrated? A lot of history gets lost forever.

“This is hardly an accomplishment for a supposedly Free, decentralised, robust network of platforms/deployments.”The same thing happened with Identi.ca and one day it’ll happen with Twitter as well (people who get their account nuked have already experienced this without prior warning). Maybe that’s good reason to wish for the ultimate end of social control media. It was a temporary and mostly failed experiment that harms society. TikTok took this kind of harm to new heights, having become a safe harbour for pedophiles (Gab is a Nazis’ harbour) and destroyer of at least one generation.

Stay tuned as a post mortem or conclusion will be posted at a later date, but it certainly looks like Tux Machines lost over 78,000 “toots” posted in the course of 5.5 years.

This is hardly an accomplishment for a supposedly Free, decentralised, robust network of platforms/deployments. Very disappointing.

Social Control Media Heading Towards Extinction

Posted in Free/Libre Software, Servers at 8:00 am by Dr. Roy Schestowitz

Video download link | md5sum a3e4063d88e9991b3b957d0278440813
Collapse of So-Called Social Media
Creative Commons Attribution-No Derivative Works 4.0

Summary: Not only does social control media lack a business model; it lacks an incentive to participate and maintain as more people flee and move on to better things in life

EARLIER this year I argued that “Social Control Media is a Bubble and JoinDiaspora Might be the Next Casualty” and by year’s end the other instance/pod that I use, this one in the Fediverse, is shutting down as well. It’ll be gone by year’s end with all the stuff ever posted to it. Poof! Like “the cloud”!

Let this serve as an important and timely reminder: people need to run their own blogs/sites (simpler is better) and rely on RSS feeds for syndication. Centralisation (like “planets”) is undesirable, as usual, so passing around OPML files is just vastly better. This is what we’ve done for years. By today’s bandwidth standards, RSS feeds are cheap. They’re simple and effective. Those have historically been a lot more age-proof and they can be portable. They’re also more censorship-resistant for all sorts of reasons.

An associate has suggested “self-hosting one’s own blog. There are a lot of options from simple to complex, from doing it all yourself to outsourcing larger components. Renting a domain name from a registrar is not that large an annual cost, or at least I hope it is not.”

We don’t want to recommend any host or software; this post is explanatory and focuses on concepts, not endorsement of ‘brands’.

So mastodon.technology threw in the towel; this isn’t surprising at all.

“LinkedIn (Microsoft) has layoffs, Facebook will have a lot of layoffs soon (“Meta” is trying to deny it), Twitter is at the mercy of frauds, and the Free/federated/decentralised or even self-hosted alternatives aren’t doing too well either (stagnation at best).”“I have sad news that I have decided to shut down the mastodon.technology instance,” says the administrator. “In accordance with the Mastodon Server Covenant, the server will be shut down no earlier than December 1, 2022.”

My interactions with him have not been positive and he now says: “This made me realize how little joy I’ve been getting from being an admin. How I’ve come to resent the work I have volunteered to do. I’ve donated countless hours to running the instance, solving both technical and moderation problems, and I’ve always put the instance above my own needs. But I can’t put the instance above the needs of my family.”

“The world needs to move on and the Internet should assess its future.”As I explain in the video above, I cannot export my data and it’s going to be pointless to complain about it, judging by how it all went in JoinDiaspora. I also predict that all social control media will become a thing of the past (no business model, no benefit to society either) although it’s not clear what will replace it or what is already replacing it (if anything at all). LinkedIn (Microsoft) has layoffs, Facebook will have a lot of layoffs soon (“Meta” is trying to deny it), Twitter is at the mercy of frauds, and the Free/federated/decentralised or even self-hosted* alternatives aren’t doing too well either (stagnation at best).

The world needs to move on and the Internet should assess its future. The Web suffers a midlife crisis in its 30s and social control media peaked about a decade after it started. It’s all downhill from there.

Facebook and other GAFAM companies tried to extend their lifetime somewhat by penetrating remote areas and esoteric groups, including age groups. Similarly, “The Federation” became orphaned and it is now run by someone to only document its demise. The numbers below can be misleading; only about 1 in 1,000 citizens of Earth has an account and about 90% of those aren’t even active, so we’re talking about market penetration rate of about 0.01% (6,144,747 total users and 574,911 active users this past month).

The Federation

_____
* The term is relative. Unless one runs one’s own ISP and maintains one’s local DNS server, ‘true’ self-hosting is almost impossible. Even then, there are some upstream dependencies at the backbone and trans-continental traffic. The Internet is made not of peers; it’s a bit more like a pyramid still. P2P and decentralisations are merely ‘hacks’, just like Tor/Onion relays.

10.06.22

Ubuntu Pro-Microsoft and It Moreover Promotes Proprietary Garbage That’s Bad for Security and Performance

Posted in Microsoft, Security, Servers, Ubuntu at 1:49 pm by Dr. Roy Schestowitz

Video download link | md5sum cd184b7bd01c25a23ddcf61d0a5a1cf4
Ubuntu Pro Microsoft
Creative Commons Attribution-No Derivative Works 4.0

Summary: Unsafe, bloated, proprietary Windows programs of Microsoft are used to advertise Ubuntu Pro, so Canonical has clearly lost the plot

THIS site has been critical of Canonical lately, but for purely factual reasons, it’s not some mindless trash-talking. We’ve openly encouraged people not to adopt Ubuntu and not recommend it to other people. We explained why promoting other distros would be far better. Ubuntu’s popularity is waning regardless. Canonical is just trying to ‘upsell’ Debian for profit. In the process it promotes not only proprietary software but software that spies on users; that even includes Microsoft’s proprietary software despite the fact that Microsoft tries to prevent Ubuntu users from booting Ubuntu on their PCs (Canonical should have filed an antitrust complaint against Microsoft).

But this post (and video) isn’t about the many reasons to avoid/skip Ubuntu. It’s about the dangers associated with Microsoft and the new Ubuntu Pro “scheme” (scheme seems like a suitable term to describe it).

Judging by recent posts in the official Ubuntu blog (regarding Ubuntu Pro before the latest scheme was more officially announced yesterday), it’s a bridge to technical, practical, and legal disaster.

As one associate of ours noted this morning, “having caused a world full of security problems through bad design and implementation, Microsoft is wrongfully posing as a leader in data protection; problems cannot generally be solved by the same people and methods as caused them to begin with.”

The video above shows how even Microsoft boosters bemoan insecurity of Microsoft SQL Server, only days after Canonical promoted it under the Ubuntu Pro “scheme”.

“The benefits of running Microsoft SQL Server” says the headline, basically boasting a Windows piece of junk (speaking from personal experience). Canonical promotes it as running “on Ubuntu Pro” even “though technically that is running within “drawbridge” and not within Ubuntu itself,” the associate noted, citing some relevant blurb from last year (we too had mentioned that Drawbridge aspect many times in the past).

So Canonical is promoting a proprietary security hazard of an enemy of GNU/Linux despite the fact that technically superior options exist that run natively on GNU/Linux, are generally secure, are Free software, and are not controlled by enemies of ours. “Best [for Caninical] to focus on the real tools which Microsoft tries to draw people away from: postgresql, mariadb, sqlite3, etc,” the associate concluded. I’ve used all three heavily and they’re vastly more reliable than SQL Server, which is an overpriced toy with back doors (it’s a Windows program; Canonical advertises Ubuntu Pro using Windows programs).

09.28.22

Get Away From Clowns (Clown Computing), They Will Only Betray and Hurt You at the End

Posted in Deception, Google, Servers at 12:20 pm by Dr. Roy Schestowitz

Video download link | md5sum 4ccea214a2936a6982bd285bad95caaf
Google is Not a Friend: Google Photos Corrupted, Highlighting Dangers of Clown Computing
Creative Commons Attribution-No Derivative Works 4.0

Summary: Corporations do not like people, they are just blindly obedient to shareholders and their personal interests; outsourcing your personal data (or business data, which impacts non-consenting subjects) to other companies is a self-harming if not outright suicidal move and we gather more and more evidence of this over time

HOW many times does Google need to burn its so-called ‘users’ (used by Google) before they learn to just avoid Google?

More generally, when will people realise that the promise or promises of Clown Computing are false? Like Rust promising “security” when Rust itself is a security liability

In the corporate world (or shareholders-first context), things are very rarely what they’re advertised as. Google spent years brainwashing or bullying or blackmailing Linus Torvalds to accept Rust, whose development was in effect funded by Google (the Sugar Daddy of Mozilla).

“With a budget like Google’s and salaries so astronomically high, shouldn’t this have been prevented?”A couple of nights ago I saw the report about Google’s user data getting corrupted. I took note to say “Google Photos Corrupted, Highlighting Dangers of Clown Computing” and later I saw more reports to the same effect. To quote the latter one: “According to those affected, the corruption persists when downloading the image. This apparently applies to both individual downloads and when using Google Takeout. The original copies of pictures do not appear to be impacted, but the edited ones are what appear in the Google Photos apps. Dozens of reports and examples show near-identical instances of this issue. The problem looks to have resided for some in the last day, but others are still affected. As such, it’s more than likely that there is a solution on Google’s end for this.”

With a budget like Google’s and salaries so astronomically high, shouldn’t this have been prevented? As I explain in the video above, some of the world’s most famous storage gurus are employed by Google.

In my video, the negligence is explained a bit further. And the lessons learned here are that even large companies cannot be relied upon with your data; in fact, they don’t value this data and won’t make a special effort to protect or restore it; previously, with Picasa, they just simply tore down people’s software tools and data, purely for business reasons.

There are reasons other than data integrity not to give Google any of your data. One important aspect is — suffice to say — privacy. See Leaking Passwords through the Spellchecker from Schneier on Security. It was published earlier this week and said: “The solution is to only use the spellchecker options that keep the data on your computer—and don’t send it into the cloud…”

Microsoft and Google are both building databases with people’s passwords. Is that even legal??? As somebody else noted this week, Google Analytics isn’t legal. To quote: “Although Google says that Google Analytics 4 solves the issue, the Austrian and Danish DPAs reject Google’s point of view.”

It’s like they’re above the law; in fact fines don’t scare them. It’s just the ‘price’ of abusing people.

“They really don’t value people’s memories.”Legality aside, there are practical reasons to avoid outsourcing. As one article put it: “It’s easy to just snap photos of all your special memories and keep them uploaded to the cloud for safekeeping, never worrying about them. But what happens when they’re not as safe as you’d assumed? This is what some Google Photos users are experiencing, posting to Google support that their older images have become corrupted.” And they didn’t even notify users. There are no backups. They really don’t value people’s memories. The Google ‘Gulag’ is so careless and incompetent, going ‘full Stalin’ on people’s photos (Stalin was notorious for deleting or sanitising photographs).

Clown computing is a huge mistake.

Keeping one’s photos in one’s own turf is both doable and encouraged. It’s affordable as well. The entry barrier is not as high as people are led to believe and there’s no service shutdown unless one chooses to shut down one’s own album/s. As for data loss, regular backups help. Don’t let some greedy, unaccountable corporations handle them. Microsoft lost customers’ valuable information many times before (e.g. Danger Sidekick). Live and learn, stop repeating mistakes.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts