There appears to be a new character-linked bug in Messages, Mail, and other apps that can cause the iPhone, iPad, Mac, and Apple Watch to crash when receiving a specific string of characters.

Image from Twitter
In this particular case, the character string involves the Italian flag emoji along with characters in the Sindhi language, and it appears the system crash happens when an incoming notification is received with the problem-causing characters.

Based on information shared on Reddit, the character string began circulating on Telegram, but has also been found on Twitter.

These kind of device-crashing character bugs surface every so often and sometimes become widespread, leading to a significant number of people ending up with a malfunctioning iPhone, iPad, or Mac. In 2018, for example, a character string in the Telugu language circulated around the internet, crashing thousands of devices before Apple addressed the problem in an iOS update.

There is often no way to prevent these characters from causing crashes and freezes when received from a malicious person, and crashes caused through notifications often cause operating system re-springs and in some cases, a need to restore a device in DFU mode.

MacRumors readers should be aware that such a bug is circulating, and for those who are particularly concerned, as this bug appears to impact notifications, turning off notifications may mitigate the effects. Apple typically fixes these character bugs within a few days to a week.

Update: According to MacRumors reader Adam, who tested the bug on a device running iOS 13.4.5, the issue is fixed in the second beta of that update.

Source: PSA: New Character Bug in Messages Causing iOS Devices to Crash [Updated] – MacRumors

As users complain of blue screens of death, deleted files and reboot loops, here’s what you need to know about this Windows 10 update.

There’s a lot of truth in the notion that you can’t please all the people all of the time, as Microsoft knows only too well. With Windows 10 now installed on more than one billion devices, there will always be a wide variation in terms of user satisfaction. One area where this variation can be seen perhaps most clearly is that of updates.

[…]

The problems those users are reporting to the Microsoft support forums and on social media have included the installation failing and looping back to restart again, the dreaded Blue Screen of Death (BSOD) following a “successful” update and computers that simply refuse to boot again afterward. Among the more common issues, in terms of complaints after a Windows 10 update, were Bluetooth and Wi-Fi connectivity related ones. But there were have also been users complaining that after a restart, all files from the C drive had been deleted.

[…]

Microsoft asks that any users experiencing problems use the Windows + F keyboard shortcut, or select Feedback Hub from the Start menu, to provide feedback so it can investigate.

More practically speaking, if you are experiencing any Windows Update issues, I would always suggest you head for the Windows Update Troubleshooter. This, more often than not, fixes any error code problems, Be warned, though, I have known it take more than one running of the troubleshooter before updates are all successfully installed, so do persevere

Source: Windows 10 Update: Would You Like Deleted Files And Blue Screens With That?

Apple’s latest update to macOS Catalina appears to have broken SSH for some users.

Developer Tyler Hall published a blog post on Monday detailing the issue, but removed it after his writeup got noticed.

The issue is that under Apple’s macOS 10.15.4 update, released on March 24, trying to open a SSH connection to a port greater than 8192 using a server name, rather than an IP address, no longer works – for some users at least. SSH is a Swiss army knife that can be used to securely connect to remote machines to run commands, transfer files and other data, and so on.

The Register asked Hall to elaborate on his findings but he declined, citing the possibility that the problem might be particular to his set up rather than a bug in the software Apple shipped.

Hall demonstrated similar post-publication remorse this last October when he criticized the code quality of macOS Catalina, comparing it to Windows Vista. That sentiment is shared among many other macOS users (eg: “macOS 10.15 is chockablock with paper-cut bugs” – John Gruber). But the responses Hall received from friends within Apple led him to regret that post, too.

We asked Apple to comment but we’ve received no reply. Cupertino seldom addresses public criticism. Until June 2016, Apple even implied in its App Store Review Guidelines that it would look unfavorably on developers who complain publicly about rejected apps. Up to that point, its policy said, “If you run to the press and trash us, it never helps.”

The US government’s renewed antitrust scrutiny of companies like Amazon, Apple, Facebook, and Google in recent years has perhaps encouraged more caution in publicly declared tech platform policies.

The issue that Hall reported has been noted by others. A post two days ago on Apple’s discussion forum complains, “After that update I am no longer able to open a SSH connection to a port greater than 8192 using server name (instead of IP).” And three discussion participants claim they too have experienced the same issue.

One of these individuals, posting under the user name “webdeck,” filed a bug port in Open Radar, a public iOS and macOS bug reporting site created by developer Tim Burks because Apple hides its Radar bug reporting system from the public.

The bug report reads, “/usr/bin/ssh in macos 10.15.4 hangs if used with the -p flag to specify an alternate port and used with a hostname. This was not present in macOS 10.15.3.”

Source: Apple’s latest macOS Catalina update mysteriously borks SSH for some unlucky fans. What could be the cause? • The Register

SINGAPORE – In a move to help the international community combat the coronavirus pandemic, the Government will be making the software for its contact-tracing application TraceTogether, which has already been installed by more than 620,000 people, freely available to developers around the world.

In a Facebook post on Monday (March 23), Minister-in-charge of the Smart Nation Initiative Vivian Balakrishnan said that the app, developed by the Government Technology Agency (GovTech) and the Ministry of Health, will be open-sourced.

This means that the software’s source code will be made freely available and may be redistributed and modified.

“We believe that making our code available to the world will enhance trust and collaboration in dealing with a global threat that does not respect boundaries, political systems or economies,” said Dr Balakrishnan, who is also Foreign Minister.

“Together, we can make our world safer for everyone.”

Launched last Friday, the TraceTogether app can identify people who have been within 2m of coronavirus patients for at least 30 minutes, using wireless Bluetooth technology. Its developers say the app is useful when those infected cannot recall whom they had been in close proximity with for an extended duration.

For the app to start tracing, the Bluetooth setting on mobile phones has to be turned on.

If a user gets infected, the authorities will be able to quickly find out the other users he has been in close contact with, allowing for easier identification of potential cases and helping curb the spread of the virus.

Official contact tracers will provide a code that users can match with a corresponding verification code on their app. Once authenticated, users will get a PIN that allows data to be submitted.

Contact tracers will not ask for any personal financial details or request that money be transferred over the phone.

In his post on Monday, Dr Balakrishnan said that the GovTech team was working “around the clock” to finalise documents to allow others to use the BlueTrace protocol – the building blocks of the TraceTogether app. He added that TraceTogether has been installed by more than 620,000 users so far.

Dr Janil Puthucheary, Minister-in-charge of GovTech, also weighed in on the app in a radio show on Monday, saying that a team of about 40 engineers spent more than 10,000 man-hours developing TraceTogether.

Dr Janil also encouraged more people to download TraceTogether as added protection.

TraceTogether’s developers uploaded a manifesto for BlueTrace on the app’s website on Monday, calling for international adoption of contact-tracing solutions in today’s globalised world as weapons to turn the tide against the Covid-19 outbreak.

“Covid-19 and other novel viruses do not respect national boundaries. Neither should humanity’s response. In a globalised world, with high volumes of international travel, any decentralised contact-tracing solution will need mass adoption to maximise network effects,” stated the app developers’ manifesto.

Help fight the spread of COVID-19 with TraceTogether!

Interested parties can contact the TraceTogether team via e-mail or check this website for more information.

Source: Coronavirus: S’pore Government to make its contact-tracing app freely available to developers worldwide, Singapore News & Top Stories – The Straits Times

It’s all so painfully familiar: with a crunch date of February 3, the Democratic Party in Iowa decided to charge ahead with an IT rollout that comprised an entirely new software system spread out across thousands of sites to record the result of the Democratic caucus for its presidential nominee.

It was, inevitably, a complete failure. The results from the Iowa caucus were supposed to come in nearly 24 hours ago. Instead, it has become a rolling news cycle of tech catastrophe.

We’re not even going to bother to dig into lessons learned because they are the same ones that every sysadmin since the dawn of time has dealt with – and spends their entire career warning the suits about, to greater and lesser degrees of success.

[…]

We could write pages and pages of reports about how differently people experienced this almighty IT cock-up but what’s the point? If you’re reading The Reg you already know what the problem is and the details quickly become irrelevant.

Here’s what’s happened: the suits hired a company because they were swayed by their CVs and sales talk and didn’t run it past anyone that knew what they were doing. Then the suits didn’t listen to all the people telling them it was a bad idea and they should delay rollout. And they didn’t allow sufficient time for testing and training.

Source: Iowa has already won the worst IT rollout award of 2020: Rap for crap caucus app chaps in vote zap flap • The Register

For details read the article – the amount of cockups will make you laugh, if not cry.

Owners of Bose QuietComfort 35 headphones are still trying to get the company to either fix or roll back a firmware update that removed noise-cancelling functions from their over-ear gear.

The problems date back to July and some owners seem to have managed to get Bose to exchange their cans for the company’s shiny new 700 headphones.

We were contacted by a reader who was first given a set of version II headphones when his V1 set were borked. When the updated firmware borked them as well, he declined the offer of a replacement set and was given a pair of 700s. Firmware version 4.5.2 was fingered as the main culprit.

Like all Bose gear, the cans don’t come cheap – they’ll set you back £259.95 to be precise, or £349.95 for a pair of limited edition white 700s.

Pissed-off punters have filled a deafening 182 pages of Bose’s support forums with complaints.

One has even set up a Change.org petition to beg for a pause on firmware updates until a fix is found.

The main complaint is that Bose seems to be deaf to the problem and the easiest solution – to roll everyone back to the previous firmware and restore noise cancelling.

As of Thursday, Bose was claiming that new firmware is coming soon to solve the problem, a long five-month wait for angry customers.

We’ve contacted Bose’s UK PR again but don’t expect to hear back. The company kept very quiet when firmware updates stopped their TV soundbars making any sound.

We asked if the replacement policy was open to all customers worldwide – our contact is in Europe.

One poor punter on the forum is from Brazil and pointed out it was a long trip to his nearest Bose service centre – in Mexico.

Source: Bose customers beg for firmware ceasefire after headphones fall victim to another crap update • The Register

An experimental feature silently rolled out to the stable Chrome release on Tuesday caused chaos for IT admins this week after users complained of facing white, featureless tabs on Google’s massively popular browser.

The issue affected thousands of businesses’ terminal servers, with multiple users on the same server experiencing “white screen of death” at the same time.

Someone posting on the Chromium bug tracker mailing list described the problem as follows:

We have confirmed and replicated; when any user on a shared session citrix box locks their screen, all Chrome windows stop rendering (“White screen of death”) until ANYONE unlocks their screen, upon which, all Chrome windows resume rendering. This looks like random behaviour to the user but we have confirmed lock/unlock is the culprit.

The person added: “We have fixed this temporarily by starting chrome with –disable-backgrounding-occluded-windows,” applying the fix through a group policy object.

Google software engineer David Bienvenu jumped in to explain:

The experiment/flag has been on in beta for ~5 months. It was turned on for stable (e.g., m77, m78) via an experiment that was pushed to released Chrome Tuesday morning.

At 1824 UTC last night, Bienvenu rolled back the experiment change, noting “I’m not sure how long it takes to go live, but once it’s live, users will need to restart Chrome to get the change.”

Source: White Screen of Death: Admins up in arms after experimental Google emission borks Chrome • The Register

DoNotPay helps you get out of parking tickets and cancel forgotten subscriptions, and now it can call you when it’s your turn in a customer service phone queue. The app today is launching “Skip Waiting On Hold.” Just type in the company you need to talk to, and DoNotPay calls for you using tricks to get a human on the line quickly. Then it calls you back and connects you to the agent so you never have to listen to that annoying hold music.

And in case the company tries to jerk you around or screw you over, the DoNotPay app lets you instantly share to social media a legal recording of the call to shame them.

Skip Waiting On Hold comes as part of the $3 per month DoNotPay suite of services designed to save people time and money by battling bureaucracy on their behalf. It can handle DMV paperwork for you, write legal letters to scare businesses out of overcharging you and it provides a credit card that automatically cancels subscriptions when your free trial ends.

“I think the world would be a lot fairer place if people had someone fighting for them” says DoNotPay’s 22-year-old founder Joshua Browder. Indeed; $3 per month gets the iOS app‘s 10,000 customers unlimited access to all the features with no extra fees or commissions on money saved. “If DoNotPay takes a commission then we have an incentive to perpetuate the problems we are fighting against.”

[…]

he full list of DoNotPay services includes:

1. Customer service disputes where it contacts companies about refunds for Comcast bills, delayed flights, etc.
2. The free trial credit card that auto-cancels subscriptions before you’re actually charged
3. Traffic and parking appeals where it generates a letter for you based on answers to questions, like if signs were too hard to read or there was a mistake on the ticket
4. Hidden money discovery that finds refunds in your bank fees, identifies forgotten subscriptions, gets you free stuff on your birthday and more
5. Government paperwork assistance that can help you get DMV appointments and fill out forms
6. Skip Waiting On Hold

Source: This brilliant app waits on hold for you – TechCrunch

Deep TabNine is what’s known as a coding autocompleter. Programmers can install it as an add-on in their editor of choice, and when they start writing, it’ll suggest how to continue each line, offering small chunks at a time. Think of it as Gmail’s Smart Compose feature but for code.

Jacob Jackson, the computer science undergrad at the University of Waterloo who created Deep TabNine, says this sort of software isn’t new, but machine learning has hugely improved what it can offer. “It’s solved a problem for me,” he tells The Verge.

Jackson started work on the original version of the software, TabNine, in February last year before launching it that November. But earlier this month, he released an updated version that uses a deep learning text-generation algorithm called GPT-2, which was designed by the research lab OpenAI, to improve its abilities. The update has seriously impressed coders, who have called it “amazing,” “insane,” and “absolutely mind-blowing” on Twitter.

[…]

Deep TabNine is trained on 2 million files from coding repository GitHub. It finds patterns in this data and uses them to suggest what’s likely to appear next in any given line of code, whether that’s a variable name or a function.

Using deep learning to create autocompletion software offers several advantages, says Jackson. It makes it easy to add support for new languages, for a start. You only need to drop more training data into Deep TabNine’s hopper, and it’ll dig out patterns, he says. This means that Deep TabNine supports some 22 different coding languages while most alternatives just work with one.

(The full list of languages Deep TabNine supports are as follows: Python, JavaScript, Java, C++, C, PHP, Go, C#, Ruby, Objective-C, Rust, Swift, TypeScript, Haskell, OCaml, Scala, Kotlin, Perl, SQL, HTML, CSS, and Bash.)

Most importantly, thanks to the analytical abilities of deep learning, the suggestions Deep TabNine makes are of a high overall quality. And because the software doesn’t look at users’ own code to make suggestions, it can start helping with projects right from the word go, rather than waiting to get some cues from the code the user writes.

The software isn’t perfect, of course. It makes mistakes in its suggestions and isn’t useful for all types of coding. Users on various programming hang-outs like Hacker News and the r/programming subreddit have debated its merits and offered some mixed reviews (though they mostly skew positive). As you’d expect from a coding tool built for coders, people have a lot to say about how exactly it works with their existing editors and workflow.

One complaint that Jackson agrees is legitimate is that Deep TabNine is more suited to certain types of coding. It works best when autocompleting relatively rote code, the sort of programming that’s been done thousands of times with small variations. It’s less able to write exploratory code, where the user is solving a novel problem. That makes sense considering that the software’s smarts come from patterns found in archival data.

So how useful is it really for your average coder? That’ll depend on a whole lot of factors, like what programming language they use and what they’re trying to achieve. But Jackson says it’s more like a faster input method than a human coding partner (a common practice known as pair programming).

Source: This AI-powered autocompletion software is Gmail’s Smart Compose for coders – The Verge

Some models of Airbus A350 airliners still need to be hard rebooted after exactly 149 hours, despite warnings from the EU Aviation Safety Agency (EASA) first issued two years ago.

In a mandatory airworthiness directive (AD) reissued earlier this week, EASA urged operators to turn their A350s off and on again to prevent “partial or total loss of some avionics systems or functions”.

The revised AD, effective from tomorrow (26 July), exempts only those new A350-941s which have had modified software pre-loaded on the production line. For all other A350-941s, operators need to completely power the airliner down before it reaches 149 hours of continuous power-on time.

[…]

Airbus’ rival Boeing very publicly suffered from a similar time-related problem with its 787 Dreamliner: back in 2015 a memory overflow bug was discovered that caused the 787’s generators to shut themselves down after 248 days of continual power-on operation. A software counter in the generators’ firmware, it was found, would overflow after that precise length of time. The Register is aware that this is not the only software-related problem to have plagued the 787 during its earlier years.

It is common for airliners to be left powered on while parked at airport gates so maintainers can carry out routine systems checks between flights, especially if the aircraft is plugged into ground power.

The remedy for the A350-941 problem is straightforward according to the AD: install Airbus software updates for a permanent cure, or switch the aeroplane off and on again.

Source: Airbus A350 software bug forces airlines to turn planes off and on every 149 hours • The Register

Smart meters in England are suddenly switching to Welsh language displays, much to the confusion of owners.

Several people report that the meters, made by energy provider Bulb, are spontaneously opting for Welsh instead of English, sometimes after freezing and being restarted. This would be unhelpful even for many residents of Wales, but the problem has been seen as far east as West Sussex.

The issue is fixable, although choosing the right options is easier if you speak a bit of Welsh. Anyone remember the fun of switching your mate’s Nokia to Finnish language menus?

This seems to be the latest in a string of issues suffered by Bulb, although to be fair the firm is not the first to be stumped by the stupidity of smart meters.

Last month it updated customers who were having problems with the meters’ “In-Home Display” – a small screen connected to the meter that is meant to show electricity usage and costs. Bulb now reckons 85 per cent of these devices will link to the meter immediately: “And the majority of those that don’t connect first time can now be fixed remotely.”

It is also dealing with a problem of automatic, monthly readings not appearing on accounts by taking daily readings, which apparently have a different process.

Source: Bulb smart meters in England wake up from comas miraculously speaking fluent Welsh • The Register

Starting today, Windows 10 users are finding that the /sfc scannow feature is no longer working and that it states it found, but could not fix, corrupted Windows Defender PowerShell files.

The Windows System File Checker tool, commonly known as SFC, has a /scannow argument that will check the integrity of all protected Winodws system files and repair any issues that are found.

As of this morning, users in a wildersecurity.com thread have started reporting that when they run sfc /scannow, the program is stating that “Windows Resource Protection found corrupt files but was unable to fix some of them.” I too was able to reproduce this issue on a virtual machine with Windows Defender configured as the main antivirus program.

Source: Windows 10 SFC /scannow Can’t Fix Corrupted Files After Update

You might not even know what options you can tweak (or turn off) in your operating system, which is where the cleverly named O&O ShutUp10 application comes in to play. It’s a simple application that makes it incredibly easy to tweak various aspects of Windows 10 that are normally buried or otherwise inaccessible to regular people. More importantly, the app comes with some helpful warnings so you don’t accidentally disable something you shouldn’t (like automatic updates)

To get started, all you have to do is download the app and run it. That’s it. There’s no installation to speak of, which already makes me thrilled. When the app loads, it’ll look like this:

You’ll see a bunch of different options you can turn on and off—some might already be enabled—as well as a handy “recommend” column that gives you a little more advice as to whether you should really mess with that setting or not. What I love about O&O ShutUp10, though, is that you can get even more information about what each setting means by simply hovering your mouse over each line and clicking, like so:

While you probably shouldn’t just go through and enable everything that’s recommended en masse, I would use that little green checkmark as a guide while you explore the app. Enable any related setting and you’re probably fine. Once you start getting into the yellow “limited” category, however, it gets a bit dicier. You might not want to, for example, disable all apps from accessing your microphone or camera—or maybe you do. Just remember you toggled that setting the next time you’re about to hop on a video conference.

Source: Increase Your Privacy in Windows 10 With ‘O&O ShutUp10’

I have been a bit critical of Linux Mint in the past, but the truth is, it is a great distribution that many people enjoy. While Mint is not my favorite desktop distro (that would be Fedora), I recognize its quality. Is it perfect? No, there is no such thing as a flawless Linux-based operating system.

Today should be happy times for the Linux Mint community, as we finally learn some new details about the upcoming version 19.2! It will be based on Ubuntu 18.04 and once again feature three desktop environments — Xfce, Mate, and Cinnamon. We even found out the code name for Linux Mint 19.2 — “Tina.” And yet, it is hard to celebrate. Why? Because the developers seem to be depressed and defeated. They even appear to be a bit disenchanted with Free Software development overall.

Clement Lefebvre, leader of the Linux Mint project, shared a very lengthy blog post today, and it really made me sad.

[…]

I can show them 500 people donated money last month, I can forward emails to the team where people tell me how much they love Linux Mint, I can tell them they’re making a difference but there’s nothing like interacting directly with a happy user, seeing first-hand somebody be delighted with what you worked on. How our community interacts with our developers is key, to their work, to their happiness and to their motivation.

Clem quite literally says he is not enjoying the Linux Mint development nowadays, which really breaks my heart.

[…]

I also have a life outside open source work, too. It’s not mentally sound to put the hours I’ve put into the compositor. I was only able to do what I could because I was unemployed in January. Now I’m working a job full time, and trying to keep up with bug fixes. I’ve been spending every night and weekend, basically every spare moment of my free time trying to fix things.

[…]

To make things even worse, Hicks is apparently embarrassed by the official Linux Mint blog post! Another Reddit member named tuxkrusader responds to Hicks by saying “I’m slightly concerned that you’re not a member of the linuxmint group on github anymore. I hope you’re not on bad terms with the project.” Hicks shockingly responds by saying “Nope, I hid my project affiliation because that blog post makes me look bad.”

Wow. Hiding his affiliation with the Linux Mint project on GitHub?  It seems things may be worse than I originally thought…

Source: Linux Mint 19.2 ‘Tina’ is on the way, but the developers seem defeated and depressed

Microsoft is introducing a really useful feature for Excel on mobile devices. The company is rolling out a new update to the Excel app for Android that makes it really easy to capture data.

If you ever had to manually enter data from a paper in real life into your spreadsheets, you are going to love this. Excel now lets you take pictures of a document/paper in real life, crop the picture, and turn that into an actual, editable data on Excel. After capturing the data, you can edit the data to make sure Excel’s image recognition is 100% accurate, and make any changes if some of the scanned data were incorrect.

The feature seems really useful, and it’s just one of the ways Microsoft has been pushing Office apps recently. The company’s continued focus on AI has really helped apps like Excel get better and better when it could just continue to be that one boring spreadsheet app. Microsoft can easily bring similar features powered by image recognition and AI to other Office apps as well, so this is probably just the beginning.

The company plans to bring the feature to iOS in the near future.

Source: Excel Can Now Turn Pictures of Tables Into Actual, Editable Tables – Thurrott.com

Add data to Excel directly from a photo—Using the Excel app, you can take a picture of a printed data table on your Android device and automatically convert the picture into a fully editable table in Excel. This new image recognition functionality eliminates the need for you to manually enter hardcopy data. This capability is starting to roll out for the Excel Android app with iOS support coming soon.

At least 2 machines are needed to operate spacedesk. These machines must be connected via a Local Area Network (e.g. Ethernet or Wireless) supporting TCP/IP network protocol. Each one of the two machines is running a different spacedesk software:

1. The Primary Machine is a Windows PC, laptop or Surface Pro tablet. It runs the spacedesk DRIVER software. It includes network display server software and display device drivers. This allows to extend or duplicate the Windows Desktop to the screen of another machine over the network.

2. The Secondary Machine runs spacedesk VIEWER program which acts as the secondary display. It can be one (or multiple) of the following:

• Android tablet or phone (Android VIEWER)
• Windows PC, laptop or Surface Pro tablet (Windows Desktop application)
• Apple Mac, iPad or iPhone (iOS VIEWER)
• Linux PC and a variety of other machines (HTML5 VIEWER)

The network connection between the two machines can be via cable or wireless. If available, a cable is preferred. Cables usually achieve better performance than wireless connections. It can be one (or multiple) of the following:

• Ethernet cable connecting to a hub
• Crossover Ethernet cable between two machines
• USB to Ethernet cable between two machines
• Phone cable (via USB Tethering)

Source: spacedesk | User Manual

A bit like the Synergy software KVM

Smartphone users in South Korea will soon be able to have the option of deleting unnecessary pre-installed bloatware, thanks to new industry guidelines commencing in April.

“The move aims to rectify an abnormal practice that causes inconvenience to smartphone users and causes unfair competition among industry players,” said the Ministry of Science, ICT and Future Planning, in a press release.

The measure will also help give users more data storage and improve battery life, said the ministry.

Under the new guidelines, telcos are required to make most of their pre-installed apps deletable except for four necessary items related to Wi-Fi connectivity, near-field communication (NFC), the customer service center and the app store.

For example, Samsung’s Galaxy S4 released by SK Telecom has a total of 80 apps pre-installed, including 25 apps loaded by the telco, 39 by Samsung and 16 by the OS provider Google, noted Yonhap News. When the new guidelines kick in, at least half of those apps can be deleted, it added.

Source: South Korea rules pre-installed phone bloatware must be deletable | ZDNet

Supermarkets create cheap “magic boxes” with end of life food in them. You can see where to pick them up on the app. Jumbo NL has started a pilot in 13 shops.

 

Het van oorsprong Deense initiatief Too Good To Go heeft na één jaar in Nederland meer dan 200.000 maaltijden gered van de vuilnisbak. De gelijknamige app heeft ondertussen al meer dan 250.000 geregistreerde gebruikers en meer dan 1000 partners met dekking in alle provincies in Nederland.

Op de kaart of in de lijst in de app kunnen consumenten bekijken welke locaties iets lekkers voor ze klaar hebben liggen tegen sluitingstijd. Vervolgens bestellen en betalen zij direct in de app.

Sinds gisteren is bij Jumbo een pilot met Too Goo To Go in 13 winkels gestart. De pilot duurt een maand en is de eerste stap op weg naar een mogelijke landelijke uitrol.

Gebruikers zien in de Too Good To Go app welke Jumbo winkels een Magic Box aanbieden. Ze rekenen deze vervolgens af via de app en kunnen de verrassingsbox binnen een afgesproken tijdsslot ophalen in de winkel. De prijs is altijd een derde van de daadwerkelijke waarde: een box met een waarde van 15 euro kost dus slechts 5 euro.

Deelnemers aan de pilot zijn elf winkels in Amsterdam – waaronder de City winkels – en Foodmarkt Amsterdam en een City in Groningen.

Winkels bepalen zelf hoe ze de box samenstellen, waarbij beschikbaarheid en variatie belangrijke criteria zijn.

Vanaf vandaag is de stad Wageningen ook als locatie toegevoegd aan de app. Om de impact van de app van Too Good To Go op het consumentengedrag te meten en om te bepalen wat de volgende stukjes van de puzzel moeten worden, start Too Good To Go in samenwerking met Wageningen University & Research een onderzoek naar de verandering in bewustwording en het gedrag rond voedselverspilling.

Too Good To Go is al actief in negen Europese landen.

Source: 250.000 gebruikers voor app Too Good To Go – Emerce

The current DNS is unnecessarily slow and suffers from inability to deploy new features. To remediate these problems, vendors of DNS software and also big public DNS providers are going to remove certain workarounds on February 1st, 2019.

This change affects only sites which operate software which is not following published standards.

[…]

On or around Feb 1st, 2019, major open source resolver vendors will release updates that implement stricter EDNS handling. Specifically, the following versions introduce this change:

• BIND 9.13.3 (development) and 9.14.0 (production)
• Knot Resolver already implemented stricter EDNS handling in all current versions
• PowerDNS Recursor 4.2.0
• Unbound 1.9.0

Also public DNS providers listed below will disable workarounds.

[…]

Minimal working setup which will allow your domain to survive 2019 DNS flag day must not have timeout result in any of plain DNS and EDNS version 0 tests implemented in ednscomp tool. Please note that this minimal setup is still not standards compliant and will cause other issues sooner or later. For this reason we strongly recommend you to get full EDNS compliance (all tests ok) instead of doing just minimal cleanup otherwise you will have to face new issues later on.

[…]

Firewalls must not drop DNS packets with EDNS extensions, including unknown extensions. Modern DNS software may deploy new extensions (e.g. DNS cookies to protect from DoS attacks). Firewalls which drop DNS packets with such extensions are making the situation worse for everyone, including worsening DoS attacks and inducing higher latency for DNS traffic.

DNS software developers

The main change is that DNS software from vendors named above will interpret timeouts as sign of a network or server problem. Starting February 1st, 2019 there will be no attempt to disable EDNS as reaction to a DNS query timeout.

This effectively means that all DNS servers which do not respond at all to EDNS queries are going to be treated as dead.

Source: DNS flag day

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco.

The software’s name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans.

The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it’s been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software.

GHIDRA’s existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA’s internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.

According to these documents, GHIDRA is coded in Java, has a graphical user interface (GUI), and works on Windows, Mac, and Linux.

GHIDRA can also analyze binaries for all major operating systems, such as Windows, Mac, Linux, Android, and iOS, and a modular architecture allows users to add packages in case they need extra features.

According to GHIDRA’s description in the RSA conference session intro, the tool “includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed.”

US government workers to whom ZDNet has spoken today said the tool is well-known and liked, and generally used by operators in defensive roles, who normally analyze malware found on government networks.

Some people who know and used the tool and have shared opinions on social media, such as HackerNews, Reddit, and Twitter, have compared GHIDRA with IDA, a well-known reverse engineering tool -but also very expensive, with licenses priced in the range of thousands of dollars.

Most users say that GHIDRA is slower and buggier than IDA, but by open-sourcing it, the NSA will benefit from free maintenance from the open source community, allowing GHIDRA to quickly catch up and maybe surpass IDA.

The news of the NSA open-sourcing one of its internal tools should not surprise you. The NSA has open-sourced all sorts of tools over the past few years, with the most successful of them being Apache NiFi, a project for automating large data transfers between web apps, and which has become a favorite on the cloud computing scene.

In total, the NSA has open-sourced 32 projects as part of its Technology Transfer Program (TTP) so far and has most recently even opened an official GitHub account.

GHIDRA will be demoed at the RSA conference on March 5 and is expected to be released soon after on the agency’s Code page and GitHub account.

Source: NSA to release a free reverse engineering tool | ZDNet

The HTTP-over-QUIC experimental protocol will be renamed to HTTP/3 and is expected to become the third official version of the HTTP protocol, officials at the Internet Engineering Task Force (IETF) have revealed.

This will become the second Google-developed experimental technology to become an official HTTP protocol upgrade after Google’s SPDY technology became the base of HTTP/2.

HTTP-over-QUIC is a rewrite of the HTTP protocol that uses Google’s QUIC instead of TCP (Transmission Control Protocol) as its base technology.

QUIC stands for “Quick UDP Internet Connections” and is, itself, Google’s attempt at rewriting the TCP protocol as an improved technology that combines HTTP/2, TCP, UDP, and TLS (for encryption), among many other things.

Google wants QUIC to slowly replace both TCP and UDP as the new protocol of choice for moving binary data across the Internet, and for good reasons, as test have proven that QUIC is both faster and more secure because of its encrypted-by-default implementation (current HTTP-over-QUIC protocol draft uses the newly released TLS 1.3 protocol).

QUIC was proposed as a draft standard at the IETF in 2015, and HTTP-over-QUIC, a re-write of HTTP on top of QUIC instead of TCP, was proposed a year later, in July 2016.

Since then, HTTP-over-QUIC support was added inside Chrome 29 and Opera 16, but also in LiteSpeed web servers. While initially, only Google’s servers supported HTTP-over-QUIC connections, this year, Facebook also started adopting the technology.

In a mailing list discussion last month, Mark Nottingham, Chair of the IETF HTTP and QUIC Working Group, made the official request to rename HTTP-over-QUIC as HTTP/3, and pass it’s development from the QUIC Working Group to the HTTP Working Group.

In the subsequent discussions that followed and stretched over several days, Nottingham’s proposal was accepted by fellow IETF members, who gave their official seal of approval that HTTP-over-QUIC become HTTP/3, the next major iteration of the HTTP protocol, the technology that underpins today’s World Wide Web.

According to web statistics portal W3Techs, as of November 2018, 31.2 percent of the top 10 million websites support HTTP/2, while only 1.2 percent support QUIC.

Source: HTTP-over-QUIC to be renamed HTTP/3 | ZDNet