Slashdot Mirror

Motherboard's Lorenzo Franceschi-Bicchierai spoke with Patrick Wardle, the ex-NSA hacker who's organizing a security conference exclusively dedicated to Macs. Despite what Apple has famously promoted in the mid 2000s that Macs don't get "PC viruses," Mac computers do in fact have bugs, vulnerabilities, and even malware targeted at them. From the report: "People are peeking behind the curtain and realizing that the facade of Mac security is not always what it's cracked to be," Wardle told Motherboard in a phone interview. "Any company that designs software is going to have issues -- but Apple has perfected the art of a flawless public facade that masks many security issues." Wardle would know. After hacking primarily Windows computers at Fort Meade, for the last few years Wardle been finding several issues in MacOS, so many that he considers himself a "thorn" on Apple's side. But his conference is not an exercise in shaming or finger pointing, Wardle said he hopes to educate and teach people about Mac security, especially now that so many companies are using Macs as their corporate computers.

The conference is called Objective By the Sea, a wordplay on Objective-See, the name of Wardle's suite of free Mac security products (which is itself a wordplay on Apple's main programming language called Objective-C.) It will be held in Maui, Hawaii on November 3 and 4. The conference will be free for residents of Hawaii, and for patrons of Objective-See. That's why Wardle said he can't afford to pay for all speakers to attend, but he had no trouble finding people who wanted to participate. One group that doesn't want to come to Maui, at least for now, is Apple. Wardle said he reached out to the company, essentially offering it carte blanche to talk about whatever it wanted. But the company, so far, has not responded, according to him.

All Kickstarter campaigns are getting a show of support, according to a new web site. "Every day, The Creative Fund backs all newly launched projects based on our current patronage." It's the newest offering from BackerKit, which also makes a data management platform for crowdfunding campaigns, and so far they've pledged $1 to 10,594 different Kickstarter projects.

An anonymous reader quotes VentureBeat: One dollar doesn't seem like a lot, but it's just a start. BackerKit cofounder Rosanna Yau says that this is more of a proof of concept, to see if their community is willing to rally around the idea. She and cofounder Maxwell Salzberg have set up a Patreon, a monthly subscription service that enables people to support creators directly. All the donations they receive from that platform will be distributed among Kickstarter projects, and the goal is to make sure all projects have at least one pledge....

Yau says that the company is open to contributing more than a $1 in the future. Its Patreon guidelines say that for each $2,000 milestone reached, the fund will pledge $1 more to all Kickstarter projects. If something doesn't get funded, the fund's pledges will get recycled and re-donated to new projects.
A Medium post says the new fund "supports the entrepreneurial spirit of all independent creators, one dollar at a time....

"Everyone deserves some inspiration and a virtual high-five."

Some adult content creators on crowdfunding site Patreon are being suspended due to the suggestive material they produce. The platform said that they are increasing efforts to review content, due to payment processor pressure. Motherboard reports: In late 2017, Patreon expanded its adult content guidelines, to include stricter guidelines for "bestiality, incest, sexual depiction of minors, and suggestive sexual violence." At the time, it resulted in suspensions and bans of many adult content creators whose work Patreon previously permitted, but no longer fell in line with new guidelines. Now, many more adult content creators are reporting that they're experiencing a renewed wave of suspensions on the platform. Patreon's guidelines for adult content state that "all public content on your page be appropriate for all audiences," and "content with mature themes must be marked as a patron-only post." For several of these reports, Patreon warned that "implied nudity" was the reason for the suspension, where it appeared in public areas or publicly-visible patron tiers and banners. "You can't use Patreon to raise funds in order to produce pornographic material such as maintaining a website, funding the production of movies, or providing a private webcam session," the guidelines state.

An anonymous reader quotes BleepingComputer: Members of the open source community are working on a new security-focused project for the Linux kernel. Named Linux Kernel Runtime Guard (LKRG), this is a loadable kernel module that will perform runtime integrity checking of the Linux kernel. Its purpose is to detect exploitation attempts for known security vulnerabilities against the Linux kernel and attempt to block attacks. LKRG will also detect privilege escalation for running processes, and kill the running process before the exploit code runs.

Since the project is in such early development, current versions of LKRG will only report kernel integrity violations via kernel messages, but a full exploit mitigation system will be deployed as the system matures... While LKRG will remain an open source project, LKRG maintainers also have plans for an LKRG Pro version that will include distro-specific LKRG builds and support for the detection of specific exploits, such as container escapes. The team plans to use the funds from LKRG Pro to fund the rest of the project.

The first public version of LKRG -- LKRG v0.0 -- is now live and available for download on this page. A wiki is also available here, and a Patreon page for supporting the project has also been set up. LKRG kernel modules are currently available for main Linux distros such as RHEL7, OpenVZ 7, Virtuozzo 7, and Ubuntu 16.04 to latest mainlines.

Patreon has decided to halt its plans to add a service fee to patrons' pledges, a proposed update that angered many users. "We're going to press pause," CEO Jack Conte tells The Verge. "Folks have been adamant about the problems with the new system, and so basically, we have to solve those problems first." The company plans to work with creators on a plan that will solve issues with the current payment system, but won't create major new problems in their stead. From the report: Conte published a blog post laying out the core problems, alongside an apology. "Many of you lost patrons, and you lost income. No apology will make up for that, but nevertheless, I'm sorry," it reads. "We recognize that we need to be better at involving you more deeply and earlier in these kinds of decisions and product changes. Additionally, we need to give you a more flexible product and platform to allow you to own the way you run your memberships. I know it will take a long time for us to earn back your trust. But we are utterly devoted to your success and to getting you sustainable, reliable income for being a creator."

Conte says that any new system will need to take the popularity of small pledges into account, and preserve the benefits of aggregation. It will also need to give artists more autonomy, rather than announcing a sweeping overall change directly to users. "The overwhelming sentiment was that we overstepped our bounds" with the non-negotiable fee, he says. "I agree, we messed that up. We put ourselves between the creator and their fans and we basically told them how to run their business, and that's not okay." Webcomic creator Jeph Jacques previously quoted Conte as saying Patreon "absolutely fucked up that rollout."

Patreon's changing their fee structure to make donors cover payment-processing fees (standardized to 2.9%) -- plus an additional 35 cents for every pledge. Long-time Slashdot reader NewtonsLaw reports that Patreon's users are furious: Despite Patreon's hype that this is a good thing for creators, few of these actually seem to agree and there's already a growing backlash on social media... many fear that their net return will be lower because the extra fees levied on patreons are causing them to either reduce the amount they pledge or withdraw completely... For those patrons supporting only a few creators the effect won't be large, but for those who make small donations to many creators this could amount to a hike of almost 40% in the amount charged to their credit cards. Without exception, all the content creators I have spoken to would have:

a) liked to have been consulted first

b) wanted the option to retain the old system where they bear the cost of the fees.

As a content creator, I've already seen quite a few of my patreons reducing their pledge and others canceling their pledges completely -- and I understand why they are doing that.
"Everyone hates Patreon's new fee," writes VentureBeat, adding "Many creators are saying it's unfair for patrons to have to pay transaction fees. In addition to that, most people support multiple creators and not just one, and they'll have to pay the extra fee for each pledge they make."

Tech journalist Bryan Lunduke is already soliciting suggestions on Twitter for an open source or Free Software solution that accepts donations from multiple payment systems, and while the change doesn't go into effect until December 18th, NewtonsLaw writes that "it's starting to look as if many content creators will be getting a slightly larger percentage of a much smaller amount as a result of this lunacy by Patreon -- something that will see them far worse off than the were before."

An anonymous reader quotes Phoronix: UBports continues to be the leading community project for trying to let Ubuntu Touch live on and evolve under their direction... Among their recent achievements were acquiring more sponsors, all devices that were sold with Ubuntu Touch can now run with UBports' builds, they are working on their own version of Mozilla's AGPS Location Service to replace Canonical's GPS system, the Halium OS platform continues evolving, the Dekko email client is back under development, installation improvements are being worked on, they are still striving for Wayland support, and more.
The UBports Patreon page has even raised enough to allow UBports founder Marius Gripsgard to work full-time on what they're calling "a beautiful, free and open-source mobile OS." Their recent community update announced that "we are seeing more activity on Ubuntu Touch than for a very long time, and that is really encouraging."

Many Slashdot readers know Bryan Lunduke as the creator of the humorous "Linux Sucks" presentations at the annual Southern California Linux Exposition. He's now also a member of the OpenSUSE project board and an all-around open source guy. (In September, he released every one of his books, videos and comics under a Creative Commons license, while his Patreon page offers a tip jar and premiums for monthly patrons). But now he's also got a new "daily computing/nerd show" on YouTube, and last week -- using nothing but free software -- he interviewed the 64-year-old founder of the Free Software Foundation, Richard Stallman. "We talk about everything from the W3C's stance on DRM to opinions on the movie Galaxy Quest," Lunduke explains in the show's notes.

Click through to read some of the highlights.
"Instead of the DMCA, which makes it a crime to show people how to break DRM, it should be a crime to make, import or lease or sell devices with DRM," Stallman says. "Both the players and the media. It should be a crime. The executives of the companies that are now pulling the strings of the W3C, they should go to jail for doing DRM. "

Asked about Sir Tim Berners-Lee's endorsement of DRM in HTML5, Stallman quipped that "The fact that he's a knight means he was of service to the empire. And now he's being of service to another empire...What's happening here is that Berners-Lee and Jeff Jaffee have convinced themselves that by making this a standard, they will make the injustice of DRM smoother and less annoying in minor ways. And they've convinced themselves that that's the purpose of their lives... "

"He should handle it by saying no. But he can't really. And the reason is he set up an organization which is controlled by the businesses that want to put in the most money... By structuring it so it's controlled by the businesses, they've structured it so it wouldn't defend us from those businesses."

Stallman calls Skype "a non-free program with a network effect" whose users are "victim co-perpetrators," and also says that "Nobody uses Facebook, Facebook uses them. Facebook doesn't have users. It has useds. If you have a Facebook account, Facebook is using you to get information about you and about other people you know..."

Stallman pans mobile devices "that are full of peripherals that require non-free software at the system level. So there's no way to free them and have them work, except lots of painstaking reverse engineering, which is proceeding slowly."

And Stallman reserves a special bile for "the internet of Stings", saying "I personally wouldn't tolerate anything in my home that was talking to the internet except for my computer. They're designed to mistreat you. And part of the way they're designed to mistreat you is that they contain non-free software. And as happens often in the non-free software world, they have malicious functionality... It's the act of folly to use such a device."

Citing evils including surveillance, DRM, and back doors, as well as censorship and tethering to a remote server, Stallman says "If any proprietary program nowadays has no malicious functionality, that's basically luck."

"With free software you can remove any malicious functionality [or] a few other users can get together and release their modified version, and you just have to use it. With free software the community of users can defend itself from malicious functionalities. With proprietary software, the users are defenseless. This is why the mere fact of being proprietary software is an injustice." At one point he even says that proprietary software is like a dangerous drug, and "we've got to teach people to get off of it."

His advice to others? "Reject products with DRM. Never use any product designed to restrict you unless you have, immediately to hand, what it takes to break the handcuffs."

Stallman says he's running Trisquel's GNU/Linux distro on a ThinkPad x60, "one of the models of computer that can run a free BIOS with no binary blobs in the BIOS or in Linux, no proprietary software at any level of the GNU system. This is basically what we were aiming for 34 years ago."

Lunduke asks Stallman how a staunch proponent of free software -- and a man who doesn't agree to EULAs -- gets his entertainment media? Stallman replies, "No movie or show or song is worth giving up my freedom for. So I don't. So the only ways I will get copies of publications is when there's an ethical way to do it, one that doesn't mistreat me, doesn't do injustice to those who are using it..." "I buy music on CDs from physical stores... The problem is in the U.S. it's hard to find such stores any more!"

As a recovering teenaged TV addict, he no longer owns a television -- he went cold turkey when he went to college -- but he loved The Prisoner, and quotes it. " 'I'm going to escape and come back and wipe this place off off the face of the earth' is an inspiration to me. You might say that spirit is the base of the Free Software Movement. I'm going to escape from proprietary software, and come back, and wipe proprietary software off the face of the earth."

Finally, Stallman says we need more free software champions to help with this great work, and when Lunduke conveys the thank-yous of many free software fans, Stallman replies, "The best way to thank me and the thousands of other people who've worked on GNU is by helping us advance. So look at GNU.org/help, and you'll see see dozens of different kinds of work you can do or contributions you can make. And it's not all programming..."

It's one of the longest-running comics on the internet. (Slashdot is approaching its 20th anniversary, and in its first year ran two stories about Pokey.) Open source developer Steve Havelka of Portland, Oregon created the truly bizarre strip back in 1998 -- one legend says it was originally a parody of another comic drawn with Microsoft Paint -- and he's since sporadically cranked out 637 strips.

Since 2010 he's also been publishing the cartoons in printed books, and this year launched an equally surreal page on Patreon identifying himself as "Steve Havelka, THE AUTHORS of Pokey the Penguin," offering supporters a "mystery item in the mail". Pokey has lots of fans -- he earned a shout-out in the videogame Hitman: Blood Money -- and very-long-time Slashdot reader 198348726583297634 informs us that on this 19th anniversary Pokey "is celebrating on Twitter!" where he's apparently accosting other web cartoonists and touting a new birthday strip. (Not to be confused with that truly horrible Pokey-goes-to-a-party movie created in Adobe Flash.)

I'd like to hear from any Slashdot readers who remember Pokey the Penguin -- but I'm also curious to hear from Slashdot readers who have never read the strip. ComixTalk called it "one of those webcomics that really only exist because of the Internet -- it would be hard to see something like this in any other medium... there's just something about Pokey the Penguin that fits online."

A developer's quest to preserve (and validate) every game ROM for the Super Nintendo Entertainment System has hit a glitch -- thanks to the U.S. postal service. Byuu, the creator of the Higan SNES emulator, had been expecting a package with 100 games from the PAL region (covering most of Europe, Africa, South America, and Oceania). wertigon writes: As it turns out, someone at the USPS thought it was a good idea to lose the package, thereby robbing the project of roughly $5000 and the sad hopes of ever seeing a full indexing, like the one done to the U.S set. Byuu writes... "I do still want to dump and scan the Japanese games I already purchased. But we will never have a complete PAL set. Kotaku reports the games were worth up to £8,000, and though Byuu says the sender never requested reimbursement, it's going to happen "because I can't live with myself if it doesn't." He's asking for donations on Patreon, adding "If the package ultimately arrives, I will be refunding all donations." In that Thursday update, Byuu writes that the post office had finally shipped him the label from the package "and nothing else, claiming the machine ate it." They've launched an investigation, reports Byuu, adding "It's still an incredibly long shot that they'll find anything, but we'll see. I really, really hope that they do."

Open source guru Eric Raymond turns 60 this year, prompting this question from an anonymous reader: Eric Raymond's newest writing project is "Things Every Hacker Once Knew," inspired by the day he learned that not every programmer today's knows the bit structure of ASCII. "I didn't write it as a nostalgia trip -- I don't miss underpowered computers, primitive tools, and tiny low-resolution displays... In any kind of craft or profession, I think knowing the way things used to be done, and the issues those who came before you struggled with, is quite properly a source of pride and wisdom. It gives you a useful kind of perspective on today's challenges."

He writes later that it's to "assist retrospective understanding by younger hackers so they can make sense of the fossils and survivals still embedded in current technology." It's focusing on ASCII and "related technologies" like hardware terminals, modems and RS-232. ("This is lore that was at one time near-universal and is no longer.") Sections include "UUCP and BBSes, the forgotten pre-Internets" and "The strange afterlife of the Hayes smartmodem" (which points out some AT commands survived to this day in smartphones). He requests any would-be contributors to remember that "I'm trying to describe common knowledge at the time." This got my thinking -- what are some that every programmer once knew that have since been forgotten by newer generations of programmers?
Eric Raymond is still hard at work today on the NTPsec project -- a secure, hardened, and improved implementation of Network Time Protocol -- and he promises donations to his Patreon page will help fund it. But what things do you remember that were commonplace knowledge "back in the day" that have now become largely forgotten? Leave your best answers in the comments. What are some things that every hacker once knew?

The free iOS version of the Tor browser "sparked a tidal wave of interest" after its release in December, according to Silicon.co. Mickeycaskill writes: The cost has been scrapped due to developer Mike Tigas' worries that the price was limiting access to anonymous browsing for those who need it most. "Given recent events, many believe it's more important than ever to exercise and support freedom of speech, privacy rights, and digital security," Tigas wrote in a blog post. "I think now is as good a time as ever to make Onion Browser more accessible to everyone."
"I'm still a little terrified that I've made this change," Tigas adds. For four years the Tor Onion browser was available on the Apple App Store for $0.99, the lowest non-free price allowed by Apple, providing a "reliable" income to Tigas which helped him move to New York for a new job while allowing him "the economic freedom to continue working on side projects that have a positive impact in the world." Tigas also writes that "there's now a Patreon page and other ways to support the project."

Last month the Tor Project also released the first alpha version of the sandboxed Tor Browser.

AmiMoJo writes: In a blog post Jake Conte, CEO and co-founder of Patreon, writes: "There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key."

Brianna Wu is the head of development at Giant Spacekat, a company specializing in cinematic experiences using the Unreal engine. She’s also a frequent speaker on women-in-tech issues and was one of several women subjected to a campaign of attacks in Gamergate. Wu has worked as a journalist and politico. She currently has a patreon campaign which helps to offset the costs of doing speaking engagements and work to further the goals of feminism and women in tech. Brianna has agreed to give us some of her time and answer any questions you may have. As usual, ask as many as you'd like, but please, one per post.