Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective
As just one example (unrelated to what follows), their software bundles FFmpeg DLLs that were built in 2012 and have not been updated since then. There have been over a hundred security updates in that time, none of which have been applied.
In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.
Changes to Sharing and Viewing News on Facebook in Australia
In response to Australia’s proposed new Media Bargaining law, Facebook will restrict publishers and people in Australia from sharing or viewing Australian and international news content.
Justice Thomas Writes a Misguided Anti-Section 230 Statement “Without the Benefit of Briefing”–Enigma v. Malwarebytes
This statement bears some resemblance to Justice Thomas’ statement in early 2019 that the Supreme Court should reconsider the actual malice standard from New York Times v. Sullivan. Like this statement, that statement was anti-media, pro-censorship, and quite unpersuasive. So far, the Supreme Court hasn’t taken up Justice Thomas’ initiative against the actual malice standard. I hope this statement suffers the same fate.
The Art of the Bad Faith Argument
The person who types “lol” is never actually laughing; the person who types I’M SCREAMING is silently dabbing at a screen. In the same way, the person who is perpetually shocked and outraged and brimming with righteous fury is almost always lying to themselves. They’re as affectless as the rest of us: play-acting, downloading synthetic emotions, and then passing them on.
Unsubscribe: The $0-budget movie that ‘topped the US box office’
But on 10 June, one box office-topping movie was watched by just two people, in one cinema. Unsubscribe, a 29-minute horror movie shot entirely on video-conferencing app Zoom, generated $25,488 (£20,510) in ticket sales on that day. Nationwide, the movie hit the top of the charts, according to reputable revenue tacker Box Office Mojo. The budget of the movie: a flat $0. How was that possible?
Augmented Reality Is Now Mainstream on Instagram
I am alone in my apartment, as always, and I’ve just replaced my left eyeball with an orange springing out of its peel. A mile away, a friend, also home alone, is taking her seat—every seat, actually—at the table in The Last Supper, yelling as the camera pans down the row of disciples and her face replaces that of one man after another. Another friend is watching a mouse dressed as the Pope dance across her kitchen floor. A third is smiling while a strange man wraps his arms around his throat.
The Early History of Usenet
>November 2019 is, as best I can recall, the 40th anniversary of the conception of Usenet. (What’s Usenet? The Wikipedia article is ok but not perfect.) I should have written a proper paper; instead, there will (probably) be an irregular series of blog posts.
I didn’t notice the series concluded a while back, so if you were waiting to read the whole thing, it’s done.
Monitoring And Debunking COVID-19 Panic: The “Haarlem Aldi” Hoax
Knowing how relatively calm the situation has been here in the Netherlands (especially in Haarlem, where there is one reported case), we at Bellingcat felt that the video was likely fake — and set out to prove it.
Hashtag of note
You will probably notice immediately that it contains a full-width dash, in other words a Unicode (probably Chinese-origin?) character. For some reason, this is all over Twitter in posts from Anglophone people I am almost completely sure have no input method installed that can actually produce it.
It’s not a real dash at all but a “Katakana-Hiragana prolonged sound mark“:
How Explaining Copyright Broke the YouTube Copyright System
This is a story about how the most sophisticated copyright filter in the world prevented us from explaining copyright law. It doesn’t involve TikTok dance moves or nuanced 90s remixes featuring AOC. No, it involves a debate at a law school conference over how and when one song can infringe the copyright of another and how exactly one proves in a courtroom if the accused song is “substantially similar” enough to be deemed illegal. In the end, because it was blocked by one of the music companies who owns the song, it also became a textbook study in how fair use still suffers online and what it takes to pushback when a video is flagged. A copyright riddle wrapped up in an algorithmic enigma, symbolic of the many current content moderation dilemmas faced by online platforms today.
Welcome to the age of the avatar
On the Internet, No One Knows You’re Not Rich. Except This Account.
In February, an Instagram account called @BallerBusters cropped up and began wreaking havoc on the flashy Instagram entrepreneur community.
Its goal: To expose phony entrepreneurs. Using a mix of screen-shotted receipts, memes and crowdsourced information from followers, the account seeks out people who don’t “act their wage.”
More Teenagers Mistakenly Think “Private” Chat Conversations Will Remain Private
As you can see, the chat participants–especially 7Up and Lady Gaga–seemingly discuss killing S, his goldfish, and his dog. But in the context of nonsense teen chatter, I don’t think anyone could read this transcript and believe that any of participants actually planned to harm S or any animals.
An unidentified person tipped off S to the thread’s existence. S asked “Me” about it. Me revealed the thread’s name to S. This got back to S’s mom, who told the principal, who brought the girls into his office, seized their phones, and turned them over to law enforcement. Prosecutors brought charges against 7Up/JP for misdemeanor online threats. A jury convicted 7Up. The appellate court reversed.
This is mostly nonsense, although it’s somewhat interesting to see court opinions wrestle with the conundrum of quoting screenshots.
Fixing up KA9Q-unix, or "neck deep in 30 year old codebases.."
Anyhoo, I’ve finally been mucking around with AX.25 packet radio. I’ve been wanting to do this since I was a teenager and found out about its existence, but back in high school and .. well, until a few years ago really .. I didn’t have my amateur radio licence. But, now I do, and I’ve done a bunch of other stuff with a bunch of other radios. The main stumbling block? All my devices are either Apple products or run FreeBSD - and none of them have useful AX.25 stacks. The main stacks of choice these days run on Linux, Windows or are a full hardware TNC.
It’s Scarily Easy To Track Someone Around A City Via Their Instagram Stories
By cross-referencing just one hour of footage from public webcams with stories taken in Times Square, BuzzFeed News confirmed the full identities of a half dozen people.
In Memoriam: J. C. R. Licklider
Two papers. Man-Computer Symbiosis and The Computer as a Communication Device.
The first argues for interactive systems. The computer can’t be an extension of our mind if it’s not responsive.
The second is a vision for networked communications. It sounds a lot like today, but more optimistic. Where did we go wrong?
Comments on Rep. Gosar’s “Stop the Censorship Act,” Another “Conservative” Attack on Section 230
Now that the text is public, we can finally do a well-informed evaluation.
This bill is terrible in many ways. Among other problems, it grossly misunderstands Section 230’s mechanics, its desired policy consequences would be horrible, and it is misdrafted to advance those objectives.
It doesn’t bring me any joy to dunk on a bill like this. Like Sen. Hawley’s bill, it almost certainly was meant as a piece of performative art to “play to the base” rather than as a serious policy proposal. But even as performative art, it highlights how Section 230 is grossly misunderstood by politicians inside DC, and it’s a reminder that modifying Section 230 requires extreme care because even minor changes could have dramatic and very-much-unwanted consequences.
The Lonely Work of Moderating Hacker News
The site’s now characteristic tone of performative erudition—hyperrational, dispassionate, contrarian, authoritative—often masks a deeper recklessness. Ill-advised citations proliferate; thought experiments abound; humane arguments are dismissed as emotional or irrational. Logic, applied narrowly, is used to justify broad moral positions. The most admired arguments are made with data, but the origins, veracity, and malleability of those data tend to be ancillary concerns. The message-board intellectualism that might once have impressed V.C. observers like Graham has developed into an intellectual style all its own. Hacker News readers who visit the site to learn how engineers and entrepreneurs talk, and what they talk about, can find themselves immersed in conversations that resemble the output of duelling Markov bots trained on libertarian economics blogs, “The Tim Ferriss Show,” and the work of Yuval Noah Harari.
This is a pretty fun read I think, even for people who don’t like HN. Or perhaps especially so. Some great, and dismal, quotes. Even ngate makes an appearance.
Better Encrypted Group Chat
End-to-end encrypted group messaging is also a hard problem to solve. Existing solutions such as Signal, WhatsApp, and iMessage have inherent problems with scaling, which I’ll discuss in detail, that make it infeasible to conduct group chats of more than a few hundred people. The Message Layer Security (MLS) protocol aims to make end-to-end encrypted group chat more efficient while still providing security guarantees like forward secrecy and post-compromise security.
The primary contribution of molasses has been in detecting errors in the specification and other implementations through unit and interoperability testing. Molasses implements most of MLS draft 6. Why not all of draft 6? There was an error in the spec that made it impossible for members to be added to any group. This broke all the unit tests that create non-trivial groups. Errors like this are hard to catch just by reading the spec; they require some amount of automated digging. Once they are found, the necessary revisions tend to be pretty obvious, and they are swiftly incorporated into the subsequent draft.
Nice work and a very nice explanation of the protocol.
The Only Way to Win Is Not to Play the Game
When I became a math and science writer, I had no idea that one of the most common requests I would get would be to weigh in on order of operations problems that somehow go viral in some segment of the internet.
The real answer, the one I believe any mathematician, physicist, engineer, other number-cruncher would tell you is to make sure your expressions aren’t ambiguous.
Another take: https://danso.ca/blog/order-of-operations/