iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

(arstechnica.com)

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable—meaning radio-proximity exploits could spread from one near-by device to another, once again, with no user interaction needed.

This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research arm. In a 30,000-word post published on Tuesday afternoon, Beer described the vulnerability and the proof-of-concept exploit he spent six months developing single handedly. Almost immediately, fellow security researchers took notice.

Wow. That’s a fine piece of work 😮

Arecibo radio telescope's massive instrument platform has collapsed

(arstechnica.com)

On Monday night, the enormous instrument platform that hung over the Arecibo radio telescope's big dish collapsed due to the failure of the remaining cables supporting it. The risk of this sort of failure was the key motivation behind the National Science Foundation's recent decision to shut down the observatory, as the potential for collapse made any attempt to repair the battered scope too dangerous for the people who would do the repairs.

That’s that, it seems. The radio telescope is no more. 😕

Conrad Black: There's much to celebrate in Sir John A. Macdonald's legacy

(nationalpost.com)

The heroes of the month among Canada’s elected officials must be the councillors of Prince Edward County, Ont., who voted last week to retain the statue of Sir John A. Macdonald on the main street of Picton. There was the now customary agitation to remove the statue because of Macdonald’s allegedly oppressive conduct toward the Native people. Coun. Philip St. Jean led the retention argument, stating that the statue in such a prominent location fosters education and curiosity about the history of the country. One of the interveners at the public hearing that determined the issue has two Cree daughters and said that the statue is “a symbol of colonialism, patriarchy and white supremacy. Taking down a statue because we are recognizing the truth of the impact this man and his policies had, and has on Indigenous people, has a feeling of reconciliation to me. But to be clear, it is only a baby step towards true reconciliation; it is a gesture.”

This encapsulates the current self-induced national moral weakness: nativist advocates think that removing an effigy of the founder of our country and someone who was regarded by his peers in the time of Lincoln, Palmerston, Disraeli, Gladstone and Bismarck as a great statesman is required because of largely unspecified offences in one policy area of his 28 years as head of Canada’s government (the so-called United Province of Canada, and then the Dominion of Canada), and even that would be a mere “gesture.” “Reconciliation” evidently consists of abject self-humiliation by the 95 per cent of Canadians who are not descended from the Indigenous peoples, and we have become so quaveringly enfeebled, we are expected to submit to this. […]

The Prince Edward County intervener’s claim that Macdonald represented “colonialism patriarchy, and white supremacy” was an outrage. Macdonald ended Canada’s colonial status and was the benign and democratically elevated patriarch of the country he chiefly founded, including all of its races and ethnicities. Whites were 98 per cent of Canadians at that time but in the intervening years Canada has welcomed others with open arms and in great numbers. The Natives of Canada have many legitimate grievances that have to be addressed generously and without condescension. But they might occasionally remember the many advances the colonists brought with them, to what was essentially a stone age society, and the great, peaceful country that has evolved since. My friend Prof. Joe Martin (Rotman School of Business, U of T), and I spoke at Queen’s University in Kingston, Ont., two years ago opposing the removal of Sir John A. Macdonald’s name from the law faculty of that university. Macdonald represented Kingston as a legislator for 47 years. It has now been removed and the cowards responsible should be ashamed of themselves and not of the greatly distinguished founder of our country.
Conrad Black

This is one of the biggest problems that energized activists face: a shocking lack of knowledge.

If there are genuine grievances related to the prominent display of a historical figure, then people absolutely have the right to present their case and have it discussed. What I see with a lot of the activists, however, is a case based more on hearsay and raw emotion than carefully considered rational thought. By not presenting their case as an adult, there is little reason for people to take the issue seriously. In the case of Sir John A. Macdonald, the founder of Canada, there is a lot more good that he did than not, even by today’s moral standards.

People really need to learn about history and look at people and events contextually before demanding names be struck from buildings and statues topples and beheaded 😑

Thanksgiving eve was the busiest air travel day of the pandemic, despite health warnings

(www.washingtonpost.com)

The busiest air travel day of the coronavirus pandemic came on Wednesday, the day before Thanksgiving, with 1,070,967 passengers clearing airport security.

It was the third time in one week that the Transportation Security Administration reported screening more than 1 million daily passengers — a milestone that airports have rarely seen since the pandemic slashed air travel in March.

This is interesting, as I had figured more people would be driving. Any flight less than 1000km can probably be done by car just as quickly and with less stress 🤔

Massive, China-state-funded hack hits companies around the world, report says

(arstechnica.com)

“Japan-linked organizations need to be on alert as it is clear they are a key target of this sophisticated and well-resourced group, with the automotive industry seemingly a key target in this attack campaign,” researchers from security firm Symantec wrote in a report. “However, with the wide range of industries targeted by these attacks, Japanese organizations in all sectors need to be aware that they are at risk of this kind of activity.”

I wonder if this is why my network is seeing a lot more external traffic, but fewer HTTP requests. From what I can tell, the firewall is doing its job, though …

Apple drops its cut of App Store revenues from 30% to 15% for some developers

(arstechnica.com)

The cut benefits only developers who pull in less than $1 million annually.

Hmm … this is an interesting way to appease antitrust lawsuits while simultaneously giving Epic and Spotify the bum end of the deal 🤔

Advancing gender equality in Canadian workplaces

(www.thespec.com)

Much progress has been made over the last 40 years on gender equality in Canada, but the gender wage gap remains a reality. Making sure all people receive equal pay for work of equal value is not only a moral imperative, it is an economic advantage. When people feel they are competing on an even playing field, it unlocks their enthusiasm, encourages their creativity and pushes them to reach their optimal potential.

Over the years, greater participation of women in the workforce has accounted for about one-third of Canada’s economic growth. Despite this progress, the gender wage gap persists. Based on the most recent data, Canadian women earned 89 cents for every dollar Canadian men earned.

There are several leaps in logic here that require people to suspend any expectation of context or situational awareness. One of the big ones is “employment experience”. Women generally have several years less employment experience than men of the same age due to the challenges of raising young children. Based on the numbers that the government themselves publish, men with five fewer years experience in a field earn, on average, 15~20% less than their more experienced counterparts. A 25 year old man earns less than a 30 year old man, who earns less than a 40 year old man, who earns less than a 50 year old man.

To ensure women receive equal pay for work of equal value, we developed the Pay Equity Act (the Act), which is expected to come into force later next year in federally regulated workplaces. However, before the Act comes into force, regulations that will complete the pay equity regime need to be finalized.

This is going to be really hard to validate. How does one judge the equality of work? Is it by job title? Is it by task? Could a database administrator who maintains a system be considered “less valuable” than a database administrator who architects a system? Both jobs are crucial, but one requires an additional skill set over the other.

These initiatives will help create workplaces where workers feel safer, more valued, more included and secure. Creating these enhanced conditions will enable and encourage workers to do their best work, which is a net positive for employers and the economy.

Where is the evidence for this? History has shown that the companies who flatten their pay scales do a couple of things:

  1. They unnecessarily devalue the efforts of high performers, regardless of genetic configuration
  2. They encourage people to forfeit overtime, as one person working overtime creates an imbalance in the group or, worse, overtime efforts are pooled and split evenly across all members of the group, rewarding the laziest and punishing the foolhardy
  3. They drive the highest performers away, reducing the effectiveness of the organization

Canada already has a serious “brain-drain” problem. These “equality of outcome” situations only exacerbate it.

We are also moving forward with a new Administrative Monetary Penalties regime to help create safer and more just working conditions through improved compliance with the Canada Labour Code.

In other words, pay that is aligned with effort is illegal.

These initiatives for greater workplace safety, wage equality and pay transparency by our government constitute a new approach to fairness in the workplace. We have taught our children that equality is a given and not a debate. It is time to show that we practice what we preach when it comes to equality in the workforce.

There is a lie in here. Equality is not a given; it is a responsibility. Equality of opportunity is the responsibility of all people, regardless of who seeks that opportunity. Equality of outcome is an impossible lie that disincentivizes entire societies. We’ve seen this before in Soviet Russia, Maoist China, Polpot’s Cambodia …

Equality of outcome is effectively a death sentence for creative output across all fields.

There is no doubt in my mind that a person who does a task should be paid according to the value they bring an organization. Their gender, appearance, political stance, or ideological beliefs should not even come into the equation because there’s no justification for it. However, to think that every person with a specific job title is just as valuable as another is an outright lie and it should be called out as such.

Bill C-65 is a whole lot of evil codified in law, and it’s going to kill any reason for truly remarkable Canadians to bust their butt to excel at something they consider valuable. Why in the world would anyone want to put in 80 hour weeks if their pay will be exactly the same as someone with the same job title who is in the office for 40 hours and maybe works for 5 of those hours?

MacOS Big Sur update is bricking some older MacBook Pros

(www.engadget.com)

According to MacRumors, users on Apple’s forums and Reddit are stuck with a black screen when trying to update their late 2013 or mid 2014 13-inch MacBook Pro models to Big Sur. Nothing appears to solve the issue, including shortcuts to reset the NVRAM and SMC.

An engineer investigating one customer’s problems appeared to have resolved the issue after removing an IC chip for the HDMI port, but it’s not certain that’s the cause.

Well this wouldn’t be fun to deal with. It’s interesting that someone could resolve the issue by removing a chip from the HDMI port. I wonder if the video out is going to the wrong place. One thing I’ve learned over the years is that the only thing that should be plugged into the notebook during an OS update is the power …

Japan suicides rise as economic impact of coronavirus hits home

(www.japantimes.co.jp)

The number of suicides in Japan rose in October for the fourth month in a row to the highest level in more than five years, data showed Tuesday, a trend activists have blamed on the economic impact of the coronavirus, on women in particular. […] According to preliminary police data, the total number of suicides for October was 2,153, an increase of more than 300 from the previous month and the highest monthly tally since May 2015.

About 70 people every day. Mind you, these are the known cases. Some people are not discovered for months.

Through the ages in Japan, suicide has been seen as a way to avoid shame or dishonor.

That’s not the driving force behind a lot of the suicides lately. People are raised to “not be a burden unto others”. Asking for help from friends and family is perceived as being a burden. For many people, this would be worse than death. Once you are independent, you are expected to remain as such.

For many years getting psychological help was stigmatized, and Japan has the grim distinction of the highest suicide rate among G7 countries.

It is still stigmatized. Seeing a psychologist is a “sign of weakness” and “poor upbringing”, as it means you don’t have it all figured out just yet … which I agree is absurd.

Microsoft engineer gets nine years for stealing $10M from Microsoft

(arstechnica.com)

A former Microsoft software engineer from Ukraine has been sentenced to nine years in prison for stealing more than $10 million in store credit from Microsoft's online store. […] The software automatically prevented shipment of physical products to testers like Kvashuk. But in a crucial oversight, it didn't block the purchase of virtual gift cards. So the 26-year-old Kvashuk discovered that he could use his test account to buy real store credit and then use the credit to buy real products.

At first, Kvashuk bought an Office subscription and a couple of graphics cards. But when no one objected to those small purchases, he grew much bolder. In late 2017 and early 2018, he stole millions of dollars worth of Microsoft store credit and resold it online for bitcoin, which he then cashed out using Coinbase.

Accountants are usually pretty good at spotting irregularities. It was only a matter of time, but to grab millions? Jeez … 🙄