T-Mobile starts blocking iPhone users in the US who use the iCloud Private Relay feature just to please their parent company Deutsche Telekom (which is among other European carriers already blocking it):

(9to5mac.com)

T-Mobile was among the carriers in Europe that signed an open letter expressing concern about the impact of Private Relay. The carriers wrote that the feature cuts off networks and servers from accessing “vital network data and metadata and could impact “operator’s ability to efficiently manage telecommunication networks.”

In the UK, carriers including T-Mobile, EE, and others have already started blocking Private Relay usage when connected to cellular data. 9to5Mac has also now confirmed that T-Mobile is extending this policy to the United States.

Why the US needs Net Neutrality back part 235676979…

Today is ultimate doomsday for BlackBerry legacy devices.

(arstechnica.com)

The effect of the end of support is detailed on an FAQ page the former device maker is hosting. The key change is that BlackBerry will no longer be sending out provisioning updates to these devices. Provisioning information provides details on how the devices should establish connections with different types of networking equipment, including cellular and WiFi networks. As a result, at some indeterminate point in the future, networking updates made by service providers will mean that the BlackBerry devices can no longer connect. As a result, BlackBerry says its devices "will no longer be expected to reliably function, including for data, phone calls, SMS and 9-1-1 functionality."

Today is ultimate doomsday if you have a BlackBerry legacy device as their servers shut down today. I have very good memories when I used those back in the 2000s. The Torch and Curve series are my favorites.

The Log4Shell 0day is still ongoing.

(arstechnica.com)

What has happened since Log4Shell surfaced last Thursday? Almost immediately, security firm Greynoise detected active scanning attempting to identify vulnerable servers. Researchers report seeing this critical and easy-to-exploit vulnerability being used to install crypto-mining malware, bolster Linux botnets, and exfiltrate configurations, environmental variables, and other potentially sensitive data from vulnerable servers.

This is going to be a shitty few weeks…

Some more info.

Nextcloud Hub II released today

(nextcloud.com)

This release presents a massive jump forward in terms capabilities, performance and integration for Nextcloud, marking it as the second major generation of our vision for Nextcloud Hub. As number one collaboration platform in Germany and the choice of collaboration platform for the Gaia-X project, Nextcloud is seeing an acceleration of deployments all over the world and in Europe in particular.

This update looks good and very promising. I like how they're fighting the good fight as well.

Winamp prepares a relaunch, new beta version almost ready

(www.bleepingcomputer.com)

One of the most popular media players to play MP3s was Winamp, with its retro skins and animated visualizers that moved along with the music you were playing. However, Winamp had not seen any further development after its version 5.666 release in 2013.

In October 2018, after Winamp 5.8 was leaked online, the developers decided to publish the leaked version on their website Winamp.com to allow everyone to use it in all its nostalgic glory. Unfortunately, while Radionomy, the owners of Winamp, said they had big plans for Winamp, no further versions have been released since then.

As first reported by Vosveteit, the lack of official development is about to change as the Winamp.com site received a redesign and a new logo was revealed for the media player this week.

Winamp's coming back? Interesting since it hasn't seen any major development for nearly a decade now and none since Radionomy brought it from AOL.

Apple to begin do-it-yourself repair program for iPhones, Macs next year

(www.cnet.com)

A new program, called Self Service Repair, will allow customers to buy parts from Apple for their products and perform repairs at home. Apple said it will also publish repair manuals online and offer tools to buy at the same prices authorized repair technicians pay.

The move marks a significant shift for the tech giant, which has historically restricted access to parts and repair manuals, as well as diagnostic and calibration apps, to its "authorized repair programs." Without Apple-sanctioned ways to repair devices, some users have turned to experts on YouTube and at companies like iFixit to learn how to acquire parts and perform repairs on their own.

Advocates have increasingly pressured Apple and other companies to open their service manuals, parts and tools to the public. More than a dozen states, including Apple's home in California, have considered laws supporting right-to-repair laws. And earlier this year, President Joe Biden issued an executive order calling on the Federal Trade Commission to investigate the issue.

Baby steps surely, but this is huge for Right to Repair especially coming from Apple, who was fighting this for decades.

Regulation works!

Raspberry Pi Zero 2 W on sale now at $15 USD

(www.raspberrypi.com)

Priced at $15, Raspberry Pi Zero 2 W uses the same Broadcom BCM2710A1 SoC die as the launch version of Raspberry Pi 3, with Arm cores slightly down-clocked to 1GHz, bundled into a single space-saving package alongside 512MB of LPDDR2 SDRAM. The exact performance uplift over Zero varies across workloads, but for multi-threaded sysbench it is almost exactly five times faster.

And yes, I went ahead and ordered it, looks fun!

Amazon Astro: privacy nightmare

(www.vice.com)

Developers who worked on Astro say the versions of the robot they worked on did not work well.

"Astro is terrible and will almost certainly throw itself down a flight of stairs if presented the opportunity. The person detection is unreliable at best, making the in-home security proposition laughable," a source who worked on the project said. "The device feels fragile for something with an absurd cost. The mast has broken on several devices, locking itself in the extended or retracted position, and there's no way to ship it to Amazon when that happens."

"They're also pushing it as an accessibility device but with the masts breaking and the possibility that at any given moment it'll commit suicide on a flight of stairs, it's, at best, absurdist nonsense and marketing and, at worst, potentially dangerous for anyone who'd actually rely on it for accessibility purposes," the source said.

Do. Not. Buy. This.

Period.

Framework laptop: Cory Doctorow's thoughts

(pluralistic.net)

Then I saw Ifixit's teardown of a Framework laptop. They described a computer whose hardware was fully user-maintainable/upgradeable. The system opens with six "captive" screws (they stay in the case) and then every component can be easily accessed.

There's no tape. There's no glue. Every part has a QR code that you can shoot with your phone to go to a service manual that has simple-to-follow instructions for installing, removing and replacing it. Every part is labeled in English, too!

The screen is replaceable. The keyboard is replaceable. The touchpad is replaceable. Removing the battery and replacing it takes less than five minutes. The computer actually ships with a screwdriver.

All this, without sacrificing size or power – it's so similar to a Macbook that a friend who came over for dinner (and who knows about my feelings about proprietary Apple hardware) expressed shock that I'd switched to a Macbook!

The Framework laptop has great reparability and customization. Exciting to see how it evolves over time although it does look promising here that if they keep this up, I might get one of these.

The Linux Foundation and other companies are putting in millions to help secure open-source software we all rely on

(www.zdnet.com)

Once your project is approved, progress reports are made approximately once a month. These must include:

A stable URL of a publicly accessible post (e.g., a blog or archived mailing list post) describing what you did that month.
> The post must briefly describe what has been accomplished using the funding since the last invoice. > Include its date and hyperlinks to details. If git commits were involved, include hyperlinks to them. Make it easy for technical people to learn details (e.g., via hyperlinks).
Also briefly describe why this work is important or link to such description(s), for someone who is not intimately familiar with it. Some readers may see your post out of context.
> Give credit, similar to National Public Radio. (e.g., "This work to <X> was [partially] funded by the OpenSSF, Google, and The Linux Foundation.") Thanking others is always polite. We also want people to consider funding OSS security as normal.
> Publicly provide an identifier (a personal name, pseudonym, or project name) of who's doing the work. This simplifies referring to the work. You do not need to reveal your personal name(s) publicly, though you're welcome to do so.

This is a hugely important development in the security side of things.