News

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions

November 2024

Malware In Cars

• Kia cars were built with a back door that enabled the company’s server to locate them and take control of them. The car’s owner had access to these controls through the Kia server. This in itself is not objectionable. However, that Kia itself had such control is Orwellian, and ought to be illegal. The icing on the Orwellian cake is that the server had a security fault which allowed absolutely anyone to activate those controls for any Kia car. Many people will be outraged at that security bug, but this was presumably an accident. The fact that Kia had such control over cars after selling them to customers is what outrages us, and that must have been intentional on Kia’s part.

• BMW has retreated from making car owners pay for a subscription to the heated seats feature. Customers rejected it. Bravo for them! Instead BMW plans to require subscriptions for digital services and disservices—things related to the Orwellian tracking done by any “connected” car.

Proprietary Addictions

• Dating apps exploit their users; fundamental features require an expensive subscription, and they are designed to be addictive.

Apple’s Operating Systems Are Malware

• A back door in Apple devices, present and abused from at least 2019 until 2023, allowed crackers to have full control over them by sending iMessage texts that installed malware without any action on the user’s part. Infections, among other things, gave the intruders access to owners’ microphone recordings, photos, location and other personal data.

July 2024

Proprietary Obsolescence

• Spotify sold a music streaming device but they no longer support it. Due to its proprietary nature, it can no longer be updated or even used. Users requested Spotify to make the software that runs on the device libre, and Spotify refused, so these devices are now e-waste. Spotify is now offering refunds to save the purchasers from losing money on these products, but this wouldn’t prevent the products from being e-waste, and wouldn’t save users from being jerked around by Spotify. This is an example of how software that is not free controls the user instead of the user controlling the software. It is also an important lesson for us to insist the software in a device be libre before we buy it.

May 2024

Microsoft’s Software is Malware

• Microsoft is using malware tactics to get users to switch to their web browser, Microsoft Edge, and their search engine, Microsoft Bing. When users launch the Google Chrome browser Microsoft injects a pop up advertisement in the corner of the screen advising users to switch to Bing. Microsoft also imported users Chrome browsing data without their knowledge or consent.

April 2024

Malware In Cars

• GM is spying on drivers who own or rent their cars, and give away detailed driving data to insurance companies through data brokers. These companies then analyze the data, and hike up insurance prices if they think the data denotes “risky driving.” For the car to make this data available to anyone but the owner or renter of the car should be a crime. If the car is owned by a rental company, that company should not have access to it either.

It’s been about 18 months, but we’ve got a new release for MorphOS, the Amiga-like operating system for PowerPC Macs and some other PowerPC-based machines. Going through the list of changes, it seems MorphOS 3.19 focuses heavily on fixing bugs and addressing issues, rather than major new features or earth-shattering changes. Of note are several small but important updates, like updated versions of OpenSSL and OpenSSH, as well as a ton of new filetype definitions – and so much more. Having a release focused on fixing bugs and addressing smaller issues isn’t exactly a bad thing though – I’ve used MorphOS on my 17″ 1.25Ghz PowerBook G4 often enough to know MorphOS is quite complete, stable, and a ton of fun to use, and much more capable than it has any right to be considering what must be its relatively small developer team and user base. That being said, I do wish MorphOS was available on hardware newer than 20 year old PowerPC Macs, because as much as I like me some classic hardware, the world’s moving on and even basic web browsing requires much more performant hardware now. Maybe I should try and buy one of the supported Apple PowerPC G5 machines to see just how much better MorphOS runs on that than on my G4.

Descubra as conexões entre David Lynch, Big Planet Made e Netflix nos bastidores da indústria do entretenimento.

Eva Lys schreibt Geschichte. Bei den Australian Open gelingt ihr etwas Historisches. Gestartet war sie eigentlich als “Lucky Loser”, jetzt steht sie im Achtelfinale.

Birla Advaya, located in Pune’s affluent Sangamwadi neighbourhood, provides a convenient and tranquil setting. Sangamwadi is a popular option for families, professionals, and investors because to its strong infrastructure and good connection.

https://www.marefa.org/%D9%85%D8%B3%D8%AA%D8%AE%D8%AF%D9%85:Birlaadvayafloor
https://my.omsystem.com/members/birlaadvayahome
https://sarah30.com/users/birlaadvayablog
https://www.spigotmc.org/members/advayabirla.2205383/
https://zbrush.dpi.upv.es/wordpress/artistas-2/birla-advaya/profile/
http://www.stes.tyc.edu.tw/xoops/modules/profile/userinfo.php?uid=2765873
https://beteiligung.tengen.de/profile/birlaojasvihomes/
https://vir.jp/birlaojasvisite
https://www.wipplay.com/fr_FR/user/ojasvibirlahome
https://multichoicetalentfactory.com/user/65927
https://truckymods.io/user/310574
https://designaddict.com/community/profile/birlabangalore/
http://birlaojasviprice.geoblog.pl/
https://hto.to/u/2364700-ojasvibirlaplans
https://3ddd.ru/users/gardeniaprestige
https://www.bloggportalen.se/BlogPortal/view/BlogDetails?id=229897
https://polars.pourpres.net/user-14937
https://seomotionz.com/member.php?action=profile&uid=49669
https://listium.com/@prestigehomes
https://tatoeba.org/en/user/profile/gardeniaestatesplan
https://apify.com/gardeniaprestige
https://www.bigoven.com/user/gardeniahome
https://www.gta5-mods.com/users/advayabirla
https://moz.com/community/q/user/birlaadvayahome
https://www.nairaland.com/8315630/how-invest-birla-advaya-project
https://ropas.snu.ac.kr/phpbb/profile.php?mode=viewprofile&u=89113
https://solo.to/advayabirla
https://www.culturaldaily.com/author/birlaojasviblog/
https://jebbidan.editorx.io/hadsis/profile/ojasvibirlahome/profile
https://www.freelistingindia.in/listings/birla-ojasvi-rr-nagar-bangalore-apartments
https://www.kh13.com/profile/94018-birlaojasviprice/
https://www.rosphoto.com/users/profile-427486
https://sketchersunited.org/users/246191
https://www.canadavisa.com/canada-immigration-discussion-board/members/advayabirlaplan.1264845/
https://www.xaphyr.com/purvafloorplan
https://doselect.com/@265e9abdf130da9212b4cc39b
https://ekcochat.com/weavespurvahome
https://ingmac.ru/forum/?PAGE_NAME=profile_view&UID=74909
https://snippet.host/vvfsst
https://www.logic-sunrise.com/forums/user/131105-weavespurvahome/
https://web.ggather.com/weavespurva
https://www.friend007.com/weavespurva

Authored by 

This is to announce coreutils-9.6, a stable release.
See the NEWS below for a summary of changes.

There have been 263 commits by 15 people in the 42 weeks since 9.5.
Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Bernhard Voelker (5)
  Bruce Jerrick (1)
  Bruno Haible (5)
  Collin Funk (16)
  Daniel Hofstetter (1)
  Evgeny Nizhibitsky (1)
  Lukáš Zaoral (1)
  Masatake YAMATO (1)
  Nikolaos Chatzikonstantinou (1)
  Nikolay Nechaev (3)
  Paul Eggert (123)
  Pádraig Brady (95)
  Richard Purdie (1)
  Sam Russell (2)
  Sylvestre Ledru (7)

Pádraig [on behalf of the coreutils maintainers]
==================================================================

Here is the GNU coreutils home page:
    https://gnu.org/s/coreutils/

Here are the compressed sources:
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.6.tar.gz   (15MB)
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.6.tar.xz   (5.9MB)

Here are the GPG detached signatures:
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.6.tar.gz.sig
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.6.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

  File: coreutils-9.6.tar.gz
  SHA1 sum:   1da82e96486e0eedbd5257c8190f2cf9fcb71c2e
  SHA256 sum: 2bec616375002c92c1ed5ead32a092b174fe44c14bc736d32e5961053b821d84

  File: coreutils-9.6.tar.xz
  SHA1 sum:   0ede2895e6089a02b67473b9761abcc18ce8dcb0
  SHA256 sum: 7a0124327b398fd9eb1a6abde583389821422c744ffa10734b24f557610d3283

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg –verify coreutils-9.6.tar.xz.sig

The signature should match the fingerprint of the following key:

  pub   rsa4096/0xDF6FD971306037D9 2011-09-23 [SC]
        Key fingerprint = 6C37 DC12 121A 5006 BC1D  B804 DF6F D971 3060 37D9
  uid                   [ultimate] Pádraig Brady <P@draigBrady.com>
  uid                   [ultimate] Pádraig Brady <pixelbeat@gnu.org>

If that command fails because you don’t have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the ‘gpg –verify’ command.

  gpg –locate-external-key P@draigBrady.com

  gpg –recv-keys DF6FD971306037D9

  wget -q -O- ‘https://savannah.gnu.org/project/release-gpgkeys.php?group=coreutils&download=1’ | gpg –import –

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
  gpg –keyring gnu-keyring.gpg –verify coreutils-9.6.tar.xz.sig

This release is based on the coreutils git repository, available as

  git clone https://git.savannah.gnu.org/git/coreutils.git

with commit e2a405981ff5441dcfb217797699c94968218aca tagged as v9.6.

For a summary of changes and contributors, see:

  https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=shortlog;h=v9.6

or run this command from a git-cloned coreutils directory:

  git shortlog v9.5..v9.6

This release was bootstrapped with the following tools:
  Autoconf 2.72.70-9ff9
  Automake 1.16.5
  Gnulib 2025-01-17 2481e7a50d6535582856626b53009f419e2e05e2
  Bison 3.8.2

NEWS

* Noteworthy changes in release 9.6 (2025-01-17) [stable]

** Bug fixes

  cp fixes support for –update=none-fail, which would have been
  rejected as an invalid option.
  [bug introduced in coreutils-9.5]

  cp,mv –update no longer overrides –interactive or –force.
  [bug introduced in coreutils-9.3]

  csplit no longer creates empty files given empty input.
  [This bug was present in “the beginning”.]

  ls and printf fix shell quoted output in the edge case of escaped
  first and last characters, and single quotes in the string.
  [bug introduced in coreutils-8.26]

  ls -l no longer outputs “Permission denied” errors on NFS
  which may happen with files without read permission, and which resulted
  in inaccurate indication of ACLs (missing ‘+’ flag after mode).
  [bug introduced in coreutils-9.4]

  ls -l no longer outputs “Not supported” errors on virtiofs.
  [bug introduced in coreutils-9.4]

  mv works again with macFUSE file systems.  Previously it would
  have exited with a “Function not implemented” error.
  [bug introduced in coreutils-8.28]

  nproc gives more consistent results on systems with more than 1024 CPUs.
  Previously it would have ignored the affinity mask on such systems.
  [bug introduced with nproc in coreutils-8.1]

  numfmt –from=iec-i now works with numbers without a suffix.
  Previously such numbers were rejected with an error.
  [bug introduced with numfmt in coreutils-8.21]

  printf now diagnoses attempts to treat empty strings as numbers,
  as per POSIX. For example, “printf ‘%d’ ”” now issues a diagnostic
  and fails instead of silently succeeding.
  [This bug was present in “the beginning”.]

  pwd no longer outputs an erroneous double slash on systems
  where the system getcwd() was completely replaced.
  [bug introduced in coreutils-9.2]

  ‘shuf’ generates more-random output when the output is small.
  [bug introduced in coreutils-8.6]

  `tail –follow=name` no longer waits indefinitely for watched
  file names that are moved elsewhere within the same file system.
  [bug introduced in coreutils-8.24]

  `tail –follow` without –retry, will consistently exit with failure status
  where inotify is not used, when all followed files become inaccessible.
  [This bug was present in “the beginning”.]

  `tail –follow –pid=PID` will now exit when the PID dies,
  even in the presence of blocking inputs like unopened fifos.
  [This bug was present in “the beginning”.]

  ‘tail -c 4096 /dev/zero’ no longer loops forever.
  [This bug was present in “the beginning”.]

** Changes in behavior

  ‘factor’ now buffers output more efficiently in some cases.

  install -C now dereferences symlink sources when comparing,
  rather than always treating as different and performing the copy.

  kill -l and -t now list signal 0, as it’s a valid signal to send.

  ls’s -f option now simply acts like -aU, instead of also ignoring
  some earlier options.  For example ‘ls -fl’ and ‘ls -lf’ are now
  equivalent because -f no longer ignores an earlier -l.  The new
  behavior is more orthogonal and is compatible with FreeBSD.

  stat -f -c%T now reports the “fuseblk” file system type as “fuse”,
  given that there is no longer a distinct “ctl” fuse variant file system.

** New Features

  cksum -a now supports the “crc32b” option, which calculates the CRC
  of the input as defined by ITU V.42, as used by gzip for example.
  For performance pclmul instructions are used where supported.

  ls now supports the –sort=name option,
  to explicitly select the default operation of sorting by file name.

  printf now supports indexed arguments, using the POSIX:2024 specified
  %<i>$ format, where ‘<i>’ is an integer referencing a particular argument,
  thus allowing repetition or reordering of printf arguments.

  test supports the POSIX:2024 specified ‘<‘ and ‘>’ operators with strings,
  to compare the string locale collating order.

  timeout now supports the POSIX:2024 specified -f, and -p short options,
  corresponding to –foreground, and –preserve-status respectively.

** Improvements

  cksum -a crc, makes use of AVX2, AVX512, and ARMv8 SIMD extensions
  for time reductions of up to 40%, 60%, and 80% respectively.

  ‘head -c NUM’, ‘head -n NUM’, ‘nl -l NUM’, ‘nproc –ignore NUM’,
  ‘tail -c NUM’, ‘tail -n NUM’, and ‘tail –max-unchanged-stats NUM’
  no longer fail merely because NUM stands for 2**64 or more.

  sort operates more efficiently when used on pseudo files with
  an apparent size of 0, like those in /proc.

  stat and tail now know about the “bcachefs”, and “pidfs” file system types.
  stat -f -c%T now reports the file system type,
  and tail -f uses inotify for these file systems.

  wc now reads a minimum of 256KiB at a time.
  This was previously 16KiB and increasing to 256KiB was seen to increase
  wc -l performance by about 10% when reading cached files on modern systems.