Month: September 2021

• 

  Sam's Odradek acts as a sensor for BTs.

Death Stranding's release in 2019 was probably the most anticipated game of Hideo Kojima's career.

The Metal Gear director had arguably become the premiere auteur in video games. He had a reputation for convention-bucking design, meta-humor, and unapologetic cinematic influences. But this project was the first child of his acrimonious divorce with Konami, and no one had a clue what he might do next.

Death Stranding was appropriately weird, whatever it was. The first teaser showed crab exoskeletons crawling over a lifeless beach, tar handprints imprinted on the sand, a naked, weeping Norman Reedus (in our original review on PS4, Death Stranding is Hideo Kojima unleashed. So what could possibly be left for a Death Stranding Director's Cut? It turns out, quite a lot—just maybe not by that name.

Enlarge / A Fortnite loading screen displayed on an iPhone in 2018, when Apple and Epic weren't at each other's legal throats. (credit: Andrew Harrer | Bloomberg | Getty Images)

Weeks after Epic's apparent "win" against Apple in the Epic Games v. Apple case, Apple issued a letter denying Epic's request to have its developer license agreement reinstated until all legal options are exhausted. This effectively bans Fortnite and any other software from the game maker from returning to Apple's App Store for years.

Epic was handed an initial victory when the US District Court for Northern California issued an injunction on September 10 ordering Apple to open up in-game payment options for all developers. At the time, the injunction was something of a moral victory for Epic—allowing the developer to keep its in-game payment systems in its free-to-play Fortnite intact while avoiding paying Apple a 30 percent fee that had previously covered all in-app transactions.

But now Epic has faced a significant reversal of fortune.

• 

  Get ready for the Super Mario film, hitting theaters in a little over one year. [credit: Nintendo ]

Nintendo's "winter 2021" direct-video presentation exploded on Thursday with reveals of serious fan service coming to not only Switch consoles but also movie theaters by the end of next year.

The event's biggest pop-culture announcement was the upcoming Super Mario CGI animation movie, now confirmed to launch in the United States on December 21, 2022. This film, helmed by CG animation house Illumination (Despicable Me), still doesn't have a title or any preview footage. But it does have an English-language cast:

• Chris Pratt (Guardians of the Galaxy) as Mario
• Anna Taylor-Joy (The Queen's Gambit) as Peach
• Charlie Day (It's Always Sunny in Philadelphia) as Luigi
• Jack Black (Jumanji) as Bowser
• Keegan-Michael Key (Key and Peele) as Toad
• Kevin-Michael Richardson (Teen Titans) as Kamek
• Fred Armisen (SNL) as Cranky Kong
• Sebastian Maniscalco (The Irishman) as Foreman Spike (from the Wrecking Crew series)

None of Nintendo's other YouTube channels, particularly the Japanese feed, confirmed any voice cast members for the film's likely additional languages. Nintendo did confirm that Charles Martinet (who has voiced Super Mario in games since 1996) will participate in the film, though in exactly what capacity remains to be seen (er, heard). My money's on Waluigi.

Enlarge / Signage outside the Centers for Disease Control and Prevention (CDC) headquarters in Atlanta, Georgia, on Saturday, March 14, 2020. (credit: Bloomberg | Getty Images)

An independent committee of experts that advises the Centers for Disease Control and Prevention voted Thursday to recommend booster doses of the Pfizer/BioNTech mRNA vaccine for persons ages 65 and older; residents of long-term care facilities ages 18 and up; and those ages 50 to 64, who have underlying medical conditions that put them at high risk.

Additionally, the committee recommended that people ages 18 to 49 with such underlying medical conditions should have the option to receive a booster dose after weighing their individual benefits and risks.

The Pfizer/BioNTech boosters are recommended to be given at least six months after the initial two doses. And they are intended only for people who received an initial series of two Pfizer/BioNTech vaccines—not those who received Moderna or Johnson & Johnson vaccines.

Enlarge / Facebook CEO Mark Zuckerberg testifies before a combined Senate Judiciary and Commerce committee hearing in the Hart Senate Office Building on Capitol Hill April 10, 2018 in Washington, DC. Zuckerberg, 33, was called to testify after it was reported that millions of Facebook users had their personal information harvested by Cambridge Analytica. (credit: Alex Wong/Getty Images)

In a newly unsealed lawsuit, Facebook shareholders allege that the company intentionally overpaid a $5 billion Federal Trade Commission fine to protect CEO Mark Zuckerberg from further government scrutiny.

"Zuckerberg, Sandberg, and other Facebook directors agreed to authorize a multi-billion settlement with the FTC as an express quid pro quo to protect Zuckerberg from being named in the FTC's complaint, made subject to personal liability, or even required to sit for a deposition," the lawsuit says (emphasis in the original). An early draft of the order obtained by The Washington Post through the Freedom of Information Act shows that the commission was considering holding Zuckerberg responsible.

The FTC levied the fine in July 2019 in the wake of the Cambridge Analytica scandal, which saw political operatives harvesting the personal data of 50 million Facebook users without their consent. (The lawsuit says only 0.31 percent of the affected users consented.) The fine (which was a record for privacy-related penalties) was 50 times larger than the maximum prescribed by a previous FTC consent decree, the lawsuit alleges. It was also well in excess of the previous record fine of $168 million.

Enlarge / If you own the right domain, you can intercept hundreds of thousands of innocent third parties' email credentials, just by operating a standard webserver. (credit: Guardicore)

Security researcher Amit Serper of Guardicore discovered a severe flaw in Microsoft's autodiscover—the protocol which allows automagical configuration of an email account with only the address and password required. The flaw allows attackers who purchase domains named "autodiscover"—for example autodiscover.com, or autodiscover.co.uk—to intercept the clear-text account credentials of users who are having network difficulty (or whose admins incorrectly configured DNS).

Guardicore purchased several such domains and operated them as proof-of-concept credential traps from April 16 to August 25 of this year:

• Autodiscover.com.br
• Autodiscover.com.cn
• Autodiscover.com.co
• Autodiscover.es
• Autodiscover.fr
• Autodiscover.in
• Autodiscover.it
• Autodiscover.sg
• Autodiscover.uk
• Autodiscover.xyz
• Autodiscover.online

A web server connected to these domains received hundreds of thousands of email credentials—many of which also double as Windows Active Directory domain credentials—in clear text. The credentials are sent from clients which request the URL /Autodiscover/autodiscover.xml, with an HTTP Basic authentication header which already includes the hapless user's Base64-encoded credentials.

• 

  How Linux gets to a phone: the Linux LTS kernel gets forked by Google for the Android Common Kernel, then that gets forked by an SoC vendor for each chip, then that gets forked again by a device manufacturer. [credit: Google ]

The Linux Plumbers Conference is this week, and since Android is one of the biggest distributors of the Linux kernel in the world, Google software engineer Todd Kjos stopped by for a progress report from the Android team. Android 12—which will be out any day now—promises to bring Android closer than ever to mainline Linux by shipping Google's "Generic Kernel Image" (GKI) to end-users.

Traditionally, the Linux kernel is forked several times before it hits an Android phone, usually by each stakeholder in an Android device. First, Google forks the Linux kernel into "Android common"—the Linux kernel plus a bunch of phone- and Android-specific changes. Then SoC vendors like Qualcomm, Samsung, or MediaTek fork Android Common to make an SoC-specific kernel for each major chip release. Then each device gets a fork of the SoC kernel for device-specific hardware support.

Android's kernel fragmentation is a huge mess, and you can imagine how long and difficult the road is for a bugfix at the top of the fork tree to reach to the bottom, where end-users live. The official Android.com documentation notes that "These modifications can be extensive, to the point that as much as 50% of the code running on a device is out-of-tree code (not from upstream Linux or from AOSP common kernels)." It's also a big time sink, and even Google phones typically ship kernels that start at two years old.