soyagi

Archived version: https://archive.ph/KYO3X

On Thursday, two more lawsuits were filed against Western Digital over its SanDisk Extreme series and My Passport portable SSDs. That brings the number of class-action complaints filed against Western Digital to three in two days.

In May, Ars Technica reported about customer complaints that claimed SanDisk Extreme SSDs were abruptly wiping data and becoming unmountable. Ars senior editor Lee Hutchinson also experienced this problem with two Extreme SSDs. Western Digital, which owns SanDisk, released a firmware update in late May, saying that currently shipping products weren't impacted. But the company didn't mention customer complaints of lost data, only that drives could "unexpectedly disconnect from a computer."

Further, last week The Verge claimed a replacement drive it received after the firmware update still wiped its data and became unreadable, and there are some complaints on Reddit pointing to recent problems with Extreme drives.

All three cases (one, two, and three) filed against Western Digital this week seek class-action certification (Ars was told it can take years for a judge to officially state certification and that cases may proceed with class-wide resolutions possibly occurring before official certification). Ian Sloss, one of the lawyers representing Matthew Perrin and Brian Bayerl in a complaint filed yesterday, told Ars he doesn't believe class-action certification will be a major barrier in a case "where there is a common defect in the firmware that is consistent in all devices." He added that defect cases are "ripe for class treatment."

Familiar stories

Both complaints filed yesterday reference Lee's ordeal and Ars' reporting on the matter, and they share new accounts that sound similar to complaints we've seen reported online.

Perrin and Bayerl's complaint says Perrin bought "at least" eight SanDisk Extreme SSDs off Amazon, including 2TB and 4TB Extreme and 4TB Extreme Pro models, and that Perrin "lost all data stored on several SanDisk SSDs."

Similarly, Bayerl reportedly bought "at least two" Extreme SSDs, including a 4TB Extreme, off Amazon. The complaint claims the drives still had busted firmware:

Plaintiff Bayerl has experienced the failure of two drives within minutes of each other and is now reluctant to use SanDisk Extreme products. Due to the nature of his work and the data on the devices, Plaintiff Bayerl spent nearly $8,000 on only partially successful efforts to retrieve the data from the failed drives through various data recovery third parties. These efforts also determined that the issue was caused by faulty internal firmware on the drives.

Perrin and Bayerl's complaint mentions the 2TB Extreme, which Western Digital hasn't officially confirmed as an affected device. A separate complaint filed on Wednesday mentions the 500GB and 1TB Extreme-series and My Passport models, which Western Digital hasn't said are affected.

Here are the drives Western Digital has said are affected:

• SanDisk Extreme Portable 4TB (SDSSDE61-4T00)
• SanDisk Extreme Pro Portable 4TB (SDSSDE81-4T00)
• SanDisk Extreme Pro Portable 2TB (SDSSDE81-2T00)
• SanDisk Extreme Pro Portable 1TB (SDSSDE81-1T00)
• Western Digital My Passport 4TB (WDBAGF0040BGY).

Perrin and Bayerl's complaint says that "the now-known issues with the defective SanDisk SSDs and significant risk of permanent data loss, has rendered the SanDisk SSDs worthless to individuals seeking reliable data storage."

"Worthless" is also used in the complaint filed Wednesday by Nathan Krum. The complaint filed Thursday on behalf of Saif Jafri also dubbed drives Western Digital named in its firmware update page, as well as the SanDisk Pro-G40 (PetaPixel recently claimed this drive broke after less than a month, but Ars has been unable to determine if the drive has a widespread problem), as "worthless."

Jafri's complaint says he bought an Extreme Pro (capacity not specified) because he was on an extended van trip and needed storage for drone footage, photos, and travel mementos. The drive reportedly "failed only a few weeks after" purchase.

"He had written data to the Drive no more than a handful of times, yet he nonetheless lost precious personal data," the complaint says.

The complaints also note that Western Digital's 30-day return and five-year warranty policies don't remedy lost data. The cases seek restitution, including damages, and for Western Digital to stop selling the affected drives until they're fixed or the problems are fully disclosed on all labels, packaging, and advertising.

Sloss told Ars that challenges of the case might include establishing how frequently drives failed after Western Digital shared its May firmware update.

"We believe the case is strong, that Western Digital’s response to the issue has been delayed, inadequate, and incomplete, and we believe people are continuing to purchase defective SSDs based on misleading information Western Digital has provided," Sloss said.

Sloss said that firms frequently agree to prosecute similar cases together, with one firm leading. He believes there could be even more law firms investigating claims that may file complaints against Western Digital.

Western Digital told Ars yesterday that it "does not comment on pending litigation."

Archived version: https://archive.ph/3vfmc

How much ink does an all-in-one printer need in order to fax a document? Or to scan one to your computer? The obvious answer is "none." But if you own certain printers from companies like HP and Canon, you won't be able to use core features unless the device has ink—even if those features have nothing to do with ink.

Unfortunately, all-in-one printers arbitrarily demanding ink to perform non-printing functions isn't a new frustration. And that's despite some companies having printers that can scan without ink. Clearly, scanning or faxing without requiring an ink cartridge would improve users' experience—and they've illustrated that through class-action lawsuits. But this hasn't stopped printer makers from fighting to keep the nettlesome practice.

No ink, no scan

Since mid-2022, HP has been fighting a class-action lawsuit alleging that certain all-in-one printer models won't scan or fax without ink and that HP doesn't properly disclose this to shoppers. On January 13, 2023, the complaint was dismissed but allowed to be amended (you can view the amended complaint here: [PDF]), and on August 10, a Northern District of California judge dismissed HP's motion to dismiss the amended complaint [PDF].

HP Envy 6455e and HP Deskjet 2655 purchasers Gary Freund and Wayne McMath filed the complaint, which states that HP printers are designed to enter an error state when low or out of ink, preventing usage until the installment of a new ink cartridge. The plaintiffs are also peeved that HP marketing and advertising doesn't clearly disclose this, the complaint says. The complaint also notes that an HP support agent has said that HP printers are "designed in such a way that with the empty cartridge or without the cartridge the printer will not function."

"HP’s All-in-One Printers do not work as advertised. Ink is not a necessary component to scan or to fax a document," the complaint reads.

It adds:

Tying the scan or fax capabilities of the All-In-One Printers to ink contained in the devices offers no benefit and only serves to disadvantage and harm consumers financially. However, tying the scan or fax capabilities of the All-In-One Printers to ink contained in the devices does, however [sic], serve to benefit HP.

Anyone who's owned an inkjet printer knows how expensive ink can be. That suggests a reason to push people to buy ink through tactics like blocking core features if no ink is present and reportedly selling printers below cost. Ink-buying programs have also become cash cows. HP in 2021, for example, said its Instant Ink subscription business was worth $500 million, per CRN. In its Q2 2023 financial report, HP named Instant Ink a key growth area.

The complaint against HP says:

Indeed, HP designs its All-in-One printer products so they will not work without ink. Yet, HP does not disclose this fact to consumers. … Even were it technically possible to scan a document without all ink cartridges present, HP does not disclose any 'workaround' to consumers in any of the product packaging nor in any of HP’s advertising and marketing materials regarding its multi-function devices.

The complaint seeks monetary damages as well as the end of HP's "misleading advertising and marketing campaign" and for HP to "engage in a corrective campaign to inform consumers of the misleading advertising."

Here are all the HP printer models listed in the complaint:

• HP Deskjet 2755e
• HP DeskJet 3755
• HP DeskJet 4155e
• HP ENVY 6055e
• HP ENVY 6075
• HP ENVY 6455
• HP ENVY Pro 6475
• HP OfficeJet 250 Mobile
• HP OfficeJet Pro 7740 Wide Format
• HP OfficeJet Pro 8025
• HP DeskJet 2622
• HP DeskJet 2655

HP declined to comment on this story.

Canon's doing it, too

HP isn't the only company demanding ink for scans and faxes. It's not even the only one that has faced litigation over it.

As noticed by The Verge, Canon back in March settled a class-action lawsuit [PDF] stating that Canon all-in-one printers can't scan or fax with low or empty ink cartridges and its "advertising claims are false, misleading, and reasonably likely to deceive the public."

The settlement terms weren't disclosed, and Canon didn't respond to Ars Technica's request for comment. But here are the models listed in that complaint:

• MAXIFY GX7020
• MAXIFY GX6020
• PIXMA TS3520
• PIXMA G3260
• PIXMA G7020
• PIXMA G2260
• PIXMA MX330
• PIXMA MX452
• PIXMA TS9520
• PIXMA TR8620
• PIXMA TS6420
• PIXMA TS6320
• PIXMA TR4520
• PIXMA MG3620
• PIXMA MG2522
• PIXMA TS3320
• PIXMA TR7020
• PIXMA TS9521C
• PIXMA TS8320
• PIXMA TR8520
• PIXMA TR7520
• "and any and all predecessor models"

Similarly to the HP situation, representatives on Canon's support forum allegedly confirmed that certain all-in-one printer models require "all ink tanks installed and they must all contain ink in order to use the functions of the printer" and that "there is no workaround for this."

However, the posts that are linked to in the complaint (here and here) as of November 22, 2022, have a comment from a moderator saying, "It's possible to scan with an empty ink tank or cartridge." The support page provides instructions for disabling the function that detects ink levels.

Canon didn't explain why its printers ever required ink to scan in the first place. But the company has at least agreed to instruct users on disabling the ink requirement, which is better than where HP is currently.

Semantics prioritized over customers

As of this writing, HP doesn't seem to be working toward enabling its printers to scan and fax without ink. When trying to get the complaint dismissed, HP claimed that support agents who said printers are designed to not scan without ink don't represent HP and were not referring to printer models owned by the complaint's plaintiffs.

The printer industry has long had an issue with customer trust. HP, for instance, has bricked third-party ink (and issued other problematic printer firmware updates), along with the company's controversial HP+ program and region-locked printers . HP has already paid settlements for abruptly bricking third-party ink via its Dynamic Security "feature."

The Verge noticed that HP at least changed its language for the Envy 6455e's Amazon product page to say that you can "print, scan, and copy from your phone—from whenever, wherever" to "print, scan, and copy from your phone—from anywhere."

Such semantic games feel more like HP seeking a loophole than trying to please customers.

Such corporation-first tactics may be why Epson thinks it's dunking on competitors with its own support page dedicated to this topic. It reads, "Since 2008, all Epson printers will scan even when there is little or no usable ink left in the cartridge."

But, as is often the case with printers, a sneaky little caveat could abruptly ruin your day. As the support page also states:

However, all of the genuine Epson cartridges must be installed in the printer, even if depleted of usable ink and the printer displays the replace cartridge message.

So you still need an Epson ink cartridge to scan. If you happened to have tossed your ink cartridge when it became useless, your all-in-one printer could be virtually useless, too. (Epson didn't respond to a request for comment.)

It's alarming that printer makers know customers feel swindled and confused—but won't eliminate the problematic design. Printer vendors have become too bold in expecting customers to accept wordplay, settlements, and confusing support responses. Class-action lawsuits may light a fire under these companies, but it shouldn't be up to disgruntled customers to complain to support agents, lawyers, and judges.

If printer companies can't deliver a reliable, easy experience, customers will have no choice but to consider alternatives.

Archived version: https://archive.ph/eSuy1

A few months ago, an engineer in a data center in Norway encountered some perplexing errors that caused a Windows server to suddenly reset its system clock to 55 days in the future. The engineer relied on the server to maintain a routing table that tracked cell phone numbers in real time as they moved from one carrier to the other. A jump of eight weeks had dire consequences because it caused numbers that had yet to be transferred to be listed as having already been moved and numbers that had already been transferred to be reported as pending.

“With these updated routing tables, a lot of people were unable to make calls, as we didn't have a correct state!” the engineer, who asked to be identified only by his first name, Simen, wrote in an email. “We would route incoming and outgoing calls to the wrong operators! This meant, e.g., children could not reach their parents and vice versa.”

A show-stopping issue

Simen had experienced a similar error last August when a machine running Windows Server 2019 reset its clock to January 2023 and then changed it back a short time later. Troubleshooting the cause of that mysterious reset was hampered because the engineers didn’t discover it until after event logs had been purged. The newer jump of 55 days, on a machine running Windows Server 2016, prompted him to once again search for a cause, and this time, he found it.

The culprit was a little-known feature in Windows known as Secure Time Seeding. Microsoft introduced the time-keeping feature in 2016 as a way to ensure that system clocks were accurate. Windows systems with clocks set to the wrong time can cause disastrous errors when they can’t properly parse timestamps in digital certificates or they execute jobs too early, too late, or out of the prescribed order. Secure Time Seeding, Microsoft said, was a hedge against failures in the battery-powered onboard devices designed to keep accurate time even when the machine is powered down.

“You may ask—why doesn’t the device ask the nearest time server for the current time over the network?” Microsoft engineers wrote. “Since the device is not in a state to communicate securely over the network, it cannot obtain time securely over the network as well, unless you choose to ignore network security or at least punch some holes into it by making exceptions.”

To avoid making security exceptions, Secure Time Seeding sets the time based on data inside an SSL handshake the machine makes with remote servers. These handshakes occur whenever two devices connect using the Secure Sockets Layer protocol, the mechanism that provides encrypted HTTPS sessions (it is also known as Transport Layer Security). Because Secure Time Seeding (abbreviated as STS for the rest of this article) used SSL certificates Windows already stored locally, it could ensure that the machine was securely connected to the remote server. The mechanism, Microsoft engineers wrote, “helped us to break the cyclical dependency between client system time and security keys, including SSL certificates.”

Simen wasn’t the only person encountering wild and spontaneous fluctuations in Windows system clocks used in mission-critical environments. Sometime last year, a separate engineer named Ken began seeing similar time drifts. They were limited to two or three servers and occurred every few months. Sometimes, the clock times jumped by a matter of weeks. Other times, the times changed to as late as the year 2159.

“It has exponentially grown to be more and more servers that are affected by this,” Ken wrote in an email. “In total, we have around 20 servers (VMs) that have experienced this, out of 5,000. So it's not a huge amount, but it is considerable, especially considering the damage this does. It usually happens to database servers. When a database server jumps in time, it wreaks havoc, and the backup won’t run, either, as long as the server has such a huge offset in time. For our customers, this is crucial.”

Simen and Ken, who both asked to be identified only by their first names because they weren’t authorized by their employers to speak on the record, soon found that engineers and administrators had been reporting the same time resets since 2016.

In 2017, for instance, a Reddit user in a sysadmin forum reported that some Windows 10 machines the user administered for a university were reporting inaccurate times, in some cases by as many as 31 hours in the past. The Reddit user eventually discovered that the time changes were correlated to a Windows registry key in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits. Additional investigation showed that the time changes were also linked to errors that reported valid SSL certificates used by the university website were invalid when some people tried to access it. The admin reached the following conclusion:

TLDR: Windows 10 has a feature called Secure Time which is on by default. It correlates time stamp metadata from SSL packets and matches them against time from the DCs. It processes these various times by means of black magic and sets the system clock accordingly. This feature has the potential to flip out and set the system time to a random time in the past. The flip out MIGHT be caused by issues with SSL traffic.

Other examples of people reporting the same behavior—for example, here and here—date back to 2016, shortly after the rollout of STS. More recent reports of harmful STS-induced time changes are here, here, and here.

“We've run into a show-stopping issue where time on a bunch of production systems jumped forward 17 hours,” one Reddit user wrote. “If you've been in the game more than a week, you know the havoc this can cause.”

STS primer

To determine the current time, STS pulls a set of metadata contained in the SSL handshake. Specifically, the data is:

• ServerUnixTime, a date and time representation showing the number of seconds that have elapsed since 00:00:00 UTC on January 1, 1970
• Cryptographically signed data obtained from the remote server’s SSL certificate showing whether it has been revoked under a mechanism knowns as the Online Certificate Status Protocol.

Microsoft engineers said they used the ServerUnixTime data “assuming it is somewhat accurate” but went on to acknowledge in the same sentence that it “can also be incorrect.” To prevent STS from resetting system clocks based on data provided by a single out-of-sync remote server, STS makes randomly interspersed SSL connections to multiple servers to arrive at a reliable range for the current time. The mechanism then merges the ServerUnixTime with the OCSP validity period to produce the smallest possible time range and assigns it a confidence score. When the score reaches a sufficiently high threshold, Windows classifies the data as an STSHC, short for Secure Time Seed of High Confidence. The STSHC is then used to monitor system clocks for “gross errors” and correct them.

Despite the checks and balances built into STS to ensure it provides accurate time estimates, the time jumps indicate the feature sometimes makes wild guesses that are off by days, weeks, months, or even years.

“At this point, we are not completely sure why secure time seeding is doing this,” Ken wrote in an email. “Being so seemingly random, it’s difficult to [understand]. Microsoft hasn't really been helpful in trying to track this, either. I've sent over logs and information, but they haven't really followed this up. They seem more interested in closing the case.”

The logs Ken sent looked like the ones shown in the two screenshots below. They captured the system events that occurred immediately before and after the STS changed the times. The selected line in the first image shows the bounds of what STS calculates as the correct time based on data from SSL handshakes and the heuristics used to corroborate it.

The “Projected Secure Time” entry immediately above the selected line shows that Windows estimates the current date to be October 20, 2023, more than four months later than the time shown in the system clock. STS then changes the system clock to match the incorrectly projected secure time, as shown in the “Target system time.”

The second image shows a similar scenario in which STS changes the date from June 10, 2023, to July 5, 2023.

Simen, meanwhile, said he has also reported the time resets to multiple groups at Microsoft. When reporting the problems on Microsoft’s feedback hub in May, he said, he received no company response. He then reported it through the Microsoft Security Response Center in June. The submission was closed as a “non-MSRC case" with no elaboration.

The engineer then tapped a third party specializing in Microsoft cloud security to act as an intermediary. The intermediary relayed a response from Microsoft recommending STS be turned off when the server receives reliable timekeeping through the Network Time Protocol.

“Unfortunately, this recommendation isn't publicly available, and it is still far from enough to stop the wrongly designed feature to keep wreaking havoc around the world,” Simen wrote in an email.

Warning: STS will “bite you in the butt”

Simen said he believes the STS design is based on a fundamental misinterpretation of the TLS specification. Microsoft’s description of STS acknowledges that some SSL implementations don’t put the current system time of the server in the ServerUnixTime field at all. Instead, these implementations—most notably the widely used OpenSSL code library starting in 2014—populate the field with random values. Microsoft’s description goes on to say, “We have observed that most servers provide a fairly accurate value in this field and the rest provide random values.”

“The false assumption is that most SSL implementations return the server time,” Simen said. “This was probably true in a Microsoft-only ecosystem back when they implemented it, but at that time [when STS was introduced], OpenSSL was already sending random data instead.”

While official Microsoft talking points play down the unreliability of STS, Ryan Ries, whose LinkedIn profile indicates he is a senior Windows escalation engineer at Microsoft, wasn’t as reticent when discussing STS on social media last year.

“Hey people,” he wrote. “If you manage Active Directory domain controllers, I want to give you some UNOFFICIAL advice that is solely my personal opinion: Disable Secure Time Seeding for w32time on your DCs.” When someone asked him why, Ries responded, “Because it's just a matter of time—wink—before it bites you in the butt.”

A Microsoft representative emailed the following statement several hours after this post went live on Ars:

Secure Time Seeding feature is a heuristic-based method of time keeping that also helps correct system time in case of certain software/firmware/hardware timekeeping failures. The feature has been enabled by default in all default Windows configurations and has been shown to function as intended in default configurations.

Time distribution is unique to each deployment and customers often configure their machines to their particular needs. Given the heuristic nature of Secure Time Seeding and the variety of possible deployments used by our customers, we have provided the ability to disable this feature if it does not suit their needs. Our understanding is that there are likely unique, proprietary, complex factors in deployments where customers are experiencing Secure Time Seeding issues and these customers do not benefit from this feature as it is currently implemented. In these isolated cases, the only course of action we can recommend is to disable this feature in their deployments.

We agree that the overall direction of technology with the adaption of TLS v1.3 and other developments in this area could make Secure Time Seeding decreasingly effective over time, but we are not aware of any bugs arising from their use. This technology direction also makes heuristic calculation of time using SSL/TLS far less attractive when compared to deterministic, secure time synchronization.

We continue to investigate how to best secure time synchronization on the Internet and welcome customer input on how to best meet their future needs.

The mystery continues

As Simen noted earlier, it's not clear precisely what causes STS to make the errors sometimes but not always.

"This is what really strikes me as odd," Simen wrote. Microsoft "know the field they look at might contain random data, so my guess is that their implementation breaks down when this is skewed so that most/all implementations they communicate with contains random data rather than just some."

HD Moore, CTO and co-founder at runZero, speculated that the cause is some sort of logic bug in Microsoft code. On Signal, he wrote:

If OpenSSL has been setting random unix times in TLS responses for a long period of time, but this bug is showing up infrequently, then it's likely harder to trigger than just forcing a bunch of outbound TLS connections to a server with bogus timestamp replies—if it was that easy, it would happen far more frequently.

Either the STS logic requires different root certificates as the signer, or some variety in the hostnames/IPs, or only triggers on certain flavors of random timestamp (like values dividable by 1024 or something).

It smells like a logic bug that is triggered infrequently by fully random timestamps (32-bit) and likely just some subset of values and with some other conditions (like multiple requests in some period of time to multiple certs, etc.).

There are other means to ensure server clocks remain accurate, Moore said:

[Clock-setting] seems like something better handled through NTP, or at least through a trusted TLS connection to a known endpoint operated by the vendor (time.windows.com and friends). The super lazy (but arguably safer) way to get a trusted timestamp is something like: ❯ curl -s -vvv https://www.microsoft.com/4040 2>&1 | grep -i '< date:'< date: Wed, 16 Aug 2023 04:37:31 GMT.

Second-ish precision, and if you lock the HTTP client to a short list of trusted CA roots for the target domain, pretty hard to mess with. I used something similar forever ago on Linux systems where the clock would go wrong often—set the hwclock to the HTTP response timestamp of a known good server, then run NTP, which would succeed since the clock was close enough to be within the boundary check—otherwise NTP would fail since the clock was too far off.

As the creator and lead developer of the Metasploit exploit framework, a penetration tester, and a chief security officer, Moore has a deep background in security. He speculated that it might be possible for malicious actors to exploit STS to breach Windows systems that don't have STS turned off. One possible exploit would work with an attack technique known as Server Side Request Forgery.

Microsoft’s repeated refusal to engage with customers experiencing these problems means that for the foreseeable future, Windows will by default continue to automatically reset system clocks based on values that remote third parties include in SSL handshakes. Further, it means that it will be incumbent on individual admins to manually turn off STS when it causes problems.

That, in turn, is likely to keep fueling criticism that the feature as it has existed for the past seven years does more harm than good.

STS “is more like malware than an actual feature,” Simen wrote. “I’m amazed that the developers didn’t see it, that QA didn’t see it, and that they even wrote about it publicly without anyone raising a red flag. And that nobody at Microsoft has acted when being made aware of it.”

Source: https://blog.mozilla.org/addons/2023/08/10/prepare-your-firefox-desktop-extension-for-the-upcoming-android-release/

Archived version: https://archive.ph/x9dHq

Archived version: https://archive.ph/2Y3u6

It was difficult to maintain a poker face when the leader of a big US tech firm I was chatting to said there was a definite tipping point at which the firm would exit the UK.

I could see my own surprise mirrored on the faces of the other people in the room - many of whom worked there.

They hadn't heard this before either, one told me afterwards.

I can't tell you who it was but it's a brand you would probably recognise.

I've been doing this job for long enough to recognise a petulant tech ego when I meet one. From Big Tech, there's often big talk. But this felt different.

It reflected a sentiment I have been hearing quite loudly of late, from this lucrative and powerful US-based sector.

'Tipping point' Many of these companies are increasingly fed up.

Their "tipping point" is UK regulation - and it's coming at them thick and fast.

The Online Safety Bill is due to pass in the autumn. Aimed at protecting children, it lays down strict rules around policing social media content, with high financial penalties and prison time for individual tech execs if the firms fail to comply.

One clause that has proved particularly controversial is a proposal that encrypted messages, which includes those sent on WhatsApp, can be read and handed over to law enforcement by the platforms they are sent on, if there is deemed to be a national security or child protection risk.

The NSPCC children's charity has described encrypted messaging apps as the "front line" of where child abuse images are shared, but it is also seen as an essential security tool for activists, journalists and politicians.

Currently messaging apps like WhatsApp, Proton and Signal, which offer this encryption, cannot see the content of these messages themselves.

WhatsApp and Signal have both threatened to quit the UK market over this demand.

The Digital Markets Bill is also making its way through Parliament. It proposes that the UK's competition watchdog selects large companies like Amazon and Microsoft, gives them rules to comply with and sets punishments if they don't.

Several firms have told me they feel this gives an unprecedented amount of power to a single body.

Microsoft reacted furiously when the Competition and Markets Authority (CMA) chose to block its acquisition of the video game giant Activision Blizzard.

"There's a clear message here - the European Union is a more attractive place to start a business than the United Kingdom," raged chief executive Brad Smith. The CMA has since re-opened negotiations with Microsoft.

This is especially damning because the EU is also introducing strict rules in the same vein - but it is collectively a much larger and therefore more valuable market.

In the UK, proposed amendments to the Investigatory Powers Act, which included tech firms getting Home Office approval for new security features before worldwide release, incensed Apple so much that it threatened to remove Facetime and iMessage from the UK if they go through.

Clearly the UK cannot, and should not, be held to ransom by US tech giants. But the services they provide are widely used by millions of people. And rightly or wrongly, there is no UK-based alternative to those services.

Against this backdrop, we have a self-proclaimed pro-tech prime minister, Rishi Sunak. He is trying to entice the lucrative artificial intelligence sector - also largely US-based - to set up camp in the UK. A handful of them - Palantir, OpenAI and Anthropic - have agreed to open London headquarters.

But in California's Silicon Valley, some say that the goodwill is souring.

"There is growing irritation here about the UK and EU trying to rein in Big Tech... that's seen as less about ethical behaviour and more about jealousy and tying down foreign competition," says tech veteran Michael Malone.

British entrepreneur Mustafa Suleyman, the co-founder of DeepMind, has chosen to locate his new company InflectionAI in California, rather than the UK.

It's a difficult line to tread. Big Tech hasn't exactly covered itself in glory with past behaviours - and lots of people feel regulation and accountability is long overdue.

Also, we shouldn't confuse "pro-innovation" with "pro-Big Tech" warns Professor Neil Lawrence, a Cambridge University academic who has previously acted as an advisor to the CMA.

"Pro-innovation regulation is about ensuring that there's space for smaller companies and start-ups to participate in emerging digital markets", he said.

Other experts are concerned that those writing the rules do not understand the rapidly-evolving technology they are trying to harness.

"There are some people in government who've got very deep [tech] knowledge, but just not enough of them," said economist Dame Diane Coyle.

"And so [all] this legislation has been going through Parliament in a manner that seems to technical experts, like some of my colleagues, not particularly well-informed, and putting at risk some of the services that people in this country value very highly."

If UK law-makers don't understand the tech, there are experts willing to advise.

But many of those feel ignored.

Professor Alan Woodward is a cyber-security expert at Surrey University whose has worked various posts at GCHQ, the UK's intelligence, security and cyber agency.

"So many of us have signed letters, given formal evidence to committees, directly offered to advise - either the government doesn't understand or doesn't want to listen," he said.

"Ignorance combined with arrogance is a dangerous mix."

The Department for Science, Innovation and Technology said that it had "worked hand-in-hand with industry and experts from around the world to develop changes to the tech sector", including during the development of the Online Safety Bill and the Digital Markets Bill.

In this video, a Canon print cartridge is opened up and revealed not to contain the meagre 11.9 ml (0.4 fl oz) of ink it is advertised. The proposed solution is to buy a printer designed to be manually refilled with bottles of ink (such as the featured Epson EcoTank ET-2850), though it has only been tested briefly.

Archived version: https://archive.ph/ZGo6X

Universal Music Group (UMG.AS), Sony Music Entertainment (6758.T) and other record labels on Friday sued the nonprofit Internet Archive for copyright infringement over its streaming collection of digitized music from vintage records.

The labels' lawsuit filed in a federal court in Manhattan said the Archive's "Great 78 Project" functions as an "illegal record store" for songs by musicians including Frank Sinatra, Ella Fitzgerald, Miles Davis and Billie Holiday.

They named 2,749 sound-recording copyrights that the Archive allegedly infringed. The labels said their damages in the case could be as high as $412 million.

Representatives for the Internet Archive did not immediately respond to a request for comment on the complaint.

The San Francisco-based Internet Archive digitally archives websites, books, audio recordings and other materials. It compares itself to a library and says its mission is to "provide universal access to all knowledge."

The Internet Archive is already facing another federal lawsuit in Manhattan from leading book publishers who said its digital-book lending program launched in the pandemic violates their copyrights. A judge ruled for the publishers in March, in a decision that the Archive plans to appeal.

The Great 78 Project encourages donations of 78-rpm records -- the dominant record format from the early 1900s until the 1950s -- for the group to digitize to "ensure the survival of these cultural materials for future generations to study and enjoy." Its website says the collection includes more than 400,000 recordings.

The labels' lawsuit said the project includes thousands of their copyright-protected recordings, including Bing Crosby's "White Christmas," Chuck Berry's "Roll Over Beethoven" and Duke Ellington's "It Don't Mean a Thing (If It Ain't Got That Swing)".

The lawsuit said the recordings are all available on authorized streaming services and "face no danger of being lost, forgotten, or destroyed."

For a moment, it seemed like the streaming apps were the things that could save us from the hegemony of cable TV—a system where you had to pay for a ton of stuff you didn't want to watch so you could see the handful of things you were actually interested in.

Archived version: https://archive.ph/K4EIh

Source: https://front-end.social/@fox/110846484782705013

Text in the screenshot from Grammarly says:

We develop data sets to train our algorithms so that we can improve the services we provide to customers like you. We have devoted significant time and resources to developing methods to ensure that these data sets are anonymized and de-identified.

To develop these data sets, we sample snippets of text at random, disassociate them from a user's account, and then use a variety of different methods to strip the text of identifying information (such as identifiers, contact details, addresses, etc.). Only then do we use the snippets to train our algorithms-and the original text is deleted. In other words, we don't store any text in a manner that can be associated with your account or used to identify you or anyone else.

We currently offer a feature that permits customers to opt out of this use for Grammarly Business teams of 500 users or more. Please let me know if you might be interested in a license of this size, and I'II forward your request to the corresponding team.

I personally think that responsible smartphone use should be learned and practiced, rather than outright banning them.

I think this shows that adults are terribly addicted to their devices and think if they can't stop using them, children won't either. They certainly can't teach how to use phones responsibly if they can't do it themselves. Unfortunately for children the result is an outright ban.