Apple’s China subservience, Saying bye to Flash, and more news

The new tech hubs and the security corner round out the news. Read on...

Share this using the hashtag #SWE.

More of your questions answered. We hosted an AMA for an engineering manager and continue to release answers. Check out answers to your questions about engineering management in this video, and stay tuned for the transcript later this week.

Apple lets China be the boss. The New York Times reports that Apple has delisted VPN applications from the iOS App Store in China because those apps violate Chinese law. Apple’s defense for the move is that the Chinese government announced new restrictions on VPN providers to take effect later in the year.

Goodbye, Flash. Adobe announced that they’re finally dragging Flash out back behind the woodshed and doing what they should have done a long time ago, and that Flash will be discontinued at the end of 2020. Flash hasn’t had any new features in a while, so this should come as no surprise, but it is unfortunate to see how much of the web will vanish once you can no longer easily run a Flash player. Homestar Runner, anyone?

Host your own stuff. Getting rid of your dependence on a giant monolith for your contacts and calendars is possible. Check out a walkthrough that uses modern tech for hosting this information yourself. Why would you want to do this? Owning your own data means that you control who can look at it, for one.

Where is the next Silicon Valley? The eternal question. This post from Indeed suggests that it’s San Francisco, which is very different than Silicon Valley because of the 2-hour, 50-mile commute on 101 to get there. Other metros that made their list include the usual suspects: Austin, Seattle and Boston, as well as Baltimore, for some reason.

Is Kite a bad actor? That’s the allegation in this report from The Outline, suggesting that the company is taking over tools used by programmers to make their jobs easier and goes on to discuss what the broader picture of open-source development tools is when large VC-funded companies can just swoop in and start making wholesale changes. It’s worth a read, and so is the GitHub issue for the Atom minimap plugin (which then expanded to others) asking “uh, WTF?” regarding the new ‘promotion’ feature.

And now, here’s something we hope you’ll really like. Ars Technica reports about an interview one of the directors of the Mario Kart franchise had with Eurogamer, where he was asked to explain himself regarding the existence of the blue shell – an item that relentlessly seeks out the player in first place and attacks them. He states that the blue shell is a reminder that even in video game life, life isn’t fair. If you design games, the full interview is worth checking out to hear thoughts on balance and challenge.

How should you implement a password policy? Check out this excellent overview of the state-of-the-art regarding password authentication.

In the security corner this week: Broadpwn, fuzzing x86, and jail time potential for a Mt. Gox hacker.

• In news I’m certain surprised absolutely nobody, opaque firmware blobs have bugs. This one is called “Broadpwn,” since no security vulnerability can be taken seriously in the current year without flashy branding and a cool name reporters can say. The bug is extremely serious, and this post discusses how it can be exploited automatically, wirelessly, without any user interaction. The moral of the story? Patch your phones. Running an Android phone that doesn’t get security patches? Turn off your Wi-Fi and build a Faraday cage in your house.
• An automated fuzzing tool for x86 processors. Fuzzing is the practice of sending random input/data to a program to attempt to exercise code that might not get otherwise used, and to test for buffer overflows and other programming errors. The sandsifter product exists to “audit x86 processors for hidden instructions and hardware bugs.” The README.md for the project explains pretty well what the tool does and why it is interesting. The tool has found many bugs, so you may just want to skip to the white paper [pdf warning] to learn about those.
• An arrest for someone who ran BTC-e and allegedly received money from the hack of Mt. Gox. The Department of Justice released a very proud press release bragging about the indictment and arrest of Russian citizen Alexander Vinnik, and details their claims that he laundered money and facilitated having other people launder money.

Thanks for reading – as always, if you have feedback, or think there’s something I should cover next time, leave a comment!

Cover photo: A Chinese family walks out of an Apple Store, where they didn't get a VPN app. ? Andy Wong / AP