Linked by Thom Holwerda on Tue 21st Nov 2017 16:09 UTC
Android

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers - even when location services are disabled - and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy.

Quartz observed the data collection occur and contacted Google, which confirmed the practice.

The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. The were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.

Raise your hand if you're surprised.

 

Linked by Thom Holwerda on Tue 21st Nov 2017 16:03 UTC
Windows

I wiped off my Windows 10 installation today. It wasn't because of the intrusive telemetry or the ads in the start menu but desktop composition. It adds some slight but noticeable latency that makes typing feel uncomfortable. In Windows 7 you can turn it off.

If you're fine with unresponsive UI operations and graphical tearing, then, sure, go back to Windows 7 or earlier and turn off compositing to get a few ms back when typing.

 



Linked by Thom Holwerda on Mon 20th Nov 2017 21:56 UTC
Google

Google's in-development operating system, named 'Fuchsia,' first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time 'Magenta' kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language.

There's a tiny error in this summary form AndroidPolice - Fuchsia's kernel has been renamed to Zircon.

All this has been playing out late last week and over the weekend - Google is now working on Swift, and some took this to mean Google forked Apple's programming language, while in reality, it just created a staging ground for Google to work on Swift, pushing changes upstream to the official Swift project when necessary - as confirmed by Chris Lattner, creator of Swift, who used to work at Apple, but now works at Google.

Zac Bowling, a Google engineer working on Fuchsia, then highlighted a pull request that Google pushed to the main Swift repository: Swift support for Fuchsia. He also mentioned a few upcoming pull requests:

FYI, in the pipeline after this we will have some PRs related to:

  • adding ARM64 support for the Fuchsia SDK
  • fixing cross-compiling issues for targeting BSD, Linux and Fuchsia targets from a Darwin toolchain
  • adding support for using lld for linking specific SDK stdlibs (part of getting a Darwin toolchain capable of cross compiling to other targets)
  • supporting unit tests on Fuchsia

Regarding Fuchsia's purpose, this is yet another little puff of smoke. Sadly, we still haven't found the fire.

 

Linked by Thom Holwerda on Mon 20th Nov 2017 21:42 UTC
Intel

Computer users of a certain age will remember BIOS as ubiquitous firmware that came loaded on PCs. It was the thing you saw briefly before your operating system loaded, and you could dig into the settings to change your computer's boot order, enable or disable some features, and more.

Most modern PCs ship with UEFI instead. But most also still have a "legacy BIOS" mode that allows you to use software or hardware that might not be fully compatible with UEFI.

In a few years that might not be an option anymore: Intel has announced plans to end support for legacy BIOS compatibility by 2020.

This most certainly affects many older operating systems - especially older hobby and alternative operating systems that were never updated with UEFI support.

 

Linked by Thom Holwerda on Mon 20th Nov 2017 20:41 UTC
IBM

The Blue Lightning CPU is an interesting beast. There is not a whole lot of information about what the processor really is, but it can be pieced together from various scraps of information. Around 1990, IBM needed low-power 32-bit processors with good performance for its portable systems, but no one offered such CPUs yet. IBM licensed the 386SX core from Intel and turned it into the IBM 386SLC processor (SLC reportedly stood for "Super Little Chip").

Fascinating footnote in processor history.

 

Linked by Thom Holwerda on Mon 20th Nov 2017 20:37 UTC
Java

Almost 14 years ago, way back in 2003, Sun Microsystems unveiled Project Looking Glass, a 3D desktop environment written in Java and making extensive use of Java 3D. The demo, by Jonathan Schwartz, always stuck with me over the years, and since YouTube recommended the demo to me today, I figured it'd be interesting to you remind you all of simpler times, when flipping windows around and 3D rendering in Java actually managed to get us excited (something no other project would ever manage to... Wait.).

Project Looking Glass was developed for about three years, and it actually saw a 1.0 release in late 2006. It's one of those random projects exploring what we then thought could be the future of computing, right before the iPhone came onto the scene and changed everything. While nothing came out of Project Looking Glass, Schwartz' demo did teach me the phrase "arbitrarily clever", which I'm unusually attached to.

 

Linked by Thom Holwerda on Fri 17th Nov 2017 11:51 UTC
Microsoft

Really, quite literally, some pretty skilled Microsoft employee or contractor reverse engineered our friend EQNEDT32.EXE, located the flawed code, and corrected it by manually overwriting existing instructions with better ones (making sure to only use the space previously occupied by original instructions).

This... This is one hell of a story. The unanswered question is why, exactly, Microsoft felt the need to do this - do they no longer have access to the source code? Has it simply become impossible to set up the correct build environment?

Amazing.

 

Linked by Thom Holwerda on Thu 16th Nov 2017 22:47 UTC
Linux

Well, I've really done it. I've taken a pure and unsullied Google Pixelbook, which at one time was fast and secure in all ways, and made it into a crashy mess. My crime? The desire to code.

I'm going to walk you through my process for converting this machine into something that's marginally desirable for programming, but I just wanted to warn you before I begin: this isn't easy, clean, intuitive, or practical. There are rumors that Google is working on better ways to make Chrome OS a host for other flavors of Linux or Linux apps, but right now we're basically working with hacks, and hacks hurt.

Because these hacks hurt, I'd implore you to read this entire guide before attempting any of the steps so you know what you're getting yourself into, and if you, in fact, desire the results.

I think the PixelBook is a stunningly beautiful and fast machine, and while Chrome OS isn't nearly as useless as people often think it is, it clearly isn't the kind of operating system many OSNews readers would prefer. This is a guide to getting a traditional Linux setup up and running.

 

Linked by Thom Holwerda on Thu 16th Nov 2017 21:56 UTC
Linux

The RISC-V port was just merged to Linux a few minutes ago. This means we will be in the 4.15 release, which should be out about 10 weeks from last Sunday. As soon as the tarballs are created, the RISC-V Linux ABI will be stable, and since we'll ideally be in a glibc release that comes out soon after that we'll be fully ABI stable by early in February.

RISC-V is a completely free and open ISA that hasn't seen much adoption just yet.

 

Linked by Thom Holwerda on Wed 15th Nov 2017 23:59 UTC
BeOS & Derivatives

Haiku's GUI is in principle entirely scriptable. You can change a window's position and size and manipulate pretty much every widget in it. The tool to do this is hey. It sends BMessages to an application, thus emulating what happens if the user clicks on a menu, checkbox, or other widgets.

 

Linked by Thom Holwerda on Wed 15th Nov 2017 23:58 UTC
Hardware, Embedded Systems

The Xerox Alto, widely recognized as the first modern personal computer, pioneered just about every basic concept we are familiar with in computers today. These include windows, bit-mapped computer displays, the whole idea of WYSIWIG interfaces, the cut/paste/copy tools in word processing programs, and pop-up menus. Most of this vision of the "office of the future" was first unveiled at a meeting of Xerox executives held on 10 Nov 1977, which was 40 years ago last week.

To celebrate that birthday, the Computer History Museum in Mountain View, Calif., brought together some of Parc researchers who worked on the Alto on Friday. They put it through its paces in a series of live demos. These demos used an Alto that had been restored to working order over the past eight months.

One of the most important computers ever made.

 

Written by Thom Holwerda on Tue 14th Nov 2017 13:13 UTC
Android

This is horrifying:

But even with the data we have, we can take a guess at how many outdated devices are in use. In May 2017, Google announced that there are over two billion active Android devices. If we look at the latest stats (the far right edge), we can see that nearly half of these devices are two years out of date. At this point, we should expect that there are more than one billion devices that are two years out of date! Given Android's update model, we should expect approximately 0% of those devices to ever get updated to a modern version of Android.

Whenever I bring up just how humongous of an issue this is, and just how dangerously irresponsible it is to let average consumers use this platform, apologists come out of the woodwork with two arguments as to why I'm an Apple shill or anti-Google: Google Play Services and Project Treble.

Google Play Services indeed ensures that a number of parts of your entire Android operating system and stack are updated through Google Play. This is a good move, and in fact, Android is ahead of iOS in this respect, where things like Safari and the browser engine are updated through operating system updates instead of through the App Store - and operating systems updates present a far bigger barrier to updating than mere app updates do. However, vast parts of Android are not updated through the Play Store at all, and pose a serious security threat to users of the platform. Google Play Services are anything but a silver bullet for Android's appalling update situation.

Project Treble is the second term people throw around whenever we talk about Android's lack of updates, but I don't think people really understand what Project Treble is, and what problems it does and does not solve. As Ron Amadeo explains in his excellent Android 8.0 review:

Project Treble introduces a "Vendor Interface" - a standardized interface that sits between the OS and the hardware. As long as the SoC vendor plugs into the Vendor Interface and the OS plugs into the Vendor Interface, an upgrade to a new version of Android should "just work." OEMs and carriers will still need to be involved in customizing the OS and rolling it out to users, but now the parties involved in an update can "parallelize" the work needed to get an update running. SoC code is no longer the "first" step that everyone else needs to wait on.

Treble addresses an important technical aspect of the Android update process by ensuring OEMs have to spend less time tailoring each Android update to every specific SoC and every specific smartphone. However, it doesn't mean OEMs can now just push a button and have the next Google Android code drop ready to go for all of their phones; they still have to port their modifications and other parts of Android, test everything, have it approved by carriers, and push them out to devices worldwide.

Project Treble addresses part of the technical aspect of Android updates, but not nearly all of it. While Treble is a huge improvement and clearly repays a huge technical debt of the Android platform, it doesn't actually address the real reason why OEMs are so lax at updating their phones: the political reason. Even in the entirely unrealistic, unlikely, and honestly impossible event Treble solves all technical barriers to updating Android phones, OEMs still have to, you know, actually choose to do so.

Even the most expensive and brand-defining Android flagships - the Note, Galaxy S, LG V, and so on - are updated at best only six months after the release of a new version of Android, and even then, the rollout usually takes months, with some countries, regions, carriers, or phones not getting the update until much, much later.

This isn't because it really is that hard to update Android phones - it's because OEMs don't care. Samsung doesn't care. LG doesn't care. HTC doesn't care. They'd much rather spend time and resources on selling you the next flagship than updating the one you already paid for.

Treble will do nothing to address that.

But let's assume that not only will Treble address all technical barriers, but also all political barriers. Entirely unlikely and impossible, I know, but for the sake of argument, let's assume that it does. Even then, it will be at best four to five years before we experience these benefits from Treble, because while Treble is a requirement for new devices shipping with Android 8.0 out of the box, it's entirely optional for existing devices being updated to 8.0. With the current pace of Android updates, that means it will be no earlier than four to five years from now before we truly start enjoying the fruits of the Treble team's labour.

At that point, it will have been twelve to thirteen years of accumulating unupdateable, insecure Android devices.

The cold and harsh truth is that as a platform, Android is a mess. It was quickly cobbled together in a rushed response to the original iPhone, and ever since, Google has been trying to repay the technical debt resulting from that rushed response, sucking time and resources away from advancing the state of the art in mobile operating systems.

As an aside, I have the suspicion Google has already set an internal timeline to move away from Android as we know it today, and move towards a new operating system altogether. I have the suspicion that Treble isn't so much about Android updates as it is about further containerising the Android runtime to make it as easy as possible to run Android applications as-is on a new platform that avoids and learns from the mistakes made by Android.

Each and every one of you knows I'm an Android user. I prefer Android over the competition because it allows me to use my phone the way I want to better than the competition. Up until recently, I would choose Android on Apple hardware over iOS on Android hardware - to use that macOS-vs-Windows meme - any day of the week.

These days - I'm not so sure I would. Your options as an Android user today? A Pixel phone you probably can't buy anyway because it's only available in three countries, and even if you can buy it, it falls apart at the seams. You can buy a Samsung or HTC or whatever and perpetually run outdated, insecure software. Or you can buy something from a smaller OEM, and suffer through shady nonsense.

You have to be deeply enveloped in the Android bubble to not see the dire situation this platform is in.

 

Linked by Thom Holwerda on Tue 14th Nov 2017 10:37 UTC
Android

Just a month ago, OnePlus was caught collecting personally identifiable data from phone owners through incredibly detailed analytics. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones. One developer found an application intended for factory testing, and through some investigation and reverse-engineering, was able to obtain root access using it.

People often tout OnePlus phones as an alternative to the Pixel line now that Google abandoned the Nexus concept of affordable, high-quality phones. Recent events, however, have made it very clear that you should really steer clear of phones like this, unless you know very well what you're doing.

 

Linked by Thom Holwerda on Mon 13th Nov 2017 23:39 UTC
Android

Some of the most innovative applications on the Play Store are built on using APIs in ways that Google never intended. There are apps that can remap your volume keys to skip music tracks, record and play back touch inputs on webpages or games, and even provide alternative navigation keys so you can use your device’s entire screen. All of these examples that I’ve just mention rely on Android’s Accessibility APIs. But that may soon change, as the Google Play Store team is sending out emails to developers telling them that they can no longer implement Accessibility Services unless they follow Google’s guidelines.

Accessibility Services is an attack vector for malicious software, so in that light it makes sense. Of course, that doesn't make it any less frustrating that good, innovative software gets smothered like this. Luckily, this is Android, so the developers can always just distribute their applications outside of the Play Store through sideloading, but that's not exactly a secure solution for most people - and let's be honest, not being in the Play Store will be the death knell for most developers.

The real solution would be to provide APIs for things like this, but I doubt Google is going to invest any time, effort, and money into creating such APIs, since they seem more concerned with shoving useless digital assistants down our throats.

 

Linked by Thom Holwerda on Mon 13th Nov 2017 23:04 UTC
Mozilla & Gecko clones

People have noticed that Firefox is fast again.

Over the past seven months, we’ve been rapidly replacing major parts of the engine, introducing Rust and parts of Servo to Firefox. Plus, we’ve had a browser performance strike force scouring the codebase for performance issues, both obvious and non-obvious.

We call this Project Quantum, and the first general release of the reborn Firefox Quantum comes out tomorrow.

orthographic drawing of jet engine

But this doesn’t mean that our work is done. It doesn’t mean that today’s Firefox is as fast and responsive as it’s going to be.

So, let’s look at how Firefox got fast again and where it’s going to get faster.

I should definitely give Firefox another try - I've tried it over the years but it always felt a little sluggish compared to the competition. Chrome's gotten way too fat over the years, so I've resorted to using Edge on my main computer lately - it isn't perfect, but it it sure is fast, and places very little strain on my machine. I want my browser to get out of my way, and gobbling up processor cycles is exactly not that.

 

Linked by mbpark on Mon 13th Nov 2017 22:56 UTC
Amiga & AROS

Ars Technica has released another excellent article in their series on the Amiga. This article covers the beginning of the post-Commodore world, starting with Escom and ending with the beginning of Amiga Inc.

Commodore International declared itself insolvent on April 29, 1994 under Chapter 7 of US bankruptcy law. Ordinarily, this would have been followed immediately by an auction of all the company’s assets. However, Commodore’s Byzantine organizational structure - designed to serve as a tax shelter for financier Irving Gould - made this process far more lengthy and complicated than it should have been.

 

Linked by Thom Holwerda on Mon 13th Nov 2017 21:09 UTC
PDAs, Cellphones, Wireless

Another point release of one of the few - maybe even only - alternative mobile operating systems still being actively updated.

This update, 2.1.3 alias Kymijoki brings Sailfish X for Sony Xperia X. All Sailfish devices get fixes for some recent well-known security vulnerabilities, including WPA issues and Bluetooth Blueborne. Kymijoki contains connectivity improvements made for Qt and Android apps and fixes dozens of other issues, too.

It's a relatively minor update, but still - it's good to see Sailfish progressing.

 

Linked by Thom Holwerda on Fri 10th Nov 2017 23:20 UTC
Android

One of the most important aspects of current smartphones is easily capturing and sharing videos. With the Pixel 2 and Pixel 2 XL smartphones, the videos you capture are smoother and clearer than ever before, thanks to our Fused Video Stabilization technique based on both optical image stabilization (OIS) and electronic image stabilization (EIS). Fused Video Stabilization delivers highly stable footage with minimal artifacts, and the Pixel 2 is currently rated as the leader in DxO's video ranking (also earning the highest overall rating for a smartphone camera). But how does it work?

An interesting technical look at how Google achieves these results on their Pixel 2 phones, with the obvious caveat that we're looking at story written by Google here, so take that into account as you're reading this.

On a related note, overall DxO ratings are dumb.

 

Linked by Thom Holwerda on Fri 10th Nov 2017 23:12 UTC
Linux

The LiMux (or Limux) initiative in Munich has been heralded as an example of both the good and bad in moving a public administration away from proprietary systems. Free Software Foundation Europe (FSFE) President Matthias Kirschner reviewed the history of the initiative - and its recent apparent downfall - in a talk at Open Source Summit Europe in Prague. He also looked at the broader implications of the project as well as asking some questions that free-software advocates should consider moving forward.

The LiMux initiative is one of the longest-running story 'streams' on OSNews. The oldest item I could find is from 2003.

 

Written by Thom Holwerda on Wed 8th Nov 2017 23:09 UTC
In the News

Khoi Vinh on why 24 hour or even weeklong reviews are dumb:

However I've come to believe that there's at least one thing wrong with this whole notion of product reviews - and with smartphone revirews in particular - and that's that by and large they’re only ever interested in these phones when they're brand new.

When an iPhone debuts it's literally at the very peak of its powers. All the software that it runs has been optimized for that particular model, and as a result everything seems to run incredibly smoothly.

As time goes on though, as newer versions of the operating system roll out, as there are more and more demands put on the phone, it inevitably gets slower and less performant. A case in point: I'm upgrading to this iPhone X from a three-year old iPhone 6 Plus and for at least the last year, and especially over the last three months, it has struggled mightily to perform simple tasks like launching the camera, fetching email, even basic typing. People who have recently had the misfortune of having to use my phone tell me almost instantly, "Your phone sucks."

You could argue that three years is an unrealistically long time to expect a smartphone to be able to keep up with the rapidly changing - and almost exponentially increasing - demands that we as users put on these devices. Personally, I would argue the opposite, that these things should be built to last at least three years, if for no other reason than as a society we shouldn't be throwing these devices away so quickly.

This is, of course, the reason behind the odd embargo strategy Apple employed regarding the iPhone X - if you only give people an hour or at best, 24 hours, to review a device, people will still be in the honeymoon phase of owning a product, where you're still rationalising spending €1200 for a phone (or any other high price for any other product, for that matter). Choice-supportive bias is a real thing, and each and every one of us experiences it. During this period, initial flaws aren't as apparent, and long-term flaws or flaws that only pop up in specific situations aren't yet taken into account. It makes the product appear better than it really is.

This is why, back when I still did reviews for OSNews, I had my own rule of using a product for at least four weeks before publishing a review. This gave me enough time to get over this initial phase, and made sure I had a more levelheaded look at the whole thing. We don't do many reviews anymore - I have to buy everything myself, and I'm not rich - so it's not an issue at this point, but even if companies were to approach us today for reviews, I would still ask for that four week period, and if they were to object - sorry, but no review.

This is, of course, what the major publications should've done. Nobody forced The Verge or whomever else to publish a review within 24 hours. The initial embargo rush is important for the bottom-line, I get that, but it still feels rather suspicious. What can you really learn about a product in just 24 hours? Can you really declare something "the best damn product Apple ever made" after using it for less than a day? At what point does writing most of the review in advance before you even receive the product in the first place, peppering it with a few paragraphs inspired by the 24 hours, cross into utter dishonesty?

By reviewing products in a day or less, popular tech media is really doing readers and consumers a huge disservice, only further strengthening the idea that the tech press is often nothing but an extension of a company's PR department. This erodes credibility, and in turn hurts those among the media who do take their time to properly review a product.

It's okay to not rush writing a review to meet some asinine embargo. It's okay to not ask "how high?" when a company tells you to jump. It's okay to publish a review a week or even a month after an embargo has been lifted. It's okay to not post unboxing videos of non-retail boxes.

It's okay to, sometimes, just say no.