Linked by Thom Holwerda on Wed 9th Mar 2016 20:44 UTC
Android

Just a random Wednesday in March, and Google releases the first Android N developer preview. The biggest new feature in this Android N developer preview is, as Google promised, multiwindow.

Multi-window - A new manifest attribute called android:resizableActivity is available for apps targeting N and beyond. If this attribute is set to true, your activity can be launched in split-screen modes on phones and tablets. You can also specify your activity's minimum allowable dimensions, preventing users from making the activity window smaller than that size. Lifecycle changes for multi-window are similar to switching from landscape to portrait mode: your activity can handle the configuration change itself, or it can allow the system to stop the activity and recreate it with the new dimensions. In addition, activities can also go into picture-in-picture mode on devices like TVs, and is a great feature for apps that play video; be sure to set android:supportsPictureInPicture to true to take advantage of this.

As you can see in the video The Verge has up, the multiwindow feature is fairly straightforward, and it looks quite smooth considering it's a beta - see the video on The Verge, or this one for a tablet view. Unlike iOS, the feature is not restricted to just certain tablets; multiwindow on Android N is available on both phones and tablets, in landscape and in portrait.

There's a number of other new features as well, such as improvements to the power-saving Doze feature, notification grouping (finally!), direct replies to notifications, several Java 8 language features, and more. Digging a little deeper into the changes, there's an interesting tidbit about future releases possibly bringing an end to unbound background services.

You can install the Android N developer preview on a Nexus 5X, 6, 6P, 9, 9G, Player, and the Pixel C. You can also enroll your device in Android's new beta program, allowing you to upgrade your device using over-the-air updates, so you don't lose all your data. This program will go live later today.

 

Linked by Jordan Spencer Cunningham on Wed 9th Mar 2016 04:28 UTC
In the News

The sad news promulgated several days ago that Ray Tomlinson passed away on Saturday, March 5th. Most known for his invention of email, Ray also contributed heavily to ARPANET, TENEX, and many other projects. He was one of the many great pioneers in the early days of digital computing technology who helped shape the world as we know it today. While much of his work and many of his contributions have already passed into obscurity due to the ever expanding, glamorous universe of modern technology, his memory still stands as a testament to what the people in our industry are capable of accomplishing even without any precedents.

So long, Ray, and thanks for all the email.

One of the stark realities that becomes more clear from Ray's passing is that many of the technological frontiersmen from the 60s and 70s are closer to the end of their lives than they are to their prime. Another decade or so, and the generation that largely laid the foundation upon which western society in many aspects currently rests will no longer be with us.

 



Linked by Thom Holwerda on Mon 7th Mar 2016 23:52 UTC
Microsoft

Today I'm excited to announce our plans to bring SQL Server to Linux as well. This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud. We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017.

So this is happening. I feel a little cold all of a sudden.

 

Linked by Thom Holwerda on Mon 7th Mar 2016 20:39 UTC
Apple

Craig Federighi, senior vice president of software engineering at Apple, penned this opinion piece in the Washington Post.

That's why it's so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. They have suggested that the safeguards of iOS 7 were good enough and that we should simply go back to the security standards of 2013. But the security of iOS 7, while cutting-edge at the time, has since been breached by hackers. What's worse, some of their methods have been productized and are now available for sale to attackers who are less skilled but often more malicious.

To get around Apple's safeguards, the FBI wants us to create a backdoor in the form of special software that bypasses passcode protections, intentionally creating a vulnerability that would let the government force its way into an iPhone. Once created, this software - which law enforcement has conceded it wants to apply to many iPhones - would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all.

I can't emphasize enough how important it is to stand side-by-side with Apple on this one. In France, they just voted to put technology executives of companies unwilling to decrypt their products in jail.

 

Linked by Thom Holwerda on Mon 7th Mar 2016 20:36 UTC
Mac OS X

On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware "KeRanger." The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.

Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred.

Fascinating hack - they basically compromised the Transmission website to upload infected installers. And it worked, too.

Update: Apple has shut down the exploit by revoking the compromised app's certificate.

 

Linked by Thom Holwerda on Fri 4th Mar 2016 20:47 UTC
Windows

Tim Sweeney, co-founder Epic Games and architect of the Unreal engine, isn't happy with Microsoft's new Universal Windows Platform:

With its new Universal Windows Platform (UWP) initiative, Microsoft has built a closed platform-within-a-platform into Windows 10, as the first apparent step towards locking down the consumer PC ecosystem and monopolising app distribution and commerce.

[...]

This isn't like that. Here, Microsoft is moving against the entire PC industry - including consumers (and gamers in particular), software developers such as Epic Games, publishers like EA and Activision, and distributors like Valve and Good Old Games.

Microsoft has launched new PC Windows features exclusively in UWP, and is effectively telling developers you can use these Windows features only if you submit to the control of our locked-down UWP ecosystem. They're curtailing users' freedom to install full-featured PC software, and subverting the rights of developers and publishers to maintain a direct relationship with their customers.

Microsoft was given the opportunity to respond in another The Guardian article, stating:

In response to Sweeney's allegations, Kevin Gallo, corporate vice president of Windows at Microsoft, told the Guardian: "The Universal Windows Platform is a fully open ecosystem, available to every developer, that can be supported by any store. We continue to make improvements for developers; for example, in the Windows 10 November Update, we enabled people to easily side-load apps by default, with no UX required."

We'll see how this plays out, but Microsoft has a horrible history when it comes to these things.

 

Linked by Thom Holwerda on Fri 4th Mar 2016 00:32 UTC
Legal

Today saw the deadline for amicus briefs in the heated iPhone security trial, and several companies and interested parties took the opportunity to make their case before the court.

The most significant brief came from Google, Microsoft, Facebook, Amazon, Evernote, and nine other major firms, which emphasized the severe harm that would come from court-initiated mandate as opposed to a more considered legislative action. "[The signed companies] pride themselves on transparency with the public, particularly with respect to sensitive issues such as disclosing users’ data," the decision reads. "A boundless All Writs Act could cripple these efforts."

Twitter, Reddit, Github, Ebay, and CloudFlare also submitted a brief with 12 other startup companies, emphasizing the values of privacy and transparency in online services. "If the government is able to compel companies to break their own security measures," the companies write, "the users of those companies will necessarily lose confidence that their data is being handled in a secure, open manner."

Good. Virtually the entire technology industry is siding with Apple on this one.

 

Linked by Thom Holwerda on Thu 3rd Mar 2016 20:54 UTC
Mac OS X

File this one under "Obscure problems that could ruin your day." TidBITS reader Randy Singer reports that due to an expired certificate, OS X installers downloaded prior to 14 February 2016 won't work.

The Apple Worldwide Developer Relations Intermediate Certificate is required for all apps in the Mac App Store, including OS X installers. When used to sign an app, the certificate enables OS X to confirm that the app has not been corrupted or modified by an attacker. This certificate expired on 14 February 2016, causing error dialogs and preventing some apps from launching. Most apps affected have already been updated with the new certificate. But if you downloaded an OS X installer in case of trouble, you may be in for a surprise the next time you try to use it.

Take note.

 

Linked by Thom Holwerda on Thu 3rd Mar 2016 20:48 UTC
Games

One question we were dying to ask is he sees a future for the Oculus Rift with Apple computers. When asked if there would ever be Mac support for the Rift, Palmer responds by saying "That is up to Apple. If they ever release a good computer, we will do it."

Palmer continues to clarify what he meant by that blunt statement by saying "It just boils down to the fact that Apple doesn't prioritize high-end GPUs. You can buy a $6,000 Mac Pro with the top of the line AMD FirePro D700, and it still doesn't match our recommended specs. So if they prioritize higher-end GPUs like they used to for a while back in the day, we'd love to support Mac. But right now, there's just not a single machine out there that supports it."

Harsh, but true. This simply isn't a market Apple is serving right now. Note: I'm not saying they should, just that they don't.

 

Written by David Adams on Thu 3rd Mar 2016 16:15 UTC
Graphics, User Interfaces

Volvo recently conducted a survey and asked consumers about their perceptions of self-driving cars. The question that stood out to me was whether a car company like Volvo or a technology company (Google, unnamed) was best positioned to bring safe self-driving cars to the market. Volvo was obviously fishing for a particular answer, and while they certainly have a vaunted reputation for technical innovation in the service of safety, I'm afraid I can't go along with the answer they're hoping for, partially because safety is only part of the story. In my opinion, no car company working alone is going to be able to produce a self-driving car with the kind of usability that consumers will expect. And for self-driving cars, usability is just as important as safety. In fact, they're inseparable.

 

Linked by Thom Holwerda on Thu 3rd Mar 2016 00:01 UTC
Apple

iOS developer house Pixite decided to give full access to the entire company to Casey Newton.

This past December, Kaneko emailed me out of the blue. He didn't know it then, but I'm a fan of the company's apps: Fragment, which applies prismatic effects to photos, is one of my favorite artistic tools. "As an independent bootstrapped app company, we are struggling," Kaneko wrote. "If things don't turn around, we'll need to lay off half of our staff in the next few months." He invited me to come to San Diego and observe the struggle up close. Kaneko would open up Pixite's books and share every piece of data that I requested while, over the course of two days, his team locked itself in a room and attempted to chart a path forward. Pixite would either figure it out or die.

For years now, I've been skeptical here on OSNews about the sustainability of the application store model. After the initial gold rush, Apple (or Google, for that matter) clearly had absolutely no clue what to do with the application store model to keep it sustainable after the gold rush ran out. Even today, after the languishing application store model utterly gutted the independent developer field and has caused tremendous harm to small developers, the two mobile heavyweights still seem utterly oblivious as to what to do going forward.

And now that both Apple and Google are trying to scale their mobile operating systems up from Facebook and Candy Crush to actual, serious work, everyone is finally starting to realise what a small number of skeptics warned about so many years ago: there's no more money, incentive, or trust in the application store model for developers to create the kind of applications a scaled-up iOS and Android running on laptops or laptop-like devices would need.

This year is going to be incredibly fascinating. I have no doubt that Apple and Google will be able to scale iOS and Android up for work. The real question, though, is if they'll be able to convince weary developers to invest in the application store model again.

I think it's too late. Either there's going to be deep, sweeping changes to how we distribute and sell applications on these platforms, or they will be forever confined to consumption.

 

Linked by Thom Holwerda on Wed 2nd Mar 2016 23:45 UTC
Apple

What follows is an unordered list of things I'd like to see from Apple over the next few years, starting with the easy & obvious things upfront. Most of these have Radars filed against them, but since they're more often than not dupes of existing Radars I won't post the numbers here. Most of this is about iOS, but not all - I'll say upfront that I don't think OS X has a future with the way it's going currently, and has been running on fumes for most of iOS' lifetime.

A great wishlist by Steven Troughton-Smith. Mind you, Steven is someone firmly in the camp that sees iOS as the only way forward for Apple - suffice it to say, I have my reservations about that - so it should be no surprise that many things on this list are focused on making iOS more powerful and versatile.

 

Linked by Norman Feske on Tue 1st Mar 2016 15:55 UTC
OSNews, Generic OSes

With version 16.02, the Genode OS Framework moves beyond x86 and ARM CPUs and embraces the emerging open-source RISC-V hardware architecture. Furthermore, the release comes with the new ability to securely assign USB devices to virtual machines, and updates the Muen separation kernel and the seL4 microkernel.

Today's x86 and ARM-based commodity platforms have become increasingly opaque and infested with proprietary firmware. With new platforms becoming ever more complex and being equipped with mandatory companion processors like Intel's Management Engine, the trustworthiness of mainstream hardware becomes more and more uncertain. If those parts of the system become compromised, even a perfectly secure OS cannot protect the user's privacy and security. It goes without saying that this development is a strong concern of privacy advocates. The article Intel x86 considered harmful by Joanna Rutkowska substantiates those concerns extremely well.

RISC-V is a possible answer to the call for trustworthy hardware. In contrast to the CPUs of current-generation hardware, RISC-V is an open-source CPU architecture. The idea of open-source CPUs is not new. There exist numerous softcore CPUs like LatticeMico32 or OpenRISC. But in contrast to those projects, which are primarily targeted at FPGA platforms, RISC-V is designed to scale from deeply embedded systems to 64-bit general-purpose platforms. The prospect of a scalable and trustworthy hardware architecture motivated the Genode project to take a closer look. In the just-released version 16.02, RISC-V has been added as a supported architecture to Genode's custom base-hw kernel. Since the hardware is still in flux, the scope of the support is still somewhat limited. But Genode is already able to run on the official Spike simulator as well as on RISC-V as a synthesized FPGA softcore.

Besides the added RISC-V support, the second highlight of the current release is the new ability to securely assign USB devices to VirtualBox instances running on top of the NOVA kernel. With this feature, Genode becomes able to accommodate many typical desktop-OS work flows like transferring data via USB sticks, or obtaining pictures from a digital camera. Under the hood, the implementation is quite interesting as it successfully transplants the xHCI device model of Qemu to VirtualBox.

The third focus of version 16.02 is the update of the Muen and seL4 kernels. The Muen separation kernel has been updated to version 0.7, which greatly improves the interoperability with Genode's tooling. In fact, Muen can now be targeted with the same work flows as employed for all the other kernels. Genode's support for the seL4 kernel is still a rather experimental line of work. In this respect, the update to the kernel version 2.1 posed a number of interesting challenges with respect to the kernel-resource management. This discussion along with details about the many more improvements of the current release is covered in the official release documentation.

 

Linked by ddc_ on Mon 29th Feb 2016 21:41 UTC
GNU, GPL, Open Source Ubuntu's announcement about inclusion of ZFS support in upcoming 16.04 LTS started an important discussion in opensource community: the license incompatibility between GPL and CDDL licenses may be an issue. Being a copyleft license, GPL requires that all works that are derived from GPL-licensed work are also distributed under terms of GPL. CDDL, the license of ZFS code, is also a copyleft license, and as such requires CDDL-licensed work be distributed "only under the terms of [CDDL]." Although Ubuntu's ZFS code comes from OpenZFS project, Oracle is still one of the major copyright holders of the code base, and it does not seem likely to relicense its assets under GPL any time soon.

Dustin Kirkland of Ubuntu, the author of the announcement, explained Canonical's position, albeit light on details:

The CDDL cannot apply to the Linux kernel because zfs.ko is a self-contained file system module -- the kernel itself is quite obviously not a derivative work of this new file system. And zfs.ko, as a self-contained file system module, is clearly not a derivative work of the Linux kernel but rather quite obviously a derivative work of OpenZFS and OpenSolaris. Equivalent exceptions have existed for many years, for various other stand alone, self-contained, non-GPL kernel modules.

Software Freedom Conservancy (SFC), a non-profit with self-assigned mission of carrying on a crusade against GPL violations, quickly pointed out that the "obvious" conclusions of Canonical are not really all that obvious:

[I]f ZFS were statically linked with Linux and shipped as a single work, few would argue it was not a "work based on the Program" under GPLv2. And, if we believe there is no legal difference when we change that linking from static to dynamic, we conclude easily that binary distribution of ZFS plus Linux - even with ZFS in a .ko file - constitutes distribution of a combined work.

Another non-profit organization - Software Freedom Law Center (SFLC) - provides yet another opinion on the matter. Eben Moglen points out that CDDL permits distribution of binaries under other licenses, so in case of Linux module GPL's requirements in case of binary module may be fullfilled by distributing it under GPL. Admittedly, this does not solve the issue of the license incompatibility of the code bases. The proposed solution is basically to ignore the wording of GPL's viral clause:

In this specific sense, then, the conduct which falls outside the words of GPLv2 falls within the "equity of the license," or its "spirit." As all Western legal systems have known since Aristotle, literal interpretation of any legal material will sometimes produce unintended unjust results, which can and should be corrected by the invocation of "equity." This present issue is evidently an example in which the tension between literal and equitable interpretation is raised, and it is the consensus of the kernel copyright holders' intention which determines which mode of interpretation is to be employed.

The issue of GPL compatibility and kernel modules' licensing arised before. For example, Linus Torvalds already noted that kernel modules are in "gray area" when it comes to the issue of derived worked. Using an example of Andrew filesystem he stated that external code base that was designed on different system and only required minimal porting effort due to interface similarities, in his opinion, was not a derived work of Linux. Even more appropriate example is Nvidia's infamous proprietary Linux driver, which interfaces the kernel via specially-crafted module that abstracts away Linux kernel implementation details, so that Nvidia's binary blob may still considered to be a self-contained work targetting module's interface, not the interfaces of Linux. This driver is widely used and generally tolerated by distributions.

The differences in these two positions reveal the two conflicting opinions on Linux copyright situation. SFLC is more concerned about the ability of opensource ecosystem to survive in face of fanatic GPL enforcement: their statements goes into painful details about difficulties that projects with permissive licenses are facing when they need to maintain the ports of their code in GPLed projects. If stictly enforced, GPL could hinder such projects to the point when whole ecosystem comes to net loss. Such situation could be particularly painful in cases like this, when the goals of GPL are met, but the legal mechanism that was chosen by opensource Foundation prevents both Linux and OpenZFS from cross-polination.

But on the other hand, making such excuses would open gates for projects that don't really contribute to the opensource, but only use it to their own benefit. While proponents of permissive licenses (myself included) don't find anything wrong with such outcome, GPL was specifically designed to prevent it, and that is why it is one of the most popular opensource licenses out there. Obviously, every concession weakens the position of those seeking GPL enforcement, including SFC, whose mission right now is endangered by both SFLC's and Canonical's views on ZFS integration into Linux. Being a self-styled GPL crusader with several battles already fought, SFC knows that the ZFS inclusion in Ubuntu may come at a price of legal actions lost, and potentially tolanted hackers driven out of opensource by frustration and disappointment.

There is another interesting angle to this situation: by now it is common knowledge that Sun Microsystems specifically designed CDDL to be incompatible with GPL, so that ZFS, while being opensource, could not be included with Linux. Shipping ZFS with Ubuntu would defeat this tactics and potentially remove motivation for such unfortunate choice of license for companies like Sun or Oracle, to benefit of all involved sides.

And yet another thing to consider: some (most?) jurisdictions explicitly require sticking with literal meanings of laws and contracts. This means that even if SFLC's position is defendable in United States, it might be dismissed in other parts of the world, giving Linux copyright holders ability to sue Canonical over copyright infringement. Given that Oracle holds copyright in both Linux and OpenZFS, and that it already demonstrated willingness to take legal actions against opensource projects, Canonical might still be under significant risk.

At any rate, the outcome of this discussion, if any, have potential to settle a long-standing issue in opensource community, and to make legal implications of using GPL more transparent and clear.

 

Linked by Thom Holwerda on Mon 29th Feb 2016 21:40 UTC
Microsoft

HoloLens is fully untethered and self-contained. It's the only device that enables holographic computing natively with no markers, no external cameras, no wires, no phone required, and no connection to a PC needed. And it's a Windows 10 device - the interface is familiar, and connected by the power of a unified ecosystem of Windows devices.

The device consists of multiple environment understanding sensors and it's powered by a custom-built Microsoft Holographic Processing Unit (HPU) and an Intel 32-bit architecture. The HPU is custom silicon that allows HoloLens to understand gestures and gaze while mapping the world all around you, all in real time.

Microsoft today announced that the Microsoft HoloLens Development Edition will start shipping on 30 March, at $3000 a piece. They also offer a look at the hardware powering HoloLens.

 

Linked by Thom Holwerda on Mon 29th Feb 2016 21:33 UTC
Hardware, Embedded Systems

The Raspberry Pi is turning four today, and in celebration of this, they've now released the Raspberry Pi 3 - which packs a serious performance punch, at the same low price point.

In celebration of our fourth birthday, we thought it would be fun to release something new. Accordingly, Raspberry Pi 3 is now on sale for $35 (the same price as the existing Raspberry Pi 2), featuring:

  • A 1.2GHz 64-bit quad-core ARM Cortex-A53 CPU (~10x the performance of Raspberry Pi 1)
  • Integrated 802.11n wireless LAN and Bluetooth 4.1
  • Complete compatibility with Raspberry Pi 1 and 2

All the previous Raspberry Pi boards will remain available, as long as the demand for them remains. In addition, over the course of the coming months, the userland of Raspbian will be moved to 64 bit.

 

Linked by Thom Holwerda on Fri 26th Feb 2016 22:43 UTC
Games

No matter how its console business is doing, Nintendo has always been able to lean on healthy portable system sales to prop up its finances. With the Wii U continuing to severely underperform sales expectations, though, it looks like the Nintendo 3DS is failing to pick up the slack as its predecessors once did.

Nintendo's going to need a better strategy. Maybe the past 15 years of rehashing the same Mario, Zelda, and Metroid games is finally catching up to them.

 

Linked by Thom Holwerda on Thu 25th Feb 2016 23:00 UTC
Legal

The case between Apple and the US government keeps generating a lot of responses, but if there's one thing you really need to see, it's ABC's 30-minute interview with Tim Cook about the matter. It's no secret around here that I am not a particular fan of either Apple (or any other company for that matter) or Tim Cook, but I am genuinely impressed by Cook's spirit, insistence, and conviction displayed in this interview.

Meanwhile, Microsoft has firmly and clearly sided with Apple, stating the company will file an amicus brief next week. During a congressional hearing today, Microsoft president and chief legal officer Brad Smith pulled out an adding machine from 1912, to drive the point home how old the law is that the FBI is relying upon.

"We do not believe that courts should seek to resolve issues of 21st Century technology with a law that was written in the era of the adding machine," Smith said.

I still think Apple will eventually lose this whole thing, but hearing Tim Cook say they will take it all the way to the Supreme Court at least reassures me he is willing to take it all the way.

 

Linked by Thom Holwerda on Thu 25th Feb 2016 01:01 UTC
In the News

The primary weapon manufacturers wield to keep consumers running for the dumpster rather than the screwdriver is the Digital Millennium Copyright Act. Passed in 1998, its purpose was to bring copyright law into the digital era. Among other things, this law makes it illegal for owners and unauthorized repair people to break technical locks over copyrighted content, including software. Fixers have been fighting for exemptions to the DMCA, and in October 2015 the United States Copyright Office finally adopted a new set, making it legal to unlock carrier-activated phones, tablets, wearables, and mobile hotspots. Owners can also jailbreak phones, tablets, and smart TVs, and modify the software on 3D printers, cars, tractors, and heavy equipment. Nevertheless, software in many electronics, including game consoles, is still protected by the DMCA. At-home modifications or repairs can constitute a copyright violation. At the least, it will void a device's warranty, but it potentially carries up to a $1,000,000 fine and 10 years in prison, and numerous researchers, hobbyists, and companies have been taken to court.

Isn't the future fun?

 

Linked by Thom Holwerda on Thu 25th Feb 2016 00:59 UTC
Windows

If you're like me, you might have opened up your Windows 10 laptop today only to see a giant ad for Square Enix's Rise of the Tomb Raider plastered across your login screen. This is the work of the "Windows Spotlight" feature in your Personalization settings, and thankfully, you can turn it off for good.

Isn't the future fun?