Assessing unikernel security

Unikernels are small, specialized, single-address-space machine images constructedby treating component applications and drivers like libraries and compiling them, along with a kernel and a thin OS layer, into a single binary blob. Proponents of unikernels claim that their smaller codebase and lack of excess services make them more efficient and secure than full-OS virtual machines and containers. We surveyed two major unikernels, Rumprun and IncludeOS, and found that this was decidedly not the case: unikernels, which in many ways resemble embedded systems, appear to have a similarly minimal level of security. Features like ASLR, W^X, stack canaries, heap integrity checks and more are either completely absent or seriously flawed. If an application running on such a system contains a memory corruption vulnerability, it is often possible for attackers to gain code execution, even in cases where the application’s source and binary are unknown. Furthermore, because the application and the kernel run together as a single process, an attacker who compromises a unikernel can immediately exploit functionality that would require privilege escalation on a regular OS, e.g. arbitrary packet I/O. We demonstrate such attacks on both Rumprun and IncludeOS unikernels, and recommend measures to mitigate them.

This is a 100+ page article – book? – that isn’t for the faint of heart.

Windows 10’s ‘Sets’ feature is gone and not expected to return

In 2017, Microsoft officials provided a preview of two new features coming to Windows 10: Timeline and Sets. Timeline made it into Windows 10 as part of the April 2018 Update, but Sets didn’t. And it’s looking like it never will be included in Windows 10.

My sources say Microsoft dropped plans for Sets, a Windows-management feature, which would have allowed users to group app data, websites and other information in tabs, months ago. Although Microsoft did test Sets last year with some of its Windows Insider testers, the feature generally wasn’t well received or understood. For apps like Office to work well with Sets, the Office engineering team was going to have to do a lot of extra work.

Too bad, because this really looked like a useful feature to easily group related windows into single objects.

‘They think they are above the law’: the firms that own America’s voting system

The fact is that democracy in the United States is now largely a secretive and privately-run affair conducted out of the public eye with little oversight. The corporations that run every aspect of American elections, from voter registration to casting and counting votes by machine, are subject to limited state and federal regulation.

The companies are privately-owned and closely held, making information about ownership and financial stability difficult to obtain. The software source code and hardware design of their systems are kept as trade secrets and therefore difficult to study or investigate.

It’s for this very reason that my own country – for now – of The Netherlands went back to pencil and paper voting with public manual counting by actual humans.

Red Dead Redemption 2: six months later

Because Red Dead Redemption 2 seems to offer to let you stop and smell the roses, but there are a thousand roses with five buttons to hit every time, and it won’t tell you that you were only supposed to smell the yellow roses until you’re finished with the task. It’s a game that constantly tries to explain a complicated approach to things that are simple in every other game I’ve played. Rockstar spent a surreal number of man-hours to get the light to glisten just so as it hits a realistically rendered horse scrotum, but it couldn’t figure out how to create equipment menus that I could understand after dozens of hours of practice. It’s a game that requires the self-punishing dedication of a hardcore gamer without actually being a hard game or giving me any sense of accomplishment.

It’s a story. One whose writers ultimately knew what they wanted to say, but who also piled on so many of these same ideas over and over that it begins to feel meaningless. In short, it’s a game that wants to pull itself out of the tar pit with its face.

This is probably one of the best – if not the best – reviews of a video game, or any other product for that matter, I’ve ever read. It is incredibly long, detailed, and manages to ask – and answer – a ton of very pertinent questions about not just Red Dead Redemption 2 itself, but the gaming industry as a whole.

I’ve played Red Dead Redemption 2, and I consider it to be a bad game. The controls are a convoluted mess, the story lacks pacing and is all over the place, and the game forces so much pointless, meaningless, and repetitive busywork on the player I just got frustrated and bored. Parts of this particular review go into great detail regarding these matters, and it’s refreshing to see someone pay so much attention to these things other reviewers and players just ignore because shiny visuals.

It’s a long read, and I’m sure many RDR2 fans and players will disagree, but don’t let that stop you from reading this.

In African villages, these phones become ultrasound scanners

Lying on a church pew with his arm over his head, 6-year-old Gordon Andindagaye whimpered a bit — in fear, not pain — as Dr. William A. Cherniak slowly swept a small ultrasound scanner up and down his chest.

Dr. Cherniak and Rodgers Ssekawoko Muhumuza, the Ugandan clinical officer he was training, stared at the iPhone into which the scanner was plugged, watching Gordon’s lung expand and contract.

“O.K.,” Dr. Cherniak finally said. “What do you recommend?”

Here in the west it’s easy to grow cynical towards smartphones and technology, but the impact phones and smartphones having in third world countries – which often skip desktops and laptops – is astounding.

Haiku gets NVMe driver

Due to the awesome work by long-time developer waddlesplash, nightly images after hrev53079 have read/write NVMe support built-in.

[…]

These devices now show up in /dev/disk/nvme/ and are fully useable by Haiku.

I’ve personally tested my Samsung 950 Pro and seen raw read speeds up to 1.4GiB/s.

Another important driver for Haiku to have, and with today’s modern laptops (and most desktops) all having NVMe support, pretty much a must-have.

Report: 26 States now ban or restrict community broadband

A new report has found that 26 states now either restrict or outright prohibit towns and cities from building their own broadband networks. Quite often the laws are directly written by the telecom sector, and in some instances ban towns and cities from building their own broadband networks—even if the local ISP refuses to provide service.

Everything about this is disgusting. It goes to show corporatism and unfettered capitalism are cancers upon out society that must be exterminated.

Ubuntu 19.04 Disco Dingo Released

Ubuntu 19.04 (Disco Dingo) has been officially released today. This Ubuntu version is supported until January 2020. For a longer supported release, use Ubuntu 18.04 LTS instead, which is supported until April 2023.

The new Ubuntu 19.04 ships with Linux 5.0 and the latest stable GNOME 3.32, which includes significant performance improvements, experimental fractional scaling for HiDPI screens, and other updates.
The new release also includes Tracker (file index and search) by default, allows users to install proprietary Nvidia drivers from the Ubuntu installer, and much more.

I’m using the Kubuntu variant on my desktop, and it seems pretty solid so far. The Xubuntu variant has also seen considerable work.

One of the Game Boy’s weirdest games was a Pokémon clone with built-in infrared

The Verge has an article about a very unusual and rare Game Boy accessory.

But the link cable was just the beginning of the Game Boy’s wild, bizarre experimentation with the future. In the late ‘90s, Japanese game company Hudson Soft eventually came up with a more radical idea to bring wireless connectivity to the handheld. It would use infrared — built directly into game cartridges. That way, you could transfer data between two games, or even download data from the internet, directly onto the game. And for some inexplicable reason lost to time, I convinced my parents to buy the one and only Game Boy Color game sold in North America to feature this technology.

The system itself was called GB Kiss, named after the awkward physical dance two players would have to perform to bring the cartridges close enough to one another to initiate the infrared data transfer. For Hudson Soft, it was a remarkably ambitions idea, a leftover from its attempt nearly a decade prior to crack the home console market through its partnership with NEC Home Electronics on the TurboGrafX-16, a device that failed to gain traction but nonetheless spawned a dizzying number of wild accessories and mods.

Few things fascinate me more than rare, unique, and obscure console accessories and expansions from the ’80s and ’90s, so this is right up my alley. I had no idea this ever existed.

Windows 8 will no longer get app updates after this summer

Last year, Microsoft announced when it would be killing app updates and distribution in the Windows Store for Windows Phone 8.x and Windows 8.x. At the time, the blog post stated that Windows Phone 8.x devices would stop receiving app updates after July 1, 2019, while Windows 8.x devices would get app updates through July 1, 2023.

However, it seems as though plans have changed a little bit, as the blog post has quietly been updated earlier this month. As spotted by Nawzil on Twitter, Microsoft has changed the wording in the post to state that Windows 8 devices will stop getting updates for their apps at the same time as Windows Phone 8.x, that is, July 1 of this year. Windows 8.1 devices will continue to receive updates through the previously announced date in 2023.

Not entirely surprising, and this will affect pretty much nobody since Windows 8.1 is a free update.

Presenting search app and browser options to Android users in Europe

Following the changes we made to comply with the European Commission’s ruling last year, we’ll start presenting new screens to Android users in Europe with an option to download search apps and browsers.

These new screens will be displayed the first time a user opens Google Play after receiving an upcoming update. Two screens will surface: one for search apps and another for browsers, each containing a total of five apps, including any that are already installed. Apps that are not already installed on the device will be included based on their popularity and shown in a random order.

This all seems very similar to the browser choice window Microsoft displayed in Windows for a while. It will be available to both new and existing Android users within the EU.

Jailbreaking a Subaru QNX

Via Hackaday:

[Scott Gayou] has a Subaru, a car that has an all-in-one entertainment system head unit that is typical of what you’d find across a host of manufacturers. His account of jailbreaking it is a lengthy essay and a fascinating read for anyone. He starts with a serial port, then an SSH prompt for a root password, and a bit of searching to find it was made by Harman and that it runs the closed-source realtime OS QNX. From there he finds an official Subaru update, from which he can slowly peel away the layers and deduce the security mechanism. The write-up lays bare his techniques, for example at one point isolating the ARM assembler for a particular function and transplanting it bodily into his own code for investigation.

A very good account of this obscure jailbreaking adventure.

Intel says it will exit the 5G modem market

From The Verge:

Intel this evening said it has decided to leave the 5G mobile modem market to focus its efforts more on 4G and 5G modems for PCs, smart home devices, and its broader 5G infrastructure business. The announcement comes just hours after Apple and Qualcomm struck a surprise settlement in the two companies’ ongoing patent infringement and royalties dispute related to Apple’s use of Qualcomm modems in the iPhone.

It’s likely Intel’s decision here was what prompted Apple and Qualcomm’s decision to settle just as lawyers were presenting opening arguments at the latest courtroom trial that began just yesterday in Southern California.

I love it when things make sense.

Epic vs. Steam: the console war reimagined on the PC

There’s a war brewing in the video game industry, and it’s getting uglier by the day. Steam, the longtime leading digital distributor for the PC platform, is facing a significant challenge from an equally large and powerful player: Fortnite creator Epic Games, which launched its own PC games store last year. The ensuing competition has morphed into a console war-like debate for a modern generation of players who grew up under the unhindered dominance of Steam, a platform now facing its first real form of competition since it arrived on the scene nearly 15 years ago.

I’m glad we’re seeing more and more competition in this space. Steam is a hot mess, both the store and the application itself, and the more competition Valve has to deal with, the better. I’m tired of Valve approving every single garbage reskin “indie” title, leading to an endless stream of terrible “games” that makes it incredibly hard to find the few gems among the pile of feces, and I’m tired of the Steam client being a huge, slow behemoth of an application that regularly crumbles under its own sheer bloat (on Windows – let’s not even get started on the Linux and Mac versions).

Valve has had this market all to itself for far too long, and they’ve grown complacent. I welcome the competition from GOG, Epic, Humble, and all the others.

Apple, Qualcomm agree to drop all litigation

From the company’s joint press release (at either Apple’s or Qualcomm’s website):

Qualcomm and Apple today announced an agreement to dismiss all litigation between the two companies worldwide. The settlement includes a payment from Apple to Qualcomm. The companies also have reached a six-year license agreement, effective as of April 1, 2019, including a two-year option to extend, and a multiyear chipset supply agreement.

And just like that, one of the possibly most expensive lawsuits in technology is a thing of the past.

Google comes under fire for sabotaging other browsers once again

It’s no secret that Google Chrome is the world’s most popular browser, and while a lot of that might be owed to its quality, some believe that Google intentionally sabotaged competing browsers in order to grow in popularity. A former Mozilla executive has lashed out at the Mountain View company for repeatedly and continuously finding less-than-desirable ways to promote its own browser.

Jonathan Nightingale posted a series of tweets over the weekend, detailing some of the events that took place between Google and Mozilla over the years. Nightingale starts by pointing out that Google typically played nice with Mozilla before Chrome was a thing, but things turned sour once Google’s browser launched. While the company kept trying to convince Mozilla that both organizations were on the same side, things would often break in Firefox for no real reason.

This is really not that surprising. The only reason Google plays nice with Mozilla is the same reason Microsoft invested in Apple in the late ’90s and kept its products available on Mac OS despite the fact the Mac was basically dead: they need an antitrust lightning rod.

Netherlands competition authority launches investigation into abuse of dominance by Apple in its App Store

The Netherlands Authority for Consumers and Markets (ACM) will investigate whether Apple abuses the position it has attained with its App Store. ACM will do so following indications that ACM has received from other app providers over the course of its market study into app stores. That market study has been published today.

Henk Don, Member of the Board of ACM, explains: ‘To a large degree, app providers depend on Apple and Google for offering apps to users. In the market study, ACM has received indications from app providers, which seem to indicate that Apple abuses its position in the App Store. That is why ACM sees sufficient reason for launching a follow-up investigation, on the basis of competition law.’

This will be a long, protracted legal battle – in multiple European countries.