USB 3.2, which doubles the maximum speed of a USB connection to 20Gb/s, is likely to materialize in systems later this year. In preparation for this, the USB-IF—the industry group that together develops the various USB specifications—has announced the branding and naming that the new revision is going to use, and… It’s awful. I won’t spoil it for you. It’s really, really bad.
Security researchers at the Network and Distributed Systems Security Symposium in San Diego are announcing the results of some fascinating research they’ve been working on. They “built a fake network card that is capable of interacting with the operating system in the same way as a real one” and discovered that Such ports offer very privileged, low-level, direct memory access (DMA), which gives peripherals much more privilege than regular USB devices. If no defences are used on the host, an attacker has unrestricted memory access, and can completely take control of a target computer: they can steal passwords, banking logins, encryption keys, browser sessions and private files, and they can also inject malicious software that can run anywhere in the system. Vendors have been gradually improving firmware and taking other steps to mitigate these vulnerabilities, but the same features that make Thunderbolt so useful also make them a much more serious attack vector than USB ever was. You may want to consider ways to disable your Thunderbolt drivers unless you can be sure that you can prevent physical access to your machine.
My software setup has been surprisingly constant over the last decade, after a few years of experimentation since I initially switched to Linux in 2006. It might be interesting to look back in another 10 years and see what changed. A quick overview of what’s running as I’m writing this post. A detailed overview of a terminal-oriented Linux software setup. There’s obviously countless setups like this, but this post is quite detailed and possibly contains some ideas for others.
As expected, Microsoft today launched HoloLens 2, the company’s second-generation augmented reality (AR) headset. The new hardware addresses what were probably the two biggest issues with the first-generation device: the narrow field of view, and the comfort when wearing the device. I’d love to experience AR and VR devices like these, but for now, I just can’t justify the investment. The killer app for home use seems to not have been invented yet, and I’d just end up with a fun gimmick that serves to entertain the odd guest a few times a year. I understand my own personal enjoyment is not exactly high on the list for the makes of these devices – they’re obviously more interested in professional use – but in order to build a sutainable, long-term business around AR and VR, they really ought to start thinking about reasons for ordinary consumers to start buying these.
The Opportunity Rover, also known as the Mars Exploration Rover B (or MER-1), has finally been declared at end of mission today after 5,352 Mars solar days when NASA was not successfully able to re-establish contact. It had been apparently knocked off-line by a dust storm and was unable to restart either due to power loss or some other catastrophic failure. Originally intended for a 90 Mars solar day mission, its mission became almost 60 times longer than anticipated and it traveled nearly 30 miles on the surface in total. Spirit, or MER-2, its sister unit, had previously reached end of mission in 2010. And why would we report that here? Because Opportunity and Spirit were both in fact powered by the POWER1, or more accurately a 20MHz BAE RAD6000, a radiation-hardened version of the original IBM RISC Single Chip CPU and the indirect ancestor of the PowerPC 601. There are a lot of POWER chips in space, both with the original RAD6000 and its successor the RAD750, a radiation-hardened version of the PowerPC G3. What an awesome little tidbit of information about these Mars rovers, which I’m assuming everybody holds in high regard as excellent examples of human ingenuety and engineering.
On Monday, Google and the FIDO Alliance announced that Android has added certified support for the FIDO2 standard, meaning the vast majority of devices running Android 7 or later will now be able to handle password-less logins in mobile browsers like Chrome. Android already offered secure FIDO login options for mobile apps, where you authenticate using a phone’s fingerprint scanner or with a hardware dongle like a YubiKey. But FIDO2 support will make it possible to use these easy authentication steps for web services in a mobile browser, instead of having the tedious task of typing in your password every time you want to log in to an account. Web developers can now design their sites to interact with Android’s FIDO2 management infrastructure. Good move.
Huawei Technologies Co. would deny any Chinese government request to open up “back doors” in foreign telecommunications networks because they aren’t legally obliged to do so, the company’s chairman says. Liang Hua, speaking to reporters in Toronto on Thursday, said the company had received an independent legal opinion about its obligations under Chinese law and said there is nothing forcing companies to create what he called “back doors” in networks. He said they’d never received any such request, but would refuse it if they did. At this point, it seems silly to assume such backdoors do not already exist in one form or another – if not at the device level, then at the network level. This isn’t merely a Chinese thing either; western governments are doing the same thing, draped in a democratic, legal veneer through secret FISA-like courts and similar constructions.
Late last year, Linux OEM System76 unveiled the Thelio, its custom Linux-focused workstation. The computer is now shipping to consumers, meaning the first reviews are starting to roll in. Leonora Tindall wrote up her experience with System76’s latest workstation, concluding: System76’s new “open hardware” desktop, is a small, beautiful, and powerful desktop computer that hits every high point anyone could have expected, faltering only in the inherent limitations of its small size. It’s pretty, it’s tiny, it’s fast, it’s well cooled, and the software support is top-tier. Despite being somewhat noisy and lacking front I/O, it’s certainly a good machine for any Linux user who can swallow the 18% – 22% upcharge for assembly and custom engineering. It must be difficult to sell highly customisable Linux workstations like these, since virtually anyone using Linux is most likely more than capable and willing to build their own computer. Still, I commend the effort, and it can serve as a halo product for System76’s Linux laptops, which probably cover a wider net of possible consumers.
We’re very grateful to this week’s (and our inaugural) sponsor: OPS is a new free open source tool that allows anyone including non-developers to run existing Linux applications as unikernels. Long predicted to be the next generation of cloud infrastructure, unikernels have remained inaccessible to developers because of their low level nature. OPS fixes that. Please visit their website to learn more: https://ops.city
Many years ago (in 2015), I told you about my Xbox 360 development kit, based on a Power Mac G5. And I finally managed to make it work. Let’s summarize the story. We are in 2003 and Microsoft plans to release its Xbox 360 console in 2005. It is based on a new PowerPC processor (the Xenon, derived from the Cell but that’s another story) and an AMD graphics card. And initially, to provide test machines to the developers, Microsoft has an issue: the processor does not exist yet. The solution, quite pragmatic, to solve the problem while waiting for the first prototypes of consoles consists in using the most common mainstream PowerPC platform: a Macintosh. These PowerMac G5s used by Microsoft for Xbos 360 development couldn’t really be used for anything but running Mac OS X, since the Xbox 360 development software and operating system had all been wiped. As luck would have it, though, this software was released on the internet last year, including the Xenon OS. It also includes an early version of the Xbox 360 dashboard. An absolutely fascinating piece of history.
Millions of smartphone users confess their most intimate secrets to apps, including when they want to work on their belly fat or the price of the house they checked out last weekend. Other apps know users’ body weight, blood pressure, menstrual cycles or pregnancy status. Unbeknown to most people, in many cases that data is being shared with someone else: Facebook. The social-media giant collects intensely personal information from many popular smartphone apps just seconds after users enter it, even if the user has no connection to Facebook, according to testing done by The Wall Street Journal. The apps often send the data without any prominent or specific disclosure, the testing showed. At this point, none of this should surprise anyone anymore. Still, this particular case involves applications without any Facebook logins or similar mechanisms, giving users zero indiciation that their data is being shared with Facebook. These developers are using Facebook analytics code inside their applications, which in turn collect and send the sensitive information to Facebook. Other than retreat to a deserted island – what can we even do?
Responding to a forum post on upcoming ARM server offerings, Linus Torvalds makes a compelling case for why Linux and x86 completely overwhelmed commercial Unix and RISC: Guys, do you really not understand why x86 took over the server market? It wasn’t just all price. It was literally this “develop at home” issue. Thousands of small companies ended up having random small internal workloads where it was easy to just get a random whitebox PC and run some silly small thing on it yourself. Then as the workload expanded, it became a “real server”. And then once that thing expanded, suddenly it made a whole lot of sense to let somebody else manage the hardware and hosting, and the cloud took over.
When we re-launched the site at the beginning of the year, I mentioned that I’d considered shuttering OSNews as a response to needing such a major overhaul, since conventional advertising was no longer sufficient for covering expenses. A few weeks ago, I decided to experiment with offering a sponsorship, wherein a patron pays a fee to be the exclusive sponsor of the site for a week. It was all just a pipe dream until someone agreed last week to be our first sponsor. So we’re cautiously optimistic that this may be a viable way to keep the site running and maybe even expand. It won’t work, though, unless we can fill our pipeline with sponsors. I doubt we’ll be able to do that just by putting up a shingle and hoping people contact us. So I wanted to reach out to you, beloved readers, to see if you could help. If you know someone, maybe your employer, who offers a product or service that might be interesting to OSNews readers, see if they’ll be willing to sponsor the site. We’re open to ideas on how to structure the sponsorship program. If you were to sponsor the site, what would you want to get in exchange for your money? We’d love feedback on the terms of the sponsorship. Do you know of any ways that we might be able to publicize the availability of sponsorships? Would you be interested in acting as a salesperson and reaching out to firms to solicit sponsorships? Let me know. And finally, sponsorships will be desirable if OSNews itself is popular and vibrant. You can do your part by reading the site, commenting, submitting news, and contacting us if you’re interested in writing a feature.
The Nintendo Switch is Nintendo’s latest console/handheld, and it’s doing really well for itself in terms of sales and appeal. It also marks a change in attitude from Nintendo as well, as the device is not only powered by an Nvidia Tegra system-on-chip, but the company even reportedly wanted to employ the now-defunct Cyanogen Inc. to develop their operating system. Since the discovery of the Fusée Gelée vulnerability, Switch modding has really taken off in the community. Users have theorized for a long time now whether it would be possible to port Android to the Switch. After all, Linux has been ported to it and the device uses the Tegra X1 SoC for which there is documentation to refer to. All that’s left is the blood, sweat, and tears of developers interested enough in porting Android. One developer by the name of ByLaws is taking the challenge of turning a Nintendo Switch into an Android tablet. The Switch is such a perfect formfactor and device for retro gaming. It’s really too bad that such things break warranties and/or block device and game updates, because otherwise I’d get emulators running on my Switch in a heartbeat.
Google is finally ending forced arbitration for its employees. These changes will go into effect for both current and future Google employees on March 21. While Google won’t reopen settled claims, current employees can litigate past claims starting March 21. While it’s nice of Google to end this policy, forced arbitration for employees should clearly be illegal in the first place.
Ina Fried, for Axois, about Apple’s expected plan to move Macs to its own in-house ARM chips: Although the company has yet to say so publicly, developers and Intel officials have privately told Axios they expect such a move as soon as next year. I’m quite excited about this move. Apple has sway in the industry, and anything that lights a fire under Intel and the x86 archicture in general can only be seen as a good thing – more competition is always better.
Fast-forward nearly six years. Steam Machines puttered out as an idea, though Valve hasn’t dropped its support for Linux. It maintains a Linux Steam client with 5,800 native games, and just last August, Valve unveiled Proton, a compatibility layer designed to make every Steam title run open-source-style. With Proton currently in beta, the number of Steam titles playable on Linux has jumped to 9,500. There are an estimated 30,000 games on Steam overall, so that’s roughly one-in-three, and Valve is just getting started. However, the percentage of PC players that actually use Linux has remained roughly the same since 2013, and it’s a tiny fraction of the gaming market — just about 2 percent. Linux is no closer to claiming the gaming world’s crown than it was six years ago, when Newell predicted the open-source, user-generated-content revolution. While that is undeniably true, it’s now at least definitely more viable to play games on Linux, even if it’s generally nowhere near the kinds of performance levels possible on Windows – assuming the titles run on Linux at all, of course.
Apple Inc. wants to make it easier for software coders to create tools, games and other applications for its main devices in one fell swoop – an overhaul designed to encourage app development and, ultimately, boost revenue. The ultimate goal of the multistep initiative, code-named “Marzipan,” is by 2021 to help developers build an app once and have it work on the iPhone, iPad and Mac computers, said people familiar with the effort. That should spur the creation of new software, increasing the utility of the company’s gadgets. This seems more of a repitition of what we already knew than truly new information.
Samsung first teased its foldable phone back in November, and at the company’s Galaxy Unpacked event today it’s further detailing its foldable plans. Samsung’s foldable now has a name, the Samsung Galaxy Fold, and the company is revealing more about what this unique smartphone can do. Samsung is planning to launch the Galaxy Fold on April 26th, starting at $1,980. There will be both an LTE and 5G version of the Galaxy Fold, and Samsung is even planning on launching the device in Europe on May 3rd, starting at 2,000 euros. The technology is definitely amazing and futuristic, but this device is clearly more of a very expensive tech demo than a real, mass-market product. There’s nothing wrong with that – I like having crazy technology available, even if it’s at high prices – but a monumental shift in the market this is not. Yet.
Samsung has been very slowly rolling out its Android 9 update to a very small selection of its phones, and with it, the company is introducing a fairly radical redesign of the user interface it slaps on top of Android. It’s called One UI, and it seems like people are… Actually really positive about it? Since I – and many others with me – have treated Samsung’s UIs and skins as a punching bag for almost a decade now, it seems only fair to also highlight when they seem to be doing something right. First, Dieter Bohn at The Verge: I’ve been testing One UI on a Galaxy S9 for the past week or so and thus far I really like it. In some ways, I like it better than what Google itself is shipping on the Pixel 3. If it weren’t for the fact that I don’t yet trust Samsung to deliver major software updates quickly, I would be shouting about One UI from the rooftops. As it is, I just want to point out that it’s time for us to stop instinctively turning our noses up at Samsung’s version of Android. There are still some annoying parts of One UI, but they don’t ruin what is otherwise a full-featured, coherent, and (dare I say) thoughtful version of Android. This is not the conventional wisdom about Samsung software. Second, Abhay Venkatesh at NeoWin: Samsung’s One UI is a huge step in the right direction. The fresh, fluid UI makes it a joy to use, and the addition of smart UI elements, dark mode, and other nifty improvements make for a great experience. The navigation system combines the best of either world and in true Samsung fashion, provides users with an abundance of options. The company’s efforts to continually improve its software and strike a balance between excess customization and usability is evident. However, a lot of the remnants remain from the years that have passed, and it will be interesting to see how Samsung moves the design language forward. I’m glad to see Samsung improve its software, since that will benefit a lot of people all over the world, and it’s always refreshing to have your preconceived notions challenged.
