Keep OSNews alive by becoming a Patreon, by donating through Ko-Fi, or by buying merch!

more, less, and a story of typical Unix fossilization

In a sane world, Unix vendors would have either replaced their version of more with the clearly superior less or at least updated their version of more to the 4.3 BSD version. Maybe less wouldn't have replaced more immediately, but certainly over say the next five years, when it kept on being better and most people kept preferring it when they had a choice. This would have been Unix evolving to pick a better alternative. In this world, basically neither happened. Unix fossilized around more; no one was willing to outright replace more and even updating it to the 4.3 BSD version was a slow thing (which of course drove more and more people to less). Eventually the Single Unix Specification came along and standardized more with more features than it originally had but still with a subset of less's features (which had kept growing).

This entire history has led to a series of vaguely absurd outcomes on various modern Unixes.

Zuckerberg hopes to show off his Jarvis-like home AI next month

Facebook CEO Mark Zuckerberg is living at least a few years out ahead of anyone reading this post -- the founding executive told an audience in Rome (via Verge) today that he hopes to demonstrate his home’s artificial intelligence system, which controls things like air conditioning, lighting and more based on things like face and voice recognition.

The TechCrunch article is light on detail, but this project may be more interesting than it sounds at first blush. Zuckerberg isn't the first tech billionaire to sink a bunch of money into a fancy home automation project. Bill Gates famously did the same a couple of decades ago. High end homes all over the world have fancy and expensive home control systems, that provide their rich owners with frustration and hassle and absolutely confound houseguests. But these days, for a few hundred dollars, anyone can buy an Amazon Echo, any one of half a dozen automation hubs, and various switches, thermostats, and lightbulbs, and create a pretty nifty and convenient voice controlled home automation and entertainment system. Someone with the vision and the development budget that Mark Zuckerberg has at his disposal should be able, with readily available, inexpensive hardware, create something pretty amazing.

Ode to ASCII games

Computing old timers remember a world where computer games were decidedly lo fi. Linux Links has a list of the 21 best open source ASCII games, with screenshots and descriptions, for your nostalgic pleasure.

Apple event scheduled for September 7

It's pretty much a given that the primary announcement will be the iPhone 7, reportedly with no analog headphone jack, possibly no physical home button, and hopefully with 32 GB storage in the base configuration. According to the rumor mill, the primary technological advance for the new iPhone will be a new camera system. There's some speculation that a new Apple Watch will be announced, but in my opinion what the Apple watch needs most is better software (upcoming in the WatchOS 3 release). The Watch has been pretty satisfying as a gadget, but ultimately disappointing as a platform, and a new hardware version is unlikely to reverse that trend. Many Mac fans are hoping that a new Macbook Pro will be announced, but there doesn't seem to be any concrete evidence of that, other than the fact that it's been so long since the last real MPB redesign. The rumors are based, I suspect, on wishful thinking. However, if Apple releases an updated Macbook Pro with an OLED touchscreen and Intel Skylake, people would be lining up to buy them. Apple's custom is to make its primary OS announcements at WWDC and focus on new devices in the fall, but I'm sure we'll get a bit of an update on iOS 10 and possibly WatchOS3.

Linux Flaw Allows Attackers to Hijack Web Connections

Researchers discovered that a Transmission Control Protocol (TCP) specification implemented in Linux creates a vulnerability that can be exploited to terminate connections and conduct data injection attacks.

The flaw, tracked as CVE-2016-5696, is related to a feature described in RFC 5961, which should make it more difficult to launch off-path TCP spoofing attacks. The specification was formulated in 2010, but it has not been fully implemented in Windows, Mac OS X, and FreeBSD-based operating systems. However, the feature has been implemented in the Linux kernel since version 3.6, released in 2012.

A team of researchers from the University of California, Riverside and the U.S. Army Research Laboratory identified an attack method that allows a blind, off-path attacker to intercept TCP-based connections between two hosts on the Internet.

Researchers noted that data cannot be injected into HTTPS communications, but the connection can still be terminated using this method. One attack scenario described by the experts involves targeting Tor by disrupting connections between certain relays so that users are forced to use attacker-controlled exit relays.

How can journalists and activists (and regular folks) reduce their susceptibility to surveillance?

The recent news of a savvy UAE-based activist thwarting an attempt to compromise his iPhone raises the important issue of state-based surveillance actors and their private sector contractors having sophisticated and effective ways of intercepting communication and using their targets' own devices against them. One problem with modern mobile computing technology is that it's been built around expansive and convenient features, with security and privacy as an afterthought. On the same day I learned about the iPhone exploit, I happened to listen to a re-run of a 2014 Planet Money podcast in which an NPR journalist volunteered to fall victim to his unencrypted internet traffic being captured and analyzed by experts, and what they were able to learn about him, and specifically about the sources and topics of a story he was working on, was alarming.

As the podcast mentions, mobile OS vendors and online services are getting a lot better at encrypting traffic and obscuring metadata, and one of the primary reasons for this was Edward Snowden's revelations about the ubiquity and sophistication of the NSA's surveillance, and by extension, the dangers of surveillance from other state agencies, black hat hackers, and legions of scammers. The Snowden revelations hit Silicon Valley right in the pocketbook, so that did impel a vast new rollout of encryption and bug fixing, but there's still a long way to go.

As a way of both highlighting and trying to fix some of the inherent vulnerabilities of smartphones in particular, Ed Snowden teamed up with famed hardware hacker Bunny Huang have been working on a hardware tool, specifically, a mobile phone case, that monitors the radio signals from a device and reports to the user what's really being transmitted. They explain their project in a fascinating article at PubPub.

Mobile phones provide a wide attack surface, since their multitude of apps are sharing data with the network at all times, and even if the core data is encrypted, a lot can be gleaned from metadata and snippets of unencrypted data that leak through. Journalists and activists generally know this, and often use Airplane Mode when they're worried their location may be tracked. Problem is, when agencies are using spearphishing attacks to remotely jailbreak iPhones and install tracking software, and there are even fears that OS vendors themselves might be cooperating with authorities, Snowden and Huang set out to allow users to monitor their devices in a way that doesn't implicitly trust the device's user interface, which may be hiding the fact that it's transmitting data when it says it's not. The article goes into great detail about the options they considered, and the specific design they've worked down to, and it looks terrific.

Apple releases security patch after iPhone zero day exploit used on UAE political dissident

Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.

The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware. We are calling this exploit chain Trident. Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.

The GIF is dead – long live the GIF

Already more than a decade old and with roots reaching back half a decade before the World Wide Web itself, the GIF was showing its age. It offered support for a paltry 256 colors. Its animation capabilities were easily rivaled by a flipbook. It was markedly inferior to virtually every file format that had followed it. On top of that, there were the threats of litigation from parent companies and patent-holders which had been looming over GIF users for five long years before the fiery call to action. By Burn All GIFs Day, the GIF was wobbling on the precipice of destruction. Those who knew enough to care deeply about file formats and the future of the web were marching on the gates, armed with PNGs of torches and pitchforks.

And yet, somehow, here we are. Seventeen years later, the GIF not only isn't dead. It rules the web.

Sometimes, things just work - even if it sucks.

Android 7.0 Nougat review: do more on your gigantic smartphone

Ars has an in-depth review of Android 7.0 Nougat, so sit back, relax, and have fun.

After a lengthy Developer Preview program starting in March, the final version of Android 7.0 (codenamed "Nougat") is finally launching today. The OS update will slowly begin to rollout to devices over the next few weeks. This year, Google is adding even more form factors to the world's most popular operating system. After tackling watches, phones, tablets, TVs, and cars, Nougat brings platform improvements aimed at virtual reality headsets and - with some help from Chrome OS - also targets laptops and desktops.

For Android's primary platform (still phones and tablets), there's a myriad of improvements. Nougat brings a new multitasking split screen mode, a redesigned notification panel, an adjustable UI scale, and fresh emoji. Nougat also sports numerous under-the-hood improvements, like changes to the Android Runtime, updates to the battery saving "Doze" mode, and developer goodies like Vulkan and Java 8 support.

Android 7.0 Nougat released for some Nexus device owners

It's Android 7.0 Nougat day! Well, for the owners of a small number of Nexus devices, and even then, of a small subset of them, because of the staged rollout - well, for them, it's Android 7.0 Nougat day! If you have a Nexus 6, Nexus 5X, Nexus 6P, Nexus 9, Nexus Player, Pixel C or General Mobile 4G (Android One), you can try checking for updates starting today. Alternatively, you can manually install a factory image once they become available.

Since Nougat's been out as a developer preview for a while - I've been running it on my 6P for months - I doubt any of you will be surprised by what Nougat brings to the table. It's a relatively small release compared to some other Android releases, but it still brings a number of interesting refinements and new features - the biggest of which is probably the new multiwindow feature.

The Verge's got a review up, and mentions some of the less obvious features that I think are quite important:

A lot of what's new in Nougat are features you can't really see. I'm talking about deeply nerdy (but important) stuff like a JIT compiler for ART apps and support for the Vulkan API for 3D graphics. The former should provide some performance gains while the latter will help Android games look way better. Google also fixed up the way Android handles media so that it's more secure, added file-based encryption, and added some features for enterprise users.

Another important feature laying groundwork for the future: seamless updates. Starting with Nougat, Android will use two separate partitions so updates can be installed and applied in the background, so that the next time you reboot, it's ready to go.

As always - no idea when any of you will get to use Nougat, but it's out there now.

Self-driving car technology will change more than your car

Starting later this month, Uber will allow customers in downtown Pittsburgh to summon self-driving cars from their phones, crossing an important milestone that no automotive or technology company has yet achieved. Google, widely regarded as the leader in the field, has been testing its fleet for several years, and Tesla Motors offers Autopilot, essentially a souped-up cruise control that drives the car on the highway. Earlier this week, Ford announced plans for an autonomous ride-sharing service. But none of these companies has yet brought a self-driving car-sharing service to market.

Uber's Pittsburgh fleet, which will be supervised by humans in the driver's seat for the time being, consists of specially modified Volvo XC90 sport-utility vehicles outfitted with dozens of sensors that use cameras, lasers, radar, and GPS receivers. Volvo Cars has so far delivered a handful of vehicles out of a total of 100 due by the end of the year. The two companies signed a pact earlier this year to spend $300 million to develop a fully autonomous car that will be ready for the road by 2021.

The robotisation of transportation - personal, professional, commercial, and industrial - will be one of the most far-reaching and uprooting developments in recent human history. Transportation is a relatively large part of the workforce, and over the coming decades, many of those jobs will disappear - putting a huge strain on the economy and society.

On top of that, car ownership will start to slow down, and since automated cars will make more efficient use of available road surface, we'll eventually get to the point where we need to rethink our entire infrastructure and the way we design our living space - only 60-70 years after the last time we completely rethought our living space.

We've talked about this before, but The Netherlands completely redesigned (at least the western half of) the country for two things: one, to maximise agricultural production, and two, to prepare the environment for mass car ownership. We succeeded at the former (The Netherlands is the second largest exporter of agricultural products, after the US, but before Germany - despite our tiny surface area), but we only partially succeeded at the latter (traffic jams are a huge problem all over the country).

As an aside: when I say "redesigned the country", I literally mean that the entire map was redrawn. This map should illustrate really well what the Dutch government, the agricultural sector, and industry agreed upon to do; the 'messy' part is the swampy, irregularly shaped way it used to look, while the straight and clean part is what they turned it into. Gone are the irregularly shaped, inefficient patches of farmland only navigable on foot and in boats, and in their place we got large, patches of land, easily reachable by newly drawn roads to make way for cars and trucks (still countless waterways though; they are crucial for making sure the entire western half of the country doesn't flood).

My parents and grandparents lived through this massive redesign, and according to them, it's very difficult to overstate just how massive the undertaking really was.

It's unlikely said redesign will be undone on a massive, regional scale, but at the local level, I can foresee countless pro-car infrastructure and landscaping changes being undone because it's simply not needed anymore. For instance, many towns in my area - including my own - used to have a waterway (like so) running alongside their Main Street (generally 'Dorpsstraat' in Dutch), but in order for a Main Street to be ready for cars, people had to walk elsewhere; the waterways were often filled up and turned into footpaths or sidewalks, so cars could drive on Main Street.

Over the coming decades, I can definitely see such changes being undone in certain places - especially more tourist-oriented towns such as my own. With fewer and fewer cars on the roads, we can start giving space back to people, and while this may not be a big deal in a spacious country like the United States, it will be a revolution here in The Netherlands, the most densely populated western country (that isn't a city state), and in classic cities like, say, Rome or Amsterdam.

All I'm trying to say is that self-driving car technology will, inevitably, have side-effects that many people simply haven't even considered yet. All of us consider cars a normal aspect of our everyday lives and environment, to the point where we've forgotten just how much space we've conceded to the things. Once the dominance of cars starts to come down like a house of cards, our environment will, quite literally, change.

PowerShell is open sourced and is available on Linux

I am extremely excited to share that PowerShell is open sourced and available on Linux. (For those of you who need a refresher, PowerShell is a task-based command-line shell and scripting language built on the .NET Framework to help IT professionals control and automate the administration of the Windows, and now Linux, operating systems and the applications that run on them.) I’m going to share a bit more about our journey getting here, and will tell you how Microsoft Operations Management Suite can enhance the PowerShell experience.

A history of Palm

Three years ago (has it really been that long?), I published a quite detailed (and at times, mildly emotional) retrospective article on the history of Palm and the Palm OS, which I still think is a pretty decent read. For a different perspective on the matter, there's now an excellent article series at LowEndMac.

Palm Computing was largely the creation and vision of one man, Jeff Hawkins. Palm first brought tablet computing to consumers in the form of PDAs (but was beaten by Apple and its scions). The later - and more momentous - goal was to bring consumers to PDAs through simple and very fast user interfaces. This second goal brought us the original Pilot and an entirely new form-factor that millions embraced.

It was only until the introduction of multimedia-rich smartphones that Palm stumbled, though it was one of the leading manufacturers.

An excellent different and detailed perspective on the history of Palm.

Google is seeking thick Scottish accents

In light of our discussion a week ago about how computers have trouble with non-standard dialects and accents, it's interesting to note that according to Quartz, Google is recruiting Scottish people - through a third party company called Appen - to record their own voice.

The tech giant is on the hunt for people with a Scottish accent to record a set of phrases to help improve its speech recognition software. An employee from speech technology company Appen - which has been contracted by Google - started the search by posting on Reddit, in hopes of finding Scots who will record their voices in return for £27 ($36). The task, which takes up to three hours, involves participants recording phrases such as "Indy now" or "Google, what’s the time?"

That's one way of doing it, I guess - but I just don't see how this will make any meaningful dent in broader terms. Getting relatively standard Google Now commands to better recognise people with Scottish accents is very welcome for our friends in the beautiful country of Scotland, but I don't think this will scale very well beyond a limited set of standard Google Now commands (I didn't call Siri and Google Now "slow and cumbersome command line interfaces" for nothing), let alone other English accents and dialects or those of other languages.

Unless, perhaps, Google is planning on doing this for numerous dialects and languages, at which point I wish them good luck - they might be done with English by the time the sun explodes.

Windows 10 Anniversary Update for phones released

The Windows 10 Anniversary Update has begun rolling out for Windows 10 Mobile. The Anniversary Update includes additional features and improvements for your Windows 10 phone. To manually check for the update, on Start, swipe over to the All apps list, then select Settings > Update & security > Phone update > Check for updates. Note that availability may vary by manufacturer, model, country or region, mobile operator or service provider, hardware limitations and other factors.

In other words, it'll be a crapshoot if and when Windows Phone users actually get the update. Not that it matters - most Windows Phone users have already had to move to different platforms due to Microsoft's horrid mismanagement of an otherwise incredibly promising operating system.

Intel will start building ARM-based smartphone chips

Intel has entered into a new licensing agreement with competitor ARM to produce ARM-based chips in Intel factories. The deal, announced today at the Intel Developer Forum, is a strategic move from the Santa Clara, CA company to offer its large-scale custom chip manufacturing facilities, which include 10-nanometer production lines, to third-parties, including those using its rival's technology.

I have a ton of Intel ARM devices already. Perhaps Intel could call these new chips "XScale". Just thought that up. I'm kind of proud of it.