David Adams Archive

K2: an operating system for energy-efficient, mobile system-on-chip

K2 is an academic project OS developed out of the Rice University Efficient Computing Group. Its stated purpose is: “Modern mobile System-on-chip(SoC) often embraces heterogeneous cores that are hosted in separate coherence domains, i.e. no hardware coherence among them. This architecture promises high energy efficiency, however complicates software development, thus preventing the energy efficiency from being harvested by software.” Learn more here.

EmuTOS: a Free operating system for Atari computers

EmuTOS is designed to run on traditional Atari hardware (ST, TT, Falcon, based on Motorola 68000  or ColdFire microprocessors) and their emulators. It features functionality similar to TOS, which powered the Atari ST and its successors between 1985 and 1994. EmuTOS can run on real hardware, either as ROM replacement or from floppy, or on any Atari emulator such as ARAnyM, Hatari, or Steem SSE. EmuTOS is Free Software, and can run legacy third-party software on emulators without requiring copyrighted Atari ROMs, thereby avoiding legal issues.

Windows 10 marketshare finally surpassing Windows 7

Windows 7, released in July of 2009, was a gigantic leap forward in the evolution of the desktop OS. Good enough, it turns out, that a huge number of people and organizations are still using it, despite it being nearly ten years since its release. Back in February, Statscounter proclaimed that according to its analytics, Windows 10 had finally overtaken 7 in marketshare. But these kinds of measurements are never exact. They’re based on counting users that connect to various constellations of sites and services, so there’s going to be some variation depending on who’s counting.

What happened here?

Regular readers will have noticed that we’ve been offline for several days. As you can see, during that time, we’ve made some major changes to the site, and though the design has changed substantially, we’ve made even more dramatic changes in the back-end. We are now running our 6th major iteration of OSNews. It all was precipitated by messages from readers we’ve received over the past few weeks alerting us that they’ve been getting spam, phishing attempts, and some weak-sauce cyber-extortion emails at addresses that were unique to their OSNews accounts. Read on for more.

Deal Alert: Free download of iPhone data utility

One of the chief annoyances of Apple's closed ecosystem is the limited ability to move files to and from your device using iTunes. Utilities that open up file management have been available for ages, but generally cost money, so stingy people like me just make do with iTunes. To commemorate the iPhone 10 year anniversary, MacX is offering OSNews readers a free license to their MediaTrans tool (in exchange for your email address). It's good for moving files of various types, backup, and removing media DRM. If any OSNews readers can recommend other options for working around Apple's restrictions and managing files on their iOS devices, I'd love to read about them in the comments.

Zuckerberg hopes to show off his Jarvis-like home AI next month

Facebook CEO Mark Zuckerberg is living at least a few years out ahead of anyone reading this post -- the founding executive told an audience in Rome (via Verge) today that he hopes to demonstrate his home’s artificial intelligence system, which controls things like air conditioning, lighting and more based on things like face and voice recognition.

The TechCrunch article is light on detail, but this project may be more interesting than it sounds at first blush. Zuckerberg isn't the first tech billionaire to sink a bunch of money into a fancy home automation project. Bill Gates famously did the same a couple of decades ago. High end homes all over the world have fancy and expensive home control systems, that provide their rich owners with frustration and hassle and absolutely confound houseguests. But these days, for a few hundred dollars, anyone can buy an Amazon Echo, any one of half a dozen automation hubs, and various switches, thermostats, and lightbulbs, and create a pretty nifty and convenient voice controlled home automation and entertainment system. Someone with the vision and the development budget that Mark Zuckerberg has at his disposal should be able, with readily available, inexpensive hardware, create something pretty amazing.

Apple event scheduled for September 7

It's pretty much a given that the primary announcement will be the iPhone 7, reportedly with no analog headphone jack, possibly no physical home button, and hopefully with 32 GB storage in the base configuration. According to the rumor mill, the primary technological advance for the new iPhone will be a new camera system. There's some speculation that a new Apple Watch will be announced, but in my opinion what the Apple watch needs most is better software (upcoming in the WatchOS 3 release). The Watch has been pretty satisfying as a gadget, but ultimately disappointing as a platform, and a new hardware version is unlikely to reverse that trend. Many Mac fans are hoping that a new Macbook Pro will be announced, but there doesn't seem to be any concrete evidence of that, other than the fact that it's been so long since the last real MPB redesign. The rumors are based, I suspect, on wishful thinking. However, if Apple releases an updated Macbook Pro with an OLED touchscreen and Intel Skylake, people would be lining up to buy them. Apple's custom is to make its primary OS announcements at WWDC and focus on new devices in the fall, but I'm sure we'll get a bit of an update on iOS 10 and possibly WatchOS3.

Linux Flaw Allows Attackers to Hijack Web Connections

Researchers discovered that a Transmission Control Protocol (TCP) specification implemented in Linux creates a vulnerability that can be exploited to terminate connections and conduct data injection attacks.

The flaw, tracked as CVE-2016-5696, is related to a feature described in RFC 5961, which should make it more difficult to launch off-path TCP spoofing attacks. The specification was formulated in 2010, but it has not been fully implemented in Windows, Mac OS X, and FreeBSD-based operating systems. However, the feature has been implemented in the Linux kernel since version 3.6, released in 2012.

A team of researchers from the University of California, Riverside and the U.S. Army Research Laboratory identified an attack method that allows a blind, off-path attacker to intercept TCP-based connections between two hosts on the Internet.

Researchers noted that data cannot be injected into HTTPS communications, but the connection can still be terminated using this method. One attack scenario described by the experts involves targeting Tor by disrupting connections between certain relays so that users are forced to use attacker-controlled exit relays.

How can journalists and activists (and regular folks) reduce their susceptibility to surveillance?

The recent news of a savvy UAE-based activist thwarting an attempt to compromise his iPhone raises the important issue of state-based surveillance actors and their private sector contractors having sophisticated and effective ways of intercepting communication and using their targets' own devices against them. One problem with modern mobile computing technology is that it's been built around expansive and convenient features, with security and privacy as an afterthought. On the same day I learned about the iPhone exploit, I happened to listen to a re-run of a 2014 Planet Money podcast in which an NPR journalist volunteered to fall victim to his unencrypted internet traffic being captured and analyzed by experts, and what they were able to learn about him, and specifically about the sources and topics of a story he was working on, was alarming.

As the podcast mentions, mobile OS vendors and online services are getting a lot better at encrypting traffic and obscuring metadata, and one of the primary reasons for this was Edward Snowden's revelations about the ubiquity and sophistication of the NSA's surveillance, and by extension, the dangers of surveillance from other state agencies, black hat hackers, and legions of scammers. The Snowden revelations hit Silicon Valley right in the pocketbook, so that did impel a vast new rollout of encryption and bug fixing, but there's still a long way to go.

As a way of both highlighting and trying to fix some of the inherent vulnerabilities of smartphones in particular, Ed Snowden teamed up with famed hardware hacker Bunny Huang have been working on a hardware tool, specifically, a mobile phone case, that monitors the radio signals from a device and reports to the user what's really being transmitted. They explain their project in a fascinating article at PubPub.

Mobile phones provide a wide attack surface, since their multitude of apps are sharing data with the network at all times, and even if the core data is encrypted, a lot can be gleaned from metadata and snippets of unencrypted data that leak through. Journalists and activists generally know this, and often use Airplane Mode when they're worried their location may be tracked. Problem is, when agencies are using spearphishing attacks to remotely jailbreak iPhones and install tracking software, and there are even fears that OS vendors themselves might be cooperating with authorities, Snowden and Huang set out to allow users to monitor their devices in a way that doesn't implicitly trust the device's user interface, which may be hiding the fact that it's transmitting data when it says it's not. The article goes into great detail about the options they considered, and the specific design they've worked down to, and it looks terrific.

Apple releases security patch after iPhone zero day exploit used on UAE political dissident

Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.

The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware. We are calling this exploit chain Trident. Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.

Indus OS, an Android distribution, has 5% of Indian mobile market

The average selling price of a smartphone in India is just $132, half that of China, so the market for low-end smartphones is brisk. On top of that, there are many languages spoken in india, and support for them in Google's Android and iOS is limited. This created an opening for an Indus OS, which has its own app store with 30,000 Android apps, most available in two or more local languages. Its installed based is currently around 4 million.

Getting started with Tails, the encrypted operating system

A step-by-step guide on how to download, install, and start using Tails, the world's most secure platform.

Tails, an encrypted and anonymous OS that bundles widely used open source privacy tools on a tiny device, is one of the most secure operating systems in the world. The Linux distribution rose to popularity when it was revealed Edward Snowden relied on Tails to secure his identity while sharing NSA secrets with journalists Glenn Greenwald and Laura Poitras. In the past half decade, Tails has been embraced as an essential security suite by journalists, hackers, and IT workers.

Latest beta update makes PS4 software feel more like a real OS

Unlike the last major update, which added support for remote streaming to Macs and PCs, the 4.00 firmware beta (codenamed Shingen) is mostly focused on tweaking the PS4’s user interface. One of the biggest changes is the ability to create folders to organize your games and apps, instead of relying purely on Sony’s existing organizational tools. Another is that instead of taking over the whole screen, the Share and Quick menus will open as windows that don’t entirely cover your current game or app, and you’ll be able to add and remove items from the Quick menu to customize it.

How Smartphones Will Become Unboring

The release of the iPhone SE is emblematic of the "boringness" of the smartphone landscape. For the last few years, the only thing exciting about new smartphone releases was that they kept getting bigger. Now the tide has turned. An article at the Atlantic makes an interesting parallel: the codex, or the innovation now known as "the book" hasn't seen many innovations in centuries, but that doesn't mean that books are boring. It just means that the innovation is at the edges. The article points at the release of the Caterpillar S60 smartphone, designed for industrial use and featuring a thermal imaging camera, as indicative of a new trend of specialization that might make the mobile computing market interesting as it extends into ever more narrow niches.