Keep OSNews alive by becoming a Patreon, by donating through Ko-Fi, or by buying merch!

Monthly Archive:: July 2014

Backdoors and surveillance mechanisms in iOS devices

Jonathan Zdziarski's paper about backdoors, attack points and surveillance mechanisms built into iOS is quite, quite interesting.

recent revelations exposed the use (or abuse) of operating system features in the surveillance of targeted individuals by the National Security Agency (NSA), of whom some subjects appear to be American citizens. This paper identifies the most probable techniques that were used, based on the descriptions provided by the media, and today’s possible techniques that could be exploited in the future, based on what may be back doors, bypass switches, general weaknesses, or surveillance mechanisms intended for enterprise use in current release versions of iOS. More importantly, I will identify several services and mechanisms that can be abused by a government agency or malicious party to extract intelligence on a subject, including services that may in fact be back doors introduced by the manufacturer. A number of techniques will also be examined in order to harden the operating system against attempted espionage, including counter-forensics techniques.

This paper is actually half a year old - give or take - but it's gotten a lot of attention recently due to, well, the fact that he has uploaded a PowerPoint from a talk about these matters, which is obviously a little bit more accessible than a proper scientific journal article.

For instance, despite Apple's claims of not being able to read your encrypted iMessages, there's this:

In October 2013, Quarkslab exposed design flaws in Apple's iMessage protocol demonstrating that Apple does, despite its vehement denial, have the technical capability to intercept private iMessage traffic if they so desired, or were coerced to under a court order. The iMessage protocol is touted to use end-to-end encryption, however Quarkslab revealed in their research that the asymmetric keys generated to perform this encryption are exchanged through key directory servers centrally managed by Apple, which allow for substitute keys to be injected to allow eavesdropping to be performed. Similarly, the group revealed that certificate pinning, a very common and easy-to-implement certificate chain security mechanism, was not implemented in iMessage, potentially allowing malicious parties to perform MiTM attacks against iMessage in the same fashion.

There are also several services in iOS that facilitate organisations like the NSA, yet these features have no reason to be there. They are not referenced by any (known) Apple software, do not require developer mode (so they're not debugging tools or anything), and are available on every single iOS device.

One example of these services is a packet sniffer, com.apple.pcapd, which "dumps network traffic and HTTP request/response data traveling into and out of the device" and "can be targeted via WiFi for remote monitoring". It runs on every iOS device. Then there's com.apple.mobile.file_relay, which "completely bypasses Apple’s backup encryption for end-user security", "has evolved considerably, even in iOS 7, to expose much personal data", and is "very intentionally placed and intended to dump data from the device by request".

This second one, especially, only gave relatively limited access in iOS 2.x, but in iOS 7 has grown to give access to pretty much everything, down to "a complete metadata disk sparseimage of the iOS file system, sans actual content", meaning time stamps, file names, names of all installed applications and their documents, configured email accounts, and lot more. As you can see, the exposed information goes quite deep.

Apple is a company that continuously claims it cares about security and your privacy, but yet they actively make it easy to get to all your personal data. There's a massive contradiction between Apple's marketing fluff on the one hand, and the reality of the access iOS provides to your personal data on the other - down to outright lies about Apple not being able to read your iMessages.

Those of us who aren't corporate cheerleaders are not surprised by this in the slightest - Apple, Microsoft, Google, they're all the same - but I still encounter people online every day who seem to believe the marketing nonsense Apple puts out. People, it doesn't get much clearer than this: Apple does not care about your privacy any more or less than its competitors.

Google tests new Chrome OS UI that’s more Android

Ars Technica reports about Project Athena:

Google-watchers may have already head about "Project Athena," a Chrome OS-related experiment of Google's that has appeared in the Chromium source code a few times in the past. Today we got our first official look at the new interface via Francois Beaufort, a Chrome enthusiast who was hired by Google last year after leaking several high-profile Chrome features.

It looks a heck of a lot like Material Design and Android L UI behaviour coming to Chrome OS. Fascinating to see where this is going, but one thing appears to be clear: in the tug of war between Chrome OS and Android, the latter has won.

Lenovo stops selling small Windows tablets due to lack of demand

Lenovo has stopped selling Windows tablets with screen sizes under 10 inches in the U.S. due to lack of interest.

Lenovo has stopped selling two small-screen Windows tablets with 8-inch screens: the ThinkPad 8, which was announced in January and a model of Miix 2, which started shipping in October last year.

This is not a quip, but an honest question: is the size qualifier here really necessary? I.e., do Windows tablets sell in any meaningful number at all, regardless of size? Windows laptops and desktops surely still sell well, but Windows tablets?

Like smartphones, I'm pretty sure this market is dominated by iOS and Android, and Lenovo throwing the towel in the ring here doesn't bode well for any possible third ecosystems - and that sucks.

Official guide detailing how to port Sailfish OS to Android devices

This is a guide to help you understand how you can port Sailfish OS to devices running the CyanogenMod flavour of Android.

By following this guide you can set up a Mer-core based Linux system that will run on an Android device, on top of the existing Android Hardware Adaptation kernel and drivers.

This is the official guide detailing how to port Sailfish OS to run on any Android device supported by CyanogenMod 10.x.

Microsoft kills Series 40, Asha

This news will probably fall through the cracks in most reporting about Microsoft's massive layoffs, but aside from the Nokia X, Microsoft is also killing off Series 40 and Asha.

Nokia might have been famous for its feature phones, but Microsoft is planning to wind that business down over the course of the next 18 months. In an internal memo sent to Microsoft employees, Jo Harlow, who heads up the phone business under Microsoft devices, reveals the focus is very much on Windows Phone. Development and investment for Asha, Series 40, and Nokia X handsets will shift to what is described as "maintenance mode," and services to support existing devices will be shut down over the next 18 months. "This means there will be no new features or updates to services on any mobile phones platform as a result of these plans," says Harlow, in the internal memo seen by The Verge.

The story of Series 40 started in 1999 with the iconic Nokia 7110, and it will now end with the Nokia Asha 210 (I think?), or the Nokia Asha 230 if you consider the Asha Software Platform to be Series 40 (nobody really seems to know for sure just how related the two are). In 2012 Nokia announced it had sold over 1.5 billion Series 40 devices, making it one of the most successful software platforms of all time.

It makes sense for Microsoft to kill these platforms. Windows Phone handles devices with lower specifications relatively well, something which the company will hopefully only improve. It does mean the end of an iconic operating system that is intrinsically tied to Nokia, a company who spread the mobile phone and its infrastructure to all four corners in the world, paving the way for pompous phone upstarts like Apple and Google.

One small tidbit I will always associate with Series 40 and Nokia are the signal reception and battery life bars flanking the sides of the early Series 40 user interface like the pillars of the Parthenon. Beautifully elegant and clever use of the limited screen real estate available at the time.

Microsoft announces massive layoffs, kills Nokia X phones

As expected, Microsoft's CEO Satya Nadella has just announced an absolutely massive amount of layoffs.

With this in mind, we will begin to reduce the size of our overall workforce by up to 18,000 jobs in the next year. Of that total, our work toward synergies and strategic alignment on Nokia Devices and Services is expected to account for about 12,500 jobs, comprising both professional and factory workers.

It's clear where the focus of the layoffs lies: Nokia Devices and Services. When Lumia sales couldn't keep up with the rest of the market or Nokia's collapsing Symbian sales, people stated "Nokia is fine!". When Microsoft had to bail out Nokia's devices division to make sure it wouldn't die or be sold off to a competitor, these same people maintained that "Nokia is fine!". Now that Microsoft will layoff half of the Nokia staff it acquired, I'm sure people will still maintain that "Nokia is just fine!".

Sarcasm aside, the fact that 66% of the layoffs will consist of former Nokia staff further confirms what I have been saying all along: Microsoft purchased Nokia's devices division to make sure that Nokia wouldn't go Android (Nokia X!), that Nokia wouldn't sell its troublesome devices division to a competitor, or, worse yet, that Nokia would eventually be forced to shut it down altogether. In short, Microsoft acquired Nokia's devices division to save Windows Phone. The evidence is out there for all to see, and denying this at this point borders on the pathetic.

Anywho, this is terrible news for all the people involved, but with this industry doing relatively well, I hope they will be able to find new jobs easily. There are quite a number of companies who would love to get their hands on Nokia talent, so let's all wish them the best of luck in the weeks and months ahead.

Not unsurprisingly, Nadella specifically announced the end of the Nokia X Android endeavour.

In addition, we plan to shift select Nokia X product designs to become Lumia products running Windows. This builds on our success in the affordable smartphone space and aligns with our focus on Windows Universal Apps.

Microsoft plans to continue selling and supporting existing Nokia X products, so if you've bought one you'll at least continue to get support. If you were thinking about buying one - I really, really wouldn't.

Google+ drops real name policy

We know you've been calling for this change for a while. We know that our names policy has been unclear, and this has led to some unnecessarily difficult experiences for some of our users. For this we apologize, and we hope that today's change is a step toward making Google+ the welcoming and inclusive place that we want it to be. Thank you for expressing your opinions so passionately, and thanks for continuing to make Google+ the thoughtful community that it is.

Good move, but Google+? Who cares about Google+?

KDE Plasma 5.0 released

KDE proudly announces the immediate availability of Plasma 5.0, providing a visually updated core desktop experience that is easy to use and familiar to the user. Plasma 5.0 introduces a new major version of KDE's workspace offering. The new Breeze artwork concept introduces cleaner visuals and improved readability. Central work-flows have been streamlined, while well-known overarching interaction patterns are left intact. Plasma 5.0 improves support for high-DPI displays and ships a converged shell, able to switch between user experiences for different target devices. Changes under the hood include the migration to a new, fully hardware-accelerated graphics stack centered around an OpenGL(ES) scenegraph. Plasma is built using Qt 5 and Frameworks 5.

This is a pretty major release, and while the cosmetic stuff isn't all cleaned up yet, I like the new design direction the team is taking - not a huge departure from what came before, but they seem to be making it look a little less... KDE-ish, if that makes any sense.

I'll be waiting on a few point releases, but I definitely want to try this out. I've always been a fan of KDE - stumbles notwithstanding - because it puts a lot of control in the user's hands to shape the user interface into what she wants. That's a very rare thing to come by these days, and we should cherish it.

Apple, IBM forge enterprise partnership

Apple and IBM have... Entered into a partnership.

The new IBM MobileFirst for iOS solutions will be built in an exclusive collaboration that draws on the distinct strengths of each company: IBM's big data and analytics capabilities, with the power of more than 100,000 IBM industry and domain consultants and software developers behind it, fused with Apple's legendary consumer experience, hardware and software integration and developer platform. The combination will create apps that can transform specific aspects of how businesses and employees work using iPhone and iPad, allowing companies to achieve new levels of efficiency, effectiveness and customer satisfaction - faster and easier than ever before.

This year marks the 30th anniversary of this, so maybe it's simply fitting. In any case, this stuff isn't exactly sexy, but it looks like a great partnership for both companies.

Windows Phone 8.1 released for Lumia devices

Starting today, the Lumia Windows Phone 8 smartphone family will receive the Lumia Cyan software, the new Windows Phone 8.1 update and Lumia features upgrade that will make your Lumia an even more personal, fun and indispensable part of your life.

Windows Phone 8.1 is a must-have - those of us who have been running the developer preview thing know that quite well. The update will come to Windows Phone 8 Lumia devices over the coming weeks in Microsoft's usual staggered rollout. I haven't seen any information yet regarding non-Microsoft Windows Phone devices.

Google getting ready to distribute Project Ara dev boards

Google's Project Ara is such a drastic departure from the hardware designs that make up mainstream smartphones that it's pretty impressive to see just how swiftly progress is moving forward on the effort. From the earliest announcement back in the fall of last year, we've moved on to developer conferences and the release of the Ara Module Developers Kit. Now it's nearly time for Ara's next phase to begin, as Google prepares to distribute the dev boards that will let hardware makers continue with work towards creating the modules that will go into Ara devices.

Will this project go anywhere? No idea. Will it change the smartphone world forever? Probably not. Is it awesome? Pretty much, yeah. Runaway success or no, I like this crazy idea.

Microsoft removes Google Search from new Lumias

Microsoft has disabled an option to set Google as the default search engine on its latest Lumia Windows Phones. The option is currently supported on the majority of Nokia's Lumia devices, thanks to an advanced setting in Internet Explorer on Windows Phone 8.0. Microsoft acquired Nokia’s phone business in April, and the company's first handsets, the Lumia 630 and Lumia 930, are shipping without the option on Windows Phone 8.1. Microsoft has never allowed Windows Phone users to alter the physical search button behavior, which defaults to Bing, but Internet Explorer users could enable the setting to use the address bar to search within Google instead of manually navigating to the search engine or using the Bing default.

Oh my god Microsoft give it up already.

Microsoft launches a price assault on Chromebooks

Microsoft has announced a pricing offensive versus Google's Chromebooks.

Microsoft is aiming straight for Google's Chromebooks this holiday season. At the company's partner conference today, Microsoft COO Kevin Turner revealed that HP is planning to release a $199 laptop running Windows for the holidays. Turner didn't provide specifications for HP's "Stream" device, but he did detail $249 laptop options from Acer and Toshiba. Acer's low-cost laptop will ship with a 15.6-inch screen and a 2.16GHz Intel Celeron processor, and Toshiba's includes a 11.6-inch display. It appears that Intel's Celeron chips will help Microsoft's PC partners push out cheaper devices in the race to the bottom.

Turner also revealed that HP is planning to release 7- and 8-inch versions of its new "Stream" PCs for $99 this holiday season, both running versions of Windows.

Any takers?

Pixar’s Ed Catmull central figure in the wage-fixing scandal

If you think only Apple, Google, Intel, and several other technology companies flagrantly broke the law by illegally robbing their employees of wages - think again. As it turns out, the digital animation industry - centering around Steve Jobs' Pixar, unsurprisingly - was just as bad.

Catmull's deposition and emails from the lawsuit confirm that he was instrumental in operating a secret wage-theft cartel that violated the Sherman Antitrust Act. But it's even worse than you think. The cartel orchestrated in large part by Catmull robbed potential wages and job opportunities from thousands of animation industry workers at other studios, including DreamWorks, Lucasfilm, Robert Zemeckis’ ImageMovers, the now-defunct Orphanage, and Walt Disney Animation Studios.

Pando Daily has the meat on this story (here and here).

The wage fixing scandal is way, way more sprawling than anyone could have originally anticipated. The sad thing is that the criminals behind this illegal behaviour - Steve Jobs, Tim Cook, Eric Schmidt, George Lucas, Ed Catmull, and many, many more - will never have to face any serious consequences for their crimes.

Samsung delays its first Tizen phone yet again

Samsung has delayed its first Tizen phone yet again (this one).

The official launch was to come at Thursday's event for Tizen developers in Moscow, complete with market-ready products. But, in an echo of Samsung's most recent failure to launch a Tizen smartphone - in Japan earlier this year - the launch was canceled just days earlier.

Samsung provided no concrete date for the rollout of the commercial version of the phone at the developer summit but said in a statement Thursday that "the smartphone will appear on the Russian market later, when we can offer our users a fullest portfolio of applications".

While few people will care about this delay, there is one small group to whom this will be devastating news.

In all seriousness, nobody - not even Samsung itself - sees Tizen as a serious option or competitor to Android, and this news only serves to make that even clearer. Certain people keep trying to posit Tizen as some sort of huge threat to Android or as a sign that Samsung is seriously considering dumping Android (presumably thereby crippling Android and Google), but anyone with even the remotest bit of sense realises this makes about as much sense as a software patent.

No amount of wishful thinking is going to make Tizen happen.

Xplain: explaining X for the rest of us

However, I still field plenty of questions from lots of people about this, and a lot of the time, it's extremely simple stuff: "What is X?" "How does it interact with my graphics card and mouse/keyboard?" "What do apps use X for?" "What is Wayland, and how does it fit into the picture?" "What problems did X have that made us want to write new display server technologies?"

These sort of questions were what inspired me to write "The Linux Graphics Stack" in the first place, but there's really never been a comprehensive, historical writeup of our display server technologies in general. So, I chose to spend my free time at Red Hat writing it.

A very fun look at what X actually is - including embedded X server sessions running in your browser using HTML5 canvas. Fancy.

A closer look at the BlackBerry Passport’s keyboard

Great keyboards are in our DNA. With BlackBerry Passport, we set out to create a smartphone that would break some cherished rules in order to set a new bar for real productivity. In particular, BlackBerry Passport's keyboard will show there is an easier way to do more.

This is exactly the kind of stuff I want to see from BlackBerry: instead of trying to copy everyone else and build yet another black glass slab, they should build on their strength and go from there. The Passport looks to be exactly that. I have no idea if anyone cares or if it's too late, but I love this thing.

Apple, accessibility: pushing back against unacceptable realities

Accessibility is something that seldom gets the attention it deserves. Most of us go about our day without ever wondering how accessible an iPhone or iPad or Mac is to the blind or the deaf, to those with autism or motor disfunction, or how accessible the apps that run on them are. Yet there are people who do care deeply about accessibility. Those who need iPhones and iPads and Macs to be ever-more accessible, of course, and those working to make iPhone and iPads and Macs ever-more accessible. Among technology companies, Apple does a tremendous job not only implementing accessibility, but promoting it and prioritizing it as well. And it starts at the very top.

An area where Apple leads. It might not be an area that's considered very sexy or flashy, but it's hugely important for large numbers of people.

Satya Nadella’s letter to Microsoft employees

Microsoft CEO Satya Nadella has just published a letter to employees about... Uh, yeah, about what exactly?

The day I took on my new role I said that our industry does not respect tradition - it only respects innovation. I also said that in order to accelerate our innovation, we must rediscover our soul - our unique core. We must all understand and embrace what only Microsoft can contribute to the world and how we can once again change the world. I consider the job before us to be bolder and more ambitious than anything we have ever done.

I've read through the whole thing - twice - but I still have no idea what I'm supposed to take from this. There's nothing concrete, nothing we haven't heard before - it's so vague that I'm not really sure it even has a point to begin with. I think it's supposed to announce some sort of change in direction, but that's the problem - there isn't one.

Especially these two successive paragraphs are startling.

More recently, we have described ourselves as a "devices and services" company. While the devices and services description was helpful in starting our transformation, we now need to hone in on our unique strategy.

At our core, Microsoft is the productivity and platform company for the mobile-first and cloud-first world. We will reinvent productivity to empower every person and every organization on the planet to do more and achieve more.

What's the difference between "devices and services" and "mobile-first and cloud-first"?

That's the problem with vague, abstracted drivel from company executives. It's essentially homeopathic communication - so watered down it's essentially just water with zero medicinal effects.