Monthly Archive:: August 2016

Genode 16.08 brings interactive and dynamic workloads to seL4

OS News 25 Comments

With the just released version 16.08, Genode makes the entirety of the framework's drivers, protocol stacks, and libraries available on the seL4 kernel. Thereby, the vision of a real general-purpose OS built upon a formally verified kernel suddenly becomes a tangible mission. Further highlights of the new version are the use of the framework to run VirtualBox 4 on the Muen separation kernel, an experimental version of VirtualBox 5 on top of the NOVA kernel, the added support for virtual networking and TOR, profound Zynq board support, and new tools for statistical profiling.

The seL4 kernel is universally regarded as the world's most advanced open-source microkernel - not by technical merits alone but by the fact that the kernel is accompanied by formal proofs of its correctness. However, to achieve this high level of assurance, the kernel's responsibilities had to be reduced to an extreme that goes even beyond traditional microkernels. In particular, the kernel leaves the problem of managing kernel memory to be solved at the user level. The problem still exists but it isn't considered the kernel's problem anymore. Consequently, this kernel design makes the creation of a scalable user land extremely challenging. For this reason, most use cases of seL4 remain solely static in nature, or combine static components with virtualization. The real potential of seL4 to scale towards dynamic systems remained untapped so far. Here is where Genode comes into play. Genode is designed as a dynamic user land for microkernels, which addresses the management of memory at the user-level via a unique resource-trading concept. It turns out that this concept is a suitable answer to the kernel-management problem posed by seL4. By completing the implementation of the framework's base mechanisms for this kernel, literally hundreds of existing Genode components become readily available to the seL4 community.

The Muen separation kernel is another take on the use of formal methods for assuring the absence of bugs in an OS kernel. In contrast to seL4, Muen applies different technologies (Ada/SPARK) and addresses static partitioned systems. A natural use case is the co-hosting of virtual machines. In a multi-level scenario, each virtual machine hosts a guest OS for editing documents at one security level. The separation kernel enforces the information-flow policy between the virtual machines. In such scenarios, the predominant guest OS is MS Windows. Consequently, Muen had to support the virtualization of such commodity OSes. Genode already solved this problem for another microkernel by making VirtualBox available on top of NOVA. So the idea was born to leverage Genode's version of VirtualBox on top of Muen - essentially using Genode as a runtime environment for VirtualBox. As crazy as it sounds - it works! The release documentation has a dedicated section that tells the full story. Speaking of VirtualBox, the ability to run VirtualBox directly on a microkernel is certainly a key feature of Genode. With Genode 16.08, a first version of VirtualBox 5 becomes available on the NOVA kernel.

The anecdotes above highlight the benefits of Genode's cross-kernel portability. The new version pushes this idea even further by attaining binary compatibility across all the supported kernels for a given CPU architecture. In fact, compiled once, an ELF binary of a regular component can be natively executed on kernels as different as seL4 and Linux as long as the component does not rely on a special feature of a particular kernel.

At a higher level, the current release extends the framework's library of ready-to-use building blocks in several areas. Most prominently, there are new network-related components for routing traffic, using TOR, and for distributing Genode over the network. Other added components are concerned with improving the use of Genode as a general-purpose OS, or to aid the optimization of components by the means of statistical profiling. Version 16.08 is further complemented with added board support for devices based on Xilinx Zynq, including drivers for GPIO, video DMA, SD cards, and I2C.

These and many more topics are covered in detail by the release documentation of version 16.08.

Read More

Rewriting the tablet

Hardware 12 Comments

But now, seven years later, Lenovo is introducing a new take on the tablet computer. No, Lenovo didn't make a Courier, but its new Yoga Book might inspire the same reactions. It's about the size and shape of a hardcover children's book, has two panels attached by a hinge, and can be used with your fingers or with its included pen. It even does some tricks with the pen that we've never seen before, like letting you write with real ink and have it all digitized. Lenovo didn't set out to build just another tablet with the Yoga Book - it wanted to make something that was better for getting work done than what is already out there.

But in the process, it made a computer that's both futuristic and relatable at the same time, just like the original Courier concept. I wanted to use the Yoga Book from the first time I laid eyes on it, and if you're anything like me, you will, too. And unlike the Courier, you will actually be able to buy the Yoga Book.

I have no idea how practical and usable the device will be, but I have to admit it looks really nice and futuristic, without being over the top. I'm definitely going to play with both the Android and Windows versions, because at €499, this isn't expensive.

Read More

Slow updates are hurting Android as an app platform

Android 15 Comments

Here's a simple truth we all probably know in the back of our minds - you don't need to get a new version of Android because not much will seem different. The home screen or app drawer may have a tweak or two, and there will be one feature we would like to have, but the apps we use are going to look and function the exact same. The things we do, like messaging or Facebook, won't use any of the new features developers have available for a while, and apps that do include the latest cool developer feature will be few and far between for quite a while.

That sucks.

Yeah. That really sucks. But there's nothing most of us can do about it since we're not building phone operating systems or apps ourselves. And we can't get mad at the developers who make the apps, because of another simple truth: phones not getting fast updates are hurting the Android platform.

Google doesn't care.

Read More

EU: Ireland gave illegal tax benefits to Apple worth up to €13 billion

Apple 70 Comments

The European Commission has concluded that Ireland granted undue tax benefits of up to €13 billion to Apple. This is illegal under EU state aid rules, because it allowed Apple to pay substantially less tax than other businesses. Ireland must now recover the illegal aid.

That sound you hear? That's the sound of a house of cards tumbling down.

There's quite a lot of misinformation on the web about this whole thing. First and foremost, the crux of the matter here is that it's the EU's job to protect the internal market, and to ensure that there's a level playing field between its various member states, and it does this through a number of regulations, laws, and codes that member states must adhere to. Whether you, personally, agree with this goal or not is irrelevant; Ireland is part of the EU single market and signed the dotted line - and this comes with the responsibility of implementing, adhering to, and upholding said regulations, laws, and codes.

Second, the EU claims that the special deals the Irish government gave to Apple are a form of illegal state aid; something many other companies have been fined and punished for as well. It's just that with a company the size of Apple, and the extensiveness of the tax-lowering deal Ireland gave to Apple, the illegal state aid easily reaches monstrous proportions.

Third, this isn't some EU manhunt or vendetta specifically targeting American companies; European companies have been fined time and time again for shady practices as well. And, just to be pedantic - technically speaking, Apple itself (the American company) isn't paying these taxes; various European shell companies owned and created by Apple are.

Fourth, there's a distinct and clear public opinion in Europe - and in the US as well, see e.g. the rise and popularity of Bernie Sanders - that seemingly, laws do not seem to apply to the extremely rich and wealthy. The EU and various member state governments - including my own - are starting to adapt to public opinion, taking concrete steps to end these shady tax deals and tax avoidance schemes that allow large, wealthy companies to pay effectively little to no taxes, while us 'normal' people and small business owners pay our fair share.

The main sticking point here is that the EU wants to makes sure that merely being rich and large should not give a company undue benefits that competitors simply cannot compete against. Proper capitalism only works when there's a level playing field where competition is based on merit, and not on who can dangle the biggest sack of money in front of the Irish or Dutch governments.

Apple, in response, published a deeply American (i.e., overtly sappy tugging-at-the-heartstrings nonsense) and cringe-inducing open letter to European consumers, and, of course, the ruling will be appealed. I can't wait until Apple is brought to its knees and forced to pay the taxes it owes for participating in the EU single market and the use of our infrastructure.

Google, Amazon, Starbucks, and everyone else, wherever from - you're next.

Read More

more, less, and a story of typical Unix fossilization

Unix 20 Comments

In a sane world, Unix vendors would have either replaced their version of more with the clearly superior less or at least updated their version of more to the 4.3 BSD version. Maybe less wouldn't have replaced more immediately, but certainly over say the next five years, when it kept on being better and most people kept preferring it when they had a choice. This would have been Unix evolving to pick a better alternative. In this world, basically neither happened. Unix fossilized around more; no one was willing to outright replace more and even updating it to the 4.3 BSD version was a slow thing (which of course drove more and more people to less). Eventually the Single Unix Specification came along and standardized more with more features than it originally had but still with a subset of less's features (which had kept growing).

This entire history has led to a series of vaguely absurd outcomes on various modern Unixes.

Read More

Zuckerberg hopes to show off his Jarvis-like home AI next month

OS News 8 Comments

Facebook CEO Mark Zuckerberg is living at least a few years out ahead of anyone reading this post -- the founding executive told an audience in Rome (via Verge) today that he hopes to demonstrate his home’s artificial intelligence system, which controls things like air conditioning, lighting and more based on things like face and voice recognition.

The TechCrunch article is light on detail, but this project may be more interesting than it sounds at first blush. Zuckerberg isn't the first tech billionaire to sink a bunch of money into a fancy home automation project. Bill Gates famously did the same a couple of decades ago. High end homes all over the world have fancy and expensive home control systems, that provide their rich owners with frustration and hassle and absolutely confound houseguests. But these days, for a few hundred dollars, anyone can buy an Amazon Echo, any one of half a dozen automation hubs, and various switches, thermostats, and lightbulbs, and create a pretty nifty and convenient voice controlled home automation and entertainment system. Someone with the vision and the development budget that Mark Zuckerberg has at his disposal should be able, with readily available, inexpensive hardware, create something pretty amazing.

Read More

Ode to ASCII games

  Submitted by Bryan Vermotte Games 6 Comments
Computing old timers remember a world where computer games were decidedly lo fi. Linux Links has a list of the 21 best open source ASCII games, with screenshots and descriptions, for your nostalgic pleasure.
Read More

Apple event scheduled for September 7

Apple 18 Comments
It's pretty much a given that the primary announcement will be the iPhone 7, reportedly with no analog headphone jack, possibly no physical home button, and hopefully with 32 GB storage in the base configuration. According to the rumor mill, the primary technological advance for the new iPhone will be a new camera system. There's some speculation that a new Apple Watch will be announced, but in my opinion what the Apple watch needs most is better software (upcoming in the WatchOS 3 release). The Watch has been pretty satisfying as a gadget, but ultimately disappointing as a platform, and a new hardware version is unlikely to reverse that trend. Many Mac fans are hoping that a new Macbook Pro will be announced, but there doesn't seem to be any concrete evidence of that, other than the fact that it's been so long since the last real MPB redesign. The rumors are based, I suspect, on wishful thinking. However, if Apple releases an updated Macbook Pro with an OLED touchscreen and Intel Skylake, people would be lining up to buy them. Apple's custom is to make its primary OS announcements at WWDC and focus on new devices in the fall, but I'm sure we'll get a bit of an update on iOS 10 and possibly WatchOS3.
Read More

Linux Flaw Allows Attackers to Hijack Web Connections

  Submitted by Alfman Privacy, Security 24 Comments

Researchers discovered that a Transmission Control Protocol (TCP) specification implemented in Linux creates a vulnerability that can be exploited to terminate connections and conduct data injection attacks.

The flaw, tracked as CVE-2016-5696, is related to a feature described in RFC 5961, which should make it more difficult to launch off-path TCP spoofing attacks. The specification was formulated in 2010, but it has not been fully implemented in Windows, Mac OS X, and FreeBSD-based operating systems. However, the feature has been implemented in the Linux kernel since version 3.6, released in 2012.

A team of researchers from the University of California, Riverside and the U.S. Army Research Laboratory identified an attack method that allows a blind, off-path attacker to intercept TCP-based connections between two hosts on the Internet.

Researchers noted that data cannot be injected into HTTPS communications, but the connection can still be terminated using this method. One attack scenario described by the experts involves targeting Tor by disrupting connections between certain relays so that users are forced to use attacker-controlled exit relays.

Read More

How can journalists and activists (and regular folks) reduce their susceptibility to surveillance?

Privacy, Security 19 Comments
The recent news of a savvy UAE-based activist thwarting an attempt to compromise his iPhone raises the important issue of state-based surveillance actors and their private sector contractors having sophisticated and effective ways of intercepting communication and using their targets' own devices against them. One problem with modern mobile computing technology is that it's been built around expansive and convenient features, with security and privacy as an afterthought. On the same day I learned about the iPhone exploit, I happened to listen to a re-run of a 2014 Planet Money podcast in which an NPR journalist volunteered to fall victim to his unencrypted internet traffic being captured and analyzed by experts, and what they were able to learn about him, and specifically about the sources and topics of a story he was working on, was alarming.

As the podcast mentions, mobile OS vendors and online services are getting a lot better at encrypting traffic and obscuring metadata, and one of the primary reasons for this was Edward Snowden's revelations about the ubiquity and sophistication of the NSA's surveillance, and by extension, the dangers of surveillance from other state agencies, black hat hackers, and legions of scammers. The Snowden revelations hit Silicon Valley right in the pocketbook, so that did impel a vast new rollout of encryption and bug fixing, but there's still a long way to go.

As a way of both highlighting and trying to fix some of the inherent vulnerabilities of smartphones in particular, Ed Snowden teamed up with famed hardware hacker Bunny Huang have been working on a hardware tool, specifically, a mobile phone case, that monitors the radio signals from a device and reports to the user what's really being transmitted. They explain their project in a fascinating article at PubPub.

Mobile phones provide a wide attack surface, since their multitude of apps are sharing data with the network at all times, and even if the core data is encrypted, a lot can be gleaned from metadata and snippets of unencrypted data that leak through. Journalists and activists generally know this, and often use Airplane Mode when they're worried their location may be tracked. Problem is, when agencies are using spearphishing attacks to remotely jailbreak iPhones and install tracking software, and there are even fears that OS vendors themselves might be cooperating with authorities, Snowden and Huang set out to allow users to monitor their devices in a way that doesn't implicitly trust the device's user interface, which may be hiding the fact that it's transmitting data when it says it's not. The article goes into great detail about the options they considered, and the specific design they've worked down to, and it looks terrific.

Read More

Apple releases security patch after iPhone zero day exploit used on UAE political dissident

Privacy, Security 6 Comments

Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.

The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware. We are calling this exploit chain Trident. Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.

Read More

The GIF is dead – long live the GIF

Internet 44 Comments

Already more than a decade old and with roots reaching back half a decade before the World Wide Web itself, the GIF was showing its age. It offered support for a paltry 256 colors. Its animation capabilities were easily rivaled by a flipbook. It was markedly inferior to virtually every file format that had followed it. On top of that, there were the threats of litigation from parent companies and patent-holders which had been looming over GIF users for five long years before the fiery call to action. By Burn All GIFs Day, the GIF was wobbling on the precipice of destruction. Those who knew enough to care deeply about file formats and the future of the web were marching on the gates, armed with PNGs of torches and pitchforks.

And yet, somehow, here we are. Seventeen years later, the GIF not only isn't dead. It rules the web.

Sometimes, things just work - even if it sucks.

Read More

Android 7.0 Nougat review: do more on your gigantic smartphone

Android 17 Comments

Ars has an in-depth review of Android 7.0 Nougat, so sit back, relax, and have fun.

After a lengthy Developer Preview program starting in March, the final version of Android 7.0 (codenamed "Nougat") is finally launching today. The OS update will slowly begin to rollout to devices over the next few weeks. This year, Google is adding even more form factors to the world's most popular operating system. After tackling watches, phones, tablets, TVs, and cars, Nougat brings platform improvements aimed at virtual reality headsets and - with some help from Chrome OS - also targets laptops and desktops.

For Android's primary platform (still phones and tablets), there's a myriad of improvements. Nougat brings a new multitasking split screen mode, a redesigned notification panel, an adjustable UI scale, and fresh emoji. Nougat also sports numerous under-the-hood improvements, like changes to the Android Runtime, updates to the battery saving "Doze" mode, and developer goodies like Vulkan and Java 8 support.

Read More

Android 7.0 Nougat released for some Nexus device owners

Android 40 Comments

It's Android 7.0 Nougat day! Well, for the owners of a small number of Nexus devices, and even then, of a small subset of them, because of the staged rollout - well, for them, it's Android 7.0 Nougat day! If you have a Nexus 6, Nexus 5X, Nexus 6P, Nexus 9, Nexus Player, Pixel C or General Mobile 4G (Android One), you can try checking for updates starting today. Alternatively, you can manually install a factory image once they become available.

Since Nougat's been out as a developer preview for a while - I've been running it on my 6P for months - I doubt any of you will be surprised by what Nougat brings to the table. It's a relatively small release compared to some other Android releases, but it still brings a number of interesting refinements and new features - the biggest of which is probably the new multiwindow feature.

The Verge's got a review up, and mentions some of the less obvious features that I think are quite important:

A lot of what's new in Nougat are features you can't really see. I'm talking about deeply nerdy (but important) stuff like a JIT compiler for ART apps and support for the Vulkan API for 3D graphics. The former should provide some performance gains while the latter will help Android games look way better. Google also fixed up the way Android handles media so that it's more secure, added file-based encryption, and added some features for enterprise users.

Another important feature laying groundwork for the future: seamless updates. Starting with Nougat, Android will use two separate partitions so updates can be installed and applied in the background, so that the next time you reboot, it's ready to go.

As always - no idea when any of you will get to use Nougat, but it's out there now.

Read More

Self-driving car technology will change more than your car

In the News 47 Comments

Starting later this month, Uber will allow customers in downtown Pittsburgh to summon self-driving cars from their phones, crossing an important milestone that no automotive or technology company has yet achieved. Google, widely regarded as the leader in the field, has been testing its fleet for several years, and Tesla Motors offers Autopilot, essentially a souped-up cruise control that drives the car on the highway. Earlier this week, Ford announced plans for an autonomous ride-sharing service. But none of these companies has yet brought a self-driving car-sharing service to market.

Uber's Pittsburgh fleet, which will be supervised by humans in the driver's seat for the time being, consists of specially modified Volvo XC90 sport-utility vehicles outfitted with dozens of sensors that use cameras, lasers, radar, and GPS receivers. Volvo Cars has so far delivered a handful of vehicles out of a total of 100 due by the end of the year. The two companies signed a pact earlier this year to spend $300 million to develop a fully autonomous car that will be ready for the road by 2021.

The robotisation of transportation - personal, professional, commercial, and industrial - will be one of the most far-reaching and uprooting developments in recent human history. Transportation is a relatively large part of the workforce, and over the coming decades, many of those jobs will disappear - putting a huge strain on the economy and society.

On top of that, car ownership will start to slow down, and since automated cars will make more efficient use of available road surface, we'll eventually get to the point where we need to rethink our entire infrastructure and the way we design our living space - only 60-70 years after the last time we completely rethought our living space.

We've talked about this before, but The Netherlands completely redesigned (at least the western half of) the country for two things: one, to maximise agricultural production, and two, to prepare the environment for mass car ownership. We succeeded at the former (The Netherlands is the second largest exporter of agricultural products, after the US, but before Germany - despite our tiny surface area), but we only partially succeeded at the latter (traffic jams are a huge problem all over the country).

As an aside: when I say "redesigned the country", I literally mean that the entire map was redrawn. This map should illustrate really well what the Dutch government, the agricultural sector, and industry agreed upon to do; the 'messy' part is the swampy, irregularly shaped way it used to look, while the straight and clean part is what they turned it into. Gone are the irregularly shaped, inefficient patches of farmland only navigable on foot and in boats, and in their place we got large, patches of land, easily reachable by newly drawn roads to make way for cars and trucks (still countless waterways though; they are crucial for making sure the entire western half of the country doesn't flood).

My parents and grandparents lived through this massive redesign, and according to them, it's very difficult to overstate just how massive the undertaking really was.

It's unlikely said redesign will be undone on a massive, regional scale, but at the local level, I can foresee countless pro-car infrastructure and landscaping changes being undone because it's simply not needed anymore. For instance, many towns in my area - including my own - used to have a waterway (like so) running alongside their Main Street (generally 'Dorpsstraat' in Dutch), but in order for a Main Street to be ready for cars, people had to walk elsewhere; the waterways were often filled up and turned into footpaths or sidewalks, so cars could drive on Main Street.

Over the coming decades, I can definitely see such changes being undone in certain places - especially more tourist-oriented towns such as my own. With fewer and fewer cars on the roads, we can start giving space back to people, and while this may not be a big deal in a spacious country like the United States, it will be a revolution here in The Netherlands, the most densely populated western country (that isn't a city state), and in classic cities like, say, Rome or Amsterdam.

All I'm trying to say is that self-driving car technology will, inevitably, have side-effects that many people simply haven't even considered yet. All of us consider cars a normal aspect of our everyday lives and environment, to the point where we've forgotten just how much space we've conceded to the things. Once the dominance of cars starts to come down like a house of cards, our environment will, quite literally, change.

Read More

PowerShell is open sourced and is available on Linux

Microsoft 39 Comments

I am extremely excited to share that PowerShell is open sourced and available on Linux. (For those of you who need a refresher, PowerShell is a task-based command-line shell and scripting language built on the .NET Framework to help IT professionals control and automate the administration of the Windows, and now Linux, operating systems and the applications that run on them.) I’m going to share a bit more about our journey getting here, and will tell you how Microsoft Operations Management Suite can enhance the PowerShell experience.

Read More