Monthly Archive:: February 2019
GUIs are bloatware. I’ve said it before. However, rather than just complaining about IDEs I’d like to provide an understandable guide to a much better alternative: the terminal. IDE stands for Integrated Development Environment. This might be an accurate term, but when it comes to a real integrated development environment, the terminal is a lot better. In this post, I’ll walk you through everything you need to start making your terminal a complete development environment: how to edit text efficiently, configure its appearance, run and combine a myriad of programs, and dynamically create, resize and close tabs and windows. I don’t agree with the initial premise, but an interesting article nonetheless.
The only place in San Francisco still pricing real estate like it’s the 1980s is the city assessor’s office. Its property tax system dates back to the dawn of the floppy disk. City employees appraising the market work with software that runs on a dead programming language and can’t be used with a mouse. Assessors are prone to make mistakes when using the vintage software because it can’t display all the basic information for a given property on one screen. The staffers have to open and exit several menus to input stuff as simple as addresses. To put it mildly, the setup “doesn’t reflect business needs now,” says the city’s assessor, Carmen Chu. San Francisco rarely conjures images of creaky, decades-old technology, but that’s what’s running a key swath of its government, as well as those of cities across the U.S. Politicians can often score relatively easy wins with constituents by borrowing money to pay for new roads and bridges, but the digital equivalents of such infrastructure projects generally don’t draw the same enthusiasm. “Modernizing technology is not a top issue that typically comes to mind when you talk to taxpayers and constituents on the street,” Chu says. It took her office almost four years to secure $36 million for updated assessors’ hardware and software that can, among other things, give priority to cases in which delays may prove costly. The design requirements are due to be finalized this summer. This is a problem all over the world, and it’s more difficult than one might think to replace such outdated systems. Existing data has to be transferred, a new system has to be designed, staff has to be retrained – and, of course, since it’s not a sexy subject politicians can flaunt, it has to be done with impossible budgets that inevitably balloon, often leading to doomed projects. It’s easy to laugh at these outdated systems still in use today, but often, replacing them simply isn’t an option.
The dominance of Chrome has a major detrimental effect on the Web as an open platform: developers are increasingly shunning other browsers in their testing and bug-fixing routines. If it works as intended on Chrome, it’s ready to ship. This in turn results in more users flocking to the browser as their favorite Web sites and apps no longer work elsewhere, making developers less likely to spend time testing on other browsers. A vicious cycle that, if not broken, will result in most other browsers disappearing in the oblivion of irrelevance. And that’s exactly how you suffocate the open Web. When it comes to promoting this mono-browser culture, Google is leading the pack. Poor quality assurance and questionable design choices are just the tip of the iceberg when you look at Google’s apps and services outside the Chrome ecosystem. Making matters worse, the blame often lands on other vendors for “holding back the Web”. The Web is Google’s turf as it stands now; you either do as they do, or you are called out for being a laggard. Without a healthy and balanced competition, any open platform will regress into some form of corporate control. For the Web, this means that its strongest selling points—freedom and universal accessibility—are eroded with every per-cent that Chrome gains in market share. This alone is cause for concern. But when we consider Google’s business model, the situation takes a scary turn. An excellent article on just how dangerous the Chrome monoculture has become to the open web. I switched away from everything Chrome recently, opting instead to use Firefox on my laptop, desktop, and mobile devices.
MWC Barcelona 2019 is well underway, and among the big companies such as Samsung, Huawei, LG, and Xiaomi are smaller start-ups. One of those start-ups is the UK-based F(x)tec, a company which intends to bring back well-loved features from the smartphones of old. The F(x)tec Pro 1 is their first device, and it features a sliding QWERTY keyboard inspired by the Nokia E7 and N950. I got to meet the team and get hands-on time with the device to gather my thoughts on it. Meet the F(x)tec Pro 1, a slider phone with a QWERTY keyboard that will launch in July. This Android device ticks so many boxes, yet it’s the price that has me concerned. The starting price of $649 isn’t actually that steep when compared to the devices Samsung and Apple put on the market, but for lower prices you can get comparable and better-specced phones from OnePlus or PocoPhone. I’m not sure if I’m comfortable spending that much money on an unproven company with possible update issues.
Huawei’s rotating chairman Guo Ping has gone on the offensive this week at Mobile World Congress, following continued pressure on US allies to drop the Chinese telecoms giant over national security fears. In a strident on-stage speech and a Financial Times editorial, Guo is escalating Huawei’s side of the story by explicitly calling out the NSA, which Edward Snowden has shown to have hacked Huawei in the past, while presenting his company as a more secure option for the rest of the world. “If the NSA wants to modify routers or switches in order to eavesdrop, a Chinese company will be unlikely to co-operate,” Guo says in the FT, citing a leaked NSA document that said the agency wanted “to make sure that we know how to exploit these products.” Guo argues that his company “hampers US efforts to spy on whomever it wants,” reiterating its position that “Huawei has not and will never plant backdoors.” This war of words and boycotts will continue for a long time to come, but Guo makes an interesting point here by highlighting the fact the NSA hacked Huawei devices and email accounts of Huawai executives. I personally do not believe that devices made in China for other brands – Apple, Google, whatever – are any safer from tampering than devices from a Chinese brand. These all get made in the same factories, and I can hardly fault the Chinese government for doing what all our western governments have been doing for decades as well. It’s not a pretty game, and in an ideal world none of it would be necessary, but we should not let blind nationalism get in the way of making sound decisions.
HyperCard is a new kind of application-a unique information environment for your Apple Macintosh computer. Use it to look for and store information-words, charts, pictures, digitized photographs-about any subject that suits you. Any piece of information in HyperCard can connect to any other piece of information, so you can find out what you want to know in as much or as little detail as you need. The original, complete manual for Apple’s HyperCard.
The Federal Trade Commission’s Bureau of Competition announced the creation of a task force dedicated to monitoring competition in U.S. technology markets, investigating any potential anticompetitive conduct in those markets, and taking enforcement actions when warranted. This is music to my ears, but only time will tell if this new task force has any teeth. The current US administration is held together by string and spit and barely able to even stumble out the door in the morning, so one has to wonder how effective any FTC actions can even be.
The boot process, in computer hardware, forms the foundation for the security of the rest of the system. Security, in this context, means a “defense in depth” approach, where each layer not only provides an additional barrier to attack, but also builds on the strength of the previous one. Attackers do know that if they can compromise the boot process, they can hide malicious software that will not be detected by the rest of the system. Unfortunately, most of the existing approaches to protect the boot process also conveniently (conveniently for the vendor, of course) remove your control over your own system. How? By using software signing keys that only let you run the boot software that the vendor approves on your hardware. Your only practical choices, under these systems, are either to run OSes that get approval from the vendor, or to disable boot security altogether. In Purism, we believe that you deserve security without sacrificing control or convenience: today we are happy to announce PureBoot, our collection of software and security measures designed for you to protect the boot process, while still holding all the keys. Good initiative.
USB 3.2, which doubles the maximum speed of a USB connection to 20Gb/s, is likely to materialize in systems later this year. In preparation for this, the USB-IF—the industry group that together develops the various USB specifications—has announced the branding and naming that the new revision is going to use, and… It’s awful. I won’t spoil it for you. It’s really, really bad.
Security researchers at the Network and Distributed Systems Security Symposium in San Diego are announcing the results of some fascinating research they’ve been working on. They “built a fake network card that is capable of interacting with the operating system in the same way as a real one” and discovered that Such ports offer very privileged, low-level, direct memory access (DMA), which gives peripherals much more privilege than regular USB devices. If no defences are used on the host, an attacker has unrestricted memory access, and can completely take control of a target computer: they can steal passwords, banking logins, encryption keys, browser sessions and private files, and they can also inject malicious software that can run anywhere in the system. Vendors have been gradually improving firmware and taking other steps to mitigate these vulnerabilities, but the same features that make Thunderbolt so useful also make them a much more serious attack vector than USB ever was. You may want to consider ways to disable your Thunderbolt drivers unless you can be sure that you can prevent physical access to your machine.
My software setup has been surprisingly constant over the last decade, after a few years of experimentation since I initially switched to Linux in 2006. It might be interesting to look back in another 10 years and see what changed. A quick overview of what’s running as I’m writing this post. A detailed overview of a terminal-oriented Linux software setup. There’s obviously countless setups like this, but this post is quite detailed and possibly contains some ideas for others.
As expected, Microsoft today launched HoloLens 2, the company’s second-generation augmented reality (AR) headset. The new hardware addresses what were probably the two biggest issues with the first-generation device: the narrow field of view, and the comfort when wearing the device. I’d love to experience AR and VR devices like these, but for now, I just can’t justify the investment. The killer app for home use seems to not have been invented yet, and I’d just end up with a fun gimmick that serves to entertain the odd guest a few times a year. I understand my own personal enjoyment is not exactly high on the list for the makes of these devices – they’re obviously more interested in professional use – but in order to build a sutainable, long-term business around AR and VR, they really ought to start thinking about reasons for ordinary consumers to start buying these.
The Opportunity Rover, also known as the Mars Exploration Rover B (or MER-1), has finally been declared at end of mission today after 5,352 Mars solar days when NASA was not successfully able to re-establish contact. It had been apparently knocked off-line by a dust storm and was unable to restart either due to power loss or some other catastrophic failure. Originally intended for a 90 Mars solar day mission, its mission became almost 60 times longer than anticipated and it traveled nearly 30 miles on the surface in total. Spirit, or MER-2, its sister unit, had previously reached end of mission in 2010. And why would we report that here? Because Opportunity and Spirit were both in fact powered by the POWER1, or more accurately a 20MHz BAE RAD6000, a radiation-hardened version of the original IBM RISC Single Chip CPU and the indirect ancestor of the PowerPC 601. There are a lot of POWER chips in space, both with the original RAD6000 and its successor the RAD750, a radiation-hardened version of the PowerPC G3. What an awesome little tidbit of information about these Mars rovers, which I’m assuming everybody holds in high regard as excellent examples of human ingenuety and engineering.
On Monday, Google and the FIDO Alliance announced that Android has added certified support for the FIDO2 standard, meaning the vast majority of devices running Android 7 or later will now be able to handle password-less logins in mobile browsers like Chrome. Android already offered secure FIDO login options for mobile apps, where you authenticate using a phone’s fingerprint scanner or with a hardware dongle like a YubiKey. But FIDO2 support will make it possible to use these easy authentication steps for web services in a mobile browser, instead of having the tedious task of typing in your password every time you want to log in to an account. Web developers can now design their sites to interact with Android’s FIDO2 management infrastructure. Good move.
Huawei Technologies Co. would deny any Chinese government request to open up “back doors” in foreign telecommunications networks because they aren’t legally obliged to do so, the company’s chairman says. Liang Hua, speaking to reporters in Toronto on Thursday, said the company had received an independent legal opinion about its obligations under Chinese law and said there is nothing forcing companies to create what he called “back doors” in networks. He said they’d never received any such request, but would refuse it if they did. At this point, it seems silly to assume such backdoors do not already exist in one form or another – if not at the device level, then at the network level. This isn’t merely a Chinese thing either; western governments are doing the same thing, draped in a democratic, legal veneer through secret FISA-like courts and similar constructions.
Late last year, Linux OEM System76 unveiled the Thelio, its custom Linux-focused workstation. The computer is now shipping to consumers, meaning the first reviews are starting to roll in. Leonora Tindall wrote up her experience with System76’s latest workstation, concluding: System76’s new “open hardware” desktop, is a small, beautiful, and powerful desktop computer that hits every high point anyone could have expected, faltering only in the inherent limitations of its small size. It’s pretty, it’s tiny, it’s fast, it’s well cooled, and the software support is top-tier. Despite being somewhat noisy and lacking front I/O, it’s certainly a good machine for any Linux user who can swallow the 18% – 22% upcharge for assembly and custom engineering. It must be difficult to sell highly customisable Linux workstations like these, since virtually anyone using Linux is most likely more than capable and willing to build their own computer. Still, I commend the effort, and it can serve as a halo product for System76’s Linux laptops, which probably cover a wider net of possible consumers.
We’re very grateful to this week’s (and our inaugural) sponsor: OPS is a new free open source tool that allows anyone including non-developers to run existing Linux applications as unikernels. Long predicted to be the next generation of cloud infrastructure, unikernels have remained inaccessible to developers because of their low level nature. OPS fixes that. Please visit their website to learn more: https://ops.city
Many years ago (in 2015), I told you about my Xbox 360 development kit, based on a Power Mac G5. And I finally managed to make it work. Let’s summarize the story. We are in 2003 and Microsoft plans to release its Xbox 360 console in 2005. It is based on a new PowerPC processor (the Xenon, derived from the Cell but that’s another story) and an AMD graphics card. And initially, to provide test machines to the developers, Microsoft has an issue: the processor does not exist yet. The solution, quite pragmatic, to solve the problem while waiting for the first prototypes of consoles consists in using the most common mainstream PowerPC platform: a Macintosh. These PowerMac G5s used by Microsoft for Xbos 360 development couldn’t really be used for anything but running Mac OS X, since the Xbox 360 development software and operating system had all been wiped. As luck would have it, though, this software was released on the internet last year, including the Xenon OS. It also includes an early version of the Xbox 360 dashboard. An absolutely fascinating piece of history.
Millions of smartphone users confess their most intimate secrets to apps, including when they want to work on their belly fat or the price of the house they checked out last weekend. Other apps know users’ body weight, blood pressure, menstrual cycles or pregnancy status. Unbeknown to most people, in many cases that data is being shared with someone else: Facebook. The social-media giant collects intensely personal information from many popular smartphone apps just seconds after users enter it, even if the user has no connection to Facebook, according to testing done by The Wall Street Journal. The apps often send the data without any prominent or specific disclosure, the testing showed. At this point, none of this should surprise anyone anymore. Still, this particular case involves applications without any Facebook logins or similar mechanisms, giving users zero indiciation that their data is being shared with Facebook. These developers are using Facebook analytics code inside their applications, which in turn collect and send the sensitive information to Facebook. Other than retreat to a deserted island – what can we even do?
Responding to a forum post on upcoming ARM server offerings, Linus Torvalds makes a compelling case for why Linux and x86 completely overwhelmed commercial Unix and RISC: Guys, do you really not understand why x86 took over the server market? It wasn’t just all price. It was literally this “develop at home” issue. Thousands of small companies ended up having random small internal workloads where it was easy to just get a random whitebox PC and run some silly small thing on it yourself. Then as the workload expanded, it became a “real server”. And then once that thing expanded, suddenly it made a whole lot of sense to let somebody else manage the hardware and hosting, and the cloud took over.
