Monthly Archive:: April 2019

A new report by Bloomberg claims that telecom giant Vodafone had found potential hidden backdoor vulnerabilities in Huawei equipment, but the claims have been refuted the carrier. The Bloomberg report makes claims that Vodafone Italy confirmed that they had found vulnerabilities as far back as 2009 in Huawei telecoms and internet equipment. Obviously Vodafone has a massive interest in denying these stories, and I find it suspicious that stories like this are almost always waved away with a we forgot to turn off/remove a diagnostic thing, oopsie!, but for us mere mortals it’s just impossible to get a good reading on this. I mean, it’s not as if we have much of a choice but to assume our carriers know what they’re doing. …wait.

In recent weeks, an Apple representative and a lobbyist for CompTIA, a trade organization that represents big tech companies, have been privately meeting with legislators in California to encourage them to kill legislation that would make it easier for consumers to repair their electronics, Motherboard has learned. According to two sources in the California State Assembly, the lobbyists have met with members of the Privacy and Consumer Protection Committee, which is set to hold a hearing on the bill Tuesday afternoon. The lobbyists brought an iPhone to the meetings and showed lawmakers and their legislative aides the internal components of the phone. The lobbyists said that if improperly disassembled, consumers who are trying to fix their own iPhone could hurt themselves by puncturing the lithium-ion battery, the sources, who Motherboard is not naming because they were not authorized to speak to the media, said. Apple employing the ever effective think of the children argument. In typical Apple-fashion, anti-consumer, scummy, and full of lies.

This blog post isn’t meant to be a definitive guide about Secure Boot in Debian. The idea is to give some context about the boot sequence on the PC architecture, about the Secure Boot technology, and about some implementation details in Debian. Exactly what it says on the tin – a detailed article about how Debian handles Secure Boot.

Prior to that epic event, however, there was another Amiga – a lesser-known member of the family most have never even heard of. Back in 1984/1985 Commodore created a few hundred “Development Edition” machines called the Amiga Development System. Sometimes, due to a very unique early design, they are also sometimes referred to as “Velvet” which was a name for a particular motherboard layout some had. Commodore sent these computers to companies around the world in the hopes they would decide to support the new platform in the form of creating software and tools. Thus, the Development System is a very unique machine most of which have been lost to the sands of time. Prior to this writing it was believed that only 5 Development Systems remained around the world. Assuming that’s true, there are now six. As indicated, this is an incredibly rare Amiga machine, so it’s probably the only time we ever get to see such a close and detailed look at it. The linked article contains a detailed video of the outside and inside of the machine as well.

As I mentioned, none of the native API of PalmOS 5.x was ever documented. There was a small number of people who figured out some parts of it, but nobody really got it all, or even close to it. To start with, because large parts are not useful to an app developer, and thus attracted no interest. This is a problem, however, if one wants to make a new device. So I had to actually do a lot of reverse engineering for this project – a lot of boring reverse engineering of very boring APIs that I still had to implement. Oh, and I needed a kernel, and actual hardware to run on. I’m in awe. This is nothing short of breathtaking.

The tech industry is feeling the pain of an unprecedented backlash over its business practices and broad impact on society, but original tech giant Microsoft has managed to stay mostly above the fray. It’s remarkably puzzling how nobody is really talking about Microsoft. The company is one of the largest companies in the world, incredibly powerful, and still has its tentacles all over the industry, and thus, all over society. They are just as (potentially) dangerous as any of the others.

Unikernels are small, specialized, single-address-space machine images constructedby treating component applications and drivers like libraries and compiling them, along with a kernel and a thin OS layer, into a single binary blob. Proponents of unikernels claim that their smaller codebase and lack of excess services make them more efficient and secure than full-OS virtual machines and containers. We surveyed two major unikernels, Rumprun and IncludeOS, and found that this was decidedly not the case: unikernels, which in many ways resemble embedded systems, appear to have a similarly minimal level of security. Features like ASLR, W^X, stack canaries, heap integrity checks and more are either completely absent or seriously flawed. If an application running on such a system contains a memory corruption vulnerability, it is often possible for attackers to gain code execution, even in cases where the application’s source and binary are unknown. Furthermore, because the application and the kernel run together as a single process, an attacker who compromises a unikernel can immediately exploit functionality that would require privilege escalation on a regular OS, e.g. arbitrary packet I/O. We demonstrate such attacks on both Rumprun and IncludeOS unikernels, and recommend measures to mitigate them. This is a 100+ page article – book? – that isn’t for the faint of heart.

In 2017, Microsoft officials provided a preview of two new features coming to Windows 10: Timeline and Sets. Timeline made it into Windows 10 as part of the April 2018 Update, but Sets didn’t. And it’s looking like it never will be included in Windows 10. My sources say Microsoft dropped plans for Sets, a Windows-management feature, which would have allowed users to group app data, websites and other information in tabs, months ago. Although Microsoft did test Sets last year with some of its Windows Insider testers, the feature generally wasn’t well received or understood. For apps like Office to work well with Sets, the Office engineering team was going to have to do a lot of extra work. Too bad, because this really looked like a useful feature to easily group related windows into single objects.

The fact is that democracy in the United States is now largely a secretive and privately-run affair conducted out of the public eye with little oversight. The corporations that run every aspect of American elections, from voter registration to casting and counting votes by machine, are subject to limited state and federal regulation. The companies are privately-owned and closely held, making information about ownership and financial stability difficult to obtain. The software source code and hardware design of their systems are kept as trade secrets and therefore difficult to study or investigate. It’s for this very reason that my own country – for now – of The Netherlands went back to pencil and paper voting with public manual counting by actual humans.

Because Red Dead Redemption 2 seems to offer to let you stop and smell the roses, but there are a thousand roses with five buttons to hit every time, and it won’t tell you that you were only supposed to smell the yellow roses until you’re finished with the task. It’s a game that constantly tries to explain a complicated approach to things that are simple in every other game I’ve played. Rockstar spent a surreal number of man-hours to get the light to glisten just so as it hits a realistically rendered horse scrotum, but it couldn’t figure out how to create equipment menus that I could understand after dozens of hours of practice. It’s a game that requires the self-punishing dedication of a hardcore gamer without actually being a hard game or giving me any sense of accomplishment. It’s a story. One whose writers ultimately knew what they wanted to say, but who also piled on so many of these same ideas over and over that it begins to feel meaningless. In short, it’s a game that wants to pull itself out of the tar pit with its face. This is probably one of the best – if not the best – reviews of a video game, or any other product for that matter, I’ve ever read. It is incredibly long, detailed, and manages to ask – and answer – a ton of very pertinent questions about not just Red Dead Redemption 2 itself, but the gaming industry as a whole. I’ve played Red Dead Redemption 2, and I consider it to be a bad game. The controls are a convoluted mess, the story lacks pacing and is all over the place, and the game forces so much pointless, meaningless, and repetitive busywork on the player I just got frustrated and bored. Parts of this particular review go into great detail regarding these matters, and it’s refreshing to see someone pay so much attention to these things other reviewers and players just ignore because shiny visuals. It’s a long read, and I’m sure many RDR2 fans and players will disagree, but don’t let that stop you from reading this.

Due to the awesome work by long-time developer waddlesplash, nightly images after hrev53079 have read/write NVMe support built-in. These devices now show up in /dev/disk/nvme/ and are fully useable by Haiku. I’ve personally tested my Samsung 950 Pro and seen raw read speeds up to 1.4GiB/s. Another important driver for Haiku to have, and with today’s modern laptops (and most desktops) all having NVMe support, pretty much a must-have.

Red Hat has taken control of two popular versions of the open source Java implementation, so developers can continue to build apps after Oracle’s support ends. A big deal to enterprise users and Minecraft players, but I can’t really muster any form of excitement over this. Then again, every bit less of Oracle in this world is good news.

Ubuntu 19.04 (Disco Dingo) has been officially released today. This Ubuntu version is supported until January 2020. For a longer supported release, use Ubuntu 18.04 LTS instead, which is supported until April 2023. The new Ubuntu 19.04 ships with Linux 5.0 and the latest stable GNOME 3.32, which includes significant performance improvements, experimental fractional scaling for HiDPI screens, and other updates.The new release also includes Tracker (file index and search) by default, allows users to install proprietary Nvidia drivers from the Ubuntu installer, and much more. I’m using the Kubuntu variant on my desktop, and it seems pretty solid so far. The Xubuntu variant has also seen considerable work.

The Verge has an article about a very unusual and rare Game Boy accessory. But the link cable was just the beginning of the Game Boy’s wild, bizarre experimentation with the future. In the late ‘90s, Japanese game company Hudson Soft eventually came up with a more radical idea to bring wireless connectivity to the handheld. It would use infrared — built directly into game cartridges. That way, you could transfer data between two games, or even download data from the internet, directly onto the game. And for some inexplicable reason lost to time, I convinced my parents to buy the one and only Game Boy Color game sold in North America to feature this technology. The system itself was called GB Kiss, named after the awkward physical dance two players would have to perform to bring the cartridges close enough to one another to initiate the infrared data transfer. For Hudson Soft, it was a remarkably ambitions idea, a leftover from its attempt nearly a decade prior to crack the home console market through its partnership with NEC Home Electronics on the TurboGrafX-16, a device that failed to gain traction but nonetheless spawned a dizzying number of wild accessories and mods. Few things fascinate me more than rare, unique, and obscure console accessories and expansions from the ’80s and ’90s, so this is right up my alley. I had no idea this ever existed.