Monthly Archive:: April 2019

Bloomberg says ‘hidden backdoors’ were found in Huawei equipment, Vodafone denies report

A new report by Bloomberg claims that telecom giant Vodafone had found potential hidden backdoor vulnerabilities in Huawei equipment, but the claims have been refuted the carrier. The Bloomberg report makes claims that Vodafone Italy confirmed that they had found vulnerabilities as far back as 2009 in Huawei telecoms and internet equipment. Obviously Vodafone has a massive interest in denying these stories, and I find it suspicious that stories like this are almost always waved away with a we forgot to turn off/remove a diagnostic thing, oopsie!, but for us mere mortals it’s just impossible to get a good reading on this. I mean, it’s not as if we have much of a choice but to assume our carriers know what they’re doing. …wait.

Apple is telling lawmakers people will hurt themselves if they try to fix iPhones

In recent weeks, an Apple representative and a lobbyist for CompTIA, a trade organization that represents big tech companies, have been privately meeting with legislators in California to encourage them to kill legislation that would make it easier for consumers to repair their electronics, Motherboard has learned. According to two sources in the California State Assembly, the lobbyists have met with members of the Privacy and Consumer Protection Committee, which is set to hold a hearing on the bill Tuesday afternoon. The lobbyists brought an iPhone to the meetings and showed lawmakers and their legislative aides the internal components of the phone. The lobbyists said that if improperly disassembled, consumers who are trying to fix their own iPhone could hurt themselves by puncturing the lithium-ion battery, the sources, who Motherboard is not naming because they were not authorized to speak to the media, said. Apple employing the ever effective think of the children argument. In typical Apple-fashion, anti-consumer, scummy, and full of lies.

Systems with small disks won’t be able to install Windows 10 May 2019 update

Previously, 32-bit Windows had a minimum storage requirement of 16GB, and 64-bit Windows needed 20GB. Both of these were extremely tight, leaving little breathing room for actual software, but technically this was enough space for everything to work. That minimum has now been bumped up: it’s 32GB for both 32- and 64-bit versions of Windows. Part of this growth may be due to a new behavior that Microsoft is introducing with version 1903. To ensure that future updates install without difficulty, 7GB of disk space are permanently reserved for the install process. While this will avoid out-of-disk errors when updating, it represents a substantial reduction in usable space on these low-storage systems. It’s remarkable just how much space a default Windows installation takes up – and it’s even worse just how hard it has become on Windows to even properly find out where all that space is going as your machine starts to rack up the months or even years of use. While other modern operating systems such as Linux or macOS may not be as bad as Windows, they, too are starting to treat disk space like a commodity, and they, too, can be difficult to manage.

An overview of Secure Boot in Debian

This blog post isn’t meant to be a definitive guide about Secure Boot in Debian. The idea is to give some context about the boot sequence on the PC architecture, about the Secure Boot technology, and about some implementation details in Debian. Exactly what it says on the tin – a detailed article about how Debian handles Secure Boot.

The Amiga before the Amiga: the Amiga Development System

Prior to that epic event, however, there was another Amiga – a lesser-known member of the family most have never even heard of. Back in 1984/1985 Commodore created a few hundred “Development Edition” machines called the Amiga Development System. Sometimes, due to a very unique early design, they are also sometimes referred to as “Velvet” which was a name for a particular motherboard layout some had. Commodore sent these computers to companies around the world in the hopes they would decide to support the new platform in the form of creating software and tools. Thus, the Development System is a very unique machine most of which have been lost to the sands of time. Prior to this writing it was believed that only 5 Development Systems remained around the world. Assuming that’s true, there are now six. As indicated, this is an incredibly rare Amiga machine, so it’s probably the only time we ever get to see such a close and detailed look at it. The linked article contains a detailed video of the outside and inside of the machine as well.

The future of Firefox for Android

A recently published support document highlights Mozilla’s plans for the current Firefox for Android and also Fenix. Mozilla’s main idea is to maintain the legacy version of Firefox for Android until Fenix reaches migration readiness status. Firefox users on Android should be able to use the legacy version until Fenix is ready while Mozilla wants to minimize support costs. Fenix currently does not support extensions just yet, so I’ll be staying on the regular Firefox for Android until that has been addressed.

rePalm

As I mentioned, none of the native API of PalmOS 5.x was ever documented. There was a small number of people who figured out some parts of it, but nobody really got it all, or even close to it. To start with, because large parts are not useful to an app developer, and thus attracted no interest. This is a problem, however, if one wants to make a new device. So I had to actually do a lot of reverse engineering for this project – a lot of boring reverse engineering of very boring APIs that I still had to implement. Oh, and I needed a kernel, and actual hardware to run on. I’m in awe. This is nothing short of breathtaking.

Microsoft is winning the techlash

The tech industry is feeling the pain of an unprecedented backlash over its business practices and broad impact on society, but original tech giant Microsoft has managed to stay mostly above the fray. It’s remarkably puzzling how nobody is really talking about Microsoft. The company is one of the largest companies in the world, incredibly powerful, and still has its tentacles all over the industry, and thus, all over society. They are just as (potentially) dangerous as any of the others.

Google is eating our email

So why am I writing all of this? Unfortunately, email is starting to become synonymous with Google’s mail, and Google’s machines have decided that mail from my server is simply not worth receiving. Being a good administrator and a well-behaved player on the network is no longer enough. This is already a big philosphical problem now, and it will only get worse as large tech companies try to wrestle ever more control over the web away from users. And because this sort of stuff is so low-level and technical, it’s not going to grab headlines or stirr the masses.

Assessing unikernel security

Unikernels are small, specialized, single-address-space machine images constructedby treating component applications and drivers like libraries and compiling them, along with a kernel and a thin OS layer, into a single binary blob. Proponents of unikernels claim that their smaller codebase and lack of excess services make them more efficient and secure than full-OS virtual machines and containers. We surveyed two major unikernels, Rumprun and IncludeOS, and found that this was decidedly not the case: unikernels, which in many ways resemble embedded systems, appear to have a similarly minimal level of security. Features like ASLR, W^X, stack canaries, heap integrity checks and more are either completely absent or seriously flawed. If an application running on such a system contains a memory corruption vulnerability, it is often possible for attackers to gain code execution, even in cases where the application’s source and binary are unknown. Furthermore, because the application and the kernel run together as a single process, an attacker who compromises a unikernel can immediately exploit functionality that would require privilege escalation on a regular OS, e.g. arbitrary packet I/O. We demonstrate such attacks on both Rumprun and IncludeOS unikernels, and recommend measures to mitigate them. This is a 100+ page article – book? – that isn’t for the faint of heart.

Windows 10’s ‘Sets’ feature is gone and not expected to return

In 2017, Microsoft officials provided a preview of two new features coming to Windows 10: Timeline and Sets. Timeline made it into Windows 10 as part of the April 2018 Update, but Sets didn’t. And it’s looking like it never will be included in Windows 10. My sources say Microsoft dropped plans for Sets, a Windows-management feature, which would have allowed users to group app data, websites and other information in tabs, months ago. Although Microsoft did test Sets last year with some of its Windows Insider testers, the feature generally wasn’t well received or understood. For apps like Office to work well with Sets, the Office engineering team was going to have to do a lot of extra work. Too bad, because this really looked like a useful feature to easily group related windows into single objects.

‘They think they are above the law’: the firms that own America’s voting system

The fact is that democracy in the United States is now largely a secretive and privately-run affair conducted out of the public eye with little oversight. The corporations that run every aspect of American elections, from voter registration to casting and counting votes by machine, are subject to limited state and federal regulation. The companies are privately-owned and closely held, making information about ownership and financial stability difficult to obtain. The software source code and hardware design of their systems are kept as trade secrets and therefore difficult to study or investigate. It’s for this very reason that my own country – for now – of The Netherlands went back to pencil and paper voting with public manual counting by actual humans.

Red Dead Redemption 2: six months later

Because Red Dead Redemption 2 seems to offer to let you stop and smell the roses, but there are a thousand roses with five buttons to hit every time, and it won’t tell you that you were only supposed to smell the yellow roses until you’re finished with the task. It’s a game that constantly tries to explain a complicated approach to things that are simple in every other game I’ve played. Rockstar spent a surreal number of man-hours to get the light to glisten just so as it hits a realistically rendered horse scrotum, but it couldn’t figure out how to create equipment menus that I could understand after dozens of hours of practice. It’s a game that requires the self-punishing dedication of a hardcore gamer without actually being a hard game or giving me any sense of accomplishment. It’s a story. One whose writers ultimately knew what they wanted to say, but who also piled on so many of these same ideas over and over that it begins to feel meaningless. In short, it’s a game that wants to pull itself out of the tar pit with its face. This is probably one of the best – if not the best – reviews of a video game, or any other product for that matter, I’ve ever read. It is incredibly long, detailed, and manages to ask – and answer – a ton of very pertinent questions about not just Red Dead Redemption 2 itself, but the gaming industry as a whole. I’ve played Red Dead Redemption 2, and I consider it to be a bad game. The controls are a convoluted mess, the story lacks pacing and is all over the place, and the game forces so much pointless, meaningless, and repetitive busywork on the player I just got frustrated and bored. Parts of this particular review go into great detail regarding these matters, and it’s refreshing to see someone pay so much attention to these things other reviewers and players just ignore because shiny visuals. It’s a long read, and I’m sure many RDR2 fans and players will disagree, but don’t let that stop you from reading this.

In African villages, these phones become ultrasound scanners

Lying on a church pew with his arm over his head, 6-year-old Gordon Andindagaye whimpered a bit — in fear, not pain — as Dr. William A. Cherniak slowly swept a small ultrasound scanner up and down his chest. Dr. Cherniak and Rodgers Ssekawoko Muhumuza, the Ugandan clinical officer he was training, stared at the iPhone into which the scanner was plugged, watching Gordon’s lung expand and contract. “O.K.,” Dr. Cherniak finally said. “What do you recommend?” Here in the west it’s easy to grow cynical towards smartphones and technology, but the impact phones and smartphones having in third world countries – which often skip desktops and laptops – is astounding.

Haiku gets NVMe driver

Due to the awesome work by long-time developer waddlesplash, nightly images after hrev53079 have read/write NVMe support built-in. These devices now show up in /dev/disk/nvme/ and are fully useable by Haiku. I’ve personally tested my Samsung 950 Pro and seen raw read speeds up to 1.4GiB/s. Another important driver for Haiku to have, and with today’s modern laptops (and most desktops) all having NVMe support, pretty much a must-have.

Report: 26 States now ban or restrict community broadband

A new report has found that 26 states now either restrict or outright prohibit towns and cities from building their own broadband networks. Quite often the laws are directly written by the telecom sector, and in some instances ban towns and cities from building their own broadband networks—even if the local ISP refuses to provide service. Everything about this is disgusting. It goes to show corporatism and unfettered capitalism are cancers upon out society that must be exterminated.

Ubuntu 19.04 Disco Dingo Released

Ubuntu 19.04 (Disco Dingo) has been officially released today. This Ubuntu version is supported until January 2020. For a longer supported release, use Ubuntu 18.04 LTS instead, which is supported until April 2023. The new Ubuntu 19.04 ships with Linux 5.0 and the latest stable GNOME 3.32, which includes significant performance improvements, experimental fractional scaling for HiDPI screens, and other updates.The new release also includes Tracker (file index and search) by default, allows users to install proprietary Nvidia drivers from the Ubuntu installer, and much more. I’m using the Kubuntu variant on my desktop, and it seems pretty solid so far. The Xubuntu variant has also seen considerable work.

One of the Game Boy’s weirdest games was a Pokémon clone with built-in infrared

The Verge has an article about a very unusual and rare Game Boy accessory. But the link cable was just the beginning of the Game Boy’s wild, bizarre experimentation with the future. In the late ‘90s, Japanese game company Hudson Soft eventually came up with a more radical idea to bring wireless connectivity to the handheld. It would use infrared — built directly into game cartridges. That way, you could transfer data between two games, or even download data from the internet, directly onto the game. And for some inexplicable reason lost to time, I convinced my parents to buy the one and only Game Boy Color game sold in North America to feature this technology. The system itself was called GB Kiss, named after the awkward physical dance two players would have to perform to bring the cartridges close enough to one another to initiate the infrared data transfer. For Hudson Soft, it was a remarkably ambitions idea, a leftover from its attempt nearly a decade prior to crack the home console market through its partnership with NEC Home Electronics on the TurboGrafX-16, a device that failed to gain traction but nonetheless spawned a dizzying number of wild accessories and mods. Few things fascinate me more than rare, unique, and obscure console accessories and expansions from the ’80s and ’90s, so this is right up my alley. I had no idea this ever existed.