Monthly Archive:: October 2020
During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources. There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. These severities were assessed by us for summarization purposes and are dependent on a mix of CVSS and our understanding of the business related impact. As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours). Definitely a speedy response by Apple, but seeing the severity of the vulnerabilities found, that seems hardly surprising – the hackers even managed to get access to the source code for iOS, macOS, and other Apple projects. Our proof of concept for this report was demonstrating we could read and access Apple’s internal maven repository which contained the source code for what appeared to be hundreds of different applications, iOS, and macOS. You can bet that they haven’t been the only one snooping around in there.
Discussion of the next generation of DDR memory has been aflutter in recent months as manufacturers have been showcasing a wide variety of test vehicles ahead of a full product launch. Platforms that plan to use DDR5 are also fast approaching, with an expected debut on the enterprise side before slowly trickling down to consumer. As with all these things, development comes in stages: memory controllers, interfaces, electrical equivalent testing IP, and modules. It’s that final stage that SK Hynix is launching today, or at least the chips that go into these modules. We’re gearing up for a return of the times where when buying a new motherboard or new memory, you better make sure the right DDR version is selected.
Lots of people were excited by the news over Hangover’s port to ppc64le, and while there’s a long way to go, the fact it exists is a definite step forward to improving the workstation experience on OpenPOWER. Except, of course, that many folks (including your humble author) can’t run it: Hangover currently requires a kernel with a 4K memory page size, which is the page size of the majority of extant systems (certainly x86_64, which only offers a 4K page size). ppc64 and ppc64le can certainly run on a 4K page size and some distributions do, yet the two probably most common distributions OpenPOWER users run — Debian and Fedora — default to a 64K page size. This article gives an answer to the question why.
This article provides a subjective history of POWER and open source from the viewpoint of an open source developer, outlines a few trends and conclusions, and previews what the future will bring. It is based on my talk at the annual OpenPOWER North America Summit, in which I aimed to show the importance of desktop/workstation-class hardware available to developers. In this article, I will cover a few additional topics, including cloud resources available to POWER developers, as well as a glimpse into the products and technologies under development. The biggest problem for POWER that I can see at the moment is that the kind of POWER processors you want – little endian – are expensive. This precludes more affordable desktops from entering the market, let alone even laptops. Big endian POWER processors aren’t exactly future-proof, as Linux distributions are dropping support for them. It’s a difficult situation, but I don’t think there’s much that can be done about it.
The House Judiciary Committee has released its conclusions on whether Amazon, Facebook, Apple, and Google are violating antitrust law. Its 449-page report criticizes these companies for buying competitors, preferencing their own services, and holding outsized power over smaller businesses that use their platforms. “Our investigation revealed an alarming pattern of business practices that degrade competition and stifle innovation,” said committee member Val Demings (D-FL). “Competition must reward the best idea, not the biggest corporate account. We will take steps necessary to hold rulebreakers accountable.” The report is scathing when it comes to the major technology companies and their clear pattern of anti-competitive behaviour and antritrust abuse. Although these four corporations differ in important ways, studying their business practices has revealed common problems. First, each platform now serves as a gatekeeper over a key channel of distribution. By controlling access to markets, these giants can pick winners and losers throughout our economy. They not only wield tremendous power, but they also abuse it by charging exorbitant fees, imposing oppressive contract terms, and extracting valuable data from the people and businesses that rely on them. Second, each platform uses its gatekeeper position to maintain its market power. By controlling the infrastructure of the digital age, they have surveilled other businesses to identify potential rivals, and have ultimately bought out, copied, or cut off their competitive threats. And, finally, these firms have abused their role as intermediaries to further entrench and expand their dominance. Whether through self-preferencing, predatory pricing, or exclusionary conduct, the dominant platforms have exploited their power in order to become even more dominant. Apple, Google, Amazong, and Facebook are likened to oil barons and railroad tycoons from the American 19th century, and advises to break them up into separate entities. Countless other safeguards and measures are suggested, too, all to create and maintain a level playing field in the technology industry and sectors adjacent to it. While I have my doubts US Congress possesses the intellectual honesty and, quite frankly, grip on reality required to do anything with this report, they seem like much-needed recommendations that should’ve been implemented yesterday.
Ten years after Oracle first sued Google over the code in the Android platform, the two tech giants are finally facing off in the Supreme Court. Since then, there have been three trials and two appeals. Billions of dollars are at stake; many millions have been likely spent on a parade of seasoned litigators, expert witnesses, and bizarre trial exhibits intended to explain programming to non-technical juries. All this may be coming to an anticlimactic close on Wednesday morning, with a teleconference Supreme Court oral argument in the middle of a pandemic. Google must win this case. Not because Google somehow deserves it, but because Oracle and its CEO are the scum of the earth dead set on destroying the very foundations of programming.
The MorphOS development team is proud to announce the immediate availability of MorphOS 3.14. While mostly a maintenance and stability release, this update also brings multiple technological improvements in the kernel. Out of these, the most notable are TLS support in exec.library, updates to the Netstack and ixemul.library. As usual MorphOS 3.14 is free upgrade for existing users and can be downloaded from the download page. Check the changelog to find out what’s new in this release. At the same time Wayfarer, a new web browser based on a modern mid-2020 branch of WebKit is now available for download. This new browser makes it possible to browse most of the web that has become off-limits for Odyssey with its ageing engine. Google apps like Docs, Drive and Maps with Street view are supported just as the Whatsapp or Telegram web interfaces.
The ESA’s recently launched Solar Orbiter will spend years in one of the most unwelcoming places in the Solar System: the Sun. During its mission, Solar Orbiter will get 10 million kilometers closer to the Sun than Mercury. And, mind you, Mercury is close enough to have sustained temperatures reaching 450°C on its Sun-facing surface. To withstand such temperatures, Solar Orbiter is going to rely on an intricately designed heat shield. This heat shield, however, will protect the spacecraft only when it is pointed directly at the Sun—there is no sufficient protection on the sides or in the back of the probe. So, accordingly, ESA developed a real-time operating system (RTOS) for Solar Orbiter that can act under very strict requirements. The maximum allowed off-pointing from the Sun is only 6.5 degrees. Any off-pointing exceeding 2.3 degrees is acceptable only for a very brief period of time. When something goes wrong and dangerous off-pointing is detected, Solar Orbiter is going to have only 50 seconds to react. Fascinating look at a piece of software few of us will ever get to work with.
The Zuse Z4 is considered the oldest preserved computer in the world. Manufactured in 1945 and overhauled and expanded in 1949/1950, the relay machine was in operation on loan at the ETH Zurich from 1950 to 1955. Today the huge digital computer is located in the Deutsches Museum in Munich. The operating instructions for the Z4 were lost for a long time. In 1950, ETH Zurich was the only university in continental Europe with a functioning tape-controlled computer. From the 1940s, only one other computer survived: the Csirac vacuum tube computer (1949). It is in the Melbourne Museum, Carlton, Victoria, Australia. Evelyn Boesch from the ETH Zurich University archives let me know in early March 2020 that her father René Boesch (born in 1929), who had been working under Manfred Rauscher at the Institute for Aircraft Statics and Aircraft Construction at ETH Zurich since 1956, had kept rare historical documents. Boesch’s first employment was with the Swiss Aeronautical Engineering Association, which was housed and affiliated to the above-mentioned institute. The research revealed that the documents included a user manual for the Z4 and notes on flutter calculations. What an astonishing discovery. Stories like this make me wonder just how many rare, valuable, irreplaceable hardware, software, and documentation is rotting away in old attics, waiting to be thrown in a dumpster after someone’s death.
Techies hailed USB-C as the future of cables when it hit the mainstream market with Apple’s single-port MacBook in 2015. It was a huge improvement over the previous generation of USB, allowing for many different types of functionality — charging, connecting to an external display, etc. — in one simple cord, all without having a “right side up” like its predecessor. Five years later, USB-C is near-ubiquitous: Almost every modern laptop and smartphone has at least one USB-C port, with the exception of the iPhone, which still uses Apple’s proprietary Lightning port. For all its improvements, USB-C has become a mess of tangled standards — a nightmare for consumers to navigate despite the initial promise of simplicity. Especially the charging situation with USB-C can be a nightmare. I honestly have no clue which of my U SB-C devices can fast-charge with which charger and which cable, and I just keep plugging stuff in until it works. Add in all my fiancée’s devices, and it’s… Messy.
Polish video game developer CD Projekt Red told employees on Monday that six-day work weeks will be mandatory leading up to the November release of the highly anticipated Cyberpunk 2077, reneging on an earlier promise to not force overtime on the project. “I take it upon myself to receive the full backlash for the decision,” he wrote. “I know this is in direct opposition to what we’ve said about crunch. It’s also in direct opposition to what I personally grew to believe a while back — that crunch should never be the answer. But we’ve extended all other possible means of navigating the situation.” Severely overhyped repetitive walking simulators like The Witcher 3 don’t make themselves, after all. They’re made by harshly overworked and underpaid developers who are replaced faster than Polish judges critical of the Polish government.
Submitted by