Monthly Archive:: February 2021
Sailfish OS has moved into its fourth generation with the release of Sailfish OS 4.0.1 Koli. On a high-level Sailfish 4 includes several security and functionality updates, the long-awaited browser update, redesigned daily usage flow of key applications, as well as a rebooted developer experience. In particular we’re proud to boast full-scale OS-level Mobile Device Management (MDM) to enable easy and manageable end-to-end trusted corporate and governmental sector deployments. There are also a bunch of other new additions, including Android 9 app support, app sandboxing, and QR code scanning, along with improved notifications, events view, contact management and more.
VSI has made available OpenVMS V9.0-G for x86. This is the first x86 release of the year, and seventh overall, and it’s another good one with more functionality, VMware support, and a number of improvements. VSI also added five additional EAK testers (approaching 50 in all) and there may be a few more in the coming days. The porting process is progressing nicely.
Fortnite creator Epic Games has taken its fight against Apple to European Union antitrust regulators, escalating its dispute with the iPhone maker over its App Store payment system and control over app downloads. At this point I’m surprised it took them this long.
I normally deal with Linux machines. Linux is what I know and it’s what I’ve been using since I was in college. A friend of mine has been coaxing me into trying out FreeBSD, and I decided to try it out and see what it’s like. Here’s some details about my experience and what I’ve learned. Exactly what it says on the tin – and may I just say that the design and colour scheme of the website in question is extremely pleasant to the eyes.
Unikraft is a comprehensive toolchain and library operating system which builds highly specialized unikernels, software bundles that consist of a target application along with just the operating system primitives and libraries features it needs to run. Unikraft breaks the status quo of building unikernels manually, providing an automated toolchain that builds tailored unikernels that meet your (and your application’s) needs. We haven’t been paying a lot of attention to the concept of unikernels on OSNews, and I’m not sure why – possibly because they’re outside of the comfort one of a lot of people, including myself.
Last week, we mentioned that the extremely popular open source video player VLC is getting a brand-new interface in its upcoming 4.0 release, expected to debut later this year. VLC 4.0 isn’t ready for prime time use yet—but because the program is open source, adventurous users can grab nightly builds of it to take a peek at what’s coming. The screenshots we’re about to show come from the nightly build released last Friday—20210212-0431. VLC is an incredibly popular application, so any major user interface overhaul like this is sure to lead to a lot of bikeshedding.
Remember that story from two years ago, about how China had supposedly infiltrated the supply chain of Supermicro? The story was denied by American intelligence agencies and the CEOs of Apple and Amazon, but today, Bloomberg posted a follow-up piece with more sources, both anonymous and named, that the story was, in fact, real, and probably a lot bigger, too. The article lists several attacks that have taken place, all using hardware from Supermicro. Each of these distinct attacks had two things in common: China and Super Micro Computer Inc., a computer hardware maker in San Jose, California. They shared one other trait; U.S. spymasters discovered the manipulations but kept them largely secret as tthey tried to counter each one and learn more about China’s capabilities. Bloomberg is clearly sticking by and expanding its story, so this means it’s their and their sources’ word against that of giant corporations and American intelligence agencies, and we all know giant corporations and American intelligence agencies never lie. Right?
I recently came across SerenityOS when it was featured in hxp CTF and then on LiveOverflow’s YouTube channel. SerenityOS is an open source operating system written from scratch by Andreas Kling and now has a strong and active community behind it. If you’d like to learn a bit more about it then the recent CppCast episode is a good place to start, as well as all of the fantastic videos by Andreas Kling. Two of the recent videos were about writing exploits for a typed array bug in javascript, and a kernel bug in munmap. The videos were great to watch and got me thinking that it would be fun to try and find a couple of bugs that could be chained together to create a full chain exploit such as exploiting a browser bug to exploit a kernel bug to get root access. You don’t get articles like this very often – exploiting a small hobby operating system? Sure, why not.
This document proposes a mechanism for running unmodified Linux programs on Fuchsia. The programs are run in userspace process whose system interface is compatible with the Linux ABI. Rather than using the Linux kernel to implement this interface, we will implement the interface in a Fuchsia userspace program, called starnix. Largely, starnix will serve as a compatibility layer, translating requests from the Linux client program to the appropriate Fuchsia subsystem. Many of these subsystems will need to be elaborated in order to support all the functionality implied by the Linux system interface. As we expand the universe of software we wish to run on Fuchsia, we are encountering software that we wish to run on Fuchsia that we do not have the ability to recompile. For example, Android applications contain native code modules that have been compiled for Linux. In order to run this software on Fuchsia, we need to be able to run binaries without modifying them. Just more signs that Google has big plans for Fuchsia. With Google it’s always difficult to assess if they’ll go through with it, but I think they intend for Fuchsia to become the base operating system across Chrome OS, Android, their smart devices like Google Home, and everything else they might one day make. The project is too wide and deep to be anything else.
In the tests that matter, most noticeably the 3D rendering tests, we’re seeing a 3% speed-up on the Threadripper Pro compared to the regular Threadripper at the same memory frequency and sub-timings. The core frequencies were preferential on the 3990X, but the memory bandwidth of the 3995WX is obviously helping to a small degree, enough to pull ahead in our testing, along with the benefit of having access to 8x of the memory capacity as well as Pro features for proper enterprise-level administration. The downside of this comparison is the cost: the SEP difference is +$1500, or another 50%, for the Threadripper Pro 3995WX over the regular Threadripper 3990X. With this price increase, you’re not really paying +50% for the performance difference (ECC memory also costs a good amount), but the feature set. Threadripper Pro is aimed at the visual effects and rendering market, where holding 3D models in main memory is a key aspect of workflow speed as well as full-scene production. Alongside the memory capacity difference, having double the PCIe 4.0 lanes means more access to offload hardware or additional fast storage, also important tools in the visual effects space. Threadripper Pro falls very much into the bucket of ‘if you need it, this is the option to go for‘. AMD is entirely in a league of its own with these processors. I keep repeating it, but AMD’s comeback is one of the most remarkable stories in the history of technology.
Suing technology firms when they mess up is already hard, especially over privacy violations. Now, Facebook, Google, and the trade groups representing all the big tech firms are asking the Supreme Court to make it even harder for class actions to pursue cases against them. Facebook, Google, and all the others submitted a filing (PDF) to the Supreme Court this week basically arguing that if you cannot prove the specific extent to which their screwup injured you, you should not have any grounds to be part of a lawsuit against them. They are already pretty much invulnerable, but of course, they want even more protections than their sheer size, wealth, influence, and monopoly positions already give them. How surprising.
The beta for the upcoming 5.21 release of the KWinFT projects is now available. It contains a monumental rewrite of KWinFT’s windowing logic. Read on for an overview of the changes and why this rewrite was necessary. KWinFT is such a poster child for open source development. Someone wasn’t happy with KWin, a core aspect of their desktop, and put their money where their mouth is and forked it into something that they think is better. I wouldn’t be surprised to see parts of KWinFT, or even the project as a whole, make its way to become KDE’s default window manager.
There are well documented security flaws in GSM, and publicly available tools to exploit them. At the same time, it has become considerably cheaper and easier to analyze GSM traffic over the past few years. Open source tools such as gr-gsm have matured, and the community has developed methods for capturing the GSM spectrum without the need for expensive SDR radios. With less than $100 and a weekend it’s possible to capture and analyze GSM traffic. With some extra effort it’s possible to decrypt your own traffic, and depending on how your mobile provider has set up their network it may even be possible for somebody else to illegally decrypt traffic they don’t own. GSM is terrifying.
hello (also known as helloSystem) is a desktop system for creators with focus on simplicity, elegance, and usability. Its design follows the “Less, but better” philosophy. It is intended as a system for “mere mortals”, welcoming to switchers from the Mac. FreeBSD is used as the core operating system. With PC-BSD gone, it’s nice to see others step in to fill the void. This particular project was founded by Simon Peter, who also started AppImage and PureDarwin, so there’s quite a bit of pedigree here. It’s still in development and not yet ready for general use.
You think you can escape my ire today, Google? You’re no better than Apple. Case in point: Google is in hot water after banning the Google account of Andrew Spinks, the lead developer of the hit indie game Terraria. The YouTube account of Spinks’ game dev company, Re-Logic, was hit with some kind of terms-of-service violation, resulting in Google banning Spinks’ entire Google account, greatly disrupting his company’s ability to do business. After three fruitless weeks of trying to get the situation fixed, Spinks announced that his company will no longer do business with Google and that the upcoming Stadia version of Terraria is canceled. “I will not be involved with a corporation that values their customers and partners so little,” Spinks said. “Doing business with you is a liability.” This is, sadly, a very common occurrence. Google has a long history of blocking accounts for no reason at all, without giving the affected people any recourse since the company effectively has no customer service department. These cases can be absolutely devastating, causing people to lose photos, emails, access to their business financials, and god knows what else. We at OSNews use what was once called Google Apps for Your Domain (launched in 2006), only for us to be grandfathered into GSuite, which is now called Workplaces, which has led to a lot of frustration for me since GSuite accounts are locked out of a ton of Google services for no particular reason, and there’s no way to convert an existing Google account from one type to another. We were never asked if we wanted to be converted to the much more limited GSuite accounts. Google just did it. In any event, I have been pondering if we should switch to something else, but it’d be a lot of work I’d be putting on the plate of someone else – OSNews’ owner.
Mobile app developer Kosta Eleftheriou has a new calling that goes beyond software development: taking on what he sees as a rampant scam problem ruining the integrity of Apple’s App Store. Eleftheriou, who created the successful Apple Watch keyboard app FlickType, has for the last two weeks been publicly criticizing Apple for lax enforcement of its App Store rules that have allowed scam apps, as well as apps that clone popular software from other developers, to run rampant. These apps enjoy top billing in the iPhone marketplace, all thanks to glowing reviews and sterling five-star ratings that are largely fabricated, he says. I’ve been saying it for ten years: the application store model is fundamentally broken, because the owner of the application store benefits from people gaming and cheating the system. In this case, Apple profits from every scam application or subscription sold, and since the App Store constitutes a huge part of Apple’s all-important services revenue, Apple has no incentive to really tackle issues like this. Here’s what going to happen, based on my immutable pattern recognition skills: there will be more press outcry over this developer’s specific issue until Apple eventually sends out a public apology statement and sort-of addresses this specific issue. American tech media – which are deeply embedded in Apple’s ecosystem and depend on being in Apple’s good graces – will praise Apple’s response, and claim the situation has been resolved. Their next batch of review units and press invites from Apple are on their way. And a few weeks or months later, another developer suffers from the same or similar issues, rinse, repeat. The problem is not individual App Store rules or App Store reviewers having a bad day – the paradigm itself is fundamentally broken, and until the tech industry and us as users come to terms with that, these repetitive stories will keep popping up, faux press outrage and all.
Another month, another Haiku activity report. January was a busy month for OSNews’ favourite operating system project, with a lot of love sent the way of the various ports to other architectures. Work has been done on the ARM and RISC-V ports, but also on platforms you might not expect in this day and age: SPARC and PowerPC. While some may question putting any effort into these alternative platforms at all, that’s a shortsighted position – work on other platforms often aides in uncovering and fixing bugs in the code for your main platform. It also prevents code from becoming more platform-dependent than it needs to be. Amid the long list of other improvements, the one that stands out is merging support for SD/MMC cards. The SD/MMC drivers are merged. It is now possible to read and write SD and SDHC cards using controllers compatible with the SDHCI specification. This is one of those things that will make it easier to transfer files to and from your Haiku installation.
In addition to the establishing of the seL4 Foundation and adding the open-source RISC-V architecture as one of their primary architectures, the seL4 micro-kernel has been seeing a lot of work and also research into future work. Among the ambitious research goals is to create a “truly secure, general-purpose OS”. This multi-server OS would be secure, support a range of use-cases and security policies, and perform comparable to monolithic systems. Be sure to flip through the slides of the presentation in question for more information.
The Linux kernel’s floppy driver dates back to the original days of the kernel back in 1991 and is still being maintained thirty years later with the occasional fix. Somewhat surprisingly, a patch was sent in to the Linux kernel’s block subsystem ahead of the Linux 5.12 merge window around the floppy code. Floppies are awesome and I’m sure there’s tons of older machines out there – especially in corporate settings – that are still rocking a floppy drive for backwards compatibility reasons. Might as well keep the code up to snuff.
The legacy version of the Microsoft Edge, which is set to be discontinued in March, will be removed from Windows 10 with the release of Patch Tuesday updates in April. As we reported recently, Windows 10 currently comes with three different web browsers – Legacy Edge (hidden), Chromium Edge (default), and Internet Explorer (enabled). In an attempt to reduce clutter and improve security, Microsoft is removing the older browsers from the OS. I mean, on the one hand it seems like this is a reasonably move – there’s a new version of Edge, so an update will remove the old one. On the other hand, though, these are really two entirely different applications that happen to share a name, and it seems grotesque and user-hostile to just remove an entire application without even giving users the option to keep it. Sure, this concerns an outdated browser nobody uses, and that makes it easy to handwave this away, but what if this happens to an application you actually like and use?
Submitted by