GNU is Not Unix

Richard Stallman vs. Canonical's CEO: 'Will Microsoft Love Linux to Death?' (techrepublic.com) 259

TechRepublic got different answers about Microsoft's new enthusiasm for Linux from Canonical's founder and CEO Mark Shuttleworth, and from Richard Stallman. Stallman "believes that Microsoft's decision to build a Windows Subsystem for Linux (WSL) amounts to an attempt to extinguish software that users are free to run, copy, distribute, study, change and improve." "It certainly looks that way. But it won't be so easy to extinguish us, because our reasons for using and advancing free software are not limited to practical convenience," he said. "We want freedom. As a way to use computers in freedom, Windows is a non-starter..." Stallman remains adamant that the WSL can only help entrench the dominance of proprietary software like Windows, and undermine the use of free software. "That doesn't advance the cause of free software, not one bit," he says... "The aim of the free software movement is to free users from freedom-denying proprietary programs and systems, such as Windows. Making a non-free system, such as Windows or MacOS or iOS or ChromeOS or Android, more convenient is a step backward in the campaign for freedom..."

For Shuttleworth, Windows' embrace of GNU/Linux is a net positive for open-source software as a whole. "It's not like Microsoft is stealing our toys, it's more that we're sharing them with Microsoft in order to give everyone the best possible experience," he says. "WSL provides users who are well versed in the Windows environment with greater choice and flexibility, while also opening up a whole new potential user base for the open source platform..." Today Shuttleworth takes Microsoft's newfound enthusiasm for GNU/Linux at face value, and says the company has a different ethos to that of the 1990s, a fresh perspective that benefits Microsoft as much as it does open-source software. "Microsoft is a different company now, with a much more balanced view of open and competitive platforms on multiple fronts," he says. "They do a tremendous amount of engineering specifically to accommodate open platforms like Ubuntu on Azure and Hyper-V, and this work is being done in that spirit."

The article also points out that Microsoft "does seem to be laying the groundwork for WSL to extend what's possible using a single GNU/Linux distro today, for instance, letting the user chain together commands from different GNU/Linux distros with those from Windows."
Firefox

Firefox For iOS Gets Tracking Protection, Firefox Focus For Android Gets Tabs 28

An anonymous reader quotes a report from VentureBeat: Mozilla today released Firefox 9.0 for iOS and updated Firefox Focus for Android. The iOS browser is getting tracking protection, improved sync, and iOS 11 compatibility. The Android privacy browser is getting tabs. You can download the former from Apple's App Store and the latter from Google Play. This is the first time Firefox has offered tracking protection on iOS, and Nick Nguyen, vice president of product at Mozilla, notes that it's finally possible "thanks to changes by Apple to enable the option for 3rd party browsers." This essentially means iPhone and iPad users with Firefox and iOS 11 will have automatic ad and content blocking in Private Browsing mode, and the option to turn it on in regular browsing. This is the same feature that's available in Firefox for Android, Windows, Mac, and Linux, as well as the same ad blocking technology used in Firefox Focus for Android and iOS.
Security

Security Researchers Warn that Third-Party GO Keyboard App is Spying on Millions of Android Users (betanews.com) 65

An anonymous reader shares a report: Security researchers from Adguard have issued a warning that the popular GO Keyboard app is spying on users. Produced by Chinese developers GOMO Dev Team, GO Keyboard was found to be transmitting personal information about users back to remote servers, as well as "using a prohibited technique to download dangerous executable code." Adguard made the discovery while conducting research into the traffic consumption and unwanted behavior of various Android keyboards. The AdGuard for Android app makes it possible to see exactly what traffic an app is generating, and it showed that GO Keyboard was making worrying connections, making use of trackers, and sharing personal information. Adguard notes that there are two versions of the keyboard in Google Play which it claims have more than 200 million users in total.
Television

NVIDIA Drops the Basic Shield TV's Price To $180 (engadget.com) 65

An anonymous reader shares a report: NVIDIA's Shield TV promised to be an Android set-top box for gamers, and in that sense, it delivered. The company first released it in 2015, but its updated version cut down on price by bundling the $50 remote in to make the base-tier $200 version more cost-efficient. Now they're dropping that price down to $180, which is an even better deal. NVIDIA is keeping the $200 tier by bundling in its normally $60 controller alongside the included remote.
Android

Samsung Finally Lets You Disable the Bixby Button Without a Third-Party App (androidpolice.com) 55

Samsung has released an update to allow you to disable Bixby on the Galaxy S8, S8+ and Note 8. The only problem is you can only disable the button and can't point it to another app. Android Police reports: As you're probably aware, there are two parts to Bixby -- Bixby Home and Bixby Voice. The main change here is to the Bixby Home shortcut; press the button and Bixby appears. After updating, a toggle is available under the settings gear at the top of Bixby home. Turn it off, and Bixby Home will no longer pop up when you tap the button (there's also a "Bixby Key" menu in the settings). Bixby Voice can be shut off in the settings as well, so the button will become completely inert. What if you want Bixby Home back? If you still have Bixby Voice turned on, pressing and holding the button will trigger Bixby on top of your current screen. You can open full screen mode and access your Bixby settings to turn Bixby Home back on at any time. Okay, but what if you also have Bixby Voice turned off in the Bixby settings? It seems at first like you've locked yourself out of Bixby, which might not be a problem for some people. However, you can access the Bixby settings by going into your main system settings -- Apps -- Bixby Home -- Mobile Data -- View app settings. That opens the Bixby settings without opening Bixby first.
Android

Apple's A11 Bionic Chip In iPhone 8 and iPhone X Smokes Android Handsets In Early Benchmarks (hothardware.com) 332

MojoKid writes: Many of the new releases of Apple's iPhone bring with it a new A-series SoC (System on Chip) and Apple is keeping that tradition with the iPhone 8 and iPhone 8 Plus, and iPhone X. Each of those handsets sports a custom ARM-based A11 Bionic processor with six cores -- four high performance cores and two power efficiency cores. The two power efficiency cores will perform the bulk medial chores to maintain battery life, which Apple says will be 2 hours longer than the iPhone 7. However, for heavier workloads, the chip is capable of not only firing up its four high performance cores, but also all six cores simultaneously. If early leaked benchmarks are any indication, the A11 Bionic is going to be a benchmark-busting beast of a chip. A set of just-posted Geekbench scores reinforces that notion. Just prior to Apple announcing its newest iPhone models, Geekbench's database was updated with a new entry for an "iPhone 10,5" which we assume to be the iPhone X. Based on the scores recorded, in this one benchmark at least, the A11 CPU powering the iPhone X appears to be 50 to 70 percent faster than any Android handset on the market currently, even those powered by the new Qualcomm Snapdragon 835.
Android

PSA: Google Will Delete Your Android Backups If Your Device Is Inactive For Two Months (vernonchan.com) 166

New submitter Vernon Chan writes: It was discovered that Google will automatically schedule to delete your Android device backups if it is inactive for more than two months. The issue was discovered by a Reddit user after his Nexus 6P was sent for a refund claim. He was using an old iPhone while he waited for an Android replacement device. When he glanced at his Google Drive Backup folder, he freaked out when he noticed his Nexus 6P backup was missing. He then stumbled upon this Google Drive help document regarding backup expirations: "Your backup will remain as long as you use your device. If you don't use your device for 2 weeks, you may see an expiration date below your backup. For instance: 'Expires in 54 days.'" Once a backup is deleted, there is zero chance for recovery.
Android

Target's Sales Floors Are Switching From Apple To Android Devices (gizmodo.com) 137

After three years of Apple products, Target is moving to Android devices for stocking, pulling items, and other essential sales floor duties. Target first outfitted its employees with Apple products in 2014, replacing PDAs with iPod Touches. Gizmodo reports: In Fall of 2016, Target stores began testing the Zebra TC51, which runs Android 6.0 Mashmallow and was confirmed to Gizmodo as "the new MyDevices for store team members chainwide" by a company spokesperson over email. On Reddit's r/Target page and the unofficial employee forum The Breakroom, the new devices have been met with enthusiasm -- and plenty of jabs at the old iOS scanners. "The current iOS my devices we have all sorts of issues, connection issues, scanner issues, and tons more," one Breakroom poster complained. On Reddit, a former store manager wrote that "the iPod hardware they used as on the floor scanners for employees died quickly and there was no way of swapping in new batteries. There were many hardware issues that came about with the ipods." While a Target spokesperson confirmed the company will still purchase some products from Apple -- iPads for online order pickups, iPhones for managers -- the sales floor is switching to Android, and the company is staffing up on Android developers to port over all the internal software stores use.
Security

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices (bleepingcomputer.com) 121

An anonymous reader quotes a report from Bleeping Computer: Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email. "Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device." Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off immediately. When a patch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely. The BlueBorne Android App on the Google Play Store will be able to determine if a user's Android device is vulnerable. A technical report on the BlueBorne flaws is available here (PDF).
Android

Android Always Beats the iPhone To New Features, Qualcomm Says (theverge.com) 177

An anonymous reader shares a report: Qualcomm has published a somewhat self-congratulatory blog post that lauds the company and its Android partners for achieving a series of industry firsts that include wireless charging, dual-camera systems, OLED smartphone screens, edge-to-edge displays, and more -- features that the upcoming iPhone is expected to have. Apple and Qualcomm are currently embroiled in what's turning into a vicious, global patent licensing dispute. So the timing of this adulation for Android -- hours before Apple's big September event -- doesn't really strike me as coincidental. It can't be. Qualcomm never mentions Apple by name; the closest the company ever comes is with this line: Inventions from Qualcomm lay the foundation for so many technologies and experiences we value in our smartphones today -- on Android and other platforms.
Software

How Proprietary Software Lets Companies Cheat (locusmag.com) 228

"Proprietary software makes it possible to design products to cheat ordinary users..." writes Richard Stallman -- linking to a new essay by Cory Doctorow: Carriers adapted custom versions of Android to lock customers to their networks with shovelware apps that couldn't be removed from the home-screen and app store lock-in that forced customers to buy apps through their phone company. What began with printers and spread to phones is coming to everything: this kind of technology has proliferated to smart thermostats (no apps that let you turn your AC cooler when the power company dials it up a couple degrees), tractors (no buying your parts from third-party companies), cars (no taking your GM to an independent mechanic), and many categories besides.

All these forms of cheating treat the owner of the device as an enemy of the company that made or sold it, to be thwarted, tricked, or forced into conducting their affairs in the best interest of the company's shareholders. To do this, they run programs and processes that attempt to hide themselves and their nature from their owners, and proxies for their owners (like reviewers and researchers). Increasingly, cheating devices behave differently depending on who is looking at them. When they believe themselves to be under close scrutiny, their behavior reverts to a more respectable, less egregious standard. This is a shocking and ghastly turn of affairs, one that takes us back to the dark ages.

Iphone

Leaks Reveal New Features In Apple's Next iPhone 224

Though Apple officially unveils their newest iPhone on Tuesday, information is already leaking on the internet.
  • Mashable: "Physically, it's expected to be about the same size as an iPhone 7, but with an edge-to-edge OLED display that's bigger than what is currently on the iPhone 7 Plus. It won't have a home button or Touch ID, and will likely use some kind of facial recognition tech to unlock."
  • MacRumors cites a report from KGI Securities analyst Ming-Chi Kuo suggesting facial recognition may just be one feature of a complex front camera with 3D sensing hardware, including a proximity sensor, ambient light sensor, and a structured light transmitter (using a surface-emitting laser) and receiver.
  • Fortune: "Apple's iPhone line is expected to catch up with Android phones in the area of wireless charging this year... just lay the phone down on a compatible charger mat or base or dock, and watch the battery fill up."
  • 9to5Mac: "We've found a brand new feature called 'Animoji', which uses the 3D face sensors to create custom 3D animated emoji based on the expressions you make into the camera. Users will be able to make Animoji of unicorns, robots, pigs, pile of poo and many more."
GUI

Linux.com Raves About New Snap-Centric 'Nitrux' Distro (linux.com) 137

An anonymous reader quotes Linux.com: What happens when you take Ubuntu 17.10, a new desktop interface (one that overlays on top of KDE), snap packages, and roll them all up into a pseudo rolling release? You get Nitrux. At first blush, this particular Linux distribution seems more of an experiment than anything else -- to show how much the KDE desktop can be tweaked to resemble the likes of the Elementary OS or MacOS desktops. At its heart, however, it's much more than that... This particular take on the Linux desktop is focused on the portable, universal nature of snap packages and makes use of a unique desktop, called Nomad, which sits atop KDE Plasma 5... The desktop includes a dock, a system/notification tray, a quick search tool (Plasma Search), and an app menu. Of all the elements on the desktop, it's the Plasma Search tool that will appeal to anyone looking for an efficient means to interact with their desktops. With this tool, you can just start typing on a blank desktop to see a list of results. Say, for example, you want to open LibreOffice writer; on the blank desktop, just start typing "libre" and related entries will appear...

Skilled Linux users should have no problem using Nitrux and might find themselves intrigued with the snap-centric Nomad desktop. The one advantage of having a distribution centered around snap packages would be the ease with which you could quickly install and uninstall a package, without causing issues with other applications... In the end, Nitrux is a beautiful desktop that is incredibly efficient to use -- only slightly hampered by an awkward installer and a lack of available snap packages. Give this distribution a bit of time to work out the kinks and it could become a serious contender.

The GUI-focused distro even includes Android apps in the menu -- although Linux.com's reviewer notes that "on two different installations, I have yet to get this feature to work. Even the pre-installed Android apps never start."
Facebook

Facebook Finds a New Service To Copy: Tinder (vice.com) 46

An anonymous reader shares a report from Motherboard, written by Jacob Dube: Facebook is trying out a new feature that connects users on its Messenger chat platform, but only if they both accept. It looks a lot like Tinder, except it only appears to be connecting people who are already friends with each other. While using Facebook on my phone Wednesday night, I was greeted by a notification that said "[Name redacted] and 15 others may want to meet up with you this week." When I opened the link, I was taken to a page with photos of my Facebook friends and a question: "Want to meet up with [name redacted] this week?" It indicated that my response would be private unless we both said yes. Tap "No Thanks," and that's the end of it. The feature seems to be in beta, and, though it is currently available to me and a few of my friends in Canada, the rest of Motherboard was unable to access it. It's unclear what the feature might be called. It's not hard to see the similarity between the feature and dating apps like Tinder or Bumble, but the Facebook feature seems to connect you only to people you already know, and could have already reached on the Messenger app. The feature didn't just show me potential love interests, however. It also displayed some of my friends, indicating that it might be used to encourage people who are already friends on Facebook to hang out IRL. "People often use Facebook to make plans with their friends," a Facebook spokesperson told Motherboard in an email. "So, we're running a very small test in the Facebook app to make that easier. We look forward to hearing people's feedback." The test is reportedly limited to a small number of users in parts of Toronto and New Zealand, on iOS and Android.
Android

Android Oreo Bug Eats Up Mobile Data Even When On Wi-Fi (betanews.com) 89

Mark Wilson shares a report from BetaNews: An apparent bug with Android Oreo has been discovered which means Google's mobile operating system could be munching its way through your data allowance, even if you're connected to a wireless network. A thread on Reddit highlighted the issue, with many people pointing out that it could prove expensive for anyone not using an unlimited data plan. Google is apparently aware of the problem and is working on a patch, but in the meantime Oreo users are being warned to consider disabling mobile data when they are at home or using a wireless connection elsewhere.
Android

Android Oreo's Rollback Protection Will Block OS Downgrades (androidpolice.com) 119

jbernardo writes: Google is using the boiling frog method to exclude power users and custom ROMs from android. A new feature in Android 8.0 Oreo, called "Rollback Protection" and included in the "Verified Boot" changes, will prevent a device from booting should it be rolled back to an earlier firmware. The detailed information is here. As it rejects an image if its "rollback index" is inferior than the one in "tamper evident storage," any attempts to install a previous version of the official, signed ROM will make the device unbootable. Much like iOS (without the rollback grace period) or the extinct Lumias. It is explained in the recommended boot workflow and notes below, together with some other "smart" ideas.

Now, this might seem like a good idea at first, but let's just just imagine this on a PC. It would mean no easy rollback from windows 10 to 7 after a forced installation, and doing that or installing linux would mean a unreasonably complex bootloader unlocking, with all your data wiped. Add safetynet to the mix, and you would also be blocked from watching Netflix or accessing your banking sites if you dared to install linux or rollback windows. To add insult to injury, unlocked devices will stop booting for at least 10 seconds to show some paternalist message on how unlocking is bad for your health: "If the device has a screen and buttons (for example if it's a phone) the warning is to be shown for at least 10 seconds before the boot process continues." Now, and knowing that most if not all android bootloaders have vulnerabilities/backdoors, how can this be defended, even with the "security/think of the children" approach? This has no advantages other than making it hard for users to install ROMs or to revert to a previous official ROM to restore missing functionality.

Chrome

Chrome 61 Arrives With JavaScript Modules, WebUSB Support (venturebeat.com) 115

The latest version of Google Chrome has launched, bringing a host of new developer features like JavaScript modules and WebUSB support. An anonymous Slashdot reader shares a report from VentureBeat: Google has launched Chrome 61 for Windows, Mac, and Linux. Additions in this release include JavaScript modules and WebUSB support, among other developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Google also released Chrome 61 for Android today. In addition to performance and stability fixes, you can expect two new features: Translate pages with a more compact toolbar and pick images with an improved image picker.

Chrome now supports JavaScript modules natively via the new element, letting developers declare a script's dependencies. Modules are already popular in third-party build tools, which use them to bundle only the required scripts. Native support means the browser can fetch granular dependencies in parallel, taking advantage of caching, avoiding duplications across the page, and ensuring the script executes in the correct order, all without a build step. Google recommends these two blog posts for more information: ECMAScript modules in browsers and ES6 Modules in Depth. Speaking of JavaScript, Chrome 61 also upgrades the browser's V8 JavaScript engine to version 6.1. Developers can expect performance improvements and a binary size reduction. The WebUSB API meanwhile allows web apps to access user-permitted USB devices. This enables all the functionality provided by hardware peripherals such as keyboards, mice, printers, and gamepads, while still preserving the security guarantees of the web.

Android

TrustZone Downgrade Attack Opens Android Devices To Old Vulnerabilities (bleepingcomputer.com) 45

An anonymous reader writes from a report via Bleeping Computer: An attacker can downgrade components of the Android TrustZone technology -- a secure section of smartphone CPUs -- to older versions that feature known vulnerabilities. The attacker can then use previously published exploit code to attack up-to-date Android OS versions. The research team proved their attack in tests on devices running the ARM TrustZone technology, such as Samsung Galaxy S7, Huawei Mate 9, Google Nexus 5, and Google Nexus 6. They replaced updated versions of the Widevine trustlet with an older version that was vulnerable to CVE-2015-6639, a vulnerability in Android's Qualcomm Secure Execution Environment (QSEE) -- Qualcomm's name for its ARM TrustZone version that runs on Qualcomm chips. This vulnerability allows attackers root level access to the TrustZone OS, which indirectly grants the attack control over the entire phone. The research paper is available here, and one of the researcher's authors explains the attack chain in an interview here.
Google

Android One Is Anything But Dead, Google Reaffirms With Xiaomi Mi A1 (ndtv.com) 97

An anonymous reader shares a report: Google executives shared the stage with Xiaomi chiefs at a media event in New Delhi on Tuesday as the Chinese phone maker unveiled its "new flagship" Mi A1 smartphone. Google's presence at the event was essential. Xiaomi's Mi A1 is the latest phone to be launched under Google's Android One program, a three-year-old initiative from Google, which in the past year has been presumed dead by many. It's anything but that, Google executives said. The Xiaomi Mi A1 smartphone features a 5.5-inch full-HD (1080x1920 pixels) display. It also offers a duo of 12-megapixel rear cameras, one with telephoto capability and 2X optical zoom feature. On the front, for the selfie enthusiasts is a 5-megapixel shooter. The dual-SIM capable Mi A1 smartphone houses a Snapdragon 625 octa-core SoC, 4GB of RAM, 64GB internal storage, IR blaster, a 3080mAh battery, a fingerprint scanner, modems for 4G LTE bands in its gold- and black-coloured thin, full-metal unibody form factor. It is priced at $235, and will be available in dozens of markets including Mexico, India, Indonesia, Russia, and Singapore.
Android

Vulnerabilities Discovered In Mobile Bootloaders of Major Vendors (bleepingcomputer.com) 76

An anonymous reader writes: Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the Android OS boot-up sequence, opening devices to attacks. The vulnerabilities were discovered with a new tool called BootStomp, developed by nine computer scientists from the University of California, Santa Barbara. Researchers analyzed five bootloaders from four vendors (NVIDIA, Qualcomm, MediaTek, and Huawei/HiSilicon). Using BootStomp, researchers identified seven security flaws, six new and one previously known (CVE-2014-9798). Of the six new flaws, bootloader vendors already acknowledged five and are working on a fix. "Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks," the research team said (PDF). "Our tool also identified two bootloader vulnerabilities that can be leveraged by an attacker with root privileges on the OS to unlock the device and break the CoT."

Slashdot Top Deals