Criminy, that's a nasty one! Near invisible infections via BITS

Subject: General Tech | June 9, 2016 - 12:41 PM |
Tagged: microsoft, BITS, security

BITS, the Microsoft Background Intelligent Transfer Service used for pushing out OS updates among other things can be turned to the dark side in a rather nasty way.  When cleaning up an infect network, security professionals stumbled upon a nasty discovery, a compromised machine with no sign of an infection vector except in the BITS database.  The malware came in through the usual channel but once installed it used a BITS task to clean up any traces of the installation from temp files and the registry and then delete itself, leaving an infected machine with almost no traces of where the infection came from or is residing.  The Register offers advice on how to check suspicious machines in their story.

service.jpg

"While working on a customer clean-up project, SecureWorks staff found that attackers had created self-contained BITS tasks that didn't appear in the registries of affected machines, and their footprints were limited to entries on the BITS database."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Microsoft Open-Sources Their WebGL Implementation

Subject: General Tech | June 9, 2016 - 01:42 AM |
Tagged: webgl, microsoft

Well that's something I never expected to write. It turns out that Microsoft has open-sourced a small portion of their Edge web browser. This is the part that binds OpenGL ES 2.0 functionality, implemented atop Direct3D in Edge, to JavaScript for websites to directly interact with the user's GPU (as opposed to hardware-accelerated CSS effects for instance).

Websites can use WebGL to share 3D objects in an interactive way, have interesting backgrounds and decorations, or even render a video game.

trident-fork.jpg

This is not an open-source build of Microsoft Edge, though. It doesn't have the project files to actually be built into something useful. Microsoft intends for it to be reference, at least for now they say. If you are interested in using or contributing to this project for some reason, their GitHub readme file asks you to contact them. As for me? I just think it's neat.

Mozilla Will Begin Electrolysis with Firefox 48

Subject: General Tech | June 9, 2016 - 01:08 AM |
Tagged: mozilla, firefox

Electrolysis (e10s) is Mozilla's codename for their multi-process initiative in Firefox. The main goal of this is to separate the content of the website from the user interface. This means that, if a site has long-running JavaScript or layout, Firefox will not lock up. This seems like a simple idea, except that it undoes over a decade of assumptions that were made during Firefox's development. Imagine, for instance, that you have an extensions which modifies both the browser UI as well as the page content -- that's a single script that needs to be run across multiple threads. Whoops!

Mozilla_Firefox_logo_2013.png

This roll-out won't necessarily be immediate, though. You can install Firefox 48 and, only some weeks later, get Electrolysis turned on retroactively. They are starting with about 1% of eligible users, which will ramp up to all eligible users over time or even be disabled if alarm bells start to ring.

Speaking of eligible users, there are quite a few conditions that will prevent you from getting Electrolysis. Namely, if you use extensions (it's unclear if they're talking about all extensions, or just ones that use certain APIs) then you will be kept on single-process. They don't specify why, but it could very well be the situation that I mentioned in the first paragraph.

Firefox 48 is scheduled to be released in six weeks (the first week of August).

GOG.com Commences Their Summer Sale

Subject: General Tech | June 9, 2016 - 12:32 AM |
Tagged: GOG, pc gaming

GOG.com has begun their Summer Sale, as of June 8th, and it has some fairly deep discounts in it. First, if you sign in to their GOG Galaxy client, they will gift you a free copy of System Shock 2. Second, The Witcher III is 50% off again, or you can get the game and all of its DLC for the price of the base game (which ends up working out to 33% off).

gog-2016-summersale.jpg

The top seller is the Homeworld Remastered Collection, which has been reduced to $17.49 USD (50%-off). You can also get either The SOLUS Project, which released this week, or The Witness for 15% off. Then we get to some of the game bundles, like all of the Tropicos or a bunch of Bullfrog titles for 80% off. You know how these digital game sales work.

They are also doing an XP system. If you buy games, check in, or do a few other actions, you can accumulate points that will unlock a handful of free games. The three that they're offering me are Spelunky, Gabriel Knight, and Dreamfall Chapters. I'm not sure if it's the same for everyone, though.

Source: GOG.com

Battlefield 1; faster bullets and slower truncheons

Subject: General Tech | June 8, 2016 - 04:18 PM |
Tagged: gaming, battlefield 1

It won't just be flamethrowers and HMG emplacements in Battlefield 1, you can expect shotguns, sniper rifles, submachine guns, LMGs and semi-automatic along with a variety of melee weapons to inflict pain with.  According to the information Rock, Paper, SHOTGUN garnered from the Q&A sessions that the developer hosted, bullet velocity will also be increased; not in a CoD way but to travel at speeds somewhat closer to reality.  There will also be tools for snipping barbed wire and possibly to damage light vehicles if the inference is correct ... and not referring to a horse.  Follow the link for an extremely short video of two weapons in action.

Battlfield102.jpg

"The weapons of Battlefield 1 are a bit more specialized,” Schimek said. “To get the most out of them, you have to be aware of their strengths and weaknesses, and use the right one in the right situation."

Here is some more Tech News from around the web:

Gaming

Hacking Android into an iPhone; sort of

Subject: General Tech | June 8, 2016 - 01:44 PM |
Tagged: hack, iphone, Android

It is more of a bootloader, in that a custom 3D printed iPhone case hides a device based around  LG Nexus 5 which plugs into the iPhone and allows you to launch Marshmallow 6.0.1 on your iPhone.  Once you unplug the lighting cable connection between the iPhone and the case your phone reverts to iOS, thus avoiding having to flash the protected innards of the phone.  The interface is described as somewhat laggy but it has a functional USB port, HDMI out and room for a microSD card.  This is the same fellow who managed to get Win95 running on an Apple Watch so we may read more about his rule breaking modifications at The Inquirer.

iphone-android-case-580x358.jpeg

"ANDROID RUNNING on an iPhone? Really? It's true. Sort of. The latest episode in our ongoing series of things running on other things is a doozy, the Holy Grail."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

E3 Demos Versus Released Games

Subject: General Tech | June 8, 2016 - 07:39 AM |
Tagged: E3

With E3 coming up, JohnGR pointed out a video in the comments of one of our E3 trailer posts that compares Ubisoft's demos with their released games. I tend to be relatively forgiving of these issues, personally, but the video is quite well done from an editing standpoint. It has quite a few moments of dry irony, especially with the contrast between the demo's busy audio sequences and the game section's silence.

We'll be seeing a lot of demos over the next handful of days. It's good to keep in mind that they are promotional snippets, either video or playable, that represent what the developer or publisher wants their game to be viewed as. Sometimes, it's just an overly optimistic view of what they can accomplish.

Mirror's Edge: Catalyst DRM Rumors Are Wrong

Subject: General Tech | June 7, 2016 - 08:42 PM |
Tagged: ea, dice, DRM, origin

GamersNexus wrote a piece that claimed Mirror's Edge: Catalyst has DRM that limits the number of hardware changes to four. According to an email from EA's press contact, it turns out that GamersNexus' article is not accurate. According to EA PR, if Origin detects five activations in a single day, the user will need to wait until 24 hours after their first activation to attempt again.

So you can change your hardware as many times as you want over the life of the game, just not more than four times in a single day, on a single account at least.

ea-2016-mirrorsedgecatalyst-error-gamersnexus-wrong.jpg

Image Credit: GamersNexus
This message didn't seem to say what they were implying it did. Turns out, it doesn't.

I decided to ask EA when I read the error message that GamersNexus posted -- the article's  interpretation didn't seem right. The wording was as follows: “Too many computers have accessed this account's version of Mirror's Edge(TM) Catalyst recently. Please try again later.” It seemed very odd to me that the wording “recently” and “Please try again later” would be attached to a permanent bricking of the game.

Again, it turns out that this is not the case, unless our press contact was not up to date about this specific title. As much as I dislike DRM, being a proponent of art preservation and archival, this part of Mirror's Edge's DRM should not affect the vast majority of users. This is something that should only affect people who are literally benchmarking a half-dozen (or so) graphics cards.

In short, it sounds like this is a non-issue after all.

Source: GamersNexus

The Vives are coming

Subject: General Tech | June 7, 2016 - 02:18 PM |
Tagged: htc, vive, VR

As of today if you order an HTC Vive VR Headset you should receive it mere days after you place your order, no longer is it a preorder process where you would need to wait an indeterminate amount of time.  The package will cost you  $799US or $1,149CAN so it is not quite an impulse buy but it certainly is very tempting.  You can order online or drop by a Microsoft Store, Gamestop or Micro Center if such things exist in your neighbourhood.  Al took a look at some of the technology in the Vive in this article, which is interesting to look at even if you can't quite afford one yet.

VR_Web_Product_HMD.png

"HTC ViveTM can now be purchased through www.vive.com in 24 countries, shipping within 2-3 business days of purchase. In addition to online availability from HTC, individuals can now buy the revolutionary Vive virtual reality system in select Microsoft Stores, GameStop and Micro Center locations. Pre-orders placed through these retailers will be fulfilled beginning this week."

Here is some more Tech News from around the web:

Tech Talk

Source: HTC

Even Mods Have Pre-E3 Trailers -- Skywind

Subject: General Tech | June 7, 2016 - 07:15 AM |
Tagged: skyrim, morrowind, elder scrolls, bethesda

TESRenewal Project is basically about taking earlier Elder Scrolls titles and bringing them to newer engines. Three mods are under the control at the moment: Skywind, which puts Morrowind into Skyrim; Skyblivion, which puts Oblivion into Skyrim; and Morroblivion, which puts Morrowind into Oblivion. Morroblivion is already out in the wild, with the latest release dating back to November, 2014, but the other two are being worked on behind closed doors.

They have now released a small update teaser video (above) -- less than two minutes long -- that shows off various environments (and the assets in them). Obviously, at this point, Skyrim is fairly old. It was released almost five years ago, and it still runs on DirectX 9. It is still very popular though, and what we can see from the trailer looks at least as good as Bethesda's default content.

bethesda-2016-skywind-mod.jpg

Skywind will be a non-commercial mod, although it will require both Skyrim, Morrowind, and their expansions (except Hearthfire) to play -- even though it doesn't use any Morrowind assets. This may or may not be a Bethesda requirement; they tend to be quite restrictive with their copyrights and trademarks. (The Mod Workshop payment issue, the Scrolls trademark issue, and the Fallout-posters fan site trademark issue all jump to mind.)

Either way, it will be free if you own both titles, and it looks like an interesting total conversion.

Yooka-Laylee Trailer for E3 2016 Released

Subject: General Tech | June 6, 2016 - 03:46 PM |
Tagged: windows, pc gaming, osx, linux

The next week-and-a-half should be good for video game enthusiasts. E3 2016 starts on June 14th, although EA, Bethesda, Microsoft, Ubisoft, Sony, and AMD (with PCGamer) have press conferences throughout the 12th and the 13th. Of course, not to get lost in the traffic, many entities are releasing their announcements prior to those conferences. For instance, Watch Dogs 2 will have a reveal on this Wednesday, June 8th, five days prior to Ubisoft's press conference.

This post is about a Kickstarter project called Yooka-Laylee, though. This title is being created by Playtonic Games, which contains several past employees of Rare, apparently to create a proper Banjo-Kazooie-style platform title. It raised over two million British Pounds (~3 million USD) and targeted an October 2016 release date. That has since slipped to Q1 2017, but that should be expected for a crowdfunding project, especially when the stretch goals start piling up. It is scheduled to be released on Windows, Mac, and Linux... and a few other boxes.

Of course, they couldn't resist making a Banjo-Kazooie: Nuts & Bolts joke at the end...

... I chuckled.

What did we just tell you about bloatware?! Now ASUS Live Update is the risk of the day

Subject: General Tech | June 6, 2016 - 02:26 PM |
Tagged: asus, bloatware, security

After last week when several laptop OEMs, including Lenovo once again, were caught installing highly insecure bloatware on their laptop you might hope that this week would be different.  Sadly you would be mistaken as once again software preinstalled on laptops is in the news.  In this case it is ASUS Live Update which transmits requests for updates in plain text and does not check any software updates which come back for authenticity.  This of course leaves you wide open for man in the middle attacks, where someone posing as those update servers could feed you whatever installation files they desired.  As the pull quote from The Inquirer below states, removing it immediately would be a very good idea.

a6e6087353a6c593afc6327b758650a6.jpg

"My advice to anyone who purchased an Asus device: remove LiveUpdate. It's really that simple. If you're an IT administrator, find devices making periodic calls to Asus's domains and blackhole them, get the user to come and see you,"

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Linux Gaming Is Growing on Us?

Subject: General Tech | June 6, 2016 - 07:46 AM |
Tagged: steam, pc gaming, linux

According to Phoronix, gaming on Linux has experienced exponential growth in recent times. Over the course of the last two years, Steam's catalog on the platform expanded from 500 games up to over 2200. This is a little over a 4.4x increase over two years. If I'm doing my high-school math correctly, and I seriously hope I am, this corresponds to an average increase of just under 2.1x year-over-year.

In other words, this is litearlly the trend, minus half-life. Snicker snicker snicker.

steam-os.png

The quantity of Linux's games catalog is a very different argument from its quality, of course. Still, you can find many interesting titles there. Valve has been porting their catalog to the OS, as have other, high-end titles, like Tomb Raider, Trine, Civilization V, Civilization: Beyond Earth, XCOM, and a couple Borderlands versions. If interested in specifics, and you enjoy a sense of humor like you would see on our PC Perspective Podcast, check out LinuxGameCast for their reviews of specific titles.

Source: Phoronix

A Potentially More Harmful Coil Whine Issue

Subject: General Tech | June 5, 2016 - 02:18 PM |
Tagged: security, Cyber Security, coil whine

As new hardware launches, many readers ask whether they produce any noticeable form of coil whine. For instance, this is an issue for graphics cards that are outputting a very high frame rate. The electronics create sound from the current oscillating as it flows through them. It can also be an issue for motherboards or power supplies as well. You can check out this fairly old video from LinusTechTips for a demonstration.

acm-2016-mic.jpg

Image Credit: ACM

It turns out that, because this whine is related to the signal flowing through the oscillating circuit, security researchers are looking into the types of information that can be inferred from the whine. In particular, the Association for Computing Machinery (ACM) published a paper called Physical Key Extraction Attacks on PCs. It discusses several methods of attacking a device, such as reading minor fluctuations in its grounding plug or monitoring induced radiation with an antenna. Its headlining method is “Acoustic” though, which listens to coil whine sound produced by the computer, as it decrypts RSA messages that are sent to it, to gather the RSA secret key from it.

While they have successfully demonstrated the attack using a parabolic microphone at 33ft away, and a second demonstration using a mobile phone at 1ft away, the news should be taken with a grain of salt. Mostly, it's just interesting to realize that there's nothing really special about a computer. All it does is stores and processes data on whatever physical state we have available in the world. Currently, that's almost always radio-frequency radiation flowing through semiconductors. Whatever we use will have consequences. For instance, as transistors get smaller, to push more complex signals through a given surface area and power, we'll eventually run out of atoms.

This is just another, often forgotten side-effect: electric signals induce the transfer of energy. It could be electromagnetic, acoustic, or even thermal. In the realm of security, this could, itself, carry some of the data that we attached to our world's state, and allow others to access it (or sometimes modify it) without our knowledge or consent.

DigitalFoundry Records The Witcher 3: Blood and Wine at 4K

Subject: General Tech | June 5, 2016 - 03:44 AM |
Tagged: pc gaming, The Witcher 3

The Witcher 3 is one of the best looking games available, and its final DLC, Blood and Wine, intended to raise that graphical bar slightly. Near the base game's initial launch, in early 2015, there was a bit of a controversy surrounding the image quality and how it sort-of rolled back. Righting this issue was apparently one of the design goals for this final DLC, leaving users with fonder memories of the title before CD Projekt Red moves onto newer projects. Granted, the memories weren't all that bad to begin with, but it was nice to address regardless.

cdprojekt-2016-witcher3-lastdlc.jpg

As you can see, this environment is bright, vibrant, and heavily saturated with color. The medieval city is alive with colored cobblestone, flowers, banners, and buildings all under a bright, blue sky. There was quite a bit of texture pop-in that I saw, even at 1080p, but it wasn't too distracting. This, again, is supposed to be the last time that CD Projekt adds substantial content to The Witcher franchise for the foreseeable future, but I hope that the mod community will keep the title alive.

Adobe XD Will Apparently Be a UWP Application

Subject: General Tech | June 4, 2016 - 10:55 PM |
Tagged: windows 10, uwp, Adobe

So a company, who refuses to port its applications to Linux, is experimenting with UWP for future products. Adobe's Experience Design (XD) CC is going to arrive on Windows later this year, and a representative from Adobe claimed on Twitter that it will use Microsoft's UWP platform. Granted, we're not talking about something like Photoshop or After Effects, but rather a UX mock-up tool, sort-of along the lines of Pencil Project.

It's unclear whether UWP will be a choice.

adobe-2016-xd.jpg

The logo looks like it's laughing at us with its tongue out.

I still find UWP a concern as Microsoft, while responding to some feedback, still has some key restrictions in play that limit free sharing. Until it becomes technically (or legally) unfeasible for Microsoft to lock down the platform, there will always be the concern that they could, for instance, revoke people's ability to develop software or remove (or prevent installation) of existing software. Even if they don't want to do it themselves, someone with authority over them may just compel it, such as a government who is against encryption.

If you build it, someone will abuse it. The only thing preventing Microsoft from realizing their Windows RT vision, if they still choose to, is the popularity of Win32 applications and how incompatible they are with that framework. We, as a society, want them to remain popular enough that Microsoft cannot afford to abandon it. They want to. They hate the stigma that Windows is where viruses are. That's reasonable, but they're not just throwing out the bathwater.

As an aside: they also want a platform that is less reliant upon x86, and could be recompiled for other hardware if Intel doesn't go where Microsoft wants to be. This is kind-of ironic if you think about it.

Source: WinBeta

LWJGL 3.0.0 Released

Subject: General Tech | June 4, 2016 - 09:29 PM |
Tagged: Java, lwjgl, vulkan

Don't be confused by the date on the LWJGL post -- its release date was June 3rd, as mentioned later in the thread, not February 27th. It looks like they disabled edit timestamps. Regardless, Lightweight Java Game Library (LWJGL) 3.0.0 was just released, which is a library that binds Java code to APIs that are, normally, not directly accessible through that platform.

To be clear: LWJGL is not a library like, say, Qt, which simplifies common tasks into classes. Its goal is to connect you to whatever API you need, and otherwise leave you alone. Unless you're the type who wants full control over everything, or you're actually making a framework yourself, you will want to use existing frameworks, engines, and/or middleware for your projects. The advantage, of course, is that these frameworks, engines, and middleware now have access to newer APIs, and can justify deprecating old features.

java-logo.png

This release adds Vulkan support, which will provide a high-performance (and high-efficiency) base to abstract many other graphics and GPU compute tasks on. DirectX 12 and Vulkan are still being worked on, as an industry, but its mechanism is theoretically better, especially with multiple threads (and multiple graphics devices). They basically add a graphics layer to a GPU compute-style API, basing everything on lists of commands that start and end wherever the host code desires.

While Java has been taking a massive hit in public opinion lately, it is still a good platform for some applications. Gaming seems to having a resurgence of native APIs, especially with “AAA” engines becoming available to the general public, but more frameworks isn't a bad thing.

Source: LWJGL

The Wit.nes Runs in an NES Emulator

Subject: General Tech | June 4, 2016 - 03:24 PM |
Tagged: nes, the witness, the wit.nes, pc gaming

The Witness, from Thekla Inc. and Jonathan Blow, caught the attention of a few of us at PC Perspective... mostly Allyn. Anywho, it's based on an island that you explore and solve puzzles along the way. I'm not talking about puzzles in the “Space Quest”, point-and-click adventure sense, but like, puzzles that you would expect to find in a newspaper, which unlock doors and turn on machinery when solved.

thewitness-2016-fan-NES-demake.png

If that sort of game is for you, then you might want to check out a “demake” of it, called The Wit.nes. It is created by an indie developer who goes by the name Dustmop, for NES emulators. Being a game that's based on the NES platform, the entire virtual ROM is currently 40KB. (NES titles varied between ~8kB and ~1MB). It plays from a top-down perspective in its exploration mode, rather than first-person for what should be obvious reasons, but the puzzles are apparently quite faithful to the original style.

It's free and small, so check it out at their Itch.io page if you're interested.

Just say no to Accelerator support applications; yet another Lenovo vulnerability

Subject: General Tech | June 3, 2016 - 04:10 PM |
Tagged: Lenovo, security, idiots, superfish

At some point they may learn but obviously not yet as Lenovo's Accelerator support application opens two vulnerabilities for systems with the application installed.  As it uses unencrypted transmissions during the update process and does not verify the application you receive you are vulnerable to man in the middle attacks.  There are 6 notebooks and 25 desktop lines with this issue, although ThinkPads and ThinkStations are not on the list.  If you have the software you should remove it immediately.  More over at The Register.

lenovo-03.jpg

"Duo Security researcher Mikhail Davidov reported the holes that would allow eavesdropping attackers to tap into Accelerator's unencrypted update channels to compromise users."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Podcast #402 - GTX 1070 Review, i7-6950X Review, AMD Radeon RX480, Aftermarket GTX 1080’s, Tiny SSDs, Computex 2016, and more!

Subject: General Tech | June 3, 2016 - 11:11 AM |
Tagged: zenfone 3, ssd, Samsung, rx480, ROG Rampage V Edition 10, podcast, PM971-NVMe, i7-6950X, gtx1080, GTX1070, computex 2016, Broadwell, Bristol Ridge, BGA, avalon, 1080, 1070

PC Perspective Podcast #402 - 06/03/2016

Join us this week as we discuss the GTX 1070 Review, i7-6950X Review, AMD Radeon RX480, Aftermarket GTX 1080’s, Tiny SSDs, Computex 2016, and more!

You can subscribe to us through iTunes and you can still access it directly through the RSS page HERE.

The URL for the podcast is: http://pcper.com/podcast - Share with your friends!

This episode of the PC Perspective Podcast is sponsored by Casper!

Hosts:  Ryan Shrout, Jeremy Hellstrom, Josh Walrath, Allyn Malventano, and Sebastian Peak

Program length: 2:02:07
  1. Week in Review:
  2. Casper!
  3. News items of interest:
    1. 1:12:09 Aftermarket GTX 1080s are here!
    2. 1:27:25 ASUS Computex 2016
  4. Hardware/Software Picks of the Week
    1. Allyn: Break down and organize / lookup all of those Amazon boxes.
  5. Closing/outro

Subscribe to the PC Perspective YouTube Channel for more videos, reviews and podcasts!!