Java Browser Plug-in Soon Killed Off by Oracle

Subject: General Tech | January 30, 2016 - 07:05 PM |
Tagged: web browser, web, shockwave flash, shockwave director, oracle, Java

After decades of semi-ubiquitous usage, Oracle has announced plans to stop providing the Java plug-in for web browsers. It will still be available in the upcoming Java 9 platform, but classified as a deprecated feature.

ie-wheeee-dead.jpg

This has nothing to do with JavaScript, which is a scripting language that web browsers use. JavaScript is not a plug-in, and it's very secure in terms of the machine the browsers run on. Pretty much all exploits that we see either trick the user to download and run a program, have them disclose sensitive information (passwords, identity, etc.) to the wrong people, try to make the browser impossible to use until it is shut down and restarted, or launch a plug-in that is the actual problem. The joke is “Java is to JavaScript as Car is to Carpet” -- but that's not true: cars often have carpets.

Java, Shockwave Director, and Shockwave Flash filled in a huge gap in Web standards during the late 90s and early 2000s. Plug-ins were about the only way to access files, per-pixel 2D animation functions, and even access to 3D graphics hardware. Web browsers can do almost all of that now, albeit file input and output is limited to individual files, because you don't want every website to be able to read and write files (and site-specific data lockers with APIs like IndexedDB and Web Storage) on the user's hard drive without the user's explicit control.

As such, browsers are trying to kill off native plug-ins. This could be a problem for games like Battlefield 3 and 4, which (Update Jan 30th @ 7:51pm: Used to... it's apparently been a while. Thanks wileecyte in the comments.) require plug-ins to launch the native application, but the browser vendors have been expressing their desires for quite some time. Even companies that are heavily invested in plug-ins for their products, like Oracle, are finally giving up.

Source: Ars Technica

So That's Where Jim Keller Went To... Tesla Motors...

Subject: General Tech, Processors, Mobile | January 29, 2016 - 05:28 PM |
Tagged: tesla, tesla motors, amd, Jim Keller, apple

Jim Keller, a huge name in the semiconductor industry for his work at AMD and Apple, recently left AMD before the launch of the Zen architecture. This made us nervous, because when a big name leaves a company before a product launch, it could either be that their work is complete... or they're evacuating before a stink-bomb detonates and the whole room smells like rotten eggs.

jim_keller.jpg

It turns out a third option is possible: Elon Musk offers you a job making autonomous vehicles. Jim Keller's job title at Tesla will be Vice President of Autopilot Hardware Engineering. I could see this position being enticing, to say the least, even if you are confident in your previous employer's upcoming product stack. It doesn't mean that AMD's Zen architecture will be either good or bad, but it nullifies the earlier predictions, when Jim Keller left AMD, at least until further notice.

We don't know who approached who, or when.

Another point of note: Tesla Motors currently uses NVIDIA Tegra SoCs in their cars, who are (obviously) competitors of Jim Keller's former employer, AMD. It sounds like Jim Keller is moving into a somewhat different role than he had at AMD and Apple, but it could be interesting if Tesla starts taking chip design in-house, to customize the chip to their specific needs, and take away responsibilities from NVIDIA.

The first time he was at AMD, he was the lead architecture of the Athlon 64 processor, and he co-authored x86-64. When he worked at Apple, he helped design the Apple A4 and A5 processors, which were the first two that Apple created in-house; the first three iPhone processors were Samsung SoCs.

Sharing is good ... until it starts eating your bandwidth

Subject: General Tech | January 29, 2016 - 02:32 PM |
Tagged: security, isp, wifi

ISPs have stumbled onto a new money making venture, renting out your wireless internet connection to third parties so that those companies can provide public WiFi to their customers.  Sources told The Inquirer that some ISPs already do this without informing their customers and that it will likely be a common industry practice by 2017.  Theoretically you are allowed to opt out but since your ISP may not have told their users they are doing this; how would the average customer know to request this be turned off?

This raises several concerns, especially here in North America thanks to our pathetic internet services.  Most users have a data cap and the ISPs have little reason to spend resources to properly monitor who is using the bandwidth, their customers or random passersby.  As well the speeds of most customers are low enough that they may see degradation of their service if numerous passersby connect to their WiFi.  Putting the monetary concerns to the side there are also serious security concerns.  Once a user has access to your WiFi router they are most of the way into your network and services such as UPnP and unprotected ports leave you vulnerable to attack.

Change the password your provider put on the router and consider reaching out to them to find out if you have been unwillingly sharing your bandwidth already, or if you might be doing so in the near future.

index.png

"Companies are going to be selling a lot more public Wi-Fi plans over the next few years and it's going to be home Wi-Fi users who'll be the backbone of the network, according to analysts from Juniper Research."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Looks like we've got a rat, the browser formerly known as IE is spilling the beans

Subject: General Tech | January 28, 2016 - 02:25 PM |
Tagged: Privacy, microsoft, edge

Microsoft is revisiting an old issue with private browsing which we have seen too many times unfortunately.  In 2010 Firefox's private browsing broke and left site visits on your computer and in 2013 Chrome went through the same issue.  More recently it was discovered that when Chrome interacted with an NVIDIA GPU, sites could also be retrieved.  Now it is Edge's turn, the browser stores your page visits in tables under <user>\appdata\local\microsoft\windows\history even when using InPrivate Mode.  This will be resolved soon but for now if you are secretly ... ah, shopping for a loved one you might want to use a different browser, VPN or other measure.  There is more info over at The Inquirer

one.jpg

"BURGEONING ORWELLIAN nightmare corporation Microsoft has once again been found lacking in the security department, this time for the new and improved Edge browser in Windows 10."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Podcast #384 - Corsair Carbide 600Q, GDDR5X, a Dual Fiji Graphics card and more!

Subject: General Tech | January 28, 2016 - 01:38 PM |
Tagged: podcast, video, corsair, carbide, 600q, 600c, gddr5x, jdec, amd, Fiji, fury x, fury x2, scythe, Ninja 4, logitech, g502 spectrum, Intel, Tigerlake, nzxt, Manta

PC Perspective Podcast #384 - 01/28/2016

Join us this week as we discuss the Corsair Carbide 600Q, GDDR5X, a Dual Fiji Graphics card and more!

You can subscribe to us through iTunes and you can still access it directly through the RSS page HERE.

The URL for the podcast is: http://pcper.com/podcast - Share with your friends!

Hosts: Ryan Shrout, Jeremy Hellstrom, Josh Walrath, and Allyn Malventano

Subscribe to the PC Perspective YouTube Channel for more videos, reviews and podcasts!!

Landlocked Homeworld; a glimpse at Kharak

Subject: General Tech | January 27, 2016 - 01:47 PM |
Tagged: gaming, Homeworld, Deserts of Kharak

The newest Homeworld game is a prequel covering how the fractious clans of Kharak fought over an ancient relic found in the deserts of their dying world, presumably the Mothership of the two previous Homeworld games.  From the trailers and descriptions provided in this Rock, Paper, SHOTGUN article the game will play very similarly to Homeworld, most of your assets will be restricted to hugging the ground but their is evidence of vertical terrain, flying units and perhaps even orbital units.  In exchange for that your carrier, the replacement Mothership in this game, it is mobile and heavily armed and so will play a big role in your strategy.  Read on to learn more about the game right here.

kharak3.jpg

"Homeworld: Deserts of Kharak [official site] is a prequel to the legendary Homeworld space real-time strategy games, but this time – heresy! – set on land, as the Kushan race battle angry clans to reclaim ancient technologies found on the sandy planet they currently call home."

Here is some more Tech News from around the web:

Gaming

Ever been so sick of a song you considered veering off the road to make it stop?

Subject: General Tech | January 27, 2016 - 01:24 PM |
Tagged: Usenix Enigma, security, iot

The good news is that this particular bug has been addressed but it does not make the vulnerability any less terrifying.  A mere 18 seconds of playtime on a compromised audio CD in your car is enough to insert the attack code and gain complete control over your cars computer controlled systems.  This particular vulnerability was discovered in 2010, long before the more recent vulnerabilities you would have seen all over various media.  You could shut off the engines, forcibly unlock the doors, interfere with steering and many other functions that could well cause serious damage at highway speeds or in other scenarios. 

When placing the blame, The Inquirer makes sure to point out that you should not look to the car companies as it is the software providers who are the source of the problem.  Thanks to various corporate policies no car company has access to all of the source code running in their products so a security audit will not help.  Even better is the inclusion of a government-mandated OBD-II port which allows complete control over your cars system; which you should not touch as simply plugging into it would be a crime in the USA.  There is some good news, this vulnerability resulted in Fiat Chrysler recalling 1.4 million cars at a cost of about a quarter of a billion dollars ... an expensive mistake that may convince them to change their software implementation processes.

enigma_logo_700x253.png

"The modern car's operating system is such a mess that researchers were once able to get complete control of a vehicle by playing a song laced with malicious code. Malware encoded in the track was executed after the file was loaded from a CD and processed by a buggy parser."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register
Author:
Manufacturer: Dell

Overview

Dell has never exactly been a brand that gamers gravitate towards. While we have seen some very high quality products out of Dell in the past few years, including the new XPS 13, and people have loved their Ultrasharp monitor line, neither of these target gamers directly. Dell acquired Alienware in 2006 in order to enter the gaming market and continues to make some great products, but they retain the Alienware branding. It seems to me a gaming-centric notebook with just the Dell brand could be a hard sell.

However, that's exactly what we have today with the Dell Inspiron 15 7000. Equipped with an Intel Core i5-6300HQ and NVIDIA GTX 960M for $799, has Dell created a contender in the entry-level gaming notebook race?

IMG_4126.JPG

For years, the Inspiron line has been Dell's entry level option for notebooks and subsequently has a questionable reputation as far as quality and lifespan. With the Inspiron 15 7000 being the most expensive product offering in the Inspiron line though, I was excited to see if it could sway my opinion of the brand.

Click here to continue reading about the Dell Inspiron 15 7000!

New, from the company that brought you SuperFish ...

Subject: General Tech | January 26, 2016 - 12:13 PM |
Tagged: security, Lenovo, idiots

Lenovo chose the third most popular password of 2015 to secure its ShareIT for Windows application and for bonus points have made it hard coded, which there is utterly no excuse for in this day and age.  If you aren't familiar with the software, it is another Dropbox type app which allows you to share files and folders, apparently with anyone now that this password ridiculousness has been exposed.  As you read on at The Inquirer the story gets even better, files are transferred in the clear without any encryption and it even creates an open WiFi hotspot for you, to make sharing your files even easier for all and sundry.  There are more than enough unintentional vulnerabilities in software and hardware, we really don't need companies programming them in on purpose.  If you have ShareIT, you should probably DumpIT.

***Update***

We received word that there is an updated version of ShareIT available for those who do use the app and would like to continue to do so.

They can also access the latest versions which are posted and available for download on the Lenovo site. The updated Android version of SHAREit is also available for download on the Google Play store. Please visit the Lenovo security advisory page for the latest information and updates: (https://support.lenovo.com/us/en/product_security/len_4058)

10574265464_449a1b2b96_b.jpg

"HOLY COW! Lenovo may have lost its mind. The firm has created vulnerabilities in ShareIT that could be exploited by anyone who can guess that '12345678' could be a password."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Have you tried the Steam Controller yet?

Subject: General Tech | January 25, 2016 - 01:27 PM |
Tagged: input, Steam Controller

The claims seem suspect; how exactly can a Steam Controller replace a mouse and keyboard when gaming?  That suspicion is being tested over at The Tech Report who recently tried out Valve's new Steam Controller, comparing it not only to a standard PC input setup but also to a XBox controller.  For the test they used Rocket League, Team Fortress 2, Just Cause 3, and Helldivers with mixed results.  In the end the Steam Controller was just not as useful as the Logitech M570 trackball, wireless keyboard, and Xbox 360 controller the reviewer is used to.  That said, with a lot of practice and time spent tweaking your input profiles you could find the Steam Controller is for you ... if you want it.

steamdesk_thumb.png

"Valve's Steam Controller is supposed to obviate the mouse and keyboard for PC gaming in the living room. We put our thumbs on the Steam Controller's twin trackpads and took it for a spin to see whether it does the job."

Here is some more Tech News from around the web:

Tech Talk