Subject: General Tech | July 5, 2016 - 02:13 AM | Scott Michaud
Tagged: symantec, security
I know that I've mention this in the past, and I'm not advocating running no antivirus software, but it's good to remember that you're using high-privileged software to load untrusted data. While mistakes can happen in any reasonably complex software, some companies are more complacent than others, and some design choices fail to respect the trust you have in them. Symantec, as far as I know, has one of the better reputations of security companies, but this flaw is terrible.
Basically, to detect malware that has been obfuscated by executable compression, antivirus software unpacks it themselves and looks. Symantec's solution runs in the kernel, allowing any malware that targets it to have kernel permissions. They were also using “at least” seven-year-old forks of open source libraries. Well... crap.
The bugs have been privately disclosed to Symantec, and fixed before Google went public. If you have any Symantec, or their consumer brand, Norton, software, then make sure it's up to date. Consumer software will have the fix pushed through LiveUpdate, but some some products, like Symantec Endpoint Protection and Symantec Protection for SharePoint Servers might require administrator action.
Subject: General Tech | July 4, 2016 - 01:08 PM | Jeremy Hellstrom
Tagged: andriod, keymaster, qualcomm, snapdragon, encryption
The only good news about this particular decryption hack requires physical access to your phone and as you should be aware once someone has your device in their hands all bets about security are off. The vulnerability exists on ARM-compatible Snapdragon system-on-chips and the TrustZone, a secure part of the chip which runs outside of the operating system and passes information pertaining to the encryption on your phone via the Qualcomm Secure Execution Environment.
It is possible to to exploit an Android kernel security vulnerability to load your own QSEE application which can then query the TrustZone for your unencrypted blob and RSA key. From there it is simply a matter of brute forcing the phones PIN or password which then allows you access to all the encrypted data on the device. The Register explains not only the vulnerability but also how TrustZone and KeyMaster work on your devices in this article.
"Essentially, if someone seizes your Qualcomm Snapdragon-powered phone, they can potentially decrypt its file system's contents with a friendly Python script without knowing your password or PIN."
Here is some more Tech News from around the web:
- Lenovo scrambling to get a fix for BIOS vuln @ The Register
- BlackBerry will release three more Android-powered smartphones @ The Inquirer
- Transcend Wifi SD Card Is A Tiny Linux Server @ Hack a Day
- 400 million Foxit users need to catch up with patched-up reader @ The Inquirer
- Ubuntu backs calls to wind down 32-bit Linux support @ The Inquirer
Subject: General Tech | July 2, 2016 - 10:38 PM | Scott Michaud
Tagged: microsoft, windows 10
So, despite announcing that they will reskin the Get Windows 10 notification four days ago, Microsoft will release another annoying Get Windows 10 campaign. Based on what looks like a Windows 8.x modern, full-screen prompt, Microsoft will post “Sorry to interrupt, but this is important. Windows 10 free upgrade offer ends July 29th.” It then has two buttons, Upgrade now and Remind me later, and two links, Notify me three more times and Do not notify me again.
It's interesting to see that this prompt looks like Windows 8.x, but will also appear on Windows 7 machines. It will probably be very jarring to a Windows 7 user to see the entire screen turn a slightly purple-ish blue in a UI style that you've never seen before, asking you to essentially flip your PC upside down. I would expect them to customize it for each platform, but meh.
Interestingly, Microsoft also lists the conditions that will prevent this prompt from occurring. If you have already tried Windows 10 on the machine, it will not ask you to upgrade back. This is what I would have expected all of Get Windows 10 to do, but, from experience, previous prompts didn't care if you already tried (and even activated) Windows 10. No, it would ask you again to go back. It will also honor all the other ways that you can disable Get Windows 10. They also say it will not appear if “You have a recent version of the Get Windows 10 app installed.” This confuses me, but I'll leave it here regardless.
Anywho, prepare to be annoyed one last time... or not. I don't know.
Subject: General Tech | July 2, 2016 - 09:21 PM | Scott Michaud
Tagged: valve, htc, steam, steamvr, vive, Oculus, oculus rift
According to the Steam Hardware Survey, the HTC Vive is dominating the Oculus Rift by more than a factor of two (0.15% to 0.06%). More-so, its rate of change is also double that of Oculus (0.06% to 0.03%). If these numbers are accurate, this means that the SteamVR is massively overtaking Oculus SDK in terms of both amount and rate of change.
Now the questions are “why?” and “what does that mean?”
The most obvious reason, to me, is that HTC has much better availability than Oculus. For the last month, they announced that the Vive ships within two-to-three business days. If you look at Oculus? The website tells you to expect it in August. It is currently the second day of July. While a month is not too long of a time to wait, it would make sense that a consumer would look at the two options and say “Yeah, the this week one, please.”
If that's the case, then the platform battle could be decided simply by retail availability. It wouldn't be decided by a Valve-developed first-party game. It wouldn't be decided by DRM locking games into an exclusive deal. It would simply be decided by “you can buy this one”. That is, unless Oculus ramps up production soon. At that point, we'll need to look back at hardware surveys (not just Steam's) and see what the split is. They could catch up. They could be left behind. Who knows? It could be another factor altogether.
For now, the Vive seems like it's the crowd favorite.
Subject: General Tech | July 2, 2016 - 02:21 AM | Scott Michaud
Tagged: valve, steam, linux
The current split of Steam users, according to the Steam Hardware Survey, is 95.5% for Windows, 3.6% for Mac OSX, and 0.8% for Linux. Phoronix reports that this does not count SteamOS, and there might be other “inaccuracies” with the survey, but the Linux figures are 0.04% less than they were before (a relative drop of about 4.8%).
Windows users are up, and Mac OSX is flat.
A 4.8% drop in a month isn't promising, but it's also not too concerning. If you were intending to target a platform with 0.8% marketshare, then you can benefit from the long shelf life that Linux provides. It's not like a publisher is counting on that platform to reach two-week launch window sales figures. We'll see if the pendulum will swing back in the future, especially if Valve creates compelling, new, first-party content for Linux. They seem to be waiting to put their full weight behind it.
Subject: General Tech | July 1, 2016 - 07:12 PM | Scott Michaud
Tagged: web browser, gecko, servo, Rust, mozilla, Samsung
No love for Windows at the moment, but Mozilla is showing previews of their new browser rendering engine, Servo. This one is developed in Rust, which is a highly parallel yet very memory safe language, which are two great features for a web browser, especially on mobile and multi-core desktops. You are currently able to pick it up on Mac and Linux, although it is not ready to be your primary browser yet. Windows and Android builds “should be available soon”.
Basically, Mozilla has been spending the last few years re-thinking how to design a web browser. Most Web standards are based on assumptions that the browser is going through a main loop, and that these items will occur in sequence. Back in 2013, most of the research was to see far a browser could travel into parallelization before compatibility just stops following. Samsung, who is obviously interested in smartphone technology, partnered with them, because it's easier to add more cores onto a mobile SoC than it is to make existing ones faster.
At the time, they weren't sure whether this research would be used to improve Gecko, the current rendering engine that has been around since Netscape 6, or create a suitable replacement for it. As far as I know, that decision has still not been made, but they also haven't bailed on it yet.
Perhaps we'll see a new wave of Web technology coming soon? Maybe even break up the Webkit monopoly that seems to be forming, led by iOS and Android devices?
Subject: General Tech | July 1, 2016 - 06:56 PM | Scott Michaud
Tagged: pc gaming
Awesome Games Done Quick is an organization that runs week-long, non-stop speedrun marathons for charity. This one benefits Doctors Without Borders, like the last three summer events. The last five Games Done Quick have raised a little under six million dollars, so this is a serious charity event.
The event starts this Sunday at 12:30pm EDT with a half-hour pre-show followed by an Any % run of Super Mario Sunshine for about an hour and a third, and that is followed by Zelda: A Link Between Worlds for about an hour and a half. Lots of PC games are included on their schedule too, including classics like Final Doom, Hexen, System Shock, and Serious Sam. It is scheduled to go, around the clock, until Saturday at just before midnight, plus or minus a few hours.
Subject: General Tech | June 30, 2016 - 04:53 PM | Jeremy Hellstrom
Tagged: 802.11ac Wave 2
Router firmware upgrades should be arriving soon to upgrade you to 802.11ac Wave 2. You may get support for MU-MIMO after upgrading and the new version could well double your bandwidth. It should also have less interference as it will make more use of the 5GHz channel and it will also include a new 160MHz channel. Keep an eye on your router manufacturers website and pop by The Inquirer for more information on the new standard.
"YOUR WIFI could be about to get a whole bunch faster as a new improved version of the current 802.11ac standard is coming to a router near you."
Here is some more Tech News from around the web:
- Distribution Release: Linux Mint 18 @ Linux.com
- The problem with Canada? The price of broadband is too damn high @ The Register
- Qualcomm's Snapdragon 820 CPU now supports Google's Tango AR platform @ The Inquirer
- Trans-Pacific FASTER fibre fires first photons, finally @ The Register
- Google OnHub Router of the Future @ Hardware Secrets
Subject: General Tech | June 30, 2016 - 10:35 AM | Ryan Shrout
Tagged: video, summer sale, steam, RX 490, rx 480, radeon, Polaris, podcast, matebook, Huawei, gtx 1060, amd
PC Perspective Podcast #406 - 06/30/2016
Join us this week as we discuss our AMD RX 480 review, the new Huawei MateBook, GTX 1060 and RX 490 leaks and more!
The URL for the podcast is: http://pcper.com/podcast - Share with your friends!
- iTunes - Subscribe to the podcast directly through the Store (audio only)
- Google Play - Subscribe to our audio podcast directly through Google Play!
- RSS - Subscribe through your regular RSS reader (audio only)
- MP3 - Direct download link to the MP3 file
This episode of the PC Perspective Podcast is sponsored by Lenovo!
Hosts: Ryan Shrout, Allyn Malventano, Jeremy Hellstrom, and Josh Walrath
Subject: General Tech | June 30, 2016 - 02:02 AM | Scott Michaud
Tagged: pc gaming, Nintendo
Okay, so I'm a week late on this, but what the heck. Dolphin 5.0 was released on their website. The project is a Wii and GameCube emulator that is available for Windows, Mac, and Linux. This version focuses on compatibility. They claim that about 85% of titles, including WiiWare and virtual-console games, can be played from start to finish, with about 14% of all titles doing so flawlessly.
That said, it also adds several performance features. They improved the JIT compiler, added texture pooling to prevent reloading the same texture over and over, and even added DirectX 12 support, although they don't elaborate on why that would be useful for this workload. While they have not extended support to Vulkan, they do use the “Approaching Zero Driver Overhead (AZDO)” features of OpenGL and its extensions to raise performance on other platforms.
The emulator is available at their website.