Subject: General Tech | July 5, 2016 - 12:32 PM | Jeremy Hellstrom
Tagged: security, Malware
Managing mobile devices in an enterprise environment is a nightmare, even with properly set up security polices and some sort of Mobile Device Manager. Security firm Skycure recently estimated one in every 200 devices is infected with some form of malware, which seems a bit low especially considering that some the devices tested had 290 apps installed. Infections of Android devices are most common but do not think for a moment that your iOS device is safe, it may only be half as likely to be compromised but it does indeed have serious vulnerabilities as well. Drop by The Register for a look at the numbers of bad apps on various stores.
"Researchers found enterprises have three unique infection instances with devices sporting an eye-watering average of 290 apps a piece."
Here is some more Tech News from around the web:
- A flexible nanoparticle sheet makes quantum dots brighter @ Nanotechweb
- MRI Software Bugs Could Upend Years Of Research @ Slashdot
- Viewsonic uses Raspberry Pi 3 to build low-cost thin client device @ The Inquirer
- DRAM and blast it: Micron staff face axe after flash woes @ The Register
- Win a Sapphire RX 480 Nitro @ Kitguru
Subject: General Tech, Storage | July 5, 2016 - 02:52 AM | Scott Michaud
Tagged: cassette, tape
Some old PCs didn't have storage, so users needed to add programs manually by typing in the source code. As The 8-Bit Guy explains, one of the first consumer solutions was to attach a cassette tape to the computer through analog audio cables. They would actually be programmed by pulsing electrical intensities, which would be interpreted as binary data, within the audio range. Near the end, he even plays a clip of normal data, and “fast loader” data.
He, and his co-hosts, talk about their experiences with the medium, such as using a two-deck cassette player to copy programs and share them with friends. It doesn't go too deep into the technology or the time period, unlike some of his previous videos, but it's still entertaining none-the-less.
Subject: General Tech | July 5, 2016 - 02:13 AM | Scott Michaud
Tagged: symantec, security
I know that I've mention this in the past, and I'm not advocating running no antivirus software, but it's good to remember that you're using high-privileged software to load untrusted data. While mistakes can happen in any reasonably complex software, some companies are more complacent than others, and some design choices fail to respect the trust you have in them. Symantec, as far as I know, has one of the better reputations of security companies, but this flaw is terrible.
Basically, to detect malware that has been obfuscated by executable compression, antivirus software unpacks it themselves and looks. Symantec's solution runs in the kernel, allowing any malware that targets it to have kernel permissions. They were also using “at least” seven-year-old forks of open source libraries. Well... crap.
The bugs have been privately disclosed to Symantec, and fixed before Google went public. If you have any Symantec, or their consumer brand, Norton, software, then make sure it's up to date. Consumer software will have the fix pushed through LiveUpdate, but some some products, like Symantec Endpoint Protection and Symantec Protection for SharePoint Servers might require administrator action.
Subject: General Tech | July 4, 2016 - 01:08 PM | Jeremy Hellstrom
Tagged: andriod, keymaster, qualcomm, snapdragon, encryption
The only good news about this particular decryption hack requires physical access to your phone and as you should be aware once someone has your device in their hands all bets about security are off. The vulnerability exists on ARM-compatible Snapdragon system-on-chips and the TrustZone, a secure part of the chip which runs outside of the operating system and passes information pertaining to the encryption on your phone via the Qualcomm Secure Execution Environment.
It is possible to to exploit an Android kernel security vulnerability to load your own QSEE application which can then query the TrustZone for your unencrypted blob and RSA key. From there it is simply a matter of brute forcing the phones PIN or password which then allows you access to all the encrypted data on the device. The Register explains not only the vulnerability but also how TrustZone and KeyMaster work on your devices in this article.
"Essentially, if someone seizes your Qualcomm Snapdragon-powered phone, they can potentially decrypt its file system's contents with a friendly Python script without knowing your password or PIN."
Here is some more Tech News from around the web:
- Lenovo scrambling to get a fix for BIOS vuln @ The Register
- BlackBerry will release three more Android-powered smartphones @ The Inquirer
- Transcend Wifi SD Card Is A Tiny Linux Server @ Hack a Day
- 400 million Foxit users need to catch up with patched-up reader @ The Inquirer
- Ubuntu backs calls to wind down 32-bit Linux support @ The Inquirer
Subject: General Tech | July 2, 2016 - 10:38 PM | Scott Michaud
Tagged: microsoft, windows 10
So, despite announcing that they will reskin the Get Windows 10 notification four days ago, Microsoft will release another annoying Get Windows 10 campaign. Based on what looks like a Windows 8.x modern, full-screen prompt, Microsoft will post “Sorry to interrupt, but this is important. Windows 10 free upgrade offer ends July 29th.” It then has two buttons, Upgrade now and Remind me later, and two links, Notify me three more times and Do not notify me again.
It's interesting to see that this prompt looks like Windows 8.x, but will also appear on Windows 7 machines. It will probably be very jarring to a Windows 7 user to see the entire screen turn a slightly purple-ish blue in a UI style that you've never seen before, asking you to essentially flip your PC upside down. I would expect them to customize it for each platform, but meh.
Interestingly, Microsoft also lists the conditions that will prevent this prompt from occurring. If you have already tried Windows 10 on the machine, it will not ask you to upgrade back. This is what I would have expected all of Get Windows 10 to do, but, from experience, previous prompts didn't care if you already tried (and even activated) Windows 10. No, it would ask you again to go back. It will also honor all the other ways that you can disable Get Windows 10. They also say it will not appear if “You have a recent version of the Get Windows 10 app installed.” This confuses me, but I'll leave it here regardless.
Anywho, prepare to be annoyed one last time... or not. I don't know.
Subject: General Tech | July 2, 2016 - 09:21 PM | Scott Michaud
Tagged: valve, htc, steam, steamvr, vive, Oculus, oculus rift
According to the Steam Hardware Survey, the HTC Vive is dominating the Oculus Rift by more than a factor of two (0.15% to 0.06%). More-so, its rate of change is also double that of Oculus (0.06% to 0.03%). If these numbers are accurate, this means that the SteamVR is massively overtaking Oculus SDK in terms of both amount and rate of change.
Now the questions are “why?” and “what does that mean?”
The most obvious reason, to me, is that HTC has much better availability than Oculus. For the last month, they announced that the Vive ships within two-to-three business days. If you look at Oculus? The website tells you to expect it in August. It is currently the second day of July. While a month is not too long of a time to wait, it would make sense that a consumer would look at the two options and say “Yeah, the this week one, please.”
If that's the case, then the platform battle could be decided simply by retail availability. It wouldn't be decided by a Valve-developed first-party game. It wouldn't be decided by DRM locking games into an exclusive deal. It would simply be decided by “you can buy this one”. That is, unless Oculus ramps up production soon. At that point, we'll need to look back at hardware surveys (not just Steam's) and see what the split is. They could catch up. They could be left behind. Who knows? It could be another factor altogether.
For now, the Vive seems like it's the crowd favorite.
Subject: General Tech | July 2, 2016 - 02:21 AM | Scott Michaud
Tagged: valve, steam, linux
The current split of Steam users, according to the Steam Hardware Survey, is 95.5% for Windows, 3.6% for Mac OSX, and 0.8% for Linux. Phoronix reports that this does not count SteamOS, and there might be other “inaccuracies” with the survey, but the Linux figures are 0.04% less than they were before (a relative drop of about 4.8%).
Windows users are up, and Mac OSX is flat.
A 4.8% drop in a month isn't promising, but it's also not too concerning. If you were intending to target a platform with 0.8% marketshare, then you can benefit from the long shelf life that Linux provides. It's not like a publisher is counting on that platform to reach two-week launch window sales figures. We'll see if the pendulum will swing back in the future, especially if Valve creates compelling, new, first-party content for Linux. They seem to be waiting to put their full weight behind it.
Subject: General Tech | July 1, 2016 - 07:12 PM | Scott Michaud
Tagged: web browser, gecko, servo, Rust, mozilla, Samsung
No love for Windows at the moment, but Mozilla is showing previews of their new browser rendering engine, Servo. This one is developed in Rust, which is a highly parallel yet very memory safe language, which are two great features for a web browser, especially on mobile and multi-core desktops. You are currently able to pick it up on Mac and Linux, although it is not ready to be your primary browser yet. Windows and Android builds “should be available soon”.
Basically, Mozilla has been spending the last few years re-thinking how to design a web browser. Most Web standards are based on assumptions that the browser is going through a main loop, and that these items will occur in sequence. Back in 2013, most of the research was to see far a browser could travel into parallelization before compatibility just stops following. Samsung, who is obviously interested in smartphone technology, partnered with them, because it's easier to add more cores onto a mobile SoC than it is to make existing ones faster.
At the time, they weren't sure whether this research would be used to improve Gecko, the current rendering engine that has been around since Netscape 6, or create a suitable replacement for it. As far as I know, that decision has still not been made, but they also haven't bailed on it yet.
Perhaps we'll see a new wave of Web technology coming soon? Maybe even break up the Webkit monopoly that seems to be forming, led by iOS and Android devices?
Subject: General Tech | July 1, 2016 - 06:56 PM | Scott Michaud
Tagged: pc gaming
Awesome Games Done Quick is an organization that runs week-long, non-stop speedrun marathons for charity. This one benefits Doctors Without Borders, like the last three summer events. The last five Games Done Quick have raised a little under six million dollars, so this is a serious charity event.
The event starts this Sunday at 12:30pm EDT with a half-hour pre-show followed by an Any % run of Super Mario Sunshine for about an hour and a third, and that is followed by Zelda: A Link Between Worlds for about an hour and a half. Lots of PC games are included on their schedule too, including classics like Final Doom, Hexen, System Shock, and Serious Sam. It is scheduled to go, around the clock, until Saturday at just before midnight, plus or minus a few hours.
Subject: General Tech | June 30, 2016 - 04:53 PM | Jeremy Hellstrom
Tagged: 802.11ac Wave 2
Router firmware upgrades should be arriving soon to upgrade you to 802.11ac Wave 2. You may get support for MU-MIMO after upgrading and the new version could well double your bandwidth. It should also have less interference as it will make more use of the 5GHz channel and it will also include a new 160MHz channel. Keep an eye on your router manufacturers website and pop by The Inquirer for more information on the new standard.
"YOUR WIFI could be about to get a whole bunch faster as a new improved version of the current 802.11ac standard is coming to a router near you."
Here is some more Tech News from around the web:
- Distribution Release: Linux Mint 18 @ Linux.com
- The problem with Canada? The price of broadband is too damn high @ The Register
- Qualcomm's Snapdragon 820 CPU now supports Google's Tango AR platform @ The Inquirer
- Trans-Pacific FASTER fibre fires first photons, finally @ The Register
- Google OnHub Router of the Future @ Hardware Secrets