Hackers Manage To Run Linux On a Nintendo Switch ( 119

Romain Dillet reports via TechCrunch: Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux. The group claims that Nintendo can't fix the vulnerability with future firmware patches. According to fail0verflow, there's a flaw in the boot ROM in Nvidia's Tegra X1 system-on-a-chip. When your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM). This code contains instructions about the booting process. It means that the boot ROM is stored on the chip when Nvidia manufactures it and it can't be altered in any way after that. Even if Nintendo issues a software update, this software update won't affect the boot ROM. And as the console loads the boot ROM immediately after pressing the power button, there's no way to bypass it. The only way to fix it would be to manufacture new Nvidia Tegra X1 chips. So it's possible that Nintendo asks Nvidia to fix the issue so that new consoles don't have this vulnerability.

Key iPhone Source Code Gets Posted On GitHub ( 188

Jason Koebler shares a report from Motherboard: An anonymous person posted what experts say is the source code for a core component of the iPhone's operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The code is for "iBoot," which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. It's the program that loads iOS, the very first process that runs when you turn on your iPhone. The code says it's for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11. Bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000. "This is the biggest leak in history," Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told Motherboard in an online chat. "It's a huge deal." Levin, along with a second security researcher familiar with iOS, says the code appears to be the real iBoot code because it aligns with the code he reverse engineered himself.

Windows 10 Will Soon Get Progressive Web Apps To Boost the Microsoft Store ( 152

The next major update to Windows 10 will bring Progressive Web Apps (PWAs) to the Microsoft Store. PWAs are websites (or web apps) which are implemented as native apps, and delivered just like a normal app through Windows 10's store. According to TechRadar, "The big advantages are that no platform-specific code is required, allowing devs to make apps that run across different platforms, and that PWAs are hosted on the developer's server, so can be updated directly from there (without having to push updates to the app store)." The other benefit for Microsoft is that they will be getting a bunch of new apps in Windows 10's store. From the report: As Microsoft explains in a blog post, these new web apps are built on a raft of nifty technologies -- including Service Worker, Fetch networking, Push notifications and more -- all of which will be enabled when EdgeHTML 17 (the next version of the rendering engine that powers the Edge browser) goes live in Windows 10 in the next big update. PWAs can be grabbed from the Microsoft Store as an AppX file, and will run in their own sandboxed container, without needing the browser to be open at all. As far as the user is concerned, they'll be just like any other app downloaded from the store. Microsoft says it is already experimenting with crawling and indexing PWAs from the web to pick out the quality offerings, which it will draft into the Microsoft Store. The firm has already combed through some 1.5 million web apps to pick out a small selection of PWAs for initial testing. As well as discovering apps via web crawling, developers will also be able to submit their offerings directly to Microsoft for approval.

What Apple's Battery Health 'Fix' Looks Like ( 69

Apple has released new battery health features in iOS 11.3 beta 2, which was seeded to developers today. BGR reports what those battery health functions look like, and how to disable power management if you're using an older iPhone: The feature is contained within a new "Battery Health" menu, which is under the "Battery" tab on iOS 11.3. The page only really has two fields: Maximum Capacity, which shows what percentage of the original charge your battery can still hold; and Peak Performance Capacity, which tells you if your phone's performance is being throttled due to the battery. Right now, there are no options to change anything within the menu. Maximum Capacity should be at 100% for newer phones, and it should fall down to around 80% over the course of about two years of normal use. A Redditor on the iOSBeta forum uploaded a photo of his iPhone 7, which is sitting at 87% capacity. That device still shows peak performance.

On older devices with a worse battery, the phone will show that reduced Maximum Capacity, as well as detail any performance slowdowns due to the decreased battery capacity. On devices that have weaker batteries, the Peak Performance Capability will change to read "This iPhone has experienced an unexpected shutdown because the battery was unable to deliver the necessary peak power. Performance management has been applied to help prevent this from happening again." A small blue hyperlink then says "Disable," which lets you manually turn off your iPhone's performance management.


Android Oreo Passes 1 Percent Adoption After 5 Months, Nougat Finally Takes First Place ( 98

According to Google's Platform Versions page, Android 8.0 Oreo mobile operating system finally has 1.1 percent adoption. Like Android Nougat before it, Android Oreo took five months to pass the 1 percent adoption mark. VentureBeat reports: On the bright side, Nougat this month has passed Marshmallow, meaning the second newest Android version is now the most widely used. The latest version of Android typically takes more than a year to become the most-used release, and so far it doesn't look like Oreo's story will be any different. Google's Platform Versions tool uses data gathered from the Google Play Store app, which requires Android 2.2 and above. This means devices running older versions are not included, nor are devices that don't have Google Play installed (such as many Android phones and tablets in China, Amazon's Fire line, and so on). Also, Android versions that have less than 0.1 percent adoption, such as Android 3.0 Honeycomb and Android 2.2 Froyo, are not listed. The two next-oldest Android versions are thus set to drop off the list sometime this year. The Android adoption order now stands as follows: Nougat in first place, Marshmallow in second place, Lollipop in third, KitKat in fourth, Jelly Bean in fifth, Oreo in sixth, ICS in seventh, and Gingerbread in last. All eyes are now on Oreo to see how slowly it can climb the ranks.

Why Windows Vista Ended Up Being a Mess ( 224

alaskana98 shares an article called "What Really Happened with Vista: An Insider's Retrospective." Ben Fathi, formerly a manager of various teams at Microsoft responsible for storage, file systems, high availability/clustering, file level network protocols, distributed file systems, and related technologies and later security, writes: Imagine supporting that same OS for a dozen years or more for a population of billions of customers, millions of companies, thousands of partners, hundreds of scenarios, and dozens of form factors -- and you'll begin to have an inkling of the support and compatibility nightmare. In hindsight, Linux has been more successful in this respect. The open source community and approach to software development is undoubtedly part of the solution. The modular and pluggable architecture of Unix/Linux is also a big architectural improvement in this respect. An organization, sooner or later, ships its org chart as its product; the Windows organization was no different. Open source doesn't have that problem...

I personally spent many years explaining to antivirus vendors why we would no longer allow them to "patch" kernel instructions and data structures in memory, why this was a security risk, and why they needed to use approved APIs going forward, that we would no longer support their legacy apps with deep hooks in the Windows kernel -- the same ones that hackers were using to attack consumer systems. Our "friends", the antivirus vendors, turned around and sued us, claiming we were blocking their livelihood and abusing our monopoly power! With friends like that, who needs enemies?

I like how the essay ends. "Was it an incredibly complex product with an amazingly huge ecosystem (the largest in the world at that time)? Yup, that it was. Could we have done better? Yup, you bet... Hindsight is 20/20."

Chrome OS Is Almost Ready To Replace Android On Tablets ( 61

Several news features rolling out to Chromebooks paint a picture of the future of Chrome OS as the rightful replacement for Android tablet software. Those include a new split-screen feature for multitasking while in tablet mode, and a screenshot feature borrowed from Android. The Verge reports: As it stands now, Chrome OS is very close to taking up the mantle there, and features like this push it ever closer to becoming the hybrid OS for all types of Google-powered screens. This has been in the works for quite a while as Google's Chrome and Android teams have coordinated closely to ensure the influx of low-cost, hybrid computing devices like 2-in-1 Chromebooks get the best of both worlds. There is, of course, Android app compatibility on Chrome OS, an initiative that first arrived somewhat half-baked last year and has taken months to fully jell as Google worked out the kinks. For instance, just last month Google added the ability for Android apps on Chromebooks run in the background. In July of last year, Google also began embarking on a touch-focused redesign of Chrome OS to make the software more functional in tablet mode. We're likely not getting the full-blown merging of the two divisions and their respective platforms anytime soon, or perhaps ever, as Google has played with the idea for years without ever seeming to decide that one platform should supersede the other. In essence, however, Android remains Google's dominant mobile OS, while Chrome OS has been taking on more responsibility as Chromebooks have steadily become more capable and tablet-like.

Microsoft Is Now Selling a Surface Laptop With An Intel Core m3 Processor For $799 ( 108

Microsoft has begun offering a lower specced Surface laptop running Windows 10 S and an Intel Core m3 processor. It's priced at $799, compared to the standard model's $999 price, and is only available in the platinum color configuration. Windows Central reports: The Intel Core m3 spec is paired with 4GB of RAM and 128GB Storage. This is definitely not a high-end model of the Surface Laptop, but it's still a premium one, with the same Alcantara fabric and high-quality display found on other Surface Laptop SKUs. Microsoft offers an Intel Core m3 model of the Surface Pro priced at $799 also, however that SKU doesn't come bundled with a keyboard or pen. At least with the Surface Laptop, you're getting a keyboard and trackpad in the box, so perhaps the Intel Core m3 Laptop is going to be the better choice for many. If you're looking for a straight laptop by Microsoft, that is. Some other specs include a 2256 x 1504 resolution display, Intel HD graphics 615, 720p webcam with Windows Hello face-authentication, Omnisonic speakers with Dolby Audio Premium, one full-size USB 3.0 port, Mini DisplayPort, headphone jack and Surface Connect port. The device measures in a 12.13 inches x 8.79 inches x 0.57 inches and weighs 2.76 pounds.
Operating Systems

Surpassing Windows 7's Market Share For the First Time, Windows 10 Now the Most Popular Desktop OS From Microsoft ( 166

Two and a half years after the company made it available to the general public, Windows 10 is now the most popular operating system from Microsoft, according to analytics firm StatCounter. From a report: Every month, StatCounter reports on the state of the desktop operating system market. Since October last year, the analyst company's figures have shown the gap between Windows 10 and Windows 7 narrowing. It looked as if the newer OS would overtake the older one in November, but that didn't happen, and it didn't happen in December either. However, in January, according to StatCounter, Windows 10 finally claimed the top spot. The latest figures show Windows 10 on 42.78 percent, up from 41.69 percent in December 2017. That's an increase of 1.09 percentage points.
Desktops (Apple)

Apple Still Aims To Allow iPad Apps To Run on Macs This Year ( 63

Apple's push for performance and security improvements over new features will also apply to this year's Mac software, Axios reported on Wednesday, but one key feature remains on the roadmap for 2018: The ability for Macs to run iPad apps. From the report: On the Mac side, this is taking the form of a new project around security as well as improvements in performance when waking and unlocking the system. While users would certainly welcome changes that make their systems run better and more securely, customers tend to be more motivated to make purchases based on new features rather than promised improvements around security or performance, which can be tough to judge. The signature new feature for the Mac -- the ability to run iPad apps -- is a significant undertaking that adds a high degree of complexity to this year's OS release.

US Government Investigates Apple Over iPhone Battery Slowdowns ( 123

An anonymous reader quotes a report from PhoneDog: The U.S. Department of Justice and the Securities and Exchange Commission are investigating Apple about its updates that slowed performance on iPhones with older batteries. Sources speaking to Bloomberg say that the agencies are looking into whether Apple violated securities laws regarding disclosures about its updates that throttled older iPhones. So far, the DOJ and SEC have requested information from Apple. Because the investigation is still early, it's unclear if the agencies will actually take an action against Apple. Apple apologized for not being more clear about its actions after the news of its performance-throttling updates came out, but we've still seen class action lawsuits and now this investigation come out. The good news is that Apple will be more transparent about iPhone battery health and performance in the future, but for now, it'll have to deal with the DOJ and SEC.

Apple is Postponing Release of New Features To iOS This Year To Focus on Reliability and Performance: Report ( 106

For a change, Apple plans to not push new features to iOS devices this year so that it could focus on reliability and quality of the software instead, Axios reported on Tuesday. From the report: Apple has been criticized of late, both for security issues and for a number of quality issues, as well as for how it handles battery issues on older devices. Software head Craig Federighi announced the revised plan to employees at a meeting earlier this month, shortly before he and some top lieutenants headed to a company offsite. Pushed into 2019 are a number of features including a refresh of the home screen and in-car user interfaces, improvements to core apps like mail and updates to the picture-taking, photo editing and sharing experiences.
Open Source

Linus Finally Releases Linux 4.15 Kernel, Blames Intel For Delay ( 55

An anonymous reader writes: Linus Torvalds has released Linux 4.15 following the lengthy development cycle due to the Spectre v2 and Meltdown CPU vulnerability mitigation work. This update comes with many kernel improvements including RISC-V architecture support, AMDGPU Display Code support, Intel Coffee Lake graphics support, and many other improvements.
"This obviously was not a pleasant release cycle, with the whole meltdown/spectre thing coming in in the middle of the cycle and not really gelling with our normal release cycle," Linus writes. "The extra two weeks were obviously mainly due to that whole timing issue... [T]he news cycle notwithstanding, the bulk of the 4.15 work is all the regular plodding 'boring' stuff. And I mean that in the best possible way. It may not be glamorous and get the headlines, but it's the bread and butter of kernel development, and is in many ways the really important stuff.

"Go forth and play with it, things actually look pretty good despite everything. And obviously this also means that the merge window for 4.16 is open... Hopefully we'll have a _normal_ and entirely boring release cycle for 4.16. Because boring really is good."

Apple Deprecates More Services In OS X Server ( 145

Long-time Slashdot reader HEMI426 writes: Long ago, Apple used to produce rack servers, and a special flavor of OS X for that hardware with extra, server-friendly features. After Apple got out of the rack server game, OS X Server soldiered on, with the occasional change in cost or distribution method.

The next stop on the long, slow death march of OS X Server is here. With a recent post to their knowledgebase, Apple states that almost all of the services not necessary for the management of networked Macs and other iDevices are being deprecated. These services will be hidden for new installs, and dropped in the future.

Apple writes that "those depending on them should consider alternatives, including hosted services."

OnePlus Is Again Sending User Data To a Chinese Company Without User Consent ( 152

In October 2017, a researcher caught OnePlus silently collecting all sorts of data from its users. Now, a new report says that there's still a OnePlus app that can grab data from the phone and send it to servers in China without a user's knowledge or express consent. BGR reports: The French security researcher hiding behind the name Elliot Alderson on Twitter detailed OnePlus's data collection practices back in October, and he has now discovered a strange file in the OnePlus clipboard app. A Badword.txt file contains various keywords, including "Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email," and others. The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in "in an obfuscated package which seems to be an #Android library from teddymobile." Now, TeddyMobile is a Chinese company that works with plenty of smartphone makers from China. The company seems to be able to recognize words and numbers in text messages. And OnePlus is apparently sending your phone's IMEI number to a TeddyMobile server, too. It looks like the TeddyMobile package might be able to grab all sorts of data from a phone. Even bank numbers are apparently recognized. OnePlus has yet to issue a statement on the matter.
Open Source

Are the BSDs Dying? Some Security Researchers Think So ( 196

itwbennett writes: The BSDs have lost the battle for mindshare to Linux, and that may well bode ill for the future sustainability of the BSDs as viable, secure operating systems, writes CSO's JM Porup. The reason why is a familiar refrain: more eyeballs mean more secure code. Porup cites the work of Ilja von Sprundel, director of penetration testing at IOActive, who, noting the "small number of reported BSD kernel vulnerabilities compared to Linux," dug into BSD source code. His search 'easily' turned up about 115 kernel bugs. Porup looks at the relative security of OpenBSD, FreeBSD and NetBSD, the effect on Mac OS, and why, despite FreeBSD's relative popularity, OpenBSD may be the most likely to survive.

Researchers Warn of Physics-Based Attacks On Sensors ( 85

chicksdaddy shares a report from The Security Ledger: Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. In an article in Communications of the ACM, researchers Kevin Fu of the University of Michigan and Wenyuan Xu of Zhejiang University warn that analog signals such as sound or electromagnetic waves can be used as part of "transduction attacks" to spoof data by exploiting the physics of sensors. Researchers say a "return to classic engineering approaches" is needed to cope with physics-based attacks on sensors and other embedded devices, including a focus on system-wide (versus component-specific) testing and the use of new manufacturing techniques to thwart certain types of transduction attacks.

"This is about uncovering the physics of cyber security and how some of the physical properties of systems have been abstracted to the point that we don't have a good way to describe the security of the system," Dr Fu told The Security Ledger in a conversation last week. That is particularly true of sensor driven systems, like those that will populate the Internet of Things. Cyberattacks typically target vulnerabilities in software such as buffer overflows or cross-site scripting. But transduction attacks target the physics of the hardware that underlies that software, including the circuit boards that discrete components are deployed on, or the materials that make up the components themselves. Although the attacks target vulnerabilities in the hardware, the consequences often arise as software systems, such as the improper functioning or denial of service to a sensor or actuator, the researchers said. Hardware and software have what might be considered a "social contract" that analog information captured by sensors will be rendered faithfully as it is transformed into binary data that software can interpret and act on it. But materials used to create sensors can be influenced by other phenomenon -- such as sound waves. Through the targeted use of such signals, the behavior of the sensor can be interfered with and even manipulated. "The problem starts with the mechanics or physics of the material and bubbles up into the operating system," Fu told The Security Ledger.

Operating Systems

Apple Prepares MacOS Users For Discontinuation of 32-Bit App Support ( 180

Last year, Apple announced that macOS High Sierra "will be the last macOS release to support 32-bit apps without compromise." Now, in the macOS High Sierra 10.13.4 beta, Apple is notifying users of the impending change, too. "To prepare for a future release of macOS in which 32-bit software will no longer run without compromise, starting in macOS High Sierra 10.13.4, a user is notified on the launch of an app that depends on 32-bit software. The alert appears only once per app," Apple says in the beta release notes. Ars Technica reports: When users attempt to launch a 32-bit app in 10.13.4, it will still launch, but it will do so with a warning message notifying the user that the app will eventually not be compatible with the operating system unless it is updated. This follows the same approach that Apple took with iOS, which completed its sunset of 32-bit app support with iOS 11 last fall. Developers and users curious about how this will play out will be able to look at the similar process in iOS for context. On January 1 of this year, Apple stopped accepting 32-bit app submissions in the Mac App Store. This June, the company will also stop accepting updates for existing 32-bit applications. iOS followed a similar progression, with 32-bit app submissions ending in February of 2015 and acceptance of app updates for 32-bit apps ending in June of 2015.

Scientists Develop Glucose-Tracking Smart Contact Lenses Comfortable Enough To Wear ( 35

A team of Korean scientists have developed a smart lens that could help diabetics track blood glucose levels while remaining stretchable enough to be comfortable and transparent enough to preserve vision. Engadget reports: The lens achieves its flexibility thanks to a design that puts its electronics into isolated pockets linked by stretchable conductors. There's also an elastic material in between that spreads the strain to prevent the electronics from breaking when you pinch the lens. And when the refractive indices all line up, you should get a lens that's as transparent as possible and largely stays out of your way. The sensor in question is straightforward: an LED light stays on as long as glucose levels are normal, and shuts off when something's wrong. Power comes through a metal nanofiber antenna that draws from a nearby power source coil. That's about the only major drawback -- the low conductivity of the antenna means that you can't just tuck the coil wherever it's convenient. The co-author of the study, Jang-Ung Park, told IEEE Spectrum that a commercial version of the contact lens should arrive within the next five years.
Operating Systems

Fitbit Will End Support For Pebble Smartwatches In June ( 93

Today, Fitbit announced that it will extend its support of the Pebble smartwatch ecosystem, including devices, software, and forums, until June 30, 2018. "During this time, we invite the Pebble community to explore how familiar highlights from the Pebble ecosystem are evolving on the Fitbit platform, from apps and clock faces to features and experiences," the company's blog post states. Ars Technica reports: Fitbit's invitation is a hopeful one for the company itself. After the buyout, members of the Pebble team helped Fitbit develop its own smartwatch OS that debuted on the $300 Fitbit Ionic last year. Fitbit is likely hoping that diehard members of the Pebble community, many of which developed apps and programs for the smartwatch platform, will try making similar programs for Fitbit's new wearable operating system. The Fitbit SDK is already quite accessible, allowing developers to sign up and start building programs using all-online tools. But in addition to the accessibility of the SDK, Fitbit wants to entice Pebble users with a discount: users with a valid Pebble device serial number can get $50 off a Fitbit Ionic smartwatch. It's currently the only device that runs Fitbit OS, and it's useful to have if you want to test out any apps made with the SDK. But for those who want nothing to do with Fitbit OS development and only care about how long their Pebbles will last, this news is bittersweet. According to Fitbit's announcement, Pebble devices will continue to work after June 30, but these features will stop working: the Pebble app store, the Pebble forum, voice recognition features, SMS and email replies, timeline pins from third-party apps (although calendar pins will still function), and the CloudPebble development tool.

Slashdot Top Deals