Security

In Apple Mail, There's No Protecting PGP-Encrypted Messages (theintercept.com) 24

It has been nearly two weeks since researchers unveiled "EFAIL," a set of critical software vulnerabilities that allow encrypted email messages to be stolen from within the inbox. The Intercept reports that developers of email clients and encryption plugins are still scrambling to come up with a permanent fix. From the report: Apple Mail is the email client that comes free with every Mac computer, and an open source project called GPGTools allows Apple Mail to smoothly encrypt and decrypt messages using the 23-year-old PGP standard. The day the EFAIL paper was published, GPGTools instructed users to workaround EFAIL by changing a setting in Apple Mail to disable loading remote content. Similarly, the creator of PGP, Phil Zimmermann, co-signed a blog post Thursday stating that EFAIL was "easy to mitigate" by disabling the loading of remote content in GPGTools. But even if you follow this advice and disable remote content, Apple Mail and GPGTools are still vulnerable to EFAIL.

I developed a proof-of-concept exploit that works against Apple Mail and GPGTools even when remote content loading is disabled (German security researcher Hanno Bock also deserves much of the credit for this exploit, more on that below). I have reported the vulnerability to the GPGTools developers, and they are actively working on an update that they plan on releasing soon.

Desktops (Apple)

Razer Slims Down Blade, Debuts MacOS-Compatible eGPU Enclosure (arstechnica.com) 40

An anonymous reader quotes a report from Ars Technica: Today, Razer debuted big updates to its Razer Blade laptop, focusing on design and performance to usher the gaming notebook into 2018. While the new Blade still looks unmistakably "Razer," its design has changed dramatically for the better. Razer upped the screen size from 14 inches to 15.6 inches, reducing the surrounding bezels to just 4.9mm so that the device fits in with the other nearly bezel-less ultrabooks popular today. Razer is offering 1080p 60Hz or 144Hz panels, along with a 4K touchscreen option as well. The larger display panel makes the laptop slightly heavier than its predecessor, and it's a bit wider overall, too (4.7 pounds and 9.3 inches, respectively). However, the slimmer bezels, sharper edges, and aluminum unibody make the new Razer Blade look like a clear upgrade from the previous model.

Another new addition to the Razer lineup is the Core X, a Thunderbolt 3 external graphics enclosure with space for large, three-slot wide graphics cards. The Core X joins the Core V2 graphics enclosure as one of Razer's solutions for gamers who want to add desktop-like graphics power to their laptops -- and it's more affordable than the V2 as well. While it's a bit stockier than Razer's existing enclosure, the Core X has an aluminum body with open vents to properly handle heat, regardless of the task at hand. The Core X connects to a compatible notebook through one Thunderbolt 3 port, providing eGPU access and 100W of power thanks to its 650 ATX power supply. It's both cheaper and seemingly easier to use than the V2, but that comes with some compromises: the Core X doesn't have Chroma lighting, and it lacks USB and Ethernet ports.
Some other specs of the new Blade include a Intel Core i7-8750H processor, Nvidia GTX 1060 or 1070 with Max-Q graphics, up to 32GB of RAM, up to 2TB of PCIe-based SSD, and 80Whr battery. There are three USB-A 3.1 ports, one proprietary charging port, one Thunderbolt 3 port, a Mini DisplayPort, and an HDMI port.
Businesses

Twitter Is Killing Several of Its TV Apps, Too (techcrunch.com) 29

Twitter is shutting down its TV apps on Roku, Android TV and Xbox starting on May 24, the company announced this morning. From a report: The news of the apps' closure comes at a time when Twitter is now trying to steer its users to its first-party mobile apps and its desktop website by killing off apps used by a minority of its user base -- like the Twitter for Mac app it shut down earlier this year. And more recently, it has attempted to kill off popular third-party Mac apps with a series of unfriendly API changes.

It's unclear why this has become Twitter's agenda. While it can be a burden for a company to support a broader ecosystem of apps where some only have a niche audience, in some cases those "niche" users are also the most influential and heavy users. And arguably, anyone launching Twitter's app on their TV must be a die-hard user -- because who is really watching that much Twitter on their TV?

Transportation

Tesla's Engineering Chief Takes Leave of Absence (wsj.com) 57

Tesla's senior vice president of engineering, Doug Field, is taking a leave of absence from the company (Warning: source may be paywalled; alternative source) at a crucial moment when the electric-car maker is struggling to boost production of the Model 3 sedan. While Tesla declined to say when he would come back, one person familiar with the matter described the absence as a "six-week sabbatical." The Wall Street Journal reports: Mr. Field has been a key leader at Silicon Valley auto maker since joining in 2013 from Apple. He oversees the engineering of Tesla's vehicles, and last year he was also given oversight of production to better align the two efforts. That changed this spring when Chief Executive Elon Musk acknowledge he retook control of production. The Silicon Valley auto maker is at a critical juncture as it tries to produce enough Model 3 cars to generate cash to fund the business and instill confidence in investors the company can create its first mass-market vehicle.

Tesla has a history of key executives departing on so-called sabbaticals. Jerome Guillen, Tesla's current vice president of truck and programs, for example, took a sabbatical in 2015 from his role as vice president of worldwide sales and service only to return in the new role. He had led development of the Model S sedan. The hiring of Mr. Field from Apple, where he was vice president of Mac hardware engineering, was touted as a win for Mr. Musk who had big ambitions for the electric-car company. Mr. Field had also worked at Ford and Segway, giving him unique experience in both the tech and autos industry.

Firefox

Firefox Moves Browsers Into Post-Password Future With WebAuthn Tech (cnet.com) 132

Today, Mozilla released Firefox 60 for Windows, Mac, Linux and Android, and with it arrives Web Authentication API for desktop browsers. From a report: Firefox 60 supports technology called Web Authentication, or WebAuthn for short, that can be used to grant you access to websites with a physical authentication device like a YubiKey dongle, biometric identity proof using an Android phone's fingerprint reader or the iPhone's Face ID, and some other alternatives to passwords.

Passwords are a particular problem on the web. Fake websites can coax you to type in credentials that then can be used to steal money from your bank account or snoop your email -- a problem called phishing. Even if you pick hard-to-guess passwords, never reuse them on multiple sites and always remember them, passwords still aren't that strong a foundation for security these days. We're still a long way away from a post-password future, but WebAuthn is an important step, if nothing else, in making sites more secure.

Unix

Windows Notepad Finally Supports Unix, Mac OS Line Endings (theregister.co.uk) 291

Microsoft's text editing app, Notepad, which has been shipping with Windows since version 1.0 in 1985, now supports line endings in text files created on Linux, Unix, Mac OS, and macOS devices. "This has been a major annoyance for developers, IT Pros, administrators, and end users throughout the community," Microsoft said in a blog post today. The Register reports: Notepad previously recognized only the Windows End of Line (EOL) characters, specifically Carriage Return (CR, \r, 0x0d) and Line Feed (LF, \n, 0x0a) together. For old-school Mac OS, the EOL character is just Carriage Return (CR, \r, 0x0d) and for Linux/Unix it's just Line Feed (LF, \n, 0x0a). Modern macOS, since Mac OS X, follows the Unix convention. Opening a file written on macOS, Mac OS, Linux, or Unix-flavored computers in Windows Notepad therefore looked like a long wall of text with no separation between paragraphs and lines. Relief arrives in the current Windows 10 Insider Build.

Notepad will continue to output CRLF as its EOL character by default. It's not changing its stripes entirely. But it will retain the formatting of the files it opens so users will be able to view, edit and print text files with non-Windows line ends. Microsoft has thoughtfully provided an out for Windows users counting on the app's past inflexibility: the new behavior can be undone with a registry key change.

Chrome

You Can Now Run Linux Apps On Chrome OS (venturebeat.com) 106

Google today announced Chrome OS is getting Linux support. "As a result, Chromebooks will soon be able to run Linux apps and execute Linux commands," reports VentureBeat. "A preview of Linux on the Pixelbook will be released first, with support for more devices coming soon." From the report: "Just go to wherever you normally get those apps, whether it's on the websites or through apt-get in the Linux terminal, and seamless get those apps like any other Linux distribution," Chrome OS director of product management Kan Liu told VentureBeat.

Support for Linux apps means developers will finally be able to use a Google device to develop for Google's platforms, rather than having to depend on Windows, Mac, or Linux machines. And because Chrome OS doesn't just run Chrome OS-specific apps anymore, developers will be able to create, test, and run any Android or web app for phones, tablets, and laptops all on their Chromebooks. Without having to switch devices, you can run your favorite IDE -- as long as there is a Debian Linux version (for the curious, Google is specifically using Debian Stretch here -- code in your favorite language and launch projects to Google Cloud with the command line.

IOS

iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access (macrumors.com) 268

hyperclocker shares a report from Mac Rumors: The iOS 11.4 update, currently being beta tested, includes a USB Restricted Mode that introduces a week-long expiration date on access to the Lightning port on your iOS devices if your phone hasn't been unlocked, which has implications for law enforcement tools like the GrayKey box. USB Restricted Mode was outlined this morning by Elcomsoft after testing confirmed that the feature has indeed been enabled. In Elcomsoft's experience, after an iPhone or iPad has been updated to iOS 11.4, if it hasn't been unlocked or connected to a paired computer in the last 7 days using a passcode, the Lightning port is useless for data access and limited to charging.

"At this point, it is still unclear whether the USB port is blocked if the device has not been unlocked with a passcode for 7 consecutive days; if the device has not been unlocked at all (password or biometrics); or if the device has not been unlocked or connected to a trusted USB device or computer," reports Elcomsoft. "In our test, we were able to confirm the USB lock after the device has been left idle for 7 days. During this period, we have not tried to unlock the device with Touch ID or connect it to a paired USB device. What we do know, however, is that after the 7 days the Lightning port is only good for charging."

iMac

Apple's iMac Turns 20 Years Old (cnn.com) 127

Twenty years ago on May 6, 1998, Steve Jobs unveiled the iMac for the first time. Current CEO Tim Cook shared footage from the event on Twitter Sunday. It shows Jobs describing the $1,299 iMac as an impossibly futuristic device. CNNMoney reports: "The whole thing is translucent, you can see into it. It's so cool," Jobs gushes. He points to a handle that allows the computer's owner to easily lift the device, which is about the size of a modern microwave oven. He takes a jab at the competition: "The back of this thing looks better than the front of the other guy's, by the way." In January 1999, less than a year after the iMac's debut, Apple more than tripled its quarterly profit.

The San Francisco Chronicle declared Apple was "cashing in on insatiable demand for its new space-age iMac computer." For the next decade, Jobs kept the new "i" products coming. Today, the iMac is in its seventh generation and is virtually unrecognizable from its ancestor. An Apple spokesperson notes an "iMac today consumes up to 96% less energy in sleep mode than the first generation."
Some of the original iMac's tech specs include: PowerPC G3 processor clocked at 233MHz, 15-inch display with 1,024x768 resolution, two USB ports and Ethernet with a built-in software modem, 4GB hard drive, 32MB of RAM (expandable to 128MB), 24x CD-ROM drive, built-in stereo speakers with SRS sound, Apple-designed USB keyboard and mouse, and Mac OS 8.1.
Facebook

Facebook Placed An Employee Who Harvested User Data For Cambridge Analytica On Leave (buzzfeed.com) 38

Ryan Mac, reporting for BuzzFeed News: A Facebook employee, who helped harvest and sell data from millions of users of the social network for political consulting firm Cambridge Analytica in a previous job, has quietly been placed on administrative leave by the Menlo Park, California-based company. Joseph Chancellor, a quantitative social psychologist for Facebook, has been on leave for a few weeks following revelations of his role in a data privacy scandal that has rocked the Silicon Valley giant, according to two sources familiar with the situation.

In March, it was revealed that Cambridge Analytica, a consulting company that did elections work for Republican presidential candidates Ted Cruz, Ben Carson, and Donald Trump, inappropriately obtained user data from a third-party app developer. That app company, Global Science Research (GSR), was founded by Chancellor and his research partner Aleksandr Kogan, and obtained Facebook user data on up to 87 million people.

The Internet

Mosaic, the First HTML Browser That Could Display Images Alongside Text, Turns 25 (wired.com) 132

NCSA Mosaic 1.0, the first web browser to achieve popularity among the general public, was released on April 22, 1993. It was developed by a team of students at the University of Illinois' National Center for Supercomputing Applications (NCSA), and had the ability to display text and images inline, meaning you could put pictures and text on the same page together, in the same window. Wired reports: It was a radical step forward for the web, which was at that point, a rather dull experience. It took the boring "document" layout of your standard web page and transformed it into something much more visually exciting, like a magazine. And, wow, it was easy. If you wanted to go somewhere, you just clicked. Links were blue and underlined, easy to pick out. You could follow your own virtual trail of breadcrumbs backwards by clicking the big button up there in the corner. At the time of its release, NCSA Mosaic was free software, but it was available only on Unix. That made it common at universities and institutions, but not on Windows desktops in people's homes.

The NCSA team put out Windows and Mac versions in late 1993. They were also released under a noncommercial software license, meaning people at home could download it for free. The installer was very simple, making it easy for just about anyone to get up and running on the web. It was then that the excitement really began to spread. Mosaic made the web come to life with color and images, something that, for many people, finally provided the online experience they were missing. It made the web a pleasure to use.

Open Source

Apple Open Sources FoundationDB (macrumors.com) 50

Apple's FoundationDB company announced on Thursday that the FoundationDB core has been open sourced with the goal of building an open community with all major development done in the open. The database company was purchased by Apple back in 2015. As described in the announcement, FoundationDB is a distributed datastore that's been designed from the ground up to be deployed on clusters of commodity hardware. Mac Rumors reports: By open sourcing the project to drive development, FoundationDB is aiming to become "the foundation of the next generation of distributed databases: "The vision of FoundationDB is to start with a simple, powerful core and extend it through the addition of "layers". The key-value store, which is open sourced today, is the core, focused on incorporating only features that aren't possible to write in layers. Layers extend that core by adding features to model specific types of data and handle their access patterns. The fundamental architecture of FoundationDB, including its use of layers, promotes the best practices of scalable and manageable systems. By running multiple layers on a single cluster (for example a document store layer and a graph layer), you can match your specific applications to the best data model. Running less infrastructure reduces your organization's operational and technical overhead." The source for FoundationDB is available on Github, and those who wish to join the project are encouraged to visit the FoundationDB community forums, submit bugs, and make contributions to the core software and documentation.
Iphone

New iPhone SE Could Launch In May With Touch ID and A10 Fusion, Without 3.5mm Headphone Jack (macrumors.com) 129

Mac Rumors reports, citing Japanese website Mac Otakara, that Apple will release an updated iPhone SE next month with a similar form factor as the previous model. It is expected to retain Touch ID, but will drop the 3.5mm headphone jack. From the report: Also like the iPhone 7 and iPhone 7 Plus, the new iPhone SE will supposedly be powered by Apple's last-generation A10 Fusion chip, up to 40 percent faster than the A9 processor in the current iPhone SE. The chip will likely enable support for the HEIF image format and HEVC video compression standard. The report speculates that the new iPhone SE may have a glass back with wireless charging capabilities, like the iPhone 8, iPhone 8 Plus, and iPhone X, but evidence is said to be inconclusive at this time.
Desktops (Apple)

Users Complain About Installation Issues With macOS 10.13.4 (theregister.co.uk) 90

An anonymous reader shares a report: The 10.13.4 update for macOS High Sierra is recommended for all users, and was emitted at the end of March promising to "improve stability, performance, and security of your Mac." But geek support sites have started filling up with people complaining that it had the opposite effect: killing their computer with messages that "the macOS installation couldn't be completed."

The initial install appears to be working fine, but when users go to shutdown or reboot an upgraded system, it goes into recovery mode. According to numerous reports, there doesn't appear to be anything wrong with users' Macs -- internal drives report that they're fine. And the issue is affecting a range of different Apple-branded computers from different years. Some have been successful in getting 10.13.4 to install by launching from Safe Mode, but others haven't and are deciding to roll back and stick with 10.13.3 until Apple puts out a new update that will fix whatever the issue is while claiming it has nothing to do with it.

Desktops (Apple)

Users Don't Want iOS To Merge With MacOS, Apple Chief Tim Cook Says (smh.com.au) 156

Rebutting a widespread speculation, Apple chief executive Tim Cook said the company is not working toward building an operating system that both Macs and iPhones could share. From his interview on Sydney Morning Herald: Later, when I ask about the divide between the Mac and iOS, which seems almost conservative when compared to Microsoft's convertible Windows 10 strategy, Cook gives an interesting response. "We don't believe in sort of watering down one for the other. Both [The Mac and iPad] are incredible. One of the reasons that both of them are incredible is because we pushed them to do what they do well. And if you begin to merge the two ... you begin to make trade offs and compromises. "So maybe the company would be more efficient at the end of the day. But that's not what it's about. You know it's about giving people things that they can then use to help them change the world or express their passion or express their creativity. So this merger thing that some folks are fixated on, I don't think that's what users want." A surprising comment, considering rumours from well-connected reporter Mark Gurman of Bloomberg, who wrote the company is working on a project called "Marzipan", which involves merging the codebase of macOS and iOS apps.
Microsoft

Microsoft Drops OneNote From Office, Pushes Users To Windows 10 Version (venturebeat.com) 72

An anonymous reader writes: Microsoft is making big changes to OneNote for Windows: The desktop app will no longer be included in Microsoft Office. Instead, OneNote for Windows 10, the UWP app, will be the default OneNote experience for both Office 365 and Office 2019. OneNote for Mac, Android, iOS, and the web are unaffected. The move shouldn't be a huge surprise for those paying close attention to OneNote's development. Back in February 2015, Microsoft made OneNote for Windows completely free by removing all feature restrictions. This untethering of OneNote from Office meant users could download OneNote 2013 for Windows 7 and Windows 8 without having to pay for Office 2013.
The Internet

Chrome 66 Arrives With Autoplaying Content Blocked By Default (venturebeat.com) 88

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 66 for Windows, Mac, Linux, and Android. The desktop release includes autoplaying content muted by default, security improvements, and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. In our tests, autoplaying content that is muted still plays automatically. Autoplaying content with sound, whether it has visible controls or not, and whether it is set to play on loop or not, simply does not start playing. Note that this is all encompassing -- even autoplaying content you are expecting or is the main focus of the page does not play. YouTube videos, for example, no longer start playing automatically. And in case that's not enough, or if a page somehow circumvents the autoplaying block, you can still mute whole websites.
Google

'A Fresh, Clean Look.' Gmail Is About To Get a Makeover (fortune.com) 149

Google says it is working on a big refresh for Gmail on the web. From a report: The upgrade was revealed in a message from Google to administrators of G Suite accounts -- G Suite being the suite of Google services that organizations can use on their own web domains, rather than Google's. The message stated that the changes would be coming to consumer Gmail accounts, as well as G Suite accounts. Google said the refresh would include not only a "fresh, clean look for Gmail on the web," but also easy ways to access other Google services, such as Google Calendar, from the Gmail web app. The company recently started winding down its Chrome apps for all platforms but Google's own Chrome OS. Windows, Mac and Linux users are now being encouraged to instead use Google's web apps, and it's only logical that those interfaces are now getting upgraded to include the functionality that would otherwise be lost. The Verge has screenshots of the new interface.
Software

Apple Starts Alerting Users That It Will End 32-Bit App Support On the Mac (techcrunch.com) 267

An anonymous reader quotes a report from TechCrunch: Tomorrow at midnight PT, Apple will begin issuing an alert box when you open a 32-bit app in MacOS 10.13.4. It's a one-time (per app) alert, designed to help MacOS make the full transition to 64-bit. At some unspecified time in the future, the operating system will end its support for 32-bit technology meaning those apps that haven't been updated just won't work. That time, mind you, is not tomorrow, but the company's hoping that this messaging will help light a fire under users and developers to upgrade before that day comes. Says the company on its help page, "To ensure that the apps you purchase are as advanced as the Mac you run them on, all future Mac software will eventually be required to be 64-bit." As the company notes, the transition's been a long time coming. The company started making it 10 or so years ago with the Power Mac G5 desktop, so it hasn't exactly been an overnight ask for developers. Of course, if you've got older, non-supported software in your arsenal, the eventual end-of-lifing could put a severe damper on your workflow. For those users, there will no doubt be some shades of the transition from OS 9 to OS X in all of this.
Classic Games (Games)

Original 'System Shock' Code Open Sourced, More Updates Promised (kickstarter.com) 39

"The folks at Nightdive Studios this week released the source code for a Mac version of Looking Glass Studios' 1994 classic System Shock," reports Gamasutra. Friday the game's new owners unveiled on GitHub "the original, unaltered source code that was discovered by OtherSide Entertainment and graciously shared with us a few months ago... We have been hard at work updating this code and plan to release a new version of System Shock: Enhanced Edition as well as the code in the near future." We've gone back to the original vision we shared with you at the start of our Kickstarter campaign -- this time with more reliable performance and higher fidelity visuals thanks to the Unreal Engine... We have been able to re-use the majority of work we've done over the past year and we're making significant progress in a very short amount of time. With that said we'll be inviting our highest tier backers to privately test the game beginning in September at which point we estimate that the game will be fully playable, from start to finish. The majority of the art won't be finished, but we'll be ready to start high-level testing.
Going forward there's even a Twitch component. "In an effort to remain transparent throughout development we're going to begin streaming on a regular basis and inviting the backers to join us." And the audio department has also revealed some of the music from the medical deck.

After their Kickstarter was funded, Nightdive had explored making a "bigger, better game" after receiving a verbal commitment from a game publisher, but then "were left high and dry after making crucial, consequential changes in staff and scope... We still have the funds necessary to complete the game, but the timeline will inevitably move back with our shift in direction..."

"This will be closer to a 1:1 remake with updates to the weapon/character designs but without altering the core gameplay of the original."

Slashdot Top Deals