Linux fréttir

"Researchers have found that Qualcomm's Snapdragon chip, one of the most widely used in Android phones, has hundreds of bits of vulnerable code that leaves millions of Android users at risk," reports Gizmodo: To back up a bit, Qualcomm is a major chip supplier to several well-known tech companies. In 2019, its Snapdragon series of processors could be found on nearly 40% of all Android smartphones, including high-profile flagship phones from Google, Samsung, Xiaomi, LG, and OnePlus. Researchers from Check Point, a cybersecurity firm, found the digital signal processor (DSP) in Qualcomm Snapdragon chips had over 400 pieces of vulnerable code. The vulnerabilities, altogether dubbed "Achilles," can impact phones in three major ways. Attackers would only have to convince someone to install a seemingly benign app that bypasses usual security measures. Once that's done, an attacker could turn the affected phone into a spying tool. They'd be able to access a phone's photos, videos, GPS, and location data. Hackers could potentially also record calls and turn on the phone's microphones without the owner ever knowing. Alternatively, an attacker could choose to render the smartphone completely unusable by locking all the data stored on it in what researchers described as a "targeted denial-of-service attack." Lastly, bad actors could also exploit the vulnerabilities to hide malware in a way that would be unknown to the victim, and unremovable. Part of why so many vulnerabilities were found is that the DSP is a sort of "black box." It's difficult for anyone other than the manufacturer of the DSP to review what makes them work... The article notes that Qualcomm has no evidence of the vulnerability being exploited in the wild, adding that the company has "reportedly since fixed the issue." But they also note that it's still up to individual phone makers to push out the relavant security paches, "which could take some time."

Read more of this story at Slashdot.

The BBC reports: U.S. Secretary of State Mike Pompeo says he wants a "clean" internet. What he means by that is he wants to remove Chinese influence, and Chinese companies, from the internet in the U.S. But critics believe this will bolster a worrying movement towards the breaking up of the global internet. The so called "splinternet" is generally used when talking about China, and more recently Russia. The idea is that there's nothing inherent or pre-ordained about the internet being global. For governments that want to control what people see on the internet, it makes sense to take ownership of it. The Great Firewall of China is the best example of a nation putting up the internet equivalent of a wall around itself. You won't find a Google search engine or Facebook in China. What people didn't expect was that the U.S. might follow China's lead. They're reacting to U.S. president Trump's executive order to block all transactions with TikTok's parent company (starting September 20) to "address the national emergency with respect to the information and communication technology supply chain." An opinion piece in the New York Times calls the move a "foolish and dangerous edict" that's "deeply misguided and unproductive" which suggests that "the United States, like China, no longer believes in a global internet." In the BBC's article Alan Woodward, a security expert at the University of Surrey, calls the U.S. decision "shocking." "The U.S. government has for a long time criticised other countries for controlling access to the internet⦠and now we see the Americans doing the same thing."

Read more of this story at Slashdot.

The international R&D hub Imec has made a millimetre-wave motion detection radar integrated in a standard 28nm CMOS chip, reports Electronics Weekly, adding that it consumes just 62 mW,"making the sensor integrable into small, battery-powered devices..." The radar operates in the frequency band around 60 GHz, a license-free ISM band that can be used for new IoT applications for industrial and medical purposes... "Being extremely compact and energy efficient, the 60 GHz radar system can be integrated in smart health devices such as smartphones, health monitoring systems or wearables", says Barend van Liempd, program manager radar at imec. "The radar enables such devices to sense their surroundings, which will shape the way in which we control and use these devices. For instance, a phone with integrated radar on your bedside table can monitor sleep quality by contactless tracking of breathing rate and heart rate variability. The radar is as well suited for classification of other physical activities, which will open a new range of smart applications in the context of personalized health, baby monitoring, sports, elderly care, patient monitoring, nurse efficiency or worker safety." "Our prototype shows that radar technology is becoming ready for the next big step: the use in battery-powered devices. Now, we are looking for companies that want to exploit these ideas to enter the market by realizing new radar solutions", says Kathleen Philips, Director IoT at imec. "It is thought to be useful for detecting finger and hand motion, heartbeat and a person's speed and position..." writes Joe2020, "but I'm sure Slashdot readers can think of a variety of other uses for it."

Read more of this story at Slashdot.

Long-time Slashdot reader philml writes: Popular Mac developer Charlie Monroe woke up to find that none of his users could run his software. Instead, Mac OS was giving a message saying that it "will damage your computer". Monroe described the ensuing hassle in a blog post titled "A day without business." In a later update he added that Apple "has called and apologized for the complications. The issue was caused by my account being erroneously flagged by automated processes." But 9 to 5 Mac describes how Apple's mistake affected Monroe's apps: Users were unable to open them, and a message flagged them as malware, advising users to delete the apps to avoid damaging their Macs. Developer Charlie Monroe, creator of the Downie video downloader, among other apps, said that Apple didn't even send him a message saying it had happened, and for several hours he didn't know whether he still had a business or not⦠He said that it took Apple 24 hours to partly fix the problem, removing the flags, though that still left him having to recompile, re-sign, and redistribute everything... Most app users will never know the story behind this, only that they bought an app, Apple told them it was malware, and they deleted it as instructed. It also seems unlikely to help Apple's antitrust battles, where many are arguing that the company holds too much power over users and developers alike.

Read more of this story at Slashdot.

UPI reports: Efforts to save the giant panda from extinction have come at the expense of other large mammals, a new study released Monday by the science journal Nature Ecology and Evolution said... Since the giant panda reserves were set up in China during the 1960s, leopards have disappeared from 81% of reserves, snow leopards from 38%, wolves from 77% and Asian wild dogs from 95%. Researchers found with the dwindling numbers of leopards and wolves, deer and livestock have mostly roamed free without a threat from natural predators, causing damage to natural habitats for surrounding wildlife, including the pandas.

Read more of this story at Slashdot.

An anonymous reader quotes a report from SyFy: For the first time, scientists have detected neutrinos coming from the Sun's core that got their start via the CNO process, an until-now theorized type of stellar nuclear fusion. [...] The Borexino neutrino observatory is 1400 meters under the rock below the Gran Sasso mountain in Italy. It has an 8.5 meter wide nylon balloon filled with 280 tons of pseudocumene, surrounded by a tank of water, surrounded by over 2200 very sensitive photon detectors. They turned everything on, then waited. Over the course of July 2016 - February 2020 (1072 days), they painstakingly recorded all the events, and had to go through heroic efforts to prevent all manners of other reactions that also create little light flashes from interfering with their experiment. They also had to distinguish proton-proton chain neutrinos from ones made in the CNO cycle, but the neutrinos have different energies, which makes it possible to separate them out. They just announced their results: They detected the CNO neutrinos! About 20 per day interacted with the pseudocumene -- 20 per day, when sextillions of them had passed through! -- about what you'd expect from theory. This is an important discovery for a lot of reasons. For one thing, while the proton-proton chain dominates in the Sun, in stars with more than about 1.3 times the Sun's mass the CNO cycle dominates (it kicks in strongly at higher temperatures), so knowing how it works in the Sun tells us about other stars. Also, the presence of heavier elements (what astronomers misleadingly call metals, meaning any element heavier than hydrogen and helium) can affect the fusion rate in the Sun's CNO cycle, and the amount of these metals isn't perfectly well known; different methods to measure them yield slightly different amounts, but enough to mess up what we know about the fusion in the core. This experiment agrees with ones that find a lower metal content. That has a ripple effect on a lot of other ideas, including details on how we think the Sun and planets formed, how the Sun ages, and how it will die. All that, from less than two dozen neutrinos a day, while countless more go undetected.

Read more of this story at Slashdot.

Software company Atlassian is telling employees that they don't have to return to its offices, unless they want to use them. CNBC reports: "We will seek out amazing, diverse talent unbounded by the physical footprint of our offices," the company said in an internal blog post published on Wednesday. "We will continue to compete for talent in the global hubs, and we will be able to create opportunities for those in places we would have previously not been able to reach." Atlassian's products help software developers and others keep track of code, projects, issues and other work. One of Atlassian's competitors, privately held GitLab, has never had an office despite having grown past 1,000 people. Atlassian won't be closing its offices, though. All of its locations, including its headquarters in Sydney, Australia, as well as locations in San Francisco, Amsterdam, India, Japan, the Philippines and Turkey, will remain open, and the company expects to adjust them so they can be used efficiently. Employees will be welcome to return to the offices should they want to use them. Some details of Atlassian's plan have yet to be finalized. The company hasn't decided how compensation might change for employees who relocate to other regions, nor has it figured out the right number of people to work in each time zone to ensure a sufficient amount of overlap, the person said. Atlassian will measure outcomes, rather than the number of hours each person spends working, according to the blog post.

Read more of this story at Slashdot.

Plus: Microsoft to dump support for Cortana on iOS, Android phones

In brief Your Google Home speaker may have been quietly recording sounds around your house without your permission or authorization, it was revealed this week.…

America's Nuclear Regulatory Commission honored a document request from a UFO group — which has inadvertently revealed a very real incident last fall at America's largest nuclear reactor in Arizona, reports Forbes: Documents gained under the Freedom of Information Act show how a number of small drones flew around a restricted area at Palo Verde Nuclear Power Plant on two successive nights last September. Security forces watched, but were apparently helpless to act as the drones carried out their incursions before disappearing into the night. Details of the event gives some clues as to just what they were doing, but who sent them remains a mystery... "Officer noticed several drones (5 or 6) flying over the site. The drones are circling the 3 unit site inside and outside the Protected Area. The drones have flashing red and white lights and are estimated to be 200 to 300 feet above the site. It was reported the drones had spotlights on while approaching the site that they turned off when they entered the Security Owner Controlled Area..." The drones departed at 22:30, eighty minutes after they were first spotted. The security officers estimated that they were over two feet in diameter. This indicates that they were not simply consumer drones like the popular DJI Phantom, which have a flight endurance of about half an hour and is about a foot across, but something larger and more capable. The Lockheed Martin Indago, a military-grade quadcopter recently sold to the Swiss Army, has a flight endurance of about seventy minutes and is more than two feet across. At several thousand dollars apiece minimum, these are far less expendable than consumer drones costing a few hundred. All of which suggests this was not just a prank. The next night events were repeated... The article notes that two months later America's Nuclear Regulatory Commission "decided not to require drone defenses at nuclear plants, asserting that small drones could not damage a reactor or steal nuclear material. It is highly likely that such sites are still vulnerable to drone overflights." The article also notes that this reactor supplies electricity to major American cities including Los Angeles, San Diego, Phoenix, and Tucson.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the BBC: Facebook has deleted a large group dedicated to sharing and discussing QAnon conspiracy theories. QAnon is a wide-ranging, unfounded conspiracy theory that a "deep state" network of powerful government, business and media figures are waging a secret war against Donald Trump. A Facebook spokeswoman said the group was removed for "repeatedly posting content that violated our policies." The deleted Facebook group, called Official Q/Qanon, had nearly 200,000 members. There are, however, many other QAnon groups that are currently still active on the platform. Reuters reports that Official Q/QAnon "crossed the line" on bullying, harassment, hate speech and the sharing of potentially harmful misinformation.

Read more of this story at Slashdot.

Microsoft is making some significant changes to the way it runs its Windows organization this week, signaling a renewed focus on the operating system that made its name. The Verge reports: The software giant placed Surface chief Panos Panay in charge of Windows earlier this year, and is now reshuffling parts of that team. It follows Microsoft's decision to slice Windows into two parts more than two years ago after the departure of former Windows chief Terry Myerson. Microsoft moved core Windows development to a cloud and AI team (Azure), and created a new group to work on Windows 10 "experiences" like apps, the Start menu, and new features. Now, Microsoft is moving parts of Windows development back under Panos Panay's control. Specifically, that means the Windows fundamentals and developer experience teams have been returned to what we traditionally call the Windows team. It's an admission that the big Windows split didn't work quite as planned. [...] Thurrott.com has obtained an internal memo from Panos Panay that goes into detail on the changes being made here. While some core parts of Windows, particularly the engineering side, will stay with the Azure division, Microsoft's reshuffle is focused on cleaning up Windows to ship and update it reliably. The changes also align Microsoft's Project Reunion app work, bringing win32 and UWP apps closer together, with the Windows team.

Read more of this story at Slashdot.

In the second quarter of 2020, Uber announced that its ride-hailing business plunged by 75 percent compared with a year earlier -- from $12.2 billion to $3 billion. "That was offset somewhat by rapid growth in Uber's delivery business," reports Ars Technica. "Delivery bookings more than doubled from $3.4 billion to $7 billion." From the report: The company lost $1.8 billion in the second quarter on a GAAP basis. Ignoring one-time charges, Uber has been losing around $1 billion per quarter for the last couple of years. Prior to the pandemic, Uber CEO Dara Khosrowshahi was bullish about the company's financial future. After reporting a $1.1 billion loss for the fourth quarter of 2019, Khosrowshahi said in February that he expected Uber to start generating a profit by the end of 2020. At the time, Uber's rides business was (just barely) profitable. But it was being dragged down by big losses from Uber Eats, where Uber was spending heavily in pursuit of growth. Uber expected the rides business to become more profitable over time, while losses in the delivery business would decline as growth slowed. But then the coronavirus hit, and Uber was forced to throw those projections out the window. In May, Uber laid off 3,700 people in an effort to contain mounting losses. [...] Fortunately, Uber is in no danger of running out of money; it has almost $8 billion in cash and short-term investments. It could easily burn cash at this rate for another year.

Read more of this story at Slashdot.

Hour after Apple explained why Microsoft's xCloud wouldn't be coming to iOS, Microsoft shot back and accused the company of "consistently treating gaming apps differently." AppleInsider reports: On Wednesday, Microsoft ended its xCloud TestFlight program on iOS and said that the service would not be arriving on iPhone and iPad. In a statement on Thursday, Apple explained that it bars apps which rely on cloud streaming, per its App Store guidelines. Microsoft shot back at the Cupertino tech giant later on Thursday, issuing a statement to CNET that accused Apple of treating gaming apps unfairly compared to other apps on its app marketplace. "Apple stands alone as the only general purpose platform to deny customers from cloud gaming and game subscription services like Xbox Game Pass," a Microsoft spokesperson said. "And, it consistently treats gaming apps differently, applying more lenient rules to non-gaming apps even when they include interactive content." Microsoft admitted that it doesn't currently have a path to bring its gaming service to the App Store. However, it also said that "we are committed to finding a path to bring cloud gaming with Xbox Game Pass Ultimate to the iOS platform." "We believe that the customer should be at the heart of the gaming experience, and gamers tell us they want to play, connect, and share anywhere, no matter where they are," Microsoft added.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: U.S. President Donald Trump's decision to ban dealings with ByteDance, owner of video-sharing sensation TikTok, appears to codify what his administration has already been warning. A second edict targeting messaging app WeChat and its parent, Tencent, seems weirdly overdue. The executive orders issued by the White House go beyond stopping average Americans from becoming unwitting spies for the Communist Party through their postings and data. The implications could hurt not only the Chinese targets, but the U.S. companies they work with, including Apple and Alphabet's Google. Though TikTok and WeChat have been getting all the recent attention, the orders state that American companies cannot work with ByteDance or Tencent (though an unnamed U.S. official later stated that Tencent transactions were still OK). That clarification notwithstanding, the wording of the orders does imply that regardless of intention such bans could extend further, to include Americans advertising on dozens of products offered by either Chinese company, or to selling them cloud-storage services, or perhaps the most nuclear option: distributing their apps, even within China. [...] Even though Chinese smartphone brands dominate their domestic market, iOS and Android remain the dominant platforms and Apple and Google cover almost the entire global ecosystem with their respective app stores. If they can't do business with ByteDance, for example, even after a TikTok spin off, then the Beijing company might be unable to distribute its own apps, even within China.

Read more of this story at Slashdot.

Start the clock on those patches – they'll be coming any day, week, month soon

DEF CON In July, the makers of millions of smartphones powered by Qualcomm's Snapdragon system-on-chips received mitigation recommendations to address a bevy of security flaws in their products, all introduced by Qualcomm's technology.…

Firefox has fixed a bug that was being exploited in the wild by tech support scammers to create artificial mouse cursors and prevent users from easily leaving malicious sites. From a report: The bug was discovered being abused online by UK cyber-security firm Sophos and reported to Mozilla earlier this year. A bugfix was provided and has been live in Firefox since version 79.0, released last week. he bug is a classic "evil cursor" attack and works because modern browsers allow site owners to modify how the mouse cursor looks while users are navigating their websites. This type of customization might look useless, but it's often used for browser-based games, browser augmented reality, or browser virtual reality experiences. However, custom cursors have been a major problem for the regular web. In evil cursor attacks, malicious websites tamper with cursor settings in order to modify where the actual cursor is visible on screen, and where the actual click area is.

Read more of this story at Slashdot.

Google has announced that its structured wiki- and webpage-creation tool "Google Sites," which it launched in 2008 after acquiring JotSpot, will be shutting down in 2021. 9to5Google reports: This morning an email was dispatched to "active" users of classic Sites detailing its retirement, which will take place over the next year. The email, which had the subject line "Migrate your classic sites to new Google Sites," headlined that the service will be fully shut down on September 1, 2021. To begin this transition, classic Sites creation will be disabled on November 1, 2020, after which point users will have a little under a year to move to the new Google Sites. Alongside this announcement was the launch of the Classic Sites Manager, which aims to assist in the conversion of classic Sites to new Sites. [A new Google Sites was introduced to the masses to replace the withering shell of classic Sites and become a part of G Suite -- allowing for easy integration with Docs, Sheets, and Slides.] It allows you to convert, archive, or delete any classic Sites on your account, as well as export a spreadsheet of all your sites to Google Sheets. Users are encouraged to begin their transition today to avoid disruptions in the future. Additionally, G Suite admins are given a different timeline to transition, according to the G Suite Updates Blog. This modified schedule sees website creation being disabled in May of 2021, followed by the loss of editing capabilities in October, and the complete shutdown of classic Sites in December, at which point you can no longer view any sites that have not transitioned. This transition was originally delayed due to a number of features from classic Sites not being available in the revamped version, which has since been remedied. Any classic Sites that do not transition before the deadline will automatically be archived and saved to the owner's Google Drive. A draft will be created in the new Google Sites to replace it if needed.

Read more of this story at Slashdot.

The Register reports that Toshiba has transferred its remaining shares of Dynabook to Sharp, thus ending the company's time as a PC vendor. From the report: [...] As the 2000s rolled along Toshiba devices became bland in comparison to the always-impressive ThinkPad and the MacBook Air, while Dell and HP also improved. Toshiba also never really tried to capture consumers' imaginations, which didn't help growth. As the PC market contracted and Lenovo, Dell and HP came to dominate PC sales in the 2010s, Toshiba just became a less likely brand to put on a laptop shopping list. By 2018 the company saw the writing on the wall and sold its PC business unit to Sharp for a pittance -- just $36 million changed hands - but retained a 19.9 percent share of the company with an option in Sharp's favor to buy that stock. Sharp quickly renamed the business to "Dynabook," a product name Toshiba had used in Japan, and set about releasing new models and reviving the brand. Which brings us to June 30th, 2020, when Sharp exercised its option to acquire the 19.9 percent of Dynabook shares it did not already own. On Tuesday, Toshiba transferred those shares and announced the transaction on Thursday.

Read more of this story at Slashdot.

Bug-hunter details how his team slurped data… IN SPAAAAACE

DEF CON FYI, if you didn't already know: readily available satellite TV electronics can be used to sniff and inspect satellite internet traffic.…

An anonymous reader quotes a report from Bloomberg Law: The U.S. government charges too much for access to an electronic database of federal court records, the Federal Circuit ruled in a decision curbing a revenue stream the court system uses to help fund other programs. The U.S. Court of Appeals for the Federal Circuit affirmed a lower court's decision that the government was not authorized under federal law to spend $192 million in Public Access to Court Records system fees on court technology projects. The lower court "got it just right" when it limited the government's use of PACER revenues to the costs of operating the system, the court said in a precedential opinion Thursday. "We agree with plaintiffs and amici that the First Amendment stakes here are high," the court said. But it said it doesn't foresee the lower court's interpretation "as resulting in a level of user fees that will significantly impede public access to courts." The ruling is a win for public access to court information, as PACER fees will go down if the ruling withstands a possible government appeal. But access still won't be free, despite calls for the government to stop charging for it. The Federal Circuit said it was up to Congress to decide whether to require free access. Challengers said PACER fees were too high, while the government said the middle ground reached by the lower court made the fees too low. Fees for downloading a copy of a filing run 10 cents per page, up to $3 per document. The Administrative Office of the U.S. Courts collected more than $145 million in fees in 2014 alone, according to the complaint in the case. Under a 2020 change to the fee waiver rules, about 75% of users pay nothing each quarter.

Read more of this story at Slashdot.