Android execs get technical talking updates, Project Treble, Linux, and more | Ars Technica: "Part of it is that we can see the scale, we kind of knew we were going to hit 2 billion users this year. Conveniently, we hit it before I/O. You start thinking about the scale of it, the impact of the product, and—it sounds grandiose, but—the responsibility you have to make sure it's good. For the release this year, rather than, "What are we releasing to make a phone good in 2017?," it was more like "What are we doing to Android to make sure Android is in a great place in the next 5 to 10 years?""

Could it mean bye-bye agile feature creep on all mobile devices? One can only hope...

Labels: security is hard

If you want to see an example of the fragile base class problem in action, just run one of the, I dunno, 20 or so Cocoa applications I wrote in Xcode (from 2007-present) on Sierra. I spent a lot of time ensuring they were bug-free on 10.6-10.10. Here's a hint: new design idiom, new base classes. Don't be trying to staple new underwear onto the baby.

For a comparand, I have 16-bit Windows applications I wrote in 1989 that still run in the WOW layer. This is why Microsoft rules the corporate desktop and no amount of clever advertising (throwing shade) is going to change that. Sadly.

But I guess you win some and you lose some: yesterday I learned that iMovie '11 runs perfectly on Sierra. For certain jobs, it's my tool of choice (4:3 small and fast m4v files).

Labels: gatekeeper

Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft | Ars Technica: "Four weeks later, MS17-010 was released. And precisely 28 days after that, the Shadow Brokers published EternalBlue, DoublePulsar, and dozens more hacking tools."

Hmmmm.

Labels: security leak, security policy

Security firm recovers iCloud Notes beyond Apple's 30-day deletion window: "Using a new version of its Phone Breaker tool, Russia's Elcomsoft said it was able to retrieve notes dating weeks, months, or years beyond Apple's 30-day window. In extreme cases, notes were retrieved from as far back as 2015."

NOTE TO SELF: Pen and paper.

Labels: software fail

'Fair Repair Act' proposal in New York under fire by Apple lobbyists: "A bill currently on the table which would require electronics companies to sell replacement parts and service tools to the general public is being challenged by a lobbyist group being funded by Apple."

https://www.youtube.com/watch?v=BxShzoUjiAQ

Labels: 1984

Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry | Ars Technica: "The researcher went on to say this overlooked attack may have limited the spread of WannaCry by shutting down SMB networking to prevent the compromised machines from falling into the hands of competing botnets."

Brave new world.

Labels: botnet, security exploit

Kaspersky Denies Report It Might Help Russian Government Spy on US Citizens: "Some of the accusations and fears are based on the fact that Eugene Kaspersky, founder and CEO of Kaspersky Lab, was trained by the KGB and worked as a Soviet intelligence officer in the Red Army, a period which he previously declined to talk about."

May you live in interesting times...

Labels: security policy

Keylogger Found in Audio Driver of HP Laptops: "The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look."

I can't hear you, could you turn it up?

Labels: security fail

Microsoft launches finished Visual Studio for Mac with support for all Apple platforms: "The finished Studio release can be used to create apps for macOS, iOS, tvOS, watchOS and Android, as well as Web and cloud apps, Microsoft said. Some features include Git integration, an extension system, and multi-platform app templates."

I'm a big fan of Apple products and a long-time lover of Xcode. However, with that said, once the iPhone started taking off, Xcode became a somewhat hostile platform for traditional Mac development. Too many changes, too many compromises from supporting both iOS/Mac in one tool, too many releases, too little backwards compatibility, too many bugs. Too many great Mac development features were ripped out of Xcode. I still enjoy/use the tools but I also like to be able to chart a practical development plan without getting hit on the head with a forced upgrade once a year. Not everything about agile and continuous deployment is a boon. Microsoft, for what it's worth, built a huge business by taking care of their ISV's first, not chasing consumer fads. The ISV's built Windows into what it is, a platform juggernaut in vertical and horizontal markets. I'm cautiously optimistic about these new tools from Microsoft and I also think it's great for the Mac platform to have more serious developers using Macs for everything: shell scripting, Android, Mac, iOS, web, and, why not, Windows and C#.

Honestly, I don't need a new compiler and a new operating system upgrade once a year. And I don't think anyone else does either. Except maybe the press.

It could be worse though, one might be stuck maintaining JavaScript. That's the real nightmare: code written last week that only runs on one browser (and only the build that came out last week).

Mac OS X development was so orderly under the stewardship of Avie Tevanian.

Here are some interesting, related thoughts about the lack real value in the hype of constant churn:
youtube.com/watch?v=3E7hkPZ-HTk
https://arstechnica.com/information-technology/2017/05/windows-10-hits-500-million-devices-growing-by-two-thirds-in-a-year/

Labels: Apple vs. Apple

It's 2017 and Windows PCs are being owned by EPS files, webpages • The Register: "Basically, when a vulnerable installation of Office opens a booby-trapped EPS document, it can end up executing code within the file, and this code can use the privilege escalation hole to gain full control over the machine – essentially allowing emailed and downloaded documents to hijack computers and install spyware and other nasties, if victims are tricked into opening them."

Security, it's not getting easier.

Labels: security exploit, security fix

Crooks can nick Brits' identities just by picking up the phone and lying • The Register: "Data breaches, social media footprints and other open-source information can help facilitate this process. Often fraudsters need to approach their intended mark to get enough information, according to Cifas."

When the answers to your security questions are in your public Facebook profile.

Labels: 1984

Russian RATs bite Handbrake OSX download mirror • The Register: "“Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you've downloaded HandBrake during this period,” the note states. Windows users aren't affected."

Watch your parking meters...

Labels: security exploit, security is hard

How to remote hijack computers using Intel's insecure chips: Just use an empty login string • The Register: "Intel provides a remote management toolkit called AMT for its business and enterprise-friendly processors; this software is part of Chipzilla's vPro suite and runs at the firmware level, below and out of sight of Windows, Linux, or whatever operating system you're using. The code runs on Intel's Management Engine, a tiny secret computer within your computer that has full control of the hardware and talks directly to the network port, allowing a device to be remotely controlled regardless of whatever OS and applications are running, or not, above it."

Geez Louise!

Labels: security fail, security flaw, x86

Windows malware 'Snake' ported to Mac for first time, masquerades as Adobe Flash: "A piece of malware long targeting Windows users —known sometimes as "Snake," "Turla," or "Uroboros" —is now reportedly being turned against Mac owners."

Not everything should be cross-ported.

Labels: malware

Inside the 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones - Motherboard: "John is just one of tens of thousands of individuals around the world who are unwitting targets of powerful, relatively cheap spyware that anyone can buy. Ordinary people—lawyers, teachers, construction workers, parents, jealous lovers—have bought malware to monitor mobile phones or computers, according to a large cache of hacked files from Retina-X and FlexiSpy, another spyware company."

Dang!

Labels: security flaw

We Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is Screwed. - Motherboard: "For years, researchers, hackers, and even some politicians have warned about stark vulnerabilities in a mobile data network called SS7. These flaws allow attackers to listen to calls, intercept text messages, and pinpoint a device's location armed with just the target's phone number. "

Tick tock tick tock.

Labels: security flaw, security is hard

Don’t trust OAuth: Why the “Google Docs” worm was so convincing | Ars Technica: "An evil phishing worm masquerading as "Google Docs" took the Internet by storm today. It sent an e-mail claiming to be from a friend or relative who wanted to share a document with you. Clicking on the "Open in Docs" button asked you to log in to Google, then it popped up a familiar OAuth request asking for some permissions."

Leggo my eggo.

Labels: malware

Tim Cook says Apple is 'investing aggressively' in the future of the Mac: "Apple noted that it sold 4.2 million Macs, up 4 percent from the year-ago quarter, in a market that isn't growing. Specifically, the MacBook Pro sales grew the company's portable growth by 10 percent, more than twice the expansion of the category industry-wide."

Can't we take the 300bn in cash parked overseas and crush Wintel? Don't quite understand this.

Labels: windows vs. ios vs android

Pen-tester gets past Microsoft VB macro barriers • The Register: "A nice side affect [sic] is that the user will inadvertently trigger the payload if they try “forward” it to the incident response team”, he writes."

Hmmm.

Labels: social hacking

Red alert! Intel patches remote execution hole that's been hidden in its chips since 2008 • The Register: "For the past nine years, millions of Intel desktop and server chips have harbored a security flaw that can be exploited to remotely control and infect vulnerable systems with spyware."

Good lord! Who updates firmware? Nobody expects the Spanish inquisition!

Labels: security fail

California Spent Nearly $1.8 Million on Controversial Facial Recognition Software - Motherboard: "In responding to our records request California Department of Justice (CADOJ) has provided documents detailing its acquisition of an expansive and highly advanced facial recognition system. We also received two booklets that explain how the system works and its vast array of specifications."

Hey look, the year is 1984.

Labels: 1984