Language Selection

English French German Italian Portuguese Spanish

Mac

The problems with Apple aren't just outages, they are injustices

Filed under
GNU
Mac

This November, both everyday users and privacy advocates found new reasons to be concerned about Apple. After an update to the latest version of their operating system, users found that they were unable to launch applications that were not written by Apple itself. This problem was caused by an Apple server outage. But why did the unavailabilty of a remote server prevent a user from launching a program on their own computer?

It turns out that each time a program is opened on macOS, it phones home via the Online Certificate Status Protocol (OCSP) to see if that application is "okay" to launch: it asks the corporation permission each time a new application is encountered, sending potentially identifying information along with that request. While this function only made news because of the recent server outage caused by the release of the newest version of macOS, Big Sur, research indicates that the report-back has existed in the operating system since September 2018, with the release of macOS Mojave. This is a classic case of proprietary software serving as an instrument of unjust power.

Although Apple does not directly receive the name of the application, but rather information on who developed it, most developers have only a very limited number of apps on the App Store, making it easy for Apple to infer. More disturbing yet is the other identifying information that is sent along with the request, which includes the user's approximate location and the current date and time.

Because macOS is so restricted, it leaves everyone, including free software developers, powerless to help users prevent their application use from being reported back to Apple. Due to the way the system is engineered, free software firewalls like LuLu are unable to block the information from being sent to Apple domains. Furthermore, the information is sent unencrypted over the network, potentially allowing a snoop to see which applications a user was trying to launch on their own computer. The request also bypasses any VPN, letting Apple know their approximate location even if the user has taken steps to stay anonymous.

Read more

macOS to FreeBSD migration a.k.a why I left macOS

Filed under
Mac
BSD

I think the title tells a lot about the story I’m going to tell you.

This is not a technical documentation for how I migrated from macOS to FreeBSD. This is a high-level for why I migrated from macOS to FreeBSD.

Not so long ago, I was using macOS as my daily driver. The main reason why I got a macbook was the underlying BSD Unix and the nice graphics it provides. Also, I have an iPhone. But they were also the same reasons for why I left macOS.

Read more

Also: Fiddling with OpenBSD ports

macOS to FreeBSD migration a.k.a why I left macOS

Filed under
Mac
BSD

This is not a technical documentation for how I migrated from macOS to FreeBSD. This is a high-level for why I migrated from macOS to FreeBSD.

Not so long ago, I was using macOS as my daily driver. The main reason why I got a macbook was the underlying BSD Unix and the nice graphics it provides. Also, I have an iPhone. But they were also the same reasons for why I left macOS.

I did not want to write this post right after the migration, I wanted to take my time, use FreeBSD daily, see if I will ever miss macOS.

Read more

Jussi Pakkanen: How Apple might completely take over end users' computers

Filed under
Mac

Many people are concerned about Apple's ongoing attempts to take more and more control of end user machines from their users. Some go so far as to say that Apple won't be happy until they have absolute and total control over all programs running on end user devices, presumably so that they can enforce their 30% tax on every piece of software. Whether this is true or not we don't really know.

What we can do instead is a thought experiment. If that was their end goal, how would they achieve it? What steps would they take to obtain this absolute control? Let's speculate.

Read more

User-hostile Hardware

Filed under
Hardware
Microsoft
Mac
  • Linus Torvalds wants Apple’s new M1-powered Macs to run Linux

    Earlier this month, Apple revealed its own ARM-based M1 processor, along with new MacBooks and a desktop Mac Mini powered by this chip. Reviewers across the globe have been praising Apple‘s first attempt, giving it high marks for performance and battery life.

    All this positive coverage has tempted many to take the plunge and buy one of the new machines — even if some apps are not running natively at the moment. Even Linus Torvalds, the principal developer of the Linux kernel, wants one.

    [...]

    Linux support on MacBooks would’ve made it a more attractive bet for programmers. However, I don’t think any engineers at the Cupertino campus plan to make that happen anytime soon. Sorry, Linus.

  • New Microsoft chip will come with added costs, says ex-NSA hacker

    Microsoft's new security chip, announced last week, will have an impact on hardware-only attacks, an American security professional says, adding that it could also assist in firmware security, but would result in added costs.

Proprietary Software and Security Issues

Filed under
Microsoft
Mac
Security

Linux vs. macOS: 15 Key Differences You Need to Know

Filed under
GNU
Linux
Mac

The tug of war between Linux and macOS continues to go through the test of time. The internet meme world concludes their major differences in the usual humorous manner. In their opinion, macOS is for the rich, and Linux is for the skilled. If we add the Windows operating system to this debate, then patience as an attribute would also be a highlight of discussion. However, no operating system is perfect, but there is a perfect being for each operating system.

The individual superiority in both Linux and macOS comes at a cost. This article is here to shed some light on the matter and, at the same time, remove the skeletons hiding in the two OS’s closets.

Linux vs. macOS

Since we are here to neither shame Linux nor macOS, we will look at the preference each operating system brings to the table when comparatively analyzed. However, the preferences might favor one operating system over the other. The final verdict will be in regards to performance flexibility and stability. It’s time to roll the dice on the first comparative topic.

Read more

Security and Proprietary Software Leftovers

Filed under
Microsoft
Mac
Security

  • Security updates for Wednesday

    Security updates have been issued by Arch Linux (chromium, firefox, gdm, linux-hardened, matrix-synapse, salt, sddm, and wordpress), Debian (firefox-esr, libmaxminddb, and moin), Fedora (cifs-utils, firefox, galera, java-latest-openjdk, mariadb, mariadb-connector-c, and wordpress), Gentoo (blueman, chromium, firefox, mariadb, qemu, salt, tmux, and wireshark), openSUSE (sddm), Oracle (kernel), Red Hat (kernel-alt, microcode_ctl, and rh-nodejs12-nodejs), SUSE (kernel, microcode_ctl, openldap2, python-waitress, spice-vdagent, u-boot, and ucode-intel), and Ubuntu (firefox, intel-microcode, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke-4.15, linux-gke-5.3, linux-hwe, linux-hwe-5.4, linux-oem, linux-oem-osp1, linux-oracle, linux-oracle-5.4, and moin).

  • Less than 6 months to 16.04 ESM: 6 things to prepare | Ubuntu

    Ubuntu 16.04 LTS Xenial Xerus will enter the extended security maintenance (ESM) period in April 2021. This article explains the ESM period and provides a guide for six key considerations when planning a migration path from Ubuntu 16.04 LTS.

    [...]

    2) Consider the full stack. The OS is a heart of the system, and an OS migration is a significant change that touches multiple aspects of your configuration, from the Linux kernel up to your applications. Remember to evaluate how the migration will impact your existing workloads and APIs as your current configuration might depend on specific versions of the applications and libraries that shipped with Ubuntu 16.04 LTS. You will likely find newer versions of applications and libraries if you choose a more recent version of Ubuntu (you can find a few examples below). Those versions might not be fully compatible with your overall configuration anymore after the migration.

  •                

  • Waves of attacks on US hospitals show a change in tactics for cybercriminals [iophk: Windows TCO]

                     

                       

    United States hospitals were targeted by two major cybersecurity attacks this fall: the first taking down Universal Health Services, a chain of hundreds of hospitals, and the second by a group called UNC1878 threatening hundreds of individual health care facilities all around the country. Targeting health care institutions directly marks a new approach for cybercriminals.

  •                

  • Ransomware Hits Dozens of Hospitals in an Unprecedented Wave [iophk: Windows TCO]

                     

                       

    On Wednesday evening, the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and Department of Health and Human Services warned that there is a "an increased and imminent cybercrime threat to US hospitals and health care providers," above and beyond the wave of attacks that have already occurred. The alert points to the notorious Trickbot trojan and Ryuk ransomware as the primary hacking tools involved in the attacks. Security analysts at private companies say that the activity is tied to the Russian criminal gang sometimes called UNC 1878 or Wizard Spider.

  •                

  • Ransomware Group Turns to Facebook Ads

                     

                       

    It’s not clear whether this was an isolated incident, or whether the fraudsters also ran ads using other [cracked] Facebook accounts. A spokesperson for Facebook said the company is still investigating the incident. A request for comment sent via email to Campari’s media relations team was returned as undeliverable.

  •                

  • On Apple's Piss-Poor Documentation

                     

                       

    However, as users rightly demand more complicated and fancy apps, the APIs often need to get more fancy and complicated as well. Suddenly you look up and, instead of only using screwdrivers and hammers, you’re using power tools and complicated saws, and everything is much more fiddly than it once was.

                       

    With real tools, you’d expect to receive an owner’s manual, which explains how to use the tool you’ve just purchased. A rough analogy exists for APIs, insofar as most platform vendors will provide documentation. This is basically the "owner’s manual" for that API.

                       

    Apple’s documentation has, for years, been pretty bad. Over the last couple years, it has gone from bad → awful → despicable → embarrassing. All too often, I go to research how to do something new, and use an API I’m not familiar with, only to be stymied by those three dreaded words:

    No overview available.

Apple backtracks on App Store removal threat for Unix shell iOS apps

Filed under
Mac

Developers of Linux and Unix shells have received warnings from Apple that their iOS apps violate App Store Review Guidelines, with the threat of termination from the App Store said to be reversed in at least one instance.

A shell is a tool that enables users to perform command-line operations on a device, which usually doesn't offer that sort of functionality, such as the lack of a terminal in iOS. These terminal emulator apps like a-Shell and iSH enable the use of many Unix commands in iOS, which can be useful for developers and power users.

However, according to a series of tweets on Sunday, it seems that the two apps have come under fire from Apple's App Store team for seemingly violating the App Store Review Guidelines. The iSH Twitter account advised it was informed by Apple it would be removing the app from the App Store on Monday.

Read more

Proprietary Software and DRM/Monopoly

Filed under
Microsoft
Mac

  • FOSS Patents: Fortnite users continue to make in-app purchases on iOS that bypass Apple's payment system: court filing says "Epic is stealing money from Apple"

    In yesterday's filing, Apple says it has the right to sue Epic not only for breach of contract but also for tort, given that Epic would face tort liability "if [t]c had never executed the contracts with Apple and had instead found another way to smuggle Fortnite and its 'hotfix' payment mechanism into the App Store." Apple argues that a company protecting itself against such behavior through contracts must not be in a weaker legal position than one that doesn't. What Apple does clarify is that it won't seek "multiplicative recovery" if the same conduct on Epic's part constituted both a breach of an agreement and fraud. In other words, Apple would then content itself with only the greater of the two alternative amounts.

    It appears that the "hotfix" was just a simple data point on Epic's servers--not program code, but merely a trigger. When the iOS version of Fortnite checked on that data point, it offered an alternative payment mechanism to end users in circumvention of Apple's in-app payment rules.

    After the "hotfix" that Apple says became Epic's hot mess, Fortnite was removed from the App Store. That means it cannot be downloaded to iOS devices right now, and Epic has already failed twice (with a motion for a temporary restraining order as well as a motion for a preliminary injunction) to get a court to force Apple to tolerate an iOS version of Fortnite that bypasses Apple's in-app payment system.

  • Why Apple’s App Store Is Under Siege

    Fueling the fire was a report issued last week by House Democrats summing up an antitrust probe into four Big Tech companies — Apple, Amazon, Facebook and Google — and urging Congress to enact new laws to curb the companies’ power. The 449-page report called on Congress to enact new laws to curb the companies’ power, including prohibiting companies like Apple from operating “adjacent lines of business” (in other words, preventing it from offering its own apps in the App Store that compete with those from third parties).

    “Apple’s monopoly power over app distribution on iPhones permits the App Store to generate supra-normal profits,” the House Judiciary Committee report said.

  • Microsoft Says Long-Time Deals Executive Brown Leaving Company

    Microsoft Corp. said mergers and acquisitions chief Marc Brown is leaving the company after a more than two-decade stint working on deals ranging from LinkedIn to Nokia Oyj’s handset unit.

    Brown, vice president of corporate development, reported to Chief Financial Officer Amy Hood. Microsoft spokesman Frank Shaw on Friday confirmed Brown’s departure and declined to comment on a replacement. The company is still conducting a search for a senior business development executive to replace Peggy Johnson, who left in July to become chief executive officer at Magic Leap Inc.

  • Your brand new Oculus Quest 2 can’t play Oculus Go games, John Carmack confirms [Ed: Digital Restrictions (DRM) in action]

    If you bought a new Oculus Quest 2 with the hopes of experiencing games from the now-discontinued Oculus Go, I have bad news: the company has decided not to include support for Go titles on the Quest 2, Oculus’ consulting CTO John Carmack confirms on Twitter.

    When the Oculus Quest 2 launched three days ago, some people noticed there was no feature on the UI that allowed users to access Go apps and games, something the original Quest headset featured. Carmack did not go into much detail on why support was not added other than “[he] totally lost the internal debate over backwards compatibility.”

  •    

  • Three npm packages found opening shells on Linux, Windows systems [Ed: The writers at ZDNet are apt at blaming “LINUX” for security threats that have nothing to do with Linux. Now that Microsoft is serving malware ZDNet… blames “NPM” (ssshhhhh… don’t mention Microsoft)]
  •     
      

Syndicate content

More in Tux Machines

Devices: Xtra-PC, Arduino and Inventor Coding Kit

  • Xtra-PC Reviews – Best Linux USB-Stick? - Product Review by Rick Finn

    The Xtra-PC Linux USB-Stick might be your solution if you have problems with your old and slow PC. It's a small flash drive stick and it's using Linux OS to boost you PC's operations. Check out now.

  • Arduino Blog » Old keyboard turned into a new children’s learning toy

    Peter Turczak’s toddler son loves “technical stuff,” especially things like keyboards and computers that adults use. After discussing this with other likeminded technical parents, the idea of giving new life to an old (PS/2 or AT) keyboard as a teaching tool was hatched.

  • SiFive Helping To Teach Kids Programming With RISC-V HiFive Inventor Coding Kit

    SiFive in cooperation with Tynker and BBC Learning have launched a Doctor Who themed HiFive Inventor Coding Kit. This Initial HiFive Inventor Coding Kit is intended to help kids as young as seven years of age get involved with computer programming through a variety of fun exercises and challenges involving the RISC-V powered mini computer and related peripherals like LED lighting and speaker control. [...] So for those looking to get their kids involved with computer programming and looking for an IoT-type device with some fun sensors and various themed exercises to get them experimenting, the HiFive Inventor Coding Kit is worth looking into further. More details on the programming platform can be found via Tynker.com and on the hardware at HiFiveInventor.com. The HiFive Inventor Kit is available from Amazon.com and other Internet retailers for $75 USD.

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Arch Linux (atftp, coturn, gitlab, mdbook, mediawiki, nodejs, nodejs-lts-dubnium, nodejs-lts-erbium, nodejs-lts-fermium, nvidia-utils, opensmtpd, php, python-cairosvg, python-pillow, thunderbird, vivaldi, and wavpack), CentOS (firefox and thunderbird), Debian (chromium and snapd), Fedora (chromium, flatpak, glibc, kernel, kernel-headers, nodejs, php, and python-cairosvg), Mageia (bind, caribou, chromium-browser-stable, dom4j, edk2, opensc, p11-kit, policycoreutils, python-lxml, resteasy, sudo, synergy, and unzip), openSUSE (ceph, crmsh, dovecot23, hawk2, kernel, nodejs10, open-iscsi, openldap2, php7, python-jupyter_notebook, slurm_18_08, tcmu-runner, thunderbird, tomcat, viewvc, and vlc), Oracle (dotnet3.1 and thunderbird), Red Hat (postgresql:10, postgresql:12, postgresql:9.6, and xstream), SUSE (ImageMagick, openldap2, slurm, and tcmu-runner), and Ubuntu (icoutils).

  • About CVE-2020-27348

    Well this is a doozey. Made public a while back was a security vulnerability in many Snap Packages and the Snapcraft tool used to create them. Specifically, this is the vulnerability identified as CVE-2020-27348. It unfortunately affects many many snap packages… [...] The problem arises when the LD_LIBRARY_PATH includes an empty element in its list. When the Dynamic Linker sees an empty element it will look in the current working directory of the process. So if we construct our search paths with an accidental empty element the application inside our Snap Package could be caused to load a shared library from outside the Snap Package’s shipped files. This can lead to an arbitrary code execution. It has been common to put a definition of the LD_LIBRARY_PATH variable into a Snap Package’s snapcraft.yaml that references a predefined $LD_LIBRARY_PATH as if to extend it. Unfortunately, despite this being common, it was poorly understood that SnapD ensures that the $LD_LIBRARY_PATH is unset when starting a Snap Package’s applications. What that means is that where the author tried to extend the variable they have inadvertantly inserted the bad empty element. The empty element appears because $LD_LIBRARY_PATH is unset so the shell will expand it to an empty string.

  • Wait, What? Kids Found A Security Flaw in Linux Mint By Mashing Keys!

    Security flaws can be incredibly stupid and dangerous. Of course, I’m not judging anyone, we are humans after all. But this little incident is quite funny.

Audiocasts/Shows: Blender 2.91, Server Security, Linux in the Ham Shack and More

IBM/Red Hat Leftovers

  • Davie Street Enterprises: A case study in digital transformation

    We would like to introduce you to Davie Street Enterprises (DSE). DSE is a fictitious 100-year-old multinational corporation that is beginning its digital transformation journey. In this post we will lay the groundwork for a series following DSE as an illustration of how some Red Hat customers are preparing for and succeeding at digital transformation to save money, become more efficient, and compete more effectively. The company isn't real, but its struggle is very real for many organizations. Throughout this series, we will explore the business problems any number of organizations are challenged with and how DSE, with the help of Red Hat and its partners, plan to solve those problems. To start, let’s learn more about DSE, its business, and some of the associates involved in its digital transformation journey.

  • Farewell 2020: A year of togetherness with our EMEA partners

    When reflecting on 2020, I do what many people do and think about what things were like prior to this year. For me, I immediately go back to a spring day three years ago. Red Hat was hosting our EMEA Partner Conference; a mix of distributors, independent software vendors (ISVs), system integrators and solution providers from across the region. Alongside the usual product updates and market insight sessions you might expect, we decided to do a little drumming. A lot of drumming, in fact — 900 people banging bongos and clashing cymbals. Other than the noise, what I remember was the genuine sense of togetherness; embarrassment and egos put to the side in the pursuit of the perfect tempo. It seems drumming is a good signal of solidarity. Even in a large group, it’s easy to notice someone beating to a different rhythm. Trainers and coaches use this drumming technique frequently to promote unity and coordination. Our coach that day later congratulated me on "having such a tight knit group of employees." When I told him they weren’t our employees but partners from 550 different companies, he couldn’t believe it.

  • Visualizing system performance with RHEL 8 using Performance Co-Pilot (PCP) and Grafana (Part 1)

    When it comes to performance metrics data collection and visualization on Linux, PCP metrics collection and visualization are key. Red Hat Enterprise Linux (RHEL) 8 provides an excellent framework for collecting performance metrics and visualizing them! The days of poring over command line output to try and figure out what is happening on a system are gone. In this series, I’d like to introduce the power of using Performance Co-Pilot (PCP) and Grafana to visualize system performance data in RHEL. By default, Performance Co-Pilot is not installed on RHEL 8. We believe in giving users choices and as such, you have to opt-in to using Performance Co-Pilot.