Language Selection

English French German Italian Portuguese Spanish

Mac

The problems with Apple aren't just outages, they are injustices

Filed under
GNU
Mac

This November, both everyday users and privacy advocates found new reasons to be concerned about Apple. After an update to the latest version of their operating system, users found that they were unable to launch applications that were not written by Apple itself. This problem was caused by an Apple server outage. But why did the unavailabilty of a remote server prevent a user from launching a program on their own computer?

It turns out that each time a program is opened on macOS, it phones home via the Online Certificate Status Protocol (OCSP) to see if that application is "okay" to launch: it asks the corporation permission each time a new application is encountered, sending potentially identifying information along with that request. While this function only made news because of the recent server outage caused by the release of the newest version of macOS, Big Sur, research indicates that the report-back has existed in the operating system since September 2018, with the release of macOS Mojave. This is a classic case of proprietary software serving as an instrument of unjust power.

Although Apple does not directly receive the name of the application, but rather information on who developed it, most developers have only a very limited number of apps on the App Store, making it easy for Apple to infer. More disturbing yet is the other identifying information that is sent along with the request, which includes the user's approximate location and the current date and time.

Because macOS is so restricted, it leaves everyone, including free software developers, powerless to help users prevent their application use from being reported back to Apple. Due to the way the system is engineered, free software firewalls like LuLu are unable to block the information from being sent to Apple domains. Furthermore, the information is sent unencrypted over the network, potentially allowing a snoop to see which applications a user was trying to launch on their own computer. The request also bypasses any VPN, letting Apple know their approximate location even if the user has taken steps to stay anonymous.

Read more

macOS to FreeBSD migration a.k.a why I left macOS

Filed under
Mac
BSD

I think the title tells a lot about the story I’m going to tell you.

This is not a technical documentation for how I migrated from macOS to FreeBSD. This is a high-level for why I migrated from macOS to FreeBSD.

Not so long ago, I was using macOS as my daily driver. The main reason why I got a macbook was the underlying BSD Unix and the nice graphics it provides. Also, I have an iPhone. But they were also the same reasons for why I left macOS.

Read more

Also: Fiddling with OpenBSD ports

macOS to FreeBSD migration a.k.a why I left macOS

Filed under
Mac
BSD

This is not a technical documentation for how I migrated from macOS to FreeBSD. This is a high-level for why I migrated from macOS to FreeBSD.

Not so long ago, I was using macOS as my daily driver. The main reason why I got a macbook was the underlying BSD Unix and the nice graphics it provides. Also, I have an iPhone. But they were also the same reasons for why I left macOS.

I did not want to write this post right after the migration, I wanted to take my time, use FreeBSD daily, see if I will ever miss macOS.

Read more

Jussi Pakkanen: How Apple might completely take over end users' computers

Filed under
Mac

Many people are concerned about Apple's ongoing attempts to take more and more control of end user machines from their users. Some go so far as to say that Apple won't be happy until they have absolute and total control over all programs running on end user devices, presumably so that they can enforce their 30% tax on every piece of software. Whether this is true or not we don't really know.

What we can do instead is a thought experiment. If that was their end goal, how would they achieve it? What steps would they take to obtain this absolute control? Let's speculate.

Read more

User-hostile Hardware

Filed under
Hardware
Microsoft
Mac
  • Linus Torvalds wants Apple’s new M1-powered Macs to run Linux

    Earlier this month, Apple revealed its own ARM-based M1 processor, along with new MacBooks and a desktop Mac Mini powered by this chip. Reviewers across the globe have been praising Apple‘s first attempt, giving it high marks for performance and battery life.

    All this positive coverage has tempted many to take the plunge and buy one of the new machines — even if some apps are not running natively at the moment. Even Linus Torvalds, the principal developer of the Linux kernel, wants one.

    [...]

    Linux support on MacBooks would’ve made it a more attractive bet for programmers. However, I don’t think any engineers at the Cupertino campus plan to make that happen anytime soon. Sorry, Linus.

  • New Microsoft chip will come with added costs, says ex-NSA hacker

    Microsoft's new security chip, announced last week, will have an impact on hardware-only attacks, an American security professional says, adding that it could also assist in firmware security, but would result in added costs.

Proprietary Software and Security Issues

Filed under
Microsoft
Mac
Security

Linux vs. macOS: 15 Key Differences You Need to Know

Filed under
GNU
Linux
Mac

The tug of war between Linux and macOS continues to go through the test of time. The internet meme world concludes their major differences in the usual humorous manner. In their opinion, macOS is for the rich, and Linux is for the skilled. If we add the Windows operating system to this debate, then patience as an attribute would also be a highlight of discussion. However, no operating system is perfect, but there is a perfect being for each operating system.

The individual superiority in both Linux and macOS comes at a cost. This article is here to shed some light on the matter and, at the same time, remove the skeletons hiding in the two OS’s closets.

Linux vs. macOS

Since we are here to neither shame Linux nor macOS, we will look at the preference each operating system brings to the table when comparatively analyzed. However, the preferences might favor one operating system over the other. The final verdict will be in regards to performance flexibility and stability. It’s time to roll the dice on the first comparative topic.

Read more

Security and Proprietary Software Leftovers

Filed under
Microsoft
Mac
Security

  • Security updates for Wednesday

    Security updates have been issued by Arch Linux (chromium, firefox, gdm, linux-hardened, matrix-synapse, salt, sddm, and wordpress), Debian (firefox-esr, libmaxminddb, and moin), Fedora (cifs-utils, firefox, galera, java-latest-openjdk, mariadb, mariadb-connector-c, and wordpress), Gentoo (blueman, chromium, firefox, mariadb, qemu, salt, tmux, and wireshark), openSUSE (sddm), Oracle (kernel), Red Hat (kernel-alt, microcode_ctl, and rh-nodejs12-nodejs), SUSE (kernel, microcode_ctl, openldap2, python-waitress, spice-vdagent, u-boot, and ucode-intel), and Ubuntu (firefox, intel-microcode, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke-4.15, linux-gke-5.3, linux-hwe, linux-hwe-5.4, linux-oem, linux-oem-osp1, linux-oracle, linux-oracle-5.4, and moin).

  • Less than 6 months to 16.04 ESM: 6 things to prepare | Ubuntu

    Ubuntu 16.04 LTS Xenial Xerus will enter the extended security maintenance (ESM) period in April 2021. This article explains the ESM period and provides a guide for six key considerations when planning a migration path from Ubuntu 16.04 LTS.

    [...]

    2) Consider the full stack. The OS is a heart of the system, and an OS migration is a significant change that touches multiple aspects of your configuration, from the Linux kernel up to your applications. Remember to evaluate how the migration will impact your existing workloads and APIs as your current configuration might depend on specific versions of the applications and libraries that shipped with Ubuntu 16.04 LTS. You will likely find newer versions of applications and libraries if you choose a more recent version of Ubuntu (you can find a few examples below). Those versions might not be fully compatible with your overall configuration anymore after the migration.

  •                

  • Waves of attacks on US hospitals show a change in tactics for cybercriminals [iophk: Windows TCO]

                     

                       

    United States hospitals were targeted by two major cybersecurity attacks this fall: the first taking down Universal Health Services, a chain of hundreds of hospitals, and the second by a group called UNC1878 threatening hundreds of individual health care facilities all around the country. Targeting health care institutions directly marks a new approach for cybercriminals.

  •                

  • Ransomware Hits Dozens of Hospitals in an Unprecedented Wave [iophk: Windows TCO]

                     

                       

    On Wednesday evening, the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and Department of Health and Human Services warned that there is a "an increased and imminent cybercrime threat to US hospitals and health care providers," above and beyond the wave of attacks that have already occurred. The alert points to the notorious Trickbot trojan and Ryuk ransomware as the primary hacking tools involved in the attacks. Security analysts at private companies say that the activity is tied to the Russian criminal gang sometimes called UNC 1878 or Wizard Spider.

  •                

  • Ransomware Group Turns to Facebook Ads

                     

                       

    It’s not clear whether this was an isolated incident, or whether the fraudsters also ran ads using other [cracked] Facebook accounts. A spokesperson for Facebook said the company is still investigating the incident. A request for comment sent via email to Campari’s media relations team was returned as undeliverable.

  •                

  • On Apple's Piss-Poor Documentation

                     

                       

    However, as users rightly demand more complicated and fancy apps, the APIs often need to get more fancy and complicated as well. Suddenly you look up and, instead of only using screwdrivers and hammers, you’re using power tools and complicated saws, and everything is much more fiddly than it once was.

                       

    With real tools, you’d expect to receive an owner’s manual, which explains how to use the tool you’ve just purchased. A rough analogy exists for APIs, insofar as most platform vendors will provide documentation. This is basically the "owner’s manual" for that API.

                       

    Apple’s documentation has, for years, been pretty bad. Over the last couple years, it has gone from bad → awful → despicable → embarrassing. All too often, I go to research how to do something new, and use an API I’m not familiar with, only to be stymied by those three dreaded words:

    No overview available.

Apple backtracks on App Store removal threat for Unix shell iOS apps

Filed under
Mac

Developers of Linux and Unix shells have received warnings from Apple that their iOS apps violate App Store Review Guidelines, with the threat of termination from the App Store said to be reversed in at least one instance.

A shell is a tool that enables users to perform command-line operations on a device, which usually doesn't offer that sort of functionality, such as the lack of a terminal in iOS. These terminal emulator apps like a-Shell and iSH enable the use of many Unix commands in iOS, which can be useful for developers and power users.

However, according to a series of tweets on Sunday, it seems that the two apps have come under fire from Apple's App Store team for seemingly violating the App Store Review Guidelines. The iSH Twitter account advised it was informed by Apple it would be removing the app from the App Store on Monday.

Read more

Proprietary Software and DRM/Monopoly

Filed under
Microsoft
Mac

  • FOSS Patents: Fortnite users continue to make in-app purchases on iOS that bypass Apple's payment system: court filing says "Epic is stealing money from Apple"

    In yesterday's filing, Apple says it has the right to sue Epic not only for breach of contract but also for tort, given that Epic would face tort liability "if [t]c had never executed the contracts with Apple and had instead found another way to smuggle Fortnite and its 'hotfix' payment mechanism into the App Store." Apple argues that a company protecting itself against such behavior through contracts must not be in a weaker legal position than one that doesn't. What Apple does clarify is that it won't seek "multiplicative recovery" if the same conduct on Epic's part constituted both a breach of an agreement and fraud. In other words, Apple would then content itself with only the greater of the two alternative amounts.

    It appears that the "hotfix" was just a simple data point on Epic's servers--not program code, but merely a trigger. When the iOS version of Fortnite checked on that data point, it offered an alternative payment mechanism to end users in circumvention of Apple's in-app payment rules.

    After the "hotfix" that Apple says became Epic's hot mess, Fortnite was removed from the App Store. That means it cannot be downloaded to iOS devices right now, and Epic has already failed twice (with a motion for a temporary restraining order as well as a motion for a preliminary injunction) to get a court to force Apple to tolerate an iOS version of Fortnite that bypasses Apple's in-app payment system.

  • Why Apple’s App Store Is Under Siege

    Fueling the fire was a report issued last week by House Democrats summing up an antitrust probe into four Big Tech companies — Apple, Amazon, Facebook and Google — and urging Congress to enact new laws to curb the companies’ power. The 449-page report called on Congress to enact new laws to curb the companies’ power, including prohibiting companies like Apple from operating “adjacent lines of business” (in other words, preventing it from offering its own apps in the App Store that compete with those from third parties).

    “Apple’s monopoly power over app distribution on iPhones permits the App Store to generate supra-normal profits,” the House Judiciary Committee report said.

  • Microsoft Says Long-Time Deals Executive Brown Leaving Company

    Microsoft Corp. said mergers and acquisitions chief Marc Brown is leaving the company after a more than two-decade stint working on deals ranging from LinkedIn to Nokia Oyj’s handset unit.

    Brown, vice president of corporate development, reported to Chief Financial Officer Amy Hood. Microsoft spokesman Frank Shaw on Friday confirmed Brown’s departure and declined to comment on a replacement. The company is still conducting a search for a senior business development executive to replace Peggy Johnson, who left in July to become chief executive officer at Magic Leap Inc.

  • Your brand new Oculus Quest 2 can’t play Oculus Go games, John Carmack confirms [Ed: Digital Restrictions (DRM) in action]

    If you bought a new Oculus Quest 2 with the hopes of experiencing games from the now-discontinued Oculus Go, I have bad news: the company has decided not to include support for Go titles on the Quest 2, Oculus’ consulting CTO John Carmack confirms on Twitter.

    When the Oculus Quest 2 launched three days ago, some people noticed there was no feature on the UI that allowed users to access Go apps and games, something the original Quest headset featured. Carmack did not go into much detail on why support was not added other than “[he] totally lost the internal debate over backwards compatibility.”

  •    

  • Three npm packages found opening shells on Linux, Windows systems [Ed: The writers at ZDNet are apt at blaming “LINUX” for security threats that have nothing to do with Linux. Now that Microsoft is serving malware ZDNet… blames “NPM” (ssshhhhh… don’t mention Microsoft)]
  •     
      

Syndicate content

More in Tux Machines

EasyOS Dunfell 2.6.1 released for x86_64 PC

Yesterday announced EasyOS Dunfell 2.6.1 aarch64 for the Raspberry Pi4: https://bkhome.org/news/202101/easyos-dunfell-261-released-for-the-raspberry-pi4.html Today it is the turn for EasyOS Dunfell-series 2.6.1 64-bit on the PC. This is the first official release in this series. Same packages compiled in OpenEmbedded. Latest SeaMonkey 2.53.6. A different kernel for the PC build, 5.10.11. Read all about it here: http://distro.ibiblio.org/easyos/amd64/releases/dunfell/2.6.1/release-notes-2.6.1.htm As stated in the release notes, all three streams are being sync'ed to the same version number. The Buster-series 2.6.1 will probably be uploaded tomorrow. I have to compile the latest 5.4.x kernel, and SeaMonkey 2.53.6. As to which you would choose for the PC, it is like asking "which is better, strawberry icecream or chocolate icecream?" Read more

Top 20 Uses of Linux

The Linux OS and its related distros and flavors have transformed it from hardcore software into an industrial brand. Even if you are not a fan of it, the Linux OS might be as common as the air you breathe if you closely analyze your day to day interactive activities. Almost all the modern technologies that transform and innovate the tech industry have a Linux OS DNA imprinted on them. Those that are yet to be branded with their innovative uniqueness and recognition are waiting in line for the famed chance. Therefore, you might boldly claim that the Linux OS does not run your life, but the world around you cannot avoid the flirty pursuits of this open-source and free software. Nowadays, almost anything that can be described as cool is either pursuing Linux or is being pursued by Linux. It is the perfect symbiotic relationship in a world that tries to find a balance in technology and innovation. This article explores the awesomeness and outreach of the Linux OS in the world around us. It might even be an eye-opener for some of us to start taking our Linux skills to the next level. Top500 quotes Linux as the powerhouse or engine behind five-hundred fastest computers worldwide. I do not know of the speed of the computer composing this article or whether it qualifies to be among the listed five-hundred fastest computers worldwide. However, one thing is certain; it is 100% Linux DNA. On this note, let us start parading the top 20 uses of Linux. Read more

parted-3.4 released [stable]

Parted 3.4 has been released.  This release includes many bug fixes and new features. 
Here is Parted's home page: 
    http://www.gnu.org/software/parted/ 
For a summary of all changes and contributors, see: 
  https://git.savannah.gnu.org/cgit/parted.git/log/?h=v3.4 
or run this command from a git-cloned parted directory: 
  git shortlog v3.3..v3.4 (appended below) 
Here are the compressed sources and a GPG detached signature[*]: 
  http://ftp.gnu.org/gnu/parted/parted-3.4.tar.xz 
  http://ftp.gnu.org/gnu/parted/parted-3.4.tar.xz.sig 
Use a mirror for higher download bandwidth: 
  https://www.gnu.org/order/ftp.html 
[*] Use a .sig file to verify that the corresponding file (without the 
.sig suffix) is intact.  First, be sure to download both the .sig file 
and the corresponding tarball.  Then, run a command like this: 
  gpg --verify parted-3.4.tar.xz.sig 
If that command fails because you don't have the required public key, 
then run this command to import it: 
  gpg --keyserver keys.gnupg.net --recv-keys 117E8C168EFE3A7F 
and rerun the 'gpg --verify' command. 
This release was bootstrapped with the following tools: 
  Autoconf 2.69 
  Automake 1.16.1 
  Gettext 0.21 
  Gnulib v0.1-4131-g252c4d944a 
  Gperf 3.1 
Read more

Kernel: LWN's Latest and IO_uring Patches

  • Resource limits in user namespaces

    User namespaces provide a number of interesting challenges for the kernel. They give a user the illusion of owning the system, but must still operate within the restrictions that apply outside of the namespace. Resource limits represent one type of restriction that, it seems, is proving too restrictive for some users. This patch set from Alexey Gladkov attempts to address the problem by way of a not-entirely-obvious approach. Consider the following use case, as stated in the patch series. Some user wants to run a service that is known not to fork within a container. As a way of constraining that service, the user sets the resource limit for the number of processes to one, explicitly preventing the process from forking. That limit is global, though, so if this user tries to run two containers with that service, the second one will exceed the limit and fail to start. As a result, our user becomes depressed and considers a career change to goat farming. Clearly, what is needed is a way to make at least some resource limits apply on per-container basis; then each container could run its service with the process limit set to one and everybody will be happy (except perhaps the goats).

  • Fast commits for ext4

    The Linux 5.10 release included a change that is expected to significantly increase the performance of the ext4 filesystem; it goes by the name "fast commits" and introduces a new, lighter-weight journaling method. Let us look into how the feature works, who can benefit from it, and when its use may be appropriate. Ext4 is a journaling filesystem, designed to ensure that filesystem structures appear consistent on disk at all times. A single filesystem operation (from the user's point of view) may require multiple changes in the filesystem, which will only be coherent after all of those changes are present on the disk. If a power failure or a system crash happens in the middle of those operations, corruption of the data and filesystem structure (including unrelated files) is possible. Journaling prevents corruption by maintaining a log of transactions in a separate journal on disk. In case of a power failure, the recovery procedure can replay the journal and restore the filesystem to a consistent state. The ext4 journal includes the metadata changes associated with an operation, but not necessarily the related data changes. Mount options can be used to select one of three journaling modes, as described in the ext4 kernel documentation. data=ordered, the default, causes ext4 to write all data before committing the associated metadata to the journal. It does not put the data itself into the journal. The data=journal option, instead, causes all data to be written to the journal before it is put into the main filesystem; as a side effect, it disables delayed allocation and direct-I/O support. Finally, data=writeback relaxes the constraints, allowing data to be written to the filesystem after the metadata has been committed to the journal. Another important ext4 feature is delayed allocation, where the filesystem defers the allocation of blocks on disk for data written by applications until that data is actually written to disk. The idea is to wait until the application finishes its operations on the file, then allocate the actual number of data blocks needed on the disk at once. This optimization limits unneeded operations related to short-lived, small files, batches large writes, and helps ensure that data space is allocated contiguously. On the other hand, the writing of data to disk might be delayed (with the default settings) by a minute or so. In the default data=ordered mode, where the journal entry is written only after flushing all pending data, delayed allocation might thus delay the writing of the journal. To assure data is actually written to disk, applications use the fsync() or fdatasync() system calls, causing the data (and the journal) to be written immediately.

  • MAINTAINERS truth and fiction

    Since the release of the 5.5 kernel in January 2020, there have been almost 87,000 patches from just short of 4,600 developers merged into the mainline repository. Reviewing all of those patches would be a tall order for even the most prolific of kernel developers, so decisions on patch acceptance are delegated to a long list of subsystem maintainers, each of whom takes partial or full responsibility for a specific portion of the kernel. These maintainers are documented in a file called, surprisingly, MAINTAINERS. But the MAINTAINERS file, too, must be maintained; how well does it reflect reality? The MAINTAINERS file doesn't exist just to give credit to maintainers; developers make use of it to know where to send patches. The get_maintainer.pl script automates this process by looking at the files modified by a patch and generating a list of email addresses to send it to. Given that misinformation in this file can send patches astray, one would expect it to be kept up-to-date. Recently, your editor received a suggestion from Jakub Kicinski that there may be insights to be gleaned from comparing MAINTAINERS entries against activity in the real world. A bit of Python bashing later, a new analysis script was born.

  • Experimental Patches Allow For New Ioctls To Be Built Over IO_uring

    IO_uring continues to be one of the most exciting technical innovations in the Linux kernel in recent years not only for more performant I/O but also opening up other doors for new Linux innovations. IO_uring has continued adding features since being mainlined in 2019 and now the newest proposed feature is the ability to build new ioctls / kernel interfaces atop IO_uring. The idea of supporting kernel ioctls over IO_uring has been brought up in the past and today lead IO_uring developer Jens Axboe sent out his initial patches. These initial patches are considered experimental and sent out as "request for comments" - they provide the infrastructure to provide a file private command type with IO_uring handling the passing of the arbitrary data.