Monthly Archive:: September 2023
A month has passed since the last Plasma 6 status update, so it’s time for another one! First, what you’ve all been waiting for: a release date! We’ve decided that Plasma 6 will be released in early February of 2024. We don’t have a specific day targeted yet, but it’ll be in that timeframe. I’m feeling quite confident that the release will be in excellent shape by then! It’s already in good shape right now. 5 months should provide enough of a runway for a solid final release. Following the development of Plasma 6 has been an interesting ride, and it seems it’s in a good state – and these five months will make it even better.
Over the past few days, there have been a lot of reports in the media that the UK government was backing down from its requirement that every end-to-end encrypted messenger application inside the country had to give the government backdoor access to these messenger applications. However, after reading the actual words from the UK’s junior minister Stephen Parkinson, it seemed like all she did was give a “pinky promise!” not to enforce this requirement. The law itself did not change, is not changing, and will not change, and the requirement is still in there. Today, the UK’s technology minister Michelle Donelan made that even clearer than it already was. Donelan, however, denied on Thursday that the bill had been watered down in the final stages before it becomes law. “We haven’t changed the bill at all,” she told Times Radio. “If there was a situation where the mitigations that the social media providers are taking are not enough, and if after further work with the regulator they still can’t demonstrate that they can meet the requirements within the bill, then the conversation about technology around encryption takes place,” she said. This raises an interesting question – why was everyone so keen on pushing the narrative yesterday that the “technology sector” had won, and that the UK government had backed down? Well, Facebook and Apple have kind of talked themselves into a corner in response to the UK’s requirement for backdoor access to WhatsApp and iMessage. The two companies threatened they would pull these services out of the UK if the government didn’t remove this requirement. When it became clear that the UK government wasn’t going to back down, Facebook and Apple were going to lose a lot of face if they didn’t actually pull WhatsApp and iMessage out of the UK in response. They needed something to get them out of this. This vague pinky promise is all they needed. Now they can shit all over their supposed morals and values once again, completely abandon their grandstanding and promises about protecting end-to-end encryption in messaging, and continue to operate in the UK as if nothing has changed, despite them legally being obligated to break end-to-end encryption if the UK government asks them to – which they can now do whenever it pleases them. And entirely unsurprisingly, the general tech media, ever looking to please the corporations they are supposed to do the journalism stuff about, fell for it, hook, line, and sinker. The narrative that the UK backed down and Facebook and Google won is out there now, and that’s all the tech sector needed.
Based on Ubuntu Core’s FDE design, we have been working on bringing TPM-backed full disk encryption to classic Ubuntu Desktop systems as well, starting with Ubuntu 23.10 (Mantic Minotaur) – where it will be available as an experimental feature. This means that passphrases will no longer be needed on supported platforms, and that the secret used to decrypt the encrypted data will be protected by a TPM and recovered automatically only by early boot software that is authorised to access the data. Besides its usability improvements, TPM-backed FDE also protects its users from “evil maid” attacks that can take advantage of the lack of a way to authenticate the boot software, namely initrd, to end users. I’m not well-versed enough on this topic to make any meaningful comments, other than as long as it’s a choice presented to users, it seems like a good thing.
To address this customer concern, Microsoft is announcing our new Copilot Copyright Commitment. As customers ask whether they can use Microsoft’s Copilot services and the output they generate without worrying about copyright claims, we are providing a straightforward answer: yes, you can, and if you are challenged on copyright grounds, we will assume responsibility for the potential legal risks involved. This new commitment extends our existing intellectual property indemnity support to commercial Copilot services and builds on our previous AI Customer Commitments. Specifically, if a third party sues a commercial customer for copyright infringement for using Microsoft’s Copilots or the output they generate, we will defend the customer and pay the amount of any adverse judgments or settlements that result from the lawsuit, as long as the customer used the guardrails and content filters we have built into our products. Copilot is the biggest copyright infringement case in human history, but at the same time, it will be very difficult for the thousands and thousands of individual projects and developers on Github to fight Microsoft in court of this infringement. Microsoft knows nobody powerful enough to challenge them is going to sue them over this, so they can easily offer this indemnification.
ELKS is a project providing a Linux-like OS for systems based on the Intel IA16 architecture (16-bit processors: 8086, 8088, 80188, 80186, 80286, NEC V20, V30 and compatibles). Such systems are ancient computers (IBM-PC XT / AT and clones) as well as more recent SBCs, SoCs, and FPGAs. ELKS supports networking and installation to HDD using both MINIX and FAT file systems. Version 0.7.0 was recently released, and it includes support for several new systems, among which is the Book 8088, a recently released 8088 laptop from China that’s been making the rounds on YouTube. Of course, it also comes with a bunch of new commands and applications, like mail from MINIX, the visual file manager fm, and more, and the usual load of bug fixes.
Xcom is a crossplatform GUI system: a multi-windowed, multi-tasking environment. Xcom allows you to browse, copy, view and manage your files, start and stop programs, watch and listen basic media content and music. Unlike other windowing systems and protocols, it integrates the basic functionality as a monolithic, cohesive program. Xcom can run on top of various kernel, currently the DOS version is available publicly. Xcom is tiny in size, fast, doesn’t requires installation process. Xcom is hundreds of times faster and smaller than competitive systems – it requires only about 5 MBytes of disk space, and starts up within a few seconds. Xcom has a familiar appearance of classic operating system user interfaces. Xcom is a handy tool to keep it on your retro computer, it can work magnitudes faster than any other modern desktop environment, meanwhile the features are up-to date. Xcom has all the basic tools for browsing pictures, listening to music files, reading and writing text documents and drawing simple graphics. This is an interesting approach to developing a full… User interface? Operating environment? It currently is only available for DOS, but other systems should follow. It does have a few intrinsic limitations – since it’s entirely contained in one program, you can’t develop for this or create new applications, since it’s not a toolkit and doesn’t have a compiler or anything like that. It’s also not open source, and while that doesn’t mean it’s not good or not interesting, it does limit the interest this will gather in the wider community. Regardless, it looks great, and it’s clear a lot of work and love went into it.
We’ve come a long way since then, steadily retreating from openness & user control of devices, and shifting towards a far more locked-down vendor-controlled world. The next step of Android’s evolution is Android 14 (API v34, codename Upside-Down Cake) and it takes more steps down that path. In this new release, the restrictions around certificate authority (CA) certificates become significantly tighter, and appear to make it impossible to modify the set of trusted certificates at all, even on fully rooted devices. If you’re an Android developer, tester, reverse engineer, or anybody else interested in directly controlling who your device trusts, this is going to create some new challenges. The walls are slowly but surely closing in on Android.
On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor had acquired the consumer key, Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our technical investigation has concluded. As part of our commitment to transparency and trust, we are releasing our investigation findings. Our investigation found that a consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (“crash dump”). The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump (this issue has been corrected). The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected). We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network. This is consistent with our standard debugging processes. Our credential scanning methods did not detect its presence (this issue has been corrected). After April 2021, when the key was leaked to the corporate environment in the crash dump, the Storm-0558 actor was able to successfully compromise a Microsoft engineer’s corporate account. This account had access to the debugging environment containing the crash dump which incorrectly contained the key. Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key. That is one hell of a unique string of unfortunate events.
Car makers have been bragging about their cars being “computers on wheels” for years to promote their advanced features. However, the conversation about what driving a computer means for its occupants’ privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car. All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed. Much to the surprise of nobody.
While the Pixel 6 ushered in three years of major Android OS version updates and an additional two for security patches, that’s still nowhere near the longevity of the iPhone. Google hopes to change that on the Pixel 8 and 8 Pro with noticeably more OS updates. Looking at the mobile Android landscape, three years of OS updates – which was also the case on Qualcomm-powered Pixel phones from 2017-2021 – is less than Samsung’s promise of four, which started last year with the Galaxy S21, S22, Flip 3, and Fold 3 and continued through devices released this year, including some of the company’s more affordable releases. From what we’re hearing, Pixel 8’s update promise should surpass Samsung’s current policy on flagships and meaningfully match the iPhone. Of course, the devil is in the details, especially in those later years. For example, the Galaxy line has, in the past, adopted a quarterly approach towards the end. Even a bump to just five years of OS updates for Pixel would be enough and let the Google phone be at the top of the ecosystem, with anything beyond that squarely going after the iPhone’s record. The situation has definitely been improving – finally – but I’d still like this to be platform-wide, and not just individual manufacturers making promises. To reduce e-waste, make devices more secure and ensure longer lifespans, I’d like to see 10 years of full software support. The tech industry has a long history of garbage support and low quality – especially when it comes to software – that we would not tolerate from any other industry. It’s time the tech industry grew up and joined other industries that offer far longer and more comprehensive support.
China ordered officials at central government agencies not to use Apple’s iPhones and other foreign-branded devices for work or bring them into the office, people familiar with the matter said. In recent weeks, staff were given the instructions by their superiors in workplace chat groups or meetings, the people said. The directive is the latest step in Beijing’s campaign to cut reliance on foreign technology and enhance cybersecurity, and comes amid a campaign to limit flows of sensitive information outside of China’s borders. The move by Beijing could have a chilling effect for foreign brands in China, including Apple. Apple dominates the high-end smartphone market in the country and counts China as one of its biggest markets, relying on it for about 19% of its overall revenue. iPhones are, for all intents and purposes, a Chinese product. It seems odd they are afraid of a device that’s entirely built by Chinese people in Chinese factories owned by Chinese companies run by the Chinese government. An iPhone is about as American as a MAGA hat with a Made in China label, so why ban its use by Chinese government officials? The answer is obvious: because the west is banning the use of Huawei and other devices – even though those are made by the same Chinese people in the same Chinese factories owned by the same Chinese companies run by the same Chinese government as iPhones are. This is a tug of war between two superpowers, and western companies heavily reliant on China, such as Apple, is going to be facing some serious consequences.
The European Commission has today designated, for the first time, six gatekeepers – Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft – under the Digital Markets Act (DMA). In total, 22 core platform services provided by gatekeepers have been designated. The six gatekeepers will now have six months to ensure full compliance with the DMA obligations for each of their designated core platform services. Following their designation, gatekeepers now have six months to comply with the full list of do’s and don’ts under the DMA, offering more choice and more freedom to end users and business users of the gatekeepers’ services. However, some of the obligations will start applying as of designation, for example, the obligation to inform the Commission of any intended concentration. It is for the designated companies to ensure and demonstrate effective compliance. To this end, they have 6 months to submit a detailed compliance report in which they outline how they comply with each of the obligations of the DMA. The EC also notes that due to submissions from Apple and Microsoft arguing that iMessage and Bing, Edge, and Microsoft Advertising respectively, do not qualify to be subject to the DMA, the EC has opened four market investigations into these four services to further assess the situation. On top of that, for Gmail, Outlook.com and the Samsung Internet Browser, the EC has concluded that their owners have successfully argued they should not fall under the DMA. This is one of the biggest pieces of legislation to hit powerful corporations in a long time – especially in tech, which basically has been a wild west free-for-all regulation-wise – and it’s going to have some massive consequences for all of us.
From Ars Technica: As both a translator and a tech writer, this article touches upon a lot of aspects of my professional life. As a translator with a master’s degree in translation and over 13 years of experience, I can confidently say these AI-translated articles won’t be anywhere near the quality of a professional translation, let alone that of original content written in Spanish. Computers are actually not that great at language, and every time I play around with machine translation tools – they tend to be integrated into the various translation software suites I use – it’s barely passable as coherent text. There are things you can do to increase the success rate of machine translation. It’s crucial to write the source text in a very formulaic manner, using short sentences with basic sentence structure any primary schooler can easily follow. Avoid complicated clauses, literary devices, sayings and wordplay, and words that can carry multiple meanings. To further increase the success rate, make sure your writers reuse the same formulaic sentences in different articles, so the machine translation software can learn from earlier corrections. By the time you instilled all this and more into your writing staff, not only will they quit because writing in such a way is not engaging at all, it will also tank your SEO – something the kind of people who would fire translators to rely exclusively on machine translation would care about – into the ground. It wouldn’t feel natural, and nobody will enjoy reading it but computers. …it’s going to end up as AIs writing for other AIs.
Speaking of operating systems written in Rust – a popular activity as of late – one of the SoC contributors to Redox is also writing their own operating system in rust, called Aero. Aero is a new modern, experimental, unix-like operating system written in Rust. Aero follows the monolithic kernel design and it is inspired by the Linux Kernel. Aero supports modern PC features such as Long Mode, 5-level paging, and SMP (multicore), to name a few. Open source, of course, licensed under the GPL, version 3.
This year’s Redox Summer of Code program has seen us add some exciting capabilities to Redox. Our three interns each came up with their own project proposals, and delivered major new functionality. In addition to our paid internships, our volunteer contributors also made major strides this summer. This year’s projects include VirtIO drivers, the project to use Linux drivers on Redox that we talked about earlier, and on-demand paging and other memory management improvements. There’s also a long list of other improvements outside of SoC.
I’ve always loved building tools and platforms, and have long been fascinated with the world of operating systems. Apart from reading through the source code (where that’s legally available, of course…) I think there’s no better way to explore and understand a system – and the mindset that produced it – than to develop for it. What follows is a brain-dump of what I’ve learned about developing for the AmigaOS, both on classic 68k-powered hardware to modern PowerPC systems like the X5000. I’ll cover development environments, modern workflows like CI builds on containerised infrastructure, distribution of packages and even a look back in time before C existed, thanks to AmigaDOS’s odd heritage. If you want to develop for Amiga OS – and you should, because the more people develop for alternative and classic platforms, even if only as an occassional side project, the better – this is a great place to start.
Apple and Microsoft have argued with Brussels that some of their services are insufficiently popular to be designated as “gatekeepers” under new landmark EU legislation designed to curb the power of Big Tech. Brussels’ battle with the two US companies over Apple’s iMessage chat app and Microsoft’s Bing search engine comes ahead of Wednesday’s publication of the first list of services to be regulated by the Digital Markets Act. Microsoft’s argument seems to make sense. Microsoft was unlikely to dispute the designation of its Windows operating system, which dominates the PC industry, as a gatekeeper, these people said. But it has argued that Bing has a market share of just 3 per cent and further legal scrutiny would put it at a greater disadvantage. I guess the validity of Microsoft’s argument hinges on if that 3% equates to the number of users requirements set by the European Union, but I guess we’ll find out tomorrow. Apple’s argument, though, seems more precarious. Separately, Apple argued that iMessage did not meet the threshold of user numbers at which the rules applied and therefore should not comply with obligations that include opening the service to rival apps such as Meta’s WhatsApp, said the two people. Analysts have estimated that iMessage, which is built into every iPhone, iPad and Mac, has as many as 1bn users globally, but Apple has not disclosed any figures for several years. The decision is likely to hinge on how Apple and the EU define the market in which iMessage operates. One billion users worldwide is most definitely going to mean it exceeds the minimums set by the DSA. Apple, you’re going to have to open up iMessage, and allow competitors and newcomers to interoperate with it. Using messaging services as lock-in is outdated, anti-consumer, and harmful to competition. And if you don’t like it – as they say on the Isle of Man, a boat leaves in the morning.
In 2019, the US Department of Commerce put Huawei on an “Entity List”, which banned it from dealing with any US company. The move led Google to revoke Huawei’s Android license, among other repercussions. Then, Huawei developed its own OS, HarmonyOS, for phones, tablets. Wang Chenglu, former Huawei executive and now CEO of Shenzhen Kaihong Digital Industry Development, recently revealed on Weibo (Chinese social media) that HarmonyOS will be coming to PCs. When someone had asked if a PC version of Hongmeng will be released next year, Chenglu responded with a “Yes” to indicate that a HarmonyOS PC variant is planned for 2024. It is worth noting that HarmonyOS is called Hongmeng in China, and OpenHarmony for PC is available to some testers. HarmonyOS is an interesting beast in that it’s much more than just “a modified Android”, as its Wikipedia page details. Even if it never gains a foothold in the west, its potential in China is massive, and big enough to become a serious contender regardless of what we here in the west think of it. I love the gusto of bringing it to the PC, too, and aside from reservations I have about using an operating system developed by one of the many extensions of the Chinese government, I’m actually quite interested in using one of the HarmonyOS smartphones.
ARM had a slow start on its way to move beyond microcontrollers and enter the high performance market. ARM Ltd made the Cortex A9, their first out-of-order core, in 2007. Throughout the 2010s, they gradually made bigger, higher power, and higher performance cores. Pushing performance boundaries isn’t easy, but today, ARM’s cores can be a viable alternative to Intel and AMD’s offerings in the server market. RISC-V started much later, but has seen faster growth. Berkerly’s BOOM core had grown into a sizeable out-of-order design by 2016. Now, SiFive’s P870 looks a lot like ARM’s Cortex X series in terms of reordering capacity, core width, and execution units. It might not be a match for ARM’s best, since the load/store queues look a bit small and vector execution throughput is a bit weak. But from looking at P870, SiFive’s ambitions are clear. They want a chunk of ARM’s pie. RISC-V is getting better and better at a rapid pace. The software side of the story still has a long way to go, but that, too, is getting better. Exciting.
A third XProtect was discovered in Ventura, this time observing potentially malicious behaviour such as attempts to access private data for browsers and messaging apps. This XProtect Behaviour Service (XBS) has used a set of Bastion rules embedded in the strings in syspolicyd to record behaviours in a new database, but so far has been an observer and hasn’t blocked such behaviours. Security researchers have already been able to discover its records of novel malicious code, and Chris Long has documented how to access its database, but so far syspolicyd has only watched and recorded. Recent descriptions of Bastion rules have identified four, last updated in syspolicyd in macOS 13.5 on 24 July 2023. Those changed on 8 August, when Apple released its first update to the Bastion rules, and again a month later on 1 September, when they changed again. There’s now a fifth Bastion rule, and XBS appears to be getting ready to fly for the first time. If you had told me in 2005 or so, when I was a fervent Mac user, that one day, macOS would come with an extensive set of antivirus and antimalware tools that ran silently in the background, checking everything you do on your computer – I’d have thought you were crazy. But here we are.