I thought commonly used TrustZone firmwares do have revocation/rollback protection but the OEMs doesn't use it when upgrading the OS. E.g. they bundle a new Widevine version in the update but they don't actually revoke old vulnerable ones.
As explored in depth by Google's Project Zero here:
With data savings set to extreme it runs everything through Opera servers that run Presto. This is the traditional Mini mode that has been around since the beginning.
With data savings set to high it will indeed use WebView on the phone. This is a rather new feature introduced last year. The traffic is still directed through Opera servers, now using the "Opera Turbo" mode from Opera's desktop browser and the Opera for Android mobile browser.
I have a Lenovo laptop with 3 buttons next to the touchpad. I prefer using the center button as just button 3, same as clicking the mouse wheel. The default simple mouse driver included in Windows works just like this.
However Windows 10 will detect that there is an "enhanced" Lenovo provided Synaptics driver and insist on installing that. This driver changes the center button to some "scroll" mode, hold the button and swipe the touchpad and it will send scroll events. This behaviour is not configurable.
To add extra insult to injury the touchpad is perfectly capable of 2-finger multitouch scrolling. The center button scroll mode is some leftover mouse-wheel emulation crap from 10 years ago before multitouch touchpads where common. It's totally not needed.
If I uninstall the "enhanced" driver Windows 10 will forcibly reinstall it for me in the evening. Gee thanks!
Gruzen envisions a future in which EV owners can send autonomous cars to charging stations remotely, a future that would only be possible with wireless charging stations.
I expected Elliot to be elite enough to be part of the top site scene, grabbing his warez of choice through chained ftp-bouncers. All while enjoying free leech thanks to services rendered like writing up a couple of SecuROM and C-Dilla unpackers on the side of his regular network intrusion schtick.
The thought of him crawling in the BitTorrent muck with us regular plebs just makes me sad.:(
Yea you are right, that sounds like a plausible way to do it.
A notification will still show up, but the app will probably have time to launch it's malicious payload using a broadcast receiver or such before the user has a chance to do anything about it.
It is also notable in that it is a single clean exploit that does not require multiple chained vulnerabilities to work, the researchers say.
I have a hard time believing that. On Android V8 and the rest of the layout engine run in a restricted sandbox service that has no permissions to install apps.
In addition to exploiting V8 they must be using a separate privilege escalation in the Android userspace or Linux kernel to install the APK, especially if there is no interaction needed like accepting the standard install dialog.
I'm sure curious to hear the real story when Google releases a fix.
As I explained, 64-bit apps use more RAM, running 32-bit and 64-bit apps together uses more RAM.
If they had stayed with a 32-bit CPU then yes, 2 GB RAM would still be adequate.
To make a car analogy, they put in a bigger engine but didn't upgrade the suspension or brakes. The result is actually a worse car than the previous model because now it's a road hazard.
Putting 2 GB of RAM in a 64-bit device is not OK. They did that in the Nexus 9 and it ran like a dog, an app in the background was a dead app.
The reason is twofold, 64-bit apps use more RAM due to larger pointers (a must) and often larger integers (out of convenience).
The second is that the device needs a second set of 32-bit user space libraries for backwards compatibility. When 64-bit and 32-bit apps run at once both sets of libs need to be loaded in RAM.
Negative things: no OIS (as above), no wireless charging (a deal breaker, for many).
I never used the wireless charging on my Nexus 4, connecting a USB cable is easy, why would i need it?
For my Nexus 5 I finally got a Qi charger out of curiosity and was blown away by the convenience. Just putting the phone down on the nightstand without having to fiddle with a cable was better than I could ever imagine.
Nowadays I have wireless chargers everywhere.I slap myself when I think back on the fact that I could have had it already on the N4.
Sadly, the lack of RAM and wireless charging are show-stoppers for me. I was really looking forward to upgrading my Nexus 5, it's an awesome phone and I was hoping for even more awesomeness from Google.
But it should be pointed out that EU membership did not require Greece to join the monetary union (EMU).
E.g. Sweden stayed out on purpose, and some eastern EU countries had to rocky economies to join in the first place, they are all getting the best of both worlds right now.
The problem is figuring out how to craft a law demanding that. What does it mean to be "relevant" to a bill's stated purpose? For that matter, how does one define the "stated purpose" of a bill?
The obvious answer is, whoever wrote and introduced the bill gets to decide which amendments are relevant.
If a bad bill is introduced and the submitter stonewalls any amendments to improve it then it'll just get voted down.
What the sensationalist headline and summary forgot to mention is that RedHat is paying a whopping $99 to Microsoft.
What is more worrisome and more headline worthy is that Microsoft has now become the de facto gatekeeper of your computer BIOS. Without their signature you operating system will not run.
But if they remove the SIM there is plenty of room for a microSD slot in it's place.
A "software SIM" on the SD card would be a win for consumers. It'll never happen though, since not having a SD and price gouging additional models with more internal flash is all the vogue right now.
Slashdot Mirror
Damn, that place is cluttered.
It's like they only built the Jefferies tube and forgot the rest of the starship!
/greger
I'd go even further and call it the Visual Basic of CMSes.
It's a playground for amateurs, and I'm amazed every time I see a well known business or organisation using it.
WordPress quickly degenerates into a mess of plugins and crappy hacks to do any remotely useful content management outside of a banal blog.
- greger
Them aliens sure hacked Slashdot good!
Sometimes I think the editors intentionally posts dupes just to rile people up. This article was a hilariously good choice.
- greger
I guess I'll just have to wait for the YouTube Director's Cut.
- greger
What?!
Entierly shot on an iPhone and there is no VV syndrome? I don't believe it!
https://www.youtube.com/watch?...
- greger
I thought commonly used TrustZone firmwares do have revocation/rollback protection but the OEMs doesn't use it when upgrading the OS. E.g. they bundle a new Widevine version in the update but they don't actually revoke old vulnerable ones.
As explored in depth by Google's Project Zero here:
https://googleprojectzero.blog...
Or is this a real bypass that allows installing a revoked trustlet? The article was light on details.
/ greger47
No, Opera Mini uses both.
With data savings set to extreme it runs everything through Opera servers that run Presto. This is the traditional Mini mode that has been around since the beginning.
With data savings set to high it will indeed use WebView on the phone. This is a rather new feature introduced last year. The traffic is still directed through Opera servers, now using the "Opera Turbo" mode from Opera's desktop browser and the Opera for Android mobile browser.
/greger
I ny case the OEM driver is simply stupid.
I have a Lenovo laptop with 3 buttons next to the touchpad. I prefer using the center button as just button 3, same as clicking the mouse wheel. The default simple mouse driver included in Windows works just like this.
However Windows 10 will detect that there is an "enhanced" Lenovo provided Synaptics driver and insist on installing that. This driver changes the center button to some "scroll" mode, hold the button and swipe the touchpad and it will send scroll events. This behaviour is not configurable.
To add extra insult to injury the touchpad is perfectly capable of 2-finger multitouch scrolling. The center button scroll mode is some leftover mouse-wheel emulation crap from 10 years ago before multitouch touchpads where common. It's totally not needed.
If I uninstall the "enhanced" driver Windows 10 will forcibly reinstall it for me in the evening. Gee thanks!
Nowadays I run Fedora on the laptop.
- greger
This dude and his garage begs to differ http://www.theverge.com/2016/6....
GM if anyone would have the engineering resources to put together a reliable and automatic physical charging connection.
/greger
I expected Elliot to be elite enough to be part of the top site scene, grabbing his warez of choice through chained ftp-bouncers. All while enjoying free leech thanks to services rendered like writing up a couple of SecuROM and C-Dilla unpackers on the side of his regular network intrusion schtick.
The thought of him crawling in the BitTorrent muck with us regular plebs just makes me sad. :(
/greger
Neither does a RFID tag.
/greger
But who teaches the AI the meaning of the commentaries?
/greger
Yea you are right, that sounds like a plausible way to do it.
A notification will still show up, but the app will probably have time to launch it's malicious payload using a broadcast receiver or such before the user has a chance to do anything about it.
/greger
I have a hard time believing that. On Android V8 and the rest of the layout engine run in a restricted sandbox service that has no permissions to install apps.
In addition to exploiting V8 they must be using a separate privilege escalation in the Android userspace or Linux kernel to install the APK, especially if there is no interaction needed like accepting the standard install dialog.
I'm sure curious to hear the real story when Google releases a fix.
/greger
More blipverts for the people!
https://www.youtube.com/watch?...
As I explained, 64-bit apps use more RAM, running 32-bit and 64-bit apps together uses more RAM.
If they had stayed with a 32-bit CPU then yes, 2 GB RAM would still be adequate.
To make a car analogy, they put in a bigger engine but didn't upgrade the suspension or brakes. The result is actually a worse car than the previous model because now it's a road hazard.
/greger
Putting 2 GB of RAM in a 64-bit device is not OK. They did that in the Nexus 9 and it ran like a dog, an app in the background was a dead app.
The reason is twofold, 64-bit apps use more RAM due to larger pointers (a must) and often larger integers (out of convenience).
The second is that the device needs a second set of 32-bit user space libraries for backwards compatibility. When 64-bit and 32-bit apps run at once both sets of libs need to be loaded in RAM.
I never used the wireless charging on my Nexus 4, connecting a USB cable is easy, why would i need it?
For my Nexus 5 I finally got a Qi charger out of curiosity and was blown away by the convenience. Just putting the phone down on the nightstand without having to fiddle with a cable was better than I could ever imagine.
Nowadays I have wireless chargers everywhere.I slap myself when I think back on the fact that I could have had it already on the N4.
Sadly, the lack of RAM and wireless charging are show-stoppers for me. I was really looking forward to upgrading my Nexus 5, it's an awesome phone and I was hoping for even more awesomeness from Google.
/greger
+1
But it should be pointed out that EU membership did not require Greece to join the monetary union (EMU).
E.g. Sweden stayed out on purpose, and some eastern EU countries had to rocky economies to join in the first place, they are all getting the best of both worlds right now.
-greger
Yes, the producers will pay you to use (more) electricity, happens when the cost of stopping and restarting a power-plant is high and demand is low.
http://www.epexspot.com/en/company-info/basics_of_the_power_market/negative_prices
A video says more than 1000 words.
https://www.youtube.com/watch?v=I95XKH9SRy0
/greger
The obvious answer is, whoever wrote and introduced the bill gets to decide which amendments are relevant.
If a bad bill is introduced and the submitter stonewalls any amendments to improve it then it'll just get voted down.
/greger
And suddenly vacuum isn't empty any more. Why is that? What is the motivation for adding that phi^4 term out of nowhere?
/greger
Addition?
What the sensationalist headline and summary forgot to mention is that RedHat is paying a whopping $99 to Microsoft.
What is more worrisome and more headline worthy is that Microsoft has now become the de facto gatekeeper of your computer BIOS. Without their signature you operating system will not run.
/greger
But if they remove the SIM there is plenty of room for a microSD slot in it's place.
A "software SIM" on the SD card would be a win for consumers. It'll never happen though, since not having a SD and price gouging additional models with more internal flash is all the vogue right now.
/greger