I don't use iOS, and I'm not familiar with their Apple's record on security. However, Google suffered 115 CVEs in 2015 on Stagefright and the Mediaserver. Nexus is a tiny fragment of the Android ecosystem, and most users have 3rd party devices that will never see these completely patched. These flaws are carved in stone in the/system mountpoint, and can never be corrected.
Apple may not have ideal security, but at least they CAN issue patches on the core OS that will reach the majority of their users. Google cannot, and this was a staggeringly bad decision. We have not yet seen the full consequences of it.
Despite a blinding array of talent that works for the organization, this is the architecture for multimedia that they produced:
Don't start me on Stagefright and Mediaserver, I could rant for 2 or 3 hours non-stop! Seriously, the code over there is crap, and has insane concepts, like aborting the whole mediaserver (and all related media decoding of all other applications running at the same time), when it parses a file with attributes it does not know, instead of skipping the file. We discovered some issues in Stagefright (busy loops, device reboots, mediaserver crashes) quite early, but we never thought about submitting them.
Google has in no way acknowledged the exceptionally poor design of Android, and there is no evidence that the organization has improved and learned from their management mistakes. How then can they be trusted to produce a new operating system? And why would anyone trust them to produce a secure system that is closed source?
I don't care if Verizon gives it away. Absolutely not.
On the scale of sandbox quality, Chrome should dump their model and adopt the SSH techniques - the rendering engine should be chroot() to/var/empty. That improves the software and kills the patent violation in one stroke.
http://undeadly.org/cgi?action...
"First of all, on the positive side, privileges separation, chrooting and the message passing design have proven fairly efficient at protecting us from a complete disaster. [The] Worst attacks resulted in [the] unprivileged process being compromised, the privileged process remained untouched, so did the queue process which runs as a separate user too, preventing data loss... This is good news, we're not perfect and bugs will creep in, but we know that these lines of defense work, and they do reduce considerably how we will suffer from a bug, turning a bug into a nuisance rather than a full catastrophe. No root were harmed during this audit as far as we know."
Heat has long been known to help heal degraded materials in old flash memory. But because the heat healing process meant baking the memory chip in an oven at 250C for hours, few saw it as a practical solution... Briefly heating those locations to about 800C returned damaged memory locations to full working order.
All of that will not help you in the slightest if the chipset vendor baked in spyware. Mediatek is the master of the cheap chipset, and they have compromised the OS in both Russia and the US with dozens and dozens of OEM devices.
[BLU] phones were regularly sending bunches of personal information to servers in China: text messages, call logs, contact lists and so forth. After more investigation, it came to light that this was happening via a low-level piece of software called ADUPS.
When Google had previously updated its systems to check for ADUPS, MediaTek (they make the chipset in millions of low-end phones) simply modified their system software to evade Google's checks. Nice one MediaTek!
And in not disclosing that it is using both, it opens many, many security holes on older platforms. Furthermore, we don't know how much work is being done by the local Webcore, and what sort of hostile traffic that Presto might send to it.
Avoid this browser in those cases. It is not safe.
One common reason is 3rd party code, which they may have licensed and do not control or own.
Alternately, the code may still be seen internally as useful, which it is with Opera Mini. It is still used to generate revenue, and may contain what Opera considers to be trade secrets that give them an advantage over a competitor (i.e. Amazon Silk).
If you set the "data savings" option down from extreme to high in the settings menu, the scanner at ssllabs.com will report Webkit, not Presto. The Webkit version will be whatever is included on your device (Webcore). If you are running KitKat or Jellybean, you will see lots and lots of security problems with your Webcore, since they date from the end of the XP era, and haven't been updated since.
I believe that Presto would be installed at Opera's corporate systems, and it would feed a compressed stream to the Webkit used by Opera Mini.
Opera Mini could not be so small and include both a complete rendering engine and links to Webcore. They essentially cheated.
If you disable the "recommended updates" you don't appear to get any of the "old" telemetry - but it may all be back in the rollups and we would never know.
The old telemetry updates could be removed with the following:
Microsoft believes that our PCs belong to them. They need to lose more market share.
The Windows app store is not something that we all want. It should be an optional add-on for all versions of Windows.
Some of us also like Aero. Windows 8 removed Aero simply because mobile devices could not run it well in Windows RT. We are asked to give up Aero solely because of Microsoft's mobile platform that failed in the market and was essentially discontinued.
I do remember the Power Mac clones, which wrapped up immediately after Jobs came back (long before OSX).
PowerPC systems were a major share of Apple's revenue back then. These days, OSX/x86 is greatly eclipsed by iOS/ARM. Until such time that Apple wants to (re)focus on x86, they can farm it out.
All x86 is farmed out anyway - this just moves the outsourcing higher up the management chain.
Seriously, it would make just about everybody happy. The designs must use aluminium cases, and they must be approved by Apple before manufacture. The Apple logo will be on the cover, and the manufacturer's logo will be over the keyboard.
PCs are no longer Apple's core competence, and they should make moves to divest the function.
The market leader for cheap phones is Mediatek, part owners of ADUPS, the wonderful partnership that recently siphoned off texts, location, and call logs from BLU phones.
This is the same Mediatek that was caught doing the same thing with dozens of brands in the Russian market.
The only way to use such a phone safely is an immediate wipe, followed by a 3rd-party OS install to the eMMC.
I don't agree with you that Microsoft hated "all things UNIX." If you take the ftp.exe and nslookup.exe files from C:\Windows\System32 and run UNIX strings on them, you will see:
$ strings ftp.exe | grep Cali
@(#) Copyright (c) 1983 The Regents of the University of California.
$ strings nslookup.exe | grep Cali
@(#) Copyright (c) 1985,1989 Regents of the University of California.
Microsoft has certainly swallowed and ingested BSD UNIX code. It would not surprise me if the FTP source code contains fragments from Bill Joy himself.
Windows NT was designed by Dave Cutler, who chose C as the language for the NT kernel. It was the most significant impact of UNIX on NT.
Cutler also designed VMS, and likely had deep familiarity with "Digitial Command Language" (DCL) that is a well-built and powerful command processor itself (if you like writing your scripts in FORTRAN).
Cutler wanted to "get UNIX." Why he allowed a product as shockingly poor as cmd.exe to be written for the NT command shell simply baffles me.
The cmd.exe shell is described as a serial killer by Microsoft employees.
I also disagree with elevating BASH. Steven Borne disliked C, and retrofitted ALGOL on it, not only for the parsing syntax that became BASH, but also on top of the C compiler itself.
Cutler had a chance to see source code for multiple OS implementations and their parsers: RSX11, UNIX sh/csh, DEC DCL, and likely many more. How cmd.exe could have emerged from his group is quite simply beyond me.
There are four kinds of machinest in the world. Those that made thermite: by accident, on purpose, both and not yet. The last kind is the most dangerous.
I really like that quote. It's pithy. Thanks for posting it.
Aluminum machining for iPhone cases produces combustible metallic dust that can cause classic thermite reactions. This dust ignited in the Chinese manufacturing facility, turning it into a crematorium that killed four people.
Responsible management, union regulations, and OSHA largely make that impossible in the United States.
Apple should insist on higher standards. And this is hardly their only excess that has taken lives.
I actually wrote COBOL programs on punch cards in high school. The deck of cards, in the right order, would get a rubber band and go in a bin for overnight processing. The print-out of the run came back the next school day. Fortran was a bit easier, as we got to use teletype terminals with built-in acoustic coupplers.
Later, working for Rockwell, I wrote some X-Windows software for pulling punched cards with attached microfiche.
Permanent ice is actually a rare phenomenon in the history of the Earth, occurring only during the 20% of the time that the planet is under an icehouse effect.
Humans as a species do not have any serious ability to harm the planet. We can easily make it completely unsuitable for human life, however.
Slashdot Mirror
I don't use iOS, and I'm not familiar with their Apple's record on security. However, Google suffered 115 CVEs in 2015 on Stagefright and the Mediaserver. Nexus is a tiny fragment of the Android ecosystem, and most users have 3rd party devices that will never see these completely patched. These flaws are carved in stone in the /system mountpoint, and can never be corrected.
Apple may not have ideal security, but at least they CAN issue patches on the core OS that will reach the majority of their users. Google cannot, and this was a staggeringly bad decision. We have not yet seen the full consequences of it.
Despite a blinding array of talent that works for the organization, this is the architecture for multimedia that they produced:
Google has in no way acknowledged the exceptionally poor design of Android, and there is no evidence that the organization has improved and learned from their management mistakes. How then can they be trusted to produce a new operating system? And why would anyone trust them to produce a secure system that is closed source?
I don't care if Verizon gives it away. Absolutely not.
On the scale of sandbox quality, Chrome should dump their model and adopt the SSH techniques - the rendering engine should be chroot() to /var/empty. That improves the software and kills the patent violation in one stroke.
http://undeadly.org/cgi?action...
"First of all, on the positive side, privileges separation, chrooting and the message passing design have proven fairly efficient at protecting us from a complete disaster. [The] Worst attacks resulted in [the] unprivileged process being compromised, the privileged process remained untouched, so did the queue process which runs as a separate user too, preventing data loss... This is good news, we're not perfect and bugs will creep in, but we know that these lines of defense work, and they do reduce considerably how we will suffer from a bug, turning a bug into a nuisance rather than a full catastrophe. No root were harmed during this audit as far as we know."
Strange that the discrete 800 degree heating units haven't been integrated AFAIK. However, 250 degrees in an oven for a day fixes most of them.
http://www.bbc.com/news/technology-20579077
No GAPPS? No problem.
All of that will not help you in the slightest if the chipset vendor baked in spyware. Mediatek is the master of the cheap chipset, and they have compromised the OS in both Russia and the US with dozens and dozens of OEM devices.
And in not disclosing that it is using both, it opens many, many security holes on older platforms. Furthermore, we don't know how much work is being done by the local Webcore, and what sort of hostile traffic that Presto might send to it.
Avoid this browser in those cases. It is not safe.
We should all be looking at Tor at this point.
One common reason is 3rd party code, which they may have licensed and do not control or own.
Alternately, the code may still be seen internally as useful, which it is with Opera Mini. It is still used to generate revenue, and may contain what Opera considers to be trade secrets that give them an advantage over a competitor (i.e. Amazon Silk).
If you set the "data savings" option down from extreme to high in the settings menu, the scanner at ssllabs.com will report Webkit, not Presto. The Webkit version will be whatever is included on your device (Webcore). If you are running KitKat or Jellybean, you will see lots and lots of security problems with your Webcore, since they date from the end of the XP era, and haven't been updated since.
I believe that Presto would be installed at Opera's corporate systems, and it would feed a compressed stream to the Webkit used by Opera Mini.
Opera Mini could not be so small and include both a complete rendering engine and links to Webcore. They essentially cheated.
Thank you so much for this! I did not know this! I'm removing the last four rollups tonight!
If you disable the "recommended updates" you don't appear to get any of the "old" telemetry - but it may all be back in the rollups and we would never know.
The old telemetry updates could be removed with the following:
wusa /uninstall /kb:Patch# /quiet /norestart
The patches to remove are: 3065988, 3083325,3083324, 2976978, 3075853, 3065987, 3050265, 3050267, 3075851, 2902907, 3068708, 3022345, 2952664, 2990214, 3035583, 971033, 3021917, 3044374, 3046480, 3075249, 3080149.
Microsoft believes that our PCs belong to them. They need to lose more market share.
The Windows app store is not something that we all want. It should be an optional add-on for all versions of Windows.
Some of us also like Aero. Windows 8 removed Aero simply because mobile devices could not run it well in Windows RT. We are asked to give up Aero solely because of Microsoft's mobile platform that failed in the market and was essentially discontinued.
Microsoft, we refuse.
I do remember the Power Mac clones, which wrapped up immediately after Jobs came back (long before OSX).
PowerPC systems were a major share of Apple's revenue back then. These days, OSX/x86 is greatly eclipsed by iOS/ARM. Until such time that Apple wants to (re)focus on x86, they can farm it out.
All x86 is farmed out anyway - this just moves the outsourcing higher up the management chain.
Seriously, it would make just about everybody happy. The designs must use aluminium cases, and they must be approved by Apple before manufacture. The Apple logo will be on the cover, and the manufacturer's logo will be over the keyboard.
PCs are no longer Apple's core competence, and they should make moves to divest the function.
Problem solved.
The market leader for cheap phones is Mediatek, part owners of ADUPS, the wonderful partnership that recently siphoned off texts, location, and call logs from BLU phones.
This is the same Mediatek that was caught doing the same thing with dozens of brands in the Russian market.
The only way to use such a phone safely is an immediate wipe, followed by a 3rd-party OS install to the eMMC.
The market will shortly realize this.
Quite interesting. Thank you. 2003 was the last fatality, according to this data.
I don't agree with you that Microsoft hated "all things UNIX." If you take the ftp.exe and nslookup.exe files from C:\Windows\System32 and run UNIX strings on them, you will see:
$ strings ftp.exe | grep Cali
@(#) Copyright (c) 1983 The Regents of the University of California.
$ strings nslookup.exe | grep Cali
@(#) Copyright (c) 1985,1989 Regents of the University of California.
Microsoft has certainly swallowed and ingested BSD UNIX code. It would not surprise me if the FTP source code contains fragments from Bill Joy himself.
Windows NT was designed by Dave Cutler, who chose C as the language for the NT kernel. It was the most significant impact of UNIX on NT.
Cutler also designed VMS, and likely had deep familiarity with "Digitial Command Language" (DCL) that is a well-built and powerful command processor itself (if you like writing your scripts in FORTRAN).
Cutler wanted to "get UNIX." Why he allowed a product as shockingly poor as cmd.exe to be written for the NT command shell simply baffles me.
The cmd.exe shell is described as a serial killer by Microsoft employees.
I also disagree with elevating BASH. Steven Borne disliked C, and retrofitted ALGOL on it, not only for the parsing syntax that became BASH, but also on top of the C compiler itself.
Cutler had a chance to see source code for multiple OS implementations and their parsers: RSX11, UNIX sh/csh, DEC DCL, and likely many more. How cmd.exe could have emerged from his group is quite simply beyond me.
I really like that quote. It's pithy. Thanks for posting it.
Aluminum machining for iPhone cases produces combustible metallic dust that can cause classic thermite reactions. This dust ignited in the Chinese manufacturing facility, turning it into a crematorium that killed four people.
Responsible management, union regulations, and OSHA largely make that impossible in the United States.
Apple should insist on higher standards. And this is hardly their only excess that has taken lives.
I actually wrote COBOL programs on punch cards in high school. The deck of cards, in the right order, would get a rubber band and go in a bin for overnight processing. The print-out of the run came back the next school day. Fortran was a bit easier, as we got to use teletype terminals with built-in acoustic coupplers.
Later, working for Rockwell, I wrote some X-Windows software for pulling punched cards with attached microfiche.
Anyone with a cursory understanding of climate over the geologic ages knows that ice at both poles is rare:
https://en.wikipedia.org/wiki/Greenhouse_and_icehouse_Earth
Humans as a species do not have any serious ability to harm the planet. We can easily make it completely unsuitable for human life, however.
Useful backstory to IBM's thinking:
https://en.wikipedia.org/wiki/IBM_and_the_Holocaust
Microsoft removed the cheesy Aero interface for one reason only: mobile devices could not run it efficiently.
As Microsoft's mobile strategy has utterly failed, Windows 8 and 10 users are forced into a mobile-friendly UI for no purpose whatsoever.
The market objects.
I just checked the new tablet and found:
/system/app/AdupsFota/AdupsFota.apk
Is this the Mediatek malware in question?