Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

Apple Leaves Chinese CNNIC Root In OS X and iOS Trusted Stores 100

Posted by timothy
from the trusted-by-whom dept.
Trailrunner7 writes When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether. Apple on Wednesday released major security upgrades for both of its operating systems, and the root certificate for CNNIC, the Chinese CA at the heart of the controversy, remains in the trusted stores for iOS and OS X. The company has not made any public statements on the incident or the continued inclusion of CNNIC's certificates in the trusted stores.
OS X

For Boot Camp Users, New Macs Require Windows 8 Or Newer 209

Posted by timothy
from the you-can't-quite-you're-fired dept.
For anyone using Windows 7 by way of Apple's Boot Camp utility, beware: support for Windows via Boot Camp remains, but for the newest Apple laptops, it's only for Windows 8 for now. From Slashgear: This applies to the 2015 MacBook Air, and the 13-inch model of the 2015 MacBook Pro. Windows 8 will remain compatible, as will the forthcoming Windows 10. The 2013 Mac Pro also dropped Boot Camp support for Windows 7, while 2014 iMacs are still compatible, along with 2014 MacBook Airs and 2014 MacBook Pros. For those who still prefer to run Windows 7 on their Macs, there are other options. This change to Boot Camp will not affect using the Microsoft operating system through virtualization software, such as Parallels and VMware Fusion. Also at PC Mag.
Bug

OS X Users: 13 Characters of Assyrian Can Crash Your Chrome Tab 119

Posted by timothy
from the cat-like-typing-detected dept.
abhishekmdb writes No browsers are safe, as proved yesterday at Pwn2Own, but crashing one of them with just one line of special code is slightly different. A developer has discovered a hack in Google Chrome which can crash the Chrome tab on a Mac PC. The code is a 13-character special string which appears to be written in Assyrian script. Matt C has reported the bug to Google, who have marked the report as duplicate. This means that Google are aware of the problem and are reportedly working on it.
Programming

JavaScript, PHP Top Most Popular Languages, With Apple's Swift Rising Fast 192

Posted by samzenpus
from the king-of-the-hill dept.
Nerval's Lobster writes Developers assume that Swift, Apple's newish programming language for iOS and Mac OS X apps, will become extremely popular over the next few years. According to new data from RedMonk, a tech-industry analyst firm, Swift could reach that apex of popularity sooner rather than later. While the usual stalwarts—including JavaScript, Java, PHP, Python, C#, C++, and Ruby—top RedMonk's list of the most-used languages, Swift has, well, swiftly ascended 46 spots in the six months since the firm's last update, from 68th to 22nd. RedMonk pulls data from GitHub and Stack Overflow to create its rankings, due to those sites' respective sizes and the public nature of their data. While its top-ranked languages don't trade positions much between reports, there's a fair amount of churn at the lower end of the rankings. Among those "smaller" languages, R has enjoyed stable popularity over the past six months, Rust and Julia continue to climb, and Go has exploded upwards—although CoffeeScript, often cited as a language to watch, has seen its support crumble a bit.
Networking

Wi-Fi Issues Continue For OS X Users Despite Updates 120

Posted by Soulskill
from the no-motivation-to-fix dept.
itwbennett writes: Although Apple has never officially acknowledged issues surrounding Yosemite and Wi-Fi connectivity, the company is clearly aware of the problem: Leading off the improvements offered in the update 10.10.2 update released Tuesday was 'resolves an issue that might cause Wi-Fi to disconnect,' according to the release notes. Despite this, Apple's support forum was filled with tales of frustrated users. And Mac owners aren't the only Apple users experiencing wireless connection failures after updating their OS. Wi-Fi connectivity issues have also dogged iOS 8 since Apple released the mobile OS on Sept. 17.
OS X

Why Run Linux On Macs? 592

Posted by timothy
from the horses-for-courses dept.
jones_supa writes Apple has always had attractive and stylish hardware, but there are always some customers opting to run Linux instead of OS X on their Macs. But why? One might think that a polished commercial desktop offering designed for that specific lineup of computers might have less rough edges than a free open source one. Actually there's plenty of motivations to choose otherwise. A redditor asked about this trend and got some very interesting answers. What are your reasons?
Security

First OSX Bootkit Revealed 135

Posted by samzenpus
from the protect-ya-neck dept.
Trailrunner7 writes A vulnerability at the heart of Apple's Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac. The research is the work of a reverse engineering hobbyist and security researcher named Trammel Hudson, who gave a talk at the recent 31C3 event in Hamburg, Germany, during which he described an attack he called Thunderstrike. Thunderstrike is a Mac OS X bootkit delivered either through direct access to the Apple hardware (at the manufacturer or in transport), or via a Thunderbolt-connected peripheral device; the latter attack vector exposes vulnerable systems to Evil Maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings, for example.

Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.
OS X

Apple Pushes First Automated OS X Security Update 115

Posted by timothy
from the little-cat-feet dept.
PC Magazine reports (as does Ars Technica) that Apple this week has pushed its first automated security update, to address critical flaws relating to Network Time Protocol: The flaws were revealed last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute—the latter of which identified a number of potentially affected vendors, including FreeBSD Project, NTP Project, OmniTI, and Watchguard Technologies, Inc. A number of versions of the NTP Project "allow attackers to overflow several buffers in a way that may allow malicious code to be executed," the Carnegie Mellon/DHS security bulletin said. ... The company's typical security patches come through Apple's regular software update system, and often require users to move through a series of steps before installing. This week's update, however, marks Cupertino's first implementation of its automated system, despite having introduced the function two years ago, Reuters said.
Data Storage

Apple Disables Trim Support On 3rd Party SSDs In OS X 327

Posted by timothy
from the paying-more-for-the-exit-row dept.
MojoKid (1002251) writes One of the disadvantages to buying an Apple system is that it generally means less upgrade flexibility than a system from a traditional PC OEM. Over the last few years, Apple has introduced features and adopted standards that made using third-party hardware progressively more difficult. Now, with OS X 10.10 Yosemite, the company has taken another step down the path towards total vendor lock-in and effectively disabled support for third-party SSDs. We say "effectively" because while third-party SSDs will still work, they'll no longer perform the TRIM garbage collection command. Being able to perform TRIM and clean the SSD when it's sitting idle is vital to keeping the drive at maximum performance. Without it, an SSD's real world performance will steadily degrade over time. What Apple did with OS X 10.10 is introduce KEXT (Kernel EXTension) driver signing. KEXT signing means that at boot, the OS checks to ensure that all drivers are approved and enabled by Apple. It's conceptually similar to the device driver checks that Windows performs at boot. However, with OS X, if a third-party SSD is detected, the OS will detect that a non-approved SSD is in use, and Yosemite will refuse to load the appropriate TRIM-enabled driver.
Android

Visual Studio 2015 Supports CLANG and Android (Emulator Included) 192

Posted by timothy
from the exigent-realities dept.
Billly Gates (198444) writes "What would be unthinkable a decade ago is Visual Studio supporting W3C HTML and CSS and now apps on other platforms. Visual Studio 2015 preview is available for download which includes support for LLVM/Clang, Android development, and even Linux development with Mono using Xamarin. A little more detail is here. A tester also found support for Java, ANT, SQL LITE, and WebSocket4web. We see IE improving in terms of more standards and Visual Studio Online even supports IOS and MacOSX development. Is this a new Microsoft emerging? In any case it is nice to have an alternative to Google tools for Android development."
Programming

Microsoft To Open Source .NET and Take It Cross-Platform 525

Posted by Soulskill
from the april-fools-headlines-from-10-years-ago dept.
An anonymous reader writes: Microsoft today announced plans to open source .NET, the company's software framework that primarily runs on Windows, and release it on GitHub. Furthermore, Microsoft also unveiled plans to take .NET cross-platform by targeting both Mac OS X and Linux. In the next release, Microsoft plans to open source the entire .NET server stack, from ASP.NET 5 down to the Common Language Runtime and Base Class Libraries. The company will let developers build .NET cloud applications on multiple platforms; it is promising future support of the .NET Core server runtime and framework for Mac and Linux. Microsoft is also making Visual Studio free for small teams.
OS X

WireLurker Mac OS X Malware Found, Shut Down 59

Posted by timothy
from the wham-bam dept.
msm1267 writes WireLurker is no more. After causing an overnight sensation, the newly disclosed family of Apple Mac OS X malware capable of also infecting iOS devices has been put to rest. Researchers at Palo Alto Networks confirmed this morning that the command and control infrastructure supporting WireLurker has been shut down and Apple has revoked a legitimate digital certificate used to sign WireLurker code and allow it to infect non-jailbroken iOS devices.

Researchers at Palo Alto Networks discovered and dubbed the threat WireLurker because it spreads from infected OS X computers to iOS once the mobile device is connected to a Mac via USB. The malware analyzes the connected iOS device looking for a number of popular applications in China, namely the Meitu photo app, the Taobao online auction app, or the AliPay payment application. If any of those are found on the iOS device, WireLurker extracts its and replaces it with a Trojanized version of the same app repackaged with malware.

Patient zero is a Chinese third-party app store called Maiyadi known for hosting pirated apps for both platforms. To date, Palo Alto researchers said, 467 infected OS X apps have been found on Maiyadi and those apps have been downloaded more than 350,000 times as of Oct. 16 by more than 100,000 users.
OS X

If You're Connected, Apple Collects Your Data 313

Posted by timothy
from the so-they-can-notify-next-of-kin dept.
fyngyrz (762201) writes It would seem that no matter how you configure Yosemite, Apple is listening. Keeping in mind that this is only what's been discovered so far, and given what's known to be going on, it's not unthinkable that more is as well. Should users just sit back and accept this as the new normal? It will be interesting to see if these discoveries result in an outcry, or not. Is it worse than the data collection recently reported in a test version of Windows?
GUI

Apple Doesn't Design For Yesterday 370

Posted by timothy
from the new-one-looks-nice-to-me dept.
HughPickens.com writes Erik Karjaluoto writes that he recently installed OS X Yosemite and his initial reaction was "This got hit by the ugly stick." But Karjaluoto says that Apple's decision to make a wholesale shift from Lucida to Helvetica defies his expectations and wondered why Apple would make a change that impedes legibility, requires more screen space, and makes the GUI appear fuzzy? The Answer: Tomorrow.

Microsoft's approach with Windows, and backward compatibility in general, is commendable. "Users can install new versions of this OS on old machines, sometimes built on a mishmash of components, and still have it work well. This is a remarkable feat of engineering. It also comes with limitations — as it forces Microsoft to operate in the past." But Apple doesn't share this focus on interoperability or legacy. "They restrict hardware options, so they can build around a smaller number of specs. Old hardware is often left behind (turn on a first-generation iPad, and witness the sluggishness). Meanwhile, dying conventions are proactively euthanized," says Karjaluoto. "When Macs no longer shipped with floppy drives, many felt baffled. This same experience occurred when a disk (CD/DVD) reader no longer came standard." In spite of the grumblings of many, Karjaluoto doesn't recall many such changes that we didn't later look upon as the right choice.
OS X

OS X 10.10 Yosemite Review 305

Posted by Soulskill
from the so-many-10-based-operating-systems dept.
An anonymous reader writes: With the release of OS X 10.10 Yosemite, Ars Technica has posted one of their extremely thorough reviews of the OS's new features and design changes. John Siracusa writes that Yosemite is particularly notable because it's the biggest step yet in Apple's efforts to bring OS X and iOS together — new technologies are now being added to Apple's two operating systems simultaneously. "The political and technical battles inherent in the former two-track development strategy for OS X and iOS left both products with uncomfortable feature disparities. Apple now correctly views this as damage and has set forth to repair it." Yosemite's look and feel has undergone significant changes as well, generally moving toward the flat and compact design present in iOS 7 & 8. Spotlight and the Notifications Center have gotten some needed improvements, as did many tab and toolbar interfaces.

Siracusa also takes a look a Swift, Apple's new programming language: "Swift is an attempt to create a low-level language with high-level syntax and semantics. It tackles the myth of the Sufficiently Smart Compiler by signing up to create that compiler as part of the language design process." He concludes: "Viewed in isolation, Yosemite provides a graphical refresh accompanied by a few interesting features and several new technologies whose benefits are mostly speculative, depending heavily on how eagerly they're adopted by third-party developers. But Apple no longer views the Mac in isolation, and neither should you. OS X is finally a full-fledged peer to iOS; all aspects of sibling rivalry have been banished."
OS X

New OS X Backdoor Malware Roping Macs Into Botnet 172

Posted by timothy
from the sad-face-mac dept.
An anonymous reader writes New malware targeting Mac machines, opening backdoors on them and roping them into a botnet currently numbering around 17,000 zombies has been spotted. The malware, dubbed Mac.BackDoor.iWorm, targets computers running OS X and makes extensive use of encryption in its routines, Dr. Web researchers noted. What's even more interesting is that it gets the IP address of a valid command and control (C&C) server from a post on popular news site Reddit. The malware is capable of discovering what other software is installed on the machine, opening a port on it, and sending a query to a web server to acquire the addresses of the C&C servers.
Bug

Apple Fixes Shellshock In OS X 174

Posted by timothy
from the that's-mac-os-x-to-you-buddy dept.
jones_supa (887896) writes Apple has released the OS X Bash Update 1.0 for OS X Mavericks, Mountain Lion, and Lion, a patch that fixes the "Shellshock" bug in the Bash shell. Bash, which is the default shell for many Linux-based operating systems, has been updated two times to fix the bug, and many Linux distributions have already issued updates to their users. When installed on an OS X Mavericks system, the patch upgrades the Bash shell from version 3.2.51 to version 3.2.53. The update requires the OS X 10.9.5, 10.8.5, or 10.7.5 updates to be installed on the system first. An Apple representative told Ars Technica that OS X Yosemite, the upcoming version of OS X, will receive the patch later.
OS X

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild 318

Posted by timothy
from the oy-oy-oy dept.
The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.
IOS

Apple's App Store Needs a Radical Revamp; How Would You Go About It? 249

Posted by timothy
from the hammer-and-tweezers dept.
Nerval's Lobster (2598977) writes Given the hundreds of thousands of apps currently on offer, it's hard for any one app (no matter how well designed) to stand out on Apple's App Store, much less stay atop the bestseller charts for very long. In an August 10 blog posting, former Apple executive Jean-Louis Gassée offered Apple CEO Tim Cook some advice: Let humans curate the App Store. 'Instead of using algorithms to sort and promote the apps that you permit on your shelves, why not assign a small group of adepts to create and shepherd an App Store Guide,' he wrote. 'A weekly newsletter will identify notable new titles, respond to counter-opinions, perhaps present a developer profile, footnote the occasional errata and mea culpa.' Whether or not such an idea would effectively surface all the good content now buried under layers of Flappy Bird rip-offs is an open question; what's certain is that, despite Apple's rosy picture, developers around the world face a lot of uncertainty and competition when it comes to making significant money off their apps. Sure, some developers are making a ton of cash, but the rising tide doesn't necessarily float all boats. If you had the opportunity, how would you revamp/revise/upgrade/adjust/destroy the App Store to better serve the developers who put apps in it?
Debian

Elementary OS "Freya" Beta Released 209

Posted by timothy
from the so-very-simple dept.
jjoelc (1589361) writes One year after their last release "Luna", Elementary OS (a Linux distribution with a very heavy emphasis on design and usability which draws a lot of comparisons to Mac OS X) Has released the public beta of their latest version "Freya." Using core components from Ubuntu 14.04, "Freya" sports many improvements including the usual newer kernel, better hardware support and newer libraries.Other updates include a GSignon-based online accounts system, improved searches, Grub-free uEFI booting, GTK+ 3.12, an updated theme, and much more. This being a beta, the usual warnings apply, but I would also point out that the Elementary OS Team also has over $5,000 worth of bugs still available on Bountysource which can be a great way to contribute to the project and make a little dough while you are at it.