[unable to retrieve full-text content]
Otterbox is currently having a winter sale, and they’ve discounted many of their popular cases up to 30% for a limited time. Commuter, Defender, Symmetry series and more are included, in various colors and for various phone models including iPhone 6 and various Galaxy models. Jump over to the Otterbox winter sale page to explore options and current discounts available.
This story, “Up to 30% Discount On Otterbox Cases For iPhone, Galaxy and Other Devices – Deal Alert” was originally published by TechConnect.
Well, this is annoying. Maryland’s Montgomery County schools are using Chromebooks. The school system is using about 120,000 Chromebooks and multiple PCs running the Chrome web browser. But when Google recently updated them to Chrome OS 56, over 30 percent couldn’t log on, while many PCs running Chrome were unable to reach the web.
So, was it Google’s fault? Not so fast.
The school system was using Symantec’s BlueCoat, a man-in-the-middle (MitM) SSL web proxy. This uses ProxySG technology to examine Secure-Socket Layer (SSL) and Transport Layer Security (TLS) encrypted web content. So far, so good — if you want to make sure your seventh graders aren’t peeking into pornography. But, in this case, it turns our BlueCoat doesn’t support the newest standard web security protocol, TLS 1.3.
TLS is SSL’s successor. The newest version, TLS 1.3, blocks attacks that were effective against TLS 1.2 and earlier security protocols. It also speeds up web connections.
“This update, the first since 2008, is a major overhaul that provides both increased security and enhanced speed, especially on mobile networks,” said Nick Sullivan, CloudFlare‘s head of cryptography. “TLS 1.3 improves request speeds by requiring one less round trip to connect to an internet application, compared to previous versions, and can decrease page load times by 20 percent.”
Mozilla Firefox, Google Chrome, and Opera currently support TLS 1.3. Microsoft and Apple are working on supporting it in Internet Explorer 11 and Edge and Safari, respectively. Google decided in its latest update to more fully support only TLS 1.3.
Both Google and Mozilla saw TLS decryption problems coming. A recent security study found vendors are badly handling TLS inspections. The anti-virus or network appliances “terminate and decrypt the client-initiated TLS session, analyze the inner HTTP plaintext, and then initiate a new TLS connection to the destination website.” However, they then incorrectly validate certificates and can introduce security flaws.
Unfortunately, some programs, and BlueCoat’s is one of them, goes even farther wrong. They hiccup when trying to deal with TLS 1.3. What should happen is “Successful connection. Client and proxy may negotiate down to TLS 1.2 instead of TLS 1.3.” Instead, “when Chrome attempts to connect via TLS 1.3, BlueCoat hangs up connection.”
There are fixes. For example, you can force Chrome 56 to use TLS 1.2 with the flag:
at the next screen, change the flag from “Default” to “TLS 1.2”
But this has to be done by hand and it only works for the current user. It’s in no way a fix you’d want to use with tens of thousands of Chromebooks or PCs.
So, in the short-run, Google has set “Chrome so that when it can check-in will receive instructions to disable TLS 1.3 and thus should stay ‘fixed’ (for now).” To do this, you must set your web proxy so that it doesn’t intercept TLS traffic until all the devices have been upgraded. In the case of Chromebooks, that will simply be logging in. With PCs running Chrome, you’ll need to go to a Google site, such as Gmail, that requires a login. If you’re only installing Chrome OS or Chrome 56 now, the new versions default to using TLS 1.2 and should work fine.
Whose fault is it?
Google puts the blame squarely on BlueCoat and other web proxy vendors. One note on the Chromium bug list said: “We’re waiting on a response from BlueCoat. They were made aware of TLS 1.3 several months ago, but evidently did not test their software per our instructions.”
Another Google software engineer stated: “These issues are always bugs in the middlebox products. TLS version negotiation is backwards compatible, so a correctly-implemented TLS-terminating proxy should not require changes to work in a TLS-1.3-capable ecosystem. It can simply speak TLS 1.2 at both client proxy and proxy server TLS connections. That these products broke is an indication of defects in their TLS implementations.”
Eventually, Google will return TLS 1.3 as the default. With Chrome 57 almost ready to go, this probably won’t happen until the Chrome 58 release, after the security vendors fix their proxies.
As for BlueCoat? A Symantec spokesperson said “Symantec has been alerted of a potential issue with TLS 1.3 on select devices. We’re investigating now and are working to resolve the issue.”
Hopefully it won’t take long. Otherwise, with Chromebooks being so popular in schools and SSL/TLS decryption being a common feature in educational-system web proxies, we can only expect to see further failures.
VIDEO: Samsung’s new Chromebook Pro hybrid can run a universe of Android apps
The security and privacy community was abuzz over the weekend after Google said it was open-sourcing E2Email, a Chrome plugin designed to ease the implementation and use of encrypted email. While this is welcome news, the project won’t go anywhere if someone doesn’t step up and take ownership of it.
Interest in secure communications has soared in recent years, and a number of tools bring end-to-end encryption to phone calls, text messaging, and online chats. However, almost three decades after the invention of PGP (Pretty Good Privacy), encrypted email still relies on command-line tools, plugins for IMAP-based email clients, or dedicated mail services such as ProtonMail and Lavabit, putting PGP out of reach for most individuals.
Consider how clunky it can be: A Gmail user can copy and paste the block encrypted in a different tool, and the recipient can do the same into a decryption tool to read the message. There’s a reason why many security professionals don’t use PGP — including, at one point, its inventor, Phil Zimmerman.
As a Chrome extension, E2EMail integrates OpenPGP into Gmail, but doesn’t turn the inbox into an encrypted email client. Instead, plugin displays a separate inbox in which only encrypted messages are visible, and all messages sent from this view are automatically signed and encrypted. The extension makes sure all cleartext of the message remains on the client and is never transmitted.
E2EMail is an intriguing attempt at solving the encrypted email challenge, except the current state of the project doesn’t inspire a lot of confidence. The GitHub repository hasn’t been updated in months, and the Chrome extension is still not ready for general use. It also doesn’t appear that E2EMail was ever used internally by Google employees.
“E2Email is not a Google product, it’s now a fully community-driven open source project, to which passionate security engineers from across the industry have already contributed,” Google engineers KB Sriram, Eduardo Vela Nava, and Stephan Somogyi wrote in the blog post for the open source announcement.
This inactivity raises the possibility that the project has been abandoned internally, and open-sourcing is a last-ditch effort to keep some of the work alive. The Google engineers noted that future work would need integrate E2EMail with Key Transparency. A recently announced Google project to create a central repository for public cryptographic keys, Key Transparency tackles the problem of discovering and distributing public keys. Any effort that attempts to bring PGP to the masses will need the integration to be successful.
However, simply open-sourcing a project isn’t enough to convince people to contribute time and code. It’s a good way to increase visibility and awareness for a project, but if no one is taking on the leadership role to start discussions and clarify goals, then the efforts will peter out. Whether that leadership comes from a Google engineer or someone else doesn’t matter. The open source world is littered with abandoned projects due to lack of interest, commitment, and direction. There’s clearly interest in E2EMail, and it would be distressing if the project languishes because of the other two key elements.
Smartphones with Intel-based x86 chips aren’t dead yet. Intel may have stopped making Atom chips for smartphones, but a partner is keeping that effort alive.
Chinese chip maker Spreadtrum is still making x86 smartphone chips based on the Atom architecture named Airmont. The company will ship a powerful eight-core Atom variant for smartphones in the second half of this year.
Smartphone makers will be able to use the Spreadtrum SC9861G-IA chip in mid-range handsets. It will have a PowerVR GT7200 graphics core and support 4K video and displays with resolutions up to 2560 x 1440 pixels.
It’s far more powerful than the original Atom smartphone chips made by Intel. Handsets with the chip were shown at Intel’s booth at the ongoing Mobile World Congress trade show.
And that may not be all. Intel is also open to the idea of making smartphone chips again, but with integrated modems. Intel wants to make chips for any device that needs to connect, and that could include smartphones, said Aicha Evans, senior vice president and general manager of the Communication and Devices Group at Intel, in an interview at Mobile World Congress in Barcelona.
Intel isn’t yet ready to talk about how it wants to target smartphones, but it will make chips based on customer demand, Evans said. Instead of handsets, Intel’s focus for now is on internet of things (IoT) devices, which is a much larger opportunity.
The chip maker last May stopped making its Atom smartphone chips after a failed effort to break into the handset market. Intel started focusing on new areas like IoT, data centers, memory, gaming PCs and virtual reality.
Meanwhile, Spreadtrum may come out with smartphone chips based on newer Atom architectures, a company representative said at the company’s station in the Intel booth. The latest architecture is Goldmont, which is now being used in Pentium and Celeron PC and tablet chips code-named Apollo Lake. Intel is also using Goldmont in new Atom chips for IoT devices.
Intel struck a partnership with Spreadtrum in 2014 to make variants of Atom smartphone chips for the Chinese market. Intel also struck a similar deal with Rockchip, and said it would continue to honor those partnerships. Rockchip is making Atom chips for IoT devices; those processors end with the letters RK.
The eight-core Spreadtrum chip is mainly built for Chinese smartphone makers, with support for multiple LTE bands including TD-LTE, FDD-LTE and TD-SCDMA, which are specific to the Chinese market.
The chip also has support for dual 13-megapixel cameras. It is made using the 14-nanometer process, the same used for chips like Kaby Lake and Skylake.
If you want to learn learn Linux from top to bottom, what better way to learn than by rolling your own mini distribution?
Linux From Scratch, a combination software project and book, now in a newly released 8.0 revision, provides a step-by-step guide to building an entire functional Linux system from the ground up. It’s a valuable and revealing project, though it doesn’t directly cover the cutting edge of the Linux world.
Bake your own Linux right at home
Most Linux tutorials focus on working with an existing Linux distribution with some name-brand recognition: Red Hat/Fedora, Ubuntu, Suse, and so on. LFS assumes that the user doesn’t simply want to learn how things work from the outside, but to understand the internals of Linux system design and create their own distribution for specific projects.
The core LFS project begins with an existing Linux distribution as a development environment, such as one of the aforementioned Linuxes. There, the user creates a dedicated partition where the new Linux lives, downloads the needed packages, and assembles the toolchain needed to build them. Everything in the new distribution, from the kernel to the userland packages, is built from source, with the book providing guidance along the way as to how all the pieces fit together.
Other LFS projects expand on the original concept. Beyond Linux From Scratch discusses adding software packages for many common use cases: GUIs and display managers, servers, multimedia, networking utilities, and so on. Automated Linux From Scratch provides tools for automating the LFS build process, Cross Linux From Scratch deals with cross-compilation (such as building a LFS system for ARM processors on x86), and Hardened Linux From Scratch provides instructions for setting up an LFS system with heightened security.
The most recent revision of Linux From Scratch doesn’t modify this formula a great deal. The release notes say version 8’s big change is “the removal of the symbolic link from /lib to /lib64 and the complete removal of /usr/lib64.” The rest of it is simply bringing commonly used packages up to date, such as the standard GNU C library glibc and the gcc C compiler.
Some ingredients optional
LFS also covers a recent change to Linux that’s been tremendously divisive: the systemd initialization system. There are two distinct versions of LFS, one with systemd and the other without. Most every major Linux distribution has embraced systemd at this point, but for learning purposes, it’s wise to keep alive detailed discussion of how a non-systemd Linux system is composed for comparison.
The LFS approach leaves out everything that doesn’t absolutely need to be there, so LFS distributions tend to be highly compact, which helps when building an embedded distribution, especially when combined with the techniques found in Hardened Linux From Scratch. The unikernel approach could make it easier to embed a single application, where the app in question and its supporting libraries are baked into a custom Linux kernel. But existing Linux hands may find the LFS approach more familiar and easier to understand.
Of course, LFS doesn’t cover all aspects of modern Linux distributions. Package management, for instance, isn’t a native part of any LFS-created distribution. The book provides discussion of the various package management approaches, but it doesn’t recommend a particular one or provide detailed integration instructions. Also, while Docker and containers generally are based on native Linux kernel services, LFS doesn’t explicitly discuss them, as they’re not used as part of the default LFS toolchain. That said, there’s nothing stopping you from adding Docker to an LFS distribution and learning more on your own about how it’s used.
SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company’s quantum key server with an encryption device from Nokia.
The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.
Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.
Current encryption systems often necessitate the distribution of keys by hand to ensure no tampering — a costly and time-consuming process. In quantum cryptography, the distant party can receive a key via the network and be absolutely sure that it hasn’t been intercepted or tampered with, meaning they can be sure it’s secure.
SK Telecom began developing its own quantum cryptography technology in 2011, said Cho Jeong-sik, a manager in the company’s quantum technology lab in Seongnam, near Seoul. But recently it decided to focus on just the quantum key distribution part of the system and rely on other vendors for the standard network switches, routers, and encryption devices.
Fiber optic cables connect to a Nokia encryption device in a demonstration at Mobile World Congress in Barcelona on February 27.
The demonstration in Barcelona shows the technology working. An SK Telecom quantum key server generated encryption keys and passed them to a Nokia 1830 fiber optic switch so that data could be encrypted.
SK Telecom, one of the largest telecom carriers in South Korea, said it’s seeing increasing demand for quantum encryption in its home market after a series of high-profile government data breaches that began with the Edward Snowden leaks in 2013. (Snowden gathered his data from a terminal and not from hacking government networks.)
To promote interoperability, SK Telecom and Deutsche Telekom on Monday launched a group called the “Quantum Alliance.” The organization is seeking other network operators and hardware makers as members and wants to define standards for quantum encryption systems and networks.Martyn Williams
A Nokia encryption device and SK Telecom Quantum Key Distribution system are demonstrated at Mobile World Congress in Barcelona on February 27.
There is a lot of work to be done before quantum encryption becomes more widely deployed.
One of the biggest hurdles to use now is a geographical one. While data encrypted with quantum keys can be sent around the world on existing networks, the actual distribution of keys needs to take place on a single, uninterrupted fiber optic cable. That’s because using switches or amplifiers would affect the data and make it look like it had been intercepted.
This limits quantum key distribution to distances of about 80 kilometers — fine within a city or metropolitan region but useless on a national or international basis. SK Telecom said it’s developing a device called a “trusted node” that will be able to extend the distance. It should be available around the end of 2017.
HandBrake is a terrific tool for transcoding video. The app is free and open source, and you can now get version 1.03. HandBrake has a ton of features, and can output video into lots of different formats.
A writer at Tips on Ubuntu shows how to install HandBrake 1.03 in Linux Mint and Ubuntu via PPA or Synaptic.
ML reports for Tips on Ubuntu:
1. To add the PPA, open terminal (Ctrl+Alt+T) and run command:
sudo add-apt-repository ppa:stebbins/handbrake-releases
2. Type in your password, then hit Enter.
3. After that, launch Software Updater and upgrade handbrake from a previous release after checking for updates:
4. Or install / upgrade handbrake either via Synaptic Package Manager or by running commands:
sudo apt update
sudo apt install handbrake-gtk
Windows 10 Creators Update will include Linux improvements
Microsoft has made some big strides in supporting Linux in Windows 10, and now a new update will soon add additional improvements for Linux.
Tim Anderson reports for The Register:
The Windows 10 Creators Update is set for release shortly, and comes with significant improvements to the Windows Subsystem for Linux, also known as Bash on Windows or Ubuntu on Windows.
Although still in beta, WSL gets important new features in the Creators Update. One is better interop between Windows and Bash.
Network commands like ping and ifconfig now work as expected. The console has mouse support and 24-bit colour. And numerous bug-fixes and new system calls mean that more things work, including languages such as Go, Ruby, Java and Node.js. Ubuntu 16.04 (Xenial) is now installed by default.
The Creators Update runs SSH (secure shell server) and GDB (GNU Debugger) more reliably, and you can now configure WSL as the remote target for Visual C++ for Linux. In this scenario, Visual C++ is the editor and visual debugging tool, though compile and build is on the “remote” Linux system, which in this case is WSL. It’s a neat feature, though not yet as reliable as using a Linux VM or remote Linux PC.
Google Assistant is coming to more Android phones
The Google Assistant will soon be available for more Android phones that run Android 7.0 Nougat and Android 6.0 Marshmallow.
Gummi Hafsteinsson reports for the official Google Blog:
Everyone needs a helping hand sometimes. Enter the Google Assistant, which is conversational, personal and helps you get things done—from telling you about your day to taking a selfie. The Assistant is already available on Pixel, Google Home, Google Allo and Android Wear. Now we’re bringing it to even more people. Starting this week, the Google Assistant is coming to smartphones running Android 7.0 Nougat and Android 6.0 Marshmallow.
Whether you need to know how to say “nice to meet you” in Korean or just a simple reminder to do laundry when you get home, your Assistant can help. With the Google Assistant on Android phones, you have your own personal, helpful Google right in your pocket.
The Google Assistant will begin rolling out this week to English users in the U.S., followed by English in Australia, Canada and the United Kingdom, as well as German speakers in Germany. We’ll continue to add more languages over the coming year.
The Google Assistant will automatically come to eligible Android phones running Nougat and Marshmallow with Google Play Services. You’ll also see the Google Assistant on some newly announced partner devices, including the LG G6.
Did you miss a roundup? Check the Eye On Open home page to get caught up with the latest news about open source and Linux.
This article is published as part of the IDG Contributor Network. Want to Join?
A cellular base station with 128 antennas may soon help some mobile operators serve many more subscribers in crowded areas.
Nokia demonstrated the technology, called massive MIMO (multiple in, multiple out) with Sprint at Mobile World Congress on Monday. It’s one of several types of advances in LTE that could eventually come into play with 5G, too.
Massive MIMO uses a large number of small antennas to create dedicated connections to multiple devices at once. In this case, the base station has 64×64 MIMO, or 64 antennas each for upstream and downstream signals. In Nokia and Sprint’s tests, it increased the capacity of a cell by as much as eight times for downloads and as much as five times for uploads.
For the demonstration, the base station connected with eight commercial, off-the-shelf phones behind a wall of Nokia’s booth and streamed data to and from them.Stephen Lawson
A diagram in Nokia’s booth at Mobile World Congress showed how a demonstration of massive MIMO worked, on Feb. 27, 2017.
The system isn’t designed to give users dramatically higher speeds but to help give users better access to the capacity of a cell. Typical base stations today have 2×2 antenna systems with just two antennas each for uploads and downloads. Rather than everyone in an area sharing those few antennas, they’ll be able to get their own lanes.
Sprint is jumping on this technology, planning trials soon and commercial deployment soon after, because it’s uniquely positioned among U.S. carriers to use it, said Gunther Ottendorfer, Sprint’s chief operating officer of technology.
For one thing, it’s the only operator in the country with commercially licensed frequencies high enough, at 2.5GHz, to take advantage of massive MIMO at this scale, Ottendorfer said. (In trials, some other carriers are using massive MIMO with other types of frequencies.) Because the size of antennas is defined by wavelengths, higher frequencies mean smaller antennas, so a 64×64 system for more typical cellular frequencies would be too big to be practical. Sprint already uses 8×8 MIMO in some of its antennas, the closest thing to massive MIMO on a U.S. carrier network.
Also, most current phones could use the system with Sprint’s 2.5GHz LTE network because it has a way of organizing frequencies that most U.S. carriers don’t use. There won’t be a standard for achieving the same thing with more typical phones and networks until next year, Sprint says.
But Sprint isn’t the only carrier that has these two advantages. So does China Mobile, and Nokia has been testing 64×64 massive MIMO with them, too, said Ashish Dayama, head of MulteFire and TD-LTE marketing at Nokia.
The highlight of what the company’s demonstrating with Sprint is that it’s commercial hardware, downsized through cycles of development into something that can go on a real-world cell tower, Nokia says.
5G will take massive MIMO even further, using much higher frequencies such as 28GHz. There’s a lot of spectrum up in those bands to deliver even more capacity, but only in relatively small areas, said John Saw, Sprint’s chief technology officer. At that point, the 2.5GHz network will offer better coverage and will probably serve as an anchor for the 5G network, he said.
SAP said it will deliver its software development kit for Apple’s iOS on March 30. SAP has already posted its iOS curriculum on its developer training site, SAP Academy.
Apple and SAP forged an alliance last year designed to bring enterprise apps to the iPhone and iPad. The general theme is that iOS would be the front-end and mobile enabler for SAP’s back-end financial and analytics applications.
The SAP Cloud Platform SDK announcement landed at Mobile World Congress in Barcelona. SAP is looking to speed up the development process for enterprise developers with giving customers native iOS performance.
Among the key points:
- The SAP SDK for iOS is written in the Swift programming language and includes prebuilt user experience components.
- Touch ID, location services and notifications are also included in the library.
- Enterprise features such as offline data synchronization and APIs to SAP S/4HANA are built into iOS via code snippets.
- SAP and Apple have jointly developed the initial training materials on SAP Academy, which will court 2.5 million SAP developers and 13 million Apple developers.
- And SAP is currently building native iOS applications for various industries such as retail and manufacturing.
Separately, SAP highlighted its Internet of Things and connected car integration via a collaboration with Concur, Hertz, and Nokia. SAP’s Vehicle network creates an automated experience for rental cars that provides keyless entry to autos, parking space identification, payment, navigation, and expense management tools for business travelers.