Android

Google Says 64 Percent of Chrome Traffic On Android Now Protected With HTTPS, 75 Percent On Mac, 66 Percent On Windows (techcrunch.com) 54

An anonymous reader quotes a report from TechCrunch: Google's push to make the web more secure by flagging sites using insecure HTTP connections appears to be working. The company announced today that 64 percent of Chrome traffic on Android is now protected, up 42 percent from a year ago. In addition, over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on ChromeOS a year ago. Windows traffic is up to 66 percent from 51 percent. Google also notes that 71 of the top 100 websites now use HTTPS by default, up from 37 percent a year ago. In the U.S., HTTPS usage in Chrome is up from 59 percent to 73 percent. Combined, these metrics paint a picture of fairly rapid progress in the switchover to HTTPS. This is something that Google has been heavily pushing by flagging and pressuring sites that hadn't yet adopted HTTPS.
Chrome

Chrome 62 Released With OpenType Variable Fonts, HTTP Warnings In Incognito Mode (bleepingcomputer.com) 79

An anonymous reader writes: Earlier today, Google released version 62 of its Chrome browser that comes with quite a few new features but also fixes for 35 security issues. The most interesting new features are support for OpenType variable fonts, the Network Quality Estimator API, the ability to capture and stream DOM elements, and HTTP warnings for the browser's Normal and Incognito mode. The most interesting of the new features is variable fonts. Until now, web developers had to load multiple font families whenever they wanted variations on a font family. For example, if a developer was using the Open Sans font family on a site, if he wanted a font variation such as Regular, Bold, Black, Normal, Condensed, Expanded, Highlight, Slab, Heavy, Dashed, or another, he'd have to load a different font file for each. OpenType variable fonts allow font makers to merge all these font family variations in one file that developers can use on their site and control via CSS. This results in fewer files loaded on a website, saving bandwidth and improving page load times. Two other features that will interest mostly developers are the Network Quality Estimator and the Media Capture from DOM Elements APIs. As the name hints, the first grants developers access to network speed and performance metrics, information that some websites may use to adapt video streams, audio quality, or deliver low-fi versions of their sites. Developers can use the second API -- the Media Capture from DOM Elements -- to record videos of how page sections behave during interaction and stream the content over WebRTC. This latter API could be useful for developers debugging a page, but also support teams that want to see what's happening on the user's side.
Businesses

Apple's Tim Cook Shares What He Learned From Steve Jobs (businessinsider.com) 169

Speaking at Oxford, Apple CEO Tim Cook shared a lesson learned from the "spectacular" commercial failure of the Power Mac G4 Cube in 2000 -- and from his mentor Steve Jobs. An anonymous reader quotes Business Insider: "It was a very important product for us, we put a lot of love into it, we put enormous engineering into it," Cook said of the G4 Cube on stage. He calls it an "engineering marvel." At the time, Cook was Apple Senior VP of Worldwide Operations, recruited personally by then-CEO Steve Jobs... While the design was a hit, it was $200 more expensive than the regular Power Mac G4, a more traditional-looking PC with very similar specs. And some Cubes would develop cosmetic cracks in the acrylic cube casing due to a manufacturing flaw. In his talk, Cook says that Apple knew the Cube was flopping "from the very first day, almost..."

Ultimately, Cook says, it was a lesson in humility and pride. Apple had told both employees and customers that the G4 Cube was the future. And yet, despite Apple's massive hype, demand just wasn't there, and the company had to walk away. "This was another thing that Steve [Jobs] taught me, actually," says Cook. "You've got to be willing to look yourself in the mirror and say I was wrong, it's not right." In a broader sense, Cook says that Jobs taught him the value of intellectual honesty -- that, no matter how much you care about something, you have to be willing to take new data and apply it to the situation.

He advised his audience to "be intellectually honest -- and have the courage to change."

And the article points out that today there's a small but enthusiastic community who are still hacking their Power Mac G4 Cubes.
Iphone

Apple To Ditch Touch ID Altogether For All of Next Year's iPhones (macrumors.com) 135

Earlier this week, a report said that Apple is planning to equip next year's iPad Pro with the hardware necessary for Face ID. Now, according to KGI Securities analyst Ming-Chi Kuo, it appears the company is taking that one step further with its 2018 iPhones. All of the iPhones Apple plans to produce next year will reportedly abandon the Touch ID fingerprint sensor in favor of facial recognition. Mac Rumors reports: According to Kuo, Apple will embrace Face ID as its authentication method for a competitive advantage over Android smartphones. Kuo has previously said that it could take years for Android smartphone manufacturers to produce technology that can match the TrueDepth camera and the Face ID feature coming in the iPhone X. Face ID, says Kuo, will continue to be a major selling point of the new iPhone models in 2018, with Apple planning to capitalize on its lead in 3D sensing design and production. Kuo's prediction suggests that all upcoming 2018 iPhones will feature a full-screen design with minimal bezels like the iPhone X, meaning no additional models with the iPhone 8/iPhone 8 Plus design would be produced. That would spell the end of the line for Touch ID in the iPhone, which has been available as a biometric authentication option since 2013.
Google

Google Paid $7.2 Billion Last Year To Partners, Including Apple, To Prominently Showcase Its Search Engine and Apps on Smartphones (bloomberg.com) 57

A reader shares a Bloomberg report: There's a $19 billion black box inside Google. That's the yearly amount Google pays to companies that help generate its advertising sales, from the websites lined with Google-served ads to Apple and others that plant Google's search box or apps in prominent spots. Investors are obsessed with this money, called traffic acquisition costs, and they're particularly worried about the growing slice of those payments going to Apple and Google's Android allies. That chunk of fees now amounts to 11 percent of revenue for Google's internet properties. The figure was 7 percent in 2012. These Google traffic fees are the result of contractual arrangements parent company Alphabet makes to ensure its dominance. The company pays Apple to make Google the built-in option for web searches on Apple's Safari browsers for Mac computers, iPhones and other places. Google also pays companies that make Android smartphones and the phone companies that sell those phones to make sure its search box is front and center and to ensure its apps such as YouTube and Chrome are included in smartphones. In the last year, Google has paid these partners $7.2 billion, more than three times the comparable cost in 2012.
Security

Apple Addresses a Bug That Caused Disk Utility in macOS High Sierra To Expose Passwords of Encrypted APFS Volumes (macrumors.com) 85

Joe Rossignol, writing for MacRumours: Brazilian software developer Matheus Mariano appears to have discovered a significant Disk Utility bug that exposes the passwords of encrypted Apple File System volumes in plain text on macOS High Sierra. Mariano added a new encrypted APFS volume to a container, set a password and hint, and unmounted and remounted the container in order to force a password prompt for demonstration purposes. Then, he clicked the "Show Hint" button, which revealed the full password in plain text rather than the hint. [...] Apple has addressed this bug by releasing a macOS High Sierra 10.13 Supplemental Update, available from the Updates tab in the Mac App Store.
Android

Google Is Latest Company To Ditch Headphone Jack In Its Newest Smartphones (cultofmac.com) 391

When launching its original Pixel smartphone, Google mocked the iPhone 7's missing headphone jack in its marketing material. According to Cult of Mac, Google won't be doing the same for the Pixel 2. "The company has decided to remove the aging port from its latest handsets," reports Cult of Mac. "A new leak reveals that the lineup will rely solely on USB-C for wired connectivity." From the report: Incredibly reliable leaker Evan Blass has published pictures and details of Google's upcoming Pixel 2 smartphones on VentureBeat. He has also confirmed that neither device will feature a headphone jack, which means users will have to rely on a USB-C adapter or Bluetooth. It also means Google will no longer be able to put out Pixel ads that take sly swipes at the iPhone's missing port. Blass says both Pixel handsets will be powered by a Snapdragon 835 chipset -- the same one found in the Galaxy S8, the LG V30, and other 2017 flagships -- not a faster Snapdragon 836 processor as originally planned. Other features are said to include 12-megapixel cameras, 4GB of RAM, and 64GB or 128GB storage options. The smaller Pixel will pack a 5-inch 1080p display with a 16:9, while its larger sibling will pack a 6-inch Quad HD display with an 18:9 aspect ratio. Is the lack of a headphone jack a deal-breaker, or do you think the Pixel's other features, like stock Android and front-facing stereo speakers, will make up for it?
Chrome

Google Chrome Will Block Tab-Under Behavior (bleepingcomputer.com) 66

An anonymous reader writes: Google is working on blocking tab-under behavior in Chrome, according to a document seen by Bleeping Computer. For users unfamiliar with the jargon, Google considers tab-under behavior when an unsuspecting user is scrolling or clicking on a page, but the site duplicates the current page in another tab and shows an ad or a new website in the page the user was initially reading. Countless of website owners and advertisers have abused tab-unders to show ads and redirect users to unwanted sites, all for the sake of ad impressions and redirection fees. This demo site created by Google engineers that shows how tab-unders work. Earlier today, Google published a document detailing three ways it's currently looking at for dealing with tab-unders in Chrome. The current approved proposal is for the browser maker to block websites before opening a new tab, similar to the pop-up blocking mechanism. According to Chrome engineer Charles Harrison, the tab-under blocking feature will be supported on five of the six Blink platforms -- Windows, Mac, Linux, Chrome OS, and Android, but not Android WebView. Once the feature is ready, it will ship with Chrome Canary under its own option on the chrome://flags settings page.
Data Storage

High Sierra's Disk Utility Does Not Recognize Unformatted Disks (tinyapps.org) 135

macOS 10.13's Disk Utility 17.0 (1626) does not recognize raw drives, reads a blog post, shared by several readers. From the post: Diskutil does recognize the drive. We'll use it to perform a quick, cursory format (e.g., diskutil eraseDisk JHFS+ NewDisk GPT disk0) to make the disk appear in Disk Utility, where further modifications can more easily be made. Plugging in an unformatted external drive produces the usual alert, "The disk you inserted was not readable by this computer. Initialize... | Ignore | Eject", but clicking Initialize just opens Disk Utility without the disk appearing. There's an option in Disk Utility to view "all devices," but clicking that doesn't show raw disks, the blog post adds.
Privacy

Will London Monetize Wifi Tracking Data From Its Tube Passengers? (gizmodo.co.uk) 90

New questions are arising about how much privacy you'll have on London's underground trains. "For a month at the end of last year, Wi-fi signals were used to track passenger journeys across the network," writes Gizmodo. "The idea is that as we travel across the Tube network, Wi-fi beacons in stations would detect the unique ID -- the MAC address -- of our phones, tablets and other devices -- even if we're not connected to the Tube's wifi network." The only way to opt-out is to turn off your phone's Wi-Fi. An anonymous reader writes: London is struggling with the transport network capacity so the ability to learn commuters' travel patterns is compelling... Now it emerged that TfL, the operator of London Subway system, is planning to use the system to monetize passengers' data. TfL is also not ruling out sharing the data with third-parties in future.

More information shows that the privacy protection could not be as good as TfL maintains, with reversible hashing and options of giving data to law enforcement. A privacy engineering expert points out additional issues in pseudonymisation scheme and communication inconsistencies. Final deployment has been initially scheduled to start in end of 2017.

"Once the tools are in place, there will inevitably be a temptation to make use of them," warns Engadget, raising the possibility of the data's use for advertising -- or even the availability to law enforcement of location data for every passenger.
Security

Critical EFI Code in Millions of Macs Isn't Getting Apple's Updates (wired.com) 91

Andy Greenberg, writing for Wired:At today's Ekoparty security conference, security firm Duo plans to present research on how it delved into the guts of tens of thousands of computers to measure the real-world state of Apple's so-called extensible firmware interface, or EFI. This is the firmware that runs before your PC's operating system boots and has the potential to corrupt practically everything else that happens on your machine. Duo found that even Macs with perfectly updated operating systems often have much older EFI code, due to either Apple's neglecting to push out EFI updates to those machines or failing to warn users when their firmware update hits a technical glitch and silently fails. For certain models of Apple laptops and desktop computers, close to a third or half of machines have EFI versions that haven't kept pace with their operating system system updates. And for many models, Apple hasn't released new firmware updates at all, leaving a subset of Apple machines vulnerable to known years-old EFI attacks that could gain deep and persistent control of a victim's machine.
Desktops (Apple)

Apple Releases macOS High Sierra; Ex-NSA Hacker Publishes Zero-Day 53

Apple today released the newest version of its operating system for Macs, macOS High Sierra, to the public. macOS High Sierra is a free download, and offers a range of new features and improvements including the new Apple File System, and support for High Efficiency Video Encoding (HEVC) for better compression without loss of quality, and HEIF for smaller photo sizes. Zack Whittaker, reporting for ZDNet: Patrick Wardle, a former NSA hacker who now serves as chief security researcher at -- Synack, posted a video of the hack -- a password exfiltration exploit -- in action. Passwords are stored in the Mac's Keychain, which typically requires a master login password to access the vault. But Wardle has shown that the vulnerability allows an attacker to grab and steal every password in plain-text using an unsigned app downloaded from the internet, without needing that password.
Google

Apple Replaces Bing With Google as Search Engine For Siri and Spotlight (geekwire.com) 54

Apple is ditching Bing and will now use Google to power the default search engine for Siri, Search within iOS (iOS search bar), and Spotlight on Mac. From a report: TechCrunch reported Monday that Apple users will now see search results powered by Google, instead of Bing, when using those tools. For example, when an iPhone user asks Siri a question that needs a search engine result, the voice assistant will now pull from Google, not Bing. Apple will still use Bing for image search queries using Siri or Spotlight on Mac, TechCrunch reported. Apple said the move was done for consistency; its Safari browser uses Google as the default search engine. In a statement, the company told TechCrunch that "we have strong relationships with Google and Microsoft and remain committed to delivering the best user experience possible." Google is reportedly paying Apple $3 billion this year to remain as the default search engine on iPhones and iPads.
Iphone

Hackers Using iCloud's Find My iPhone Feature To Remotely Lock Macs, Demand Ransom Payments (macrumors.com) 61

AmiMoJo shares a report from Mac Rumors: Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone. With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here. Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device. The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers. Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.
Firefox

Firefox For iOS Gets Tracking Protection, Firefox Focus For Android Gets Tabs 28

An anonymous reader quotes a report from VentureBeat: Mozilla today released Firefox 9.0 for iOS and updated Firefox Focus for Android. The iOS browser is getting tracking protection, improved sync, and iOS 11 compatibility. The Android privacy browser is getting tabs. You can download the former from Apple's App Store and the latter from Google Play. This is the first time Firefox has offered tracking protection on iOS, and Nick Nguyen, vice president of product at Mozilla, notes that it's finally possible "thanks to changes by Apple to enable the option for 3rd party browsers." This essentially means iPhone and iPad users with Firefox and iOS 11 will have automatic ad and content blocking in Private Browsing mode, and the option to turn it on in regular browsing. This is the same feature that's available in Firefox for Android, Windows, Mac, and Linux, as well as the same ad blocking technology used in Firefox Focus for Android and iOS.
AMD

French Company Plans To Heat Homes, Offices With AMD Ryzen Pro Processors 181

At its Ryzen Pro event in New York City last month, AMD invited a French company called Qarnot to discuss how they're using Ryzen Pro processors to heat homes and offices for free. The company uses the Q.rad -- a heater that embeds three CPUs as a heat source -- to accomplish this feat. "We reuse the heat they generate to heat homes and offices for free," the company says in a blog post. "Q.rad is connected to the internet and receives in real time workloads from our in-house computing platform."

The idea is that anyone in the world can send heavy workloads over the cloud to a Q.rad and have it render the task and heat a person's home in the process. The two industries that are targeted by Qarnot include movies studios for 3D rendering and VFX, and banks for risk analysis. Qarnot is opting in for Ryzen Pro processors over Intel i7 processors due to the performance gain and heat output. According to Qarnot, they "saw a performance gain of 30-45% compared to the Intel i7." They also report that the Ryzen Pro is "producing the same heat as the equivalent Intel CPUs" they were using -- all while providing twice as many cores.

While it's neat to see a company convert what would otherwise be wasted heat into a useful asset that heats a person's home, it does raise some questions about the security and profitability of their business model. By using Ryzen Pro's processors, OS independent memory encryption is enabled to provide additional security layers to Qarnot's heaters. However, Q.rads are naturally still going to be physically unsecured as they can be in anyone's house.

Further reading: The Mac Observer, TechRepublic
OS X

Apple Is Releasing macOS High Sierra On September 25 (techcrunch.com) 95

After updating its website for the iPhone launch event, Apple has confirmed that macOS High Sierra will be released on September 25th. TechCrunch provides a brief rundown of the major changes, most of which are under the hood: The Photos app is still receiving some new features to keep it up to date with the iOS version. There are more editing tools, you can reorganize the toolbar and you can filter your photos by type. If you're a Safari user, my favorite change is that there is a new feature in the settings that lets you automatically block autoplaying videos around the web. Many websites have abused autoplaying video, it's time to stop it. And then, there's a new file system that should make your Mac snappier if you're using an SSD. Mail is compressing messages, Metal 2 should take better advantage of your GPU, Spotlight knows about your flight status, etc. The free update to macOS High Sierra will be available in the Mac App Store.
Desktops (Apple)

The Google Drive App For PC, Mac Is Being Shut Down In March (theverge.com) 92

Google announced in a blog post today that the Google Drive app for desktop will be shut down. The Verge reports: Support will be cut off on December 11th and the app will shut down completely on March 12th, 2018. Users who are still running the Drive app will start seeing notifications in October that it's "going away," and the company will steer customers towards one of two replacements depending on whether they're a consumer or business user. Google Drive the service isn't going anywhere. You can still access it from the web, smartphone apps, and either of the software options mentioned below. Google now has two fairly new software tools for backing up your data and/or accessing files in the cloud. There's Backup and Sync, the all-encompassing consumer app that replaces both the standalone Google Drive and Google Photos Uploader apps. It offers essentially the same functionality as Drive and works much the same way. And on the enterprise side, Google has rolled out Drive File Streamer, which saves space on your local drive while providing access to "all of your Google Drive files on demand, directly from your computer."
Chrome

Chrome 61 Arrives With JavaScript Modules, WebUSB Support (venturebeat.com) 115

The latest version of Google Chrome has launched, bringing a host of new developer features like JavaScript modules and WebUSB support. An anonymous Slashdot reader shares a report from VentureBeat: Google has launched Chrome 61 for Windows, Mac, and Linux. Additions in this release include JavaScript modules and WebUSB support, among other developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Google also released Chrome 61 for Android today. In addition to performance and stability fixes, you can expect two new features: Translate pages with a more compact toolbar and pick images with an improved image picker.

Chrome now supports JavaScript modules natively via the new element, letting developers declare a script's dependencies. Modules are already popular in third-party build tools, which use them to bundle only the required scripts. Native support means the browser can fetch granular dependencies in parallel, taking advantage of caching, avoiding duplications across the page, and ensuring the script executes in the correct order, all without a build step. Google recommends these two blog posts for more information: ECMAScript modules in browsers and ES6 Modules in Depth. Speaking of JavaScript, Chrome 61 also upgrades the browser's V8 JavaScript engine to version 6.1. Developers can expect performance improvements and a binary size reduction. The WebUSB API meanwhile allows web apps to access user-permitted USB devices. This enables all the functionality provided by hardware peripherals such as keyboards, mice, printers, and gamepads, while still preserving the security guarantees of the web.

Communications

Boston Red Sox Used Apple Watches To Steal Hand Signals From Yankees (macrumors.com) 197

An anonymous reader quotes a report from Mac Rumors: Investigators for Major League Baseball believe the Boston Red Sox, currently in first place in the American League East, have used the Apple Watch to illicitly steal hand signals from opposing teams, reports The New York Times. The Red Sox are believed to have stolen hand signals from opponents' catchers in games using video recording equipment and communicated the information with the Apple Watch. An inquiry into the Red Sox' practice started two weeks ago following a complaint from Yankees general manager Brian Cashman, who caught a member of the Red Sox training staff looking at his Apple Watch in the dugout and then relaying information to players. It's believed the information was used to determine the type of pitch that was going to be thrown. Baseball investigators corroborated the claim using video for instant replay and broadcasts before confronting the Red Sox. The team admitted that trainers received signals from video replay personnel and then shared them with some players.

"The Red Sox told league investigators said that team personnel scanning instant- replay video were electronically sending the pitch signs to the trainers, who were then passing the information to the players," reports The New York Times. [...] "The video provided to the commissioner's office by the Yankees was captured during the first two games of the series and included at least three clips. In the clips, the team's assistant athletic trainer, Jon Jochim, is seen looking at his Apple Watch and then passing information to outfielder Brock Holt and second baseman Dustin Pedroia, who was injured at the time but in uniform. In one instance, Pedroia is then seen passing the information to Young."

Slashdot Top Deals