Friday, March 31, 2017

UK Home Secretary: Apps Shouldn't Serve as Terrorist Hiding Places

UK Home Secretary Amber Rudd on Sunday called for greater government access to encrypted content on mobile apps.

Apps with end-to-end encryption, like Facebook's WhatsApp, should not be allowed to conceal terrorists' communications from law enforcement, Rudd said in an appearance on The Andrew Marr Show, a BBC broadcast.

"There should be no place for terrorists to hide," she said. "We need to make sure that organizations like WhatsApp -- and there are plenty of others like that -- don't provide a secret place for terrorists to communicate with each other."

Khalid Masood, who killed four people outside the UK's parliament building last week before being shot dead, reportedly used WhatsApp a few minutes before going on his murder spree.

"On this situation, we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp," Rudd maintained.

Backdoor Law in Place?

Even though she supported end-to-end encryption as a cybersecurity measure, Rudd later said in an interview on Sky News, it was "absurd" to have terrorists talking on a formal platform and not have access to those conversations.

"We are horrified at the attack carried out in London and are cooperating with law enforcement as they continue their investigations," WhatsApp spokesperson Anne Yeh said in a statement provided to TechNewsWorld.

During her appearance on Marr's show, Rudd disclosed that she would be meeting with Facebook and other technology companies on Thursday to discuss ways to meet the information needs of security officers. She did not rule out new legislation to regulate encrypted messaging if the government and the tech companies were unable to reach an accord.

However, that law may already exist. The UK last year adopted the Investigatory Powers Act, which compels tech companies to "provide a technical capability" to remove "electronic protection" within their products. That law has been interpreted in some quarters to mean that tech companies can be compelled to install "backdoors" into their products in order to decrypt data when necessary.

A backdoor would not have helped prevent Masood's attack, however.

"To use a backdoor, you have to identify somebody as a target and hack them," explained Matthew Green, a computer science professor specializing in cryptography at Johns Hopkins University.

"With this terrorist, they identified this person and decided he wasn't a threat and stopped monitoring him," he told TechNewsWorld. "Nothing is going to help once you look at a guy then look away."

No Door Secure Enough

Backdoors have been criticized as a means to meet the information needs of law enforcement because they undermine the purpose of encryption.

"Many technologists and even many in law enforcement have acknowledged there's no secure backdoor," said Chris Calabrese, vice president for policy at the Center for Democracy & Technology.

"You simply cannot build a door that only the good guys can walk through," he told TechNewsWorld. "If you start building backdoors, they will be exploited by hackers; they will be exploited by terrorists."

Tech companies have been skeptical of creating backdoors to break the encryption used by their products and then turning over the keys to law enforcement.

Another idea floated is that the companies should create the backdoors but retain control of the keys to prevent abuse.

"That won't work. The systems are too complicated and the backdoors too difficult to keep secure," Calabrese said.

"Companies don't want to have to worry about their employees misusing these keys, and they don't want to have to secure them," said Johns Hopkins' Green.

Application Hopping

Even if backdoors were installed in applications like WhatsApp, they most likely would miss their mark -- assuming that mark is to prevent terrorists from communicating securely.

"If the bad guys feel that this application has been compromised by government officials and backdoors become available, this leads to a simple response by the bad guys -- use a different application," explained Paul Calatayud, CTO at FireMon.

"WhatsApp is a third-party application on a mobile device," he told TechNewsWorld. "Nothing prevents the bad guys from moving to a lesser known third-party application."

While WhatsApp can't crack the encrypted contents on the parliament killer's phone, it still can provide authorities with information about the terrorist's phone activity -- such as the time a message was sent, who it was sent to, and the physical location of the sender and recipient.

"It doesn't matter what this guy said before he did this thing," said Bruce Schneier, CTO of IBM Resilient. "What matters is who it was, and WhatsApp doesn't protect that."

Investigators can access all kinds of information without recourse to backdoors, he told TechNewsWorld, "but that would require a real conversation about the problem, which you don't get from these people who grandstand after tragedies."


,

Red Hat Pilots New Program to Ease Digital Transformation

Red Hat on Monday announced a new Application Platform Partner Initiative at its North America Partner Conference in Las Vegas. The goal is to provide a more robust ecosystem for companies engaging in digital transformation.

Red Hat Pilots New Program to Ease Digital Transformation

The company has started conducting tests in a pilot program with a small number of solutions-oriented consulting partners in North America.

"We are planning to engage with a small group of partners during the pilot phase -- aiming for approximately one to two dozen partners," said Red Hat spokesperson Daniel Thompson.

"There isn't a set timeframe for the pilot phase," he told LinuxInsider. "The objective is to work closely with these partners to get the program up and running and then scale it globally from there."

Consulting Play

The consulting partners -- Exadel, OSI Consulting, Vizuri, Levell and others -- are working with Red Hat to provide a range of sales, marketing and delivery services around several of the company's technologies, including Red Hat JBoss Middleware, Red Hat OpenShift and Red Hat Mobile Application Platform.

Red Hat is providing training and certification, technical support and customer service. Red Hat Consulting services also are available to partners in the program when they are working with Red Hat installed base accounts.

Customers are using a wider array of applications and need a more cost-effective integration platform, said Glen Gesell, president of OSI Consulting.

Red Hat's open source solutions offer new options for building integrations and container-based business applications, he added.

The new program will help accelerate the adoption of cloud, container and mobile technologies, said John Dickman, senior vice president of Vizuri. The availability of a network of partners with greater expertise will inspire confidence in those undergoing transformation, he said, noting that Vizuri has been collaborating with Red Hat on open source solutions for the past 10 years.

Small and Medium-Sized Businesses

By trying to figure out how digital transformation impacts small and medium-sized businesses, Red Hat's program appears to be aiming squarely at Microsoft, noted Paul Teich, principal analyst at Tirias Research.

"Red Hat has large-enterprise brand recognition and reach," he told LinuxInsider. "However, moving digital transformation into the mainstream for mid-sized and smaller customers requires a broader set of go-to-market partners. This is a good SMB channel partners play for Red Hat."

Red Hat recognizes that in order to expand its ecosystem, it must enhance and adjust its partner programs continually as its product portfolio evolves, and customer needs change, said Jeffrey Kaplan, managing director at ThinkStrategies.

"The limited rollout of the latest partner program indicates that the company is still testing their market fit and operational effectiveness," he told LinuxInsider, "before programs are offered to a broader array of partners across most geographies."

As it has grown in recent years, Red Hat has bullt out a more robust engineering team and taken on more of a leadership role with its customers, noted Peter Christy, research director at 451 Research.

The leadership at the company have come to realize that they have to operate more at the platform level, he told LinuxInsider, and help customers understand the open source model more broadly.

"We believe open source is at the heart of digital transformation," said John Bluer, vice president for global alliances at Red Hat, "and we are passionate about enabling our customers to succeed in their transformation efforts with open source."


,

LINUX PICKS AND PANS Zephyr Linux: Zippy Performance, Zero Decor

Zephyr Linux is a newcomer to the Linux scene, and it is still morphing from developmental releases. However, it takes an interesting approach to removing desktop clutter and default software bloat.

Zephyr is a collaboration between Leonard Ashley and other developers. Ashley built this infant distro on Devuan 1.0 beta 2 stable (Jessie) Linux. Devuan is a fork of Debian Linux.

Note: Do not confuse Zephyr Linux with the Linux Foundation's Zephyr Project -- a lightweight Linux OS for the Internet of Things.

Ashley gives the concept of minimalist design a fresh twist in Zephyr Linux, which is stripped down so you can remake it your way.

Zephyr Linux version 1.0 beta 2 stable, released late last year, is available in a separate ISO file for each of three non-intimidating desktops -- Fluxbox, JWN and Openbox -- which are fully customizable window managers that are light on resources, fast and stable. Each one gives you a similar full-featured desktop experience.

Zephyr LinuxOpenbox
The visual displays have little in the way of fancy trappings in all three options in Zephyr Linux. Openbox gives you a full set of customization panels.

The window managers are a pseudo desktop. You also get a collection of computing tools that make Zephyr Linux functional out of the box.

Zephyr Linux is an extremely lightweight distro that runs very well. This distribution is primarily for desktop and laptop installs.

"I personally have felt that a lightweight, basic distribution would be more attractive, desired by many Debian and Devuan enthusiasts," Ashley told LinuxInsider. "I enjoy very much providing a robust, solid distribution with the minimum of applications, providing a small selection of default applications."

He is dedicated to keeping Zephyr simple yet fully functional with the basic default applications. His goal is to keep the distribution image small and as a hybrid USB install. It is under 600 MB.

"Default apps should be, in my opinion, doing its job and not just adding the smallest application as a default," Ashley said.

What's Inside

The Zephyr Linux distro is not a typical modern-looking operating system. At first blush, you get the impression that it is very preliminary -- like an alpha release.

That is not the case at all, however. Besides setting up your Internet connection, you do not have to fiddle with much of anything other than personal settings, which are optional.

Zephyr Linux offers a small compilation of applications, including Firefox Web browser, Mirage image viewer, Thunar file manager, Atril PDF document viewer, a nice assortment of reliable audio and video media players, and a slew of system tools and accessory applications.

Most text editors you find in lightweight distros are feature-limited, but that's not so in Zephyr Linux. It comes with the Geany IDE text editor -- a powerhouse editor used by coding and writing professionals. For years it has been my primary text editor. Geany is loaded with dozens of features and plug-ins.

Zephyr also has a Google Docs script set up as a program launcher in the menu. It loads the Web browser or (if already opened) adds a tab connecting you to your Google Drive documents folder in the cloud.

More Elsewhere

Like many small distros, Zephyr lacks much in the way of community forums and massive support teams. However, the developer provides a link to the Debian handbook for help with software issues. Considering that Zephyr is based on the forked Devuan, this is a bit ironic but helpful just the same.

The developer's home page is hosted on Sourceforge.net. So Zephyr does not have its own software repository -- at least not yet. This is not a problem if you do not mind using the Synaptic Package Manger to provide your software application needs.

If you are new to Linux, Synaptic is a graphical package management tool based on GTK+ and APT. Synaptic makes it easy to install, upgrade and remove software packages in a user-friendly way. APT (Advanced Package Tool) thus serves as the software repository for Zephyr Linux.

APT is a set of tools for managing Debian packages. If you are familiar with entering command line instructions into a terminal, you can manage your software directly through APT without using the Synaptic graphical front-end.

Installing It

Zephyr is easy to test and install. Its small size makes for a speedy installation. That process goes smoothly with a graphical installer that leaves little for you to do.

You can run Zephyr in test mode by loading the CD/DVD in live session. Even better, it is small enough to run from a USDB thumb drive. Or you can run it in a virtual environment.

I used all of these methods prior to fully installing it to a hard drive. All three experiences were peppy and issue-free.

Zephyr Linux should provide you with trouble-free service. Setup is almost nonexistent on first use. Zephyr enables backports by default. Zephyr Linux's Debian/Devuan base gives it five years' worth of security and core component support.

I used Zephyr without trouble on numerous legacy boxes with very minimal resources. One desktop computer was more than 8 years old and barely ran Windows XP. On very current hardware, Zephyr Linux ran like an Olympian.

Look and Feel

When I first ran Zephyr Linux, I loaded the Fluxbox edition. I stared at a black screen with no icons. Only a series of white labels and bordered display windows showed along the bottom of the screen.

If you are not familiar with Fluxbox, you would think no menu or anything else existed. All it takes to start using Fluxbox is a right click of the mouse.

That pops up a single column menu that cascades to the right or left as you click on a specific category. The Openbox and JWN window managers (which do double duty as the desktop environment) have similar properties.

Zephyr LinuxFluxbox menu
Fluxbox provides one of the best lightweight menus of the three-choice mix.

Zephyr Linux in general has a very stark, uncluttered and undecorated appearance. The few available background images do not pretty up the screen much. All three desktops lack animation and showmanship.

What they do give you is a no-nonsense foundation for navigating your way around the operating system. This lightweight and minimalist approach keeps you focused on your computing tasks.

All three window manager versions have similar control panels to adjust the windows themes. You get limited ability to fine-tune how Zephyr works.

Bottom Line

Zephyr Linux probably will not overly excite newcomers to Linux on the basis of its appearance. Zephyr also will not seem like an inviting replacement for your current Linux distro.

Zephyr Linux JWN
Zephyr Linux could use an infusion of color in its desktop background choices. The JWN edition offers a set of mildly colorful background images.

That said, Zephyr Linux will deliver a fast, economical and easy-to-use desktop computing environment. If you do not require a gussied-up appearance on your computer screen and want to work in a stable, reliable operating system, this distro can be an appealing and satisfying choice.

If you enjoy configuring and customizing your desktop, this distro could be ideal. Try Zephyr on your legacy gear -- its performance will surprise you.

Want to Suggest a Review?

Is there a Linux software application or distro you'd like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I'll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!


,

Group Demands Apple Pay Ransom for iCloud Credentials

Apple has received a ransom threat from a hacking group claiming to have access to data for up to 800 million iCloud accounts.

The hackers, said to be a London-based group called the "Turkish Crime Family," have threatened to reset passwords and remotely wipe the iPhones of millions of iCloud users if Apple fails to hand over a total of US$700,000. They have given the company an ultimatum to respond by April 7.

Apple reportedly has denied that the group succeeded in hacking its systems, maintaining that it obtained the email addresses and passwords from previously compromised third-party services. Apple is working with law enforcement on the threats.

The data set in the iCloud hack matches the data found in the 2012 hack of 117 million accounts on LinkedIn, according to some published reports.

However, the Turkish Crime Family strongly denied that in a message to TechNewsWorld on Friday.

Correcting the Message

The initial reports of a ransom demand of just $75,000 were incorrect, the group said in response to our email query. It actually demanded $100,000 for each of its seven members, plus "extra stuff from Apple that are worth more to us than money," which it promised Apple it would keep secret.

The group also told TechNewsWorld that the only member based in London is Kerem Albayrek, who is facing charges related to listing a hacked Yahoo database for sale. It claimed that its iCloud ransom demands were in part to spread awareness of Albayrek, as well as of Karim Baratov, a Canadian resident charged earlier this month, along with a second hacker and two Russian FSB agents, in the 2014 breach of 500 million Yahoo account holders.

The group told TechNewsWorld that it showed Apple scan logs that contain 800 million iCloud accounts, and that Apple claimed the data had come from outside sources.

The group said it planned to launch a website that would list iCloud user names, last names, dates of birth and a captcha of their current location from an iCloud app.

The site will not disclose passwords initially, the group said, but it would do so "most probably in the future."

Shaking Down Apple

The Turkish Crime Family threat should be taken seriously, said Pierluigi Paganini, a cybersecurity analyst and member of the Cyber Group G7 2017 Summit in Italy.

"I consider the threat is credible, even if it is quite impossible to know the exact number of iCloud credentials in the hands of hackers," he told TechNewsWorld.

The group is known in the hacking underground for the sale of stolen databases, Paganini said.

The group reportedly has approached several media outlets directly; it told TechNewsWorld that it had been in contact with five.

However, it is unlikely that the group's efforts to stir public pressure against Apple will be effective, noted Mark Nunnikhoven, vice president for cloud research at Trend Micro, in an online post.

Apple is too large and has too many resources to give in to public pressure, he pointed out.

The group's demands are similar to a shakedown in the physical world, in which criminals demand monthly payments to "protect" a business, Nunnikhoven noted.

"In the digital world, the pressures that make victims pay (e.g. keeping your store in one piece) don't apply," Nunnikhoven wrote.

"With iCloud accounts, Apple has the ultimate safety valve ... they control the infrastructure behind the accounts," he added. "Which removes most of the pressure points criminals could use."

There is no evidence of state involvement in this cyberthreat, Nunnikhoven told TechNewsWorld.

However, there is "mounting evidence that this is a group whose eyes are bigger than their stomachs," he suggested. "Selling credentials on the underground is rather commonplace. Attempting to extort one of the biggest companies on the planet with poor quality data is quite another."

Credible Threat

A report in ZDNet appeared to lend credence to some of the hacking group's claims, however. The group provided 54 credentials to the publication, which were verified as authentic based on a check of the password reset function.

Most of the accounts were outdated, but 10 people did confirm to the publication that the obtained passwords were legitimate and that they since had changed them. Those 10 people were living in the UK, and had UK mobile numbers.

Trend Micro is urging iCloud users to protect their accounts by using two-factor authentication, and also to use a password manager.

A password manager helps users create unique passwords for every account and stores them remotely so that hackers cannot access one or two accounts and thereby gain access to many more.

The FBI declined to comment for this story.

Apple officials did not respond to our request to comment, and a Yahoo spokesperson was not immediately available.


,

Online Freedom of Speech May Be in Peril: Pew

Negative interactions on the Web -- trolling, cyberbullying, harassment and just plain nastiness -- have become commonplace, and this situation is likely to remain unchanged or worsen over the next decade, suggests a report the Pew Research Center released Wednesday.

Pew and Elon University last summer polled more than 1,500 technology experts, academics, and business and government leaders on the future of free speech online.

Forty-two percent of the survey respondents expected future online interactions to be about the same as they are today, while 39 percent expected that negative activities would take a further toll. Nineteen percent were more optimistic, predicting that online harassment, trolling and distrust will be less characteristic in the future than they are today.

The survey responses suggest four major conclusions:

  • The atmosphere online will remain negative because trolling is part of human nature, anonymity facilitates antisocial behavior, some of the inflammatory dialog is driven by inequities, and it's difficult to defeat trolling or bad behavior because of the growing scale and complexity of discourse;
  • The atmosphere online will remain negative because trolling, in essence, draws eyeballs to sites, which then earn revenue from ads. More eyeballs means more revenue. Tech companies will have little incentive to clamp down on uncivil discourse, and the diminished traditional news media no longer will shape discourse. Meanwhile, terrorists and other political actors will benefit from the misinformation and persuasion tactics enabled by the Web;
  • The atmosphere online will improve because technical and human solutions will emerge as artificial intelligence helps break up the online world into segmented, controlled, social zones; and
  • Some solutions for oversight and moderation of communities could lead to surveillance -- and nation states might regulate debate, encouraging polarization and limiting free speech.

The Death of Free Speech?

Of all of the issues raised in the Pew survey, "I'd place [surveillance] first because it relates to government overreach and excessive control as the biggest concern," said Rob Enderle, principal analyst at the Enderle Group.

The exploitation of information is the least important, because "that has been going on since before Google was founded," he told TechNewsWorld.

It has progressed so far over the years that it's unlikely that anything can be done about it now, Enderle said, and "the related harm appears to be far less than anticipated."

Bad behavior by trolls and terrorists "is becoming the foundational element for overreach and could become the effective cause for legislation that also vastly reduces our ability to criticize or organize against government actions we disagree with," he cautioned.

"We're already seeing governments attempt to strong-arm tech companies into trampling on fundamental rights to privacy and speech," noted Julie Mastrine, brand and public relations manager at Care2.

However, we should not be willing to use state power to suppress hate speech, she told TechNewsWorld, "because we cannot enact legislation that would eliminate hate speech, fake news and online abuse without opening up an avenue for ideas we agree with to also be targeted, depending on who's in power."

The greater good "does not trump free speech because [its] definition is entirely subjective and shifts over time," Mastrine said. "Also, what's considered unfavorable speech one day may be a widely accepted attitude the next."

The Price of Free Speech

"Free speech means, well, free speech," said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

"The founders knew that the price of free speech was that you would occasionally be offended," he told TechNewsWorld. "They actually thought this was a good thing."

For better or worse, we're stuck with universal free speech, he remarked. "The Internet leaks, [and] there's no technology that can prevent people from finding the content they want."

The technology to avoid most censorship attempts is already widely personally available, Jude noted, and "the harder governments squeeze, the more people will find ways around them."


,

OPINION Too Much Communication

The world is a smaller place because we have so many ways to connect and communicate, but it has created a generation gap, a gap of classes and perhaps even a culture gap.

This may seem like a serious contradiction; after all shouldn't more means of communication bring us closer together?

The obvious answer is yes, but unfortunately this is not the case -- in part because so many technology start-ups have tried to create the next way to connect with friends, colleagues and acquaintances. Millennials are just as likely to "snap" or "tweet" as they are to talk on their smartphones, and many close friends of all ages rely on social media sites like Facebook to "chat."

Spanning Great Distances

It is likely impossible for most people alive today, certainly anyone reading this, to really understand that just 150 years ago information spread only as fast as people could travel -- and that wasn't very far. Voters didn't know who was elected president until weeks after the election. In some cases, battles were fought -- most notably the Battle of New Orleans in 1815 -- after the formal peace treaty was signed! Talk about dying for a lost cause.

The telegraph shortened the time it took to communicate from days and weeks to hours, and telephone and radio communications shortened that time even more. One of the big leaps forward came with the first undersea cable, which went online in August 1858. It reduced the communication time between North America and Europe from around 10 days on average to just several hours.

Satellites and the Internet have allowed communications to virtually any part of the world -- and not just voice either. Email, FTP and cloud-based servers have made it possible to share documents, images and other files nearly instantly.

Anyone who grew up in the 1970s or 1980s probably remembers a time when FedEx promised to "get it there" overnight, while fax machines could send documents over a phone line in minutes. Now a computer, smartphone or tablet can share all that data in seconds.

Technology such as Skype, and other Voice/Video over IP services, have allowed for affordable intercontinental phone calls and even video conferencing. It truly is a golden age for communication.

The Next Thing

We have phones that now allow affordable and clear long distance phone calls; we have email and other services to share documents and files; we have Facetime and Skype that allow for real-time video conferencing; and we have dozens of ways to send real-time typed text messages.

All this progress has led some tech thinkers to consider ways of making a better mousetrap -- or worse, reinventing the wheel.

For many Baby Boomers, it doesn't seem logical to type on a phone when you can call. However, many Gen Xers find a text exchange quicker and easier. As a bonus, even with the potential for typos, the message is clear and can be archived.

The question from a Gen-X point of view -- is why phone, email, mobile phone, instant message service, Skype or Facetime, FTP or other file sharing service, and social media feeds aren't enough. Haven't we invented, developed and refined everything we need?

For millennials, the answer apparently is no.

Layers of Communication

Some want to use services like Facebook or Twitter as a communications tool, while others like to "chat" on the private messaging feature on message boards and forums. Any way you slice it, what this means is that those individuals have closed their circle, because they "message" only those using the services.

I've heard the argument that it is easier because they have an app on their phone and they already have Facebook or Twitter open. So why not communicate through these services?

On the other hand, why not email? It is designed to send and receive typed messages with or without attachments. and everything can be archived locally or on a cloud-based server. Gmail would seem to be a good choice, as users can access their email from any computer.

Relying on Facebook means getting an email that says you have a message! Do we really need to add a step?

New Ways to Do the Same Thing

Then there are services like Snapchat, which became popular with millennials who use it to "snap" in the moment. Apparently the ability to send messages that delete themselves seconds after arrival is worth billions of dollars, at least based on the company's recent IPO.

Deleting messages has been around for eons: A letter is delivered; you read it and throw it away. All Snapchat has done is automate that process for the digital space.

Granted, Snapchat probably has a purpose for those times you really want to say something but don't want evidence that you said it. I'll leave it to the reader to imagine what such messages could entail -- millennials certainly have sent them!

Slack -- a cloud collaboration tool -- is another thing that seems somewhat redundant. It is a cross between email and instant messaging, and it allows for archived discussions. However, it could be good for those times when instructions and follow through can be easily seen and clarified. It doesn't seem very useful for friend-to-friend communications, but it has a purpose for good team-based or colleague-to-colleague communications.

Out With the Old

One of the biggest issues with these new communication methods is that they leave some people clueless when the system they've become familiar with breaks down. For example, I recently needed to conduct a phone interview. The PR person suggested a conferencing service, but it was down, leaving the PR person at a loss as to how the source and I could communicate.

I suggested, providing my phone number, so that instead of each of us dialing in to a conference call, he could just phone me directly. The answer was surprising: "I'll see if he is able to do that."

Why wouldn't he be able to call me? He apparently had the skills to dial into a conferencing service, the call wasn't one of national security, it didn't need to be recorded, and there were only two parties involved! Why the angst over a simple call?

We now have more means of communication than even science fiction writers dreamt up -- but there are those who keep trying to reinvent the wheel. What they've come up with is not all that dissimilar from what we already had. The problem is that these new methods aren't reducing steps -- they are adding more.

If I need to sign up for a service, download an app, or use a service that alerts me via email when I receive a message, it seems that someone didn't really think this through.

Yet the makers of Slack are worth millions, and the developers of Snapchat are billionaires -- so I must be the guy who is wrong.


,

Friday, March 24, 2017

LINUX PICKS AND PANS OpenSuse Leap Reinforces Linux Faith

OpenSuse Leap Reinforces Linux Faith

OpenSuse Leap 42.2 goes a long way toward maintaining Suse's reputation for reliability and stability. That said, new users might need a push to take the leap from their familiar distros to this latest OpenSuse release.

Business users can remain confident that upgrading to the latest edition, released last fall, won't put them too close to the bleeding edge of innovation. There is little cause for worry that upgrading might break their current applications and configurations. Leap 42.2 is a safe way to avoid the pitfalls of upgrading too quickly.

Potential OpenSuse Leap users do not need to worry about the upgrade process either. The latest Leap release is designed for "pragmatic and conservative technology adopters," said OpenSuse's release manager, Ludwig Nussel.

I have not used OpenSuse on a regular basis. Earlier Suse Linux iterations targeted commercial customers with a heavy enterprise flavoring. However, the Suse project currently is much more friendly toward mainstream desktop users and offers options for non-enterprise community-based development.

There are two OpenSuse offerings -- Leap and Tumbleweed. Tumbleweed is a bit more bleeding edge. Leap takes the upgrade long road, so there is less chance of things breaking.

Leap seemed the more sensible choice for testing OpenSuse's potential, so I rolled up my sleeves and got ready to party.

Stability Rules

Leap provides a level of stability that will make enterprise system managers less fearful. Leap's software packages are a release or two behind those found in the Tumbleweed edition. Leap releases tend to stay with the same Linux kernel version through the life of the release cycle.

The Tumbleweed edition is a rolling distribution rather than a series of isolated point releases. Individual packages are integrated as they are ready. It is based on Factory, openSuse's main development code base. Tumbleweed rolls out the latest stable versions of all software once Factory's bleeding-edge packages are proven stable.

For users without the support of IT pros, the Leap edition requires fewer technical skills for setup and maintenance. Its code base is similar to that of Suse Linux Enterprise.

The main difference is the addition of community-provided software packages -- so Leap provides users with much less frustration and worry. OpenSuse Leap follows SLE's release cycle.

Getting Leap Going

As I began my Leap installation, my party mentality quickly evaporated. Steel yourself for a heap of inconvenience with Leap if you're starting fresh. However, if you're upgrading from an earlier version, such as Leap 42.1, you probably won't have to confront this initial inconvenience.

OpenSuse Leap does not let you test its compatibility with your hardware before actually installing it. There is no live session version to try out. From my perspective, not having a live session or demo version of a Linux distribution is akin to sending potential new users to another distro.

OpenSUSE installation screen
The installation process is smooth and straightforward. However, without a live session to test compatibility with your hardware, the only option to fix glitches after installation is to run YaST, Yet Another Setup Tool.

Unless you are in the business of testing computer gear and software, a potential user with only perhaps a desktop or laptop computer has little-to-no motivation for wiping out an existing working system. It is not worth the bother to try something that may not work well or otherwise might not be a good fit.

So I went to plan B. I did a virtual machine installation. That did not play out as smoothly as I would have liked, and the performance was not satisfying.

I had to resort to plan C: Do a full install and hope for the best. I was pleased with the graphical system that drove the installation process. Still, users not overly familiar with the hard drive partitioning process will struggle through some of the options in getting Leap up and running.

You can install OpenSuse in two ways. Click the INSTALL button on the website, and it will take you to a download page with two choices.

You can click the DVD medium panel to download the 4.1-GB ISO file of your choice and burn it to DVD or USB stick. Or you can click the 95-MB install option to download the installation system and all packages from online repositories.

OpenSuse Primer

openSuse 42.2 features KDE's Plasma 5.8 desktop, the Linux kernel's version 4.4, and more than 1,400 new packages in the distribution's software repositories. Leap 42.2 includes support for ARMv7 and Raspberry P3 64-bit.

Leap tends to hang on to older system package releases longer than the Tumbleweed edition. This is one of the main contributing factors making OpenSuse Leap reliable and stable. For example, it has Systemd 228 rather than release 331, and Qt 5.6 rather than version 5.7.

Leap editions get approximately three years of security updates. Upgrades trickle out much less often than with some other distros, with minor point releases available about once per year. Leap 42.2 has a long-term support kernel (Linux 4.4) and KDE's Plasma 5.8 desktop.

You have the option of selecting Plasma 4 instead of Plasma 5 at log in, though. The choice comes down to personal preference for user experience and feature set differences. I did not see much difference visually in the Plasma appearance.

Power users no doubt will gravitate to OpenSuse Leap for its strong KDE desktop integration. This is a staple for the Suse distro lineup, but other desktop options are available.

OpenSUSE desktop
The desktop is simple and tightly integrated with themes and UI design.

You pretty much can have OpenSuse Leap your way. Your other choices are Cinnamon, MATE, GNOME, LXDE, Xfce, LxQt and Enlightenment. As part of the Suse distribution family, Leap uses the RPM package management system developed for Red Hat Enterprise Linux.

Bottom Line

Leap is a solid performer. I had no trouble installing it on MBR and EFI systems. Secure Boot tends to be buggy with some configurations, but it was incident-free with this installation.

The bootloader handles multiboot with other Linux distributions or Windows fairly trouble-free. Installation is routine, thanks to the graphical format used.

Only 64-bit versions are available for x86 computers, which limits access to legacy hardware in the 32-bit machines. ARM ports are available if you can track them down through the project's wiki.

Want to Suggest a Review?

Is there a Linux software application or distro you'd like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I'll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!


,

Apple May Alter the AR Competition

Apple is stockpiling resources to make a splash in the augmented reality market.

The company is not only marshaling internal resources behind its AR efforts, but also hiring talented outsiders and acquiring companies with expertise in AR hardware, 3D gaming and virtual reality software, Bloomberg reported Monday.

The new outsiders include a former Dolby labs executive, engineers who worked virtual reality headsets for Google and Microsoft, and some Hollywood digital effects experts, the report notes.

"We've been waiting for Apple to launch something in AR after its acquisition of a number of AR companies, including Metaio and FlyBy Media," said David MacQueen, executive director for apps and media at Strategy Analytics.

"Right now, there's no company really taking a strong position in AR, at least from a consumer perspective," he told TechNewsWorld. "The most advanced product is Microsoft's HoloLens, but that is squarely aimed at enterprise users and has a price tag to match."

Apple Likes Fat Margins

Those higher price tags for AR products could be an attraction for Apple, which is fond of high prices and the high margins that often accompany them.

While shipments of virtual reality headsets will outpace their AR counterparts from 2016 to 2021, the market for AR headsets will be larger, growing from $2.1 billion to $18.6 billion, according to a five-year forecast IDC released last week.

"With all the technological enhancements, there will be a wide range of products and price points," said Jitesh Ubrani, a senior research analyst at IDC.

"VR setups already range from sub-(US)$100 to more than $1,000, and though it's too early to tell, the low-cost experiences may prove to be inhibitors rather than promoters of the technology as they can potentially disappoint first time VR users," he continued.

"On the other hand, due to the sophistication of the hardware, most AR headsets are expected to cost well over $1,000," Ubrani explained. "This makes the technology far less accessible to consumers initially, though that's probably for the best as the AR ecosystem and wide social acceptance are still a few years away."

Mainstream Reality

Augmented reality makes sense for Apple on another level, too, noted Bob O'Donnell, chief analyst at Technalysis Research.

"Things like the HTC Vive and Oculus Rift are cool, but they're clearly not a mainstream Apple-like product," he told TechNewsWorld.

With AR, a user remains present in the real world and there's an opportunity to interact with people and real-world objects, said Ross Rubin, the principal analyst with Reticle Research.

"In VR, the surroundings are completely replaced. That's great for game play and some simulations, but AR opens up far more possibilities," he told TechNewsWorld. "Ultimately, the two technologies may merge into a mixed reality that lets in a lot, a little, or none of the real-world surroundings."

Augmented reality also is better suited for a mobile environment.

"VR has the user completely immersed in a virtual environment," noted Strategy Analytics' MacQueen.

"It's inherently an immobile technology, which most people would prefer to use while in a safe environment," he pointed out. "AR is much more suited to on-the-go use cases, such as enhanced navigation, so it suits mobile better than VR does."

The Next Big Thing

Augmented reality also could be the next big thing for smartphones -- even though the form factor might be a bit clumsy for AR purposes.

"Holding the phone up and scanning the world around you is quite a clunky experience compared to using smartglasses," MacQueen pointed out.

"However, paired with smartglasses -- using the iPhone for processing power -- could be an interesting proposition," he suggested.

A bold move into AR could deflect a few brickbats thrown Apple's way for not being innovative enough since the passing of Steve Jobs.

"Apple has been regularly criticized for failing to deliver on 'next big thing' technologies and products," observed Charles King, principal analyst at Pund-IT.

"Bringing AR features into the iPhone would allow the company to both leverage its strongest platform and help its products stand apart from its competitors' robust smartphones," he told TechNewsWorld.

Up to now, VR and AR have generated more hype than consumer interest. Apple could change that for AR.

"It is a safe bet that given Tim Cook's strong position on AR that Apple will play a major role in bringing AR to the masses," predicted Tim Bajarin, president of Creative Strategies.

"It will first be delivered via the iPhone," he told TechNewsWorld, "and eventually the AR experience will be augmented by some type of glasses in the future."


,

Google Gives Devs First Look at Android O

Google on Tuesday unveiled a developer preview of the latest version of its mobile operating system, code named "Android O."

Google Gives Devs First Look at Android O

The new OS is designed to improve on battery life and interactive performance of devices, according to Dave Burke, vice president of engineering (Android) at Google.

The new release puts automatic limits on what applications do in the background in three areas: implicit broadcasts, background services and location updates.

Updated developer previews will become available in the coming months, and devs will get a more detailed look at the OS at Google I/O, to be held this May at the company's Mountain View, Calfornia, headquarters.

Background limits represent a significant change in how Android operates, so it's important to give developers time to get used to the new features, Burke said.

The release is still in its early stages, he cautioned, noting that there are additional features in the works, and plenty of stabilization and performance work to be completed.

"Background limits illustrates how Google is moving ahead to improve battery life on Android devices, and support for new/emerging WiFi functions and specs highlight the company's efforts to stay on the leading edge of device connectivity," observed Charles King, principal analyst at Pund-IT.

Another major new feature is picture-in-picture display for phones and tablets, which allows users to watch a video while they are separately engaged in a chat session or hailing a car ride, for example.

Sound Quality

The new OS includes major improvement in connectivity, with support for LDAC, which is Sony's new high-quality wireless audio via Bluetooth. Additional WiFi features include WiFi Aware, which allows WiFi access without an Internet access point, a service previously known as "Neighborhood Awareness Networking."

The new release gives developers "fine grained control" over various types of notifications, and let users individually block or change behaviors such as sound, vibration or level of importance.

Android O notification channels
Notification channels let users control an app's notification categories.

Google has seen a resurgence in keyboard navigation with the advent of Google Play apps on Chrome OS, Burke noted. The new OS therefore includes a feature that stabilizes arrow and tab navigation, both for developers and end users.

The O Developer Preview has an updated SDK with system images available so it can be previewed on the official Android Emulator and on Nexus 5X, Nexus 6P, Nexus Player, Pixel, Pixel XL and Pixel C. An emulator is also available for wearables, including Android Wear 2.0 and Android O.

Adaptive icons display in a variety of shapes across different device models.

The initial release is not available for consumer use, and is available only via manual download and flash, Google said.

As the final release date draws closer, Google will open up consumer enrollments through Android Beta.

While most of the features are designed to ease developer processes, features like support for picture-in-picture are aimed at improving the user experience, Pund-IT's King told LinuxInsider.

Google's objective, in part, is to boost the level of consumer acceptance of the new OS, King said, noting that the latest Android version, Nougat, is installed only on a small fraction of Android devices. Two-thirds of Android devices are running Android 6.0 or earlier versions, by some estimates.

App Innovations Ahead?

Google is pushing hard to gain consumer acceptance, as only 3 percent of Android devices are running Nougat and only 31 percent are running Marshmallow, said Karol Severin, an analyst at Midia Research. Older operating systems account for the remaining share of the market.

The early announcement will give the developers some time to make sure they can build apps with additional functionality and make sure older apps are running smoothly on the new OS, Severin said.

"Google will be making sure that its own devices get the updates fast," he told LinuxInsider. "If the OS is received well within the Google device community, it can either differentiate its user experience from lagging Android handset manufacturers and win some smartphone marketshare in the process, or it will act as a nudge to other handset manufacturers to speed up their OS update processes."


,

Google Unveils Guetzli, Open Source JPEG Encoder, to Speed Browsing

Google on Thursday announced Guetzli, a new contribution to its evolving set of tools for the open source community. Guetzli is an encoder that allows JPEG files to be compressed as much as 35 percent, resulting in much faster Web page loading.

"Guetzli," which means "cookie" in Swiss German, allows users to create smaller JPEG images while maintaining compatibility with existing Web browsers, image processing applications and the existing JPEG standard, noted Robert Obryk and Jyrki Alakuijala, software engineers at Google Research Europe, in an online post.

It produces a result similar to that of Google's Zopfli algorithm, which produces smaller PNG and gzip files without the requirement of a new file format, they explained. The technique is different from RNN-based image compression, RAISR and WebP, all of which need ecosystem and client changes for compression at Internet scale.

Google first introduced the Zopfi compression algorithm in 2013 and two years later unveiled Brotli, which offered faster page loads and up to 26 percent higher compression ratios than Zopfi.

Microsoft late last year announced support for Brotli in Edge, which would make it broadly interoperable across major browsers, as the latest versions of Chrome and Firefox already supported Brotli.

Quality and Compression

JPEG resolution quality is directly correlated to its multi-stage compression process, Obryk and Alakuijala explained.

"Guetzli specifically targets the quantization stage in which the more visual quality loss is introduced, the smaller resulting file," they wrote. "Guetzli strikes a balance between minimal loss and file size by employing a search algorithm that tries to overcome the difference between psychovisual modeling of JPEG's format and Guetzli's psychovisual model."

The model approximates color perception and visual masking in a more detailed way than what can be achieved through simpler color transforms and discrete cosine transforms, according to the engineers.

16x16 pixel synthetic example of  a phone line
16x16 pixel synthetic example of a phone line hanging against a blue sky -- traditionally a case where JPEG compression algorithms suffer from artifacts. Uncompressed original is on the left. Guetzli (on the right) shows less ringing artefacts than libjpeg (middle) and has a smaller file size.

During experiments with human raters, Obryk and Alakuijala continued, images produced by Guetzli were preferred over images from libjpeg files, even when the latter files were the same size or slightly larger, making the slower compression a worthy tradeoff.

20x24 pixel zoomed areas from a picture of a cat
20x24 pixel zoomed areas from a picture of a cat's eye. Uncompressed original on the left. Guetzli (on the right) shows less ringing artefacts than libjpeg (middle) without requiring a larger file size.

The hope is that the format webmasters and graphic designers will embrace the format for running image-heavy websites, and that mobile users will see reduced load times and bandwidth costs, the engineers said.

Deep Learning

Google likely has developed the deep learning expertise and compute resources to tackle such a feat from a new vantage point, suggested Paul Teich, principal analyst at Tirias Research.

Image storage is a top priority for consumer cloud services, retail, advertising and other industries, he noted.

"My educated guess is that Google made Guetzli public because Google doesn't control most of the endpoints that capture the images that Google then stores for image searches," Teich told LinuxInsider. "It makes Google's business run a little better if everyone uses Guetzli as their native JPEG format -- and the same is true for other cloud services that handle images at scale, such as Facebook, Twitter and Instagram."

There likely will be a version of Guetzli for motion video compression as well.

RAISR, which Google introduced in November, uses machine learning to turn low-resolution images into high-quality photos. WebP images are 26 percent smaller than PNGs and up to 34 percent smaller than JPEG images

Making the Guetzli technology available as an open source tool will help speed adoption and return significant benefits for Google, said Rob Enderle, principal analyst at the Enderle Group.

"Google makes money off ads," he told LinuxInsider. "Slow load times lower ad views, so by speeding up the Web, they'll make a ton more money."

Dropbox engineers were excited to find that Guetzli interoperates with Lepton, the streaming image compression format Dropbox released to the open source community last summer.

"In preliminary testing, we are seeing real advantages in combining Guetzli with Lepton, as long as you apply Guetzli first," said Daniel Reiter Horn, staff software engineer at Dropbox.

"For example, one test we tried resulted in ~24 percent savings from Guetzli and an additional ~22 percent compression from Lepton, with default settings," he told LinuxInsider.

"The result was a total savings of ~41 percent over the default file," Horn said. "The math makes sense, because Lepton gives 22 percent savings on the Guetzli file that's 75 percent of the original size... so the savings is 24 percent + (22 percent * 76 percent) = ~41 percent."

Google's own team had little to say about the release beyond the revelations in Obryk and Alakuijala's post, company rep Jason Freidenfelds told LinuxInsider.

However, it did release a statement suggesting that it was, shall we say, compressing its wild enthusiasm: "Grt to hv all ths intrst - w'r vry exctd fr ths brkthrgh!"


,

Apple Unveils Budget-Friendly iPad, Dresses iPhone in Red

Apple on Tuesday announced an iPad update, a red iPhone 7 and 7 Plus, and a new video-editing app for iOS.

The iPad upgrade has a 9.7-inch, 2048 x 1536-pixel Retina display with 264 pixels per inch, and Apple's A9 64-bit processor.

The unit will come in silver, gold and space gray with a starting price of US$329 for 32 gigabytes of storage and WiFi-only support. It will cost $459 for a 32-GB unit with WiFi and cellular support.

As with prior models, the battery life for the new iPad is 10 hours. It has an 8-megapixel rear-facing camera and 1.2-MP front-facing FaceTime unit.

The new iPad is available for order on Mach 24 from Apple's website and will be in Apple Stores next week.

With the latest upgrade, Apple's iPad lineup looks like this: iPad Pro 12.9 inch ($799); iPad Pro 9.7 inch ($599); iPad 9.7 inch ($329) and iPad mini 4 ($399).

Not Quite an Air Replacement

Although the latest iPad replaces the iPad Air 2 in Apple's tablet lineup, it doesn't quite supplant it.

"It falls somewhere between a new device and the old device," said Carolina Milanesi, a principal analyst at Creative Strategies.

"They upgraded the most important thing on the device -- the processor," she told TechNewsWorld. "Not only will the performance be better, but other components, like the camera, will be snappier."

Pricing is also an outstanding feature of the new iPad, Milanesi said, noting that "$329 for a 9.7-inch device is very aggressive."

Prying Old iPads from Users' Paws

Attractive pricing may tempt some iPad owners to upgrade their old hardware.

"The replacement cycle for iPads is getting really long," said Mikako Kitagawa, a principal research analyst with Gartner. "If you have a 3- or 4-year-old iPad, you may want this upgrade."

The pricing also could attract some new users into the Apple universe.

"They're going to stretch the iPad's market into the mid-range tablet market," Kitagawa told TechNewsWorld.

Competitive pressure also may play a role in Apple's new entry-level tablet pricing.

"It's an interesting strategic move for Apple," said Rhoda Alexander, director of tablet and notebook research at IHS Markit.

"They've held that $499 introductory price on the 9.7 for seven years now," she told TechNewsWorld. "That price is way above the competition, so this is a realigning of the product to bring it to a more competitive price point.

The lower price point for the iPad could gin up some additional iPad sales, "but not as much as many believe," said Patrick Moorhead, principal analyst at Moor Insights and Strategy.

"The biggest challenge to large tablets are Windows two-in-one laptops and touch Chromebooks," he told TechNewsWorld.

A Red iPhone

Apple introduced red versions of its iPhone 7 and 7 Plus to celebrate the company's 10-year partnership with (RED), an organization that funds programs to help prevent the transmission of HIV from mothers to unborn babies.

 iPhone 7 and iPhone 7 Plus (PRODUCT)RED Special Edition
Apple customers can contribute to the Global Fund to fight AIDS with iPhone 7 and iPhone 7 Plus (PRODUCT)RED Special Edition.

A portion of the sales of the RED iPhone will go to the organization, to which Apple has contributed more than $130 million during the partnership.

Slated for availability in Apple Stores on Friday, the RED iPhone pricing will start at $749 for a 128-GB model.

Video Editing With Clips

Apple also announced Clips, a new video-editing app. The software is designed to combine photos, video and music without timelines or complicated tools.

iPhone Clips
Real-time filters, emoji and other effects available in Clips can add fun to any photo or video.

Its LiveTitles feature lets you use your voice to create animated titles and captions. As you speak, titles appear on the screen perfectly synced to your speech. You can edit titles with a tap.

Comic book filters are included, as well as support for speech bubbles and shapes. You can use the software to create full-screen posters with animated backgrounds too.

Dozens of music soundtracks are available for the content you create with the app. What's more, the app automatically trims them to fit your production.

Available in April, Clips runs on iOS 10.3 and is compatible with the iPhone 5s or later, all iPad Air and Pro models, the iPad mini 2 and above, and the iPod touch 6th-generation model.


,

IBM Launches Enterprise-Strength Blockchain as a Service

IBM on Monday unveiled the first enterprise-ready Blockchain as a Service offering based on The Linux Foundation's open source Hyperledger Fabric version 1.0.

IBM Blockchain, which lets developers quickly establish highly secure blockchain networks on the IBM cloud, is a transformative step in being able to deploy high-speed, secure business transactions through the network on a large scale, the company said.

The platform offers the world's safest Linux infrastructure, with tamper-responsive hardware security modules, a highly auditable operating environment, protection from insider attacks, and secure service containers, according to IBM.

Safe and Secure

"IBM developers were very substantial contributors to the Hyperledger Fabric project, and they have also been great at pulling developers from other companies into the center of the development process," noted Brian Behlendorf, executive director of Hyperledger.

"This means the architecture has been scrutinized by a much wider community than you might otherwise see for a commercial project, and there are many different commercial options for support available," he told LinuxInsider.

Hyperledger -- an open source consortium of companies in finance, banking, IoT and other industries -- was created to advance blockchain technologies.

Hyperledger Fabric is the project designed to implement blockchain technologies into applications or solutions.

IBM Blockchain for Hyperledger Fabric v1.0 is available through a beta program on IBM Bluemix. Hyperledger Fabric is available on Docker Hub as an IBM-certified image for download at no cost.

In a related announcement, IBM and SecureKey Technologies said they will launch a new digital identity network for Canadian consumers based on IBM Blockchain. The network currently is undergoing tests in Canada and is scheduled to go live later this year. Consumers will be able to opt in through a mobile app.

IBM also announced the world's first blockchain-based green asset management platform under a deal with Energy Blockchain Labs to help lower emissions in China.

A beta version of the platform will be released in May.

IBM Edge

IBM has an advantage from the standpoint that few companies have the skills and experience to capitalize on this emerging technology, noted Jeff Kaplan, managing director of ThinkStrategies.

Many companies are hesitant to make the investment to advance what is a relatively unproven technology, he said.

"So in the same way organizations have been able to leverage compute power via the cloud and applications via SaaS, IBM Blockchain will enable organizations to acquire blockchain functionality quickly without the risks and costs associated with buying and deploying the technology themselves," Kaplan told LinuxInsider. "It gives IBM a good method to quickly win customers and market share."

The IBM announcement is a significant step in enterprise adoption of blockchain technology, and can be likened to what Hortonworks and Cloudera did for Hadoop or what Redhat did for Linux, observed Stewart Bond, research director for data integration software at IDC.

"IBM is an industry incumbent known for enterprise-scale transaction processing, security and data management, and many enterprises trust IBM applications, processes, transactions and data," he told LinuxInsider.

"Blockchain is partly about trust, and IBM Blockchain provides a higher level of trust, security, transaction processing and manageability of blockchain data, code and deployments, Bond said.

IBM last summer entered an agreement with Everledger to use blockchain to help the company track diamonds and other valuables.

IBM is the provider best suited for transactional security at the scale required for such a partnership, said Leanne Kemp, CEO of the firm.

"As a business focused on tracking and protecting the provenance of the world's most valuable items, there can be no compromise when it comes to the security and expertise required to ensure records are stored in a trusted and tamper-proof environment," she told LinuxInsider.

IBM also is working with Bank of Tokyo-Mitsubishi, Northern Trust, Walmart and Maersk on previously announced deals to run their blockchain applications in the IBM Cloud.


,

Saturday, March 18, 2017

OPINION Donald Trump Should Channel Steve Jobs on Security

We saw yet another government breach last week, and more secrets went out to WikiLeaks. I'm of a mixed mind on this one, because the CIA tools disclosed likely were emulated by others, and WikiLeaks is helping consumer technology companies ensure they no longer work.

I don't know about you, but I really don't want any organization spying on me -- not even my own government. Given how I often dress around the house, this is as much for their protection as my own.

When Steve Jobs took over, Apple also had a severe leak problem, and he was pragmatic about fixing it. Ironically, he used the U.S. government's approach as a template. As a side note, Jobs also had a WikiLeaks problem, but whether it really was a leak or was fake news was never determined. Now that is an interesting coincidence, given the topic.

I'll offer some suggestions about what Trump could learn from Steve Jobs, and I'll close with my product of the week: the Jetson TX2, an amazing high-speed drone that uses Nvidia's value-priced digital brain, to ensure that it doesn't get you into trouble.

Steve Jobs' Problem

When Steve came back to Apple, he had a massive problem in that he wanted to create excitement around his new products -- but only when he actually had them to sell. He knew that product leaks tended to kill sales for existing products and made launches far less exciting because there was no mystery.

He also knew if that sometimes to get a product out the door you had to defeature it, and if folks expected a feature that didn't show up, they not only wouldn't be excited but also might avoid buying the product as a result of their disappointment.

Given that the products he started with were crap, in his opinion, he sure didn't want people to stop buying them until he had replacements in market. At the time, though, Apple was a sieve. People who worked there had developed relationships with reporters, and they used their inside knowledge on coming products to gain status.

Simply telling them to stop really didn't seem to have the intended effect -- but since Apple's survival was at stake, Jobs went full WWII.

Steve early on developed a reputation for firing people on the spot, often for what seemed to be trivial causes -- employees referred to it as "being Steved." So when Jobs made it clear that anyone caught leaking would be terminated immediately, folks took him seriously.

He also pulled posters out of the old-World War II campaigns, like "loose lips sink ships" and made it clear to the employees that keeping quiet could make the difference between whether Apple survived and prospered or failed.

He looked to others to report anyone they knew was leaking, for the good of the company. (In one instance, this firing thing supposedly backfired badly.)

Finally, Jobs would deliberately include slight alterations about coming products in internal memos, so that if anyone did leak, he could track the leak back to the group that leaked it and then locate the individual.

That not only was sneaky, but also made the leakers less reliable, because the facts they were leaking were inaccurate. It had the dual purpose of locating and discrediting the leaker at the same time.

Saved My Job

While I was at IBM, I ran security for my organization for a short while implemented something similar because I suspected some of my own reports -- which were highly sensitive at the time -- would be leaked. One was, and the SVP of sales wanted me fired.

Fortunately, I was able to track the leak to that same SVP, and I outlasted him as a result. I'll likely never forget this practice of altering reports so they can be tracked back, if leaked in whole or part.

Technology Approach

Since the Steve Jobs era, a host of tools that monitor access of information in real time, like Varonis, have emerged. They can send out alerts if people gain access to data outside of their responsibility, start copying or printing sensitive documents, or suddenly show an interest in an area they never before accessed.

These tools address the kind of bulk information theft that the U.S. intelligence community has experienced, by identifying perpetrators so they can be caught quickly and punished. It continues to surprise me that solutions such as these either aren't in place or have not been implemented properly, even after the Snowden breach.

I agree with Julian Assange that this latest breach showcases a level of incompetence that should be unacceptable in a small private company -- let alone one of the most powerful and storied intelligence organizations in the world.

Trump Channeling Jobs

Here is where Trump needs to channel Steve Jobs. When a leak like this occurs, the career bureaucrats responsible for protecting the breached data should be terminated for cause. This would convey the seriousness of the problem. Clearly, if and when the perpetrator is located, that person has to be brought to justice definitively, so that the personal risks surrounding leaking exceed the benefit of leaking.

The government should implement an access-tracking tool like Varonis, and make sure the implementation is comprehensive so that in addition to document access, system access would be tracked, so that any related types of security breaches also would be caught.

Finally, the administration seriously needs to consider a WWII level of organizational attitude readjustment, so that employees recognize they are putting their nation at risk and help to ensure that other employees report any questionable things they observe in a timely way.

Wrapping Up: Taking Security Seriously

I do think there is one other aspect of this that should be addressed, and that is that there really needs to be a better way for employees of the intelligence community to report illegal activities other than leaking them. Much of this looks like an employee saw management do something wrong, and in a fit of conscience -- and with no other recourse -- leaked it to stop the activity.

I mean if the CIA is planning to take over and crash cars, then at the very least, I'd like that exploit reported and fixed so that they don't accidentally kill me in the process, or enable someone else to do it on purpose.

In short, I think the Intelligence Community should reprioritize its goal to keep citizens safe and its goal to attack others, putting the "keep us safe" part first again. Or, put more bluntly, if they know of an exploit that puts me at risk, then I'd like them to help fix it rather than keep it secret so they can kill someone else. (By the way this leaking thing doesn't appear to be stopping the illegal activity at all -- something the leakers should reflect on.)

Given that the hacking techniques leaked likely could be used against a sitting president, who is by far a larger target than I am, fixing that priority should be compelling for President Trump. In the end, I think Trump could learn a lot from how Jobs secured Apple, and it would make all of us a lot safer if he did.

One other quote President Trump might want to consider from Jobs: "If you want to make Apple great again, let's get going. If not, get the hell out."

Rob Enderle

I was at the Nvidia Jetson TX2 launch last week and up to my armpits in security technology, autonomous drones, and what looked like a 3D scanning Ray Gun.

However, I saw one thing I had to buy, and it was the new Teal drone, due to ship during the summer.

Teal Drone
Teal Drone

At nearly US$1,300 it is not cheap date. Given how successful DJI is in this space, you have to ask yourself why anyone would want an expensive drone with no camera gimbal in the first place. The answer is this puppy is fast.

It goes from 0-60 in 1.2 seconds and has a top speed of 85 mph. The lack of a gimbal means you can fly this with a headset on and actually feel like you are flying. That said, if you hit something at 85 mph it will be expensive, which is where the Jetson TX2 comes in.

Effectively, when turned on, it gives you a capability similar to the guardian angel for self-driving cars. It provides a bubble of safety around the drone, helping to prevent that spectacular crash that could kill your drone and end your flying days for some time.

This thing is amazing. At top speed, it sounds like a howling banshee (which is what I would have named it had it been up to me).

It defaults to your phone as a controller, but it also will use a range of professional controllers if you prefer, and it will broadcast the video to several wireless headsets for that flying experience.

It is modular in design, so that if you break an arm or blade you can replace it. The body is a single streamlined piece without the breakable parts of a typical drone has in this class.

Because it uses an AI engine, things like being able to tell the person it is following is you, along with more advanced features -- like followiong complex flight plans while avoiding obstacles -- are possible. The Teal is one kick-ass drone. Yes, I ordered one, and it is my product of the week.


,

Pro-Turkey Hackers Hit Prominent Twitter Accounts

Hundreds, if not thousands, of Twitter users, many of them high-profile, were hacked Tuesday by someone who appeared to support Turkey in its diplomatic row with the Netherlands.

Their accounts displayed a Swastika -- reversed to face to the right -- as well as the Turkish flag and hashtags to the Nazialmanya and Nazihollanda accounts, which displayed comments on the attack.

The following message in Turkish, translated into English through Google Translate, also was posted on affected accounts: "Now Old Turkey Nothing You Have Set Adjust Absolute Wheel Will Earn Traitors Crime Freaks Needed YES le Verecek Elbet."

The hackers included a reference to April 16, when Turkey will hold a referendum to give President Recep Erdogan more power, and a link to a Youtube video presenting clips of speeches by Turkish President Recep Erdogan, accompanied by a poem that appears to be threatening.

Among the victims are Nike Spain, Duke University, Starbucks Argentina, the European Parliament, the BBC, Amnesty International and a number of high-profile people, including singer Justin Bieber.

Twitter Leaps Into Action

Twitter Support on Wednesday reported that it had addressed the issue.

We identified an issue affecting a small number of users. Source was a 3rd party app and it has been resolved. No action needed by users.

— Twitter Support (@Support) March 15, 2017

Twitter had "moved the apps permissions to Twitter accounts globally," noted Willis McDonald, senior threat manager at Core Security.

Its response was "appropriate, given the number of accounts affected and also that the attack had to do with a third-party app and not Twitter itself," he told TechNewsWorld.

How the Hack Happened

The hack appears to have exploited a zero-day vulnerability in Twitter Counter, a third party app available on Google Play and the Apple App Store, said Robert Capps, VP of business development at NuData Security.

Twitter Counter, which lets users graph their Twitter stats, apparently has more than 180 million users.

Its website has been shut down temporarily, "for maintenance."

"If Twitter were a country, it would be the 12th largest in the world," Capps told TechNewsWorld.

Its more than 100 million users, and its capacity as a real-time source of information, "make it an attractive and vulnerable target for account takeovers," he said, because it gives bad actors "access to the audiences of celebrities and brands with thousands of followers."

Gangsters or Governments?

It's likely that the attackers were operating in support of Turkey, Core Security's McDonald suggested, but they probably were "a nationalist group and not state-sponsored attackers."

The hack "only caused minor damage to the public image of the victim accounts," he said, and the damage to Twitter's image is "minimal, since [it] was due to a third-party app."

However, "the damage to Twitter Counter is [worse] since their app's permissions have been removed from Twitter, which essentially puts them out of business until they can resolve the issue," McDonald said.

Twitter Counter users can remove the app from their devices and change their account credentials, and since Twitter has removed the app's permissions, he noted, victims "only need to remove the offending tweets to remediate their accounts."


,

Facebook Gets Tough on Spy Apps

Facebook on Monday moved to prevent spy applications from accessing its users' data.

The company has updated its Facebook and Instagram policies to prohibit developers from using data obtained from those platforms in surveillance tools, according to Rob Sherman, deputy chief privacy officer at Facebook.

Facebook already has taken enforcement actions against devs who created and marketed surveillance tools in violation of the company's previous policy, he noted, adding that "we want to be sure everyone understands the underlying policy and how to comply."

Facebook has been under pressure to beef up its rules governing surveillance apps since last fall, when the American Civil Liberties Union released a report exposing how Geofeedia was using Facebook, Instagram and Twitter data to track protesters in Baltimore and Ferguson, Missouri.

Marketing materials for surveillance companies urged police to monitor hashtags associated with Black Lives Matter, and labeled unions and activist groups as "overt threats," the ACLU also reported.

"We depend on social networks to connect and communicate about the most important issues in our lives and the core political and social issues in our country," said Nicole Ozer, technology and civil Liberties director at the ACLU of California.

"Now more than ever, we expect companies to slam shut any surveillance side doors and make sure nobody can use their platforms to target people of color and activists," she added.

Data Sellers Chill Dissent

The ACLU is part of a coalition that includes the Center for Media Justice and the Color of Change. The group aims to persuade social media companies to establish robust systems to make sure the rules prohibiting surveillance are followed.

"When technology companies allow their platforms and devices to be used to conduct mass surveillance of activists and other targeted communities, it chills democratic dissent and gives authoritarianism a license to thrive," said Malkia Cyril, executive director of the Center for Media Justice.

"Social media platforms are a powerful tool for black people to draw attention to the injustices our community faces," remarked Brandi Collins, campaign director for Color of Change.

"We commend Facebook and Instagram for this step," she continued, "and call on all companies who claim to value diversity and justice to also stand up and do what's needed to limit invasive social media surveillance from being used to target black and brown people in low-income communities."

All Facebook users will benefit from the crackdown on surveillance apps, said Andrew Sudbury, CTO of Abine.

"This should improve user privacy, as there shouldn't be any commercial companies reselling access to them and their data to law enforcement for tracking and intelligence gathering purposes," he told TechNewsWorld.

Mixed Bag for Cops

For law enforcement agencies using information from developers of surveillance apps, Facebook's policy will be a mixed bag.

"There's nothing to stop law enforcement from looking as a suspect's Facebook feed, but it will stop these intermediary-type companies like Geofeedia from getting automated feeds of information," said Timothy Toohey, an attorney with Greenberg Glusker Fields Claman & Machtinger.

Enforcement still could be a problem for Facebook, though.

"There may be other companies that have ways to scrape this information from Facebook without developer access," Toohey told TechNewsWorld.

Facebook's ability and willingness to police its antisurveillance policy will be key to its success.

"A company could simply do its surveillance anyway," Abine's Sudbury noted. "Then it would fall on Facebook to carefully monitor what and how developers access data, looking for clues as to the purposes of the data."

Controversies over what's done with Facebook's data are unavoidable, Toohey maintained.

"The data is incredibly valuable. It's valuable to law enforcement. It's valuable to private enterprises," he said. "Facebook wants to monetize that, which puts them in very difficult positions balancing their commercial interests with other interests."


,

Linux Academy Rolls Out New Cloud-Based Training Platform

Linux Academy, an online training platform for the Linux OS and cloud computing, on Tuesday announced a public beta rollout of its Cloud Assessments platform, which is designed to let large enterprise firms train and assess their IT workers and prospective job candidates.

Linux Academy Rolls Out New Cloud-Based Training Platform

The academy offers training on a variety of cloud-based platforms, including Amazon Web Services, Open Stack, DevOps, Azure and others.

The Cloud Assessments platform will focus initially on training and testing of AWS, due to the strong demand for that cloud-based computing platform and the large skills gap of existing knowledge among IT workers.

"Since AWS is a leader in the market, companies and individuals are rushing to ensure they can handle these technologies," said Linux Academy CEO Anthony James.

AWS Demand

The academy's current focus is preparation and validation for the AWS Certified Solutions Architect Associate level exam, James told LinuxInsider. However, there are other in-demand areas that it is beginning to explore.

Hands-on learning has been very important to professionals who have taken these courses, James said. "We came to understand that not only do people want to learn, but they also want to validate their skills in a way that our industry would recognize."

Another critical aspect of the Academy's approach is what it calls "lean learning," which involves recommending specific training based on a user's specific performance, he continued. The new training efforts target specific areas that need improvement.

The Cloud Assessments platform offers a different approach to teaching IT professionals by using live servers in existing work environments. Workers actually learn skills they can use on the job in real time. They're not limited to responding to questions in a test environment.

Individuals also can use Cloud Assessments to earn micro-certfiications for AWS skills.

Linux Academy and Cybrary last month conducted a survey of 6,000 IT professionals, and 35 percent said that micro-certifications would help them get a job or advance in an existing position.

In addition, 85 percent said they would pursue micro-certifications if their employers helped facilitate the training.

Skills Gap

"The launch of this program is another indication of the accelerating adoption of cloud services," noted Jeffrey Kaplan, managing director of ThinkStrategies, "and there is no question that initial focus on AWS specialists is because of its dominant position in the market at this time."

As the demand for multi-cloud services increases, the academy's program likely will broaden to include training courses for additional cloud platforms, he told LinuxInsider.

Certification programs directly from AWS are exam-based, said Paul Teich, principal analyst at Tirias Research.

However, Linux Academy has created a more practical "live assessment" environment in which users are graded on actually using AWS rather than just answering questions correctly, he told LinuxInsider.

"Cloud services really don't care about certification, but enterprise does," Teich pointed out. "Enterprise needs these certifications to start implementing hybrid cloud business models. Upleveling certification to demonstrate practical experience should play well with enterprise IT shops."

Amazon Web Services last year announced an effort to enhance its AWS Educate program to offer additional modules, called "cloud career pathways," to help educate students about cloud-based skills, as well as connect them with specific cloud-based jobs offered by various employers, including AWS, Salesforce, Cloudnexa and Splunk.


,

Sunday, March 12, 2017

LINUX PICKS AND PANS Black Lab Linux 8.0 Is a Rare Treat

Black Lab Linux 8.0 Is a Rare Treat

The latest release of Black Lab Linux, an Ubuntu 16.04-based distribution, adds a Unity desktop option. You will not find Unity offered by any other major -- or nearly any minor -- Linux distributor outside of Ubuntu.

Black Lab Linux 8.0, the consumer version of PC/OpenSystems' flagship distro, also updates several other prominent desktop options.

Black Lab Linux is a general purpose community distribution for home users and small-to-mid-sized businesses. PC/OpenSystems also offers Black Lab Enterprise Linux, a commercial counterpart for businesses that want support services.

Black Lab Linux is an outgrowth of OS4 OpenLinux, a distro the same developers released in 2008. Both the community and the commercial releases could be a great alternative for personal and business users who want to avoid the UEFI (Unified Extensible Firmware Interface) horrors of installing Linux in a computer bought off the shelf with Microsoft Windows preinstalled.

Black Lab offers its flagship releases with a choice of self or full support, and both come at a price upon launch. However, you can wait 45 days and get the same release with the self-support option for free. Black Lab Linux 8.0 became available for free late last year.

Black Lab Linux8.0 Unity edition
Black Lab Linux 8.0 with Unity has a clean and uncluttered look.

What's Inside

Black Lab 8.0 with Unity gave me a few problems depending on the hardware I tested. It sometimes was slow to load various applications. It more than occasionally locked up. However, its performance usually was trouble-free on more resource-rich computers.

Its core set of specs are nice but nothing that outclasses other fully free Linux OS options. Here is a quick rundown on the updated packages. Remember that version 8.0 is based on Ubuntu 16.04, which is a solid starting point.

Kernel 4.4.0-45
Chromium 54
Thunderbird 45.4
LibreOffice 5.2
Gimp 2.8.16
Dropbox
Google Drive Integration (Unity and GNOME 3.18 Only)
Ice SSB 5.2.1
GNOME Video
Rhythmbox
Full UEFI support
exFAT support
Systemd support
Upstart Support (Unity and GNOME 3.18 Only)
GNOME Software Center (Unity, GNOME 3.18, LXDE)
Plasma Software Discover center (KDE Plasma 5)
The Chromium browser connects to a Google account if you want access to Google services. That can be convenient if you like the Google Chrome environment but prefer less tracking. A second browser is included with the Unity option. The Unity browser is a basic Web-viewing window with few features.

Appealing Look and Feel

If you prefer the Unity desktop, you should be pleased with how it is integrated in Black Lab Linux. It has a small, attractive collection of background images.

One of the first things you will want to do is go to the Unity Tweak Tool and adjust some of the user refinements not presented in the standard System Settings. If you are turned off by too many control panels and setting options, Black Lab Linux may appeal to you.

Black Lab Linux8.0 settings window
The settings In Black Lab 8's new Unity edition are easy to find within the settings window. You will not be overwhelmed.

Overall, the user interface is simple to navigate. The desktop display is uncluttered, because you can not pin icons there for quick launch convenience.

The Unity bar along the left edge of the screen collapses or expands as you open and close applications. This makes it easy to move around those that are open. The workspace switcher is always in view at the bottom of the Unity bar. This is one of the most convenient navigational tools available.

A panel bar extends across the top of the screen. Unlike panels in other desktops, no applets are available. You can not pin things to that panel, either. It stays empty in the center. A few notification icons reside on the right side of the top panel. The left side displays the tool bars of the active application window.

Black Lab Linux8.0 Unity Tweak Tool
When setting up the Unity desktop, one of the first things to do is to visit the Unity Tweak Tool.

Bottom Line

Black Lab Linux 8.0 with Unity provides a generally pleasant computing environment. If you are not familiar with Unity or are not attracted to the Ubuntu distro in any of its flavors, this release could give you a new reason for using Linux.

If Unity is not to your liking, try one of the other desktop options available in Black Lab LInux. The change can be refreshing.

Want to Suggest a Review?

Is there a Linux software application or distro you'd like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I'll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!


,