Copperhead OS: The startup that wants to solve Android’s woeful security

A multi-billion-dollar megacorp, Google, apparently needs help to secure its OS.

(credit: Guardian Project)

A startup on a shoestring budget is working to clean up the Android security mess, and has even demonstrated results where other "secure" Android phones have failed, raising questions about Google's willingness to address the widespread vulnerabilities that exist in the world's most popular mobile operating system.

"Copperhead is probably the most exciting thing happening in the world of Android security today," Chris Soghoian, principal technologist with the Speech, Privacy, and Technology Project at the American Civil Liberties Union, tells Ars. "But the enigma with Copperhead is why do they even exist? Why is it that a company as large as Google and with as much money as Google and with such a respected security team—why is it there's anything left for Copperhead to do?"

Copperhead OS, a two-man team based in Toronto, ships a hardened version of Android that aims to integrate Grsecurity and PaX into their distribution. Their OS also includes numerous security enhancements, including a port of OpenBSD’s malloc implementation, compiler hardening, enhanced SELinux policies, and function pointer protection in libc. Unfortunately for security nuts, Copperhead currently only supports Nexus devices.

Read 42 remaining paragraphs | Comments

Why Bioshock still has, and will always have, something to say

Nearly a decade later, Bioshock‘s ambitious objectivist themes are just as impactful.

"No Gods or Kings, Only Man." No higher authority than that of reason and rationality. A place where "the artist would not fear the censor, where the scientist would not be bound by petty morality, where the great would not be constrained by the small." As videogame intros go, few are as ambitious, or as forthright, as the protagonist's descent into the murky depths that envelop Bioshock's underwater city of Rapture. Fewer still are as effective nearly a decade on. Whether players realise it or not, those words—No Gods or Kings, Only Man—plastered above the golden visage of the game's big bad, Andrew Ryan (an interesting contradiction in itself), set a tone that's carried through the entirety of the game.

It's a mighty ambitious tone too. Objectivism—a controversial political philosophy created by the Russian-American philosopher Ayn Rand in the mid-20th century—is what stands between Bioshock having a hokey sci-fi plot, and one that gives it worth well beyond its now-waning technical offerings. What is objectivism? In short, it's the idea that society flourishes if each of its members focuses on their own self-interests over the interests of others, and without heavy-handed intervention from the state. In doing so, the theory runs that each person creates a personal situation where they feel accomplished and happy. Ultimately, society rules itself, "without Gods or Kings."

Objectivism in Bioshock is seemingly presented as a failure. When you arrive in Rapture, the city has already fallen into chaos and decay, the vast majority of its surviving inhabitants having been consumed by the gene-altering "plasmids" that instil both superpowers and insanity on its users. But the real message of the game goes deeper than this simple warning. Rapture's founder and ruler, Andrew Ryan, is Bioshock's less-than-subtle embodiment of Ayn Rand. Both Rand and Ryan grew up in the Soviet Union under strict communist governments, experiencing the kind of poverty and injustice that sometimes results from a system where individual liberty is side-lined in favour of helping the whole.

Read 11 remaining paragraphs | Comments

QuantX: Micron zeigt beeindruckende 3D-Xpoint-Benchmarks

Was bei Intel Optane heißt, nennt Micron QuantX: Eine erste solche SSD mit 3D-Xpoint-Speicher schafft wahnwitzige 1,8 Millionen Input-/Output-Operationen pro Sekunde selbst bei kurzer Befehlskette und überflügelt die NAND-Flash-Speicher-Konkurrenz meilenweit. (3D Xpoint, Speichermedien)

Was bei Intel Optane heißt, nennt Micron QuantX: Eine erste solche SSD mit 3D-Xpoint-Speicher schafft wahnwitzige 1,8 Millionen Input-/Output-Operationen pro Sekunde selbst bei kurzer Befehlskette und überflügelt die NAND-Flash-Speicher-Konkurrenz meilenweit. (3D Xpoint, Speichermedien)

Chrome starts retiring Flash in favor of HTML5

Non-visible Flash content blocked in September; Flash fully deprecated by December.

Last year, Chrome made Flash ads click-to-play; now, Google is trying to kill off Flash completely.

Starting with Chrome 53, due out early next month, the browser will automatically block tiny and non-visible Flash content, such as tracking and fingerprint cookies that are notoriously hard to shake off. Then, with Chrome 55 in December, Flash will be deprecated entirely, with exceptions for "sites which only support Flash." In both cases HTML5 is expected to take up the reins.

The changes in Chrome 53 are mostly targeted at behind-the-scenes Flash widgets that many sites use for tracking and analytics purposes. Best-case these non-visible elements can slow down your browsing experience, worst-case they might cause stability issues or reduce battery life on mobile devices. Google says that publishers are in the process of moving these widgets over to HTML5.

Read 6 remaining paragraphs | Comments

PS4 Neo: Sony confirms PlayStation event for September 7

Sony says PS4 updates will be part of event; we’ll probably see the 4K-capable Neo.

Sony's upcoming 4K-capable PlayStation 4 Neo console looks set for a September reveal. The company has began sending out invites to a "PlayStation" meeting taking place in The PlayStation Theatre, New York on September 7 at 3pm (8pm UK time). It has also confirmed that updates on the PS4 and the PlayStation business are part of the event.

The invite follows several reports that Sony would unveil Neo in September, with French gaming website Gameblog even nailing down the exact date earlier this week. While Sony's Andrew House confirmed the existence of the console to the Financial Times in June, it has yet to detail any of its specifications, or what sort of performance players can expect from its upgraded hardware.

That said, an earlier report from gaming website GiantBomb—which was corroborated by several other publications—detailed the specifications of the console, which included a boost in CPU clock speed, more and faster GPU cores, and increased memory bandwidth. All is said to be based on AMD's technology, which is used in the current PS4.

Read 3 remaining paragraphs | Comments

Marktdaten: 11 Millionen Deutsche schauen E-Sport

Knapp 3,5 Millionen Menschen in Deutschland haben sich offenbar schon selbst als Let’s-Player versucht, 11 Millionen haben mindestens einmal ein E-Sport-Turnier angeschaut: Kurz vor der Gamescom gibt es neue Daten zum Spielverhalten der Deutschen. (Ga…

Knapp 3,5 Millionen Menschen in Deutschland haben sich offenbar schon selbst als Let's-Player versucht, 11 Millionen haben mindestens einmal ein E-Sport-Turnier angeschaut: Kurz vor der Gamescom gibt es neue Daten zum Spielverhalten der Deutschen. (Gamescom 2016, Studie)

Oracle fights back against Google’s attempt to sanction a lawyer after trial

Oracle says it broke no rules reading a transcript “in the heat of an argument.”

(credit: Aurich Lawson)

A copyright dispute between Oracle and Google was resolved in May by a federal jury, which found that Google's Android operating system didn't infringe copyrighted code owned by Oracle. A post-trial skirmish over once-confidential Google information is heating up, though, with Google asking for sanctions against one of Oracle's lead attorneys.

Now, Google says (PDF) it should get additional fees because Oracle attorney Annette Hurst disclosed Android revenue and profit figures in open court. She also revealed that Google paid $1 billion to be the default search bar on Apple's iPhone. Those figures should have stayed confidential, say Google lawyers, but once a Bloomberg reporter got hold of a transcript of the hearing, they became headline news.

Yesterday, Oracle filed court papers (PDF) responding to the accusations. Oracle points out that Hurst's statements were made "in response to probing questions from Magistrate Judge Ryu," and were an "on-the-fly rebuttal of mischaracterizations made by Google's counsel." The statements didn't violate the protective order, Oracle argues, and they fall short of the legal requirements for contempt.

Read 6 remaining paragraphs | Comments

Judge blasts DOJ’s refusal to explain stingray use in attempted murder case

Turns out not 1, but 2 cell-site simulators were deployed to find Oakland suspect.

(credit: green kozi)

OAKLAND, Calif.—At a Monday hearing in federal court, US Magistrate Judge Donna Ryu had strong words for prosecutors in an attempted murder and gang case that has dragged on for nearly three years.

"It is stunning to me that at this point in the case, the government cannot tell me very clearly what search has been done and what exists or does not exist, relevant to a stingray," she said with exasperation.

As Ars reported over a year ago, the case of United States v. Ellis et al involves four men are charged the 2013 attempted murder of local police officer Eric Karsseboom. The men are also charged with running an alleged East Oakland gang centered around Seminary Avenue (known as "SemCity").

Read 37 remaining paragraphs | Comments

Samsung Pay: Mit kopierten Tokens einkaufen

Auf der Defcon hat ein Hacker verschiedene Angriffsszenarien gegen den Bezahldienst Samsung Pay vorgestellt, mit denen auf fremde Rechnung eingekauft werden kann. Samsung widerspricht einigen der Darstellungen, räumt aber Schwächen ein. (Defcon, Zahlungssysteme)

Auf der Defcon hat ein Hacker verschiedene Angriffsszenarien gegen den Bezahldienst Samsung Pay vorgestellt, mit denen auf fremde Rechnung eingekauft werden kann. Samsung widerspricht einigen der Darstellungen, räumt aber Schwächen ein. (Defcon, Zahlungssysteme)

The connected renter: How to make your apartment smarter

Turning your rented space into a smart home can be tricky; we have some advice.

(credit: Valentina Palladino)

Name a home appliance or product, and there's probably a smart version of it today. But for the renters among us, it can be tricky to navigate the aisles of smart light bulbs, thermostats, air conditioners, and vacuums to pick out devices that won't jeopardize your security deposit. When you don't own your home, there’s different set of rules dictating modifications, and some smart home products don't take that into account.

Luckily, these days an increasing number of smart home devices can cater to apartment dwellers that want to avoid ripping open walls and trussing up wires. And as an NYC-based Ars staffer, I had a particularly perfect rental laboratory to recently test and explore what kinds of smart home devices fit renters' needs.

Read 37 remaining paragraphs | Comments