Category Archives: Uncategorized

Google defends its use of Wi-Fi 5 in Nest Wifi

A Google Wifi Router sits next to a Google Wifi Point in this product shot from the Made by Google 2019 event.

Enlarge / A Google Wifi Router sits next to a Google Wifi Point in this product shot from the Made by Google 2019 event. (credit: Google (video still))

Google’s new Nest Wifi is notable largely for two things—having a built-in smart speaker and digital assistant in every node and not using the newest Wi-Fi technology at all.

We still don’t know exactly what chipsets are used in the replacement for Google Wifi; Google’s not telling, and the company has submitted confidentiality letters to the FCC that kept it from needing to release photographs of the devices’ boards for now, as well. All we know for sure is that the Nest Wifi Points are AC1200 (like the original Google Wifi) and the Nest Wifi Router is AC2200. Consumer AC speed ratings are largely bogus, but this should translate into one 2.4GHz 2×2 radio and one 5GHz 2×2 radio on the Points as well as one 2.4GHz 2×2 radio with two 5GHz 2×2 radios on the Nest Router.

We also know that Google decided to go with Wi-Fi 5 in the new kit rather than Wi-Fi 6. Google wasn’t the first to make that call—Amazon’s new Eero models also continue to use Wi-Fi 5 chipsets—but Google’s rationale for the use of the older technology raised eyebrows at Ars Orbiting Headquarters. When VentureBeat asked Nest Wifi Product Manager Chris Chan to explain the lack of Wi-Fi 6, he pointed to both cost and performance. He said, “You do see a lot of routers with Wi-Fi 6 built in, but it charges quite a bit of a premium in order to get that, and in fact, you need to have Wi-Fi 6-compatible other devices in order for it to be a faster experience.”

Read 3 remaining paragraphs | Comments

In flip-flop, Apple bans app used by Hong Kong protestors

Hong Kong protestors beneath umbrellas.

Enlarge / Hong Kong protestors in August 2019. (credit: Lewis Tse Pui Lung)

Apple has yanked an app called HKmap.live from its app store just days after approving it. The app used crowdsourcing to track the location of protestors and police officers in real time. The app’s anonymous author says it’s intended to help people in Hong Kong stay safe by avoiding potentially dangerous areas.

Apple’s latest move came after China’s official state-run newspaper, the People’s Daily, criticized the app for aiding anti-government protestors—labeled “rioters” by the government—and endangering public safety.

Apple first rejected the app in early October, arguing that it “allowed users to evade law enforcement.” Critics pointed out that Apple has approved other apps with similar functionality, including the speed-trap warnings on Waze.

Read 11 remaining paragraphs | Comments

Apple says it will make the new Mac Pro in Texas

Two men in business casual examine a device that looks like a cheese grater.

Enlarge / Apple CEO Tim Cook and chief design officer Jony Ive look at the new Mac Pro on June 03, 2019. (credit: Justin Sullivan/Getty Images)

Apple will continue manufacturing the Mac Pro in Austin, Texas, the company announced on Monday. Media reports had suggested that the new Mac Pro, which was announced in June, might be manufactured in China. The Mac Pro has been assembled in Austin since 2013, while most other Apple products are made in China.

Apple credited the federal government with helping make the announcement possible. “The US manufacturing of Mac Pro is made possible following a federal product exclusion Apple is receiving for certain necessary components,” Apple said in its announcement.

Apple doesn’t say so specifically, but other news outlets are reporting that this refers to Apple getting a break on tariffs on Chinese-made components. In recent months, the Trump administration has been slapping hefty across-the-board tariffs on Chinese-made goods as part of President Trump’s ongoing trade war with China.

Read 4 remaining paragraphs | Comments

Conservation of energy used to parallelize quantum key distribution

A large number of keys against a light-colored wooden background.

Enlarge (credit: Taki Steve / Flickr)

It has been a while since I wrote about quantum key distribution. Once a technology is commercially available, my interest starts to fade. But commercial availability in this case hasn’t meant widespread use. Quantum key distribution has ended up a niche market because creating shared keys with it for more than one connection using a single device is so difficult.

That may all change now with a very inventive solution that makes use of all the best things: lasers, nonlinear optics, and conservation of energy.

Quantum key distribution in less than 500 words

The goal of quantum key distribution is to generate a random number that is securely shared between two people, always termed Alice and Bob. The shared random number is then used to seed classical encryption algorithms.

Read 14 remaining paragraphs | Comments

Microsoft adds Dark Mode support and more to Office 365 for Mac

Nate Anderson

Microsoft has released version 16.20.18120801 of Office 365 for the Mac platform, bringing support for a couple of key Mac features introduced in September’s macOS 10.14 Mojave release, as well as a number of small features and user experience improvements not related to Mojave.

The headline feature is, of course, dark mode support, which requires Mojave to work. Word, Excel, PowerPoint, and Outlook all support Mojave’s dark theme. Also related to Mojave, you can now use Apple’s Continuity Camera feature to insert a photo directly from your iPhone’s photos to a slide in PowerPoint.

Read 6 remaining paragraphs | Comments

Testing the first commercial VPN provider to offer WireGuard connectivity

We don't recommend specific VPN solutions, but we sure like analyzing them.

Enlarge / We don’t recommend specific VPN solutions, but we sure like analyzing them. (credit: Pixabay)

Following our earlier WireGuard coverage, commercial VPN provider IVPN‘s chief marketing officer reached out to me to let me know his company was adding WireGuard support to its offering and asked if I’d be interested in covering the launch. Honestly, I planned to brush him off—there are a million VPN providers out there, and at least 999,000 of them are pretty shady—so I answered with a quick, dirty trick question: what are you doing on the Windows side?

Viktor surprised me with a picture-perfect answer that ruined my plans to get rid of him fast:

The official Ars stance on VPN recommendations is that we can’t recommend anyone whose policies we can’t independently verify and whose log retention we can’t audit ourselves. This sounds like a cop-out from having to make a recommendation, but this is a service that readers will likely be putting a significant amount of trust in, and it would be irresponsible to give a recommendation that important without being able to provide assurances.

Read 25 remaining paragraphs | Comments

Google adds always-on VPN to its Project Fi cellular service

Google adds always-on VPN to its Project Fi cellular service

Enlarge

Today, Google announced a new feature for its Project Fi cellular service: an always-on VPN. Project Fi’s VPN previously was used to encrypt traffic while connecting to a network of free public Wi-Fi hotspots, but now Google will enable the VPN for all your traffic, be it over the LTE service or a Wi-Fi connection.

For now, the always-on VPN will need to be turned on in the Project Fi settings, where the feature is called “Enhanced Network” and labeled a “beta.”

“When you enable our enhanced network, all of your mobile and Wi-Fi traffic will be encrypted and securely sent through our virtual private network (VPN) on every network you connect to, so you’ll have the peace of mind of knowing that others can’t see your online activity,” Google’s blog post says. “That includes Google—our VPN is designed so that your traffic isn’t tied to your Google account or phone number.”

Read 3 remaining paragraphs | Comments

Mail bombing suspect repeatedly threatened Democrats on Twitter

The images accompanying a tweet authorities believe was sent by the recently alleged package bomber, Cesar Altieri Sayoc.

Enlarge / The images accompanying a tweet authorities believe was sent by the recently alleged package bomber, Cesar Altieri Sayoc. (credit: Twitter)

Cesar Altieri Sayoc, the suspect in the nationwide bombing campaign against critics of President Trump, regularly took to Twitter to make thinly veiled death threats against other users and peppered some of the targets with abuse, according to a quick review of an account authorities believe belongs to Sayoc. Twitter initially allowed the posts to remain despite its stated policy barring threats.

Former Vice President Joe Biden, actor Jim Carrey, director and former actor Ron Howard, and the TMZ celebrity news service all received tweets from someone using the handle @hardrock2016 that made thinly veiled threats against their lives. Rochelle Ritchie, a political commentator who tweets under the @RochelleRitchie handle, received a similar tweet warning her that “We have nice silent air boat ride for u here on Everglades swamp. We will see you 4 sure. Hug your loved ones real close every time you leave home.” Similar to the tweets sent to others, the message directed at Ritchie included an image of her and accompanying images of the tarot card for death and TV news coverage purporting to report on a body being recovered from the Everglades.

Five hours, later, Ritchie tweeted that Twitter asked her to disregard the earlier refusal. “We’ve investigated and suspended the account you reported as it was found to be participating in abusive behavior,” company representatives wrote.

Read 7 remaining paragraphs | Comments

GitHub is now officially a part of Microsoft

GitHub is now officially a part of Microsoft

Enlarge

satyan@redmond:~/src$ git checkout -b microsoft-acquisitions
Switched to a new branch 'microsoft-acquisitions' satyan@redmond:~/src$ git add github satyan@redmond:~/src$ git commit -m "Microsoft announced in June that it
> was buying the Git repository and collaboration platform GitHub for > $7.5 billion in stock. That acquisition has received all the necessary > regulatory approvals, and has now completed. Nat Friedman, formerly of
> Xamarin, will take the role as GitHub CEO on Monday.
>
> The news of the acquisition sent ripples around the open source world,
> as GitHub has become the home for a significant number of open source
> projects. We argued at the time that the sale was likely one of
> necessity, and that of all the possible suitors, Microsoft was the best
> one, due to common goals and shared interests. Friedman at the time
> sought to reassure concerned open source developers that the intent was
> to make GitHub even better at being GitHub, and that he would work to
> earn the trust of the GitHub community. Those views were reiterated
> today.
>
> Since then, Microsoft has joined the Open Invention Network, a patent
> cross-licensing group that promises royalty free licenses for any patents
> that apply to the Linux kernel or other essential open source packages.
> This was a bold move that largely precludes Redmond from asserting its
> patents against Android, and should mean that the company will no longer
> receive royalties from smartphone manufacturers.
>
> Sources close to the matter tell us that Microsoft's decision to join
> OIN was driven in no small part by the GitHub acquisition. GitHub is
> already a member of OIN, which left Microsoft with only a few options:
> withdraw GitHub from OIN, a move that would inevitably upset the open
> source world; acquire GitHub as some kind of arm's length subsidiary
> such that GitHub's OIN obligations could not possibly apply to
> Microsoft; or join OIN too, as the most straightforward approach that
> also bolstered the company's open source reputation. Microsoft took
> the third option."
[microsoft-acquisitions baadf00d] Microsoft announced...
1 file changed, billions of insertions(+), 0 deletions(-) satyan@redmond:~/src$ git checkout microsoft-corp
Switched to branch 'microsoft-corp' satyan@redmond:~/src$ git merge microsoft-acquisitions
Updating cafef00d..baadf00d
Fast-forward billions-of-files | billions ++++++++++++ satyan@redmond:~/src$ git branch -d microsoft-acquisitions

Read on Ars Technica | Comments

Bug in libssh could make it amazingly easy for hackers to gain root access

Bug in libssh could make it amazingly easy for hackers to gain root access

Enlarge (credit: starwars.com)

There’s a four-year-old bug in the Secure Shell implementation known as libssh that makes it trivial for just about anyone to gain unfettered administrative control of a vulnerable server. While the authentication-bypass flaw represents a major security hole that should be patched immediately, it wasn’t immediately clear what sites or devices were vulnerable since neither the widely used OpenSSH nor Github’s implementation of libssh was affected.

The vulnerability, which was introduced in libssh version 0.6 released in 2014 makes it possible to log in by presenting a server with a SSH2_MSG_USERAUTH_SUCCESS message rather than the SSH2_MSG_USERAUTH_REQUEST message the server was expecting, according to an advisory published Tuesday. Exploits are the hacking equivalent of a Jedi mind trick, in which an adversary uses the Force to influence or confuse weaker-minded opponents. The last time the world saw an authentication-bypass bug with such serious consequences and requiring so little effort was 11 months ago, when Apple’s macOS let people log in as admin without entering a password.

The effects of malicious exploits, assuming there were any during the four-plus years the bug was active, are hard to fathom. In a worst case scenario, attackers would be able to use exploits to gain complete control over vulnerable servers. The attackers could then steal encryption keys and user data, install rootkits and erase logs that recorded the unauthorized access. Anyone who has used a vulnerable version of libssh in server mode should consider conducting a thorough audit of their network immediately after updating.

Read 8 remaining paragraphs | Comments