Daily Archives: September 25, 2018

A $1, Linux-Capable, Hand-Solderable Processor

Posted on by

Over on the EEVblog, someone noticed an interesting chip that’s been apparently flying under our radar for a while. This is an ARM processor capable of running Linux. It’s hand-solderable in a TQFP package, has a built-in Mali GPU, support for a touch panel, and has support for 512MB of DDR3. If you do it right, this will get you into the territory of a BeagleBone or a Raspberry Pi Zero, on a board that’s whatever form factor you can imagine. Here’s the best part: you can get this part for $1 USD in large-ish quantities. A cursory glance at the usual online retailers tells me you can get this part in quantity one for under $3. This is interesting, to say the least.

The chip in question, the Allwinner A13, is a 1GHz ARM Cortex-A8 processor. While it’s not much, it is a chip that can run Linux in a hand-solderable package. There is no HDMI support, you’ll need to add some more chips (that are probably in a BGA package), but, hey, it’s only a dollar.

If you’d like to prototype with this chip, the best options right now are a few boards from Olimex, and a System on Module from the same company. That SoM is an interesting bit of kit, allowing anyone to connect a power supply, load an SD card, and get this chip doing something.

Currently, there aren’t really any good solutions for a cheap Linux system you can build at home, with hand-solderable chips. Yes, you could put Linux on an ATMega, but that’s the worst PC ever. A better option is the Octavo OSD335x SoC, better known as ‘the BeagleBone on a Chip’. This is a BGA chip, but the layout isn’t too bad, and it can be assembled using a $12 toaster oven. The problem with this chip is the price; at quantity 1000, it’s a $25 chip. At quantity one, it’s a $40 chip. NXP’s i.MX6 chips have great software support, but they’re $30 chips, and you’ll need some DDR to make it do something useful, and that doesn’t even touch the fiddlyness of a 600-ball package

While the Allwinner A13 beats all the other options on price and solderability, it should be noted that like all of these random Linux-capable SoCs, the software is a mess. There is a reason those ‘Raspberry Pi killers’ haven’t yet killed the Raspberry Pi, and it’s because the Allwinner chips don’t have documentation and let’s repeat that for emphasis: the software is a mess.

Source: A $1, Linux-Capable, Hand-Solderable Processor | Hackaday

Hadoop and NoSQL backups timed by AI

Posted on by

Machine learning data management company Imanis Data has introduced an autonomous backup product powered by machine learning.

The firm said users can specify a desired RPO (Recovery Point Objective) and its SmartPolicies tech then set up the backup schedules. The tech is delivered as an upgrade to the Imanis Data Management Platform (IDMP) product.

SmartPolicies uses metrics including criticality and volume of data to be protected, primary cluster workloads, and daily or seasonal resource utilisation, to determine the most efficient way to achieve the desired RPO.

If it can’t be met because, for example, production systems are too busy, or computing resources are insufficient, then SmartPolicies provides recommendations to make the RPO executable.

Other items in the upgrade include any-point-in-time recovery for multiple NoSQL databases, better ransomware prevention and general data management improvements, such as job tag listing and a browsable catalog for simpler recovery.

[…]

Having backup software set up its own schedules based on input RPO values isn’t a new idea, but having it done with machine learning is. The checking of available resources is a darn good idea too and, when you think about it, absolutely necessary.

Otherwise “backup run failed” messages would start popping up all over the place – not good. We expect other backup suppliers to follow in Imanis’s wake and start sporting “machine learning-driven policy” messages quite quickly.

Source: When should I run backup, robot overlord? Autonomous Hadoop and NoSQL backup is now a thing • The Register

Google Chrome Is Now Quietly Forcing You to Log In—Here’s What to Do About It 

Posted on by

Once again, Google has rankled privacy-focused people with a product change that appears to limit users’ options. It’s easy to miss the fact that you’re automatically being logged-in to Chrome if you’re not paying attention.

Chrome 69 released to users on September 5, and you likely noticed that it has a different look. But if you’re the type of person who doesn’t like to log in to the browser with your Google account, you may have missed the fact that it happens automatically when you sign-in to a Google service like Gmail. Previously, users were allowed to keep those logins separate. Members of the message board Hacker News noticed the change relatively quickly and over the weekend, several developers called attention to it.

[…]

If you want to disable the forced login, a user on Hacker News points out a workaround that could change at any time. Copy and paste this text into your browser’s address bar: chrome://flags/#account-consistency. Then disable the option labeled, “Identity consistency between browser and cookie jar,” and restart your browser. Go to this link to ensure that your Sync settings are configured the way you like them. For now, you have a choice, but it shouldn’t be so difficult or obscure.

Source: Google Chrome Is Now Quietly Forcing You to Log In—Here’s What to Do About It 

Hey, Microsoft, stop installing third-party apps on clean Windows 10 installs!

Posted on by

Before Windows 10, a clean install of Windows only included the bare essentials a user would need to get started using their PC. That included software built by Microsoft, such as Mail, Paint, and its web browser, and it never included “bloatware” or “trialware” that one might find on hardware purchased from a third-party OEM that preloaded all kinds of crapware.

The clean install process was simple. With Windows 7, you’d do the install, and once you hit the desktop, that was it. All the programs that were preinstalled were Microsoft-made and were often considered essentials. This changed with Windows 8, with the addition of auto-updating apps such as Travel, News and more. Still, these were acceptable, preinstalled Windows apps and were not really classed as bloatware.

With Windows 10, a clean install stays that way for about two minutes, because the second you hit the desktop, the Microsoft Store immediately starts trying to download third-party apps and games. And these apps keep trying to install themselves even after you cancel the downloads.

Six too many

There are six such apps, which is six too many. These apps are often random, but right now they include things like Candy Crush, Spotify, and Disney Magic Kingdoms. You should not see any of these apps on a fresh install of Windows 10, yet they are there every single time.

There are policies you can set that disable these apps from automatically installing, but that’s not the point. On a fresh, untouched, clean install of Windows 10, these apps will download themselves onto your PC. Even if you cancel the installation of these apps before they manage to complete the download, they will retry at a later date, without you even noticing.

The only way I’ve found that gets rid of them permanently is to let them install initially, without canceling the download, and then uninstall the apps from the Start menu. If you cancel the initial download of the bloatware apps before they complete their first install, the Microsoft Store will just attempt to redownload them later and will keep doing so until that initial install is complete.

Source: Hey, Microsoft, stop installing third-party apps on clean Windows 10 installs! | Windows Central

Open-source alt-droid wants to know if it’s still leaking data to Google

Posted on by

/e/, a Google-free fork of Android, reached a milestone this month with its initial ROM release. It’s available for download, so you can kick the tires, with nightly builds delivered via OTA (over the air) updates.

El Reg interviewed the project’s leader, Gael Duval, in the summer. Duval launched and led the Linux Mandrake project. Back then it was called “eelo”, but has morphed into just /e/ – which autocorrect features won’t try to turn into “eels”.

The project is significant in that the European Commission recently noted how few people switch platforms. If you’re on Apple or Android today, the chances are you will be on the same platform, plugged into the same “ecosystem” of peripherals and services, in 10 years. So it wants more variety and competition within the Android world.

/e/ derives from LineageOS, itself a fork of CynaogenMod, so it can run on around 30 phone models including the Samsung Galaxy S7, and several recent-ish OnePlus devices.

Source: Open-source alt-droid wants to know if it’s still leaking data to Google • The Register

Zoho – GSuite competitor – pulled offline after phishing complaints by DNS registrar, millions of people couldn’t work. Love the cloud!

Posted on by

Zoho .com was pulled offline on Monday after the company’s domain registrar received phishing complaints, the company’s chief executive said.

The web-based office suite company, which also provides customer relationship and invoicing services to small businesses, tweeted that the site was “blocked” earlier in the day by TierraNet, which administers its domain name.

In an email to TechCrunch, Zoho boss Sridhar Vembu said that TierraNet “took our domain down without any notice to us” after receiving complaints about phishing emails from Zoho-hosted email accounts.

In doing so, thousands of businesses that rely on Zoho for their operations couldn’t access their email, documents and files, and other business-critical software during the day. Zoho counts Columbia University, Netflix, Citrix, Air Canada and the Los Angeles Times as customers.

“They kept pointing us back to their legal, even when I tried to call their senior management,” said Vembu in the email.

Source: Zoho pulled offline after phishing complaints, CEO says | TechCrunch

Cisco Video Surveillance Manager Appliance Default Root Password Vulnerability (again)

Posted on by

A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials.

The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Source: Cisco Video Surveillance Manager Appliance Default Password Vulnerability

Incredible that this is still a thing, especially at Cisco, where it’s happened before.

2D spray on transparent wireless antennae created

Posted on by

Metals are widely used for antennas; however, their bulkiness limits the fabrication of thin, lightweight, and flexible antennas. Recently, nanomaterials such as graphene, carbon nanotubes, and conductive polymers came into play. However, poor conductivity limits their use. We show RF devices for wireless communication based on metallic two-dimensional (2D) titanium carbide (MXene) prepared by a single-step spray coating. We fabricated a ~100-nm-thick translucent MXene antenna with a reflection coefficient of less than −10 dB. By increasing the antenna thickness to 8 μm, we achieved a reflection coefficient of −65 dB. We also fabricated a 1-μm-thick MXene RF identification device tag reaching a reading distance of 8 m at 860 MHz. Our finding shows that 2D titanium carbide MXene operates below the skin depth of copper or other metals as well as offers an opportunity to produce transparent antennas.

Source: 2D titanium carbide (MXene) for wireless communication | Science Advances

Windows handwriting recognition on? Then all your typing is stored in plain text on your PC.

Posted on by

If you’re one of the people who own a stylus or touchscreen-capable Windows PC, then there’s a high chance there’s a file on your computer that has slowly collected sensitive data for the past months or even years.

This file is named WaitList.dat, and according to Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs, this file is only found on touchscreen-capable Windows PCs where the user has enabled the handwriting recognition feature [1, 2] that automatically translates stylus/touchscreen scribbles into formatted text.

Source: This Windows file may be secretly hoarding your passwords and emails | ZDNet