Monthly Archives: November 2016

.

There FastComputer With Fussy but Fixable

FastComputer Linux is a disappointing experience that almost fails.

It is poorly designed, has little community support, and lacks its own home base and identity, all of which contribute to an identity crisis. Its home — on Sourceforge.com — lacks much in attractiveness, as does the distro.

The Linux OS offers developers and users choice among desktop options and OS standards. Linux’s greatest strength is its ability to provide customized distributions with a variety of features. Distros that offer users something new and more inviting are great finds. FastComputer is not one of them.

Linux distributions run the gamut — from very specialized and finely tuned to garden variety. Some are very innovative. Others are little more than look-alikes that offer no distinguishing features or benefits to set them apart from other options.

FastComputer Linux falls into the latter category. In its present iteration, this distro offers users an ordinary OS experience that leaves much to be desired. What should make it especially inviting is its ties to legendary Suse Linux developers. It falls far short of delivering, however.

Linux Heritage

FastComputer’s developer, Andrei Ionel, who is based in Romania, represents it as a perfect privacy and security product that comes fully configured out-of-the-box. It is based on openSuse Leap 42.1 64-bit x86. It is a relative newcomer to the Linux distro scene.

The latest version is 2.2.1, but that is not solely the developer’s choice. He apparently has been in a holding pattern for new builds until the Suse Studio staff solves the “Error retrieving status information” bug that is affecting all distros built on openSuse Leap.

As advertised, FastComputer offers four desktop environments: GNOME, GNOME Classic, IceWM and MATE. But only the GNOME desktop was provided in the download options.

Look and Feel

The GNOME desktop does not excite me on a well-oiled distro. GNOME can be rather plain Jane in its desktop integration — or it can be tweaked by the developer to include additional settings to provide more user features.

GNOME on FastComputer falls into the former category. It is rather plain and ordinary. Still, GNOME 3.0 and GNOME classic (which is a distant relative of the forked MATE) are popular, because they are more traditional and easy to use.

I would have been more pleased with an opportunity to try the IceWM and MATE desktops running on FastComputer. The ICEWM could be a problem solver for some of my memory-challenged computers that still thrive on the likes of Puppy Linux.

Spoiler Alert: I am still curious about revisiting FastComputer running a planned Cinnamon desktop version once the Network Manager issue is fixed (see below). So I have hope that some promise exists for a happier computing experience with FastComputer.

“A Cinnamon version is on the way,” FastComputer’s Ionel told LinuxInsider.

Critical Fault

Included are three Web browsers: Mozilla Firefox, Iron and QupZilla. Normally, I would be singing the praises of these three options, but FastComputer issued an error message on every bootup stating that the Network Manager needed to be running and to contact the software vendor. So I was not able to access the Internet.

At first, I thought the error was caused by the Broadcom wireless in my test laptop. That is often the cause when there is a glitch during testing of Linux distros.

When that happens, my usual workaround is to plug in the cable and go hard wire — but there was nothing for the hard-wired connection to grab without the Network Manager running.

The cause was a deep-down OS issue.

I had just about given up on doing any more testing of FastComputer Linux. Then I loaded it into a virtual machine. That was a Eureka moment! The connectivity issue went away.

My guess is FastComputer piggy-backed a connection from the host computer. I ran it from the same ISO file that I used to burn to the installation DVDs that produced the Network Manager error. At least Fast Computer remains viable with an Internet connection.

What You Get

The FastComputer ISO is packed with an impressive bundle of installed software. This is not a lightweight or stripped-down release.

FastComputer also comes with the antivirus package Comodo with a special Linux OS antispam component. That was a pleasant surprise. I like the GUIand operation of this package compared to ClamTK, my usual choice.

As a side note, Comodo is not available from the Synaptic Package Manger or any of the distro-based software repositories that I checked.

Another bit of hyped advertising is that FastComputer runs Windows programs courtesy of a WINE installation. WINE is not a distinguishing feature for a Linux distro, other than you do not often find WINE preinstalled.

FastComputer ships with Adobe Flash Player installed. Its default office suite is WPS Office (also known as “KingSoft Office”) instead of LibreOffice.

Ignoring the connectivity problem, the software that comes preinstalled on FastComputer Linux is substantial:

  • torrent client: Deluge;
  • two IM apps: Skype and Pidgin;
  • mail app: Claws Mail;
  • remote controlling app: TeamViewer;
  • three graphics apps: GIMP, Pinta Paint and Shotwell;
  • three sound and video apps: VLC, Clementine and Cheese;
  • Leafpad;
  • four terminals: Terminator, GNOME Terminal, MATE Terminal and XTerm;
  • Oracle Virtualbox; and
  • four games: Nibbles, Winemine, SuperTuxKart and SuperTux.

The GNOME Desktop

The GNOME 3 panel bar sits at the top of the screen. Its only purpose is to display a few notification icons.

An activity button in the upper-left corner of the screen does sort of what a menu or start button does in other desktops. It exposes a thumbnail view of the virtual workplaces along the right edge of the screen and the favorites bar along the left screen edge.

The favorites bar has the menu button at the bottom of the icon row. GNOME uses a full-screen icon display of installed software rather than a pop-up two-column title index.

Bottom Line

Let’s assume that the developer soon will issue an updated or fixed version so the Network Manager will work outside a Virtual Machine window. That will give FastComputerLinux a shot at being more useful to those who want a good out-of-the-box simple OS solution.

I am not sure that this distro’s name is an indication of speedy performance. I tested it on several machines looking for speed.

As expected, the live session DVD was very sluggish. It was much peppier on the VM. I was expecting a little bit better speed performance on my test gear with a hard drive installation.

Other than the apparent malfunction of the Network Manager, my biggest disappointment is the lack of more than one virtual desktop. Unlike other GNOME 3 integrations, FastComputer offers no way to add additional virtual desktops, the developer confirmed. So if you rely on this flexibility, look elsewhere.

.

Why Yahoo and the Year of Living Dangerously

If there is a lesson to be drawn from Internet search giant Yahoo’s hellish past year, it is a grimly illustrative one: Never assume a cybersecurity disaster can’t get worse.

Last September, the Internet portal disclosed that it had suffered the most damaging and far-reaching data breach in history — only to then announce in December the discovery of a second, earlier, and even larger hack.

Since the discovery, the sale of the company to Verizon has been put in jeopardy, as Yahoo — which recently announced its name would be changing to “Altaba” — began a probe into the hack that is expected to take several weeks. We may not know the full extent of these hacks’ effects for years; indeed, it took years for the breaches to even be discovered.

What is known is that these travails were a long time coming. The Yahoo hacks were not acts of God, falling from the sky and striking an unlucky victim; they were the direct result of the corporation’s continual neglect of information security as a vital priority for doing business.

Systemic Problem

The tragedy of Yahoo’s troubles is not merely that its systems were compromised; that is a risk even the most secure online servicers may face. Rather, it is Yahoo’s lack of attention to cybersecurity, such that it was unable to detect and respond to the breach, making a very bad situation into a nightmarish one.

In 2014, hackers gained access to Yahoo’s main user database, pilfering credentials and personal information from at least 500 million accounts in what was the biggest data breach in history.

Perplexingly, the theft went undiscovered until September 2016, when 200 million sets of user credentials appeared for sale on a darknet website. Yahoo’s failure to identify a breach of such gargantuan magnitude — one that it would somewhat ominously claim to be a “state-sponsored” act (an accusation rejected by researchers) — was a dark portent of things to come.

The hack reported last December seems to be worse — much worse. That hack, which is believed to have occurred in August 2013, resulted in at least 1 billion accounts suffering theft of personal information like names, phone numbers, and dates of birth. Perhaps even more damaging was the hackers’ theft of poorly encrypted Yahoo passwords, as well as unencrypted answers to security queries like “What is your mother’s maiden name?” or “What was your first car?” That information is meant to easily allow users to confirm their identities when resetting account details.

Some sensible security protocols and simple, low-cost encryption could have prevented this calamity. Adding insult to injury, the theft was not discovered until government investigators and private data analysts examining the first reported hack found evidence that a mysterious “third-party” had gained access to other Yahoo data.

Incredibly, these thefts — the largest and most damaging hacks in Internet history — were perhaps not even the lowlight of Yahoo’s year. That honor would belong to CEO Mayer’s decision, at the behest of a U.S. intelligence agency, to scan the content of all Yahoo users’ emails for specific phrases or attachments, a massive warrantless spy program so invasive that Yahoo’s security team, uninformed of the effort, initially thought it was a hack.

It is not enough that Yahoo’s security posture is moribund — not only unable to prevent successive blitzes against billions of its users, but even to detect their occurrence. Worse, in this instance, is the fact Yahoo is as fully complicit as any hacker in exposing its customers’ most sensitive personal communications: It did so without permission, simply at the demand of a government agency bearing no warrants or probable cause.

What, then, will be the fallout of Yahoo’s year of living dangerously? Given the enormous potential for secondary fraud on other sites using Yahoo account credentials, forcing password resets now, years after the crime, is both entirely necessary and woefully inadequate.

After years of criminals likely trading Yahoo user information on darknet marketplaces for cash, this attempt to rectify the situation is equivalent to changing the vault’s combination a couple of years after a safecracker robbed the bank. In an information technology environment where Internet users commonly recycle the same credentials across the dozens of sites they regularly use, password reuse attacks are a growing threat.

Such an attack against Yahoo users has precedent, and the results could be frightening. In 2012, the login credentials of as many as 167 million accountson business networking site LinkedIn were stolen by hackers, emerging again on darknet auction sites in May 2016.

The compromised information, which, as with Yahoo, included poorly encrypted passwords, is believed to have been responsible for numerous large-scale “password reuse” secondary attacks, including one major attackagainst cloud hosting platform Dropbox and 60 million of its accounts.

Given the potential for wreaking havoc, Yahoo’s inadequate and outdated password encryption could have severe consequences, affecting even sites that securely encrypt their customers’ passwords, through no fault of their own. This is the nightmare made possible through the theft of reused passwords: a concatenating wave of data breaches affecting website after website.

Beyond these technical threats, Yahoo’s lack of transparency in combating information theft has further endangered Internet users. It is becoming clear that under Mayer’s leadership, Yahoo downgraded the importance of instituting much-needed cybersecurity measures, fearing that it would alienate a fickle user base with annoying new security requirements. However, the end result will be far worse reputational damage.

A user experience that results in hackers compromising every one of your Web accounts, or stealing your identity, is far worse than the inconvenience of signing into an email account using two-factor identification.

This short-sightedness extended to Yahoo’s public relations reaction: While the company would ultimately estimate that a half billion accounts were affected in the 2014 hack, the true number may be as high as 3 billion; and while Yahoo may claim any affected accounts are being identified and reset, its inability to detect even larger breaches is more than enough reason to doubt the effort’s efficacy.

Fortunately, this debacle need not be entirely in vain, if some simple lessons can be absorbed. Had Yahoo made modest, sensible improvements in its security posture, the hackers might have been dissuaded from attempting such an ambitious heist, or at least been frustrated in their attempts to do so.

Cyber risk is an unavoidable aspect of Internet business today, and even in the worst-case scenario of a breach, reasonable precautions and rapid action can prevent extensive damage.

For example, when “drag-n’drop” website creator Weebly suffered a hackaffecting 43 million of its users, the company’s ready cooperation with observers who discovered the attack helped it to quickly issue password resets, while its strong password encryption further prevented customer sites from being accessed.

The latest breach revelation may derail Verizon’s planned $4.83 billion acquisition of the search giant, but that would hardly be the greatest cost of Yahoo’s incompetence.

As always, the people who will most suffer are the consumers to whom Yahoo owes its responsibility. They entrusted Yahoo with their personal information — a trust the former No. 1 search engine has inexcusably betrayed.

.

Samsung Explains Note7 Failure and Promises will Do Better

In addition, Samsung will conduct a multilayer safety measures protocol on all its devices. It will cover the overall design and materials, as well as device hardware strength. Further, it will ensure that software algorithms are in place for safer battery charging temperatures.

“Samsung is doing the right thing. It took its time, but eventually it got enough instances of failed batteries in the lab to figure out what the technical issue was,” said Roger Kay, principal analyst at Endpoint Technologies Associates.

“At the same time, Samsung has been relatively forthcoming about the results and taking responsibility,” he told TechNewsWorld.

“The first thing Samsung had to do was make it clear that it understood the core of the Note7 fire, and it had to ensure that it won’t happen again,” noted Ian Fogg, senior director for mobile and telecoms at IHS Markit.

“It had to make creditable assurances to customers, vendors and retailers that this wouldn’t happen with future models,” he told TechNewsWorld. “The announcement today addressed both of those issues.”

Passing the Buck?

Although Samsung addressed what it will do to help avoid future problems, the company did not take full blame for the issue.

“There is plenty of blame to go around here,” said Ramon Llamas, IDC’s research manager for wearables and mobile phones.

“When [Samsung] asks a supplier to ramp up production on batteries to meet demand, there is blame as well,” he told TechNewsWorld.

“The next test will be when they unveil a new flagship phone; they will have to showcase how innovative it is in terms of features, but also address the power in the way it charges and its reliability,” said IHS Markit’s Fogg.

“That will be part of the next announcement for any of its products, as the lithium ion batteries are used in so many products –from laptops to phones and even to cars,” he added.

Galaxy Delays

What is also likely to come out of Samsung’s new emphasis on battery safety is a delay of its next flagship handset, likely the Galaxy S8. It had been expected to make its debut at the upcoming Mobile World Congress in Barcelona, Spain, next month, but that now appears unlikely.

“If they don’t make MWC, that breaks from tradition — but we can expect that the phone is still coming,” said Llamas.

In fact, such a delay could be met positively, as “taken in this context, [it shows] that the company is making sure it does things right next time,” said Endpoint’s Kay.

“The public is both sophisticated about understanding that technical failures occur and ADD enough to forget the past pretty quickly — so if Samsung gets the next one right, all will be forgiven,” he said.

“It is a right step, but that’s all it is,” said Llamas. “Samsung will need to make multiple steps to regain consumer confidence. They’ve identified the problem, but now they need to ensure that this doesn’t happen again.”

.

Asus Tinker Board Now Joins Raspberry Pi

Just when you thought Raspberry Pi couldn’t be knocked from its market-leading perch, along comes Asus with a rival device that may give the Pi a run for its relatively little money.

Asus just launched its own low-cost computer, the Tinker Board, which is being sold in the UK and continental Europe for about US$57. Its features could interest open source enthusiasts in doing a little comparison shopping before deciding on a new device.

The Tinker Board features a quad-core 1.8GHz ARM Cortex A-17 CPU with ARM Mali-T764 graphics.

The device includes four USB 2.0 ports, a 3.5 mm audio jack connection, CSI port for camera connection, a DSI port for HD resolution, a micro SD port and contact ports for PWM and S/PDIF signals.

The Tinker Board supports the Debian OS with Kodi.

A power supply is not included.

Rival or Response

“The Asus Tinker Board is not so much competition as extension of the Raspberry Pi ecosystem, and deeper it shows an extensible ARM ecosystem as well,” said Paul Teich, principal analyst at Tirias Research.

The Tinker Board runs a faster processor and like the Pi 3 model, implements WiFi and bluetooth wireless connectivity, he noted.

“I don’t believe anyone in the Raspberry Pi ecosystem is writing or using 64-bit software, so the Pi model 3 upgrade to ARMv8 is a bit mystifying, other than the BCM2837 processor was cheap, fast and available now,” Teich told LinuxInsider.

“The Asus part is substantially more powerful and uses about 25 percent more power,” observed Rob Enderle, principal analyst at the Enderle Group.

The Asus system outputs 4K video, while Raspberry Pi uses HD, he noted.

“This means the Asus part will perform far better when the performance requirement is higher and the need to keep energy cost down is lower,” Enderle told LinuxInsider.

The embedded space has proven to be relatively lucrative and can be a jumping-off point for even bigger markets and technology partnerships, so it’s likely other manufacturers will enter this space as well, he suggested.

Power Play

The release comes about a week after the release of the Compute Model 3 from Raspberry Pi. That model is aimed squarely at expanding the range of the device to industrial uses and for the growing IoT audience.

The Compute Model 3’s standard model is priced at $30, and the Compute Model Lite is priced at $25. It has the same processor and RAM as the standard, but brings the SD card interface to the module pin, which allows users to connect it to an eMMc or SD card.

The original Raspberry Pi’s price was reduced to $25 when the Compute Model 3 launched.

There has been demand in certain industries for a low-cost open source computer that provides robust capabilities for manufacturing and technical demands.

“We don’t see much mainstream enterprise demand for this type of compute model,” said Jay Lyman, principal analyst at 451 Research, following the Compute Model 3’s release last week.

However, he told LinuxInsider, “we do think it is an attractive model for researchers and other HPC end users that are able to assemble and manage powerful compute capabilities for much less money and resources than is typically associated with supercomputing.”