Exploring the Future of Computing
Like many other countries, The Netherlands uses a chip card for paying and using public transport, and while there's been a number of issues regarding its security, privacy, and stability, it won't be going anywhere any time soon. Just today, the various companies announced a new initiative where Android users can use their smartphones instead of their chip cards to pay for and use public transport.
The new initiative, jointly developed by the various companies operating our public transport system and our carriers, is Android-only, because Apple "does not allow it to work, on a technical level", and even then, it's only available on two of our three major carriers for now.
This got me thinking about something we rarely talk about: the increasing reliance on external platforms for vital societal infrastructure. While this is a test for now, it's easy to see how the eventual phasing out of the chip cards - already labelled as "outdated" by the companies involved - will mean we have to rely on platforms beyond society's control for vital societal infrastructure. Chip cards for public transport or banks or whatever are a major expense, and there's a clear economic incentive to eliminate them and rely on e.g. smartphones instead.
As we increasingly outsource access to vital societal infrastructure to foreign, external corporations, we have to start asking ourselves what this actually means. Things like public transport, payments, taxes, and so on, are absolutely critical to the functioning of our society, and to me, it seems like a terrible idea to restrict access to them to platforms beyond our own control.
Can you imagine what happens if an update to an application required to access public transport gets denied by Apple? What if the tool for paying your taxes gets banned from the Play Store days before the tax deadline? What if a crucial payment application is removed from the App Store? Imagine the immense, irreparable damage this could do to a society in mere hours.
If these systems - for whatever reason - break down today, we can hold our politicians accountable, because they bear the responsibility for these systems. During the introduction of our current public transport chip card and its early growing pains, our parliament demanded swift action from the responsible minister (secretary in American parlance). Since the private companies responsible for the chip card system took part in a tender process with strict demands, guidelines, rules, and possible consequences for failure to deliver, said companies could and can be held accountable by the government. This covers the entire technological stack, from the cards themselves up to the control systems that run everything.
If we move to a world where applications for iOS and Android are the only way to access crucial government-provided services, this system of accountability breaks down, because while the application itself would be part of the tender process, meaning its creator would be accountable, the platforms it runs on would not - i.e., only a part of the stack is covered. In other words, if Google or Apple decides to reject an update or remove an application - they are not accountable for the consequences in the same way a party to a government tender would be. The system of accountability breaks down.
Of course, even today this system of accountability isn't perfect, but it is a vital path for recourse in case private companies fail to deliver. I'm sure not every one of you even agrees the above is a problem at all - especially Americans have a more positive view of corporate services compared to government services (not entirely unreasonable if you look at the state of US government services today). In countries like The Netherlands, though, despite our constant whining about every one of these services, they actually rank among the very best in the world.
I am genuinely worried about the increasing reliance on - especially - technology companies without them actually being part of the system of accountability. The fact that we might, one day, be required to rely on black boxes like iOS devices, Microsoft computers, or Google Play Services-enabled Android phones to access vital government services is a threat to our society and the functioning of our democracy. With access to things like public transport, money, and all that come with those, locked to closed-source platforms, we, the people, will have zero control over the pillars of our own societies.
What can we do to address this? I believe we need to take aggressive steps - at the EU-level - to demand full public access to the source code that underpins the platforms that are vital to the functioning of our society. We, the people, have the right to know how these systems work, what they do, and how secure they really are. As computers and phones become the only way to access and use crucial government services, they must be fully 100% open source.
We as The Netherlands are irrelevant and would never be able to make such demands stick, but the EU is one of the most powerful economic blocks in the world. If you want access to the wealthy 450 million customers in the European Union (figure excludes the UK), your software must be open source so that we can ensure the security and stability of our infrastructure. If you do not comply, you will be denied access to this huge economic block. Most of you will probably balk at this suggestion, but I truly believe it is the only way to guarantee the security and stability of vital government services we rely on every single day.
We should not rely on closed-source, foreign code for our government services. It's time the European Union starts thinking about how to address this threat. Read more on this exclusive OSNews article...
These, in my view, don't go far enough in stating the problem and I feel this needs to be said very clearly: Google's AMP is bad - bad in a potentially web-destroying way. Google AMP is bad news for how the web is built, it's bad news for publishers of credible online content, and it's bad news for consumers of that content. Google AMP is only good for one party: Google. Google, and possibly, purveyors of fake news.
I haven't encountered enough AMP pages in my browsing time to really form an informed opinion on it, but as a matter of principle, I'm against it. At the same time, however, all of us know that modern websites are really, really terrible. It's why so many of us use ad blockers (on top of privacy concerns, of course) - to make the modern web browsing experience bearable. In that sense, AMP serves a similar role.
Simply put: if everyone created news websites and blogs as fast and light as, say, OSNews, we wouldn't need AMP or ad blockers for speed purposes (you might still want an ad blocker for privacy reasons, of course).
On a related note, something funny happened regarding this specific article. Yesterday, John Gruber wrote:
But other than loading fast, AMP sucks. It implements its own scrolling behavior on iOS, which feels unnatural, and even worse, it breaks the decade-old system-wide iOS behavior of being able to tap the status bar to scroll to the top of any scrollable view.
Setting aside the sulphuric irony of a fervent Apple fan crusading for openness, it turns out that AMP is not implementing its own scrolling at all - the AMP team actually found a bug in Safari, reported it to Apple, and then Apple replied with stating they are switching the whole of Safari over to what Gruber perceived as AMP's own scrolling behaviour:
With respect to scrolling: We (AMP team) filed a bug with Apple about that (we didn't implement scrolling ourselves, just use a div with overflow). We asked to make the scroll inertia for that case the same as the normal scrolling.
Apple's response was (surprisingly) to make the default scrolling like the overflow scrolling. So, with the next Safari release all pages will scroll like AMP pages. Hope Gruber is happy then :)
Well, I thought this was entertaining.
ReactOS 0.4.5 has been released.
Thanks to the work of Katayama Hirofumi and Mark Jansen, ReactOS now better serves requests for fonts and font metrics, leading to an improved rendering of applications and a more pleasant user experience. Your continued donations have also funded a contract for Giannis Adamopoulos to fix every last quirk in our theming components. The merits of this work can be seen in ReactOS 0.4.5, which comes with a smoother themed user interface and the future promises to bring even more improvements. In another funded effort, HermÃ¨s BÃ©lusca-MaÃ¯to has got MS Office 2010 to run under ReactOS, another application from the list of most voted apps. Donâ€™t forget to install our custom Samba package from the Application Manager if you want to try it out for yourself.
Over the weekend, it was discovered that the Android Netflix application could no longer be installed on rooted Android devices - in fact, it vanished from the Play Store on rooted devices completely. Netflix then confirmed it started blocking rooted devices from installing the Netflix application.
Well, it turns out we'll only be going downhill from here, as Google explained at I/O that from now on, developers will be able to block their applications from being installed on rooted Android devices.
Developers will be able to choose from 3 states shown in the top image: not excluding devices based on SafetyNet, excluding those that don't pass integrity, or excluding the latter plus those that aren't certified by Google. That means any dev could potentially block their apps from showing and being directly installable in the Play Store on devices that are rooted and/or running a custom ROM, as well as on emulators and uncertified devices (think Meizu and its not-so-legal way of getting Play Services and the Play Store on its phones). This is exactly what many of you were afraid would happen after the Play Store app started surfacing a Device certification status.
This is bad news for the custom ROM community. If I can no longer install Netflix (and possibly more applications) on custom ROMs, there's no way I'll be using custom ROMs on my devices. For now, this is a Play function and we can still sideload the applications in question, but with Google Play Services installed on virtually every Android device, one has to wonder - and worry - how long it'll be before such checks happen on-device instead of in-Play.
During I/O, Google also announced Android Go, a version of the mobile operating system optimised for lower-end devices. From Google's announcement:
OS: We're optimizing Android O to run smoothly and efficiently on entry-level devices.
Apps: We're also designing Google apps to use less memory, storage space, and mobile data, including apps such as YouTube Go, Chrome, and Gboard.
Play: On entry-level devices, Play store will promote a better user experience by highlighting apps that are specifically designed for these devices -- such as apps that use less memory, storage space, and mobile data -- while still giving users access to the entire app catalog.
If a device has less than 1 GB of RAM, it will automatically use the Android Go version of Android. In addition, Google has set up a set of guidelines applications must adhere to in order to qualify for the special highlighting mentioned above.
The first question that popped into my mind was - why isn't every device getting this supposedly faster, and more lightweight version of Android? Will we be able to 'force' our devices to use Android Go, even if they don't officially qualify? The second question is - why would a developer go the lengths of creating additional versions of their application, instead of what they ought to do, which is slim down their existing application?
I'm a little late with all the stuff from Google I/O last night due to personal issues keeping me from my PC, so let's catch up. There's a ton of interesting stuff, but I think what OSNews readers will be interested in the most is the Android project officially adding support for Kotlin.
Today the Android team is excited to announce that we are officially adding support for the Kotlin programming language. Kotlin is a brilliantly designed, mature language that we believe will make Android development faster and more fun. It has already been adopted by several major developers - Expedia, Flipboard, Pinterest, Square, and others - for their production apps. Kotlin also plays well with the Java programming language; the effortless interoperation between the two languages has been a large part of Kotlin's appeal.
The Kotlin plug-in is now bundled with Android Studio 3.0 and is available for immediate download. Kotlin was developed by JetBrains, the same people who created IntelliJ, so it is not surprising that the IDE support for Kotlin is outstanding.
And the announcement from the Kotlin project itself:
For Android developers, Kotlin support is a chance to use a modern and powerful language, helping solve common headaches such as runtime exceptions and source code verbosity. Kotlin is easy to get started with and can be gradually introduced into existing projects, which means that your existing skills and technology investments are preserved.
As for user-facing features in Android O, it's definitely a more low-key affair than earlier releases, with most new features fitting neatly in the "huh, neat" category. With a massive low-level project like Treble underway, it makes sense for Android to not rock the boat too much with this year's release. There's Notification Dots, smarter text selection, completely redesigned emoji, and more. There's also Android Go,
but I'm saving that for a later item.
So for today's AMD Financial Analyst Day, AMD has released a little bit more information as part of the next step of their campaign. The first Vega product to be released has a name, it has a design, and it has performance figures. Critically, it even has a release date. I hesitate to call this a full announcement in the typical sense - AMD is still holding some information back until closer to the launch - but we now finally have a clear picture of where the Vega generation kicks off for AMD.
ArcaOS 5.0 has been released and it is available to be bought at the Arca Noae shop page. It is based on OS/2 Warp 4.52 binaries, and contains newer drivers for ACPI, USB, and networking, a new installer and several open source software projects such as Firefox, Qt, Libc, and OpenOffice.
The OS2World Community also posted a statement with important OS/2 community links and some remarks on the important role open source software has in the OS/2 community.
Troy Hunt hits some nails on their heads:
If you had any version of Windows since Vista running the default Windows Update, you would have had the critical Microsoft Security Bulletin known as "MS17-010" pushed down to your PC and automatically installed. Without doing a thing, when WannaCry came along almost 2 months later, the machine was protected because the exploit it targeted had already been patched. It's because of this essential protection provided by automatic updates that those advocating for disabling the process are being labelled the IT equivalents of anti-vaxxers and whilst I don't fully agree with real world analogies like this, you can certainly see where they're coming from. As with vaccinations, patches protect the host from nasty things that the vast majority of people simply don't understand.
Great article, which also goes into Windows Update itself for a bit.
Friday saw the largest global ransomware attack in internet history, and the world did not handle it well. We're only beginning to calculate the damage inflicted by the WannaCry program - in both dollars and lives lost from hospital downtime - but at the same time, we're also calculating blame.
There's a long list of parties responsible, including the criminals, the NSA, and the victims themselves - but the most controversial has been Microsoft itself. The attack exploited a Windows networking protocol to spread within networks, and while Microsoft released a patch nearly two months ago, itâ€™s become painfully clear that patch didnâ€™t reach all users. Microsoft was following the best practices for security and still left hundreds of thousands of computers vulnerable, with dire consequences. Was it good enough?
If you're still running Windows XP today and you do not pay for Microsoft's extended support, the blame for this whole thing rests solely on your shoulders - whether that be an individual still running a Windows XP production machine at home, the IT manager of a company cutting costs, or the Conservative British government purposefully underfunding the NHS with the end goal of having it collapse in on itself because they think the American healthcare model is something to aspire to.
You can pay Microsoft for support, upgrade to a secure version of Windows, or switch to a supported Linux distribution. If any one of those mean you have to fix, upgrade, or rewrite your internal software - well, deal with it, that's an investment you have to make that is part of running your business in a responsible, long-term manner. Let this attack be a lesson.
Nobody bats an eye at the idea of taking maintenance costs into account when you plan on buying a car. Tyres, oil, cleaning, scheduled check-ups, malfunctions - they're all accepted yearly expenses we all take into consideration when we visit the car dealer for either a new or a used car.
Computers are no different - they're not perfect magic boxes that never need any maintenance. Like cars, they must be cared for, maintained, upgraded, and fixed. Sometimes, such expenses are low - an oil change, new windscreen wiper rubbers. Sometimes, they are pretty expensive, such as a full tyre change and wheel alignment. And yes, after a number of years, it will be time to replace that car with a different one because the yearly maintenance costs are too high.
Computers are no different.
So no, Microsoft is not to blame for this attack. They patched this security issue two months ago, and had you been running Windows 7 (later versions were not affected) with automatic updates (as you damn well should) you would've been completely safe. Everyone else still on Windows XP without paying for extended support, or even worse, people who turn automatic updates off who was affected by this attack?
I shed no tears for you. It's your own fault. Read more on this exclusive OSNews article...
It's that time of the year again: Google unveiling some initiative or whatever with the aim of improving the horrible Android update mess. None of them really panned out, but I begrudgingly have to admit that the project they just unveiled - Project Treble - has some more meat to it than the vague promises and alliances they usually peddle.
The basic gist here is that Google is splitting Android in twain, so they end up with the Android OS Framework and the vendor implementation. The latter - the part that's the reason why so many Android phones don't get updated - can remain the same across operating system updates.
Today, with no formal vendor interface, a lot of code across Android needs to be updated when a device moves to a newer version of Android.
With a stable vendor interface providing access to the hardware-specific parts of Android, device makers can choose to deliver a new Android release to consumers by just updating the Android OS framework without any additional work required from the silicon manufacturers.
This seems like a good idea, but sadly, it won't be backported to older Android versions. Treble will be part of Android O later this year (it's already available in Pixel developer previews), but existing phones won't benefit from it at all. In other words, it'll be a few years before the full effect of this project can be measured.
As a sidenote - and you guys will have to help me out on this one, since I'm not knowledgeable enough to determine this - could this mean it'll be easier to replace the Linux-based vendor implementation with something else in the future? If so, that might be something Google is potentially perhaps maybe possibly interested in.
European companies such as Spotify, Rocket Internet and Deezer have complained that online platforms - such as search engines and app stores - abuse their position as gateways to customers to promote their own services or impose imbalanced terms and conditions.
The Commission said that initial findings of an investigation launched last year showed platforms were delisting products or services without due notice, restricting access to data or not making search result rankings transparent enough.
The Commission wants to establish fair practice criteria, measures to improve transparency and a system to help to resolve disputes.
Platforms like iOS and Android are now often the primary way through which people communicate and find information, making them de facto gatekeepers of the internet. Since the internet is now an integral and crucial part of our life - paying taxes, searching for jobs, buying/maintaining crucial insurance, etc. - we can't let access to it remain in the hands of companies with consumer-hostile interests such as Apple and Google. I'm glad the EU is looking into this.
As for Apple's and Google's complaints - cry me a river.
The KEYone got me out of CrackBerry retirement and using a BlackBerry Smartphone again (and loving it!). I have no shortage of phones at my disposal and can reach for an iPhone or Google Pixel or Samsung Galaxy whenever I want. Since picking up the KEYone, I've never felt that urge. What more can be said than that? With battery life that will last you all day and night (and well into the next day) and a smart physical keyboard that makes typing on buttons feel new school again, it's a communication-centric phone that power users will love.
The keyboard BlackBerry phones are the phones I wish were more popular, but really aren't. The Priv had QA and update issues (it's still on an old version of Android), and this one isn't exactly my personal cup of tea because I'd much rather have a slider (preferably a horizontal slider). Still, I hope these phones somehow manage to find a small, but perhaps profitable niche so they can keep throwing time and development at them.
Apple, Amazon, Facebook, Microsoft and Alphabet, the parent company of Google, are not just the largest technology companies in the world. As I've argued repeatedly in my column, they are also becoming the most powerful companies of any kind, essentially inescapable for any consumer or business that wants to participate in the modern world. But which of the Frightful Five is most unavoidable? I ponder the question in my column this week.
But what about you? If an evil monarch forced you to choose, in what order would you give up these inescapable giants of tech?
Such a simple list for me: Apple, Amazon, Facebook, Google, Microsoft. I don't use Apple products, and Amazon isn't a thing in The Netherlands so I don't use any of its products either. I do use Facebook to keep in touch with some people abroad, but that could easily be replaced by other tools. Dumping Google would mean replacing my Android phone with something else, which isn't a big deal, and while losing Google Search and Gmail would be a far bigger problem, those, too, can be overcome. YouTube is a very big deal to me - I use it every day - so I would have to learn to do without.
Surprising to some, perhaps, Microsoft would be hardest for me to ditch, because Microsoft Office is quite important to how I earn my living. OpenOffice or LibreOffice or whatever it's called is fine if the people around you also use it, but since my entire industry is 100% Office, I can't make such a switch. Windows, too, is important to me, because it's the desktop operating system I hate the least, and quite important to me gaming-wise.
This is definitely an interesting exercise!
Tuomas JÃ¤rvensivu and Harri Salokorpi:
The 30th anniversary of Amiga inspired me to dig into Amiga programming. Back in Amiga's golden era (late '80s and early '90s) I never had the chance to try this out since despite my relentless whining my parents wouldn't get me one. Luckily later when I was studying at the uni, I managed to bargain one fine Amiga 500 specimen from the flea market at an affordable price of 20 euros.
Although Amiga as such is not that useful a platform to know these days, learning how to write programs for it can be very educational. Amiga as an environment is much simpler than (for instance) modern PCs. This makes learning low-level programming on it faster than on more complex environments. Although the hardware architecture is quite simple, it has some computer system design features that are still in use in modern environments as well such as DMA and interrupts. On top of being plain fun, writing assembly on Amiga teaches programming concepts that are usually hidden by higher-level languages and modern operating systems.
I've written this blog post together with Harri Salokorpi. We'll walk you through an example that creates graphics on the display with a simple animation. We both hope this blog post provides a quick start to those who want to try out programming on this legendary device. However, we're mostly going to use an emulator as a development environment, so the real device is not mandatory.
Fascinating article for those of us who can actually program.