Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
OS X

A FreeBSD "Spork" With Touches of NeXT and OS X: NeXTBSD 115

There are a lot of open source operating systems out there; being open source, they lend themselves to forks, clones or near clones, and friendly offshoots. There are even services to let you customize, download, and (if you choose) bulk-install your own OS based on common components. Phoronix notes a new project called NeXTBSD that might turn more heads than most new open source OSes, in part because of the developers behind it, and in part because of the positive thoughts many people have toward the aesthetics of NeXTSTEP and Mac OS X. (And while it might be a fork of FreeBSD, the developers would rather call it a spork, instead.) NeXTBSD was announced last week by Jordan Hubbard and Kip Macy at the Bay Area FreeBSD Users Group (BAFUG). NeXTBSD / FreeBSD X is based on the FreeBSD-CURRENT kernel while adding in Mach IPC, Libdispatch, notifyd, asld, launchd, and other components derived from Apple's open-source code for OS X. The basic launchd/notifyd/asld/libdispatch stack atop their "fork" of FreeBSD is working along with other basic components of their new design. You can watch a recording of the announcement as well as a longer introduction linked from Phoronix's story.
OS X

OS X Bug Exploited To Infect Macs Without Need For Password 127

An anonymous reader writes: A new flaw has been discovered in the latest version of OS X which allows hackers to install malware and adware onto a Mac without the need for any system passwords, researchers say. The serious zero-day vulnerability was first identified last week and results from a modified error-logging feature in OS X Yosemite which hackers are able to exploit to create files with root privileges. The flaw is currently found in the 'fully patched' OS X 10.10.4, but is not in the newest 10.11 El Capitan beta – suggesting that Apple developers were aware of the issue and are testing a fix.
OS X

A Tweet-Sized Exploit Can Get Root On OS X 10.10 130

vivaoporto writes: The Register reports a root-level privilege-escalation exploit that allows one to gain administrator-level privileges on an OS X Yosemite Mac using code so small that fits in a tweet. The security bug, documented by iOS and OS X guru Stefan Esserwhich, can be exploited by malware and attackers to gain total control of the computer. This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5 but is already fixed in the preview beta of El Capitan (OS X 10.11) Speaking of exploits: Reader trailrunner 7 notes that "HP’s Zero Day Initiative has released four new zero days in Internet Explorer that can lead to remote code execution."
IOS

Apple Drops Recovery Key From Two-Factor Authentication In New OS Versions 64

eggboard writes: If you've ever turned on what's now called "two-step verification" for an Apple ID, you had to create a Recovery Key. Lose this 14-digit code and have your password reset (because of hacking attempts against you), and you might lose access forever to purchases and data, as Owen Williams almost did. Apple confirmed today that starting with its public betas of OS X 10.11 and iOS 9, two-factor authentication won't have a Recovery Key. Instead, if you have to reset a password or lose access to devices, you'll have to go through an account verification process with human beings.
Security

Researchers Find Major Keychain Vulnerability in iOS and OS X 78

An anonymous reader notes a report from El Reg on a major cross-app resource vulnerability in iOS and Mac OS X. Researchers say it's possible to break app sandboxes, bypass App Store security checks, and crack the Apple keychain. The researchers wrote, "specifically, we found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by [malware] to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote. Further, the design of the App sandbox on OS X was found to be vulnerable, exposing an app’s private directory to the sandboxed malware that hijacks its Apple Bundle ID. As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed. Fundamentally, these problems are caused by the lack of app-to-app and app-to-OS authentications." Their full academic paper (PDF) is available online, as are a series of video demos. They withheld publication for six months at Apple's request, but haven't heard anything further about a fix.
IOS

WWDC 2015 Roundup 415

Here's an overview of the main announcements and new products unveiled at WWDC today.
  • The latest OS X will be named OS X El Capitan. Features include: Natural language searches and auto-arrange windows. You can make the cursor bigger by shaking the mouse and pin sites in Safari now. 1.4x faster than Yosemite. Available to developers today, public beta in July, out for free in the fall.
  • Metal, the graphics API is coming to Mac. "Metal combines the compute power of OpenCL and the graphics power of OpenGL in a high-performance API that does both." Up to 40% greater rendering efficiency.
  • iOS 9: New Siri UI. There’s an API for search. Siri and Spotlight are getting more integrated. Siri getting better at prediction with a far lower word error rate. You can make checklists, draw and sketch inside of Notes. Maps gets some love. New app called News "We think this offers the best mobile reading experience ever." Like Flipboard it pulls in news articles from your favorite sites. HomeKit now supports window shades, motion sensors, security systems, and remote access via iCloud. Public Beta for iOS 9.
  • Apple Pay: All four major credit card companies and over 1 million locations supporting Apple Pay as of next month. Apple Pay reader developed by Square, for peer-to-peer transactions. Apple Pay coming to the UK next month support in 250,000 locations including the London transportation system. Passbook is being renamed "Wallet."
  • iPad: Shortcuts for app-switching, split-screen multitasking and QuickType. Put two fingers down on the keyboard and it becomes a trackpad. Side by side apps. Picture in picture available on iPad Air and up, Mini 2 and up.
  • CarPlay: Now works wirelessly and supports apps by the automaker.
  • Swift 2,the latest version of Apple’s programing language . Swift will be open source.
  • The App Store: Over 100 billion app downloads, and $30 billion paid to developers.
  • Apple Watch: watchOS 2 with new watch faces. Developers can build their own "complications" (widgets with a terrible name that show updates and gauges on the watch face). A new feature called Time Travel lets you rotate the digital crown to zoom into the future and see what’s coming up. More new features: reply to email, bedside alarm clock, send scribbled messages in multiple colors. You can now play video on the watch. Developer beta of watchOS 2 available today, wide release in the fall for free.
  • Apple Music: “The next chapter in music. It will change the way you experience music forever,” says Cook. Live DJs broadcasting and hosting live radio streams you can listen to in 150 countries. Handpicked suggestions. 24/7 live global radio. Beats Connect lets unsigned artists connect with fans. Beats Music has all of iTunes’ music, to buy or stream. With curated recommendations. Launching June 30th in 100 countries with Android this fall, with Windows and Android versions. First three months free, $9.99 a month or $14.99 a month for family plan for up to six.
Windows

How Windows 10 Performs On a 12-inch MacBook 241

An anonymous reader writes: As Microsoft prepares for the launch of Windows 10, review sites have been performing all sorts of benchmarks on the tech preview to evaluate how well the operating system will run. But now a computer science student named Alex King has made the most logical performance evaluation of all: testing Windows 10's performance on a 2015 MacBook. He says, "Here's the real kicker: it's fast. It's smooth. It renders at 60FPS unless you have a lot going on. It's unequivocally better than performance on OS X, further leading me to believe that Apple really needs to overhaul how animations are done. Even when I turn Transparency off in OS X, Mission Control isn't completely smooth. Here, even after some Aero Glass transparency has been added in, everything is smooth. It's remarkable, and it makes me believe in the 12-inch MacBook more than ever before. So maybe it's ironic that in some regards, the new MacBook runs Windows 10 (a prerelease version, at that) better than it runs OS X."
Microsoft

Microsoft Releases Visual Studio Code Preview For Linux, OS X, and Windows 72

ClockEndGooner writes: Microsoft is still extending its efforts into cross platform development with the release of a preview edition of Visual Studio Code, "a lightweight cross-platform code editor for writing modern web and cloud applications that will run on OS X, Linux and Windows." Derived from its Monaco editor for Visual Studio Online, the initial release includes rich code assistance and navigation for JavaScript, TypeScript, Node.js, ASP.NET 5, C# and many others.
Security

Researcher Discloses Methods For Bypassing All OS X Security Protections 130

Trailrunner7 writes: For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple to bypass and gaining persistence on a Mac as an attacker isn't much of a challenge at all. Gatekeeper is one of the key technologies that Apple uses to prevent malware from running on OS X machines. It gives users the ability to restrict which applications can run on their machines by choosing to only allow apps from the Mac App Store. With that setting in play, only signed, legitimate apps should be able to run on the machine. But Patrick Wardle, director of research at Synack, said that getting around that restriction is trivial. "Gatekeeper doesn't verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper," Wardle said in a talk at the RSA Conference here Thursday. "It only verifies the app bundle. If Macs were totally secure, I wouldn't be here talking," Wardle said. "It's trivial for any attacker to bypass the security tools on Macs."
Security

Apple Leaves Chinese CNNIC Root In OS X and iOS Trusted Stores 100

Trailrunner7 writes When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether. Apple on Wednesday released major security upgrades for both of its operating systems, and the root certificate for CNNIC, the Chinese CA at the heart of the controversy, remains in the trusted stores for iOS and OS X. The company has not made any public statements on the incident or the continued inclusion of CNNIC's certificates in the trusted stores.
OS X

For Boot Camp Users, New Macs Require Windows 8 Or Newer 209

For anyone using Windows 7 by way of Apple's Boot Camp utility, beware: support for Windows via Boot Camp remains, but for the newest Apple laptops, it's only for Windows 8 for now. From Slashgear: This applies to the 2015 MacBook Air, and the 13-inch model of the 2015 MacBook Pro. Windows 8 will remain compatible, as will the forthcoming Windows 10. The 2013 Mac Pro also dropped Boot Camp support for Windows 7, while 2014 iMacs are still compatible, along with 2014 MacBook Airs and 2014 MacBook Pros. For those who still prefer to run Windows 7 on their Macs, there are other options. This change to Boot Camp will not affect using the Microsoft operating system through virtualization software, such as Parallels and VMware Fusion. Also at PC Mag.
Bug

OS X Users: 13 Characters of Assyrian Can Crash Your Chrome Tab 119

abhishekmdb writes No browsers are safe, as proved yesterday at Pwn2Own, but crashing one of them with just one line of special code is slightly different. A developer has discovered a hack in Google Chrome which can crash the Chrome tab on a Mac PC. The code is a 13-character special string which appears to be written in Assyrian script. Matt C has reported the bug to Google, who have marked the report as duplicate. This means that Google are aware of the problem and are reportedly working on it.
Programming

JavaScript, PHP Top Most Popular Languages, With Apple's Swift Rising Fast 192

Nerval's Lobster writes Developers assume that Swift, Apple's newish programming language for iOS and Mac OS X apps, will become extremely popular over the next few years. According to new data from RedMonk, a tech-industry analyst firm, Swift could reach that apex of popularity sooner rather than later. While the usual stalwarts—including JavaScript, Java, PHP, Python, C#, C++, and Ruby—top RedMonk's list of the most-used languages, Swift has, well, swiftly ascended 46 spots in the six months since the firm's last update, from 68th to 22nd. RedMonk pulls data from GitHub and Stack Overflow to create its rankings, due to those sites' respective sizes and the public nature of their data. While its top-ranked languages don't trade positions much between reports, there's a fair amount of churn at the lower end of the rankings. Among those "smaller" languages, R has enjoyed stable popularity over the past six months, Rust and Julia continue to climb, and Go has exploded upwards—although CoffeeScript, often cited as a language to watch, has seen its support crumble a bit.
Networking

Wi-Fi Issues Continue For OS X Users Despite Updates 120

itwbennett writes: Although Apple has never officially acknowledged issues surrounding Yosemite and Wi-Fi connectivity, the company is clearly aware of the problem: Leading off the improvements offered in the update 10.10.2 update released Tuesday was 'resolves an issue that might cause Wi-Fi to disconnect,' according to the release notes. Despite this, Apple's support forum was filled with tales of frustrated users. And Mac owners aren't the only Apple users experiencing wireless connection failures after updating their OS. Wi-Fi connectivity issues have also dogged iOS 8 since Apple released the mobile OS on Sept. 17.
OS X

Why Run Linux On Macs? 592

jones_supa writes Apple has always had attractive and stylish hardware, but there are always some customers opting to run Linux instead of OS X on their Macs. But why? One might think that a polished commercial desktop offering designed for that specific lineup of computers might have less rough edges than a free open source one. Actually there's plenty of motivations to choose otherwise. A redditor asked about this trend and got some very interesting answers. What are your reasons?
Security

First OSX Bootkit Revealed 135

Trailrunner7 writes A vulnerability at the heart of Apple's Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac. The research is the work of a reverse engineering hobbyist and security researcher named Trammel Hudson, who gave a talk at the recent 31C3 event in Hamburg, Germany, during which he described an attack he called Thunderstrike. Thunderstrike is a Mac OS X bootkit delivered either through direct access to the Apple hardware (at the manufacturer or in transport), or via a Thunderbolt-connected peripheral device; the latter attack vector exposes vulnerable systems to Evil Maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings, for example.

Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.
OS X

Apple Pushes First Automated OS X Security Update 115

PC Magazine reports (as does Ars Technica) that Apple this week has pushed its first automated security update, to address critical flaws relating to Network Time Protocol: The flaws were revealed last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute—the latter of which identified a number of potentially affected vendors, including FreeBSD Project, NTP Project, OmniTI, and Watchguard Technologies, Inc. A number of versions of the NTP Project "allow attackers to overflow several buffers in a way that may allow malicious code to be executed," the Carnegie Mellon/DHS security bulletin said. ... The company's typical security patches come through Apple's regular software update system, and often require users to move through a series of steps before installing. This week's update, however, marks Cupertino's first implementation of its automated system, despite having introduced the function two years ago, Reuters said.
Data Storage

Apple Disables Trim Support On 3rd Party SSDs In OS X 327

MojoKid (1002251) writes One of the disadvantages to buying an Apple system is that it generally means less upgrade flexibility than a system from a traditional PC OEM. Over the last few years, Apple has introduced features and adopted standards that made using third-party hardware progressively more difficult. Now, with OS X 10.10 Yosemite, the company has taken another step down the path towards total vendor lock-in and effectively disabled support for third-party SSDs. We say "effectively" because while third-party SSDs will still work, they'll no longer perform the TRIM garbage collection command. Being able to perform TRIM and clean the SSD when it's sitting idle is vital to keeping the drive at maximum performance. Without it, an SSD's real world performance will steadily degrade over time. What Apple did with OS X 10.10 is introduce KEXT (Kernel EXTension) driver signing. KEXT signing means that at boot, the OS checks to ensure that all drivers are approved and enabled by Apple. It's conceptually similar to the device driver checks that Windows performs at boot. However, with OS X, if a third-party SSD is detected, the OS will detect that a non-approved SSD is in use, and Yosemite will refuse to load the appropriate TRIM-enabled driver.
Android

Visual Studio 2015 Supports CLANG and Android (Emulator Included) 192

Billly Gates (198444) writes "What would be unthinkable a decade ago is Visual Studio supporting W3C HTML and CSS and now apps on other platforms. Visual Studio 2015 preview is available for download which includes support for LLVM/Clang, Android development, and even Linux development with Mono using Xamarin. A little more detail is here. A tester also found support for Java, ANT, SQL LITE, and WebSocket4web. We see IE improving in terms of more standards and Visual Studio Online even supports IOS and MacOSX development. Is this a new Microsoft emerging? In any case it is nice to have an alternative to Google tools for Android development."
Programming

Microsoft To Open Source .NET and Take It Cross-Platform 525

An anonymous reader writes: Microsoft today announced plans to open source .NET, the company's software framework that primarily runs on Windows, and release it on GitHub. Furthermore, Microsoft also unveiled plans to take .NET cross-platform by targeting both Mac OS X and Linux. In the next release, Microsoft plans to open source the entire .NET server stack, from ASP.NET 5 down to the Common Language Runtime and Base Class Libraries. The company will let developers build .NET cloud applications on multiple platforms; it is promising future support of the .NET Core server runtime and framework for Mac and Linux. Microsoft is also making Visual Studio free for small teams.