The WAN Show - 87% of Android Devices are "Insecure" - October 16, 2015

[LinusTech]

 

Soundcloud Link: https://soundcloud.com/thewanshow/the-wan-show-87-of-android-devices-are-insecure-october-16-2015

 

Sponsors!

 

Lynda.com Link: http://lynda.com/wanshow for a 10 day free trial

 

Squarespace: http://squarespace.com/linus, offer code LINUS to save 10%.

 

TunnelBear: http://tunnelbear.com/LTT - Browse privately and get your first 500MB for free!

 

Soundcloud Link: https://soundcloud.com/thewanshow/the-wan-show-kids-dont-play-enough-computer-games-october-2-2015

 

Main News Topics

University of Cambridge study reveals 87% of Android devices to be insecure

Source 1: http://linustechtips.com/main/topic/466915-cambridge-study-reveal OP: log234

Source 2: http://arstechnica.com/security/2015/10/university-of-cambridge-study-finds

Source 3: http://androidvulnerabilities.org/

Score List for each manufacturer

• Test conclusion finds that “on average 87.7% of Android devices are exposed to at least one of 11 known critical vulnerabilities.”

• Data for the study collected by group’s “Device Analyzer” app, which has been free on the play store since May 2011

• Study collected Android version and build number info from over 20,400 devices

• Study concludes that most of the blame sits with OEMs

• The Group states that “the bottleneck for delivery of updates in the Android ecosystem rests with the manufacturers, who fail to fix critical vulnerabilities.”

• Study found that Google’s Nexus devices were the most secure with a FUM score of 5.2 out of 10

• Google and OEMs have committed to a monthly security update program, but it is for devices less old than two years (Nexus, three years)

  • Most of Android sales are not flagship devices, so this is a problem

  • Until Google re-architects Android to support centralized, device-agnostic updates, there’s no solution to security problems

Chipgate FAQ: Everything you need to know about iPhone 6s controversy

Source 1: http://www.cultofmac.com/391618/chipgate-faq-everything-you-need-to-know-about-

Jonathan Morrison’s Video

Austin Evan’s Video

• Apple outsourced production of A9 processors for the new iPhones to two companies, TSMC and Samsung

• Samsung’s version is 96 square milimetres, TSMC’s is slightly larger at 104.5 millimeters

  • Shouldn’t affect performance…. But some owners are claiming otherwise

• YouTuber Austin Evans tested both, and saw TSMC’s hardware saw a longer battery life

• Evans used an app called “Lirum” that identifies which processor a phone has

• He pulled number for reference

  • Samsung = N71AP, N66AP TSMCs = N71MAP (6s), N66MAP (6s Plus)

• App pulled temporarily due to compatibility issues, is being put back up

• Apple stated “Certain manufactured lab tests which run the processors with a continuous heavy workload until the battery depletes are not representative of real-world usage, since they spend an unrealistic amount of time at the highest CPU performance state. It’s a misleading way to measure real-world battery life.”

• Apple says that these stress tests aren’t the best way to compare

• Another YouTuber Jonathan Morrison did real world testing, and saw there was differences between the two

  • Did real world tests, 4k video, uploading video, Geekbench and at the end the Samsung iPhone was at 55% and TSMC iPhone was at 62%

Tesla cars can drive themselves starting Oct 15th

Source 1: http://linustechtips.com/main/topic/467293-teslas-cars-can OP: TopWargamer

Source 2: http://www.theverge.com/2015/10/14/9533539/teslas-cars-can-drive-t

Source 3: http://www.teslamotors.com/presskit/autopilot

YouTube Demonstration

• At press event Oct 14th, Tesla announced version 7.0 of the Model S software, new build enabling the car’s self-driving features

• Capabilities were first announced last year

• Necessary sensors were added to all Model S cars since last September

• Tesla needed additional time to flesh out the algorithms, which they have been testing

• 7.0 released to US, will proceed to Europe and Asia in the coming weeks pending approval

• Model X shouldn’t be far behind

Features:

• Autosteer maintains speed and distance from the car ahead

• Auto Lane Change moves the car to another lane by tapping the turn signal

• Collision Warning

• Autopark, continuously scans for available parking around the car

• Automatic Emergency Steering

• Side Collision Warning, uses sensors to nudge the car away from danger, while alerting the driver

• Elon Musk called out Autosteer as a “beta” feature, and for users to keep their hands on the steering wheel at all times

  • Keeps liability out of Tesla’s control, since they told users not to take their hands off the wheel

  • Musk said “If there is an accident, the driver of the car is responsible”

• Version 7.1 will add ability to send car off to a garage, and come back and pick you up when needed

• Tesla is continuously uploading real-world sensor data from 7.0-equipped vehicles to home base

  • Utilizes four sensor types on the car: forward radar, forward-facing camera, 360-degree ultrasonic sensors, and a GPS combined with Tesla’s own high-resolution navigation maps

  • Musk calls it “fleet learning technology”

  • Functionality will improve each passing week, even without a firmware update, since the car is always accessing and improving Tesla’s high-res maps

AMD Reports 2015 Third Quarter Results

Source 1: http://linustechtips.com/main/topic/467832-good-news-for-amd/ OP: marldorthegreat

Source 2: http://www.marketwatch.com/story/amd-reports-2015-third-quarter-results-2015-10-15

Source 3: http://www.marketwired.com/prhttp://www.marketwatch.com/story/amd-reports-2015-third-quarter-results-2015-10-15ess-release/amd-reports-2015-third-quarter-results-

• AMD delivered double-digit percentage sequential revenue growth in both segments in the third quarter of 2015

• Strong 13% quarter-over-quarter revenue growth

• CEO Dr. Lisa Su said “We continue to take targeted actions to improve long-term financial performance, build great products and simplify our business model.”

• $65 million inventory write-down, primarily older-generation APUs

• $1.06 billion in revenue, down from $1.43 billion in Q3 of 2014

• Operating loss of $158 million, compared with a loss of $137 million in Q2, and a loss of $17 million in Q3 2014

• net loss in Q3 2015 of $197 million, compared to Q2 2015 net loss of $181 million

• Announced corporate restructuring plan to further reduce operating expenses

• Announced a definitive agreement for Assembly, Test, Mark and Pack (ATMP) manufacturing joint venture (See next topic)

AMD to Spin-off back end testing & Assembly Operations into joint venture for $371 Million

Source 1: http://linustechtips.com/main/topic/467863-amd-to-spin-off-back-en OP: zMeul

Source 2: http://www.anandtech.com/show/9723/amd-to-spinoff-backend-testing-assemb

• Spinning off their back-end manufacturing operations into a new joint venture with Nantong Fujitsu Microelectronics, (NFME) with them essentially buying the bulk of these operations off of AMD

• ATMP (Assembly, test, mark and pack) operations turning into a new, unnamed joint venture in partnership with NFME

• NFME will immediately be buying an 85% stake of AMD’s ATMP operation

  • no other partners involved, AMD will retain 15% stake

• NFME will be paying AMD approximately $371 million (approximate net gain of $320 million to AMD after taxes)

• AMD states the sale “further strengthens [their] balance sheet with significant asset monetization”

• Joint venture will remove 1,700 employees from AMD’s payroll

Intel reports flat revenues and lower year-on-year profits for Q3

Source 1: http://linustechtips.com/main/topic/467067-intel-reports-flat-re OP: Mr_Troll

Source 2: http://techreport.com/news/29188/intel-reports-flat-revenues-and-lower-yea

• Intel took in $14.5 billion in revenue, down less than one percent a year ago

  • $4.2 billion in operating income, down 8% year-over-year

• Client Computing Group took in $8.5 billion in revenue, down 7% year-over-year

• Desktop platform volume fell 19% from Q3 2014

  • Average selling prices rose by 15%

• Notebook platform volume fell 14% from a year ago

  • Average selling prices rose by 4%

• Tablets hardest-hit: platform volumes fell 39% year-on-year

• Other divisions delivered brighter results

  • Data Center Group took in $4.1 billion, 12% increase

  • Internet of Things Group took in $556 million, about the same as last year

For Q4 2015, Intel expects approximately $14.8 billion in revenue

Bell Canada fined for fake App Store reviews

Source 1: http://linustechtips.com/main/topic/467633-bell-canada-fined OP: GoodBytes

Source 2: http://www.engadget.com/2015/10/15/bell-canada-review-fine/

Source 3: http://9to5mac.com/2015/10/14/bell-fake-app-store-reviews/

• Fined roughly $1.25 million CAD by Canada’s competition bureau

• According to regulator, carrier “encouraged” staff members to post glowing testimonials of the MyBell and Virgin My Account apps to the App Store and Google Play

• Exposed by Scott Stratten, who was aware of the apps poor standing on iTunes

  • Suddenly saw the rating skyrocket due to series of five star reviews

  • He did digging on LinkedIn, found out that the most praiseworthy mentions were directors, marketing managers and other people paid by Bell Canada

• Company admitted that certain employees had been encouraged to post the ratings, but as soon as bosses were made aware, they ended the practice

• Firm has pledged to tighten up its compliance program, making sure employees know not to review the app

• First time a company has faced significant monetary fines for biased reviews

• Sets a precedent in Canada

Uber unleashes “UberRush” its on-demand delivery service

Source 1: https://www.yahoo.com/tech/uber-finally-unleashes-fedex-killer-120000311.html

Source 2: http://techcrunch.com/2015/10/14/uber-takes-on-postmates-with-uberrush-to-de

• launched a pilot version of its merchant delivery service Oct 14th in San Fran, New York and Chicago

• soft launch in New York City back in April

• Utilizes vehicle and bike couriers to deliver things quickly

• Focused on local shops for the moment

• Convenience costs, but Uber’s decision to turn it from an experiment into a real business suggests confidence in its business model

  • Businesses don’t have to pay Uber to sign up for UberRush, but each delivery will cost the merchant between $5 and 7$

• Uber drivers can pick up passengers and/or packages, but can’t do both at the same time

• Customers ordering something for same-day delivery go to the merchant’s site and select UberRush to get same-day delivery during checkout process

• Business Insider tried the New York City pilot, a reporter had a raincoat she forgot at a meeting picked up and dropped off within 20 minutes for $11

John “Totalbiscuit” Bain says cancer is reappearing

Source 1: http://linustechtips.com/main/topic/467658-john-tb OP: Michael McAllister

Source 2: http://www.twitlonger.com/show/n_1snlj3r

Twitter post

• “Cancer in the bowel is gone, but spots have appeared in my liver.”

• “Average life expectancy is 2-3 years, though there are outliers that live much longer.”

• “Who knows what they’ll come up with in the next decade? I Intend to beat if for as long as possible”

• “Going on chemo in a few weeks, with the goal of pushing it back and keeping it there for as long as possible”

• also closing his SC2 team Axiom

• “It’s no secret that 2015 has been the worst year for our team… We had planned to go through a lineup revamp and announce our participation in Proleague 2016… Unfortunately the environment just isn’t fertile anymore for Axiom to survive and even if it were, it is one big financial and time investment that I am going to have to give up in order to focus more on my family life and medical expenses.” -TB

• screengrab of full announcement

Skarp the Laser Razor is cancelled by Kickstarter, on Indiegogo now

Source 1: http://linustechtips.com/main/topic/466219-skarp-the-lase OP: pwn_intended

Source 2: https://www.kickstarter.com/projects/skarp/the-skarp-laser-razor-21st-century-shaving

Source 3: https://www.indiegogo.com/projects/the-skarp-laser-razor-21st-century-shaving#/

Shaving Demo

• After raising over $4,000,000 in funding, the project was suspended by Kickstarter due to them not having a working prototype

• More than 20,000 people had backed the project

• New page is up at Indiegogo, has raised over $288,000 so far (Oct 15)

• A shave demo was released through YouTube Oct 12

  • Description for video states that “the fiber in this video can only be mounted with rudimentary means, this means it’s not robust.”

  • Hoping that mass production will help Skarp to secure rigidly mounted fiber for shaving

SuperMHL to support 8K video

Source 1: https://twitter.com/m_cummings99/status/652943232733614080?s=09

Source 2: cnet.com/supermhl-is-on-its-way...

• support for 8K 120fps video

• super Mobile High-Definition Link

• launched at CES 2015

• allows you to stream up to 8K AV content from a mobile device to a TV or other display

• up to 48-bit color

Rapid Fire

BUILD LOGS

White Metropolis

Junk in a Box

"Project Iceberg" The Ultimate Watercooled Gaming Wall

Leonardo DiCaprio snaps up rights to a movie about the VW emissions scandal

Source 1: http://linustechtips.com/main/topic/466469-leo-dicaprio OP: Master Disaster

Source 2: http://www.wired.co.uk/news/archive/2015-10/13/dicaprio-vw-emissions-film

• DiCaprio’s production company Appian Way has teamed up with Paramount to buy the rights to a proposed book about the VW emission scandal

  • proposed by journalist Jack Ewing and titled “Too Big To Fail”

  • wants to investigate how a “more, better, faster” ethos among car companies led to the current crisis

• DiCaprio has also recently signed a multi-year deal with Netflix to produce environmental films

  • Said “There’s never been a more critical time for our planet or more of a need for gifted storytellers to help us make sense of the issues we face.”

Light’s L16 camera challenges DSLRs with 16 lenses in one package

Source 1: http://linustechtips.com/main/topic/466752-lights-l16-cam OP: XTankSlayerX

Source 2: http://www.engadget.com/2015/10/08/lights-l16-camera/

Source 3: https://light.co/

• Photography startup Light has launched L16, which the company’s calling a “multi-aperture computational camera”

• Called the L16, because it's equipped with 16 individual lenses

• L16 runs on Android and has built-in WiFi, allowing to posting pics directly from device

• Comes with an integrated 35mm-150mm optical zoom and a five-inch touchscreen display

• It’s about the size of a Nexus 6, and double the thickness

• When you take a picture using the camera, all 16 lenses capture photos simultaneously at different focal lengths

  • Light’s technology then combines them into a single 52-megapixel image

  • Able to adjust photo’s depth of field, focus and exposure after it’s been captured

• Cost is $1299 USD if you pre-order today, $1699 USD Summer 2016

Humble Bundle let go 20% of its staff

Source 1: http://linustechtips.com/main/topic/466512-humble-bundle-l OP: TopWargamer

Source 2: http://www.destructoid.com/humble-bundle-s-let-go-20-of-its-staff-315201.p

Source 3: https://www.polygon.com/2015/10/12/9513937/humble-bundle-cuts-jobs

• Has laid off 12 people - in a move that the CEO admitted reflected overly eager expansion

• Layoffs hit people in creative, engineering, business development and communications departments

Microsoft on Windows 10 Mobile: We “will decide when to send the updates out”

Source 1: http://linustechtips.com/main/topic/466493-microsoft-says- OP: jos

Source 2: http://wmpoweruser.com/microsoft-on-windows-10-mobile-we-wi

• Lots of questions about the Windows 10 Mobile update process

• When the Lumia 950 and 950XL was launched, Panos Panay spoke of “The power of the Windows Update keeping things fresh”

  • Wmpoweruser.com reached out to Microsoft to clarify that statement

  • Told that Microsoft will offer app updates to all Windows 10 phones and pcs at regular cadence

• When asked about carrier updates, they stated “Microsoft is working closely with mobile operators to leverage their testing and our flighting to meet and exceed current quality bars. We will use their input but will decide when to send the updates out based on input form from Mobile Operators and our Windows Insiders.”

• Implying that they will be pushing Windows Phone updates directly

AMD’s Phil Rogers jumps to Nvidia

Source 1: http://linustechtips.com/main/topic/466545-amd OP: zMeul

Source 2: http://www.hardocp.com/news/2015/10/13/phil_rogers_amd_fellow

• AMD back in 2007 “announced the appointment of Phil Rogers to AMD Corporate Fellow”

• “Corporate Fellow is the highest level of technical recognition at AMD, and is reserved for those who impact AMD’s business opportunities and technical breadth by providing a high degree of expertise, knowledge, creativity, and tactical and strategical direction

• Rogers was with AMD for 21 years

• Confirmed Oct 13, 2015 that Phil is now with Nvidia as Chief Software Architect - Compute Server

iPhone 6s camera shows no improvement over the 6

Source 1: http://linustechtips.com/main/topic/467248-iphone-6s-camera OP: kurahk7

Source 2: http://www.dxomark.com/Mobiles/Apple-iPhone-6s-revi

Comparison Graph

Iphone 6, 6s Test Results - Video

Iphone 6, 6s Test Results - Photo

• iPhone 6s scores same “82” score as iPhone 6 on DxOMark

Apple Updates their iMac Peripherals

Source 1: http://www.anandtech.com/show/9716/apple-updates-their-imac-peripherals

Source 2: http://9to5mac.com/2015/10/14/magic-mouse-2-unboxing-video/

Source 3: http://www.apple.com/ca/shop/product/MJ2R2LL/A/magic-trackpad-2

Magic Mouse 2

Packaging has changed for the Magic Mouse 2, a larger mostly white box replaces the small, clearer packaging for the original magic mouse

• Built in rechargeable battery versus the AA slots that needed replacement before

• Charging slot on the bottom of mouse, can’t use while charging

• Features a pairing method to Macs on OS X El Capitan

• Charges for 9 hours of use in about 2 minutes

• Comes with a Lightning cable for charging

• $79 USD

Magic Trackpad

• Build-in battery, brings force touch to the desktop

  • Four force sensors underneath the trackpad allow you to click anywhere

  • Brings increased functionality to your fingertips

• Nearly 30% larger than the previous trackpad

• Pairs automatically with your Mac

• Rechargeable battery via lightning to USB

• Battery is said to last months at a time

Magic Keyboard

• Rechargeable battery via lightning to USB

• Pairs automatically

• Optimized key travel and lower profile

• Improved scissor mechanism beneath each key for increased stability

 

[comicsansms]

@LinusTech Why do you hate me so much?

I am just a font!

[XTankSlayerX]

Luke is so wrong about ComicSans.... You never, ever use Comicsans, literally use anything else.

[Guest Philosophy]

I can't read half the writing on night theme..

[AmmarAliShahK]

Is Linus using the Surface?

[Master Disaster]

Cool, I made the show

[Deusrex]

i recently saw the blackphone 2 came out, and your WAN Show reminded me of it as it's a android phone with a focus on security, I hope to see a review of it, if you get a review device.

[MAXXHEW]

deleted comment

[YT2002]

Luke is so wrong about ComicSans.... You never, ever use Comicsans, literally use anything else.

My school sometimes uses it. They dont get the thing about Comic Sans

[alextulu]

So, Linus couldn't download drivers after reinstalling windows.

 

Why didn't he have an offline copy of those drivers ? Even if they're an older version, they can be updated later. What if you reinstall Windows and your network adapters don't work. How are you supposed to download drivers ? I always keep an offline copy of my drivers.

[yourfavoritenumber]

About nVidia requiring registration for driver download:

Please someone tell me where do I find the AMD Desktop Graphics drivers without downloading AND installing the whole 300 MB Catalyst Control Suite?!

[aselwyn1]

uber is in ottawa montreal and toronto so ya..

[Tao]

RE: Android devices only being updated for 2 years:

 

In Saskatchewan: The Consumer Protection and Business Practices Act ( http://www.qp.gov.sk.ca/documents/English/Statutes/Statutes/C30-2.pdf ) would like to have a word:

 

In Division 3  #19 g)

 

"that the consumer product and all its components are to be durable for a reasonable period, having regard to all the relevant circumstances of the sale, including:

(i) the description and nature of the consumer product;

(ii) the purchase price;

(iii) the express warranties of the retail seller or manufacturer; and

(iv) the necessary maintenance the consumer product normally requires and the manner in which it has been used;"

 

Essentially, consumer protection in Saskatchewan mandates that the supplier make all components of a product 'durable' (i.e. software being a component) for a specific period of time that would be 'reasonable' in regards to the following factors combined: how it is intended to be used, how much it was purchased for, and what the warranty offered by the supplier (manufacturer) says. So a $800 (i.e. flagship device) phone should have a longer period for the supplier to upkeep the device over say a $100 phone regardless of what the given warranty states.  The given warranty is taken into consideration, but if the warranty is not increased proportionally to that of a $100 phone, the law will force it to be extended.  Also the last bit says "The necessary maintenace the product normally requires.." would also be taken into consideration.  Essentially dropping security updates would make the device useless for certain users (i.e. business people), which would not fly under this act.

 

Additionally, the Act cares not that the warranty on the updates is from product launch.  It only cares about purchase date if it were purchased as new under normal circumstances (and not on clearance).

 

In short:  this would have to be fought to see where the powers that be deem what "a reasonable duration" to provide updates is.  That being said, 2 years for an $800 device will probably NOT be considered reasonable and would be extended extended.  Also planned obsolescence influencing product life cycles will probably not be considered into this equation either.  I would guess that a $800 flag ship device should be supported for at least 5 years.

 

If the supplier cannot update the device in accordance to this law, the customer can return the device to place of purchase and be charged a 'reasonable' fee to account for the usages of the device.  If a $100 device only lasted 2 years on updates, then we could assume that a $800 device would be charged $100 and refunded $700.  Those are numbers I am pulling out of my ass, but I think AT LEAST 5 years for a $800 device is reasonable, therefore charge 2/5ths of the original price.  This would come to a head because even though commitment contracts lasting 2 years are paying for most of a device AND also last as long as the software update service, people may be able to return their flag ship phones for a chunk of money, since the purchase contract is STILL worth $800  In another way: a person who flat out buys a device is considered in the same way as someone who got a discount by performing another service in a separate contract.

 

Each jurisdiction would have their own legislation, so this could be similar in other places.

[Unhelpful]

Luke is so wrong about ComicSans.... You never, ever use Comicsans, literally use anything else.

^UWOTM8?