Short Topix: Is The $399 PinePhone Pro Linux Smartphone Enough To Gain Traction In Mobile Market?

by Paul Arnote (parnote)

The War On Your Privacy: Monthly Update

It's not very often that we get an ally in the fight to protect our privacy, so this bit of news is definitely welcomed. DUCKDUCKGO, THE MAKERS OF THE INTERNET SEARCH ENGINE WITH THE SAME NAME, ARE MAKING A PRIVACY-FOCUSED DESKTOP BROWSER, according to a blog entry by their CEO, Gabriel Weinberg. The DuckDuckGo mobile browser is THE hottest download in the Google Play store, and the second hottest download on the Apple iOS AppStore. The desktop version will function just like the mobile version of their browser.

Here's an excerpt from the aforementioned blog post:

THE GOOGLE CHROME BROWSER EXPERIENCED NOT ONE, BUT TWO SECURITY UPDATES during the month of December, 2021. The first one was a security update of the vulnerable browser on December 5, 2021. That update addressed 20 security vulnerabilities, 16 of them reported by outside researchers, and 15 of which were rated as "high severity," according to an article on the SecurityWeek website. Then, on December 13, 2021, Google patched the desktop browser AGAIN to address five security flaws. One of those vulnerabilities was a high-risk zero-day vulnerability that was already being exploited "in the wild" by hackers, according to an article on the Tom's Guide website. Seems to validate one line of thinking that the more complex you make the browsers, the more vulnerable they are.

2021 WAS A BANNER YEAR ... FOR PASSWORD VULNERABILITIES. It seems the message just isn't getting through -- or isn't being heeded -- about not reusing passwords between sites, and using unique passwords for every site you visit. An article on TechRepublic lists the top 10 password snafus that occurred in 2021, according to Dashlane's sixth annual list of the year's worst password offenders. Most of the "snafus" occurred because of stolen or hacked passwords.

A GOOGLE PLAY APP WITH OVER 500,000 DOWNLOADS WAS FOUND TO BE SENDING USERS' CONTACT LISTS TO A SERVER IN RUSSIA, according to an article on ArsTechnica. The app, called "Color Message," is infected with the Joker malware, and sends a user's contacts to a server located in Russia. Furthermore, the malware also signs users up for often-expensive subscriptions. To hide, the application can hide its icon, making it difficult to detect and remove. The Joker malware "simulates clicks and intercepts text messages in an attempt to surreptitiously subscribe users to paid premium services they never intended to buy. Joker is hard to detect because of the tiny footprint of its code and the techniques its developers use to stash it. Over the past few years, the malware has been found lurking in hundreds of apps downloaded by millions of people," according to the ArsTechnica article. Although the app has been removed by Google from the Google Play store, users who might have installed the app should remove it from their devices as soon as possible.

Grinch-Bots Play Grinch For Christmas

Didn't get (or buy) what you wanted for Christmas? You might have been "squeezed out" of the chance to buy a popular gift or gift card by "Grinch Bots" that scoop up limited supplies of popular gifts, according to an article on TechRepublic. The thing is, these automated all-in-one bots work overtime (no breaks needed) to steal gift cards and buy up popular gift items so they can be resold at grossly marked up prices. According to the Kasada Threat Intelligence Team, who discovered the bot activity, the bots mimic human activity in an effort to skirt anti-bot code that's executed on the client side of public devices.

While most bot activity originates from China, during the five day period from Thanksgiving through Cyber Monday, that was not the case. Instead, over 42% of bot activity during that time frame originated in the U.S., with Australia taking second place with over 27% of the bot activity, and the U.K. coming in a distant third place with over 4% of the bot activity.

The increased bot activity included a four-fold increase in automated gift card cracking attempts, along with a ten-fold increase in malicious login attempts. It sounds like the name "Grinch Bots" is an accurate one, and one that circumvented anti-bot code on ecommerce sites. Bot activity went from nearly 0% just before "hype sales" (where a limited stock of an item is listed at a deeply discounted price starting at a specific time), to over 99% of the recorded traffic until the item was sold out. The pattern would repeat during the five day period for every "hype sale" whenever a new item was offered.

Will $399 PinePhone Pro Explorer Edition Linux Smartphone Finally Allow Linux Smartphones To Gain Traction In Mobile Market?

To answer the question, maybe or maybe not. The mid-range $399 smartphone is expected to be available in early January. The phone is designed to be hackable, and comes with Manjaro Linux and KDE Plasma Mobile interface, according to an article on the Liliputing website. Sporting a microSD card slot, other operating systems -- even other Linux mobile operating systems -- can be installed in Manjaro's place, and even booted from the microSD card slot. It has a 3,000 mAh battery, and a headset jack, in addition to the microSD card slot. To facilitate privacy, included phone hardware such as the camera, wifi, mic and headphone jack can be disabled with physical switches, if so desired.

So why might this attempt NOT catapult Linux smartphones into the mainstream? First of all, the name is unwieldy and long. Most of the "successful" entries into the smartphone market have short, easy to remember and say names, like "Pixel," "iPhone," and "Nexus." With a name like "PinePhone Pro Explorer Edition Linux Smartphone," it's a mouthful.

Secondly, it currently supports 4G LTE, but not the ever-expanding 5G networks that are becoming more plentiful by the month, if not by the day. That alone should limit the new phone's appeal to a large part of the mobile market. I can't imagine paying $400 for a phone loaded with old technology, and I suspect a lot of other users might feel the same. It will definitely limit its usefulness over the long term. Who wants to be left holding $400 worth of silicon, plastic and glass that can't connect to anything (as cellular technology evolves, 4G LTE networks will go the way of 2G and 3G networks) or offer access to more robust services?

And third and finally, by not being attached to a major cellular carrier, only the diehard phone users are going to be using this device. Many people, when they sign up for service, usually opt for one of the phones offered by the cellular carrier. They are guaranteed those phones will work with that carrier's network without major hassles and technical hoops to jump through, and they can get those phones without having to plunk down large sums of cash to buy the phone outright. For the latter, most cellular carriers will allow users to pay for their phone purchase over many months (usually the length of the contract), making more expensive, higher-end phones accessible for those who cannot pay those often really high prices.

The "Why We're Glad We Don't Run Windows" Department

When Windows 11 came out, Microsoft had made it next to impossible to use any other web browser other than Microsoft Edge. It was possible, but it was a difficult path that most users just couldn't or wouldn't follow, fraught with minefields and pitfalls at every twist and turn. Well, according to an article on the Verge website, Microsoft has backed off from trying to ram Edge down everyone's throat, and has made switching browsers a one-click affair.

Most of us around here have, at one time or another in our previous computing life, been a Microsoft Windows user. One thing that has hardly changed since the birth of Windows is the default text editor in Windows, called Notepad. According to an article on the ArsTechnica website, Microsoft has finally given Notepad an update with Windows 11. The updated text editor allows users to change between a light and dark mode, and sports more modernized font controls. Under the hood, it features a new find and replace dialog box, as well as a multilevel undo function.

It appears that Windows 11 is responsible for cutting the performance of NVMe drives by approximately half for many users of the new operating system, according to an article on the digitaltrends website. Many reports of essentially the same behavior have flooded Reddit forums in recent months. While Microsoft hasn't taken an official stance or released an official reply, one Microsoft employee replied on one of the Reddit threads that the Microsoft file systems team is investigating the issue.

Oooops! Home Covid Test Susceptible To Hacking

Widely reported on in both the computer press and the mainstream media, the security company F-Secure discovered that the results for the Ellume COVID-19 Home Test could be hacked to provide a negative result in place of a valid positive result, or vice versa.

The home test kit uses a special testing device that connects to the user's smartphone via Bluetooth. The user downloads the app, answers some screening questions, watches a video, and then performs the test. The test stick connects to the app via Bluetooth to report the test results.

EXCEPT ... a bad actor can alter the results by changing one value in the Bluetooth data after the test stick performs the test, but before it is reported to the app via the Bluetooth connection.

The Ellume home test kit, which sells at popular big-box stores (e.g. Target, Walmart, etc.) for between $25 and $30, is one of the tests travelers can use to enter the United States from abroad.

With the COVID vaccine hesitancy sweeping the globe, someone with the technical ability could change a positive test result into a negative test result, which would allow them to appear as if they are not infected ... and allow them to spread the virus to many others.

PCLinuxOS Magazine Short Topix Roundup

Just in case you haven't had enough with JavaScript on web pages you visit (think the popular NoScript browser add-on), GET READY FOR PYTHON SCRIPTING ON THE WEB PAGES YOU VISIT. Using the Web Assembler (WASM), according to an article on The Register, CPython scripts can run at near-native performance levels. Turning to Python helps developers overcome some limitations of JavaScript. While possessing a larger toolset than JavaScript, I can see this becoming quite a security nightmare. I could be wrong, but I don't think so.

JIM WARREN, 85, FOUNDER OF THE WEST COAST COMPUTER FAIRE IN THE 1970'S, AND FORMER EDITOR OF DR. DOBBS JOURNAL, died November 24, 2021 in Silverdale, WA, from lung cancer. According to a NY Times article, Warren was a leading figure in the emerging personal computing industry in the San Francisco area. After starting the first West Coast Computer Faire in 1977, it went on to become an annual event. The Apple II debuted at that first event, with Steve Jobs manning the Apple booth, with Steve Wozniak working feverishly to finish the computer in time for the show. He also went on to host the first two seasons of "Computer Chronicles" for PBS.

Starting early this year, GOOGLE WILL BEGIN MIGRATING MULTI-LOCATION FILES IN GOOGLE DRIVE TO SHORTCUTS, designed to simplify file and folder structures, according to an article on TechRadar. Most users will not have to do anything, and will be notified by a banner on the Google Drive page that the conversion to shortcuts is taking place.

An article from Popular Mechanics HIGHLIGHTS SOME RECENT ADVANCES WITH LITHIUM ION SOLID STATE BATTERIES. These batteries will have capabilities we only dream about, and will change our relationship with batteries from what we know today. For example, you will be able to charge a car that uses the new solid-state batteries in under 10 minutes. Plus, these new generations of lithium ion batteries will last 25 years or more.

AMAZON WEB SERVICES EXPERIENCED THREE OUTAGES IN AS MANY WEEKS IN DECEMBER, 2021. The latest AWS outage began around 4am PT/12pm GMT on December 22, 2021, with more than a thousand incident reports flagged on tracker site DownDetector. The previous outage was on December 15, 2021, occurring at (or around) 09:50 am, PT. The first one occurred on December 7, 2021, around 07:00 am PT, when a network device issue caused the servers to go wonky.

REACT OS 0.4.14, the "open source" version of Windows (clone) was released on December 18, 2021. This update, which supersedes the last version of 0.4.13 released in April, 2020, features significant improvements in stability, improved memory management, initial work on PAE handling, better "Plug 'n Play" support, and driver work. You can check out React OS here.

HUMANS HAVE FIGURED OUT HOW TO MAKE A WARP BUBBLE, but don't go packing your bags just yet for the five minute trip to Mars. This warp bubble was created on a micro-scale, and isn't capable of supporting propulsion ... yet, according to a TechRepublic article.