Category Archives: Stiri iT & C

Android Pie Is Filled with AI | Operating Systems


Artificial Intelligence plays a big role in Android 9, the latest version of Google’s mobile operating system, released Monday.

Called “Android Pie,” the OS is designed to learn from its users’ behavior, and apply those lessons to simplify and customize their phone experiences.

“From predicting your next task so you can jump right into the action you want to take, to prioritizing battery power for the apps you use most, to helping you disconnect from your phone at the end of the day, Android 9 adapts to your life and the ways you like to use your phone,” noted Sameer Samat, Google’s vice president of product management for Android and Google Play.

google's android 9 pie

Adaptive Brightness and Adaptive Battery are two ways Android Pie uses AI to customize and improve a phone’s performance.

Adaptive Brightness learns what brightness levels a user likes in certain conditions and automatically adjusts the display to those settings when those conditions arise.

Adaptive Battery plugs into Google’s DeepMind systems and can learn a person’s phone usage patterns and make adjustments to optimize power usage.

“Users of the Android P beta program on Google Pixel phones found a 20 percent increase in battery life,” said David McQueen, research director for consumer devices in the London offices of ABI Research, a technology advisory firm.

“Battery life has always been a major pain point for the smartphone user, so this implementation of AI will be welcome relief,” he told TechNewsWorld.

Seeing Will Be Believing

The power management feature works without adding additional hardware, McQueen pointed out.

Huawei introduced performance-enhancing AI in its Mate 10 Pro product, he said, but to do it, the company had to add a chip to the device, which it called a “neural processing unit.”

“There’s not much going on in terms of new battery technology that can lengthen battery life, so Adaptive Battery could be a good thing,” suggested William Stofega, program director for mobile phones and drones at
IDC, a market analysis company based in Framingham, Massachusetts.

The Adaptive Battery feature appears to be compelling, acknowledged Tuong Nguyen,
a senior principal analyst at Gartner, a research and advisory company
based in Stamford, Connecticut. However, he is withholding judgment on the feature until the verdict from users comes in.

“We see a lot of power optimization announcements, and I’m sure they work well enough,” Nguyen told TechNewsWorld, “but my perception as a consumer is that I can never stay sufficiently charged and am always using too much battery.”

Screen Slices

Another new addition to Android is App Actions. It makes connections between when and how you use apps and makes suggestions based on those connections. For example, it’s 5:15 p.m. on a Monday. App Action may ask if you want to open the e-book you’ve been reading on your commute to and from work for the past week.

Google also announced a feature for Android Pie called “Slices,” which won’t appear in the OS until later this fall.

Slices shows relevant information from apps depending on a user’s screen activity. So if a user started typing Lyft into Google Search, Slice would display a slice of the Lyft app with information such as prices to a destination and the ETA for a driver.

“Slices is great because it brings us a step closer to the post-app world,” Nguyen said.

“Instead of searching through a dozen of apps and individually opening them,” he continued, “the UI allows me to use them with fewer steps.”

Better Security

Android Pie also sports a new single home button for simpler navigation.

In addition, Android’s Overview feature has been redesigned to display full screen previews of recently used apps. It also now supports Smart Text Selection, providing action suggestions based on selected text.

Security has been beefed up in Android 9. It has an improved security model for biometrics. It uses a secure, dedicated chip to enable hardware security capabilities that protect sensitive data, such as credit card information.

Android 9 chooses the TLS protocol by default, as well as DNS over TLS, to help protect all Web communications and keep them private.

Multi-Camera and HEIF Support

Android’s photographic capabilities are expanded in Pie. It supports multiple cameras, which enables developers to access streams from a number of physical cameras simultaneously.

“Multi-camera support is a potentially cool feature because it impacts the trajectory of immersive augmented reality, mixed reality and virtual reality experiences,” Nguyen said.

“Anything that advances immersive is exciting for me, but it’s a long road, so don’t expect to see something with a super impact immediately,” he added. “It’s more of a building block for bigger things to come.”

Android Pie also supports a new image format, HEIF. The format provides better compression than the widely used JPEG format without a loss in quality. Apple has been using the format for awhile.

A common complaint among consumers is a lack of storage on phones, Nguyen noted.

“I’m not familiar with the technical details on HEIF, but I think all consumers can appreciate having more room because of better compression,” he said.

Fighting Phone Addiction

With concerns rising about how much time people spend with their phones, Google decided to add some time management features to Android Pie.

“While much of the time we spend on our phones is useful, many of us wish we could disconnect more easily and free up time for other things,” observed Google’s Samat.

“In fact, over 70 percent of people we talked to in our research said they want more help with this,” he added. “So we’ve been working to add key capabilities right into Android to help people achieve the balance with technology they’re looking for. “

The new “digital well-being” features that will be added to Android Pie this fall include the following:

  • A Dashboard that helps users understand how they’re spending time on their devices;
  • An App Timer that lets an operator set time limits on apps and grays out the icon on their home screen when the time is up;
  • A Do Not Disturb mode, which silences all the visual interruptions that pop up on a screen; and
  • Wind Down, which switches on Night Light and Do Not Disturb and fades the screen to grayscale before bedtime.

While the new digital health features may be embraced by some users, they could be annoying to others.

“I can see things like Wind Down and app timers getting in the way,” IDC’s Stofega told TechNewsWorld. “I thiink people want to use their devices whenever and however they want.”

Possible Pain Points

For many Android users, all the goodies in the latest version of the OS are likely to remain out of their hands for some time, since Pie works only on Pixel models, and a few other phones that participated in the beta program for the software.

“It will be telling how quickly Android P is able to migrate to Samsung and Huawei smartphones, and then on to those that run Android One,” McQueen said.

Even for those who are able to get their hands on the new OS, there could be challenges.

“The issue always is how quickly will people be able to recognize some of these new features,” and whether these devices are “getting too complex for their own good,” Stofega said.

“These devices are becoming Swiss Army knife-like,” he remarked. “Device makers have to figure out and adjust to what people really need versus what’s technically possible.”


John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.





Source link

Pinguy OS Puts On a Happier GNOME 3 Face | Reviews


By Jack M. Germain

Jul 17, 2018 11:06 AM PT

Pinguy OS Puts On a Happier GNOME 3 Face

Pinguy OS 18.04 is an Ubuntu-based distribution that offers a non-standard GNOME desktop environment intended to be friendlier for new Linux users.

This distro is a solid Linux OS with a focus on simple and straightforward usability for the non-geek desktop user. If you do not like tinkering with settings or having numerous power-grabbing fancy screen animations, Pinguy OS could be a good choice.

The GNOME desktop is the only user interface option, but Pinguy OS’ developer, Antoni Norman, tweaked the desktop environment with some different software options not usually packaged with GNOME.

His refusal to settle for the run-of-the-mill software typical of mainstream GNOME choices is one of this distro’s strongest features. The developer gives you better application options to create the best user experience within the modified GNOME environment.

Pinguy OS is a great pick for beginning Linux users because it is easy to use and offers a satisfying experience. It is also a no-nonsense computing platform for seasoned Linux users who want a GNOME environment that makes more sense.

Pinguy OS comes with user-friendly enhancements and out-of-the-box support for multimedia codecs and browser plugins. The modified GNOME user interface has enhanced menus, panels and dock bars. It includes a handpicked selection of popular desktop applications for many common computing tasks.

Sensible Modernizing

I last looked at Pinguy OS four years ago and found it both useful and easy to use. The developer offers a major upgrade about once yearly. This latest release, which arrived earlier this month, shows significant updating.

For instance, it includes GNOME 3.28. The developer tweaked many of the components to ensure a fast and modern OS. Gone are the gEdit text editor in favor of Pluma. In addition to providing better performance, Pluma is a suitable clone replacement. The file manager app is Nemo 3.8.3.

No email client is bundled with this latest release, but Thunderbird is readily available from repositories. The developer suggests using the GNOME email notifications, which is part of the GNOME desktop and works once you enter online account info into the GNOME account panel.

One of the benefits of running Pinguy OS used to be its support for 32-bit systems. However, the latest tweaking done to Pinguy OS made 32-bit versions a bad user experience. This latest release does not run on very old hardware.

Changes That Work

Earlier versions of Pinguy OS ran Docky, an aging launch dock app. It did not mesh well with the latest Pinguy OS build, so gone it is. In its place are Simple Dock and Places Status Indicator.


Pinguy OS 18.04 panel bar

Pinguy OS 18.04 combines application listings, system panel bar tools and workspace switcher into one multifunction panel. Plus, it provides a panel bar for notifications and a Simple Dock for quick launch.


Simple Dock and Places Status Indicator are GNOME extensions. Like Docky, Simple Dock places a quick launch bar at the bottom of the screen. Places Status Indicator adds a menu for quickly navigating places in the system.

Simple dock at the bottom of the screen and the panel bar across the top of the screen provide easy access to all system tools. The menu button at the left of the top panel has additional tweaks and improvements.

Some of the default GNOME apps have been replaced with MATE versions. This is another example of why Pinguy OS is not just another retread built on standard GNOME 3.

Earlier versions came with the Conky desktop applets, but all the adjusting done in the Pinguy OS 18.04 made it a distraction at best. The developer reasoned that the OS did not need Conky because it confused new users.

I can not agree more. I have found Conky to be clunky. Most of its displays focused on system readouts. Putting them on a desktop just adds to the clutter.

Under the Hood

Pinguy OS is basically Linux Mint infrastructure under the covers, but the GNOME 3 environment is redesigned with many nice usability features. The tweaking in this latest Pinguy OS goes well beyond the GNOME 3 you see in Linux Mint, however.

Pinguy OS has only one desktop flavor. It comes in two options, though: full version or the mini edition. This supports the developer’s goal of making an uncomplicated desktop environment.

The mini option gives you less prepackaged software, but you can add the software not included with a few mouse clicks.

This release uses Linux Kernel 4.15.0-23-generic. It also includes OpenGL version string 3.1 Mesa 18.1.1.

If you are a game player who fancies Window games, you will like the inclusion of Winepak’s repository. This makes it easy to install your favorites.

Pinguy OS 18.04 also ships with a new GDM and GTK Theme, which contributes greatly to giving the OS a more modern look.

Look and Feel

The desktop itself is clutter-free. You can not place icons there. That is a feature (or not) of the GNOME 3 desktop.

However, it also reinforces one of the distro’s driving principles. The goal of Pinguy OS is to give users a clean desktop with a fine-tuned interface that works without confusion. This distro does that.

Simplicity is not the only distinguishing trait. Pinguy OS is a thing of beauty. Pinguy OS comes with an eye-catching collection of artwork that randomly displays as a new background every five minutes or so.


Pinguy OS 18.04 desktop weather applet

Pinguy OS has a clutter-free desktop and a handy weather applet built into the top panel.


This process is controlled by the Variety application. You can change the timing interval and other options for the background images in the Variety Preferences panel.

Pinguy provides a reasonably solid out-of-the-box experience, but the GNOME 3 desktop limits functionality for the sake of simplicity. That is an important distinction.

A panel bar sits at the top of the screen. It holds the traditional menu button in the left corner and system notification icons on the right half of the bar. You can not add or remove any items from the bar.

A Matter of Taste

Do not get me wrong. Placing simplicity above functionality is a point of user perspective about the GNOME 3 desktop — I do not mean that as a criticism.

GNOME 3 is the foundation under several popular desktop environments. What you can see and do with it is a matter of what the developer does. This developer does a lot.

Pinguy OS is not your typical plain-Jane GNOME desktop. Pinguy OS is a solid, functional OS.

New Linux users will not be frustrated by it, but seasoned Linux users might want an advanced setting tool, which does not exist.

My personal preference is a bottom panel that puts notifications, quick launch icons, and a virtual workplace switcher applet a single mouse click at hand. I’d like to see a few icon launchers on the desktop for added convenience.

That is my comfort zone. Standard GNOME 3 dumbs down the process of navigating quickly. It unnecessarily hides access to moving around open applications on numerous virtual workplaces.

Pinguy OS has enough tweaking to build in a suitable workaround for such limitations. So in that regard, this distro gives you a better integration of the GNOME desktop.

Change for the Better

Earlier versions of Pinguy OS used the default full-screen display to show installed applications. The current release has a much better menu system. The far left corner of the panel bar has a Menu button and a Places button.

Click Places for a dropdown listing of folders such as downloads, documents, music, pictures and videos. Clicking on any of these opens a file manager with more options.

Click the Menu button to open a trilogy of functionality. This is a handy mechanism that pulls together what usually is done with several clicks in standard GNOME.

The Simple Dock provides quick access to a few essentials. The apps there include the Web browser, software store, terminal, trash and system monitoring tools.

Multipurpose Panel Bar

When you click the Main Menu button, a panel drops down from the top left corner of the screen. Across the top of this panel are buttons to restart the GNOME shell, suspend /shut down /log out user, lock screen, view Web bookmarks, view recent files, toggle startup apps view, and view applications in list/grid view.

A search window makes finding applications fast. As you type letters, a list of icons for matching applications appears. Click the gear button in the far right of this top row to open a GNOME Menu settings panel. It is here that you can turn on/off numerous features such as activating hot corners.

Down the left edge of the main menu panel is a list of categories that includes Frequent Apps and Favorite Apps. You see that list in the large display area in the center of the dropdown panel. Depending on whether you set grid or list view, a vertical list of program titles fills either the display area or a mini version of the full-screen display that you see in standard GNOME 3.

Built-in Workspace Switcher

What I really dislike about the usual display for virtual workspaces is having to push the mouse pointer into the top left hot corner to slide out the panel from the right edge of the screen. Pinguy OS has a much better solution.

The right edge of the Main Menu panel automatically shows the virtual workspaces in thumbnail view. What a concept! It is simple and efficient.

This approach makes it very handy to navigate among different virtual desktops with a single mouse click. Other features lets you use window actions to move an application to another workspace or jump to a new location using shortcuts.

Settings Supremacy

The top panel bar in GNOME (including Pinguy OS) does not dock open applications or provide any panel applets. That short-circuits many of the special features the panel provides in other Linux desktop environments.

However, Pinguy OS makes up for that by providing a consolidation of system settings. This is a very useful alternative.

Access the system settings from the Main Menu /System Tools /Settings. The list of settings and preferences resembles the dropdown top panel on an Android device. It is very straightforward and complete.


Pinguy OS 18.04 preference panels

A design based on simplicity puts nearly all of the system settings into an Android-style set of preference panels.


A second settings panel of sorts is available by clicking the Gear button at the far right top of the Main Menu. Click on a category to see a full panel view of preferences to turn on/off. This settings panel provides much of the functionality that would otherwise be provided in a fully functional panel bar at the top (or bottom) of the Linux screen.

Bottom Line

Pinguy OS may not satisfy power users who like to control navigation with keyboard shortcuts and advanced system settings. However, if you just want your system to work from the start, Pinguy OS has a lot going for it.

Do not let this distro’s self-avowed fervor for simplicity let you misjudge its power and usability. If you think it is too basic for serious users, your thinking might be skewed.

Even if you do not prefer the GNOME 3 desktop, give Pinguy OS a try. It is not your standard GNOME. This OS improves upon most of GNOME 3’s shortcomings. It offers a solid, better GNOME integration.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

Please
email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!


Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.





Source link

Shuttleworth on Ubuntu 18.04: Multicloud Is the New Normal | Software


By Jack M. Germain

Apr 29, 2018 5:00 AM PT

Canonical last week released the
Ubuntu 18.04 LTS platform for desktop, server, cloud and Internet of Things use. Its debut followed a two-year development phase that led to innovations in cloud solutions for enterprises, as well as smoother integrations with private and public cloud services, and new tools for container and virtual machine operations.

The latest release drives new efficiencies in computing and focuses on the big surge in artificial intelligence and machine learning, said Canonical CEO Mark Shuttleworth in a global conference call.

Ubuntu has been a platform for innovation over the last decade, he noted. The latest release reflects that innovation and comes on the heels of extraordinary enterprise adoption on the public cloud.

The IT industry has undergone some fundamental shifts since the last Ubuntu upgrade, with digital disruption and containerization changing the way organizations think about next-generation infrastructures. Canonical is at the forefront of this transformation, providing the platform for enabling change across the public and private cloud ecosystem, desktop and containers, Shuttleworth said.

“Multicloud operations are the new normal,” he remarked. “Boot time and performance-optimized images of Ubuntu 18.04 LTS on every major public cloud make it the fastest and most-efficient OS for cloud computing, especially for storage and compute-intensive tasks like machine learning,” he added.

Ubuntu 18.04 comes as a unified computing platform. Having an identical platform from workstation to edge and cloud accelerates global deployments and operations. Ubuntu 18.04 LTS features a default GNOME desktop. Other desktop environments are KDE, MATE and Budgie.

Diversified Features

The latest technologies under the Ubuntu 18.04 hood are focused on real-time optimizations and an expanded Snapcraft ecosystem to replace traditional software delivery via package management tools.

For instance, the biggest innovations in Ubuntu 18.04 are related to enhancements to cloud computing, Kubernetes integration, and Ubuntu as an IoT control platform. Features that make the new Ubuntu a platform for artificial intelligence and machine learning also are prominent.

The Canonical distribution of Kubernetes (CDK) runs on public clouds, VMware, OpenStack and bare metal. It delivers the latest upstream version, currently Kubernetes 1.10. It also supports upgrades to future versions of Kubernetes, expansion of the Kubernetes cluster on demand, and integration with optional components for storage, networking and monitoring.

As a platform for AI and ML, CDK supports GPU acceleration of workloads using the Nvidia DevicePlugin. Further, complex GPGPU workloads like Kubeflow work on CDK. That performance reflects joint efforts with Google to accelerate ML in the enterprise, providing a portable way to develop and deploy ML applications at scale. Applications built and tested with Kubeflow and CDK are perfectly transportable to Google Cloud, according to Shuttleworth.

Developers can use the new Ubuntu to create applications on their workstations, test them on private bare-metal Kubernetes with CDK, and run them across vast data sets on Google’s GKE, said Stephan Fabel, director of product management at Canonical. The resulting models and inference engines can be delivered to Ubuntu devices at the edge of the network, creating an ideal pipeline for machine learning from the workstation to rack, to cloud and device.

Snappy Improvements

The latest Ubuntu release allows desktop users to receive rapid delivery of the latest applications updates. Besides having access to typical desktop applications, software devs and enterprise IT teams can benefit from the acceleration of snaps, deployed across the desktop to the cloud.

Snaps have become a popular way to get apps on Linux. More than 3,000 snaps have been published, and millions have been installed, including official releases from Spotify, Skype, Slack and Firefox,

Snaps are fully integrated into Ubuntu GNOME 18.04 LTS and KDE Neon. Publishers deliver updates directly, and security is maintained with enhanced kernel isolation and system service mediation.

Snaps work on desktops, devices and cloud virtual machines, as well as bare-metal servers, allowing a consistent delivery mechanism for applications and frameworks.

Workstations, Cloud and IoT

Nvidia GPGPU hardware acceleration is integrated in Ubuntu 18.04 LTS cloud images and Canonical’s OpenStack and Kubernetes distributions for on-premises bare metal operations. Ubuntu 18.04 supports Kubeflow and other ML and AI workflows.

Kubeflow, the Google approach to TensorFlow on Kubernetes, is integrated into Canonical Kubernetes along with a range of CI/CD tools, and aligned with Google GKE for on-premises and on-cloud AI development.

“Having an OS that is tuned for advanced workloads such as AI and ML is critical to a high-velocity team,” said David Aronchick, product manager for Cloud AI at Google. “With the release of Ubuntu 18.04 LTS and Canonical’s collaborations to the Kubeflow project, Canonical has provided both a familiar and highly performant operating system that works everywhere.”

Software engineers and data scientists can use tools they already know, such as Ubuntu, Kubernetes and Kubeflow, and greatly accelerate their ability to deliver value for their customers, whether on-premises or in the cloud, he added.

Multiple Cloud Focus

Canonical has seen a significant adoption of Ubuntu in the cloud, apparently because it offers an alternative, said Canonical’s Fabel.

Typically, customers ask Canonical to deploy Open Stack and Kubernetes together. That is a pattern emerging as a common operational framework, he said. “Our focus is delivering Kubernetes across multiple clouds. We do that in alignment with Microsoft Azure service.”

Better Economics

Economically, Canonical sees Kubernetes as a commodity, so the company built it into Ubuntu’s support package for the enterprise. It is not an extra, according to Fabel.

“That lines up perfectly with the business model we see the public clouds adopting, where Kubernetes is a free service on top of the VM that you are paying for,” he said.

The plan is not to offer overly complex models based on old-school economic models, Fabel added, as that is not what developers really want.

“Our focus is on the most effective delivery of the new commodity infrastructure,” he noted.

Private Cloud Alternative to VMware

Canonical OpenStack delivers private cloud with significant savings over VMware and provides a modern, developer-friendly API, according to Canonical. It also has built-in support for NFV and GPGPUs. The Canonical OpenStack offering has become a reference cloud for digital transformation workloads.

Today, Ubuntu is at the heart of the world’s largest OpenStack clouds, both public and private, in key sectors such as finance, media, retail and telecommunications, Shuttleworth noted.

Other Highlights

Among Ubuntu 18.04’s benefits:

  • Containers for legacy workloads with LXD 3.0 — LXD 3.0 enables “lift-and-shift” of legacy workloads into containers for performance and density, an essential part of the enterprise container strategy.

    LXD provides “machine containers” that behave like virtual machines in that they contain a full and mutable Linux guest operating system, in this case, Ubuntu. Customers using unsupported or end-of-life Linux environments that have not received fixes for critical issues like Meltdown and Spectre can lift and shift those workloads into LXD on Ubuntu 18.04 LTS with all the latest kernel security fixes.

  • Ultrafast Ubuntu on a Windows desktop — New Hyper-V optimized images developed in collaboration with Microsoft enhance the virtual machine experience of Ubuntu in Windows.
  • Minimal desktop install — The new minimal desktop install provides only the core desktop and browser for those looking to save disk space and customize machines with their specific apps or requirements. In corporate environments, the minimal desktop serves as a base for custom desktop images, reducing the security cross-section of the platform.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.





Source link

Android P Tackles Phone Addiction, Distraction | Operating Systems


Google on Tuesday revealed some major new features in the next version of its Android operating system for mobile devices.

Now in public beta, the OS known as “Android P” includes features designed to address growing concerns about phone addiction and distraction.

For example, a dashboard will show users how often, when and for how long they use each application on their phone. What’s more, they can set time limits on usage.

With the help of artificial intelligence, Android P also will watch how a user handles notifications. If notifications from an app constantly are swiped away, Android P will recommend notifications be turned off for that program.

“Do Not Disturb” mode has been beefed up in Android P. Users will be able to set the mode so there are no visual cues at all on a display of notifications, not even in the notification drawer.

The mode can be activated simply by placing the phone face down on a flat surface. If a phone is set up to separate work from personal apps, it can be configured to mute all apps at once with a single toggle.

Moreover, there’s a “wind down” feature that will take the phone into Do Not Disturb mode at a bedtime set by the user.

Fighting Addiction

The new application dashboard and notification muting features target a growing social concern about smartphones.

“Google is making the product far more user-friendly and directly addressing at least some of the problems associated with smartphone addiction,” said Rob Enderle, principal analyst at the Enderle Group.

That strikes a contrast with Android’s chief competitor, iOS.

“Apple is more focused on ensuring privacy and doesn’t seem to be as aggressively addressing the addiction problem,” Enderle told TechNewsWorld.

It remains to be seen whether users will take advantage of the tools.

“Folks should care more about this — but, like any addiction, they likely feel they can deal with this one without help,” Enderle remarked.

The success of the features will depend on Google, noted Gerrit Schneemann, senior analyst at IHS Markit Technology.

“I firmly believe that many smartphone users do not use all the features of their phone to their full potential,” he told TechNewsWorld. “It seems like that could be the case here.”

“If Google focuses on things like ‘wind down’ to expose users to the capabilities, I think there could be traction,” Schneemann said. “However, depending on users to discover the dashboard alone will be problematic on a broad scale.”

More Than Well Being

In addition to the new “digital well-being” features, Android P will provide a new way to navigate phones.

There’s the familiar home button, but with modified behavior. With new gestures, a user swipes up to get an overview of open apps, and swipes up further to go to the app tray.

The back button is still there, but it only appears inside apps.

Google has added screenshot editing to Android P, allowing users to mark up screenshots without having to use another app.

Google also has injected smarts into app searching in Android P. When a search is performed, things that can be done with an app appear along with its icon. So if you search for a ride-sharing app, for example, the results might include a button to hail a ride.

The Android P team partnered with
DeepMind on a new Adaptive Battery feature that optimizes app usage, noted Dave Burke, VP of engineering for Android.

“Adaptive Battery uses machine learning to prioritize access to system resources for the apps the user cares about most,” he wrote in an online post. “It puts running apps into groups with different restrictions using four new ‘App Standby buckets’ ranging from ‘active’ to ‘rare.’ Apps will change buckets over time, and apps not in the ‘active’ bucket will have restrictions in: jobs, alarms, network and high-priority Firebase Cloud Messages.”

Android P Adaptive Battery

Personal Touch

Android P shows Google wants to make the OS more personal and relevant for individuals, noted Brian Blau, a research director at Gartner.

“There’s a lot of new features in Android, but they all center on how can Google users have a more holistic and personal interaction with technology,” he told TechNewsWorld.

With Android P, Google is making a pitch to use less technology, Blau maintained.

“They’re saying you don’t need technology at every last pinpoint in every day of your life,” he continued. “Maybe you need more effective technology with fewer interactions. With Android P, Google is taking away the rough edges. That, over time, means what you will see is an Android that caters much more to the individual.”

From a feature and user interface perspective, Android P is one of the more significant rollouts for the OS in a while, noted Ross Rubin, principal analyst at Reticle Research.

“They’re also letting the beta run on more third-party phones,” he told TechNewsWorld. “In the past, betas only ran on a Nexus or Pixel device.”

Those third-party phones include the Essential Phone, Sony’s Xperia XZ2, Xiaomi’s Mi Mix 2S, Nokia’s 7 Plus, Vivo’s X21, Oppo’s R15 Pro and the soon-to-be-released OnePlus 6.


John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.





Source link

Open Source Is Everywhere and So Are Vulnerabilities, Says Black Duck Report | Enterprise


By Jack M. Germain

May 15, 2018 5:00 AM PT

Black Duck by Synopsys on Tuesday released the 2018 Open Source Security and Risk Analysis report, which details new concerns about software vulnerabilities amid a surge in the use of open source components in both proprietary and open source software.

Open Source Is Everywhere and So Are Vulnerabilities, Says Black Duck Report

The report provides an in-depth look at the state of open source security, license compliance and code-quality risk in commercial software. That view shows consistent growth over the last year, with the Internet of Things and other spaces showing similar problems.

This is the first report Black Duck has issued since Synopsys acquired it late last year. The Synopsys Center for Open Source Research & Innovation conducted the research and examined findings from anonymized data drawn from more than 1,100 commercial code bases audited in 2017.

The report comes on the heels of heightened alarm regarding open source security management following the major data breach at Equifax last year. It includes insights and recommendations to help organizations’ security, risk, legal, development and M&A teams better understand the open source security and license risk landscape.

The goal is to improve the application risk management processes that companies put into practice.

Industries represented in the report include the automotive, big data (predominantly artificial intelligence and business intelligence), cybersecurity, enterprise software, financial services, healthcare, Internet of Things, manufacturing and mobile app markets.

“The two big takeaways we’ve seen in this year’s report are that the actual license compliance side of things is improving, but organizations still have a long way to go on the open source security side of things,” said Tim Mackey, open source technology evangelist at Black Duck by Synopsys.

Gaining Some Ground

Organizations have begun to recognize that compliance with an open source license and the obligations associated with it really do factor into governance of their IT departments, Mackey told LinuxInsider, and it is very heartening to see that.

“We are seeing the benefit that the ecosystem gets in consuming an open source component that is matured and well vetted,” he said.

One surprising finding in this year’s report is that the security side of the equation has not improved, according to Mackey.

“The license part of the equation is starting to be better understood by organizations, but they still have not dealt with the number of vulnerabilities within the software they use,” he said.

Structural Concerns

Open source is neither more nor less secure than custom code, based on the report. However, there are certain characteristics of open source that make vulnerabilities in popular components very attractive to attackers.

Open source has become ubiquitous in both commercial and internal applications. That heavy adoption provides attackers with a target-rich environment when vulnerabilities are disclosed, the researchers noted.

Vulnerabilities and exploits are regularly disclosed through sources like the National Vulnerability Database, mailing lists and project home pages. Open source can enter code bases through a variety of ways — not only through third-party vendors and external development teams, but also through in-house developers.

Commercial software automatically pushes updates to users. Open source has a pull support model. Users must keep track of vulnerabilities, fixes and updates for the open source system they use.

If an organization is not aware of all the open source it has in use, it cannot defend against common attacks targeting known vulnerabilities in those components, and it exposes itself to license compliance risk, according to the report.

Changing Stride

Asking whether open source software is safe or reliable is a bit like asking whether an RFC or IEEE standard is safe or reliable, remarked Roman Shaposhnik, vice president of product & strategy at
Zededa.

“That is exactly what open source projects are today. They are de facto standardization processes for the software industry,” he told LinuxInsider.

A key question to ask is whether open source projects make it safe to consume what they are producing, incorporating them into fully integrated products, Shaposhnik suggested.

That question gets a twofold answer, he said. The projects have to maintain strict IP provenance and license governance to make sure that downstream consumers are not subject to frivolous lawsuits or unexpected licensing gotchas.

Further, projects have to maintain a strict security disclosure and response protocol that is well understood, and that it is easy for downstream consumers to participate in a safe and reliable fashion.

Better Management Needed

Given the continuing growth in the use of open source code in proprietary and community-developed software, more effective management strategies are needed on the enterprise level, said Shaposhnik.

Overall, the Black Duck report is super useful, he remarked. Software users have a collective responsibility to educate the industry and general public on how the mechanics of open source collaboration actually play out, and the importance of understanding the possible ramifications correctly now.

“This is as important as understanding supply chain management for key enterprises,” he said.

Report Highlights

More than 4,800 open source vulnerabilities were reported in 2017. The number of open source vulnerabilities per code base grew by 134 percent.

On average, the Black Duck On-Demand audits identified 257 open source components per code base last year. Altogether, the number of open source components found per code base grew by about 75 percent between the 2017 and 2018 reports.

The audits found open source components in 96 percent of the applications scanned, a percentage similar to last year’s report. This shows the ongoing dramatic growth in open source use.

The average percentage of open source in the code bases of the applications scanned grew from 36 percent last year to 57 percent this year. This suggests that a large number of applications now contain much more open source than proprietary code.

Pervasive Presence

Open source use is pervasive across every industry vertical. Some open source components have become so important to developers that those components now are found in a significant share of applications.

The Black Duck audit data shows open source components make up between 11 percent and 77 percent of commercial applications across a variety of industries.

For instance, Bootstrap — an open source toolkit for developing with HTML, CSS and JavaScript — was present in 40 percent of all applications scanned. jQuery closely followed with a presence in 36 percent of applications.

Other components common across industries was Lodash, a JavaScript library that provides utility functions for programming tasks. Lodash appeared as the most common open source component used in applications employed by such industries as healthcare, IoT, Internet, marketing, e-commerce and telecommunications, according to the report.

Other Findings

Eighty-five percent of the audited code bases had either license conflicts or unknown licenses, the researchers found. GNU General Public License conflicts were found in 44 percent of audited code bases.

There are about 2,500 known open source licenses governing open source components. Many of these licenses have varying levels of restrictions and obligations. Failure to comply with open source licenses can put businesses at significant risk of litigation and compromise of intellectual property.

On average, vulnerabilities identified in the audits were disclosed nearly six years ago, the report notes.

Those responsible for remediation typically take longer to remediate, if they remediate at all. This allows a growing number of vulnerabilities to accumulate in code bases.

Of the IoT applications scanned, an average of 77 percent of the code base was comprised of open source components, with an average of 677 vulnerabilities per application.

The average percentage of code base that was open source was 57 percent versus 36 percent last year. Many applications now contain more open source than proprietary code.

Takeaway and Recommendations

As open source usage grows, so does the risk, OSSRA researchers found. More than 80 percent of all cyberattacks happened at the application level.

That risk comes from organizations lacking the proper tools to recognize the open source components in their internal and public-facing applications. Nearly 5,000 open source vulnerabilities were discovered in 2017, contributing to nearly 40,000 vulnerabilities since the year 2000.

No one technique finds every vulnerability, noted the researchers. Static analysis is essential for detecting security bugs in proprietary code. Dynamic analysis is needed for detecting vulnerabilities stemming from application behavior and configuration issues in running applications.

Organizations also need to employ the use of software composition analysis, they recommended. With the addition of SCA, organizations more effectively can detect vulnerabilities in open source components as they manage whatever license compliance their use of open source may require.


Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.





Source link