Nokia Announces Two New Windows Phones

Nokia Announces Two New Windows Phones, Lumia 800 and 710 More »

otocycles – Spanish electric bicycle

Spanish electric bicycle manufacturer has announced two new models that are very much inspired by the look of motorbikes of the 1950s. More »

Segway SE-3 Patroller

It’s a natural strengthening of Segway’s Patroller product heritage an ideal be of the same opinion for missions that require a larger vehicle More »

 

Meizu m2 Review

Meizu m2 Review

Meizu might have some way to go before establishing itself as a serious player in India, but it's fairly well established in its home market China. In the business of smartphones since 2008, Meizu is one of the top 10 manufacturers in China. Following a heavy infusion of capital investment from Alibaba in February, the company announced plans to launch in India a month later and finally launched the m1 Note in May.

The latest product from its stable to launch in India is the Meizu m2. Priced at Rs. 6,999, the m2 offers a solid set of specifications and features, while keeping the price competitive. We explore the device in our in-depth review.

meizu_m2_back_ndtv.jpg

Look and feel
The Meizu m2 has a distinct look, which follows the same design philosophy that the company has used with all of its devices. It apes Apple's designs to a certain extent, especially the front which has only a single physical button. While this might look good, the button has to serve as both the Home and Back keys, since it's both touch sensitive and physical. Tapping the key serves as the Back command, while pressing down serves as the Home command. Apart from this, the front camera and earpiece at the top are the only other features visible on the front.

The 5-inch 720×1280-pixel screen occupies 71.4 percent of the front of the device and uses Asahi Dragontrail glass for damage protection. It's a convenient size, and suitably detailed with a 294-ppi density. While the display is decent in terms of colour, detail and resolution, it isn't quite as bright as we'd like, even at full brightness. This leads to readability issues outdoors under intense sunlight, as well as problems with viewing angles and heavy reflection off the screen.

meizu_m2_main_ndtv.jpg

The power and volume keys are on the right; the USB port and speaker are at the bottom; the SIM tray is on the left; and the 3.5mm socket is at the top. The back is simple and tasteful, with the camera and flash at the top, along with the Meizu logo near the bottom. We like the curved lower edges and dull finish of the m2. At just 131g, it's comfortable to hold and easy to grip. The m2 appears from afar to be metal, although the build is definitely polycarbonate.

The device does not have a removable rear panel, so the battery is not user accessible. The SIM tray on the left edge is a hybrid one, which means that you can have either dual-SIM connectivity or expandable storage, but not both. Fortunately, the device comes with 16GB of internal storage, which is always welcome at this price level. About 10GB is user-accessible, which should be sufficient for most budget users.

meizu_m2_sims_ndtv.jpg

Specifications and software
The Meizu m2 is a 4G-capable device, with both SIM slots capable of supporting LTE connectivity. If you choose to use the hybrid slot for expandable storage, you can insert up to a 128GB microSD card. Apart from these features, the device has 2GB of RAM, a 2500mAh battery, and runs on a MediaTek MT6735 SoC. This is a 1.3GHz quad-core SoC with a Mali-T720MP2 GPU, and is commonly seen on devices in this price range.

The m2 runs on Flyme 4.5 OS, a highly customised skin based on Android 5.1. It bears very little aesthetic resemblance to stock Android, and changes a lot about how the system operates. While innovation in software is admirable and should be encouraged to help set devices apart, we can't help but feel that Flyme OS changes things only for the sake of being different. A lot of these tweaks seem unnecessary to us and only serve to complicate the user experience in our opinion.

meizu_m2_funangle_ndtv.jpg

The most significant change in Flyme is the lack of the three Android soft keys. Instead, the device has only one physical home key, which can be tapped or pressed for either back or home respectively. In order to access the app switcher, you need to swipe upwards from the bottom of the screen, avoiding the home key.

The notifications and quick settings menu are accessed via a typical swipe down from the top. However, unlike with other skins, a two-finger swipe will not directly bring down the shortcuts list, and it's among the least intuitive notification drawers we've used. The settings menu is also complicated by a two-layered interface which we didn't like the look and feel of, while a couple of the pre-installed apps seem designed only for China and can neither be used in India nor uninstalled. We feel that all of these changes are unnecessary and needlessly turn what should have been a straightforward user interface into one that's rather messy.

meizu_m2_homekey_ndtv.jpg

Camera
The Meizu m2 has a 13-megapixel primary camera with single-tone LED flash, along with a 5-megapixel front camera. Both can record video at up to 1080p and use all the available modes, including auto, manual, beauty, panorama, light field, scan, and slow motion.

The camera app itself is a bit slow, and switching between modes is buggy and takes too long, since it involves swiping the screen multiple times to get to mode you want. There are quick options for video, flash, filters and the camera switcher, so the rest of the app is not too bad.

The camera itself is acceptable for a budget device, but has some issues. Colours are a bit dull, with images appearing too soft and unexciting. Additionally, the shots lack detail when zoomed in to. Photos were susceptible to blur and noise issues, and a steady hand is required while shooting video. On the whole, we weren't too thrilled with the results.

meizu_m2_camera_ndtv.jpgmeizu_m2_camerashot2_ndtv.jpg

(Click to see full-size image)

Performance
The Meizu m2 is a budget device, and features the MediaTek MT6735 SoC which is popular in this price range. It ensures decent performance in most day-to-day activities, as well as some high-intensity tasks such as gaming. The level of performance that we got from the m2 was suitably smooth and more or less on par with other similarly priced devices.

The phone also did well with our test videos, running all of them well, including the ones encoded at a high bit rate. Angry Birds 2 and Dead Trigger 2 both produced some heat at the back of the device, as well as heavy battery drain, but the build and materials used ensured that it cooled down quickly. The phone is usually snappy when navigating around the interface and basic apps, although we did find certain apps such as the camera and browser to be occasionally slow to load and process commands.

Battery life was average for a device in this price range, with the phone running for just under 9 hours in our video loop test. In day-to-day use, the Meizu m2 will run for a full day under moderate usage conditions. Most basic users will be satisfied with the performance of the Meizu m2 for their smartphone requirements.

meizu_m2_bottom_ndtv.jpg

Verdict
Meizu is well established in China, but is an absolute newcomer in India with a long way to go before becoming a serious player here. The Meizu m2 is a good looking device that performs well for the price and comes with 4G capability, so the company definitely has the potential to do well in India with the m2. However, the Snapdeal-exclusive device is only available through flash sales which require prior registration, so it might be a bit harder to procure than a lot of its competition.

The device is not without its flaws. It has a complicated user interface that is different for no good reason, and a camera that takes only average pictures at best. It's best suited to basic users who have some experience with smartphones and Android in general. First-time smartphone adopters would do better with a less complicated device. However, if you're looking for good looks and decent performance, the Meizu m2 is a great option in the budget category.


Meizu m2 in pictures

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Meizu m2

Meizu m2

R 6999 3.5

  • Review
  • Key Specs
  • News
  • Design
  • Display
  • Software
  • Performance
  • Battery life
  • Camera
  • Value for money
  • Good
  • Good looks and build
  • Decent performance and specs
  • Good value for money
  • Bad
  • Software is too complicated
  • Average camera performance

Read detailed Meizu m2 review

Display

5.00-inch

Processor

1.3GHz

Front Camera

5-megapixel

Resolution

720×1280 pixels

RAM

2GB

OS

Android 5.1

Storage

16GB

Rear Camera

13-megapixel

Battery capacity

2500mAh See full Meizu m2 specifications

  • Meizu m2 Review

  • Meizu m2 With 13-Megapixel Camera Launched at Rs. 6,999

  • Meizu m2 India Launch Confirmed for Next Week

  • Meizu m2 With 13-Megapixel Camera, Android 5.1 Lollipop Launched

More Meizu mobilesOriginal NDTV Gadgets

Real Cricket 16 for Android, iOS Has a Release Date and New Features

Real Cricket 16 for Android, iOS Has a Release Date and New Features

Upcoming Android and iOS cricket game Real Cricket 16 has a release date. You can download it via Google Play on March 5 with a version for iOS users soon after. This isn't all. Nautilus Mobile let slip a host of new features you can expect when the game hits.

Some of these include quality of life updates such as a revamped user interface, player profiles, improved leaderboards, and enhanced stat tracking. However, there are a few that have piqued our curiosity.

For one, you'll be able to choose new bowling and batting actions. What this means is, if you're tired of the same animations the game has, you can select and download fresh ones to liven up things. It's a simple yet welcome addition that's bound to make the proceedings a whole lot more interesting.

(Also see: Real Cricket 16 for Android and iOS Announced)

In addition to this, you'll be able to partake in historical scenarios, allowing you to play through a sliver of a match instead of the entire game. And while Nautilus is mum on what real-life cricketing encounters would inspire this mode, we're betting on a healthy dose of matches from all time classics and current memory.

real_cricket_16_nautilus_mobile.jpg

Furthermore, major domestic tournaments will be present in-game. These would include leagues from Australia, England, New Zealand, South Africa, and West Indies to name a few. Needless to say, the Indian Domestic 50 over League is announced but will be coming as a future update, as well ensuring there's something for fans from every cricketing nation.

Looking for something that's less taxing on your reflexes? Nautilus is throwing in a quiz mode as well. From the looks of things, Real Cricket 16 is shaping up to be one of the more comprehensive depictions of the beautiful game that isn't football, with something for just about anyone who is a fan of the sport.

What do you plan on doing first when Real Cricket 16 hits on March 5? Let us know via the comments.

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Original NDTV Gadgets

Meet the Man Who Holds the Future of the Internet in His Hands

Meet the Man Who Holds the Future of the Internet in His Hands

It took years for the Internet to reach its first 100 computers. Today, 100 new ones join each second. And running deep within the silicon souls of most of these machines is the work of a technical wizard of remarkable power, a man described as a genius and a bully, a spiritual leader and a benevolent dictator.

Linus Torvalds – who in person could be mistaken for just another a paunchy, middle-aged suburban dad who happens to have a curiously large collection of stuffed penguin dolls – looms over the future of computing much as Bill Gates and the late Steve Jobs loom over its past and present. For Linux, the operating system that Torvalds created and named after himself, has come to dominate the exploding online world, making it more popular overall than rivals from Microsoft or Apple.

But while Linux is fast, flexible and free, a growing chorus of critics warn that it has security weaknesses that could be fixed but haven’t been. Worse, as Internet security has surged as a subject of international concern, Torvalds has engaged in an occasionally profane standoff with experts on the subject. One group he has dismissed as “masturbating monkeys.” In blasting the security features produced by another group, he said in a public post, “Please just kill yourself now. The world would be a better place.”

There are legitimate philosophical differences amid the harsh words. Linux has thrived in part because of Torvalds’s relentless focus on performance and reliability, both of which could suffer if more security features were added. Linux works on almost any chip in the world and is famously stable as it manages the demands of many programs at once, allowing computers to hum along for years at a time without rebooting.

Yet even among Linux’s many fans there is growing unease about vulnerabilities in the operating system’s most basic, foundational elements – housed in something called “the kernel” – which Torvalds has personally managed since its creation in 1991. Even more so, there is concern that Torvalds’s approach to security is too passive, bordering on indifferent.

“Linus doesn’t take security seriously, it’s yet another concern in his mind, and he’s surrounded himself with people who share those views,” said Daniel Micay, a Toronto-based security researcher whose company, Copperhead, is developing a hardened version of the Android mobile operating system, which is based on Linux. “There are a lot of kernel developers who do really care about security, but they’re not the ones making the calls.”

The rift between Torvalds and security experts is a particular source of worry for those who see Linux becoming the dominant operating system at a time when technology is blurring the borders between the online and offline worlds. Much as Windows long was the standard for personal computers, Linux runs on most of the Internet’s servers. It also operates on medical equipment, sensitive databases and computers on many kinds of vehicles, including tiny drones and warships.

“If you don’t treat security like a religious fanatic, you are going to be hurt like you can’t imagine. And Linus never took seriously the religious fanaticism around security,” said Dave Aitel, a former National Security Agency research scientist and founder of Immunity, a Florida-based security company.

Torvalds – who despite his history of blistering online exchanges is genial in person, often smiling from behind round-framed glasses – indeed appears to be the opposite of a religious fanatic as he zips around his adopted home town of Portland, Oregon, in a yellow Mercedes convertible. The license plate is “DAD OF3,” but it’s the plate holder that better captures his sly sense of humor, somehow mixing self-confidence with self-mockery. “MR. LINUX,” it reads, “KING OF GEEKS.”

Over several hours of conversation, Torvalds, 45, disputed suggestions that security isn’t important to him or to Linux, but he acknowledged being “at odds” with some security experts. His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities – such as speed, flexibility, ease of use – in a series of inherently nuanced trade-offs. This is a process, Torvalds suggested, poorly understood by his critics.

“The people who care most about this stuff are completely crazy. They are very black and white,” he said, speaking with a slight Nordic accent from his native Finland. “Security in itself is useless. . . . The upside is always somewhere else. The security is never the thing that you really care about.”

When the interviewer asked whether Linux – designed in an era before hacking had become a major criminal enterprise, a tool of war and constant threat to the privacy of billions of people – was due for a security overhaul after 24 years, Torvalds replied, “You’re making sense, and you may even be right.”

But what followed was a bracing example of why Torvalds believed the interviewer was wrong: Imagine, Torvalds said, that terrorists exploited a flaw in the Linux kernel to cause a meltdown at a nuclear power plant, killing millions of people.

“There is no way in hell the problem there is the kernel,” Torvalds said. “If you run a nuclear power plant that can kill millions of people, you don’t connect it to the Internet.”

Or if you do, he continued, you build robust defenses such as firewalls and other protections beyond the operating system so that a bug in the Linux kernel isn’t enough to create a catastrophe.

“If I have to worry about that kind of scenario happening,” Torvalds added with a wry grin, “I won’t get any work done.”

Even without a potential nuclear disaster, the stakes are high. Operating system kernels are the most essential code on any computer, allowing hardware to work smoothly with multiple pieces of software. This makes kernels uniquely powerful – they can override the safeguards on any other program, meaning nothing on a computer is truly secure if the operating system kernel is not.

linux_2_wp.jpg

Now, consider this: The Linux kernel runs on the New York Stock Exchange, every Android smartphone and nearly all of the world’s supercomputers. Most of the rapidly expanding universe of connected devices use Linux, as do many of the world’s biggest companies, including Google, Facebook and Amazon.com. The tech-heavy US economy, many would argue, also depends on the smooth functioning of Linux.

Even more broadly, the battle over Linux security is a battle over the future of the online world. At a time when leading computer scientists are debating whether the Internet is so broken that it needs to be replaced, the network is expanding faster than ever, layering flaw upon flaw in an ever-expanding web of insecurity. Perhaps the best hope for fixing this, some experts argue, lies in changing the operating system that – more than any other – controls these machines.

But first, they have to change the mind of Linus Torvalds.

Stories about tech titans tend toward pat narratives: the blazing discovery, the shrewd business moves, the thrilling triumph after years of struggle. The story of Torvalds, and by extension Linux, is almost the opposite. He was a shy, brainy college student who built something with no obvious market – a new operating system in a world that already had Windows, Mac OS and Unix – and gave it away. It wasn’t a business. It was a hobby.

There is a telling moment in his autobiography, “Just for Fun,” written with journalist David Diamond, that captures this spirit of naive experimentation. In early 1992, about six months after announcing the creation of Linux, Torvalds posted an online message asking anyone using the operating system to send him a postcard.

Soon, his mailbox in Helsinki overflowed with hundreds of postcards from the United States, New Zealand, Japan and beyond. It was the first time his sister and mother, with whom Torvalds shared an apartment, realized he was up to something big. Torvalds had told them little about what he was doing in his bedroom, perched over his computer, all hours of the day and night.

This diffuse and ever-growing community of users proved to be the magic that powered Linux. The operating system had its inherent virtues – it was simple and clean; tech enthusiasts worldwide fell in love with its elegance – but more important it was an “open-source” project. That meant anybody could use it, alter it and even make a new version without paying a cent, without even asking permission. Linux soon became, in a phrase from Torvalds’s autobiography, the “world’s largest collaborative project,” with contributors numbering in the hundreds of thousands. They drove the growth of Linux long after Torvalds might have lost interest.

“In 1992,” he said, “I was like, ‘Wow, it does everything I wanted it to do. What now?’ ”

Torvalds had little choice but to become the general of an unruly volunteer army. As the kernel grew from 10,000 lines of code to 19 million, Torvalds created an elaborate and remarkably functional system that, every couple of months, offered a free update of the Linux kernel to anyone who wanted it.

Based on the kernel, others then tailored the operating systems to their own tastes and purposes, adding even more lines of code that collectively became fully fledged “distributions” of Linux that ran on various types of computers. The price of admission to this elaborate process was faith in Torvalds, although some went the extra step of making some kind of offering to their hero: free computer gear, company T-shirts or penguin dolls (because a squat, cheerful-looking aquatic waterfowl – usually sitting lazily on its butt – was the symbol of Linux).

Years of spinning such devotion into well-honed computer code has shaped a development process that is gradual and evolutionary. The goal is to fix problems and adapt to new hardware, while never causing malfunctions. This idea is enshrined, somewhat antiseptically, in Torvalds’s often-stated prohibition against what he calls “breaking user space” – essentially, causing something that a user depends on to stop working. But there is nothing antiseptic about his reaction when somebody violates this cardinal rule.

One notorious exchange came in December 2012, when Torvalds publicly raged to a regular Linux contributor who had proposed a flawed patch: “WE DO NOT BREAK USERSPACE! Seriously. How hard is this rule to understand? We particularly don’t break user space with TOTAL CRAP. I’m angry, because your whole email was so _horribly_ wrong, and the patch that broke things was so obviously crap.”

Torvalds sometimes expresses regret about his rhetorical excesses, but the emotion that boils up in these moments is unmistakably real, fueled by his fierce sense of guardianship over Linux.

The effect of Torvalds’s approach to managing the kernel – defensive, gradualist, sometimes cranky – chilled debate about the security of Linux even as it became a bigger, richer target for hackers. The result, critics argue, is that while Linux in its early days was widely considered a safer choice than Windows or other commercial operating systems, the edge has dwindled and perhaps disappeared.

“While I don’t think that the Linux kernel has a terrible track record, it’s certainly much worse than a lot of people would like it to be,” said Matthew Garrett, principal security engineer for CoreOS, a San Francisco company that produces an operating system based on Linux. At a time when research into protecting software has grown increasingly sophisticated, Garrett said, “very little of that research has been incorporated into Linux.”

Versions of Linux have proved vulnerable to some of the most serious bugs in recent years, including Heartbleed and Shellshock. AshleyMadison.com, the site that facilitates extramarital affairs and suffered an embarrassing data breach in July, was reportedly running Linux on its servers, as do many companies.

Those problems did not involve the kernel itself, but experts say the kernel has become a popular target for hackers building “botnets,” giant networks of computers that can be organized to attack targets. Experts also say that government spies – and the companies that sell them surveillance tools – have turned their attention to the kernel as Linux has spread.

The Security Intelligence Response Team for Akamai, a leading Internet content delivery company, spoke bluntly on the rising vulnerability of Linux in September when it announced the discovery of a massive botnet that attacked up to 20 targets worldwide each day.

“A decade ago, Linux was seen as the more secure alternative to Windows environments, which suffered the lion’s share of attacks at the time,” Akamai’s security team wrote. But the sharply rising popularity of Linux has meant “the potential opportunity and rewards for criminals has also grown. Attackers will continue to evolve their tactics and tools and security professionals should continue to harden their Linux based systems accordingly.”

linux_3_wp.jpg

But harden how?
Even if Torvalds originally considered Linux just a hobby, others saw gold. Red Hat, a North Carolina company, released a version that became widely deployed across corporate America and at many government agencies. A South African businessman released Ubuntu, a popular desktop version of Linux, in 2004. Traditional tech giants – IBM, Intel, Oracle – also made big bets on Linux.

As Linux took off, Torvalds took something of a detour, leaving Finland with his wife and first child in 1997 to work for a Silicon Valley start-up. But he never gave up control of Linux and, in 2003, Torvalds joined an Oregon-based nonprofit group that later merged with another group to become the Linux Foundation, which promotes the overall development of the operating system.

(Torvalds also was granted stock options by Red Hat and one other company selling Linux products, making him comfortable enough to pay cash for a new house but not nearly as rich as Gates or other top tech executives.)

The rising popularity of the operating system sparked efforts to toughen its defenses. Companies that sold versions of Linux had security teams add protections. Even the US government, which has adopted Linux on many of its computers, had the NSA develop advanced security features, called SELinux, making the operating system more suitable for sensitive work. (This was a defensive effort, say security experts, not part of the NSA’s spying mission.)

The problem, as critics pointed out, was that these protections relied on building walls around the operating system that, however high or thick, could not possibly stop all comers. Those who penetrated gained control of the Linux kernel itself, meaning the hackers could make a compromised computer do anything they wanted – even if every other piece of software on the machine was flawlessly protected. According to veteran security engineer Kees Cook, this made the Linux kernel “the ultimate attack surface.”

“Vulnerabilities in the kernel generally meant that an attacker with access to a flawed kernel interface” – meaning a bug in the code – “could bypass nearly every other security policy in place and take total control of the system,” said Cook, who from 2006 to 2011 worked for Canonical, which supported the Ubuntu version of Linux, and later joined Google to work on kernel security.

Another expert, Brad Spengler of Grsecurity, used satire to make a similar point in 2009, circulating a spoof of an illustration that had been used in promotional material for SELinux. The original version showed the kernel wrapped in protective layers that repelled attacks, but the spoof overlaid images of “Sesame Street” characters happily getting through these layers to menace the kernel. Ernie, Bert, Elmo, Oscar the Grouch and the Cookie Monster represented “Blackhats with kernel exploits,” the text read, meaning that malicious hackers armed with the computer bugs that offered a way past even the heaviest defenses.

Spengler later acknowledged that the spoof was “childish” but said it “at least was more accurate” than the original diagram. To drive the point home, he soon demonstrated how nearly a dozen known Linux coding bugs could be exploited by malicious hackers to defeat external defenses and take control of the kernel.

The response from Torvalds to such concerns did little to calm Spengler or other critics. In an era when software makers increasingly were candid about security flaws, issuing alerts that detailed problems and explicitly urged people to install safer updates, Torvalds had a different approach. In messages that accompanied each new version of the Linux kernel, he described various improvements but would not call attention to the ones that fixed security problems.

This frustrated security experts who saw transparency as a key part of their mission. They reasoned that if a software maker knew about a bug, then malicious hackers almost certainly did, too, and had been exploiting it for months or even years. Failing to warn users directly and forcefully made it harder for them to protect themselves.

Torvalds, however, has held his ground on this issue. He knew there were countless versions of Linux running across the world and that weeks or months often passed before updates reached individual machines. Publicly revealing details about computer bugs – even if fixed in the latest release – gave an edge to malicious hackers until the software fixes arrived, he believed.

Torvalds also resisted suggestions that security deserved a special place in the hierarchy of concerns faced by software makers. All flaws, in his view, were equally serious. This attitude was enshrined in a public posting in July 2008 that said: “I personally consider security bugs to be just ‘normal bugs.’ I don’t cover them up, but I also don’t have any reason what-so-ever to think it’s a good idea to track them and announce them as something special.”

This comment – often recalled in shorthand as Torvalds’s declaration that “bugs are just bugs” – is the line most often quoted by his critics as they seek to explain what they consider a persistent, almost willful tone-deafness on security. These experts say that although most bugs are mere glitches that might cause a function to fail or a program to crash, others are far more serious, offering malicious hacker an opening to take total control of computers.

Those who specialize in security think in terms of categories of bugs. Each one is a cousin of others, some known, some not yet discovered, based on what functions they exploit. By studying each new one carefully, these experts believe it is possible to defeat entire classes of bugs with a single fix.

But in his recent interview with The Washington Post, Torvalds rejected the notion that bugs could be usefully sorted into categories. “I refuse to waste a second of my life or any other developer’s life trying to classify something that can’t be classified,” he said.

Rather than trying to create protections against “classes” of bugs, Torvalds seeks to inspire better coding in general. “Well-written code just doesn’t have a lot of special cases. It just does the right thing. . . . It just works in all situations.”

As for the exceptions, Torvalds shrugs: “Sometimes reality bites you in the ass. Sometimes it’s just bad coding.”

There has been a recurring subplot in the history of the online world: For every advance, every thrilling new vista of possibility, there are those who warn of dangers lurking in shadows ahead. To borrow from Greek mythology, they are the Cassandras – often right in their prophecies, yet generally ignored until disaster actually arrives.

The leading Cassandra in the Linux story has been Spengler, whose critique of SELinux featured malevolent “Sesame Street” characters in 2009. He and a pair of collaborators, who worked for an affiliated project called the PaX Team, had over several years developed patches that dramatically hardened Linux. The best known of these techniques, called address space layout randomization, reshuffled each computer’s memory regularly. So even when hackers found their way to the kernel, they became so disoriented that it was difficult to steal files or implant malicious code.

linux_4_wp.jpg

Despite providing a steady supply of defensive innovations, Spengler did not become a popular figure within the upper reaches of the Linux community, among whom he was seen as extreme in his views and sometimes brittle in his manner. Plus the Grsecurity and PaX patches, though universally regarded as cutting-edge security measures, can slow computer performance. Some also caused some features to not work as well, violating Torvalds’s cardinal rule against “breaking user space.”

Torvalds said recently of Spengler, “He’s one of the crazy security people, no doubt about it, and so we’ve butted heads.”

He added that Spengler “is somebody I respect from a technical standpoint,” but a split emerged that was philosophical and, eventually, personal. Torvalds was happy to let Spengler’s project toil on the fringes of a sprawling Linux empire, but Torvalds showed little interest in overhauling the kernel itself to address complaints from the security community, especially if that meant exacting a significant price in operating system performance.

“The market for that is pretty small in the end,” he later said of Spengler’s project. “Most people don’t want the Grsecurity system.”

The limited consumer demand for security was not news to anybody who worked in the field. Spengler often lamented how, as Linux spawned a multibillion-dollar industry, he and his colleagues struggled to raise enough in donations to underwrite their work.

“People don’t really care that much,” Spengler later said. “All of the incentives are totally backward, and the money isn’t going where it’s supposed to. The problem is just going to perpetuate itself.”

Because the Linux kernel is not produced by a business, it doesn’t respond to market conditions in a conventional way, but it is unquestionably shaped by incentives – and most of all, by Torvalds’s priorities.

To carry out this vision, Torvalds has surrounded himself with dozens of code “maintainers,” each of whom help manage different elements of the operating system. Anyone with an idea for improving Linux can craft the relevant code and submit it to a maintainer, who vets each proposal before sending the best ones upward to Torvalds himself.

From his home office above a three-car garage, Torvalds then approves – and occasionally rejects – the changes submitted by the maintainers and consolidates them before releasing the next version. Each new release typically affects hundreds of thousands of lines of code, and each change carries the risk of creating new bugs.

Though once largely a volunteer effort, top maintainers today typically have day jobs with tech companies that have a stake in the growth of the operating system and pay salaries to developers to support that common goal. But the Linux development process remains decentralized, relying heavily on the individual interests and initiative.

Even many Linux enthusiasts see a problem with this from a security perspective: There is no systemic mechanism for identifying and remedying problems before hackers discover them, or for incorporating the latest advances in defensive technologies. And there is no chief security officer for the Linux kernel.

“Security is an easy problem to ignore, and maybe everyone thinks somebody else should do it,” said Andrew Lutomirski, a maintainer for part of the Linux kernel and an advocate for introducing better defenses overall. “There certainly are people who have security as a much higher priority than Linus Torvalds does.”

Spengler’s quest to improve overall Linux security peaked in 2010, when he spoke at a Linux conference in Boston. He prepared an extensive presentation titled “Linux Security in 10 Years” that detailed a range of ideas for keeping the kernel safe even when hacks inevitably happened.

The proposals seemed so urgent to Spengler that he expected to see top Linux maintainers, and possibly even Torvalds himself, in the audience. But when he looked out across the half-empty room, Spengler saw none of them. They were all off at other meetings.

“These guys are just working on things that they’re interested in, and, for most of them, what they’re interested in is not security,” Spengler said recently. “My feeling with Linux is that they still treat security as a kind of nuisance thing.”

In the years since Spengler and others began warning about the security of Linux, it has triumphed in the marketplace. Google released its first version of the Android mobile operating system, which is based on Linux, in 2007, allowing Torvalds’s work to reach hundreds of millions of smartphones each year. Google also made the kernel the basis of Chrome OS, used in an increasingly popular category of cloud-based computers called Chromebooks.

Companies building the so-called Internet of Things – a massive universe including objects as diverse as online thermostats, heart-rate monitors and in-flight entertainment systems – also came to prefer Linux, which requires no fees that might drain away profits.

Those worried about security arguably have bigger problems than Linux, at least for now. Hackers are more likely to prey upon Oracle’s Java and Adobe’s Flash and Acrobat. But while many older, vulnerable pieces of software are being phased out, Linux is conquering new computing worlds.

As the operating system explodes in popularity, the debate over security has begun drawing attention beyond the world of Linux insiders. Sergey Bratus, as associate professor of computer science at Dartmouth College, argues that the kernel should be overhauled to streamline the code and to integrate the type of security features long advocated for by Spengler and other critics – even if the features slow computers down.

“In a device that I trust my life to, I would prefer this,” Bratus said.

The most famous overhaul in software history came in 2002, when Gates ordered engineers at Microsoft to make security their top priority, a process that took several years and helped the famously hackable staples of that company’s lineup get considerably safer.

The security situation with Linux is not nearly so dire as it was for Microsoft in 2002. It’s also harder to see how such an overhaul could happen for an open-source project.

“Linux cannot just be turned around by a memo from Linus. He’s not Bill Gates,” Bratus said. “But a culture change is definitely needed before we start relying on these systems for everything.”

The Linux Foundation did suffer an embarrassing hack in 2011. More recently, in 2014, Linux devotees were unhappy to discover that an Italian surveillance company, called Hacking Team, had swiftly turned a Linux exploit called “towelroot” into a skeleton key capable of gaining access to hundreds of millions of Android phones. This allowed Hacking Team to turn Android devices into powerful spying tools – capable of tracking targets, recording their conversations, rifling through their files, even taking pictures of them – on behalf of customers that included some of the world’s most repressive governments.

“It works :),” wrote one Hacking Team developer to another in an e-mail about towelroot, according to a trove published by WikiLeaks. “Good job, thanks!”

The security stakes for the tech industry were underscored in the keynote address at an August summit on Linux security that pointedly compared the blinkered attitude of software makers today with that of the automobile industry in the 1960s, when cars functioned well but failed to protect people during unforeseen events such as crashes – leading directly to unnecessarily suffering and death.

“Let’s not take 50 years to get to the point where computing is fun, powerful and a lot less likely to maim you when you make a mistake,” concluded the keynote speaker, Konstantin Ryabitsev, who manages computer systems for the Linux Foundation.

‘Dodo birds had it coming’
The Cassandra myth reached its tragic climax when she warned the Trojans that a giant wooden horse on their shores – supposedly a gift of surrender after a long siege – actually was filled with Greek warriors who soon would emerge to destroy Troy. The Trojans laughed and ridiculed Cassandra. They realized their error when it was too late.

In the days after Ryabitsev gave his August keynote address suggesting that software makers should rethink how they approach security, several Linux maintainers exchanged messages on a public mailing list about the possibility of revisiting some of the issues long raised by Spengler and other critics.

“We have some measures in place, although we are really not doing everything we can,” wrote James Morris, maintainer of Linux’s exterior defenses against attackers. As evidence of his concern, Morris cited occasions when bugs are discovered that are thwarted by Grsecurity – Spengler’s patches – but not the main kernel released by Torvalds.

Spengler’s name soon came up explicitly in the discussion, although participants correctly guessed that he had little interest in participating in such an effort now. (“I already did it in 2010,” he said in an interview afterward. “It’s kind of annoying that nothing came of it at the time. . . . I feel it would be better if they came up with their own ideas.”)

Among those who were part of the discussion was Kees Cook, the Linux security engineer who now works for Google. He, too, recalled Spengler’s call to action in 2010. Cook said there have been improvements since then – what he called “the low-hanging fruit” – but not enough.

“We’re five years into that list, and we’ve only scratched the surface,” said Cook, who in addition to his work for Google is a maintainer for Linux and part of a kernel security response team. “There is not the cultural shift I’d like to see.”

Yet Cook and others say the chances of a major reconsideration of kernel security may now be better than ever. Edward Snowden’s revelations about the extent of government spying – and about how the NSA took advantage of security weaknesses that experts often knew about but had failed to get fixed – have alarmed many in the tech community. So have the recent rash of high-profile hacks, such as the massive pilfering of personal data from the US government computers at the Office of Personnel Management.

“Given some of the evidence of the widespread security problems, it’s a little easier to introduce the topic again,” Morris said in an interview. “Now that we’re looking at literally billions of Linux systems out there, I think people are starting to wake up.”

The online discussion sparked by Morris in August has produced at least one tangible result: At the annual Linux Kernel Summit in Seoul last week, he and Cook gave a presentation that echoed many of Spengler’s points from 2010 – only the list of problems needing serious attention had doubled, from six to 12. And this time, Torvalds and some of his top deputies were there.

There was a revealing moment, however, when Cook raised the possibility of adding an especially intrusive feature long offered by Grsecurity. Torvalds immediately spoke up, saying this was “the kind of idea that makes security people look crazy,” according to LWN.net, a site that follows Linux issues.

Torvalds has often said – and reiterated after the meeting in Seoul – that he is open to new kernel defenses if the cost in performance is reasonable. But, of course, debate remains about what qualifies as “reasonable.”

Torvalds himself still instinctively resists anything smacking of a dramatic overhaul, asking the world to trust the Linux development model’s gradualist, evolutionary approach in which problems – and the trouble that often results – lead to computer code continually improving.

“I don’t think you have an alternative,” Torvalds said in the interview with The Post. “I don’t think you can design things better than they evolve. . . . It really is working very well.”

And what, he was asked, of the inevitable costs of evolution? The entire species, like the dodo bird, that have died off? Must progress come at such a price?

Torvalds smiles again: “Dodo birds had it coming.”

But dodo birds, driven from existence after the arrival of humans ruined their native island habitat, had little chance to protect themselves from doom. What about the Trojans?

© 2015 The Washington Post

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Original NDTV Gadgets

MWC 2016: Samsung, LG Improve Smartphone Cameras, Turn to Virtual Reality

MWC 2016: Samsung, LG Improve Smartphone Cameras, Turn to Virtual Reality

South Korean tech giants Samsung Electronics and LG unveiled Sunday new smartphones with better cameras and turned to virtual reality to boost interest in their headsets at a time of slowing sales.

Samsung launched two versions of its flagship phone, the flat screen Galaxy S7 and the curved screen Galaxy S7 Edge, with cameras that can take better pictures under low-light conditions.

The company, the world’s number one smartphone maker, also debuted its first 360 degree camera, the Gear 360, in Barcelona where the mobile industry is gathered for the start of the Mobile World Congress on Monday, in its latest attempt to remain ahead of Apple.

mwc_samsung_galaxy_phones_reuters.jpg

The camera is designed to make it easy to take all-around photos and videos that can be uploaded to Facebook and YouTube, or viewed as immersive experiences on Samsung’s virtual reality Gear VR headsets which went on sale in November.

(Also see: Samsung Galaxy S7 vs. iPhone 6s vs. LG G5 vs. Sony Xperia Z5)

“User generated 360 degree photos and films are going to see rapid growth in 2016. Numerous 360 degree cameras are being launched and users will want to get access to this content,” said Ben Wood, chief of research at CCS Insight.

mwc_samsung_galaxy_event_reuters.jpg

“Although it can be viewed on a standard smartphone or PC screen, the most impactful way of looking at this content is with a VR headset – this is undoubtedly going to drive sales of these products.”

Facebook founder and CEO Mark Zuckerberg made a surprise appearance at the Samsung press conference to announce a partnership with the South Korean firm to promote the use of virtual reality on the social network.

“We want to make Facebook the best video platform for virtual reality and Samsung is the only company in the world that can provide a good experience in terms of virtual reality,” he said.

Rival South Korean tech firm LG sought to steal Samsung’s thunder by unveiling its new premium handset, the G5, its first modular smartphone which is made using different components that can be independently upgraded or replaced such as a removable battery.

mwc_lg_g5_ap.jpg

The G5 comes with several accessories such as a sound system developed by Danish firm Bang & Olufsen and a virtual reality headset which will allow it to compete with a headset launched by Samsung late last year.

Focus on accessories
The focus on accessories comes with the smartphone market beginning to slow as it becomes increasingly saturated.

LG’s parent company LG Electronics’ net profit halved last year on the back of a global economic slowdown and increased competition in the mobile sector while Samsung was only able to boost its market share moderately.

mwc_lg_g5_camera_afp.jpg

Apple, which will not be present at the congress in Barcelona, saw iPhone sales fall for the first time on an annual basis in the final quarter of last year, according to Gartner.

The market research firm said that the 9.7 percent increase in smartphone sales in the final quarter of last year over the same period in 2014 takes the industry all the way back to 2008 when the global economy was in crisis.

“All of these additional devices, whether it is a virtual reality goggle, whether it is a camera, whether it is a smartwatch, they are all ways of generating additional profits,” said Ian Fogg, the head mobile and technology analyst at IHS Technology.

Analysts said handset makers face a tough choice. Focus on the low-price segment, where sales volumes are large but margins become thin. Or focus on features which can differentiate their phones.

“We are moving towards a logic of segmentation and improvement, with a better camera or more autonomy for example, maybe some advances in virtual reality, but there will unlikely be any major innovation,” said Thomas Husson, an analyst at Forrester.

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

LG G5

LG G5

  • Review
  • Key Specs
  • News

Display

5.30-inch

Processor

2.1GHz

Front Camera

8-megapixel

Resolution

1440×2560 pixels

RAM

4GB

OS

Android 6.0

Storage

32GB

Rear Camera

16-megapixel

Battery capacity

2800mAh See full LG G5 specifications

 

More LG mobiles Samsung Galaxy S7

Samsung Galaxy S7

  • Review
  • Key Specs
  • News

Display

5.10-inch

Processor

1.6GHz

Front Camera

5-megapixel

Resolution

1440×2560 pixels

RAM

4GB

OS

Android 6.0

Storage

32GB

Rear Camera

12-megapixel

Battery capacity

3000mAh See full Samsung Galaxy S7 specifications

More Samsung mobiles Samsung Galaxy S7 Edge

Samsung Galaxy S7 Edge

  • Review
  • Key Specs
  • News

Display

5.50-inch

Processor

1.6GHz

Front Camera

5-megapixel

Resolution

1440×2560 pixels

RAM

4GB

OS

Android 6.0

Storage

32GB

Rear Camera

12-megapixel

Battery capacity

3600mAh See full Samsung Galaxy S7 Edge specifications

More Samsung mobilesOriginal NDTV Gadgets

Gionee S8 With ‘3D Touch’ Display, ‘Dual WhatsApp’ Launched at MWC 2016

Gionee S8 With '3D Touch' Display, 'Dual WhatsApp' Launched at MWC 2016

Gionee on Monday unveiled its new S8 flagship smartphone at MWC in Barcelona, Spain. The company at the event also revealed its brand new logo and tagline that says, "Make Smiles."

The Gionee S8 has been priced at EUR 449 (approximately Rs. 34,000) and will go on sale by end of March in Rose Gold, Silver, and Gold colours.

The smartphone features 3D Touch (yes, the same name Apple uses) pressure sensitive display, one of the biggest highlights of the smartphone, and is expected to work same as the new iPhone models. The company says that the smartphone can sense 3 levels of force including touch to select an app, tap to preview the content of an app, and press to run the app.

Another notable feature is a loop metal design. The smartphone features a 5.5-inch full-HD Amoled display with narrow bezels measuring 0.75mm. It is 74.9mm wide, and the Chinese company says that is one of the narrowest widths for a 5.5-inch phone. Gionee adds that the display thickness in the S8 smartphone is just 0.693mm display thickness. At the launch, the company touted that the S8 features floating windows.

The smartphone supports 4G+ connectivity and dual-SIM (Micro-SIMs) functionality. Gionee at the launch said that the smartphone comes with 'Dual WhatsApp' and 'Dual WeChat' features, which means you can have two instances of WhatsApp open at once, associated with different accounts. The S8 runs Amigo 3.2 OS based on Android 6.0 Marshmallow, the smartphone packs 64GB of inbuilt storage.

It sports a 5.5-inch full-HD (1080×1920 pixels) Amoled display. Under the hood, the Gionee S8 is powered by an octa-core MediaTek Helio P10 processor clubbed with 4GB of RAM.

On the camera front, the smartphone sports a 16-megapixel rear camera with f/1.8 aperture, PDAF, laser autofocus, and LED flash. The company claimed that the camera app on the S8 has been redesigned and comes with features such as text recognition (OCR) support (English and Chinese); video also comes with beauty effects; time lapse, and Slow mo. There is an 8-megapixel front camera on board as well.

The Gionee S8 packs 3000mAh battery. It supports dual 4G, FDD, and TDD, 7 modes and 14 bands which the company said will make it ideal for globally roaming.

It measures 154.3×74.9x7mm and weighs 148 grams. Notably, the company has also integrated a fingerprint sensor in the home button.

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Gionee S8

Gionee S8

  • Review
  • Key Specs
  • News

Display

5.50-inch

Processor

octa-core

Front Camera

8-megapixel

Resolution

1080×1920 pixels

RAM

4GB

OS

Android 6.0

Storage

64GB

Rear Camera

16-megapixel

Battery capacity

3000mAh See full Gionee S8 specifications

  • Gionee S8 With '3D Touch' Display, 'Dual WhatsApp' Launched at MWC 2016

More Gionee mobilesOriginal NDTV Gadgets