Archive for August 19, 2020

Wednesday, August 19, 2020

Oculus to Require Facebook Accounts

Oculus:

Today, we’re announcing some important updates to how people log into Oculus devices, while still keeping their VR profile. Starting in October 2020, everyone using an Oculus device for the first time will need to log in with a Facebook account.

[…]

After January 1, 2023, we will end support for Oculus accounts. If you choose not to merge your accounts at that time, you can continue using your device, but full functionality will require a Facebook account.

Palmer Luckey:

I am already getting heat from users and media outlets who say this policy change proves I was lying when I consistently said this wouldn’t happen, or at least that it was a guarantee I wasn’t in a position to make. I want to make clear that those promises were approved by Facebook in that moment and on an ongoing basis, and I really believed it would continue to be the case for a variety of reasons. In hindsight, the downvotes from people with more real-world experience than me were definitely justified.

Update (2020-11-07): Eurogamer:

Deleting Facebook also deletes your Oculus purchases

Update (2020-12-10): Natasha Lomas (via Hacker News):

Germany’s Federal Cartel Office (aka, the Bundeskartellamt) said today that it’s instigated abuse proceedings against Facebook to examine the linkage between Oculus VR products and its eponymous social network.

Can’t You Just Right-Click?

Jeff Johnson:

Some people claim that Mac users can “just right click” to run unsigned software. But what does that mean exactly? Let’s look at the user experience, in a series of screenshots.

[…]

This alert mentions the possibility of malware, and the default action is Move to Trash, so we’re not off to a good start. Notice that there’s no mention of right clicking.

[…]

Another warning! Again with a scary message mentioning malware and loss of privacy. And again, Move to Trash is the default option. If you do click the Open button, though, it does work as advertised. You can “just” right click to run unsigned Mac software.

Note that with an Apple Silicon Mac, unsigned software won’t run at all. You can sign it without needing a developer account, but you can’t notarize it, so it will be treated to these dialogs.

Previously:

Update (2020-08-24): See also: Hacker News.

Update (2020-09-28): Jeff Johnson:

You can delete the com.apple.quarantine extended attribute from a file using the /usr/bin/xattr command-line tool, but that’s not very simple, because you have to switch to Terminal and type an error-prone command. Ideally, we want to “just right click” in Finder. This is where our old friend Otto comes in.

Apple Silicon Macs to Require Signed Code

Apple:

New in macOS 11 on Apple silicon Mac computers, and starting in the next macOS Big Sur 11 beta, the operating system will enforce that any executable must be signed with a valid signature before it’s allowed to run. There isn’t a specific identity requirement for this signature: a simple ad-hoc signature issued locally is sufficient, which includes signatures which are now generated automatically by the linker. This new behavior doesn’t change the long-established policy that our users and developers can run arbitrary code on their Macs, and is designed to simplify the execution policies on Apple silicon Mac computers and enable the system to better detect code modifications.

This new policy doesn’t apply to translated x86 binaries running under Rosetta, nor does it apply to macOS 11 running on Intel platforms.

For Mail plug-ins, this is the third time signed code has become a requirement, with other times in between where it was forbidden.

Update (2020-08-24): See also: Hacker News, Reddit.

Tyler Hall:

I wish they’d tell us specifically what attack vectors they’re protecting us from. Just a simple, real-world justification for why this is needed would go a long way towards assuaging our fears. Instead, it’s just “Trust us.”

I’ve been trying to figure out the benefits, and as far I can tell they only apply in very narrow circumstances. However, unless I’m missing something, the cost of requiring signed code is also very low.

Howard Oakley:

Unlike developer signing and notarization, this isn’t intended to prevent any modifications being made to executable code. Malicious software could always re-sign modified code using another signature, although in doing so it would lose access to resources which were tied to the original signing identity, of course. But it’s intended to significantly reduce the surface area of attacks.

Previously:

Update (2021-06-29): Alexandre Mutel:

The Burst team is fighting M1 support, awful platform to work with, requiring us to codesign native code... so every single piece of code that Burst produce has to go through a stupid codesign external exe to patch it... currently making Burst compiler x5 slower* on M1

Bill English, RIP

BBC:

The co-creator of the computer mouse, William English, has died aged 91.

[…]

His first version was a wooden block with a single button - and underneath, two rolling wheels at 90-degree angles that would record vertical and sideways movement.

[…]

He left the Stanford Research Institute in 1971, moving to Xerox’s famous Parc research centre.

There, he replaced the wheels on his first mouse design with a rolling ball - the design that became familiar to most end users over the next decades.

Via Josh Centers:

While Englebart came up with the idea for the mouse, it was English who built it out of wood, electrical switches, and metal wheels in 1963. Neither man became wealthy from their inventions, which were ignored for decades. However, in our opinion, they deserve places in history alongside Edison, Tesla, and Turing, because they defined the direction of human-computer interaction that continues through today.