I was just reading an article concerning malware on Windows Phone 8
Google News Search "Windows Phone 8 Malware"
From the article
"A 16-year-old security researcher from India plans to present a malware application for Windows Phone 8 at the upcoming MalCon security conference in New Delhi, India, on Nov. 24.
According to a brief description of the presentation on the MalCon website, it will show approaches and techniques for infecting Windows Phone 8 devices and will demonstrate how the prototype malware can steal contacts, upload pictures, access text messages and more."
Will this affect WP8 sales...it certainly doesn;t look good for this to happen so close to the launch...will we need to install AV software on our phones now too?
"Stealing contacts" is not that hard to do, since your app can read the contacts (you don't need any hacking to do that).
But reading + sending them to your server will make the marketplace instantly reject the app. So i doubt there's a problem.
I also don't see how you can infect a windows phone, given that .Net and Secure Boot make it almost invulnerable to everything.
rob243 said:
I was just reading an article concerning malware on Windows Phone 8
Google News Search "Windows Phone 8 Malware"
From the article
"A 16-year-old security researcher from India plans to present a malware application for Windows Phone 8 at the upcoming MalCon security conference in New Delhi, India, on Nov. 24.
According to a brief description of the presentation on the MalCon website, it will show approaches and techniques for infecting Windows Phone 8 devices and will demonstrate how the prototype malware can steal contacts, upload pictures, access text messages and more."
Will this affect WP8 sales...it certainly doesn;t look good for this to happen so close to the launch...will we need to install AV software on our phones now too?
Click to expand...
Click to collapse
Unless you unlock the device and install that software by yourself, i don't believe it ever gonna pass marketplace check before it get online.
Well I am interested to see how its done, apparently the guy will present the proof of concept on the 24th
There are ways to get past checks run in the Marketplace ingestion. This has been previously demonstrated with PoC malware on iOS, which has similar protections. Don't assume it's impossible, especially if native code use is permitted.
Please note that there is a difference between native and unmanaged code, don't mix them up.
Native code has always run on Windows Phone. Both C++ and C# produce native code. The first is un-managed, whereas the second is managed.
Visual C++, the one we use in Windows Phone is, just like C#, a managed native language. It achieves almost the same performance as the standard C++,due to the more optimized compiler. It is possible to run standard C++ on Windows Phone, but it is very difficult to do so because the marketplace knows which compiler you used to make your app (if visual studio is not there, no no). The marketplace also knows which API you use (no Windows Phone API for C++, again a big NO for the submission).
Now, the difference between native and non-native code...
Native code always ends up as 1 and 0. The very code you write in C# will, at some point, end up as 1s and 0s. Same goes for C++(managed or not). The difference between C# and C++ is that the compiler inserts some failsafes into the code (lots of ifs) to check for exceptions. This does not happen in C++.
So the path for C# is like this:
C# code -> MSIL->Native code which is run on your devices (compilation is either done at install time, or in the clouds).
the C++ code we use in Windows Phone has basically the same path! However, the more mature compiler and the "no-failsafe policy unless instructed to" that all C++ variations enforce make the code faster while less safer.
A non-native language will never, ever get the code a developer writes compiled to 1s and 0s.
Such an example are web programming languages, and Java.
For Java, the process is like this
Java code -> various stages of compilation>byte code -> JVM interprets bytecode and then sends 1s and 0s to the CPU to execute-> CPU sends 1s and 0s results back to JVM which displays the results.
As such, Java is somewhat safer than C#, but also a lot slower.
The advantage of using an interpreted language is that you know the hardware capabilities of the device beforehand, and optimizations can be made on the spot.
Microsoft, however, took the middle road with C#. They gave it all the advantages of an intepreted language (due to the MSIL step, the .Net always knows how hardware it runs on, so the MSIL will always target all the hardware capabilities for your CPU, GPU and RAM), while also running on native code, which makes it very fast. They also decided to push in the same failsafe checks Java inserts in its code. This resulted in a slightly slower code when compared to C++.
As a developer, I think the reason for dropping XNA development by Microsoft wasn't its speed. C# could easily run games, and the thousand XNA games we have on the marketplace bear testimony to that. They brought C++ on board because porting apps from one platform to another would be easier this way, especially for apps coming from android or iOS).
Anyway, having said that, the C++ we use on phones does not have the capabilities to access the hardware or the system the same way it has on desktop. It doesn't have more power than C# already did. It is just used there for other reasons. I don't think it will pose any threat to security. Desktop evolved in a different way. Microsoft learned the lesson of system protection a long time ago. They won't repeat the same mistakes now. It wouldn't surprise me if they actually had some sort of AV software built in, just to be sure.
There are so many factual errors in the above post I don't even know where to begin...
"Native" in this sense refers to apps written in a language which gets built ("compiled" although that technically involves compiling, assembling, and linking) directly into machine code ("0s and 1s" is a silly way to describe it, since *everything* on a computer, from programs to plain text files to MSIL or Java bytecode are all binary). Machine code means a binary sequence that the processor can directly execute. This is also referred to as native code, i.e. code which executes on the processor without needing an intermediary layer.
Although technically "native" and "unmanaged" mean different things, the difference is not what you think it is, and it's not very relevant to this discussion. It's entirely possible to have a native managed language ("D" was supposed to be such a thing; I'm not sure to what degree managed C++ qualifies) and to have intermediate-compiled unmanaged languages (you could, for example, distribute unmanaged programs compiled to LLVM bytecode; some systems might actually be doing so). However, MS themselves typically use "native" to mean "not managed", as evidenced by things like debugger modes.
These days, almost everything gets JIT (Just In Time) compiled to machine code even if the build tool didn't produce native machine code itself. This applies to .NET code (gets built as MSIL), Java (gets built to Java bytecode or Dalvik bytecode if on Android), JavaScript (doesn't go through a build process at all, but modern browsers JIT compile it to native before execution nonetheless), and many other languages. Interpreting is slow and requires a lot of memory overhead as well (you have to run the interpreter in parallel with the program actually being executed).
Although it is possible to invoke managed code from native code (only a little messy) and vice-versa (very common, see P/Invoke or COM interop for .NET, or JNI for Java), this should not be confused with them being the same thing. Yes, by the time they reach the CPU instruction decoder they're the same, but the process of loading the program, and the "runtime" environment that it interacts with, are very different indeed. Managed code uses a memory manager (hence the name), which takes care of things like defragmenting and freeing memory (via the garbage collector). This fundamentally violates a number of assumptions common to unmanaged code, such as that the address of data in memory will never change on its own, and that once allocated, a block of memory on the heap remains reserved until manually freed.
Another important difference is that managed languages must use abstractions of function pointers (for example, .NET delegates). In native languages it is possible (though generally unwise) to specify an absolute address (0x040C7F06 or some such) as a function pointer, and call that "function" (which results in the processor attempting to execute instructions starting from that memory address). In practice, this kind of thing is almost never done in PC software; it's bug-prone, completely un-portable, incompatible with security features like ASLR, very difficult to debug (this is the kind of thing that malware might use to make reverse engineering it harder), and there's typically no reason at all to do so.
However, the fact that it's *possible* is a Big Freaking Deal for somebody looking to work around a runtime security check. Consider this: Sliverlight on WP7 doesn't allow arbitrary LoadLibrary (or Assembly.Load, or similar) calls. The APIs available to your app are the ones included in its DLLs, and the ones in the Silverlight for WP7 runtime libraries. Even though the desired functions exist on the OS, and are even linked into program memory, you can't call them because there's no way to get a delegate for them. Now, compare this to native code, where you can literally just scan the code section of your app's memory until you find the entry point for the function you want, then treat that address as a function pointer and jump right into it.
Now, to be fair, I haven't actually written any official WP8 C++ yet. However, I can tell you that the trick mentioned above works just fine in Windows Runtime C++ on both Win8 and Windows RT, which are also supposed to lack APIs like LoadLibrary, and I therefore suspect it will work fine on WP8. Some experimentation is due, in any case.
GoodDayToDie said:
There are so many factual errors in the above post I don't even know where to begin...
"Native" in this sense refers to apps written in a language which gets built ("compiled" although that technically involves compiling, assembling, and linking) directly into machine code ("0s and 1s" is a silly way to describe it, since *everything* on a computer, from programs to plain text files to MSIL or Java bytecode are all binary). Machine code means a binary sequence that the processor can directly execute. This is also referred to as native code, i.e. code which executes on the processor without needing an intermediary layer.
Although technically "native" and "unmanaged" mean different things, the difference is not what you think it is, and it's not very relevant to this discussion. It's entirely possible to have a native managed language ("D" was supposed to be such a thing; I'm not sure to what degree managed C++ qualifies) and to have intermediate-compiled unmanaged languages (you could, for example, distribute unmanaged programs compiled to LLVM bytecode; some systems might actually be doing so). However, MS themselves typically use "native" to mean "not managed", as evidenced by things like debugger modes.
These days, almost everything gets JIT (Just In Time) compiled to machine code even if the build tool didn't produce native machine code itself. This applies to .NET code (gets built as MSIL), Java (gets built to Java bytecode or Dalvik bytecode if on Android), JavaScript (doesn't go through a build process at all, but modern browsers JIT compile it to native before execution nonetheless), and many other languages. Interpreting is slow and requires a lot of memory overhead as well (you have to run the interpreter in parallel with the program actually being executed).
Although it is possible to invoke managed code from native code (only a little messy) and vice-versa (very common, see P/Invoke or COM interop for .NET, or JNI for Java), this should not be confused with them being the same thing. Yes, by the time they reach the CPU instruction decoder they're the same, but the process of loading the program, and the "runtime" environment that it interacts with, are very different indeed. Managed code uses a memory manager (hence the name), which takes care of things like defragmenting and freeing memory (via the garbage collector). This fundamentally violates a number of assumptions common to unmanaged code, such as that the address of data in memory will never change on its own, and that once allocated, a block of memory on the heap remains reserved until manually freed.
Another important difference is that managed languages must use abstractions of function pointers (for example, .NET delegates). In native languages it is possible (though generally unwise) to specify an absolute address (0x040C7F06 or some such) as a function pointer, and call that "function" (which results in the processor attempting to execute instructions starting from that memory address). In practice, this kind of thing is almost never done in PC software; it's bug-prone, completely un-portable, incompatible with security features like ASLR, very difficult to debug (this is the kind of thing that malware might use to make reverse engineering it harder), and there's typically no reason at all to do so.
However, the fact that it's *possible* is a Big Freaking Deal for somebody looking to work around a runtime security check. Consider this: Sliverlight on WP7 doesn't allow arbitrary LoadLibrary (or Assembly.Load, or similar) calls. The APIs available to your app are the ones included in its DLLs, and the ones in the Silverlight for WP7 runtime libraries. Even though the desired functions exist on the OS, and are even linked into program memory, you can't call them because there's no way to get a delegate for them. Now, compare this to native code, where you can literally just scan the code section of your app's memory until you find the entry point for the function you want, then treat that address as a function pointer and jump right into it.
Now, to be fair, I haven't actually written any official WP8 C++ yet. However, I can tell you that the trick mentioned above works just fine in Windows Runtime C++ on both Win8 and Windows RT, which are also supposed to lack APIs like LoadLibrary, and I therefore suspect it will work fine on WP8. Some experimentation is due, in any case.
Click to expand...
Click to collapse
Well, I was just trying to get a "basic picture" of the thing, but thanks for going into much more details.
As I said, the C++ we use in Windows Phone, just like C# on Windows Phone, functions in a different way compared to Desktop or Tablet version(hell, with C# on desktop you can easily do the memory scan thing and find stuff in the OS, not only in your app, but that is generally not needed, since C# on desktop has a much boarder and less limited API) . Unlike the former two, you can't interact outside your application, because your application is sandboxed. Even if you did find the pointer to a system protected function, you wouldn't be able to do squat with it(the system protects itself). Which is why I said C++ can't do things C# already couldn't. In theory, yes you can do what you said, in fact, i expect it to be possible on rooted rooms, but for the average joe...well...it very unlikely to happen, unless he does something stupid.
As for the JIT story, well, yes, Java does use JIT. However, it does so because it doesn't know before hand on what hardware it will run. The same happens with C# and .Net on desktop, and this is due to hardware variations. Right now, for windows phone, the "JIT" occurs directly in the clouds, or at install time, as all Windows Phones (8) use snapdragon chips.
I didn't say there were no differences between the code C# and C++ create at run time. The abstraction layers inserted by the compiler fall under the "failsafes inserted in code that slow things down", which C++ doesn't have. Also the more mature compiler (C++has like 40 years of xp, C# barely made 10, and only 3 on Windows Phone), the "true native" (happy now?) code it generates (which is very close to assembler language) makes C++ faster than C#, but not fast enough nor safe enough to phase out C# entirely.
In fact, if we still have this board 10 years from now, we might C# eventually take down C++.
We should avoid getting into a technical talk in this thread. As you can see, there are non-developers coming by, and an answer such as yours will completely and utterly confuse them. What I attempted to provide was a very basic image they could understand, like JVM sending 1s and 0s to CPU is the same as JIT.
Let's wait and see what we will be presented with. Currently the only thing a WP8 Managed App can't do that was mentioned was reading the SMS-Storage. Everything else is part of the official APIs. It might be that similarily to several WP7 hacks OEM drivers are being used to gain access.
The only thing that would really worry me was if he was able to provide a way to install his Malware bypassing the Marketplace. It might be interesting though for the Jailbreak community, given that any jailbreak bascially means exploiting a security vulnerability to elevate the rights of the current process to allow for those unlocks.
Related
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me. Now understanding that Microsoft and Android are two completely different beasts, what I really am looking for is the ability to take the tables (I use all Back-end database so all my tables are in a completely separate file then all my forms, queries, and reports) and the data with me and be able to run them in a program on Android that keeps the relationships and fields and all of that sort of stuff.
Now what would be great is the ability to use forms (even if special forms for android need to be made), run queries, and even be able to run reports and print as PDFs.
now I know how to code in VBA, hence the extensive coding I have done in Access, so anybody willing to WORK WITH in creating an Android Program to basically be an extension of Microsoft Access please contact me. Please not I use the words WORK WITH loosely, while I am trying to learn how to Program for Android, I currently do not have a computer that I can use to develop programs for android on, and well I would be only able to create the "Hello World" starter program and this project seems a slight bit more complicated. But what I can bring to the table is real world experience in testing and using the program day in and day out, a number of already existing Microsoft Access Databases ranging from Complex to Simple that I use every day. Really a program that can run Microsoft Access Tables on Android would be really useful to me and I am willing to do anything to help make this happen.
kronos82 said:
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me. Now understanding that Microsoft and Android are two completely different beasts, what I really am looking for is the ability to take the tables (I use all Back-end database so all my tables are in a completely separate file then all my forms, queries, and reports) and the data with me and be able to run them in a program on Android that keeps the relationships and fields and all of that sort of stuff.
Now what would be great is the ability to use forms (even if special forms for android need to be made), run queries, and even be able to run reports and print as PDFs.
now I know how to code in VBA, hence the extensive coding I have done in Access, so anybody willing to WORK WITH in creating an Android Program to basically be an extension of Microsoft Access please contact me. Please not I use the words WORK WITH loosely, while I am trying to learn how to Program for Android, I currently do not have a computer that I can use to develop programs for android on, and well I would be only able to create the "Hello World" starter program and this project seems a slight bit more complicated. But what I can bring to the table is real world experience in testing and using the program day in and day out, a number of already existing Microsoft Access Databases ranging from Complex to Simple that I use every day. Really a program that can run Microsoft Access Tables on Android would be really useful to me and I am willing to do anything to help make this happen.
Click to expand...
Click to collapse
I think we must have the same job
Android utilizes an sqlite database engine and it looks like sqlite already offers a conversion utility HERE. The real question would be how to get the data in and out of the phone. Regarding forms, they definitely would need to be custom built.
Thanks this is deffenetly a start, From what I can tell this This Looks to be the most promising, It looks like all you would have to do is put a MS Access Database file on your SD CARD and have a program access it. That way you copy it back and forth. Unfortunately it doesn't support Access 2003, but I can save down. I also got a lot of learning to do in programing Java programs.
Forms would be as simply as making a program, this is great thanks much
kronos82 said:
Here we go:
I use a number of Microsoft Access Databases for my work, and each one is intensely coded and designed and basically run like actual programs. What I am looking for is to be able to take these databases with me....
Click to expand...
Click to collapse
I would like to say, "yes, please!" to this idea. I currently use Smart List to Go (the descendant of ThinkDB) on my Palm TX. The TX is dying, and I've been shopping for a replacement. HanDBase exists for the iPhone, but I don't want an iPhone. So I've been focused on WinMo - not by choice as much as by necessity.
And android option would be very welcome around my computers.
benmyers2941 said:
I think we must have the same job
Android utilizes an sqlite database engine and it looks like sqlite already offers a conversion utility HERE. The real question would be how to get the data in and out of the phone. Regarding forms, they definitely would need to be custom built.
Click to expand...
Click to collapse
androids sqlite its for applications to access and store data using java code.
try the pocket office app
Freedomcaller said:
androids sqlite its for applications to access and store data using java code.
try the pocket office app
Click to expand...
Click to collapse
Exactly and we're talking about creating an app that would enable manipulation of an sqlite database. Essentially all that would be needed would be to create a ui framework wrapper for the existing api in android. Not the least monumental task I've heard of an individual taking on but not the most either.
The versions of pocket office that I've seen for android do not currently support Access databases as far as I'm aware. If I'm wrong could you post a link and save everyone some trouble?
aaaaaaaaaaaaaaaaaaa
kronos82 said:
Thanks this is deffenetly a start, From what I can tell this looks to be the most promising, It looks like all you would have to do is put a MS Access Database file on your SD CARD and have a program access it. That way you copy it back and forth. Unfortunately it doesn't support Access 2003, but I can save down. I also got a lot of learning to do in programing Java programs.
Click to expand...
Click to collapse
Jackcess library is now patched to support android (will be in 1.2.2 release). Also seems to support 2000, 2003 and 2007 formats now.
Works great for me.
View jackcess site. Couldn't find anything on support for android. I'm using htc desire and would really like to find program to view ms access file. Can you tell me how you do it?
As I remember reading worked as on PC, while writing had some problems.
This forum prevents me from linking directly, but if you click tracker/patches on Jackcess project, check Android Compatibility Fix - ID: 3101578
The changes are in trunk and will be in the 1.2.2 release. I've added some
notes which will eventually make it to the FAQ page on the website
detailing the compatibility steps:
- Set the system property "com.healthmarketscience.jackcess.broken
Nio=true"
- Set the system property "com.healthmarketscience.jackcess.resour
cePath=res/raw/"
- Copy the *.txt, *.mdb, and *.accdb files from the
"com/healthmarketscience/jackcess/" directory in the Jackcess jar to the
"/res/raw" Android application directory.
- Before executing any Jackcess code, set the current Thread's context
classloader, e.g.
"Thread.currentThread().setContextClassLoader(Database.class.getClassLoader())".
Click to expand...
Click to collapse
Until this version (1.2.2) is released you need to build lib yourself.
You also need commons-lang and commons-logging from apache commons.
Before you use Jackcess in Android code, you set
Thread.currentThread().setContextClassLoader(
getClass().getClassLoader());
System.setProperty(
"com.healthmarketscience.jackcess.brokenNio",
"true");
System.setProperty(
"com.healthmarketscience.jackcess.resourcePath",
"res/raw/");
Click to expand...
Click to collapse
and copy those resource files to res/raw
Then you can work as on PC, for example open /sdcard/yourprogram/file.mdb
Jackcess has no GUI, it's a library to read/write access files.
Getting an Access file into Android
I keep a lot of information on a Psion Revo, which has just turned its face to the wall and is giving up the ghost, and have always backed the information up on to my pc as an Access file. It looks easier to get this into a format acceptable to Android by converting the Access .mbx file into an Excel .xls file. This can be searched readily by Column and Values. Maybe this deals with too simple a need for most enquirers to the forum, but if it helps somebody then so much the better.
hi all i have beenlooking for something the same for some time now and just the other day i came accross this site cellica.com
the android app is free and the desktop application has a 5 day trial period or its $50 to buy it works great the only thing you can not do is create a report from the phone
i have emailed support team and they said they will be adding it on in the future.
Any Updates???
I currently build and use databases in MS Access and was wondering if there are any updates on this topic now that Tablets are in use now. Looking to get the Motorola Xoom (2nd version) in the future, but would love to be able to use a program that I would be able to access my MS Access databases while "on-the-go".
Anyone? This would be huge (I believe), since we now have tablets.
Thanks a bunch,
~Kilch~
Access to MS Access by Android
Hi,
I'm also looking to get on-the-go access to my Access databases on my Android HTC Tattoo.
The file is on it, I just need a tool to access it in read-only / search mode, but judging from the previous comments, there doesn't seem to be an oversupply in applications.
The "convert to Excel format" may be OK for me. I want to use a 3 language Access DB (dictionary) on my phone, so I'll try the Excel solution.
It would be nice if we had an ACCESS reader though...
John
Panacea Database
I know XDA frowns upon excessively hawking your own products here, but I do seem to be directly answering more than one of the reply questions, it just happens that the answer is an application my company released.
The Panacea Database application can handle Access from Access 2000 to Access 2007. It has also worked so far on every Access 2010 database we've tested, and we've received no complaints in that department yet. We release updates from time to time as we improve its functionality and features, often guided in our priorities by user e-mail and market comments. Our next update will be focused on improving screen layout for a variety of Android devices - from small QVGA smartphones, to large WXGA tablets. After that we may move onto other functionality.
In the interest of fairness, I'll point out arafa1209's post. He mentions Celicca Database, which is the only other application that I know of that deals with Access databases on Android. It has features Panacea does not have (yet) - ability to work with forms, ability to create and modify databases, ability to connect to your PC etc. Like us, they also send out updates improving their app regularly. So you can compare the apps, and use which one fits your needs better (or use both). If anyone knows of any others they can post here as well, but these are the only two I know of currently.
Just tried Panacea. Although it is more basic and annoyingly doesn't remember the last files you'be opened necessitating finding the file each time you open the app I prefer it for the simple reason you don't have to convert the Access database to another format.
amwebby said:
doesn't remember the last files you'be opened necessitating finding the file each time you open the app
Click to expand...
Click to collapse
If you update the app, this should be fixed, the last version should have this feature.
Got the update last week. Certainly goes a long way to making it more user-friendly. Keep up the great work!
Since the last update it seems to be broken. Although it remembers the last database I cannot open a table within any database.
Edit: It appears the file was corrupted. Loaded a new file and all working again.
Any news in this topic.
I tried panacea Database, works fine. But not very effective. Searching data is a must for me however I didnt manage to find a search option. When I search for tables, it cant even locate the tables by names.
you can use java codes with the IE browser (also with Favorites)
maybe window break could get advanced
examples
javscript:history.forward
javascript:alert(document.cookie)
javascript:alert("xda")
IE10 mobile with windows phone 8 (tested on Lumia 920)
IE9 mobile with Windows Phone 7 doesn't work (tested on Mozart)
saywa said:
you can use java codes with the IE browser (also with Favorites)
maybe window break could get advanced
examples
javscript:history.forward
javascript:alert(document.cookie)
javascript:alert("xda")
IE10 mobile with windows phone 8 (tested on Lumia 920)
IE9 mobile with Windows Phone 7 doesn't work (tested on Mozart)
Click to expand...
Click to collapse
I'm not sure how this would ever help us, though. That's pretty much the same as just running javascript within the browser. And either way, the browser runs under low privileges anyway.
Good thought, though!
First of all, Java has nothing to do with JavaScript except for some idiot marketing scheme by Netscape long ago. Don't confuse them.
Second, if it were possible to use JS to jailbreak a phone, then it would also be possible for an attacker to take over your phone just because you visited a website. This would be bad.
Third, WP7/IE9 actually does support "scriptlets" or "bookmarklets" (javascript:<code> favorites); see my signature for a link to a few of them for WP7, including a "Find on page" tool.
Fourth, while Jaxbot is absolutely correct that the browser has low privileges (even if we could cause it to execute anything we want, we *probably* couldn't manage to unlock the phone), it is nonetheless probably a good idea to keep an eye out for any exploits released against IE10 on the desktop. Much of the code in the Windows Phone version is the same, and it might be possible to use a known exploit (at least, until it gets patched) to have another way to learn more about how the OS works, which might allow us to find a vulnerability that can be used for an unlock. It's not a sure thing, but it *might* help.
Hey Guys,
Below is a list of the things that my HTC 8x does when it checks for Windows Updates. I am waiting for Microsoft's server to decide to give me a new firmware, so I decided to sniff out the TCP stream. Of note, I found the following:
1. Phone contacts http://fe1.update.microsoft.com/WP8/MicrosoftUpdate/Selfupdate/5_UssDetection.dll
The Phone goes out and fetches this dll onto the system. It references the following certificates (which you can download):
root cert http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
production cert http://www.microsoft.com/pkiops/certs/Microsoft Windows Phone Production PCA 2012.crt
time stamp PCA? http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt
2. After that, it goes and fetches the following cab file: http://sds.download.windowsupdate.com/wp8/MicrosoftUpdate/Redir/duredir.cab. This cab file contains a single xml file called wuredir.xml. It has two values: the clientServerURL and the ReportingServer URL.
3. After this, some https traffic occurs to the clientserver URL. I am guessing this is it checking for updates.
4. Then it posts to http://statsfe1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx with a SOAP action of http://www.microsoft.com/SoftwareDistribution/ReportEventBatch with a whole bunch of info on the phone.
The User Agent being used for all of these communications is as follows: Windows-Mobile-Device-Update-Agent
If this dll it is fetching is unsigned, I wonder if we could have some fun....I am also wondering what happens if we develop and sign an xap with Microsoft's certificate if it will allow us to do more things within the OS.
Sign with Microsoft's private key? If you have access this then your about to become very popular
Sent from my Arc using xda app-developers app
Hmm, the 5_UssDetection seems to be a normal PE32 .dll. Not .NET compiled. I don't see any COM Imports/Exports for it so finding this out may be a little difficult. I haven't used any tools like IDA though, just a normal PE explorer program.
This is good information though. I wonder if GoodDayToDie may have some further input?
Nice find. I've been monitoring phone traffic myself but hadn't caught this exchange yet.
The fact that it checks external cert files is very interesting. Typically, I would expect this to be using "certificate pinning" where the public key of the signing cert is stored internally in the software, and no other signature is trusted (even if it chains to a CA that is installed on the phone and would normally be trusted). MS does use pinning in a number of places; for example, this is how the original ChevronWP7 Unlocker was broken, and is used when adding a Microsoft account to the phone or when that account is updating. However, I figure there's an excellent chance that pinning is *not* being used in at least one place where it really should be (this can be tested using tools like Fiddler or Burp, which have the ability to intercept SSL traffic using a cert that chains to a cert installed in the phone's trusted authorities store).
If pinning isn't being used, it may be possible to modify/create our own detection DLL, then create our own CA cert, install the public key on the phone, use the private key to sign an intermediate cert (that we also create, and have the private key for), and use the intermediate cert to sign our customized DLL. If necessary, we could even intercept the lookups that the phone performs and control what is returned (assuming the lookups are actually over HTTP, or at least unpinned HTTPS).
The probability that the file is unsigned isn't even worth considering; it's quite likely that Microsoft is using a mandatory signing level on WP8 for all executable code. Unfortunately, if they are doing that, it's also likely that it's set to require a cert which chains to the MS root cert (this is how Windows RT is by default), which is effectively a form of system-wide cert pinning. However, if you want to check, signtool in the Visual Studio Command Prompt can dump authenticode certs on a file.
Reverse engineering the detection DLL is quite possibly worthwhile even if we can't modify it, too; it'll provide insight into the update process, which is one of the best places to mess with a system. It runs with high privileges and explicitly is capable of modifying system code.
That sounds quite enticing! I wish I knew x86/ARM assembly :/. I'll see what the sign tool outputs in VS
It feels great to see that you're here GoodDayToDie You helped out a lot on WinPho 7 for HD2 (a device I'll soon repurchase).
Hopefully there'll be some advancements on the "jailbreaking" of Windows Phone 8
I would be surprised if WP8 wasn't using the same code signing requirements as Windows RT.
As far as hijacking that dll goes, unless we can find an immediate privileged code execution exploit in it all it's most likely to do would be to give us write abilities to the FS, and there's a huge 'if' attached to that. That would be a big step if possible, though.
Something that would be interesting to check is if an EXE compiled for Windows RT (cdb, for example) would be capable of running on WP8. If MS used the same signing certificates it may be possible to put enough of Windows RT's dependencies on WP8 to allow it to run a simple console application. Obviously we wouldn't have any console windows or the sort, but it should be possible to capture output if it worked.
We have a decrypted OS dump around somewhere, right? It should be simple to check if they use the same signatures.
Good call on checking the signatures. I'd also like to take a look at reverse engineering the OEM apps again; even if they don't give us a device-agnostic hack directly, they may reveal interesting things about the WP8 app model internals and also may give device-specific breaks which can be used to gain the knowledge we need for crafting device-agnostic ones.
Slightly off-topic:
The zipview exploit still (sort of) works. Hard to believe, but I bet MS just recompiled the program for NT's Win32 and didn't bother with it beyond that. Decent chance that the same holds for the XAP installer, though I haven't tried yet. However, A) the filesystem layout has changed, so write-only access is even more poking blind than it used to be, and B) zipview may be running with lower privileges than it used to. On a simple test ZIP (attached for your testing pleasure), I can open files and create directories up to three levels above the zip root, but no further. Trying to open a file in a folder directly higher than that gives a "cannot extract to a read-only location" error, and trying to open a file inside a subfolder above the third level up gives a generic error message (probably due to failing to create the folder).
Also, I got wired tethering working on my Ativ S today. I'll create a post about doing that if nobody else has done so yet (it was almost identical to the WP7 Samsung devices, the only hard part being finding the right 64-bit drivers). WindowBreak didn't work, though (the folder that it extracts at is above the permissions cutoff, which makes me suspect zipview can't write to the drive root) and I don't think the subcomponent of the Diagnostics app works the same, either (a lot of the diagnostics codes have changed; we should learn the new ones).I don't even know if WP8 understands provxml (it's historically a CE feature, not an NT one), although I found references in the Diag app to provxml being "ready".
Here's what I came up with for a file list from some rudimentary (and possibly inaccurate) parsing of a .ffu: http://pastebin.com/hX6qJQeA
Got that from RM820_1232.2109.1242.1001_RETAIL_nam_usa_100_01_95122.ffu.
Great, thanks for that! Looks like provxml is definitely still here, and that's probably good. I'll bet they changed some things though, to make it more NT-ish (support for proper ACLs, for example). I should review those included provxml files for a look at how the phone is currently configured. Lots of potentially interesting .REG files too. I'll have to try some more things here!
No problem. All I did was pull out all text inside '<DevicePath>' tags inside one of the FFUs for the AT&T Lumia 920.
From looking at the FFU it appears to be a collection of CAB archives (or packages) encapsulated in some proprietary format. WP7.x tools don't work on them, sadly.
Edit: I'm blind sometimes, there is a tool to mount them and it does work.
More edit: Different signatures.
More more edit: Windows RT refuses to run the WP8 binaries without a jailbreak.
Hmm... but with jailbreak, do the binaries run? I mean, they're NT Win32-based PE binaries compiled for THUMB2 architecture, so I'm sure they can at least be executed, but do they actually run or do this simply error out or crash immediately?
It would be interesting to compare the certificate chains of RT and WP8 binaries. As far as I know, the default restriction level on RT should allow anything that chains to the Microsoft root Authenticode cert to run, which means either that we misunderstand that restriction or that the WP8 signatures chain to a completely different cert. I'm guessing it's the latter, but that does surprise me. I could understand if RT used the "Windows" signing level and WP8 binaries wouldn't work; despite having Windows in the name, using the Win32 API, and running on the NT kernel, the Windows Phone team is separate from the Windows team and quite likely has its own signing keys. I would think that an OS which accepts Office and DevDiv/Tools signatures (unless Office and the debuggers were re-signed by the Windows team? I haven't checked) would accept Windows Phone signatures too.
GoodDayToDie said:
Hmm... but with jailbreak, do the binaries run? I mean, they're NT Win32-based PE binaries compiled for THUMB2 architecture, so I'm sure they can at least be executed, but do they actually run or do this simply error out or crash immediately?
It would be interesting to compare the certificate chains of RT and WP8 binaries. As far as I know, the default restriction level on RT should allow anything that chains to the Microsoft root Authenticode cert to run, which means either that we misunderstand that restriction or that the WP8 signatures chain to a completely different cert. I'm guessing it's the latter, but that does surprise me. I could understand if RT used the "Windows" signing level and WP8 binaries wouldn't work; despite having Windows in the name, using the Win32 API, and running on the NT kernel, the Windows Phone team is separate from the Windows team and quite likely has its own signing keys. I would think that an OS which accepts Office and DevDiv/Tools signatures (unless Office and the debuggers were re-signed by the Windows team? I haven't checked) would accept Windows Phone signatures too.
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As far as running, some have given me console output, but I haven't gotten a single GUI one to start. I've been considering on looking to see how complex the UI is to see if I can write some sort of WP8->Win32 translation layer. There are just so few WP8 xaps floating around that it's not really worth looking into, though.
I don't expect the GUI to work; the whole model (with the Back history and all that) is going to rely on stuff not found on Windows Client. Cool that you're able to get some CLI apps to work (which is funny in and of itself; WP8 doesn't support a terminal interface). This is only post-jailbreak though? That still seems weird, since the signatures chain to the MS root CA. Very weird. I'll poke around myself once I download a ROM to explore (busy with work at present).
I haven't really found any to work, per se, I've just gotten console output, generally in the form of an error message or a help prompt. I can't recall which files exactly I had tried with, though. I mostly just poked through system32.
GoodDayToDie said:
I don't expect the GUI to work; the whole model (with the Back history and all that) is going to rely on stuff not found on Windows Client. Cool that you're able to get some CLI apps to work (which is funny in and of itself; WP8 doesn't support a terminal interface). This is only post-jailbreak though? That still seems weird, since the signatures chain to the MS root CA. Very weird. I'll poke around myself once I download a ROM to explore (busy with work at present).
Click to expand...
Click to collapse
the GUI classes of windows phone are not compatible with the standard .Net library or windows RT. The only way to get them running is through some sort of virtual machine. Some MSFT guys confirmed this a few months back at a training course about W8 RT.
Basically, it is kinda difficult to have WP8 apps show any GUI at all outside of their WP8 runtime.
netham45 said:
Here's what I came up with for a file list from some rudimentary (and possibly inaccurate) parsing of a .ffu: http://pastebin.com/hX6qJQeA
Got that from RM820_1232.2109.1242.1001_RETAIL_nam_usa_100_01_95122.ffu.
Click to expand...
Click to collapse
In regards to the file "MMOS.wim", has anyone managed to extract it/analyze it?
I couldn't find anything about it online. I am able to mount the file to a virtual disk and view its contents, but I am not able to view/read/extract any of these files from the drive. Trying to copy any file from the drive gives a system error/exception message that I have never seen before.
Are the files inside of "MMOS.wim" even useful?
---------- Post added at 12:13 PM ---------- Previous post was at 11:22 AM ----------
mcosmin222 said:
the GUI classes of windows phone are not compatible with the standard .Net library or windows RT. The only way to get them running is through some sort of virtual machine. Some MSFT guys confirmed this a few months back at a training course about W8 RT.
Basically, it is kinda difficult to have WP8 apps show any GUI at all outside of their WP8 runtime.
Click to expand...
Click to collapse
Not difficult, more like impossible lol.
The entire native UI is very independent. It is best described as one single app that has multiple pages. The start menu is a page, settings app is a page, office 365 is a page, etc.
These different pages all cross-reference resources from each other and can modify each other. However, they are all compiled separately. Each "page" contains it's own resources and GUI markup in a dll, along with native code to interact with the markup. This native code can also call functions and access resources from other "page" dll's. There are no compiler dependencies between the "pages" when being created, only during actual runtime.
Things are very "coupled" by this model on purpose. Changing code/functionality in the startmenu.dll could potentially break everything. It is designed so that you cannot target and modify a specific element or feature without updating code in other areas of the system.
Basically, you need full access and understanding of the gui layouts/code to modify it.
The only reasonable possibility is the ability to modify the markup code (think XAML) to change layouts and visuals. But even that possibility is made difficult since the markup is compiled. However, no information is lost during the compilation, meaning that the markup can be decompiled back to its original form.
Windows 8/RT uses DUI (DirectUI), a similar framework, for all of it's native GUI elements.
Windows Phone 7/8 uses UIX/Splash.
Asking a former Microsoft employee about UIX/Splash is like asking a former U.S. government agent about Area 51. They seriously fear for their lives.
I would avoid using the word impossible as of yet. With a layer of emulation above RT the thing should "run".
It might be possible to have an app compliant with the app store requirements (as in not require jailbreak) on RT to emulate the WP8 GUI model, but that would imply interpreting the XAML code and emulate it JVM style, but it would be a lot of work.
I wonder if the WP8 emulators would prove to be of any use...
mcosmin222 said:
I would avoid using the word impossible as of yet. With a layer of emulation above RT the thing should "run".
It might be possible to have an app compliant with the app store requirements (as in not require jailbreak) on RT to emulate the WP8 GUI model, but that would imply interpreting the XAML code and emulate it JVM style, but it would be a lot of work.
I wonder if the WP8 emulators would prove to be of any use...
Click to expand...
Click to collapse
My GUI post was in regards to the native GUI. I didn't realize that you were talking about WP8 apps running on Windows RT. I thought you meant the other way around lol.
Couldn't this potentially be pointless? Microsoft Job posting was looking for developers interested on deploying .appx on Windows Phone I believe. So that means they are going to make .appx the universal model for all platforms and not .xap in the future. With that said, they might be stopping .xap development completely in the future.
Who would develop an .xap for Windows Phone when you can develop .appx and have it work on Windows Phone + Windows RT + Windows 8 + Xbox?
Just some thoughts. I think trying to get .XAP running on Windows RT is pointless to pursue right now, since the time researching would be better spent in other areas of development.
Im not sure how they are going to make appx run on WP8. The WinRT model is obviously tuned towards bigger screens. How would you use a charms bar on WP8? In fact, how would you use any of the W8 stuff on WP8?
I think a lot of people would like to run emulated WP8 apps on their tablets, since some apps have not been ported yet.
While I do agree this is kinda pointless, it's a nice way of learning new stuff.
Anyone gave this a try yet?
http://gizmodo.com/you-can-download..._source=gizmodo_twitter&utm_medium=socialflow
gsmyth said:
Anyone gave this a try yet?
http://gizmodo.com/you-can-download..._source=gizmodo_twitter&utm_medium=socialflow
Click to expand...
Click to collapse
Nope, have no use for it...
I've looked into interfacing with GPIO in C# but found it to be lacking in many ways, the most important being speed. It also appears to be impossible to repurpose pins with ALT functions which Microsoft have fixed to SPI/I2C etc- you can't use them as basic GPIO pins which makes it impossible to use Windows 10 with many, many Pi accessories. I have successfully tested I2C, however, and SPI to an LCD display is next on my list.
As for straight up GPIO twiddling, my litmus test was multiplexing a 7 segment, 4 digit display - not exactly an uncommon or complex activity. I couldn't get a stable timing resolution any smaller than 500 microseconds, and at this point you're plugging decimal numbers into DotNet's TimeSpan.FromMilliseconds and things are getting silly.
I'll have to try it with a straight up loop to see what overhead the threaded timer introduces, but right now Visual Studio is refusing to deploy code at all- probably because I've got a shoddy networking setup to bridge the Windows IOT ethernet-only connection to my PC.
One thing is abundantly clear; if you're not a DotNet/C# developer then it isn't for you.
It's Microsoft, just saying.
gsmyth said:
Anyone gave this a try yet?
http://gizmodo.com/you-can-download..._source=gizmodo_twitter&utm_medium=socialflow
Click to expand...
Click to collapse
It is just for developers. No desktop only app testing. Total waste of time.
gsmyth said:
Anyone gave this a try yet?
I'm also interested in finding out. Haven't tried it myself yet.
Anyone got it running?
How does it compare to 8.1?
Click to expand...
Click to collapse
@wodeh: what do you recommend to use in place of Windows 10 ? How does it compare to linux+python (with RPi-gpio) ?
I never used my RPi for this kind of things, I'm just curious.
@davcri91 it depends what you're familiar with- if you already know C#, use Windows and are familiar with Visual Studio then it will certainly get you off to a good start. Right now, though, support for Pi add-ons in Windows 10 is going to be all but non-existent so it's not the best all-round experience.
Raspbian, the official OS, grants you much more flexibility- you can choose to use Python, Ruby, Node JS, PHP, C, Go or really whatever you fancy. All the current documentation and software support is focussed on this OS, so Pi add-ons- especially more complicated things like our Unicorn HAT or the Pi DAC+- will work.
As for performance, I've yet to try a better test since I couldn't get Visual Studio to upload code to my Pi anymore and didn't want to waste any more time with it. My initial experimentation suggested that C# is tremendously slow at toggling an IO pin though, I couldn't even reasonably multiplex a 4-digit, 7-segment display whereas in Raspbian I can clock out serial data to a 128x64 pixel LCD at 200FPS.
Someone with a more recent working knowledge of C# ( mine is about 10 years out of date ) could probably do somewhat better... I'd hope.
The GUI "Universal App" stuff seems to be a talking point for Windows IoT but this has absolutely no utility in any setup that doesn't have a screen. My preferred setup for Raspberry Pi UIs is HTML/CSS with a RESTful or Web Sockets API- that way I can use my phone, my laptop, or whatever screen/device is handy.
So to summarise:
Windows IoT:
* Targeted at existing C# developers
* Dev-environment with step debugging and all the trimmings
* GUI framework... I think... for better or worse
* Slow to build and deploy
* Slow IO, it seems
* Impossible to use pins reserved for I2C/SPI as general purpose IO, breaking any add-ons that rely on this
Raspbian:
* Complete and total free for all- could probably even use C# with Mono
* Whatever Dev environment you can cobble together.. it'll probably be Sublime Text on your computer plus SCP or VIM/NANO/IDLE
* No standard framework for doing anything, which is a shame- there needs to be an official stance + docs on App/Game dev for the Pi
* You can just run Interactive Python and toggle GPIO pins on and off instantly with commands- fast deployment/test/fail cycle since you're already *on* the device
* IO pins will toggle at 20 Megahertz using C, although the resulting signal will be useless mush
* You can re-assign IO pins as you see fit- SPI and I2C can be regular GPIO, and you can use ALT functions to move some things around
This is a totally top-of-my-head summary of the strengths/weaknesses of each. It's an apples to oranges comparison, though!
You made a really great post, thank you wodeh
For now I think I'll stick to linux because I'm used to Python.
Switching to Linux after many years of using Windows can be a daunting task, but nowadays, it’s easier than ever. I just finished up four years of a computer science degree, for most of which I would switch between Windows and Linux. Windows was primarily my gaming operating system (as anti-cheat clients for games like Counter-Strike require Windows), but for anything else, Ubuntu was my go-to operating system. Prior to starting my degree, I was almost completely a die-hard Windows user (admittedly with experience in Linux server administration) and I would scoff at the thought of having Linux installed on my main machine.
However, it quickly became apparent that Linux in recent years is a whole lot easier than it once was, and the suite of applications you can install has grown dramatically. Gone are the days of needing to compile your own applications, for example, as there are now countless application repositories that you can access. If you think about it, even ChromeOS is a Linux derivative, which has more than enough software support for many people.
My personal Linux experience has basically always been with Ubuntu, but it has clearly improved across the board with package managers coming bundled with many of the popular distributions. Being a hardcore Windows user, I knew my way around a computer and the little that I did need to use the command line for I felt comfortable in using. Pretty much all your favorite applications are on Linux, and the ones that aren’t often have viable alternatives.
For the purposes of this article, I am going to be documenting my switch from Windows to Ubuntu. Ubuntu is a Debian-based Linux distribution and uses the Synaptic package manager, which is a GUI for the Advanced Package Tool, or APT. It also has built-in Snap support. The beauty of using Linux is the terminal, and in particular, how much control it hands over to the user.
Note: forcing yourself to get used to Linux isn’t something that you need to do, and it will come naturally over time. If you’re like me, you’ve used Windows machines all your life, and it won’t be easy to immediately transition over. Your computer is your computer, and making sure you can still do everything that you need to do is paramount.
Linux package managersThe biggest learning curve when switching from Windows to Linux will be learning how to use package manager. In most cases, the various Linux package managers all act and feel the same, and switching from one to another is easy once you’ve learned how to use one of them.
With Ubuntu, you can use the Synaptic package manager, or you can do what I do and make use of APT via the terminal. Applications can be downloaded and installed online as you would on a Windows machine in most cases, and the ones that require a bit more work often have instructions on how to use the terminal to install them.
Personally, I switched to just using the terminal and the apt-get command for nearly all cases.
Build your ownIf you’re the kind of person to want to have complete control over their operating system (which likely explains why you’re considering switching from Windows), Arch Linux is an operating system that you basically will need to end up building yourself. It’s a pretty lengthy install process, but a great way to get to grips with Linux and how the terminal works, while also ensuring you setup and install everything that you need and nothing more. Depending on the device you’re using, it’s possible you may need to engage in a lengthy setup anyway in some way or another.
For me, installing Ubuntu on the Huawei MateBook 14 2020 required building the latest version of the Linux kernel in order to ensure complete compatibility, as Ubuntu at the time did not support the Ryzen 4xxx series of chipsets. Your mileage will vary on this front, as it’s entirely possible that your machine will work right out of the box with Ubuntu, once all drivers are set up.
Install Arch Linux
Software that I useThe biggest sign that Linux has come a long way is that pretty much every common application that you would use is now present on the platform. I play a lot of games, I listen to a lot of music, and I do some development. These are the three core necessities I had when switching, and nearly all of them have been met.
Gaming
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Gaming on Linux is by far the most underdeveloped facet of the ecosystem, and it’s a mixture of developer choices and a history of poor graphics drivers that have left Linux in the current situation that it’s in. NVIDIA refused to contribute open-source drivers, and AMD had an open-source Radeon driver that was not as good as the proprietary alternative dubbed Catalyst. The only open-source NVIDIA alternative was Nouveau, which was developed unofficially by reverse engineering official NVIDIA drivers. These issues were exacerbated by developers not even building games for Linux, though that has changed more in recent years with the advent of the Steam PC (which runs Linux) and a growing number of Linux users on Steam.
There are a lot of AAA titles that don’t work on Linux, and likely won’t ever. All hope is not lost though, as a combination of Proton and Steam Play makes most Windows-only games at least compatible with Linux, even if they may not work perfectly. Proton is a fork of WINE, a compatibility layer for Windows applications to run on Linux, and it has a number of optimizations primarily focused on gaming to ensure compatibility across operating systems.
While an argument can be made that Proton’s existence encourages developers to not bother with implementing proper Linux support, it’s better than the alternative of games not being playable at all. Ultimately, gaming is no longer next to impossible on Linux machines, which puts it far ahead of where it once was. The biggest issue for me switching entirely has been that a lot of anti-cheat software does not run on Linux, and the two anti-cheat clients that I use for Counter-Strike are Windows-only. Aside from that, there’s no gaming incompatibility stopping me from using Linux all of the time.
Many die-hard Linux users will say not to support WIndows-only games, as that will force developers to release games on Linux. While that’s technically true, only roughly 1% of gamers on Steam are using Linux. Is the number growing? Yes. Is it still low? Also yes. The truth is that there isn’t enough interest for developers to want to care about Linux if it’s not easy for them to do so, and rather than alienating people from the Linux community just because they want to play Windows games, we should be welcoming them with open arms and showing them how to get around what may be the one deterrent they face.
If you’re going to ask someone to switch to an operating system that they don’t know and need to learn, and they need to no longer play their favorite games, that’s a pretty tall order for a lot of people.
Download Steam
DevelopmentIf anything, development on Linux is easier than on Windows. I use virtualization software in the form of Docker and VirtualBox, both of which are much easier to set up and use on Linux. Docker itself can be finicky to use, whereas the terminal in Ubuntu makes managing and switching between my containers a breeze. The environment variables are also much quicker to manage (in my opinion), meaning that it is easier to set up file paths for SDKs and commonly used project management tools like Maven.
I personally use IntelliJ as my IDE for Java, and PyCharm as my IDE for Python. Setting up LaTeX for document creation and editing was also much easier than on Windows, particularly when attempting to install all of the LaTeX packages that I use for my document templates. LaTeX is a collection of independent tools, and the LaTeX distribution that I use is TeX Live.
Download Docker
Download VirtualBox
Download IntelliJ
Download PyCharm
Download LaTeX
Photo editingSadly, Adobe hasn’t released any of its tools officially on Linux. There are two ways to get the likes of Photoshop working on Linux - WINE and PlayOnLinux, or VirtualBox. As already mentioned, virtualization technologies work well on Linux, and it shouldn’t be a problem to get working. However, it’s likely that performance will suffer if running it in a full-fledged Windows VM, particularly if your computer isn’t powerful. If you don’t need all of the advanced features of Photoshop, then you can switch to using GIMP for photo editing, as it does a lot of what Photoshop does.
Download GIMP
Video editing softwareMost major video editors aren’t on Linux, and therefore, it’s likely you’re going to need to learn to use a new video editing software. I use MAGIX Vegas 16 for my video editing, and others might not use Adobe Premiere. If you don’t mind learning a new video editor, then the powerful DaVinci Resolve might be exactly what you need to transition over to Linux. What’s more, DaVinci Resolve is free, so you can try it out without needing to break the bank. Like anything, there’s a learning curve, but I found that having had experience with many different editors, I was able to pick it up fairly quickly.
Download DaVinci Resolve
Awesome right up!! I've gone 50/50 Windows-Linux but my distro of choice after trying many, many is Manjaro. It's very easy on computer resources and looks beautiful.
I'm hoping to do a full build of Arch this summer
Arch will be a walk in the park for you after learning Manjaro. You'll find that it's also more stable than Manjaro.
I switched to Linux a year and a half ago and haven't looked back since. Why you ask, well because I got fed up with windoze spyware. Same reason why I use a custom ROM without google trash apps though I kinda miss google maps but hey you can't have it all.
chomsky55 said:
I switched to Linux a year and a half ago and haven't looked back since. Why you ask, well because I got fed up with windoze spyware. Same reason why I use a custom ROM without google trash apps though I kinda miss google maps but hey you can't have it all.
Click to expand...
Click to collapse
XPx64 was Window's zenith with W7 being it's last good OS. I run W7 and have a XPx64 machine.
Zero faith in W11, the fail runs strong in MS.
So sick of big sister wannabes.
I helped my brother install Linux Mint MATE in his 8 year old laptop (dual-boot) and it was 5 to 10 times faster than Win10 and since then I have never even thought about using Windows 10.
#Linux4Life
Much emphasis has been placed on open-source, and I think each person approaching the use of Linux on their PC should consider unpacking this angle because there's lots to think about here. For instance, open-source doesn't necessarily mean free, and neither does it mean best in practice. Nvidia may have refused to release open-source drivers for their GPUs, but they're also spent the last year and a half working with Valve and a number of large hardware manufacturers to make their tech accessible as well as viable for gaming in Linux. Without these two companies providing this support, and the updates they continue to provide, this latest push, the most advancement made towards Linux becoming a viable platform for gaming, would not exist. And their software remains proprietary still. So does the open-source philosophy really provide much draw for non-Linux users to take the plunge?
On the note of users coming from other operating systems, I think it's perfectly reasonable to consider anybody in this group the same as drivers who don't know anything about the mechanical workings of an automobile yet still manage to use them for their intended purpose. Learning to service a vehicle yourself in order to perform maintenance or repairs is to develop a technical skill that many if not most people will never do. For most, the computer is a technical tool fit to facilitate achieving an objective. They don't fancy taking on the role of the mechanic any more than they see themselves becoming a veterinarian to provide care for Fido or Spot. Until Linux's user-experience can be as guided and polished as the simpler alternatives, it will remain the technical user's OS, primarily used by enthusiasts and programmers/developers.
sammiev said:
Arch will be a walk in the park for you after learning Manjaro. You'll find that it's also more stable than Manjaro.
Click to expand...
Click to collapse
I appreciate that. Hopefully before summer ends, I can get started on it
Clamtacos said:
Until Linux's user-experience can be as guided and polished as the simpler alternatives, it will remain the technical user's OS, primarily used by enthusiasts and programmers/developers.
Click to expand...
Click to collapse
This is the number one reason why I use Linux in the first place. I stopped compiling ROMS with the HTC-Evo - which was the first time I set up a Linux build. The first computer I ever bought was a Win 95 Machine (I actually had an old DOS machine with Win 3.1 on it for a short time) and from the beginning, I jumped right into being "the Mechanic"
I JUST started with Ubuntu the other day. I am finding getting connected to my NAS devices takes a LOT of time. Wondering what I need to change/do to make it as fast as Windowz. Just a 2X click and I'm there.
I also can't seem to find a setting for how I want to have my desktop. I don't want a wallpaper just a solid color background.
I'm 70 and it's like starting all over again with a PC. I KNOW my way around Windowz, after all been on it since 1988 and MS DOS before that. So I'm somewhat savvy but this is a whole new world.
flhthemi said:
I JUST started with Ubuntu the other day. I am finding getting connected to my NAS devices takes a LOT of time. Wondering what I need to change/do to make it as fast as Windowz. Just a 2X click and I'm there.
I also can't seem to find a setting for how I want to have my desktop. I don't want a wallpaper just a solid color background.
I'm 70 and it's like starting all over again with a PC. I KNOW my way around Windowz, after all been on it since 1988 and MS DOS before that. So I'm somewhat savvy but this is a whole new world.
Click to expand...
Click to collapse
First, which Distro are you using and second, Google/Bing/Duck are your best friends. On almost any Distro there are packages you can install that will allow you to tweak your settings, download other wallpapers, fonts, etc. That;'s one of the best parts of Linux - it's customizable to anyway YOU want
Over the years I've kept looking at using Linux instead of Windows. But every time I go back to Windows for the following reasons:
I find the Linux system management arcane. I don't want to be a systems manager. I want something as "easy" as Windows' Control Panel/Settings
I use Microsoft Office products and OpenOffice is, for me, not a suitable alternative, especially not for Excel
I use iTunes for my music
I've tried Wine but found it clunky and slow.
I really like the scripting Linux has (I use lots of shell scripts to get certain tasks done) so I use Windows Subsystem for Linux. But that's a far cry from a full-fledge PC.
Clamtacos said:
Much emphasis has been placed on open-source, and I think each person approaching the use of Linux on their PC should consider unpacking this angle because there's lots to think about here. For instance, open-source doesn't necessarily mean free, and neither does it mean best in practice. Nvidia may have refused to release open-source drivers for their GPUs, but they're also spent the last year and a half working with Valve and a number of large hardware manufacturers to make their tech accessible as well as viable for gaming in Linux. Without these two companies providing this support, and the updates they continue to provide, this latest push, the most advancement made towards Linux becoming a viable platform for gaming, would not exist. And their software remains proprietary still. So does the open-source philosophy really provide much draw for non-Linux users to take the plunge?
On the note of users coming from other operating systems, I think it's perfectly reasonable to consider anybody in this group the same as drivers who don't know anything about the mechanical workings of an automobile yet still manage to use them for their intended purpose. Learning to service a vehicle yourself in order to perform maintenance or repairs is to develop a technical skill that many if not most people will never do. For most, the computer is a technical tool fit to facilitate achieving an objective. They don't fancy taking on the role of the mechanic any more than they see themselves becoming a veterinarian to provide care for Fido or Spot. Until Linux's user-experience can be as guided and polished as the simpler alternatives, it will remain the technical user's OS, primarily used by enthusiasts and programmers/developers.
Click to expand...
Click to collapse
Yeah, I Agree with U.
Non-Commercial licenses have its own limitation too.
But, commercial and non-commercial licenses have given us "a color" in our life!
HipKat said:
First, which Distro are you using and second, Google/Bing/Duck are your best friends. On almost any Distro there are packages you can install that will allow you to tweak your settings, download other wallpapers, fonts, etc. That;'s one of the best parts of Linux - it's customizable to anyway YOU want
Click to expand...
Click to collapse
I WAS using 20.04 but got so frustrated I had to give up. I couldn't figure out how to add a folder to the desktop and then put shortcuts in it. Made a folder but I couldn't put anything into it. Then I played some STEREO 2CH videos and only the left side would be audible. Sound settings are so minimal....using the slider for L/R balance did nothing to change it. I guess I'm just too dang stupid to figure it out.
I'm not bad mouthing it, believe me. It's just not the right distro for me, I guess.
flhthemi said:
I WAS using 20.04 but got so frustrated I had to give up. I couldn't figure out how to add a folder to the desktop and then put shortcuts in it. Made a folder but I couldn't put anything into it. Then I played some STEREO 2CH videos and only the left side would be audible. Sound settings are so minimal....using the slider for L/R balance did nothing to change it. I guess I'm just too dang stupid to figure it out.
I'm not bad mouthing it, believe me. It's just not the right distro for me, I guess.
Click to expand...
Click to collapse
Hey i get it too. But, I can say, depending on where you are at with updates, 20.04 has been getting many updates over past few weeks.
i can say gamers and audio files are folks that use a program for the needs. should look at snaps for a Real Hi-Fi player. (Some browsers and some players are just not good enough)
Hang in there... from what I have been reading, the next Ubuntu LTS seems to be rather nice, right from the start. Just need the right software for what you want to do
I JUST started with Ubuntu the other day. I am finding getting connected to my NAS devices takes a LOT of time. Wondering what I need to change/do to make it as fast as Windowz. Just a 2X click and I'm there.
Click to expand...
Click to collapse
I use Ubuntu from time to time. For mounting nas shares I use a script file with mount points which I execute after boot. Example line for the script below. Make sure you create mount points first (for example /media/Tv-shows)
sudo mount -t cifs //192.168.1.123/data/TV-Shows -o uid=1000,username=admin,password=password,rw,nounix,iocharset=utf8 /media/Tv-Shows
I'm sure there is more (maybe easier) ways but this is how I do it
I guess I'm just spoiled. I don't feel I should have to do a script to access my NAS. They showed up but were not accessible in Mint or in Ubuntu. I installed Zorin? and access to them and could make book marks. Somehow, I still felt limited. So I just threw in the towel and went back to Windowz. Too old to give a dang and too set in my ways I guess. Thanks for the info and the help but it's just not gonna be an OS for me.
I just dual boot so I can have the best of both worlds. Thanks for sharing.
sammiev said:
Arch will be a walk in the park for you after learning Manjaro. You'll find that it's also more stable than Manjaro.
Click to expand...
Click to collapse
Um no
Arch is obviously more stable then manjaro, but it definitely won't be a walk in the park (especially the installation) after using an OS with pre-included apps
I'd suggest using Arch after mastering the Debian based distros (like ubuntu or mint) or experiment with manjaro in a vm (better in my opinion)
NullCode said:
Um no
Arch is obviously more stable then manjaro, but it definitely won't be a walk in the park (especially the installation) after using an OS with pre-included apps
I'd suggest using Arch after mastering the Debian based distros (like ubuntu or mint) or experiment with manjaro in a vm (better in my opinion)
Click to expand...
Click to collapse
I'm long past Ubuntu and Mint and I've watched a few walk-throughs for building Arch from code. It'll be a project but one worth taking on