Categories
Security

How a university got itself banned from the Linux kernel

On the evening of April 6th, a student emailed a patch to a list of developers. Fifteen days later, the University of Minnesota was banned from contributing to the Linux kernel.

“I suggest you find a different community to do experiments on,” wrote Linux Foundation fellow Greg Kroah-Hartman in a livid email. “You are not welcome here.”

How did one email lead to a university-wide ban? I’ve spent the past week digging into this world — the players, the jargon, the university’s turbulent history with open-source software, the devoted and principled Linux kernel community. None of the University of Minnesota researchers would talk to me for this story. But among the other major characters — the Linux developers — there was no such hesitancy. This was a community eager to speak; it was a community betrayed.


The story begins in 2017, when a systems-security researcher named Kangjie Lu became an assistant professor at the University of Minnesota.

Lu’s research, per his website, concerns “the intersection of security, operating systems, program analysis, and compilers.” But Lu had his eye on Linux — most of his papers involve the Linux kernel in some way.

The Linux kernel is, at a basic level, the core of any Linux operating system. It’s the liaison between the OS and the device on which it’s running. A Linux user doesn’t interact with the kernel, but it’s essential to getting things done — it manages memory usage, writes things to the hard drive, and decides what tasks can use the CPU when. The kernel is open-source, meaning its millions of lines of code are publicly available for anyone to view and contribute to.

Well, “anyone.” Getting a patch onto people’s computers is no easy task. A submission needs to pass through a large web of developers and “maintainers” (thousands of volunteers, who are each responsible for the upkeep of different parts of the kernel) before it ultimately ends up in the mainline repository. Once there, it goes through a long testing period before eventually being incorporated into the “stable release,” which will go out to mainstream operating systems. It’s a rigorous system designed to weed out both malicious and incompetent actors. But — as is always the case with crowdsourced operations — there’s room for human error.

Some of Lu’s recent work has revolved around studying that potential for human error and reducing its influence. He’s proposed systems to automatically detect various types of bugs in open source, using the Linux kernel as a test case. These experiments tend to involve reporting bugs, submitting patches to Linux kernel maintainers, and reporting their acceptance rates. In a 2019 paper, for example, Lu and two of his PhD students, Aditya Pakki and Qiushi Wu, presented a system (“Crix”) for detecting a certain class of bugs in OS kernels. The trio found 278 of these bugs with Crix and submitted patches for all of them — the fact that maintainers accepted 151 meant the tool was promising.

On the whole, it was a useful body of work. Then, late last year, Lu took aim not at the kernel itself, but at its community.


In “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits,” Lu and Wu explained that they’d been able to introduce vulnerabilities into the Linux kernel by submitting patches that appeared to fix real bugs but also introduced serious problems. The group called these submissions “hypocrite commits.” (Wu didn’t respond to a request for comment for this story; Lu referred me to Mats Heimdahl, the head of the university’s department of computer science and engineering, who referred me to the department’s website.)

The explicit goal of this experiment, as the researchers have since emphasized, was to improve the security of the Linux kernel by demonstrating to developers how a malicious actor might slip through their net. One could argue that their process was similar, in principle, to that of white-hat hacking: play around with software, find bugs, let the developers know.

But the loudest reaction the paper received, on Twitter and across the Linux community, wasn’t gratitude — it was outcry.

“That paper, it’s just a lot of crap,” says Greg Scott, an IT professional who has worked with open-source software for over 20 years.

“In my personal view, it was completely unethical,” says security researcher Kenneth White, who is co-director of the Open Crypto Audit Project.

The frustration had little to do with the hypocrite commits themselves. In their paper, Lu and Wu claimed that none of their bugs had actually made it to the Linux kernel — in all of their test cases, they’d eventually pulled their bad patches and provided real ones. Kroah-Hartman, of the Linux Foundation, contests this — he told The Verge that one patch from the study did make it into repositories, though he notes it didn’t end up causing any harm.

Still, the paper hit a number of nerves among a very passionate (and very online) community when Lu first shared its abstract on Twitter. Some developers were angry that the university had intentionally wasted the maintainers’ time — which is a key difference between Minnesota’s work and a white-hat hacker poking around the Starbucks app for a bug bounty. “The researchers crossed a line they shouldn’t have crossed,” Scott says. “Nobody hired this group. They just chose to do it. And a whole lot of people spent a whole lot of time evaluating their patches.”

“If I were a volunteer putting my personal time into commits and testing, and then I found out someone’s experimenting, I would be unhappy,” Scott adds.

Then, there’s the dicier issue of whether an experiment like this amounts to human experimentation. It doesn’t, according to the University of Minnesota’s Institutional Review Board. Lu and Wu applied for approval in response to the outcry, and they were granted a formal letter of exemption.

The community members I spoke to didn’t buy it. “The researchers attempted to get retroactive Institutional Review Board approval on their actions that were, at best, wildly ignorant of the tenants of basic human subjects’ protections, which are typically taught by senior year of undergraduate institutions,” says White.

“It is generally not considered a nice thing to try to do ‘research’ on people who do not know you are doing research,” says Kroah-Hartman. “No one asked us if it was acceptable.”

That thread ran through many of the responses I got from developers — that regardless of the harms or benefits that resulted from its research, the university was messing around not just with community members but with the community’s underlying philosophy. Anyone who uses an operating system places some degree of trust in the people who contribute to and maintain that system. That’s especially true for people who use open-source software, and it’s a principle that some Linux users take very seriously.

“By definition, open source depends on a lively community,” Scott says. “There have to be people in that community to submit stuff, people in the community to document stuff, and people to use it and to set up this whole feedback loop to constantly make it stronger. That loop depends on lots of people, and you have to have a level of trust in that system … If somebody violates that trust, that messes things up.”

After the paper’s release, it was clear to many Linux kernel developers that something needed to be done about the University of Minnesota — previous submissions from the university needed to be reviewed. “Many of us put an item on our to-do list that said, ‘Go and audit all umn.edu submissions,’” said Kroah-Hartman, who was, above all else, annoyed that the experiment had put another task on his plate. But many kernel maintainers are volunteers with day jobs, and a large-scale review process didn’t materialize. At least, not in 2020.


On April 6th, 2021, Aditya Pakki, using his own email address, submitted a patch.

There was some brief discussion from other developers on the email chain, which fizzled out within a few days. Then Kroah-Hartman took a look. He was already on high alert for bad code from the University of Minnesota, and Pakki’s email address set off alarm bells. What’s more, the patch Pakki submitted didn’t appear helpful. “It takes a lot of effort to create a change that looks correct, yet does something wrong,” Kroah-Hartman told me. “These submissions all fit that pattern.”

So on April 20th, Kroah-Hartman put his foot down.

“Please stop submitting known-invalid patches,” he wrote to Pakki. “Your professor is playing around with the review process in order to achieve a paper in some strange and bizarre way.”

Maintainer Leon Romanovsky then chimed in: he’d taken a look at four previously accepted patches from Pakki and found that three of them added “various severity” security vulnerabilities.

Kroah-Hartman hoped that his request would be the end of the affair. But then Pakki lashed back. “I respectfully ask you to cease and desist from making wild accusations that are bordering on slander,” he wrote to Kroah-Hartman in what appears to be a private message.

Kroah-Hartman responded. “You and your group have publicly admitted to sending known-buggy patches to see how the kernel community would react to them, and published a paper based on that work. Now you submit a series of obviously-incorrect patches again, so what am I supposed to think of such a thing?” he wrote back on the morning of April 21st.

Later that day, Kroah-Hartman made it official. “Future submissions from anyone with a umn.edu address should be default-rejected unless otherwise determined to actually be a valid fix,” he wrote in an email to a number of maintainers, as well as Lu, Pakki, and Wu. Kroah-Hartman reverted 190 submissions from Minnesota affiliates — 68 couldn’t be reverted but still needed manual review.

It’s not clear what experiment the new patch was part of, and Pakki declined to comment for this story. Lu’s website includes a brief reference to “superfluous patches from Aditya Pakki for a new bug-finding project.”

What is clear is that Pakki’s antics have finally set the delayed review process in motion; Linux developers began digging through all patches that university affiliates had submitted in the past. Jonathan Corbet, the founder and editor in chief of LWN.net, recently provided an update on that review process. Per his assessment, “Most of the suspect patches have turned out to be acceptable, if not great.” Of over 200 patches that were flagged, 42 are still set to be removed from the kernel.


Regardless of whether their reaction was justified, the Linux community gets to decide if the University of Minnesota affiliates can contribute to the kernel again. And that community has made its demands clear: the school needs to convince them its future patches won’t be a waste of anyone’s time.

What will it take to do that? In a statement released the same day as the ban, the university’s computer science department suspended its research into Linux-kernel security and announced that it would investigate Lu’s and Wu’s research method.

But that wasn’t enough for the Linux Foundation. Mike Dolan, Linux Foundation SVP and GM of projects, wrote a letter to the university on April 23rd, which The Verge has viewed. Dolan made four demands. He asked that the school release “all information necessary to identify all proposals of known-vulnerable code from any U of MN experiment” to help with the audit process. He asked that the paper on hypocrite commits be withdrawn from publication. He asked that the school ensure future experiments undergo IRB review before they begin, and that future IRB reviews ensure the subjects of experiments provide consent, “per usual research norms and laws.”

Two of those demands have since been met. Wu and Lu have retracted the paper and have released all the details of their study.

The university’s status on the third and fourth counts is unclear. In a letter sent to the Linux Foundation on April 27th, Heimdahl and Loren Terveen (the computer science and engineering department’s associate department head) maintain that the university’s IRB “acted properly,” and argues that human-subjects research “has a precise technical definition according to US federal regulations … and this technical definition may not accord with intuitive understanding of concepts like ‘experiments’ or even ‘experiments on people.’” They do, however, commit to providing more ethics training for department faculty. Reached for comment, university spokesperson Dan Gilchrist referred me to the computer science and engineering department’s website.

Meanwhile, Lu, Wu, and Pakki apologized to the Linux community this past Saturday in an open letter to the kernel mailing list, which contained some apology and some defense. “We made a mistake by not finding a way to consult with the community and obtain permission before running this study; we did that because we knew we could not ask the maintainers of Linux for permission, or they would be on the lookout for hypocrite patches,” the researchers wrote, before going on to reiterate that they hadn’t put any vulnerabilities into the Linux kernel, and that their other patches weren’t related to the hypocrite commits research.

Kroah-Hartman wasn’t having it. “The Linux Foundation and the Linux Foundation’s Technical Advisory Board submitted a letter on Friday to your university,” he responded. “Until those actions are taken, we do not have anything further to discuss.”

Coronavirus in Minnesota

Photo by Glen Stubbe / Star Tribune via Getty Images

From the University of Minnesota researchers’ perspective, they didn’t set out to troll anyone — they were trying to point out a problem with the kernel maintainers’ review process. Now the Linux community has to reckon with the fallout of their experiment and what it means about the security of open-source software.

Some developers rejected University of Minnesota researchers’ perspective outright, claiming the fact that it’s possible to fool maintainers should be obvious to anyone familiar with open-source software. “If a sufficiently motivated, unscrupulous person can put themselves into a trusted position of updating critical software, there’s honestly little that can be done to stop them,” says White, the security researcher.

On the other hand, it’s clearly important to be vigilant about potential vulnerabilities in any operating system. And for others in the Linux community, as much ire as the experiment drew, its point about hypocrite commits appears to have been somewhat well taken. The incident has ignited conversations about patch-acceptance policies and how maintainers should handle submissions from new contributors, across Twitter, email lists, and forums. “Demonstrating this kind of ‘attack’ has been long overdue, and kicked off a very important discussion,” wrote maintainer Christoph Hellwig in an email thread with other maintainers. “I think they deserve a medal of honor.”

“This research was clearly unethical, but it did make it plain that the OSS development model is vulnerable to bad-faith commits,” one user wrote in a discussion post. “It now seems likely that Linux has some devastating back doors.”

Corbet also called for more scrutiny around new changes in his post about the incident. “If we cannot institutionalize a more careful process, we will continue to see a lot of bugs, and it will not really matter whether they were inserted intentionally or not,” he wrote.

And even for some of the paper’s most ardent critics, the process did prove a point — albeit, perhaps, the opposite of the one Wu, Lu, and Pakki were trying to make. It demonstrated that the system worked.

Eric Mintz, who manages 25 Linux servers, says this ban has made him much more confident in the operating system’s security. “I have more trust in the process because this was caught,” he says. “There may be compromises we don’t know about. But because we caught this one, it’s less likely we don’t know about the other ones. Because we have something in place to catch it.”

To Scott, the fact that the researchers were caught and banned is an example of Linux’s system functioning exactly the way it’s supposed to. “This method worked,” he insists. “The SolarWinds method, where there’s a big corporation behind it, that system didn’t work. This system did work.”

“Kernel developers are happy to see new tools created and — if the tools give good results — use them. They will also help with the testing of these tools, but they are less pleased to be recipients of tool-inspired patches that lack proper review,” Corbet writes. The community seems to be open to the University of Minnesota’s feedback — but as the Foundation has made clear, it’s on the school to make amends.

“The university could repair that trust by sincerely apologizing, and not fake apologizing, and by maybe sending a lot of beer to the right people,” Scott says. “It’s gonna take some work to restore their trust. So hopefully they’re up to it.”



Repost: Original Source and Author Link

Categories
Tech News

After a week with Apple AirTags, this is what I can’t work out

If Apple’s big strength is taking the complex and stressful and making it simple and elegant, then its AirTag tracker might be the most successful gadget from the company in years. It’s no surprise, then, that since the tiny circular tags were announced earlier in the month, people have been brainstorming just what they might attach them to. I’m no different, though I’ve come to realize AirTags aren’t yet entirely amenable to everything important in my day-to-day life.

You could throw an AirTag into a bag, suitcase, or glove compartment, but for most applications you’re going to need an accessory. Since there’s no hole or loop on the tracker itself, a keychain or loop is needed to attach your AirTag to your car keys or purse. In the process, that could actually double the price of the whole system for you.

Where Apple leaves off, of course, the third-party ecosystem steps in. Rival trackers can’t count on accessory makers jumping in with new add-ons, but AirTags are almost certainly to be popular enough that there’ll be a flourishing aftermarket of keychains, tags, loops, and other peripherals. To begin with it’s likely that they’ll stick to the mainstream, like cheaper versions of Apple’s own designs, but the arrival of more niche or imaginative alternatives only seem like a matter of time.

What they won’t be able to do, though, is change the practicality of the core AirTag hardware. Apple’s coin-like tracker is a compact 1.26 inches in diameter, and 0.31 inches thick, and it weighs 0.39 ounces. That’s small enough to be negligible hanging from your keychain or backpack, but its shape may prove a headache depending on what exactly you want to keep tabs on.

While I know Apple would like me to just use Apple Pay and the digital wallet on iPhone, I do still carry a physical wallet around with me. With various cards, including my driver’s license, in there, it’s something I really wouldn’t want to have go missing. In fact, it’s an ideal candidate for an AirTag, or at least it would be if the shape was different.

Like a round peg in a square hole, the AirTag just isn’t designed to comfortably nestle into a traditional bifold wallet. Mine isn’t even that skinny, just a regular leather wallet; those who’ve jumped on the slimline card-holder trend will find it even more incompatible with this first AirTag’s dimensions.

What I need – and what I suspect a lot of people will want – is a version of AirTag shaped like a credit card. The absence of that today raises the question of Apple’s longer-term plans for its tracking range, and whether it intends for this initial AirTag to be a standalone product or part of a family of devices offering the same core Find My location services.

Obviously Apple would need to change some things in order to make a shape switch like that possible. There are bigger challenges than just reworking the U1 hardware – Bluetooth, Ultra Wideband, and all – into a flatter form-factor, mind. One of the most pleasing aspects of AirTags and, frankly, the most surprising is that the battery is user-replaceable.

I don’t think anybody would’ve been too surprised had Apple decided to take the easy option, and the one that in the long-term would be most lucrative, and completely sealed its AirTag design. After all, that approach makes waterproofing simpler, and it would also have allowed for a non-standard battery which could’ve made the tracker itself smaller. You can see how that works by looking inside the tiny casing of an AirPod.

Instead, though, it opted for a CR2032 button cell battery: widely-available, inexpensive, and easy to replace. An AirTag itself is hardly larger than that battery, in fact. Still, it does present an issue for alternative form-factors.

A credit card shaped AirTag, designed to fit into a wallet, purse, or luggage tag, could be much wider than the current, button-like tracker. However it would also have to be much thinner: we’ve seen how that works with Tile Slim, which the company says is the thickness of two credit cards. That’s just too narrow for an off-the-shelf battery, and so Tile uses a custom battery which lasts for up to three years.

The downside is that it’s not user-replaceable. Once the battery in your Tile Slim starts to lose charge, that’s it: you can’t top it up, and you can’t swap it out yourself. If you’re a Tile Premium subscriber you get free battery replacements every year, but that does mean paying a monthly or annual service fee.

There are more reasons than price to be wary, of course. Products with sealed batteries have an obvious environmental consequence to stomach, with many small electronics designed with little more than landfill in mind as their final resting place. Even Apple, which talks about recycling more than many consumer tech firms, hasn’t figured out an effective way to extract everything from AirPods once they expire. Send your old earbuds to the company, and its e-waste partners will crack it open by hand and then tease out what few reusable elements can be rescued.

The fact that AirTag isn’t facing the same fate, at least not until the hardware itself breaks or reaches obsolescence, is great. However it does potentially back Apple into a corner when it comes to alternative form-factors. A CR2032 battery is 3.2mm thick: that’s already thicker than a Tile Slim, by comparison.

I’m not entirely sure where the reasonable compromise lies on all this. For usability, I’d really like a slimmer, card-like AirTag: losing my wallet now would be a headache, but it would’ve been even more distressing in the days when I was carrying my Green Card around with me all the time. If AirTag’s purpose is to keep track of the everyday items that mean the most to you, I’d definitely say that wallets are a key candidate.

At the same time, the idea of eventually contributing to more landfill, and having to replace hardware every few years as the battery expires, doesn’t sit especially comfortably with me either. Unless Apple comes up with a new recycling system which makes extracting reusable elements both cost-effective and efficient, it’s difficult to see how a fixed battery could have true green credentials. Even if annual replacements were covered as part of an upgraded iCloud plan, I’d still like to know that the bulk of my old AirTag wasn’t just ending up buried somewhere.

As a first product, I really like how AirTag works. Apple has nailed the ease of setup and use process, and features like Precision Finding are a legitimately huge step forward compared to how other trackers guide you to your absent items. What I can already tell is that AirTags could be something we quickly come to rely upon; until Apple figures out a version for different form-factors, hopefully I’ll remember that not every item in my pockets is quite so resilient to getting lost.

Repost: Original Source and Author Link

Categories
Game

Among Us lines up PS5, PS4 debut for 2021

With everybody cooped up at home during the COVID-19 pandemic over the past year, several multiplayer games saw a dramatic rise in popularity. Among Us was one of those games, and its meteoric rise has prompted developer Innersloth Games to make some big changes to its development schedule, cancelling a planned sequel and rolling its content into the current game and beginning the process of bringing Among Us to other platforms.

Among Us started life as a mobile game for Android and iOS in 2018 before launching on PC later that same year. Late last year, Innersloth brought Among Us to Nintendo Switch, and toward the end of March, the company announced that the game will be coming to Xbox Series X|S and Xbox One sometime this year. Now Innersloth is closing out April by announcing that it’s coming to PlayStation 4 and PlayStation 5 as well.

We don’t know when, exactly, Among Us will come to PlayStation 4 and 5, but Innersloth does say that it’s coming later this year. With Xbox versions in the works as well, it’s possible that we’ll see the game launch on Xbox and PlayStation at the same time in 2021.

Innersloth also says that when Among Us comes to PlayStation, it’ll launch with all four maps that are currently available in other versions of the game. That means the massive Airship map, which launched earlier this year and is the most recent map in the pool, will be present in the PlayStation version from day one.

Also unknown is how much Among Us will cost on PlayStation 4 and 5, but we can make an educated guess there since it costs a mere $5 on both PC and Switch (it’s free to download on iOS and Android). We’ll let you know when more details about the PlayStation version of Among Us are revealed, so stay tuned for more.

Repost: Original Source and Author Link

Categories
Tech News

Microsoft teases Word’s next default font — so we got a designer to weigh in

Big, terrifying changes are afoot: there’s going to be a new default font in Microsoft Word. Please, don’t panic. You can riot, sure, but no panicking.

This decision was announced on Microsoft’s blog. In the piece, the company explains that it has commissioned five different fonts that could potentially replace the current default, Calibri.

The piece itself provides a balanced view of all these different options, going into an admirable amount of depth about why they may be suitable to become Microsoft Word’s next default font.

Unfortunately though, we didn’t see this news on the blog. Instead, we saw it on that bastion of rational discussion, Twitter. Have a look:

Is a social network famous for being one of the most toxic environments on the internet the best place to engage in dialogue about a default font? Yes. Definitely. Why bother even asking that?

Anyway, we decided to ask TNW’s VP of Design, Alexander Griffioen, to wade in with his opinions.

But in order to keep the spirit of Microsoft’s social media post alive, we only showed him the image below and asked him to provide only Tweet-length comments. We’re nothing but precise and fair.

Categories
Computing

Why Thin Bezel Laptops May Have Been a Bad Idea After All

I have been complaining about the size of laptop bezels for years. Ever since Dell kicked off the trend in 2015 with the redesigned XPS 13, I’ve been pushing for smaller and smaller bezels in laptops to match what phone manufacturers have accomplished.

In that period of time, the iPhone went from having a home button on a large bottom chin to almost no bottom bezel whatsoever. I’ve been wanting laptops to take that same cutting-edge approach.

But then 2020 hit, and priorities and usage habits were flipped on their heads. Looking back, the push for ultra-thin bezels may have been a mistake.

Design compromises

Let’s start with why this whole began in the first place. Why desire thin bezels in the first place, you ask? The obvious answer is the look. Thinner bezels just feel futuristic. They remove the distractions and put the contents of the screen at the forefront. But let’s be honest, putting thinner bezels on your products is mostly about following trends. No one wants to look outdated.

But as with all things in technology and design, there’s a compromise behind every small decision. And when it comes to shrinking bezels, the webcam was always going to be the sacrifice. Some laptops tried moving the camera to some bizarre locations, such as under a key or in the bottom bezel.

In practice, most of us didn’t mind so much. It certainly didn’t stop me from crowning it the best laptop you could buy at the time. Sure, the nose cam was obnoxious. But most people would use it so infrequently, it wasn’t a dealbreaker. And eventually, laptop manufacturers did actually find ways to shrink the camera module and stuff it into the smallest top bezel possible.

But again, there was a compromise. These smaller camera modules required a smaller sensor, which struggled even more with low-light scenarios. The result is a webcam that’s basically for emergencies only. Not something you want to force your coworkers or family members to suffer through on a daily basis.

And for many of us, that’s exactly the situation we find ourselves in today. Zoom or Teams calls all day long. Many people who’d never turned on their webcam found out just how bad the quality really was. And that’s when the regret over bezel size hits you.

Laptop webcams suck

xps 13 webcam

Before 2021, it was near impossible to find a laptop with a 1080p webcam. 720p was the standard, and compared to the rest of the devices we all own, that was just sad. In the past few months, laptop manufacturers have started to pivot towards 1080p webcams, such as in new laptops from MSI and Lenovo. It didn’t come as quickly as I’d hoped, but I celebrated some 1080p options nonetheless.

As these companies have said over and over again, the higher resolution would mean a larger camera module. And with that larger camera came a thicker top bezel. Unlike phones and tablets, there just isn’t very much space in the thickness of a laptop lid behind the screen. Hence, the need for a big bezel. It’s not a flattering look, but in 2021, it’s a trade-off most people would likely prefer. That’s the opposite of what I would have said just over a year ago.

Don’t get me wrong. When I see thin bezels on a laptop, it still gives me a happy feeling inside. That’s especially true now in the bottom or side bezels.

But these days, a slim top bezel makes me less reticent to recommend a laptop today than a thicker bezel with a better webcam. The average laptop user shouldn’t need to buy a separate external webcam just to get their basic work done. Until a larger innovation around cameras and bezels come around, thick bezels just might be the future of laptop design.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Game

Monster Hunter Rise: How to Raise HR, Chameleos, Kushala Daora, Teostra Weakness

In Monster Hunter Rise, your worth as a hunter is gauged by how high your Hunter Rank (or HR) goes. Complete enough quests of your rank and you’ll be promoted to the next, unlocking harder quests to keep the ball rolling. But as of the first update this month, it’s possible to hit a roadblock or “soft cap” in Monster Hunter Rise, where simply completing key quests isn’t quite enough. Here’s how to quickly raise your HR and the Chameleos, Kushala Daora, and Teostra weaknesses you’ll need to know to progress.

Further reading:

How to increase your hunter rank in Monster Hunter Rise

For the first big chunk of Monster Hunter Rise, how you increase your Hunter Rank differs from how you’ll do it later on. Until you reach HR 7, all you need to do is clear enough Key Quests (as indicated by the Hub and Village counters on the top right portion of the screen) of the same Hunter Rank as yourself. In doing so, you’ll hit the first soft cap, blocking you from increasing your rank any further. To unlock this first roadblock, all you need to do is complete the HR 7 Urgent Quest which, as of the first post-release update, will bump you to HR 8.

If you’ve already completed the final Hub quest of the base game, you’ll be elevated to HR 8 upon logging in after the update. This is where things change a little.

Rather than be a mad dash to complete a certain number of key quests, from HR 8 onward, quests completed will award Hunter Rank points eventually level up your HR over time like a traditional RPG experience bar. Any hunts completed prior to unlocking your HR this way won’t retroactively apply, so even those who completed copious amounts of quests before the update won’t suddenly skyrocket to the next cap upon release.

How to skip to High Rank in Monster Hunter Rise

There’s often been an issue in Monster Hunter games where there’s a bit of a difficult disconnect between the single and multiplayer modes. Push through single-player and by the time you head into multiplayer, you’ll be forced to fight dozens of monsters that practically melt beneath your powerful weapons. By pushing through the ranks of the single-player Village quests, though, you’ll automatically jump to HR 4, boosting you through that initial slog and straight into High Rank multiplayer quests. That’s a time-saver!

How to quickly raise your Hunter Rank in Monster Hunter Rise

Best quest to quickly raise HR in MHR

As of the first major Monster Hunter Rise update, the HR cap has been lifted from HR 7 all the way to HR 20, 30, and 40, with franchise-favorite Elder Dragons Chameleos, Kushala Daora, and Teostra returning to greet you at each major step.

Grinding to HR 20 isn’t too long a process. Virtually any HR 7 quest will bump you up by around two whole HRs each run. The number of monsters in the quest doesn’t matter, it’s more a case of the minimum HR requirement of the quest itself. With that in mind, you’re only six quests away from hitting the first soft cap.

If completing six quests is too much for you, you can unlock three new quests from Master Utsushi. Though they show up in the HR 7 page of the Hub menu, each of these quests pits you against three powerful monsters at HR 8 difficulty. Complete them and you’ll go up four whole HRs with each clear, turning a six quest grind into three. You can easily complete this in an hour or so.

If you’re feeling brave, another way to go about this is hopping into multiplayer Rampage Quest runs. Though these typically take longer than standard quests to complete, they give around three HR upgrades per run. Join a run midway through and you could climb the ranks pretty quickly indeed. Just don’t get killed and end somebody else’s run.

As you reach each HR soft cap (20, 30, and 40) you’ll need to clear a new Urgent Quest against a returning Elder Dragon to continue the grind. You’ll immediately gain two HRs after completing each of these quests, meaning that, depending on which quest you choose, you only need to clear two or four more quests to unlock the next. The equipment made from each new Elder Dragon includes skills that perfectly counter the next beast you’ll go up against, though, making repeated runs against these big bads likely more beneficial than running any other quest right now.

How to Unlock HR 20: Chameleos Weaknesses, Weak Points, and Best Equipment

MHR Chameleos strategy
  • Elements: None (poison)
  • Weak to: Dragon, Fire, Thunder
  • Weak points: Head, stomach, hind legs

Chameleos guards the way to HR 30, pinning you to HR 20 until you defeat it. How you go about this is entirely up to you; the methods outlined above don’t really change. Polish off four standard quests or two HR 8 ones if you’re after speeding things up. If you’ve fought it in a previous Monster Hunter title, throw away what you know. It’s a very different fight now; this lizard is angry.

The secret to defeating Chameleos lies in negating heavy poison in any which way you can; Hunting/Palico horns, antidotes, antidobra, whatever you can get your hands on. Learn to read when it’s about to send out gaseous clouds and whether or not it’ll push them around with its wings and you’ll only have its occasional powerful punches to watch out for.

As problematic as Chameleos’ signature invisibility skill can be, it’s not quite as effective as in past games. Even its item-stealing tongue has been tweaked, now swiping the Petalace buffs you’ve gathered throughout the quest instead.

How to unlock HR 30: Kushala Daora Weaknesses, Weak Points, and Best Equipment

MHR Kushala Daora weakness
  • Elements: None (wind)
  • Weak to: Thunder, Dragon
  • Weak points: Head, forelegs, tail

At HR 30, Kushala Daora blocks your HR path. Grab the Urgent Request to put it down. Doing so unlocks the penultimate soft cap, paving the way for HR 40. But it’s easier said than done.

Kushala Daora commands the wind. On top of spitting out immense tornados that can quickly render large parts of the zone unusable, its wind aura will push back melee attackers, making for a particularly tricky fight.

Luckily, there are two ways to fight back against this: The Wind Resistance skill and the Poison status. The former negates the push-back of its aura, and the latter outright turns it off while afflicted. Both boons are easy to come by through various readily available equipment, but those made from Chameleos come with everything you need right out of the gate.

How to unlock HR 40: Teostra Weaknesses, Weak Points, and Best Equipment

How to beat Teostra in MHR
  • Elements: Fire, Blast
  • Weak to: Water, Ice
  • Weak points: Head, wings, tail

Just like Kushala Daora, this deadly Elder Dragon uses an aura of its own to make attacking it innately tricky. Teostra uses both Fire and Blast elements, covering itself in the former when enraged to slowly roast nearby hunters, and relying on the latter to coat the zone with dust clouds that, when it snaps its teeth, explode for heavy area damage.

Though often opting to fight on the ground where it runs rampant, using its sheer weight to knock hunters around, Teostra can use its wings to both take flight — enabling it to use a cruel traveling flamethrower attack — and even manipulate its explosive dust, pushing, or pulling the particles to make evading the powerful bang even trickier than before.

When it comes to equipment, you don’t need anything specific to take Teostra on, but heavy Fire Resistance and anything that boosts your natural recovery can help lower your reliance on Mega Potions.

If you’re in the market for some new gear, however, the best equipment for defeating Teostra comes from Kushala Daora and its Kushala Blessing buff. This set increases Water and Ice damage dealt, nullifies the damage from Teostra’s Heat Aura, and even gives you natural health regeneration that can go beyond the usual red portion of the health bar, trivializing one of the hardest fights in the game thus far.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Tech News

Pandora launches a new home screen widget for iOS and iPadOS

This week Pandora updated its app for iOS and iPadOS users. The streaming company says the goalie update was to make it easier for users to enjoy their favorite music and podcasts. Part of the update is a new home screen widget that makes it much easier to access and control music playback without having to launch the app.

Users of the Apple devices can customize their device by selecting from three sizes of the Pandora widget, allowing viewing and control of as many of seven of their most recently played songs, albums, stations, playlists, and podcasts. The controls are accessible directly from the vice home screen.

Pandora says for users to install the home screen widget for the Apple devices, they need to be running the latest version of the Pandora app for the iPhone and the iPad. Users long-press the home screen and hold it until it begins to wiggle. Once the wiggling starts, users can tap the plus button, search for Pandora, and then select from the three available sizes for the home screen widget.

Once a size is chosen, the user taps add widget, and it appears on the home screen. IPad and iPhone users do have to be running at least version 14 of both operating systems to enable the widget. Pandora is a music and podcast streaming service similar to Spotify but not as popular.

The latest version of the Pandora app is available to download right now for both the iPhone and the iPad. Last month, Pandora announced that T-Mobile subscribers were able to get a special experience with additional perks.

Repost: Original Source and Author Link

Categories
Tech News

Vivaldi browser on Android lets you automatically block cookie requests

The European Union’s GDPR was a double-edged sword that protected privacy not just for the region but for the rest of the world but at the expense of some inconveniences. Website administrators had a hell of a time implementing compliance and users now get welcomed by messages asking their permission to enable cookies. These can get pretty annoying or even downright confusing which is why Vivaldi is bringing its Cookie Crumbler feature to Android to pretty much block most of those cookies and their dialogs altogether.

It is, of course, a good thing to ask users whether they want to have cookies track their visit but, unlike Apple’s new App Tracking Transparency, the permissions for these aren’t exactly trivial. Unless you’re a more seasoned computer user, you are more likely to just allow all those cookies, which pretty much negates the purpose of letting users protect themselves online.

Vivaldi’s solution to the confusion and interruption is to just hide those dialogs and block cookies at the same time. This feature is part of its Cookie Crumbler that it introduced on its desktop browser and is now arriving on Android. It is part of the browser’s tracking protection features, which is why it is found under those related settings, in case you want to disable it.

You might actually be forced to disable it on sites that require cookies to even work. Vivaldi also warns that there will be some sites that seem to work around cookie blockers so it might not work 100%. That said, its blocking system is based on third-party lists that continue to grow as more and more sites with cookies are added to it.

The update to Vivaldi on Android also includes cookie-unrelated new features. Vivaldi can now use a language different from what Android is set to for those that have to juggle multiple languages. The update also brings back the Start Page icon that was removed when Vivaldi switched to a bottom location for its address bar and tabs.

Repost: Original Source and Author Link

Categories
Game

NVIDIA GeForce drivers name-check CMP 40HX, update hash limits

This week the folks at NVIDIA released Game Ready 446.27 drivers which reference a hash limiter for GPUs. This driver updates the hash limiter specifically for the GeForce RTX 3060 12GB. This update is required for the product shipped starting mid-May 2021. In the notes for this update, NVIDIA references the article they released in February by the name of “GeForce Is Made for Gaming, CMP Is Made to Mine.”

It’s quite possible this update – and continued work on this hash limiter situation – means NVIDIA is closer than expected to revealing and releasing their new CMP lineup of devices. In release notes for this driver update, Supported NVIDIA Desktop Products are listed. In said list, both NVIDIA CMP 40HX and NVIDIA CMP 30HX are listed with Turing architecture.

NVIDIA also lists NVIDIA GeForce RTX 3060, 3060 Ti, 3070, 3080, and 3090. This update has minimum hard disk space of “1.5x the size of the installation download” in order to “accommodate extracted and temporary files.”

It’s also important to note that NVIDIA recommends that users remove NVIDIA nTune from their computer before installing this driver. They suggest that “after the driver install is complete, you can reinstall NVIDIA nTune.”

This update also brings support for Directx 12 Agility SDK and brings security updates for driver components. This update is also recommended for those looking to make the most of Metro Exodus PC Enhanced Edition. This update adds additional ray-traced effects and NVIDIA DLSS 2.0. Mass Effect Legendary Edition and Resident Evil Village gain “optimal support” with this update.

Several other issues are fixed with this update, including an NVIDIA Reflex related set of performance issues with Rainbow Six Siege. Another issue had to do with in-game FPS and limiting said FPS to the display refresh rate when Vertical sync is set to off. This update also addresses the “crash or fail to launch” issue a previous driver had with Rigid Gems / Prapar3D.

Repost: Original Source and Author Link

Categories
Tech News

This website helps people in India between aged 18-45 find vaccination slots

India opened up its vaccine registration program for hundreds of millions of people aged 18-45 on April 28. However, most people in this age bracket could not find any slots for their vaccinations on the official CoWin website, as most states and private hospitals haven’t obtained the required doses.

To easily search for vaccination slots, Programmer Berty Thomas came up with a simple but effective website called under45.in. The site lets folks in search for places that are open for vaccination of the 18-45 age group. 

That solves a major point that visitors face on the CoWIN website: it’s meant to be used by people of all age groups eligible for the vaccine, but it doesn’t have a filter to display vaccination centers that will serve people between ages 18-45. Plus, a lot of centers that support vaccination for anyone over 18 years are still marked with a 45-years-and-over label, making the booking process confusing.

Credit: Under45.in