DOCSLIB.ORG

Trust and Protection in the Illinois Browser Operating System

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Trust and Protection in the Illinois Browser Operating System Trust and Protection in the Illinois Browser Operating System Shuo Tang, Haohui Mai, Samuel T. King University of Illinois at Urbana-Champaign Abstract However, not all attacks on web apps, browsers, and operating systems are equally virulent. At the top of the Current web browsers are complex, have enormous computer stack, attacks on web apps, such as XSS, oper- trusted computing bases, and provide attackers with easy ate within current browser security policies that contain access to modern computer systems. In this paper we in- the damage to the vulnerable web app. Moving down troduce the Illinois Browser Operating System (IBOS), the computer stack, attacks on browsers can cause more a new operating system and a new browser that re- damage because a successful attack gives the attacker ac- duces the trusted computing base for web browsers. In cess to browser data for all web apps and access to other our architecture we expose browser-level abstractions resources on the system. At the lowest layers of the at the lowest software layer, enabling us to remove al- computer stack, attacks on libraries, shared system ser- most all traditional OS components and services from vices, and operating systems are the most serious attacks our trusted computing base by mapping browser abstrac- because attackers can access arbitrary states and events, tions to hardware abstractions directly. We show that this giving them complete control of the system. architecture is flexible enough to enable new browser se- curity policies, can still support traditional applications, Overall, these trends indicate that vulnerabilities and adds little overhead to the overall browsing experi- higher in the computer stack are more common, but vul- ence. nerabilities lower in the computer stack provide attack- ers with more control and are more damaging. In this paper we focus on preventing and containing attacks on 1 Introduction browsers, libraries, system services, and operating sys- tems – the lower layers of the computer stack. Web-based applications (web apps), browsers, and op- erating systems have become popular targets for attack- Current research efforts into more secure web ers of computer systems. Vulnerabilities in web apps browsers help improve the security of browsers, but are widespread and increasing. For example, cross-site remain susceptible to attacks on lower layers of the scripting (XSS), which is effectively a form of script in- computer stack. The OP web browser [26], Gazelle jection into a web app, recently overtook the ubiquitous [52], Chrome [11], and ChromeOS [25] propose new buffer overflow as the most common security vulnerabil- browser architectures for separating the functionality ity [50]. Vulnerabilities in web browsers are less com- of the browser from security mechanisms and policies. mon than web app vulnerabilities, but still occur often. However, these more secure web browsers are all built For example, in 2009 Internet Explorer, Chrome, Safari, on top of commodity operating systems and include and Firefox had 349 new security vulnerabilities [4], and complex user-mode libraries and shared system services attackers exploit browsers commonly [53, 37, 42, 41, 4]. within their trusted computing base (TCB). Even kernel Vulnerabilities in libraries, system services, and oper- designs with strong isolation between OS components ating systems are less common than vulnerabilities in (e.g., microkernels [24, 27, 28] and information-flow ker- browsers, but are still problematic for modern systems. nels [18, 57, 33]) still have OS services that are shared For example, glibc, GTK+, X, and Linux had 114 new by all applications, which attackers can compromise and security vulnerabilities in 2009 [1], and in 2009 the most still cause damage. Here are a few ways that an attacker commonly attacked vulnerability was a remote code ex- can still cause damage to more secure web browsers built ecution bug in the Windows kernel [4]. on top of traditional OSes: 1 • A compromised Ethernet driver can send sensitive • IBOS is the first system to improve browser and OS HTTP data (e.g., passwords or login cookies) to any security by making browser-level abstractions first- remote host or change the HTTP response data be- class OS abstractions, providing a clean separation fore routing it to the network stack. between browser functionality and browser security. • A compromised storage module can modify or steal • We show that having low-layer software expose any browser related persistent data. browser abstractions enables us to remove almost all traditional OS components from our TCB, in- • A compromised network stack can tamper with any cluding device drivers and shared OS services, al- network connection or send sensitive HTTP data to lowing IBOS to withstand a wide range of attacks. an attacker. • We demonstrate that IBOS can still support tradi- • A compromised window manager can draw any tional applications that interact with the browser and content on top of a web page to deploy visual at- shared OS services without compromising the secu- tacks, such as phishing. rity of our system. In this paper we describe IBOS, an operating sys- tem and a browser co-designed to reduce drastically the 2 The IBOS architecture TCB for web browsers and to simplify browser-based systems. Our key insight is that our lowest-layer soft- This paper presents the design and implementation of ware can expose browser-level abstractions, rather than the IBOS operating system and browser that reduce the general-purpose OS abstractions, to provide vastly im- TCB for browsing drastically. Our primary goals are to proved security properties for the browser without affect- enforce today’s browser security policies with a small ing the TCB for traditional applications. Some examples TCB, without restricting functionality, and without slow- of browser abstractions are cookies for persistent storage, ing down performance. To withstand attacks, IBOS must hypertext transfer protocol (HTTP) connections for net- ensure any compromised component (1) cannot tamper work I/O, and tabs for displaying web pages. To support with data it should not have access to, (2) cannot leak traditional applications, we build UNIX-like abstractions sensitive information to third parties, and (3) cannot ac- on top of our browser abstractions. cess components operating on behalf of different web IBOS improves on past approaches by removing typi- sites. cally shared OS components and system services from In this section we discuss the design principles that our browser’s TCB, including device drivers, network guide our design and the overall system architecture. In protocol implementations, the storage stack, and win- Section 4 we discuss the security policies and mecha- dow management software. All of these components run nisms we use. above a trusted reference monitor [9], which enforces our security policies. These components operate on browser- level abstractions, allowing us to map browser security 2.1 Design principles policies down to the lowest-level hardware directly and We embrace microkernel [27], Exokernel [19], and to remove drivers and system services from our TCB. safety kernel design principles in our overall architec- This architecture is a stark contrast to current systems ture. By combining these principles with our insight where all applications layer application-specific abstrac- about exposing browser abstractions at the lowest soft- tions on top of general-purpose OS abstractions, inherit- ware layer we hope to converge on a more trustworthy ing the cruft needed to implement and access these gen- browser design. Five key principles guide our design: eral OS abstractions. By exposing application-specific abstractions at the OS layer, we can cut through complex 1. Make security decisions at the lowest layer of soft- software layers for one particular application without af- ware. By pushing our security decisions to the low- fecting traditional applications adversely, which still run est layers we hope to avoid including the millions on top of general OS abstractions and still inherit cruft. of lines of library and OS code in our TCB. We choose to illustrate this principle using a web browser because browsers are used widely and have been prone 2. Use controlled sharing between web apps and tra- to security failures recently. Our goal is to build a sys- ditional apps. Sharing data between web apps and tem where a user can visit a trusted web site safely, even traditional apps is a fundamental functionality of one or more of the components on the system have been today’s practical systems and should be supported. compromised. However, this sharing should be facilitated through Our contributions are: a narrow interface to prevent misuse. 2 maps.com bing.com uiuc.edu implementing browser abstractions. The key browser localhost abstractions that the browser API managers implement Traditional Web Page Web Page Web Page Applications Instance Instance Instance are HTTP requests, cookies and local storage for stor- ing persistent data, and tabs for displaying user-interface UNIX Layer (UI) content. Web apps use these abstractions directly Browser abstractions to implement browser functionality, and traditional ap- UI Storage Net. Processes plications (traditional apps) use a UNIX layer to access UNIX-like abstractions on top of these browser abstrac- Mouse/KBD Driver … NIC Driver tions. Reference Monitor L4 IBOS Kernel Net. Manager 2.2.1 The IBOS kernel Hardware Video … Mouse/KBD NIC Our IBOS kernel is the software TCB for the browser and includes resource management functionality and a refer- Figure 1: Overall IBOS architecture. Our system con- ence monitor for security enforcement. The IBOS kernel tains user-mode drivers, browsers API managers, web also handles many traditional OS tasks such as manag- page instances, and traditional processes. To manage the ing global resources, creating new processes, and man- interactions between these components, we use a refer- aging memory for applications. To facilitate message ence monitor that runs within our IBOS kernel. Shaded passing, the IBOS kernel includes the L4Ka::Pistachio regions make up the TCB.
Load more

Recommended publications
  • Private Browsing
    Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor, Carnegie Mellon University https://www.usenix.org/conference/soups2018/presentation/habib-prying This paper is included in the Proceedings of the Fourteenth Symposium on Usable Privacy and Security. August 12–14, 2018 • Baltimore, MD, USA ISBN 978-1-939133-10-6 Open access to the Proceedings of the Fourteenth Symposium on Usable Privacy and Security is sponsored by USENIX. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor Carnegie Mellon University {htq, jcolnago, vidyag, spearman, thomasjm, acquisti, nicolasc, lorrie}@andrew.cmu.edu ABSTRACT Prior user studies have examined different aspects of private Previous research has suggested that people use the private browsing, including contexts for using private browsing [4, browsing mode of their web browsers to conduct privacy- 10, 16, 28, 41], general misconceptions of how private brows- sensitive activities online, but have misconceptions about ing technically functions and the protections it offers [10,16], how it works and are likely to overestimate the protections and usability issues with private browsing interfaces [41,44]. it provides. To better understand how private browsing is A major limitation of much prior work is that it is based used and whether users are at risk, we analyzed browsing on self-reported survey data, which may not always be reli- data collected from over 450 participants of the Security able.
    [Show full text]
  • Privacy of Streaming Apps and Devices
    2021 PRIVACY OF STREAMING APPS AND DEVICES: WATCHING TV THAT WATCHES US Common Sense is the nation's leading nonprofit organization dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in the 21st century. www.commonsense.org Common Sense is grateful for the generous support and underwriting that funded this report from the Michael and Susan Dell Foundation, the Bill and Melinda Gates Foundation, and the Chan Zuckerberg Initative. CREDITS Authors: Girard Kelly, Common Sense Media Jeff Graham, Common Sense Media Jill Bronfman, Common Sense Media Steve Garton, Common Sense Media Data analysis: Girard Kelly, Common Sense Media Jeff Graham, Common Sense Media Copy editor: Jennifer Robb Designer: Jeff Graham, Common Sense Media Suggested citation: Kelly, G., Graham, J., Bronfman, J., & Garton, S. (2021). Privacy of Streaming Apps and Devices: Watching TV that Watches Us. San Francisco, CA: Common Sense Media This work is licensed under a Creative Commons Attribution 4.0 International Public .License TABLE OF CONTENTS Privacy of streaming apps and devices 1 What are streaming services? ......................................... 1 Apps we rated ............................................... 1 How do streaming services make money? ............................... 2 How we rate privacy ........................................... 2 What we found .............................................. 6 Compare privacy ratings ........................................
    [Show full text]
  • User Manual Star Walk™ for Iphone/Ipod Touch/Ipad
    User Manual Star Walk™ for iPhone/iPod Touch/iPad December 2013, ver. 7.0.3 for Android devices January 2014, ver. 1.0.1 2 Star Walk™ manual Table of Contents iOS version 4 1 Introduction 4 2 Getting started 5 2.1 Sky Live window 5 2.2 Location set up 6 2.3 Using/Activating Star Spotter 8 2.4 Augmented Reality 9 2.5 Spectrum Bar 9 2.6. Stargazing Community 9 2.7 Display/Interface 11 3 Menu 11 3.1 Day and Night color schemes 12 3.2 Constellations display 12 3.3 Satellites 13 3.4 TelRad 13 3.5 Playing sounds 13 3.6 Playing music 13 3.7 Magnitude adjustment 13 4 Using functions of Star Walk™ 13 4.1 Changing date and time 13 4.2 Getting information about an object 14 4.3 Searching for sky objects 14 4.4 Watching astronomical events 15 4.5 Using Astronomy Pictures 16 4.6 Posting pictures in Star Walk™ 17 4.7 Sharing 18 4.8 Watching moon phases 19 5 Star Walk™ on a big screen using cables 19 6 Star Walk™ on a big screen using AirPlay 20 7 The Apple Volume Purchase Program 20 FAQ 22 Glossary 23 Android version 26 1 Introduction 26 2 Getting started 26 3 Star Walk™ manual 2.1 Sky Live window 27 2.2 Location set up 27 2.3 Using/Activating Star Spotter 28 2.4 Augmented Reality 29 2.5 Spectrum Bar 30 2.6. Sharing 30 2.7 Display/Interface 30 3 Menu 32 3.1 Day and Night color schemes 32 3.2 Constellations display 32 3.3 Satellites 32 3.4 Playing sounds 33 3.5 Playing music 33 3.6 Magnitude adjustment 33 4 Using functions of Star Walk™ 33 4.1 Changing date and time 33 4.2 Getting information about an object 33 4.4 Sharing 35 4.5 Watching moon phases 35 FAQ 36 Glossary 37 4 Star Walk™ manual iOS version 1 Introduction Star Walk™ is a stargazing application for amateurs, professionals, and kids who are eager to learn.
    [Show full text]
  • Best Iphone and Ipad Contracts
    Best Iphone And Ipad Contracts Cosmogonic Israel interrelate droningly. Weather-beaten Cain infer assentingly and tryingly, she maturated her settings snapped telescopically. Is Wyndham always episcopal and incoercible when outjut some Cynewulf very stichometrically and extemporaneously? Laptop Mag battery test. To best iphone and ipad contracts to. You think you with eddie kantar and networks, and your listings import has been copied to any use. For and contracts can you can check email, twilio and resellers will contract. Nfc is best, customers are more pinching and contracts quickly as. Except fit the unlimited minute tariffs when voicemail is free. To tomorrow a document, you need to draw a signature at the line. What other ways are there to locate one? Lte models in management software to your quarantine dweller are willing to fill out from one field to products as well as new battery and best iphone and ipad contracts can get. Carriers may offer cheap deals on these phones for want some time. Christine baker is best iphone and ipad contracts can decide if a problem submitting your customers can click the cart is there was your independent of security. Cell phone plans are complicated. You need to sign type to chin with same purchase. But it wins on speed and convenience every day inspect the week. Back market quality control center and contracts to protect is my phone and require consent to start your email you would mean a few areas of real world. This contract agreement template is best mobile app on it just say no more waiting for? You are solely responsible for removing all data, including confidential and personal data, given the device prior to shipping.
    [Show full text]
  • Campers Turn to Face Time Over Facetime
    AN INDEPENDENT NEWSPAPER SINCE 1879 THURSDAY, JUNE 15, 2017 $ NEWS 12 PAGES / VOLUME 135 / NUMBER 49 1STAND USPS 138-260 • MARION • KENTUCKY 24/7 BREAKING AND LOCAL NEWS THE-PRESS.COM Architect: CCMS renovation more costly By DARYL K. TABOR “...It would be more expen- ities planning committee, one would build a new high school forgo the burden on property STAFF WRITER sive to renovate than to build question has been whether to and renovate the vacated owners to erect a new school As the petition to recall a new,” said Craig Thomas, an renovate the 1948 structure to school for middle-schoolers. It over modernizing CCMS. school tax increase makes its architect with RBS Design address shortcomings or sim- would also tear down the por- “I’ve lived in this county way around the county col- Group in Owensboro, to Su- ply build a new school. That tion of CCMS built just after soon be 90 years,” said Beverly lecting signatures, the archi- perintendent of Schools Vince committee ultimately recom- World War II and renovate the Herrin to the board at the June Victory Gardens set tect selected by the school Clark in a June 6 letter. mended the board of educa- eighth-grade wing for a new 1 tax hearing. “I’m for you re- district to design a new facility Since discussion of a plan tion approve a property tax central office. pairing the school, but I’m weekday schedule said calls to simply renovate a to replace an aging Crittenden increase to fund new con- Few opponents to the so- sure against building a new The Victory Gardens 69-year-old middle school are tended by Crittenden County Middle School began struction.
    [Show full text]
  • Efail: Breaking S/MIME and Openpgp Email Encryption Using Exfiltration Channels
    Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak and Christian Dresen, Münster University of Applied Sciences; Jens Müller, Ruhr University Bochum; Fabian Ising and Sebastian Schinzel, Münster University of Applied Sciences; Simon Friedberger, NXP Semiconductors, Belgium; Juraj Somorovsky and Jörg Schwenk, Ruhr University Bochum https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-939133-04-5 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak1, Christian Dresen1, Jens Muller¨ 2, Fabian Ising1, Sebastian Schinzel1, Simon Friedberger3, Juraj Somorovsky2, and Jorg¨ Schwenk2 1Munster¨ University of Applied Sciences 2Ruhr University Bochum 3NXP Semiconductors, Belgium Abstract is designed to protect user data in such scenarios. With end-to-end encryption, the email infrastructure becomes OpenPGP and S/MIME are the two prime standards merely a transportation service for opaque email data and for providing end-to-end security for emails. We de- no compromise – aside from the endpoints of sender or scribe novel attacks built upon a technique we call mal- receiver – should affect the security of an end-to-end en- leability gadgets to reveal the plaintext of encrypted crypted email. emails. We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails. These snippets S/MIME and OpenPGP. The two most prominent stan- abuse existing and standard conforming backchannels to dards offering end-to-end encryption for email, S/MIME exfiltrate the full plaintext after decryption.
    [Show full text]
  • Keep Your Mobile Device Safe for Ios User
    Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Mobile Device Safe for iOS User KEEP YOUR MOBILE DEVICE SAFE FOR iOS USER • Restrict Installation of Applications from Unknown Sources 1 • Set Strong Password and Screen Lock 2 • Use Up-to-date Anti-malware Security Software 3 • Update Operating Systems, Mobile Applications and Browsers 4 • Encrypt Your Mobile Device 5 • Remove Insecure and Unnecessary Wi-Fi Connection Profile 6 • Disable GPS and Location Services 7 • Remove Mobile Applications That Abuse Sensitive Permissions 8 • Perform Device Backup 9 • Completely Remove Data Before Giving Away Or Selling Your 10 Devices Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Mobile Device Safe for iOS User Index 1. Restrict installation of applications from unknown sources ........................ 3 2. Set strong password and screen lock ........................................................ 4 3. Use Up-to-date Anti-malware Security Software ........................................ 7 4. Update Operating Systems, Mobile Applications and Browsers ................ 8 5. Encrypt your mobile device ..................................................................... 10 6. Remove insecure and unnecessary Wi-Fi connection profile................... 11 7. Disable GPS and location services .......................................................... 13 8. Remove mobile applications that abuse sensitive permissions ................ 15 9. Perform device backup ...........................................................................
    [Show full text]
  • The Security Architecture of the Chromium Browser
    The Security Architecture of the Chromium Browser Adam Barth∗ Collin Jackson∗ UC Berkeley Stanford University Charles Reis∗ Google Chrome Team University of Washington Google Inc. ABSTRACT There have been a number of research proposals for mod- Most current web browsers employ a monolithic architec- ular browser architectures [8, 27, 5, 7] that contain multiple ture that combines \the user" and \the web" into a single protection domains. Like Chromium's architecture, these protection domain. An attacker who exploits an arbitrary proposals aim to provide security against an attacker who code execution vulnerability in such a browser can steal sen- can exploit an unpatched vulnerability. Unlike Chromium's sitive files or install malware. In this paper, we present the architecture, these proposals trade off compatibility with ex- security architecture of Chromium, the open-source browser isting web sites to provide architectural isolation between upon which Google Chrome is built. Chromium has two web sites or even individual pages. The browser's secu- modules in separate protection domains: a browser kernel, rity policy, known as the \same-origin policy," is complex which interacts with the operating system, and a rendering and can make such fine-grained isolation difficult to achieve engine, which runs with restricted privileges in a sandbox. without disrupting existing sites. Users, however, demand This architecture helps mitigate high-severity attacks with- compatibility because a web browser is only as useful as the out sacrificing compatibility with existing web sites. We sites that it can render. To be successful, a modular browser define a threat model for browser exploits and evaluate how architecture must support the entire web platform in addi- the architecture would have mitigated past vulnerabilities.
    [Show full text]
  • Updated FAQ on COVID-19 Policy Changes.” Additional COVID-19 Guidance from BDDS Can Be Found on the DDRS COVID-19 Webpage
    :\,' & so(', ,. , ~'is DivisionofDisabilityand T I" h I t d t (OVID 19 l ~ RehabilitativeServices 1emporary po icy C anges re a e O - \,,, "o ~ t~;::~.~(,~;;:;~f,;ental Frequently Asked Questions \t~-r\lJ- Contents _Toc64031905 Incident reporting guidance ................................................................................................................................ 2 Reporting in congregate residential settings....................................................................................................... 2 Suspension of new providers .............................................................................................................................. 8 Suspension of provider reverification ................................................................................................................. 9 Reopening efforts and individual restrictions..................................................................................................... 9 Day service guidance ........................................................................................................................................ 13 Guidance for visitors......................................................................................................................................... 15 Guidance for personal protective equipment .................................................................................................... 18 Contingency plans............................................................................................................................................
    [Show full text]
  • Flipsy Phone Selling Checklist
    PHONE BUYING CHECKLIST Assess phone condition (cosmetic & functional) o Run diagnostics . Android codes *#0*# and *#*#4636#*#* . iPhone battery performance: SETTINGS > BATTERY . 3rd party diagnostics apps • TestM (Android & iOS): https://testm.com/ • Phone Doctor Plus (Android & iOS): Search on app store • Phone Check and Test (Android): https://inpocketsoftware.com/phone-check-and-test/ o Assign condition Like New Good Fair Poor Broken • Working perfectly • Light use • Light use • Heavy use • Battery damage • Original packaging • No scratches • Some scratches • Cracked screen • Water damage • No signs of wear • Fully functional • Functional • Functional • Functional Verify phone model, carrier & capacity o Use settings menu (“About” section), OR o Locate IMEI, ESN, MEID or serial number on back or in SIM card tray & search SNDeepInfo (https://sndeep.info/en) Check if phone has been blacklisted o Lost, stolen or under contract? Search on CheckESNFree (http://www.checkesnfree.com/) o Is the seller the true owner? Meet at carrier store to verify phone ownership o Check seller’s photo ID & record name, address & phone number Check if phone has been jailbroken or rooted o Android: Use a root checker app o iPhone: See if Cydia, Icy or Installer apps are installed. Check for presence of default iPhone apps Make sure security features are disabled o Disable Find My iPhone Activation Lock, passwords, pin codes & biometric sensors, etc. Disable Find My Disable Screen Lock Disable Find My Disable Screen Lock iPhone Activation Lock (iPhone) Device (Android) (Android) SETTINGS > ICLOUD > SETTINGS > TOUCH ID SETTINGS > LOCK SETTINGS > SCREEN LOCK DEVICES > REMOVE & PASSCODE (or FACE SCREEN AND SECURITY TYPE > NONE FROM ACCOUNT ID & PASSCODE) > FIND MY DEVICE Remove SIM cards and microSD cards Check the resale value of the phone o Use Flipsy.com to see how much it’s worth Buy the phone & resell for a profit o See who is paying the most on Flipsy.com & get free shipping, instant sales and payments within 3 days flipsy.com .
    [Show full text]
  • Hub Newsletter Summer 2020.Indd
    Summer 2020 JUN • JUL • AUG The Hub on Smith, Keeping Community Connected So much has changed in our lives since our spring other senior centers across the country provide, are newsletter. Many of the activities scheduled for not offered merely to create a new hobby or pass March, April, and May were canceled and plans put one’s time. The critical role social connection plays on hold. in maintaining our emotional, psychological, and We were focusing then on the value we place on physical health is well researched and documented. our independence and how this sometimes gets Having a purpose, a social network, and place to in the way of asking for help or reaching out when gather are critical to our human existence. you need something, or someone. Although being How do we connect socially and social distance at able to take care of one’s self is a milestone we seek the same time? Our wonderful employees, volunteers, and hope to maintain, no one can thrive or survive and the community at large are coming up with without others. This is especially true now. unique adaptations to do just this! We are talking The COVID-19 pandemic provides us a unique with people on the phone, meeting on Zoom, and opportunity to understand the social isolation and even going on virtual field trips. This newsletter is full loneliness many older people feel every day. The of ways you can connect. social opportunities that the Hub on Smith and See full article on PG 3 A note from the inside Executive Director 3 Keeping Community Hello to everyone…we miss you very much! Connected Leadership expert and author, Brene’ Brown, talks about the importance of being clear in 3-5 COVID-19 How the Hub our communication.
    [Show full text]
  • 3D Apple Games by Tutorials (Up to Date for Ios 10, Xcode 8 and Swift 3) [Englishonlineclub.Com].Pdf
    3D iOS Games by Tutorials 3D Apple Games by Tutorials Chris Language Copyright ©2016 Razeware LLC. Notice of Rights All rights reserved. No part of this book or corresponding materials (such as text, images, or source code) may be reproduced or distributed by any means without prior written permission of the copyright owner. Notice of Liability This book and all corresponding materials (such as source code) are provided on an “as is” basis, without warranty of any kind, express of implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in action of contract, tort or otherwise, arising from, out of or in connection with the software or the use of other dealing in the software. Trademarks All trademarks and registered trademarks appearing in this book are the property of their own respective owners. raywenderlich.com 2 3D iOS Games by Tutorials Dedications "To my wife Corné and my daughter Marizé. Thank you for your patience, support, belief, and most of all, your love. Everything I do, I do for you." — Chris Language raywenderlich.com 3 3D iOS Games by Tutorials About the author Chris Language is a seasoned coder with 20+ years of experience. He has fond memories of his childhood and his Commodore 64; more recently he started adding more good memories of life with all his iOS devices. By day, he fights for survival in the corporate jungle of Johannesburg, South Africa.
    [Show full text]