"A Russian defense agency was allowed to review the cyberdefense software used by the Pentagon to protect its computer networks," writes new submitter quonset. "This according to Russian regulatory records and interviews with people with direct knowledge of the issue." Reuters reports: The Russian review of ArcSight's source code, the closely guarded internal instructions of the software, was part of Hewlett Packard Enterprise's effort to win the certification required to sell the product to Russia's public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman. Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack. "It's a huge security vulnerability," said Greg Martin, a former security architect for ArcSight. "You are definitely giving inner access and potential exploits to an adversary."
It's another example of the problems security companies face when they try to do business internationally, according to Reuters. "One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software."

Long-time Slashdot reader bbsguru has his own worries. "So, opening your code for review because it is demanded by a potential customer? What could possibly go wrong? HPE may find out, and the U.S. Military is among the many clients depending on the answer."

Google is once again trying to make a big splash with laptop computers, this time with its new Pixelbook. From a report: Google debuted its Pixelbook, a new laptop-tablet hybrid during its Pixel 2 event in San Francisco on Wednesday, a high-end version of its barebones Chromebook laptops that rely on Google's Chrome operating system (OS). Google hopes its new Pixelbook, which sells for $999 to $1,649, will give it a viable challenger to Apple's MacBooks and other premium laptops. With Google's low-end Chromebooks, the company supplies the OS while third-party companies like HP Inc. and Dell build the devices. But Chromebooks are bulky, short on processing power, have limited storage, and are incompatible with Google's new Pixelbook stylus pen for drawing digital images on touchscreens. Matt Vokoun, Google's director for Chromebooks, emphasized that his company is serious about the Pixelbook. Although Google previously sold both high-end laptops and tablets, they were mostly "demonstration-oriented," he said, meaning Google didn't produce many of them and that they were instead for showing to potential manufacturers to get them on board with the idea.

From a report: The HP Spectre x360 13 is already one of the most popular 360-degree convertible laptops, and it's about to get faster and cooler, thanks in part to Intel's latest 8th-generation Core CPUs. Announced Wednesday, the refreshed Spectre x360 13 also offers greatly improved thermals and other nice tweaks. The Spectre x360 13 will ship on October 29 with a starting price of $1,150, including a color-matched pen. Best Buy will begin taking pre-orders October 4. Multiple configurations will be available, but we're listing below the specs we were given for the higher-end model ae013dx: CPU: Intel 8th-generation Core i7-8550U, a quad-core CPU with a 1.8GHz base clock and turbo boost up to 4GHz. Core i5 CPUs will also be available. RAM: 16GB LPDDR3 SDRAM. Storage: 512GB PCIe NVMe M.2 SSD.

A number of HP device owners are complaining of seeing black screens for around five to 10 minutes after entering their Windows login information. From a report: They appear to be pointing the finger of blame at Windows 10 updates released September 12 for x64-based systems. One, a quality update called KB4038788, offered a whopping 27 bullet points for general quality improvements and patches, such as an "issue that sometimes causes Windows File Explorer to stop responding and causes the system to stop working." Another, KB4038806, was a "critical" patch for Adobe Flash Player that allowed remote code execution.

"Proprietary software makes it possible to design products to cheat ordinary users..." writes Richard Stallman -- linking to a new essay by Cory Doctorow: Carriers adapted custom versions of Android to lock customers to their networks with shovelware apps that couldn't be removed from the home-screen and app store lock-in that forced customers to buy apps through their phone company. What began with printers and spread to phones is coming to everything: this kind of technology has proliferated to smart thermostats (no apps that let you turn your AC cooler when the power company dials it up a couple degrees), tractors (no buying your parts from third-party companies), cars (no taking your GM to an independent mechanic), and many categories besides.

All these forms of cheating treat the owner of the device as an enemy of the company that made or sold it, to be thwarted, tricked, or forced into conducting their affairs in the best interest of the company's shareholders. To do this, they run programs and processes that attempt to hide themselves and their nature from their owners, and proxies for their owners (like reviewers and researchers). Increasingly, cheating devices behave differently depending on who is looking at them. When they believe themselves to be under close scrutiny, their behavior reverts to a more respectable, less egregious standard. This is a shocking and ghastly turn of affairs, one that takes us back to the dark ages.

Today, AMD announced the global release and broad adoption of AMD Ryzen Pro desktop processors. At its launch event in New York City, the company touted three main pillars that define these chipsets: reliability, security, and performance. They support features like Trusted Platform Module 2.0, which integrates secure microcontrollers into devices, GuardMI technology, which enables silicon-level security to help protect against threats, and SenseMI technology, which consists of a collection of smart features that aims to fine-tune performance for most responsive applications. For the first time, AMD has partnered with the top three PC OEMs: HP, Dell and Lenovo. Brad Chacos for PCWorld provides a "rundown of the commercial-focused Ryzen Pro systems that are coming down the pipeline, straight from AMD":

-Dell Optiplex 5055 desktop PCs are expected to ship in the coming weeks.
-HP EliteDesk 705 desktop PCs are expected to ship in the coming weeks.
-Lenovo ThinkCentre M715 desktop PCs are expected to ship in the coming weeks.
-Lenovo ThinkPad A475 and A275 notebook PCs are expected in Q4 2017.
-Ryzen PRO mobile processors are scheduled for launch in the first half of 2018.

The global launch of the Ryzen Pro processors is not the only bit of news AMD announced. The company also announced the release of a new budget Threadripper 1900X model. From a report via TechRadar: AMD has released its 8-core Ryzen Threadripper 1900X processor, offering people who were put off by high price of the flagship 16-core Threadripper 1950X a chance to build a PC with all of the advanced Threadripper features for almost half the cash. As we expected, the Threadripper 1900X will come with eight cores clocked at 3.8GHz, with a turbo that reaches 4.0GHz (and an XFR boost to 4.2GHz), and will cost $549 -- almost half the Threadripper 1950X's $999 asking price, and a fair bit cheaper than the mid-range Threadripper 1920X, which costs $799. In fact, the price is within touching distance of the AMD Ryzen 7 1800X, which comes with eight cores and 16 threads, and costs $499.

According to a new report, TCL will be manufacturing palm-branded devices next year. SlashGear reports: The Palm brand has been in limbo for the past half-decade, moving in and out of HP-connected devices then on into relative obscurity. The Palm operating system was acquired by LG and continues to be used (in some form or another) in LG smart TVs to this day -- as such, it won't be coming with the Palm phone set for next year. On the day when gesture controls for the next iPhone just started to look like the last phone version of Palm OS, word appears of Palm's resurgence. Sadly, this resurgence almost certainly wont include Palm OS. Word comes from Android Planet that TCL Marketing Manager Stefan Streit confirmed that they've finally gotten to a place where they can make a Palm phone. TCL acquired the Palm brand all the way back in 2011.

An anonymous reader shares a report: While Windows roadmaps purportedly leaked to a blog last week appear to have a big hole in them where mobile should be, HP Inc tells us it has been assured by Redmond there are no plans to drop Continuum. HP is the sole major mobile vendor committed to the Windows Mobile Edition of Windows 10 and bet big on Continuum, the multimode "use-your-phone-as-a-PC" feature on which some of HP's ambitions rest. El Reg was impressed by HP's plans to build an ecosystem around the multi-mode capabilities of the HP Elite x3 phone, which doubles up as a PC replacement. (Or tries to.) Launching in over 50 markets, the ecosystem includes a streaming apps service HP Workplace to fill in the app gap, and even a "lap dock." HP pitched it at field workers and verticals. The only thing letting Inc-ers down was the quality of the software from Microsoft. Spring came and went without the expected improvements to Continuum. Unauthorised briefings last week suggest the Windows Mobile branch of Windows 10 is now an orphan.

"The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016," reports BleepingComputer. An anonymous reader writes: The issue at hand is in how some .NET libraries deserialize JSON or XML data, doing it in a total unsecured way, but also how developers handle deserialization operations when working with libraries that offer optional secure systems to prevent deserialized data from accessing and running certain methods automatically. The issue is similar to a flaw known as Mad Gadget (or Java Apocalypse) that came to light in 2015 and 2016. The flaw rocked the Java ecosystem in 2016, as it affected the Java Commons Collection and 70 other Java libraries, and was even used to compromise PayPal's servers.

Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products. The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects. Now a similar issue was discovered in .NET. This research has been presented at the Black Hat and DEF CON security conferences. On page 5 [of this PDF], researchers included reviews for all the .NET and Java apps they analyzed, pointing out which ones are safe and how developers should use them to avoid deserialization attacks when working with JSON data.

Daniel Nazer reports via the Electronic Frontier Foundation: On July 25, 2017, the Patent Office issued a patent to HP on reminder messages. Someone needs to remind the Patent Office to look at the real world before issuing patents. United States Patent No. 9,715,680 (the '680 patent) is titled "Reminder messages." While the patent application does suggest some minor tweaks to standard automated reminders, none of these supposed additions deserve patent protection. Although this claim uses some obscure language (like "non-transitory computer-readable storage medium" and "article data"), it describes a quite mundane process. The "article data" is simply additional information associated with an event. For example, "buy a cake" might be included with a birthday reminder. The patent also requires that this extra information be input via a "scanning operation" (e.g. scanning a QR code). The '680 patent comes from an application filed in July 2012. It is supposed to represent a non-obvious advance on technology that existed before that date. Of course, reminder messages were standard many years before the application was filed. And just a few minutes of research reveals that QR codes were already used to encode information for reminder messages. The Patent Office reviewed HP's application for years without ever considering any real-world products. Indeed, the examiner considered only patents and patent applications.

Janko Roettgers, writing for Variety: Google has hired a former lead Pebble and webOS designer Liron Damir as the new head of user experience of its Google Home group, which works on products such as Google Home, Chromecast and Google Wifi. Damir announced that he joined Google on LinkedIn this week, writing that he was "super excited and proud to be joining Google... to lead the design of Google Home products." A Google spokesperson confirmed the hire Thursday, but declined to comment further. Most recently, Damir worked as head of UX for Essential, the new startup from Android founder Andy Rubin. Before that, he was VP of design at Pebble, the pioneering smart watch maker that got acquired by Fitbit in late 2016. Before joining Pebble, Damir led the webOS design efforts at HP, and then at LG. webOS was initially developed as a mobile operating system to take on Android and iOS, but HP scrapped these efforts when it realized that it couldn't compete with the likes of Apple and Samsung. The company sold webOS to LG in early 2013, which ended up using the operating system for its smart TVs.

A new USB specification has been introduced today by the USB 3.0 Promoter Group, which is comprised of Apple, HP, Intel, Microsoft, and other companies. The new USB 3.2 specification will replace the existing 3.1 specification and will double data rates to 20Gbps using new wires available if your device embraces the newest USB hardware. Mac Rumors reports: An incremental update, USB 3.2 is designed to define multi-lane operation for USB 3.2 hosts and devices. USB Type-C cables already support multi-lane operation, and with USB 3.2, hosts and devices can be created as multi-lane solutions, allowing for either two lanes of 5Gb/s or two lanes of 10Gb/s operation. With support for two lanes of 10Gb/s transfer speeds, performance is essentially doubled over existing USB-C cables. As an example, the USB Promoter Group says a USB 3.2 host connected to a USB 3.2 storage device will be capable of 2GB/sec data transfer performance over a USB-C cable certified for USB SuperSpeed 10Gb/s USB 3.1, while also remaining backwards compatible with earlier USB devices. Along with two-lane operation, USB 3.2 continues to use SuperSpeed USB layer data rates and encoding techniques and will introduce a minor update to hub specifications for seamless transitions between single and two-lane operation.

PC shipments are at the lowest levels since 2007. From a report: Gartner said this week that the PC market declined 4.3 percent during the second quarter. The research company said that shipments were at the "lowest quarter volume since 2007," noting the market dropped for the 11th quarter in a row. The report is in stark contrast to another from IDC in April which said that the PC market grew for the first time in five years. Gartner said HP has the largest global market share with 20.8 percent of the market. HP is trailed by Lenovo which has a 19.9 percent share, with shipments down a substantial 8.4 percent since last year. Dell, Apple and Asus finish out the top five players. In the U.S., Gartner suggests Apple's shipments were down 9.6 percent from last year. The research firm didn't give an explanation for why that might have occurred, though Apple was late to refresh its computers with the latest Intel processors. Upgraded Macs just hit the market last month.

Long-time Slashdot reader Paul Fernhout writes: R. Stanley Williams, of Hewlett Packard Labs, wrote a report exploring the end of Moore's Law, saying it "could be the best thing that has happened in computing since the beginning of Moore's law. Confronting the end of an epoch should enable a new era of creativity by encouraging computer scientists to invent biologically inspired devices, circuits, and architectures implemented using recently emerging technologies." This idea is also looked at in a broader shorter article by Curt Hopkins also with HP Labs.
Williams argues that "The effort to scale silicon CMOS overwhelmingly dominated the intellectual and financial capital investments of industry, government, and academia, starving investigations across broad segments of computer science and locking in one dominant model for computers, the von Neumann architecture." And Hopkins points to three alternatives already being developed at Hewlett Packard Enterprise -- neuromorphic computing, photonic computing, and Memory-Driven Computing. "All three technologies have been successfully tested in prototype devices, but MDC is at center stage."

An anonymous reader shares an article: The list of Chromebooks that can officially run Android apps has been a bit limited, but that's changing. Google on Thursday updated its list of Chromebooks that now have official support, and 16 new machines have been added. They include: Acer Chromebook 11 N7 (C731, C731T), Acer Chromebook 15 (CB3-532), Asus Chromebook C202SA, ASUS Chromebook C300SA/C301SA, CTL NL61 Chromebook, Dell Chromebook 11 (3180), Dell Chromebook 11 Convertible (3189), Dell Chromebook 13 (3380), HP Chromebook 11 G5 EE, HP Chromebook 13 G1, Lenovo Flex 11 Chromebook, Lenovo N23 Yoga Chromebook, Lenovo N22 Chromebook, Lenovo N23 Chromebook, Samsung Chromebook 3, and Mercer Chromebook NL6D.

The U.S. Department of Energy will be investing $258 million to help six leading technology firms -- AMD, Cray Inc., Hewlett Packard Enterprise, IBM, Intel, and Nvidia -- research and build exascale supercomputers. Digital Trends reports: The funding will be allocated to them over the course of a three-year period, with each company providing 40 percent of the overall project cost, contributing to an overall investment of $430 million in the project. "Continued U.S. leadership in high performance computing is essential to our security, prosperity, and economic competitiveness as a nation," U.S. Secretary of Energy Rick Perry said. "These awards will enable leading U.S. technology firms to marshal their formidable skills, expertise, and resources in the global race for the next stage in supercomputing -- exascale-capable systems." The funding will finance research and development in three key areas; hardware technology, software technology, and application development. There are hopes that one of the companies involved in the initiative will be able to deliver an exascale-capable supercomputer by 2021.

It's official. President Donald Trump announced today that the United States will withdraw from the Paris climate agreement, following through on a pledge he made during the presidential campaign. Trump said the Paris agreement "front loads costs on American people. In order to fulfill my solemn duty to protect America and its citizens, the United States will withdraw from the Paris climate accord but begin negotiations to reenter either the Paris accord or an entirely new transaction on terms that are fair to the United States," the president said. "We are getting out. But we will start to negotiate, and we will see if we can make a deal that's fair. And if we can, that's great." Trump said that the United States will immediately "cease all implementation of the non-binding Paris accord" and what he said were "draconian financial" and other burdens imposed on the country by the accord.

This means that Elon Musk will leave Trump's Business Advisory Council. On Wednesday, Musk said he did "all he could to advise directly to Trump." (Update: Elon Musk is staying true to his words. Following the announcement, Musk tweeted, "Am departing presidential councils. Climate change is real. Leaving Paris is not good for America or the world.")

Twenty-five companies, including Adobe, Apple, Facebook, Google, HP, Microsoft, Salesforce, Morgan Stanley, Intel signed on to a letter which was published on the New York Times and Wall Street Journal today arguing in favor of climate pact.

Update: Former president Barack Obama said the U.S. "joins a small handful of nations that reject the future."

Also, the New York Times points out that despite Trump's public statements, the U.S. can't officially leave the Paris climate agreement until 2020.

Microsoft and Qualcomm have announced that Windows 10 is coming to devices made by Asus, HP and Lenovo that will run on the Snapdragon 835 platform. "The Snapdragon 835 chip, incorporating Qualcomm's latest X16 LTE modem, forms the basis of the Snapdragon Mobile PC Platform," reports Ars Technica. "Qualcomm claims that using the Snapdragon platform will offer a combination of the PC form factor and breadth of software with features that are standard in smartphones: on-the-go connectivity, light weight, silent operation, long battery life, and no fan." From the report: Qualcomm says that PCs built using the new chips will offer up to 50 percent more battery life than x86 systems, with four- to five-times longer standby times. They'll take the Connected Standby capability already found in some Windows PCs -- this allows the system to do things like sync mail and receive notifications even when "sleeping" -- and make it better, thanks to their LTE connectivity. With a Snapdragon inside your PC, you'll no longer need Wi-Fi to fetch your latest e-mail and catch up on Twitter. Instead, you'll be able to get online wherever there's cellular connectivity. The X16 modem supports up to gigabit LTE connections, too. So as long as your network operator is cooperative and has embraced the cutting edge, this mobile connection will be fast, too. Asus, HP, and Lenovo are all planning to introduce Snapdragon Mobile PC systems at some unspecified time in the future, for some unspecified price. These machines will be laptop-style systems, just without the traditional x86 processor on the inside. Snapdragon 835 has a higher level of integration than Intel's mobile chips, enabling smaller motherboards. This in turn should tend to increase the space available for battery, or reduce the size and weight of machines, or perhaps even both.

An anonymous reader writes (edited and condensed for length): Smartphones are already computers in our pockets, but Intel's new Compute Card turns an actual PC into something you can take with you wherever you go. Equipped with a range of processor options -- including an ultra-efficient Celeron, and notebook-class Core i5s, this slap that looks like a USB backup battery is attracting a range of interest from Intel OEM partners hoping to use it for everything from smart signage to modular notebooks. The Intel Compute Card, which was originally revealed at CES earlier this year, will come in a range of configurations that include up to 4GB of RAM and 128GB of flash storage, as well as built-in AC 8265 wireless networking and Bluetooth 4.2 connectivity, the company said today at Computex. Intel also announced availability of the Compute Card Device Design Kit today, which will let OEM partners create devices that work with the modular computing core. LG Display, Sharp, Dell, HP and Lenovo are already working on accessory solutions for Compute Card, Intel said.

The U.S. Supreme Court said on Tuesday companies give up their patent rights when they sell an item, in a ruling that puts new limits on businesses' ability to prevent their products from being resold at a discount. The ruling is a defeat for Lexmark International, which was trying to stop refurbished versions of its printer cartridges from undercutting its U.S. sales. It's also a blow to companies like HP and Canon that sell their printers for a relatively low cost with the idea that they will recoup money on sales of replacement cartridges. From a report: Lexmark originally set its sights on Impression Products, a small company that specializes in remanufacturing print cartridges for resale at prices much lower than what a customer would pay for a "genuine" Lexmark product. These cartridges often have no noticeable difference in performance compared to genuine ink or toner cartridges -- the only real difference is that customers can save a lot of money by going the remanufactured route. This secondary market for cartridges not only has implications for regular Joes looking to save a buck, but also businesses that are always looking to cut costs.