Google says it has fixed a major Chrome OS bug that locked users out of their devices. Google's bulletin says that Chrome OS version 91.0.4472.165, which was briefly available this week, renders users unable to log in to their devices, essentially bricking them. From a report: Chrome OS automatically downloads updates and switches to the new version after a reboot, so users who reboot their devices are suddenly locked out them. The go-to advice while this broken update is out there is to not reboot. The bulletin says that a new build, version 91.0.4472.167, is rolling out now to fix the issue, but it could take a "few days" to hit everyone. Users affected by the bad update can either wait for the device to update again or "powerwash" their device -- meaning wipe all the local data -- to get logged in. Chrome OS is primarily cloud-based, so if you're not doing something advanced like running Linux apps, this solution presents less of an inconvenience than it would on other operating systems. Still, some users are complaining about lost data.

"This week, a 22-year-old self-described Bitcoin millionaire introduced the Freedom Phone, a $499 device meant to be completely free from 'Big Tech's' censorship and influence," reports PC Magazine.

"But it turns out the same smartphone is actually from China, and probably just a cheap knock-off." The Freedom Phone comes from Erik Finman, who unveiled the device earlier this week. He claims the product has everything Trump supporters could dream of, including an "uncensorable" app store, preinstalled conservative-friendly apps including Parler and Rumble, and even its own anti-surveillance operating system called FreedomOS... However, The Daily Beast noticed the Freedom Phone looks strikingly similar to a budget smartphone device from a Chinese vendor called Umidigi. The device is called the Umidigi A9 pro, and you can actually buy it over on the Chinese e-commerce site AliExpress starting at $119. Finman later told The Daily Beast that the Freedom Phone was indeed sourced from Umidigi, a company that's based in Shenzhen, China...

An uncensorable app store opens the door for hackers and shady developers to circulate malware and data-collecting programs to users. We're also doubtful Freedom Phone has its own operating system if it can run apps such as Parler and Rumble, in addition to Signal, Telegram and Brave
The Daily Beast adds this anecdote: The Freedom Phone's "Freedom OS" operating system is based on Google's Android operating system, according to Finman. But during a livestream video promoting the phone, right-wing activist Anna Khait was confused by her fans' basic questions about the phone. "Is it an Android?" Khait said. "I'm not really sure. No, it's a Freedom Phone."
Gizmodo calls the phone's web site "radically vague on the details." There is no information about the phone's operating system, storage, camera, CPU, or RAM capabilities. It has a list of features, but there are no actual details about them. Instead, under each feature, there's merely a "Buy it now" button which redirects you to the site's shopping cart. The phone's hefty price, combined with the company's total lack of transparency, is ridiculous — essentially asking the buyer to cough up half a grand in exchange for, uh, something...!
But Gizmodo also shares a philosophical thought: Before we get into the specifics of why this device probably sucks, let me just say that the desire to have a phone that is dedicated to protecting your autonomy and privacy is a reasonable one — and should be encouraged. That said, I don't think the Freedom Phone provides that. Actually, aside from its overt partisan bent, it's impossible to tell what kind of device this is because Finman and his acolytes haven't provided any information about it...

The funny thing is, if Trump voters are looking for a way to get off the "Big Tech" grid, there's no need for them to buy this sketchy shit. There are actually entire subcultures within the phone industry dedicated to escaping the Android/iOS paradigm. You can wade into the de-Googled phone sector, for instance — where Android phones are sold that have ostensibly been refurbished to rid the devices of code that will "send your personal data" back to the tech giant. There's also the Linux-based Pinephone, which sells at a fraction of the Freedom Phone's cost (between $150 and $200), and is a favorite of those in the privacy community. All of these come with caveats, obviously, but the point is that there are much more transparent and affordable options than the Freedom Phone...

It'd be nice if Americans could actually come together around the issue of privacy since it's an area where — regardless of political party — we're all collectively getting screwed.

An anonymous reader quotes a report from ZDNet, written by Steven J. Vaughan-Nichols: Microsoft now has its very own, honest-to-goodness general-purpose Linux distribution: Common Base Linux, (CBL)-Mariner. And, just like any Linux distro, you can download it and run it yourself. Microsoft didn't make a big fuss about releasing CBL-Mariner. It quietly released the code on GitHub and anyone can use it. Indeed, Juan Manuel Rey, a Microsoft Senior Program Manager for Azure VMware, recently published a guide on how to build an ISO CBL-Mariner image. Before this, if you were a Linux expert, with a spot of work you could run it, but now, thanks to Rey, anyone with a bit of Linux skill can do it.

CBL-Mariner is not a Linux desktop. Like Azure Sphere, Microsoft's first specialized Linux distro, which is used for securing edge computing services, it's a server-side Linux. This Microsoft-branded Linux is an internal Linux distribution. It's meant for Microsoft's cloud infrastructure and edge products and services. Its main job is to provide a consistent Linux platform for these devices and services. Just like Fedora is to Red Hat, it keeps Microsoft on Linux's cutting edge. CBL-Mariner is built around the idea that you only need a small common core set of packages to address the needs of cloud and edge services. If you need more, CBL-Mariner also makes it easy to layer on additional packages on top of its common core. Once that's done, its simple build system easily enables you to create RPM packages from SPEC and source files. Or, you can also use it to create ISOs or Virtual hard disk (VHD) images.

As you'd expect the basic CBL-Mariner is a very lightweight Linux. You can use it as a container or a container host. With its limited size also comes a minimal attack surface. This also makes it easy to deploy security patches to it via RPM. Its designers make a particular point of delivering the latest security patches and fixes to its users. For more about its security features see CBL-Mariner's GitHub security features list. Like any other Linux distro, CBL-Mariner is built on the shoulders of giants. Microsoft credits VMware's Photon OS Project, a secure Linux, The Fedora Project, Linux from Scratch -- a guide to building Linux from source, the OpenMamba distro, and, yes, even GNU and the Free Software Foundation (FSF). To try it for yourself, you'll build it on Ubuntu 18.04. Frankly, I'd be surprised if you couldn't build it on any Ubuntu Linux distro from 18.04 on up. I did it on my Ubuntu 20.04.2 desktop. You'll also need the latest version of the Go language and Docker.

Microsoft took the wraps off Windows 11 recently, and we expect the new OS to arrive later this year. Upgrading to a new version of Windows is often a painful process, and in the past, you were stuck even if the new software ruined your workflow. It's different this time: Microsoft says you'll be able to go back to Windows 10 if you don't like Windows 11. You'll only have 10 days to decide, though. From a report: How will you know if Windows 11 is worth using? There's a preview program for Windows 11, but the preview builds are still missing some elements of the final release. You don't have to mess with the Insiders builds at all -- you can install the final version when it's available, and take it for a spin. This news comes by way of a PDF that Microsoft has provided to PC manufacturers. It's an FAQ format, and among the various redundant queries is this gem: "Can I go back to Windows 10 after I upgrade if I don't like Windows 11?" The answer is a resounding yes... for 10 days. You'll have that long to decide to roll back to Windows 10. Wait any longer, and you're locked into Windows 11 unless you reformat your system.

How To Geek: To run Windows 3.1 on your iPad, you'll need to buy an app called iDOS 2 that's available in the App Store. Currently, it costs $4.99, which seems like a bargain considering what it can do. iDOS has a spotty history on the App Store. Way back in 2010, Apple pulled an earlier version of the app because it allowed people to run unapproved code loaded through iTunes. Last year, its author updated the app to pull DOS files from iCloud or the Files app, and Apple approved it. So far, it's still listed, so let's hope that it sticks.

After purchasing and installing iDOS 2 on your iPad, run it once to make sure that it creates whatever folders it needs to work in your Files app. It will create an "iDOS" folder in your "On My iPad" area in Files. That's important. Before diving into the Windows setup process below, you might want to familiarize yourself with how iDOS works. In a vertical orientation, you'll see a window near the top of the screen that includes the video output of the emulated MS-DOS machine. Below that, you'll see a toolbar that lets you load disk images (if you tap the floppy drive), check the DOSBox emulation speed (a black box with green numbers), and take a screenshot or change Settings (by tapping the power button). At the bottom of the screen, you'll find an onscreen keyboard that lets you type whatever you want into the MS-DOS machine. If you flip your iPad horizontally, the MS-DOS display area will take over the screen, and you can pull up a toolbar that lets you access the keyboard, mouse, and gamepad options at any time by tapping the top center of the screen.

Microsoft awarded $13.6 million to security researchers in the past 12 months, From a report: Microsoft said it awarded more than $13.6 million as monetary rewards to security researchers through its public bug bounty programs over the past 12 months. According to Microsoft:
The funds were awarded for 1,261 bugs reported by 341 security researchers across 17 bug bounty platforms between July 1, 2020 and June 30, 2021.

The highest awarded bounty was $200,000 for a vulnerability reported in Hyper-V, Microsoft's OS virtualization technology.
The average bounty was more than $10,000 per valid bug report across all programs.
Most bug reports came from researchers residing in China, the US, and Israel.
The company said it plans to announce the 2021 Most Valuable Security Researcher next month.
The sum awarded this year is identical to what Microsoft reported one year ago when the company said it awarded $13.7 million to 327 security researchers for 1,226 vulnerability reports across 15 bug bounty programs in the previous 12 months (July 1, 2019 to June 30, 2020).

Popular benchmark site Geekbench has removed OnePlus 9 benchmarks from its charts due to allegations that the company designed Oxygen OS optimization tools in such a way that they could be viewed as cheating. Android Authority reports: Yesterday, AnandTech posted some information about "weird behavior" it spotted with the OnePlus 9 Pro. According to the team's research, Oxygen OS apparently limits the performance of some popular Android apps -- but none of those apps are benchmark suites. Geekbench, one of the more popular benchmarking sites, took these allegations seriously. After conducting its own investigation, Geekbench recently announced that it has removed all OnePlus 9 benchmarks from its charts. Geekbench, one of the more popular benchmarking sites, took these allegations seriously. After conducting its own investigation, Geekbench recently announced that it has removed all OnePlus 9 benchmarks from its charts. Geekbench called Oxygen OS's behavior a form of "benchmark manipulation." OnePlus has yet to issue a statement on the matter. In some of our own testing, we found that AnandTech's data is on the mark. We found that the OnePlus 9 series limits the performance of Google Chrome while older OnePlus phones do not. OnePlus issued a statement to Android Authority addressing the matter: "Our top priority is always delivering a great user experience with our products, based in part on acting quickly on important user feedback. Following the launch of the OnePlus 9 and 9 Pro in March, some users told us about some areas where we could improve the devices' battery life and heat management. As a result of this feedback, our R&D team has been working over the past few months to optimize the devices' performance when using many of the most popular apps, including Chrome, by matching the app's processor requirements with the most appropriate power. This has helped to provide a smooth experience while reducing power consumption. While this may impact the devices' performance in some benchmarking apps, our focus as always is to do what we can to improve the performance of the device for our users."

This is reminiscent of when the company was caught pushing the OnePlus 5's performance capabilities when the OS detected a benchmark app. This resulted in artificially inflated scores that users would not see during real-world usage.

Anyone deciding to download the free and open-source audio editor Audacity is being warned that the software may now be classified as spyware due to recent updates to its privacy policy. From a report: Audacity has been around for over 21 years and classes as the world's most popular audio editing software. On April 30, the Muse Group acquired Audacity with the promise that the software would "remain forever free and open source." However, as FOSS Post reports, last week the Audacity privacy policy page was updated and introduced a number of personal data collection clauses. The data collected includes OS version and name, user country based on IP address, the CPU being used, data related to Audacity error codes and crash reports, and finally "Data necessary for law enforcement, litigation and authorities' requests (if any)." The personal data collected can be shared with Muse Group employees, auditors, advisors, legal representatives and "similar agents," potential company buyers, and "any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights."
UPDATE: Ars Technica's Jim Salter disagrees, pointing out that "neither the privacy policy nor the in-app telemetry in question are actually in effect yet," and that the company now plans to self-host its telemetry sessions rather than using third-party libraries and hosting.

Mac OS X Lion and OS X Mountain Lion can now be downloaded for free from Apple's website. "Apple has kept OS X 10.7 Lion and OS X 10.8 Mountain Lion available for customers who have machines limited to the older software, but until recently, Apple was charging $19.99 to get download codes for the updates," notes MacRumors. "The $19.99 fee dates back to when Apple used to charge for Mac updates. Apple began making Mac updates free with the launch of OS X 10.9 Mavericks, which also marked the shift from big cat names to California landmark names." From the report: Mac OS X Lion is compatible with Macs that have an Intel Core 2 Duo, Core i3, Core i5, Core i7, or Xeon processor, a minimum of 2GB RAM, and 7GB storage space. Mac OS X Mountain Lion is compatible with the following Macs: iMac (Mid 2007-2020), MacBook (Late 2008 Aluminum, or Early 2009 or newer), MacBook Pro (Mid/Late 2007 or newer), MacBook Air (Late 2008 or newer), Mac mini (Early 2009 or newer), Mac Pro (Early 2008 or newer), and Xserve (Early 2009). Macs that shipped with Mac OS X Mavericks or later are not compatible with the installer, however.

An anonymous reader quotes a report from ZDNet, written by David Gewirtz: Windows 11 won't run on many current Windows machines. We do know (we think) that only certain processors will be supported, only 64-bit machines will be supported, and only machines with a TPM chip will run Windows 11. What does that mean for you and me? It means that many machines will be left behind. They will become the walking dead, unable to upgrade, but still shambling along.

My biggest concern, of course, is security. For those who pay, Windows 7 security updates will be available through January 2023. It's not easy for smaller businesses and individuals to get that support, but it's there. Mainstream support for Windows 8 and 8.1 is over, but extended support is available through January 2023. WIndows 10 support, especially for those abandoned by Windows 11's restrictive update policy, will end in October 2025, but Ed tells me he thinks that will be extended. That's good news because there are roughly 1.3 billion Windows 10 devices out there. How many won't be able to upgrade? That's not a question we know the answer to now, but [ZDNet's guru of all things Windows, Ed Bott] tells me he's working on constructing an estimate, so keep checking back into his column.

Some machines will be left behind despite owners' preferences. Many others will remain behind because their owners either don't know how, don't care, or refuse to upgrade. Others can't upgrade, because they're reliant on legacy software that only runs on older machines. No matter the reason, expect millions of Windows 10 machines to be in the wild for a decade or more -- each an ever-increasing magnet for malware, each an ever-increasing danger to other machines they might encounter and infect. All that brings me back to my machines and yours. Even if you and I are stuck on Windows 10, we still have a good four years of support. That gives us four years to come up with a replacement plan, which is more than enough time. For those of you who will choose "hell no, I won't go," it gives you time to ascertain security risks of running unprotected, and find ways to protect those legacy machines.

Microsoft has released a visually "refreshed" version of its Office desktop apps for both Windows 10 and 11. Microsoft officials said this new Office refresh will "shine" on Windows 11 but still work on Windows 10. Microsoft also is releasing its first publicly available test build of 64-bit Office for Windows on Arm today. From a report: The updated Office uses Fluent design across Word, Excel, PowerPoint, OneNote, Outlook, Access, Project, Publisher, and Visio. The updated apps are meant to look similar to the Windows 11 OS, design-wise. Via the updated Office interface, Office is set to match users' Windows themes, including black (Dark Mode), white, colorful, or dark gray. The Quick Access toolbar is hidden by default in the name of simplifying the interface. The refreshed Office is available to Office Insider testers running Beta Channel builds. Those who don't want it can turn off the "Coming Soon" feature at the top right hand corner of the menu. Testers can toggle between the new and existing interface to move between the current and newly updated Office apps.

Some users who bought an external hard drive that's delightfully shaped like a book ended up with "terabytes' worth of data, years of memories and months of hard work vanished in an instant," reports Engadget. (Though according to a new statement from Western Digital, "Some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools.")

But why were these deletions from "My Books" happening in the first place? A Slashdot reader shares the first clue from Engadget's report: Several owners looked into the cause of the issue and determined that their devices were wiped after receiving a remote command for a factory reset. The commands starting going out at 3PM on Wednesday and lasted throughout the night. One user posted a copy of their log showing how a script was run to shut down their storage device for a factory restore.
Friday Western Digital's statement offered much more detail: Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability... The log files we have reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries. This indicates that the affected devices were directly accessible from the Internet, either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP.

Additionally, the log files show that on some devices, the attackers installed a trojan with a file named ".nttpd,1-ppc-be-t1-z", which is a Linux ELF binary compiled for the PowerPC architecture used by the My Book Live and Live Duo. A sample of this trojan has been captured for further analysis and it has been uploaded to VirusTotal.

Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning...

At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device by following these instructions on our Knowledge Base. We have heard customer concerns that the current My Cloud OS 5 and My Cloud Home series of devices may be affected. These devices use a newer security architecture and are not affected by the vulnerabilities used in this attack. We recommend that eligible My Cloud OS 3 users upgrade to OS 5 to continue to receive security updates for your device

AmiMoJo writes: Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices. According to Dell's website, the SupportAssist software is 'preinstalled on most Dell devices running Windows operating system,' while BIOSConnect provides remote firmware update and OS recovery features. The chain of flaws discovered by Eclypsium researchers comes with a CVSS base score of 8.3/10 and enables privileged remote attackers to impersonate Dell.com and take control of the target device's boot process to break OS-level security controls. "Such an attack would enable adversaries to control the device's boot process and subvert the operating system and higher-layer security controls," Eclypsium researchers explain in a report shared in advance with BleepingComputer. "The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs," with roughly 30 million individual devices exposed to attacks.

Microsoft is shoving Skype out of sight in favor of Microsoft Teams, which gets a highlight spot in the new center-aligned taskbar and deep integration into Windows. The Verge reports: Today's Windows 11 news is all about where Microsoft sees computing going over the next few years, but it's just as much the story of how Skype has flourished and ebbed since its $8.5 billion acquisition a decade ago. Five years ago, Skype was the big name in internet calling and video, and Microsoft made it an "inbox app" for Windows 10 that was included at installation and launched at startup by default. Now, after a pandemic year that has had more people using their PCs for voice and video than ever before, Skype was nowhere to be seen in the Windows 11 presentation or materials.

The future vision that Microsoft had for Skype everywhere has turned into a reality -- but that reality made competitors Zoom and FaceTime into household names instead. Back in June, when Microsoft made Teams available for personal accounts, the company still paid lip service to Skype, saying, "For folks that just want a very purpose-built app, Skype is a great solution, and we support it and encourage it." But now, if you want to use Skype, you're going to have to go find it in the Microsoft Store like any other app. A company spokesperson tells The Verge: "Skype is no longer an inbox app for new devices that run Windows 11. The Skype app is available to download through the Microsoft Store for free."; Skype joins OneNote, Paint 3D, and 3D Viewer as the apps that will no longer come with the OS.

Slashdot reader xack points out that Windows 11, Microsoft's next version of its desktop operating system, will require a Microsoft account and internet connection for setup. They write: Based on Microsoft's official requirements you need an internet connection to install Windows 11. This means people without internet access at home, especially in rural and poorer households, won't be able to use Windows 11. I hope Microsoft fixes this problem before release. Previous versions of Windows "would let you opt out of Microsoft accounts by creating a local account instead," notes The Verge. "It's possible you'll still be able to use a local account afterwards." As for the internet requirement, The Verge says it "may make sense since Windows 11 will largely be delivered via a Windows Update, like many of the updates to Windows 10, so you'd need an internet connection to install it on your PC."

Microsoft is also changing the Windows 11 minimum requirements, though they are only slightly higher than what's required to run Windows 10.

The specs required to run Microsoft's new Windows 11 OS are only slightly higher than Windows 10's current requirements. All you'll need is a 64-bit CPU (or SoC), 4GB of RAM, and 64GB of storage. The Verge reports: This marks the end of Windows support for older 32-bit hardware platforms, even though it will continue to run 32-bit software. The fastest way to find out if your system can handle Windows 11 is to download Microsoft's PC Health App, which will automatically tell you if your specs and settings are ready for the new OS. The system requirements listed by Microsoft are [available here].

Microsoft, which has unveiled a new version of Windows for the first time in six years, said it will integrate its Teams chat and videoconferencing software directly into the operating system. From a report: Teams has seen a huge surge in users during the pandemic, boosting Microsoft in a product category where it's been trying to catch up with Slack and Zoom. The latest personal computer operating system, Windows 11, also features a new design and will offer changes to the app store.

Mark Wilson writes: Just a few days ago -- before it has even been officially announced -- Windows 11 leaked online and remains available to download from numerous sites. The Windows 11 ISO torrent spread like wildfire, and now Microsoft is fighting back. The company has issued a slew of DMCA takedown notices to various sites it says are distributing "a leaked copy of the unreleased Windows 11." Unsurprisingly, an article entitled "How to Download and Install Windows 11 Right Now" caught the eyes of Microsoft lawyers. The company has issued a slew of DMCA takedown notices to various sites it says are distributing "a leaked copy of the unreleased Windows 11." Unsurprisingly, an article entitled "How to Download and Install Windows 11 Right Now" caught the eyes of Microsoft lawyers.

"Google said Thursday it's funding a project to increase Linux security by writing parts of the operating system's core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones," reports CNET: If the project succeeds, it'll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that's become foundational to Google's Android and Chrome operating systems as well as vast swaths of the internet. Miguel Ojeda, who's written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that's also made it easier to secure website communications through the Let's Encrypt effort.

Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages...

Google credits the Linux community programmers who began the Rust for Linux project. "The community had already done and continues to do great work toward adding Rust support to the Linux kernel build system," Google said in a blog post...

[Rust] has been the most loved programming language for five years running in Stack Overflow's annual developer survey. "Rust represents the best alternative to C and C++ currently available," Microsoft's security team concluded in 2019. The team said Rust would have prevented memory problems at fault in 70% of its significant security issues. And because Rust's checks happen while software is being built, the safety doesn't come at the expense of performance when the software is running.

The goal of the Linux on Rust project isn't to replace all of Linux's C code but rather to improve selective and new parts.

Google said Thursday it's funding a project to increase Linux security by writing parts of the operating system's core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones. From a report: If the project succeeds, it'll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that's become foundational to Google's Android and Chrome operating systems as well as vast swaths of the internet.

Miguel Ojeda, who's written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that's also made it easier to secure website communications through the Let's Encrypt effort. Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages.