'Razer Doesn't Care About Linux' ( 377

An anonymous reader shares a blog post: Razer is a vendor that makes high-end gaming hardware, including laptops, keyboards and mice. I opened a ticket with Razor a few days ago asking them if they wanted to support the LVFS project by uploading firmware and sharing the firmware update protocol used. I offered to upstream any example code they could share under a free license, or to write the code from scratch given enough specifications to do so. This is something I've done for other vendors, and doesn't take long as most vendor firmware updaters all do the same kind of thing; there are only so many ways to send a few kb of data to USB devices. The fwupd project provides high-level code for accessing USB devices, so yet-another-update-protocol is no big deal. I explained all about the LVFS, and the benefits it provided to a userbase that is normally happy to vote using their wallet to get hardware that's supported on the OS of their choice. I just received this note on the ticket, which was escalated appropriately: "I have discussed your offer with the dedicated team and we are thankful for your enthusiasm and for your good idea. I am afraid I have also to let you know that at this moment in time our support for software is only focused on Windows and Mac." The post, written by Richard -- who has long been a maintainer of GNOME Software, PackageKit, GNOME Packagekit, points out that Razer executive Min-Liang Tan last year invited Linux enthusiasts to suggest ideas to help the company make the best notebook that supports Linux.

VLC 3.0 Adds Chromecast Support and More as the Best Free Media Player Gets Even Better ( 131

Ian Paul, writing for PCWorld: The best free media player is getting even better. After three years of development, VLC 3.0 'Ventari' is rolling out to all platforms, and it's packed full of goodies such as Chromecast support. The latest version of VLC contains a lot of great additions, as well as a tweaked UI. Chromecast discovery tops the list. It's only available on Windows desktop and Android right now, but Videolan says the feature's coming to VLC's iOS and the Windows Store apps in the future. [...] VLC 3.0's refreshed UI isn't a fresh, new look from previous versions, but it is noticeably different. The icons at the bottom of the window are cleaner, and the small icons used within menu items are also new. Version 3.0 also adds support for 360-degree video and 3D audio, readying features for a VR version of VLC slated to roll out in mid-April. The new VLC also adds hardware decoding across all platforms for better performance and less CPU consumption, especially when dealing with more resource-intense video.

Attackers Drain CPU Power From Water Utility Plant In Cryptojacking Attack ( 76

darthcamaro writes: Apparently YouTube isn't the only site that is draining CPU power with unauthorized cryptocurrency miners. A water utility provider in Europe is literally being drained of its CPU power via an cryptojacking attack that was undetected for three weeks. eWeek reports: "At this point, Radiflow's (the security firm that discovered the cryptocurrency mining malware) investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Radiflow CTO Yehonatan Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows XP operating system. Radiflow's CEO, Ilan Barda, noted that many SCADA environments still have Windows XP systems deployed as operators tend to be very slow to update their operating systems." Radiflow doesn't know how much Monero (XMR) cryptocurrency was mined by the malware, but a recent report from Cisco's Talos research group revealed that some of the top un-authorized cryptocurrency campaigns generate over a million dollars per year. The average system would generate nearly $200,000 per year.

Windows 10 Will Soon Get Progressive Web Apps To Boost the Microsoft Store ( 152

The next major update to Windows 10 will bring Progressive Web Apps (PWAs) to the Microsoft Store. PWAs are websites (or web apps) which are implemented as native apps, and delivered just like a normal app through Windows 10's store. According to TechRadar, "The big advantages are that no platform-specific code is required, allowing devs to make apps that run across different platforms, and that PWAs are hosted on the developer's server, so can be updated directly from there (without having to push updates to the app store)." The other benefit for Microsoft is that they will be getting a bunch of new apps in Windows 10's store. From the report: As Microsoft explains in a blog post, these new web apps are built on a raft of nifty technologies -- including Service Worker, Fetch networking, Push notifications and more -- all of which will be enabled when EdgeHTML 17 (the next version of the rendering engine that powers the Edge browser) goes live in Windows 10 in the next big update. PWAs can be grabbed from the Microsoft Store as an AppX file, and will run in their own sandboxed container, without needing the browser to be open at all. As far as the user is concerned, they'll be just like any other app downloaded from the store. Microsoft says it is already experimenting with crawling and indexing PWAs from the web to pick out the quality offerings, which it will draft into the Microsoft Store. The firm has already combed through some 1.5 million web apps to pick out a small selection of PWAs for initial testing. As well as discovering apps via web crawling, developers will also be able to submit their offerings directly to Microsoft for approval.

NSA Exploits Ported To Work on All Windows Versions Released Since Windows 2000 ( 95

Catalin Cimpanu, reporting for BleepingComputer: A security researcher has ported three leaked NSA exploits to work on all Windows versions released in the past 18 years, starting with Windows 2000. The three exploits are EternalChampion, EternalRomance, and EternalSynergy; all three leaked last April by a hacking group known as The Shadow Brokers who claimed to have stolen the code from the NSA. Several exploits and hacking tools were released in the April 2017 Shadow Brokers dump, the most famous being EternalBlue, the exploit used in the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks.

Why Windows Vista Ended Up Being a Mess ( 224

alaskana98 shares an article called "What Really Happened with Vista: An Insider's Retrospective." Ben Fathi, formerly a manager of various teams at Microsoft responsible for storage, file systems, high availability/clustering, file level network protocols, distributed file systems, and related technologies and later security, writes: Imagine supporting that same OS for a dozen years or more for a population of billions of customers, millions of companies, thousands of partners, hundreds of scenarios, and dozens of form factors -- and you'll begin to have an inkling of the support and compatibility nightmare. In hindsight, Linux has been more successful in this respect. The open source community and approach to software development is undoubtedly part of the solution. The modular and pluggable architecture of Unix/Linux is also a big architectural improvement in this respect. An organization, sooner or later, ships its org chart as its product; the Windows organization was no different. Open source doesn't have that problem...

I personally spent many years explaining to antivirus vendors why we would no longer allow them to "patch" kernel instructions and data structures in memory, why this was a security risk, and why they needed to use approved APIs going forward, that we would no longer support their legacy apps with deep hooks in the Windows kernel -- the same ones that hackers were using to attack consumer systems. Our "friends", the antivirus vendors, turned around and sued us, claiming we were blocking their livelihood and abusing our monopoly power! With friends like that, who needs enemies?

I like how the essay ends. "Was it an incredibly complex product with an amazingly huge ecosystem (the largest in the world at that time)? Yup, that it was. Could we have done better? Yup, you bet... Hindsight is 20/20."

Microsoft Is Now Selling a Surface Laptop With An Intel Core m3 Processor For $799 ( 108

Microsoft has begun offering a lower specced Surface laptop running Windows 10 S and an Intel Core m3 processor. It's priced at $799, compared to the standard model's $999 price, and is only available in the platinum color configuration. Windows Central reports: The Intel Core m3 spec is paired with 4GB of RAM and 128GB Storage. This is definitely not a high-end model of the Surface Laptop, but it's still a premium one, with the same Alcantara fabric and high-quality display found on other Surface Laptop SKUs. Microsoft offers an Intel Core m3 model of the Surface Pro priced at $799 also, however that SKU doesn't come bundled with a keyboard or pen. At least with the Surface Laptop, you're getting a keyboard and trackpad in the box, so perhaps the Intel Core m3 Laptop is going to be the better choice for many. If you're looking for a straight laptop by Microsoft, that is. Some other specs include a 2256 x 1504 resolution display, Intel HD graphics 615, 720p webcam with Windows Hello face-authentication, Omnisonic speakers with Dolby Audio Premium, one full-size USB 3.0 port, Mini DisplayPort, headphone jack and Surface Connect port. The device measures in a 12.13 inches x 8.79 inches x 0.57 inches and weighs 2.76 pounds.

New Zero-Day Vulnerability Found In Adobe Flash Player ( 87

GBHackers On Cyber Security and an anonymous Slashdot reader have shared a story about a new zero-day vulnerability found in Adobe's Flash Player. Bleeping Computer reports: South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild. According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs and earlier. Flash is the current Flash version number.

"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Word documents. Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea.
Adobe said it plans to patch this zero-day on Monday, February 5.

Microsoft Office 2019 Will Only Work on Windows 10 ( 303

Microsoft on Thursday provided an update on Office 2019, in which it revealed that the apps will only run on Windows 10. From a report: In a support article for service and support of Windows and Office, Microsoft has revealed you'll need to upgrade to Windows 10 if you want the latest version of Office without subscribing to the company's Office 365 service. It's a move that's clearly designed to push businesses that are holding off on Office 365 into subscriptions, as the standalone Office 2019 software will only be supported on Windows 10 and not Windows 7 or Windows 8.1 machines. Microsoft is also altering the support lifecycle for Office 2019, so it will receive 5 years of mainstream support and then "approximately 2 years of extended support."

Windows Defender Will Soon Start Removing Applications With Coercive Messaging: Cleaners and Optimizers Put on Notice ( 112

Microsoft is stepping up its efforts to protect Windows users from programs that use fear to convince people to buy or upgrade products. From a report: The Redmond company is taking aim at all software that use scary messaging to convince people to upgrade to a paid product that purportedly fixes a problem detected by a free version. Specifically it is targeting registry cleaners and optimizers, which Microsoft previously didn't endorse but also didn't blacklist them as unwanted programs or malware. That's changing on March 1. "We find this practice problematic because it can pressure customers into making unnecessary purchase decisions," said Barak Shein, a member of the Windows Defender security research team. From March 1 Microsoft's Windows Defender and other security products will "classify programs that display coercive messages as unwanted software, which will be detected and removed," Shein said.
Operating Systems

Surpassing Windows 7's Market Share For the First Time, Windows 10 Now the Most Popular Desktop OS From Microsoft ( 166

Two and a half years after the company made it available to the general public, Windows 10 is now the most popular operating system from Microsoft, according to analytics firm StatCounter. From a report: Every month, StatCounter reports on the state of the desktop operating system market. Since October last year, the analyst company's figures have shown the gap between Windows 10 and Windows 7 narrowing. It looked as if the newer OS would overtake the older one in November, but that didn't happen, and it didn't happen in December either. However, in January, according to StatCounter, Windows 10 finally claimed the top spot. The latest figures show Windows 10 on 42.78 percent, up from 41.69 percent in December 2017. That's an increase of 1.09 percentage points.

Robot Delivery Vans Are Arriving Before Self-Driving Cars ( 116

The future of driverless driving looks like a giant toaster with a funny hat. From a report: That's an approximation of a new autonomous vehicle unveiled Tuesday by Nuro, a Silicon Valley startup that's been cryptic about its business plan since it launched about 18 months ago. Nuro's shiny, minimalist appliance on wheels doesn't have doors or windows to speak of, because it will be carrying packages -- not people. As every major automaker and dozens of tech companies race to replace drivers in Uber cars and taxi fleets, Nuro is ignoring humans altogether and steering for, United Parcel Service and any retailer looking to build its e-commerce business.

Lenovo's Fingerprint Scanner Can Be Bypassed via a Hardcoded Password ( 67

Lenovo has issued an update to address a vulnerability in its fingerprint scanner app that it ships with ThinkPad, ThinkCentre, and ThinkStation models running Windows 8.1 or older version of Windows. From a report: Fingerprint Manager Pro is an application developed by Lenovo that allows users to log into Windows machines and online websites by scanning one of their fingerprints using the fingerprint scanner embedded in selected Lenovo products. "A vulnerability has been identified in Lenovo Fingerprint Manager Pro," said Lenovo in a security advisory published last week. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in," the company said.

Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations ( 90

An anonymous reader quotes BleepingComputer: Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update -- KB4078130 -- targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions. Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3. The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behavior" that led to "data loss or corruption."

HP, Dell, and Red Hat took previous steps during the past week.

"We are also offering a new option -- available for advanced users on impacted devices -- to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes..." Microsoft writes.

"We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device. "

Should Apps Replace Title Bars with Header Bars? ( 362

Gnome contributor Tobias Bernard is on a crusade against title bars -- "the largely empty bars at the top of some application windows [that] contain only the window title and a close button." Instead he wants to see header bars -- "a newer, more flexible pattern that allows putting window controls and other UI elements in the same bar." Tobias Bernard writes: Header bars are client-side decorations (CSD), which means they are drawn by the app rather than the display server. This allows for better integration between application and window chrome. All GNOME apps (except for Terminal) have moved to header bars over the past few years, and so have many third-party apps. However, there are still a few holdouts.
He's announcing the CSD Initiative, "an effort to get apps (both GNOME and third-party) to drop title bars and adopt GNOME-style client-side decorations... The only way to solve this problem long-term is to patch applications upstream to not use title bars. So this is what we'll have to do."
  • Talk to the maintainers and convince them that this is a good idea
  • Do the design work of adapting the layout and make mockups
  • Figure out what is required at a technical level
  • Actually implement the new layout and get it merged

Implementation is already in progress for Firefox, though it has not yet been started for other high-priority apps like LibreOffice, GNOME Terminal, and Skype. "If you want to help with any of the above tasks," writes Tobias, "come talk to us on #gnome-design on IRC/Matrix."


Windows 10 Will Soon Let Users Track the Data Microsoft Collects ( 148

Windows 10 will soon get a new application that will allow users to keep track of the data that Microsoft collects from their device. From a report: Ahead of the Data Privacy Day, Microsoft today introduced a new Diagnostic Data Viewer app for Windows 10 -- first coming to Windows Insiders -- that enables users to view all the diagnostic data that's being collected by Windows 10. The new Diagnostic Data Viewer will display different types of diagnostic data collected by the OS. This includes Common Data (your OS version, device ID/type, etc.), Device Connectivity and Configuration data (device capabilities, user settings, peripherals and network info), Product and Service Performance (device health, performance, reliability data), Product and Service Usage (data on usage of device, apps, OS), and Software Setup and Inventory (update information). The app includes a search feature that lets you search for specific items.

Microsoft Unveils Windows 10 S Laptops Starting at $189 and New Office 365 Tools for Students ( 107

An anonymous reader shares a report: Microsoft today unveiled new Windows 10 S devices from Lenovo and JP, starting at $189, aimed at the education market. The company also announced new Office 365 learning tools for students. The news mirrors Microsoft's firstline workers push in September, which saw new Windows 10 S devices starting at $275. The company is now simply doing the same as part of its latest EDU push, and it's not mincing words when it comes to explaining its target audience: "schools who don't want to compromise on Chromebooks."

Microsoft unveiled four new Windows 10 devices that are all supposed to offer more than Chrome OS. Two are standard laptops: the Lenovo 100e powered by Intel Celeron Apollo Lake for $189 and JP's Classmate Leap T303 with Windows Hello for $199. The other two are 2-in-1s: the Lenovo 300e convertible with pen support for $279 and the Trigono V401 with pen and touch for $299. All four are spill resistant, ruggedized for students, and promise long battery life to avoid having wires all over the classroom.

United States

Apple and Google Are Rerouting Their Employee Buses as Attacks Resume ( 292

Slashdot reader sqorbit writes: Apple runs shuttle buses for it's employees in San Francisco. It seems someone who is not happy with Apple has decided to take out their anger on these buses. In an email obtained by Mashable, Apple states "Due to recent incidents of broken windows along the commute route, specifically on highway 280, we're re-routing coaches for the time being. This change in routes could mean an additional 30-45 minutes of commute time in each direction for some riders." It has been reported that at least four buses have had windows broken, some speculating that it might caused by rubber bullets.
"Around four years ago, people started attacking the shuttle buses that took Google employees to and from work, as a way of protesting the tech-company-driven gentrification taking place around San Francisco," remembers Fortune, adding "it seems to be happening again."

At least one Google bus was also attacked, according to the San Francisco Chronicle, which adds that the buses "were not marked with company logos, and the perpetrators are suspected of broadly targeting technology shuttle buses rather than a specific company."

Wine 3.0 Released ( 153

prisoninmate shares a report from Softpedia: The Wine (Wine Is Not an Emulator) project has been updated today to version 3.0, a major release that ends 2017 in style for the open-source compatibility layer capable of running Windows apps and games on Linux-based and UNIX-like operating systems. Almost a year in the works, Wine 3.0 comes with amazing new features like an Android driver that lets users run Windows apps and games on Android-powered machines, Direct3D 11 support enabled by default for AMD Radeon and Intel GPUs, AES encryption support on macOS, Progman DDE support, and a task scheduler. In addition, Wine 3.0 introduces the ability to export registry entries with the reg.exe tool, adds various enhancements to the relay debugging and OLE data cache, as well as an extra layer of event support in MSHTML, Microsoft's proprietary HTML layout engine for the Windows version of the Internet Explorer web browser. You can read the full list of features and download Wine 3.0 from WineHQ's website.
XBox (Games)

Microsoft Puts Minecraft Boss In Charge of Xbox Games ( 50

Microsoft is promoting its Minecraft boss to the head of the company's games studios. "Matt Booty's new role sees him oversee Microsoft Studios, second only to Microsoft's games chief Phil Spencer," reports The Verge. "Microsoft CEO Satya Nadella previously promoted Phil Spencer from head of Xbox to a new role overseeing all games, associated hardware, and game strategy." From the report: Spencer reports directly to Nadella, with Booty now reporting directly to Spencer. GamesBeat reports that Booty's new role will see Microsoft devoting more resources to its games business. Booty will be looking after Microsoft's relationships with 343 Industries, The Coalition, Mojang, Rare, Turn 10 Studios, and Global Publishing. Booty first joined Microsoft back in 2010, and helped launch games for Windows phones. He's also helped develop Xbox Live Arcade, and oversaw Minecraft maker Mojang after Microsoft acquired the company for $2.5 billion back in 2014.

Slashdot Top Deals