Sony

Sony Blocks Yet Another Game From Cross-Console Play With Xbox One (arstechnica.com) 92

"Back in June, Sony told Eurogamer that the company did not have 'a profound philosophical stance' against letting PS4 users play games with those on other platforms," reports Ars Technica. "That said, the company's continued refusal to allow for cross-console play between PS4 and Xbox One players has become an absolute and unmistakable trend in recent months." The latest game to be denied by Sony for cross-console play is Ark: Survival Evolved, which comes out of a two-year early access period next week on Windows, Mac, PS4, and Xbox One. From the report: In a Twitter response posted over the weekend, Ark lead designer and programmer Jeremy Stieglitz said that cross-platform play between PS4 and Xbox One is "working internally, but currently Sony won't allow it." This isn't a huge surprise, considering that the developers of Rocket League, Minecraft, and Gwent have made similar statements in recent months. Since Microsoft very publicly opened Xbox Live to easy cross-platform play back in March, Sony has said that it's "happy to have a conversation" about the issue, but it has failed to follow through by allowing any linkage between the two competing consoles (cross-platform play between the PS4 and PC has been available in certain games since the PS4's launch, though).

The question continues to be why, exactly, Sony seems so reluctant to allow any games to work between its own PlayStation Network and Microsoft's Xbox Live. Speaking with Eurogamer in June, Sony's Jim Ryan suggested that, in the case of Minecraft, Sony was wary to expose that game's young players to "external influences we have no ability to manage or look after." Ryan also told Eurogamer that cross-platform decisions were "a commercial discussion between ourselves and other stakeholders." That suggests there may be some financial issues between the parties involved that are preventing cross-console play from moving forward. Perhaps Sony wants someone else to pay for the work required to get its network talking to Microsoft's? The bottom line, though, might be that Sony just doesn't want to partially give away its sizable advantage in console sales by letting Microsoft hook into that vast network of players.

Businesses

The Windows App Store is Full of Pirate Streaming Apps (torrentfreak.com) 96

Ernesto Van der Sar, reporting for TorrentFreak: When we were browsing through the "top free" apps in the Windows Store, our attention was drawn to several applications that promoted "free movies" including various Hollywood blockbusters such as "Wonder Woman," "Spider-Man: Homecoming," and "The Mummy." Initially, we assumed that a pirate app may have slipped past Microsoft's screening process. However, the 'problem' doesn't appear to be isolated. There are dozens of similar apps in the official store that promise potential users free movies, most with rave reviews. Most of the applications work on multiple platforms including PC, mobile, and the Xbox. They are pretty easy to use and rely on the familiar grid-based streaming interface most sites and services use. Pick a movie or TV-show, click the play button, and off you go. The sheer number of piracy apps in the Windows Store, using names such as "Free Movies HD," "Free Movies Online 2020," and "FreeFlix HQ," came as a surprise to us. In particular, because the developers make no attempt to hide their activities, quite the opposite.
Government

Microsoft Avoids Washington State Taxes, Gives Nevada Schoolkid A Surface Laptop (seattletimes.com) 72

theodp writes: The Official Microsoft Blog hopes a letter from a Nevada middle schooler advising Microsoft President Brad Smith to "keep up the good work running that company" will "inspire you like it did us." Penned as part of a math teacher's assignment to write letters to the businesses that they like, Microsoft says the letter prompted Smith to visit the Nevada school to meet 7th-grader Sky Yi in person as part of the company's effort to draw attention to the importance of math and encourage students and teachers who are passionate about STEM (science, technology, engineering and math) education. In an accompanying video of the surprise meeting, Smith presents Yi with a new Surface Laptop that comes with Windows 10 S, a version of the OS that has been streamlined with schools in mind. "Not bad for a little letter," the Microsoft exec says.

Speaking of Microsoft, Nevada, and education, Bing Maps coincidentally shows the school Smith visited is just a 43-minute drive from the software giant's Reno-based Americas Operations Center. According to the Seattle Times, routing sales through the Reno software-licensing office helps Microsoft minimize its tax bills (NV doesn't tax business income) to the detriment, some say, of Washington State public schools.

Microsoft's state and local taxes will drop to just $30 million for the last year (from an average of $214 milion over the previous 14 years) according to the Seattle Times. "A Microsoft spokesman said the decline in 2017 was caused by the company's deferring taxes on some income to future years and the winding down of the company's smartphone business."
Government

US State Department Suffers Worldwide Email Outage (usatoday.com) 69

An anonymous reader quotes USA Today: The U.S. State Department's email system underwent a worldwide outage Friday, affecting all its unclassified communications within and outside of the department. The system was fully restored by Friday afternoon [after 12 hours], said a State Department official briefed on the incident who was not authorized to speak publicly and requested anonymity.

It was not clear what caused the early morning outage, but spokeswoman Heather Nauert told reporters it was not "any external action or interference."

IT

Developer Accidentally Deletes Three-Month of Work With Visual Studio Code (bingj.com) 751

New submitter joshtops writes: A developer accidentally three-month of his work. In a post, he described his experience, "I had just downloaded VScode as an alternative and I was just playing with the source control option, seeing how it wanted to stage -- five thousand files -- I clicked discard... AND IT DELETED ALL MY FILES, ALL OF THEM, PERMANENTLY! How the f*uk is this s*it possible, who the hell is the d******* who made the option to permanently delete all the files on a project by accident even possible? Cannot even find them in the Recycle Bin!!!! I didn't even thought that was possible on Windows!!! F*ck this f*cking editor and f*ck whoever implemented this option. I wish you the worst.'
Desktops (Apple)

In Defense of the Popular Framework Electron (dev.to) 138

Electron, a popular framework that allows developers to write code once and seamlessly deploy it across multiple platforms, has been a topic of conversation lately among developers and users alike. Many have criticised Electron-powered apps to be "too memory intensive." A developer, who admittedly uses a high-end computer, shares his perspective: I can speak for myself when I say Electron runs like a dream. On a typical day, I'll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. [...] So, how does it feel to run this bloat train of death every day? Well, it feels like nothing. I don't notice it. My laptop doesn't get hot. I don't hear the fan. I experience no lags in any application. [...] But aside from how it makes end-users feel, there is an arguably more important perspective to be had: how it makes software companies feel. For context, the project I work in is an open-source cross-platform notes app that's available on most platforms, including web, Mac, Windows, Linux, iOS, and Android. All the desktop applications are based off the main web codebase, and are bundled using Electron, while the iOS and Android app use their own native codebases respectively, one in Swift and the other in Kotlin. And as a new company without a lot of resources, this setup has just barely allowed us to enter the marketplace. Three codebases is two too many codebases to maintain. Every time we make a change, we have to make it in three different places, violating the most sacred tenet of computer science of keeping it DRY. As a one-person team deploying on all these platforms, even the most minor change will take at minimum three development days, one for each codebase. This includes debugging, fixing, testing, bundling, deploying, and distributing every single codebase. This is by no means an easy task.
Microsoft

We're Not Walking Away From Continuum, Says HP (theregister.co.uk) 44

An anonymous reader shares a report: While Windows roadmaps purportedly leaked to a blog last week appear to have a big hole in them where mobile should be, HP Inc tells us it has been assured by Redmond there are no plans to drop Continuum. HP is the sole major mobile vendor committed to the Windows Mobile Edition of Windows 10 and bet big on Continuum, the multimode "use-your-phone-as-a-PC" feature on which some of HP's ambitions rest. El Reg was impressed by HP's plans to build an ecosystem around the multi-mode capabilities of the HP Elite x3 phone, which doubles up as a PC replacement. (Or tries to.) Launching in over 50 markets, the ecosystem includes a streaming apps service HP Workplace to fill in the app gap, and even a "lap dock." HP pitched it at field workers and verticals. The only thing letting Inc-ers down was the quality of the software from Microsoft. Spring came and went without the expected improvements to Continuum. Unauthorised briefings last week suggest the Windows Mobile branch of Windows 10 is now an orphan.
Mozilla

64-bit Firefox is the New Default on 64-bit Windows (mozilla.org) 178

An anonymous reader shares a blog post: Users on 64-bit Windows who download Firefox will now get our 64-bit version by default. That means they'll install a more secure version of Firefox, one that also crashes a whole lot less. How much less? In our tests so far, 64-bit Firefox reduced crashes by 39% on machines with 4GB of RAM or more.
Debian

OpenSource.com Test-Drives Linux Distros From 1993 To 2003 (opensource.com) 80

An anonymous reader quotes OpenSource.com: A unique trait of open source is that it's never truly EOL (End of Life). The disc images mostly remain online, and their licenses don't expire, so going back and installing an old version of Linux in a virtual machine and getting a precise picture of what progress Linux has made over the years is relatively simple... Whether you're new to Linux, or whether you're such an old hand that most of these screenshots have been more biographical than historical, it's good to be able to look back at how one of the largest open source projects in the world has developed. More importantly, it's exciting to think of where Linux is headed and how we can all be a part of that, starting now, and for years to come.
The article looks at seven distros -- Slackware 1.01 (1993), Debian 0.91 (1994), Jurix/S.u.S.E. (1996), SUSE 5.1 (1998), Red Hat 6.0 (1999), Mandrake 8.0 (2001), and Fedora 1 (2003). Click through for some of the highlights.
Democrats

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com) 197

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.
Microsoft

Microsoft Dismisses Consumer Reports' Surface Complaints, But Doesn't Offer Much Evidence 66

Microsoft has publicly responded to Consumer Reports, saying that it disagrees with the publication's Surface reliability findings. But the company hasn't offered much in the way of evidence. In a blog post, Surface chief Panos Panay writes: In the Surface team we track quality constantly, using metrics that include failure and return rates -- both our predicted 1-2-year failure and actual return rates for Surface Pro 4 and Surface Book are significantly lower than 25%. Additionally, we track other indicators of quality such as incidents per unit (IPU), which have improved from generation to generation and are now at record lows of well below 1%. Surface also ranks highly in customer satisfaction. 98% of Surface Pro 4 users and Surface Book users say they are satisfied with their device, and our Surface Laptop and new Surface Pro continue to get rave reviews. Long-time watcher Paul Thurrott writes: Does changing the time frame from "by the end of the second year of ownership" to "1-2 year failure rate" skew the results because more failures happen later in a product's lifetime? Also, he introduces the notion of "return rates" here. By definition, the feedback that Consumer Reports receives is from product owners, not those who have returned products. If someone is almost two years into device ownership, they are not returning the product. They're just using it. And dealing with it. So consider the issue muddled, in just one carefully-constructed sentence. Which I believe was crafted to confuse the issue. But there is more. "Additionally, we track other indicators of quality such as incidents per unit (IPU), which have improved from generation to generation and are now at record lows of well below 1 percent," Panay offers. It's not possible to understand how an "incident" relates to a "failure." Mostly because he doesn't explain the term. Likely because doing so would betray that this is an apples to oranges comparison. [...] I will point the reader to Welcome to Surfacegate, my description of Microsoft's feeble attempts to ignore and then slowly fix endemic issues with those exact two Surface models. And anecdotally, I'll point to the fact that the three Surface Book models I've used have all had reliability problems. But the biggest issue I have with "customer satisfaction" is that it's kind of a bullshit measurement when it comes to premium products.
Oracle

Oracle Fiddles With Major Database Release Cycle Numbers (theregister.co.uk) 69

An anonymous reader shares a report: Big Red has changed its database release cycle, scrapping names that see decimal points and numbers added on for an indeterminate amount of time, instead plumping for annual releases numbered by the year. So what would have been Oracle Database 12.2.0.2 will now be Oracle Database 18; 12.2.0.3 will come out a year later, and be Oracle Database 19. The approach puts Oracle only about 20 years behind Microsoft in adopting a year-based naming convention (Microsoft still uses years to number Windows Server, even though it stopped for desktop versions when it released XP). [...] Well, Big Red will surely be using the revamp as a way to boost sales of database licences -- a crucial part of its business -- which have been in decline for two years running. In fiscal 2016, Oracle reported a 12 per cent drop in annual sales of new software licences, and its most recent results for fiscal 2017 revealed a further 5 per cent drop. And, for all that Oracle has shouted about its cloudy success of late, it isn't yet a major money-maker for the biz. New software license sales make up a quarter of overall revenue, while support for that software makes up a further 45 per cent. In part, the new numbering will be a handy marketing ploy. Rather than playing with the decimal points, a release with a new whole number could be an attempt to give the impression of agility in the face of younger, fresher competitors. Meanwhile, fewer patches and releases on each system also allows Oracle to know more quickly, and more accurately, what security features each customer has. The annual numbering system is also a very simple way of telling you your system is old.
Microsoft

Kaspersky Drops Antitrust Complaint After Microsoft Promises To Make Changes To Windows 10 (theverge.com) 31

Security firm Kaspersky said Thursday it was withdrawing its European antitrust complaint against Microsoft after the software giant promised to make changes to the upcoming Windows 10 Fall Creators Update that have appeased Kaspersky and help its anti-virus software provide notifications and alerts to renew virus definitions. From a report: Kaspersky originally filed its complaint back in June, claiming that Microsoft disabled its anti-virus software during Windows upgrades and that the software maker was using its dominance to "fiercely promote" its own Windows Defender software. Microsoft admitted in late June that Windows 10 prompts to install a new version of anti-virus from third parties like Kaspersky after an update, but it disables the old version if it's not compatible. Microsoft now says it "will work more closely with AV vendors to help them with compatibility reviews in advance of each feature update becoming available to customers." The software maker will also provide better visibility of release schedules for Windows 10 updates, giving anti-virus vendors more time to test changes.
AI

Blizzard and DeepMind Turn StarCraft II Into An AI Research Lab (techcrunch.com) 52

Last year, Google's AI subsidiary DeepMind said it was going to work with Starcraft creator Blizzard to turn the strategy game into a proper research environment for AI engineers. Today, they're opening the doors to that environment, with new tools including a machine learning API, a large game replay dataset, an open source DeepMind toolset and more. TechCrunch reports: The new release of the StarCraft II API on the Blizzard side includes a Linux package made to be able to run in the cloud, as well as support for Windows and Mac. It also has support for offline AI vs. AI matches, and those anonymized game replays from actual human players for training up agents, which is starting out at 65,000 complete matches, and will grow to over 500,000 over the course of the next few weeks. StarCraft II is such a useful environment for AI research basically because of how complex and varied the games can be, with multiple open routes to victory for each individual match. Players also have to do many different things simultaneously, including managing and generating resources, as well as commanding military units and deploying defensive structures. Plus, not all information about the game board is available at once, meaning players have to make assumptions and predictions about what the opposition is up to.

It's such a big task, in fact, that DeepMind and Blizzard are including "mini-games" in the release, which break down different subtasks into "manageable chunks," including teaching agents to master tasks like building specific units, gathering resources, or moving around the map. The hope is that compartmentalizing these areas of play will allow testing and comparison of techniques from different researchers on each, along with refinement, before their eventual combination in complex agents that attempt to master the whole game.

Microsoft

Microsoft Dumps Notorious Chinese Secure Certificate Vendor (zdnet.com) 57

Soon, neither Internet Explorer nor Edge will recognize new security certificates from Chinese Certificate Authorities WoSign and its subsidiary StartCom. ZDNet reports: A CA is a trusted entity that issues X.509 digital certificates that verify a digital entity's identity on the internet. Certificates include its owner's public key and name, the certificate's expiration date, encryption method, and other information about the public key owner. Typically, these are used to secure websites with the https protocol, lock down internet communications with Secure Sockets Layer and Transport Layer Security (SSL/TLS), and secure virtual private networks (VPNs). A corrupted certificate is barely better than no protection at all. It can be used to easily hack websites and "private" internet communications.

Microsoft has joined [Mozilla, Google and Apple] in abandoning trust in their certificates. A Microsoft representative wrote: "Microsoft has concluded that the Chinese CAs WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) [issuance and management rules for public certificates] violations." Microsoft will start "the natural deprecation of WoSign and StartCom certificates by setting a 'NotBefore' date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017."

Mozilla

Firefox 55 Arrives With WebVR on Windows, Performance Panel, and Click-to-Play Flash (venturebeat.com) 129

Mozilla today made available a new update to Firefox for Windows to introduce support for WebVR, that the company says, will enable desktop VR users to dive into web-based experiences with ease. Firefox 55 also includes performance panel, faster startup when restoring multiple tabs, a quicker way to search across various search engines, and click-to-play Flash by default. From a report: WebVR is an experimental JavaScript API that provides support for virtual reality devices, such as the HTC Vive, Oculus Rift, and Google Cardboard. As its name implies, the technology is meant for browsers. If you find a web game or app that supports VR, just click the VR goggles icon visible on the web page to experience it using your VR headset. WebVR supports navigating and controlling VR experiences with handset controllers or your movements in physical space. [...] Firefox 55 also allows users to adjust the number of processes and how much resources they want to allocate to any of them. This setting is at the bottom of the General section in Options. In fact, if your computer has more than 8GB of RAM, Mozilla recommends "bumping up the number of content processes that Firefox uses" because it will make Firefox faster, though at the expense of using more memory. In its own tests on Windows 10, the company found that Firefox uses less memory than Chrome, even with eight content processes running.
Debian

OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support (debian.org) 76

An anonymous reader writes: Debian Linux "sid" is deprecating TLS 1.0 Encryption. A new version of OpenSSL has been uploaded to Debian Linux unstable. This version disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version. This will likely break certain things that for whatever reason still don't support TLS 1.2. I strongly suggest that if it's not supported that you add support for it, or get the other side to add support for it. OpenSSL made a release 5 years ago that supported TLS 1.2. The current support of the server side seems to be around 90%. I hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don't need to enable them again. This move caused some concern among Debian users and sysadmins. If you are running Debian Unstable on server tons of stuff is going to broken cryptographically. Not to mention legacy hardware and firmware that still uses TLS 1.0. On the client side (i.e. your users), you need to use the latest version of a browser such as Chrome/Chromium and Firefox. The Older version of Android (e.g. Android v5.x and earlier) do not support TLS 1.2. You need to use minimum iOS 5 for TLS 1.2 support. Same goes with SMTP/mail servers, desktop email clients, FTP clients and more. All of them using old outdated crypto.

This move will also affect for Android 4.3 users or stock MS-Windows 7/IE users (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto.

Bug

The NSA Intercepted Microsoft's Windows Bug Reports (schneier.com) 52

Bruce Schneier writes on his security blog: Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports... "When Tailored Access Operations selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft... this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer..."

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?

Businesses

Popular Password Manager LastPass Doubles Price of Its Premium Plan, Removes features From Its Free Service Tier (neowin.net) 156

An anonymous reader shares a report: In November, LastPass made a big change to its service, allowing users to keep track of their passwords across all their internet-enabled mobile and desktop devices, free of charge. In addition to the free tier, the cross-platform password manager - available on iOS, Android, and Windows 10 -- also offered a Premium plan with additional features, priced at $12 per year. Today, LastPass announced another wave of changes to its lineup for individual users -- but this time, the changes are unlikely to be welcomed with open arms by its customers. LastPass Premium has now doubled in price to $24 a year, which includes "emergency access, the ability to share single passwords and items with multiple people, priority tech support, advanced multi-factor authentication, LastPass for applications, and 1GB of encrypted file storage," along with all the other features of the Free tier. In a statement, the company said, "While LastPass Free continues to offer access on all browsers and devices and the core LastPass password management functionality, unlimited sharing and emergency access are now Premium features. Free users will be able to share one item with one other individual.
Security

WikiLeaks Reveals CIA Tool For Hacking Webcams, Microphones (thestack.com) 107

An anonymous reader quotes a report from The Stack: WikiLeaks has released a new set of documents in the CIA Vault 7 leak, outlining the "Dumbo" hacking tool which allows control of webcams and microphones. The release explains that the tool is capable of completely suspending processes on webcams and corrupting video recordings. Dumbo's is tasked specifically with gaining and exploiting physical access to target computers used in CIA field operations, the release notes. According to WikiLeaks, the tool allows for the identification, control and manipulation of monitoring and detection systems, such as webcams and microphones, running the Microsoft Windows operating system. The technology first identifies all installed devices, whether they are connected locally, wirelessly, or across wired networks. Once Dumbo has detected all of these devices, it identifies all the related processes, which may include recording, monitoring or detection of video, audio and network streams. These operations can then be suspended by the operator. "By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation," the release added. Dumbo does require direct access to the target computer and is run from a USB stick. The release states that it supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. However, 64bit Windows XP and Windows versions prior to XP are not supported.

Slashdot Top Deals