Network

Pornhub Launches VPNhub, Its Own Virtual Private Network App (venturebeat.com) 37

"Adult entertainment" giant Pornhub is entering the busy virtual private network (VPN) space with the launch of its very own VPN service. From a report: Dubbed VPNhub, the new service is available for free via native apps on Android, iOS, MacOS, and Windows, though there is a premium subscription available that gets rid of the ads and promises faster speeds. In the U.S., this will cost between $12 and $14 per month, depending on the platform. VPNhub promises unlimited bandwidth, even on the free service, which is key given that Pornhub's core selling point is bandwidth-intensive video, while it offers around 1,000 servers across 15 countries. And it promises that it logs no user data.
Programming

Ask Slashdot: What's the Most Sophisticated Piece of Software Ever Written? (quora.com) 235

An anonymous reader writes: Stuxnet is the most sophisticated piece of software ever written, given the difficulty of the objective: Deny Iran's efforts to obtain weapons grade uranium without need for diplomacy or use of force, John Byrd, CEO of Gigantic Software (formerly Director of Sega and SPM at EA), argues in a blog post, which is being widely shared in developer circles, with most agreeing with Byrd's conclusion.

He writes, "It's a computer worm. The worm was written, probably, between 2005 and 2010. Because the worm is so complex and sophisticated, I can only give the most superficial outline of what it does. This worm exists first on a USB drive. Someone could just find that USB drive laying around, or get it in the mail, and wonder what was on it. When that USB drive is inserted into a Windows PC, without the user knowing it, that worm will quietly run itself, and copy itself to that PC. It has at least three ways of trying to get itself to run. If one way doesn't work, it tries another. At least two of these methods to launch itself were completely new then, and both of them used two independent, secret bugs in Windows that no one else knew about, until this worm came along."

"Once the worm runs itself on a PC, it tries to get administrator access on that PC. It doesn't mind if there's antivirus software installed -- the worm can sneak around most antivirus software. Then, based on the version of Windows it's running on, the worm will try one of two previously unknown methods of getting that administrator access on that PC. Until this worm was released, no one knew about these secret bugs in Windows either. At this point, the worm is now able to cover its tracks by getting underneath the operating system, so that no antivirus software can detect that it exists. It binds itself secretly to that PC, so that even if you look on the disk for where the worm should be, you will see nothing. This worm hides so well, that the worm ran around the Internet for over a year without any security company in the world recognizing that it even existed."
What do Slashdot readers think?
Android

With Steam Link App, Your Smartphone Can Be An Imperfect Gaming Monitor (arstechnica.com) 47

Ars Technica's Kyle Orland shares his experience with Valve's recently announced Steam Link app, which lets users play games running on a PC via a tablet, mobile phone, or Apple TV on the same network. The app launches today for Android 5.0+ devices; iOS support is "pending further review from Apple." From the report: Valve isn't kidding when it says a Wi-Fi router in the 5Ghz band is required for wireless streaming. I first tested iPad streaming on the low-end 2.4Ghz router provided with my Verizon FiOS subscription (an Actiontec MI424WR), with a wired Ethernet connection to my Windows gaming rig on the other end. The Steam Link network test warned me that "your network may not work well with Steam Link," thanks to 1- to 2-percent frame loss and about 15ms of "network variance," depending on when I tested. Even graphically simple games like The Binding of Isaac ran at an unplayably slowed-down rate on this connection, with frequent dropped inputs to boot.

Switching over to a 5GHz tri-band router (The Netgear Nighthawk X6, to be precise), the same network test reported a "fantastic" connection that "look[s] like it will work well with Steam." On this router, remotely played games ran incredibly smoothly at the iPad's full 1080p resolution, with total round-trip display latency ranging anywhere from 50 to 150ms, according to Steam Link's reports (and one-way "input lag" of less than 1ms). At that level of delay, playing felt practically indistinguishable from playing directly on the computer, with no noticeable gameplay impact even on quick-response titles like Cuphead.

XBox (Games)

Microsoft Announces Xbox Adaptive Controller For Players With Disabilities (theverge.com) 19

A new Xbox controller designed for people with disabilities has been announced by Microsoft today. The Xbox Adaptive Controller features two large programmable buttons and 19 jacks that can be connected to a range of joysticks, buttons, and switches to make it easier for a wider range of people to play games on Xbox One and Windows 10 PCs. The Verge reports: "I can customize how I interface with the Xbox Adaptive Controller to whatever I want," says Solomon Romney, a Microsoft Store learning specialist who was born without fingers on his left hand. "If I want to play a game entirely with my feet, I can. I can make the controls fit my body, my desires, and I can change them anytime I want. You plug in whatever you want and go. It takes virtually no time to set it up and use it. It could not be simpler."

The focus is on connectivity and customizability, with players able to build a setup that works for their capabilities and needs. It won't be an all-in-one solution for many games, but through the use of peripherals and the Xbox's system-level button remapping, the possibilities could be endless. The Xbox Adaptive Controller will cost $99.99 and goes on sale later this year.

Windows

Rollout of Windows 10 April Update Halted For Devices With Intel and Toshiba SSDs (bleepingcomputer.com) 89

Catalin Cimpanu, writing for BleepingComputer: Microsoft has halted the deployment of the Windows 10 April 2018 Update for computers using certain types of Intel and Toshiba solid state drives (SSDs). The Redmond-based OS maker took this decision following multiple user reports about the Windows 10 April 2018 Update not working properly on devices using: Intel SSD 600p Series, Intel SSD Pro 6000p Series, Toshiba XG4 Series, Toshiba XG5 Series, and Toshiba BG3 Series.

The Intel and Toshiba issues appear to be different. More specifically, Windows PCs using Intel SSDs would often crash and enter a UEFI screen after reboot, while users of Toshiba SSDs reported lower battery life and SSD drives becoming very hot.

Microsoft

Microsoft To Launch a Line of Lower-Cost Surface Tablets With 10-inch Displays By Second Half of 2018, Report Says (bloomberg.com) 75

Microsoft plans to launch a line of lower-cost Surface tablets as soon as the second half of 2018, Bloomberg reported Wednesday. These devices should help Microsoft improve its market share in the iPad-led hybrid machines market, the outlet noted. From the report: Microsoft has tried this before. The software giant kicked off its consumer-oriented hardware push in 2012 with the launch of the original Surface RT. At the time, it was priced starting at $499. After the tablets didn't resonate with consumers and product reviewers, Microsoft pivoted to the more-expensive Surface Pro, a line which has gained steam and likely contributed to demand for a pro-oriented iPad, which Apple launched in 2015.

The new tablets will feature 10-inch screens -- around the same size as a standard iPad, but smaller than the 12-inch screens used on the Surface Pro laptop line. The new Surfaces, priced about $400, will have rounded edges like an iPad, differing from the squared off corners of current models. They'll also include USB-C connectivity, a first for Surface tablets, a new charging and syncing standard being used by some of the latest smartphones. The tablets are expected to be about 20 percent lighter than the high-end models, but will have around four hours fewer of battery life. (The current Surface Pro can last 13.5 hours on a single charge.)

Operating Systems

Fedora-Based Linux Distro Korora Halts Development (betanews.com) 68

Korora, a Fedora-based Linux distro, halted its development this month, BetaNews' Brian Fagioli spotted Wednesday. The announcement would irk many, as Korora consistently received positive feedback from critics and users alike. News outlet ZDNet once described Korora as "Fedora++", while Slashdot readers, too, spoke highly of the distro.

At the same time, the announcement should come as little surprise to anyone who has been tracking Korora's work. In a blog post, Korora team wrote: Korora for the forseeable future is not going to be able to march in cadence with the Fedora releases. In addition to that, for the immediate future there will be no updates to the Korora distribution. Our team is infinitesimal (currently 1 developer and 2 community managers) compared to many other distributions, we don't have the luxury of being able to dedicate the amount of time we would like to spend on the project and still satisfy our real life obligations. So we are taking a little sabbatical to avoid complete burn out and rejuvenate ourselves and our passion for Korora/Fedora and wider open source efforts. The team had expressed similar concerns earlier this year: For the past few years Korora has released a new version in line with each Fedora version. That means that approximately twice a year we prepare, test and create 5 different ISO versions. This is as well as, among other things, developing new projects, supporting existing releases and planning the future versions. As each team member has different skills some tasks, such as development, can only be done by one person. All this is done in our spare time along side our job, family and personal responsibilities. For a very small team, currently 3 people plus the occasional input from others, this is a lot of work. It means that often Korora has to take a back seat when real life intrudes. This isn't the first time Korora had to abruptly pause its development. In 2007, Christopher Smart, who kickstarted Korora (at the time based on Gentoo Linux), had discontinued the project -- only to revive it three years later.
AMD

AMD Integrates Ryzen PRO and Radeon Vega Graphics In Next-Gen APUs (zdnet.com) 76

The three biggest PC OEMs -- Dell, HP, and Lenovo -- are now offering AMD Ryzen PRO mobile and desktop accelerated processing units (APUs) with built-in Radeon Vega graphics in a variety of commercial systems. There are a total of seven new APUs -- three for the mobile space and four for the desktop. As AMD notes in its press release, the first desktops to ship with these latest chips include: the HP Elitedesk G4 and 285 Desktop, the Lenovo ThinkCentre M715, and the Dell Optiplex 5055. ZDNet's Adrian Kingsley-Hughes writes about what makes Ryzen PRO so appealing: Ryzen PRO has been built from the ground up to focus on three pillars -- power, security and reliability. Built-in security means integrated GuardMI technology, an AES 128-bit encryption engine, Windows 10 Enterprise Security support, and support for fTPM/TPM 2.0 Trusted Platform Module. One of the features of Ryzen PRO that AMD hopes will appeal to commercial users is the enterprise-grade reliability that the chips come backed with, everything from 18-moths of planned software availability, 24-months processor availability, a commercial-grade QA process, 36-moth warranty, and enterprise-class manageability.

There are no worries on the performance front either, with the Ryzen PRO with Vega Graphics being the world's fastest processor currently available for ultrathin commercial notebooks, with the AMD Ryzen 7 PRO 2700U offering up to 22 percent more productivity performance than Intel's 8th-generation Core i7-8550U in testing carried out by AMD. AMD has also designed the Ryzen PRO processors to be energy-efficient, enabling up to 16 hours of battery life in devices, or 10.5 hours of video playback. The Ryzen PRO with Vega Graphics desktop processors are also no slouches, opening up a significant performance gap when compared to Intel Core i5 8400 and Core i3 8100 parts.
AMD also announced that it is sampling its second-generation Threadripper 2900X, 2920X and 2950X products. "For Threadripper Gen2 you can expect a refresh of the current line-up; an 8-core Threadripper 2900X, a 12-core Threadripper 2920X and of course a 16-core Threadripper 2950X," reports Guru3D.com. "AMD will apply the same Zen+ tweaks to the processors; including memory latency optimizations and higher clock speeds."

AMD has something for the datacenter enthusiasts out there too. Epyc, AMD's x86 server processor line based on the company's Zen microarchitecture, has a new promo video, claiming more performance, more security features, and more value than Intel Xeon. The company plans to market Epyc in an aggressive head-to-head format similar to how T-Mobile campaigns against Verizon and AT&T. Given Intel Xeon's 99% market share, they sort of have to...
Security

One Year After WannaCry, EternalBlue Exploit Is Bigger Than Ever (bleepingcomputer.com) 62

An anonymous reader quotes a report from Bleeping Computer: Exactly one year after the biggest cyber-security incident in history, the exploit at the heart of the WannaCry attack is now more popular than ever, according to telemetry data gathered by Slovak antivirus vendor ESET. Named EternalBlue, the exploit was supposedly developed by the cyber division of the U.S. National Security Agency. EternalBlue was part of a large cache of tools that a hacker group known as The Shadow Brokers stole from NSA servers in 2016 and then leaked online from August 2016 to April 2017. Many suspect the NSA might have notified Microsoft of what the Shadow Brokers stole, because in March 2017, a month before EternalBlue was released, Microsoft released MS17-010, a security bulletin containing patches for the many SMB-targeting exploits included in the Shadow Broker leak.

Even if EternalBlue is not being used anymore to help ransomware become a virulent nightmare on a global level (only on a network level), most regular users don't know that it's still one of today's biggest threats. This threat doesn't only come from malware authors continuing to weaponize it for a diverse set of operations. Malware authors wouldn't ever bother with an inefficient exploit. ExploitBlue continues to be a threat because of the vulnerable machines still available online. According to Nate Warfield of the Microsoft Security Response Center, there are still plenty of vulnerable Windows systems exposing their SMB service available online.

Microsoft

Microsoft Works To Port Ubuntu To Windows ARM (neowin.net) 107

Billly Gates shares a report: It was this time last year that Microsoft announced that it was bringing Ubuntu to the Windows Store (now the Microsoft Store), along with other Linux distributions. If you check out the app in the Store now though, you'll find that it only works on x64 devices, meaning that you can't run it on any of the new Windows 10 on ARM PCs. That's all about to change though. In a session at Microsoft's Build 2018 developer conference today called Windows 10 on ARM for Developers, the company showed off Ubuntu running on an ARM PC, with the app coming from the Microsoft Store. It will finally support ARM64 PCs, although x86 devices are still out of luck.
IOS

North Korean Hackers Are Now Developing iPhone Spy Tools (forbes.com) 27

An anonymous reader shares a report: Probing the bowels of what he believed to be North Korean hacking architecture, American cybersecurity researcher Darien Huss found an outlier: iPhone software. It appeared at first glance to be a fairly mundane program, a mobile device management (MDM) tool. Such apps are typically used for businesses to remotely monitor and control employees' phones. But, according to Huss, it's most likely one of, if not the only, example of North Korean spyware for Apple's smartphone.

It's unlikely the MDM app was anything other than malicious, said Huss, an employee of cybersecurity company Proofpoint. Tellingly, it was located on a server believed to contain other hacking tools, in particular those for Microsoft Windows, that he'd linked to one of the bigger North Korean hacking groups, the researcher explained to Forbes. If the iPhone tool is indeed a piece of spyware, Huss hasn't seen it used yet. He believes it's currently in development by that North Korean-linked hacker crew, though Proofpoint declined to provide additional details on his research.

AI

Siri, Alexa, and Google Assistant Can Be Controlled By Inaudible Commands (venturebeat.com) 100

Apple's Siri, Amazon's Alexa, and Google's Assistant were meant to be controlled by live human voices, but all three AI assistants are susceptible to hidden commands undetectable to the human ear, researchers in China and the United States have discovered. From a report: The New York Times reports today that the assistants can be controlled using subsonic commands hidden in radio music, YouTube videos, or even white noise played over speakers, a potentially huge security risk for users. According to the report, the assistants can be made to dial phone numbers, launch websites, make purchases, and access smart home accessories -- such as door locks -- at the same time as human listeners are perceiving anything from completely different spoken text to recordings of music.

In some cases, assistants can be instructed to take pictures or send text messages, receiving commands from up to 25 feet away through a building's open windows. Researchers at Berkeley said that they can modestly alter audio files "to cancel out the sound that the speech recognition system was supposed to hear and replace it with a sound that would be transcribed differently by machines while being nearly undetectable to the human ear."

Firefox

Firefox Moves Browsers Into Post-Password Future With WebAuthn Tech (cnet.com) 132

Today, Mozilla released Firefox 60 for Windows, Mac, Linux and Android, and with it arrives Web Authentication API for desktop browsers. From a report: Firefox 60 supports technology called Web Authentication, or WebAuthn for short, that can be used to grant you access to websites with a physical authentication device like a YubiKey dongle, biometric identity proof using an Android phone's fingerprint reader or the iPhone's Face ID, and some other alternatives to passwords.

Passwords are a particular problem on the web. Fake websites can coax you to type in credentials that then can be used to steal money from your bank account or snoop your email -- a problem called phishing. Even if you pick hard-to-guess passwords, never reuse them on multiple sites and always remember them, passwords still aren't that strong a foundation for security these days. We're still a long way away from a post-password future, but WebAuthn is an important step, if nothing else, in making sites more secure.

Unix

Windows Notepad Finally Supports Unix, Mac OS Line Endings (theregister.co.uk) 291

Microsoft's text editing app, Notepad, which has been shipping with Windows since version 1.0 in 1985, now supports line endings in text files created on Linux, Unix, Mac OS, and macOS devices. "This has been a major annoyance for developers, IT Pros, administrators, and end users throughout the community," Microsoft said in a blog post today. The Register reports: Notepad previously recognized only the Windows End of Line (EOL) characters, specifically Carriage Return (CR, \r, 0x0d) and Line Feed (LF, \n, 0x0a) together. For old-school Mac OS, the EOL character is just Carriage Return (CR, \r, 0x0d) and for Linux/Unix it's just Line Feed (LF, \n, 0x0a). Modern macOS, since Mac OS X, follows the Unix convention. Opening a file written on macOS, Mac OS, Linux, or Unix-flavored computers in Windows Notepad therefore looked like a long wall of text with no separation between paragraphs and lines. Relief arrives in the current Windows 10 Insider Build.

Notepad will continue to output CRLF as its EOL character by default. It's not changing its stripes entirely. But it will retain the formatting of the files it opens so users will be able to view, edit and print text files with non-Windows line ends. Microsoft has thoughtfully provided an out for Windows users counting on the app's past inflexibility: the new behavior can be undone with a registry key change.

Chrome

You Can Now Run Linux Apps On Chrome OS (venturebeat.com) 106

Google today announced Chrome OS is getting Linux support. "As a result, Chromebooks will soon be able to run Linux apps and execute Linux commands," reports VentureBeat. "A preview of Linux on the Pixelbook will be released first, with support for more devices coming soon." From the report: "Just go to wherever you normally get those apps, whether it's on the websites or through apt-get in the Linux terminal, and seamless get those apps like any other Linux distribution," Chrome OS director of product management Kan Liu told VentureBeat.

Support for Linux apps means developers will finally be able to use a Google device to develop for Google's platforms, rather than having to depend on Windows, Mac, or Linux machines. And because Chrome OS doesn't just run Chrome OS-specific apps anymore, developers will be able to create, test, and run any Android or web app for phones, tablets, and laptops all on their Chromebooks. Without having to switch devices, you can run your favorite IDE -- as long as there is a Debian Linux version (for the curious, Google is specifically using Debian Stretch here -- code in your favorite language and launch projects to Google Cloud with the command line.

Windows

Microsoft's New Mobile Strategy: Create Windows-like App 'Experiences' For Smartphones (pcworld.com) 74

Microsoft is investing in Windows experiences on mobile devices, with a new app called Your Phone; a migration of Windows 10's Timeline productivity feature to phones; and an update to its launcher app for enterprises. The app, available on Android and iOS, is designed to provide a mirror of a phone straight to a desktop PC, and it will let Windows 10 users access texts, photos, and notifications from their machines. Features will vary depending on iOS and Android. From a report: While Microsoft is also expected to discuss some of the features of its next Windows 10 update (code-named "Redstone 5") at Build, the company indicated that it will be emphasizing cross-platform apps instead. Microsoft will discuss some of these in a Tuesday presentation by Joe Belfiore, who leads Windows "experiences" as the corporate vice president in the Operating Systems Group at Microsoft.

The idea, Belfiore said in a briefing in advance of the show, was that Microsoft needs to know what users are working on, across any device. "Whether you look at a Word doc on Android, iOS, or Windows, is irrelevant," Belfiore said. Belfiore was talking about Timeline, the feature that tracks your work in the Office apps or Edge, recording your activity in what Microsoft calls the Microsoft Graph. But Belfiore could have been talking about any hardware platform. Microsoft sounds like it wants to elevate Microsoft mobile applications to the level of importance of a PC -- making the actual hardware, and operating system, irrelevant.

Windows

Microsoft Says 700M Devices Now Run Windows 10 (techcrunch.com) 120

Over 700 million devices run Windows 10, Microsoft announced on Monday at its Build developer conference. From a report: Almost exactly a year ago, that number stood at 500 million. In addition, the company also today noted that Office 365 now has 135 million monthly active commercial users, up from 120 million last October. Back in 2015, when Windows 10 launched, Microsoft's original goal was to hit a billion devices by 2018. It quickly became clear that this was a bit too optimistic. While Windows 10 usage clearly continues to grow at a decent speed, we're not likely to see it hit a billion users soon. In a wide-ranging interview with news outlet The Verge, Microsoft chief executive Satya Nadella discusses the future of Microsoft. (He gave an interview to CNBC as well.) Onstage at Build, Nadella said "privacy is a human right."
Bug

Microsoft's 'Meltdown' Patch For Windows 10 Contains a Fatal Flaw (bleepingcomputer.com) 106

An anonymous reader quotes BleepingComputer: Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike. Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.

"Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation," Ionescu wrote. Ionescu pointed out that older versions of Windows 10 are still running with outdated and bypass-able Meltdown patches.

Wednesday Microsoft issued a security update, but it wasn't to backport the "fixed" Meltdown patches for older Windows 10 versions. Instead, the emergency update fixed a vulnerability in the Windows Host Compute Service Shim (hcsshim) library (CVE-2018-8115) that allows an attacker to remotely execute code on vulnerable systems.

Microsoft

Windows 10 Is Finally Getting An Improved Screenshot Tool (theverge.com) 143

Today, Microsoft released Windows 10 Insider Preview Build 17661 to insiders, which includes a new screenshot experience for the upcoming major update. The Verge reports: Screen Sketch, previously bundled with the Windows Ink feature of Windows 10, is now being made into a separate app that can take screenshots and provide options to annotate them. Microsoft has experimented with a variety of screen snipping tools over the years, but a new winkey + shift + S keyboard shortcut will now bring up an area select tool to snip a screenshot and share it instantly from the clipboard. The app will also trigger a notification so you can annotate the screenshot and share it. You can also replace the print screen button on a keyboard with this feature, making the button a lot more useful than today's winkey + printscreen combo.
Windows

Ask Slashdot: Any Idiosyncrasies of the New Windows 10 April 2018 Update? 149

shanen wants to know if anyone else has noticed any idiosyncrasies of the new Windows 10 April 2018 update, which was released on April 30th (global rollout on May 8): Only two machines so far [are running the new version of Windows 10], but I already noticed a few peculiarities. Do you have any to share? Here are mine so far:

1. Microsoft prefers tightly linking the machine to a Microsoft account, for example via Outlook.com. If you have a machine that is not linked that way, the antivirus software will now attempt to force a link to a Microsoft account. And what is that new PIN supposed to be about?
2. Accessing a gateway on the wrong private network can produce a hard freeze, forcing a hard reset from the power down state. Possibly a serious security vulnerability to the point where I'm not sure I should share the details in public.

Anything you've noticed about the new Windows 10? (Now I have to get back to dealing with the new OS X update and the latest Ubuntu...)
Some of the new features include the ability to resume past activities in timeline, a file sharing feature with nearby devices, a rebuilt Game Bar with a new Fluent design UI, and a diagnostic data viewing tool in the Security and Privacy section. If you want to get the update before the global rollout, you can do so via Check for Updates under Windows Update.

Slashdot Top Deals