Mike Bouma (Slashdot reader #85,252) writes: A-EON Technology Ltd has released Enhancer Software Release 2.1 for AmigaOS4.1 FE update 2, which itself was released on 23 December 2020. It's an OS enhancement package with large amounts of updated and upgraded OS components.

Also earlier this year Hyperion released AmigaOS 3.2 for all classic Amigas. Here's a roundup of new features by The Guru Meditation on YouTube.

An anonymous reader quotes a report from Ars Technica: Oculus may have officially discontinued its low-end Oculus Go headset last year, but the company has one more "official" update to help future-proof the hardware. On Thursday, Oculus released an unlocked build of the Oculus Go operating system, allowing for "full root access" on more than 2 million existing units. Oculus "Consulting CTO" (and former id Software co-founder) John Carmack announced his plans for this update last month, saying it was something he had "been pushing on for years." In part, the unlocking is an attempt to guarantee that Go hardware will continue to be fully functional well into the future, allowing for "a randomly discovered shrink wrapped headset twenty years from now [to] be able to update to the final software version, long after over-the-air update servers have been shut down," Carmack wrote.

Before that, though, the update will allow tinkerers to "repurpose the hardware for more things today," as Carmack puts it. Go hardware running the unlocked OS will no longer check for a Facebook signature at the kernel level, meaning developers can create new versions of low-level system software for the entire Android-based OS. That could allow for custom versions of low-level features like the app launcher and the removal of otherwise locked system apps. The update also allows for easy sideloading of apps outside of Go's store interface, though this was already possible on older OS versions.

Today, Google has officially launched Android 12 for select Pixel devices. The Verge reports: It's available to install right now on Pixel 3 and up, including the Pixel 3A, Pixel 4, Pixel 4A, Pixel 4A 5G, the Pixel 5, and the Pixel 5A. It'll launch on the Pixel 6 and Pixel 6 Pro, as well. Android 12 will be coming later this year to Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices.

The most noticeable feature in Android 12 is the new Material You design, which lets you go a little deeper to tweak the look of the homescreen to your liking. It's more expressive than previous versions of Android, with tools to let you coordinate colors that can extend across app icons, pull-down menus, widgets, and more. Speaking of widgets, many of those have been updated to match the new look, and Google shared today that by the end of October, it plans to have over a dozen new or refreshed widgets available for its first-party apps. Google has published a blog post detailing more features available in this release, including the "Pixel-first" features like Material You.

Along with new MacBook Pro models, Apple announced during its Mac event today that macOS Monterey will be available on Monday, Oct. 25. Gizmodo reports: As with macOS Big Sur before it, Monterey represents a renewed effort by Apple to streamline its operating systems, with new Focus profiles for limiting notifications and helping you be more productive just like in iOS 15 and iPadOS 15. Shortcuts, Apple's automation app, is now available on desktop for the first time. Monterey also represents the first time users will be able to AirPlay content from a Mac, a function that iPhone users have long enjoyed. If you've already downloaded iOS 15, updating to Monterey just makes sense -- these devices are so much more functional when they work seamlessly with each other.

But perhaps the most anticipated feature Monterey is supposed to bring us is Universal Control, which allows you to use a single mouse/trackpad and keyboard to control multiple Macs and iPads simultaneously. While the new feature wasn't initially included in the public beta rollout of Monterey, that omission has only allowed the hype to grow. It's unclear when Universal Control will come to macOS, only that it won't be available to use at launch. FaceTime's new SharePlay feature, which is also expected to arrive in iOS 15, will also not be ready to try at launch. That feature will allow you to share music or watch shows with folks over FaceTime. The devices that support macOS Monterey include: iMac (late 2015 and newer), iMac Pro (2017 and newer), Mac Pro (late 2013 and newer), Mac Mini (late 2014 and newer), MacBook Pro (early 2015 and newer), MacBook Air (early 2015 and newer), and MacBook (early 2016 and newer).

Further reading: macOS Monterey Release Candidate Undoes Safari Changes, Reintroduces Old Tab Design

Andrew Cunningham writes via Ars Technica: It has been well over a decade since PowerPC Macs roamed the earth -- so long that the Intel Macs that replaced them are themselves being replaced by something else. But to this day, there's a small community of people still developing software for PowerPC Macs and Mac OS 9. One of those projects was TenFourFox, a fork of the Firefox browser for G3, G4, and G5-based PowerPC Macs running Mac OS X 10.4 or 10.5. Maintained primarily by Cameron Kaiser, the TenFourFox project sprang up in late 2010 after Mozilla pulled PowerPC support from Firefox 4 during its development. And amazingly, the browser has continued to trundle on ever since.

But continuing to backport Firefox features to aging, stuck-in-time PowerPC processors only got more difficult as time went on. And in March of this year, Kaiser announced that TenFourFox updates would be ending after over a decade of development. The final planned release of TenFourFox was earlier this month. Kaiser's full post is long, but it's worth a read for vintage-computer enthusiasts or anyone who works on software -- Kaiser expresses frustration with the realities of developing and supporting a niche app, but he also highlights TenFourFox's impressive technical achievements and ruminates on the nature of the modern Internet and open source software development [...].

Kaiser doesn't intend to fully halt work on the browser, but he is downshifting it into what he calls "hobby mode." He will continue to backport security patches from newer ESR releases of Firefox and post them to the TenFourFox Github page, but anyone who wants to use these will need to build the app themselves. Kaiser also won't commit to providing support for these additions or providing them on any kind of schedule. Other developers are also welcome to continue to release TenFourFox builds on their own.

ArchieBunker writes: Everyone's favorite security-focused operating system, OpenBSD, released version 7.0 today. In addition to the usual bug fixes and performance enhancements, support for RISC-V processors has been added. The changelog and mirrors can be found at their respective links.

AMD warned last week that its chips are experiencing performance issues in Windows 11, and now Microsoft's first update to its new OS has reportedly made the problems worse. From a report: TechPowerUp reports that it's seeing much higher latency, which means worse performance, after the Windows 11 update went live yesterday. AMD and Microsoft found two issues with Windows 11 on Ryzen processors. Windows 11 can cause L3 cache latency to triple, slowing performance by up to 15 percent in certain games. The second issue affects AMD's preferred core technology, that shifts threads over to the fastest core on a processor. AMD says this second bug could impact performance on CPU-reliant tasks. TechPowerUp measured the L3 cache latency on its Ryzen 7 2700X at around 10ns, and Windows 11 increased this to 17ns. "This was made much worse with the October 12 'Patch Tuesday' update, driving up the latency to 31.9ns," says TechPowerUp. That's a huge jump, and the exact type of issue AMD warned about.

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table.

It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these. In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."

According to new job listings, Google is looking to expand the Fuchsia operating system from its current home on the Nest Hub to âoeadditional smart devices and other form factors." 9to5Google reports: The first listing, for "Staff Software Engineer, Fuchsia Devices," celebrates Fuchsia's recent milestone and points clearly to Google wanting Fuchsia to run on more "real world products" than just smart displays: "In 2021 we shipped Fuchsia to millions of Google smart displays, now it's time to expand to additional smart devices and other form factors. Come join us and work on the next-generation Google operating system! Although the first uses of Fuchsia are smart displays, we are working on expanding to additional form factors and use cases. The Fuchsia Devices team is responsible for making sure we can successfully apply the Fuchsia platform to real world products that make a difference to Google and our users."

So what types of devices should we expect Fuchsia to come to next? Well for one, we may look at the plural phrasing of "first uses of Fuchsia are smart displays," which suggests the Nest Hub Max and Nest Hub (2nd Gen) may be getting their chance to switch to Fuchsia soon. Of course, Google has made it abundantly clear here that smart displays are just the beginning. In another listing, for "Engineering Manager, Fuchsia Devices," the company explains that the Fuchsia Devices team is aiming to "[expand] the reach of Nest/Assistant to new form factors" through "real consumer devices." [From the listing:] "The Fuchsia Devices Smart Products team is part of the larger Fuchsia organization and is responsible for productionizing various types of Fuchsia Devices. Our team delivers real consumer devices to end users and enables you to have a large impact at Google by expanding the reach of Nest/Assistant to new form factors."

This could suggest entirely new device categories for Google's Nest lineup, powered by Fuchsia. In another section, we get some hints at what those proposed devices would be capable of: "Chromecast, Video Conferencing and Machine Learning are core parts of many of the upcoming smart products." It's important to note that "Chromecast" here is probably not referring to the lineup of Chromecast hardware for TVs switching to Fuchsia. Instead, it's more likely referring to how Google's speakers and displays can receive a "Cast" from your phone. This is somewhat clarified in the job listing's responsibilities section, which lists a handful of features that squarely line up with features of the camera-equipped Nest Hub Max, including "Face Match." The Nest Hub Max's store listing also references "Chromecast built-in" as a feature: "Plan, scope, and execute of features like Video Casting, Actions on Google, Video Calling, Face Match, and on device ML."

It also looks like Made by Google devices may soon not be the only ones shipping with Fuchsia. According to another listing, Google is looking for someone on Fuchsia's "platform graphics and media" team to, among other things, "influence hardware decisions made by partners." [From the listing:] "As a Staff Software Engineer on the Fuchsia team, you'll drive the technical direction for Graphics and Media and ensure that Fuchsia is bringing maximum value to partners and Fuchsia-based products. You also will influence hardware decisions made by partners to improve Fuchsia and Google's ability to deliver efficient software solutions for critical Graphics and Media workloads." Fuchsia debuted on the first-generation Nest Hub earlier this year.

It's been 10 years since the death of Steve Jobs. Michael Dell talks about his memories of the tech icon, including when Jobs tried to convince Dell to license Mac software to run on Intel-based PCs. CNET reports: Fast forward to 1993. Jobs, ousted from Apple after a fallout with the company's board in 1985, had started a new company, called Next, and created a beautiful (but expensive) workstation, with its own operating system, as well as software called WebObjects for building web-based applications. Dell says Jobs came to his house in Texas several times that year, trying to convince him to use the Next operating system on Dell PCs, by arguing that it was better than Microsoft's Windows software and could undermine the Unix workstation market being touted by Sun Microsystems. The problem, Dell says he told Jobs, was that there were no applications for it and zero customer interest. Still, Dell's company worked a little bit with Next and used WebObjects to build its first online store in the mid-'90s.

In 1997, Jobs rejoined a struggling Apple after it acquired Next for $429 million, and he pitched Dell on another business proposal (as Jobs was evaluating Apple's Mac clone licensing project, which he ultimately shut down). Jobs and his team had ported the Mac software, based on Next's Mach operating system, and had it running on the Intel x86 chips that powered Dell PCs. Jobs offered to license the Mac OS to Dell, telling him he could give PC buyers a choice of Apple's software or Microsoft's Windows OS installed on their machine. "He said, look at this -- we've got this Dell desktop and it's running Mac OS," Dell tells me. "Why don't you license the Mac OS?" Dell thought it was a great idea and told Jobs he'd pay a licensing fee for every PC sold with the Mac OS. But Jobs had a counteroffer: He was worried that licensing scheme might undermine Apple's own Mac computer sales because Dell computers were less costly. Instead, Dell says, Jobs suggested he just load the Mac OS alongside Windows on every Dell PC and let customers decide which software to use -- and then pay Apple for every Dell PC sold.

Dell smiles when he tells the story. "The royalty he was talking about would amount to hundreds of millions of dollars, and the math just didn't work, because most of our customers, especially larger business customers, didn't really want the Mac operating system," he writes. "Steve's proposal would have been interesting if it was just us saying, "OK, we'll pay you every time we use the Mac OS" -- but to pay him for every time we didn't use it ... well, nice try, Steve!" Another problem: Jobs wouldn't guarantee access to the Mac OS three, four or five years later "even on the same bad terms." That could leave customers who were using Mac OS out of luck as the software evolved, leaving Dell Inc. no way to ensure it could support those users. Still, Dell acknowledges the deal was a what-could-have-been moment in history. [...] That different direction led to Jobs continuing to evolve the Next-inspired Mac OS and retooling the Mac product line, including adding the candy-colored iMac in mid-1998.

Japan's Fair Trade Commission will investigate whether Apple and Google are leveraging their dominance in the smartphone operating system market to eliminate competition and severely limit options for consumers. From a report: The study will involve interviews and surveys with OS operators, app developers and smartphone users, commission Secretary-General Shuichi Sugahisa told reporters Wednesday. The initiative will explore market conditions not only for smartphones, but for smartwatches and other wearables. The antitrust watchdog will compile a report outlining OS market structure and the reason why competition has remained static. The commission will work with the central government's Digital Market Competition Council, which is moving forward with its own market probe. Practices found to be anticompetitive will be itemized in the report, along with possible violations of Japan's law against monopolies. In February, the government implemented the Act on Improving Transparency and Fairness of Digital Platforms. If officials decide that the law applies to the OS market, OS operators will be told to submit regular reports on transactions to the Ministry of Economy, Trade and Industry. In Japan, Apple's iOS commands a nearly 70% share among smartphone operating systems while Android's share stands at 30%. Any developer of apps -- whether they specialize in music, streaming videos, e-books or mobile games -- need to match the software with specifications of the operating systems if they want to appear on smartphones.

An anonymous reader quotes a report from The Verge: Valve has posted an official teardown of its upcoming handheld gaming PC, the Steam Deck. Before diving into the teardown, though, the company spends about a minute to strongly caution against taking one apart unless you're sure you know what you're doing. "Even though it's your PC -- or it will be once you've received your Steam Deck -- and you have every right to open it up and do what you want, we at Valve really don't recommend that you ever open it up," a Valve representative said in the video. "The Steam Deck is a very tightly designed system, and the parts are chosen carefully for this product with its specific construction, so they aren't really designed to be user-swappable." Despite its warnings, however, the company likely understands that people are going to take the Steam Deck apart anyway, so this video could be a handy resource for people who are considering doing so.

In the video, Valve shows how to swap out two parts of the system. First, Valve shows how to replace the thumbsticks. The company cautions that they are completely custom, but says that it will offer a source for "replacement parts, thumbsticks, SSDs, and possibly more" in the coming months. After that, Valve shows how to swap out the SSD, which could be helpful for people who may have reserved the cheapest version of the device with an eMMC hard drive with the intention of upgrading it themselves. Be aware that all versions of the Steam Deck use an m.2 connector, including the version with the eMMC drive, so if you plan to make a swap, you're going to have to reinstall the OS and bring over any games you might have had loaded on your other drive.

Microsoft has published a new support webpage where they provide an official method to bypass the TPM 2.0 and CPU checks (TPM 1.2 is still required) and have Windows 11 installed on unsupported systems. Bleeping Computer reports: [I]t looks like Microsoft couldn't ignore the fact that bypassing TPM checks is fairly simple, so to avoid having people breaking their systems by using non-standardized third-party scripts, they decided to just give users an official way to do it. Installing Windows 11 on unsupported hardware comes with some pitfalls that users must be aware of, and in some cases, agree to before the operating system will install. "Your device might malfunction due to these compatibility or other issues. Devices that do not meet these system requirement will no longer be guaranteed to receive updates, including but not limited to security updates," Microsoft explains in a new support bulletin. [Y]ou will still require a TPM 1.2 security processor, which many will not likely have. If you are missing a TPM 1.2 processor, you can bypass all TPM checks by using this script that deletes appraiser.dll during setup. To use the new AllowUpgradesWithUnsupportedTPMOrCPU bypass to install Windows 11 on devices, Microsoft instructs you to perform the following steps:

1. Please read all of these instructions before continuing. 2. Visit the Windows 11 software download page, select "Create tool now," and follow the installation instructions to create a bootable media or download an ISO. 3. On Windows, click 'Start', type 'Registry Editor' and click on the icon to launch the tool. 4. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup Registry key and create a new "REG_DWORD" value named "AllowUpgradesWithUnsupportedTPMOrCPU" and set it to "1". Alternatively, you can download a premade Registry file that you can double-click on and merge it to create the above value for you. 5. Reboot your system

Having done all that, you may now upgrade to Windows 11 by double-clicking on the downloaded ISO file and running Setup.exe or by using the bootable Windows 11 media you created in Step 1. Microsoft states that standard installation options such as 'Full Upgrade', 'Keep Data Only', and 'Clean Install', will all be available as usual.

AMD said Windows 11 can cut game performance on Ryzen CPUs by 10 to 15 percent, and the operating system may not utilize AMD's "preferred core" technology, but a fix is in the works. PCWorld reports: A support note on AMD's web site published this week said Windows 11 may increase L3 cache latency a whopping threefold, which can cause slowdowns in latency sensitive applications. Lighter duty, cache-sensitive games might see a 3 percent to 5 percent hit, and lighter-duty games as e-sports titles could see frame rates drop from 10 to 15 percent. AMD also said its "preferred core" feature, which tells the operating system which core in each CPU can hit the highest clock, also doesn't work right in Windows 11. Each CPU is tested to see which core will run the fastest at the factory and is marked so the OS will dispatch tasks to that "preferred core." Since Windows 11 doesn't seem to work with it right now, any performance bump from using the best core wouldn't happen. The company said the performance cost would be most noticeable in CPUs with more than 8 cores and with TDP ratings above 65 watts.

In a significant departure from previous years, Google today rolled out Android 12 to AOSP but did not launch any devices, including Pixel phones. "Today we're pushing the source to the Android Open Source Project (AOSP) and officially releasing the latest version of Android," [said Dave Burke, VP of Engineering, in a blog post. "Keep an eye out for Android 12 coming to a device near you starting with Pixel in the next few weeks and Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices later this year." 9to5Google reports: Traditionally, the AOSP launch of the next version of Android coincides with day one availability for Google phones. That is not the case this year, with Google only revealing that Pixel phones can expect an update in the "next few weeks." Google says over 225,000 people tested Android 12 over the course of the developer previews and betas. [...] Google officially highlights four Android 12 tentpoles for developers as part of today's AOSP availability. This starts with a "new UI for Android" that incorporates Material You (referred to today as "Material Design 3"), redesigned widgets, Notification UI updates, and App launch splash screens.

In terms of "Performance," Google says it has "reduced the CPU time used by core system services by 22% and the use of big cores by 15%." We've also improved app startup times and optimized I/O for faster app loading, and for database queries we've improved CursorWindow by as much as 49x for large windows. "More responsive notifications" are achieved by restricting notification trampolines, with Google Photos launching 34% faster after this change. Other changes include Optimized foreground services, Performance classes for devices, and Faster machine learning. "Privacy" is led by the new Settings Dashboard, the ability to only grant apps Approximate location, and a new Nearby devices permission for setting up wearables and other smart home accessories without granting location access. There are also the microphone and camera indicators/toggles. Developers can take advantage of "Better user experience tools" like new APIs to better support rounded screen corners, rich content insertion, AVIF images, enhanced haptics, and new camera/sensor effects. There's also Compatible media transcoding, better debugging, and an Android 12 for Games push.

Windows 11 is now officially available to download. While Microsoft is launching Windows 11-powered hardware worldwide on October 5th, the company has made the OS update available early for eligible devices in New Zealand and beyond. From a report: If you've purchased a Windows 10 machine recently, that means you should be able to upgrade to Windows 11 right now. For everyone else, the rollout of Windows 11 will be gradual. Microsoft says existing Windows 10 devices that are eligible for the Windows 11 upgrade will start to be able to upgrade today, but it will be mostly new hardware that will receive the upgrade immediately. Microsoft says, "We expect all eligible Windows 10 devices to be offered the upgrade to Windows 11 by mid-2022."

Oracle's Java magazine takes a look at some current JDK Enhancement Proposals, "the vehicle of long standing for updating the Java language and the JVM." Today, concurrency in Java is delivered via nonlightweight threads, which are, for all intents, wrappers around operating-system threads... Project Loom aims to deliver a lighter version of threads, called virtual threads. In the planned implementation, a virtual thread is programmed just as a thread normally would be, but you specify at thread creation that it's virtual. A virtual thread is multiplexed with other virtual threads by the JVM onto operating system threads. This is similar in concept to Java's green threads in its early releases and to fibers in other languages... Because the JVM has knowledge of what your task is doing, it can optimize the scheduling. It will move your virtual thread (that is, the task) off the OS thread when it's idle or waiting and intelligently move some other virtual thread onto the OS thread. When implemented correctly, this allows many lightweight threads to share a single OS thread. The benefit is that the JVM, rather than the OS, schedules your task. This difference enables application-aware magic to occur behind the curtains...

Project Valhalla aims to improve performance as it relates to access to data items... by introducing value types, which are a new form of data type that is programmed like objects but accessed like primitives. Specifically, value types are data aggregates that contain only data (no state) and are not mutable. By this means, [value types] can be stored as a single array with only a single header field for the entire array and direct access to the individual fields...

Project Panama simplifies the process of connecting Java programs to non-Java components. In particular, Panama aims to enable straightforward communication between Java applications and C-based libraries...

Several Amber subprojects are still in progress.

Sealed classes, which have been previewed in the last few Java releases and are scheduled to be finalized in Java 17. Sealed classes (and interfaces) can limit which other classes or interfaces can extend or implement them...

Pattern matching in switches is a feature that will be previewed in Java 17...
The article concludes that Java's past and current projects "testify to how much Java has evolved and how actively the language and runtime continue to evolve."

Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis. The Record reports: Discovered by mobile security firm Zimperium, the new GriftHorse malware has been distributed via benign-looking apps uploaded on the official Google Play Store and on third-party Android app stores. If users install any of these malicious apps, GriftHorse starts peppering users with popups and notifications that offer various prizes and special offers. Users who tap on these notifications are redirected to an online page where they are asked to confirm their phone number in order to access the offer. But, in reality, users are subscribing themselves to premium SMS services that charge over $35 per month, money that are later redirected into the GriftHorse operators' pockets.

Zimperium researchers Aazim Yaswant & Nipun Gupta, who have been tracking the GriftHorse malware for months, described it as "one of the most widespread campaigns the zLabs threat research team has witnessed in 2021." Based on what they've seen until now, the researchers estimated that the GriftHorse gang is currently making between $1.5 million to $4 million per month from their scheme.

Thomas Claburn writes via The Register: Microsoft Exchange clients like Outlook have been supplying unprotected user credentials if you ask in a particular way since at least 2016. Though aware of this, Microsoft's advice continues to be that customers should communicate only with servers they trust. On August 10, 2016, Marco van Beek, managing director at UK-based IT consultancy Supporting Role, emailed the Microsoft Security Response Center to disclose an Autodiscover exploit that worked with multiple email clients, including Microsoft Outlook. "Basically, I have discovered that it is extremely easy to get access to Exchange (and therefore Active Directory) user passwords in plain text," he wrote. "It doesn't necessarily require any breach of corporate security, and at its most secure, is only as secure as file level access to the corporate website." His proof-of-concept exploit code, which affected Outlook (both Mac and PC), default email apps for Android and iOS, Apple Mail for Mac OS X, and others, consisted of 11 lines of PHP, though he insisted the exploit probably could have been reduced to three lines.

Microsoft acknowledged on August 11, 2016, that it had reproduced the issue in van Beek's report. Then on August 30, 2016, the Windows titan responded to van Beek by saying the report doesn't describe a genuine vulnerability: "Our security engineers and product team have reviewed this report and determined that it is not a security issue to be serviced as part of our monthly Patch Tuesday process. 'Never accept an SSL certificate without a matching host name' is already recommended for clients in the doc cited by your report: [link]. Before you send a request to a candidate, make sure it is trustworthy. Remember that you're sending the user's credentials, so it's important to make sure that you're only sharing them with a server you can trust. At a minimum, you should verify: That the endpoint is an HTTPS endpoint. Client applications should not authenticate or send data to a non-SSL endpoint. That the SSL certificate presented by the server is valid and from a trusted authority."

"This response casually forgets to consider that a hacked web server still retains a perfectly valid certificate -- it just happens to use that trusted tunnel to serve up problems," said van Beek. "Also, I have only found one Exchange client so far which actually checks the hostname against the certificate, which is Microsoft's own test tool." Van Beek said he thought it was incredible that Microsoft confirmed the behavior he reported within hours but does not consider it to be a problem. He suggested three mitigations: changing the order of operations so that DNS gets checked first; never accepting an SSL certificate without a matching host name; and reviewing why and when clients respond to authentication requests. When asked if the company plans to take any steps to address credential exposure and whether it believes its guidance adequately addresses the problem, a Microsoft spokesperson said: "We are continuing to investigate the specific scenario shared by the researcher."

"2021 Is the Year of Linux on the Desktop," writes PC Magazine. "No, really..." Walk into any school now, and you'll see millions of Linux machines. They're called Chromebooks. For a free project launched 30 years ago today by one man in his spare time, it's an amazing feat.... Linux found its real niche — not as a political statement about "free software," but as a practical way to enable capable, low-cost machines for millions...

Chrome OS and Android are both based on the Linux kernel. They don't have the extra GNU software that distributions like Ubuntu have, but they're descended from Linus Torvalds' original work. Chromebooks are the fastest growing segment of the traditional PC market, according to Canalys. IDC points out that Canalys' estimates of 12 million Chromebooks shipped in Q1 2021 are only a fraction of the 63 million notebooks sold that quarter, but once again, they're where the growth is. Much of that is driven by schools, where Chromebooks dominate now. Schoolkids don't generally need a million apps' worth of generic computing power. They need inexpensive, rugged ways to log into Google Classroom. Linux came to the rescue, enabling cheap, light, easy-to-manage PCs that don't have the Swiss Army Knife cruft of Windows or the premium price of Macs...

One great thing about open-source hacker projects is that they can be taken in unexpected directions. Linux isn't controlled, so it can adapt, Darwinian-style. It was a little scurrying mammal in the time of the dinosaurs, and then the mobile-computing asteroid hit. Linux could evolve. Windows couldn't. When you're building something that fits in your hand and has to sip battery, you can't just keep throwing processors and storage at it. Microsoft had a tough time adapting its monstrous megakernel OS to the new, tiny world. But *nix platforms thrive there: Android (based on Linux) and iOS.
"Android and Chrome water down the Linux philosophy," the article argues, "but they are Linux..."

Does this make any long-time geeks feel vindicated? In the original submission wiredog (Slashdot reader #43,288) looks back to 1995, remembering that "my first Linux was RedHat 2.0 in the beige box, running the 0.95(?) kernel and the F Virtual Window Manager...

"It came with 2 books, a CD, and a boot floppy disk."