Software

One Startup's Quest to Take on Chrome and Reinvent the Web Browser (protocol.com) 101

"The web browser is a crucial part of modern life, and yet it hasn't really been revised since the '90s," writes Protocol. "That may be about to change." The browser tab is an underrated thing. Most people think of them only when there are too many, when their computer once again buckles under Chrome's weight. Even the developers who build the tabs — the engineers and designers working on Chrome, Firefox, Brave and the rest — haven't done much to them. The internet has evolved in massive, earth-shaking ways over the last two decades, but tabs haven't really changed since they became a browser feature in the mid '90s.

Josh Miller, however, has big plans for browser tabs. Miller is the CEO of a new startup called The Browser Company, and he wants to change the way people think about browsers altogether. He sees browsers as operating systems, and likes to wonder aloud what "iOS for the web" might look like. What if your browser could build you a personalized news feed because it knows the sites you go to? What if every web app felt like a native app, and the browser itself was just the app launcher? What if you could drag a file from one tab to another, and it just worked? What if the web browser was a shareable, synced, multiplayer experience? It would be nothing like the simple, passive windows to the web that browsers are now. Which is exactly the goal.

The Browser Company (which everyone on the team just calls Browser) is one of a number of startups that are rethinking every part of the browser stack. Mighty has built a version of Chrome that runs on powerful server hardware and streams the browser itself over the web. Brave is building support for decentralized protocols like IPFS, and experimenting with using cryptocurrencies as a new business model for publishers. Synth is building a new bookmarks system that acts more like a web-wide inbox. Sidekick offers a vertical app launcher and makes tabs easier to organize. "A change is coming," said Mozilla CEO Mitchell Baker. "The question is just the time frame, and what's actually required to make it happen."

They have lots of different ideas, but they share a belief that the browser can, and should, be more than it is. "We don't need a new web browser," Miller said. "We need a new successor to the web browser."

While he was at the White House, Chief Digital Officer (and Miller's boss) Jason Goldman said something Miller couldn't forget. "Platforms have all the leverage," is how Miller remembers it. "And if you care about the future of the internet, or the way we use our computers, or want to improve any of the things that are broken about technology ... you can't really just build an application. Platforms, whether it's iOS or Windows or Android or Mac OS, that's where all the control is."

Security

Asahi Linux Dev Reveals 'M1RACLES' Flaw In Apple M1 (tomshardware.com) 47

AmiMoJo shares a report from Tom's Hardware: Asahi Linux developer Hector Martin has revealed a covert channel vulnerability in the Apple M1 chip that he dubbed M1RACLES, and in the process, he's gently criticized the way security flaws have started to be shared with the public. Martin's executive summary for M1RACLES sounds dire: "A flaw in the design of the Apple Silicon 'M1' chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange. [...] The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision."

He also noted that this was the result of an intentional decision on Apple's part. "Basically, Apple decided to break the ARM spec by removing a mandatory feature, because they figured they'd never need to use that feature for macOS," he explained. "And then it turned out that removing that feature made it much harder for existing OSes to mitigate this vulnerability." The company would have to make a change on the silicon level with its followup to the M1 to mitigate this flaw. But he also made it clear in the FAQ that Mac owners shouldn't be particularly worried about M1RACLES because that covert channel affects two bits. It can be expanded, and Martin said that transfer rates over 1 MB/s are possible "without much optimization," but any malicious apps that might take advantage of such methods would be far more likely to share information via other channels. Calling this a two-bit vulnerability would be both technically and linguistically correct. It's a real security flaw, sure, but it's unlikely to pose a real threat to Apple's customers.

Ubuntu

Comcast Subscriber Receives DMCA Notice For Downloading Ubuntu (torrentfreak.com) 130

An anonymous reader quotes a report from TorrentFreak: Every day, people who download and share pirated content receive DMCA notices via their ISPs, warning them to cease and desist their infringing behavior. While the majority of these notices are accurate, one Ubuntu user says he has just been targeted by an anti-piracy company alleging that by torrenting an OS ISO released by Ubuntu itself, he breached copyright law. Posting to Reddit's /r/linux sub-Reddit, a forum with more than 656K subscribers, 'NateNate60' reported the unthinkable. After downloading an official Ubuntu ISO package (filename ubuntu-20.04.2.0-desktop-amd64.iso) he says he received a notice from Comcast's Infinity claiming that he'd been reported for copyright infringement.

"We have received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over your Xfinity Internet service," the posted notice reads. NateNate60 wisely redacted the notice to remove the 'Incident Number' and the precise time of the alleged infringement to protect his privacy but the clam was reported filed with Comcast on May 24, 2021. "The copyright owner has identified the IP address associated with your Xfinity Internet account at the time as the source of the infringing works," it continues, adding that NateNate60 should search all of his devices connected to his network and delete the files mentioned in the complaint.

The allegedly infringing content is the 64-bit Ubuntu 20.04.2.0 LTS release but the first big question is whether the file is actually the official release from Canonical. Given that the listed hash value is 4ba4fbf7231a3a660e86892707d25c135533a16a and that matches the hash of the official release, mislabeled or misidentified content (wrong hash, mislabeled file etc) appears to be ruled out. Indeed, the same hash value is listed on Ubuntu's very own BitTorrent tracker and according to NateNate60, this is where he downloaded the torrent that led to the DMCA notice. It doesn't get much more official than that. According to the DMCA notice sent by Comcast, the complainant wasn't Ubuntu/Canonical but an anti-piracy company called OpSec Security, which according to its imprint is based in Germany. Presuming the notice is genuine (albeit sent in error), Comcast needs to be informed that mistakes have been made. The ISP has a repeat infringer policy and given the current hostile environment, terminating users is certainly on the agenda. Indeed, the notice states just that.

Operating Systems

Google's Mysterious Fuchsia OS Makes its Public Debut (techhive.com) 68

Big under-the-hood changes are coming to Google's original Nest Hub, even if most users won't ever be aware of what's happening. From a report: Starting today, the open-source Fuchsia OS will start rolling out to first-gen Nest Hub displays, according to 9to5Google. In the works since 2016, Fuchsia will land first on Nest Hub devices enrolled in Google's Preview Program, before arriving more widely on non-Preview Program displays. Don't expect the user experience to change much, though. 9to5Google notes that the look and feel of Fuchsia OS-powered Nest Hubs will be "essentially identical" to what it was before.

OK, so what's the big deal about Fuchsia, then? It's a new, open-source OS that's decidedly not based on the Linux kernel, as Android and Chrome OS are. Instead, Fuchsia is based on Magneta, which (as we described it back in 2016) is "combination microkernel and set of user-space services and hardware drivers" with a "physics based renderer" that can power graphical user interfaces. Because it's an open-source project, Fuchsia's existence has been well publicized over the years, although its purpose has been harder to fathom; "out in the open" yet "shrouded in mystery" is how we aptly put it. With its arrival on the original Nest Hub, Fuchsia is taking its first tentative steps out of the lab and into the hands of actual users, even if those users aren't aware of the new OS.

Cellphones

How Samsung 'Ruined' iFixit's Upcycling Program (arstechnica.com) 24

Last week, Kevin Purdy of iFixit published a blog post telling the story of "how Samsung announced a 'revolutionary' upcycling program in 2017, delayed it for years, and eventually gutted it before shipping a pale imitation of the original idea," reports Ars Technica. "iFixit was actually involved in the initial 2017 announcement, and the repair outfit says that after endorsing the original idea with its brand and stamp of approval, Samsung never delivered on its promises." From the report: Despite the 2017 announcement of an upcycling program, the code didn't ship until April 2021, when Samsung finally launched a beta version of "Galaxy Upcycling at Home." This program lets users turn end-of-life Samsung phones into smart home sensors that could be paired with Samsung's SmartThings ecosystem. iFixit was initially given an inside look at the project back in 2017, liking it so much that it endorsed the project and lent its name to the marketing materials. To hear iFixit tell the story, bootloader unlocking was actually the original plan. Samsung was going to let users replace the shipping Android OS with whatever they wanted, like builds of LineageOS or some other custom OS. Samsung was also going to launch an open source marketplace where users could submit ideas and software for repurposing old Galaxy devices. iFixit called the original plan "novel" and "revolutionary."

"We were so excited," iFixit writes, "that when Samsung asked us to help launch the product in the fall of 2017, we jumped at the chance. You'll see iFixit's name and logo all over Samsung's original Galaxy Upcycling materials." iFixit went to Samsung HQ in South Korea to see prototypes of the project, and after testing working software, iFixit CEO Kyle Wiens actually helped announce the project on stage at Samsung's developer conference in 2017. Despite all the pomp and circumstance, iFixit says, "The actual software was never posted. The Samsung team eventually stopped returning our emails. Friends inside the company told us that leadership wasn't excited about a project that didn't have a clear product tie-in or revenue plan."

iFixit calls the version of the program that launched in April "nearly unrecognizable" to what it originally endorsed. What used to be an ambitious plan now barely makes any sense financially. iFixit rightfully points out that if you really want something as simple as a light sensor or sound monitor, at this point you're better off selling the phone and buying a purpose-built sensor. Samsung's on-rails functionality is so simple that it can be replicated by a $30 sensor, and you're sure to get more than that from a working device on the secondary market, especially due to another limitation of the program: it only extends back to the 3-year-old Galaxy S9.

Microsoft

Former Microsoft Developer Would Like To See MS-DOS Open Sourced (youtube.com) 113

For over an hour on Saturday, retired Microsoft OS developer David Plummer answered questions from his viewers on YouTube.

Long-time Slashdot reader destinyland writes: He began with an update on a project to test the performance of the same algorithm using 30 different programming languages, and soon tells the story of how he was inspired to apply for his first job at Microsoft after reading Hard Drive: Bill Gates and the Making of the Microsoft Empire.

I decided that this is where I wanted to work, because these guys sound like me, they act like me, they are what I want to be when I grow up. And holy cow, they pay them well, apparently. So I wrote to everybody that I could find that had a Microsoft email address, which was about four people, because I had a software product people had been regisering on the Amiga. And one guy, Alistair Banks... responded and he hooked me up with a hiring manager directly in Windows that had an open slot that was hiring... And a couple of interview slots later, I wound up as an intern at MS-DOS working for Ben Slivka.

So you would think, "Oh, an intern on MS-DOS. What'd you do? Format disks?" No — it's amazing to me, actually. They give you as much work as they believe that you are capable of, and — they get you for all that you're worth, basically. They had me write a bunch of major features, like the Smart Drive cache for CD-ROMs was the first thing I wrote. Then I wrote DISKCOPY, making it work, single pass, bunch of features in MS-DOS. I re-wrote Setup to work on a single floppy disk by using deltas and patching in place, DOS 5 to turn it into DOS 6, something like, or maybe it was DOS 6 into 6.2... A whole bunch of features, within the span of, like, three months, which to me was fairly impressive at the time, I thought. And that only got me an interview...


Later he says that he'd like to see most of 16-bit Windows and all of MS-DOS open sourced, along with some select application code from that era.

I don't think there's any reason to hold back any of MS-DOS at this point. They have absolutely no reason to open source any of it, really — other than PR, because all it brings them is potential liability, complaints and angst, and probably nothing positive for putting the code out there and exposing it to ridicule. Because it's ancient code at this point. It's like, "Ha! Look what Microsoft did!" Well, yeah, I know Linux is cool now, but go look at Linux code from 1991 — and I worked on some of that code. Well, '93 I did. It's not the same as what you see today.

So yeah, MS-DOS probably looks archaic — although it's super tight, it doesn't have many bugs. It's just written differently than you would write code today, because you're targetting something that is a very different CPU and memory system and PC as a whole, and it's so much more limited that everybody's sacred, every cycle matters. That kind of thing that you don't worry about now. But I'd still like to see all the code from back then that's not embarrassing released.


And when asked what he misses most about being a Microsoft developer, he answers:

I miss going for lunch with the people that I went for lunch with, and talking to the people that I worked with. Because they were a lot like me, they had similar interests, they had similar abilities, they were people like me. We went for lunch, we ate food, it was awesome, and then we talked about cool things. And we did that every day. And now I don't get to do that any more. I get to do it rarely, because I take guys out for lunch and stuff, but it's not the same. So that's really what I miss.

And I miss somebody always feeding me something interesting to do. Because now I have to go out and find something that's interesting to do on my own. And I can't make everything be monetarily remunerative...

Operating Systems

Linux 5.13 Reverts and Fixes Problematic University of Minnesota Patches (phoronix.com) 38

An anonymous reader shares a report: One month ago the University of Minnesota was banned from contributing to the Linux kernel when it was revealed the university researchers were trying to intentionally submit bugs into the kernel via new patches as "hypocrite commits" as part of a questionable research paper. Linux kernel developers have finally finished reviewing all UMN.edu patches to address problematic merges to the kernel and also cleaning up / fixing their questionable patches. Sent in on Thursday by Greg Kroah-Hartman was char/misc fixes for 5.13-rc3. While char/misc fixes at this mid-stage of the kernel cycle tend to not be too exciting, this pull request has the changes for addressing the patches from University of Minnesota researchers. [...] Going by the umn.edu Git activity that puts 37 patches as having been reverted with this pull request. The reverts span from ALSA to the media subsystem, networking, and other areas. That is 37 reverts out of 150+ patches from umn.edu developers over the years.
Microsoft

Microsoft Releases SimuLand, a Lab Environment To Simulate Attacker Tradecraft (therecord.media) 10

Microsoft has open-sourced today a tool that can be used to build lab environments where security teams can simulate attacks and verify the detection effectiveness of Microsoft security products. The Record reports: Named SimuLand, the tool was specifically built to help security/IT teams that use Microsoft products such as Microsoft 365 Defender, Azure Defender, and Azure Sentinel. Currently, SimuLand comes with only one lab environment, specialized in detecting Golden SAML attacks. However, Microsoft said it's working on adding new ones. Community contributions are also welcomed, and the reason the project has been open-sourced on GitHub, with Microsoft hoping to get a helping hand from the tens of thousands of security teams that run its software.

"If you would like to share a new end-to-end attacker path, let us know by opening an issue in our GitHub repository, and we would be happy to collaborate and provide some resources to make it happen," Microsoft said today in a blog post. But Microsoft doesn't want only lab environments specialized in executing well-known techniques or adversary tradecraft. The OS maker is also encouraging the community to contribute improved detection rules for the attacks they're sharing, so everyone can benefit from the shared knowledge.

Open Source

Microsoft Releases SimuLand, a Lab Environment To Simulate Attacker Tradecraft (therecord.media) 9

Microsoft today open-sourced a tool that can be used to build lab environments where security teams can simulate attacks and verify the detection effectiveness of Microsoft security products. From a report: Named SimuLand, the tool was specifically built to help security/IT teams that use Microsoft products such as Microsoft 365 Defender, Azure Defender, and Azure Sentinel. Currently, SimuLand comes with only one lab environment, specialized in detecting Golden SAML attacks.

However, Microsoft said it's working on adding new ones. Community contributions are also welcomed, and the reason the project has been open-sourced on GitHub, with Microsoft hoping to get a helping hand from the tens of thousands of security teams that run its software. "If you would like to share a new end-to-end attacker path, let us know by opening an issue in our GitHub repository, and we would be happy to collaborate and provide some resources to make it happen," Microsoft said today in a blog post. But Microsoft doesn't want only lab environments specialized in executing well-known techniques or adversary tradecraft. The OS maker is also encouraging the community to contribute improved detection rules for the attacks they're sharing, so everyone can benefit from the shared knowledge.

Chrome

Linux on Chromebooks is Finally Coming Out of Beta (androidcentral.com) 32

Linux on Chromebooks is finally coming out of beta with the release of Chrome OS 91, Google said at its developer I/O conference. From a report: The company had offered Linux apps on Chrome OS alongside Android apps, hoping to reach an audience of developers with IDEs and so on. However, the Linux Development Environment, as Google had dubbed it, had been in beta ever since while first launched. The company had added new features at a steady cadence, enabling things like GPU acceleration, better support for USB drives, and so on so people could be more productive while using Linux apps. Alongside Linux, Google also announced that it would be bringing Android 11 to Chromebooks. Technically, the update has already started with Chrome OS 90 for select Chromebooks, and it'll come with a host of new features including increased optimization of Android apps and a new dark theme. Google's increased support of Android is no coincidence. The company says that the operating system sees 3x increased usage of Android apps, and the new Android 11 update will see Android move to a virtual machine rather than the current container based method, making it easier to update in the future.
Operating Systems

Google and Samsung Are Merging Wear OS and Tizen (theverge.com) 44

Today, Google and Samsung announced that they are merging Wear OS and Tizen in an effort to better compete against Apple's watchOS. "The resulting platform is currently being referred to simply as 'Wear,' though that might not be the final name," notes The Verge. From the report: Benefits of the joint effort include significant improvements to battery life, 30 percent faster loading times for apps, and smoother animations. It also simplifies life for developers and will create one central smartwatch OS for the Android platform. Google is also promising a greater selection of apps and watch faces than ever before. "All device makers will be able to add a customized user experience on top of the platform, and developers will be able to use the Android tools they already know and love to build for one platform and ecosystem," Google's Bjorn Kilburn wrote in a blog post.

Wired has more details on what's to come, including the tidbit that Samsung will stick with its popular rotating bezel on future devices -- but it's finished making Tizen-only smartwatches. There will also be a version of Google Maps that works standalone (meaning without your phone nearby) and a YouTube Music app that supports offline downloads. Oh, and Spotify will support offline downloads on Wear smartwatches, as well. Samsung confirmed that its next Galaxy Watch will run on this unified platform. And future "premium" Fitbit devices will also run the software.

Android

Google Shows Off Android 12's Huge UI Overhaul (arstechnica.com) 52

At Google I/O 2021 today, Google confirmed that Android 12 is getting a huge new design. Ars Technica reports: Google calls the new design "Material You," and just like in the leaks, it's a UI that changes colors like a chameleon. For now, this design will only show up in Google Pixels, but Google says it will roll out across the ecosystem to the web, Chrome OS, smart displays, cars, watches, tablets, and every other Google form factor. The new interface is powered by a "color extraction" API that can pull the colors out of your wallpaper and apply them to the UI. This sounds exactly like the Palette API that was introduced in Android 5.0 (along with the original introduction of Material Design), but it's apparently a second swing at the color extraction idea, and Google is heavily using it in the UI now. The demo interfaces featured customized highlight colors, clock faces, widget backgrounds, and more, all matching the color of your wallpaper. Besides new colors, there are also tons of layout changes to the quick settings and notification panel. The first public beta of Android is now available. Google Pixel smartphones as far back as the Pixel 3 are eligible, as well as several devices from device-maker partners, including ASUS and OnePlus.
Windows

Microsoft Says Windows 10X Isn't Happening (zdnet.com) 48

Microsoft today acknowledged that the company isn't going to release its Windows 10X operating system variant, as reported more than a week ago. Mary Jo Foley, writing at ZDNet: Don't be surprised if you missed the acknowledgement, as Microsoft buried it in its blog post about the rollout of the Windows 10 21H1 feature update -- which it published at the start of the Google I/O keynote. Toward the end of the post, under the "Our customer first focus" subheading, officials said Windows 10X wouldn't be coming to market in 2021, after all. Instead, Microsoft will be integrating some of the 10X "foundational" technologies into other parts of Windows and other products. Windows 10X was supposed to be Microsoft's answer to Chrome OS -- a simpler Windows 10 variant that was slated to debut first on PCs for education and the first line-worker market.
Microsoft

Microsoft Shelves Windows 10X, It is not Shipping in 2021 (petri.com) 74

In late 2019, Microsoft announced Windows 10X, a new flavor of Windows 10 designed for dual-screen PCs. Windows 10X, Microsoft said at the time, will power dual-screen PCs from Asus, Dell, HP, Lenovo, and of course Microsoft. But it appears Microsoft has changed its plans about what it wants to do with this version of Windows 10. Microsoft-focused news outlet Petri reported on Friday, citing people familiar with the matter, that Microsoft will not be shipping Windows 10X this year and the OS, as was described by the company in 2019, will likely never arrive. From the report: The company has shifted resources to Windows 10 and 10X is on the back burner, for now. For about a decade, Microsoft has been trying to modernize Windows in various ways. We have seen Windows RT, Windows 10S, and now Windows 10X. The question becomes if there really is a future for anything other than traditional Windows 10? Microsoft said during their last earnings call that there were 1.3 billion active devices are running the OS each month and with that context in mind, does there really need to be a 'lite' version of the OS?

It's a fair question at this point because Microsoft's history of trying to overhaul Windows is a journey down a road with many headstones along the way to 2021. The reality is that if Microsoft is going to invest heavily in a modern version of Windows 10, it should be to run Windows 10 on ARM. A watered-down version of the OS to compete against Chromebooks is not working out today, much like it has not worked out in the past and it may never work out either but the future is hard to predict. While Windows 10 was put in the backseat for the past couple of years and many looked at 10X as a possible revival of excitement for the OS, all eyes should now be focused on Sun Valley -- the next major update to Windows 10. If something is going to return the limelight to Windows, it has to be Sun Valley because that's the only thing left. But just because 10X isn't coming to market anytime soon, the technologies that were built for 10X are migrating to Windows 10. Not everything from 10X will show up in 10 but I would expect to see things like UI updates, app containers, and more arrive in Windows 10.

Windows

Microsoft Is Finally Ditching Its Windows 95-Era Icons (theverge.com) 108

Microsoft is now planning to refresh the Windows 95-era icons you still sometimes come across in Windows 10. The Verge reports: Windows Latest has spotted new icons for the hibernation mode, networking, memory, floppy drives, and much more as part of the shell32.dll file in preview versions of Windows 10. This DLL is a key part of the Windows Shell, which surfaces icons in a variety of dialog boxes throughout the operating system. It's also a big reason why Windows icons have been so inconsistent throughout the years. Microsoft has often modernized other parts of the OS only for an older app to throw you into a dialog box with Windows 95-era icons from shell32.dll. Hopefully this also means Windows will never ask you for a floppy disk drive when you dig into Device Manager to update a driver. That era of Windows, along with these old icons, has been well and truly over for more than a decade now. These new changes are part of Microsoft's design overhaul to Windows 10, codenamed Sun Valley. "We're expecting to hear more about Sun Valley at Microsoft's Build conference later this month, or as part of a dedicated Windows news event," notes The Verge.
Bug

Windows Defender Bug Fills Windows 10 Boot Drive With Thousands of Files (bleepingcomputer.com) 64

A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives. BleepingComputer reports: The bug started with Windows Defender antivirus engine 1.1.18100.5 and will cause the C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store folder to be filled up with thousands of files with names that appear to be MD5 hashes. From a system seen by BleepingComputer, the created files range in size from 600 bytes to a little over 1KB. While the system we looked at only had approximately 1MB of files, other Windows 10 users report that their systems have been filled up with hundreds of thousands of files, which in one case, used up 30GB of storage space. On smaller SSD system drives (C:), this can be a considerable amount of storage space to waste on unnecessary files. According to Deskmodder, who first reported on this issue, the bug has now been fixed in the latest Windows Defender engine, version 1.1.18100.6.
Windows

Two More Windows 10 Updates Will Remove Adobe Flash For Good (zdnet.com) 47

Microsoft is preparing to issue two more Windows 10 updates in June and July that will eliminate unsupported Adobe Flash Player from Windows PCs for good. ZDNet reports: The update KB4577586 called "Update for Removal of Adobe Flash Player" has been available as an optional update since October and now looks set for a broader deployment. Flash Player officially reached end of life on December 31, 2020 as per an announcement by Adobe and major browser makers in 2017.

"Starting in June 2021, the KB4577586 "Update for Removal of Adobe Flash Player" will be included in the Preview Update for Windows 10, version 1809 and above platforms. It will also be included in every subsequent Latest Cumulative Update," Microsoft said. "As of July 2021, the KB4577586 "Update for Removal of Adobe Flash Player" will be included in the Latest Cumulative Update for Windows 10, versions 1607 and Windows 10, version 1507. The KB will also be included in the Monthly Rollup and the Security Only Update for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard," it added.

Security

Dell Patches 12-year-old Driver Vulnerability Impacting Millions of PCs (therecord.media) 23

Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks. From a report: The bug, tracked as CVE-2021-21551, impacts version 2.3 of DBUtil, a Dell BIOS driver that allows the OS and system apps to interact with the computer's BIOS and hardware. In a report published today and shared with The Record, security firm SentinelOne said it found a vulnerability in this driver that could be abused to allow threat actors access driver functions and execute malicious code with SYSTEM and kernel-level privileges. Researchers said the DBUtil vulnerability cannot be exploited over the internet to gain access to unpatched systems remotely. Instead, threat actors who gained initial access to a computer, even to a low-level account, could abuse this bug to take full control over the compromised PC -- in what the security community typically describes as a privilege escalation vulnerability.
Open Source

Linus Torvalds Reflects In New Interview on Linux's Earliest Days (tag1consulting.com) 51

Linus Torvalds gave a long new email interview to Jeremy Andrews, founding partner/CEO of Tag1 (a global technology consulting firm and the second all-time leading contributor to Drupal). Torvalds discusses everything from the creation of Git, licenses, Apple's ARM64 chips, and Rust drivers, to his own Fedora-based home work environment — and how proud he is of the pathname lookup in Linux's virtual filesystem. ("Nothing else out there comes even close.")

But with all that, early on Torvalds also reflects that Linux began as a personal project at the age of 21, "not out of some big dream to create a new operating system." Instead it "literally grew kind of haphazardly from me initially just trying to learn the in-and-outs of my new PC hardware.

"So when I released the very first version, it was really more of a 'look at what I did', and sure, I was hoping that others would find it interesting, but it wasn't a real serious and usable OS. It was more of a proof of concept, and just a personal project I had worked on for several months at that time..."

This year, in August, Linux will celebrate its 30th anniversary! That's amazing, congratulations! At what point during this journey did you realize what you'd done, that Linux was so much more than "just a hobby"?

Linus Torvalds: This may sound a bit ridiculous, but that actually happened very early. Already by late '91 (and certainly by early '92) Linux had already become much bigger than I had expected.

And yeah, considering that by that point, there were probably just a few hundred users (and even "users" may be too strong — people were tinkering with it), it probably sounds odd considering how Linux then later ended up growing much bigger. But in many ways for me personally, the big inflection point was when I realized that other people are actually using it, and interested in it, and it started to have a life of its own. People started sending patches, and the system was actually starting to do much more than I had initially really envisioned....

That "anybody can maintain their own version" worried some people about the GPLv2, but I really think it's a strength, not a weakness. Somewhat unintuitively, I think it's actually what has caused Linux to avoid fragmenting: everybody can make their own fork of the project, and that's OK. In fact, that was one of the core design principles of "Git" — every clone of the repository is its own little fork, and people (and companies) forking off their own version is how all development really gets done.

So forking isn't a problem, as long as you can then merge back the good parts. And that's where the GPLv2 comes in. The right to fork and do your own thing is important, but the other side of the coin is equally important — the right to then always join back together when a fork was shown to be successful...

I very much don't regret the choice of license, because I really do think the GPLv2 is a huge part of why Linux has been successful.

Money really isn't that great of a motivator. It doesn't pull people together. Having a common project, and really feeling that you really can be a full partner in that project, that motivates people, I think.

Social Networks

New Florida Law Could Punish Social Media Companies for 'Deplatforming' Politicians (nbcnews.com) 336

Florida is on track to be the first state in America to punish social media companies that ban politicians, reports NBC News, "under a bill approved Thursday by the state's Republican-led Legislature." Gov. Ron DeSantis, a Republican and close Trump ally who called for the bill's passage, is expected to sign the legislation into law, but the proposal appears destined to be challenged in court after a tech industry trade group called it a violation of the First Amendment speech rights of corporations...

Suspensions of up to 14 days would still be allowed, and a service could remove individual posts that violate its terms of service. The state's elections commission would be empowered to fine a social media company $250,000 a day for statewide candidates and $25,000 a day for other candidates if a company's actions are found to violate the law, which also requires the companies to provide information about takedowns and apply rules consistently...

Florida Republican lawmakers have cited tech companies' wide influence over speech as a reason for the increased regulation. "What this bill is about is sending a loud message to Silicon Valley that they are not the absolute arbiters of truth," state Rep. John Snyder, a Republican from the Port St. Lucie area, said Wednesday... The Florida bill may offer Republicans in other states a road map for introducing laws that could eventually force social media companies and U.S. courts to confront questions about free speech on social media, including the questions raised by Thomas.

State Rep. Carlos Guillermo Smith, an Orlando area Democrat, said if Republicans want to stay on private services, they should follow the rules. "There's already a solution to deplatforming candidates on social media: Stop trafficking in conspiracy theories...."

NetChoice, a trade group for internet companies, argued the bill punishes platforms for removing harmful content, and that it would make it harder to block spam. But they also argued that the freedom of speech clause in the U.S. Constitution "makes clear that government may not regulate the speech of private individuals or businesses.

"This includes government action that compels speech by forcing a private social media platform to carry content that is against its policies or preferences."

Slashdot reader zantafio points out the bill specifies just five major tech companies — Google, Apple, Twitter, Facebook and Amazon.

And that the bill was also amended to specifically exempt Disney, Universal and any theme park owner that operates a search engine or information service.

Slashdot Top Deals