Microsoft has open-sourced today a tool that can be used to build lab environments where security teams can simulate attacks and verify the detection effectiveness of Microsoft security products. The Record reports: Named SimuLand, the tool was specifically built to help security/IT teams that use Microsoft products such as Microsoft 365 Defender, Azure Defender, and Azure Sentinel. Currently, SimuLand comes with only one lab environment, specialized in detecting Golden SAML attacks. However, Microsoft said it's working on adding new ones. Community contributions are also welcomed, and the reason the project has been open-sourced on GitHub, with Microsoft hoping to get a helping hand from the tens of thousands of security teams that run its software.

"If you would like to share a new end-to-end attacker path, let us know by opening an issue in our GitHub repository, and we would be happy to collaborate and provide some resources to make it happen," Microsoft said today in a blog post. But Microsoft doesn't want only lab environments specialized in executing well-known techniques or adversary tradecraft. The OS maker is also encouraging the community to contribute improved detection rules for the attacks they're sharing, so everyone can benefit from the shared knowledge.

Microsoft today open-sourced a tool that can be used to build lab environments where security teams can simulate attacks and verify the detection effectiveness of Microsoft security products. From a report: Named SimuLand, the tool was specifically built to help security/IT teams that use Microsoft products such as Microsoft 365 Defender, Azure Defender, and Azure Sentinel. Currently, SimuLand comes with only one lab environment, specialized in detecting Golden SAML attacks.

However, Microsoft said it's working on adding new ones. Community contributions are also welcomed, and the reason the project has been open-sourced on GitHub, with Microsoft hoping to get a helping hand from the tens of thousands of security teams that run its software. "If you would like to share a new end-to-end attacker path, let us know by opening an issue in our GitHub repository, and we would be happy to collaborate and provide some resources to make it happen," Microsoft said today in a blog post. But Microsoft doesn't want only lab environments specialized in executing well-known techniques or adversary tradecraft. The OS maker is also encouraging the community to contribute improved detection rules for the attacks they're sharing, so everyone can benefit from the shared knowledge.

Linux on Chromebooks is finally coming out of beta with the release of Chrome OS 91, Google said at its developer I/O conference. From a report: The company had offered Linux apps on Chrome OS alongside Android apps, hoping to reach an audience of developers with IDEs and so on. However, the Linux Development Environment, as Google had dubbed it, had been in beta ever since while first launched. The company had added new features at a steady cadence, enabling things like GPU acceleration, better support for USB drives, and so on so people could be more productive while using Linux apps. Alongside Linux, Google also announced that it would be bringing Android 11 to Chromebooks. Technically, the update has already started with Chrome OS 90 for select Chromebooks, and it'll come with a host of new features including increased optimization of Android apps and a new dark theme. Google's increased support of Android is no coincidence. The company says that the operating system sees 3x increased usage of Android apps, and the new Android 11 update will see Android move to a virtual machine rather than the current container based method, making it easier to update in the future.

Today, Google and Samsung announced that they are merging Wear OS and Tizen in an effort to better compete against Apple's watchOS. "The resulting platform is currently being referred to simply as 'Wear,' though that might not be the final name," notes The Verge. From the report: Benefits of the joint effort include significant improvements to battery life, 30 percent faster loading times for apps, and smoother animations. It also simplifies life for developers and will create one central smartwatch OS for the Android platform. Google is also promising a greater selection of apps and watch faces than ever before. "All device makers will be able to add a customized user experience on top of the platform, and developers will be able to use the Android tools they already know and love to build for one platform and ecosystem," Google's Bjorn Kilburn wrote in a blog post.

Wired has more details on what's to come, including the tidbit that Samsung will stick with its popular rotating bezel on future devices -- but it's finished making Tizen-only smartwatches. There will also be a version of Google Maps that works standalone (meaning without your phone nearby) and a YouTube Music app that supports offline downloads. Oh, and Spotify will support offline downloads on Wear smartwatches, as well. Samsung confirmed that its next Galaxy Watch will run on this unified platform. And future "premium" Fitbit devices will also run the software.

At Google I/O 2021 today, Google confirmed that Android 12 is getting a huge new design. Ars Technica reports: Google calls the new design "Material You," and just like in the leaks, it's a UI that changes colors like a chameleon. For now, this design will only show up in Google Pixels, but Google says it will roll out across the ecosystem to the web, Chrome OS, smart displays, cars, watches, tablets, and every other Google form factor. The new interface is powered by a "color extraction" API that can pull the colors out of your wallpaper and apply them to the UI. This sounds exactly like the Palette API that was introduced in Android 5.0 (along with the original introduction of Material Design), but it's apparently a second swing at the color extraction idea, and Google is heavily using it in the UI now. The demo interfaces featured customized highlight colors, clock faces, widget backgrounds, and more, all matching the color of your wallpaper. Besides new colors, there are also tons of layout changes to the quick settings and notification panel. The first public beta of Android is now available. Google Pixel smartphones as far back as the Pixel 3 are eligible, as well as several devices from device-maker partners, including ASUS and OnePlus.

Microsoft today acknowledged that the company isn't going to release its Windows 10X operating system variant, as reported more than a week ago. Mary Jo Foley, writing at ZDNet: Don't be surprised if you missed the acknowledgement, as Microsoft buried it in its blog post about the rollout of the Windows 10 21H1 feature update -- which it published at the start of the Google I/O keynote. Toward the end of the post, under the "Our customer first focus" subheading, officials said Windows 10X wouldn't be coming to market in 2021, after all. Instead, Microsoft will be integrating some of the 10X "foundational" technologies into other parts of Windows and other products. Windows 10X was supposed to be Microsoft's answer to Chrome OS -- a simpler Windows 10 variant that was slated to debut first on PCs for education and the first line-worker market.

In late 2019, Microsoft announced Windows 10X, a new flavor of Windows 10 designed for dual-screen PCs. Windows 10X, Microsoft said at the time, will power dual-screen PCs from Asus, Dell, HP, Lenovo, and of course Microsoft. But it appears Microsoft has changed its plans about what it wants to do with this version of Windows 10. Microsoft-focused news outlet Petri reported on Friday, citing people familiar with the matter, that Microsoft will not be shipping Windows 10X this year and the OS, as was described by the company in 2019, will likely never arrive. From the report: The company has shifted resources to Windows 10 and 10X is on the back burner, for now. For about a decade, Microsoft has been trying to modernize Windows in various ways. We have seen Windows RT, Windows 10S, and now Windows 10X. The question becomes if there really is a future for anything other than traditional Windows 10? Microsoft said during their last earnings call that there were 1.3 billion active devices are running the OS each month and with that context in mind, does there really need to be a 'lite' version of the OS?

It's a fair question at this point because Microsoft's history of trying to overhaul Windows is a journey down a road with many headstones along the way to 2021. The reality is that if Microsoft is going to invest heavily in a modern version of Windows 10, it should be to run Windows 10 on ARM. A watered-down version of the OS to compete against Chromebooks is not working out today, much like it has not worked out in the past and it may never work out either but the future is hard to predict. While Windows 10 was put in the backseat for the past couple of years and many looked at 10X as a possible revival of excitement for the OS, all eyes should now be focused on Sun Valley -- the next major update to Windows 10. If something is going to return the limelight to Windows, it has to be Sun Valley because that's the only thing left. But just because 10X isn't coming to market anytime soon, the technologies that were built for 10X are migrating to Windows 10. Not everything from 10X will show up in 10 but I would expect to see things like UI updates, app containers, and more arrive in Windows 10.

Microsoft is now planning to refresh the Windows 95-era icons you still sometimes come across in Windows 10. The Verge reports: Windows Latest has spotted new icons for the hibernation mode, networking, memory, floppy drives, and much more as part of the shell32.dll file in preview versions of Windows 10. This DLL is a key part of the Windows Shell, which surfaces icons in a variety of dialog boxes throughout the operating system. It's also a big reason why Windows icons have been so inconsistent throughout the years. Microsoft has often modernized other parts of the OS only for an older app to throw you into a dialog box with Windows 95-era icons from shell32.dll. Hopefully this also means Windows will never ask you for a floppy disk drive when you dig into Device Manager to update a driver. That era of Windows, along with these old icons, has been well and truly over for more than a decade now. These new changes are part of Microsoft's design overhaul to Windows 10, codenamed Sun Valley. "We're expecting to hear more about Sun Valley at Microsoft's Build conference later this month, or as part of a dedicated Windows news event," notes The Verge.

A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives. BleepingComputer reports: The bug started with Windows Defender antivirus engine 1.1.18100.5 and will cause the C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store folder to be filled up with thousands of files with names that appear to be MD5 hashes. From a system seen by BleepingComputer, the created files range in size from 600 bytes to a little over 1KB. While the system we looked at only had approximately 1MB of files, other Windows 10 users report that their systems have been filled up with hundreds of thousands of files, which in one case, used up 30GB of storage space. On smaller SSD system drives (C:), this can be a considerable amount of storage space to waste on unnecessary files. According to Deskmodder, who first reported on this issue, the bug has now been fixed in the latest Windows Defender engine, version 1.1.18100.6.

Microsoft is preparing to issue two more Windows 10 updates in June and July that will eliminate unsupported Adobe Flash Player from Windows PCs for good. ZDNet reports: The update KB4577586 called "Update for Removal of Adobe Flash Player" has been available as an optional update since October and now looks set for a broader deployment. Flash Player officially reached end of life on December 31, 2020 as per an announcement by Adobe and major browser makers in 2017.

"Starting in June 2021, the KB4577586 "Update for Removal of Adobe Flash Player" will be included in the Preview Update for Windows 10, version 1809 and above platforms. It will also be included in every subsequent Latest Cumulative Update," Microsoft said. "As of July 2021, the KB4577586 "Update for Removal of Adobe Flash Player" will be included in the Latest Cumulative Update for Windows 10, versions 1607 and Windows 10, version 1507. The KB will also be included in the Monthly Rollup and the Security Only Update for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard," it added.

Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks. From a report: The bug, tracked as CVE-2021-21551, impacts version 2.3 of DBUtil, a Dell BIOS driver that allows the OS and system apps to interact with the computer's BIOS and hardware. In a report published today and shared with The Record, security firm SentinelOne said it found a vulnerability in this driver that could be abused to allow threat actors access driver functions and execute malicious code with SYSTEM and kernel-level privileges. Researchers said the DBUtil vulnerability cannot be exploited over the internet to gain access to unpatched systems remotely. Instead, threat actors who gained initial access to a computer, even to a low-level account, could abuse this bug to take full control over the compromised PC -- in what the security community typically describes as a privilege escalation vulnerability.

Linus Torvalds gave a long new email interview to Jeremy Andrews, founding partner/CEO of Tag1 (a global technology consulting firm and the second all-time leading contributor to Drupal). Torvalds discusses everything from the creation of Git, licenses, Apple's ARM64 chips, and Rust drivers, to his own Fedora-based home work environment — and how proud he is of the pathname lookup in Linux's virtual filesystem. ("Nothing else out there comes even close.")

But with all that, early on Torvalds also reflects that Linux began as a personal project at the age of 21, "not out of some big dream to create a new operating system." Instead it "literally grew kind of haphazardly from me initially just trying to learn the in-and-outs of my new PC hardware.

"So when I released the very first version, it was really more of a 'look at what I did', and sure, I was hoping that others would find it interesting, but it wasn't a real serious and usable OS. It was more of a proof of concept, and just a personal project I had worked on for several months at that time..."

This year, in August, Linux will celebrate its 30th anniversary! That's amazing, congratulations! At what point during this journey did you realize what you'd done, that Linux was so much more than "just a hobby"?

Linus Torvalds: This may sound a bit ridiculous, but that actually happened very early. Already by late '91 (and certainly by early '92) Linux had already become much bigger than I had expected.

And yeah, considering that by that point, there were probably just a few hundred users (and even "users" may be too strong — people were tinkering with it), it probably sounds odd considering how Linux then later ended up growing much bigger. But in many ways for me personally, the big inflection point was when I realized that other people are actually using it, and interested in it, and it started to have a life of its own. People started sending patches, and the system was actually starting to do much more than I had initially really envisioned....

That "anybody can maintain their own version" worried some people about the GPLv2, but I really think it's a strength, not a weakness. Somewhat unintuitively, I think it's actually what has caused Linux to avoid fragmenting: everybody can make their own fork of the project, and that's OK. In fact, that was one of the core design principles of "Git" — every clone of the repository is its own little fork, and people (and companies) forking off their own version is how all development really gets done.

So forking isn't a problem, as long as you can then merge back the good parts. And that's where the GPLv2 comes in. The right to fork and do your own thing is important, but the other side of the coin is equally important — the right to then always join back together when a fork was shown to be successful...

I very much don't regret the choice of license, because I really do think the GPLv2 is a huge part of why Linux has been successful.

Money really isn't that great of a motivator. It doesn't pull people together. Having a common project, and really feeling that you really can be a full partner in that project, that motivates people, I think.

Florida is on track to be the first state in America to punish social media companies that ban politicians, reports NBC News, "under a bill approved Thursday by the state's Republican-led Legislature." Gov. Ron DeSantis, a Republican and close Trump ally who called for the bill's passage, is expected to sign the legislation into law, but the proposal appears destined to be challenged in court after a tech industry trade group called it a violation of the First Amendment speech rights of corporations...

Suspensions of up to 14 days would still be allowed, and a service could remove individual posts that violate its terms of service. The state's elections commission would be empowered to fine a social media company $250,000 a day for statewide candidates and $25,000 a day for other candidates if a company's actions are found to violate the law, which also requires the companies to provide information about takedowns and apply rules consistently...

Florida Republican lawmakers have cited tech companies' wide influence over speech as a reason for the increased regulation. "What this bill is about is sending a loud message to Silicon Valley that they are not the absolute arbiters of truth," state Rep. John Snyder, a Republican from the Port St. Lucie area, said Wednesday... The Florida bill may offer Republicans in other states a road map for introducing laws that could eventually force social media companies and U.S. courts to confront questions about free speech on social media, including the questions raised by Thomas.

State Rep. Carlos Guillermo Smith, an Orlando area Democrat, said if Republicans want to stay on private services, they should follow the rules. "There's already a solution to deplatforming candidates on social media: Stop trafficking in conspiracy theories...."
NetChoice, a trade group for internet companies, argued the bill punishes platforms for removing harmful content, and that it would make it harder to block spam. But they also argued that the freedom of speech clause in the U.S. Constitution "makes clear that government may not regulate the speech of private individuals or businesses.

"This includes government action that compels speech by forcing a private social media platform to carry content that is against its policies or preferences."

Slashdot reader zantafio points out the bill specifies just five major tech companies — Google, Apple, Twitter, Facebook and Amazon.

And that the bill was also amended to specifically exempt Disney, Universal and any theme park owner that operates a search engine or information service.

It's been just over a year since Microsoft announced it had hit its goal of 1 billion monthly active Windows 10 devices. It took a while to get there, but Microsoft now says Windows 10 is growing even faster, reaching a whopping 1.3 billion active installs in the last quarter. From a report: Like a number of other technology firms, Microsoft has the global pandemic to thank for its windfall. It turns out people buy more computers when they're stuck at home. "Over a year into the pandemic, digital adoption curves aren't slowing down. They're accelerating, and it's just the beginning," said CEO Satya Nadella. The latest device count comes from Microsoft's earnings report, which featured a stunning $41.7 billion in revenue for the quarter.

jonesy16 writes: While users have long been able to run Linux GUI apps on Windows by installing a separate X Server, this marks the first time that native support is available through the Windows Subsystem for Linux (WSL). Audio support and hardware acceleration are also provided, seemingly enabling a limitless set of use cases for those wishing to live the dual OS life. The change is identified in the recent preview build release along with a more in-depth discussion of the graphical subsystem now called WSLg.

"FreeBSD, the other Linux, reached version 13," writes long-time Slashdot reader undoman. "The operating system is known for its stable code, native ZFS support, and use of the more liberal BSD licenses." Phoronix highlights some of the major new improvements: FreeBSD 13.0 delivers on performance improvements (particularly for Intel CPUs we've seen in benchmarks thanks to hardware P-States), upgrading to LLVM Clang 11 as the default compiler toolchain, POWER 64-bit support improvements, a wide variety of networking improvements, 64-bit ARM (AArch64) now being a tier-one architecture alongside x86_64, EFI boot improvements, AES-NI is now included by default for generic kernel builds, the default CPU support for i386 is bumped to i686 from i486, and a variety of other hardware support improvements. Various obsolete GNU tools have been removed like an old version of GNU Debugger used for crashinfo, obsolete GCC 4.2.1 and Binutils 2.17 were dropped from the main tree, and also switching to a BSD version of grep. The release announcement can be found here.

IBM has announced a COBOL compiler for Linux on x86. "IBM COBOL for Linux on x86 1.1 brings IBM's COBOL compilation technologies and capabilities to the Linux on x86 environment," said IBM in an announcement, describing it as "the latest addition to the IBM COBOL compiler family, which includes Enterprise COBOL for z/OS and COBOL for AIX." The Register reports: COBOL -- the common business-oriented language -- has its roots in the 1950s and is synonymous with the mainframe age and difficulties paying down technical debt accrued since a bygone era of computing. So why is IBM -- which is today obsessed with hybrid clouds -- bothering to offer a COBOL compiler for Linux on x86? Because IBM thinks you may want your COBOL apps in a hybrid cloud, albeit the kind of hybrid IBM fancies, which can mean a mix of z/OS, AIX, mainframes, POWER systems and actual public clouds.
[...]
But the announcement also suggests IBM doesn't completely believe this COBOL on x86 Linux caper has a future as it concludes: "This solution also provides organizations with the flexibility to move workloads back to IBM Z should performance and throughput requirements increase, or to share business logic and data with CICS Transaction Server for z/OS." The new offering requires RHEL 7.8 or later, or Ubuntu Server 16.04 LTS, 18.04 LTS, or later.

For the past few years, Google has been encouraging developers to write Android apps with Kotlin. The underlying OS still uses C and C++, though Google today announced Android Open Source Project (AOSP) support for Rust. From a report: This is part of Google's work to address memory safety bugs in the operating system: "We invest a great deal of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from making it into Android releases. Yet in spite of these efforts, memory safety bugs continue to be a top contributor of stability issues, and consistently represent ~70% of Android's high severity security vulnerabilities."

The company believes that memory-safe languages, like Rust, are the "most cost-effective means for preventing memory bugs" in the bootloader, fastboot, kernel, and other low-level parts of the OS. Unlike C and C++, where developers manage memory lifetime, Rust "provides memory safety guarantees by using a combination of compile-time checks to enforce object lifetime/ownership and runtime checks to ensure that memory accesses are valid." Google has been working to add this support to AOSP for the past 18 months. Performance is equivalent to the existing languages, while increasing the effectiveness of current sandboxing and reducing the overall need for it. This allows for "new features that are both safer and lighter on resources." Other improvements include data concurrency, a more expressive type system, and safer integer handling.

The team behind UNIX also built another operating system at Bell Labs, writes the corporate CTO and president of Nokia Bell Labs: Starting in the late 1980s, a group led by Rob Pike and UNIX co-creators Ken Thompson and Dennis Ritchie developed "Plan 9". Their motivation was two-fold: to build an operating system that would fit an increasingly distributed world, and to do so in a clean and elegant manner. The plan was not to build directly on the Unix foundation but to implement a new design from scratch. The result was named Plan 9 from Bell Labs — the name an inside joke inspired by the cult B-movie "Plan 9 from Outer Space."

Plan 9 is built around a radically different model from that of conventional operating systems. The OS is structured as a collection of loosely coupled services, which may be hosted on different machines. Another key concept in its design is that of a per-process name space: services can be mapped on to local names fixed by convention, so that programs using those services need not change if the current services are replaced by others providing the same functionality.

Despite the groundbreaking innovations in Plan 9, the operating system did not take off — at least not enough to justify Bell Labs continued investment in Plan 9 development. But Plan 9's innovations found their way into many commercial OSes: the concept of making OS services available via the file system is now pervasive in Linux; Plan 9's minimalist windowing system design has been replicated many times; the UTF-8 character encoding used universally today in browsers was invented for, and first implemented in, Plan 9; and the design of Plan 9 anticipated today's microservice architectures by more than a decade...!

Starting this week, Plan 9 will have a new home in the space it helped define: cyberspace. We are transferring the copyright in Plan 9 software to the Plan 9 Foundation for all future development, allowing them to carry on the good work that Bell Labs and many other Plan 9 enthusiasts have undertaken over the past couple of decades. Indeed, there is an active community of people who have been working on Plan 9 and who are interested in the future evolution of this groundbreaking operating system. That community is organizing itself bottom-up into the new Plan 9 Foundation, which is making the OS code publicly available under a suitable open-source software license.

We at Nokia and Bell Labs are huge advocates for the power of open-source communities for such pioneering systems that have the potential to benefit the global software development community. Who knows, perhaps Plan 9 will become a part of the emerging distributed cloud infrastructure that will underpin the coming industrial revolution?

This week Swedish developer Daniel Stenberg posted a remarkable reflection on the 23rd anniversary of his command-line data tool, cURL: curl was adopted in Red Hat Linux in late 1998, became a Debian package in May 1999, shipped in Mac OS X 10.1 in August 2001. Today, it is also shipped by default in Windows 10 and in iOS and Android devices. Not to mention the game consoles, Nintendo Switch, Xbox and Sony PS5.

Amusingly, libcurl is used by the two major mobile OSes but not provided as an API by them, so lots of apps, including many extremely large volume apps bundle their own libcurl build: YouTube, Skype, Instagram, Spotify, Google Photos, Netflix etc. Meaning that most smartphone users today have many separate curl installations in their phones.

Further, libcurl is used by some of the most played computer games of all times: GTA V, Fortnite, PUBG mobile, Red Dead Redemption 2 etc.

libcurl powers media players and set-top boxes such as Roku, Apple TV by maybe half a billion TVs.

curl and libcurl ships in virtually every Internet server and is the default transfer engine in PHP, which is found in almost 80% of the world's almost two billion websites.

Cars are Internet-connected now. libcurl is used in virtually every modern car these days to transfer data to and from the vehicles.

Then add media players, kitchen and medical devices, printers, smart watches and lots of "smart"; IoT things. Practically speaking, just about every Internet-connected device in existence runs curl.

I'm convinced I'm not exaggerating when I claim that curl exists in over ten billion installations world-wide...

Those 300 lines of code in late 1996 have grown to 172,000 lines in March 2021.
Stenberg attributes cURL's success to persistence. "We hold out. We endure and keep polishing. We're here for the long run. It took me two years (counting from the precursors) to reach 300 downloads. It took another ten or so until it was really widely available and used." But he adds that 22 different CPU architectures and 86 different operating systems are now known to have run curl.

In a later blog post titled "GitHub Steel," Stenberg also reveals that GitHub gave him a 3D-printed steel version of his 2020 GitHub contribution matrix — accompanied by a friendly note. "Please accept this small gift as a token of appreciation on behalf of all of us here at GitHub, and everyone who benefits from your work."