An anonymous reader quotes a report from Android Police: Today, Google and Qualcomm announced what seemed like a big improvement to updates for Android smartphones. The headlines (ours included! We were confused, too) largely read as though Android phones with Qualcomm chipsets would now receive "four years" of Android updates, an additional year on top of what manufacturers like Google and now Samsung have offered on their top-tier smartphones. Except, that's not actually what it said. After confirming with both Google and Qualcomm (and chatting with AP alumnus Ron Amadeo), I received confirmation of what I suspected was the point of confusion about today's news, and that, in fact, very little is changing if you have a Google Pixel or high-end Samsung smartphone. Currently, Google and Samsung both offer three major OS updates on their well-known smartphones. Today's announcement from Google and Qualcomm does not add to that figure. Instead, the announcement merely makes policy what has long been an optional extra for smartphone OEMs who work with Qualcomm, and does not actually "extend" the lifespan of Qualcomm's highest-end chipsets in a meaningful way.

If you're confused, I empathize. But Qualcomm and Google kind of hid the ball on this one in a way that was really, really easy to miss, and which most people (including me) didn't spot at first glance. Here's what's actually changing:

— Qualcomm will support three major Android OS updates for its entire portfolio of smartphone chips going forward, starting with the Snapdragon 888
— Smartphone OEMs will likely be able to now offer four full years of Android security updates going forward (based on our reading of the announcement)

That's it! So, where does all that "four years" and "four Android OS versions" business come from? It's really just a very generous marketing explanation of what was already the policy for Google's Pixel phones (and, again, now many of Samsung's), and it's a tad misleading. Right now, Google's Pixel phones get three years of Android OS and security updates from the time they are released. That means around 36 months of security patches and three major platform updates. Under the new system from Qualcomm, that could be extended to 48 months of security patches, but it would still be just three major platform updates. Neither Google nor Qualcomm is promising more major platform updates for high-end Android smartphones, they're only saying that all Android smartphones with Qualcomm's chips from the newly-announced Snapdragon 888 forward will be eligible for three major platform updates and, as far as we can tell, four years of security updates. As for the four versions business, Google's own slide from today's announcement makes clear that this includes the version of Android the phone shipped with. As in, your phone will, over its lifetime, run four versions of Android: the one it came with, and three subsequent platform updates.

This week, Google acquired a company called Neverware that allows users to turn their old PCs and Macs into a Chromebook with its CloudReady software. Now, Google is planning to make CloudReady into an official Chrome OS release. Engadget reports: When that happens, Neverware says its existing users will be able to seamlessly upgrade to the updated software. Moreover, once that transition is complete, Google will support CloudReady in the same way that it currently does Chrome OS. In the immediate future, Neverware says it's business as usual. The Home Edition of CloudReady isn't changing, and the company says it's committed to supporting its existing education and enterprise customers. Moreover, there's no plan to change pricing at the moment, and Google will honor any current multi-year licenses.

Not only does this acquisition make a lot of sense from Google's perspective, but it's hard to see a downside for CloudReady users. The fact the operating system wasn't officially supported by Google was one of the few downsides to the software. It meant you couldn't install Android apps on CloudReady devices, even though it's based on Chromium OS. With this acquisition, support for Android apps becomes much more likely. Direct support from Google will also make the software more appealing to schools and businesses since they can get help directly from the company if they have any technical issues.

Google, Dell, Intel and a handful of other major tech companies in the IT and cloud computing industries have banded together to tackle joint problems around security, remote work, and other enterprise issues that have only become more important during the coronavirus pandemic. From a report: The consortium these companies have formed is called the Modern Computing Alliance, and its founding members also include Box, Cirtrix, Imprivata, Okta, RingCentral, Slack, VMWare, and Zoom. The Modern Computing Alliance will initially be focused on four areas: performance; security and identity; remote work, productivity, and collaboration; and health care. The goal is to pool knowledge and resources toward solving shared problems around how companies perform work in the cloud and the tools they use to do so. The alliance will focus on developing new standards and interoperable technologies that can be used by any company that relies on one of the partners' platforms or products. In particular, Google is engaged in the effort with its Chrome browser and Chrome OS teams, as well as the division responsible for Google Workplace. "Today, we're excited to announce Google's membership in the Modern Computing Alliance -- to address the biggest IT challenges facing companies today with integration from silicon to cloud," says John Solomon, Google's vice president of Chrome OS. "Working with a group of forward-thinking industry leaders, we're aligning standards and technologies to provide companies with the choice of high-performance, cloud-first computing solutions from the vendor of their choice who provide modern solutions for the modern era of business."

New submitter RealNeoMorpheus shares a Google blogpost about Fuchsia -- a new open source operating system that has been in the works for several years: Fuchsia is a long-term project to create a general-purpose, open source operating system, and today we are expanding Fuchsia's open source model to welcome contributions from the public. Fuchsia is designed to prioritize security, updatability, and performance, and is currently under active development by the Fuchsia team. We have been developing Fuchsia in the open, in our git repository for the last four years. You can browse the repository history at fuchsia.googlesource.com to see how Fuchsia has evolved over time. We are laying this foundation from the kernel up to make it easier to create long-lasting, secure products and experiences. Starting today, we are expanding Fuchsia's open source model to make it easier for the public to engage with the project. We have created new public mailing lists for project discussions, added a governance model to clarify how strategic decisions are made, and opened up the issue tracker for public contributors to see what's being worked on. As an open source effort, we welcome high-quality, well-tested contributions from all. There is now a process to become a member to submit patches, or a committer with full write access. In addition, we are also publishing a technical roadmap for Fuchsia to provide better insights for project direction and priorities. Some of the highlights of the roadmap are working on a driver framework for updating the kernel independently of the drivers, improving file systems for performance, and expanding the input pipeline for accessibility.

Chrome OS 87 starting rolling out on Thursday, adding the ability to search tabs, view the battery levels of your Bluetooth devices, and more. 9to5Google reports: Tab Groups help people better manage (and collapse/hide) tabs, but it doesn't always reduce the number open. Google is now introducing Tab Search to let users find what pages they have open across all windows. Tapping the circular dropdown button in the top-right corner -- also accessible with Ctrl+Shift+A -- first shows a list of everything open. It includes the favicon, page name, and domain, as well as an individual close button. This feature is first rolling out to Chromebooks before coming to desktop browsers.

Chrome OS 87 will list the Bluetooth battery levels of accessories in Settings and Quick Settings. Just navigate to the Bluetooth menu. This feature is primarily meant for wireless headphones and will show a notification with the current level in the bottom-right corner of your screen upon connection. Chrome OS 87 also adds 36 new backgrounds created by four different artists. To set, right-click on the desktop or shelf and select "Set wallpaper."

Other features in this release include:
- Saving to Google Drive has been updated with the ability to rename the file and selecting what folder to store it in
- Chrome OS devices now support switch accessibility devices
- Google has updated language settings to be easier for multilingual users to navigate
- The Alt+Tab window switcher now supports mouse, touch screen, and stylus input
- Version 87 makes visual improvements when renaming Virtual Desks and Launcher folders

An Amazon Web Services (AWS) virtualization engineer has shown what Windows 10 on Arm could be like if Microsoft licensed its Arm-based OS to the public rather than just to Windows 10 manufacturers. From a report: With Apple's new M1 Arm-based system on chip, Mac users who need to use Windows 10 can't run Microsoft's Arm-based version of Windows using Apple's Bootcamp. The key obstacle is that Microsoft doesn't license Windows 10 on Arm to any entities other than its own Surface group and Windows 10 on Arm OEMs like HP, Asus and Lenovo. Technically, there's nothing stopping owners of the M1 MacBook Air, MacBook Pro 13-inch or Mac mini from running Windows 10 on Arm, as Apple's software engineering chief Craig Federighi recently pointed out. [...]

But Microsoft's reluctance to create a license for Windows 10 on Arm for end users hasn't stopped creative engineers from putting together a working example of what things could be like if it did. AWS principal engineer Alexander Graf did just that, using the open-source QEMU virtualization software for Windows on Arm. QEMU emulates access to hardware such as the CPU and GPU. [...] "Who said Windows wouldn't run well on #AppleSilicon? It's pretty snappy here," Graf wrote in a tweet. Graf previously worked on the Kernel Virtual Machine (KVM) for Linux distribution SUSE for over a decade. Now he's a KVM developer at AWS, which this week announced new Mac instances for AWS Elastic Compute Cloud (EC2) based on Nitro System, an AWS hypervisor for EC2 instances. [...] A developer using the handle @imbushuo on Twitter has posted Geekbench versions 4 and 5 scores that compare Windows 10 on Arm on an M1 computer with the Microsoft-made Surface Pro X. Windows on an M1 got a single-core score of 1,288 and multi-core score of 5,685 whereas the Surface Pro X's scores were roughly 800 and 3,000 in those respective benchmarks.

Microsoft has started testing smaller feature updates for Windows 10 in the form of a Windows Feature Experience Pack. The branding appeared inside Windows 10 earlier this year, but Microsoft has only confirmed what the packs will be used for this week. From a report: The Windows Feature Experience Pack will be used to "improve certain features and experiences that are now developed independently of the OS," according to Microsoft. The first feature pack has been released to Windows 10 beta testers this week, and it includes the ability to use the built-in screen snipping app to paste screenshots directly into folders within the File Explorer. The pack also includes a split keyboard mode for 2-in-1 touch devices.

Joe2020 writes: Famous developer Hector Martin who put Linux on the PS4 now wants to port Linux to the new Apple M1, and he wants to do it with the help of crowdfunding by making it his full-time job. One can find his official pledge for support here. "Since these devices are brand new and bespoke silicon, porting Linux to run on them is a huge undertaking. Well beyond a hobby project, it is a full-time job," the developer explains.

"The goal is to bring Linux support on Apple Silicon macs to the point where it is not merely a tech demo, but is actually an OS you would want to use on a daily driver device. To do this, there is a huge amount of work to be done. Running Linux on things is easy, but making it work well is hard. Drivers need to be written for all devices. The driver for the completely custom Apple GPU is the most complicated component, which is necessary to have a good desktop experience. Power management needs to work well too, for your battery life to be reasonable," the dev explains. Martin says he hopes to have enough donations to purchase the new Apple Silicon-powered devices and hire other people to help with the job.

Slashdot reader NoMoreACs also shared the news via Mac Rumors.

Remember when Microsoft was criticized for enabling "workplace surveillance" over "productivity scores" in its Microsoft 365 office software which gave managers highly detailed profiles of each individual employee's activity. Long-time Slashdot reader theodp writes: The Microsoft 365 Productivity Score apparently has roots in another Microsoft patent application for Systems, Methods, and Software for Implementing a Behavior Change Management Program, which also lays out plans for as yet unimplemented features to automatically schedule hundreds of employees for months of productivity re-education, including preventing employees from scheduling meetings with others if the service deems it counter-productive. So, could the HAL 9000's "I'm sorry Dave, I'm afraid I can't do that" be considered prior art?
But Microsoft "has even bigger ideas for using technology to monitor workers in the interest of maximizing organizational productivity," reports GeekWire: Newly surfaced Microsoft patent filings describe a system for deriving and predicting "overall quality scores" for meetings using data such as body language, facial expressions, room temperature, time of day, and number of people in the meeting. The system uses cameras, sensors, and software tools to determine, for example, "how much a participant contributes to a meeting vs performing other tasks (e.g., texting, checking email, browsing the Internet)."

The "meeting insight computing system" would then predict the likelihood that a group will hold a high-quality meeting. It would flag potential challenges when an organizer is setting the meeting up, and recommend alternative venues, times, or people to include in the meeting, for example... A patent application made public Nov. 12 notes, "many organizations are plagued by overly long, poorly attended, and recurring meetings that could be modified and/or avoided if more information regarding meeting quality was available." The approach would apply to in-person and virtual meetings, and hybrids of the two...

The filings do not detail any potential privacy safeguards. A Microsoft spokesperson declined to comment on the patent filings in response to GeekWire's inquiry. To be sure, patents are not products, and there's no sign yet that Microsoft plans to roll out this hypothetical system. Microsoft has established an internal artificial intelligence ethics office and a companywide committee to ensure that its AI products live by its principles of responsible AI, including transparency and privacy. However, the filings are a window into the ideas floating around inside Microsoft, and they're consistent with the direction the company is already heading.

Growl is being retired after surviving for 17 years.

Its page on GitHub explains: Growl is a notification system for OS X. Growl has been around since 2004, and was originally called Global Notifications Center. The name was changed to Growl (like the noise a dog makes) since we felt the name Notifications Center was too geeky. We were wrong about that haha.

Growl was meant as a proof of concept which became something more for a long period of time. Before Growl was made developers either had to pop up a very basic window or some other ugliness nobody liked. Working with developers on Adium and Colloquy who wanted to implement their own custom notifications into their applications is what birthed this project.

Growl is a retired project, we couldn't think of another thing to change which would be substantial enough to bring out a new updated release. Growl is stable and should work for as long as intel based programs work. Anyone who wants to run Growl is free to do so in an unsupported fashion.
Lead developer Christopher Forsythe writes at 336699.org: With the announcement of Apple's new hardware platform, a general shift of developers to Apple's notification system, and a lack of obvious ways to improve Growl beyond what it is and has been, we're announcing the retirement of Growl as of today.

It's been a long time coming. Growl is the project I worked on for the longest period of my open source career... There's even a SourceForge project for Global Notifications Center still out there if you want to go find it... Without Growl I do not know that we would have any sort of decent notification system in OS X, iOS, Android or who knows what else...

For developers we recommend transitioning away from Growl at this point. The apps themselves are gone from the app store, however the code itself still lives. Everything from our rake build system to our code is available for use on our GitHub page.

Windows Central reports: Microsoft is working on a software solution that would allow app developers to bring their Android apps to Windows 10 with little to no code changes by packaging them as an MSIX and allowing developers to submit them to the Microsoft Store. According to sources familiar with the matter, the project is codenamed 'Latte' and I'm told it could show up as soon as next year. The company has toyed with the idea of bringing Android apps to Windows 10 before via a project codenamed Astoria that never saw the light of day. Project Latte aims to deliver a similar product, and is likely powered by the Windows Subsystem for Linux (WSL.) Microsoft will need to provide its own Android subsystem for Android apps to actually run, however.

Microsoft has announced that WSL will soon get support for GUI Linux applications, as well as GPU acceleration which should aid the performance of apps running through WSL. It's unlikely that Project Latte will include support for Play Services, as Google doesn't allow Play Services to be installed on anything other than native Android devices and Chrome OS. This means that apps which require Play Services APIs will need to be updated to remove those dependencies before they can be submitted on Windows 10.

Yes, Torvalds said he'd love to have one of the new M1-powered Apple laptops, but it won't run Linux and, in an exclusive interview he explains why getting Linux to run well on it isn't worth the trouble. Steven J. Vaughan-Nichols writes via ZDNet: Recently, on the Real World Technologies forum, Linux's creator Linus Torvalds was asked what he thought of the new M1-powered Apple laptops. Torvalds replied, "I'd absolutely love to have one if it just ran Linux." You may think, "what's the problem? Doesn't Linux run on practically every processor on the planet from 80386s to IBM s390x to the ARM family of which Apple's M1 chip is a child?" Well, yes, yes it does. But it takes more than a processor to run a computer.

Torvalds would like to run Linux on these next-generation Macs. As he said, "I've been waiting for an ARM laptop that can run Linux for a long time. The new Air would be almost perfect, except for the OS. And I don't have the time to tinker with it, or the inclination to fight companies that don't want to help." Aye, there's the rub. In an exclusive interview, Torvalds expanded on why he can't see porting Linux to the M1-based Macs. "The main problem with the M1 for me is the GPU and other devices around it, because that's likely what would hold me off using it because it wouldn't have any Linux support unless Apple opens up."

Still, while Torvalds knows Apple opening up their chipsets "seems unlikely, but hey, you can always hope." Even if that "wasn't an issue," Torvalds continued, "My personal hope would be more cores. Even in a laptop, I don't care about 20-hour battery life (and I wouldn't get it building kernels anyway). I'd rather plug it in a bit more often, and have 8 big cores." As for the Mac's limited RAM -- no more than 16GBs on current models -- he can live with that. "16GBs is actually ok by me because I don't tend to do things that require a lot more RAM. All I do is read email, do git and kernel compiles. And yes, I have 64GB in my desktop, but that's because I have 32 cores and 64 threads, and I do hugely parallel builds. Honestly, even then 32GB would be sufficient for my loads." That said, other developers and power users may want more from the new Macs, Torvalds thinks. "The people who really want tons of memory are the ones doing multiple VMs or huge RAW file photography and video."

Rudra Saraswat is the creator of the Ubuntu Unity distro (which uses the Unity interface in place of Ubuntu's GNOME shell).

But this week they released Ubuntu Web Remix, "a privacy-focused, open source alternative to Google Chrome OS/Chromium OS" using Firefox instead of Google Chrome/Chromium. Liliputing reports: If the name didn't give it away, this operating system is based on Ubuntu, but it's designed to offer a Chrome OS-like experience thanks to a simplified user interface and a set of pre-installed apps including the Firefox web browser, some web apps from /e/, and Anbox, a tool that allows you to run Android apps in Linux...

You don't get the long battery life, cloud backup, and many other features that make Chromebooks different from other laptops (especially other cheap laptops). But if you're looking for a simple, web-centric operating system that isn't made by a corporate giant? Then I guess it's nice to have the option.
Rudra Saraswat writes: An easy web-app (wapp) format has been created to package web-apps for the desktop. You can now create your own web apps using web technologies, package them for the desktop and install them easily.

An experimental wapp store can be found at store.ubuntuweb.co, for distributing web apps. Developers and packagers can do pull requests at gitlab.com/ubuntu-web/ubuntu-web.gitlab.io to contribute wapps.

"Security researchers are blasting Apple for a feature in the latest Big Sur release of macOS that allows some Apple apps to bypass content filters and VPNs..." reports Threatpost. "While users assumed Apple would fix the flaw before the OS emerged from beta into full release, this doesn't appear to have happened."

"Beginning with macOS Catalina released last year, Apple added a list of 50 Apple-specific apps and processes that were to be exempted from firewalls like Little Snitch and Lulu," explains Ars Technica: The undocumented exemption, which didn't take effect until firewalls were rewritten to implement changes in Big Sur, first came to light in October. Patrick Wardle, a security researcher at Mac and iOS enterprise developer Jamf, further documented the new behavior over the weekend. To demonstrate the risks that come with this move, Wardle — a former hacker for the NSA — demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure...

Wardle tweeted a portion of a bug report he submitted to Apple during the Big Sur beta phase. It specifically warns that "essential security tools such as firewalls are ineffective" under the change.

Apple has yet to explain the reason behind the change.

Tom Warren, writing for The Verge: The PC revolution started off life 35 years ago this week. Microsoft launched its first version of Windows on November 20th, 1985, to succeed MS-DOS. It was a huge milestone that paved the way for the modern versions of Windows we use today. While Windows 10 doesn't look anything like Windows 1.0, it still has many of its original fundamentals like scroll bars, drop-down menus, icons, dialog boxes, and apps like Notepad and MS paint.

Google has released today version 87 of its Chrome browser, a release that comes with a security fix for the NAT Slipstream attack technique and a broader deprecation of the FTP protocol. From a report: Todays' release is available for Windows, Mac, Linux, Chrome OS, Android, and iOS. Users can update to the new version via Chrome's built-in update utility. While in previous versions, Google has shipped some changes to Chrome settings and UI elements, almost all the major new Chrome 87 features are aimed at web developers. In Chrome 87, we have new APIs and updates to Chrome's built-in Developer Tools, such as: Support for the new Cookie Store API; new features to allow easier modification of web fonts via CSS; a new feature to let websites enumerate all the locally installed fonts; support for pan, tilt, and zoom controls on webcam streams; and, support for debugging WebAuthn operations via the Chrome DevTools.

Last week, Apple released macOS Big Sur and the rollout was anything but smooth. The mass upgrade caused the Apple servers responsible for checking if a user opens an app not downloaded from the App Store to slow to a crawl. Apple eventually fixed the problem, "but concerns about paralyzed Macs were soon replaced by an even bigger worry -- the vast amount of personal data Apple, and possibly others, can glean from Macs performing certificate checks each time a user opens an app that didn't come from the App Store," writes Dan Goodin via Ars Technica. From the report: Before Apple allows an app into the App Store, it must first pass a review that vets its security. Users can configure the macOS feature known as Gatekeeper to allow only these approved apps, or they can choose a setting that also allows the installation of third-party apps, as long as these apps are signed with a developer certificate issued by Apple. To make sure the certificate hasn't been revoked, macOS uses OCSP -- short for the industry standard Online Certificate Status Protocol -- to check its validity. [...] Somehow, the mass number of people upgrading to Big Sur on Thursday seems to have caused the servers at ocsp.apple.com to become overloaded but not fall over completely. The server couldn't provide the all clear, but it also didn't return an error that would trigger the soft fail. The result was huge numbers of Mac users left in limbo.

The post Your Computer Isn't Yours was one of the catalysts for the mass concern. It noted that the simple HTML get-requests performed by OCSP were unencrypted. That meant that not only was Apple able to build profiles based on our minute-by-minute Mac usage, but so could ISPs or anyone else who could view traffic passing over the network. (To prevent falling into an infinite authentication loop, virtually all OCSP traffic is unencrypted, although responses are digitally signed.) Fortunately, less alarmist posts like this one provided more helpful background. The hashes being transmitted weren't unique to the app itself but rather the Apple-issued developer certificate. That still allowed people to infer when an app such as Tor, Signal, Firefox, or Thunderbird was being used, but it was still less granular than many people first assumed. The larger point was that, in most respects, the data collection by ocsp.apple.com wasn't much different from the information that already gets transmitted in real time through OCSP every time we visit a website. [...] In short, though, the takeaway was the same: the potential loss of privacy from OCSP is a trade-off we make in an effort to check the validity of the certificate authenticating a website we want to visit or a piece of software we want to install.

In an attempt to further assure Mac users, Apple on Monday published this post. It explains what the company does and doesn't do with the information collected through Gatekeeper and a separate feature known as notarization, which checks the security even of non-App Store apps. The post went on to say that in the next year, Apple will provide a new protocol to check if developer certificates have been revoked, provide "strong protections against server failure," and present a new OS setting for users who want to opt out of all of this. [...] People who don't trust OCSP checks for Mac apps can turn them off by editing the Mac hosts file. Everyone else can move along.

Long-time Slashdot reader shanen noticed a strange sound in one of their old machines, prompting them to ponder: what is the ultimate backup system? I've researched this topic a number of times in the past and never found a good answer...

I think the ultimate backup would be cloud-based, though I can imagine a local solution running on a smart storage device — not too expensive, and with my control over where the data is actually stored... Low overhead on the clients with the file systems that are being backed up. I'd prefer most of the work to be done on the server side, actually. That work would include identifying dupes while maintaining archival images of the original file systems, especially for my searches that might be based on the original folder hierarchies or on related files that I can recall being created around the same time or on the same machine...

How about a mail-in service to read old CDs and floppies and extract any recoverable data? I'm pretty sure I spotted an old box of floppies a few months ago. Not so much interested in the commercial stuff (though I do feel like I still own what I paid for) as I'm interested in old personal files — but that might call for access to the ancient programs that created those files.

Or maybe you want to share a bit about how you handle your backups? Or your version of the ultimate backup system...?
Slashdot reader BAReFO0t recommends "three disks running ZFS mirroring with scraping and regular snapshots, and two other locations running the same setup, but with a completely independent implementation. Different system, different PSU, different CPU manufacturer, different disks, different OS, different file system, different backup software, different building construction style, different form of government, etc."

shanen then added "with minimal time and effort" to the original question — but leave your own thoughts and suggestions in the comments.

What's your ultimate backup solution?

"Ubuntu developers have fixed a series of vulnerabilities that made it easy for standard users to gain coveted root privileges," reports Ars Technica: "This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu," Kevin Backhouse, a researcher at GitHub, wrote in a post published on Tuesday. "With a few simple commands in the terminal, and a few mouse clicks, a standard user can create an administrator account for themselves."

The first series of commands triggered a denial-of-service bug in a daemon called accountsservice, which as its name suggests is used to manage user accounts on the computer... With the help of a few extra commands, Backhouse was able to set a timer that gave him just enough time to log out of the account before accountsservice crashed. When done correctly, Ubuntu would restart and open a window that allowed the user to create a new account that — you guessed it — had root privileges...

The second bug involved in the hack resided in the GNOME display manager, which among other things manages user sessions and the login screen. The display manager, which is often abbreviated as gdm3, also triggers the initial setup of the OS when it detects no users currently exist. "How does gdm3 check how many users there are on the system?" Backhouse asked rhetorically. "You probably already guessed it: by asking accounts-daemon! So what happens if accounts-daemon is unresponsive....?"

The vulnerabilities could be triggered only when someone had physical access to, and a valid account on, a vulnerable machine. It worked only on desktop versions of Ubuntu.
"This bug is now tracked as CVE-2020-16125 and rated with a high severity score of 7.2 out of 10. It affects Ubuntu 20.10, Ubuntu 20.04, and Ubuntu 18.04..." reports Bleeping Computer.

They add that the GitHub security research who discovered the bugs "reported them to Ubuntu and GNOME maintainers on October 17, and fixes are available in the latest code."

An anonymous reader quotes a report from IEEE Spectrum: While setting fire to an iron ingot is probably more trouble than it's worth, fine iron powder mixed with air is highly combustible. When you burn this mixture, you're oxidizing the iron. Whereas a carbon fuel oxidizes into CO2, an iron fuel oxidizes into Fe2O3, which is just rust. The nice thing about rust is that it's a solid which can be captured post-combustion. And that's the only byproduct of the entire business -- in goes the iron powder, and out comes energy in the form of heat and rust powder. Iron has an energy density of about 11.3 kWh/L, which is better than gasoline. Although its specific energy is a relatively poor 1.4 kWh/kg, meaning that for a given amount of energy, iron powder will take up a little bit less space than gasoline but it'll be almost ten times heavier. It might not be suitable for powering your car, in other words. It probably won't heat your house either. But it could be ideal for industry, which is where it's being tested right now.

Researchers from TU Eindhoven have been developing iron powder as a practical fuel for the past several years, and last month they installed an iron powder heating system at a brewery in the Netherlands, which is turning all that stored up energy into beer. Since electricity can't efficiently produce the kind of heat required for many industrial applications (brewing included), iron powder is a viable zero-carbon option, with only rust left over. So what happens to all that rust? This is where things get clever, because the iron isn't just a fuel that's consumed -- it's energy storage that can be recharged. And to recharge it, you take all that Fe2O3, strip out the oxygen, and turn it back into Fe, ready to be burned again. It's not easy to do this, but much of the energy and work that it takes to pry those Os away from the Fes get returned to you when you burn the Fe the next time. The idea is that you can use the same iron over and over again, discharging it and recharging it just like you would a battery.

To maintain the zero-carbon nature of the iron fuel, the recharging process has to be zero-carbon as well. There are a variety of different ways of using electricity to turn rust back into iron, and the TU/e researchers are exploring three different technologies based on hot hydrogen reduction (which turns iron oxide and hydrogen into iron and water). [...] Both production of the hydrogen and the heat necessary to run the furnace or the reactors require energy, of course, but it's grid energy that can come from renewable sources. [...] Philip de Goey, a professor of combustion technology at TU/e, told us that he hopes to be able to deploy 10 MW iron powder high-temperature heat systems for industry within the next four years, with 10 years to the first coal power plant conversion.