Samsung is upping the ante on Android updates and offering four years of security updates on many of its Android devices. The company's full update package is now three years of major OS updates and four years of security updates, besting even what Google offers on the Pixel line. From a report: In the announcement, Samsung says, "Over the past decade, Samsung has made significant progress in streamlining and speeding up its regular security updates. Samsung worked closely with its OS and chipset partners, as well as over 200 carriers around the world, to ensure that billions of Galaxy devices receive timely security patches." Samsung has experimented with bringing four years of updates to its own Exynos SoC devices, but now it looks like the company is getting Qualcomm models on board as well. Keep in mind that these are not necessarily monthly security updates. Samsung says it's delivering four years of "monthly or quarterly" updates, depending on the age of the device. Samsung's current security bulletin page has the Galaxy S9 (2018) on the monthly update plan, while the Galaxy S8 is on the quarterly plan. So it sounds like three years of monthly security updates and one more year of quarterly updates.

Microsoft's security team said today it has formally completed its investigation into its SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers. From a report: The OS maker began investigating the breach in mid-December after it was discovered that Russian-linked hackers breached software vendor SolarWinds and inserted malware inside the Orion IT monitoring platform, a product that Microsoft had also deployed internally. In a blog post published on December 31, Microsoft said it discovered that hackers used the access they gained through the SolarWinds Orion app to pivot to Microsoft's internal network, where they accessed the source code of several internal projects. "Our analysis shows the first viewing of a file in a source repository was in late November and ended when we secured the affected accounts," the company said today, in its final report into the SolarWinds-related breach.

Microsoft has begun deploying this week KB4577586, a Windows update that permanently removes the Adobe Flash Player software from Windows devices. From a report: The update was formally announced last year at the end of October when Microsoft and other browser makers were preparing for the impending Flash end-of-life, scheduled for the end of 2020. According to a support document published at the time, the update was initially supposed to be optional. System administrators who wanted to remove Flash before the EOL date could access the Microsoft Update Catalog, download the KB4577586 packages, and remove Flash to avoid any security-related issues. But this week, multiple Windows 10 users reported that Microsoft is now forcibly installing KB4577586 on their devices and removing Flash support from the OS. While users might think this would cause issues for some enterprises, it actually does not. Last year, Adobe introduced a time bomb in the Flash Player code that prevents the Flash Player app from playing content after January 12.

New numbers show 2020 was the first year that Chromebooks outsold Macs, posting impressive market share gains at the expense of Windows. From a report: Computers powered by Google's Chrome OS have outsold Apple's computers in individual quarters before, but 2020 was the first full year that Chrome OS took second place. Microsoft's Windows still retained majority market share, but also took a big hit as both Chrome OS and macOS gained share. The milestone is based on numbers provided by IDC, which doesn't typically break out sales based on device operating system. But when we went looking to see how the pandemic may have impacted the PC market, IDC analyst Mike Shirer confirmed the findings to GeekWire. This is a big win for Google and a warning for both Apple and Microsoft. It also signals to app and game developers that Chrome OS can no longer be ignored. Frankly, any business that provides a product or service over the internet should be setting aside resources to ensure the Chrome OS experience is comparable to Windows and macOS.

If you're one of the few people still using a PC with an x86 processor more than 15 years old, here's another reason to upgrade: the devices will not work with future Chrome releases, starting with version 89 of the world's most popular browser. TechSpot reports: The Chromium development team announced that CPUs older than the Intel Core 2 Duo and AMD Athlon 64 would not work with Chrome 89 and future versions as they do not meet the new minimum instruction set requirement of SSE3 (Supplemental Streaming SIMD Extensions 3) support. So, if you are still sporting an Intel Atom or Celeron M CPU, you'll soon be counting Chrome as one of the many programs that are incompatible with your potato-like rig. The devices will no longer attempt to install the browser, while running it will result in the software crashing. It's noted that the change only affects Windows as Chrome OS, Android and, Mac already require SSE3 support.

An anonymous reader quotes a report from Ars Technica: The final version of Android 12 should be released sometime in September, but the first developer preview is expected any day now. Our first hint of what Google's new release might have in store comes to us from XDA Developers' Mishaal Rahman, who has some pictures of what looks like a major UI overhaul for Android 12. According to the report, these images represent mockups, not screenshots, of Android 12. The mockups appear in a document describing the new features of Android 12, and the document is being passed around to partners as a heads-up before the public rollout.

The first thing that jumps out to me is the weird sepia-tone color scheme, like someone left night mode on permanently. This color scheme looks like a huge change compared to the all-white color scheme of Android 11, but it's probably completely up to the user. [...] Even if we ignore the colors, the notification panel is still pretty different, which is totally on brand for Android, as the notification panel gets revamped in every release. Starting at the top, the weird black status bar is gone, replaced with a single sheet that serves as a notification background. It's not transparent here, but that could just be a mockup inaccuracy. The time and date have swapped places, with the date on top now. The quick settings are no longer in a box, and they've been cut down to four instead of six (booo!). The Quick Settings shapes have been configurable in the past, but it now looks like there's a mix of shapes, with disabled settings having a square background and enabled settings getting a circle.

There's also a new "Privacy" settings screen, which gives you what looks like systemwide kill switches for the camera, microphone, and location. None of these switches is new, but you get easy, more obvious access to them now. This privacy screen also seems to show a new design for the settings. In addition to the new color scheme, it looks like Google is taking after Samsung and some other Android OEMs in designing settings screens with reachability in mind. There's a huge "Privacy" banner at the top, with lots of white space above it, pushing the start of the list down from the very top of the phone. Most good implementations of this feature shrink the top banner once you start scrolling. The final new item in the mockups is a "conversations" widget. This seems to show a person or group chat and recent messages or calls from that person. It appears to combine messages from multiple apps into a single widget, which would be possible through the existing notification APIs.

Thanks to the hard work of the SwitchRoot team, it's now possible to enjoy an Android 10-based LineageOS 17.1 port on your Nintendo Switch console. XDA Developers reports: The Android 10 release is based on the LineageOS 17.1 build for the NVIDIA SHIELD TV and brings many improvements over the previous release, including a much-needed deep sleep mode so the OS doesn't murder your console's battery life. It's also generally faster and more responsive than the previous Android 8.1 Oreo version, according to the SwitchRoot team.

The ROM comes in two flavors: a Tablet build that offers a standard Android UI with support for all apps and an Android TV build that supports both docked and undocked use cases but has more limited app support. The former is recommended if you primarily use your Nintendo Switch while undocked, while the latter will offer a much-better docked experience. As for bugs and broken things, the developer says games built for the SHIELD (Half-Life 2, Tomb Raider, etc.) aren't supported, and you might notice some stuttering with Bluetooth audio. Some apps also may not support the Joy-Con D-Pad.

In order to install this build, you'll need an RCM-exploitable Nintendo Switch, a USB-C cable, a high-speed microSD card (formatted to FAT32), and a PC. If you already have the Android 8.1 Oreo build installed on your SD card, just make sure to back up your data before installing the Android 10 build, as flashing this new ROM will wipe all data. After installing the ROM itself, be sure to flash the Google Apps package, Alarm Disable ZIP, and Xbox Joycon Layout ZIP if you use an Xbox controller. You can download LineageOS 17.1 for Nintendo Switch here.

Microsoft is working on adding a new security alert to the dashboard of Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) that will notify companies when their employees are being targeted by nation-state threat actors. From a report: The feature was added on Saturday to the Microsoft 365 roadmap website. The idea behind the feature is not new. Since 2016, Microsoft began tracking nation-state hacking groups and the attacks they orchestrate against Microsoft email accounts. If a user is targeted or compromised in one of these attacks, Microsoft sends them an email about the attack, along with basic advice they need to take to re-secure their inbox and devices. Microsoft said in 2019 that it usually notifies around 10,000 users per year of nation-state attacks. But the problem with this notification procedure is that it relies on users reading their email and taking action, which doesn't always happen. Users don't read their emails daily, or it might sometimes take hours before the user reaches the notification in crowded inboxes, a time during which attackers could use to steal sensitive documents. For organizations who are customers of Microsoft's Office 365 service, the OS maker now plans to add these notifications inside the dashboard of Microsoft Defender for Office 365, the cloud-based security platform that scans a company's Office 365 accounts for threats.

It's been estimated that there are 24 million developers in the world. 14 million of them now use Microsoft's Visual Studio Code (VS Code) as their IDE, reports ZDNet, with five million new users arriving in 2020.

Julia Liuson, corporate vice president of Microsoft's developer division, tells them why: "The strategy for VS Code is really to support our any, any, any strategy. You can be a developer working with any programming language, working on any operating system and develop any kind of software." VS Code runs on macOS, Windows 10, and multiple distributions of Linux, it supports Arm64 on Linux, and runs on Raspberry Pi and Chromebooks. It's also available in preview form
Part of VS Code's popularity is the breadth of language extensions for C++, C#, Python and various Python libraries for data scientists, Java, and JavaScript/Typescript... "We have almost two million Python developers using VS Code and well over a million C++ developers using VS Code," said Liuson. "And even our Java usage is approaching one million...."

Liuson also talked about Microsoft's inner source approach to software development. The company doubled down on inner source in 2019, and recently highlighted its inner-source approach as a factor that mitigated the threat of the SolarWinds hackers accessing its source code. Microsoft didn't make up the term inner source and the approach means taking open-source development practices and applying them inside a single organization. GitHub and GitHub's Enterprise Server fits snuggly with this approach to help organizations collaborate but do so in private.

"Inner source means if you have private IP, but you're inviting other teams within the company to collaborate with you. That's the fundamental difference between open source and inner source. Today, it's very common in large enterprise..."

Slashdot reader rushtobugment quotes a story from Hot Hardware: One of the software options for running a Raspberry Pi module is Raspberry Pi OS (formerly Raspbian), the officially supported Debian-based operating system put out by The Raspberry Pi Foundation. It has been around since 2015 without too much complaint. However, a recent update has some Raspberry Pi OS users up in arms over a key change involving Microsoft.

The latest update installs a Microsoft apt respository on all any machine running Raspberry Pi OS, and does it without any admin consent. As discovered by Reddit user fortysix_n_2, the official reason is an endorsement of Microsoft's integrated development environment, Visual Studio Code, which is fine and dandy. However, it's claimed this even gets installed on headless devices that used a light image without a GUI. As a result, every time you do an "apt update" on your Pi device, the OS pings Microsoft.

"By having this repo, every time an install of Raspberry Pi OS is updated it will ping a Microsoft server. Microsoft will know you're using Raspberry Pi OS/likely Raspberry Pi owner and your IP address...." fortysix_n_2 explains.
Or, as a headline explains on the Windows Central blog, "Microsoft repo silently added to Raspberry Pi OS, folks begin the freak out..."

"As one particularly vocal commenter pointed out, modifying the sources.list in Linux without consent just doesn't happen. It also doesn't just apply to new images, it has been built out to be added to existing machines, too."

UPDATE: An anonymous Slashdot reader spotted Raspberry Pi founder Eben Upton's response to the controversy on Twitter. When asked if the foundation could be more transparent, like publishing a blog post about the repositories to be included, Upton responded:

"I can't understand why you think this was a controversial thing to do. We do things of this sort all the time without putting out a blog post about how to opt out."

AlmaLinux describes itself as "an open-source, community-driven project that intends to fill the gap left by the demise of the CentOS stable release." And now AlmaLinux "has announced their beta release of their CentOS/RHEL 8 fork," writes Slashdot reader juniorkindergarten.

AlmaLinux will be getting $1 million a year in development funding from CloudLinux (the company behind CloudLinux OS, a CentOS clone with over 200,000 active server instances). Their CEO stresses that AlmaLinux "is built with CloudLinux expertise but will be owned and governed by the community. We intend to deliver this forever-free Linux distribution this quarter." And they've committed to supporting it through 2029.

Their press release touts AlmaLinux as "a 1:1 binary compatible fork of RHEL 8, with an effortless migration path from CentOS to AlmaLinux. Future RHEL releases will also be forked into a new AlmaLinux release."

From the AlmaLinux blog: We've collected community feedback and built our new beta release around what you would expect from an enterprise-level Linux distribution...inspired by the community and built by the engineers and talent behind CloudLinux. Visit https://almalinux.org to download the Beta images.

With the Beta release deployed, we'd like to ask the community to be involved and provide feedback. We aim to build a Linux distribution entirely from community contributions and feedback. During AlmaLinux Beta, we ask for assistance in testing, documentation, support and future direction for the operating system. Together, we can build a Linux distribution that fills the gap left by the now unsupported CentOS distribution.
On Wednesday they'll be hosting a live QA webinar with the AlmaLinux team. And there's also a small AlmaLinux forum on Reddit.

A British security researcher has discovered this week that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed. From a report: The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users. Qualys researchers discovered that they could trigger a "heap overflow" bug in the Sudo app to change the current user's low-privileged access to root-level commands, granting the attacker access to the whole system. The only condition to exploit this bug was that an attacker gain access to a system, which researchers said could be done by either planting malware on a device or brute-forcing a low-privileged service account. In their report last week, Qualys researchers said they only tested the issue on Ubuntu, Debian, and Fedora. They said that are UNIX-like operating systems are also impacted, but most security researchers thought the bug might impact BSD, another major OS that also ships with the Sudo app.

VideoLAN, in a blog post: The VideoLAN project and the VideoLAN non-profit organization are happy to celebrate today the 20th anniversary of the open-sourcing of the project. VideoLAN originally started as a project from the Via Centrale Reseaux student association, after the successful Network 2000 project. But the true release of the project to the world was on 1st of February 2001, the Ecole Centrale Paris director, Mr. Gourisse, allowed the open-sourcing of the whole VideoLAN project under the GNU GPL. This open sourcing concerned all the software developed by the VideoLAN project, including VideoLAN Client, VideoLAN Server, VideoLAN Bridge, VideoLAN Channel Switcher, but also libraries to decode DVDs, like libdca, liba52 or libmpeg2. At that time, this was a risky decision for the Ecole Centrale Paris, and the VideoLAN project is very grateful.

Since then, the project evolved to become a French non-profit organization, and continued developing numerous solutions around the free software multimedia world. Today, VLC media player is used regularly by hundreds of millions of users, and has been downloaded more than 3.5 billion times over the years. VLC is today available on Windows, macOS, Linux, Android (including TV and Auto versions), iOS (and AppleTV), OS/2 and BSD. Over the years, around 1000 volunteers worked to make VLC a reality.

Google has started rolling out Chrome OS 88. The update includes a couple of enhancements, the most notable of which is a new screen saver you can use to get more functionality out of your computer's lock screen. Engadget reports: By enabling the feature, your Chromebook will be able to display images from your Google Photos library, including those you've organized into specific albums. You can also choose from a selection of default images put together by Google. If you use the Google Photos functionality built into the Pixel Stand and Nest Hub, you'll have a good idea of how the screen saver works.

The lock screen also displays the time and local weather and provides you with easy to access media controls so you can pause or play a song. You'll find your WiFi and battery status on the bottom right corner and the option to sign out from your account if you want. You enable the feature by digging into the settings menu of Chrome OS and finding your way to the Personalization section. Once enabled, it will turn on when the operating system detects that your device has been idle for some time. The update also introduces a feature that allows you to use your pin or fingerprint, instead of a password, to log into websites that support the WebAuthn standard.

Google released Chrome 88 this week — and besides improving its dark mode support, they removed support for both Adobe Flash and FTP.

PC World calls it "the end of two eras." The most noteworthy change in this update is what's not included. Chrome 88 lays Adobe Flash and the FTP protocol to rest. RIP circa-2000 Internet.

Neither comes as a surprise, though it's poetic that they're being buried together. Adobe halted Flash Player downloads at the end of 2020, making good on a promise made years before, and began blocking Flash content altogether a couple weeks later. Removing Flash from Chrome 88 is just Google's way of flushing the toilet.

On the other hand, FTP isn't dead, but it is now for Chrome users. The File Transport Protocol has helped users send files across the Internet for decades, but in an era of prolific cloud storage services and other sharing methods, its use has waned. Google started slowly disabling FTP support in Chrome 86, per ZDNet, and now you'll no longer be able to access FTP links in the browser. Look for standalone FTP software instead if you need it, such as FileZilla.

That's not all. Mac users should be aware that Chrome 88 drops support for OS X 10.10 (OS X Yosemite). Yosemite released in 2014 and received its last update in 2017...

But Google killing Flash and FTP might be the footnotes that hit old-school web users in the feels.
Chrome 88 will also block non-encrypted downloads originating from an encrypted page, the article reports. And the Verge notes Chrome also offers less intrusive website permission requests (as an experimental feature enabled from chrome://flags/#permission-chip ), while Bleeping Computer describes Chrome 88's new experimental feature for searching through all your open tabs.

And Chrome's blog points out some additional features under the hood: Chrome 88 will heavily throttle chained JavaScript timers for hidden pages in particular conditions. This will reduce CPU usage, which will also reduce battery usage. There are some edge cases where this will change behavior, but timers are often used where a different API would be more efficient, and more reliable.

We have learned that Brad Cox, computer scientist known mostly for creating the Objective-C programming language with his business partner Tom Love, died on January 2, 2021 at his residence. He was 76. From a Legacy.com post: Brad was born on May 2, 1944 in Fort Benning, Georgia, to the late Nancy Hinson Cox and Dewey McBride Cox of Lake City, South Carolina. Brad grew up on the family's dairy farm in South Carolina but found himself most interested in science. After graduating from Lake City High School, he received his Bachelor of Science Degree in Organic Chemistry and Mathematics from Furman University, and his Ph.D. from the Department of Mathematical Biology at the University of Chicago, and worked on an early form of neural networks. He soon found himself more interested in computers and got a job at International Telephone and Telegraph (ITT) and later joined Schlumbeger -- Doll Research Labs, and ultimately formed his own Connecticut startup, Productivity Products International (PPI) later named Stepstone.

Among his first known software projects, he wrote a PDP-8 program for simulating clusters of neurons. He worked at the National Institutes of Health and Woods Hole Oceanographic Institute before moving into the software profession. Dr. Cox was an entrepreneur, having founded the Stepstone Company together with Tom Love for releasing the first Objective-C implementation. Stepstone hoped to sell "ICPaks" and Dr. Cox focused on building his ICPak libraries and hired a team to continue work on Objective-C, including Steve Naroff. The late Steve Jobs', NeXT, licensed the Objective-C language for it's new operating system, NEXTSTEP. NeXT eventually acquired Objective- C from Stepstone. Objective-C continued to be the primary programming language for writing software for Apple's OS X and iOS.

Wine 6.0 has been released today and contains over 8,300 changes, according to its full release notes. Windows Central reports: The new release of version 6.0 has thousands of changes, but Wine's website highlights some of the biggest improvements: Core modules in PE format; Vulkan backend for WineD3D; DirectShow and Media Foundation support; and Text console redesign. The full release notes for Wine 6.0 explain that the core DLLs, which include NTDLL, KERNEL32, GDI32, and USER32 are now built in the Portable Executable (PE) format. As a result, people should see improvements for certain copy protection schemes.

The update also includes a new mechanism to associate a Unix library with the PE module. This change makes it so systems can call Unix libraries from PE when trying to perform a function that can't be handled by Win32 APIs. Wine 6.0 also includes an experimental Vulkan rendered that translates Direct3D shaders to SPIR-V shaders. In another change related to Direct3D, the Direct3D graphics card database now recognizes more graphics cards and includes updated driver versions.

The state of Florida's former Covid-19 data manager was arrested today.

After her firing in May of 2020, Rebekah Jones had become a critic of the state's publicly-available information, even setting up her own online dashboard of Covid-19 case data. The state suspected her of being the person who'd illegally accessed the state's emergency alert health system in December to urge Health Department employees to speak up about the coronavirus, and state police obtained a warrant for a raid on her home during which they'd seized her computers and cellphones.

Jones later called the raid a "sham" to retaliate against her for not altering the state's COVID-19 data. This weekend on Twitter, Jones emphasized that the police found zero evidence during their raid to connect her to that message. She also argues that the newer allegation "was issued the day after a Tallahassee judge told police that if they're not investigating a crime, they had to return my equipment."

During that raid "police did find documents I received/downloaded from sources in the state, or something of that nature..." Jones posted Saturday. "[I]t isn't clear at this point what exactly they're saying I had that I shouldn't have had, but an agent confirmed it has nothing to do with the subject of the warrant."

The Tampa Bay Times reports: Jones announced Saturday on Twitter that she learned of the warrant and plans to turn herself in on Sunday. The Florida Department of Law Enforcement confirmed there is a warrant for Jones' arrest but said it cannot disclose what charges she faces until she is in custody.

Agency spokesman Gretl Plessinger said in an email to the Tampa Bay Times that "agents have been working with her attorney to have her turn herself in..."

Jones said she and her attorney were not told what she's being prosecuted for, just that she faces one criminal charge...
"The agent told my lawyer there would be only one charge," Jones tweeted on Saturday, "but emphasized that speaking out or going to the media may result in police 'stacking' additional charges."

UPDATE (1/18/2021): Monday in court prosecutors asked that Jones be banned from the internet, and be required to wear a GPS monitor — but a judge rejected the request (according to a local news report cited by the Orlando Sentinel). The warrant alleges that on Nov. 10, Jones downloaded a file equivalent to between 600 and 700 sheets of paper, containing contact information for about 19,182 Floridians. The file contained names, organizations, titles, home counties as well as personal phone numbers and emails, the warrant states.

On her Twitter account, Jones said the charge was retaliation for her criticisms of the state's COVID-19 response and claimed the charge had nothing to do with the original search warrant at her home last month...

The agency said the message was sent from an IP address that matched Jones' address, according to the warrant. Agents seized a desktop computer from Jones' home during the search, and a forensic analysis revealed she downloaded the file containing the information, the warrant reads.

The charge is a third-degree felony.

Just ahead of its launch for commercial PC-like devices, an install image of Windows 10X for single screens has leaked, giving us an early peek at Microsoft's new OS. And yes, it's just like Chrome OS. From a report: Let's just get that out of the way. Microsoft has been working for years on a Chromebook competitor, but it has been largely unsuccessful. Windows 10 S, which was originally called Windows 10 Cloud, was Terry Myerson's approach, and that, of course, crashed and burned, in part because it looked identical to Windows 10 but couldn't run downloaded Windows 10 desktop applications. And now we have Windows 10X. Microsoft tried to hide its true intent with this product by pretending last year that it was aimed at a new generation of dual-display PCs, but the software giant really created 10X to compete with Chrome OS on inexpensive single-display PCs. So after failing to get its container-based Windows desktop application compatibility solution to work, Microsoft scaled back and repositioned Windows 10X as was originally intended: It will now ship only on new traditional PCs aimed at education and other commercial markets.

Google published a six-part report this week detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices. From a report: The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks, Google said. "One server targeted Windows users, the other targeted Android," Project Zero, one of Google's security teams, said in the first of six blog posts. Google said that both exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. Once an initial entry point was established in the user's browsers, attackers deployed an OS-level exploit to gain more control of the victim's devices. The exploit chains included a combination of both zero-day and n-day vulnerabilities, where zero-day refers to bugs unknown to the software makers, and n-day refers to bugs that have been patched but are still being exploited in the wild.