Microsoft

Microsoft: We Never Encourage a Ransomware Victim To Pay (zdnet.com) 62

An anonymous reader shares a report: Ever since ransomware became a top threat in the mid-2010s, people have been arguing about the proper way of dealing with a ransomware attack and the merits of paying or not paying a ransom demand. A big point of contention has been "the official advice" that various companies or government agencies give out to victims. For example, in late 2015, the FBI found itself in the middle of a controversy when one of its agents publicly admitted that the bureau was, in many cases, recommending that victims pay ransom demands. At the time, many were shocked to find out that the FBI was telling victims to pay ransomware demands, and helping criminal gangs boost their profits.

The Bureau changed its official stance a few months later, in 2016, after US senators sent letters asking why the agency was helping out criminals. Since then, the FBI's official position has been to defer the decision to pay a ransom to the victim, with no formal advice. [...] In a blog post today, Microsoft, for the first time, revealed its stance on the matter. "We never encourage a ransomware victim to pay any form of ransom demand," said Ola Peters, Senior Cybersecurity Consultant for Microsoft Detection and Response Team (DART), the OS maker's official incident response team. "Paying a ransom is often expensive, dangerous, and only refuels the attackers' capacity to continue their operations," Peters added.

Google

Ask Slashdot: Who Is Most Likely To Challenge Microsoft In the Office? 147

Tablizer writes: Microsoft still dominates cubicle-land. Google is making a push into that domain, but it's unclear how far or how fast they can go. Most "serious" applications still run on only Windows and that doesn't seem to be changing much. What's keeping others out? Do we need new desktop-oriented, cross-platform standards? It seems everyone "went web" and forgot about the desktop niche, but it's a big niche still.
Programming

Tony Brooker, Pioneer of Computer Programming, Dies At 94 (nytimes.com) 26

Cade Metz from The New York Times pays tribute to Tony Brooker, the mathematician and computer scientist who designed the programming language for the world's first commercial computer. Brooker died on Nov. 20 at the age of 94. From the report: Mr. Brooker had been immersed in early computer research at the University of Cambridge when one day, on his way home from a mountain-climbing trip in North Wales, he stopped at the University of Manchester to tour its computer lab, which was among the first of its kind. Dropping in unannounced, he introduced himself to Alan Turing, a founding father of the computer age, who at the time was the lab's deputy director. When Mr. Brooker described his own research at the University of Cambridge, he later recalled, Mr. Turing said, "Well, we can always employ someone like you." Soon they were colleagues.

Mr. Brooker joined the Manchester lab in October 1951, just after it installed a new machine called the Ferranti Mark 1. His job, he told the British Library in an interview in 2010, was to make the Mark 1 "usable." Mr. Turing had written a user's manual, but it was far from intuitive. To program the machine, engineers had to write in binary code -- patterns made up of 0s and 1s -- and they had to write them backward, from right to left, because this was the way the hardware read them. It was "extremely neat and very clever but pretty meaningless and very unfriendly," Mr. Brooker said. In the months that followed, Mr. Brooker wrote a language he called Autocode, based on ordinary numbers and letters. It allowed anyone to program the machine -- not just the limited group of trained engineers who understood the hardware. This marked the beginning of what were later called "high-level" programming languages -- languages that provide increasingly simple and intuitive ways of giving commands to computers, from the IBM mainframes of the 1960s to the PCs of the 1980s to the iPhones of today.

Microsoft

Windows 10 Mobile Reaches End of Support (androidauthority.com) 55

We've known Windows 10 Mobile has been a dead platform for years now. Even Microsoft themselves have been telling people they need to switch to Android or iOS. But yesterday, we saw the final blow to Microsoft's mobile OS -- it officially reached its end of life and is no longer supported. From a report: There is some good news for the two of you still running Windows 10 Mobile though. The platform's office apps will receive updates and security patches until January 12, 2021. This includes Microsoft Word, Excel, PowerPoint, and OneNote. That means you still have a little more time before you absolutely need to migrate to another mobile platform if you just can')t break your Windows 10 Mobile addiction. Though we still recommend you take the leap as soon as possible.
Networking

Cisco Outlines Silicon, Software Roadmap For Next Generation Internet (zdnet.com) 21

An anonymous reader writes: Cisco on Wednesday outlined new details behind its strategy to build next-generation internet technology. As a set up for what it dubs its 'Internet for the Future' strategy, the networking giant announced a multi-year plan for building and investing in 5G internet technology, including silicon, optics and software. On the silicon side, Cisco announced Silicon One, a new switching and routing applications specific integrated circuit (ASIC) for the 5G internet era. The programmable networking chip is designed to provide significant improvements to performance, bandwidth, power efficiency, scalability and flexibility, according to Cisco. Cisco said the first first generation of the chip, Q100, surpassed the 10 Tbps routing milestone for network bandwidth.

In addition to the silicon, Cisco also outlined its focus on the optics space. As port rates increase from 100G to 400G, optics become a larger portion of the cost to build and operate internet infrastructure. To account for that, Cisco said its qualification program tests its optics and non-Cisco optics to comply with industry standards, and invests organically to make sure that its router and switch ports rates continue to increase. Cisco also announced plans to offer flexible consumption models for Silicon One that were first established with its optics portfolio, followed by the disaggregation of the Cisco IOS XR7 software.
The Silicon One architecture will integrate into its new 8000 series carrier class routers, which is powered by Cisco's new IOS XR7 operating system. The OS will provide faster download speeds and security improvements, Cisco said.

According to the report, Cisco is currently working with Comcast and NTT Communications on ongoing deployments and trials of the 8000 series.
Microsoft

Microsoft Reveals New Windows Logo, Office Icons (theredmondcloud.com) 52

Ammalgam shares a report from The Redmond Cloud: Microsoft is refreshing its Windows logo and the icons for many of the operating system's apps. While Microsoft already announced new icons for the Office suite, Microsoft is now redesigning more than 100 icons across the company with new colors, materials, and finishes. We can see a softer modernized design based on their Fluent Design set of principles. You can see the new Windows logo in the images here.

This is all part of a bigger push to modernize Microsoft's software and services under the Fluent Design set of principles. These aren't huge changes but slight flourishes to existing icons to make them look congruent when viewed in a series or set. This also seems like part of an attempt to clean up inconsistent icons in the Microsoft Windows OS. Microsoft's icon work is gradual and will continue throughout 2020.
Jon Friedman, corporate vice president of design and research at Microsoft, announced the changes in a Medium post.
Operating Systems

Two of China's Largest Tech Firms Are Uniting To Create a New 'Domestic OS' (zdnet.com) 93

The two biggest OS (operating system) makers in China announced plans last week to unite and jointly build a new "domestic operating system." From a report: The two companies are China Standard Software (CS2C) and Tianjin Kylin Information (TKC), two of China's largest software firms, with known ties to the Beijing government. Both companies are known on the local Chinese OS market. CS2C created "China's Windows XP clone," known as the NeoKylin OS, and TKC is the current steward of Kylin, China's first-ever homegrown operating system. CS2C and TKC plan to set up a new company in which they'll become investors, and through which the new joint OS will be developed. The new company will handle the new operating system's development, technological decisions, marketing, branding, financials, and sales. The current Kylin and NeoKylin operating systems will serve as a base for the new OS, the two said.
Microsoft

Microsoft is About To Start Aggressively Advertising Windows 10 To Windows 7 Stragglers (betanews.com) 266

Mark Wycislik-Wilson, writing for BetaNews: Having already started to notify Windows 7 hangers on that support is due to come to an end, Microsoft is now ready to get a little more aggressive. If you haven't moved on from Windows 7, soon you will see full-screen notifications warning you that "your Windows 7 PC is out of support." The messages are due to be displayed from the day after support ends. So when January 15 rolls around, anyone who has doggedly stuck with Windows 7 will find that they not only have no support and no security updates, but also that they are pestered by an invasive message delivered by a program called EOSnotify.exe.
Chrome

Google Releases Chrome 79 With New Features Including an Option To Freeze Tabs and Back-Forward Caching (zdnet.com) 29

Google today released Chrome 79 for Windows, Mac, Linux, Chrome OS, Android, and iOS users. This release comes with security and bug fixes, but also with new features such as built-in support for the Password Checkup tool, real-time blacklisting of malicious sites via the Safe Browsing API, general availability of Predictive Phishing protections, a ban on loading HTTPS "mixed content," support for tab freezing, a new UI for the Chrome Sync profile section, and support for a back-forward caching mechanism. ZDNet has outlined each new feature in-depth.
Operating Systems

elementary OS 5.1 'Hera' Linux Distro is Here (betanews.com) 42

An anonymous reader shares a report: elementary OS has long been viewed by many as the future of Linux on the PC thanks to its beautiful desktop environment and overall polished experience. Development of the Ubuntu-based operating system has been frustratingly slow, however. This shouldn't be surprising, really, as the team of developers is rather small, and its resources are likely much less than those of larger distributions such as the IBM-backed Fedora or Canonical's Ubuntu. And that is what makes elementary OS so remarkable -- its developers can make magic on a smaller budget. Today, the latest version of the operating system is released. Code-named "Hera," elementary OS 5.1 is now available for download. Support for Flatpak is now baked in -- this is significant, as the developers explain it is "the first non-deb packaging format we've supported out of the box." The Linux kernel now sits at a very modern 5.0. One of the most important aspects of elementary OS, the AppCenter, is now an insane 10 times faster than its predecessor.
Security

Vulnerability In Fully Patched Android Phones Under Active Attack By Bank Thieves (arstechnica.com) 98

An anonymous reader quotes a report from Ars Technica: A vulnerability in millions of fully patched Android phones is being actively exploited by malware that's designed to drain the bank accounts of infected users, researchers said on Monday. The vulnerability allows malicious apps to masquerade as legitimate apps that targets have already installed and come to trust, researchers from security firm Promon reported in a post. Running under the guise of trusted apps already installed, the malicious apps can then request permissions to carry out sensitive tasks, such as recording audio or video, taking photos, reading text messages or phishing login credentials. Targets who click yes to the request are then compromised.

Researchers with Lookout, a mobile security provider and a Promon partner, reported last week that they found 36 apps exploiting the spoofing vulnerability. The malicious apps included variants of the BankBot banking trojan. BankBot has been active since 2017, and apps from the malware family have been caught repeatedly infiltrating the Google Play Market. The vulnerability is most serious in versions 6 through 10, which account for about 80% of Android phones worldwide. Attacks against those versions allow malicious apps to ask for permissions while posing as legitimate apps. There's no limit to the permissions these malicious apps can seek. Access to text messages, photos, the microphone, camera, and GPS are some of the permissions that are possible. A user's only defense is to click "no" to the requests.
"The vulnerability is found in a function known as TaskAffinity, a multitasking feature that allows apps to assume the identity of other apps or tasks running in the multitasking environment," reports Ars Technica. While Google has removed the [unnamed] malicious apps from its Play Store, according to Promon, the vulnerability is still unfixed in all versions of Android.

"Promon is calling the vulnerability 'StrandHogg,' an old Norse term for the Viking tactic of raiding coastal areas to plunder and hold people for ransom," the report adds. "Promon researchers said they identified StrandHogg after learning from an unnamed Eastern European security company for financial institutions that several banks in the Czech Republic reported money disappearing from customer accounts."
Operating Systems

Rust-Based Redox OS Is Nearly Self-Hosting After Four Years (theregister.co.uk) 62

Long-time Slashdot reader sosume quotes the Register: Redox OS, written in Rust and currently under development, is only "a few months of work away" from self-hosting, meaning that the Rustc compiler would run on Redox itself, according to its creator Jeremy Soller...

Redox has a POSIX-compliant C library written in Rust, called relibc. It is Linux-compatible both at the syscall API level and at the syscall ABI (Application binary interface) level, subject to the same architecture.

The article notes that the OS's latest release was version 0.5 last March, arguing that it's "best described as experimental..."

"Still, if Rust continues to grow in popularity, its characteristics of safety and unimpeded performance seem ideal for creating a new operating system, so perhaps Redox will become more prominent."
Open Source

The File /var/lib/dbus/machine-id Matters For Your Privacy (and Devuan Fixed It) (devuan.org) 147

Long-time Slashdot reader jaromil (Denis "Jaromil" Roio) writes: A few days ago Devuan ASCII 2.1 was announced and one update has been overlooked by most media outlets: our dbus patch to re-generate machine-id at every boot.

This patch matters for everyone's privacy and I hope more distributions will follow our example, let alone Debian. We are dealing with important privacy implications: non-consensual user tracking is illegal in many countries and is not even mentioned in the machine-id documentation so far.

"In theory, the machine-id should be a persistent identifier of the current host," explains the README documentation. "In practice, this causes some privacy concerns..."
Operating Systems

Linux 5.4 Released 35

diegocg writes: Linux 5.4 has been released, featuring the new kernel lockdown mode, intended to strengthen the boundary between UID 0 and the kernel; virtio-fs, a high-performance virtio driver which allows a virtualized guest to mount a directory that has been exported on the host; fs-verity, for detecting file tampering, like dm-verity, but works on files rather than block devices; dm-clone, which allows live cloning of dm targets; two new madvise() flags for improved app memory management on Android, support for new Intel/AMD GPUs, support for the exfat file system and removing the experimental status of the erofs file system; a new haltpoll cpuidle driver and governor that greatly improves performance for virtualized guests wanting to do guest-side polling in the idle loop; and blk-iocost, a new cgroup controller that attempts to calculate more accurately the cost of IO. As always, many other new drivers and improvements can be found in the changelog.
Operating Systems

Zorin OS 15 Lite Linux Distro Can Rejuvenate Your Aging Windows PC (betanews.com) 69

An anonymous reader writes: Called "Zorin OS 15 Lite," it is not only lightweight, but thanks to the Xfce desktop environment and integrated Flatpak support, it should be quite familiar to those switching from Windows. In fact, the developers are intentionally targeting existing Windows 7 users, as Microsoft's operating system will be unsupported beginning January 2020. Zorin OS 15 Lite, in comparison, is based on Ubuntu 18.04 LTS and supported until 2023! It even comes with the very modern Linux kernel 5.0. "With Zorin OS 15 Lite, we've condensed the full Zorin OS experience into a streamlined operating system, designed to run fast on computers as old as 15 years. With version 15, we've gone the extra mile to make the XFCE 4.14-based desktop feel familiar and user-friendly to new users, especially those moving away from Windows 7 leading up to the end of its support in January 2020. By pairing the most advanced and efficient software with a user-friendly experience, we've made it possible for anyone to extend the lifespan of their computers for years to come," explains the Zorin OS developers.
Printer

Google Is Terminating Google Cloud Print (9to5google.com) 64

Google has announced that Cloud Print, its cloud-based printing solution, is being retired at the end of next year. 9to5Google reports: The announcement comes in the form of a support document for Cloud Print that popped up recently, which is kind enough to remind us that Cloud Print has technically been in beta since it launched a decade ago: "Cloud Print, Google's cloud-based printing solution that has been in beta since 2010, will no longer be supported as of December 31, 2020. Beginning January 1, 2021, devices across all operating systems will no longer be able to print using Google Cloud Print. We recommend that over the next year, you identify an alternative solution and execute a migration strategy."

Google notes that Chrome OS' native printing solutions have been vastly improved since Cloud Print launched in 2010, and also promises that native printing in Chrome OS will continue to get more features over time: "Google has improved the native printing experience for Chrome OS, and will continue adding features to native printing. For environments besides Chrome OS, or in multi-OS scenarios, we encourage you to use the respective platform's native printing infrastructure and/or partner with a print solutions provider."

Google

Google Will Pay Bug Hunters Up To $1.5M if They Can Hack Its Titan M Chip (zdnet.com) 21

Google announced today that it is willing to dish out bug bounty cash rewards of up to $1.5 million if security researchers find and report bugs in the Android operating system that can also compromise its new Titan M security chip. From a report: Launched last year, the Titan M chip is currently part of Google Pixel 3 and Pixel 4 devices. It's a separate chip that's included in both phones and is dedicated solely to processing sensitive data and processes, like Verified Boot, on-device disk encryption, lock screen protections, secure transactions, and more. Google says that if researchers manage to find "a full chain remote code execution exploit with persistence" that also compromises data protected by Titan M, they are willing to pay up to $1 million to the bug hunter who finds it. If the exploit chain works against a preview version of the Android OS, the reward can go up to $1.5 million.
Open Source

System76 Will Start Designing and Building Its Own Linux Laptops Beginning January 2020 (forbes.com) 24

An anonymous reader quotes a report from Forbes: Denver-based PC manufacturer and Pop!_OS Linux developer System76 plans to follow-up its custom Thelio desktop PC with an in-house laptop beginning next year, according to founder and CEO Carl Richell. During a recent interview, Richell was quick to emphasize that the entire process of designing, prototyping and iterating the final product could take two to three years. But the company is eager to break into this market and put the same signature "stamp" on its laptop hardware that graces its custom-built Thelio desktop.

System76 sells an extensive lineup of laptops, but the machines are designed by the likes of Sager and Clevo. The company doesn't merely buy a chassis and slap Pop!_OS on it, but Richell tells me he's confident that with the experience gained from developing Thelio -- and the recent investment into a factory at the company's Denver headquarters -- System76 is capable of building a laptop from the ground up that meets market needs and carries a unique value proposition. Richell says the company's first priority is locking down the aesthetic of the laptop and how various materials look and feel. It will simultaneously begin working on the supply chain aspects and speaking with various display and component manufacturers. System76 will design and build a U-class laptop first (basically an Ultrabook form factor like the existing Darter and Galago) and then evaluate what it might do with higher-end gaming and workstation notebooks with dedicated graphics.

Google

Google Wants Android To Use Regular Linux Kernel (androidpolice.com) 87

Android is built on top of the Linux kernel, but it has always used a heavily-modified version with changes from OEMs, chip manufacturers like Qualcomm and MediaTek, and Google. There have been efforts over the years to close the gap between the two kernels, but now Google is getting more serious about it. From a report: At this year's Linux Plumbers Conference, Google engineers held talks about the company's efforts to get Android as close as possible to the mainline Linux kernel. Not only would this reduce technical overhead for Google and other companies, because they would no longer have to merge thousands of changes into each new Linux kernel version (and Google would no longer have to support Linux kernel versions for six years), but it could also benefit the Linux project as a whole. For example, the growing number of ARM-based Linux phones and computers could see improved performance and battery life. The first stage of this process is merging as many of Android's modifications as possible back into the mainline Linux kernel.

As of Feburary 2018, the Android common kernel (which OEMs make additional changes to) has over 32,000 insertions and over 1,500 deletions compared to mainline Linux 4.14.0. That's an improvement from a few years ago, when Android added over 60,000 lines of code on top of Linux. To show off how much progress has been made, Tom Gall, the director of the Linaro Consumer Group, brought a Xiaomi Pocophone on stage that was running Android 10 on top of a mainline Linux kernel. He told the audience, "there are major, major props to be given to the Google Kernel Team in particular for getting their code upstream so that we can boot devices with a mainline kernel." It's likely that some of the phone's features were non-functional (the battery percentage in the picture reads as 0%), but it's still impressive.

Android

Xiaomi Integrates Earthquake Alert System Into MIUI OS (techcrunch.com) 9

Xiaomi today unveiled a new iteration of its virtual assistant Xiao Ai and shared a new feature of Android-based MIUI operating system as the publicly listed Chinese technology group pushes to expand its internet services ecosystem. From a report: At its annual Mi Developer conference in Beijing, the company said it is integrating an earthquake warning function into MIUI for select users in China, with plans to expand it nationwide soon. The integration, touted as the first of its kind globally, will enable alerts to be sent to smartphones running MIUI 11 and Mi TV "seconds to tens of seconds" before the quake waves arrive, Xiaomi said. The feature, which was first tested in September this year, has been developed in partnership with Institute of Care-life, a Chengdu-based organization focusing on natural disaster warning. Xiaomi said it has activated the feature for the earthquake-prone Sichuan Province and plans to expand it elsewhere in the nation soon. Wang Tun, head of the institute, said this function, unlike those available through apps in some countries, works more efficiently and does not rely on a working internet connection.

Slashdot Top Deals