Russian lawmakers want to make it a legal requirement for all smartphones, computers and smart TV sets sold in Russia to come pre-installed with certain Russian software in a bid to support domestic software producers, according to a draft bill. From a report: The bill, tabled at the lower house of parliament on Thursday, would allow authorities to draw up a list of mandatory, locally-made software. If passed, it would come into force in July 2020. Russia's cell-phone market is dominated by Apple, Samsung and Huawei products. Those who do not abide by the rule, the proposed law says, would have to pay a fine.

Huawei reportedly wants to keep using Google's Android operating system in its phones instead of jumping to its self-developed Hongmeng system. From a report: Company senior vice president Catherine Chen told reporters in Brussels this week that the Hongmeng OS isn't even designed for phones, according to Chinese state news agency Xinhua. Chen apparently said Hongmeng is for industrial use, noting that it contains far fewer lines of code than a phone OS, and has much lower latency than a phone, meaning it can process a very high volume of data messages with little delay. Latest episode in a confusing narrative about what Huawei even intends to do. The company's executives have previously said on record that its homegrown operating system is designed to replace Android on its handsets. One executive said the operating system would be released by last month -- a target that Huawei has missed.

Dropbox said it accidentally exposed a new desktop app experience to some users for a short period of time. While the issue has since been resolved, many users were caught off guard after being silently "upgraded" to this radically different version of Dropbox. Ars Technica reports: This new version of Dropbox wants to be... a file manager? Instead of the minimal sync app, the Dropbox icon now opens a big, multi-panel, blue and white window showing all your Dropbox files. It kind of looks like Slack, if Slack was a file manager. You can now "star" folders as important so they show up in the left panel (again, like a Slack chat room). The middle panel shows your Dropbox files, and the right panel shows a file preview with options for comments and sharing. You can search for files, sort by name or date, and do all the usual file operations like cut, copy, and paste. It's a file manager.

A big part of the appeal of Dropbox is (was?) that it's a dead-simple product: it's a folder, in the cloud! Put your stuff in the folder, and it seamlessly gets backed up and synced to all your other computers. Part of using Dropbox means installing the sync app to your computer, and to keep everything fresh and up to date, Dropbox has the ability to silently update this app from time to time. Using this mechanism to silently install a bigger, more bloated, completely different version of the Dropbox app onto people's computers seems... wrong, especially with no notice whatsoever. Updates are one thing, but many users (your author included) feel like there was a lack of consent here. Here's the statement Dropbox issued earlier today: "We recently announced a new desktop app experience that is now currently available in Early Access. Due to an error, some users were accidentally exposed to the new app for a short period of time. The issue has been resolved, though there might be a short lag for some users to see resolution. We apologize for any inconvenience this has caused."

Developer Marco Arment responded to the statement, tweeting: "'That immensely unpopular change we forced onto all of you yesterday? We only meant to force it on *some* of you. The rest of you weren't supposed to get it forced upon you until later.' Doesn't really fix the problem, does it?"

Zac Bowden from Windows Central makes the case for why Microsoft may want to make a Surface phone that runs Android. An anonymous reader shares an excerpt from the report: While a Surface Phone running Android would never sell to the quantity that Samsung smartphones do (or at least not a first- or second-generation phone), Microsoft could utilize the Surface brand to showcase the best of Microsoft's Android efforts all in one place, just like it has done for Windows PCs. I'm picturing a Surface-branded, Microsoft-built smartphone that comes with Microsoft Launcher, Edge, Office, Your Phone phone-mirroring integration, and more, out of the box. In fact, that's one of four unique selling points that a Surface Phone running Android could have:

-- Showcase the best of Microsoft's efforts on Android.
-- Seamless integration with Windows PCs using Your Phone.
-- Provide the best security and update support on Android.
-- Brand recognition that can rival Apple and Samsung.

That last point is more for Microsoft fans, but the first three are important. A Surface Phone running Android would be the only smartphone out there that's always guaranteed to work with all of Your Phone's features. I have a wide array of Android smartphones, yet 90 percent of them don't support all of Your Phone's features on Windows 10. Screen mirroring is only available on select devices, and while that may improve, there's no guarantee your smartphone will ever get it, or if it'll work well. Microsoft could also provide enhanced features, such as the ability to take cellular phone calls on your PC directly from your Surface Phone. It could also build out dedicated Phone and SMS apps that sync up with the Messages app on your PC, instead of having to relay it through the Your Phone app. There's so much more potential when you build your own Android phone.

A flaw in the Bluetooth communication protocol may expose modern device users to tracking and could leak their ID, researchers claim. From a report: The vulnerability can be used to spy on users despite native OS protections that are in place and impacts Bluetooth devices on Windows 10, iOS, and macOS machines. This includes iPhones, iPads, Apple Watch models, MacBooks, and Microsoft tablets & laptops. On Wednesday, researchers from Boston University David Starobinski and Johannes Becker presented the results of their research at the 19th Privacy Enhancing Technologies Symposium, taking place in Stockholm, Sweden. According to the research paper, Tracking Anonymized Bluetooth Devices, many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but the team found that it is possible to circumvent the randomization of these addresses to permanently monitor a specific device. Android is immune as the OS does not continually send out advertising messages, the researchers said.

HMD is bringing the latest version of the Nokia 2, called the "Nokia 2.2," to the U.S. For $139, it features a notched camera design, a plastic body, and a removable battery. Ars Technica reports: HMD is delivering a good package for the price, with a fairly modern design, the latest version of Android, and a killer update package with two years of major OS updates and three years of security updates. On the front, you have a 5.71-inch, 1520x720 IPS LCD with a flagship-emulating notch design and rounded corners. There's a sizable bezel on the bottom with a big "Nokia" logo on it, but it's hard to complain about that for $140.

This is a cheap phone, so don't expect a ton in the specs department. Powering the Nokia 2.2 is a MediaTek Helio A22 SoC, which is just four Cortex A53 cores at 2GHz. The U.S. version gets 3GB of RAM and 32GB of storage version with an option to add a MicroSD card. The back and sides are plastic, and on the side you'll find an extra physical button, which will summon the Google Assistant. The back actually comes off, and -- get this -- you can remove the 3000mAh battery! Speaking of unnecessarily removed smartphone features from the past, there's also a headphone jack. Unfortunately, it's missing some key features to keep the price down. There's a microUSB port instead of a USB-C port, no fingerprint reader, and cameras that have low expectations.

Since it is a GSM phone, it will be supported by T-Mobile and AT&T networks, along with all their MVNOs.

Microsoft is planning to make Windows 10 PCs work without passwords. From a report: While the company has been working on removing passwords from Windows 10 and its Microsoft Accounts for a number of months now, the next major update to Windows 10 next year will go one step further. You'll soon be able to enable a passwordless sign-in for Microsoft accounts on a Windows 10 device. This means PCs will use Windows Hello face authentication, fingerprints, or a PIN code. The password option will simply disappear from the login screen, if you decide to opt in to this new "make your device passwordless" feature. [...] This will also extend to business users through Azure Active Directory, allowing businesses to go fully passwordless with security keys, the authenticator app, or Windows Hello.

An anonymous reader quotes a report from ZDNet: As expected, Windows Update dropped off several packages of security and reliability fixes for Windows 7 earlier this week, part of the normal Patch Tuesday delivery cycle for every version of Windows. But some hawk-eyed observers noted a surprise in one of those Windows 7 packages. What was surprising about this month's Security-only update, formally titled the "July 9, 2019 -- KB4507456 (Security-only update)," is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.

Among the fierce corps of Windows Update skeptics, the Compatibility Appraiser tool is to be shunned aggressively. The concern is that these components are being used to prepare for another round of forced updates or to spy on individual PCs. The word telemetry appears in at least one file, and for some observers it's a short step from seemingly innocuous data collection to outright spyware. [...] I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own. If that's the case, then the updates indisputably belong in a Security-only update. And if they happen to get installed on systems where administrators had taken special precautions not to install those components, Microsoft's reaction seems to be, "Well ... tough." "The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed," the report notes.

Over ten million users have been duped in installing a fake Samsung app named "Updates for Samsung" that promises firmware updates, but, in reality, redirects users to an ad-filled website and charges for firmware downloads. From a report: "I have contacted the Google Play Store and asked them to consider removing this app," Aleksejs Kuprins, malware analyst at the CSIS Security Group, told ZDNet this week in an interview, after publishing a report on the app's shady behavior earlier today. The app takes advantage of the difficulty in getting firmware and operating system updates for Samsung phones, hence the high number of users who have installed it. "It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device," the security researcher said. "Vendors frequently bundle their Android OS builds with an intimidating number of software, and it can easily get confusing."

iOS 13's third developer beta includes a new feature that makes it look like you're staring directly at your front-facing camera during FaceTime calls, even when looking away at the person on your screen. The Verge reports: Normally, video calls tend to make it look like both participants are peering off to one side or the other, since they're looking at the person on their display, rather than directly into the front-facing camera. However, the new "FaceTime Attention Correction" feature appears to use some kind of image manipulation to correct this, and results in realistic-looking fake eye contact between the FaceTime users.

On Twitter, Dave Schukin explains that the effect is being achieved using ARKit, which is used to map a user's face and adjust the positioning of their eyes accordingly. Using the arm from a pair of glasses, Schukin shows how the software is warping the eye area slightly to achieve the effect. The same effect also appears to be present when wearing sunglasses.

An anonymous reader quotes a report from Ars Technica: Either Microsoft is gearing up for a very odd promotional effort or somebody on the Windows team has hijacked a functioning time machine. Yesterday, the company posted a video boasting an "all-new Windows 1.0" to its social channels. It even went so far as to completely wipe all its previous posts from the Windows Instagram account, so all you'll find is the clip of its logos over the years. The video scrolls from the simplicity of Windows 10 through the pixellated rainbow flag of Windows XP and Windows 95. Whatever the situation is, the stunt is giving Windows' social media managers a chance to load their replies to confused tweets with throwbacks, from Back to the Future gifs to all the jargon that was once the epitome of cool.

If you're looking to try out a Linux distro that is not based on Ubuntu, Mageia 7 might be worth your consideration. It arrives two years after the release of Mageia 6 -- so unsurprisingly, the changelog is fairly long. The Mageia developers share the significant packages that have been updated below. Significant package updates include: kernel 5.1.14, rpm 4.14.2, dnf 4.2.6, Mesa 19.1, Plasma 5.15.4, GNOME 3.32, Xfce 4.14pre, Firefox 67, Chromium 73, and LibreOffice 6.2.3. Donald Stewart, Mageia developer, adds: There are lots of new features, exciting updates, and new versions of your favorite programs, as well as support for very recent hardware. There are classical installer images for both 32-bit and 64-bit architectures, as well as live DVDs for 64-bit Plasma, GNOME, Xfce, and 32-bit Xfce.

In honor of FreeDOS's 25th birthday, project founder and coordinator Jim Hall agreed to answer the 10 best questions submitted by Slashdot readers. You asked and he answered! Read on for Jim's interview.

Microsoft's transformation into a fully paid-up member of the Linux love-train continued this week as the Windows giant sought to join the exclusive club that is the official linux-distros mailing list. From a report: The purpose of the linux-distros list is used by Linux distributions to privately report, coordinate, and discuss security issues yet to reach the general public; oss-security is there for stuff that is already out in the open or cannot wait for things to bounce around for a few days first. Sasha Levin, who describes himself as a "Linux kernel hacker" at the beast of Redmond, made the application for his employer to join the list, which if approved would allow Microsoft to tap into private behind-the-scenes chatter about vulnerabilities, patches, and ongoing security issues with the open-source kernel and related code.

These discussions are crucial for getting an early heads up, and coordinating the handling and deployment of fixes before they are made public. To demonstrate that Microsoft qualifies for membership alongside the likes of Ubuntu, Debian, and SUSE, he cited Microsoft's Azure Sphere and the Windows Subsystem For Linux (WSL) 2 as examples of distro-like builds.

A reader shares a report: There have been some bugs and issues with Microsoft's Windows 10 May Update/1903 feature update since Microsoft kicked off its rollout in late May. But the 1903 complaint I've gotten most often (so far) is from users who want to install the update but can't and don't know why. Microsoft has added a new notification which some users whose devices aren't ready or able to install the update are seeing when they attempt to proactively grab the 1903 release. As originally noted last week by Windows Latest, Microsoft has added a new message to its Windows Update page. Users attempting to install 1903 on machines with out-of-date drivers or other issues are seeing this message:

"The Windows 10 May 2019 Update is on its way. We're offering this update to compatible devices, but your device isn't ready for it. Once your device is ready, you'll see the update available on this page. There's nothing you need to do at this time." I confirmed with Microsoft that this notification is part of its 1903 rollout strategy. "The notification started with the latest changes made to improve the quality/transparency of the Windows update process," according to a Microsoft spokesperson. Microsoft officials said in a blog post on May 21 that the company planned to start automatically updating devices running the April 2018 Update and earlier versions of Windows 10 to Windows 10 1903. Last week, via the Windows Update account on Twitter, Microsoft officials communicated that they were building and training machine-learning rollout processes that would enable this to happen.

Amazon's delivery drones may also be used to offer "surveillance as a service." According to The Verge, "Amazon was recently granted a patent that outlines how its UAVs could keep an eye on customers' property between deliveries while supposedly maintaining their privacy." From the report: The patent was originally filed in June 2015 and became public earlier this month. It describes how the company's drones could be hired to look out for open garage doors, broken windows, graffiti, or even a fire, before alerting the owner of the property. The patent was originally filed in June 2015 and became public earlier this month. It describes how the company's drones could be hired to look out for open garage doors, broken windows, graffiti, or even a fire, before alerting the owner of the property.

An anonymous reader quotes a report from ZDNet: The latest Windows preview from the 20H1 branch, build 18917, has some hidden components that signal a future where the Windows Shell UI parts, such as Action Center, will be separate from the rest of Windows and can be updated with shell packages. A developer who uses the Twitter handle Albacore gave a breakdown of a new component in Build 18917 called 'Shell Update Agent,' which he notes is "capable of obtaining and updating the shell on demand."

That capability may mean nothing to most Windows 10 users. However, for Windows watchers it could be an interesting development of Microsoft's unannounced plans for Windows Core OS, in which Windows is modularized and calls on a range of shells that target different form factors, from HoloLens to Surface and dual-screen devices like the recently revealed Centaurus laptop, whose shell is called Santorini. Albacore goes on to explain that the Shell Update Agent references 'Package Family Names,' which suggests that the "shell will indeed be a separate, packaged component." Those shell packages can be acquired from both external and internal sources, which could mean shell components like the Start Menu, Action Center and Taskbar could be selectively built, based on these acquired packages. Finally, one more shell-related change noted relates to a new method for syncing settings. "The new one should support syncing more advanced and previously 'legacy' options such as File Explorer configuration," Albacore notes.

Every day 5.7 million people ride the subway in New York City -- and are subjected to both "the whims of the Metropolitan Transit Authority and the unheard-of reliability of a marginally successful operating system from the early 1990s."

martiniturbide shared this report from Tedium: OS/2 and MTA consultant Neil Waldhauer said in an email, "For a few years, you could bet your career on OS/2." To understand why, you need to understand the timing. Waldhauer continues, "The design is from a time before either Linux or Windows was around. OS/2 would have seemed like a secure choice for the future." So for a lack of options, the MTA went with its best one. And it's worked out for decades, as one of the key software components of a quite complex system...

Despite the failure of OS/2 in the consumer market, it was hilariously robust, leading to a long life in industrial and enterprise systems -- with one other famous example being ATMs. Waldhauer said, "Thinking about all the operating systems in use [in the MTA], I'd have to say that OS/2 is probably the most robust part of the system, except for the mainframe." It's still in use in the NYC subway system in 2019. IBM had long given up on it, even allowing another company to maintain the software in 2001. (These days, a firm named Arca Noae sells an officially supported version of OS/2, ArcaOS, though most of its users are in similar situations to the MTA.)

JustAnotherOldGuy quotes Threatpost: A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor. Razmjou outlined his research and created a proof-of-concept (PoC) attack demonstrating how an adversary can compromise a Linux system via Vim or Neowim. He said Vim versions before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution...

Vim and Neovim have both released patches for the bug (CVE-2019-12735) that the National Institute of Standards and Technology warns, "allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline."

"Beyond patching, it's recommended to disable modelines in the vimrc (set nomodeline), to use the securemodelinesplugin, or to disable modelineexpr (since patch 8.1.1366, Vim-only) to disallow expressions in modelines," the researcher said.

Game Builder is a new video game from Google that allows you to create simple Minecraft-style games for yourself and others to play through. "The game lets you drag and drop characters and scenery into an empty sandbox to construct your world, then use preset commands to string together how things interact," reports The Verge. "It's free to play and available on both Windows and macOS." From the report: The game comes from Area 120, Google's incubator for experimental projects (some of which have quickly disappeared, others of which have made their way into other Google products). Game Builder has actually been available through Steam since November 1st last year (it already has 190 reviews, with a "every positive" score), but Google only publicized it today, which is certain to get a lot more people playing. Game Builder has a co-op mode, so multiple people can build a game together at once. You can also share your creations and browse through the games made by others. The interaction system works with "if this then that" logic, and players can craft their own interactions with JavaScript if they're familiar with it.