GNOME

GNOME Partners With Purism On Librem 5 Linux-based Privacy-focused Smartphone (betanews.com) 64

BrianFagioli writes: The Librem 5 smartphone by Purism has a long and difficult road ahead of it. Competing against the likes of Apple and Google on the mobile market has proven to be a death sentence for many platforms -- including Microsoft with its failed Windows 10 Mobile. Luckily, Purism has found itself a new partner on this project -- one of the most important organizations in the Linux community -- The GNOME Foundation. The GNOME Foundation explains, 'The Librem 5 is a hardware platform the Foundation is interested in advancing as a GNOME/GTK phone device. The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone. As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5.'
Data Storage

Google, Bing, Yahoo Data Retention Doesn't Improve Search Quality, Study Claims (theregister.co.uk) 30

A new paper released on Monday via the National Bureau of Economic Research claims that retaining search log data doesn't do much for search quality. "Data retention has implications in the debate over Europe's right to be forgotten, the authors suggest, because retained data undermines that right," reports The Register. "It's also relevant to U.S. policy discussions about privacy regulations." From the report: To determine whether retention policies affected the accuracy of search results, Chiou and Tucker used data from metrics biz Hitwise to assess web traffic being driven by search sites. They looked at Microsoft Bing and Yahoo! Search during a period when Bing changed its search data retention period from 18 months to 6 months and when Yahoo! changed its retention period from 13 months to 3 months, as well as when Yahoo! had second thoughts and shifted to an 18-month retention period. According to Chiou and Tucker, data retention periods didn't affect the flow of traffic from search engines to downstream websites. "Our findings suggest that long periods of data storage do not confer advantages in search quality, which is an often-cited benefit of data retention by companies," their paper states. Chiou and Tucker observe that the supposed cost of privacy laws to consumers and to companies may be lower than perceived. They also contend that their findings weaken the claim that data retention affects search market dominance, which could make data retention less relevant in antitrust discussions of Google.
Chrome

Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com) 98

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.
DRM

HTML5 DRM Standard Is a Go (arstechnica.com) 150

Artem Tashkinov writes: The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining. EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion. The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services. Following the announcement, EFF wrote a letter to W3C director, chief executive officer and team, in which it expressed its disappointment and said it was resignation from the W3C.
Microsoft

Microsoft Confirms Outlook Issues (bbc.com) 41

Microsoft has confirmed that some users of its email service Outlook are unable to send email or access their accounts. From a report: Hundreds from around Europe have commented on the website Downdetector that they have been affected by the problem -- many since Monday morning. One common issue seems to be that sent emails remain in the drafts folder and are not being delivered to recipients. On its website, Microsoft says the service dropped "unexpectedly" and it is working on a fix. Not all account holders are affected. "Intermittent connectivity is affecting customers in some European countries, which we are working to resolve as soon as possible," said a Microsoft representative.
Microsoft

Will Linux Innovation Be Driven By Microsoft? (infoworld.com) 335

Adobe's VP of Mobile (and a former intellectual property lawyer) sees "a very possible future where Microsoft doesn't merely accept a peaceful coexistence with Linux, but instead enthusiastically embraces it as a key to its future," noting Microsoft's many Linux kernel developers and arguing it's already innovating around Linux -- especially in the cloud. An anonymous reader quotes InfoWorld: Even seemingly pedestrian work -- like making Docker containers work for Windows, not merely Linux -- is a big deal for enterprises that don't want open source politics infesting their IT. Or how about Hyper-V containers, which marry the high density of containers to the isolation of traditional VMs? That's a really big deal...

Microsoft has started hiring Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and (in mid-2016) Stephen Hemminger... Microsoft now employs 12 Linux kernel contributors. As for what these engineers are doing, Linux kernel maintainer Greg Kroah-Hartman says, "Microsoft now has developers contributing to various core areas of the kernel (memory management, core data structures, networking infrastructure), the CIFS filesystem, and of course many contributions to make Linux work better on its Hyper-V systems." In sum, the Linux Foundation's Jim Zemlin declares, "It is accurate to say they are a core contributor," with the likelihood that Hemminger's and others' contributions will move Microsoft out of the kernel contribution basement into the upper echelons.

The article concludes that "Pigs, in other words, do fly. Microsoft, while maintaining its commitment to Windows, has made the necessary steps to not merely run on Linux but to help shape the future of Linux."
Microsoft

Researchers Catch Microsoft Zero-Day Used To Install Government Spyware (vice.com) 83

An anonymous reader quotes a report from Motherboard: Government hackers were using a previously-unknown vulnerability in Microsoft's .NET Framework, a development platform for building apps, to hack targets and infect them with spyware, according to security firm FireEye. The firm revealed the espionage campaign on Tuesday, on the same day Microsoft patched the vulnerability. According to FireEye, the bug, which until today was a zero-day, was being used by a customer of FinFisher, a company that sells surveillance and hacking technologies to governments around the world. The hackers sent a malicious Word RTF document to a "Russian speaker," according to Ben Read, FireEye's manager of cyber espionage research. The document was programmed to take advantage of the recently-patched vulnerability to install FinSpy, spyware designed by FinFisher. The spyware masqueraded as an image file called "left.jpg," according to FireEye.
Security

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices (bleepingcomputer.com) 121

An anonymous reader quotes a report from Bleeping Computer: Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email. "Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device." Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off immediately. When a patch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely. The BlueBorne Android App on the Google Play Store will be able to determine if a user's Android device is vulnerable. A technical report on the BlueBorne flaws is available here (PDF).
Businesses

Silicon Valley Avant-garde Have Turned To LSD in a Bid To Increase Their Productivity (1843magazine.com) 304

Every three days Nathan (not his real name), a 27-year-old venture capitalist in San Francisco, ingests 15 micrograms of lysergic acid diethylamide (commonly known as LSD or acid). From a story on 1843 Magazine: From the start, a small but significant crossover existed between those who were experimenting with drugs and the burgeoning tech community in San Francisco. "There were a group of engineers who believed there was a causal connection between creativity and LSD," recalls John Markoff, whose 2005 book, "What the Dormouse Said", traces the development of the personal-computer industry through 1960s counterculture. At one research centre in Menlo Park over 350 people -- particularly scientists, engineers and architects -- took part in experiments with psychedelics to see how the drugs affected their work. Tim Scully, a mathematician who, with the chemist Nick Sand, produced 3.6m tabs of LSD in the 1960s, worked at a computer company after being released from his ten-year prison sentence for supplying drugs. "Working in tech, it was more of a plus than a minus that I worked with LSD," he says. No one would turn up to work stoned or high but "people in technology, a lot of them, understood that psychedelics are an extremely good way of teaching you how to think outside the box." San Francisco appears to be at the epicentre of the new trend, just as it was during the original craze five decades ago. Tim Ferriss, an angel investor and author, claimed in 2015 in an interview with CNN that "the billionaires I know, almost without exception, use hallucinogens on a regular basis." Few billionaires are as open about their usage as Ferriss suggests. Steve Jobs was an exception: he spoke frequently about how "taking LSD was a profound experience, one of the most important things in my life." In Walter Isaacson's 2011 biography, the Apple CEO is quoted as joking that Microsoft would be a more original company if Bill Gates, its founder, had experienced psychedelics. As Silicon Valley is a place full of people whose most fervent desire is to be Steve Jobs, individuals are gradually opening up about their usage -- or talking about trying LSD for the first time.
Cellphones

Ask Slashdot: What Can You Do With An Old Windows Phone? 169

Slashdot reader unixisc writes: While it's always been well known that Windows phones in the market have floundered, one saving grace has always been that one could at least use it for the barest minimum of apps, even if updates have stopped... Aside from a door stop or a hand me down to someone who'll use it like a dumb phone, what are your suggested uses for this phone? A music player (if the songs are on an SD card)? Games? As far as phones go, I have what I need, so for this, anything it's good for?
The original submission suggests problems connecting to wi-ifi -- something partially corroborated by complaints at Windows Central -- though Microsoft's site says they're still supporting wifi connections.

Slashdot reader thegreatbob suggested "shuffleboard puck" -- then added, "Snark aside, if you're into writing custom applications and such for them, there's probably a bootloader/root solution for you out there."

Leave your own best suggestions in the comments. What can you do with an old Windows Phone?
Security

Apple and Google Fix Browser Bug. Microsoft Does Not. (bleepingcomputer.com) 78

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has declined to patch a security bug Cisco Talos researchers discovered in the Edge browser, claiming the reported issue is by design. Apple and Google patched a similar flaw in Safari (CVE-2017-2419) and Chrome (CVE-2017-5033), respectively. According to Cisco Talos researcher Nicolai Grodum, the vulnerability can be classified as a bypass of the Content Security Policy (CSP), a mechanism that allows website developers to configure HTTP headers and instruct the browsers of people visiting their site what resources (JavaScript, CSS) they can load and from where. The Content Security Policy (CSP) is one of the tools that browsers use to enforce Same-Origin Policy (SOP) inside browsers. Grodum says that he found a way to bypass CSP -- technical details available here -- that will allow an attacker to load malicious JavaScript code on a remote site and carry out intrusive operations such as collecting information from users' cookies, or logging keystrokes inside the page's forms, and others.
AI

IBM To Invest $240 Million To Develop AI Research Lab With MIT (bloomberg.com) 39

IBM will spend $240 million over 10 years to develop an artificial intelligence research lab with the Massachusetts Institute of Technology, pooling the organizations' resources as competition intensifies to produce breakthroughs in the field. Bloomberg reports: The MIT-IBM Watson AI Lab will fund projects in four broad areas, including creating better hardware to handle complex computations and figuring out applications of AI in specific industries, the Armonk, New York-based company said Thursday in a statement. While IBM has always conducted long-term research internally, it decided AI was such a vast field that it needed to reach out for talent and ideas, said John Kelly, the head of International Business Machines Corp.'s research and cognitive solutions groups, which includes Watson products. While researchers will focus on long-term innovations in artificial intelligence, IBM will also be looking for developments -- a new medical imaging algorithm, say -- that it can immediately plug into its existing products. Big Blue expects to see results that boost its Watson-branded AI business in the next year or two, Kelly said. The plan is to change the focus and number of teams as needed to produce results, he said. The partnership underscores IBM's focus on building a business selling AI software, a strategy that requires clients to adopt such products and the company to develop offerings that add actual business value and are competitive with juggernauts in artificial intelligence, including Microsoft Corp. and Alphabet. IBM and MIT will jointly own the intellectual property that results from the projects conducted together. The company also has the option to buy out MIT for full ownership, Kelly said.
Bug

Bug In Windows Kernel Could Prevent Security Software From Identifying Malware (bleepingcomputer.com) 75

An anonymous reader writes: "Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime," reports Bleeping Computer. "The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space. The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation. The issue came to light earlier this year when enSilo researchers were analyzing the Windows kernel code. Omri Misgav, Security Researcher at enSilo and the one who discovered the issue, says the bug affects all Windows versions released since Windows 2000. Misgav's tests showed that the programming error has survived up to the most recent Windows 10 releases." In an interview, the researcher said Microsoft did not consider this a security issue. Bug technical details are available here.
AI

Hackers Can Take Control of Siri and Alexa By Whispering To Them in Frequencies Humans Can't Hear (fastcodesign.com) 116

Chinese researchers have discovered a vulnerability in voice assistants from Apple, Google, Amazon, Microsoft, Samsung, and Huawei. It affects every iPhone and Macbook running Siri, any Galaxy phone, any PC running Windows 10, and even Amazon's Alexa assistant. From a report: Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear. The researchers didn't just activate basic commands like "Hey Siri" or "Okay Google," though. They could also tell an iPhone to "call 1234567890" or tell an iPad to FaceTime the number. They could force a Macbook or a Nexus 7 to open a malicious website. They could order an Amazon Echo to "open the backdoor." Even an Audi Q3 could have its navigation system redirected to a new location. "Inaudible voice commands question the common design assumption that adversaries may at most try to manipulate a [voice assistant] vocally and can be detected by an alert user," the research team writes in a paper just accepted to the ACM Conference on Computer and Communications Security.
Microsoft

Microsoft Extends Free Windows 10 S-To-Pro Upgrade Deadline (betanews.com) 93

BrianFagioli shares a report from BetaNews: Windows 10 S is a really great idea in theory. By limiting the operating system to applications from the Windows Store, it could make users safer. After all, it should limit the potential of malware since users can't download and install questionable things from the web. Of course, this will only be successful if there is a good library of apps, and I am sorry to say, the Windows Store is a failure in that regard. The biggest selling point for Windows is legacy program compatibility. Once you take that away, there isn't much left. Thankfully, the company is giving complimentary upgrades from Windows 10 S to Windows 10 Pro until the end of 2017. This will allow a person or organization to easily recover from mistakenly buying into Windows 10 S if it doesn't meet their needs. Today, however, as a sign of weakness, Microsoft extends this deadline. Buried at the end of a blog post about Surface Laptop colors, Microsoft drops the following bombshell: "For those that find they need an application that isn't yet available in the Store and must be installed from another source, we're extending the ability to switch from Windows 10 S to Windows 10 Pro for free until March 31, 2018. We hope this provides increased flexibility for those people searching for the perfect back-to-school or holiday gift." Why do I say this is a sign of weakness? Well, if the Windows 10 S experiment was going well, Microsoft would have no need to extend the deadline. In other words, if users were truly buying into and enjoying the "S" experience, we wouldn't see such an announcement. The fact that the company seemingly tried to hide this news is quite telling too. Ultimately, it signals a lack of confidence in Windows 10 S.
Businesses

It's Official: Users Navigate Flat UI Designs 22 Percent Slower (theregister.co.uk) 408

Reader Zorro writes: The mania for "flat" user interfaces is costing publishers and e-commerce sites billions in lost revenue. A "flat" design removes the distinction between navigation controls and content. Historically, navigation controls such as buttons were shaded, or given 3D relief, to distinguish them from the application or web page's content. The mania is credited to Microsoft with its minimalistic Zune player, an iPod clone, which was developed into the Windows Phone Series UX, which in turn became the design for Windows from Windows 8 in 2012 onwards. But Steve Jobs is also to blame. The typography-besotted Apple founder was fascinated by WP's "magazine-style" Metro design, and it was posthumously incorporated into iOS7 in 2013. Once blessed by Apple, flat designs spread to electronic programme guides on telly, games consoles and even car interfaces. The consequence is that users find navigation harder, and so spend more time on a page. Now research by the Nielsen Norman Group has measured by how much. The company wired up 71 users, and gave them nine sites to use, tracking their eye movement and recording the time spent on content. On average participants spent 22 per cent more time (i.e. slower task performance) looking at the pages with weak signifiers," the firm notes. Why would that be? Users were looking for clues how to navigate. "The average number of fixations was significantly higher on the weak-signifier versions than the strong-signifier versions. On average, people had 25 per cent more fixations on the pages with weak signifiers."
Businesses

The Trump Administration Has Announced the End of DACA -- Unless Congress Can Act To Save It (recode.net) 817

The Trump administration said on Tuesday it plans to scrap a program that allows about 800,000 undocumented immigrants who came to the US as children to stay and work in the country, shrugging off criticism from within the president's own party and prominent business figures. From a report: The Trump administration is essentially leaving Congress a six-month window of time to try to save it. The legal shield is known as Deferred Action for Childhood Arrivals, or DACA, and since its enactment in 2012, it has allowed roughly 800,000 undocumented young adults to live in the United States and obtain work authorizations every two years. [...] In practice, implementation is complicated. Those previously approved under DACA, with the permission to work in the United States, can continue to work without interruption until those approvals expire. And those who have already applied for protection or are seeking renewals will still have their applications considered by the U.S. government. For those whose permits are set to expire before March 5, 2018, though, the U.S. government will also allow them to renew their DACA status -- provided their applications are received before Oct. 5, 2017. Currently, there are about 201,000 young adults whose authorizations are set to expire this year, officials at the Department of Homeland Security explained Tuesday.

Tech giants like Apple, Facebook and Google are no doubt going to blast the Trump administration's decision: Last week, those executives joined more than 400 other business leaders in calling on the president to preserve DACA. Apple CEO Tim Cook, who previously (and privately) pressed Trump on the issue, said on Sunday that 250 of his "co-workers" would be affected by the change. Microsoft indicated that about 27 workers spanning fields like finance and sales would be hurt from Trump's move.
Zuckerberg said, "This is a sad day for our country. The decision to end DACA is not just wrong. It is particularly cruel to offer young people the American Dream, encourage them to come out of the shadows and trust our government, and then punish them for it."
Education

Silicon Valley Courts Brand-Name Teachers, Raising Ethics Issues (nytimes.com) 147

An anonymous reader shares a report: One of the tech-savviest teachers in the United States teaches third grade here at Mapleton Elementary, a public school with about 100 students in the sparsely populated plains west of Fargo. Her name is Kayla Delzer. Her third graders adore her. She teaches them to post daily on the class Twitter and Instagram accounts she set up. She remodeled her classroom based on Starbucks. And she uses apps like Seesaw, a student portfolio platform where teachers and parents may view and comment on a child's schoolwork. Ms. Delzer also has a second calling. She is a schoolteacher with her own brand, Top Dog Teaching. Education start-ups like Seesaw give her their premium classroom technology as well as swag like T-shirts or freebies for the teachers who attend her workshops. She agrees to use their products in her classroom and give the companies feedback. And she recommends their wares to thousands of teachers who follow her on social media. "I will embed it in my brand every day," Ms. Delzer said of Seesaw. "I get to make it better." Ms. Delzer is a member of a growing tribe of teacher influencers, many of whom promote classroom technology. They attract notice through their blogs, social media accounts and conference talks. And they are cultivated not only by start-ups like Seesaw, but by giants like Amazon, Apple, Google and Microsoft, to influence which tools are used to teach American schoolchildren.
Windows

Windows 10 Fall Creators Update to Arrive October 17 (thurrott.com) 60

An anonymous reader shares a report: Microsoft announced this morning that the Windows 10 Fall Creators Update will be made available worldwide on October 17, in step with a new lineup of Windows Mixed Reality headsets that require this release. "We are coming up on our fourth major update to Windows 10, and our mission with these updates is to create a platform that inspires your creativity," Microsoft corporate vice president Terry Myerson says. "The next update of Windows 10, the Fall Creators Update, will be available worldwide October 17. With the Fall Creators Update, we are introducing some fun, new ways to get creative." The Fall Creators Update will upgrade Windows 10 to version 1709 and it brings a number of new features and improvements, especially to key experiences like gaming, security, and photos. But no new technology weighs as heavily on this update as Windows Mixed Reality, Microsoft's attempt to take virtual reality (VR) and mixed reality (MR) mainstream.
Businesses

Billionaire Brothers Want to Build a Cheaper Rival to Slack (bloomberg.com) 93

Saritha Rai, writing for Bloomberg: A teenage entrepreneur who became a millionaire by 20 before sharing a billion-dollar fortune at 36, Bhavin Turakhia isn't afraid to think big. Now he's putting $45 million of his own money into building a rival to Slack and other office messaging platforms. Flock, a cloud-based team collaboration service, has attracted 25,000 enterprise users and customers including Tim Hortons, Whirlpool and Princeton University. It's a market that has already drawn interest from global technology giants Facebook, Amazon.com and Microsoft. This time last year, few had heard of Bhavin and his younger brother Divyank. That changed when they sold their advertising technology company Media.net, with customers including Yahoo, CNN and the New York Times, to a Chinese consortium for $900 million. The all-cash deal catapulted the duo from mere millionaires into the ranks of the super-rich. "I want to make Flock bigger and better than anything I've built before," Bhavin Turakhia, wearing his signature dark Levi's T-shirt and Puma sweatpants, said at his Bangalore offices.

Slashdot Top Deals