Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe (arstechnica.com) 89

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.
Operating Systems

Windows 10 Now On 400 Million Active Devices, Says Microsoft (thurrott.com) 144

Microsoft announced today that Windows 10 is now running on over 400 million active devices. This is up from 300 million as of May, and 207 million as of end of the March. The company says that it deems devices that have been active in the past 28 days as "active." Microsoft added that this 400 million active devices figure include tablets and phones as well as Xbox One consoles, HoloLens, and Surface Hubs running Windows 10. Paul Thurrott adds:Microsoft last provided a Windows 10 usage milestone on June 29, when it said that there were 350 million active Windows 10 devices. At that time, I noted that the Windows 10 adoption had accelerated from the previous milestone, hitting an average of almost 29 million new devices per month. But 50 million additional devices over three months is a much slower pace of about 17 million per month. This is the slowest rate since Windows 10 was first announced. Again, no surprise there: Windows 10 was free for its first year, and over that time period it averaged roughly 31.25 million new devices per month (if you assume a figure of 375 million after one year, as I do). Does this mean that Windows 10 will see fewer than 20 million new devices each month, on average, going forward? No, of course not. There's no way to accurately gauge how things will go, given that most future devices will be new PCs purchased by businesses or consumers, or business PCs upgraded to Windows 10.
Microsoft

Microsoft Patents A User-Monitoring AI That Improves Search Results (hothardware.com) 67

Slashdot reader MojoKid quotes a HotHardware article about Microsoft's new patent filing for an OS "mediation component": This is Microsoft's all-seeing-eye that monitors all textual input within apps to intelligently decipher what the user is trying to accomplish. All of this information could be gathered from apps like Word, Skype, or even Notepad by the Mediator and processed. So when the user goes to, for example, the Edge web browser to further research a topic, those contextual concepts are automatically fed into a search query.

The search engine (e.g., Bing and Cortana) uses contextual rankers to adjust the ranking of the default suggested queries to produce more relevant [results]. The operating system...tracks all textual data displayed to the user by any application, and then performs clustering to determine the user intent (contextually).

The article argues this feels "creepy and big brother-esque," and while Microsoft talks of defining a "task continuum," suggests the patent's process "would in essence keep track of everything you type and interact with in the OS and stockpile it in real-time to data-dump into Bing."
Security

Street Fighter V Update Installed Hidden Rootkits on PCs (theregister.co.uk) 120

Capcom's latest update for Street Fighter V was installing a secret rootkit on PCs. An anonymous Slashdot reader quotes The Register: This means malicious software on the system can poke a dodgy driver installed by Street Fighter V to completely take over the Windows machine. Capcom claims it uses the driver to stop players from hacking...to cheat. Unfortunately, the code is so badly designed, it opens up a full-blown local backdoor... it switches off a crucial security defense in the operating system, then runs whatever instructions are given to it by the application, and then switches the protection back on
Friday Capcom tweeted "We are in the process of rolling back the security measures added to the PC version of Street Fighter V." This prompted one user to reply, "literal rootkits are the opposite of security measures."
Microsoft

Tuesday Was Microsoft's Last Non-Cumulative Patch (helpnetsecurity.com) 213

There was something unique about this week's Patch Tuesday. An anonymous Slashdot reader quotes HelpNetSecurity: It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new 'monthly update packs' will be combined, so for instance, the November update will include all the patches from October as well.
Last month a Slashdot reader asked for suggestions on how to handle the new 'cumulative' updates -- although the most common response was "I run Linux."
Security

Malware Evades Detection By Counting Word Documents (threatpost.com) 68

"Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher's test environment," reports Threatpost, The Kaspersky Lab security news service. Slashdot reader writes: Once a computer is compromised, the malware will count the number of Word documents stored on the local drive; if it's more than two, the malware executes. Otherwise, it figures it's landed in a virtual environment or is executing in a sandbox and stays dormant.

A typical test environment consists of a fresh Windows computer image loaded into a VM. The OS image usually lacks documents and other telltale signs of real world use [according to SentinelOne researcher Caleb Fenton]. If no Microsoft Word documents are found, the VBA macro's code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.

Hardware

SolidRun x86 Braswell MicroSoM Runs Linux and Full Windows 10, Destroys Raspberry Pi (betanews.com) 205

BetaNews has a report today about a company called SolidRun, which has announced an Intel Braswell-based MicroSoM. Unlike the ARM-powered Raspberry Pi, this is x86 compatible, meaning it can run full Windows 10. Plus, if you install a Linux distro, there will be far more packages available, such as Google Chrome, which is not available for Pi. Heck, it can probably serve as a secondary desktop, Brian with the site writes. From the report: At 53mm by 40mm, these new MicroSoMs provide unheard of design flexibility while also eliminating the headache of having to design complicated power-delivery subsystems thanks to its single power input rail design. SolidRun's Braswell MicroSoM also offers flexibility in RAM options, ranging from 1GB to 8GB configurations, and offers on-board support of eMMC storage up to 128GB. Its robust design and unsurpassed HD Edge surveillance, event detection, and statistical data-extraction capabilities makes it the platform of choice for mission-critical applications requiring guaranteed reliability," says Solidrun.It starts at $117, the website has more details on specifications.
Java

TypeScript 2.0 Released (arstechnica.com) 86

An anonymous reader quotes a report from Ars Technica: Since its introduction, TypeScript has included new features to improve performance, enhance JavaScript compatibility, and extend the range of error checking that the TypeScript compiler performs. TypeScript 2.0 introduces a big step forward here by giving developers greater control over null values. null, used to denote (in some broad, hand-waving sense) that a variable holds no value at all, has been called the billion dollar mistake. Time and time again, programs trip up by not properly checking to see if a variable is null, and for good or ill, every mainstream programming language continues to support the null concept. TypeScript 2.0 brings a range of new features, but the biggest is control over these null values. With TypeScript 2.0, programmers can opt into a new behavior that by default prevents values from being null. With this option enabled, variables by default will be required to have a value and can't be set to null accidentally. This in turn allows the compiler to find other errors such as variables that are never initialized.
Microsoft

Microsoft Asked To Compensate After Windows 10 Update Bricked PCs (www.bgr.in) 177

Microsoft has been asked to pay compensation to customers who suffered malfunctions on their PCs when upgrading to Windows 10. Several customers have complained in the past one year about issues such as their computer upgrading to Windows 10 without their consent, and high-data usage due to automatic downloads of Windows 10 installation files in the background. The consumer watchdog has told Microsoft to "honor consumers' rights" and compensate those who have faced issues because of Windows 10. From a report:"Many people are having issues with Windows 10 and we believe Microsoft should be doing more to fix the problem," said Alex Neill, director of policy at Which? Of 2,500 people surveyed, who had upgraded to Windows 10, more than 12 percent said they ended up rolling back to their previous version of the operating system. More than half stated that this was because the upgrade had adversely affected their PC. "We rely heavily on our computers to carry out daily activities so, when they stop working, it is frustrating and stressful," Alex Neill, Director of Campaigns and Policy, was quoted as saying.
Microsoft

Lenovo Denies Claims It Plotted With Microsoft To Block Linux Installs (theregister.co.uk) 181

Reader kruug writes: Several users noted certain new Lenovo machines' SSDs are locked in a RAID mode, with AHCI removed from the BIOS. Windows is able to see the SSD while in RAID mode due to a proprietary driver, but the SSD is hidden from Linux installations -- for which such a driver is unavailable. Speaking to The Register today, a Lenovo spokesperson claimed the Chinese giant "does not intentionally block customers using other operating systems on its devices and is fully committed to providing Linux certifications and installation guidance on a wide range of products."
Complaints on Lenovo's forums suggest that users have been unable to install GNU/Linux operating systems on models from the Yoga 900S to the Ideapad 710S, with one 19-page thread going into detail about the BIOS issue and users' attempts to work around it.

Microsoft

Microsoft Signature PC Requirements Now Blocks Linux Installation: Reports 470

Reader sombragris writes: According to a well-documented forum thread, the Signature PC program by Microsoft now requires to lock down PCs. This user found out that his Lenovo Yoga 900 ISK2 UltraBook has the SSD in a proprietary RAID mode which Linux does not understand and the BIOS is also locked down so it could not be turned off. When he complained that he was unable to install Linux, the answer he got was: "This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft."
Even worse, as the original poster said, "[t]he Yoga 900 ISK2 at Best Buy is not labeled as a Signature Edition PC, but apparently it is one, and Lenovo's agreement with Microsoft includes making sure Linux can't be installed." As some commenter said: "If you buy a computer with this level of lockdown you should be told."

There is also a report on ZDNet which looks very understanding towards Lenovo, but the fact remains: the SSD is locked down in a proprietary RAID mode that cannot be turned off.
Mozilla

Firefox 49 Arrives With Improvements (venturebeat.com) 129

An anonymous reader writes: Mozilla today launched Firefox 49 for Windows, Mac, Linux, and Android. The new version includes expanded multi-process support, improvements to Reader Mode, and offline page viewing on Android. The built-in voice and video calling feature Firefox Hello, meanwhile, has been removed from the browser. First up, Firefox 49 brings two improvements to Reader Mode. You can now adjust the text (width and line spacing), fonts, and even change the theme from light to dark. There is also a new Narrate option that reads the content of the page aloud. Next is the Mozilla's crusade to enable multi-process support, a feature that has been in development for years as part of the Electrolysis project. With the release of Firefox 48, Mozilla enabled multi-process support for 1 percent of users, slowly ramping up to nearly half of the Firefox Release channel. Initial tests showed a 400 percent improvement in overall responsiveness.Mozilla says at least "half a billion people around the world" use its Firefox browser.
Open Source

Apple Releases Swift 3.0, 'Not Source-Compatibile With Swift 2.3' (infoworld.com) 148

An anonymous Slashdot reader quotes InfoWorld: "Move fast and break things," the saying goes. Apple does both with the 3.0 version of its Swift programming language...its first full point revision since it became an open source project... In a blog post detailing the full body of changes for Swift 3.0, Apple singled out the two biggest breaking changes. The first is better translation of Objective-C APIs into Swift, meaning that code imported from Objective-C and translated into Swift will be more readable and Swift-like. The bad news is any code previously imported from Objective-C into Swift will not work in Swift 3; it will need to be re-imported.

The other major change... Most every item referenced in the standard library has been renamed to be less wordy. But again, this brings bad news for anyone with an existing Swift codebase: Apple says "the proposed changes are massively source-breaking for Swift code, and will require a migrator to translate Swift 2 code into Swift 3 code."

Apple will provide migration tools in version 8.0 of their XCode IDE, "but such tools go only so far," notes the article, questioning what will happen to the Linux and Windows ports of Swift.
Open Source

Vim 8.0 Released! (google.com) 123

Long-time Slashdot reader MrKaos writes: The venerable and essential vim has had it's first major release in 10 years. Lots of new and interesting features including, vim script improvements, JSON support, messages exchange with background processes, a test framework and a bunch of Windows DirectX compatibility improvements. A package manager has been added to handle the ever-growing plug-in library, start-up changes and support for a lot of old platforms has been dropped. Many Vimprovements!
Education

Microsoft Weaponizes Minecraft In the War Over Classrooms (backchannel.com) 55

Minecraft: Education Edition offers lesson plans like "City Planning for Population Growth" and "Effects of Deforestation," and a June preview attracted more than 25,000 students and teachers from 40 different countries. Slashdot reader mirandakatz writes: In the two years since Microsoft acquired Minecraft's parent company, it's discovered a brilliant new direction to take the game: it's turning it into a tool for education, creating both an innovative approach to classroom technology and an inspired strategy for competing with Google and Apple in the ed-tech market. 'I actually never believed there would be a game that would really cross over between the commercial entertainment market and education in a mainstream way,' says cultural anthropologist Mimi Ito—but Minecraft has managed to do just that.
In 2015 Chromebooks represented over 50% of PC sales for U.S. schools, while Windows PC accounted for just 22%, the article reports. But Minecraft is the second best-selling game of all time, behind only Tetris, and in the two years since Microsoft acquired it, "Sales have doubled to almost 107 million copies sold... If you were to count each copy sold as representing one person, the resulting population would be the world's 12th largest country (after Japan)." And as the article points out, "wherever Minecraft goes, Microsoft is there."
Intel

Windows 10 Haters: Try Linux On Kaby Lake Chips With Dell's New XPS 13 (pcworld.com) 232

Attention Linux enthusiasts. Your OS of your choice can finally work on laptops with Intel's Kaby Lake chips. Dell is releasing three new models of slick XPS 13 Developer Edition that will be available with Ubuntu OS and 7th Generation Core processors in the U.S. and Canada starting on Oct. 10, reports PCWorld. From the article:Prices for XPS 13 DE will start at $949. Dell also announced the XPS 13 model with Kaby Lake and Windows 10, which will ship on Oct. 4 starting at $799. Dell didn't share details on what version of Ubuntu desktop OS will be preloaded. It officially supports Ubuntu 14.04 in existing laptops, but could pre-load version 16.04 on the new XPS 13 DE. Dell has remained committed to Linux while major PC vendors shift to Windows 10 on PCs. Intel made a major commitment to supporting Windows 10 with its new Kaby Lake chips but hasn't talked much about Linux support. XPS 13 DE is perhaps the sexiest and thinnest Linux laptop available, with an edge-to-edge screen being a stand-out feature. It is the latest in Dell's Project Sputnik line of laptops, and it is targeted at computer enthusiasts who want a Windows or Mac alternative. A knock against Linux is that the OS has lagged behind Windows on driver development and on supporting the latest technologies like USB-C ports, 4K screens, and Thunderbolt. Project Sputnik started four years ago as an effort between Dell and the open-source community to bridge that gap, and since then, the resulting laptops have achieved cult status among Linux enthusiasts. A Dell XPS 13 with a Core i5 chip will have a full HD screen, 8GB of RAM, and a 128GB SSD. Another configuration will have a 3200 x 1800-pixel screen, Core i5, and a 256GB SSD. A fully loaded model will have a Core i7 chip, a 512GB SSD, 16GB of RAM, and a 3200 x 1800-pixel screen.
Microsoft

Microsoft Has More Open Source Contributors On GitHub Than Facebook and Google (thenextweb.com) 118

An anonymous reader writes from a report via The Next Web: Microsoft CEO Satya Nadella has really embraced open source over the past couple of years. GitHub, a site that is home to a number of the web's biggest collaborative code projects, has counted more than 5.8 million active users on its platform over the past 12 months, and says that Microsoft has the most open source contributors. Microsoft has 16,419 contributors, beating out Facebook's 15,682 contributors, Docker's 14,059 contributors, and Google's 12,140 contributors. The Next Web reports: "Of course, this didn't happen overnight. In October 2014, it open sourced its .NET framework, which is the company's programming infrastructure for building and running apps and services -- a major move towards introducing more developers to its server-side stack. Since then, it's open sourced its Chakra JavaScript engine, Visual Studio's MSBuild compiling engine, the Computational Networks Toolkit for deep learning applications, its Xamarin tool for building cross-platform apps and most recently, PowerShell. It's also worth noting that the company's Visual Studio Code text editor made GitHub's list of repositories with the most contributors. You can check out these lists, as well as other data from GitHub's platform on this page." GitHub CEO Chris Wanstrath said in an interview with Fortune, "The big .Net project has more people outside of Microsoft contributing to it than people who work at Microsoft."
Microsoft

Microsoft Reproduces Google's Battery Life Test To Show Edge Beats Chrome (venturebeat.com) 132

Earlier this year, Microsoft said that its Edge browser was more power efficient than Google's Chrome, a claim that Google refuted with its own findings. But the debate isn't over. An anonymous reader writes: Microsoft is at it again -- touting Edge as the most battery-efficient browser on Windows 10. The company has rerun its battery tests from the previous quarter using the latest versions of the major browsers, open-sourced its lab test on GitHub, and published the full methodology. But this time, Microsoft says it also replicated one of Google's tests to show that Edge lasts longer than Chrome, Firefox, and Opera.
Windows

Desktop Apps Make Their Way Into the Windows Store (arstechnica.com) 74

With Windows 8, Microsoft introduced Windows Store, which consisted of "Metro / Modern UI" apps which worked best on touch capable devices. Since the release of Windows 8, many users complained that they wanted traditional apps -- the applications they had grown accustomed to -- to be included in Windows Store. This would have come in handy to especially Windows RT users, who couldn't easily get traditional applications installed on their devices. Well, guess, what, that's changing now. Though only for Windows 10 users who have gotten the Anniversary Update -- and guess what, many haven't and might not for another month and a half. At any rate, ArsTechnica elaborates: Until now, applications built for and sold through the Windows Store in Windows 10 have been built for the Universal Windows Platform (UWP), the common set of APIs that spans Windows 10 across all the many devices it supports. This has left one major category of application, the traditional desktop application built using the Win32 API, behind. Announced at Build 2015, codename Project Centennial -- now officially titled the Desktop App Converter -- is Microsoft's solution to this problem. It allows developers to repackage existing Win32 applications with few or no changes and sell them through the store. Applications packaged this way aren't subject to all the sandbox restrictions that UWP applications are, ensuring that most will work unmodified. But they are also given the same kind of clean installation, upgrading, and uninstallation that we've all come to expect from Store-delivered software. Centennial is designed to provide not just a way of bringing Win32 apps into the store; it also provides a transition path so that developers can add UWP-based functionality to their old applications on a piecemeal basis. Evernote, one of the launch applications, uses UWP APIs to include support for Live Tiles and Windows' notification system. In this way, developers can create applications that work better on Windows 10 but without having to rewrite them entirely for Windows 10.
Microsoft

Windows 10 Anniversary Update Rollout May Not Be Done Until Early November (zdnet.com) 88

Microsoft released Windows 10 Anniversary Update last month. But the trickling of the company's latest major update users could take as much as three months, the company has said. Many users have been complaining about not seeing an update pop-up on their system. When ZDNet's reporter Mary Jo Foley asked Microsoft about this, the company confirmed that it hadn't seeded the update to all Windows 10 users. From the report: Microsoft began rolling out the latest version of Windows 10, the Anniversary Update, on August 2. At that time, Microsoft officials said the rollout would be staggered, but didn't get too explicit as to how -- or how long it might take the company to push Windows 10 Anniversary to consumers and business users who are on the so-called Current Branch of Windows 10. It's worth repeating that those who really want the Anniversary Update immediately have options to proactively go get it. I received a Microsoft blast email just over a week ago that included a footnote that mentioned it might take up to three months for Microsoft to push the Anniversary Update to those set up to get it. That means those currently waiting may still have another month and a half to wait.

Slashdot Top Deals