Microsoft

Microsoft and GitHub Team Up To Take Git Virtual File System To MacOS, Linux (arstechnica.com) 135

An anonymous reader writes: One of the more surprising stories of the past year was Microsoft's announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client. That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux. Microsoft says that, so far, about half of its modifications have been accepted upstream, with upstream Git developers broadly approving of the approach the company has taken to improve the software's scaling. Redmond also says that it has been willing to make changes to its approach to satisfy the demands of upstream Git. The biggest complexity is that Git has a very conservative approach to compatibility, requiring that repositories remain compatible across versions.

Microsoft and GitHub are also working to bring similar capabilities to other platforms, with macOS coming first, and later Linux. The obvious way to do this on both systems is to use FUSE, an infrastructure for building file systems that run in user mode rather than kernel mode (desirable because user-mode development is easier and safer than kernel mode). However, the companies have discovered that FUSE isn't fast enough for this -- a lesson Dropbox also learned when developing a similar capability, Project Infinite. Currently, the companies believe that tapping into a macOS extensibility mechanism called Kauth (or KAuth) will be the best way forward.

Android

Even New Phones Are No Longer Guaranteed To Have the Latest Version of Android (theverge.com) 152

Vlad Savov, writing for The Verge: The OnePlus 5T and Razer Phone are two fundamentally different devices, which are nonetheless united by one unfortunate downside: both of them are going on sale this month without the latest version of Android on board. OnePlus will tell you that this issue is down to its extremely stringent testing process, while Razer offers a similar boilerplate about working as fast as possible to deliver Android Oreo. But we're now three months removed from Google's grand Oreo launch, timed to coincide with this summer's total eclipse, and all of these excuses are starting to ring hollow. Why do Android companies think they can ship new devices without the latest and best version of the operating system on board? The notorious fragmentation problem with Android has always been that not every device gets the latest update at the same time, and many devices get stuck on older software without ever seeing an update at all. What's changed now is that the "one version behind the newest and best" phenomenon is starting to infect brand new phones as well. The 5T and Razer Phone are just two examples; there's also Xiaomi, which just launched its Mi Mix 2 in Spain with 2016's Android Nougat as the operating system.
IOS

iOS 11 'Is Still Just Buggy as Hell' (gizmodo.com) 223

It is becoming increasingly apparent that iOS 11, the current generation of Apple's mobile operating system, is riddled with more issues than any previous iOS version in the recent years. Two months ago, in a review, titled, "iOS 11 Sucks", a reporter at the publication wrote: I'm using iOS 11 right now, and it makes me want to stab my eyes with a steel wire brush until I get face jam. Gizmodo today reviews iOS 11 after living with the current software version for two months: It's been two full months since Apple released iOS 11 to millions and millions of devices worldwide, and the software is still just buggy as hell. Some of the glitches are ugly or just unexpected from a company that has built a reputation for flawless software. Shame on me for always expecting perfection from an imperfect company, I guess. But there are some really bad bugs, so bad that I can't use the most basic features on my phone. They popped up, when I upgraded on release day. They're still around after two months and multiple updates to iOS. Shame on Apple for ignoring this shit. Now, let me show you my bugs. The worst one also happens to be one I encounter most frequently. Sometimes, when I get a text, I'll go to reply in the Messages app but won't be able to see the latest message because the keyboard is covering it up. I also can't scroll up to see it, because the thread is anchored to the bottom of the page. The wackiest thing is that sometimes I get the little reply box, and sometimes I don't. The only way I'm able to text like normal is to tap the back arrow to take me to all my messages and then go back into the message through the front door. [...] Other native iOS 11 apps have bugs, too. Until a recent update, my iPhone screen would become unresponsive which is a problem because touching the screen is almost the only way to use the device.
Security

Bluetooth Hack Affects 20 Million Amazon Echo, Google Home Devices (thehackernews.com) 39

In September, security researchers discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. We have now learned that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities. The Hacker News reports: Amazon Echo is affected by the following two vulnerabilities: a remote code execution vulnerability in the Linux kernel (CVE-2017-1000251); and an information disclosure flaw in the SDP server (CVE-2017-1000250). Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android. Whereas, Google Home devices are affected by one vulnerability: information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785). This Android flaw can also be exploited to cause a denial-of-service (DoS) condition. Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack. The security firm [Armis, who disclosed the issue] notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.
China

All 500 of the World's Top 500 Supercomputers Are Running Linux (zdnet.com) 287

Freshly Exhumed shares a report from ZDnet: Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list. Today, it finally happened: All 500 of the world's fastest supercomputers are running Linux. The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the November 2017 TOP500 Supercomputer list. When the first TOP500 supercomputer list was compiled in June 1993, Linux was barely more than a toy. It hadn't even adopted Tux as its mascot yet. It didn't take long for Linux to start its march on supercomputing.

From when it first appeared on the TOP500 in 1998, Linux was on its way to the top. Before Linux took the lead, Unix was supercomputing's top operating system. Since 2003, the TOP500 was on its way to Linux domination. By 2004, Linux had taken the lead for good. This happened for two reasons: First, since most of the world's top supercomputers are research machines built for specialized tasks, each machine is a standalone project with unique characteristics and optimization requirements. To save costs, no one wants to develop a custom operating system for each of these systems. With Linux, however, research teams can easily modify and optimize Linux's open-source code to their one-off designs.
The semiannual TOP500 Supercomputer List was released yesterday. It also shows that China now claims 202 systems within the TOP500, while the United States claims 143 systems.
GNOME

Fedora 27 Released (fedoramagazine.org) 65

The Fedora Project has announced the general availability of Fedora 27 Workstation and Fedora 27 Atomic editions. Fedora 27 brings with it "thousands of improvements" from both the Fedora Community and various upstream software projects, the team said on Tuesday. From a post on Fedora Magazine: The Workstation edition of Fedora 27 features GNOME 3.26. In the new release, both the Display and Network configuration panels have been updated, along with the overall Settings panel appearance improvement. The system search now shows more results at once, including the system actions. GNOME 3.26 also features color emoji support, folder sharing in Boxes, and numerous improvements in the Builder IDE tool. The new release also features LibreOffice 5.4.
Android

Google To Kill a Bunch of Useful Android Apps That Rely On Accessibility Services (androidpolice.com) 105

Slashdot reader Lauren Weinstein writes from a blog: My inbox has been filling today with questions regarding Google's new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with "disabilities" (a term not defined by Google in the warning). Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided. "While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.)," reports Android Police. "LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API." It's likely Google is cracking down on apps that use Accessibility Services due to the security risks they pose. "Once granted the right permissions, the API can be used to read data from other apps," reports Android Police.
Cellphones

New Samsung Video Demos Linux on Galaxy Smartphones (liliputing.com) 100

Slashdot reader boudie2 tipped us off to some Linux news. Liliputing reports: Samsung's DeX dock lets you connect one of the company's recent phones to an external display, mouse, and keyboard to use your phone like a desktop PC... assuming you're comfortable with a desktop PC that runs Android. But soon you may also be able to use your Android phone as a Linux PC [and] the company has released a brief video that provides more details. One of those details? At least one of the Linux environments in question seems to be Ubuntu 16.04... While that's the only option shown, the fact that it does seem to be an option suggests you may be able to run different Linux environments as well.

Once Ubuntu is loaded, the video shows a user opening Eclipse, an integrated development environment that's used to create Java (and Android apps). In other words, you can develop apps for Android phones with ARM-based processors on an Android phone with an ARM-based processor.

Samsung promised in October that its Linux on Galaxy app will ultimately let users "run their preferred Linux distribution on their smartphones utilizing the same Linux kernel that powers the Android OS."
Bug

Researchers Run Unsigned Code on Intel ME By Exploiting USB Ports (thenextweb.com) 171

Slashdot user bongey writes: A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. The claim is different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine.
"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."

They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."
Desktops (Apple)

Ask Slashdot: What Should A Mac User Know Before Buying a Windows Laptop? 449

New submitter Brentyl writes: Hello Slashdotters, longtime Mac user here faced with a challenge: Our 14-year-old wants a Windows laptop. He will use it for school and life, but the primary reason he wants Windows instead of a MacBook is gaming. I don't need a recommendation on which laptop to buy, but I do need a Windows survival kit. What does a fairly savvy fellow, who is a complete Windows neophyte, need to know? Is the antivirus/firewall in Windows 10 Home sufficient? Are there must-have utilities or programs I need to get? When connecting to my home network, I need to make sure I ____? And so on... Thanks in advance for your insights.
Google

Google Working To Remove MINIX-Based ME From Intel Platforms (tomshardware.com) 180

An anonymous reader quotes a report from Tom's Hardware: Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world. Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn't much public knowledge of the workings of the ME, especially in its current state. It's not even clear where the hardware is physically located anymore.

What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.

Windows

Windows 10's Version of AirDrop Lets You Quickly Share Files Between PCs (theverge.com) 108

Microsoft is testing its "Near Share" feature of Windows 10 in the latest Insider build (17035) today, which will let Windows 10 PCs share documents or photos to PCs nearby via Bluetooth. The Verge reports: A new Near Share option will be available in the notification center, and the feature can be accessed through the main share function in Windows 10. Files will be shared wirelessly, and recipients will receive a notification when someone is trying to send a file. Microsoft's addition comes just a day after Google unveiled its own AirDrop-like app for Android.
Security

Linux Has a USB Driver Security Problem (bleepingcomputer.com) 156

Catalin Cimpanu, reporting for BleepingComputer: USB drivers included in the Linux kernel are rife with security flaws that in some cases can be exploited to run untrusted code and take over users' computers. The vast majority of these vulnerabilities came to light on Monday, when Google security expert Andrey Konovalov informed the Linux community of 14 vulnerabilities he found in the Linux kernel USB subsystem. "All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine," Konovalov said. The 14 flaws are actually part of a larger list of 79 flaws Konovalov found in Linux kernel USB drivers during the past months. Not all of these 79 vulnerabilities have been reported, let alone patched. Most are simple DoS (Denial of Service) bugs that freeze or restart the OS, but some allow attackers to elevate privileges and execute malicious code.
Stats

No, the Linux Desktop Hasn't Jumped in Popularity (zdnet.com) 187

An anonymous reader quotes ZDNet: Stories have been circulating that the Linux desktop had jumped in popularity and was used more than macOS. Alas, it's not so... These reports have been based on NetMarketShare's desktop operating system analysis, which showed Linux leaping from 2.5 percent in July, to almost 5 percent in September. But unfortunately for Linux fans, it's not true... It seems to be merely a mistake. Vince Vizzaccaro, NetMarketShare's executive marketing share of marketing told me, "The Linux share being reported is not correct. We are aware of the issue and are currently looking into it"...

For the most accurate, albeit US-centric operating system and browser numbers, I prefer to use data from the federal government's Digital Analytics Program (DAP). Unlike the others, DAP's numbers come from billions of visits over the past 90 days to over 400 US executive branch government domains... DAP gets its raw data from a Google Analytics account. DAP has open-sourced the code, which displays the data on the web and its data-collection code... In the US Analytics site, which summarizes DAP's data, you will find desktop Linux, as usual, hanging out in "other" at 1.5 percent. Windows, as always, is on top with 45.9 percent, followed by Apple iOS, at 25.5 percent, Android at 18.6 percent, and macOS at 8.5 percent.

The article does, however, acknowledge that Linux's real market share is probably a little higher simply because "no one, not even DAP, seems to do a good job of pulling out the Linux-based Chrome OS data."
Security

Experts Propose Standard For IoT Firmware Updates (bleepingcomputer.com) 61

An anonymous reader quotes a report from Bleeping Computer: Security experts have filed a proposal with the Internet Engineering Task Force (IETF) that defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Filed on Monday by three ARM employees, their submission has entered the first phase of a three-stage process for becoming an official Internet standard. Titled "IoT Firmware Update Architecture," their proposal -- if approved -- puts forward a series of ground rules that device makers could implement when designing the firmware update mechanism for their future devices. The proposed rules are nothing out of the ordinary, and security experts have recommended and advocated for most of these measures for years. Some hardware vendors are most likely already compliant with the requirements included in this IETF draft. Nonetheless, the role of this proposal is to have the IETF put forward an official document that companies could use as a baseline when designing the architecture of future products. This document could also serve as a general guideline for lawmakers who could draft regulations forcing manufacturers to adhere to this baseline. Some of the main requirements put forward by three ARM engineers in their IETF draft include: The update mechanism must work the same even if the firmware binary is delivered via Bluetooth, WiFi, UART, USB, or other mediums; The update mechanism must work in a broadcast type of delivery, allowing updates to reach multiple users at once; End-to-end security (public key cryptography) must be used to verify and validate firmware images.
Microsoft

Microsoft Quietly Announces End of Last Free Windows 10 Upgrade Offer (zdnet.com) 147

Ed Bott, writing for ZDNet: If you've been waiting to claim your free Windows 10 upgrade using the "assistive technologies" exception, you need to act soon. In a quiet change to an obscure web page, Microsoft announced this week that those exceptions will end on December 31, 2017. On July 29, 2016, Microsoft officially ended the Get Windows 10 program, which offered free Windows 10 upgrades to anyone currently running a supported earlier version of Windows. But the company left a giant loophole in a separate announcement at the same time. Under the terms of that announcement, individuals who use "assistive technologies" received an automatic extension of the free upgrade offer. Sometime in the past week, Microsoft quietly edited that page, to add "The accessibility upgrade offer expires on December 31, 2017."
Google

Some Google Pixel 2 XL Units Shipped Without an Operating System (androidpolice.com) 34

Corbin Davenport, writing for AndroidPolice: Some Pixel 2 XL units are being shipped without Android properly installed. Obviously, the phone can't boot without the OS. It may be possible to flash a factory image, since fastboot is supposed to allow signed images to be flashed with the bootloader still locked, but the affected phones could have other problems that prevent this from working. The company confirmed the veracity of the story, but did not share more details. It said, however, that the issue had been resolved.
AI

Apple Uses Machine Learning To Chronicle All the Bra Pics On Your iPhone (vice.com) 115

New submitter bumblebaetuna shares a report from Motherboard: It's already well known that iOS 11 included some advanced updates to the phone's artificial intelligence, and this includes improving the photo app's ability to identify and categorize what is in each of your photos. There are thousands of objects the phone can identify, ranging from "abacus" to "zucchini." Weirdly, despite not having categories for, say, "nude," or "underwear," there are multiple categories for bra: brassiere, bandeau, bandeaus, bra, bras, and brassieres. Searching for this folder in your photos app may reveal an unexpected surprise. Though there are some pretty archaic terms like "homburg," "habiliment," and "danseuse," the "bra" category is unusual compared to the other quotidian labels the app slaps on your photos, and is as risque as the terms get.
Blackberry

BlackBerry CEO Promises To Try To Break Customers' Encryption If the US Government Asks Him To (techdirt.com) 107

An anonymous reader writes from a report via Techdirt that claims the company has "chosen to proclaim its willingness to hack into its own customers' devices if the government asks." From the report: From a Forbes article: "[CEO John] Chen, speaking at a press Q&A during the BlackBerry Security Summit in London on Tuesday, claimed that it wasn't so simple for BlackBerry to crack its own protections. 'Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption? 'Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done.'"

Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors. This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with U.S. law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users. From the Forbes article: "Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. 'No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world.'"

Slashdot Top Deals