Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Software

Windows 10 'Home Hub' Is Microsoft's Response To Amazon Echo and Google Home (mashable.com) 93

Microsoft's response to the Amazon Echo and Google Home is Home Hub, a software update for Windows 10's Cortana personal assistant that turns any Windows PC into a smart speaker of sorts. Mashable reports: Microsoft's smart digital assistant Cortana can already answer your queries, even if the PC's screen is locked. The Home Hub is tied to Cortana and takes this a few steps further. It would add a special app with features such as calendar appointments, sticky notes and shopping lists. A Home Hub-enabled PC might have a Welcome Screen, a full-screen app that displays all these, like a virtual fridge door. Multiple users (i.e. family members) could use the Home Hub, either by authenticating through Windows Hello or by working in a family-shared account. Cortana would get more powerful on Home Hub; it could, for example, control smart home devices, such as lights and locks. And even though all of this will work on any Windows 10 device -- potentially making the PC the center of your smart home experience -- third-party manufacturers will be able to build devices that work with Home Hub. You can read Windows Central's massive report here. Do note that Home Hub is not official and individual features could change over time. The update is slated for 2017.
Android

Google Is Rolling Out Android 7.1.1 (engadget.com) 73

Google is rolling out Android 7.1.1 for Pixel and Nexus smartphones, including the Nexus 6, Nexus 5X, Nexus 6P, Nexus 9, Pixel, Pixel XL, Nexus Player, Pixel C and General Mobile 4G (Android One). You can download it over-the-air when it becomes available "over the next several weeks" or flash it yourself. Engadget details some of the new features found in Android 7.1.1: As for what you can find from a feature perspective, Google has added support for its "image keyboard" that lets you easily find and send pictures and GIFs without leaving your messaging app of choice. Google says it'll work inside of Hangouts, Allo, and the default Messaging app. Ironically enough, the feature has been available in the Gboard iOS keyboard that Google launched in the spring, but it's good to see it coming to more Android phones now. Android 7.1.1 also includes Google's latest set of more diverse emoji, specifically focused on showing a "wider range of professions" for women. And it also contains the excellent app shortcut feature that originally launched on the Pixel -- if you press and hold on an app's icon, a sub-menu of shortcuts will show up. You'll be able to quickly send a message to a specific contact or navigate to a saved location using these shortcuts, for example. They're very much like the "force touch" shortcuts found on the iPhone, but that doesn't make them any less useful.
Open Source

Linux Mint 18.1 'Serena' BETA Ubuntu-based Operating System Now Available For Download (betanews.com) 132

BrianFagioli shares his story on Beta News: Feeling fatigued by Windows 10 and its constant updates and privacy concerns? Can't afford one of those beautiful new MacBook Pro laptops? Don't forget, Linux-based desktop operating systems are just a free download away, folks!

If you do decide to jump on the open source bandwagon, a good place to start is Linux Mint. Both the Mate and Cinnamon desktop environments should prove familiar to Windows converts, and since it is based on Ubuntu, there is a ton of compatible packages. Today, the first beta of Linux Mint 18.1 'Serena' becomes available for download.

Here's the release notes for both Cinammon and MATE.
Cloud

Canonical Sues Cloud Provider Over 'Unofficial' Ubuntu Images (ostatic.com) 47

An anonymous reader quotes OStatic's update on Canonical's lawsuit against a cloud provider: Canonical posted Thursday that they've been in a dispute with "a European cloud provider" over the use of their own homespun version of Ubuntu on their cloud servers. Their implementation disables even the most basic of security features and Canonical is worried something bad could happen and it'd reflect badly back on them... They said they've spent months trying to get the unnamed provider to use the standard Ubuntu as delivered to other commercial operations to no avail. Canonical feels they have no choice but to "take legal steps to remove these images." They're sure Red Hat and Microsoft wouldn't be treated like this.
Mark Shuttleworth, the founder of Ubuntu, wrote in his blog post that Ubuntu is "the leading cloud OS, running most workloads in public clouds today," whereas these homegrown images "are likely to behave unpredictably on update in weirdly creative and mysterious ways... We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that...

"To count some of the ways we have seen home-grown images create operational and security nightmares for users: clouds have baked private keys into their public images, so that any user could SSH into any machine; clouds have made changes that then blocked security updates for over a week... When things like this happen, users are left feeling let down. As the company behind Ubuntu, it falls to Canonical to take action."
Open Source

Devuan's Systemd-Free Linux Hits Beta 2 (theregister.co.uk) 320

Long-time Slashdot reader Billly Gates writes, "For all the systemd haters who want a modern distro feel free to rejoice. The Debian fork called Devuan is almost done, completing a daunting task of stripping systemd dependencies from Debian." From The Register: Devuan came about after some users felt [Debian] had become too desktop-friendly. The change the greybeards objected to most was the decision to replace sysvinit init with systemd, a move felt to betray core Unix principles of user choice and keeping bloat to a bare minimum. Supporters of init freedom also dispute assertions that systemd is in all ways superior to sysvinit init, arguing that Debian ignored viable alternatives like sinit, openrc, runit, s6 and shepherd. All are therefore included in Devuan.
Devuan.org now features an "init freedom" logo with the tagline, "watching your first step. Their home page now links to the download site for Devuan Jessie 1.0 Beta2, promising an OS that "avoids entanglement".
Operating Systems

Taking a Stand Against Unofficial Ubuntu Images (ubuntu.com) 103

Canonical isn't pleased with cloud providers who are publishing broken, insecure images of Ubuntu despite being notified several times. In a blogpost, Mark Shuttleworth, the founder of Ubuntu, and the Executive Chairman and VP, Product Strategy at Canonical, made the situation public for all to see. An excerpt from the blog post: We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that. We have spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail. We are now ready to take legal steps to remove these images. We will seek to avoid affecting existing running users, but we must act to prevent future users from being misled. We do not make this move lightly, but have come to the view that the value of Ubuntu to its users rests on these commitments to security, quality and updates.
Businesses

Cyanogen Inc and CyanogenMod Creator Steve Kondik Part Ways (ndtv.com) 74

bulled writes: In the middle of a press release discussing the move of employees from Seattle to California, Cyanogen Inc notes that it has parted ways with Steve Kondik. It is unclear what this means for the future of CyanogenMod. NDTV reports: "Kondik took to the official CyanogenMod developer Google+ community recently where he voiced what he thought were the reasons behind Cyanogen's plight and blamed Kirt McMaster, Cyanogen's Co-Founder. 'I've been pretty quiet about the stuff that's been going on but I'm at least ready to tell the short version and hopefully get some input on what to do next because CM is very much affected,' wrote Kondik in a private Google+ community first reported by Android Police. According to Kondik's version, Cyanogen's turmoil is way far from being over. He claimed that Cyanogen had seen success thanks to the efforts by the community and the company. Though, this also changed how the company worked. Explaining how it all started to come down, Kondik wrote, 'Unfortunately once we started to see success, my co-founder apparently became unhappy with running the business and not owning the vision. This is when the 'bullet to the head' and other misguided media nonsense started, and the bad business deals were signed. Being second in command, all I could do was try and stop it, do damage control, and hope every day that something new didn't happen. The worst of it happened internally and it became a generally shitty place to work because of all the conflict. I think the backlash from those initial missteps convinced him that what we had needed to be destroyed. By the time I was able to stop it, I was outgunned and outnumbered by a team on the same mission.' Kondik also seemingly confirmed a report from July which claimed Cyanogen may pivot to apps. He further wrote, 'Eventually I tried to salvage it with a pivot that would have brought us closer to something that would have worked, but the new guys had other plans. With plenty of cash in the bank, the new guys tore the place down and will go and do whatever they are going to do. It's probably for the best and I wish them luck, but what I was trying to do, is over.'"
Firefox

Firefox Zero-Day Can Be Used To Unmask Tor Browser Users (computerworld.com) 55

An anonymous reader quotes a report from Computerworld: A Firefox zero-day being used in the wild to target Tor users is using code that is nearly identical to what the FBI used in 2013 to unmask Tor-users. A Tor browser user notified the Tor mailing list of the newly discovered exploit, posting the exploit code to the mailing list via a Sigaint darknet email address. A short time later, Roger Dingledine, co-founder of the Tor Project Team, confirmed that the Firefox team had been notified, had "found the bug" and were "working on a patch." On Monday, Mozilla released a security update to close off a different critical vulnerability in Firefox. Dan Guido, CEO of TrailofBits, noted on Twitter, that "it's a garden variety use-after-free, not a heap overflow" and it's "not an advanced exploit." He added that the vulnerability is also present on the Mac OS, "but the exploit does not include support for targeting any operating system but Windows." Security researcher Joshua Yabut told Ars Technica that the exploit code is "100% effective for remote code execution on Windows systems." "The shellcode used is almost exactly the shellcode of the 2013 one," tweeted a security researcher going by TheWack0lian. He added, "When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn't looking at a 3-year-old post." He's referring to the 2013 payload used by the FBI to deanonymize Tor-users visiting a child porn site. The attack allowed the FBI to tag Tor browser users who believed they were anonymous while visiting a "hidden" child porn site on Freedom Hosting; the exploit code forced the browser to send information such as MAC address, hostname and IP address to a third-party server with a public IP address; the feds could use that data to obtain users' identities via their ISPs.
Security

Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com) 138

An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.
Privacy

Jolla's Sailfish OS Now Certified as Russian Government's First 'Android Alternative' (techcrunch.com) 98

The future for one of the few remaining alternative mobile OS platforms, Jolla's Sailfish OS, looks to be taking clearer shape. Today the Finnish company which develops and maintains the core code, with the aim of licensing it to others, announced Sailfish has achieved domestic certification in Russia for government and corporate use. TechCrunch adds:In recent years the Russian government has made moves to encourage the development of alternatives to the duopoly of US-dominated smartphone platforms, Android and Apple's iOS -- flagging Sailfish as one possibility, along with Tizen. Although Sailfish looks to have won out as the preferred Android alternative for Russia at this point. The government has said it wants to radically reduce its reliance on foreign mobile OSes -- to 50 per cent by 2025 vs the 95 per cent of the market garnered by Android and iOS in 2015. Sailfish's local certification in Russia also follows an announcement earlier this year that a new Russian company, Open Mobile Platform (OMP), had licensed the OS with the intention of developing a custom version of the platform for use in the domestic market. So, in other words, a Russian, strategic 'Android alternative' is currently being built on Sailfish.
Microsoft

Microsoft Exec Urges Linux Developers To Try Windows 10 (softpedia.com) 403

An anonymous reader shares a Softpedia article: Microsoft has finally acknowledged the potential that the open-source world in general, and Linux in particular, boasts, so the company is exploring its options to expand in this area with every occasion. Most recently, an episode posted on Channel 9 and entitled "Improvements to Bash on Windows and the Windows Console" with senior program manager Rich Turner calls for Linux developers to give up on their platforms for Windows 10. "Fire up a Windows 10 Insiders' build instance and run your code, run your tools, host your website on Apache, access your MySQL database from your Java code," he explained. Turner went on to point out that the Windows subsystem for Linux is there to provide developers with all the necessary tools to code just like they'd do it on Linux, all without losing the advantages of Windows 10. "Whatever it is that you normally do on Linux to build an application: whether it's in Go, in Erlang, in C, whatever you use, please, give it a try on Bash WSL, and importantly file bugs on us. It really makes our life a lot easier and helps us build a product that we can all use and be far more productive with, he continued. Editor's note: The original title from Softpedia was edited because it was misleading. A Microsoft employee doesn't represent the entire company (at least in this instant he wasn't speaking for the company), and at no point has he asked "all Linux developers" to "give up" on Linux.
Biotech

Brain Cancer Patients Live Longer By Sending Electric Fields Through Their Heads (ieee.org) 74

IEEE Spectrum reports on a "radical new weapon" against brain tumors -- only available since 2015. They profile a typical patient who "wears electrodes on her head all day and night to send an electric field through her brain, trying to prevent any leftover tumor cells from multiplying [and] goes about her business with a shaved head plastered with electrodes, which are connected by wires to a bulky generator she carries in a shoulder bag." the_newsbeagle writes: The Optune system, which bathes the brain tumor in an AC electric field, is the first new treatment to come along that seems to extend some patients' lives. New data on survival rates from a major clinical trial showed that 43% of patients who used Optune were still alive at the 2-year mark, compared to 30% of patients on the standard treatment regimen. At the 4-year mark, the survival rates were 17% for Optune patients and 10% for the others.
Patients have to re-shave their heads every few days and re-apply all the electrodes, but that's never been a problem, according to one patient. "If you have a condition which has no cure, it's a great motivator."
Microsoft

Microsoft Is Working On a New Design Language For Windows 10 Codenamed Project NEON (windowscentral.com) 66

An anonymous reader quotes a report from Windows Central: Microsoft has made several adjustments to its design language over the last few years, starting with Windows 8 and evolving into what we now know as "Microsoft Design Language 2" or MDL2 in Windows 10. With MDL2 being the current design language used throughout Windows 10, Microsoft has plans to begin using a much more streamlined design language with Redstone 3, codenamed Project NEON. Cassim Ketfi at Numerama.com confirms our information and has heard Project NEON called "basically Metro 2." That designation refers to the first Metro design language (nee Modern) that harkens to Windows Media Center up through Windows Phone 7 and Windows 8. Per our sources, Project NEON has been in the works for over a year internally at Microsoft. It builds upon the design language introduced with Windows 10, with its simple and clean interfaces, but adds some much-needed flair to the UI that the current design language just lacks. Details are still scarce, but we hear some of the new designs in the plans include adding more animations and transitions, with the overall goal of making the UI very fluid and "beautiful" compared to the current, almost static UI that is MDL2. One source familiar with Microsoft's plans described NEON as "Very fluid, lots of motion and nice transitions." Some more information about NEON reveals that it serves as a bridge between holographic and augmented reality (AR) and the desktop environment. It's a "UI that transports across devices" with a UX that maps to the physical world. It uses textures, 3D models, lighting and more.
Windows

Microsoft Shares Windows 10 Telemetry Data With Third Parties (betanews.com) 175

An anonymous reader shares a report: To help with the smooth running of Windows 10, and to get an idea of how users interact with the operating system, Microsoft collects telemetry data, which includes information on the device Windows 10 is running on, a list of installed apps, crash dumps, and more. Telemetry data recorded by Windows 10 is, in a nutshell, just technical information about the device the OS is on, and how Windows and any installed software is performing, but it can occasionally include personal information. If you're worried about that, the news that Microsoft is sharing telemetry data with third parties might concern you. Microsoft recently struck a deal with security firm FireEye to provide access to Windows 10 telemetry data, in exchange for having FireEye's iSIGHT Threat Intelligence technology included in its Windows Defender Advanced Threat Protection service. WDATP is an enterprise security product that helps enterprises detect, investigate, and respond to advanced attacks on their networks and is different from the free version of Windows Defender. The upsides of the deal are obvious for both Microsoft and FireEye, and enterprise customers will certainly benefit from the partnership. It's not known exactly what data Microsoft has made available to FireEye, but in a detailed TechNet article on its telemetry gathering the software giant originally said: "Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management."
Open Source

Apple Releases macOS 10.12 Sierra Open Source Darwin Code (9to5mac.com) 134

An anonymous reader writes:Apple has released the open source Darwin code for macOS 10.12 Sierra. The code, located on Apple's open source website, can be accessed via direct link now, although it doesn't yet appear on the site's home page. The release builds on a long-standing library of open source code that dates all the way back to OS X 10.0. There, you'll also find the Open Source Reference Library, developer tools, along with iOS and OS X Server resources. The lowest layers of macOS, including the kernel, BSD portions, and drivers are based mainly on open source technologies, collectively called Darwin. As such, Apple provides download links to the latest versions of these technologies for the open source community to learn and to use.
Music

Security Researchers Can Turn Headphones Into Microphones (techcrunch.com) 122

As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called "Speake(a)r," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.
Bug

Malicious Video Link Can Cause Any iOS Device To Freeze (9to5mac.com) 53

A new bug in iOS has surfaced that will cause any iOS device to freeze when trying to view a certain .mp4 video in Safari. YouTube channel EverythingApplePro explains the bug in a video titled "This Video Will CRASH ANY iPhone!" 9to5Mac reports: As you'll see in the video below from EverythingApplePro, viewing a certain video in Safari will cause iOS to essentially overload and gradually become unusable. We won't link the infectious video here for obvious reasons, but you can take our word for it when we say that it really does render your device unusable. It's not apparently clear as to why this happens. The likely reason is that it's simply a corrupted video that's some sort of memory leak and when played, iOS isn't sure how to properly handle it, but there's like more to it than that. Because of the nature of the flaw, it isn't specific to a certain iOS build. As you can see in the video below, playing the video on an iPhone running as far back as iOS 5 will cause the device to freeze and become unusable. Interestingly, with iOS 10.2 beta 3, if you let an iPhone affected by the bug sit there for long enough, it will power off and indefinitely display the spinning wheel that you normally see during the shutdown process. If someone sends you the malicious link and you fall for it, this is luckily a pretty easy problem to fix. All you have to do is hard reboot your device. For any iPhone but the iPhone 7, this can be done by long-pressing the power and Home buttons at the same time. The iPhone 7, of course, uses a new non-mechanical Home button. In order to reboot an iPhone 7, you must long-press the power button and volume down button at the same time.
Open Source

Tor-Enabled Smartphone Is Antidote To Google 'Hostility' Over Android, Says Developer (arstechnica.com) 39

An anonymous reader quotes a report from Ars Technica: The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone -- an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ars earlier this year. "The prototype is meant to show a possible direction for Tor on mobile," Perry wrote in a blog post. "We are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users." To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal. The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys." While strong Linux geekcraft is required to install and maintain the prototype, Perry stressed that the phone is also aimed at provoking discussion about what he described as "Google's increasing hostility towards Android as a fully Open Source platform." Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router.
Desktops (Apple)

Fedora 25 Now Available -- Makes It Easier To Switch From Windows 10 Or Mac (betanews.com) 154

Reader BrianFagioli writes: After the release of both alpha and beta versions, Fedora 25 is officially here and ready for production machines. If you aren't familiar with the popular Linux-based operating system, please know that it is the distribution of choice for the founder of the Linux kernel, Linus Torvalds. One of the most endearing qualities of Fedora is its focus on only offering truly free open source software. Also, you can always count on a very modern version of the Linux kernel being available. Despite having very up-to-date packages, it is always very stable too. My favorite aspect, however, is the commitment to the GNOME desktop environment; other DEs are available, though. The team says, "Fedora 25 Workstation now makes it easier to for Windows and OS X users to get started, with Fedora Media Writer serving as the default download for those operating systems. This tool helps users find and download the current Fedora release and write it to removable media, like a USB stick, allowing potential Fedora users to 'test drive' the operating system from that media environment. Fedora can then be installed to their systems with the same process".
Open Source

A Windows 10 Alternative: Ubuntu-Based Zorin OS Linux Distro (betanews.com) 191

"With a click of a button, you can change the desktop layout to match that of Windows versions and Gnome 3. The Ultimate edition...also features Ubuntu, Gnome 2 and macOS-like layouts." BrianFagioli shares an article about a Linux-based operating system "designed for Windows-switchers." While the company does charge for an "Ultimate" version, the "Core" edition of Zorin OS 12 is entirely free... "As Zorin OS 12 is based on Ubuntu 16.04 LTS, it will be supported with security updates until April 2021. This makes Zorin OS 12 the ideal choice for large deployments in businesses, governments, schools and organisations", says The Zorin OS Team"... Zorin OS features some really great features, such as Google Drive integration with the file browser.
Although unlike Windows 10, its default browser is Chromium.

Slashdot Top Deals