IT

Developer Accidentally Deletes Three-Month of Work With Visual Studio Code (bingj.com) 681

New submitter joshtops writes: A developer accidentally three-month of his work. In a post, he described his experience, "I had just downloaded VScode as an alternative and I was just playing with the source control option, seeing how it wanted to stage -- five thousand files -- I clicked discard... AND IT DELETED ALL MY FILES, ALL OF THEM, PERMANENTLY! How the f*uk is this s*it possible, who the hell is the d******* who made the option to permanently delete all the files on a project by accident even possible? Cannot even find them in the Recycle Bin!!!! I didn't even thought that was possible on Windows!!! F*ck this f*cking editor and f*ck whoever implemented this option. I wish you the worst.'
Desktops (Apple)

In Defense of the Popular Framework Electron (dev.to) 132

Electron, a popular framework that allows developers to write code once and seamlessly deploy it across multiple platforms, has been a topic of conversation lately among developers and users alike. Many have criticised Electron-powered apps to be "too memory intensive." A developer, who admittedly uses a high-end computer, shares his perspective: I can speak for myself when I say Electron runs like a dream. On a typical day, I'll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. [...] So, how does it feel to run this bloat train of death every day? Well, it feels like nothing. I don't notice it. My laptop doesn't get hot. I don't hear the fan. I experience no lags in any application. [...] But aside from how it makes end-users feel, there is an arguably more important perspective to be had: how it makes software companies feel. For context, the project I work in is an open-source cross-platform notes app that's available on most platforms, including web, Mac, Windows, Linux, iOS, and Android. All the desktop applications are based off the main web codebase, and are bundled using Electron, while the iOS and Android app use their own native codebases respectively, one in Swift and the other in Kotlin. And as a new company without a lot of resources, this setup has just barely allowed us to enter the marketplace. Three codebases is two too many codebases to maintain. Every time we make a change, we have to make it in three different places, violating the most sacred tenet of computer science of keeping it DRY. As a one-person team deploying on all these platforms, even the most minor change will take at minimum three development days, one for each codebase. This includes debugging, fixing, testing, bundling, deploying, and distributing every single codebase. This is by no means an easy task.
Microsoft

We're Not Walking Away From Continuum, Says HP (theregister.co.uk) 44

An anonymous reader shares a report: While Windows roadmaps purportedly leaked to a blog last week appear to have a big hole in them where mobile should be, HP Inc tells us it has been assured by Redmond there are no plans to drop Continuum. HP is the sole major mobile vendor committed to the Windows Mobile Edition of Windows 10 and bet big on Continuum, the multimode "use-your-phone-as-a-PC" feature on which some of HP's ambitions rest. El Reg was impressed by HP's plans to build an ecosystem around the multi-mode capabilities of the HP Elite x3 phone, which doubles up as a PC replacement. (Or tries to.) Launching in over 50 markets, the ecosystem includes a streaming apps service HP Workplace to fill in the app gap, and even a "lap dock." HP pitched it at field workers and verticals. The only thing letting Inc-ers down was the quality of the software from Microsoft. Spring came and went without the expected improvements to Continuum. Unauthorised briefings last week suggest the Windows Mobile branch of Windows 10 is now an orphan.
Mozilla

64-bit Firefox is the New Default on 64-bit Windows (mozilla.org) 178

An anonymous reader shares a blog post: Users on 64-bit Windows who download Firefox will now get our 64-bit version by default. That means they'll install a more secure version of Firefox, one that also crashes a whole lot less. How much less? In our tests so far, 64-bit Firefox reduced crashes by 39% on machines with 4GB of RAM or more.
Debian

OpenSource.com Test-Drives Linux Distros From 1993 To 2003 (opensource.com) 79

An anonymous reader quotes OpenSource.com: A unique trait of open source is that it's never truly EOL (End of Life). The disc images mostly remain online, and their licenses don't expire, so going back and installing an old version of Linux in a virtual machine and getting a precise picture of what progress Linux has made over the years is relatively simple... Whether you're new to Linux, or whether you're such an old hand that most of these screenshots have been more biographical than historical, it's good to be able to look back at how one of the largest open source projects in the world has developed. More importantly, it's exciting to think of where Linux is headed and how we can all be a part of that, starting now, and for years to come.
The article looks at seven distros -- Slackware 1.01 (1993), Debian 0.91 (1994), Jurix/S.u.S.E. (1996), SUSE 5.1 (1998), Red Hat 6.0 (1999), Mandrake 8.0 (2001), and Fedora 1 (2003). Click through for some of the highlights.
Democrats

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com) 191

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.
Microsoft

Microsoft Dismisses Consumer Reports' Surface Complaints, But Doesn't Offer Much Evidence 66

Microsoft has publicly responded to Consumer Reports, saying that it disagrees with the publication's Surface reliability findings. But the company hasn't offered much in the way of evidence. In a blog post, Surface chief Panos Panay writes: In the Surface team we track quality constantly, using metrics that include failure and return rates -- both our predicted 1-2-year failure and actual return rates for Surface Pro 4 and Surface Book are significantly lower than 25%. Additionally, we track other indicators of quality such as incidents per unit (IPU), which have improved from generation to generation and are now at record lows of well below 1%. Surface also ranks highly in customer satisfaction. 98% of Surface Pro 4 users and Surface Book users say they are satisfied with their device, and our Surface Laptop and new Surface Pro continue to get rave reviews. Long-time watcher Paul Thurrott writes: Does changing the time frame from "by the end of the second year of ownership" to "1-2 year failure rate" skew the results because more failures happen later in a product's lifetime? Also, he introduces the notion of "return rates" here. By definition, the feedback that Consumer Reports receives is from product owners, not those who have returned products. If someone is almost two years into device ownership, they are not returning the product. They're just using it. And dealing with it. So consider the issue muddled, in just one carefully-constructed sentence. Which I believe was crafted to confuse the issue. But there is more. "Additionally, we track other indicators of quality such as incidents per unit (IPU), which have improved from generation to generation and are now at record lows of well below 1 percent," Panay offers. It's not possible to understand how an "incident" relates to a "failure." Mostly because he doesn't explain the term. Likely because doing so would betray that this is an apples to oranges comparison. [...] I will point the reader to Welcome to Surfacegate, my description of Microsoft's feeble attempts to ignore and then slowly fix endemic issues with those exact two Surface models. And anecdotally, I'll point to the fact that the three Surface Book models I've used have all had reliability problems. But the biggest issue I have with "customer satisfaction" is that it's kind of a bullshit measurement when it comes to premium products.
Oracle

Oracle Fiddles With Major Database Release Cycle Numbers (theregister.co.uk) 69

An anonymous reader shares a report: Big Red has changed its database release cycle, scrapping names that see decimal points and numbers added on for an indeterminate amount of time, instead plumping for annual releases numbered by the year. So what would have been Oracle Database 12.2.0.2 will now be Oracle Database 18; 12.2.0.3 will come out a year later, and be Oracle Database 19. The approach puts Oracle only about 20 years behind Microsoft in adopting a year-based naming convention (Microsoft still uses years to number Windows Server, even though it stopped for desktop versions when it released XP). [...] Well, Big Red will surely be using the revamp as a way to boost sales of database licences -- a crucial part of its business -- which have been in decline for two years running. In fiscal 2016, Oracle reported a 12 per cent drop in annual sales of new software licences, and its most recent results for fiscal 2017 revealed a further 5 per cent drop. And, for all that Oracle has shouted about its cloudy success of late, it isn't yet a major money-maker for the biz. New software license sales make up a quarter of overall revenue, while support for that software makes up a further 45 per cent. In part, the new numbering will be a handy marketing ploy. Rather than playing with the decimal points, a release with a new whole number could be an attempt to give the impression of agility in the face of younger, fresher competitors. Meanwhile, fewer patches and releases on each system also allows Oracle to know more quickly, and more accurately, what security features each customer has. The annual numbering system is also a very simple way of telling you your system is old.
Microsoft

Kaspersky Drops Antitrust Complaint After Microsoft Promises To Make Changes To Windows 10 (theverge.com) 31

Security firm Kaspersky said Thursday it was withdrawing its European antitrust complaint against Microsoft after the software giant promised to make changes to the upcoming Windows 10 Fall Creators Update that have appeased Kaspersky and help its anti-virus software provide notifications and alerts to renew virus definitions. From a report: Kaspersky originally filed its complaint back in June, claiming that Microsoft disabled its anti-virus software during Windows upgrades and that the software maker was using its dominance to "fiercely promote" its own Windows Defender software. Microsoft admitted in late June that Windows 10 prompts to install a new version of anti-virus from third parties like Kaspersky after an update, but it disables the old version if it's not compatible. Microsoft now says it "will work more closely with AV vendors to help them with compatibility reviews in advance of each feature update becoming available to customers." The software maker will also provide better visibility of release schedules for Windows 10 updates, giving anti-virus vendors more time to test changes.
AI

Blizzard and DeepMind Turn StarCraft II Into An AI Research Lab (techcrunch.com) 52

Last year, Google's AI subsidiary DeepMind said it was going to work with Starcraft creator Blizzard to turn the strategy game into a proper research environment for AI engineers. Today, they're opening the doors to that environment, with new tools including a machine learning API, a large game replay dataset, an open source DeepMind toolset and more. TechCrunch reports: The new release of the StarCraft II API on the Blizzard side includes a Linux package made to be able to run in the cloud, as well as support for Windows and Mac. It also has support for offline AI vs. AI matches, and those anonymized game replays from actual human players for training up agents, which is starting out at 65,000 complete matches, and will grow to over 500,000 over the course of the next few weeks. StarCraft II is such a useful environment for AI research basically because of how complex and varied the games can be, with multiple open routes to victory for each individual match. Players also have to do many different things simultaneously, including managing and generating resources, as well as commanding military units and deploying defensive structures. Plus, not all information about the game board is available at once, meaning players have to make assumptions and predictions about what the opposition is up to.

It's such a big task, in fact, that DeepMind and Blizzard are including "mini-games" in the release, which break down different subtasks into "manageable chunks," including teaching agents to master tasks like building specific units, gathering resources, or moving around the map. The hope is that compartmentalizing these areas of play will allow testing and comparison of techniques from different researchers on each, along with refinement, before their eventual combination in complex agents that attempt to master the whole game.

Microsoft

Microsoft Dumps Notorious Chinese Secure Certificate Vendor (zdnet.com) 57

Soon, neither Internet Explorer nor Edge will recognize new security certificates from Chinese Certificate Authorities WoSign and its subsidiary StartCom. ZDNet reports: A CA is a trusted entity that issues X.509 digital certificates that verify a digital entity's identity on the internet. Certificates include its owner's public key and name, the certificate's expiration date, encryption method, and other information about the public key owner. Typically, these are used to secure websites with the https protocol, lock down internet communications with Secure Sockets Layer and Transport Layer Security (SSL/TLS), and secure virtual private networks (VPNs). A corrupted certificate is barely better than no protection at all. It can be used to easily hack websites and "private" internet communications.

Microsoft has joined [Mozilla, Google and Apple] in abandoning trust in their certificates. A Microsoft representative wrote: "Microsoft has concluded that the Chinese CAs WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) [issuance and management rules for public certificates] violations." Microsoft will start "the natural deprecation of WoSign and StartCom certificates by setting a 'NotBefore' date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017."

Mozilla

Firefox 55 Arrives With WebVR on Windows, Performance Panel, and Click-to-Play Flash (venturebeat.com) 129

Mozilla today made available a new update to Firefox for Windows to introduce support for WebVR, that the company says, will enable desktop VR users to dive into web-based experiences with ease. Firefox 55 also includes performance panel, faster startup when restoring multiple tabs, a quicker way to search across various search engines, and click-to-play Flash by default. From a report: WebVR is an experimental JavaScript API that provides support for virtual reality devices, such as the HTC Vive, Oculus Rift, and Google Cardboard. As its name implies, the technology is meant for browsers. If you find a web game or app that supports VR, just click the VR goggles icon visible on the web page to experience it using your VR headset. WebVR supports navigating and controlling VR experiences with handset controllers or your movements in physical space. [...] Firefox 55 also allows users to adjust the number of processes and how much resources they want to allocate to any of them. This setting is at the bottom of the General section in Options. In fact, if your computer has more than 8GB of RAM, Mozilla recommends "bumping up the number of content processes that Firefox uses" because it will make Firefox faster, though at the expense of using more memory. In its own tests on Windows 10, the company found that Firefox uses less memory than Chrome, even with eight content processes running.
Debian

OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support (debian.org) 76

An anonymous reader writes: Debian Linux "sid" is deprecating TLS 1.0 Encryption. A new version of OpenSSL has been uploaded to Debian Linux unstable. This version disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version. This will likely break certain things that for whatever reason still don't support TLS 1.2. I strongly suggest that if it's not supported that you add support for it, or get the other side to add support for it. OpenSSL made a release 5 years ago that supported TLS 1.2. The current support of the server side seems to be around 90%. I hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don't need to enable them again. This move caused some concern among Debian users and sysadmins. If you are running Debian Unstable on server tons of stuff is going to broken cryptographically. Not to mention legacy hardware and firmware that still uses TLS 1.0. On the client side (i.e. your users), you need to use the latest version of a browser such as Chrome/Chromium and Firefox. The Older version of Android (e.g. Android v5.x and earlier) do not support TLS 1.2. You need to use minimum iOS 5 for TLS 1.2 support. Same goes with SMTP/mail servers, desktop email clients, FTP clients and more. All of them using old outdated crypto.

This move will also affect for Android 4.3 users or stock MS-Windows 7/IE users (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto.

Bug

The NSA Intercepted Microsoft's Windows Bug Reports (schneier.com) 52

Bruce Schneier writes on his security blog: Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports... "When Tailored Access Operations selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft... this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer..."

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?

Businesses

Popular Password Manager LastPass Doubles Price of Its Premium Plan, Removes features From Its Free Service Tier (neowin.net) 156

An anonymous reader shares a report: In November, LastPass made a big change to its service, allowing users to keep track of their passwords across all their internet-enabled mobile and desktop devices, free of charge. In addition to the free tier, the cross-platform password manager - available on iOS, Android, and Windows 10 -- also offered a Premium plan with additional features, priced at $12 per year. Today, LastPass announced another wave of changes to its lineup for individual users -- but this time, the changes are unlikely to be welcomed with open arms by its customers. LastPass Premium has now doubled in price to $24 a year, which includes "emergency access, the ability to share single passwords and items with multiple people, priority tech support, advanced multi-factor authentication, LastPass for applications, and 1GB of encrypted file storage," along with all the other features of the Free tier. In a statement, the company said, "While LastPass Free continues to offer access on all browsers and devices and the core LastPass password management functionality, unlimited sharing and emergency access are now Premium features. Free users will be able to share one item with one other individual.
Security

WikiLeaks Reveals CIA Tool For Hacking Webcams, Microphones (thestack.com) 107

An anonymous reader quotes a report from The Stack: WikiLeaks has released a new set of documents in the CIA Vault 7 leak, outlining the "Dumbo" hacking tool which allows control of webcams and microphones. The release explains that the tool is capable of completely suspending processes on webcams and corrupting video recordings. Dumbo's is tasked specifically with gaining and exploiting physical access to target computers used in CIA field operations, the release notes. According to WikiLeaks, the tool allows for the identification, control and manipulation of monitoring and detection systems, such as webcams and microphones, running the Microsoft Windows operating system. The technology first identifies all installed devices, whether they are connected locally, wirelessly, or across wired networks. Once Dumbo has detected all of these devices, it identifies all the related processes, which may include recording, monitoring or detection of video, audio and network streams. These operations can then be suspended by the operator. "By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation," the release added. Dumbo does require direct access to the target computer and is run from a USB stick. The release states that it supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. However, 64bit Windows XP and Windows versions prior to XP are not supported.
Ubuntu

Ubuntu Will Revert Window Controls To the Right-Hand Side in Next Release (neowin.net) 171

Following a survey carried out last month, Ubuntu will begin shipping with the minimise, maximise, and close buttons on the right-hand side of windows. From a report: In the survey 46.2% of people said they prefer their window controls on the left-hand side and 53.8% said they prefer them on the right. The decision comes after seven years of window controls being on the left, at the time it had plenty of detractors but Ubuntu founder, Mark Shuttleworth, maintained that the controls needed shifting to the left because they'd be in the way of the then newly introduced window indicators.
Graphics

Microsoft Is Updating the Windows Console Colors For the First Time In 20 Years (theverge.com) 142

An anonymous reader quotes a report from The Verge: Microsoft is giving its Windows Console (Command Prompt) a color overhaul. Windows 10 testers will be able to try out the new color scheme in a new build (16257) that will available later today. Windows Console's legacy blue is getting a subtle change to make it more legible on modern high-contrast displays, alongside color changes to the entire scheme. Windows 10 testers will only see the new colors if they clean install build 16257, and if you upgrade you'll keep the legacy colors to ensure any custom color settings are not replaced. Microsoft is planning to release a tool soon that will allow Windows 10 testers to apply the new color scheme and a selection of alternatives. Developers, you can thank Microsoft summer intern Craig Loewen for the overhaul.
Iphone

New iPhone To Have Tap to Wake, Attention Detection, and Virtual Home Button, Says Report (theverge.com) 59

HomePod's firmware has revealed several new features coming to the upcoming iPhone, such as a tap to wake function, facial expression and attention detection, and virtual home button. "Apple accidentally released the firmware over the weekend resulting in a frenzy of analysis about previously unknown features," reports The Verge. From the report: Developers including Steve Troughton-Smith and Guilherme Rambo have been tweeting their findings, notably the discovery of the new iPhone's bezel-less screen design. They've also concluded that the resolution for the iPhone 8 could be as much of a visual leap forward from current-generation iPhones as the iPhone 4's Retina display was from the original iPhone. Apple is using codenames for both its face recognition feature and the bezel-less phone, called "Pearl ID" and "D22" respectively. A potential "attention detection" feature is also mentioned in the code, with some speculating that may mean the phone will remain silent for notifications if it knows you're looking at the screen already. Facial references such as "mouthstretch," "mouthsmile," and "mouthdimple" were also found, which are most likely a nod to Apple's rumored facial recognition feature that can even detect faces in the dark using infrared. A tap to wake feature has also been discovered, and should be similar to the Windows Phone function that allows users to double-tap the screen to wake the phone.
Chrome

Google Chrome Starts Testing a Built-in Ad Blocker on Windows, Android (mspoweruser.com) 236

An anonymous reader shares a report: Earlier this year, Google was rumored to be working on a built-in ad blocker for its Chrome browser. The new ad blocker inside Chrome won't block every ad you see on the web -- instead, it'll only block ads that are considered intrusive and go against the standards set by the Coalition for Better Ads. Google has started testing the new built-in ad blocker for Chrome today on the desktop and Android devices. The latest canary release for Google Chrome includes a new option under Chrome's Settings where you can enable the new ad blocker inside Chrome. Users can enable the new feature by going to the Content options inside Chrome's settings page (chrome://settings/content/ads). The built-in ad blocker should automatically block ads that are considered "intrusive." But Google Chrome also lets you strictly block ads on certain sites, and you can also choose to allow ads on certain sites if you'd like.

Slashdot Top Deals