DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Microsoft

Microsoft's OneDrive Web App Crippled With Performance Issues On Linux and Chrome OS (theregister.co.uk) 49

Iain Thomson, reporting for The Register: Plenty of Linux users are up in arms about the performance of the OneDrive web app. They say that when accessing Microsoft's cloudy storage system in a browser on a non-Windows system -- such as on Linux or ChromeOS -- the service grinds to a barely usable crawl. But when they use a Windows machine on the same internet connection, speedy access resumes. Crucially, when they change their browser's user-agent string -- a snippet of text the browser sends to websites describing itself -- to Internet Explorer or Edge, magically their OneDrive access speeds up to normal on their non-Windows PCs. In other words, Microsoft's OneDrive web app slows down seemingly deliberately when it appears you're using Linux or some other Windows rival. This has been going on for months, and complaints flared up again this week after netizens decided enough is enough. When gripes about this suspicious slowdown have cropped up previously, Microsoft has coldly reminded people that OneDrive for Business is not supported on Linux, thus the crap performance is to be expected. But when you change the user-agent string of your browser on Linux to match IE or Edge, suddenly OneDrive's web code runs fine. The original headline of the story is, "Microsoft loves Linux so much, its OneDrive web app runs like a dog on Windows OS rivals".
DRM

W3C Erects DRM As Web Standard (theregister.co.uk) 199

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.
Firefox

Firefox for Linux is Now Netflix Compatible (betanews.com) 69

Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!
Microsoft

Microsoft's Edge Was Most Hacked Browser At Pwn2Own 2017, While Chrome Remained Unhackable (tomshardware.com) 144

At the Pwn2Own 2017 hacking event, Microsoft's Edge browser proved itself to be the least secure browser at the event, after it was hacked no less than five times. Google's Chrome browser, on the other hand, remained unhackable during the contest. Tom's Hardware reports: On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $80,000 prize for this exploit. On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. Two other teams withdrew their entries against Edge. However, Team Lance (Tencent Security) successfully exploited Microsoft's browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. The exploit got the team $55,000. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well. The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from "360 Security." The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000. The fifth exploit against Edge was done by Richard Zhu, who used two UAF bugs--one in Edge and one in a Windows kernel buffer overflow--to complete the hack. The attack gained Zhu $55,000. At last year's Pwn2Own 2016, Edge proved to be more secure than Internet Explorer and Safari, but it still ended up getting hacked twice. Chrome was only partially hacked once, notes Tom's Hardware.
Microsoft

Microsoft Outlook, Skype, OneDrive Hit By Another Authentication Issue (zdnet.com) 48

Two weeks after a widespread authentication issue hit Outlook, Skype, OneDrive, Xbox and other Microsoft services, it's happening again. From a report: On March 21, users across the world began reporting via Twitter that they couldn't sign into Outlook.com, OneDrive and Skype, (and possibly more). I, myself, am unable to sign into Outlook.com, OneDrive or Skype at 2:30 pm ET today, but my Office 365 Mail account is working fine. (Knock wood.) I believe the issue started about an hour ago, or 1:30 p.m. ET or so. MSA is Microsoft's single sign-on service which authenticates users so they can log into their various Microsoft services. As happened two weeks ago, Skype Heartbeat site, has posted a message noting that users may be experiencing problems sending messages and signing in.
Businesses

Microsoft Just Showed Off Exactly What Salesforce Was Worried About (cnbc.com) 73

Microsoft just took a direct swipe at Salesforce with a new enterprise-ready version of LinkedIn's customer relationship management product called Sales Navigator. From a report on CNBC: "Today's announcements take Sales Navigator to the next level," Doug Camplejohn, LinkedIn sales solutions head of product, said in a blog. The new product steps up competition with arch rival Salesforce. Microsoft beat out Salesforce to acquire Linkedin for $26.2 billion -- by far the company's largest acquisition to date -- in June. Salesforce CEO Marc Benioff was so concerned, he accused the company of "anti-competitive behavior" and urged regulators to investigate. Flash-forward less than a year and Microsoft's new Sales Navigator Enterprise Edition incorporates many features aimed at turning LinkedIn into a must-have tool for sales teams at big companies.
Businesses

Apple's Next Big Thing: Augmented Reality (bloomberg.com) 94

Apple is beefing up its staff with acquisitions and some big hires to help design augmented reality glasses and iPhone features, according to Bloomberg. From a report: Apple is working on "digital spectacles" that could connect to an iPhone and beam content like movies and maps, Bloomberg's Mark Gurman reported on Monday. The Cupertino, Calif.- based company is also working on augmented reality features for the iPhone that are similar to Snapchat, Bloomberg said. To make its augmented reality push, Apple has acquired augmented reality start-ups FlyBy Media and Metaio, and hired major players from Amazon, Facebook's Oculus, Microsoft's HoloLens, and Dolby.
Microsoft

Windows 10 Will Download Some Updates Even Over a Metered Connection (winsupersite.com) 320

Reader AmiMoJo writes: Until now Windows 10 has allowed users to avoid downloading updates over metered (pay-per-byte) connections, to avoid racking up huge bills. Some users were setting their ethernet/wifi connections as metered in order to prevent Windows 10 from downloading and installing updates without their permission. In its latest preview version of the OS, Microsoft is now forcing some updates necessary for "smooth operation" to download even on these connections. As well as irritating users who want to control when updates download and install, users of expensive pay-per-byte connections could face massive bills.
Microsoft

WikiLeaks Won't Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met (fortune.com) 227

"WikiLeaks has made initial contact with us via secure@microsoft.com," a Microsoft spokesperson told Motherboard -- but then things apparently stalled. An anonymous reader quotes Fortune: Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security "zero days" and other surveillance methods in the possession of the Central Intelligence Agency... Wikileaks' demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard's sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Julian Assange announced Friday that Mozilla had already received information after agreeing to their "industry standard responsible disclosure plan," then added that "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA." Assange suggested users "may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves."
AI

The First Practical Use For Quantum Computers: Chemistry (technologyreview.com) 42

"The first quantum computer to start paying its way with useful work in the real world looks likely to do so by helping chemists," writes MIT Technology Review, "trying to do things like improve batteries or electronics." An anonymous reader quotes their report: So far, simulating molecules and reactions is the use case for early, small quantum computers sketched out in most detail by researchers developing the new kind of algorithms needed for such machines... "From the point of view of what is theoretically proven, chemistry is ahead," says Scott Crowder, chief technology officer for the IBM division that today sells hardware including supercomputers and hopes to add cloud-hosted quantum computers to its product line-up in the next few years...

Researchers have long used simulations of molecules and chemical reactions to aid research into things like new materials, drugs, or industrial catalysts. The tactic can reduce time spent on physical experiments and scientific dead ends, and it accounts for a significant proportion of the workload of the world's supercomputers. Yet the payoffs are limited because even the most powerful supercomputers cannot perfectly re-create all the complex quantum behaviors of atoms and electrons in even relatively small molecules, says Alan Aspuru-Guzik, a chemistry professor at Harvard. He's looking forward to the day simulations on quantum computers can accelerate his research group's efforts to find new light-emitting molecules for displays, for example, and batteries suitable for grid-scale energy storage.

Microsoft is already focusing on chemistry and materials science in its quantum algorithm effort, saying a hybrid system combining conventional computers with a small quantum computer "has great promise for studying molecules." Meanwhile, the article argues that breaking encryption, "although a genuine threat, is one of the most distant applications of the technology, because the algorithms involved would require an extremely large quantum processor."
Security

Edge, VMWare, Safari, And Ubuntu Linux Hacked at Pwn2Own 2017 (trendmicro.com) 82

The 10th annual Pwn2Own hacking competition ended Friday in Vancouver. Some of the highlights:
  • Ars Technica reports one team "compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in... by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware."
  • Digital Trends reports "Samuel Grob and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro, [and] impressed onlookers even more by adding a custom message to the Touch Bar which read: "pwned by niklasb and saelo."
  • Ubuntu 16.10 Linux was also successfully attacked by exploiting a flaw in the Linux 4.8 kernel, "triggered by a researcher who only had basic user access but was able to elevate privileges with the vulnerability to become the root administrative account user..." reports eWeek. "Chaitin Security Research Lab didn't stop after successfully exploiting Ubuntu. It was also able to successfully demonstrate a chain of six bugs in Apple Safari, gaining root access on macOS."
  • Another attacker "leveraged two separate use-after-free bugs in Microsoft Edge and then escalated to SYSTEM using a buffer overflow in the Windows kernel."

None of the attendees registered to attempt an attack on the Apache Web Server on Ubuntu 16.10 Linux, according to eWeek, but the contest's blog reports that "We saw a record 51 bugs come through the program. We paid contestants $833,000 USD in addition to the dozen laptops we handed out to winners. And, we awarded a total of 196 Master of Pwn points."


Security

Windows 10 UAC Bypass Uses Backup and Restore Utility (bleepingcomputer.com) 58

An anonymous reader writes: "A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning," reports BleepingComputer. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware. Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10 (not earlier OS versions) and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility
AMD

Microsoft Locks Ryzen, Kaby Lake Users Out of Updates On Windows 7, 8.1 (kitguru.net) 419

Artem Tashkinov writes: In a move that will shock a lot of people, someone at Microsoft decided to deny Windows 7/8.1 updates to the users of the following CPU architectures: Intel seventh (7th)-generation processors (Kaby Lake); AMD "Bristol Ridge" (Zen/Ryzen); Qualcomm "8996." It's impossible to find any justification for this decision to halt support for the x86 architectures listed above because you can perfectly run MS-DOS on them. Perhaps, Microsoft has decided that the process of foisting Windows 10 isn't running at full steam, so the company created this purely artificial limitation. I expect it to be cancelled soon after a wide backlash from corporate customers. KitGuru notes that users may encounter the following error message when they attempt to update their OS: "Your PC uses a processor that isn't supported on this version of Windows." The only resolution is to upgrade to Windows 10.
Microsoft

Microsoft To End Support For Windows Vista In Less Than a Month (pcworld.com) 167

In less than a month's time, Microsoft will put Windows Vista to rest once and for all. If you're one of the few people still using it, you have just a few weeks to find another option before time runs out. (I mean, nobody will uninstall it from your computer, but.) From a report on PCWorld: After April 11, 2017, Microsoft will no longer support Windows Vista: no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates, Microsoft says. (Mainstream Vista support expired in 2012.) Like it did for Windows XP, Microsoft has moved on to better things after a decade of supporting Vista. As Microsoft notes, however, running an older operating system means taking risks -- and those risks will become far worse after the deadline. Vista's Internet Explorer 9 has long since expired, and the lack of any further updates means that any existing vulnerabilities will never be patched -- ever. Even if you have Microsoft's Security Essentials installed -- Vista's own antivirus program -- you'll only receive new signatures for a limited time.
Security

Canonical Preps Security Lifeboat, Yells: Ubuntu 12.04 Hold-Outs, Get In (theregister.co.uk) 88

Gavin Clarke, writing for The Register: Canonical is extending the deadline for security updates for paying users of its five-year-old Ubuntu 12.04 LTS -- a first. Ubuntu 12.04 LTS will become the first Long Term Support release of Canonical's Linux to get Extended Security Maintenance (ESM). There are six LTS editions. All others have been end-of-lifed -- and given no security reprieve. LTS editions of Ubuntu Linux are released every two years. Desktop support runs for three years and the server edition receives security patches and updates for a period of five years. Security updates for 12.04 were scheduled to run out on April 28, 2017 but that now won't happen for those on Canonical's Ubuntu Advantage programme. They'll now receive important security fixes for the kernel and "most essential" userspace packages on their servers running 12.04. In what's shaping up to be Canonical's Windows XP moment over at Microsoft, the Linux spinner rolled out the lifeline because customers are clinging to 12.04.
Government

Apple, Amazon, and Microsoft Are Helping Google Fight an Order To Hand Over Foreign Emails (businessinsider.com) 67

Apple, Microsoft, Amazon, and Cisco have filed an amicus brief in support of Google, after a Pennsylvania court ruled that the company had to hand over emails stored overseas in response to an FBI warrant. From a report: An amicus brief is filed by people or companies who have an interest in the case, but aren't directly involved. In this case, it's in Silicon Valley's interest to keep US law enforcement from accessing customer data stored outside the US. It isn't clear what data Google might have to hand over and, last month, the company said it would fight to the order. In the brief, the companies argue: "When a warrant seeks email content from a foreign data center, that invasion of privacy occurs outside the United States -- in the place where the customers' private communications are stored, and where they are accessed, and copied for the benefit of law enforcement, without the customer's consent."
XBox (Games)

Microsoft's Project Scorpio Will Pack Internal PSU, 4K Game DVR Capture (windowscentral.com) 44

According to an exclusive report from Windows Central, Microsoft's upcoming "Project Scorpio" gaming console will feature an internal power supply unit (PSU), similar to the Xbox One S, and 4K game DVR and streaming at 60 frames-per-second (FPS). From the report: In Microsoft's efforts to make Project Scorpio a true 4K system, it will also feature HEVC and VP9 codecs for decoding 4K streams for things such Netflix, just like the Xbox One S. It will also leverage HEVC for encoding 2160p, 60 frame-per-second (FPS) video for Game DVR and streaming. Microsoft's Beam streaming service has been running public 4K stream tests for some time, and it's now fair to assume it will not only be PC streamers who will benefit. Project Scorpio's Game DVR will allow you to stream and record clips in 4K resolution with 60FPS, according to our sources, which is a massive, massive step up from the 720p, 30FPS you get on the current Xbox One. With every bit of information we receive about Project Scorpio, the theme of native 4K keeps appearing -- not only for games, but also console features. We now believe Scorpio will sport 4K Game DVR, 4K Blu-ray playback, and 4K streaming apps, but the real showstopper will be the 4K games Microsoft will likely flaunt at E3 2017.
Encryption

What The CIA WikiLeaks Dump Tells Us: Encryption Works (ap.org) 202

"If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works," writes the Associated Press, "and the industry should use more of it." An anonymous reader quotes their report: Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks. "We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption," said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago"... Cindy Cohn, executive director for Electronic Frontier Foundation, a group focused on online privacy, likened the CIA's approach to "fishing with a line and pole rather than fishing with a driftnet."
The article points out that there are still some exploits that bypass encryption, according to the recently-released CIA documents. "Although Apple, Google and Microsoft say they have fixed many of the vulnerabilities alluded to in the CIA documents, it's not known how many holes remain open."
Windows

Windows 10 Is Just 'A Vehicle For Advertisements', Argues Tech Columnist (betanews.com) 353

A new editorial by BetaNews columnist Mark Wilson argues that Windows 10 isn't an operating system -- it's "a vehicle for ads". An anonymous reader quotes their report: They appear in the Start menu, in the taskbar, in the Action Center, in Explorer, in the Ink Workspace, on the Lock Screen, in the Share tool, in the Windows Store and even in File Explorer.

Microsoft has lost its grip on what is acceptable, and even goes as far as pretending that these ads serve users more than the company -- "these are suggestions", "this is a promoted app", "we thought you'd like to know that Edge uses less battery than Chrome", "playable ads let you try out apps without installing". But if we're honest, the company is doing nothing more than abusing its position, using Windows 10 to promote its own tools and services, or those with which it has marketing arrangements.

The article suggests ads are part of the hidden price tag for the free downloads of Windows 10 that Microsoft offered last year (along with the telemetry and other user-tracking features). Their article has already received 357 comments, and concludes that the prevalence of ads in Windows 10 is "indefensible".
United States

IEEE-USA Criticizes Failure To Reform The H-!B Program (ieee.org) 239

Slashdot reader Tekla Perry writes: IEEE USA says H-1B visas are a tool used to avoid paying U.S. wages. "For every visa used by Google to hire a talented non-American for $126,000, ten Americans are replaced by outsourcing companies paying their H-1B workers $65,000," says the current IEEE USA president, writing with the past president and president-elect. The outsourcing companies, Infosys, Cognizant, Wipro, and Tata Consultancy in 2014 "used 21,695 visas, or more than 25 percent of all private-sector H-1B visas used that year. Microsoft, Google, Facebook, and Uber, for comparison, used only 1,763 visas, or 2 percent," they say.
On Friday, IEEE-USA also issued a new criticism about the lack of progress in reforming the H-1B program, saying "At least 50,000 Americans will lose their jobs this year because the president has yet to fulfill the promise he made to millions who voted for him."

Slashdot Top Deals