Microsoft

Microsoft and GitHub Team Up To Take Git Virtual File System To MacOS, Linux (arstechnica.com) 135

An anonymous reader writes: One of the more surprising stories of the past year was Microsoft's announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client. That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux. Microsoft says that, so far, about half of its modifications have been accepted upstream, with upstream Git developers broadly approving of the approach the company has taken to improve the software's scaling. Redmond also says that it has been willing to make changes to its approach to satisfy the demands of upstream Git. The biggest complexity is that Git has a very conservative approach to compatibility, requiring that repositories remain compatible across versions.

Microsoft and GitHub are also working to bring similar capabilities to other platforms, with macOS coming first, and later Linux. The obvious way to do this on both systems is to use FUSE, an infrastructure for building file systems that run in user mode rather than kernel mode (desirable because user-mode development is easier and safer than kernel mode). However, the companies have discovered that FUSE isn't fast enough for this -- a lesson Dropbox also learned when developing a similar capability, Project Infinite. Currently, the companies believe that tapping into a macOS extensibility mechanism called Kauth (or KAuth) will be the best way forward.

Security

Windows 8 and Later Fail To Properly Apply ASLR (bleepingcomputer.com) 61

An anonymous reader writes: Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to properly apply ASLR, rendering this crucial Windows security feature useless. The bug appeared when Microsoft changed a registry value in Windows 8 and occurs only in certain ASLR configuration modes. Basically, if users have enabled system-wide ASLR protection turned on, a bug in ASLR's implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations. For ASLR to work properly, users must configure it to work in a system-wide bottom-up mode. An official patch from Microsoft is not available yet, but a registry hack can be applied to make sure ASLR starts in the correct mode.

The bug was discovered by CERT vulnerability analyst Will Dormann while investigating a 17-years-old bug in the Microsoft Office equation editor, to which Microsoft appears to have lost the source code and needed to patch it manually.

Chrome

Slashdot Asks: Have You Switched To Firefox 57? 556

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.
Mozilla

Firefox Quantum Arrives With Faster Browser Engine, Major Visual Overhaul (venturebeat.com) 323

An anonymous reader writes: Mozilla today launched Firefox 57, branded Firefox Quantum, for Windows, Mac, Linux, Android, and iOS. The new version, which Mozilla calls "by far the biggest update since Firefox 1.0 in 2004," brings massive performance improvements and a visual redesign. The Quantum name signals Firefox 57 is a huge release that incorporates the company's next-generation browser engine (Project Quantum). The goal is to make Firefox the fastest and smoothest browser for PCs and mobile devices -- the company has previously promised that users can expect "some big jumps in capability and performance" through the end of the year. Indeed, three of the four past releases (Firefox 53, Firefox 54, and Firefox 55) included Quantum improvements. But those were just the tip of the iceberg. Additionally, Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work, the company said.
The Internet

All Major Browsers Now Support WebAssembly (bleepingcomputer.com) 240

An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.
Businesses

Munich Council: To Hell With Linux, We're Going Full Windows in 2020 (theregister.co.uk) 544

The German city of Munich, which received much popularity back in the day when it first ditched Microsoft's services in favor of open-source software, has now agreed to stop using Linux and switch back to Windows. If the decision is ratified by the full council in two weeks, Windows 10 will start rolling out across the city in 2020. From a report: A coalition of Social Democrats and Conservatives on the committee voted for the Windows migration last week, Social Democrat councillor Anne Hubner told The Register. Munich rose to fame in the open-source world for deciding to use Linux and LibreOffice to make the city independent from the claws of Microsoft. But the plan was never fully realised -- mail servers, for instance, eventually wound up migrating to Microsoft Exchange -- and in February the city council formally voted to end Linux migration and go back to Microsoft. Hubner said the city has struggled with LiMux adoption. "Users were unhappy and software essential for the public sector is mostly only available for Windows," she said. She estimated about half of the 800 or so total programs needed don't run on Linux and "many others need a lot of effort and workarounds." Hubner added, "in the past 15 years, much of our efforts were put into becoming independent from Microsoft," including spending "a lot of money looking for workarounds" but "those efforts eventually failed." A full council vote on Windows 10 2020 migration is set for November 23, Hubner said. However, the Social Democrats and Conservatives have a majority in the council, and the outcome is expected to be the same as in committee.
Security

How AV Can Open You To Attacks That Otherwise Wouldn't Be Possible (arstechnica.com) 34

Antivirus suites expose a user's system to attacks that otherwise wouldn't be possible, a security researcher reported on Friday. From a report: On Friday, a researcher documented a vulnerability he had found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control. AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker's choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:\Windows or C:\Program Files, which normally would be off limits to the attacker. Six of the affected AV programs have patched the vulnerablity after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks. Bogner said he developed a series of AVGater exploits during several assignments that called for him to penetrate deep inside customer networks. Using malicious phishing e-mails, he was able to infect employee PCs, but he still faced a significant challenge. Because company administrators set up the PCs to run with limited system privileges, Bogner's malware was unable to access the password database -- known as the Security Account Manager -- that stored credentials he needed to pivot onto the corporate network.
Desktops (Apple)

Ask Slashdot: What Should A Mac User Know Before Buying a Windows Laptop? 449

New submitter Brentyl writes: Hello Slashdotters, longtime Mac user here faced with a challenge: Our 14-year-old wants a Windows laptop. He will use it for school and life, but the primary reason he wants Windows instead of a MacBook is gaming. I don't need a recommendation on which laptop to buy, but I do need a Windows survival kit. What does a fairly savvy fellow, who is a complete Windows neophyte, need to know? Is the antivirus/firewall in Windows 10 Home sufficient? Are there must-have utilities or programs I need to get? When connecting to my home network, I need to make sure I ____? And so on... Thanks in advance for your insights.
Microsoft

Microsoft To Integrate 3rd-party Security Info Into Its Windows Defender Advanced Threat Protection Service (zdnet.com) 26

Microsoft is partnering with other security vendors to integrate their macOS, Linux, iOS, and Android security wares with its Windows Defender Advanced Threat Protection (ATP) service From a report: Microsoft has announced the first three such partners: Bitdefender, Lookoutm and Ziften. These companies will feed any threats detected into the single Windows Defender ATP console. With Defender ATP, every device has its own timeline with event history dating back up to six months. According to Microsoft, no additional infrastructure is needed to onboard events from macOS, Linux, iOS and/or Android devices. Integration with Bitdefender's GravityZone Cloud -- which allows users to get macOS and Linux threat intelligence on malware and suspicious files -- is in public preview as of today. A trial version is available now. Integration with Lookout's Mobile Endpoint Security for iOS and Android and Ziften's Zenith systems and security operations platform for macOS and Linux will be in public preview "soon," Microsoft's blog post says.
Windows

Windows 10's Version of AirDrop Lets You Quickly Share Files Between PCs (theverge.com) 108

Microsoft is testing its "Near Share" feature of Windows 10 in the latest Insider build (17035) today, which will let Windows 10 PCs share documents or photos to PCs nearby via Bluetooth. The Verge reports: A new Near Share option will be available in the notification center, and the feature can be accessed through the main share function in Windows 10. Files will be shared wirelessly, and recipients will receive a notification when someone is trying to send a file. Microsoft's addition comes just a day after Google unveiled its own AirDrop-like app for Android.
Microsoft

Microsoft Releases Standards For Highly Secure Windows 10 Devices (bleepingcomputer.com) 173

An anonymous reader writes from a report via BleepingComputer: Yesterday, Microsoft released new standards that consumers should follow in order to have a highly secure Windows 10 device. These standards include the type of hardware that should be included with Windows 10 systems and the minimum firmware features. The hardware standards are broken up into 6 categories, which are minimum specs for processor generation, processor architecture, virtualization, trusted platform modules (TPM), platform boot verification, and RAM. Similarly, firmware features should support at least UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.
Stats

No, the Linux Desktop Hasn't Jumped in Popularity (zdnet.com) 187

An anonymous reader quotes ZDNet: Stories have been circulating that the Linux desktop had jumped in popularity and was used more than macOS. Alas, it's not so... These reports have been based on NetMarketShare's desktop operating system analysis, which showed Linux leaping from 2.5 percent in July, to almost 5 percent in September. But unfortunately for Linux fans, it's not true... It seems to be merely a mistake. Vince Vizzaccaro, NetMarketShare's executive marketing share of marketing told me, "The Linux share being reported is not correct. We are aware of the issue and are currently looking into it"...

For the most accurate, albeit US-centric operating system and browser numbers, I prefer to use data from the federal government's Digital Analytics Program (DAP). Unlike the others, DAP's numbers come from billions of visits over the past 90 days to over 400 US executive branch government domains... DAP gets its raw data from a Google Analytics account. DAP has open-sourced the code, which displays the data on the web and its data-collection code... In the US Analytics site, which summarizes DAP's data, you will find desktop Linux, as usual, hanging out in "other" at 1.5 percent. Windows, as always, is on top with 45.9 percent, followed by Apple iOS, at 25.5 percent, Android at 18.6 percent, and macOS at 8.5 percent.

The article does, however, acknowledge that Linux's real market share is probably a little higher simply because "no one, not even DAP, seems to do a good job of pulling out the Linux-based Chrome OS data."
Security

TorMoil Vulnerability Leaks Real IP Address From Tor Browser Users; Security Update Released (bleepingcomputer.com) 21

Catalin Cimpanu, reporting for BleepingComputer: The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking. Cavallarin privately reported the issue -- which he codenamed TorMoil -- to the Tor Project last week. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix. Today, the Tor team released version 7.0.9 to address the vulnerability. Tor Browser 7.0.9 is only available for Mac and Linux users. Tor Browser on Windows is not affected.
Microsoft

Microsoft Quietly Announces End of Last Free Windows 10 Upgrade Offer (zdnet.com) 147

Ed Bott, writing for ZDNet: If you've been waiting to claim your free Windows 10 upgrade using the "assistive technologies" exception, you need to act soon. In a quiet change to an obscure web page, Microsoft announced this week that those exceptions will end on December 31, 2017. On July 29, 2016, Microsoft officially ended the Get Windows 10 program, which offered free Windows 10 upgrades to anyone currently running a supported earlier version of Windows. But the company left a giant loophole in a separate announcement at the same time. Under the terms of that announcement, individuals who use "assistive technologies" received an automatic extension of the free upgrade offer. Sometime in the past week, Microsoft quietly edited that page, to add "The accessibility upgrade offer expires on December 31, 2017."
Microsoft

Microsoft Engineer Installs Google Chrome During Presentation After Edge Freezes (softpedia.com) 174

A reader shares a report: We've seen lots of blunders on stage, and still happen occasionally, but this must be the best of all. A Microsoft engineer downloaded, installed, and started using Google Chrome during a live presentation after Microsoft Edge, the default Windows 10 browser, stopped responding in the middle of a demo. In just a few words, Microsoft Edge froze while the engineer was working with virtual machines in the browser, and judging from how fast he proceeded to downloading Google Chrome, this wasn't the first time it happened. Because, you know, sometimes reloading the page or restarting the browser does help, but you can't risk hitting the same error twice, right? "I love it when demos break," he said. "So while we're talking here, I'm gonna go install Chrome," he continued before he started laughing, with many people in the audience cheering. "And we're going to not make Google better," he added when unchecking the box to send usage statistics and crash reports to Google, as if this made things less worse. "We're going to do this again, I'm sorry about this. The age of these machines are [sic] wacked down a little bit, there are some things that just don't work."
Microsoft

Microsoft Is Working On a Foldable Device With a Focus On Pen and Digital Ink (windowscentral.com) 87

Microsoft is reportedly working on a foldable device with an emphasis on pen and digital-ink functionality that runs Windows 10, and it could be here as soon as next year. The company is looking to create a new category-defining mobile device that's aimed at an entirely new demographic, and that puts pen and digital inking at the forefront of the experience. Windows Central reports: At Windows Central, we've been covering two ongoing internal projects within Microsoft: CShell and Windows Core OS. Both of these projects play an important part in Microsoft's next rumored mobile device, which appears to be commonly referred to as "Andromeda" on the web. According to our sources, the Andromeda device is prototype hardware; a foldable tablet that runs Windows 10 built with Windows Core OS, along with CShell to take advantage of its foldable display. I imagine CShell plays an important roll in the foldable aspect of this device. Considering it's foldable, being a tablet doesn't mean much, and I'm told it's designed to be pocketable when folded, kind of like a phone. I make the comparison to a phone because I'm also hearing that it also has telephony capabilities, meaning you could replace your actual smartphone with it and still be able to take calls and texts. My sources make it clear, however, that this is not supposed to be a smartphone replacement but rather a device similar to the canceled "Microsoft Courier." In short, Andromeda is a digital pocket notebook.
Microsoft

Microsoft Has Stopped Manufacturing The Kinect (fastcodesign.com) 61

Manufacturing of the Kinect has shut down, reports FastMagazine: Originally created for the Xbox 360, Microsoft's watershed depth camera and voice recognition microphone sold about 35 million units since its debut in 2010, but Microsoft will no longer produce it when retailers sell off their existing stock. The company will continue to support Kinect for customers on Xbox, but ongoing developer tools remain unclear. Microsoft shared the news with Co.Design in exclusive interviews with Alex Kipman, creator of the Kinect, and Matthew Lapsen, GM of Xbox Devices Marketing. The Kinect had already been slowly de-emphasized by Microsoft, as the Xbox team anchored back around traditional gaming to counter the PS4, rather than take its more experimental approach to entertainment. Yet while the Kinect as a standalone product is off the market, its core sensor lives on. Kinect v4 -- and soon to be, v5 -- power Microsoft's augmented reality Hololens, which Kipman also created. Meanwhile, Kinect's team of specialists have gone on to build essential Microsoft technologies, including the Cortana voice assistant, the Windows Hello biometric facial ID system, and a context-aware user interface for the future that Microsoft dubs Gaze, Gesture and Voice (GGV).
Windows

Windows 10's 'Controlled Folder Access' Anti-Ransomware Feature Is Now Live (bleepingcomputer.com) 157

A reader shares a BleepingComputer report: With the release of Windows 10 Fall Creators Update last week, the "Controlled Folder Access" that Microsoft touted in June is now live for millions of users. As the name hints, the Controlled Folder Access feature allows users to control who can access certain folders. The feature works on a "block everything by default" philosophy, which means that on a theoretical level, it would be able to prevent ransomware when it tries to access and encrypt files stored in those folders. The benefits of using Controlled Folder Access for your home and work computers are tangible for anyone that's fearful of losing crucial files to a ransomware infection.
Chrome

Microsoft Chastises Google Over Chrome Security (pcmag.com) 111

An anonymous reader quotes PCMag: In a Wednesday blog post, Redmond examined Google's browser security and took the opportunity to throw some shade at Chrome's security philosophy, while also touting the benefits of its own Edge browser. The post, written by Microsoft security team member Jordan Rabet, noted that Google's Chrome browser uses "sandboxing" and isolation techniques designed to contain any malicious code. Nevertheless, Microsoft still managed to find a security hole in Chrome that could be used to execute malicious code on the browser.

The bug involved a Javascript engine in Chrome. Microsoft notified Google about the problem, which was patched last month. The company even received a $7,500 reward for finding the flaw. However, Microsoft made sure to point out that its own Edge browser was protected from the same kind of security threat. It also criticized Google for the way it handled the patching process. Prior to the patch's official rollout, the source code for the fix was made public on GitHub, a software collaboration site that hosts computer code. That meant attentive hackers could have learned about the vulnerability before the patch was pushed out to customers, Microsoft claimed. "In this specific case, the stable channel of Chrome remained vulnerable for nearly a month," the blog post said. "That is more than enough time for an attacker to exploit it."

In the past Google has also disclosed vulnerabilities found in Microsoft products -- including Edge.

Slashdot Top Deals