Bleeping Computer warned this week about compromised web sites "that display fake Google Chrome automatic update errors that distribute malware to unaware visitors." The campaign has been underway since November 2022, and according to NTT's security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish. BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores...

If a targeted visitor browses the site, the scripts will display a fake Google Chrome error screen stating that an automatic update that is required to continue browsing the site failed to install. "An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update," reads the fake Chrome error message. The scripts will then automatically download a ZIP file called 'release.zip' that is disguised as a Chrome update the user should install.

However, this ZIP file contains a Monero miner that will utilize the device's CPU resources to mine cryptocurrency for the threat actors. Upon launch, the malware copies itself to C:\Program Files\Google\Chrome as "updater.exe" and then launches a legitimate executable to perform process injection and run straight from memory. According to VirusTotal, the malware uses the "BYOVD" (bring your own vulnerable driver) technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device.

The miner persists by adding scheduled tasks and performing Registry modifications while excluding itself from Windows Defender. Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether.

"The fact remains that Google Chrome is the arbiter of web standards," argues FSF campaigns manager Greg Farough (while adding that Firefox, "through ethical distributions like GNU IceCat and Abrowser, can weaken that stranglehold.")

"Google's deprecation of the JPEG-XL image format in February in favor of its own patented AVIF format might not end the web in the grand scheme of things, but it does highlight, once again, the disturbing amount of control it has over the platform generally." Part of Google's official rationale for the deprecation is the following line: "There is not enough interest from the entire ecosystem to continue experimenting with JPEG-XL." Putting aside the problematic aspects of the term "ecosystem," let us remark that it's easy to gauge the response of the "entire ecosystem" when you yourself are by far the largest and most dangerous predator in said "ecosystem." In relation to Google's overwhelming power, the average web user might as well be a microbe. In supposedly gauging what the "ecosystem" wants, all Google is really doing is asking itself what Google wants...

While we can't link to Google's issue tracker directly because of another freedom issue — its use of nonfree JavaScript — we're told that the issue regarding JPEG-XL's removal is the second-most "starred" issue in the history of the Chromium project, the nominally free basis for the Google Chrome browser. Chromium users came out of the woodwork to plead with Google not to make this decision. It made it anyway, not bothering to respond to users' concerns. We're not sure what metric it's using to gauge the interest of the "entire ecosystem," but it seems users have given JPEG-XL a strong show of support. In turn, what users will be given is yet another facet of the web that Google itself controls: the AVIF format.

As the response to JPEG-XL's deprecation has shown, our rallying together and telling Google we want something isn't liable to get it to change its mind. It will keep on wanting what it wants: control; we'll keep on wanting what we want: freedom.

Only, the situation isn't hopeless. At the present moment, not even Google can stop us from creating the web communities that we want to see: pages that don't run huge chunks of malicious, nonfree code on our computers. We have the power to choose what we run or do not run in our browsers. Browsers like GNU IceCat (and extensions like LibreJS and JShelter> ) help with that. Google also can't prevent us from exploring networks beyond the web like Gemini. What our community can do is rally support behind those free browsers that choose to support JPEG-XL and similar formats, letting the big G know that even if we're smaller than it, we won't be bossed around.

An anonymous reader shares this report from AppleInsider: Apple has allegedly demonstrated its mixed reality headset to its top executives recently, in an attempt to generate excitement for the upcoming platform launch. While executives are keen on the product, others within Apple are not sure it's a home run hit. Eight anonymous current and former employees told the New York Times that they are skeptical about the headset, despite Apple's apparent glossy demonstration of the technology.
Manufacturing has already begun for a June release of the $3,000 headset, insiders say in the Times' article: Some employees have defected from the project because of their doubts about its potential, three people with knowledge of the moves said. Others have been fired over the lack of progress with some aspects of the headset, including its use of Apple's Siri voice assistant, one person said.Even leaders at Apple have questioned the product's prospects. It has been developed at a time when morale has been strained by a wave of departures from the company's design team, including Mr. Ive, who left Apple in 2019 and stopped advising the company last year....

Because the headset won't fit over glasses, the company has plans to sell prescription lenses for the displays to people who don't wear contacts, a person familiar with the plan said. During the device's development, Apple has focused on making it excel for videoconferencing and spending time with others as avatars in a virtual world. The company has called the device's signature application "copresence," a word designed to capture the experience of sharing a real or virtual space with someone in another place. It is akin to what Mark Zuckerberg, Facebook's founder, calls the "metaverse...."

But the road to deliver augmented reality has been littered with failures, false starts and disappointments, from Google Glass to Magic Leap and from Microsoft's HoloLens to Meta's Quest Pro. Apple is considered a potential savior because of its success combining new hardware and software to create revolutionary devices.

Still, the challenges are daunting.

Phoronix reports: While Ubuntu Linux hasn't provided Flatpak support out-of-the-box due to their preference of using their own Snap app packaging/distribution format, Ubuntu flavors/spins have to this point been able to pre-install Flatpak support if they desired. However, for the 23.04 "Lunar Lobster" cycle and moving forward, Ubuntu flavors will no longer be permitted to install Flatpak packages by default.

Flatpak support for Ubuntu and its flavors will remain available in the Ubuntu archive so those wanting to install Flatpak support can easily do so post-install.

This change going into effect with the 23.04 cycle is making it so no Ubuntu flavors will have Flatpak support installed by default / out-of-the-box: they are supposed to center around Debian packages and Snaps for their out-of-the-box packaging support to align with Ubuntu.
From the blog OMG Ubuntu: Ubuntu developers have agreed to stop shipping Flatpak, preinstalled Flatpak apps, and any plugins needed to install Flatpak apps through a GUI software tool in the default package set across all eight of Ubuntu's official flavors, as of the upcoming Ubuntu 23.04 release.

Ubuntu says the decision will 'improve the out-of-the-box Ubuntu experience' for new users by making it clearer about what an "Ubuntu experience" is....

As far as Ubuntu is concerned, only deb and snap software is intrinsic to the 'Ubuntu experience', and that experience now needs to be offered everywhere. Flavor leads (apparently) agree, and have all agreed to mirror regular Ubuntu by not offering Flatpak features in their default install for future releases....

Flatpak will not be uninstalled or removed when user makes the upgrade to Ubuntu 23.04 from a version where Flatpak is already present.

Long-time Slashdot reader destinyland writes: Someone made a Chromium fork... for your terminal. The terminal-based browser Carbonyl "adheres to, and is compatible with modern standards," writes MUO, "meaning that pages behave as they should, and you can even watch streaming video, within the Linux terminal!"

But best of all, "Pages connect and render in an instant—seemingly quicker than a desktop GUI browser, and every page we visited was rendered correctly."
From the article: There are a bunch of good reasons to browse the internet from the comfort of your terminal. It could be that eschewing the bloat of X.org and Wayland, a terminal is all you have. Maybe you like SSHing into remote machines and browsing the internet from there.

Perhaps you, like us, just really, really like terminals.

Whatever the reason, your choices of web browsers have, until recently, been limited, and your experience of the world wide web has been a janky, barely-functional one.... We tested Carbonyl in a range of Linux terminals, including the XFCE terminal. GNOME terminal, kitty, and the glorious Cool Retro Terminal. Carbonyl was smooth, fast, and flawless in all of them.

We even connected to our Raspberry Pi via SSH in CRT, and ran Carbonyl remotely, watching Taylor Swift music videos on YouTube. No problem.
And yes, you can use it to play DOOM.

An anonymous reader quotes a report from Ars Technica: As part of the Apple Lisa's 40th birthday celebrations, the Computer History Museum has released the source code for Lisa OS version 3.1 under an Apple Academic License Agreement. With Apple's blessing, the Pascal source code is available for download from the CHM website after filling out a form. Lisa Office System 3.1 dates back to April 1984, during the early Mac era, and it was the Lisa equivalent of operating systems like macOS and Windows today. The entire source package weighs is about 26MB and consists of over 1,300 commented source files, divided nicely into subfolders that denote code for the main Lisa OS, various included apps, and the Lisa Toolkit development system.

First released on January 19, 1983, the Apple Lisa remains an influential and important machine in Apple's history, pioneering the mouse-based graphical user interface (GUI) that made its way to the Macintosh a year later. Despite its innovations, the Lisa's high price ($9,995 retail, or about $30,300 today) and lack of application support held it back as a platform. A year after its release, the similarly capable Macintosh undercut it dramatically in price. Apple launched a major revision of the Lisa hardware in 1984, then discontinued the platform in 1985. [...] Lisa OS defined important conventions that we still use in windowing OSes today, such as drag-and-drop icons, movable windows, the waste basket, the menu bar, pull-down menus, copy and paste shortcuts, control panels, overlapping windows, and even one-touch automatic system shutdown.

A Canadian systems security consultant discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. BleepingComputer reports: The malware was discovered by Daniel Milisic, who created a script and instructions to help users nullify the payload and stop its communication with the C2 (command and control) server. The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms. It is unclear if this single device was affected or if all devices from this model or brand include the malicious component.

Milisic believes the malware installed on the device is a strain that resembles 'CopyCat,' a sophisticated Android malware first discovered by Check Point in 2017. This malware was previously seen in an adware campaign where it infected 14 million Android devices to make its operators over $1,500,000 in profits. The analyst tested the stage-1 malware sample on VirusTotal, where it returns only 13 detections out of 61 AV engine scans, classified with the generic term of an Android trojan downloader. [...]

Unfortunately, these inexpensive Android-based TV box devices follow an obscure route from manufacturing in China to global market availability. In many cases, these devices are sold under multiple brands and device names, with no clear indication of where they originate. [...] To avoid such risks, you can pick streaming devices from reputable vendors like Google Chromecast, Apple TV, NVIDIA Shield, Amazon Fire TV, and Roku Stick.

At least three major torrent sites are currently exposing intimate details of their operations to anyone with a web browser. TorrentFreak understands that the sites use a piece of software that grabs brand-new content from other sites before automatically uploading it to their own. A security researcher tried to raise the alarm but nobody will listen. From the report: To get their hands on the latest releases as quickly as possible, [private torrent sites, or private trackers as they're commonly known] often rely on outside sources that have access to so-called 0-Day content, i.e, content released today. The three affected sites seem to have little difficulty obtaining some of their content within minutes. At least in part, that's achieved via automation. When outside suppliers of content are other torrent sites, a piece of software called Torrent Auto Uploader steps in. It can automatically download torrents, descriptions, and associated NFO files from one site and upload them to another, complete with a new .torrent file containing the tracker's announce URL. The management page [here] has been heavily redacted because the content has the potential to identify at least one of the sites. It's a web interface, one that has no password protection and is readily accessible by anyone with a web browser. The same problem affects at least three different servers operated by the three sites in question.

Torrent Auto Uploader relies on torrent clients to transfer content. The three sites in question all use rTorrent clients with a ruTorrent Web UI. We know this because the researcher sent over a whole bunch of screenshots and supporting information which confirms access to the torrent clients as well as the Torrent Auto Uploader software. The image [here] shows redactions on the tracker tab for good reason. In a regular setup, torrent users can see the names of the trackers coordinating their downloads. This setup is no different except that these URLs reference three different trackers supplying the content to one of the three compromised sites.

Rather than publish a sequence of completely redacted screenshots, we'll try to explain what they contain. One begins with a GET request to another tracker, which responds with a torrent file. It's then uploaded to the requesting site which updates its SQL database accordingly. From there the script starts checking for any new entries on a specific RSS feed which is hidden away on another site that has nothing to do with torrents. The feed is protected with a passkey but that's only useful when nobody knows what it is. The same security hole also grants direct access to one of the sites tracker 'bots' through the panel that controls it. Then there's access to 'Staff Tools' on the same page which connect to other pages allowing username changes, uploader application reviews, and a list of misbehaving users that need to be monitored. That's on top of user profiles, the number of torrents they have active, and everything else one could imagine. Another screenshot featuring a torrent related to a 2022 movie reveals the URL of yet another third-party supplier tracker. Some basic queries on that URL lead to even more torrent sites. And from there, more, and more, and more -- revealing torrent passkeys for every single one on the way.

Long-time Slashdot reader slack_justyb brings news from the world of Linux desktop environments: After two years of development Xfce 4.18 is now live!

Several new features are available in each package. Thunar the default file manager for Xfce now includes a image preview sidebar, an editable toolbar that let's you reorder toolbar icons, file highlights, recursive search, and expanded undo/redo support.

Several new desktop settings allowing you to further configure the layout of the desktop are included. Additionally in this release for the desktop are, adaptive vsync support with GLX, and more enhancements for working with Wayland (though it may take a few more releases until everything works completely under Wayland).

You can find out more about the new release from the official tour here.
Also included is a new-filename Input Dialogue widget and a preliminary GUI-based shortcut editor...

An anonymous reader quotes a report from ZDNet: Microsoft's Windows Subsystem for Linux (WSL) for running GNU/Linux environments on Windows 10 and Windows 11 has reached version 1.0.0 and is now generally available. Microsoft has been building WSL, including its own custom Linux kernel, for several years now. At first, WSL and WSL2 were an optional component within Windows, but last October Microsoft made the preview WSL available in the Microsoft Store as a separate app. The Store version could deliver users -- mostly developers and IT pros -- faster updates and features independently of updates to Windows.

As well as WSL shedding the "preview" label, Microsoft is making the WSL app from the Store the default for new users. As Microsoft noted last October at the release of Windows 11, the long term plan was to move WSL users to the Store version. However, Windows 11 still supported the "inbox version" of WSL while it continued developing the Store version. With this release, Microsoft is backporting WSL functionality to Windows 10 and 11 to make the Store version of WSL the default experience. The latest backport is available to "seekers" who click "Check for Updates" in Windows Settings, but in mid-December it will be pushed automatically to devices. The updates are available for Windows 10 version 21H1, 21H2, or 22H2, or on Windows 11 21H2 with all of the November updates applied.

Microsoft detailed a number of changes to commands now that the Store version of WSL is the default version, noting "wsl.exe --install will now automatically install the Store version of WSL, and will no longer enable the "Windows Subsystem for Linux" optional component, or install the WSL kernel or WSLg MSI packages as they are no longer needed." The virtual machine platform optional component will still be enabled, and by default Ubuntu will still be installed. One of the main new additions to WSL 1.0 is that users can opt in to support for systemd, the at-one-point maligned Linux system and service manager, which runs by default in several Linux distros, including Ubuntu and Debian. Also, Windows 10 users can use Linux GUI apps, a capability that was previously exclusive to Windows 11 users.

It's been one year since Facebook changed its name to "Meta Platforms," remembers The Street. So after Mark Zuckerberg "bought the Oculus Quest VR headset, rebranded it Meta Quest, and formed Reality Labs solely to work on all projects related to the metaverse" — what happened next? Meta's shares and market value have dropped and Zuckerberg's personal fortune has shrunk, falling from $125 billion in January to $49.1 billion at last check, putting him No. 23 on the Bloomberg Billionaires Index.

Reality Labs is facing the hard reality that it's pouring out gallons of red ink, losing $10 billion last year and about $5.7 billion so far in 2022.

And leaked internal documents reveal discussions between Reality Labs management and employees, indicating that "Horizon Worlds" [Meta's flagship metaverse for consumers] is ridden with game-breaking bugs, leading to a "quality lockdown" for the rest of the year.
In fact, Horizon Worlds is also "failing to meet internal performance expectations," reports CNBC, citing internal company documents reviewed by The Wall Street Journal: Meta initially aimed to reach 500,000 monthly active users in Horizon Worlds by the end of the year, but the current figure is less than 200,000, according to the report. Additionally, the documents showed that most users didn't return to Horizon after the first month on the platform, and the number of users has steadily declined since spring, the Journal said.

Only 9% of worlds are visited by at least 50 people, and most are never visited at all, according to the report."
"An empty world is a sad world," one internal document reportedly adds. And Fortune cited some more discouraging statistics from the Journal's article: - Meta wants users to create their own worlds using Horizon's tools. Less than 1% are doing so.

- A tip feature to reward creators for their efforts has generated payouts of under $500 globally. Cumulatively, Horizon's worlds have brought in only about $10,000 in "In-World Payments".

- Retention rates for the Quest virtual-reality headsets — sold by Meta to access Horizons — have dropped in each of the past three years.
CNBC also notes that the report "comes as the company's stock falls, user numbers decline and advertisers cut spending. Meta shares are down 62% so far this year...." So how did Meta respond to the Journal's article? A Meta spokesman told The Wall Street Journal that the company continues to make improvements to the metaverse, which was always meant to be a multiyear project. Representatives for Meta didn't immediately respond to CNBC's request for comment.

Meta has said it will release a web version of Horizon for mobile devices and computers this year, but the spokesman didn't have any launch dates to disclose.

Purism posted an announcement Thursday about their privacy-focused "Librem 5 USA" smartphones. "New orders placed today will ship within our standard 10-business-day window." The Librem 5 USA now joins the Librem Mini and Librem 14 as a post-Just In Time product, one where instead of relying on Just In Time supply chains to manufacture a product just as we need it, we have invested in maintaining much larger inventories so that we can better absorb future supply chain issues that may come our way.

For anyone who is new to the product, the Librem 5 USA is our premium phone that shares the same hardware design and features as our mass-produced Librem 5, but with electronics we make in the USA using a separate electronics supply chain that sources from US suppliers whenever possible. This results in a tighter, more secure supply chain for the Librem 5 USA.

The Librem 5 USA uses the same PureOS as our other computers and so it runs the same desktop Linux applications you might be used to, just on a small screen.

PureOS on the Librem 5 USA demonstrates real convergence, where the device becomes more than just a phone, it becomes a full-featured pocket-sized computer that can act like a desktop when connected to a monitor, keyboard and mouse, or even a laptop (or tablet!) when connected to a laptop docking station. All of your files and all of your software remains the same and follows you where you go. Applications just morph from the smaller screen to the larger screen when docked, just like connecting a external monitor to a laptop.

Everyone who has backed the Librem 5 and Librem 5 USA projects hasn't just supported the production of the hardware itself, they have also supported a massive, multi-year software development effort to bring the traditional Linux desktop to a phone form-factor. Projects such as Phosh (the GUI), Phoc (the Compositor), Squeekboard (the Keyboard), Calls (for calling), Chats (for texting and messaging), and libhandy/libadwaita (libraries to make GTK applications adaptive) all required massive investment and many of these projects have already been moved to the GNOME infrastructure to better share our effort with a larger community.

We are delighted to see that many other mobile projects have recognized the quality of our efforts and adopted our software into their own projects....

The Librem 5 USA was designed for longevity and because we support right to repair, we also offer a number of spare parts in our shop, including replacement modems so you can make sure you support all the cellular bands in a particular continent, replacement batteries for when you ultimately wear out your existing battery, and plenty of other spare parts that haven't had sufficient demand to post formally on our shop (yet). If you need a spare part that isn't yet on the shop, just ask.

"As part of the design process for what ended up becoming GNOME 40 the design team worked on a number of experimental concepts," reports a blog post at Gnome.org's shell-dev blog, "a few of which were aimed at better support for tablets and other smaller devices."

"Ever since then, some of us have been thinking about what it would take to fully port GNOME Shell to a phone form factor." It's an intriguing question because post-GNOME 40, there's not that much missing for GNOME Shell to work on phones, even if not perfectly.... On top of that, many of the things we're currently working towards for desktop are also relevant for mobile, including quick settings, the notifications redesign, and an improved on-screen keyboard. Given all of this synergy, we felt this is a great moment to actually give mobile GNOME Shell a try. Thanks to the Prototype Fund, a grant program supporting public interest software by the German Ministry of Education (BMBF), we've been working on mobile support for GNOME Shell for the past few months.

We're not expecting to complete every aspect of making GNOME Shell a daily driveable phone shell as part of this grant project. That would be a much larger effort because it would mean tackling things like calls on the lock screen, PIN code unlock, emergency calls, a flashlight quick toggle, and other small quality-of-life features. However, we think the basics of navigating the shell, launching apps, searching, using the on-screen keyboard, etc. are doable in the context of this project, at least at a prototype stage.

Of course, making a detailed roadmap for this kind of effort is hard and we will keep adjusting it as things progress and become more concrete... There's a lot of work ahead, but going forward progress will be faster and more visible because it will be work on the actual UI, rather than on internal APIs. Now that some of the basics are in place we're also excited to do more testing and development on actual phone hardware, which is especially important for tweaking things like the on-screen keyboard.
Their blog post includes a video showing "what this currently looks like on laptops" and then one showing it running "on actual phone hardware." And someone has also posted a video on Twitter showing it running on a OnePlus 6 smartphone.

An anonymous reader quotes a report from The Register: Alibaba Cloud has advanced its work to port Android to the RISC-V architecture. The Chinese cloud giant has spent more than a year working on a port of the Google-spawned OS and in January 2021 showed off a GUI powered by Android 10 running on silicon designed by T-Head Semiconductor -- an Alibaba subsidiary that designs its own RISC-V chip. Alibaba Cloud has now revealed it's working on Android 12, and has integrated third-party vendor modules. The result is Android on RISC-V that's capable of playing audio and video, running Wi-Fi and Bluetooth radios, and driving cameras.

The company has also "enabled more system enhancement features such as core tool sets, third-party libraries and SoC board support package on RISC-V," which collectively make RISC-V a better target for Android. Another advance is successful trials of TensorFlow Lite models on RISC-V. That effort means Android on RISC-V should be capable running workloads like image and audio classification and Optical Character Recognition. Alibaba Cloud hasn't detailed whether its porting efforts are directed to any particular processor, but is keen to point out that its homegrown Xuantie C906 processor recently aced the MLPerf Tiny v0.7 benchmark -- a test applied to Internet of Things devices. The company has also pointed out that its home-grown RISC-V kit has already been employed in smart home appliances, automotive applications, and edge computing. [...] The Xuantie C906 uses Alibaba-designed cores that are -- as required for RISC-V users -- available on GitHub. When the firm has a complete version of Android on RISC-V, it "will be an important step towards China's goal of reducing its reliance on technology that other nations can control with restrictions such as trade bans," notes The Register. "As RISC-V is open source, preventing its flow to China is all but impossible."

An anonymous reader quotes a report from Ars Technica: In most cases, the release of yet another classic console emulator for the Switch wouldn't be all that noteworthy. But experts tell Ars that a pair of Game Boy and Game Boy Advance emulators for the Switch that leaked online Monday show signs of being official products of Nintendo's European Research & Development division (NERD). That has some industry watchers hopeful that Nintendo may be planning official support for some emulated classic portable games through the Nintendo Switch Online subscription service in the future. The two leaked emulators -- codenamed Hiroko for Game Boy and Sloop for Game Boy Advance -- first hit the Internet as fully compiled NSP files and encrypted NCA files linked from a 4chan thread posted to the Pokemon board Monday afternoon. Later in that thread, the original poster suggested that these emulators "are official in-house development versions of Game Boy Color/Advance emulators for Nintendo Switch Online, which have not been announced or released."

In short order, dataminers examining the package found a .git folder in the ROM. That folder includes commit logs that reference supposed development work circa August 2020 from a NERD employee and, strangely enough, a developer at Panasonic Vietnam. NERD's history includes work on the software for the NES Classic and SNES Classic, as well as the GameCube emulation technology in last year's Super Mario All-Stars, so the division's supposed involvement wouldn't be out of the ordinary. Footage from the leaked Game Boy Advance emulator also includes a "(c) Nintendo" and "(c) 2019 -- 2020 Nintendo" at various points. While suggestive, none of this is exactly hard evidence of Nintendo's involvement in making these emulators. Some skepticism might be warranted, too, because there is some historical precedent for an emulator developer trying to get more attention by pretending their homebrew product is a "leaked" official Nintendo release.

Some observers also pointed to other reasons to doubt that these leaks were an "official" Nintendo work product. ModernVintageGamer and others noted that the leaked GBA emulator includes an "export state to Flashcart" option designed "to confirm original behavior" on "original hardware," according to the GUI. That option is illustrated with a picture of an EZFlash third-party flash cartridge in the emulator interface, an odd choice given Nintendo's previous litigious attacks on such flashcart makers. A "savedata memory" option in the emulator also references the ability to "inter-operate with flashcarts, other emulators, [and] fan websites..." That's a list that would serve as a decent Johnny Carson "Carnac the Magnificent" setup for "things Nintendo wouldn't want to reference in an official product." A prominent video game historian that Ars consulted with said they were "99.9% sure [the emulators are] real" and that "personally I'm absolutely convinced of its legitimacy."

A headline at Hot Hardware calls it "a sexy Linux laptop with deep learning chops... being pitched as the world's most powerful laptop for machine learning workloads."

And here's how Ars Technica describes the Razer x Lambda Tensorbook (announced Tuesday): Made in collaboration with Lambda, the Linux-based clamshell focuses on deep-learning development. Lambda, which has been around since 2012, is a deep-learning infrastructure provider used by the US Department of Defense and "97 percent of the top research universities in the US," according to the company's announcement. Lambda's offerings include GPU clusters, servers, workstations, and cloud instances that train neural networks for various use cases, including self-driving cars, cancer detection, and drug discovery.

Dubbed "The Deep Learning Laptop," the Tensorbook has an Nvidia RTX 3080 Max-Q (16GB) and targets machine-learning engineers, especially those who lack a laptop with a discrete GPU and thus have to share a remote machine's resources, which negatively affects development.... "When you're stuck SSHing into a remote server, you don't have any of your local data or code and even have a hard time demoing your model to colleagues," Lambda co-founder and CEO Stephen Balaban said in a statement, noting that the laptop comes with PyTorch and TensorFlow for quickly training and demoing models from a local GUI interface without SSH. Lambda isn't a laptop maker, so it recruited Razer to build the machine....

While there are more powerful laptops available, the Tensorbook stands out because of its software package and Ubuntu Linux 20.04 LTS.
The Verge writes: While Razer currently offers faster CPU, GPU and screens in today's Blade lineup, it's not necessarily a bad deal if you love the design, considering how pricey Razer's laptops can be. But we've generally found that Razer's thin machines run quite hot in our reviews, and the Blade in question was no exception even with a quarter of the memory and a less powerful RTX 3060 GPU. Lambda's FAQ page does not address heat as of today.

Lambda is clearly aiming this one at prospective MacBook Pro buyers, and I don't just say that because of the silver tones. The primary hardware comparison the company touts is a 4x speedup over Apple's M1 Max in a 16-inch MacBook Pro when running TensorFlow.
Specifically, Lambda's web site claims the new laptop "delivers model training performance up to 4x faster than Apple's M1 Max, and up to 10x faster than Google Colab instances." And it credits this to the laptop's use of NVIDIA's GeForce RTX 3080 Max-Q 16GB GPU, adding that NVIDIA GPUs "are the industry standard for parallel processing, ensuring leading performance and compatibility with all machine learning frameworks and tools."

"It looks like a fine package and machine, but pricing starts at $3,499," notes Hot Hardware, adding "There's a $500 up-charge to have it configured to dual-boot Windows 10."

The Verge speculates on what this might portend for the future. "Perhaps the recently renewed interest in Linux gaming, driven by the Steam Deck, will push Razer to consider Linux for its own core products as well."

"Microsoft has been struggling to reach a state of convergence between tablet and desktop ever since Windows 8 and the original Surface," argues Neowin, adding "If we're using Windows 11 as a barometer of their progress, they'll likely never get there...."

But meanwhile, writes Slashdot reader segaboy81, "KDE's new swipe gesture is awesome. It's about 1000% smoother than the overview in Windows 11 and the swiping mechanism is easier, too. Is KDE getting better for tablets?"

From Neowin's report: Starting in KDE Plasma 5.25, users with touch screen devices will be able to enter their tasks and virtual desktops overview by simply swiping down from the top edge, but with a special twist. The scale of the windows directly follows the path of your finger. The result is every bit as fluid as you might imagine. While you can achieve the same result in Windows 11 with a simple three-finger swipe up, this implementation looks great and performs great too.

BleepingComputer was recently contacted by an alleged "venture capitalist" firm that wanted to invest or purchase our site. However, as we later discovered, this was a malicious campaign designed to install malware that provides remote access to our devices. Lawrence Abrams from BleepingComputer writes: Last week, BleepingComputer received an email to our contact form from an IP address belonging to a United Kingdom virtual server company. Writing about cybersecurity for so long, I am paranoid regarding email, messaging, and visiting unknown websites. So, I immediately grew suspicious of the email, fired up a virtual machine and VPN, and did a search for Vuxner. Google showed only a few results for 'Vuxner,' with one being for a well-designed and legitimate-looking vuxner[.]com, a site promoting "Vuxner Chat -- Next level of privacy with free instant messaging." As this appeared to be the "Vuxner chat" the threat actors referenced in their email, BleepingComputer attempted to download it and run it on a virtual machine.

BleepingComputer found that the VuxnerChat.exe download [VirusTotal] actually installs the "Trillian" messaging app and then downloads further malware onto the computer after Trillian finishes installing. As this type of campaign looked similar to other campaigns that have pushed remote access and password-stealing trojans in the past, BleepingComputer reached out to cybersecurity firm Cluster25 who has previously helped BleepingComputer diagnose similar malware attacks in the past. Cluster25 researchers explain in a report coordinated with BleepingComputer that the Vuxner[.]com is hosted behind Cloudflare, however they could still determine hosting server's actual address at 86.104.15[.]123.

The researchers state that the Vuxner Chat program is being used as a decoy for installing a remote desktop software known as RuRAT, which is used as a remote access trojan. Once a user installs the Vuxner Trillian client and exits the installer, it will download and execute a Setup.exe executable [VirusTotal] from https://vuxner[.]com/setup.exe. When done, the victim will be left with a C:\swrbldin folder filled with a variety of batch files, VBS scripts, and other files used to install RuRAT on the device. Cluster25 told BleepingComputer that the threat actors are using this attack to gain initial access to a device and then take control over the host. Once they control the host, they can search for credentials and sensitive data or use the device as a launchpad to spread laterally in a network.

Respondents to the annual survey of the Rust community reported an uptick in weekly usage and challenges, writes InfoWorld: Among those surveyed who are using Rust, 81% were using the language on at least a weekly basis, compared to 72% in last year's survey. Of all Rust users, 75% said they are able to write production-ready code but 27% said it was at times a struggle to write useful, production-ready code.... While the survey pointed toward a growing, healthy community of "Rustaceans," it also found challenges. In particular, Rust users would like to see improvements in compile times, disk usage, debugging, and GUI development...

- For those who adopted Rust at work, 83% found it "challenging." But it was unclear how much of this was a Rust-specific issue or general challenges posed by adopting a new language. During adoption, only 13% of respondents believed the language was slowing their team down while 82% believed Rust helped their teams achieve their goals.

- Of the respondents using Rust, 59% use it at least occasionally at work and 23% use it for the majority of their coding. Last year, only 42% used Rust at work.
From the survey's results: After adoption, the costs seem to be justified: only 1% of respondents did not find the challenge worth it while 79% said it definitely was. When asked if their teams were likely to use Rust again in the future, 90% agreed. Finally, of respondents using Rust at work, 89% of respondents said their teams found it fun and enjoyable to program.

As for why respondents are using Rust at work, the top answer was that it allowed users "to build relatively correct and bug free software" with 96% of respondents agreeing with that statement. After correctness, performance (92%) was the next most popular choice. 89% of respondents agreed that they picked Rust at work because of Rust's much-discussed security properties.

Overall, Rust seems to be a language ready for the challenges of production, with only 3% of respondents saying that Rust was a "risky" choice for production use.
Thanks to Slashdot reader joshuark for submitting the story...

The best part of Windows 11 is Linux, argues Ars Technica: For years now, Windows 10's Windows Subsystem for Linux has been making life easier for developers, sysadmins, and hobbyists who have one foot in the Windows world and one foot in the Linux world. But WSL, handy as it is, has been hobbled by several things it could not do. Installing WSL has never been as easy as it should be — and getting graphical apps to work has historically been possible but also a pain in the butt that required some fairly obscure third-party software. Windows 11 finally fixes both of those problems. The Windows Subsystem for Linux isn't perfect on Windows 11, but it's a huge improvement over what came before.

Microsoft has traditionally made installing WSL more of a hassle than it should be, but the company finally got the process right in Windows 10 build 2004. Just open an elevated Command prompt (start --> type cmd --> click Run as Administrator), type wsl --install at the prompt, and you're good to go. Windows 11, thankfully, carries this process forward unchanged. A simple wsl --install with no further arguments gets you Hyper-V and the other underpinnings of WSL, along with the current version of Ubuntu. If you aren't an Ubuntu fan, you can see what other easily installable distributions are available with the command wsl --list --online. If you decide you'd prefer a different distro, you can install it instead with — for example — wsl --install -d openSUSE-42. If you're not sure which distribution you prefer, don't fret. You can install as many as you like, simply by repeating wsl --list --online to enumerate your options and wsl --install -d distroname to install whichever you like. Installing a second distribution doesn't uninstall the first; it creates a separate environment, independent of any others. You can run as many of these installed environments as you like simultaneously, without fear of one messing up another.

In addition to easy installation, WSL on Windows 11 brings support for both graphics and audio in WSL apps. This isn't exactly a first — Microsoft debuted WSLg in April, with Windows 10 Insider Build 21364. But Windows 11 is the first production Windows build with WSLg support. If this is your first time hearing of WSLg, the short version is simple: you can install GUI apps — for example, Firefox — from your Ubuntu (or other distro) command line, and they'll work as expected, including sound. When I installed WSLg on Windows 11 on the Framework laptop, running firefox from the Ubuntu terminal popped up the iconic browser automatically. Heading to YouTube in it worked perfectly, too, with neither frame drops in the video nor glitches in the audio....

[T]here is one obvious "killer app" for WSLg that has us excited — and that's virt-manager, the RedHat-originated virtualization management tool. virt-manager is a simple tool that streamlines the creation, management, and operation of virtual machines using the Linux Kernel Virtual Machine... virt-manager never got a Windows port and seems unlikely to. But it runs under WSLg like a champ.
They reported a few problems, like when running GNOME's Software Center app (and the GNOME shell desktop environment).

But "If you're already a Windows Subsystem for Linux (WSL) user, Windows 11 offers an enormously improved experience compared to what you're accustomed to from Windows 10. It installs more easily, makes more functionality available, and offers better desktop integration than older workarounds such as running MobaXTerm's X11 server."