Windows

Notepad On Windows 11 Is Finally Getting a Character Count (theverge.com) 47

Microsoft's Notepad app on Windows 11 is getting a character count at the bottom of the window. "When text is selected, the status bar shows the character count for both the selected text and the entire document," explains Microsoft's Windows Insider team in a blog post. "If no text is selected, the character count for the entire document is displayed, ensuring you always have a clear view of your document's length." The Verge reports: This is the latest addition in a line of changes to Notepad this year, with the app recently getting a new autosave option that lets you close it without seeing the pop-up save prompt every time. Microsoft has also added tabs to Notepad, a dark mode, and even a virtual fidget spinner.

Alongside the Notepad changes in this latest Windows 11 test build, the widgets section of the OS is also getting some improvements. You'll soon be able to just show widgets and hide the feed of news and articles that appear inside the widgets screen.

Linux

New systemd Update Will Bring Windows' Infamous Blue Screen of Death To Linux (arstechnica.com) 154

An anonymous reader quotes a report from Ars Technica: Windows' infamous "Blue Screen of Death" is a bit of a punchline. People have made a hobby of spotting them out in the wild, and in some circles, they remain a byword for the supposed flakiness and instability of PCs. To this day, networked PCs in macOS are represented by beige CRT monitors displaying a BSOD. But the BSOD is supposed to be a diagnostic tool, an informational screen that technicians can use to begin homing in on the problem that caused the crash in the first place; that old Windows' BSOD error codes were often so broad and vague as to be useless doesn't make the idea a bad one. Today, version 255 of the Linux systemd project honors that original intent by adding a systemd-bsod component that generates a full-screen display of some error messages when a Linux system crashes.

The systemd-bsod component is currently listed as "experimental" and "subject to change." But the functionality is simple: any logged error message that reaches the LOG_EMERG level will be displayed full-screen to allow people to take a photo or write it down. Phoronix reports that, as with BSODs in modern Windows, the Linux version will also generate a QR code to make it easier to look up information on your phone.

Microsoft

Microsoft Readies 'Groundbreaking' AI-focused Windows Release 69

What's next for Windows? Microsoft plans next-gen Windows AI release in 2024, plus details on recent changes to the Windows roadmap. From a report: According to my sources, the new Windows bosses are now returning to an annual release cycle for major versions of the Windows platform, meaning Windows is going back to having just one big feature update a year instead of multiple smaller ones throughout. Microsoft may still use Moment updates sparingly, but they will no longer be the primary delivery vehicle for new features going forward.

These changes are said to take effect after Hudson Valley launches in 2024, so I'm still expecting at least one more Moment update for the current version of Windows 11, which sources say will ship in the February or March time frame early next year. [...] According to my sources, Microsoft's blockbuster new feature will be the introduction of an AI-powered Windows Shell, enhanced with an "advanced Copilot," that's able to constantly work in the background to enhance search, jumpstart projects or workflows, understand context, and much more.

Sources say these AI features will be "groundbreaking." The company is working on a new history/timeline feature that will let users scroll back in time through all the apps and websites that Copilot has remembered, which can be filtered based on a user's specific search criteria. For example, you could type "FY24 earnings" and every instance where that term was on-screen will reappear for you to see and open. AI will also enhance search in Windows, with the ability to use natural language to find things that you've previously opened or seen on your PC.
Bug

Nearly Every Windows and Linux Device Vulnerable To New LogoFAIL Firmware Attack (arstechnica.com) 69

"Researchers have identified a large number of bugs to do with the processing of images at boot time," writes longtime Slashdot reader jd. "This allows malicious code to be installed undetectably (since the image doesn't have to pass any validation checks) by appending it to the image. None of the current secure boot mechanisms are capable of blocking the attack." Ars Technica reports: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year's worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware. The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London.

As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment. "Once arbitrary code execution is achieved during the DXE phase, it's game over for platform security," researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper. "From this stage, we have full control over the memory and the disk of the target device, thus including the operating system that will be started." From there, LogoFAIL can deliver a second-stage payload that drops an executable onto the hard drive before the main OS has even started. The following video demonstrates a proof-of-concept exploit created by the researchers. The infected device -- a Gen 2 Lenovo ThinkCentre M70s running an 11th-Gen Intel Core with a UEFI released in June -- runs standard firmware defenses, including Secure Boot and Intel Boot Guard.
LogoFAIL vulnerabilities are tracked under the following designations: CVE-2023-5058, CVE-2023-39538, CVE-2023-39539, and CVE-2023-40238. However, this list is currently incomplete.

"A non-exhaustive list of companies releasing advisories includes AMI (PDF), Insyde, Phoenix, and Lenovo," reports Ars. "People who want to know if a specific device is vulnerable should check with the manufacturer."

"The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday's coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device. It's also a good idea, when possible, to configure UEFIs to use multiple layers of defenses. Besides Secure Boot, this includes both Intel Boot Guard and, when available, Intel BIOS Guard. There are similar additional defenses available for devices running AMD or ARM CPUs."
Open Source

Veteran Editors Notepad++ and Geany Hit Milestone Versions (theregister.com) 21

Liam Proven reports via The Register: One of the best FOSS text editors for Windows, Notepad++, is turning 20, while cross platform Geany just hit version 2.0 as it turns 18 years old. Notepad++'s version 8.6 is the twentieth anniversary release of one of the go-to FOSS text editors for Windows. [...] If you use an Arm-powered Windows machine, such as the ThinkPad X13S, there is now a native Arm64 version. It still supports x86-32 as well, and there are portable versions which work without being installed locally -- handy if you don't have admin rights. There is even a usefully recent version for Windows XP if you are still using that geriatric OS. This release adds multi-select, allowing you to manipulate multiple instances of the same text at once, which looks confusing but very powerful.

It is a staple on all of the Reg FOSS desk's Windows partitions, thanks to its inclusion in the essential Windows post-install setup tool Ninite. Ninite will install -- and update -- a whole swath of FOSS and freeware tools for Windows, making setup of a new machine doable in just a couple of clicks. And if you keep the Ninite installer file around, you can re-run it later and it will update everything it installed first time around. Ninite does offer other programmers' editors, such as Eclipse and Microsoft Visual Studio Code -- but they are behemoths by comparison. VSCode is implemented as an Electron app, meaning that it's huge, embeds an entire copy of Chromium, and scoffs RAM like it's going out of fashion. Notepad++ is a native Win32 app, making it tiny and fast: the download is less than 5MB, one twentieth the size of VSCode.

Sluggish, bloated editors are not just a problem on Windows. Gargantuan Electron apps are distressingly prevalent on Linux and macOS as well. This vulture is guilty of using some, and even recommending them -- because some of them can do things that nothing else can. That's not true in the case of plain text editors, though. You don't have to put up with apps that take a good fraction of a gigabyte for this. Geany is a good example. It straddles the line between a text editor and an IDE: it can manage multi-project files, automatically call out to compilers and suchlike, and parse their output to highlight errors. We last mentioned it nearly a decade ago but the project recently reached voting age -- at least for humans -- and after this milestone in maturity its developers called the latest release version 2.0. It has better support for dark mode, a new tree view in its sidebar, adds a bunch of new supported file types, and can detect if the user changes the type of a file and re-do its syntax highlighting to match.

Windows

Windows 10 Gets Three More Years of Security Updates, If You Can Afford Them (arstechnica.com) 80

An anonymous reader quotes a report from Ars Technica: Windows 10's end-of-support date is October 14, 2025. That's the day that most Windows 10 PCs will receive their last security update and the date when most people should find a way to move to Windows 11 to ensure that they stay secure. As it has done for other stubbornly popular versions of Windows, though, Microsoft is offering a reprieve for those who want or need to stay on Windows 10: three additional years of security updates, provided to those who can pay for the Extended Security Updates (ESU) program.

The initial announcement, written by Windows Servicing and Delivery Principal Product Manager Jason Leznek, spends most of its time encouraging users and businesses to upgrade to Windows 11 rather than staying on 10, either by updating their current computers, upgrading to new PCs or transitioning to a Windows 365 cloud-based PC instead. But when Leznek does get to the announcement of the ESU program, the details are broadly similar to the program Microsoft offered for Windows 7 a few years ago: three additional years of monthly security updates and technical support, paid for one year at a time. The company told us that "pricing will be provided at a later date," but for the Windows 7 version of the ESU program, Microsoft upped the cost of the program each year to encourage people to upgrade to a newer Windows version before they absolutely had to; the cost was also per-seat, so what you paid was proportional to the number of PCs you needed updates for.

One difference this time is that Microsoft told us it would be offering Windows 10 ESU updates to individuals, though the company didn't offer particulars. More details should be available on Windows 10's lifecycle support page soon. Leznek reiterated that Windows 10 22H2 would be the final version of Windows 10 and that the operating system would not receive any additional features during the ESU period.

Bug

A Windows Update Bug Is Renaming Everyone's Printers To HP M101-M106 (xda-developers.com) 55

An anonymous reader quotes a report from XDA Developers: A few days ago, we spotted that the HP Smart App was being installed on people's PCs without their consent. Even worse, the app would reappear if users tried to uninstall it or clean-installed Windows. Now, the cause has finally been identified: a recent Windows 10 and 11 update is renaming everyone's printers to "HP LaserJet M101-M106" regardless of what model it actually is. As reported on Windows Latest, the latest update for Windows 10 and 11 seems to think that people's printers are an HP LaserJet model, regardless of their actual brand. It's believed that the bug appeared after HP pushed its latest metadata to Windows Update, but something went awry in the code and caused other printers to be labeled as HP LaserJet printers.

This explains why the HP Smart App has been sneaking onto people's computers without their consent. A key part of Windows Update is keeping third-party drivers and devices updated, including downloading any apps that the devices depend on. After the printer metadata incorrectly identified everyone's printers as HP LaserJet printers, Windows installed all the software needed for an HP printer to work smoothly, including the HP Smart App. Fortunately, the bug only affects the metadata for the printer. While the printer may show up with a different name on your system, you should still be able to send print jobs to it. Microsoft has since removed the fault metadata from Windows Update, so anyone performing a clean install from now on should get their original printer's name back and stop the HP Smart App from re-downloading.
Further reading: HP Exec Says Quiet Part Out Loud When It Comes To Locking in Print Customers
Open Source

NotePad++ 20th Anniversary Edition Includes New 'Multi-Edit' Feature (notepad-plus-plus.org) 56

The free open-source text editor Notepad++ is celebrating its 20th anniversary, the blog OMG! Ubuntu reported this week, "with a new release filled with some neat new features." In Notepad++ 8.6 (the 238th release since 2003, for those keeping count) the Windows-based code tool [which can also be used on Linux] adds to its extensive feature set with an improved multi-edit feature.

A few 3rd-party Notepad++ plugins have offered similar functionality for a while, including BetterMultiSelection. And a bug report requesting to ability to "transform the column mode to multi-caret on HOME/END/Arrow keys" led to this native addition.

Their blog post includes an animated GIF of Notepad++ multi-edit in action.

"You can install Notepad++ on Ubuntu straight from the Ubuntu Software/App Center app (it's a Snap Store). Alternatively, install the Windows build via WINE/CrossOver or, if you got the l33t skillz, build it by hand, from source."
HP

HP Printer Software Turns Up Uninvited on Windows Systems 51

Windows users are reporting that Hewlett Packard's HP Smart application is appearing on their systems, despite them not having any of the company's hardware attached. From a report: While Microsoft has remained tight-lipped on what is happening, folks on various social media platforms noted the app's appearance, which seems to afflict both Windows 10 and Windows 11. The Windows Update mechanism is used to deploy third-party applications and drivers as well as Microsoft's updates, and we'd bet someone somewhere has accidentally checked the wrong box.

Up to now, the response from affected users has been one of confusion. One noted on Reddit: "I thought that was just me. I didn't install it, it just appeared on new apps in start menu out of nowhere." Another said: "I just checked and I had it installed too. Checking the event log for the Microsoft Store shows that it installed earlier today, but I definitely did [not] request or initiate it because I do not have any devices from HP." And, of course, there was the inevitable: "Would it be that hard for Microsoft to just provide an operating system without needless bloat?" To be clear, not all users are affected.
Android

Microsoft Phone Link May Soon Let You Use Your Android Phone As a Webcam (androidauthority.com) 35

Microsoft Phone Link, previously known as Microsoft Your Phone, lets you control your Android phone from your computer. Now, the company appears to be working on letting you use your Android phone as a webcam with Windows computers, similar to how you can use your iPhone as a webcam on Mac. Android Authority reports: Microsoft's Link to Windows v1.23102.190.0 for Android app includes code that suggests that the company is working on letting your Android phone provide a video stream to your Windows PC. This would effectively allow it to be used as a webcam. [...] These strings indicate that once Microsoft's Phone Link app is working on both connected devices, users would be able to start a camera stream that lets their phone's camera be available to their Windows PC. The strings do not explicitly mention "webcam," but other clues indicate that the feature would be related to video calls in some ways.

Phone Link can already access your camera and video conferencing apps, but this is just mirroring apps running on your phone. What you see on your phone screen is what you see on the computer. If you record a video, it gets saved to your phone as typical video recordings do. With the new functionality spotted above, Phone Link could potentially compete against Apple's Continuity Camera features. With Continuity Camera, users can mount their iPhone to their Mac and then use the iPhone's camera and microphone for FaceTime or other camera apps.

Transportation

Traffic Pollution Can Cause Rise In Blood Pressure, Study Finds (theguardian.com) 22

An anonymous reader quotes a report from The Guardian: Air pollution from traffic can cause a significant rise in blood pressure that can last up to 24 hours, according to a study via the University of Washington. The spike is comparable to the effect of a high-sodium diet and can contribute to cardiovascular problems. Long-term exposure to vehicle exhaust has been widely linked with respiratory problems such as asthma, especially in children. "Traffic air pollution increases blood pressure within an hour of being in traffic and it stays elevated a day later," said author of the study Joel Kaufman, a physician and professor of environmental and occupational health sciences at the University of Washington.

Sixteen healthy people between the ages of 22 and 45 underwent three separate drives as passengers through Seattle rush hour. Two of those drives were "unfiltered," meaning the road air was allowed to enter the car, as is the case for many drivers on the road today. On the third drive, a Hepa (high efficiency particulate absorbing) filter was installed in the car, with participants unaware which drive had filtration. The researchers measured the blood pressure of the passengers before, during and after the two-hour drive. Breathing unfiltered air resulted in blood pressure increase of more than 4.5mm Hg (millimeters of mercury) compared to filtered air. Most of the pollution came from tailpipe exhaust or the fossil fuel combustion, as well as brake and tire wear. The filters were most effective in reducing ultrafine particles (86% decrease), black carbon, which is mostly from diesel (86%), and PM2.5 (60%) while gasses like carbon dioxide and nitrogen oxide were unaffected.
"The clue here is that these tiniest particles are probably what's responsible for blood pressure difference," Kaufman said.

"If you live in an area that has heavy traffic-related air pollution, you want to keep your windows closed and have air filtration capability in your home."
Programming

BBC BASIC Is Back In a Big Way (hackaday.com) 134

An anonymous reader quotes a report from Hackaday: The BBC has a long history of teaching the world about computers. The broadcaster's name was proudly displayed on the BBC Micro, and BBC Basic was the programming language developed especially for that computer. Now, BBC Basic is back and running on a whole mess of modern platforms. BBC Basic for SDL 2.0 will run on Windows, MacOS, x86 Linux, and even Raspberry Pi OS, Android, and iOS. Desktop versions of the programming environment feature a BASIC editor that has syntax coloring for ease of use, along with luxury features like search and replace that weren't always available at the dawn of the microcomputer era. Meanwhile, the smartphone versions feature a simplified interface designed to work better in a touchscreen environment.

It's weird to see, but BBC Basic can actually do some interesting stuff given the power of modern hardware. It can address up to 256 MB of memory, and work with far more advanced graphical assets than would ever have been possible on the original BBC Micro. If you honed your programming skills on that old metal, you might be impressed with what they can achieve with BBC Basic in a new, more powerful context.

Windows

Samsung Expands In-house Web Browser To Windows (sammobile.com) 39

An anonymous reader shares a report: The biggest benefit Samsung Internet on a desktop operating system will provide is the syncing of browsing data between your phone and PC, the lack of which has prevented many users from using Samsung Internet as their primary browser app on their phones and tablets. Unfortunately, Samsung hasn't yet implemented full-fledged sync support on Samsung Internet for Windows. While you can log in with your Samsung account, only browsing history, bookmarks, saved pages and open tabs can be synced at this time. Password syncing is not available, which hopefully won't remain the case for long.

The first time you run Samsung Internet on Windows, you can import browsing history, bookmarks/favorites, and search engines from other browsers, including Google Chrome and Microsoft Edge. You can also import bookmarks using an HTML file. As for other features, Samsung Internet on Windows has ad blocker support, a secret (incognito) mode, extension support, light and dark mode themes, and a few others. Since Samsung Internet is based on the open-source Chromium project like Chrome and Microsoft Edge, it should support extensions and add-ons that work on those browsers.

It's funny.  Laugh.

Microsoft's Ugly Sweater For 2023 is Windows XP's Iconic Default Wallpaper (arstechnica.com) 36

Microsoft is returning to the Bliss hill once again with this year's entry in its now-traditional ugly retro-computing sweater series. From a report: Blue hemming at the bottom and on the sleeves evokes Windows XP's bright-blue taskbar, and in case people don't immediately recognize Bliss as "a computer thing," there's also a giant mouse pointer hovering over it. The sweater is available from size small up to a 3XL, and costs $70 regardless of which version you buy. All sizes are currently expected to arrive sometime between December 2 and 6.
Security

Researchers Figure Out How To Bypass Fingerprint Readers In Most Windows PCs (arstechnica.com) 25

An anonymous reader quotes a report from Ars Technica: [L]ast week, researchers at Blackwing Intelligence published an extensive document showing how they had managed to work around some of the most popular fingerprint sensors used in Windows PCs. Security researchers Jesse D'Aguanno and Timo Teras write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft's own Surface Pro Type Covers. These are just three laptop models from the wide universe of PCs, but one of these three companies usually does make the fingerprint sensor in every laptop we've reviewed in the last few years. It's likely that most Windows PCs with fingerprint readers will be vulnerable to similar exploits.

Blackwing's post on the vulnerability is also a good overview of exactly how fingerprint sensors in a modern PC work. Most Windows Hello-compatible fingerprint readers use "match on chip" sensors, meaning that the sensor has its own processors and storage that perform all fingerprint scanning and matching independently without relying on the host PC's hardware. This ensures that fingerprint data can't be accessed or extracted if the host PC is compromised. If you're familiar with Apple's terminology, this is basically the way its Secure Enclave is set up. Communication between the fingerprint sensor and the rest of the system is supposed to be handled by the Secure Device Connection Protocol (SCDP). This is a Microsoft-developed protocol that is meant to verify that fingerprint sensors are trustworthy and uncompromised, and to encrypt traffic between the fingerprint sensor and the rest of the PC.

Each fingerprint sensor was ultimately defeated by a different weakness. The Dell laptop's Goodix fingerprint sensor implemented SCDP properly in Windows but used no such protections in Linux. Connecting the fingerprint sensor to a Raspberry Pi 4, the team was able to exploit the Linux support plus "poor code quality" to enroll a new fingerprint that would allow entry into a Windows account. As for the Synaptic and ELAN fingerprint readers used by Lenovo and Microsoft (respectively), the main issue is that both sensors supported SCDP but that it wasn't actually enabled. Synaptic's touchpad used a custom TLS implementation for communication that the Blackwing team was able to exploit, while the Surface fingerprint reader used cleartext communication over USB for communication. "In fact, any USB device can claim to be the ELAN sensor (by spoofing its VID/PID) and simply claim that an authorized user is logging in," wrote D'Aguanno and Teras.
"Though all of these exploits ultimately require physical access to a device and an attacker who is determined to break into your specific laptop, the wide variety of possible exploits means that there's no single fix that can address all of these issues, even if laptop manufacturers are motivated to implement them," concludes Ars.

Blackwing recommends all Windows Hello fingerprint sensors enable SCDP, the protocol Microsoft developed to try to prevent this exploit. PC makers should also "have a qualified expert third party audit [their] implementation" to improve code quality and security.
HP

HP Chief Throws About AI Fairy Dust in Hopes of Reviving Slumbering PC Giant (theregister.com) 45

HP CEO Enrique Lores is betting a sprinkle of AI dust can regenerate the flagging PC market -- and with shipments still in decline across the industry, he can't afford to tease Wall Street. From a report: The world's second largest seller of desktop computing hardware has reported a 15 percent year-on-year decline in revenue to $53.7 billion for fiscal 2023 ended 31 October. Profit before tax was $2.93 billion versus $4.32 billion in the prior year.

[...] Orders picked up in recent months. Analyst data indicates the rate of decline is slowing after resellers began clearing inventory they'd amassed in the latter stage of the pandemic, when the frenzied buying patterns seen in prior years vanished. For Q4, HP reported revenue of $13.8 billion, down 6.5 percent year-on-year. Personal Systems was down 8 percent to $9.4 billion and Printing was down 3 percent to $4.4 billion. Profit before tax was $852 million, better than the $647 million brought in a year earlier, helped by a reduction in structural costs. HP expects business PC refresh cycles to kick in next year, with more corporate customers shifting their estate to Windows 11 -- yet it is the advent of the AI PC that Lores thinks signal better times.

Microsoft

Microsoft's Windows Hello Fingerprint Authentication Has Been Bypassed (theverge.com) 53

Microsoft's Windows Hello fingerprint authentication has been bypassed on laptops from Dell, Lenovo, and even Microsoft. From a report: Security researchers at Blackwing Intelligence have discovered multiple vulnerabilities in the top three fingerprint sensors that are embedded into laptops and used widely by businesses to secure laptops with Windows Hello fingerprint authentication. Microsoft's Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to evaluate the security of fingerprint sensors, and the researchers provided their findings in a presentation at Microsoft's BlueHat conference in October.

The team identified popular fingerprint sensors from Goodix, Synaptics, and ELAN as targets for their research, with a newly-published blog post detailing the in-depth process of building a USB device that can perform a man-in-the-middle (MitM) attack. Such an attack could provide access to a stolen laptop, or even an "evil maid" attack on an unattended device. A Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X all fell victim to fingerprint reader attacks, allowing the researchers to bypass the Windows Hello protection as long as someone was previously using fingerprint authentication on a device. Blackwing Intelligence researchers reverse engineered both software and hardware, and discovered cryptographic implementation flaws in a custom TLS on the Synaptics sensor. The complicated process to bypass Windows Hello also involved decoding and reimplementing proprietary protocols.

Firefox

Firefox 120 Ready With Global Privacy Control, WebAssembly GC On By Default (phoronix.com) 32

Firefox 120 will be available tomorrow, bringing support for the Global Privacy Control "Sec-GPC" request header to indicate whether a user consents to a website or service selling or sharing their personal information with third parties. It's also enabling the WebAssembly GC extension by default, opening up new languages like Dart and Kotlin to run in the browser. Phoronix's Michael Larabel highlights some of the other features included in this release: - Ubuntu Linux users now have the ability to import data from Chromium when both are installed as Snap packages. - Picture-in-Picture mode now supports corner snapping on Windows and Linux.
- Support for the light-dark() CSS color function that allows setting of colors for both light and dark without needing to use the prefers-color-scheme media feature. This allows conveniently specifying the preferred light color theme value followed by the dark color theme value.
- CSS support for the lh and rlh line height units.

Microsoft

Microsoft Celebrates 20th Anniversary of 'Patch Tuesday' (microsoft.com) 17

This week the Microsoft Security Response Center celebrated the 20th anniversary of Patch Tuesday updates.

In a blog post they call the updates "an initiative that has become a cornerstone of the IT world's approach to cybersecurity." Originating from the Trustworthy Computing memo by Bill Gates in 2002, our unwavering commitment to protecting customers continues to this day and is reflected in Microsoft's Secure Future Initiative announced this month. Each month, we deliver security updates on the second Tuesday, underscoring our pledge to cyber defense. As we commemorate this milestone, it's worth exploring the inception of Patch Tuesday and its evolution through the years, demonstrating our adaptability to new technology and emerging cyber threats...

Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner. Senior leaders of the Microsoft Security Response Center (MSRC) at the time spearheaded the idea of a predictable schedule for patch releases, shifting from a "ship when ready" model to a regular weekly, and eventually, monthly cadence...

This led to a shift from a "ship when ready" model to a regular weekly, and eventually, monthly cadence. In addition to consolidating patch releases into a monthly schedule, we also organized the security update release notes into a consolidated location. Prior to this change, customers had to navigate through various Knowledge Base articles, making it difficult to find the information they needed to secure themselves. Recognizing the need for clarity and convenience, we provided a comprehensive overview of monthly releases. This change was pivotal at a time when not all updates were delivered through Windows Update, and customers needed a reliable source to find essential updates for various products.

Patch Tuesday has also influenced other vendors in the software and hardware spaces, leading to a broader industry-wide practice of synchronized security updates. This collaborative approach, especially with hardware vendors such as AMD and Intel, aims to provide a united front against vulnerabilities, enhancing the overall security posture of our ecosystems. While the volume and complexity of updates have increased, so has the collaboration with the security community. Patch Tuesday has fostered better relationships with security researchers, leading to more responsible vulnerability disclosures and quicker responses to emerging threats...

As the landscape of security threats evolves, so does our strategy, but our core mission of safeguarding our customers remains unchanged.

Power

Why Bill Gates Remains Hopeful about Innovative New Climate Solutions (gatesnotes.com) 64

Bill Gates argues that when it comes to climate change, "there are more reasons to be hopeful than many people realize — and it's not just that renewable energy sources like wind and solar are getting cheaper.

"And it's not just because many of the steps already taken to reduce carbon emissions are working: Carbon emissions from fossil fuels will probably peak in 2025." The main thing that makes me optimistic is all the innovation I'm seeing. As someone who has been funding climate solutions for years, I get to learn from ingenious scientists who are working on ideas that will help the world solve climate change. And their work makes me confident that innovation will help the world get on track to meet its climate goals.

Some people are skeptical when a technology person like me says innovation is the answer. And it's true that new tools aren't the only thing we need. But we won't solve the climate problem without them.

There are two reasons for this. First, we need to eliminate emissions from every sector of the economy. Although some behavior change will help, the world can't achieve its zero-emissions goals without inventing new ways of doing things. For example, the production of concrete and steel alone accounts for around 10 percent of the world's annual greenhouse gases, but right now, we don't have practical ways to make either one without releasing carbon dioxide.

The second reason is that, in a world with limited resources, innovations allow us to magnify the impact of our efforts... We couldn't solve the climate problem with existing technology even if we had unlimited resources — and, of course, we don't have unlimited resources. So we need to be as rigorous as possible about doing the most good with the funding that is available. In my view, that boils down to inventing and deploying new ways to cut emissions and to help people survive and thrive in a warming world.

Gates believes we're at "the beginning of a Clean Industrial Revolution" --pointing readers to Breakthrough Energy's recent State of the Transition Report for more details.

But Gates also provides some specific examples of optimism-fuleing breakthroughs"
  • "To reduce emissions, we need to replace the synthetic fertilizers that release nitrous oxide, a greenhouse gas, when broken down by microbes in the soil; Pivot Bio has genetically modified microbes to provide plants with the nitrogen they need without the excess greenhouse gases that synthetic alternatives produce."
  • "Cement and steel are two of the biggest sources of emissions in this category. Boston Metal is well on the way to making steel with electricity (which can be generated without emissions) instead of coal. CarbonCure and Ecocem have developed low-carbon processes for making cement, and Brimstone has a way to do it while actually removing carbon from the air."
  • "Because of inefficient windows and gaps in what's known as the building envelope, as much as 40% of heated or cooled air leaks out of the typical building. If we can drive that number down, buildings will require less heating and cooling — which will substantially lower our emissions. Aeroseal has developed a polymer that can seal ducts and other crevices; more than a quarter of a million buildings in the U.S. and Canada are already using their product. Another company, Luxwall, has developed a window that's many times more efficient than the single-pane windows used in most buildings. And unlike double-paned windows, it's thin enough to replace single-paned glass without having to rebuild the frame."

Slashdot Top Deals