An anonymous reader quotes a report from XDA Developers: Google created Flutter a number of years ago, with the aim to make a cross-platform software framework. Flutter's biggest strength is that it can be used to build applications for Android, iOS, Linux, Windows, macOS, and even the web, and all from the same shared codebase. While building apps for Windows received stable support back in February, both macOS and Linux were still only in beta. Now that's changing, as Google has announced Flutter 3 at this year's Google I/O, complete with stable support for building apps for macOS and Linux.

Of course, cross-platform support for both of these new platforms requires more than just programs being able to run. They need to fit in with the rest of the experience, and they need to support specific features that may be unique, as well. That's why Google is highlighting two things: the first is that Linux support helped by Canonical (the publisher of Ubuntu) and Google collaborating in order to "offer a highly-integrated, best-of-breed option for development."

As Google puts it, Canonical is already developing with "Flutter for key shell experiences including installation and firmware updates." What's more, their Linux-specific packages "provide an idiomatic API for core operating system services including dbus, gsettings, networkmanager, Bluetooth and desktop notifications, as well as a comprehensive theme and widget set for Yaru, the Ubuntu look and feel." As for macOS, Google invested in supporting both Intel and Apple Silicon devices, with Universal Binary support that allows apps to package executables that run natively on both architectures. Tim Sneath, Director of Product and UX for Flutter & Dart, highlights all the new improvements in a Medium post.

An anonymous reader quotes a report from Ars Technica: Windows' Sound Recorder app has gone through a few iterations since its initial release in Windows 3.0 back in 1990, when it launched as a simple app that could only record 60 seconds of audio at a time. But the app vanished altogether in Windows 10, replaced by a totally new app called Voice Recorder, which can record and trim basic sound recordings and save them as m4a files. Sound Recorder is now making a comeback, and Microsoft is currently testing a revamped version for Windows Insiders in the Dev channel. The company announced the redesign in a blog post summarizing Windows 11's updates to built-in Windows apps.

The new Sound Recorder uses a two-column layout similar to Voice Recorder's, with playback and trimming controls to the right and a list of all the files you've recorded on the left. But it adds some old Sound Recorder features that disappeared from the app years ago, when it was boiled down to almost nothing in Windows Vista. The app has a waveform visualizer that appears during recording and playback, and you can once again choose to save or open files in multiple formats (including the default m4a, as well as mp3, wma, FLAC, and WAV). The new Sound Recorder can also adjust audio playback speed from 0.25x to 4 and set markers so you can easily jump from place to place within a large audio recording.

DrunkenTerror shares a report from ExtremeTech: Microsoft is advising Windows 11 users to uninstall a recent update. Reports indicated the optional update KB5012643 is causing various apps to crash. The problem involves an interaction between the update and the .Net Framework that's part of Windows. At this time it's unclear which apps are affected by the issue, leaving uninstallation as the "only" viable solution.

"Affected apps are using certain optional components in .NET Framework 3.5, such as Windows Communication Foundation (WCF) and Windows Workflow (WWF) components." This update also broke Safe Mode. Microsoft says when users booted into 'Safe Mode without networking' users might see the screen flicker. Per MS, "Components that rely on explorer.exe, such as File Explorer, the Start menu, and the taskbar, can be affected and appear unstable." Microsoft issued a Known Issue Rollback (KiR) for this already so it should be fixed. If you encounter it, you should be able to resolve it by enabling network support in Safe Mode.

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. BleepingComputer reports: The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible. [...] The dropper copies the legitimate OS error handling file [...] and then drops an encrypted binary resource to the 'wer.dll' (Windows Error Reporting) in the same location, for DLL search order hijacking to load malicious code. DLL hijacking is a hacking technique that exploits legitimate programs with insufficient checks to load into memory a malicious Dynamic Link Library (DLL) from an arbitrary path.

[Denis Legezo, lead security researcher at Kaspersky] says that the dropper's purpose is to loader on the disk for the side-loading process and to look for particular records in the event logs (category 0x4142 - 'AB' in ASCII. If no such record is found, it writes 8KB chunks of encrypted shellcode, which are later combined to form the code for the next stager. "The dropped wer.dll is a loader and wouldn't do any harm without the shellcode hidden in Windows event logs," says Legezo. The new technique analyzed by Kaspersky is likely on its way to becoming more popular as Soumyadeep Basu, currently an intern for Mandiant's red team, has created and published on GitHub source code for injecting payloads into Windows event logs.

Summer has arrived in South Asia WAY too early. A punishing heat wave has pushed temperatures past 120F (50C) in some areas. Some schools have closed early for the summer. Dozens of people have died of heatstroke. From a report: The region is already hard-hit by climate change. Extreme heat is common in May. But not in April and March, both of which were the hottest across much of India for more than a century. "It's smoldering hot! It's also humid, which is making it very difficult," Chrisell Rebello, 37, told NPR in line outside a Mumbai ice cream parlor at 11 p.m. "We need a lot of cold drinks, air conditioning -- and multiple baths a day." Only a fraction of Indians -- mostly, the wealthy -- have air conditioning. Instead people soak rags in water and hang them in doors and windows. Still, electric fans and AC have pushed India's electricity demand to a record high.

The problem is that 70% of India's electricity comes from coal. So the government is converting passenger trains to cargo service, to rush coal supplies to beleaguered power plants, and also importing more coal from abroad. And rolling blackouts are hurting industrial output. In the short term, experts say India has no choice but to burn coal to keep fans and ACs on. But in the long term, it must transition to renewables, to avoid a vicious circle of warming, says Ulka Kelkar, a Bengaluru-based economist and climate change expert with the World Resources Institute. "[With] heat plus humidity, at some stage [it] becomes almost impossible for the human body's organs to function normally," Kelkar explains. "Basically the body just cannot cool itself, and a large fraction of our population in India still works outside in the fields, on building construction, in factories which are not cooled." More than a billion people are at risk of heat-related illness across South Asia. Hospitals are preparing special wards. Further reading: India's Heatwaves Are Testing the Limits of Human Survival.

Bluesky, Twitter's open-source offshoot, has released early code for a decentralized social network protocol. The Verge reports: The system is dubbed the Authenticated Data Experiment (or ADX) and is available on GitHub for developers to test, although Bluesky emphasizes that it's incomplete. It's one of the most substantive windows into Bluesky's workings since the project was conceived in 2019 and formally incorporated in early 2022. Bluesky CEO Jay Graber writes that ADX will be the start of a semi-public development process. "We're going to take a middle path of releasing work before it's complete, but also giving ourselves time to workshop new directions at early stages," Graber says. The GitHub repository includes an overview of ADX's goals and design as well as some experimental code. "Feel free to play around, but don't try to build your next big social app on this yet. Things are missing, and things are going to change," Graber says. The code is available under an open source MIT License.

ADX isn't a single, standalone social network design. It's a protocol built around user-controlled "Personal Data Repositories" that social network developers could choose to support. Among other things, it's supposed to let users transfer social media posts or engagement between networks without eroding the networks' own moderation options. "On the Web, this data lives on the social platform where it was created. In ADX, this data will live in Personal Data Repositories owned by the user," the overview explains. Platforms can choose to only index some of this content -- drawing a distinction between "speech," or the ability to keep data in the repository, and "reach," or being able to see that data on a given platform.

Microsoft Edge has overtaken Apple's Safari to become the world's second most popular desktop browser, based on data provided by web analytics service StatCounter. MacRumors reports: According to the data, Microsoft Edge is now used on 10.07 percent of desktop computers worldwide, 0.46 percent ahead of Safari, which stands at 9.61 percent. Google Chrome remains in first place with a dominant 66.64 percent share, and Mozilla's Firefox stands in fourth with 7.86 percent. As the default Windows 11 browser, the popularity of Edge has crept up in recent months, with the first concrete signs that it would surpass Safari to take second place coming in February, when it was used on 9.54 percent of desktops globally. Back in January 2021, Safari held a 10.38 percent market share, indicating a gradual slippage in popularity over the last 14 months.

Meanwhile, first-placed Chrome has seen its user base increase incrementally over that time, but perhaps surprisingly, Firefox has leaked users since the beginning of the year, despite regular updates and improvements. That suggests Safari's hold on third place isn't in immediate danger, having lost only 0.23 percent share since February, but things could always change fast if Apple decides to introduce sweeping changes to the way Safari works in macOS 13 later this year. It's a different story when it comes to mobile platforms, notes MacRumors. "In StatCounter's analysis, Edge doesn't even make it into the top six browsers on mobile, but first-placed Chrome commands 62.87 of usage share, with Safari on iPhones and iPads taking a comfortable 25.35 percent in second place, 20.65 percent ahead of third-placed Samsung Internet, with 4.9 percent."

An anonymous reader quotes a report from Ars Techinca: It's not the kind of security discovery that happens often. A previously unknown hacker group used a novel backdoor, top-notch tradecraft, and software engineering to create an espionage botnet that was largely invisible in many victim networks. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims' networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including:

- The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types of IoT devices that don't support antivirus or endpoint detection. This makes detection through traditional means difficult.
- Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device.
- A live-off-the-land approach that favors common Windows programming interfaces and tools over custom code with the goal of leaving as light a footprint as possible.
- An unusual way a second-stage backdoor connects to attacker-controlled infrastructure by, in essence, acting as a TLS-encrypted server that proxies data through the SOCKS protocol.

The SOCKS tunnel allowed the hackers to effectively connect their control servers to a victim's network where they could then execute tools without leaving traces on any of the victims' computers. A secondary backdoor provided an alternate means of access to infected networks. It was based on a version of the legitimate reGeorg webshell that had been heavily obfuscated to make detection harder. The threat actor used it in the event the primary backdoor stopped working. [...] One of the ways the hackers maintain a low profile is by favoring standard Windows protocols over malware to move laterally. To move to systems of interest, UNC3524 used a customized version of WMIEXEC, a tool that uses Windows Management Instrumentation to establish a shell on the remote system. Eventually, Quietexit executes its final objective: accessing email accounts of executives and IT personnel in hopes of obtaining documents related to things like corporate development, mergers and acquisitions, and large financial transactions. "Unpacking this threat group is difficult," says Ars' Dan Goodin. "From outward appearances, their focus on corporate transactions suggests a financial interest. But UNC3524's high-caliber tradecraft, proficiency with sophisticated IoT botnets, and ability to remain undetected for so long suggests something more."

UnknowingFool writes: In October 2021, PC World reviewed Windows 11 and labeled it as an "unnecessary replacement" to Windows 10 and did not recommend it for Windows 10 users. PC World noted that it was a "mixed bag of improved features and unnecessary changes." Six months later they reviewed it again. While MS has made improvements, PC World does not feel the improvements warrant a recommendation for Windows 10 users to upgrade.

The Register noted this week that two "unofficial" Ubuntu remixes "came out on the same day as the official flavors."

- Ubuntu Cinnamon (Linux Mint's flagship desktop environment)

- Ubuntu Unity, a revival of what used to be the official Ubuntu desktop by Ubuntu team member Rudra B. Saraswat (described the Register as "a 12-year-old wunderkind") Ubuntu Cinnamon is the older of the two and first appeared in 2019, while Ubuntu Unity came out in May 2020, soon after the release of Ubuntu 20.04.

Ubuntu Unity....has the macOS-like desktop that was Ubuntu's standard offering from 2011 until the company pensioned it off in 2017.... Ubuntu Unity is as free as Ubuntu itself, and the new remix continues to evolve. In 22.04, most of the GNOME-based accessory apps have been replaced with the MATE equivalents, such as the Pluma text editor and Atril document viewer. (A handful remain, such as the GNOME system monitor rather than the MATE one, but the differences are trivial.) The System Settings app is the original Unity one, and the Unity Tweaks app comes pre-installed.... The new "Jammy Jellyfish" version of Ubuntu Unity also adds support for Flatpak packages alongside Ubuntu's native Snap packages. To do this, it replaces Ubuntu's Software Store with version 41.5 of GNOME Software. Interestingly, this also supports Snap packages, so sometimes, when you search for a package, you might get multiple results: one for the OS-native DEB package, possibly one for a Flatpak, and maybe a Snap version too....

[I]f you dislike both the Unity and GNOME desktops and want something more Windows-like, but you don't mind GNOME's CSD windows, then Joshua Peisach's Ubuntu Cinnamon remix may appeal. Cinnamon is the default desktop of both Ubuntu-based Linux Mint and its Debian variant. Ubuntu Cinnamon combines the latest upstream version of Mint's Cinnamon desktop, 5.2.7, with the standard app selection of upstream Ubuntu. This means most of its apps lack menu bars, except for the Nemo file manager and LibreOffice. For these classic-style apps, the Ubuntu Cinnamon distro has tweaked the GNOME title-bar layout to be more Windows-like: minimize/maximize/close buttons at top right, and a window-management menu at top left....

Cinnamon's roots as a fork of GNOME 3 do offer a significant potential feature that MATE, Xfce and indeed Unity cannot do: fractional scaling. This is clearly labelled as an experimental feature, and in testing, we couldn't get it to work, so for now, this remains a theoretical advantage.... These caveats aside, though, Ubuntu Cinnamon is maturing nicely in the new version. While Ubuntu and Ubuntu Unity are now purple-toned, Ubuntu Cinnamon has switched to a restrained theme in shades of dark orange and brown, which reminded us of the tasteful earth-toned Ubuntu of the old GNOME 2 days...

Both these desktops are X.11-based, so there's not a trace of Wayland in either distro. Both also benefit from having working 3D acceleration.
Both remixes "are aiming for inclusion as official Ubuntu flavors," the article points out.

But then again, "There are dozens of Ubuntu remixes and flavors out there. The official Ubuntu Derivatives page links to 30, and DistroWatch has more than five times as many, including many which are no longer maintained."

Hot Hardware warns that on Tuesday, the Stable Channel for Chrome's desktop edition "had an update on April 26, 2022. That update includes 30 security fixes, some of them so bad that Google is urging all users to update immediately." The release notes for Google's Chrome v101.0.4951.41 for Windows, Mac, and Linux has a long list of bug fixes; you can view it here. However, there's also a key statement in that page.

"Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed...."

Effectively the the non-developer translation of the quote above is that something so significant was found, the details are being kept hidden.

Fedora project leader Matthew Miller spoke to TechRepublic's Jack Wallen this week, sharing some thoughts on the future of Linux — and on open source in general: Matthew Miller: I think it's a lost cause to try to "sell" our quirky technology interest to people who don't see it already. We need to take a different approach.... I think our message, at its root, has to be around open source.... [W]ith Linux, when you install an open-source distro, you're not just part of a fan community. You're part of a colossal, global effort that makes software more available to everyone, makes that software better and better, and makes the whole world better through sharing... Just by using it you're sharing in this amazing undertaking, part of a move away from scarcity to an economy based on abundance....

Jack Wallen: What's the biggest difference in Linux today vs. Linux of 10 years ago?

Matthew Miller: I think first we have to start with just the amazing ubiquity of it. Ten years ago, it was cute to find a TV that ran Linux. Now, not only is it definitely powering your TV, you've probably got Linux running on your lightbulbs! It's everywhere. And while Linux had pushed proprietary Unix from the server room, ten years ago Windows-based servers were pushing back. The cloud changed that — now, the cloud is Linux, almost completely. (Anything that isn't is a legacy app that it was too much trouble to port!) From tiny devices to the most powerful mainframes and supercomputers: Linux, Linux, Linux....

Jack Wallen: If Linux has an Achilles' heel, what is it?

Matthew Miller: Linux and the whole free and open-source software movement grew up with the rise of the internet as an open communication platform. We absolutely need that to continue in order to realize our vision, and I don't think we can take it for granted.

That's more general than an Achilles' heel, though, so right now let me highlight one thing that I think is troubling: Chrome becoming the dominant browser to the point where it's often the only way to make sites work. Chromium (the associated upstream project) is open source, but isn't really run as a community project, and, pointedly, very very few people run Chromium itself. I'd love to see that change, but I'd also like to see Firefox regain a meaningful presence.
Miller also said Fedora's next release is focused on simplicity. ("When the OS gets in the way, it drops from the conversation I want to have about big ideas to ... well, the boring technical details that people never want to deal with")

And he also shared his thoughts on what Linux needs most. "What I'd really like to see more of are more non-technical contributors. I mean, yes, we can always benefit from more packagers and coders and engineers, but I think what we really need desperately are writers, designers, artists, videographers, communicators, organizers and planners. I don't think big companies are likely to provide those things, at least, not for the parts of the Linux world which aren't their products."

"We need people who think the whole grand project I've been talking about is important, and who have the skills and interests to help make it real."

Long-time Slashdot reader UnderAttack writes: After Microsoft patched and went public with CVE-2022-26809, the recent Remote Procedure Call vulnerability, the SANS Internet Storm Center set up a complete Windows 10 system exposing port 445/TCP "to the world." The system is not patched for the RPC vulnerability. But so far, while it has seen thousands of attacks against SMB a day, nothing yet for the new RPC vulnerability....

But still, attackers are heavily hitting other vulnerabilities like of course still ETERNALBLUE
From the article: Should you stop rushing out the April patch? Absolutely not. I hope you are already done applying the patch. But the April Windows patch had several additional gems, not just patches for RPC. Chatter about CVE-2022-26809 has died down, but as they say: Sometimes the quiet ones are the dangerous ones, and people able to exploit this vulnerability may not broadcast what they are doing on social media.
The article is credited to Johannes B. Ullrich, Ph.D. , Dean of Research at the security site SANS.edu.

Interestingly, Ullrich's byline is hyperlinked to a Google+ profile which has been unavailable for nearly three years.

An anonymous reader quotes a report from Ars Technica: Qualcomm bought a chipmaking startup called Nuvia back in March of 2021, and later that year, the company said it would be using Nuvia's talent and technology to create high-performance custom-designed ARM chips to compete with Apple's processor designs. But if you're waiting for a truly high-performance Windows PC with anything other than an Intel or AMD chip in it, you'll still be waiting for a bit. Qualcomm CEO Christian Amon mentioned during the company's most recent earnings call that its high-performance chips were on track to land in consumer devices "in late 2023."

Qualcomm still plans to sample chips to its partners later in 2022, a timeframe it has mentioned previously and has managed to stick to. A gap between sampling and mass production is typical, giving Qualcomm time to work out bugs and improve chip yields and PC manufacturers more time to design and build finished products that incorporate the chips. [...] Like Apple's processors, Nuvia's support the ARM instruction set but don't use off-the-shelf ARM Cortex CPU designs. These processor cores have been phenomenally successful in commodity SoCs that power everything from Android phones to smart TVs, and they helped popularize the practice of combining large, high-performance CPU cores and small, high-efficiency CPU cores together in the same design. But they rarely manage to top the performance charts, something that's especially noticeable when they're running x86 code on Windows with a performance penalty.

Earlier this month, demolition began on the Nakagin Capsule Tower, an iconic building designed by Kisho Kurokawa. Still, in many ways, Kurokawa's dynamic vision is woven into the fabric of our architectural present. From a report: The building at the time was in a conspicuous state of disrepair. Its concrete surface was pockmarked; many of the circular windows were papered over. Last year, after more than a decade of back-and-forth over the building's fate, the owners' association agreed to sell the towers to a consortium of real-estate firms, and earlier this month news came that demolition of the structure had finally begun. Recent photos posted by a preservationist initiative on Facebook show that its base now half gone; the hundred and forty-four capsules float above the construction, bereft and doomed. The future that Kurokawa and the Metabolism movement imagined didn't come to pass, yet in many ways their dynamic vision is woven into the fabric of our architectural present.

Metabolism officially launched with a manifesto, in 1960, as Japanese cities were being reconceptualized after the destruction of the Second World War. Part of a new postwar generation of architects, Metabolism's founders -- among them Kurokawa, Kiyonori Kikutake, and Fumihiko Maki -- were driven, as Kurokawa wrote in his 1977 book, "Metabolism in Architecture," by "traumatic images of events that took place when we were in our formative childhood years." Born in 1934, in Aichi Prefecture, Kurokawa was the son of an architect whose style he described as "ultra-nationalistic." In his own studies, he was drawn first to Kyoto University, for its sociological approach to architecture, then to Tokyo University, where he studied under the modernist architect Kenzo Tange, who worked after the war on the Hiroshima Peace Memorial Museum. But Kurokawa was more interested in looking forward. "I felt that it was important to let the destroyed be and to create a new Japan," he wrote.

[...] The Nakagin capsules suggest a kind of utopian urban life style. Their paucity of space and equipment meant that activities typically done at home, like eating and socializing, would instead be conducted out on the street. The Nakagin capsules were not full-time residences but pieds-a-terre for suburban businessmen or miniature studios for artists and designers. The individual capsules were pre-assembled, then transported to the site and plugged in to the towers' central cores. Each unit -- two and a half metres by four metres by two and a half metres, dimensions that, Kurokawa noted, are the same as those of a traditional teahouse -- contained a corner bathroom fit for an airplane, a fold-down desk, integrated lamps, and a bed stretching from wall to wall. Televisions, stereos, and tape decks could also be included at the buyer's discretion. [...] In some ways, Kurokawa's vision of a domestic architecture that prioritized mobility and flexibility proved prophetic. The capsules were the original micro-apartments, an ancestor to today's capsule hotels, and a forebear of the shared, temporary spaces of Airbnb.

An anonymous reader quotes a report from Wired: For most of the world, the common practice of "rooting" or "jailbreaking" a phone allows the device's owner to install apps and software tweaks that break the restrictions of Apple's or Google's operating systems. For a growing number of North Koreans, on the other hand, the same form of hacking allows them to break out of a far more expansive system of control -- one that seeks to extend to every aspect of their lives and minds. On Wednesday, the North Korea-focused human rights organization Lumen and Martyn Williams, a researcher at the Stimson Center think tank's North Korea -- focused 38 North project, together released a report on the state of smartphones and telecommunications in the Democratic People's Republic of Korea, a country that restricts its citizens' access to information and the internet more tightly than any other in the world. The report details how millions of government-approved, Android-based smartphones now permeate North Korean society, though with digital restrictions that prevent their users from downloading any app or even any file not officially sanctioned by the state. But within that regime of digital repression, the report also offers a glimpse of an unlikely new group: North Korean jailbreakers capable of hacking those smartphones to secretly regain control of them and unlock a world of forbidden foreign content.

Learning anything about the details of subversive activity in North Korea -- digital or otherwise -- is notoriously difficult, given the Hermit Kingdom's nearly airtight information controls. Lumen's findings on North Korean jailbreaking are based on interviews with just two defectors from the country. But Williams says the two escapees both independently described hacking their phones and those of other North Koreans, roughly corroborating each others' telling. Other North Korea -- focused researchers who have interviewed defectors say they've heard similar stories. Both jailbreakers interviewed by Lumen and Williams said they hacked their phones -- government-approved, Chinese-made, midrange Android phones known as the Pyongyang 2423 and 2413 -- primarily so that they could use the devices to watch foreign media and install apps that weren't approved by the government. Their hacking was designed to circumvent a government-created version of Android on those phones, which has for years included a certificate system that requires any file downloaded to the device to be "signed" with a cryptographic signature from government authorities, or else it's immediately and automatically deleted. Both jailbreakers say they were able to remove that certificate authentication scheme from phones, allowing them to install forbidden apps, such as games, as well as foreign media like South Korean films, TV shows, and ebooks that North Koreans have sought to access for decades despite draconian government bans.

In another Orwellian measure, Pyongyang phones' government-created operating system takes screenshots of the device at random intervals, the two defectors say -- a surveillance feature designed to instill a sense that the user is always being monitored. The images from those screenshots are then kept in an inaccessible portion of the phone's storage, where they can't be viewed or deleted. Jailbreaking the phones also allowed the two defectors to access and wipe those surveillance screenshots, they say. The two hackers told Lumen they used their jailbreaking skills to remove restrictions from friends' phones, as well. They said they also knew of people who would jailbreak phones as a commercial service, though often for purposes that had less to do with information freedom than more mundane motives. Some users wanted to install a certain screensaver on their phone, for instance, or wipe the phone's surveillance screenshots merely to free up storage before selling the phone secondhand. As for how the jailbreaking was done, the report says both jailbreakers "described attaching phones to a Windows PC via a USB cable to install a jailbreaking tool."

"One mentioned that the Pyongyang 2423's software included a vulnerability that allowed programs to be installed in a hidden directory. The hacker says they exploited that quirk to install a jailbreaking program they'd downloaded while working abroad in China and then smuggled back into North Korea." The other hacker might've obtained his jailbreaking tool in a computer science group at Pyongyang's elite Kim Il Sung University where he attended.

"The Register reports Microsoft fixed a Point of Sale bug that delayed Windows 11 startup for 40 minutes," writes Slashdot reader ellithligraw. "So much for the express lane at check-out." From the report: A fresh Windows 11 patch slipped out overnight as an optional update, but contains an impressively long list of fixes for Microsoft's flagship operating system. One bug addressed in KB5012643 could leave Point of Sale terminals hanging for up to 40 minutes during startup. Microsoft stated, "We fixed an issue that delays OS startup by approximately 40 minutes." "Microsoft described the fixes as 'improvements' [and chose to highlight the fact that temperature would now be displayed on top of the weather icon on the taskbar]," added Slashdot reader ellithligraw. "[Y]eah, Windows 11 is great as a PoS."

The US Army could end up wasting much as $22 billion in taxpayer cash if soldiers aren't actually interested in using, or able to use as intended, the Microsoft HoloLens headsets it said it would purchase, a government watchdog has warned. The Register reports: In 2018, the American military splashed $480 million on 100,000 prototype augmented-reality goggles from Redmond to see how they could help soldiers train for and fight in combat. The Integrated Visual Augmentation System (IVAS) project was expanded when the Army decided it wanted the Windows giant to make custom, battle-ready AR headsets in a ten-year deal worth up to $22 billion. The project was delayed and is reportedly scheduled to roll out some time this year. But the US Dept of Defense's Office of the Inspector General (OIG) cast some doubt on whether it was worth it at all.

"Procuring IVAS without attaining user acceptance could result in wasting up to $21.88 billion in taxpayer funds to field a system that soldiers may not want to use or use as intended," the Pentagon oversight body wrote in an audit [PDF] report this month. In other words, the Army hasn't yet fully determined if or how service members will find these HoloLens headsets valuable in the field. Although the heavily redacted report did not reveal soldiers' responses to the prototype testing, it said feedback from surveys showed "both positive and negative user acceptance." The Army plans to purchase 121,500 IVAS units from Microsoft while admitting that "if soldiers do not love IVAS and do not find it greatly enhances accomplishing the mission, then soldiers will not use it," the report disclosed.

CNBC explores the dream of "a future where nobody has to constantly update and change online passwords to stay ahead of hackers and keep data secure." Here's the good news: Some of the biggest names in tech are already saying that the dream of a password-less internet is close to becoming a reality. Apple, Google and Microsoft are among those trying to pave the way... In theory, removing passwords from your cybersecurity equation nixes what former Secretary of Homeland Security Michael Chertoff has called "by far the weakest link in cybersecurity." More than 80% of data breaches are a result of weak or compromised passwords, according to Verizon....

Doing away with passwords altogether is not without risks. First, verification codes sent via email or text message can be intercepted by hackers. Even scarier: Hackers have shown the ability to trick fingerprint and facial recognition systems, sometimes by stealing your biometric data. As annoying as changing your password might be, it's much harder to change your face or fingerprints. Second, some of today's password-less options still ask you to create a PIN or security questions to back up your account. That's not much different from having a password.... Plus, tech companies still need to make online accounts accessible across multiple platforms, not just on smartphones — and also to the people who don't own smartphones at all, roughly 15% of the U.S.
Some data points from the article:

• "Microsoft says 'nearly 100%' of the company's employees use password-less options to log into their corporate accounts."

• "In September, Microsoft announced that its users could go fully password-less to access services like Windows, Xbox, and Microsoft 365."

• "Similarly, Google sells physical security keys, and its Smart Lock app allows you to tap a button on your Android or iOS device to log into your Google account on the web."

• Apple's devices have used Touch ID and Face ID features for several years."

"We have worked on Overgrowth for 14 years," begins their new announcement. Development first began in 2008, and the game runs on Windows, macOS and Linux platforms. Overgrowth's page on Wikipedia describes the realistic 3D third-person action game as "set in a pre-industrial world of anthropomorphic fighter rabbits, wolves, dogs, cats and rats."

And now, "Just like they did with some earlier games, Wolfire Games have now open sourced the game code for Overgrowth," reports GamingOnLinux. "[J]ump, kick, throw, and slash your way to victory.... The source code is available on GitHub. You can buy it on Humble Store and Steam."

The Overwatch site adds as a bonus that "we're also permanently reducing the game's price by a third worldwide" (so U.S. prices drop from $29.99 to $19.99).

"Only the code is getting open sourced," the announcement notes, "not the art assets or levels, the reason is that we don't want someone to build and sell Overgrowth as their own." Wolfire CEO Max Danielsson explains in a video that "you'll still have to own the game to play and mod it." "What it does mean, however, is that everyone will have full and free access to all our source code, including the engine, project files, scripts, and shaders.

"We'll be releasing it under the Apache 2.0 license, which allows you to do whatever you want with the code, including relicensing and selling it, with very few obligations. We tried to keep this easy...

"This isn't the next big engine. We don't intend to compete with any other great open source game engines like Godot, which is a great option if you're looking for a general-purpose game engine. But if you're interested in looking at what shipped game code can look like, want to look at specific code, like the procedural animation system, or if you're an Overgrowth modder who wants to make an involved total conversion mod, then this is for you.
"We have wanted to open source Overgrowth for a long time," says the announcement on Wolfire's site, "and we are incredibly grateful to our team and community for making this happen.

"We are excited to see what people do with this code and we look forward to the spirit of Overgrowth living on for another 14 years."