How popular is Linux? The Windows Central site admits Linux is starting to tempt them. "It made such an imprint on Windows Central that not all of us even bother much with Windows anymore."

"Heck, Germany (part of it, to be specific) is taking another stab at ditching Windows for Linux..."

But what are the odds really that Linux overtakes Windows' market share? "That is the tantalizing question at the kernelled core of the great Linux debate, and it's the one we reached out to analysts to hear their thoughts on...." Every year is a special year for Linux in some way, shape, or form, but in terms of eating Windows' lunch, that's probably not in the cards for a long time, if ever.

Forrester Senior Analyst Andrew Hewitt gave figures to further bolster the argument that Linux is a long ways off from toppling Windows. "Overall, just 1% of employees report usage of Linux on their primary laptop used for work," he said. "That's compared to 60% that still use Windows, and small numbers that use Chrome OS and macOS on a global basis. It is very unlikely that Linux will overtake Windows as the main operating system."

With that said, Hewitt did foresee diversification and growth when it came to Linux, Chrome OS, and macOS, but nothing to a degree that would signal Windows is at risk of losing its dominant market share.

"We commonly see Linux used in Virtual Desktop Infrastructure (VDI) deployments," he stated, mentioning that he'd expect growth there since "VDI has grown 2% year over year according to our 'State Of VDI, 2021' report."
Gartner VP Analyst Steve Kleynhans also tells the site that the biggest challenge to Windows "on anything that looks like a PC is probably Chrome OS... Could Linux continue to grow? Yes. But it's not likely to grow as a direct competitor replacing Windows."

"Microsoft's first Patch Tuesday for 2022 was a rocky start to the year, giving admins and users numerous headaches to deal with..." reports ZDNet. "The Windows Update on January 11 was intended to address 96 security flaws but also brought a load of pain for users and admins."

"One of the major issues that came up during the week for IT admins included finding that Windows Server 2012 became stuck in a boot loop," adds the Verge, "while other versions suffered broken Windows VPN clients, and some hard drives appeared as RAW format (and unusable). Many IT Admins were forced to roll back the updates — leaving many servers vulnerable with none of last week's security patches."

And now for some versions of Windows, this week Microsoft "released emergency out-of-band updates to address multiple issues..." reports BleepingComputer: "This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failure," the company said.... According to admin reports, Windows domain controllers were being plagued by spontaneous reboots, Hyper-V was no longer starting on Windows servers, and Windows Resilient File System (ReFS) volumes were no longer accessible after deploying the January 2022 updates. Windows 10 users and administrators also reported problems with L2TP VPN connections after installing the recent Windows 10 and Windows 11 cumulative updates and seeing "Can't connect to VPN." errors....

[S]ince Microsoft also bundles all the security updates with these Windows cumulative updates, removing them will also remove all fixes for vulnerabilities patched during the January 2022 Patch Tuesday.
While all the updates are available for download on the Microsoft Update Catalog, some of them can also be installed directly through Windows Update, notes Bleeping Computer. But "You will have to manually check for updates if you want to install the emergency fixes through Windows Update because they are optional updates and will not install automatically."

ZDNet adds: As Ask Woody's influential IT admin blogger Susan Bradley recently argued in 2020, Microsoft's decision to roll up patches in a big bundle on the second Tuesday of every month requires admins to place a great deal of trust in the company. That trust is eroded if applying the updates results in a lag on productivity from buggy patches.
Thanks to long-time Slashdot reader waspleg for sharing the story.

Windows Central got their hands on a pre-release build of Microsoft's canceled Andromeda OS running on a Lumia 950. As noted in the article, "Andromeda OS was never intended to ship on the Lumia 950, or any Windows phone on the market at that time." They're using a 950 because Microsoft used them to help develop Andromeda OS internally. Also worth mentioning is the fact that Andromeda OS is no longer in development. Android is the OS that will be powering future Microsoft devices, such as the future Surface Duo devices. Here's an excerpt from the report: Microsoft decided to do something rather unique with Andromeda OS, and build out OS experience around a journaling/inking experience. On the lockscreen, the user is able to begin taking notes directly onto the lockscreen UI just by putting pen to screen. You don't have to initiate a special mode, or enter an app first, just take your Surface Pen and begin writing, and the lockscreen will store that ink for you to see every time you unlock your device. [...] Unlocking the device would take you to your home screen, which on Andromeda OS is another inking canvas. This canvas is called the Journal (though this later became the Microsoft Whiteboard app) which acted as a digital notebook with the ability to take notes with a pen, add sticky notes, insert images and 3D objects, and more. The Journal experience would always be running in the background, with your phone apps running above it.

Andromeda OS was also gesture based. The on-screen Start and Cortana buttons would disappear when opening an app to provide a full-screen experience, so to access those areas, you'd swipe in from the left for Start, and from the right for Cortana, which is also where your notifications were stored. Yes, Cortana and your Notifications were one of the same on Andromeda OS, with Cortana becoming your "manager" of notifications missed or stored for dealing with later. A swipe down from the top would reveal the Control Center, which is feature that's now shipping on Windows 11, but started life here on Andromeda OS. Feature-wise, it's exactly the same, with the ability to control things like Wi-Fi, brightness, volume, and music playback. It also features Fluent Design acrylic blur effects, as do many other parts of the UI, even in this unfinished state.

[...] There was also an experimental "Radial UX Menu" mode, where instead of gestures swiping in things like Start and Cortana, swiping would present you with a UI full of circular buttons for things like Start, switching apps, and more. This may have been an alternative to on-screen navigation, as not everyone was familiar with full gesture navigation at the time just yet. Or, it could have been an alternative method of navigation for when you were using a pen. Who knows. One thing we're not able to show you is the Continuum mode that Microsoft was also working on for Andromeda OS, as unfortunately it appears to be broken in the build we have. That said, we do know what it was going to be like. Essentially, Microsoft was building out Continuum to be a true desktop experience, with windowed app experiences, the ability to store icons on the desktop, and more. If you'd prefer to see Andromeda OS in action instead of read about it, you can watch Windows Central's video here.

AMD's GPU technology is returning to mobile handsets with Samsung's Exynos 2200 system-on-chip, which was announced on Tuesday. The Register reports: The Exynos 2200 processor, fabricated using a 4nm process, has Armv9 CPU cores and the oddly named Xclipse GPU, which is an adaptation of AMD's RDNA 2 mainstream GPU architecture. AMD was in the handheld GPU market until 2009, when it sold the Imageon GPU and handheld business for $65m to Qualcomm, which turned the tech into the Adreno GPU for its Snapdragon family. AMD's Imageon processors were used in devices from Motorola, Panasonic, Palm and others making Windows Mobile handsets. AMD's now returning to a more competitive mobile graphics market with Apple, Arm and Imagination also possessing homegrown smartphone GPUs.

Samsung and AMD announced the companies were working together on graphics in June last year. With Exynos 2200, Samsung has moved on from Arm's Mali GPU family, which was in the predecessor Exynos 2100 used in the current flagship Galaxy smartphones. Samsung says the power-optimized GPU has hardware-accelerated ray tracing, which simulates lighting effects and other features to make gaming a better experience. [...] The Exynos 2200 has an image signal processor that can apparently handle 200-megapixel pictures and record 8K video. Other features include HDR10+ support, and 4K video decoding at up to 240fps or 8K decoding at up to 60fps. It supports display refresh rates of up to 144Hz.

The eight-core CPU cluster features a balance of high-performing and power-efficient cores. It has one Arm Cortex-X2 flagship core, three Cortex-A710 big cores and four Cortex-A510s, which is in the same ballpark as Qualcomm's Snapdragon 8 Gen 1 and Mediatek's Dimensity 9000, which are the only other chips using Arm's Armv9 cores and are made using a 4nm process. An integrated 5G modem supports both sub-6GHz and millimeter wave bands, and a feature to mix LTE and 5G signals speeds up data transfers to 10Gbps. The chip also has a security processor and an AI engine that is said to be two times faster than its predecessor in the Exynos 2100.

What happened after a New Hampshire state representative proposed legislation either encouraging or requiring free software in much of the state government? The Concord Monitor writes, "It's been three decades since Linux launched the modern world of free, open-source software, but you'd hardly have known that at a state legislative hearing Tuesday. One bill (HB 1273) from Eric Gallager, a Concord Democrat, is a sweeping effort that not only establishes a committee to study "replacing all proprietary software used by state agencies with free software" but also does such things as limit non-compete clauses that conflict with open-source development and forbid Javascript in state government websites. The other bill (HB 1581) from Lex Berezhny, a Grafton Republican, would reinstate a requirement that state agencies must use open-source software when it is "the most effective software solution." That requirement existed in state law from 2012 to 2018, he said.

Gallager said the two bills were developed separately. "The fact that you've got people in both parties thinking about this issue independently shows there is a wide range of support for it," he said.

The Executive Department and Administration committee sent both bills to subcommittee.
But what's interesting is the arguments that were made — both for and against: Tuesday's hearing drew the state's most prominent free software advocate, Jon Hall, a programmer whose legacy in the field dates back three decades... Among his arguments, Hall said that studies have shown that free and open-source software is cheaper in the long run than software from Microsoft or other vendors because you don't have to buy regular licenses or be forced into software upgrades or have to ditch equipment like printers because they are no longer supported. Even when free and open-source software has higher costs due to training, he said, those costs have benefits. "Where does the money that you spend go? You can send millions of dollars to Redmond (Washington, home of Microsoft) or Silicon Valley, or pay local software developers," Hall argued.

On the other hand, Denis Goulet, commissioner of the Department of Information Technology, said Gallager's bill would put large and hard-to-quantify costs onto the state. "It would take a year, two years, to figure out what it would cost" due to training on new systems, he told the committee. "It wouldn't be small." Goulet, who opposed Gallager's bill and did not speak on Berezhny's, said the state already uses open-source systems as appropriate, pointing to its web content management system.

"I estimate 85 percent of systems contained one or more open-source libraries," he said.
The lead developer and founder of Libreboot tweeted video of the hearing, where you can also hear the first opponent of the legislation — state representative Stephen Pearson.

Click here to read some of the highlights from Tuesday's hearing:

Earlier this year TechRepublic argued that while 2021 wasn't the year of the Linux desktop, "there was no denying the continued dominance of Linux in the enterprise space and the very slow (and subtle) growth of Linux on the desktop. And in just about every space (minus the smartphone arena), Linux made some serious gains."

So would 2022 be the year of the Linux desktop? "Probably not."

But developer Tim Wells honestly believes we're getting closer: The idea of the year of the Linux desktop is that there would come a year that the free and open source operating system would reach a stage that the average user could install and use it on their pc without running into problems. Linus Sebastian from Linus Tech Tips recently did an experiment where he installed Linux on his home PC for one month to see if he could use it not only for everyday tasks, but for gaming and also streaming. Ultimately he concluded (in a video just released) that this year will not be the year of the Linux desktop and that while doing everyday stuff was reasonably okay, the state of gaming on Linux (despite Valve's lofty goals) is to put it simply, a shit-show. (That's my word, not his)... The experiment done by Linus seems to show that while some games do indeed run well using [Valve's Windows compatibility layer] Proton, there are just as many that run with issues. Some of those issues can be game breaking. Such as the game running, but its multiplayer functionality not working at all. Some games just plain don't work at all due to dependencies on services such as Easy Anti Cheat...

In his video Linus mentions that the main problem preventing the "year of the Linux desktop" is the fragmentation. By fragmentation, he means the range of available distributions and the fact that each distribution has (potentially) different versions of libraries and drivers and software that makes the behind the scenes operate.... Flatpak and Snap as well as AppImage are making progress towards fixing this fragmentation issue, but those are not yet perfect either. Flatpak works by ensuring that the expected versions of libraries required for that software are installed along side it and independent of the existing library the distro may provide...

Valve have said that the Steamdeck will also use an immutable core operating system for the same reasons.

So while Linus is sure that 2022 isn't yet the year of the Linux desktop and that fragmentation is the biggest problem. I think maybe, just maybe, we're closer to solving those problems and closer perhaps to the year of the Linux desktop that some might realise.

An anonymous reader quotes a report from Ars Technica: Humble, the bundle-centric games retailer that launched with expansive Mac and Linux support in 2010, will soon shift a major component of its business to Windows-only gaming. The retailer's monthly subscription service, Humble Choice, previously offered a number of price tiers; the more you paid, the more new games you could claim in a given month. Starting February 1, Humble Choice will include less choice, as it will only offer a single $12/month tier, complete with a few new game giveaways per month and ongoing access to two collections of games: Humble's existing "Trove" collection of classic games, and a brand-new "Humble Games Collection" of more modern titles.

But this shift in subscription strategy comes with a new, unfortunate requirement: an entirely new launcher app, which must be used to access and download Humble Trove and Humble Games Collection games going forward. Worse, this app will be Windows-only. Current subscribers have been given an abrupt countdown warning (as spotted by NeoWin). Those subscribers have until January 31 to use the existing website interface to download DRM-free copies of any games' Mac or Linux versions. Starting February 1, subscription-specific downloads will be taken off the site, and Mac and Linux versions in particular will disappear altogether. Interestingly, the current Trove library consists of 79 games, but Humble says that the Trove collection will include "50+ games" starting February 1. This week's warning to Humble's Mac and Linux subscribers notes that "many" of the current Trove games will appear on the Humble Launcher, which is likely a nice way of saying that some of the existing games will not -- perhaps around 20 or so, based on the aforementioned numbers. Despite these changes, Trove's selection of games will remain DRM-free. FAQs about the Humble Launcher suggest that subscribers can download Trove files and continue accessing them in DRM-free fashion, no Humble Launcher or ongoing subscription required. The same promise has not been made for the more modern game collection found in the new Humble Games Collection.

An anonymous reader quotes a report from Ars Technica: A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday. David Colombo explained in the thread that the flaw was "not a vulnerability in Tesla's infrastructure. It's the owner's faults." He claimed to be able to disable a car's remote camera system, unlock doors and open windows, and even begin keyless driving. He could also determine the car's exact location.

However, Colombo clarified that he could not actually interact with any of the Teslas' steering, throttle, or brakes, so at least we don't have to worry about an army of remote-controlled EVs doing a Fate of the Furious reenactment. Colombo says he reported the issue to Tesla's security team, which is investigating the matter.

A Scandinavian hotel chain that fell victim to a ransomware attack last month said it took a novel approach to recover from the incident by switching all affected systems to Chrome OS. The Record reports: Nordic Choice Hotels, which operates 200 hotels across Northern Europe, fell victim to a ransomware attack on December 2, when hackers encrypted some of its internal systems using the Conti ransomware strain. The attack prevented staff from accessing guest reservation data and from issuing key cards to newly arriving guests, as one of the hotel's guests told The Record in an interview last month. But in a press release today, Nordic Choice said that instead of contacting the hackers and negotiating a ransom for the decryption key that would have unlocked the infected devices, the hotel chose to migrate its entire PC fleet from Windows to Chrome OS.

"[I]n less than 24 hours, the first hotel was operating in the Chrome OS ecosystem from Google. And in the following two days, 2000 computers were converted all over the company consisting of 212 hotels in five different countries," the hotel chain explained. Kari Anna Fiskvik, VP Technology at Nordic Choice Hotels, said the hotel had already run a pilot program to test the tool before the attack as a way to save money by reusing old computers with a less-demanding OS. "So when we suddenly had to deal with the cyberattack, the decision to go all in and fasttrack the project was made in seconds," Fiskvik said. Nordic Choice said it plans to migrate another 2,000 computers to Chrome OS, on top of the 2,000 it migrated during the attack. The hotel chain said they expect to save $6.7 million by converting old computers to Chrome OS instead of buying new hardware.

In November 2020, Microsoft took the wraps off its Pluton security chip, with the goal of bringing it to all Windows 10 PCs. It wasn't until this week, that any of Microsoft's OEMs announced their first Pluton-powered PCs. From a report: At CES, Lenovo unveiled its Ryzen-6000-based ThinkPad Z series laptops running Windows 11, which will integrate the Microsoft Pluton processor. The coming ThinkPad Z series laptops will begin shipping in May 2022. Thanks to Pluton, these devices will be able to receive updated firmware using Windows Update. In the ThinkPad Z13 and Z16, Pluton will help protect Windows Hello credentials, according to Microsoft, by further isolating them from attackers. These new ThinkPads will use Pluton as their TPMs to protect encryption keys from physical attacks, Microsoft officials said. Microsoft pioneered Pluton first in Azure Sphere, its Linux-based microcontroller, and in Xbox. In a January 4 blog post, Microsoft officials noted that Pluton can be configured in three ways: As the Trusted Platform Module (TPM); as a security processor for non-TPM scenarios like platform resiliency; or inside a device where OEMs have opted to ship with the chip turned off.

Reader segaboy81 shares a report: When Microsoft announced Windows 11 in June of 2021, it was greeted with mixed reactions by the tech press. Some outlets praised the round corners and modern design elements, while others conjectured that visual elements from the remains of Windows 10x had simply been transplanted onto a stable, familiar base. All the while, Microsoft had been gaining a loyal following with what was purported to be last version on Windows. Windows, like Arch Linux, had essentially become a rolling release. That all changed with the announcement of the Surface Pro 8, Surface Go 3, and Surface Laptop Studio.

The road has been long for many users, mired with controversy regarding TPM 2.0, AMD Ryzen performance pitfalls, and more. We are a full two months into the official release of Windows 11, but driver support for Microsoft's Surface line of devices listed on the official compatibility list is still incomplete. Counting AMD and Intel variants of the Surface Laptop and the 2021 lineup of new hardware, there are 16 base Surface configurations that support Windows 11. Five of them still don't have a Windows 11 driver package two months after release. They are as follows: Surface Go 2, Surface Pro 6, Surface Laptop 2, Surface Laptop 3 (Ryzen), and Surface Studio 2.

Josh Wardle, a software engineer in Brooklyn, knew his partner loved word games, so he created a guessing game for just the two of them. As a play on his last name, he named it Wordle. But after the couple played for months, and after it rapidly became an obsession in his family's WhatsApp group once he introduced it to relatives, Mr. Wardle thought he might be on to something and released it to the rest of the world in October. From a report: On Nov. 1, 90 people played. On Sunday, just over two months later, more than 300,000 people played. It's been a meteoric rise for the once-a-day game, which invites players to guess a five-letter word in a similar manner as the guess-the-color game Mastermind. After guessing a five-letter word, the game tells you whether any of your letters are in the secret word and whether they are in the correct place. You have six tries to get it right. Few such popular corners of the internet are as low-frills as the website, which Mr. Wardle built himself as a side project. There are no ads or flashing banners; no windows pop up or ask for money. There is merely the game on a black background.

"I think people kind of appreciate that there's this thing online that's just fun," Mr. Wardle said in an interview on Monday. "It's not trying to do anything shady with your data or your eyeballs. It's just a game that's fun." This is not Mr. Wardle's first brush with suddenly capturing widespread attention. Formerly a software engineer for Reddit, he created two collaborative social experiments on the site, called The Button and Place, that each were phenomena in their moment. But Wordle was built without a team of engineers. It was just him and his partner, Palak Shah, killing time during a pandemic. Mr. Wardle said he first created a similar prototype in 2013, but his friends were unimpressed and he scrapped the idea. In 2020, he and Ms. Shah "got really into" the New York Times Spelling Bee and the daily crossword, "so I wanted to come up with a game that she would enjoy," he said. The breakthrough, he said, was limiting players to one game per day. That enforced a sense of scarcity, which he said was partially inspired by the Spelling Bee, which leaves people wanting more, he said.

Instant-delivery startups promising to ferry groceries to customers in 15 minutes or less have rushed to expand in major cities like New York and Chicago in the past year. But they're burning far more cash in the U.S. than in other countries where they operate, causing several of them to test major changes to their business model -- including longer delivery windows that could allow the startups to pack in more orders per trip. The Information: One example is Jokr, last valued at $1.2 billion on paper, which told investors in the fall it would experiment with slower delivery times and a subscription service to reduce its heavy losses, according to a person with direct knowledge of the matter. In the month of August, the one-year-old startup was losing $159 per order in the U.S., according to internal data sent to investors in the fall, viewed by The Information. Buyk, a smaller instant-delivery startup, may also introduce longer delivery windows, its CEO said in an interview. And Fridge No More, an instant-delivery firm founded in 2020, plans to introduce a new private-label offering for items like olive oil and milk and to sell prepared foods such as pizza to similarly boost margins, according to a fundraising document seen by The Information. The pressure to change strategy so soon after launching illustrates the challenge of operating an instant-delivery business in the U.S., where intense competition from other rapid-commerce startups and more-established delivery firms like Instacart make it more expensive to attract customers. Labor and real estate costs are also much higher in the U.S than in developing markets like Brazil or Turkey, where some startups first set up their rapid-delivery operations.

theodp writes: Slashdot has surveyed personal New Year's resolutions in the past. So this year, how about coming up with a list of New Year's resolutions you'd like to see tech companies keep in 2022?

As for me, I'd like to see the tech giants resolve to making their desktop software work in the Cloud (and not just for Business), include a programming language with their desktop and mobile OS, provide the capability to share 'meaningful' file names, and allow developers to cap their Cloud charges. Is that too much to ask for in 2022?

Microsoft Defender for Endpoint is currently showing "sensor tampering" alerts linked to the company's newly deployed Microsoft 365 Defender scanner for Log4j processes. BleepingComputer reports: The alerts are reportedly mainly shown on Windows Server 2016 systems and warn of "possible sensor tampering in memory was detected by Microsoft Defender for Endpoint" created by an OpenHandleCollector.exe process. Admins have been dealing with this issue since at least December 23, according to customer reports.

While this Defender process' behavior is tagged as malicious, there's nothing to worry about since these are false positives, as revealed by Tomer Teller, Principal Group PM Manager at Microsoft, Enterprise Security Posture. Microsoft is currently looking into this Microsoft 365 Defender issue and working on a fix that the company should soon deliver to affected systems. "This is part of the work we did to detect Log4J instances on disk. The team is analyzing why it triggers the alert (it shouldn't of course)," Teller explained.

With some time on their hands, long-time Slashdot reader shanen began exploring the question: How many files does my Windows 10 computer have?

But then they realized "It would also be interesting to compare the weirdness on other OSes..." Here are the two data points in front of me:

(1) Using the right click on properties for all of the top-level folders on the drive (including the so-called hidden folders), it quickly determined that there are a few hundred thousand files in those folders (and a few hundred thousand subfolders). That's already ridiculous, but the expected par these days. The largest project I have on the machine only has about 3,000 files, and that one goes back many years... (My largest database only has about 5,000 records, but it's just a few files.)

(2) However, I also decided to take a look with Microsoft's malicious software removal tool and got a completely different answer. For twisted grins, I had invoked the full scan. It's still running a day later and has already passed 10 million files. Really? The progress bar indicates about 80% finished? WTF?

Obviously there is some kind of disagreement about the nature of "file" here. I could only think of one crazy explanation, but my router answered "No, the computer is not checking all of the files on the Internet." So I've already asked the specific question in three-letter form, but the broader question is about the explosive, perhaps even cancerous, "population growth" of files these days.
Maybe we can all solve this mystery together. So use the comments to share your own answers and insights.

How many files are on your computer?

Researchers say a second family of ransomware has been growing in usage for attack attempts that exploit the critical vulnerability in Apache Log4j, including in the U.S. and Europe. VentureBeat reports: A number of researchers, including at cybersecurity giant Sophos, have now said they've observed the attempted deployment of a ransomware family known as TellYouThePass. Researchers have described TellYouThePass as an older and largely inactive ransomware family -- which has been revived following the discovery of the vulnerability in the widely used Log4j logging software. TellYouThePass is the second family of ransomware that's been observed to exploit the vulnerability in Log4j, known as Log4Shell, joining the Khonsari ransomware, according to researchers.

While previous reports indicated that TellYouThePass was mainly being directed against targets in China, researchers at Sophos told VentureBeat that they've observed the attempted delivery of TellYouThePass ransomware both inside and outside of China -- including in the U.S. and Europe. "Systems in China were targeted, as well as some hosted in Amazon and Google cloud services in the U.S. and at several sites in Europe," said Sean Gallagher, a senior threat researcher at Sophos Labs, in an email to VentureBeat on Tuesday. Sophos detected attempts to deliver TellYouThePass payloads by utilizing the Log4j vulnerability on December 17 and December 18, Gallagher said. TellYouThePass has versions that run on either Linux or Windows, "and has a history of exploiting high-profile vulnerabilities like EternalBlue," said Andrew Brandt, a threat researcher at Sophos, in an email. The Linux version is capable of stealing Secure Socket Shell (SSH) keys and can perform lateral movement, Brandt said. Sophos initially disclosed its detection of TellYouThePass ransomware in a December 20 blog post.

The first report of TellYouThePass ransomware exploiting the Log4j vulnerability appears to have come from the head of Chinese cybersecurity group KnownSec 404 Team on December 12. The attempted deployment of TellYouThePass in conjunction with Log4Shell was subsequently confirmed by additional researchers, according to researcher community Curated Intelligence. In a blog post Tuesday, Curated Intelligence said its members can now confirm that TellYouThePass has been seen exploiting the vulnerability "in the wild to target both Windows and Linux systems." TellYouThePass had most recently been observed in July 2020, Curated Intelligence said. It joins Khonsari, a new family of ransomware identified in connection with exploits of the Log4j vulnerability.

Microsoft has notified earlier this month a select group of Azure customers impacted by a recently discovered bug that exposed the source code of their Azure web apps since at least September 2017. The vulnerability was discovered by cloud security firm Wiz and reported to Microsoft in September. The issue was fixed in November, and Microsoft has spent the last few weeks investigating how many customers were impacted. The Record reports: The issue, nicknamed NotLegit, resides in Azure App Service, a feature of the Azure cloud that allows customers to deploy websites and web apps from a source code repository. Wiz researchers said that in situations where Azure customers selected the "Local Git" option to deploy their websites from a Git repository hosted on the same Azure server, the source code was also exposed online.

All PHP, Node, Ruby, and Python applications deployed via this method were impacted, Microsoft said in a blog post today. Only apps deployed on Linux-based Azure servers were impacted, but not those hosted on Windows Server systems. Apps deployed as far back as 2013 were impacted, although the exposure began in September 2017, when the vulnerability was introduced in Azure's systems, the Wiz team said in a report today. [...] The most dangerous exposure scenarios are situations where the exposed source code contained a .git configuration file that, itself, contained passwords and access tokens for other customer systems, such as databases and APIs.

75% of the top 1,000 games run on Linux now, and the figure is even higher, at 80%, for the top 100 games. gHacks reports: Valve Software, the company behind the popular Steam gaming platform and smash hits such as Dota 2, Half-Life and Team Fortress, announced plans in 2018 to improve Windows game support for Linux. [...] The independent database protondb keeps track of compatibility using user reports. Compatibility has improved significantly in recent years. The site highlights compatibility for the top 10, top 100 and top 1000 games on Steam.

75% of the top 1000 games run on Linux now, and the figure is even higher, at 80%, for the top 100 games. Only the top 10 games are not well represented, as only 40% of them run on Linux without major issues according to the database. Users have submitted more than 150,000 reports for over 21,000 games to the site. Of these 21,000 games, more than 17,600 are working according to the site. Games on the database are ranked using a medal system. Platinum and Gold rated games run perfectly, and silver games may have minor issues. Bronze games may crash or have serious issues. Borked games won't work at all or are unplayable, and native Linux games are just the opposite of that.

Protondb has a search feature that Linux gamers may use to find out if games that they are interested in work well on Linux. All games that match the search term are returned, which means that you can search for entire series of games, e.g. King's Bounty, Final Fantasy or Civilization, and get all reported games and their compatibility rating returned. Compatibility is improving, and while there are still games that won't run on Linux, it is clear that compatibility has improved significantly in the past couple of years.

Steve Ballmer wanted Microsoft's Cortana AI to be called "Bingo" so it would be more Microsoft-branded. From a report: That's according to former Microsoft product manager Sandeep Paruchuri, who recounted the story of how Microsoft's AI assistant got its name to writer Alice Newton Rex as part of a deep dive into Cortana's origins. While we've gotten a pretty good idea of Microsoft's ambitious vision for the AI assistant in the years since it leaked then launched, Paruchuri and Rex gave the inside story of how Cortana was named, pitched to management, and the clash that happened between dreams and reality. Also included are interesting details about how the assistant became one of the main advertising points for the doomed Windows Phone platform.