"C++ allows for writing high-performance applications but this comes at a price, security..." So says Google's Chrome security team in a recent blog post, adding that in general, "While there is appetite for different languages than C++ with stronger memory safety guarantees, large codebases such as Chromium will use C++ for the foreseeable future."

So the post discusses "our journey of using heap scanning technologies to improve memory safety of C++." The basic idea is to put explicitly freed memory into quarantine and only make it available when a certain safety condition is reached. Microsoft has shipped versions of this mitigation in its browsers: MemoryProtector in Internet Explorer in 2014 and its successor MemGC in (pre-Chromium) Edge in 2015. In the Linux kernel a probabilistic approach was used where memory was eventually just recycled. And this approach has seen attention in academia in recent years with the MarkUs paper. The rest of this article summarizes our journey of experimenting with quarantines and heap scanning in Chrome.
In essence the C++ memory allocator (used by new and delete) is "intercepted." There are various hardening options which come with a performance cost:


- Overwrite the quarantined memory with special values (e.g. zero);

- Stop all application threads when the scan is running or scan the heap concurrently;

- Intercept memory writes (e.g. by page protection) to catch pointer updates;

- Scan memory word by word for possible pointers (conservative handling) or provide descriptors for objects (precise handling);

- Segregation of application memory in safe and unsafe partitions to opt-out certain objects which are either performance sensitive or can be statically proven as being safe to skip;

- Scan the execution stack in addition to just scanning heap memory...


Running our basic version on Speedometer2 regresses the total score by 8%. Bummer...

To reduce the regression we implemented various optimizations that improve the raw scanning speed. Naturally, the fastest way to scan memory is to not scan it at all and so we partitioned the heap into two classes: memory that can contain pointers and memory that we can statically prove to not contain pointers, e.g. strings. We avoid scanning memory that cannot contain any pointers. Note that such memory is still part of the quarantine, it is just not scanned....

[That and other] optimizations helped to reduce the Speedometer2 regression from 8% down to 2%.
Thanks to Slashdot reader Hari Pota for sharing the link

"An actively exploited Microsoft zero-day flaw still has no patch," Wired wrote Friday (in an article they've designated as "free for a limited time only.")

Microsoft first received reports of the flaw on April 21st, the article points out, and researchers have now seen malicious Word documents exploiting Follina for targets in Russia, India, the Philippines, Belarus, and Nepal. Yet "The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows." Researchers warned last weekend that a flaw in Microsoft's Support Diagnostic Tool could be exploited using malicious Word documents to remotely take control of target devices. Microsoft released guidance on Monday, including temporary defense measures. By Tuesday, the United States Cybersecurity and Infrastructure Security Agency had warned that "a remote, unauthenticated attacker could exploit this vulnerability," known as Follina, "to take control of an affected system." But Microsoft would not say when or whether a patch is coming for the vulnerability, even though the company acknowledged that the flaw was being actively exploited by attackers in the wild. And the company still had no comment about the possibility of a patch when asked by WIRED [Thursday].

The Follina vulnerability in a Windows support tool can be easily exploited by a specially crafted Word document. The lure is outfitted with a remote template that can retrieve a malicious HTML file and ultimately allow an attacker to execute Powershell commands within Windows. Researchers note that they would describe the bug as a "zero-day," or previously unknown vulnerability, but Microsoft has not classified it as such. "After public knowledge of the exploit grew, we began seeing an immediate response from a variety of attackers beginning to use it," says Tom Hegel, senior threat researcher at security firm SentinelOne. He adds that while attackers have primarily been observed exploiting the flaw through malicious documents thus far, researchers have discovered other methods as well, including the manipulation of HTML content in network traffic....

The vulnerability is present in all supported versions of Windows and can be exploited through Microsoft Office 365, Office 2013 through 2019, Office 2021, and Office ProPlus. Microsoft's main proposed mitigation involves disabling a specific protocol within Support Diagnostic Tool and using Microsoft Defender Antivirus to monitor for and block exploitation.

But incident responders say that more action is needed, given how easy it is to exploit the vulnerability and how much malicious activity is being detected.
The Register adds that the flaw works in Microsoft Word even when macros are disabled. (Thanks to long-time Slashdot reader Z00L00K for sharing the story!)

Friday Microsoft went into the vulnerability's official CVE report and added this update.

"Microsoft is working on a resolution and will provide an update in an upcoming release."

The Register has unveiled their "cynic's guide to desktop Linux," which they ultimately concede is a snarky yet affectionate list of "the least bad distros."

For those who are "sick of Windows but can't afford a Mac," the article begins by addressing people who complain there's too many Linux distros to choose from. "We thought we'd simplify things for you by listing how and in which ways the different options suck." - The year of Linux on the desktop came and went, and nobody noticed — maybe because it doesn't say "Linux" on it. ChromeOS only runs on ChromeBooks and ChromeBoxes, but they outsold Macs for a while before the pandemic. "Flex" is the version for ordinary PCs... ChromeOS Flex works great, because it only does one thing: browse the web. You can't install apps, not even Android ones: only official kit does that. You can run Debian containers: if you know what that means, go run Debian. If you don't know what that means, trust us, you don't want to.

- Ubuntu is an ancient African word that means I can't configure Debian....

- Mint is an Ubuntu remix with knobs on. It was an also-ran for years, but when Ubuntu went all Mac-like it saw its chance and grabbed it — along with the number one spot in the charts. It dispenses with some of the questionable bits of recent Ubuntu, such as GNOME and Snaps, but replaces them with dodgy bits of its own, such as a confusing choice of not one, not two, but three Windows-like desktops, and overly cautious approaches to updates and upgrades.

- Debian is the daddy of free distros, and the one that invented the idea of a packaging tool that automatically installs dependencies. It's easier than it used to be, but mired in politics. It's sort of like Ubuntu, but more out of date, harder to install, and with fewer drivers. If that sounds just your sort of thing, go for it.
There's 10 snarky entries in all, zinging Fedora, openSUSE, Arch Linux, and Pop!_OS — as well as the various spinoffs of Red Hat Enterprise Linux. (The article calls Rocky Linux and AlmaLinux "RHEL with the serial numbers filed off.")

And there's also one final catch-call entry for "Tiny obscure distros. All of them."

Thanks to Slashdot reader AleRunner for sharing the link...

Mike Bouma writes: Version 1.7 of AROS One for x86 has just been released and it's a distro of the "AROS Research Operating System," originally "Amiga Research Operating System." It's a standalone, free and open-source multi-media centric operating system that's designed to be portable, flexible, efficient and lightweight and can be seen dual booting with Windows 10 on an Acer laptop here. The most popular AROS specific community portal is AROS Exec.

Parts of AROS were used to create the commercial PowerPC based Amiga-like operating system MorphOS, which has recently seen a new release as well, version 3.17. The most popular MorphOS specific community portal is MorphZone.

An anonymous reader quotes a report from Ars Technica: Apple's Safari web browser has more than 1 billion users, according to an estimate by Atlas VPN. Only one other browser has more than a billion users, and that's Google's Chrome. But at nearly 3.4 billion, Chrome still leaves Safari in the dust. It's important to note that these numbers include mobile users, not just desktop users. Likely, Safari's status as the default browser for both the iPhone and iPad plays a much bigger role than its usage on the Mac. Still, it's impressive given that Safari is the only major web browser not available on Android, which is the world's most popular mobile operating system, or Windows, the most popular desktop OS. "The statistics are based on the GlobalStats browser market share percentage, which was then converted into numbers using the Internet World Stats internet user metric to retrieve the exact numbers," explains Atlas VPN in a blog post.

The /e/OS-powered Murena One is the first smartphone from Murena that does its best to free you from Google without sacrificing too many core features. There are no Google apps, Google Play Services, or even the Google Assistant. It's all been replaced by open-source software alternatives with privacy-respecting features. ZDNet's Steven Vaughan-Nichols reports: Murena and Mandrake Linux founder Gael Duval was sick of it by 2017. He wanted his data to be his data, and he wanted open-source software. Almost five years later, Duval and his co-developers launched the Murena One X2. It's the first high-end Android phone using the open-source /e/OS Android fork to arrive on the market. The privacy heart of the Murena One is /e/OS V1. There have been many attempts to create an alternative to Google-based Android and Apple's iOS -- Ubuntu One, FirefoxOS, and Windows Mobile -- but all failed. Duval's approach isn't to reinvent the mobile operating system wheel, but to clean up Android of its squeaky Google privacy-invading features and replace them with privacy-respecting ones. To make this happen, Duval started with LineageOS -- an Android-based operating system, which is descended from the failed CyanogenMod Android fork. It also blends in features from the Android Open Source Project (AOSP) source-code trees.

In the /e/OS, most (but not all) Google services have been removed and replaced with MicroG services. MicroG replaces Google's libraries with purely open-source implementations without hooks to Google's services. This includes libraries and apps which provide Google Play, Maps, Geolocation, and Messaging services for Android applications. In addition, /e/OS does its best to free you from higher-level Google services. For instance, Google's default search engine has been replaced with Murena's own meta-search engine. Other internet-based services, such as Domain Name Server (DNS) and Network Time Protocol (NTP), use non-Google servers. Above the operating system, you'll find Google-free applications. This includes a web browser; an e-mail client; a messaging app; a calendar; a contact manager; and a maps app that relies on Mozilla Location Service and OpenStreetMap. While it's not here yet, Murena is also working on its own take on Google Assistant, Elivia-AI. You can also run many, but not all Android apps. You'll find these apps on the operating system's App Lounge. [...]

There's still one big problem: the App Lounge still relies on you logging in with your Google account. In short, the App Lounge is mainly a gateway to Google Store apps. Munera assures me that the Lounge anonymizes your data -- except if you use apps that require payment. Still, this is annoying for people who want to cut all their ties with Google. The fundamental problem is this: Muena does all it can to separate its operating system and applications from Google, but it can't -- yet -- replace Google's e-commerce and software store system. As for hardware specs, the $379 Murena One features a 6.5-inch IPS LCD display, eight-core MediaTek Helio P60 processor, side-mounted fingerprint scanner, three rear cameras (48MP + 8MP + 5MP) and 25MP front camera, and 4,500mAh battery. It also features a microSD card slot for expandable storage and headphone port.

Microsoft looks set to announce an updated version of its compact Surface Laptop Go, if an early retailer listing from Korea is to be believed. From a report: The biggest change with the Surface Laptop Go 2 appears to be its newer 11th-gen Intel CPU (an i5-1135G7), which replaces the 10th-gen model found in the original 2020 laptop. The Go 2 will ship with Windows 11 this time around, and a Google Translate of the retailer page says its webcam will have "improved HD camera performance." Preorders are set to open on June 2nd, so an official announcement might not be far away. WinFuture previously reported that the laptop could have a starting price of $650. Otherwise, the new laptop appears to be very similar to its predecessor. It still has a 12.4-inch display with a 3:2 aspect ratio, the same selection of ports (USB-A, USB-C, a 3.5mm headphone jack, and a port for Microsoft's proprietary charger), and a fingerprint sensor that's still built into the power button on select models. There's no sign of a backlit keyboard, which was an unfortunate omission on the first Laptop Go.

Mike Bouma (Slashdot reader #85,252) writes: AmiKit is a compilation of pre-installed and pre-configured Amiga programs running emulated on Windows, macOS, and Linux (as well as running on classic 68K Amigas expanded with a Vampire upgrade card).

Besides original Workbench (Commodore's desktop environment/graphical filemanager), AmiKit provides Directory Opus Magellan and Scalos as desktop replacements and its "Rabbit Hole" feature allows you to launch Windows, Mac or Linux applications directly from your Amiga desktop! Anti-aliased fonts, Full HD 32-bit screen modes and DualPNG Icons support is included and this package comes with exclusive versions of the Master Control Program (MCP) and MUI 5 (Magic User Interface).

The original AmigaOS (version 3.x) and Kickstart ROM (version 3.1) are required, also the recently released AmigaOS 3.2 is supported. You can also get the needed files from the Amiga Forever package(s). It even supports emulating AmigaOS 4.x (for PowerPC) easily through Flower Pot.

Here's an extensive overview video by Dan Wood. An Amiga Future review of an earlier 2017 version can be read here.
"Everything began in 1994 when my parents bought an Amiga 500 for me and my brother," explains AmiKit's developer.

"I was 14 years old..." Fast forward to 2005, the AmiKit was born — an emulated environment including more than 350 programs. It fully replaced my old Amiga and it became a legend in the community over the years.

Fast forward to 2017, a brand new AmiKit X is released, originally developed for A.L.I.C.E., followed by the XE version released in 2019, Vampire edition in 2020 and Raspberry Pi in 2021. The latest & greatest version was released in 2020.

When someone, who has never heard about Amiga before, asks me why I would want to turn current modern computer into something retro and old fashioned, my short answer is: "Simply because I love Amiga!"

ZDNet writes that in late 2020 Red Hat decided "they'd no longer release CentOS Linux as a standalone distribution. Instead, CentOS Stream would work as a beta for RHEL."

So where are we now? The competition immediately sprang up to replace CentOS. The two most important of these are the AlmaLinux OS Foundation's AlmaLinux and Rocky Enterprise Software Foundation's Rocky Linux. [May 16th saw the release of Rocky Linux 8.6.] Now, mere weeks after the release of RHEL 9, AlmaLinux 9 has arrived.

Like RHEL itself, AlmaLinux 9 starts from CentOS Stream via RHEL. Indeed, AlmaLinux developers are CentOS Stream contributors. The bottom line is that CentOS 9 is an identical twin to RHEL 9 — except for the names and trademarks. It has all the same features, all the same advances, and, for better or worse, all the same bugs.
Besides the big server architectures, AlmaLinux is also ready to run on everything from cloud and Docker images to Microsoft's Windows Subsystem for Linux and Raspberry Pi, the article points out.

And Jack Aboutboul, AlmaLinux's Community Manager, tells ZDNet "We are building AlmaLinux with the specific goal of creating an independent CentOS successor that is truly community-centric and designed for everyone... We offer everyone a uniform platform that is safe, secure, easy to use, and dependable to build your tomorrow on."

This week Google began a rolling release for stable Chrome version 102 "with 32 security fixes for browser on Windows, Mac and Linux," reports ZDNet: Chrome 102 for the desktop includes 32 security fixes reported to Google by external researchers. There's one critical flaw, while eight are high severity, nine are medium severity, and seven are low severity. Google also creates other fixes for issues found through internal testing...

The critical flaw, labelled as CVE-2022-1853, is a 'use after free in IndexedDB', an interface for applications to store data in a user's browser.... "My guess is that an attacker could construct a specially crafted website and take over the visitor's browser by manipulating the IndexedDB," says Pieter Arntz, a malware intelligence researcher at Malwarebytes. None of the flaws fixed in this Chrome 102 stable release were zero days, meaning flaws that were exploited before Google released a patch for it.

Google's Project Zero (GPZ) team last year counted 58 zero-day exploits for popular software in 2021. Twenty-five of these were in browsers, of which 14 affected Chrome. Google engineers argue zero-day counts are rising because vendors are improving detection, fixes and disclosure. However, GPZ researchers argue the industry as a whole is not making zero days hard enough for attackers, who often rely on tweaking existing flaws rather than being forced to conjure up entirely new exploitation methods.
Linux/Mac/Windows users of Chrome can check Help/About to see if the update has already rolled out to their system — or if they need to update manually.

With the latest preview patch, Windows Server 2022 now supports WSL2 Linux distros, the Register reports: The move ends an odyssey that began with the arrival of the Windows Subsystem for Linux (WSL) 2 on Windows 10 several years ago and with users' calls for Windows Server to get the same treatment. The change is also somewhat of an about-face from Microsoft. In 2021, in response to pleas from users to backport the tech to Windows Server 2019, [Principal program manager for Windows Server Jeff] Woolsey described WSL in early 2021 as "fantastic for dev" and "perfect for Windows client" but warned: "If we put it in Windows Server, people will use it in production scenarios for which it isn't intended." The approved path was to spin up a full Linux VM. Quite a bit heftier than the lighter-weight WSL2.

Signs of Microsoft listening to feedback showed up earlier this year, as Microsoft Program Manager Craig Loewen "clarified" that WSL2 distros would work on Windows Server version 2004 and 20H2, although the LTSC versions found in many data centers remained free of WSL2. Until this week, that is.
TechRadar provides some context: WSL 2, which was originally released in May 2019 (opens in new tab), uses virtualization technology to run an open source Linux kernel inside of a lightweight utility virtual machine (VM). This empowers Windows users to run popular Linux apps such as Docker. Microsoft claims that unlike a traditional VM experience — which it says can be slow to boot up, is isolated, consumes a lot of resources, and requires your time to manage it — WSL 2 does not have these attributes....

The KB5014021 update is currently optional, but will be automatically rolled out to users next month....

Windows Server updates have not been without issues in recent months, however, with Microsoft having to address various problems caused by the January 2021 Patch Tuesday updates. The company issued an emergency out-of-band update to address bugs that forced domain controllers to reboot endlessly, broke Hyper-V, and rendered ReFS volumes inaccessible while showing them as RAW file systems.

Designer and co-founder of The Iconfactory, Corey B. Marion, has died following a long battle with cancer. He was 54. AppleInsider reports: Marion founded The Iconfactory in 1996 with Talos Tsui, and Gedeon Maheux, when he was 29. For a quarter of a century, he led the firm while also designing icons -- including the company's own factory logo one -- and created a typeface based on his own handwriting. [...] The Iconfactory produces sets of icons, such as free ones commissioned by Paramount to promote a "Star Trek" film, and over 100 for Microsoft Windows XP. Corey designed logos, emojis, and wallpapers too. Plus from 1997 to 2004, he was a judge on The Iconfactory's annual Pixelpalooza icon design contest, created specifically for the Mac community. "We hope you'll join us in celebrating his life via the digital gifts he gave of himself as well as send warm and comforting wishes to his entire family," says a statement on the front page of the company's site. "Our sadness is tempered by the fact that his art and legacy live on in all of us here at the factory as well as for all those, like yourselves, who have enjoyed his creations over the years."

Windows Central: For a few years, rumors have persisted that Microsoft was exploring building some form of streaming stick to offer Xbox Cloud Gaming via a more affordable dongle, similarly to Chromecast and Google Stadia. The first hint was Project Hobart. More recently, a code name "Keystone" appeared in an Xbox OS list, lending fire to rumors that Microsoft was continuing to explore additional hardware for the Xbox lineup. We can now confirm that that is indeed true, and it pertains to a modernized HDMI streaming device that runs Xbox Game Pass and its cloud gaming service. Microsoft is, however, taking exploring additional iterations of the product before taking it to market. In a statement provided to Windows Central, a Microsoft spokesperson described its commitment to lowering boundaries to Xbox content via low cost-hardware, while acknowledging that the existing version of Keystone needs a little more time to bake before going live.

Microsoft will slow hiring in its Windows, Office and Teams chat and conferencing software groups, citing a need to realign staffing priorities as it approaches a new fiscal year in a time of global economic uncertainty. From a report: All new hires must be approved by Executive Vice President Rajesh Jha and his leadership team, Jha told employees in an email Thursday, a Microsoft spokesperson said. Those groups have expanded recently and the company wants to make sure it's making the right hires in the right places, the spokesperson said. The slowdown is not companywide, and overall the software maker will continue to hire, the spokesperson said, noting that such caution is typical in periods of economic volatility. "As Microsoft gets ready for the new fiscal year, it is making sure the right resources are aligned to the right opportunity," the company said in a statement. "Microsoft will continue to grow headcount in the year ahead and it will add additional focus to where those resources go." The company's fiscal year starts July 1.

Microsoft Dev Box is intended to simplify the process of getting new developer workstations up and running quickly, with all necessary tools and dependencies installed and working out-of-the-box (so to speak), along with access to up-to-date source code and fresh copies of any nightly builds. Ars Technica reports: Dev Box is built on Windows 365, a service that IT admins can use to provide preconfigured virtual PCs to users. Admins can build operating system images and offer hardware configurations with different amounts of CPU power, storage, and RAM based on what particular users (or workloads) need. Windows 365 virtual machines, including but not limited to Dev Box VMs, can be accessed from other Windows PCs, or devices running macOS, iOS, Android, Linux, or ChromeOS.

"Microsoft Dev Box supports any developer IDE, SDK, or internal tool that runs on Windows," writes Microsoft product manager Anthony Cangialosi [in a blog post introducing the service]. "Dev Boxes can target any development workload you can build from a Windows desktop and are particularly well-suited for desktop, mobile, IoT, and gaming. You can even build cross-platform apps using Windows Subsystem for Linux." Dev Box is currently available in a private preview. If you're interested in testing it when the preview goes public, you can sign up to learn more here.

Today at Build 2022, Microsoft unveiled Project Volterra, a device powered by Qualcomm's Snapdragon platform that's designed to let developers explore "AI scenarios" via Qualcomm's new Snapdragon Neural Processing Engine (SNPE) for Windows toolkit. From a report: The hardware arrives alongside support in Windows for neural processing units (NPUs), or dedicated chips tailored for AI- and machine learning-specific workloads. Dedicated AI chips, which speed up AI processing while reducing the impact on battery, have become common in mobile devices like smartphones. But as apps like AI-powered image upscalers come into wider use, manufacturers have been adding such chips to their laptop lineups. M1 Macs feature Apple's Neural Engine, for instance, and Microsoft's Surface Pro X has the SQ1 (which was co-developed with Qualcomm). Intel at one point signaled it would offer an AI chip solution for Windows PCs, but -- as the ecosystem of AI-powered Arm apps is well-established, thanks to iOS and Android -- Project Volterra appears to be an attempt to tap it rather than reinvent the wheel.

It's not the first time Microsoft has partnered with Qualcomm to launch AI developer hardware. In 2018, the companies jointly announced the Vision Intelligence Platform, which featured "fully integrated" support for computer vision algorithms running via Microsoft's Azure ML and Azure IoT Edge services. Project Volterra offers evidence that, four years later, Microsoft and Qualcomm remain bedfellows in this arena, even after the reported expiration of Qualcomm's exclusivity deal for Windows on Arm licenses. Arriving later this year, Microsoft says (somewhat hyperbolically) that Project Volterra will come with a neural processor that has "best-in-class" AI computing capacity and efficiency. The primary chip will be Arm-based, supplied by Qualcomm, and will enable developers to build and test Arm-native apps alongside tools including Visual Studio, VSCode, Microsoft Office and Teams. Project Volterra is the harbinger of an "end-to-end" developer toolchain for Arm-native apps from Microsoft, as it turns out, which will span the full Visual Studio 2022, VSCode, Visual C++, NET 6, Windows Terminal, Java, Windows Subsystem for Linux and Windows Subsystem for Android (for running Android apps).

Microsoft is planning to support third-party widgets inside Windows 11 later this year. At its annual Build developer conference today, the software giant says it will open up access to Windows 11 widgets to developers as companions to their win32 or PWA apps. From a report: Currently, the Windows 11 widgets system is restricted to native widgets created by Microsoft, and the selection is rather limited. Microsoft has built widgets for its Outlook and To Do apps, but the rest are largely web-powered ones that present the weather, entertainment feeds, or news in the dedicated widgets panel for Windows 11.

"We're energized by the customer feedback on Widgets to date, people are enjoying the quick access to content most important to them in a way that is seamless without breaking their flow," says Panos Panay, head of devices and Windows. "Beginning later this year you'll be able to start building Widgets as companion experiences for your Win32 and PWA apps on Windows 11, powered by the Adaptive Cards platform."

Microsoft has updated the Windows Subsystem for Android (WSA) to Android 12.1 and shipped improvements to Android integration with Windows, networking, the camera in apps, the Settings app, and more. ZDNet reports: Current limitations aside, Microsoft is continuing to invest in bringing Android to Windows 11, as seen in its update to the WSA on Windows 11 (version 2204.40000.15) to Android 12.1, which is available to Insiders on the Dev Channel, according to a Microsoft blogpost. WSA launched with Android 11. Microsoft has improved networking on the Windows Subsystem for Android, so that Android apps can connect to devices on the same network as a Windows PC. Advanced networking allows users to set up smart home devices such as speakers and security cameras with a compatible Android app. This feature is available in Windows 11 preview builds 22621 and higher, with advanced networking on by default for new x64 Windows builds.

Android-Windows integration has also been improved. Windows taskbar icons now show which Android apps are currently using hardware features like the mic and location in the system tray. The taskbar now also correctly appears or disappears when apps are running or stopped. Android notifications also show as Windows notifications and the Windows title of an Android app now reflects the Android activity title. Android apps won't restart afresh after exiting connected standby mode, but instead will recommence where the app was paused.

Of the "many camera updates" in this release, Microsoft highlights that camera orientation is fixed to natural orientation, and that it's fixed incorrect camera previews, letterboxing (where the app window is wider than it is high, or horizontally longer), and a "squishing of the camera feed." Mouse and keyboard inputs in Windows Subsystem for Android have been improved. Microsoft also improved scroll-wheel support, fixed the onscreen keyboard focus, and ensured the Android soft keyboard displays correctly. The updated Windows Subsystem for Android Settings app gained redesigned UX and diagnostics data viewer. As of this update, telemetry collection is off by default. However, Microsoft is encouraging users to enable the setting, so it can collect data about Android app usage. "Other important updates include reduced flicker when apps are restored from a minimized state, the addition of VP8 and VP9 video hardware decoding, and the addition of Chromium WebView 100 to the Windows Subsystem for Android," adds ZDNet.

An anonymous reader shares a report: While not every user is actively monitoring hardware resource usage when gaming, enthusiasts and reviewers often turn the stats on to see how certain games and other applications are being handled by the hardware. During such a test run, CapFrameX, which developed a useful frametime analysis tool, noticed a weird anomaly when gauging the performance of the Ryzen 7 5800X3D on Lara Croft Shadow of the Tomb Raider (SotTR). The processor usage reported on Windows 11 is seemingly unusually low in one of the scenes in the game which is typically known to be quite intense on the CPU. Only one out the 16 threads seem to be reporting the correct usage whereas all the other threads are under 10% utilization. CapFrameX notes the issue though it isn't sure what could be causing it: " The core usage reporting on Window 11 is completely broken. Should be >80% for SotTR + this particular scene and settings. What happened? Did the recent update change the timer behavior?"

Created at Google in late 2007, the Go programming language was open sourced in late 2009, remember its creators, and "since then, it has operated as a public project, with contributions from thousands of individuals and dozens of companies."

In a joint essay in Communications of the ACM, five of the language's five original creators explore what brought growing popularity to this "garbage-collected, statically compiled language for building systems" (with its self-contained binaries and easy cross-compilation). "The most important decisions made in the language's design...were the ones that made Go better for large-scale software engineering and helped us attract like-minded developers...." Although the design of most languages concentrates on innovations in syntax, semantics, or typing, Go is focused on the software development process itself. Go is efficient, easy to learn, and freely available, but we believe that what made it successful was the approach it took toward writing programs, particularly with multiple programmers working on a shared codebase. The principal unusual property of the language itself — concurrency — addressed problems that arose with the proliferation of multicore CPUs in the 2010s. But more significant was the early work that established fundamentals for packaging, dependencies, build, test, deployment, and other workaday tasks of the software development world, aspects that are not usually foremost in language design.

These ideas attracted like-minded developers who valued the result: easy concurrency, clear dependencies, scalable development and production, secure programs, simple deployment, automatic code formatting, tool-aided development, and more. Those early developers helped popularize Go and seeded the initial Go package ecosystem. They also drove the early growth of the language by, for example, porting the compiler and libraries to Windows and other operating systems (the original release supported only Linux and MacOS X). Not everyone was a fan — for instance, some people objected to the way the language omitted common features such as inheritance and generic types. But Go's development-focused philosophy was intriguing and effective enough that the community thrived while maintaining the core principles that drove Go's existence in the first place. Thanks in large part to that community and the technology it has built, Go is now a significant component of the modern cloud computing environment.

Since Go version 1 was released, the language has been all but frozen. The tooling, however, has expanded dramatically, with better compilers, more powerful build and testing tools, and improved dependency management, not to mention a huge collection of open source tools that support Go. Still, change is coming: Go 1.18, released in March 2022, includes the first version of a true change to the language, one that has been widely requested — the first cut at parametric polymorphism.... We considered a handful of designs during Go's first decade but only recently found one that we feel fits Go well. Making such a large language change while staying true to the principles of consistency, completeness, and community will be a severe test of the approach.