Microsoft has updated the Windows Subsystem for Android (WSA) to Android 12.1 and shipped improvements to Android integration with Windows, networking, the camera in apps, the Settings app, and more. ZDNet reports: Current limitations aside, Microsoft is continuing to invest in bringing Android to Windows 11, as seen in its update to the WSA on Windows 11 (version 2204.40000.15) to Android 12.1, which is available to Insiders on the Dev Channel, according to a Microsoft blogpost. WSA launched with Android 11. Microsoft has improved networking on the Windows Subsystem for Android, so that Android apps can connect to devices on the same network as a Windows PC. Advanced networking allows users to set up smart home devices such as speakers and security cameras with a compatible Android app. This feature is available in Windows 11 preview builds 22621 and higher, with advanced networking on by default for new x64 Windows builds.

Android-Windows integration has also been improved. Windows taskbar icons now show which Android apps are currently using hardware features like the mic and location in the system tray. The taskbar now also correctly appears or disappears when apps are running or stopped. Android notifications also show as Windows notifications and the Windows title of an Android app now reflects the Android activity title. Android apps won't restart afresh after exiting connected standby mode, but instead will recommence where the app was paused.

Of the "many camera updates" in this release, Microsoft highlights that camera orientation is fixed to natural orientation, and that it's fixed incorrect camera previews, letterboxing (where the app window is wider than it is high, or horizontally longer), and a "squishing of the camera feed." Mouse and keyboard inputs in Windows Subsystem for Android have been improved. Microsoft also improved scroll-wheel support, fixed the onscreen keyboard focus, and ensured the Android soft keyboard displays correctly. The updated Windows Subsystem for Android Settings app gained redesigned UX and diagnostics data viewer. As of this update, telemetry collection is off by default. However, Microsoft is encouraging users to enable the setting, so it can collect data about Android app usage. "Other important updates include reduced flicker when apps are restored from a minimized state, the addition of VP8 and VP9 video hardware decoding, and the addition of Chromium WebView 100 to the Windows Subsystem for Android," adds ZDNet.

An anonymous reader shares a report: While not every user is actively monitoring hardware resource usage when gaming, enthusiasts and reviewers often turn the stats on to see how certain games and other applications are being handled by the hardware. During such a test run, CapFrameX, which developed a useful frametime analysis tool, noticed a weird anomaly when gauging the performance of the Ryzen 7 5800X3D on Lara Croft Shadow of the Tomb Raider (SotTR). The processor usage reported on Windows 11 is seemingly unusually low in one of the scenes in the game which is typically known to be quite intense on the CPU. Only one out the 16 threads seem to be reporting the correct usage whereas all the other threads are under 10% utilization. CapFrameX notes the issue though it isn't sure what could be causing it: " The core usage reporting on Window 11 is completely broken. Should be >80% for SotTR + this particular scene and settings. What happened? Did the recent update change the timer behavior?"

Created at Google in late 2007, the Go programming language was open sourced in late 2009, remember its creators, and "since then, it has operated as a public project, with contributions from thousands of individuals and dozens of companies."

In a joint essay in Communications of the ACM, five of the language's five original creators explore what brought growing popularity to this "garbage-collected, statically compiled language for building systems" (with its self-contained binaries and easy cross-compilation). "The most important decisions made in the language's design...were the ones that made Go better for large-scale software engineering and helped us attract like-minded developers...." Although the design of most languages concentrates on innovations in syntax, semantics, or typing, Go is focused on the software development process itself. Go is efficient, easy to learn, and freely available, but we believe that what made it successful was the approach it took toward writing programs, particularly with multiple programmers working on a shared codebase. The principal unusual property of the language itself — concurrency — addressed problems that arose with the proliferation of multicore CPUs in the 2010s. But more significant was the early work that established fundamentals for packaging, dependencies, build, test, deployment, and other workaday tasks of the software development world, aspects that are not usually foremost in language design.

These ideas attracted like-minded developers who valued the result: easy concurrency, clear dependencies, scalable development and production, secure programs, simple deployment, automatic code formatting, tool-aided development, and more. Those early developers helped popularize Go and seeded the initial Go package ecosystem. They also drove the early growth of the language by, for example, porting the compiler and libraries to Windows and other operating systems (the original release supported only Linux and MacOS X). Not everyone was a fan — for instance, some people objected to the way the language omitted common features such as inheritance and generic types. But Go's development-focused philosophy was intriguing and effective enough that the community thrived while maintaining the core principles that drove Go's existence in the first place. Thanks in large part to that community and the technology it has built, Go is now a significant component of the modern cloud computing environment.

Since Go version 1 was released, the language has been all but frozen. The tooling, however, has expanded dramatically, with better compilers, more powerful build and testing tools, and improved dependency management, not to mention a huge collection of open source tools that support Go. Still, change is coming: Go 1.18, released in March 2022, includes the first version of a true change to the language, one that has been widely requested — the first cut at parametric polymorphism.... We considered a handful of designs during Go's first decade but only recently found one that we feel fits Go well. Making such a large language change while staying true to the principles of consistency, completeness, and community will be a severe test of the approach.

After nearly 20 years, Hollywood Designer 6.0 is "very stable and mature", write its developers — envisioning both hobbyist and professional users (with its support for modern graphics-editing features like filter effects and vector graphics) in its massive new evolution.

Long-time Slashdot reader Mike Bouma explains: Airsoft Softwair has released Hollywood Designer 6.0, "a full-blown multimedia authoring system that runs on top of Hollywood and can be used to create all sorts of multimedia-based applications, for example presentations, slide shows, games, and applications. Thanks to Hollywood, all multimedia applications created using Hollywood Designer can be exported as stand-alone executables for the following systems: AmigaOS3, AmigaOS4, WarpOS, MorphOS, AROS, Windows, macOS, Linux, Android, and iOS."

The current version of Hollywood is v9.1 with various updated add-ons. To see earlier versions of Hollywood 9.0 & Designer 5.0 in action have a look at Kas1e's short demonstration on AmigaOS4 / AmigaOne X5000.

Munich-based developer Aaron Ardiri is Slashdot reader #245,358, with a profile that still identifies him as a Palm OS developer. Which surprised me, because Palm OS's last update was in 2007. (Then again, ardiri's Slashdot profile also still includes his screen name on AOL Instant Messenger.)

So, a long-time Slashdot reader. And this week he stopped by to share a little history — in more ways than one. ardiri writes: Before the iOS and Android entered the scene — heck, even before the smartphone concept — was the handheld personal digital assistant, with the likes of Newton, Palm OS, Windows Mobile and Symbian.

Palm OS had a thriving gaming scene; with the likes of emulators and implementations/clones of classics such as LodeRunner, Lemmings, and the classic Game and Watch.
But the real news of ardiri's original submission is hidden in its headline. "Palm OS developer releases source to classic games, 20+ years after release." Written mainly in C and optimizations in assembler — maybe these games will make their way to the various Arduino like micro-controllers out there; designed for low memory, low processing power environments they would port perfectly.

As Pwn2Own Vancouver comes to a close, a whopping $1,115,000 has been awarded by Trend Micro and Zero Day Initiative. The 15th anniversary edition saw 17 "contestants" attacking 21 targets, reports Hot Hardware — though "the biggest payouts were for serious exploits against Microsoft's Teams utility." While Teams isn't technically a part of Windows, it does come bundled with all new installs of Windows 11, which means that these exploits are practically Windows exploits. Hector "p3rr0" Peralta, Masato Kinugawa, and STAR Labs each earned $150,000 for major exploits of the utility.

Windows 11 itself wasn't spared, though. Marcin Wiazowski and STAR Labs each earned $40,000 for privilege escalation exploits on Microsoft's operating system on day one, and on day two, TO found a similar bug for a $40,000 payout of his own. Day three saw no less than three more fresh exploits against Windows 11, all in the serious privilege escalation category; all three winners pocketed another $40,000....

Other targets attacked at Pwn2Own 2022 included Mozilla Firefox (hacked), Apple Safari (hacked), and Ubuntu Desktop (hacked)... Of course, details of the hacks aren't made public, because they're zero-days, after all. That means that they haven't been patched yet, so releasing details of the exploits could allow malicious actors to make use of the bugs. Details will be revealed 3 months from now, during which time Microsoft, Tesla, Apple, and others should have their software all sewn up.
With all the points totalled, the winner was Singapore-based cybersecurity company Star Labs, which was officially crowned "Master of Pwn" on Saturday. "They won $270,000 and 27 points during the contest," explains the official Twitter feed for Zero Day Initiative (the judges for the event).

A blog post from Zero Day Initiative describes all 21 attacks, including six successful attacks against Windows, three successful attacks against Teams — and four against Ubuntu Desktop.

Mike Bouma (Slashdot reader #85,252) writes: With the release of the A500 mini (which also supports A1200 games) and its side loading feature you may be interested to get started with Amiga Retro games development. This is why I collected some recent Amiga games development tutorials and added some additional information.

A popular game programming language on the Amiga is Blitz BASIC or AmiBlitz as the freely available and open source version is called now. The latest version (v 3.9.2) was recently released. The best known game developed with Blitz Basic is Team 17's original Worms game for the Amiga 500 in 1995. Meanwhile the Worms franchise has sold over 75 million game units across many different platforms. Daedalus2097 has just started an AmiBlitz video tutorial series on Twitch.tv: Part 1, Part 2 and Part 3. An example AmiBlitz game currently under development is Super Metal Hero (A1200) and here's a shooter level in the game.

REDPILL is a 2D game creation tool written in AmiBlitz by Carlos Peris and is designed to empower people to create many games for Amiga without programming knowledge. It's still early days but the first games are already being designed using this tool. An example game designed with this tool is Guardian — The legend of flaming sword.

The "Scorpion Engine" developed by Erik 'Earok' Hogan is a closed source game engine with all software developed for it open source. It offers a modern Windows IDE for development. In this video, Erik Hogan guides Micheal Parent from Bitbeam Cannon step by step as they create a legit retro video game from scratch. Various new games have and are being developed using this engine. An already released game is Amigo the Fox and an example game under development is Rick Dangerous (A1200 version).

If you want to dig deeper into Amiga coding then here's a series of Assembly game development tutorials by Phaze101. An example game currently being written in assembler is RESHOOT PROXIMA 3 (A1200).

If you are unexperienced with coding but would like to then here are some Amos (BASIC) tutorials for you: Rob Smith's How to program Wordle in AMOS on the AMIGA and Lets Code Santa's Present Drop Game.

System76's CEO Carl Richell announced that HP has chosen the Ubuntu-based Pop!_OS operating system to run on its 14-inch developer-focused notebook called "Dev One." Brian Fagioli from BetaNews speculates that a HP acquisition of System76 "could be a possibility in the future -- if this new relationship pans out at least." He continues: HP could be testing the waters with the upcoming Dev One. Keep in mind, System76 does not even build its own laptops, so we could see the company leave the notebook business and focus on desktops only -- let HP handle the Pop!_OS laptops. "We've got you covered. Experience exceptional multi-core performance from the AMD Ryzen 7 PRO processor and multitask with ease. Compile code, run a build, and keep all your apps running with more speed from the 16GB memory. Plus, load and save files in a flash, thanks to 1TB fast PCIe NVMe M.2 storage. We've even added a Linux Super key so shortcuts are a click away. Simply put, HP Dev One is built to help you code better," explains HP.

The company adds, "Pop!_OS is at your service. Create your ideal work experience with multiple tools to help you perform with peak efficiency. Use Stacking to organize and access multiple applications, browsers, and terminal windows. Move, resize, and arrange windows with ease or, let Pop!_OS keep you organized and efficient with Auto-tiling. And use Workspaces to reduce clutter by organizing windows across multiple desktops." Apparently, there will only be one configuration priced at $1,099. So far, no details about a release date have been announced other than "coming soon."

Microsoft is adding an optional web search to the Windows 11 desktop in the operating system's latest Insider Preview Build. From a report: The company describes the feature as "lightweight interactive content" -- the first, it says, of many such tools it's considering adding to Windows 11 -- but let's call the thing what it really is: a widget. Not everyone signed up to the latest Windows 11 preview build will see the new search box, but anyone who does and doesn't like it can disable the feature by right-clicking on the desktop, selecting "Show more options," and then toggling "Show search." If you are running the latest preview build, you'll also have to restart your computer to give the search box a chance to show up.

ZDNet reports there's more than just the one Microsoft-created Linux distribution for internal use only called CBL (Common Base Linux) Mariner.

"It turns out there's another Microsoft-developed Linux distribution that's also for internal use that's known as CBL-Delridge or CBL-D." I discovered the existence of CBL-D for the first time this week in a rather round-about way. I stumbled onto a February 2 blog post from Hayden Barnes. a Senior Engineering Manager at SuSE who led the Windows on Rancher engineering team, which traced his steps in discovering and building his own image of CBL-D. Barnes noted that Microsoft published CBL-Delridge in 2020, the same year that it also published CBL-Mariner. The main difference between the two: Delridge is a custom Debian derivative, while Mariner is a custom Linux From Scratch-style distribution.

CBL-D powers Azure's Cloud Shell. The Azure Cloud Shell provides a set of cloud-management tools packaged in a container. In a note on the GitHub repo for the Cloud Shell, officials noted that "the primary difference between Debian and CBL-D is that Microsoft compiles all the packages included in the CBL-D repository internally. This helps guard against supply chain attacks...."

CBL-Mariner and CBL-Delridge are just two of the Microsoft-developed Linux-related deliverables from the Linux Systems Group. Others include the Windows Subsystem for Linux version 2 (WSL2), which is part of Windows 10; an Azure-tuned Linux kernel which is designed for optimal performance as Hyper-V guests; and Integrity Policy Enforcement (IPE), a proposed Linux Security Module (LSM) from the Enterprise and Security team.

ZDNet reports news from PyCon 2022 ("the first in-person meet-up for Python contributors since 2019 due to the pandemic")

"Developers revisited the idea of running Python code in the browser...." CPython developer Christian Heimes and fellow contributor Ethan Smith detailed how they enabled the CPython main branch to compile to WebAssembly. CPython, short for Core Python, is the reference implementation that other Python distributions are derived from. CPython now cross-compiles to Wasm using Emscripten, a toolchain that compiles projects written in C or C++ to Node.js or Wasm runtimes. The Python Software Foundation highlighted the work in a blog post: "Python can be run on many platforms: Linux, Windows, Apple Macs, microcomputers, and even Android devices. But it's a widely known fact that, if you want code to run in a browser, Python is simply no good — you'll just have to turn to JavaScript," it notes.

"Now, however, that may be about to change."

While the Foundation notes cross-compiling to WebAssembly is still "highly experimental" due to missing modules in the Python standard library, nonetheless, PyCon 2022 demonstrated growing community interest in making Python a better language for the browser.
The article notes additional news from Anaconda (makers of the a Python distribution for data science): the announcement of PyScript, "a system for interleaving Python in HTML (like PHP)." It allows developers to write and run Python code in HTML, and call Javascript libraries in PyScript. This system allows a website to be written entirely in Python.

PyScript is built on Pyodide, a port of CPython, or a Python distribution for the browser and Node.js that's based on WebAssembly and Emscripten.... "Pyodide makes it possible to install and run Python packages in the browser with micropip. Any pure Python package with a wheel available on PyPI is supported," the Pyodide project states. Essentially, it compiles Python code and scientific libraries to WebAssembly using Emscripten.

An anonymous reader quotes a report from XDA Developers: Google created Flutter a number of years ago, with the aim to make a cross-platform software framework. Flutter's biggest strength is that it can be used to build applications for Android, iOS, Linux, Windows, macOS, and even the web, and all from the same shared codebase. While building apps for Windows received stable support back in February, both macOS and Linux were still only in beta. Now that's changing, as Google has announced Flutter 3 at this year's Google I/O, complete with stable support for building apps for macOS and Linux.

Of course, cross-platform support for both of these new platforms requires more than just programs being able to run. They need to fit in with the rest of the experience, and they need to support specific features that may be unique, as well. That's why Google is highlighting two things: the first is that Linux support helped by Canonical (the publisher of Ubuntu) and Google collaborating in order to "offer a highly-integrated, best-of-breed option for development."

As Google puts it, Canonical is already developing with "Flutter for key shell experiences including installation and firmware updates." What's more, their Linux-specific packages "provide an idiomatic API for core operating system services including dbus, gsettings, networkmanager, Bluetooth and desktop notifications, as well as a comprehensive theme and widget set for Yaru, the Ubuntu look and feel." As for macOS, Google invested in supporting both Intel and Apple Silicon devices, with Universal Binary support that allows apps to package executables that run natively on both architectures. Tim Sneath, Director of Product and UX for Flutter & Dart, highlights all the new improvements in a Medium post.

An anonymous reader quotes a report from Ars Technica: Windows' Sound Recorder app has gone through a few iterations since its initial release in Windows 3.0 back in 1990, when it launched as a simple app that could only record 60 seconds of audio at a time. But the app vanished altogether in Windows 10, replaced by a totally new app called Voice Recorder, which can record and trim basic sound recordings and save them as m4a files. Sound Recorder is now making a comeback, and Microsoft is currently testing a revamped version for Windows Insiders in the Dev channel. The company announced the redesign in a blog post summarizing Windows 11's updates to built-in Windows apps.

The new Sound Recorder uses a two-column layout similar to Voice Recorder's, with playback and trimming controls to the right and a list of all the files you've recorded on the left. But it adds some old Sound Recorder features that disappeared from the app years ago, when it was boiled down to almost nothing in Windows Vista. The app has a waveform visualizer that appears during recording and playback, and you can once again choose to save or open files in multiple formats (including the default m4a, as well as mp3, wma, FLAC, and WAV). The new Sound Recorder can also adjust audio playback speed from 0.25x to 4 and set markers so you can easily jump from place to place within a large audio recording.

DrunkenTerror shares a report from ExtremeTech: Microsoft is advising Windows 11 users to uninstall a recent update. Reports indicated the optional update KB5012643 is causing various apps to crash. The problem involves an interaction between the update and the .Net Framework that's part of Windows. At this time it's unclear which apps are affected by the issue, leaving uninstallation as the "only" viable solution.

"Affected apps are using certain optional components in .NET Framework 3.5, such as Windows Communication Foundation (WCF) and Windows Workflow (WWF) components." This update also broke Safe Mode. Microsoft says when users booted into 'Safe Mode without networking' users might see the screen flicker. Per MS, "Components that rely on explorer.exe, such as File Explorer, the Start menu, and the taskbar, can be affected and appear unstable." Microsoft issued a Known Issue Rollback (KiR) for this already so it should be fixed. If you encounter it, you should be able to resolve it by enabling network support in Safe Mode.

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. BleepingComputer reports: The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible. [...] The dropper copies the legitimate OS error handling file [...] and then drops an encrypted binary resource to the 'wer.dll' (Windows Error Reporting) in the same location, for DLL search order hijacking to load malicious code. DLL hijacking is a hacking technique that exploits legitimate programs with insufficient checks to load into memory a malicious Dynamic Link Library (DLL) from an arbitrary path.

[Denis Legezo, lead security researcher at Kaspersky] says that the dropper's purpose is to loader on the disk for the side-loading process and to look for particular records in the event logs (category 0x4142 - 'AB' in ASCII. If no such record is found, it writes 8KB chunks of encrypted shellcode, which are later combined to form the code for the next stager. "The dropped wer.dll is a loader and wouldn't do any harm without the shellcode hidden in Windows event logs," says Legezo. The new technique analyzed by Kaspersky is likely on its way to becoming more popular as Soumyadeep Basu, currently an intern for Mandiant's red team, has created and published on GitHub source code for injecting payloads into Windows event logs.

Summer has arrived in South Asia WAY too early. A punishing heat wave has pushed temperatures past 120F (50C) in some areas. Some schools have closed early for the summer. Dozens of people have died of heatstroke. From a report: The region is already hard-hit by climate change. Extreme heat is common in May. But not in April and March, both of which were the hottest across much of India for more than a century. "It's smoldering hot! It's also humid, which is making it very difficult," Chrisell Rebello, 37, told NPR in line outside a Mumbai ice cream parlor at 11 p.m. "We need a lot of cold drinks, air conditioning -- and multiple baths a day." Only a fraction of Indians -- mostly, the wealthy -- have air conditioning. Instead people soak rags in water and hang them in doors and windows. Still, electric fans and AC have pushed India's electricity demand to a record high.

The problem is that 70% of India's electricity comes from coal. So the government is converting passenger trains to cargo service, to rush coal supplies to beleaguered power plants, and also importing more coal from abroad. And rolling blackouts are hurting industrial output. In the short term, experts say India has no choice but to burn coal to keep fans and ACs on. But in the long term, it must transition to renewables, to avoid a vicious circle of warming, says Ulka Kelkar, a Bengaluru-based economist and climate change expert with the World Resources Institute. "[With] heat plus humidity, at some stage [it] becomes almost impossible for the human body's organs to function normally," Kelkar explains. "Basically the body just cannot cool itself, and a large fraction of our population in India still works outside in the fields, on building construction, in factories which are not cooled." More than a billion people are at risk of heat-related illness across South Asia. Hospitals are preparing special wards. Further reading: India's Heatwaves Are Testing the Limits of Human Survival.

Bluesky, Twitter's open-source offshoot, has released early code for a decentralized social network protocol. The Verge reports: The system is dubbed the Authenticated Data Experiment (or ADX) and is available on GitHub for developers to test, although Bluesky emphasizes that it's incomplete. It's one of the most substantive windows into Bluesky's workings since the project was conceived in 2019 and formally incorporated in early 2022. Bluesky CEO Jay Graber writes that ADX will be the start of a semi-public development process. "We're going to take a middle path of releasing work before it's complete, but also giving ourselves time to workshop new directions at early stages," Graber says. The GitHub repository includes an overview of ADX's goals and design as well as some experimental code. "Feel free to play around, but don't try to build your next big social app on this yet. Things are missing, and things are going to change," Graber says. The code is available under an open source MIT License.

ADX isn't a single, standalone social network design. It's a protocol built around user-controlled "Personal Data Repositories" that social network developers could choose to support. Among other things, it's supposed to let users transfer social media posts or engagement between networks without eroding the networks' own moderation options. "On the Web, this data lives on the social platform where it was created. In ADX, this data will live in Personal Data Repositories owned by the user," the overview explains. Platforms can choose to only index some of this content -- drawing a distinction between "speech," or the ability to keep data in the repository, and "reach," or being able to see that data on a given platform.

Microsoft Edge has overtaken Apple's Safari to become the world's second most popular desktop browser, based on data provided by web analytics service StatCounter. MacRumors reports: According to the data, Microsoft Edge is now used on 10.07 percent of desktop computers worldwide, 0.46 percent ahead of Safari, which stands at 9.61 percent. Google Chrome remains in first place with a dominant 66.64 percent share, and Mozilla's Firefox stands in fourth with 7.86 percent. As the default Windows 11 browser, the popularity of Edge has crept up in recent months, with the first concrete signs that it would surpass Safari to take second place coming in February, when it was used on 9.54 percent of desktops globally. Back in January 2021, Safari held a 10.38 percent market share, indicating a gradual slippage in popularity over the last 14 months.

Meanwhile, first-placed Chrome has seen its user base increase incrementally over that time, but perhaps surprisingly, Firefox has leaked users since the beginning of the year, despite regular updates and improvements. That suggests Safari's hold on third place isn't in immediate danger, having lost only 0.23 percent share since February, but things could always change fast if Apple decides to introduce sweeping changes to the way Safari works in macOS 13 later this year. It's a different story when it comes to mobile platforms, notes MacRumors. "In StatCounter's analysis, Edge doesn't even make it into the top six browsers on mobile, but first-placed Chrome commands 62.87 of usage share, with Safari on iPhones and iPads taking a comfortable 25.35 percent in second place, 20.65 percent ahead of third-placed Samsung Internet, with 4.9 percent."

An anonymous reader quotes a report from Ars Techinca: It's not the kind of security discovery that happens often. A previously unknown hacker group used a novel backdoor, top-notch tradecraft, and software engineering to create an espionage botnet that was largely invisible in many victim networks. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims' networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including:

- The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types of IoT devices that don't support antivirus or endpoint detection. This makes detection through traditional means difficult.
- Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device.
- A live-off-the-land approach that favors common Windows programming interfaces and tools over custom code with the goal of leaving as light a footprint as possible.
- An unusual way a second-stage backdoor connects to attacker-controlled infrastructure by, in essence, acting as a TLS-encrypted server that proxies data through the SOCKS protocol.

The SOCKS tunnel allowed the hackers to effectively connect their control servers to a victim's network where they could then execute tools without leaving traces on any of the victims' computers. A secondary backdoor provided an alternate means of access to infected networks. It was based on a version of the legitimate reGeorg webshell that had been heavily obfuscated to make detection harder. The threat actor used it in the event the primary backdoor stopped working. [...] One of the ways the hackers maintain a low profile is by favoring standard Windows protocols over malware to move laterally. To move to systems of interest, UNC3524 used a customized version of WMIEXEC, a tool that uses Windows Management Instrumentation to establish a shell on the remote system. Eventually, Quietexit executes its final objective: accessing email accounts of executives and IT personnel in hopes of obtaining documents related to things like corporate development, mergers and acquisitions, and large financial transactions. "Unpacking this threat group is difficult," says Ars' Dan Goodin. "From outward appearances, their focus on corporate transactions suggests a financial interest. But UNC3524's high-caliber tradecraft, proficiency with sophisticated IoT botnets, and ability to remain undetected for so long suggests something more."

UnknowingFool writes: In October 2021, PC World reviewed Windows 11 and labeled it as an "unnecessary replacement" to Windows 10 and did not recommend it for Windows 10 users. PC World noted that it was a "mixed bag of improved features and unnecessary changes." Six months later they reviewed it again. While MS has made improvements, PC World does not feel the improvements warrant a recommendation for Windows 10 users to upgrade.