DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
GNOME

GNOME 3.24 Released (softpedia.com) 3

prisoninmate quotes a report from Softpedia: GNOME 3.24 just finished its six-month development cycle, and it's now the most advanced stable version of the modern and popular desktop environment used by default in numerous GNU/Linux distributions. It was developed since October 2016 under the GNOME 3.23.x umbrella, during which it received numerous improvements. Prominent new features of the GNOME 3.24 desktop environment include a Night Light functionality that promises to automatically shift the colors of your display to the warmer end of the spectrum after sunset, and a brand-new GNOME Control Center with redesigned Users, Keyboard and Mouse, Online Accounts, Bluetooth, and Printer panels. As for the GNOME apps, we can mention that the Nautilus file manager now lets users browse files as root (system administrator), GNOME Photos imitates Darktable's exposure and blacks adjustment tool, GNOME Music comes with ownCloud integration and lets you edit tags, and GNOME Calendar finally brings the Week view. New apps like GNOME Recipes are also part of this release. The full release notes can be viewed here. Softpedia notes in conclusion: "As mentioned before, it will take at least a couple of weeks for the new GNOME 3.24 packages to land on the stable repositories of your favorite distro, which means that you'll most probably be able to upgrade from GNOME 3.22 when the first point release, GNOME 3.24.1, is out on April 12, 2017."
Microsoft

Microsoft's Edge Was Most Hacked Browser At Pwn2Own 2017, While Chrome Remained Unhackable (tomshardware.com) 132

At the Pwn2Own 2017 hacking event, Microsoft's Edge browser proved itself to be the least secure browser at the event, after it was hacked no less than five times. Google's Chrome browser, on the other hand, remained unhackable during the contest. Tom's Hardware reports: On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $80,000 prize for this exploit. On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. Two other teams withdrew their entries against Edge. However, Team Lance (Tencent Security) successfully exploited Microsoft's browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. The exploit got the team $55,000. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well. The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from "360 Security." The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000. The fifth exploit against Edge was done by Richard Zhu, who used two UAF bugs--one in Edge and one in a Windows kernel buffer overflow--to complete the hack. The attack gained Zhu $55,000. At last year's Pwn2Own 2016, Edge proved to be more secure than Internet Explorer and Safari, but it still ended up getting hacked twice. Chrome was only partially hacked once, notes Tom's Hardware.
Android

Samsung Announces Bixby, Its New Digital Assistant Launching With the Galaxy S8 (phonedog.com) 71

Samsung has taken the wraps off its new digital assistant that will be launching with the upcoming Galaxy S8 and S8 Plus smartphones. Called "Bixby," the new assistant will use artificial intelligence to enable users to do everything that is possible to do by touch, but with voice. PhoneDog reports: Samsung is touting three main features of its new assistant. The first is "Completeness," which means that when an app is Bixby-enabled, the assistant will able to perform almost every task that the app normally supports using touch. The second Bixby property is "Context Awareness." This means that when Bixby is activated, it'l be able to understand the current context and the state of the app that you're in without interrupting the work that you're doing. Finally, there's "Cognitive Tolerance." Samsung says that Bixby is smart enough to understand commands with incomplete commands, meaning that you don't have to remember the exact phrase that you have to say to perform a task with an assistant. Bixby will also ask you for more information when performing a task and then execute it. A select number of apps on the Galaxy S8 will be Bixby-enabled at launch, and Samsung plans to add more over time. The company also intends to release an SDK so that third-party app developers can add Bixby support to their apps.
Desktops (Apple)

Popular Open-Source Audio Editor Audacity Adds Windows 10 Support, More Improvements (audacityteam.org) 97

Audacity, a popular open-source and cross-platform audio editor, has received a "maintenance" update that brings several improvements. Dubbed v2.1.3, the biggest new addition appears to be support for Windows 10 OS. For Mac users, Audacity now works in tandem with the Magic Mouse. "We now support Trackpad and Magic Mouse horizontal scroll without SHIFT key and Trackpad pinch and expand to zoom at the pointer," the release note says. We also have new "Scrub Ruler" and "Scrub Toolbar" scrubbing options in the application now. Read the full changelog here.
Microsoft

Windows 10 Will Download Some Updates Even Over a Metered Connection (winsupersite.com) 319

Reader AmiMoJo writes: Until now Windows 10 has allowed users to avoid downloading updates over metered (pay-per-byte) connections, to avoid racking up huge bills. Some users were setting their ethernet/wifi connections as metered in order to prevent Windows 10 from downloading and installing updates without their permission. In its latest preview version of the OS, Microsoft is now forcing some updates necessary for "smooth operation" to download even on these connections. As well as irritating users who want to control when updates download and install, users of expensive pay-per-byte connections could face massive bills.
Security

Windows 10 UAC Bypass Uses Backup and Restore Utility (bleepingcomputer.com) 58

An anonymous reader writes: "A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning," reports BleepingComputer. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware. Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10 (not earlier OS versions) and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility
Patents

Sony Patent Could Let You Wirelessly Charge Your Phone From Another Device (digitaltrends.com) 36

One of the biggest downsides to wireless charging is the wire necessary to actually charge your device. You generally need to place your wireless charging-enabled device on a compatible charger, which needs to be plugged into a wall. Well, Sony hopes to make the process of wireless charging a bit easier as it has applied for a patent that will allow you to wirelessly charge your phone straight from someone else's phone. Digital Trends reports: The feature could be very useful. Sure, an ideal situation would be if you had access to a power outlet whenever you needed it, but the fact is we've all experienced being out and about and running out of battery. With Sony's new tech, you could essentially just "steal" power from a friend who might have a slightly more charged up device than you. The patent filling itself was discovered by What Future, and the report notes that the tech may not be limited to phones. Instead, Sony could apply it to things like fridges, microwaves, TVs, computers, and really any kind of electronic device. The idea here is that all of you home devices could eventually become sources of wireless energy -- so your phone will almost always be charging if you're at home, without the need for wires.
Cellphones

Class-Action Lawsuit Targets LG Over Legendary G4, V10 Bootloop Issues (arstechnica.com) 31

For those affected by LG's infamous bootloop issue with the G4 and V10, you might find some joy in this: several (upset) owners of these devices have lodged a proposed class-action lawsuit in a California federal court. They claim that a repeating bootloop issue "renders the phones inoperable and unfit for any use." In other words: bricked. Ars Technica reports: Thousands of complaints about the G4 have been highlighted on Twitter, Reddit, and YouTube. There was even an online petition to "launch a replacement program for defective LG G4s." Not to be outdone, the V10 has been the subject of many online complaints as well. One of the plaintiffs in the lawsuit (PDF) filed Wednesday said that LG replaced his G4 two times and that his third G4 constantly freezes. The new phone, says the suit, is "manifesting signs of the bootloop defect and is unmerchantable." A year ago, LG acknowledged the problem with the G4 and said it was the result of "loose contact between components." The company began offering replacement devices and fixes. The suit said that even after the January 2016 announcement, "LG continued to manufacture LG Phones with the bootloop defect." The suit claims that both models' processors were inadequately soldered to the motherboard, rendering them "unable to withstand the heat." Initially, the phones begin to freeze, suffer slowdowns, overheat, and reboot at random. Eventually, the suit says, they fail "entirely."
AMD

Microsoft Locks Ryzen, Kaby Lake Users Out of Updates On Windows 7, 8.1 (kitguru.net) 419

Artem Tashkinov writes: In a move that will shock a lot of people, someone at Microsoft decided to deny Windows 7/8.1 updates to the users of the following CPU architectures: Intel seventh (7th)-generation processors (Kaby Lake); AMD "Bristol Ridge" (Zen/Ryzen); Qualcomm "8996." It's impossible to find any justification for this decision to halt support for the x86 architectures listed above because you can perfectly run MS-DOS on them. Perhaps, Microsoft has decided that the process of foisting Windows 10 isn't running at full steam, so the company created this purely artificial limitation. I expect it to be cancelled soon after a wide backlash from corporate customers. KitGuru notes that users may encounter the following error message when they attempt to update their OS: "Your PC uses a processor that isn't supported on this version of Windows." The only resolution is to upgrade to Windows 10.
Microsoft

Microsoft To End Support For Windows Vista In Less Than a Month (pcworld.com) 167

In less than a month's time, Microsoft will put Windows Vista to rest once and for all. If you're one of the few people still using it, you have just a few weeks to find another option before time runs out. (I mean, nobody will uninstall it from your computer, but.) From a report on PCWorld: After April 11, 2017, Microsoft will no longer support Windows Vista: no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates, Microsoft says. (Mainstream Vista support expired in 2012.) Like it did for Windows XP, Microsoft has moved on to better things after a decade of supporting Vista. As Microsoft notes, however, running an older operating system means taking risks -- and those risks will become far worse after the deadline. Vista's Internet Explorer 9 has long since expired, and the lack of any further updates means that any existing vulnerabilities will never be patched -- ever. Even if you have Microsoft's Security Essentials installed -- Vista's own antivirus program -- you'll only receive new signatures for a limited time.
Education

Ask Slashdot: How To Teach Generic Engineers Coding, Networking, and Computing? 196

davegravy writes: I work at a small but quickly growing acoustic consulting engineering firm, consisting of a mix of mechanical, electrical, civil, and other engineering backgrounds. When I joined almost 10 years ago I was in good company with peers who were very computer literate -- able to develop their own complex excel macros, be their own IT tech support, diagnose issues communicating with or operating instrumentation, and generally dive into any technology-related problem to help themselves. In 2017, these skills and tendencies are more essential than they were 10 years ago; our instruments run on modern OS's and are network/internet-capable, the heavy data processing and analysis we need to do is python-based (SciPy, NumPy) and runs on AWS EC2 instances, and some projects require engineers to interface various data-acquisition hardware and software together in unique ways. The younger generation, while bright in their respective engineering disciplines, seems to rely on senior staff to a concerning degree when it comes to tech challenges, and we're stuck in a situation where we've provided procedures to get results but inevitably the procedures don't cover the vast array of scenarios faced day-to-day. Being a small company we don't have dedicated IT specialists. I believe I gathered my skills and knowledge through insatiable curiosity of all things technology as a child, self-teaching things like Pascal, building and experimenting with my own home LAN, and assembling computers from discrete components. Technology was a fringe thing back then, which I think drew me in. I doubt I'd be nearly as curious about it growing up today given its ubiquity, so I sort of understand why interest might be less common in today's youth.

How do we instill a desire to learn the fundamentals of networking, computing, and coding, so that the younger generation can be self-sufficient and confident working with the modern technology and tools they need to perform -- and be innovative in -- their jobs? I believe that the most effective learning occurs when there's a clearly useful purpose or application, so I'm hesitant to build a training program that consists solely of throwing some online courses at staff. That said, online courses may be a good place to get some background that can be built upon, however most that I've come across are intended for people pursuing careers in computer science, web development, software engineering, etc. Are there any good resources that approach these topics from a more general purpose angle?
Operating Systems

NetBSD 7.1 Released (netbsd.org) 45

New submitter fisted writes: The NetBSD Project is pleased to announce NetBSD 7.1, the first feature update of the NetBSD 7 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Some highlights of the 7.1 release are:

-Support for Raspberry Pi Zero.
-Initial DRM/KMS support for NVIDIA graphics cards via nouveau (Disabled by default. Uncomment nouveau and nouveaufb in your kernel config to test).
The addition of vioscsi, a driver for the Google Compute Engine disk.
-Linux compatibility improvements, allowing, e.g., the use of Adobe Flash Player 24.
-wm(4): C2000 KX and 2.5G support; Wake On Lan support; 82575 and newer SERDES based systems now work.
-ODROID-C1 Ethernet now works.
-Numerous bug fixes and stability improvements.

NetBSD is free. All of the code is under non-restrictive licenses, and may be used without paying royalties to anyone. Free support services are available via our mailing lists and website. Commercial support is available from a variety of sources. More extensive information on NetBSD is available from http://www.NetBSD.org.
You can download NetBSD 7.1 from one of these mirror sites.
Iphone

Inside a Phishing Gang That Targets Victims of iPhone Theft (krebsonsecurity.com) 15

tsu doh nimh writes: Brian Krebs has a readable and ironic story about a phishing-as-a-service product that iPhone thieves can use to phish the Apple iCloud credentials from people who have recently had an iPhone lost or stolen. The phishing service -- which charged as much as $120 for successful phishing attempts targeting iPhone 6s users -- was poorly secured, and a security professional that Krebs worked with managed to guess several passwords for users on the service. From there, the story looks at how this phishing service works, how it tracks victims, and ultimately how one of its core resellers phished his own iCloud account and inadvertently gave his exact location as a result. An excerpt from the report via Krebs On Security: "Victims of iPhone theft can use the Find My iPhone feature to remotely locate, lock or erase their iPhone -- just by visiting Apple's site and entering their iCloud username and password. Likewise, an iPhone thief can use those iCloud credentials to remotely unlock the victim's stolen iPhone, wipe the device, and resell it. As a result, iPhone thieves often subcontract the theft of those credentials to third-party iCloud phishing services. This story is about one of those services..."
Android

Kickstarter Campaign Aims To Add a Full Android Device To the Back of Your iPhone (macrumors.com) 158

A new Kickstarter campaign aims to expand the iPhone's functionality with its "Eye Smart iPhone Case," which features a fully functional Android device built into the case itself. The campaign was launched on March 1 and has already raised over $100,000. Mac Rumors reports: An always-on 5-inch AMOLED display is built into the case, which runs the Android 7.1 Nougat operating system. The case connects to the iPhone using its Lightning port to enable file transfers, power delivery, and more. A microSD card slot provides up to 256GB of storage for holding photos, videos, and other media, all of which is accessible using the Android file explorer. A built-in 2,800 mAh battery provides additional charge to the iPhone, and the Eye case itself supports Qi wireless charging. Two SIM card slots are included, and higher-end models support 4G LTE connectivity, so up to three phone numbers can be used with an iPhone. Android exclusive features, like native call recording, the file explorer, customization, file transfers, and Android apps are all made available to iPhone users via the Eye case. A 3.5mm headphone jack lets iPhone owners with an iPhone 7 or an iPhone 7 Plus to use wired headphones with the device, and the Eye case includes NFC, an IR blaster and receiver for controlling TVs and other devices, and a car mount. It's available for the iPhone 6 and later, and will allegedly be available for the new wave of iPhones coming in 2017 within a month of their release. The Smart iPhone Case is available for a Super early bird pledge of $95, with prices going up for 4G connectivity. The estimated retail price is between $189 and $229.
Chrome

Chrome 57 Limits Background Tabs Usage To 1% Per CPU Core (bleepingcomputer.com) 154

An anonymous reader quotes a report from BleepingComputer: Starting with Chrome 57, released last week, Google has put a muzzle on the amount of resources background tabs can use. According to Google engineers, Chrome 57 will temporarily delay a background tab's JavaScript timers if that tab is using more than 1% of a CPU core. Further, all background timers are suspended automatically after five minutes on mobile devices. The delay/suspension will halt resource consumption and cut down on battery usage, something that laptop, tablet, and smartphone owners can all relate. Google hinted in late January that it would limit JavaScript timers in background tabs, but nobody expected it to happen as soon as last week's Chrome release. By 2020, Google hopes to pause JavaScript operations in all background pages.
Nintendo

Nintendo Switch Ships With Unpatched 6-Month-Old WebKit Vulnerabilities (arstechnica.com) 89

An anonymous reader quotes a report from Ars Technica: Nintendo's Switch has been out for almost two weeks, which of course means that efforts to hack it are well underway. One developer, who goes by qwertyoruiop on Twitter, has demonstrated that the console ships with months-old bugs in its WebKit browser engine. These bugs allow for arbitrary code execution within the browser. A proof-of-concept explainer video was posted here. The potential impact of these vulnerabilities for Switch users is low. A Switch isn't going to have the same amount of sensitive data on it that an iPhone or iPad can, and there are way fewer Switches out there than iDevices. Right now, the Switch also doesn't include a standalone Internet browser, though WebKit is present on the system for logging into public Wi-Fi hotspots, and, with some cajoling, you can use it to browse your Facebook feed. The exploit could potentially open the door for jailbreaking and running homebrew software on the Switch, but, as of this writing, the exploit doesn't look like it provides kernel access. The developer who discovered the exploit himself says that the vulnerability is just a "starting point."
Windows

Windows 10 Is Just 'A Vehicle For Advertisements', Argues Tech Columnist (betanews.com) 353

A new editorial by BetaNews columnist Mark Wilson argues that Windows 10 isn't an operating system -- it's "a vehicle for ads". An anonymous reader quotes their report: They appear in the Start menu, in the taskbar, in the Action Center, in Explorer, in the Ink Workspace, on the Lock Screen, in the Share tool, in the Windows Store and even in File Explorer.

Microsoft has lost its grip on what is acceptable, and even goes as far as pretending that these ads serve users more than the company -- "these are suggestions", "this is a promoted app", "we thought you'd like to know that Edge uses less battery than Chrome", "playable ads let you try out apps without installing". But if we're honest, the company is doing nothing more than abusing its position, using Windows 10 to promote its own tools and services, or those with which it has marketing arrangements.

The article suggests ads are part of the hidden price tag for the free downloads of Windows 10 that Microsoft offered last year (along with the telemetry and other user-tracking features). Their article has already received 357 comments, and concludes that the prevalence of ads in Windows 10 is "indefensible".
EU

Munich's IT Lead: 'No Compelling Reason' To Switch Back To Windows From Linux (techrepublic.com) 203

"The man who runs Munich's central IT says there is no practical reason for the city to write off millions of euros and years of work to ditch its Linux-based OS for Windows," reports TechRepublic. Long-time Slashdot reader Qbertino summarizes a German-language article: Karl-Heinz Schneider, lead of Munich's local system house company IT@M, goes on to claim, "We do not see pressing technical reasons to switch to MS and MS Office... The council [in their recent plans] didn't even follow the analysts' suggestion to stick with using LibreOffice." Furthermore, Schneider stated that "System failures that angered citizens in recent years never were related to the LiMux project, but due to new bureaucratic procedures..." and apparently decisions by unqualified personnel at the administrative level, as Munich's administration itself states.
Android

Malware Found Preinstalled On 38 Android Phones Used By 2 Companies (arstechnica.com) 54

An anonymous reader quotes a report from Ars Technica: An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected. Most of the malicious apps were info stealers and programs that displayed ads on the phones. One malicious ad-display app, dubbed "Loki," gains powerful system privileges on the devices it infects. Another app was a mobile ransomware title known as "Slocker," which uses Tor to conceal the identity of its operators. Check Point didn't disclose the names of the companies that owned the infected phones. Padon said it's not clear if the two companies were specifically targeted or if the infections were part of a broader, more opportunistic campaign. The presence of ransomware and other easy-to-detect malware seems to suggest the latter. Check Point also doesn't know where the infected phones were obtained. One of the affected parties was a "large telecommunications company" and the other was a "multinational technology company."
Intel

Intel Security Releases Detection Tool For EFI Rootkits After CIA Leak (pcworld.com) 159

After WikiLeaks revealed data exposing information about the CIA's arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a "Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant." The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system's hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system's current EFI or against an EFI image previously extracted from a system.

Slashdot Top Deals