Microsoft

Ford Is Using Microsoft's HoloLens To Design Cars In Augmented Reality (theverge.com) 17

Ford is using Microsoft's HoloLens headset to let designers quickly model out changes to cars, trucks, and SUVs in augmented reality. This allows designers to see the changes on top of an existing physical vehicle, instead of the traditional clay model approach to car design. The Verge reports: Ford is still using clay models, but the HoloLens can be used to augment additional 3D models without having to build every single design prototype with clay. It's one of the more interesting ways we've seen businesses use Microsoft's HoloLens, and it's something customers will never see. Microsoft is planning to hold a Windows Mixed Reality launch event on October 3rd in San Francisco. We're not expecting to hear about a HoloLens successor, but we should get a better idea of what apps and games we'll see coming for Microsoft's Windows Mixed Reality headsets.
DRM

Corporations Just Quietly Changed How the Web Works (theoutline.com) 187

Adrianne Jeffries, a reporter at The Outline, writes on W3C's announcement from earlier this week: The trouble with DRM is that it's sort of ineffective. It tends to make things inconvenient for people who legitimately bought a song or movie while failing to stop piracy. Some rights holders, like Ubisoft, have come around to the idea that DRM is counterproductive. Steve Jobs famously wrote about the inanity of DRM in 2007. But other rights holders, like Netflix, are doubling down. The prevailing winds at the consortium concluded that DRM is now a fact of life, and so it would be be better to at least make the experience a bit smoother for users. If the consortium didn't work with companies like Netflix, Berners-Lee wrote in a blog post, those companies would just stop delivering video over the web and force people into their own proprietary apps. The idea that the best stuff on the internet will be hidden behind walls in apps rather than accessible through any browser is the mortal fear for open web lovers; it's like replacing one library with many stores that each only carry books for one publisher. "It is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient," Berners-Lee wrote, "and one which makes it a part of the interconnected discourse of humanity." Mozilla, the nonprofit that makes the browser Firefox, similarly held its nose and cooperated on the EME standard. "It doesn't strike the correct balance between protecting individual people and protecting digital content," it said in a blog post. "The content providers require that a key part of the system be closed source, something that goes against Mozilla's fundamental approach. We very much want to see a different system. Unfortunately, Mozilla alone cannot change the industry on DRM at this point."
Games

PC Gaming Is Back in Focus at Tokyo Game Show (bloomberg.com) 108

After taking a back seat to consoles for the past few years, personal computers are enjoying a resurgence in gaming, thanks to the popularity of e-sports, customizable machines and faster software releases. From a report: This week's Tokyo Game Show will feature a main-stage tournament for PlayerUnknown's Battlegrounds, a hit online survival PC game that's been downloaded more than 10 million times since March. Sony's PlayStation 4 and Microsoft's Xbox One consoles are heading into their fifth years, while Nintendo's Switch is in a bit of a lull before new titles are released for the year-end holiday shopping season. Spending on gaming-ready PC rigs are on track to climb an average of 6.6 percent per year through 2020, while the market as a whole is projected to decline 3.8 percent annually, according to Gartner. Revenue from PC titles will grow by 3 to 4 percent over the coming years, while console-game sales are seen flat, according to DFC Intelligence. Written off years ago for being too expensive, complex and bulky for mass appeal, gaming PCs are seeing a resurgence that could even threaten consoles, according to Kazunori Takahashi, Japan gaming head at Nvidia. "The abundance of titles and the popularity of e-sports is bringing a lot of excitement to PC gaming," said Takahashi, whose employer supplies graphic chips to PC and console makers. Even in Japan, "it's not unreasonable to think that PCs can eventually become a presence that threatens console gaming."
Security

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (wired.com) 115

An anonymous reader shares a report: Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected. On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.
Microsoft

Bill Gates Says He's Sorry About Control-Alt-Delete (qz.com) 303

An anonymous reader quotes a report from Quartz: At the Bloomberg Global Business Forum today, Carlyle Group co-founder and CEO David Rubenstein asked Microsoft founder Bill Gates to account for one of the most baffling questions of the digital era: Why does it take three fingers to lock or log in to a PC, and why did Gates ever think that was a good idea? Grimacing slightly, Gates deflected responsibility for the crtl-alt-delete key command, saying, "clearly, the people involved should have put another key on to make that work." Rubenstein pressed him: does he regret the decision? "You can't go back and change the small things in your life without putting the other things at risk," Gates said. But: "Sure. If I could make one small edit I would make that a single key operation." Gates has made the confession before. In 2013, he blamed IBM for the issue, saying, "The guy who did the IBM keyboard design didn't want to give us our single button."
GNOME

GNOME Partners With Purism On Librem 5 Linux-based Privacy-focused Smartphone (betanews.com) 95

BrianFagioli writes: The Librem 5 smartphone by Purism has a long and difficult road ahead of it. Competing against the likes of Apple and Google on the mobile market has proven to be a death sentence for many platforms -- including Microsoft with its failed Windows 10 Mobile. Luckily, Purism has found itself a new partner on this project -- one of the most important organizations in the Linux community -- The GNOME Foundation. The GNOME Foundation explains, 'The Librem 5 is a hardware platform the Foundation is interested in advancing as a GNOME/GTK phone device. The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone. As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5.'
Data Storage

Google, Bing, Yahoo Data Retention Doesn't Improve Search Quality, Study Claims (theregister.co.uk) 37

A new paper released on Monday via the National Bureau of Economic Research claims that retaining search log data doesn't do much for search quality. "Data retention has implications in the debate over Europe's right to be forgotten, the authors suggest, because retained data undermines that right," reports The Register. "It's also relevant to U.S. policy discussions about privacy regulations." From the report: To determine whether retention policies affected the accuracy of search results, Chiou and Tucker used data from metrics biz Hitwise to assess web traffic being driven by search sites. They looked at Microsoft Bing and Yahoo! Search during a period when Bing changed its search data retention period from 18 months to 6 months and when Yahoo! changed its retention period from 13 months to 3 months, as well as when Yahoo! had second thoughts and shifted to an 18-month retention period. According to Chiou and Tucker, data retention periods didn't affect the flow of traffic from search engines to downstream websites. "Our findings suggest that long periods of data storage do not confer advantages in search quality, which is an often-cited benefit of data retention by companies," their paper states. Chiou and Tucker observe that the supposed cost of privacy laws to consumers and to companies may be lower than perceived. They also contend that their findings weaken the claim that data retention affects search market dominance, which could make data retention less relevant in antitrust discussions of Google.
Chrome

Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com) 98

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.
DRM

HTML5 DRM Standard Is a Go (arstechnica.com) 153

Artem Tashkinov writes: The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining. EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion. The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services. Following the announcement, EFF wrote a letter to W3C director, chief executive officer and team, in which it expressed its disappointment and said it was resignation from the W3C.
Microsoft

Microsoft Confirms Outlook Issues (bbc.com) 41

Microsoft has confirmed that some users of its email service Outlook are unable to send email or access their accounts. From a report: Hundreds from around Europe have commented on the website Downdetector that they have been affected by the problem -- many since Monday morning. One common issue seems to be that sent emails remain in the drafts folder and are not being delivered to recipients. On its website, Microsoft says the service dropped "unexpectedly" and it is working on a fix. Not all account holders are affected. "Intermittent connectivity is affecting customers in some European countries, which we are working to resolve as soon as possible," said a Microsoft representative.
Microsoft

Will Linux Innovation Be Driven By Microsoft? (infoworld.com) 335

Adobe's VP of Mobile (and a former intellectual property lawyer) sees "a very possible future where Microsoft doesn't merely accept a peaceful coexistence with Linux, but instead enthusiastically embraces it as a key to its future," noting Microsoft's many Linux kernel developers and arguing it's already innovating around Linux -- especially in the cloud. An anonymous reader quotes InfoWorld: Even seemingly pedestrian work -- like making Docker containers work for Windows, not merely Linux -- is a big deal for enterprises that don't want open source politics infesting their IT. Or how about Hyper-V containers, which marry the high density of containers to the isolation of traditional VMs? That's a really big deal...

Microsoft has started hiring Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and (in mid-2016) Stephen Hemminger... Microsoft now employs 12 Linux kernel contributors. As for what these engineers are doing, Linux kernel maintainer Greg Kroah-Hartman says, "Microsoft now has developers contributing to various core areas of the kernel (memory management, core data structures, networking infrastructure), the CIFS filesystem, and of course many contributions to make Linux work better on its Hyper-V systems." In sum, the Linux Foundation's Jim Zemlin declares, "It is accurate to say they are a core contributor," with the likelihood that Hemminger's and others' contributions will move Microsoft out of the kernel contribution basement into the upper echelons.

The article concludes that "Pigs, in other words, do fly. Microsoft, while maintaining its commitment to Windows, has made the necessary steps to not merely run on Linux but to help shape the future of Linux."
Microsoft

Researchers Catch Microsoft Zero-Day Used To Install Government Spyware (vice.com) 83

An anonymous reader quotes a report from Motherboard: Government hackers were using a previously-unknown vulnerability in Microsoft's .NET Framework, a development platform for building apps, to hack targets and infect them with spyware, according to security firm FireEye. The firm revealed the espionage campaign on Tuesday, on the same day Microsoft patched the vulnerability. According to FireEye, the bug, which until today was a zero-day, was being used by a customer of FinFisher, a company that sells surveillance and hacking technologies to governments around the world. The hackers sent a malicious Word RTF document to a "Russian speaker," according to Ben Read, FireEye's manager of cyber espionage research. The document was programmed to take advantage of the recently-patched vulnerability to install FinSpy, spyware designed by FinFisher. The spyware masqueraded as an image file called "left.jpg," according to FireEye.
Security

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices (bleepingcomputer.com) 121

An anonymous reader quotes a report from Bleeping Computer: Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. They affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore, the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc inside a company's network or even across the world. "These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email. "Previously identified flaws found in Bluetooth were primarily at the protocol level," he added. "These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device." Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off immediately. When a patch or update is issued and installed on your device, you should be able to turn Bluetooth back on and leave it on safely. The BlueBorne Android App on the Google Play Store will be able to determine if a user's Android device is vulnerable. A technical report on the BlueBorne flaws is available here (PDF).
Businesses

Silicon Valley Avant-garde Have Turned To LSD in a Bid To Increase Their Productivity (1843magazine.com) 305

Every three days Nathan (not his real name), a 27-year-old venture capitalist in San Francisco, ingests 15 micrograms of lysergic acid diethylamide (commonly known as LSD or acid). From a story on 1843 Magazine: From the start, a small but significant crossover existed between those who were experimenting with drugs and the burgeoning tech community in San Francisco. "There were a group of engineers who believed there was a causal connection between creativity and LSD," recalls John Markoff, whose 2005 book, "What the Dormouse Said", traces the development of the personal-computer industry through 1960s counterculture. At one research centre in Menlo Park over 350 people -- particularly scientists, engineers and architects -- took part in experiments with psychedelics to see how the drugs affected their work. Tim Scully, a mathematician who, with the chemist Nick Sand, produced 3.6m tabs of LSD in the 1960s, worked at a computer company after being released from his ten-year prison sentence for supplying drugs. "Working in tech, it was more of a plus than a minus that I worked with LSD," he says. No one would turn up to work stoned or high but "people in technology, a lot of them, understood that psychedelics are an extremely good way of teaching you how to think outside the box." San Francisco appears to be at the epicentre of the new trend, just as it was during the original craze five decades ago. Tim Ferriss, an angel investor and author, claimed in 2015 in an interview with CNN that "the billionaires I know, almost without exception, use hallucinogens on a regular basis." Few billionaires are as open about their usage as Ferriss suggests. Steve Jobs was an exception: he spoke frequently about how "taking LSD was a profound experience, one of the most important things in my life." In Walter Isaacson's 2011 biography, the Apple CEO is quoted as joking that Microsoft would be a more original company if Bill Gates, its founder, had experienced psychedelics. As Silicon Valley is a place full of people whose most fervent desire is to be Steve Jobs, individuals are gradually opening up about their usage -- or talking about trying LSD for the first time.
Cellphones

Ask Slashdot: What Can You Do With An Old Windows Phone? 169

Slashdot reader unixisc writes: While it's always been well known that Windows phones in the market have floundered, one saving grace has always been that one could at least use it for the barest minimum of apps, even if updates have stopped... Aside from a door stop or a hand me down to someone who'll use it like a dumb phone, what are your suggested uses for this phone? A music player (if the songs are on an SD card)? Games? As far as phones go, I have what I need, so for this, anything it's good for?
The original submission suggests problems connecting to wi-ifi -- something partially corroborated by complaints at Windows Central -- though Microsoft's site says they're still supporting wifi connections.

Slashdot reader thegreatbob suggested "shuffleboard puck" -- then added, "Snark aside, if you're into writing custom applications and such for them, there's probably a bootloader/root solution for you out there."

Leave your own best suggestions in the comments. What can you do with an old Windows Phone?
Security

Apple and Google Fix Browser Bug. Microsoft Does Not. (bleepingcomputer.com) 78

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has declined to patch a security bug Cisco Talos researchers discovered in the Edge browser, claiming the reported issue is by design. Apple and Google patched a similar flaw in Safari (CVE-2017-2419) and Chrome (CVE-2017-5033), respectively. According to Cisco Talos researcher Nicolai Grodum, the vulnerability can be classified as a bypass of the Content Security Policy (CSP), a mechanism that allows website developers to configure HTTP headers and instruct the browsers of people visiting their site what resources (JavaScript, CSS) they can load and from where. The Content Security Policy (CSP) is one of the tools that browsers use to enforce Same-Origin Policy (SOP) inside browsers. Grodum says that he found a way to bypass CSP -- technical details available here -- that will allow an attacker to load malicious JavaScript code on a remote site and carry out intrusive operations such as collecting information from users' cookies, or logging keystrokes inside the page's forms, and others.
AI

IBM To Invest $240 Million To Develop AI Research Lab With MIT (bloomberg.com) 39

IBM will spend $240 million over 10 years to develop an artificial intelligence research lab with the Massachusetts Institute of Technology, pooling the organizations' resources as competition intensifies to produce breakthroughs in the field. Bloomberg reports: The MIT-IBM Watson AI Lab will fund projects in four broad areas, including creating better hardware to handle complex computations and figuring out applications of AI in specific industries, the Armonk, New York-based company said Thursday in a statement. While IBM has always conducted long-term research internally, it decided AI was such a vast field that it needed to reach out for talent and ideas, said John Kelly, the head of International Business Machines Corp.'s research and cognitive solutions groups, which includes Watson products. While researchers will focus on long-term innovations in artificial intelligence, IBM will also be looking for developments -- a new medical imaging algorithm, say -- that it can immediately plug into its existing products. Big Blue expects to see results that boost its Watson-branded AI business in the next year or two, Kelly said. The plan is to change the focus and number of teams as needed to produce results, he said. The partnership underscores IBM's focus on building a business selling AI software, a strategy that requires clients to adopt such products and the company to develop offerings that add actual business value and are competitive with juggernauts in artificial intelligence, including Microsoft Corp. and Alphabet. IBM and MIT will jointly own the intellectual property that results from the projects conducted together. The company also has the option to buy out MIT for full ownership, Kelly said.
Bug

Bug In Windows Kernel Could Prevent Security Software From Identifying Malware (bleepingcomputer.com) 75

An anonymous reader writes: "Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime," reports Bleeping Computer. "The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space. The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation. The issue came to light earlier this year when enSilo researchers were analyzing the Windows kernel code. Omri Misgav, Security Researcher at enSilo and the one who discovered the issue, says the bug affects all Windows versions released since Windows 2000. Misgav's tests showed that the programming error has survived up to the most recent Windows 10 releases." In an interview, the researcher said Microsoft did not consider this a security issue. Bug technical details are available here.
AI

Hackers Can Take Control of Siri and Alexa By Whispering To Them in Frequencies Humans Can't Hear (fastcodesign.com) 116

Chinese researchers have discovered a vulnerability in voice assistants from Apple, Google, Amazon, Microsoft, Samsung, and Huawei. It affects every iPhone and Macbook running Siri, any Galaxy phone, any PC running Windows 10, and even Amazon's Alexa assistant. From a report: Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear. The researchers didn't just activate basic commands like "Hey Siri" or "Okay Google," though. They could also tell an iPhone to "call 1234567890" or tell an iPad to FaceTime the number. They could force a Macbook or a Nexus 7 to open a malicious website. They could order an Amazon Echo to "open the backdoor." Even an Audi Q3 could have its navigation system redirected to a new location. "Inaudible voice commands question the common design assumption that adversaries may at most try to manipulate a [voice assistant] vocally and can be detected by an alert user," the research team writes in a paper just accepted to the ACM Conference on Computer and Communications Security.
Microsoft

Microsoft Extends Free Windows 10 S-To-Pro Upgrade Deadline (betanews.com) 93

BrianFagioli shares a report from BetaNews: Windows 10 S is a really great idea in theory. By limiting the operating system to applications from the Windows Store, it could make users safer. After all, it should limit the potential of malware since users can't download and install questionable things from the web. Of course, this will only be successful if there is a good library of apps, and I am sorry to say, the Windows Store is a failure in that regard. The biggest selling point for Windows is legacy program compatibility. Once you take that away, there isn't much left. Thankfully, the company is giving complimentary upgrades from Windows 10 S to Windows 10 Pro until the end of 2017. This will allow a person or organization to easily recover from mistakenly buying into Windows 10 S if it doesn't meet their needs. Today, however, as a sign of weakness, Microsoft extends this deadline. Buried at the end of a blog post about Surface Laptop colors, Microsoft drops the following bombshell: "For those that find they need an application that isn't yet available in the Store and must be installed from another source, we're extending the ability to switch from Windows 10 S to Windows 10 Pro for free until March 31, 2018. We hope this provides increased flexibility for those people searching for the perfect back-to-school or holiday gift." Why do I say this is a sign of weakness? Well, if the Windows 10 S experiment was going well, Microsoft would have no need to extend the deadline. In other words, if users were truly buying into and enjoying the "S" experience, we wouldn't see such an announcement. The fact that the company seemingly tried to hide this news is quite telling too. Ultimately, it signals a lack of confidence in Windows 10 S.

Slashdot Top Deals