Debian

Devuan Jessie 1.0 Officially Released (softpedia.com) 42

prisoninmate quotes a report from Softpedia: Announced for the first time back in November 2014, Devuan is a Debian fork that doesn't use systemd as init system. It took more than two and a half years for it to reach 1.0 milestone, but the wait is now over and Devuan 1.0.0 stable release is here. Based on the packages and software repositories of the Debian GNU/Linux 8 "Jessie" operating system, Devuan 1.0.0 "Jessie" is now considered the first stable version of the GNU/Linux distribution, which stays true to its vision of developing a free Debian OS without systemd. This release is recommended for production use. As Devuan 1.0.0 doesn't ship with systemd, several adjustments needed to be made. For example, the distro uses a systemd-free version of the NetworkManager network connection manager and includes several extra libsystemd0-free packages in its repository.
Intel

Intel Drops Thunderbolt 3 Royalty, Adds CPU Integration and Works Closely With Microsoft (windowscentral.com) 103

An anonymous reader quotes a report from Windows Central: Over the last few days, Thunderbolt 3 has been a hot topic amongst Windows users especially with its notable absence with the new Surface Pro and Surface Laptop. Part of the problem is adoption, integration, cost, and consumer confusion according to Microsoft. Intel is aware of the current roadblocks to Thunderbolt 3 implementation, which adds 40Gbps data transfers along with charging and display support for USB Type-C. Today, the company announced numerous changes to its roadmap to speed up its adoption, including: Dropping royalty fees for the Thunderbolt protocol specification starting next year; Integrating Thunderbolt 3 into future Intel CPUs. The good news here is that Intel is dropping many of the roadblocks with today's announcement. By subtracting the licensing costs for Thunderbolt 3 and integrating into the CPU, Intel can finally push mass adoption. Getting back to Microsoft, Intel noted that the two companies are already working closely together with the latest Creators Update bringing more OS support for the protocol. Roanne Sones, general manager, Strategy, and Ecosystem for Windows and Devices at Microsoft added that such cooperation would continue with even more OS-level integration coming down the road.
Microsoft

Microsoft Announces 'Windows 10 China Government Edition', Lets Country Use Its Own Encryption (windows.com) 108

At an event in China on Tuesday, Microsoft announced yet another new version of Windows 10. Called Windows 10 China Government Edition, the new edition is meant to be used by the Chinese government and state-owned enterprises, ending a standoff over the operating system by meeting the government's requests for increased security and data control. In a blog post, Windows chief Terry Myerson writes: The Windows 10 China Government Edition is based on Windows 10 Enterprise Edition, which already includes many of the security, identity, deployment, and manageability features governments and enterprises need. The China Government Edition will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates, and to enable the government to use its own encryption algorithms within its computer systems.
Open Source

Linux 4.10 Kernel Reaches End of Life (softpedia.com) 57

prisoninmate quotes Softpedia: As it's not an LTS (Long Term Support) branch, the Linux 4.10 kernel series was doomed to reach end of life sooner or later, and it happened this weekend with the release of the Linux kernel 4.10.17 patch, which is a major one changing a total of 103 files, with 981 insertions and 538 deletions. Therefore, users are now urged to move to the Linux 4.11 kernel series. If you're using a GNU/Linux distribution powered by a kernel from the Linux 4.10 series you need to update to version 4.10.17 as soon as it makes its way into the stable repositories. However, please inform your OS vendor that they need to upgrade the kernel packages to the Linux 4.11 series immediately.
Data Storage

Endless OS Now Ships With Steam And Slack FlatPak Applications (endlessos.com) 95

An anonymous reader writes: Steam and Slack are now both included as Flatpak applications on the Endless OS, a free Linux distribution built upon the decades of evolution of the Linux operating system and the contributions of thousands of volunteers on the GNOME project. The beauty of Flatpak is the ability to bridge app creators and Linux distributions using a universal framework, making it possible to bring this kind of software to operating systems that encourage open collaboration...

As an open-source deployment mechanism, Flatpak was developed by an independent cohort made up of volunteers and contributors from supporting organizations in the open-source community. Alexander Larsson, lead developer of Flatpak and principal engineer at Red Hat, provided comment saying, "We're particularly excited about the opportunity Endless affords to advance the benefits of open-source environments to entirely new audiences."

IBM

New OS/2 Warp Operating System 'ArcaOS' 5.0 Released (arcanoae.com) 144

The long-awaited modern OS/2 distribution from Arca Noae was released Monday. martiniturbide writes: ArcaOS 5.0 is an OEM distribution of IBM's discontinued OS/2 Warp operating system. ArcaOS offers a new set of drivers for ACPI, network, USB, video and mouse to run OS/2 in newer hardware. It also includes a new OS installer and open source software like Samba, Libc libraries, SDL, Qt, Firefox and OpenOffice... It's available in two editions, Personal ($129 with an introductory price of $99 for the first 90 days [and six months of support and maintenance updates]) and Commercial ($239 with one year of support and maintenance).

The OS/2 community has been called upon to report supported hardware, open source any OS/2 software, make public as much OS/2 documentation as possible and post the important platform links. OS2World insists that open source has helped OS/2 in the past years and it is time to look under the hood to try to clone internal components like Control Program, Presentation Manager, SOM and Workplace Shell.

By Tuesday Arca Noae was reporting "excessive traffic on the server which is impacting our ordering and delivery process," though the actual downloads of the OS were unaffected, the server load issues were soon mitigated, and they thanked OS/2 enthusiasts for a "truly overwhelming response."
Windows

Almost All WannaCry Victims Were Running Windows 7 (theverge.com) 123

An anonymous reader quotes a report from The Verge: According to data released today by Kaspersky Lab, roughly 98 percent of the computers affected by the ransomware were running some version of Windows 7, with less than one in a thousand running Windows XP. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections. Windows 7 is still by far the most common version of Windows, running on roughly four times as many computers as Windows 10 worldwide. Since more recent versions of Windows aren't vulnerable to WannaCry, it makes sense that most of the infections would hit computers running 7. Still, the stark disparity emphasizes how small of a role Windows XP seems to have played in spreading the infection, despite early concerns about the outdated operating system. The new figures also bear on the debate over Microsoft's patching practices, which generated significant criticism in the wake of the attack. Microsoft had released a public patch for Windows 7 months before the attack, but the patch for Windows XP was only released as an emergency measure after the worst of the damage had been done. The patch was available earlier to paying Custom Support customers, but most XP users were left vulnerable, each unpatched computer a potential vector to spread the ransomware further. Still, Kaspersky's figures suggest that unpatched XP devices played a relatively small role in the spread of the ransomware.
Microsoft

Linux Distros Won't Run On Microsoft's Education-Focused Windows 10 S OS (betanews.com) 115

Reader BrianFagioli writes: I was sort of hopeful for Windows 10 S when Microsoft made a shocking announcement at Build 2017 that it is bringing Linux distributions to the Windows Store. This gave the impression that students using the S variant of the OS would be able to tinker with Linux. Unfortunately, this is not the case as Microsoft will be blocking Linux on the new OS. In other words, not all apps in the store will be available for Windows 10 S. "Windows 10 S does not run command-line applications, nor the Windows Console, Cmd / PowerShell, or Linux/Bash/WSL instances since command-line apps run outside the safe environment that protects Windows 10 S from malicious / misbehaving software," says Rich Turner, Senior Product Manager, Microsoft. Tuner further explains, "Linux distro store packages are an exotic type of app package that are published to the Windows Store by known partners. Users find and install distros , safely, quickly, and reliably via the Windows Store app. Once installed, however, distros should be treated as command-line tools that run outside the UWP sandbox and secure runtime infrastructure. They run with the capabilities granted to the local user -- in the same way as Cmd and PowerShell do. This is why Linux distros don't run on Windows 10 S: Even though they're delivered via the Windows Store, and installed as standard UWP APPX's, they run as non-UWP command-line tools and this can access more of a system than a UWP can."
Government

CIA Co-Developed 'Athena' Windows Malware With US Cyber Security Company, WikiLeaks Reveals (bleepingcomputer.com) 108

An anonymous reader writes: Today, WikiLeaks leaked documentation about a tool called Athena. According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant -- a CIA technical term for "malware" -- that can target and infect any Windows system, from Windows XP to Windows 10, Microsoft's latest OS version. Documents leaked today are dated between September 2015 and February 2016, showing that the CIA had the ability to hack Windows 10 months after its launch, despite Microsoft boasting about how hard it would be to hack its new OS. [...] The documents reveal that CIA had received help from a non-government contractor in developing the malware. The company is Siege Technologies, a cyber-security company based in New Hampshire, which was acquired on November 15, 2016, by Nehemiah Security, another US company, based in Tysons, Virginia, on the outskirts of Washington and near CIA's headquarters, in a zone peppered with various military and defense contractors.
Operating Systems

ReactOS 0.4.5 Released (reactos.org) 117

An anonymous reader shares Colin Finck's forum post announcing ReactOS version 0.4.5: The ReactOS Project is pleased to release version 0.4.5 as a continuation of its three month cadence. Beyond the usual range of bug fixes and syncs with external dependencies, a fair amount of effort has gone into the graphical subsystem. Thanks to the work of Katayama Hirofumi and Mark Jansen, ReactOS now better serves requests for fonts and font metrics, leading to an improved rendering of applications and a more pleasant user experience. Your continued donations have also funded a contract for Giannis Adamopoulos to fix every last quirk in our theming components. The merits of this work can be seen in ReactOS 0.4.5, which comes with a smoother themed user interface and the future promises to bring even more improvements. In another funded effort, Hermes Belusca-Maito has got MS Office 2010 to run under ReactOS, another application from the list of most voted apps. On top of this, there have been several major fixes in the kernel and drivers that should lead to stability improvements on real hardware and on long-running machines. The general notes, tests, and changelog for the release can be found at their respective links. ISO images and prepared VMs for testing can be downloaded here.
Google

Google Launches Google Assistant On the iPhone (venturebeat.com) 6

At its I/O 2017 developer conference, Google announced the Google Assistant is coming to iOS as a standalone app. Previously, the only way for iOS users to get access to the Assistant was through Allo, the Google messaging app nobody uses. For those interested, you can download the Google Assistant on your iOS device here, but keep in mind that your device needs to be running iOS 9.1 or higher. VentureBeat reports: Google Assistant for iPhone won't ship on Apple's mobile devices by default, and naturally won't be as tightly integrated into the OS. But it is addressable by voice and does work with other Google apps on Apple's platform. Apple has API restrictions on iOS, so Google Assistant can't set alarms like Siri can. It can, however, send iMessages for you or start playing music in third-party apps like Spotify. You also won't be able to use the Home button to trigger Google Assistant, so you'll need to use the app icon or a widget.
Windows

Windows XP PCs Infected By WannaCry Can Be Decrypted Without Paying Ransom (arstechnica.com) 60

An anonymous reader quotes a report from Ars Technica: Owners of some Windows XP computers infected by the WCry ransomware may be able to decrypt their data without making the $300 to $600 payment demand, a researcher said Thursday. Adrien Guinet, a researcher with France-based Quarkslab, has released software that he said allowed him to recover the secret decryption key required to restore an infected XP computer in his lab. The software has not yet been tested to see if it works reliably on a large variety of XP computers, and even when it does work, there are limitations. The recovery technique is also of limited value because Windows XP computers weren't affected by last week's major outbreak of WCry. Still, it may be helpful to XP users hit in other campaigns. "This software has only been tested and known to work under Windows XP," he wrote in a readme note accompanying his app, which he calls Wannakey. "In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!"
Businesses

'WannaCry Makes an Easy Case For Linux' (techrepublic.com) 408

An anonymous reader writes: The thing is, WannaCry isn't the first of its kind. In fact, ransomware has been exploiting Windows vulnerabilities for a while. The first known ransomware attack was called "AIDS Trojan" that infected Windows machines back in 1989. This particular ransomware attack switched the autoexec.bat file. This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted. Windows, of course, isn't the only platform to have been hit by ransomware. In fact, back in 2015, the LinuxEncoder ransomware was discovered. That bit of malicious code, however, only affected servers running the Magento ecommerce solution. The important question here is this: Have their been any ransomware attacks on the Linux desktop? The answer is no. With that in mind, it's pretty easy to draw the conclusion that now would be a great time to start deploying Linux on the desktop. I can already hear the tired arguments. The primary issue: software. I will counter that argument by saying this: Most software has migrated to either Software as a Service (SaaS) or the cloud. The majority of work people do is via a web browser. Chrome, Firefox, Edge, Safari; with few exceptions, SaaS doesn't care. With that in mind, why would you want your employees and staff using a vulnerable system? [...] Imagine, if you will, you have deployed Linux as a desktop OS for your company and those machines work like champs from the day you set them up to the day the hardware finally fails. Doesn't that sound like a win your company could use? If your employees work primarily with SaaS (through web browsers), then there is zero reason keeping you from making the switch to a more reliable, secure platform.
Google

Google Home Gets Notifications, Hands-Free Calling, a TV Interface and More (theverge.com) 37

Google has announced several news features for Google Home to help it better compete against the Amazon Echo. The six new features coming to Google Home include: notifications, free calling to phones in the U.S. and Canada, calendar and reminders, more streaming services, a TV interface, and new locations. The Verge details each feature in its report: Notifications: Google calls this feature "proactive assistance." Essentially, Google Home will do its best to alert owners to things they need to know, like reminders, traffic alerts, or flight delays.
Free Calling To Phones In U.S. and Canada: Google is one-upping Amazon by letting the Home dial out to actual landline and mobile phones. Whenever this feature rolls out, you'll be able to ask the Home to call anyone on your contacts list, and it'll dial out to them on a private number.
Calendar and Reminders: You can finally set reminders and calendar entries. Finally.
More Streaming Services: Google Home has already been able to control a handful of music and video services, but it's about to get a bunch of major missing names. For music, that includes Spotify's free tier, Deezer, and SoundCloud. For video, it includes HBO Now and Hulu. On top of that, Home is also getting the ability to stream anything over Bluetooth.
A TV Interface: Sometimes you actually want to see what's going on, so Google's making a TV interface for the Google Home. You'll soon be able to ask the Home to send information to your TV, from basics like the weather and your calendar, to information it's looking up like nearby restaurants or YouTube videos you might want to watch.
New Locations: The Home is going to expand to five new countries this summer: Canada, Australia, France, Germany, and Japan.

Android

Android Now Supports the Kotlin Programming Language (venturebeat.com) 91

In addition to Java and C++, Google announced at its I/O 2017 conference today that Android is gaining official support for the Kotlin programming language. VentureBeat reports: Kotlin is developed by JetBrains, the same people who created IntelliJ. Google describes Kotlin, which is an open sourced project under the Apache 2.0 license, as "a brilliantly designed, mature language that we believe will make Android development faster and more fun." The company notes that some have already adopted the programming language for their production apps, including Expedia, Flipboard, Pinterest, and Square. There are already many enthusiastic Kotlin developers for Android, and the company says it is simply listening to what the community wants. But Google's choice didn't just come down to the team believing Kotlin will make writing Android apps easier. Developers will be happy to know that Kotlin's compiler emits Java byte-code. Kotlin can call Java, and Java can call Kotlin. Indeed, "the effortless interoperation between the two languages" was a large part of Kotlin's appeal to the Android team. This means you can add as little or as much Kotlin into your existing codebase as you want, mixing the two languages freely within the same project. Calling out to Kotlin code from Java code should just work, while calling to Java code requires some automatically applied translation conventions.
Google

Google's Android Now Powers More Than 2 Billion Devices (cnet.com) 30

At Google's developer conference IO 2017, CEO Sundar Pichai said Android is now running on more than two billion active devices. The milestone, Pichai said, Google achieved this month. CNET adds: It took three years for Android to double its user base, having disclosed that it had 1 billion active devices at its developer conference in 2014. In 2015, Google said that it had 1.4 billion active users on Android. While phones make up a bulk of its devices, it's starting to see a proliferation of other gadgets running on the software.
Android

HTC Launches 'U11' Squeezable Smartphone With Snapdragon 835 CPU, No Headphone Jack (theverge.com) 69

HTC has officially launched its newest flagship smartphone today, the U11. While it has competitive specifications for a flagship smartphone of 2017, such as a 5.5-inch, Quad HD display, and Snapdragon 835 processor with 4GB RAM, it has some unique features of its own. HTC is introducing a new way to interact with the U11 by letting you squeeze the sides of the device to perform different functions. The Verge reports: This new feature is called "Edge Sense," and it can be configured to do a variety of tasks with either short or long squeezes. You can set a short squeeze to open the camera and then take a picture when the camera app is open. A long squeeze can be configured to launch the Google voice assistant or toggle the flashlight on and off. In addition to Edge Sense, the U11 has a similar design to the U Ultra from earlier this year. That means it's metal and glass -- a departure from the all-aluminum unibody designs of past HTC phones -- with curved panels that blend into the metal frame and vibrant, pearlescent colors. That also means it lacks a 3.5mm headphone jack, instead relying on its USB Type-C port for charging, data transfer, and audio function. HTC says removing the headphone jack has a number of advantages, including allowing the company more room inside the phone for other components and making the design of the bottom edge smoother. It also allows for a better audio experience, as the included headphones have both audio tuning and active noise cancellation, without having to rely on a secondary battery. In addition to the headphones, HTC is including a USB-C to 3.5mm adapter for use with other headphones, which it didn't for the U Ultra.
Software

WikiLeaks Dump Reveals CIA Malware That Can Sabotage User Software (bleepingcomputer.com) 116

An anonymous reader writes: "While the world was busy dealing with the WannaCry ransomware outbreak, last Friday, about the time when we were first seeing a surge in WannaCry attacks, WikiLeaks dumped new files part of the Vault 7 series," reports BleepingComputer. This time, the organization dumped user manuals for two hacking tools named AfterMidnight and Assassin. Both are malware frameworks, but of the two, the most interesting is AfterMidnight -- a backdoor trojan for stealing data from infected PCs. According to its leaked manual, AfterMidnight contains a module to "subvert" user software by killing processes and delaying the execution of user software. Examples in this manual show CIA operatives how to kill browsers every 30 seconds to keep targets focused on their work, how to delay the execution of PowerPoint software with 30 seconds just to mess with their targets, or how to lock up 50% of PC resources whenever the user starts certain software. Basically, the CIA created nagware.
Android

Slashdot Asks: In the Wake Of Ransomware Attacks, Should Tech Companies Change Policies To Support Older OSs Indefinitely? 360

In the aftermath of ransomware spread over the weekend, Zeynep Tufekci, an associate professor at the School of Information and Library Science at the University of North Carolina, writes an opinion piece for The New York Times: At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, "pay extra money to us or we will withhold critical security updates" can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more. Microsoft supported Windows XP for over a decade before finally putting it to sleep. In the wake of ransomware attacks, it stepped forward to release a patch -- a move that has been lauded by columnists. That said, do you folks think it should continue to push security updates to older operating systems as well?
Electronic Frontier Foundation

EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard' (eff.org) 158

The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report: While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default...

While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.

TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."

Slashdot Top Deals