Power

Microsoft Teases Multi-Day Battery Life For Upcoming ARM-Powered Windows Devices (techspot.com) 70

An anonymous reader quotes a report from TechSpot: Microsoft late last year announced a partnership with Qualcomm to bring the full Windows 10 experience to ARM-powered devices. Terry Myerson, Executive Vice President of Microsoft's Windows and Devices Group, promised at the time that Snapdragon-powered Windows 10 devices would be efficient in the power consumption department. We're still waiting for the partnership to bear fruit but in the interim, new details regarding efficiency (and a few other subjects) have emerged. With regard to battery life, Pete Bernard, Principal Group Program Manager for Connectivity Partners at Microsoft, said that to be frank, battery life at this point is beyond their expectations: ""We set a high bar for [our developers], and we're now beyond that. It's the kind of battery life where I use it on a daily basis. I don't take my charger with me. I may charge it every couple of days or so. It's that kind of battery life."
The Internet

Mozilla To Document Cross-Browser Web Dev Standards with Google, Microsoft, Samsung, and W3C (venturebeat.com) 42

Mozilla has announced deeper partnerships with Microsoft, Google, Samsung, and web standards body W3C to create cross-browser documentation on MDN Web Docs, a web development documentation portal created by Mozilla. From a report: MDN Web Docs first came to fruition in 2005, and it has since been known under various names, including the Mozilla Developer Network and Mozilla Developer Center. Today, MDN Web Docs serves as a community and library of sorts covering all things related to web technologies and standards, including JavaScript, HTML, CSS, open web app development, Firefox add-on development, and more. The web constitutes multiple players from across the technology spectrum and, of course, multiple browsers, including Microsoft's Edge, Google's Chrome, Mozilla's Firefox, and the Samsung Internet Browser. To avoid fragmentation and ensure end-users have a (fairly) consistent browsing experience, it helps if all the players involved adhere to a similar set of standards.
Security

The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) 344

Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.
Businesses

Traditional PC Sales Continue To Slide (zdnet.com) 219

Sales of traditional PCs continue to decline, although the overall PC market is likely to grow slightly next year. From a report: Traditional PC shipments are forecast to drop by nearly eight percent this year, and another 4.4 percent in 2018, predicts analyst firm Gartner. Which means that, by 2019, 16 million fewer traditional PCs and notebooks will be sold than were shipped this year. However, much of this will be offset by the rise in spending on high-end notebooks like Microsoft's Surface and Apple's MacBook, so that the overall PC market will by 2019 be at pretty much the same level it was last year. Tablets -- defined by Gartner as basic and utility ultramobile devices -- will also decline over the period to 2019.
Microsoft

Microsoft Begins Rolling Out Windows 10 Fall Creators Update (windows.com) 117

Microsoft has started to roll out Windows 10 Fall Creators Update, aka, "Redstone 3" to the general public. The company has been testing this new major update to its desktop operating system for over six months. Much like the previous major updates to Windows 10, the Fall Creators Update is also free to Windows 10 users. Some of the remarkable new features the company is shipping with Fall Creators Update include a major design tweak called Fluent Design System. The design changes, CNET writes, are "subtle, like motion and blur effects, along with the changes to the way windows appear." Also in the offering are support for mixed reality, improvements to Photos app, and OneDrive on-demand files -- a feature that many users have long requested. You can read more about these new features and improvements here.
Microsoft

Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 (reuters.com) 45

Citing five former employees, Reuters reported on Tuesday that Microsoft's secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago. From the report: The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident. The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins. The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks. "Bad guys with inside access to that information would literally have a 'skeleton key' for hundreds of millions of computers around the world," said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.
Microsoft

Microsoft Surface Book 2 Puts Desktop Brains in a Laptop Body (wired.com) 140

David Pierce, writing for Wired: As Microsoft went to create the Surface Book 2, the company once again tried to bust categories. The result is the most combinatory device Microsoft's made yet. It's a laptop (screens measure 13 or 15 inches; there's a keyboard and trackpad) -- and it's also a tablet (the screen detaches, you can use a pen, everything's touch-friendly), and it's also a desktop. A stupendously powerful one, at that: It runs on Intel's new eighth-generation quad-core processors, in either a Core i5 or Core i7 version. The higher-end models come with Nvidia's GeForce discrete graphics, up to 16 gigs of RAM, and as much as 1 terabyte of solid storage. All that in a fanless body that gets up to 17 hours of battery life, and weighs about 3.5 pounds for the smaller model or 4.2 pounds for the larger. What does all that mean? Microsoft claims the smaller model is three times more powerful than the last Surface Book, and the 15-inch runs five times as fast. Those are meaningless comparisons, but the point holds. This thing screams. More useful are the comparisons to Apple's latest MacBook Pros: Microsoft claims up to 70 percent more battery life, and double the performance of Apple's laptops.
XBox (Games)

Microsoft's Fall Update With Redesigned Xbox Dashboard Is Now Available To All (engadget.com) 38

Microsoft has released the next big "Fall" update for the Xbox One, which focuses on speed and simplicity. Engadget reports: The first "Fluid Design" interface comes with a redesigned Home page, which is all about simplicity and customization. The top-level section has four shortcuts (your current game, two personalized suggestions, and a deal from the Microsoft store) and a horizontal carousel underneath. The biggest change, however, is the new "Content Blocks" that sit below this screen. Scroll down and you'll find a series of large, visual panels dedicated to games and friends. These are completely customizable and act like miniature hubs for your favorite titles and communities. The quick-access Guide has been tweaked for speed, with small, horizontal tabs that you can slide between with the Xbox controller's LB and RB bumpers, D-pad or left thumbstick. If you launch the Guide while you're streaming or part of an active party, you'll also see the corresponding broadcast and party tabs by default. Other Guide tweaks include a new Tournaments section in the Multiplayer tab, which will summarize any official, professional or community tournaments that you've entered. In addition, Microsoft has overhauled the Community tab with a modern, grid-based layout. It's also tweaked the idle and screen dimming features that kick in when you walk away from the console momentarily. Larry Hryb, Xbox Live's Major Nelson and Mike Ybarra, the Platform Engineer, have posted a walkthrough video on YouTube highlighting all the major new changes.
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 134

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Security

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net) 50

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.
Security

Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw (arstechnica.com) 55

Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, reports ArsTechnica. From the report: The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.
Microsoft

Microsoft Has Already Fixed the Wi-Fi Attack Vulnerability; Android Will Be Patched Within Weeks (theverge.com) 135

Microsoft says it has already fixed the problem for customers running supported versions of Windows. From a report: "We have released a security update to address this issue," says a Microsoft spokesperson in a statement to The Verge. "Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected." Microsoft is planning to publish details of the update later today. While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices "in the coming weeks." Google's own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.
AI

Voice Assistants Will Be Difficult To Fire (wired.com) 180

mirandakatz writes: As voice assistants crop up left and right, consumers are facing a decision: Are you an Alexa? A Google Assistant? A Siri? Choose wisely -- because once you pick one voice assistant, it'll be difficult to switch. As Scott Rosenberg writes at Backchannel, "If I want to switch assistants down the line, sure, I can just go out and buy another device. But that investment of time and personal data isn't so easy to replace... Right now, all these assistants behave like selfish employees who think they can protect their jobs by holding vital expertise or passwords close to their chests. Eventually , the data that runs the voice assistant business is going to have to be standardized."
Microsoft

US Supreme Court To Decide Microsoft Email Privacy Dispute (reuters.com) 69

The U.S. Supreme Court on Monday agreed to resolve a major privacy dispute between the Justice Department and Microsoft Corp over whether prosecutors should get access to emails stored on company servers overseas. From a report: The justices will hear the Trump administration's appeal of a lower court's ruling last year preventing federal prosecutors from obtaining emails stored in Microsoft computer servers in Dublin, Ireland in a drug trafficking investigation. That decision by the New York-based 2nd U.S. Court of Appeals marked a victory for privacy advocates and technology companies that increasingly offer cloud computing services in which data is stored remotely. Microsoft, which has 100 data centers in 40 countries, was the first U.S. company to challenge a domestic search warrant seeking data held outside the country. There have been several similar challenges, most brought by Google.
Chrome

Microsoft Edge Beats Chrome and Firefox in Malware-Blocking Tests (computerworld.com) 126

An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.

The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.
Microsoft

Microsoft Employees Can Now Work In Treehouses (cnbc.com) 95

Microsoft's campus now features three outdoor treehouses for its employees. An anonymous reader quotes CNBC: More than 12 feet off the ground, the treehouses feature charred-wood walls, skylights, at least one gas fireplace, Wi-Fi and hidden electrical outlets. Employees can even grab a bite at an outdoor extension of the indoor cafeteria. The "more Hobbit than HQ" treehouses are designed by Pete Nelson of the TV show "Treehouse Masters" and are part of Microsoft's growing "outdoor districts..." The company touts the professional benefits of working in nature -- greater creativity, focus and happiness -- but honestly, the treehouses are just plain cool.
Microsoft touts a Harvard physician who believes nature "stimulates reward neurons in your brain. It turns off the stress response, which means you have lower cortisol levels, lower heart rate and blood pressure, and improved immune response." There's a short video on the "Working at Microsoft" channel on YouTube, but I'm curious what Slashdot readers think about working outdoors. Or, in a tree...
Privacy

Dutch Privacy Regulator Says Windows 10 Breaks the Law (arstechnica.com) 63

An anonymous reader quotes a report from Ars Technica: The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law. To comply with the law, the DPA says that Microsoft needs to get valid user consent: this means the company must be clearer about what data is collected and how that data is processed. The regulator also complains that the Windows 10 Creators Update doesn't always respect previously chosen settings about data collection. In the Creators Update, Microsoft introduced new, clearer wording about the data collection -- though this language still wasn't explicit about what was collected and why -- and it forced everyone to re-assert their privacy choices through a new settings page. In some situations, though, that page defaulted to the standard Windows options rather than defaulting to the settings previously chosen. In the Creators Update, Microsoft also explicitly enumerated all the data collected in Windows 10's "Basic" telemetry setting. However, the company has not done so for the "Full" option, and the Full option remains the default. The DPA's complaint doesn't call for Microsoft to offer a complete opt out of the telemetry and data collection, instead focusing on ensuring that Windows 10 users know what the operating system and Microsoft are doing with their data. The regulator says that Microsoft wants to "end all violations," but if the software company fails to do so, it faces sanctions.
Google

Google Announces $1 Billion Job Training and Education Program (axios.com) 47

Google CEO Sundar Pichai was in Pittsburgh Wednesday to announce a new five-year, $1 billion program to help close the global education gap. From a report: Part of the program was a new "Grow with Google" program to work with U.S. cities as well as a $10 million grant to Goodwill that will see Google employees working with the nonprofit to train people in digital skills. Why it matters: Google, along with Apple, Microsoft and other big tech companies, have all launched significant efforts in recent months to demonstrate their commitment to education and U.S. jobs.
Android

Failed Palo Alto Startup Pivots From Trying To Be an 'Android Killer' To Self-driving Tech (bizjournals.com) 71

A Palo Alto startup that stopped trying to be an "Android killer" last year after raising $185 million has apparently pivoted to developing autonomous vehicle technology. From a report: The company now known as Cyngn has changed its name from Cyanogen and recently got a permit to test its self-driving tech on California roads, according to a report Wednesday on Axios. It's being led by Lior Tal, the former chief operating officer who took over as CEO last fall when Kirt McMaster left. The rest of the startup's current team of about 30 people appear to have joined since the strategy shift, Axios reported, citing LinkedIn records. Some of them are former Facebook people, like Tal, and alumni of automakers who include Mercedes-Benz. No new funding has been disclosed for the reinvented company. It lists on its website investors who backed it before it pivoted, including Andreessen Horowitz, Benchmark Capital, Redpoint Ventures, Index Ventures, Qualcomm and Chinese social networking company Tencent. The company was the center of acquisition talk in 2014, when companies like Microsoft, Amazon, Samsung and Yahoo expressed interest in the company.
Businesses

Despite Sanctions, Russian Organisations Acquire Microsoft Software (reuters.com) 44

An anonymous reader shares a report: Software produced by Microsoft has been acquired by state organizations and firms in Russia and Crimea despite sanctions barring U.S-based companies from doing business with them, official documents show. The acquisitions, registered on the Russian state procurement database, show the limitations in the way foreign governments and firms enforce the U.S. sanctions, imposed on Russia over its annexation of the Crimea peninsula from Ukraine in 2014. Some of the users gave Microsoft fictitious data about their identity, people involved in the transactions told Reuters, exploiting a gap in the U.S. company's ability to keep its products out of their hands. The products in each case were sold via third parties and Reuters has no evidence that Microsoft sold products directly to entities hit by the sanctions. "Microsoft has a strong commitment to complying with legal requirements and we have been looking into this matter in recent weeks," a Microsoft representative said in an emailed response to questions from Reuters.

Slashdot Top Deals