Cloud

Microsoft Wins A Big Cloud Deal With America's Intelligence Community (spokesman.com) 45

wyattstorch516 shared this story from the AP: Microsoft Corp. said it's secured a lucrative cloud deal with the intelligence community that marks a rapid expansion by the software giant into a market led by Amazon.com Inc. The deal, which the company said Wednesday is worth hundreds of millions of dollars, allows 17 intelligence agencies and offices to use Microsoft's Azure Government, a cloud service tailored for federal and local governments, in addition to other products Microsoft already offers, such as its Windows 10 operating system and word processing programs.

The cloud agreement gives Microsoft more power to make its case to the Pentagon as it goes up against competitors like International Business Machines Corp., Oracle Corp. and Amazon for the agency's winner-take-all cloud computing contract for up to 10 years.

That contract is expected to be worth billions of dollars, according to the article, adding that "the Defense Department has said it intends to move the department's technology needs -- 3.4 million users and 4 million devices -- to the cloud to give it a tactical edge on the battlefield and strengthen its use of emerging technologies."

One Microsoft executive said this week's deal reinforces "the fact that we are a solid cloud platform that the federal government can put their trust in."
Chrome

Edge Beats Chrome in Battery Test, Says Microsoft (zdnet.com) 98

The latest installment of Microsoft's browser battery challenge shows once again that Edge consumes less energy than Chrome and Firefox. From a report: With the Windows 10 April 2018 Update rolling out across the globe, Microsoft thinks it's once again time to square Edge up against Chrome and Firefox in a new battery-life test. Microsoft's browser experiment shows a time-lapse of "three identical devices, three different browsers, streaming one video." Firefox, Edge, and Chrome play what appears to be a Netflix video on three Surface Books. As usual, the Edge device lasts the longest, depleting the battery after 14 hours and 20 minutes. The Chrome device lasted 12 hours and 32 minutes, while the Firefox laptop ran out of steam after just seven hours and 15 minutes.
Security

Microsoft Explains Why Windows Defender Isn't Ranked Higher in New Antivirus Tests (zdnet.com) 85

In its most recent reports, AV-Test had very few flattering things to say about Windows Defender. Microsoft's security suite was rated as the seventh best antivirus product in the independent test. In total, 15 AV products were tested. Microsoft, however, has now disputed AV-Test's methodology and conclusion. For some context, the top AV products rated by AV-Test on Windows 10 were Trend Micro, Vipre, AhnLab, Avira, Bitdefender, Kaspersky, and McAfee.

Windows Defender was able to detect 100 percent of new and old malware, but it lost few points for performance (which, AV-Test measures on the basis of how a security suite slows applications and websites on the test computer); and usability (which counts false-positives or instances where AV wrongly identifies a file as malicious.) From a report: Windows Defender's performance rating was dragged down because it slowed the installation of frequently used applications more than the industry average, and wrongly detected 16 pieces of legitimate software compared with the industry average of four. But Microsoft wants enterprise customers to know that Windows Defender is only half the picture, given the option for customers to also deploy Windows Defender Advanced Threat Protection's (ATP) "stack components" including Smartscreen, Application Guard, and Application Control.

In the January and February test Windows Defender also scored 100 percent on protection. However it did miss two samples. Since then it's retrained its machine-learning classifiers to detect them. But Microsoft notes in a new paper that Defender ATP did catch them, which isn't reflected in AV-Test's or other testing firms' result. Microsoft hopes to change this so that testers include so-called stack components available in ATP. "As threats become more sophisticated, Microsoft and other security platform vendors continue evolving their product capabilities to detect threats across different attack stages," Microsoft's Windows Defender Research team writes. "We hope to see independent testers evolve their methodologies as well. Our customers need greater transparency and optics into what an end-to-end solution can accomplish in terms of total preventive protection, including the quality of individual components like antivirus."

Businesses

Apple Blocks Steam's Plan To Extend Its Video Games To iPhones (reuters.com) 192

Citing "business conflicts," Apple has blocked Steam's plans to distribute PC-based video games to iPhones. It's "a sign that Apple is serious about protecting its ability to take a cut of digital purchases made inside games on its mobile devices," reports Reuters. From the report: Steam, the dominant online store for downloaded games played on Windows PCs, had planned to release a free mobile phone app called Steam Link so that gamers could continue playing on their mobile phones while away from their desktop machines. But Apple has rejected the app, blocking its release, according to a statement from Steam's parent company, the Bellevue, Washington-based Valve. Steam did not give a precise reason for the App Store denials, saying only that Apple cited "business conflicts with app guidelines." But the conflict likely centers on what are known as in-app purchases or micro-transactions, in which gamers can spend small sums of money inside games to buy tokens, extra lives or others so-called digital goods. Lombardi said Steam disabled purchasing its iOS app but did not elaborate on how the change was made. Many analysts believe Apple could lose revenue if they allow Steam's app, which is essentially a store-within-a-store. "Apple takes a 30 percent cut of such purchases made within apps distributed through its App Store," Reuters notes. "[T]hose purchases are among the primary drivers of revenue in Apple's services business."
Youtube

Vevo To Shut Down Site, Giving In To YouTube Empire (rollingstone.com) 92

Vevo, the video-hosting service founded in 2009 as a joint venture between the big three record companies, is shutting down. The company announced in a blog post Thursday that it is shuttering its mobile apps and website, and that "going forward, Vevo will remain focused on engaging the biggest audiences and pursuing growth opportunities." Vevo is almost entirely succumbing to YouTube. Rolling Stone reports: The major record labels set up Vevo -- an abbreviation for "video evolution" -- in 2009 as a designated streaming service for music videos that would ideally bring in greater revenue from more high-end advertisers. Via a distribution deal with YouTube, it received a cut of revenue from putting its music videos on the Google-owned site. But YouTube's might has grown: The video-streaming service recently took Vevo's branding off its music videos, while also securing permission under a new licensing deal to sell Vevo's clips directly to advertisers, cutting out the smaller company's sales force. Though Vevo has been trying to peel away from its dependence on YouTube by touting its own suite of apps and offerings for years, it seems those efforts haven't been met with much success. "Our catalog of premium music videos and original content will continue to reach a growing audience on YouTube and we are exploring ways to work with additional platforms to further expand access to Vevo's content," the company said in its blog post. Vevo users on its website and Android, iOS and Windows Mobile apps will receive a tool to migrate their playlists to YouTube.
Network

Pornhub Launches VPNhub, Its Own Virtual Private Network App (venturebeat.com) 68

"Adult entertainment" giant Pornhub is entering the busy virtual private network (VPN) space with the launch of its very own VPN service. From a report: Dubbed VPNhub, the new service is available for free via native apps on Android, iOS, MacOS, and Windows, though there is a premium subscription available that gets rid of the ads and promises faster speeds. In the U.S., this will cost between $12 and $14 per month, depending on the platform. VPNhub promises unlimited bandwidth, even on the free service, which is key given that Pornhub's core selling point is bandwidth-intensive video, while it offers around 1,000 servers across 15 countries. And it promises that it logs no user data.
Programming

Ask Slashdot: What's the Most Sophisticated Piece of Software Ever Written? (quora.com) 237

An anonymous reader writes: Stuxnet is the most sophisticated piece of software ever written, given the difficulty of the objective: Deny Iran's efforts to obtain weapons grade uranium without need for diplomacy or use of force, John Byrd, CEO of Gigantic Software (formerly Director of Sega and SPM at EA), argues in a blog post, which is being widely shared in developer circles, with most agreeing with Byrd's conclusion.

He writes, "It's a computer worm. The worm was written, probably, between 2005 and 2010. Because the worm is so complex and sophisticated, I can only give the most superficial outline of what it does. This worm exists first on a USB drive. Someone could just find that USB drive laying around, or get it in the mail, and wonder what was on it. When that USB drive is inserted into a Windows PC, without the user knowing it, that worm will quietly run itself, and copy itself to that PC. It has at least three ways of trying to get itself to run. If one way doesn't work, it tries another. At least two of these methods to launch itself were completely new then, and both of them used two independent, secret bugs in Windows that no one else knew about, until this worm came along."

"Once the worm runs itself on a PC, it tries to get administrator access on that PC. It doesn't mind if there's antivirus software installed -- the worm can sneak around most antivirus software. Then, based on the version of Windows it's running on, the worm will try one of two previously unknown methods of getting that administrator access on that PC. Until this worm was released, no one knew about these secret bugs in Windows either. At this point, the worm is now able to cover its tracks by getting underneath the operating system, so that no antivirus software can detect that it exists. It binds itself secretly to that PC, so that even if you look on the disk for where the worm should be, you will see nothing. This worm hides so well, that the worm ran around the Internet for over a year without any security company in the world recognizing that it even existed."
What do Slashdot readers think?
Android

With Steam Link App, Your Smartphone Can Be An Imperfect Gaming Monitor (arstechnica.com) 47

Ars Technica's Kyle Orland shares his experience with Valve's recently announced Steam Link app, which lets users play games running on a PC via a tablet, mobile phone, or Apple TV on the same network. The app launches today for Android 5.0+ devices; iOS support is "pending further review from Apple." From the report: Valve isn't kidding when it says a Wi-Fi router in the 5Ghz band is required for wireless streaming. I first tested iPad streaming on the low-end 2.4Ghz router provided with my Verizon FiOS subscription (an Actiontec MI424WR), with a wired Ethernet connection to my Windows gaming rig on the other end. The Steam Link network test warned me that "your network may not work well with Steam Link," thanks to 1- to 2-percent frame loss and about 15ms of "network variance," depending on when I tested. Even graphically simple games like The Binding of Isaac ran at an unplayably slowed-down rate on this connection, with frequent dropped inputs to boot.

Switching over to a 5GHz tri-band router (The Netgear Nighthawk X6, to be precise), the same network test reported a "fantastic" connection that "look[s] like it will work well with Steam." On this router, remotely played games ran incredibly smoothly at the iPad's full 1080p resolution, with total round-trip display latency ranging anywhere from 50 to 150ms, according to Steam Link's reports (and one-way "input lag" of less than 1ms). At that level of delay, playing felt practically indistinguishable from playing directly on the computer, with no noticeable gameplay impact even on quick-response titles like Cuphead.

XBox (Games)

Microsoft Announces Xbox Adaptive Controller For Players With Disabilities (theverge.com) 19

A new Xbox controller designed for people with disabilities has been announced by Microsoft today. The Xbox Adaptive Controller features two large programmable buttons and 19 jacks that can be connected to a range of joysticks, buttons, and switches to make it easier for a wider range of people to play games on Xbox One and Windows 10 PCs. The Verge reports: "I can customize how I interface with the Xbox Adaptive Controller to whatever I want," says Solomon Romney, a Microsoft Store learning specialist who was born without fingers on his left hand. "If I want to play a game entirely with my feet, I can. I can make the controls fit my body, my desires, and I can change them anytime I want. You plug in whatever you want and go. It takes virtually no time to set it up and use it. It could not be simpler."

The focus is on connectivity and customizability, with players able to build a setup that works for their capabilities and needs. It won't be an all-in-one solution for many games, but through the use of peripherals and the Xbox's system-level button remapping, the possibilities could be endless. The Xbox Adaptive Controller will cost $99.99 and goes on sale later this year.

Windows

Rollout of Windows 10 April Update Halted For Devices With Intel and Toshiba SSDs (bleepingcomputer.com) 89

Catalin Cimpanu, writing for BleepingComputer: Microsoft has halted the deployment of the Windows 10 April 2018 Update for computers using certain types of Intel and Toshiba solid state drives (SSDs). The Redmond-based OS maker took this decision following multiple user reports about the Windows 10 April 2018 Update not working properly on devices using: Intel SSD 600p Series, Intel SSD Pro 6000p Series, Toshiba XG4 Series, Toshiba XG5 Series, and Toshiba BG3 Series.

The Intel and Toshiba issues appear to be different. More specifically, Windows PCs using Intel SSDs would often crash and enter a UEFI screen after reboot, while users of Toshiba SSDs reported lower battery life and SSD drives becoming very hot.

Microsoft

Microsoft To Launch a Line of Lower-Cost Surface Tablets With 10-inch Displays By Second Half of 2018, Report Says (bloomberg.com) 75

Microsoft plans to launch a line of lower-cost Surface tablets as soon as the second half of 2018, Bloomberg reported Wednesday. These devices should help Microsoft improve its market share in the iPad-led hybrid machines market, the outlet noted. From the report: Microsoft has tried this before. The software giant kicked off its consumer-oriented hardware push in 2012 with the launch of the original Surface RT. At the time, it was priced starting at $499. After the tablets didn't resonate with consumers and product reviewers, Microsoft pivoted to the more-expensive Surface Pro, a line which has gained steam and likely contributed to demand for a pro-oriented iPad, which Apple launched in 2015.

The new tablets will feature 10-inch screens -- around the same size as a standard iPad, but smaller than the 12-inch screens used on the Surface Pro laptop line. The new Surfaces, priced about $400, will have rounded edges like an iPad, differing from the squared off corners of current models. They'll also include USB-C connectivity, a first for Surface tablets, a new charging and syncing standard being used by some of the latest smartphones. The tablets are expected to be about 20 percent lighter than the high-end models, but will have around four hours fewer of battery life. (The current Surface Pro can last 13.5 hours on a single charge.)

Operating Systems

Fedora-Based Linux Distro Korora Halts Development (betanews.com) 68

Korora, a Fedora-based Linux distro, halted its development this month, BetaNews' Brian Fagioli spotted Wednesday. The announcement would irk many, as Korora consistently received positive feedback from critics and users alike. News outlet ZDNet once described Korora as "Fedora++", while Slashdot readers, too, spoke highly of the distro.

At the same time, the announcement should come as little surprise to anyone who has been tracking Korora's work. In a blog post, Korora team wrote: Korora for the forseeable future is not going to be able to march in cadence with the Fedora releases. In addition to that, for the immediate future there will be no updates to the Korora distribution. Our team is infinitesimal (currently 1 developer and 2 community managers) compared to many other distributions, we don't have the luxury of being able to dedicate the amount of time we would like to spend on the project and still satisfy our real life obligations. So we are taking a little sabbatical to avoid complete burn out and rejuvenate ourselves and our passion for Korora/Fedora and wider open source efforts. The team had expressed similar concerns earlier this year: For the past few years Korora has released a new version in line with each Fedora version. That means that approximately twice a year we prepare, test and create 5 different ISO versions. This is as well as, among other things, developing new projects, supporting existing releases and planning the future versions. As each team member has different skills some tasks, such as development, can only be done by one person. All this is done in our spare time along side our job, family and personal responsibilities. For a very small team, currently 3 people plus the occasional input from others, this is a lot of work. It means that often Korora has to take a back seat when real life intrudes. This isn't the first time Korora had to abruptly pause its development. In 2007, Christopher Smart, who kickstarted Korora (at the time based on Gentoo Linux), had discontinued the project -- only to revive it three years later.
AMD

AMD Integrates Ryzen PRO and Radeon Vega Graphics In Next-Gen APUs (zdnet.com) 76

The three biggest PC OEMs -- Dell, HP, and Lenovo -- are now offering AMD Ryzen PRO mobile and desktop accelerated processing units (APUs) with built-in Radeon Vega graphics in a variety of commercial systems. There are a total of seven new APUs -- three for the mobile space and four for the desktop. As AMD notes in its press release, the first desktops to ship with these latest chips include: the HP Elitedesk G4 and 285 Desktop, the Lenovo ThinkCentre M715, and the Dell Optiplex 5055. ZDNet's Adrian Kingsley-Hughes writes about what makes Ryzen PRO so appealing: Ryzen PRO has been built from the ground up to focus on three pillars -- power, security and reliability. Built-in security means integrated GuardMI technology, an AES 128-bit encryption engine, Windows 10 Enterprise Security support, and support for fTPM/TPM 2.0 Trusted Platform Module. One of the features of Ryzen PRO that AMD hopes will appeal to commercial users is the enterprise-grade reliability that the chips come backed with, everything from 18-moths of planned software availability, 24-months processor availability, a commercial-grade QA process, 36-moth warranty, and enterprise-class manageability.

There are no worries on the performance front either, with the Ryzen PRO with Vega Graphics being the world's fastest processor currently available for ultrathin commercial notebooks, with the AMD Ryzen 7 PRO 2700U offering up to 22 percent more productivity performance than Intel's 8th-generation Core i7-8550U in testing carried out by AMD. AMD has also designed the Ryzen PRO processors to be energy-efficient, enabling up to 16 hours of battery life in devices, or 10.5 hours of video playback. The Ryzen PRO with Vega Graphics desktop processors are also no slouches, opening up a significant performance gap when compared to Intel Core i5 8400 and Core i3 8100 parts.
AMD also announced that it is sampling its second-generation Threadripper 2900X, 2920X and 2950X products. "For Threadripper Gen2 you can expect a refresh of the current line-up; an 8-core Threadripper 2900X, a 12-core Threadripper 2920X and of course a 16-core Threadripper 2950X," reports Guru3D.com. "AMD will apply the same Zen+ tweaks to the processors; including memory latency optimizations and higher clock speeds."

AMD has something for the datacenter enthusiasts out there too. Epyc, AMD's x86 server processor line based on the company's Zen microarchitecture, has a new promo video, claiming more performance, more security features, and more value than Intel Xeon. The company plans to market Epyc in an aggressive head-to-head format similar to how T-Mobile campaigns against Verizon and AT&T. Given Intel Xeon's 99% market share, they sort of have to...
Security

One Year After WannaCry, EternalBlue Exploit Is Bigger Than Ever (bleepingcomputer.com) 62

An anonymous reader quotes a report from Bleeping Computer: Exactly one year after the biggest cyber-security incident in history, the exploit at the heart of the WannaCry attack is now more popular than ever, according to telemetry data gathered by Slovak antivirus vendor ESET. Named EternalBlue, the exploit was supposedly developed by the cyber division of the U.S. National Security Agency. EternalBlue was part of a large cache of tools that a hacker group known as The Shadow Brokers stole from NSA servers in 2016 and then leaked online from August 2016 to April 2017. Many suspect the NSA might have notified Microsoft of what the Shadow Brokers stole, because in March 2017, a month before EternalBlue was released, Microsoft released MS17-010, a security bulletin containing patches for the many SMB-targeting exploits included in the Shadow Broker leak.

Even if EternalBlue is not being used anymore to help ransomware become a virulent nightmare on a global level (only on a network level), most regular users don't know that it's still one of today's biggest threats. This threat doesn't only come from malware authors continuing to weaponize it for a diverse set of operations. Malware authors wouldn't ever bother with an inefficient exploit. ExploitBlue continues to be a threat because of the vulnerable machines still available online. According to Nate Warfield of the Microsoft Security Response Center, there are still plenty of vulnerable Windows systems exposing their SMB service available online.

Microsoft

Microsoft Works To Port Ubuntu To Windows ARM (neowin.net) 107

Billly Gates shares a report: It was this time last year that Microsoft announced that it was bringing Ubuntu to the Windows Store (now the Microsoft Store), along with other Linux distributions. If you check out the app in the Store now though, you'll find that it only works on x64 devices, meaning that you can't run it on any of the new Windows 10 on ARM PCs. That's all about to change though. In a session at Microsoft's Build 2018 developer conference today called Windows 10 on ARM for Developers, the company showed off Ubuntu running on an ARM PC, with the app coming from the Microsoft Store. It will finally support ARM64 PCs, although x86 devices are still out of luck.
IOS

North Korean Hackers Are Now Developing iPhone Spy Tools (forbes.com) 27

An anonymous reader shares a report: Probing the bowels of what he believed to be North Korean hacking architecture, American cybersecurity researcher Darien Huss found an outlier: iPhone software. It appeared at first glance to be a fairly mundane program, a mobile device management (MDM) tool. Such apps are typically used for businesses to remotely monitor and control employees' phones. But, according to Huss, it's most likely one of, if not the only, example of North Korean spyware for Apple's smartphone.

It's unlikely the MDM app was anything other than malicious, said Huss, an employee of cybersecurity company Proofpoint. Tellingly, it was located on a server believed to contain other hacking tools, in particular those for Microsoft Windows, that he'd linked to one of the bigger North Korean hacking groups, the researcher explained to Forbes. If the iPhone tool is indeed a piece of spyware, Huss hasn't seen it used yet. He believes it's currently in development by that North Korean-linked hacker crew, though Proofpoint declined to provide additional details on his research.

AI

Siri, Alexa, and Google Assistant Can Be Controlled By Inaudible Commands (venturebeat.com) 100

Apple's Siri, Amazon's Alexa, and Google's Assistant were meant to be controlled by live human voices, but all three AI assistants are susceptible to hidden commands undetectable to the human ear, researchers in China and the United States have discovered. From a report: The New York Times reports today that the assistants can be controlled using subsonic commands hidden in radio music, YouTube videos, or even white noise played over speakers, a potentially huge security risk for users. According to the report, the assistants can be made to dial phone numbers, launch websites, make purchases, and access smart home accessories -- such as door locks -- at the same time as human listeners are perceiving anything from completely different spoken text to recordings of music.

In some cases, assistants can be instructed to take pictures or send text messages, receiving commands from up to 25 feet away through a building's open windows. Researchers at Berkeley said that they can modestly alter audio files "to cancel out the sound that the speech recognition system was supposed to hear and replace it with a sound that would be transcribed differently by machines while being nearly undetectable to the human ear."

Firefox

Firefox Moves Browsers Into Post-Password Future With WebAuthn Tech (cnet.com) 132

Today, Mozilla released Firefox 60 for Windows, Mac, Linux and Android, and with it arrives Web Authentication API for desktop browsers. From a report: Firefox 60 supports technology called Web Authentication, or WebAuthn for short, that can be used to grant you access to websites with a physical authentication device like a YubiKey dongle, biometric identity proof using an Android phone's fingerprint reader or the iPhone's Face ID, and some other alternatives to passwords.

Passwords are a particular problem on the web. Fake websites can coax you to type in credentials that then can be used to steal money from your bank account or snoop your email -- a problem called phishing. Even if you pick hard-to-guess passwords, never reuse them on multiple sites and always remember them, passwords still aren't that strong a foundation for security these days. We're still a long way away from a post-password future, but WebAuthn is an important step, if nothing else, in making sites more secure.

Unix

Windows Notepad Finally Supports Unix, Mac OS Line Endings (theregister.co.uk) 291

Microsoft's text editing app, Notepad, which has been shipping with Windows since version 1.0 in 1985, now supports line endings in text files created on Linux, Unix, Mac OS, and macOS devices. "This has been a major annoyance for developers, IT Pros, administrators, and end users throughout the community," Microsoft said in a blog post today. The Register reports: Notepad previously recognized only the Windows End of Line (EOL) characters, specifically Carriage Return (CR, \r, 0x0d) and Line Feed (LF, \n, 0x0a) together. For old-school Mac OS, the EOL character is just Carriage Return (CR, \r, 0x0d) and for Linux/Unix it's just Line Feed (LF, \n, 0x0a). Modern macOS, since Mac OS X, follows the Unix convention. Opening a file written on macOS, Mac OS, Linux, or Unix-flavored computers in Windows Notepad therefore looked like a long wall of text with no separation between paragraphs and lines. Relief arrives in the current Windows 10 Insider Build.

Notepad will continue to output CRLF as its EOL character by default. It's not changing its stripes entirely. But it will retain the formatting of the files it opens so users will be able to view, edit and print text files with non-Windows line ends. Microsoft has thoughtfully provided an out for Windows users counting on the app's past inflexibility: the new behavior can be undone with a registry key change.

Chrome

You Can Now Run Linux Apps On Chrome OS (venturebeat.com) 106

Google today announced Chrome OS is getting Linux support. "As a result, Chromebooks will soon be able to run Linux apps and execute Linux commands," reports VentureBeat. "A preview of Linux on the Pixelbook will be released first, with support for more devices coming soon." From the report: "Just go to wherever you normally get those apps, whether it's on the websites or through apt-get in the Linux terminal, and seamless get those apps like any other Linux distribution," Chrome OS director of product management Kan Liu told VentureBeat.

Support for Linux apps means developers will finally be able to use a Google device to develop for Google's platforms, rather than having to depend on Windows, Mac, or Linux machines. And because Chrome OS doesn't just run Chrome OS-specific apps anymore, developers will be able to create, test, and run any Android or web app for phones, tablets, and laptops all on their Chromebooks. Without having to switch devices, you can run your favorite IDE -- as long as there is a Debian Linux version (for the curious, Google is specifically using Debian Stretch here -- code in your favorite language and launch projects to Google Cloud with the command line.

Slashdot Top Deals