Slashdot Mirror

"Time and again, security experts and vendors alike will recommend to organizations and end users to keep software and systems updated with the latest patches," reports eWeek. "But what happens when the application infrastructure that is supposed to deliver those patches itself is at risk?" That's what open-source and Linux users were faced with this past week with a pair of projects reporting vulnerabilities. On January 22, the Debian Linux distribution reported a vulnerability in its APT package manager that is used by end users and organizations to get application updates. That disclosure was followed a day later, on January 23, with the PHP PEAR (PHP Extension and Application Repository) shutting down its primary website, warning that it was the victim of a data breach. PHP PEAR is a package manager that is included with many Linux distributions as part of the open-source PHP programming language binaries....

In the Debian APT case, a security researcher found a flaw, reported it, and the open-source project community responded rapidly, fixing the issue. With PHP PEAR issue, researchers with the Paranoids FIRE (Forensics, Incident Response and Engineering) Team reported that they discovered a tainted file on the primary PEAR website... Both PHP PEAR and Debian have issued updates fixing their respective issues. While both projects are undoubtably redoubling their efforts now with different security technologies and techniques, the simple fact is that the two issues highlight a risk with users trusting updating tools and package management systems.

What's new with Oracle's free and open-source hosted hypervisor? Long-time Slashdot reader Freshly Exhumed writes: Oracle has released major version 6.0 of VirtualBox with a variety of new features, including support for exporting a virtual machine to the Oracle Cloud; improved HiDPI and scaling (with better detection and per-machine configuration); a UI rework with simpler application and virtual machine set-up; a new file manager that allows control of the guest file system; a 3D graphics support update for Windows guests; VMSVGA 3D graphics device emulation on Linux and Solaris guests; surround speaker setups used by Windows 10 Build 1809; a new 'vboximg-mount' utility on Apple hosts to access the content of guest disks on the host; Hyper-V as the fallback execution core on Windows hosts to avoid inability to run VMs at reduced performance; and support for Linux Kernel 4.20 .

Leonovo will add $7.3 million into a $1M fund settling a class action lawsuit over their undisclosed pre-installation of Superfish's targeting adware on 28 different laptop models in 2014.

Within one year the U.S. Department of Homeland Security had warned that the adware made laptops vulnerable to SSL spoofing, allowing the reading of encrypted web traffic and the redirecting of traffic from official websites to spoofs, while according to Bloomberg the original software itself also "could access customer Social Security numbers, financial data, and sensitive heath information, the court said."

An anonymous reader quotes Softpedia: According to a "SuperFish Vulnerability" advisory published by Lenovo on their support website following the discovery of the pre-installed software by consumers, the VisualDiscovery comparison search engine software was designed to work in the background, intercepting HTTP(S) traffic with the help of a self-signed root certificate that allowed it to decrypt and monitor all traffic, encrypted or not.... "VisualDiscovery was installed on nearly 800,000 Lenovo laptops sold in the United States between September 1, 2014 and February 28, 2015," also states the settlement agreement. "On January 18, 2015, in response to mounting complaints about the effects of VisualDiscovery, Lenovo instructed Superfish to turn it off at the server level...."

Out of the 800,000 who bought the laptops that came with VisualDiscovery pre-installed, the 500,000 ones who registered their devices with Lenovo or bought them from retailers such as Best Buy and Amazon will be contacted directly by the Chinese company and informed about the settlement agreement. The rest of the customers who cannot be reached straightaway will be targeted by Lenovo using multiple online advertising platforms, from Google to Twitter and Facebook.
A separate settlement with the FTC in 2017 was criticized for its failure to fine Lenovo -- though it did require the company to get affirmative consent for any future adware programs, plus regular third-party audits of its bundled software for the next 20 years.

Microsoft has released a free AV1 video codec for Windows 10 devices that's available via the Microsoft Store.

"Play AV1 videos on your Windows 10 device. This extension is an early beta version of the AV1 software decoder that lets you play videos that have been encoded using the AV1 video coding standard developed by the Alliance for Open Media," the company says. "Since this is an early release, you might see some performance issues when playing AV1 videos. We're continuing to improve this extension. If you allow apps to be updated automatically, you should get the latest updates and improvements when we release them." Softpedia reports: Oddly enough, the codec can only be installed on devices running Windows 10 October 2018 Update, which is no longer up for grabs after Microsoft pulled it last month. It remains to be seen how often Microsoft updates the codec in the coming months, but I've already tried it out for a test earlier today and the initial release seems to be running just fine. You can install the codec from the Microsoft Store to be notified when new versions are out, and make sure you report any potential issues to Microsoft for more bug fixes.

America's Multi-State Information Sharing & Analysis Center is operated in collaboration with its Department of Homeland Security's Office of Cybersecurity and Communications -- and they've got some bad news. MS-ISAC released an advisory warning government agencies, businesses, and home users of multiple high-risk security issues in PHP that can allow attackers to execute arbitrary code. Furthermore, if the PHP vulnerabilities are not successfully exploited, attackers could still induce a denial-of-service condition rendering the probed servers unusable... The PHP Group has issued fixes in the PHP 7.1.23 and 7.2.11 releases for all the high-risk bugs that could lead to DoS and arbitrary code execution in all vulnerable PHP 7.1 and 7.2 versions before these latest updates.
But meanwhile, Threatpost reported this week that 62% of the world's web sites are still running PHP version 5 -- even though its end of life is December 31st. "The deadlines will not be extended, and it is critical that PHP-based websites are upgraded to ensure that security support is provided," warned a recent CERT notice.

So far Drupal is the only CMS posting an official notice requiring upgrades to PHP 7 (by March, three months after the PHP 5.6's end of life deadline). Threatpost notes that "There has been no such notice from WordPress or Joomla."

An anonymous reader quotes Softpedia: Purism announced Thursday that its highly anticipated Librem Key security key is now available for purchase as the first and only OpenPGP-based smart card to offer a Heads-firmware-integrated tamper-evident boot process for laptops. Developed in partnership with Nitrokey, a company known for manufacturing open-source USB keys that enable secure encryption and signing of data for laptops, Purism's Librem Key is dedicated to Librem laptop users, allowing them to store up to 4096-bit RSA keys and up to 512-bit ECC keys on the security key, as well as to securely generate new keys directly on the device. Librem Key integrates with the secure boot process of the latest Librem 13 and 15 laptops...

Designed to let Librem laptop users see if someone has tampered with the software on their computers when it boots, Librem Key leverages the Heads-enabled TPM (Trusted Platform Module) chip in new Librem 13 and Librem 15 laptops. According to Purism, when inserted, the security key will blink green to show users that the laptop hasn't been tampered with, so they can continue from where they left off, and blinks red when tampering has occurred.
Purism's web site explains: With so many attacks on password logins, most security experts these days recommend adding a second form of authentication (often referred to as "2FA" or "multi-factor authentication") in addition to your password so that if your password gets compromised the attacker still has to compromise your second factor.

USB security tokens work well as this second factor because they are "something you have" instead of "something you know" like a password is, and because they are portable enough you can just keep them in your pocket, purse, or keychain and use them only when you need to login to a secure site.

prisoninmate writes: LibreOffice 6.0 comes two and a half years after the LibreOffice 5.x series, and it's the biggest release of the open-source and cross-platform office suite so far. It introduces a revamped design with new table styles, improved Notebookbars, new gradients, new Elementary icons, menu and toolbar improvements, and updated motif/splash screen.

LibreOffice 6.0 offers superior interoperability with Microsoft Office documents and compatibility with the EPUB3 format by allowing users to export ODT files to EPUB3. It also lets you import your AbiWord, Microsoft Publisher, PageMaker, and QuarkXPress documents and templates thanks to the implementation of a set of new open-source libraries contributed by the Document Liberation project. Many great improvements were made to the OOXML and ODF filters, as well as in the EMF+, Adobe Freehand, Microsoft Visio, Adobe Pagemaker, FictionBook, Apple Keynote, Pages, and Numbers, as well as Quattro Pro import functionality, and to the XHTML export. LibreOffice Online received numerous improvements as well in this major release of LibreOffice.

prisoninmate shares a report from Softpedia: The Wine (Wine Is Not an Emulator) project has been updated today to version 3.0, a major release that ends 2017 in style for the open-source compatibility layer capable of running Windows apps and games on Linux-based and UNIX-like operating systems. Almost a year in the works, Wine 3.0 comes with amazing new features like an Android driver that lets users run Windows apps and games on Android-powered machines, Direct3D 11 support enabled by default for AMD Radeon and Intel GPUs, AES encryption support on macOS, Progman DDE support, and a task scheduler. In addition, Wine 3.0 introduces the ability to export registry entries with the reg.exe tool, adds various enhancements to the relay debugging and OLE data cache, as well as an extra layer of event support in MSHTML, Microsoft's proprietary HTML layout engine for the Windows version of the Internet Explorer web browser. You can read the full list of features and download Wine 3.0 from WineHQ's website.

A reader shares a report: We've seen lots of blunders on stage, and still happen occasionally, but this must be the best of all. A Microsoft engineer downloaded, installed, and started using Google Chrome during a live presentation after Microsoft Edge, the default Windows 10 browser, stopped responding in the middle of a demo. In just a few words, Microsoft Edge froze while the engineer was working with virtual machines in the browser, and judging from how fast he proceeded to downloading Google Chrome, this wasn't the first time it happened. Because, you know, sometimes reloading the page or restarting the browser does help, but you can't risk hitting the same error twice, right? "I love it when demos break," he said. "So while we're talking here, I'm gonna go install Chrome," he continued before he started laughing, with many people in the audience cheering. "And we're going to not make Google better," he added when unchecking the box to send usage statistics and crash reports to Google, as if this made things less worse. "We're going to do this again, I'm sorry about this. The age of these machines are [sic] wacked down a little bit, there are some things that just don't work."

prisoninmate shares a report from Softpedia: Believe it or not, Purism's Librem 5 security and privacy-focused smartphone has been successfully crowdfunded a few hours ago when it reached and even passed its goal of $1.5 million, with 13 days left. Librem 5 wants to be an open source and truly free mobile phone designed with security and privacy in mind, powered by a GNU/Linux operating system based on Debian GNU/Linux and running only Open Source software apps on top of a popular desktop environment like KDE Plasma Mobile or GNOME Shell. Featuring a 5-inch screen, Librem 5 is compatible with 2G, 3G, 4G, GSM, UMTS, and LTE mobile networks. Under the hood, it uses an i.MX 6 or i.MX 8 processor with separate baseband modem to offer you the protection you need in today's communication challenges, where you're being monitored by lots of government agencies.

An anonymous reader writes: Canonical engineer Dimitri John Ledkov announced on Wednesday that Ubuntu does not plan to offer 32-bit ISO installation images for its new OS version starting with the next release — Ubuntu 17.10 (Artful Aardvark) scheduled for release on October 19. The decision comes after month-long discussions on the dwindling market share of 32-bit architectures. Ledkov made it clear that Canonical does not plan to stop support for 32-bit architectures. The Ubuntu team plans to continue to offer security updates and bug fixes, but they won't be offering new ISO images. Lubuntu and Xubuntu, which are Ubuntu offshoots created to run on older computers, will most likely continue to provide 32-bit ISO images, as this is their bread and butter. Manjaro, Tails, and Arch Linux announced similar decisions. Even Google dropped support for Chrome on 32-bit Linux platforms, way back in 2015, predicting the overall trend.

prisoninmate writes: As expected, the Linux 4.13 kernel series was made official this past weekend by none other than its creator, Linus Torvalds, which urges all Linux users to start migrating to this version as soon as possible. Work on Linux kernel 4.13 started in mid-July with the first Release Candidate (RC) milestone, which already gave us a glimpse of the new features coming to this major kernel branch. There are, of course, numerous improvements and support for new hardware through updated drivers and core components. Highlights of Linux kernel 4.13 include Intel's Cannon Lake and Coffee Lake CPUs, support for non-blocking buffered I/O operations to improve asynchronous I/O support, support for "lifetime hints" in the block layers and the virtual filesystem, AppArmor enhancements, and better power management. There's also AMD Raven Ridge support implemented in the AMDGPU graphics driver, which received numerous improvements, support for five-level page tables was added in the s390 architecture, and the structure randomization plugin was added as part of the build system.

prisoninmate shares a report from Softpedia: Today, July 20, 2017, is the last day when the Ubuntu 16.10 (Yakkety Yak) was supported by Canonical as the operating system now reached end of life, and it will no longer receive security and software updates. Dubbed by Canonical and Ubuntu founder Mark Shuttleworth as the Yakkety Yak, Ubuntu 16.10 was launched on October 13, 2016, and it was a short-lived release that only received nine (9) months of support through kernel updates, bug fixes, and security patches for various components. Starting today, you should no longer use Ubuntu 16.10 (Yakkety Yak) on your personal computer, even if it's up-to-date. Why? Because, in time, it will become vulnerable to all sort of attacks as Canonical won't provide security and kernel updates for this release. Therefore, all users are urged to upgrade to Ubuntu 17.04 (Zesty Zapus) immediately using the instructions here.

prisoninmate quotes Softpedia: After seven weeks of announcing release candidate versions, Linus Torvalds today informs the Linux community through a mailing list announcement about the general availability of the Linux 4.12 kernel series. Development on the Linux 4.12 kernel kicked off in mid-May with the first release candidate, and now, seven weeks later we can finally get our hands on the final release... A lot of great improvements, new hardware support, and new security features were added during all this time, which makes it one of the biggest releases, after Linux 4.9...

Prominent features of the Linux 4.12 kernel include initial support for AMD Radeon RX Vega graphics cards, intial Nvidia GeForce GTX 1000 "Pascal" accelerated support, implementation of Budget Fair Queueing (BFQ) and storage-I/O schedulers, more MD RAID enhancements, support for Raspberry Pi's Broadcom BCM2835 thermal driver, a lot of F2FS optimizations, as well as ioctl for the GETFSMAP space mapping ioctl for both XFS and EXT4 filesystems.
Linus said in announcing the release that "I think only 4.9 ends up having had more commits," also noting that 4.9 was a Long Term Support kernel, whereas "4.12 is just plain big."

"There's also nothing particularly odd going on in the tree - it's all just normal development, just more of it than usual."

prisoninmate writes: Development of the Linux 4.14 kernel series did not even start, as the version that's being developed these days is Linux 4.12, which should be promoted to stable early next month, but Softpedia reports that renowned Linux kernel maintainer Greg Kroah-Hartman announced earlier this morning that the upcoming Linux 4.14 kernel series will be an LTS (Long Term Support) branch. The developer promises to support the Linux 4.14 kernel series for at least two years after its release in November 2017, probably until November 2019.

prisoninmate quotes a report from Softpedia: Announced for the first time back in November 2014, Devuan is a Debian fork that doesn't use systemd as init system. It took more than two and a half years for it to reach 1.0 milestone, but the wait is now over and Devuan 1.0.0 stable release is here. Based on the packages and software repositories of the Debian GNU/Linux 8 "Jessie" operating system, Devuan 1.0.0 "Jessie" is now considered the first stable version of the GNU/Linux distribution, which stays true to its vision of developing a free Debian OS without systemd. This release is recommended for production use. As Devuan 1.0.0 doesn't ship with systemd, several adjustments needed to be made. For example, the distro uses a systemd-free version of the NetworkManager network connection manager and includes several extra libsystemd0-free packages in its repository.

prisoninmate quotes Softpedia: As it's not an LTS (Long Term Support) branch, the Linux 4.10 kernel series was doomed to reach end of life sooner or later, and it happened this weekend with the release of the Linux kernel 4.10.17 patch, which is a major one changing a total of 103 files, with 981 insertions and 538 deletions. Therefore, users are now urged to move to the Linux 4.11 kernel series. If you're using a GNU/Linux distribution powered by a kernel from the Linux 4.10 series you need to update to version 4.10.17 as soon as it makes its way into the stable repositories. However, please inform your OS vendor that they need to upgrade the kernel packages to the Linux 4.11 series immediately.

prisoninmate quotes Softpedia: The Debian Project announced today Debian GNU/Linux 8.8, the most advanced stable version of the Jessie series, which brings corrections for numerous packages and various security flaws discovered and patched since the release of the Debian GNU/Linux 8.7 maintenance update back in mid-January 2017... "This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available," reads today's announcement.

"Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old 'jessie' CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated."
Debian 8.8 contains more than 150 bug fixes and security updates.

prisoninmate quotes Softpedia: Linux kernel 4.11 has been in development for the past two months, since very early March, when the first Release Candidate arrived for public testing. Eight RCs later, we're now able to download and compile the final release of Linux 4.11 on our favorite GNU/Linux distributions and enjoy its new features. Prominent ones include scalable swapping for SSDs, a brand new perf ftrace tool, support for OPAL drives, support for the SMC-R (Shared Memory Communications-RDMA) protocol, journalling support for MD RAID5, all new statx() system call to replace stat(2), and persistent scrollback buffers for VGA consoles... The Linux 4.11 kernel also introduces initial support for Intel Gemini Lake chips, which is an Atom-based, low-cost computer processor family developed using Intel's 14-nanometer technology, and better power management for AMD Radeon GPUs when the AMDGPU open-source graphics driver is used.

schwit1 quotes a report from Softpedia: In the past two years since a formal complaint was made against Google, not much has changed in the way they handle this. Google still hasn't shed its "bad guy" clothes when it comes to the data it collects on underage students. In fact, the Electronic Frontier Foundation says the company continues to massively collect and store information on children without their consent or their parents'. Not even school administrators fully understand the extent of this operation, the EFF says. According to the latest status report from the EFF, Google is still up to no good, trying to eliminate students privacy without their parents notice or consent and "without a real choice to opt out." This, they say, is done via the Chromebooks Google is selling to schools across the United States.

prisoninmate quotes a report from Softpedia: GNOME 3.24 just finished its six-month development cycle, and it's now the most advanced stable version of the modern and popular desktop environment used by default in numerous GNU/Linux distributions. It was developed since October 2016 under the GNOME 3.23.x umbrella, during which it received numerous improvements. Prominent new features of the GNOME 3.24 desktop environment include a Night Light functionality that promises to automatically shift the colors of your display to the warmer end of the spectrum after sunset, and a brand-new GNOME Control Center with redesigned Users, Keyboard and Mouse, Online Accounts, Bluetooth, and Printer panels. As for the GNOME apps, we can mention that the Nautilus file manager now lets users browse files as root (system administrator), GNOME Photos imitates Darktable's exposure and blacks adjustment tool, GNOME Music comes with ownCloud integration and lets you edit tags, and GNOME Calendar finally brings the Week view. New apps like GNOME Recipes are also part of this release. The full release notes can be viewed here. Softpedia notes in conclusion: "As mentioned before, it will take at least a couple of weeks for the new GNOME 3.24 packages to land on the stable repositories of your favorite distro, which means that you'll most probably be able to upgrade from GNOME 3.22 when the first point release, GNOME 3.24.1, is out on April 12, 2017."

An anonymous reader quotes a report from BleepingComputer: The number of Dark web services has gone down significantly following the Freedom Hosting II hack that took place at the start of February, and only consists of around 4,400 services, according to a recently published OnionScan report. Previous research published in April 2016 by threat intelligence firm Deep Light had the total number of Dark Web services at around 30,000. Comparing the two numbers, the report shows a decrease of over 85% in the overall size of Dark Web in the last year alone. According to the recent OnionScan statistics, the Dark Web is laughably small, with around 4,000 HTTP websites, 250 TLS (HTTPS) endpoints, 100 SMTP services, and only 10 FTP nodes.

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.

"Linus Torvalds announced today the general availability of the Linux 4.10 kernel series, which add a great number of improvements, new security features, and support for the newest hardware components," writes Softpedia. prisoninmate quotes their report: Linux kernel 4.10 has been in development for the past seven weeks, during which it received a total of seven Release Candidate snapshots that implemented all the changes that you'll soon be able to enjoy on your favorite Linux-based operating system... Prominent new features include virtual GPU (Graphics Processing Unit) support, new "perf c2c" tool that can be used for analysis of cacheline contention on NUMA systems, support for the L2/L3 caches of Intel processors (Intel Cache Allocation Technology), eBPF hooks for cgroups, hybrid block polling, and better writeback management. A new "perf sched timehist" feature has been added in Linux kernel 4.10 to provide detailed history of task scheduling, and there's experimental writeback cache and FAILFAST support for MD RAID5... Ubuntu 17.04 (Zesty Zapus) could be the first stable OS to ship with Linux 4.10.
It required 13,000 commits, plus over 1,200 merges, Linus wrote in the announcement, adding "On the whole, 4.10 didn't end up as small as it initially looked."

prisoninmate quotes a report from Softpedia: A year ago, we told you that, after ten long years, the Debian Project finally found a way to switch their rebranded Iceweasel web browser back to Mozilla Firefox, both the ESR (Extended Support Release) and normal versions, but one question remained: what about the Mozilla Thunderbird email, news, and calendar client? Well, that question has an official answer today, as the Mozilla Thunderbird packages appear to have landed in the Debian repositories as a replacement for Icedove, the rebranded version that Debian Project was forced to use for more than ten years due to trademark issues. "Thunderbird is back in Debian! We also renamed other related packages to use official names, e.g. iceowl-extension -> lightning. For now, we need testers to catch existing issues and things we haven't seen until now," said Christoph Goehre in the mailing list announcement. You can find out how to migrate your Icedove profiles to Thunderbird via Softpedia's report.

prisoninmate quotes a report from Softpedia: A year ago, we told you that, after ten long years, the Debian Project finally found a way to switch their rebranded Iceweasel web browser back to Mozilla Firefox, both the ESR (Extended Support Release) and normal versions, but one question remained: what about the Mozilla Thunderbird email, news, and calendar client? Well, that question has an official answer today, as the Mozilla Thunderbird packages appear to have landed in the Debian repositories as a replacement for Icedove, the rebranded version that Debian Project was forced to use for more than ten years due to trademark issues. "Thunderbird is back in Debian! We also renamed other related packages to use official names, e.g. iceowl-extension -> lightning. For now, we need testers to catch existing issues and things we haven't seen until now," said Christoph Goehre in the mailing list announcement. You can find out how to migrate your Icedove profiles to Thunderbird via Softpedia's report.

prisoninmate quotes a report from Softpedia: Linux kernel 3.18.48 LTS is here and it's the last in the series, which was marked for a January 2017 extinction since mid-April last year. According to the appended shortlog, the new patch changes a total of 50 files, with 159 insertions and 351 deletions. It brings an updated networking stack with Bluetooth, Bridge, IPv4, IPv6, CAIF, and Netfilter improvements, a couple of x86 fixes, and a bunch of updated USB, SCSI, ATA, media, GPU, ATM, HID, MTD, SPI, and networking (Ethernet and Wireless) drivers. Of course, this being the last maintenance update in the series, you are urged to move to a newer LTS branch, such as Linux kernel 4.9 or 4.4, which are far more secure and efficient than Linux 3.18 was. But Linux 3.18 appears to be used by Google and other vendors on a bunch of Android-powered devices, and even some Chromebooks use Linux kernel 3.18 on Chrome OS, so here's what the kernel developer suggests you do if you can't upgrade. "If you are _stuck_ on 3.18 (/me eyes his new phone), well, I might have a plan for you, that first involves you yelling very loudly at your hardware vendor and refusing to buy from them again unless they cut this crap out. After you properly vent to them, drop me an email and let's see what we can come up with, you aren't in this sinking ship alone, and it's obvious your vendor isn't going to help out," said Greg Kroah-Hartman in the mailing list announcement.

Google Brain has created new software that can create detailed images from tiny, pixelated images. If you've ever tried zooming in on an image, you know that it generally becomes more blurry. You'd just get larger pixels and not a clear image. Google's new software effectively extracts details from a few source pixels to enhance pixelated images. Softpedia reports: For instance, Google Brain presented some 8x8 pixel images which it then turned into some pretty clear photos where you can actually tell facial features apart. What is this sorcery, you ask? Well, it's Google combining two neural networks. The first one, the conditioning network, works to map the 8x8 pixel source image against other high-resolution images. Basically, it downsizes other high-res images to the same 8x8 size and tries to make a match on the features. Then, the second network comes into play, called the prior network. This one uses an implementation of PixelCNN to add realistic, high-res details to that 8x8 source image. If the networks know that one particular pixel could be an eye, when you zoom in, you'll see the shape of an eye there. Or an eyebrow, or a mouth, for instance. The technology was put to the test and it was quite successful against humans. Human observers were shown a high-resolution celebrity face vs. the upscaled image resulted from Google Brain. Ten percent of the time, they were fooled. When it comes to the bedroom images used by Google for the testing, 28 percent of humans were fooled by the computed image.

KDE has announced the release and general availability of the KDE Plasma 5.9 desktop environment for GNU/Linux operating systems. While it only took a few months to develop and isn't a long-term supported (LTS) version like KDE Plasma 5.8, the update does have several new features and improving Wayland support. Softpedia reports: Probably the most important one, which will make many KDE users upgrade from KDE Plasma 5.8 LTS or previous versions, is the return of Global Menus, a feature that was available in the KDE 4 series of the desktop environment. Only now, after numerous requests from users, did the KDE developers manage to implement Global Menus again in KDE Plasma 5.9. Quite a multitude of improvements have landed in the KDE Plasma 5.9 desktop environment for those who use the next-generation Wayland display server. These include the ability to take screenshots, support for using the color picker, implementation of borderless maximized windows for full-screen support, and support for dragging apps by clicking on an empty area of the user interface using the Breeze style. KDE Plasma Wayland support allows users to set color schemes for windows, which may come in handy for accessibility, implements auto-hide support for panels, and properly displays the window icon on the panel when using X11 apps. Moreover, there's now a new settings tool for configuring touchpads, which you can see in action in the second video attached below. Wayland users can also set up gestures and relative motions. KDE Plasma 5.9 also adds several cool new tools that promise to enhance your productivity. For example, you'll be able to drag a screenshot taken with the Spectacle utility from the notification pop-up straight into a web browser form, chat window, or email composer. There's also a brand-new drag and drop functionality that lets you add widgets directly to the system tray area, and it's now possible to add widgets directly from the full-screen Application Dashboard launcher. KRunner actions like "Open containing folder" and "Run in Terminal" are now displayed in the application launchers for search results powered by KRunner, of course, and there's now a new applet that lets users group multiple widgets together in a single one. You can read the announcement and download KDE Plasma 5.9 via their website.

An anonymous reader quotes a report from Softpedia: It's finally here! After so many months of development and hard work, during which over 6,600 bugs have been patched, the Wine project is happy to announce today, January 24, 2017, the general availability of Wine 2.0. Wine 2.0 is the biggest and most complete version of the open-source software project that allows Linux and macOS users to run applications and games designed only for Microsoft Windows operating systems. As expected, it's a massive release that includes dozens of improvements and new features, starting with support for Microsoft Office 2013 and 64-bit application support on macOS. Highlights of Wine 2.0 include the implementation of more DirectWrite features, such as drawing of underlines, font fallback support, and improvements to font metrics resolution, font embedding in PDF files, Unicode 9.0.0 support, Retina rendering mode for the macOS graphics driver, and support for gradients in GDI enhanced metafiles. Additional Shader Model 4 and 5 shader instructions have been added to Direct3D 10 and Direct3D 11 implementation, along with support for more graphics cards, support for Direct3D 11 feature levels, full support for the D3DX (Direct3D Extension) 9 effect framework, as well as support for the GStreamer 1.0 multimedia framework. The Gecko engine was updated to Firefox 47, IDN name resolutions are now supported out-of-the-box, and Wine can correctly handle long URLs. The included Mono engine now offers 64-bit support, as well as the debug registers. Other than that, the winebrowser, winhlp32, wineconsole, and reg components received improvements. You can read the full list of features and download Wine 2.0 from WineHQ's websiteS.

The first day of 2017 starts off for Linux users with the release of the second RC (Release Candidate) development version of the upcoming Linux 4.10 kernel, as announced by Linus Torvalds himself. From a report on Softpedia: As expected, Linux kernel 4.10 entered development two weeks after the release of Linux kernel 4.9, on Christmas Day (December 25, 2016), but don't expect to see any major improvements or any other exciting things in RC2, which comes one week after the release of the first RC, because most of the developers were busy partying. With a total of 26 changes, Linux kernel 4.10 Release Candidate 2 is extremely small for an RC build, but Linus Torvalds decided not to skip it and interrupt the development cycle of Linux 4.10 just because of the Christmas and New Year's holidays. "It's been a really slow week between Christmas Day and New Years Day, and I am not complaining at all. It does mean that RC2 is ridiculously and unrealistically small," said Linus Torvalds in the mailing list announcement. "I almost decided to skip RC2 entirely, but a small little meaningless release every once in a while never hurt anybody."

An anonymous reader quotes Tech Times: Pixel owners have so far reported on camera issues, audio issues, LTE band 4 connectivity problems and others, but the random freezing remains among the most persistent ones. While most previous issues have already received a fix, users have been complaining about the Google Pixel or Pixel XL randomly freezing since November and it seems Google has yet to get to the bottom of this. The official Pixel User Community forum has a long thread on the matter and the discussion started a good while back [in early November]...

[U]sers reporting on the Pixel Community Forum run different apps and they haven't found a common denominator just yet, and some don't have any third-party apps at all, further suggesting that the issue might not be caused by a third-party app. On the other hand, some Pixel owners got rid of this issue by uninstalling a third-party app called Live360 Family Locator, but others didn't even have the app installed and still experienced the issues.
Despite the problems, "most Pixel owners thus far have been quite pleased with their device," notes BGR -- though Softpedia also reports on some users complaining about "static and distorted sounds when at the three highest volume levels."

It's no secret that Microsoft has been aggressively pushing Windows 10 to users. Over the past year and a half, we have seen users complain about Windows 10 automatically getting downloaded to their computer, and in some cases, getting installed on its own as well. The automatic download irked many users who were on limited or slow data plans, or didn't want to spend gigabytes of data on Windows 10. A company executive has admitted for the first time that they may have went overboard with Windows 10 updates. From a report on Softpedia: Chris Capossela, Chief Marketing Officer at Microsoft, said in the latest edition of the Windows Weekly that this was the moment when the company indeed went too far, pointing out that the two weeks between the moment when users started complaining about the unexpected behavior and the one when a patch was released were "very painful." "We know we want people to be running Windows 10 from a security perspective, but finding the right balance where you're not stepping over the line of being too aggressive is something we tried and for a lot of the year I think we got it right, but there was one particular moment in particular where, you know, the red X in the dialog box which typically means you cancel didn't mean cancel," he said. "And within a couple of hours of that hitting the world, with the listening systems we have we knew that we had gone too far and then, of course, it takes some time to roll out the update that changes that behavior. And those two weeks were pretty painful and clearly a lowlight for us. We learned a lot from it obviously."

Microsoft is pushing hard for Windows 10 to become the operating system of choice for everyone across the world, but this isn't happening just yet, as Windows 7 keeps dominating the desktop market. From a report on Softpedia: The Firefox Hardware Report published recently by Mozilla shows that Windows 7 is the number one browser for users running the company's browser, with a share of 44.86 percent, followed by Windows 10 with 25.67 percent. Seeing Windows 7 dominating the desktop OS charts is not surprising, but on the other hand, it's living proof that Microsoft will really have a hard time moving users to Windows 10 before 2020 when it reaches end of support. Microsoft's Windows 10, however, already improved substantially since its launch in 2015, mostly thanks to the free upgrade offer targeting Windows 7 and 8.1 users, but this still isn't enough to become the number one choice for PC users.

New submitter drunkdrone quotes a report from International Business Times: Samsung is reported to be equipping its upcoming Galaxy S8 flagship with all manner of technical marvels in its attempt to erase the Note 7 catastrophe from memory. However, Google may throw a wrench into the works by potentially prohibiting Samsung from imbuing the phone with one of its most compelling features (Warning: source may be paywalled; alternate source) -- its AI personal assistant. Reports have suggested that Samsung planned to load the Galaxy S8 with Viv, a smartphone-based digital assistant similar to Apple's Siri and Google Assistant. Because of an ongoing non-compete pact between Samsung and Google, however, Samsung may be forced to exclude Viv from its upcoming flagship as would challenge Google's digital helper. The report adds: "According to Recode, the restriction forms part of a patent-sharing agreement Samsung signed with Google in 2014. While the pact will allow the two companies to put up a stronger, united front against Apple, it may hinder Samsung's ambitions for independence and its attempts to differentiate itself from the wider Android crowd."

"As expected, today, December 11, 2016, Linus Torvalds unleashed the final release of the highly anticipated Linux 4.9 kernel," reports Softpedia. prisoninmate shares their article: Linux kernel 4.9 entered development in mid-October, on the 15th, when Linus Torvalds decided to cut the merge window short by a day just to keep people on their toes, but also to prevent them from sending last-minute pull requests that might cause issues like it happened with the release of Linux kernel 4.8, which landed just two weeks before first RC of Linux 4.9 hit the streets... There are many great new features implemented in Linux kernel 4.9, but by far the most exciting one is the experimental support for older AMD Radeon graphics cards from the Southern Islands/GCN 1.0 family, which was injected to the open-source AMDGPU graphics driver...

There are also various interesting improvements for modern AMD Radeon GPUs, such as virtual display support and better reset support, both of which are implemented in the AMDGPU driver. For Intel GPU users, there's DMA-BUF implicit fencing, and some Intel Atom processors got a P-State performance boost. Intel Skylake improvements are also present in Linux kernel 4.9.
There's also dynamic thread-tracing, according to Linux Today. (And hopefully they fixed the "buggy crap" that made it into Linux 4.8.) LWN.net calls this "by far the busiest cycle in the history of the kernel project."

An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.

An anonymous reader shares a Softpedia article: Microsoft has finally acknowledged the potential that the open-source world in general, and Linux in particular, boasts, so the company is exploring its options to expand in this area with every occasion. Most recently, an episode posted on Channel 9 and entitled "Improvements to Bash on Windows and the Windows Console" with senior program manager Rich Turner calls for Linux developers to give up on their platforms for Windows 10. "Fire up a Windows 10 Insiders' build instance and run your code, run your tools, host your website on Apache, access your MySQL database from your Java code," he explained. Turner went on to point out that the Windows subsystem for Linux is there to provide developers with all the necessary tools to code just like they'd do it on Linux, all without losing the advantages of Windows 10. "Whatever it is that you normally do on Linux to build an application: whether it's in Go, in Erlang, in C, whatever you use, please, give it a try on Bash WSL, and importantly file bugs on us. It really makes our life a lot easier and helps us build a product that we can all use and be far more productive with, he continued. Editor's note: The original title from Softpedia was edited because it was misleading. A Microsoft employee doesn't represent the entire company (at least in this instant he wasn't speaking for the company), and at no point has he asked "all Linux developers" to "give up" on Linux.

Bogdan Popa, writing for Softpedia:The latest Windows 10 insider build brings a change that puts the Windows PowerShell in the spotlight, as it replaces the super-popular Command Prompt in some essential parts of the operating system. Command Prompt has been around for as long as we can remember, but starting with Windows 10 build 14971, Microsoft is trying to make PowerShell the main command shell in the operating system. As a result, PowerShell officially replaces the Command Prompt in the Win + X menu, so when you right-click the Start menu, you'll only be allowed to launch the more powerful app. Additionally, in File Explorer's File menu and in the context menu that appears when pressing Shift + right-click in any folder, the old Command Prompt will no longer be available. Typing cmd in the run dialog will launch PowerShell as well, so Microsoft has made a significant step towards phasing out the traditional Command Prompt.

Mozilla has begun seeding the binary and source packages of the final release of Firefox 50 web browser on all supported platforms, including GNU/Linux and macOS. From a report on Softpedia: We have to admit that we expected to see some major features and improvements, but that hasn't happened. The biggest new feature of the Firefox 50.0 release appears to be emoji for everyone. That's right, the web browser now ships with built-in emoji for GNU/Linux distributions, as well as other operating systems that don't include native emoji fonts by default, such as Windows 8.0 and previous versions. Also new, Firefox 50.0 now shows lock icon strikethrough for web pages that offer insecure password fields. Another interesting change that landed in the Mozilla Firefox 50.0 web browser is the ability to cycle through tabs in recently used order using the Ctrl+Tab keyboard shortcut. Moreover, it's now possible to search for whole words only using the "Find in page" feature. Last but not the least, printing was improved as well by using the Reader Mode, which now uses the accel-(opt/alt)-r keyboard shortcut, the Guarana (gn) locale is now supported, the rendering of dotted and dashed borders with rounded corners (border-radius) has been fixed as well.

prisoninmate writes from a report via Softpedia: After two successful major releases, budgie-remix has finally been accepted as an official Ubuntu flavor, earlier today during a meeting where four Canonical technicians voted positive. As such, we're extremely happy to inform our readers that the new Ubuntu flavor is called Ubuntu Budgie. In April this year, when budgie-remix hit the road towards its first major release, versioned 16.04, we reported that David Mohammed was kind enough to inform Softpedia about the fact that he got in touch with Ubuntu MATE leader Martin Wimpress, who urged the developer to target Ubuntu 16.10 for an official status. budgie-remix 16.10 arrived as well this fall shortly after the release of Ubuntu 16.10 (Yakkety Yak), and the dream of becoming an official Ubuntu flavor is now a reality. Re-branding of the official website and the entire distribution is ongoing. "We now move full steam ahead and look forward to working with the Ubuntu Develop Membership Board to examine and work through the technical aspects [...] 17.04 will be our first official release under the new name," said David Mohammed in the announcement.

"World chess champion Magnus Carlsen has asked Microsoft to protect him against Russian hackers, as he expects to become the target of cyber attacks launched before the match with grandmaster Sergey Karjakin next week," reports Softpedia. An anonymous reader shares more details from The Telegraph: The man dubbed the 'Mozart of chess' has spent months using high-powered chess computers to meticulously prepare moves for his grueling 12-game match against challenger Sergey Karjakin. But any leak of his analysis would hand a significant advantage to Crimean-born Karjakin, the fiercely-patriotic darling of Russian president Vladimir Putin... "The element of surprise is vitally important in chess," explained the Vibeke Hansen, from Microsoft Norway... She said Microsoft Norway will "ensure that he has a safe training environment and secure communication and collaboration tools".

"Mythbuntu as a separate distribution will cease to exist. We will take the necessary steps to pull Mythbuntu specific packages from the repositories unless someone steps up to take these packages over," read Friday's announcement. prisoninmate writes: Mythbuntu was an operating system based on the widely-used Ubuntu Linux distro and built around the MythTV free and open source digital video recorder (DVR) project... The Mythbuntu team recommends users who want to use Mythbuntu to install the latest release of the Xubuntu Linux operating system and then add the Mythbuntu PPA (Personal Package Archive), which will continue to provide the latest MythTV releases and other related packages...

The first release of the OS was back when Ubuntu 7.10 (Gutsy Gibbon) was announced, and the last one was Mythbuntu 16.04.1 LTS (Xenial Xerus). From this point...there will be no new ISO images anymore. Also, the mythbuntu-desktop and Mythbuntu-Control-Centre packages are now discontinued and won't be available from the Ubuntu repositories anymore. However, users will still be able to install the MythTV software and configure it as they see fit.

"Mythbuntu as a separate distribution will cease to exist. We will take the necessary steps to pull Mythbuntu specific packages from the repositories unless someone steps up to take these packages over," read Friday's announcement. prisoninmate writes: Mythbuntu was an operating system based on the widely-used Ubuntu Linux distro and built around the MythTV free and open source digital video recorder (DVR) project... The Mythbuntu team recommends users who want to use Mythbuntu to install the latest release of the Xubuntu Linux operating system and then add the Mythbuntu PPA (Personal Package Archive), which will continue to provide the latest MythTV releases and other related packages...

The first release of the OS was back when Ubuntu 7.10 (Gutsy Gibbon) was announced, and the last one was Mythbuntu 16.04.1 LTS (Xenial Xerus). From this point...there will be no new ISO images anymore. Also, the mythbuntu-desktop and Mythbuntu-Control-Centre packages are now discontinued and won't be available from the Ubuntu repositories anymore. However, users will still be able to install the MythTV software and configure it as they see fit.

An anonymous reader writes: "After spending six months in development, the NetBSD 7.0.2 release is now available for those running NetBSD 7.0 or NetBSD 7.0.1," reports Softpedia, "but also for those who are still using an older version of the BSD-based operating system and haven't managed to upgrade their systems, bringing them a collection of security patches and recent software updates." Release engineer Soren Jacobsen wrote that "It represents a selected subset of fixes deemed important for security or stability reasons. If you are running an earlier release of NetBSD, we strongly suggest updating to 7.0.2."

The security fixes eliminate a race condition in mail.local(8), and also update OpenSSL, ntp and BIND. In addition, "there are various MIPS pmap improvements, a patch for an NFS (Network File System) crash, as well as a crash that occurred when attempting to mount an FSS snapshot as read and write. NetBSD 7.0.2 also fixes an issue with the UFS1 file system when it was created outside the operating system." Download NetBSD 7.0.2 at one of these mirror sites.

A Phoenix teenager mistakenly tweeted a link to JavaScript exploit which forced iOS devices to automatically dial and re-dial 911. An anonymous reader quotes Softpedia: The teenager created several weaponized versions of this bug which would constantly dial a phone number, or show annoying popups. The teenager says he wanted to prank his friends, thinking it would be "funny," but when he shared the weaponized link online, he shared a version that instead of showing annoying popups, redialed a phone number, which in this case was 911.
In September researchers calculated just 6,000 smartphones can take down an entire state's 911 system, while more than 1,849 people clicked on this link, according to the article. Sheriff Joe Arpaio's office searched the teenager's home -- "several items were seized" -- and they've charged him with three felony counts for computer tampering.

An anonymous reader writes: Mozilla is currently working on a new browser engine called Quantum, which will take parts from the Servo project and create a new core for the Firefox browser. The new engine will replace the aging Gecko, Firefox' current engine. Mozilla hopes to finish the transition to Quantum (as in Quantum Leap) by the end of 2017. The first versions of Quantum will heavily rely on components from Servo, a browser engine that Mozilla has been sponsoring for the past years, and which shipped its first alpha version this June. In the upcoming year, Mozilla will slowly merge Gecko and Servo components with each new release, slowly removing Gecko's ancient code, and leaving Quantum's engine in place.

An anonymous reader writes from a report via Softpedia: Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack. The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips. In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There's an app to test if your phone is vulnerable to this attack. "Rowhammer is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access," according to Wikipedia. "This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times."

An anonymous reader writes from a report via Softpedia: Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack. The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips. In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There's an app to test if your phone is vulnerable to this attack. "Rowhammer is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access," according to Wikipedia. "This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times."

prisoninmate writes: The Linux 4.7 kernel branch officially reached end of life, and it has already been marked as EOL on the kernel.org website, which means that the Linux kernel 4.7.10 maintenance update is the last one that will be released for this branch. It also means that you need to either update your system to the Linux 4.7.10 kernel release or move to a more recent kernel branch, such as Linux 4.8. In related news, Linux kernel 4.8.4 is now the latest stable and most advanced kernel version, which is already available for users of the Solus and Arch Linux operating systems, and it's coming soon to other GNU/Linux distributions powered by a kernel from the Linux 4.8 series. Users are urged to update their systems as soon as possible.