Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
HP

HP To Issue 'Optional Firmware Update' Allowing 3rd-Party Ink (arstechnica.com) 75

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.
Security

Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe (arstechnica.com) 163

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.
Android

Google Play Starts Bringing Android Apps To Chromebooks (venturebeat.com) 14

An anonymous reader quotes a report from VentureBeat: As promised, Google has finally brought the Google Play store to Chrome OS. Android apps, Android games, and media content from the store are all now finally available on Chromebooks running the latest stable build. But that still doesn't mean all Chromebook owners can use the store. This continues to be a gradual rollout -- even on the stable channel, Google is limiting the launch in multiple ways. "A beta release of the Play store is available to users now on the Acer R11 and Asus Flip (and coming soon to Pixel 2015) and can be enabled from the Settings page," a Google spokesperson told VentureBeat. "The team is hard at work making the experience great for users before making the Play Store available by default on these Chromebooks." That's right -- even though we're still talking about just three devices, the Play store is disabled by default. Once you've updated to version 53.0.2785.129 (make sure to switch back to the stable channel if you aren't already on it), you'll have to enable the Play Store in Chrome Settings.
Hardware Hacking

Ask Slashdot: How Do You Build Your Own Vacuum Tubes? 272

Could you beat wireless headphones by creating your own DIY home audio system? Two weeks ago one Slashdot commenter argued, "to have good audio that is truly yours and something to be proud of, you need to make your own vacuum tube amplifier and then use it to power real electrostatic headphones over a wire." And now long-time Slashdot reader mallyn is stepping up to the challenge: I want to try to make my own vacuum tubes. Is there anyone here who has tried DIY vacuum tubes (or valves, to you Europeans)? I need help getting started -- how to put together the vacuum plumbing system; how to make a glass lathe; what metals to use for the elements (grid, plate, etc). If this is not the correct forum, can anyone please gently shove me into the correct direction? It needs to be online as my physical location (Bellingham, Washington) is too far away from the university labs where this type of work is likely to be done.
Slashdot's covered the "tubes vs. transistors" debate before, but has anyone actually tried to homebrew their own? Leave your best answers in the comments. How do you build your own vacuum tubes?
HP

HP Builds One Desktop PC Around a Speaker, Another Modular PC In Slices (arstechnica.com) 78

An anonymous reader writes from a report via Ars Technica: HP has announced today two new desktop PCs: HP Elite Slice and Pavilion Wave. The HP Elite Slice is a modular machine, with USB Type-C for power and I/O. The base unit contains all the core guts of the PC -- up to a 35W Core i7-6700T processor, up to 32GB of RAM, up to 512GB NVMe storage, gigabit Ethernet, 802.11ac Wi-Fi and several ports. The top cover of the main unit is modular, while the bottom of the unit contains a special connector that can allow for additional modules to be stacked. HP has an audio module that includes speakers and a microphone array, and an optical drive module. It should be available later this month, starting at $699. The Pavilion Wave on the other hand combines a PC and a speaker in a 10.3 inch tall triangular box. As for specs, it features a 35W processor, up to an i7 processor, up to 16GB RAM, with up to 1TB SSD or 2TB HDD. An AMD R9 M470 is optional. In addition to the speaker, the Wave features a microphone array for Cortana support.
Java

Slashdot Asks: What Are Your Favorite Java 8 Features? (infoworld.com) 427

New submitter liveedu shares with us a report from InfoWorld: When Java 8 was released two years ago, the community graciously accepted it, seeing it as a huge step toward making Java better. Its unique selling point is the attention paid to every aspect of the programming language, including JVM (Java Virtual Machine), the compiler, and other help-system improvements. Java is one of the most searched programming languages according to TIOBE index for July 2016, where Java ranks number one. Its popularity is also seen on LiveCoding, a social live coding platform for engineers around the world, where hundreds and thousands of Java projects are broadcasted live. InfoWorld highlights five Java 8 features for developers in their report: lambda expressions, JavaScript Nashorn, date/time APIs, Stream API and concurrent accumulators. But those features only scratch the surface. What makes Java 8 amazing in your opinion? What are your favorite Java 8 features that help you write high quality code? You can view the entire list of changes made to the programming language here.
Robotics

Intel Demos A New Robotics Controller Running Ubuntu (hackerboards.com) 21

Intel demoed their new robotics compute module this week. Scheduled for release in 2017, it's equipped with various sensors, including a depth-sensing camera, and it runs Ubuntu on a quad-core Atom. Slashdot reader DeviceGuru writes: Designed for researchers, makers, and robotics developers, the device is a self contained, candy-bar sized compute module ready to pop into a robot. It's augmented with a WiFi hotspot, Bluetooth, GPS, and IR, as well as proximity, motion, barometric pressure sensors. There's also a snap-on battery.

The device is preinstalled with Ubuntu 14.04 with Robot Operating System (ROS) Indigo, and can act as a supervisory processor to, say, an Arduino subsystem that controls a robot's low-level functions. Intel demoed a Euclid driven robot running an obstacle avoidance and follow-me tasks, including during CEO Brian Krzanich's keynote (YouTube video).

Intel says they'll also release instructions on how to create an accompanying robot with a 3D printer. This plug-and-play robotics module is a proof-of-concept device -- the article includes some nice pictures -- but it already supports programming in Node.js (and other high-level languages), and has a web UI that lets you monitor performance in real-time and watch the raw camera feeds.
Programming

The $5 Onion Omega2 Gives Raspberry Pi a Run For Its Money (dailydot.com) 124

An anonymous reader writes from a report via The Daily Dot: Onion's Omega2 computer may give the Raspberry Pi a run for its money if the success of the Kickstarter campaign is any indication. The Daily Dot reports: "With an initial goal of just $15,000, over 11,560 backers have pledged the company $446,792 in hopes of getting their hands on this little wonder board. So why are thousands of people losing their minds? Simple; the Omega2 packs a ton of power into a $5 package. Billed as the world's smallest Linux server, complete with built-in Wi-Fi, the Omega2 is perfect for building simple computers or the web connected project of your dreams. The tiny machine is roughly the size of a cherry, before expansions, and runs a full Linux operating system. For $5 you get a 580MHz CPU, 64MB memory, 16MB storage, built-in Wi-Fi and a USB 2.0 port. A $9 model is also available with 128MB of memory, 32MB of storage, and a MircoSD slot. The similarly priced Raspberry Pi Zero comes with a 1GHz Arm processor, 512MB of memory, a MicroSD slot, no onboard storage, and no built-in Wi-Fi. Omega2 supports the Ruby, C++, Python, PHP, Perl, JavaScript (Node.js), and Bash programming languages, so no matter your background in coding you should be able to figure something out." You can also add Bluetooth, GPS, and 2G/3G support via add-ons or expansions. It looks promising, though it is a Kickstarter campaign and the product may not come into fruition.
Security

Windows UAC Bypass Permits Code Execution (threatpost.com) 79

msm1267 writes from a report via Threatpost: A Windows UAC bypass has been publicly disclosed that not only bypasses the security feature meant to prevent unauthorized installs, but can be used to run code on compromised machines without leaving a trace on the hard disk. The bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Researcher Matt Nelson said he figured out a way to use eventvwr to hijack a registry process, start Powershell and execute commands on Windows machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7 and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC. An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve the administrative action via the UAC pop-up. Microsoft, the researcher said, does not consider UAC bypasses a security boundary worthy of a bulletin and patch. It's unclear how Microsoft will address this issue.
Chrome

Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) 68

Google announced in a blog post today that Chrome will officially start to "de-emphasize Flash in favor of HTML5." VentureBeat reports: "In September 2016, Chrome will block Flash content that loads behind the scenes, which the company estimates accounts for more than 90 percent of the Flash on the web. In December, Chrome will make HTML5 the default experience for central content, such as games and videos, except on sites that only support Flash." Google detailed next month's plan (design doc), when Chrome 53 will be released: "In September 2015, we made 'Detect and run important plugin content' the default plugin setting in Chrome, automatically pausing any cross-origin plugin content smaller than 400px in width or 300px in height. This behavior has an exception for any plugin content that is 5x5 or smaller or is an undefined size, because there was no canonical way of detecting viewability until Intersection Observer was standardized and implemented. We would now like to remove this exception and instead not load tiny, cross-origin content. If the user has their plugin setting set to the default of 'Detect and run important plugin content,' the browser will not instantiate cross-origin plugin content that is roughly 5x5 or smaller or has an undefined size. An icon will be displayed in the URL bar indicating that plugin content is not running, allowing the user to reload the page with plugin content running or open settings to add a site-wide exception. Other choices of the plugin content setting are unaffected by this launch."
Microsoft

Microsoft To Release Two Major Windows 10 Updates Next Year (arstechnica.com) 150

An anonymous reader quotes a report from Ars Technica: With the Windows 10 Anniversary Update, aka Windows 10 version 1607, released earlier this week, it's time to look forward to what's next. Windows 10 has multiple release tracks to address the needs of its various customer types. The mainstream consumer release, the one that received the Anniversary Update on Tuesday, is dubbed the Current Branch (CB). The Current Branch for Business (CBB) trails the CB by several months, giving it greater time to bed in and receive another few rounds of bug fixing. Currently the CBB is using last year's November Update, version 1511. In about four months, Microsoft plans to bump CBB up to version 1607, putting both CB and CBB on the same major version. [The Long Term Servicing Branch, an Enterprise-only version that will receive security and critical issue support for 10 years, will also be updated.] Going forward, however, the differences between both current branch variants (CB and CBB) and LTSB will become more marked. Microsoft is not planning another major update this year. There will be no equivalent to last year's 1511 release, but Microsoft will have two next year. These are believed to be codenamed Redstone 2 (rs2) and Redstone 3 (rs3), with this week's 1607 release being Redstone 1 (rs1). Current expectation is that rs2 will have a heavy mobile focus and be shipped simultaneously with new Surface branded hardware.
Books

CP/M Creator Gary Kildall's Memoirs Released As Free Download (ieee.org) 157

An anonymous reader writes from IEEE Spectrum: The year before his death in 1994, Gary Kildall -- inventor of the early microcomputer operating system CP/M -- wrote a draft of a memoir, "Computer Connections: People, Places, and Events in the Evolution of the Personal Computer Industry." He distributed copies to family and friends, but died before realizing his plans to release it as a book. This week, the Computer History Museum in Mountain View, with the permission of Kildall's children, released the first section and it is available for a free download. The rest of it, which they say did not reflect his true self, will not be made public.
Operating Systems

LibreOffice 5.2 Officially Released (softpedia.com) 103

prisoninmate writes from a report via Softpedia: LibreOffice 5.2 is finally here, after it has been in development for the past four months, during which the development team behind one of the best free office suites have managed to implement dozens of new features and improvements to most of the application's components. Key features include more UI refinements to make it flexible for anyone, standards-based document classification, forecasting functions in Calc, the spreadsheet editor, as well as lots of Writer and Impress enhancements. A series of videos are provided to see what landed in the LibreOffice 5.2 office suite, which is now available for download for GNU/Linux, Mac OS X, and Microsoft Windows operating systems.
Microsoft

Microsoft's HoloLens Is Now On Sale To Anyone In The US Or Canada (computerworld.com) 53

Microsoft is now selling its augmented reality headset dubbed HoloLens to anyone in the United States or Canada for $3,000 a pop. Computerworld reports: Until now, HoloLens was available only to developers and companies through Microsoft sales reps, but starting Tuesday, anyone in the U.S. or Canada can buy up to five headsets online through the Microsoft Store. There was no word about availability in other countries. The HoloLens now on sale is the same developer edition that has been offered to Microsoft partners, and buyers are asked to acknowledge before completing purchase that they understand it's not a finished product intended for consumers. Microsoft also asks buyers to agree not to resell the product and acknowledge that no refunds are available. The move should expand the community of developers working to build apps and other content for the headset before a consumer version is officially available.
Hardware Hacking

FCC Requires TP-Link To Support Open Source Router Firmware 52

An anonymous reader writes: Earlier today, the FCC reached a settlement with TP-Link over Wi-Fi router interference. Most of the agreement was routine, addressing compliance with radio emission rules.

But the FCC also did something unprecedented. It required TP-Link to support open source firmware on its routers. You might recall that, last year, the FCC caused a ruckus when it mistakenly suggested it was banning open source router firmware. In fact, the FCC only required that router vendors implement protections for specific radio emission parameters. But the FCC didn't work with router vendors in advance to maintain open source compatibility, resulting in certain vendors (including TP-Link) trying to lock down their routers.

The FCC eventually issued a clarification, but the damage was done. Only recently have a couple router vendors (Linksys and Asus) affirmed that they will continue to support open source firmware.

Today's settlement is a milestone for the FCC. The agency is finally doing something, with deeds and not just words, to demonstrate its support for the open source community. It would be better if the agency hadn't created this mess, but they deserve serious credit for working so hard to fix it.

Slashdot Top Deals