An anonymous reader writes: Microsoft has just patched a vulnerability that affects all Windows versions ever released. Called BadTunnel, the security flaw allows attackers to pass as a WAPD or ISATAP server and intercept all network traffic. Exploitation is trivial and firewalls are natively designed to open the port through which the attack is carried out. BadTunnel can be triggered whenever the user clicks URI or UNC links/paths in Office files, IE, Edge, or other applications that support the URI/VNC scheme (and most do). Additionally, an attacker can carry out his attack from the other side of the world, and does not need to have a foothold on the victim's network. While recent Windows OS versions received patches, exploitation points remain open for non-supported Windows operating systems such as XP, Windows Server 2003, and others. For these operating systems, and for those that can't be updated just yet, system administrators should disable NetBIOS.

An anonymous reader writes from a report via The Verge: The biggest manufacturer of the Raspberry Pi minicomputer, Premier Farnell, has been acquired by Swiss industrial component supplier Daetwyler Holding AG for roughly $871 million. According to Bloomberg, the deal will reportedly help both companies compete better in the components market. "By combining forces, we significantly increase our competitiveness and extend our product range," Daetwyler Chairman Ulrich said in a statement, "facilitating a one-stop shopping experience for our wide range of customers from a multitude of industries." Premier Farnell is one of the only companies with a license to design and distribute Raspberry Pis. The Wall Street Journal says the Raspberry Pi devices are a big part of the company's business, as the division in charge of the Pi raked in 16 percent of the company's total revenue last year.

An anonymous reader writes from a report via GameSpot: At E3 2016, AMD has announced the Radeon RX 470 and RX 460. They will join the RX 480 in the company's Polaris family. Both GPUs will be VR-capable, whereas the RX 480 is made for 1440p gaming. AMD says the RX 470 will focus on delivering a "refined, power-efficient HD gaming" experience, and that the RX 460 will offer a "cool and efficient solution for the ultimate e-sports gaming experience." The RX 480 will be priced starting at $200 for the 4GB variant, with the other two cards most likely priced lower. The company did also announce that the chips are extremely thin, offering a very low Z-height, and will fit into thin and light gaming notebooks. They support a wide variety of features that include DX12, HDR, HDMI 2.0b, DisplayPort 1.3/1.4, and H.265 encoding/decoding. AMD claims the RX 480 card outperforms $500 graphics cards in VR. The RX 470 and RX 460 have yet to have official release dates. However, the RX 480 is scheduled to launch on June 29. In April, AMD announced a plan to license the design of its top-of-the-line server processor to a newly formed Chinese company, creating a brand-new rival for Intel.

Dave Knott writes from a report via Popular Science: Popular Science has an article detailing Campus 2, Apple's upcoming headquarters, including a video with a tour of the complex which is still under construction. The Spaceship, as many have nicknamed it, is over one mile in circumference and when it is completed later this year it will house 13,000 employees. Its exterior will largely be composed of thousands of huge curved glass planes; the floors and ceilings will be constructed from hollow concrete slabs that allow the building to "breathe," bolstering its eco-friendly qualities. Campus 2 will run entirely on renewable energy, with rooftop solar panels providing an output of 16 megawatts of power and acting as the campus's primary energy supplier. Upon completion, the main building will have four stories above ground and three below, with numerous other facilities including seven cafes, a fitness center and a 120,000 square-foot theater where Apple will hold its famous product announcements. Construction on the building is expected to be finished by the end of 2016. Interesting facts: Apple used 4,300 concrete slabs, weighing a total of 212 tons, to create the structure. The Spaceship also features 330-ton, 92-foot-tall steel reinforced doors for its restaurant -- the dining-hall doors alone span 60,000 square feet and collectively weigh 330 tons. The campus boasts 900 panels of vertical glass, 1,600 panes of canopy glass, 510 panes of clerestory glass, and 126 panes for skylight glass (3,000 total). The total cost of the project is approximately $5 billion.

jader3rd writes: Quartz has an article written by the CEO of Ready, David S. Bennahum, about how public education should be embracing computer science, and how existing programmers don't like these efforts because they feel that doing so will result in kids being exposed to programming in a manner different then how they were introduced to it. Bennahum writes: "Writing software today is eerily similar to what it was like in the late 1950s, when people sat at terminals and wrote COBOL programs. And like the late 1950s, the stereotype of the coder is largely unchanged: mostly white guys with deep math skills, and minimal extroversion. Back in the Sputnik-era, people thought of programmers as a priesthood in lab coats: the sole keepers of knowledge that ran these exotic, and mysterious room-sized machines. Today the priesthood is a little hipper -- lab coats have long given way to a countercultural vibe -- but it's still a priesthood, perhaps more druidic than Jesuitic, but a priesthood nonetheless, largely comprised of white men." "Instead of attempting to lure code-literate teachers away from Silicon Valley, we need to revolutionize the way coding is done. Rather than fit the person to the tool, let's fit the tool to the person. Pop computing can help us get there, offering a gloriously diverse array of tools to match our gloriously diverse species. It's only a matter of time before the process of making software itself is transformed, from one that requires a mastery of syntax -- the precise stringing of sentences needed to command a computer -- to the mastery of logic. Logic is the essence of software creation, and the second step after mastering syntax.'

MojoKid quotes a report from HotHardware: Google has been teasing its Project Tango augmented reality (AR) platform for years but no OEMs have stepped up to the plate to deliver Tango-enabled hardware until now. Lenovo just came out with its PHAB2 Pro 6.4-inch phablet smartphone which packs a full-fledged AR experience. The PHAB2 Pro will be the first commercially available Lenovo smartphone in the U.S. and it leverages Tango AR technology in three ways. The smartphone's "eye" uses motion-tracking to determine its location in 3D. Area learning can also feed location information to the phone, and depth perception allows the phone to analyze the world around it. The PHAB2 Pro is also huge with a 6.4" QHD display covered in 2.5D curved glass. Powering the PHAB2 Pro is a Snapdragon 652 processor with 4GB of RAM, a generous 64GB of storage and a microSD slot. There's also a 16MP rear camera, 8MP front camera and a 4050 mAh battery. Lenovo's Motorola Mobility division also announced the Moto Z and Moto Z Force, which are next generation Android flagships. The Moto Z is the standard model and measures just 5.2mm thick and comes with a 5.5" QHD AMOLED display, a Snapdragon 820 processor with 4GB of RAM and up to 64GB of storage. Its 13MP rear camera features optical image stabilization and laser autofocus, while its 5MP front camera with wide-angle lens takes care of selfies. Then there's the new Moto Z Force, which ups the ante with a 3500 mAh battery, a 21MP rear camera and a shatterproof screen. But what truly makes the Moto Z and Moto Z Force stand out are Moto Mods. These are modular accessories that attach to the back of the smartphones via four magnets and a 16-pin connector. It's much more elegant than what LG has employed with the G5 (which requires you to remove the bottom of the smartphone). Instead, Moto Z users can simply attach an accessory, like the JBL SoundBoost Mod which brings high-end sound, with a quick snap.

An anonymous reader writes from a report via BetaNews: Windows Insider chief Dona Sarkar announced in a blog post that they are releasing Windows 10 Insider Preview Build 14361 for both PC and Mobile to Windows Insiders in the Fast ring. This new release includes new features, some improvements to existing features, and various bug fixes that the company hopes to iron out before the Windows 10 Anniversary Update. A LastPass extension for the Microsoft Edge browser, and Hyper-V Container, which will let you use Docker natively on Windows 10, has been added. A series of improvements have been made to Windows Ink, and the Settings app, which includes changes to the colors so it's more obvious where you are. The Blu-ray icon and Network Quick Action icon have also been updated. You can read the full list of improvements and fixes for PC here.

Trailrunner7 quotes a report from On The Wire: The Federal Trade Commission has sent comments to the Department of Commerce, outlining a list of concerns about the security and privacy of connected and embedded devices, saying that while many IoT devices have tangible benefits for consumers, "these devices also create new opportunities for unauthorized persons to exploit vulnerabilities." One of the key security problems that researchers have cited with IoT devices is the impracticality of updating them when vulnerabilities are discovered. Installing new firmware on light bulbs or refrigerators is not something most consumers are used to, and many manufacturers haven't contemplated those processes either. The FTC said the lack of available updates is a serious problem for consumers and businesses alike. "Although similar risks exist with traditional computers and computer networks, they may be heightened in the IoT, in part because many IoT chips are inexpensive and disposable, and many IoT devices are quickly replaceable with newer versions. As a result, businesses may not have an incentive to support software updates for the full useful life of these devices, potentially leaving consumers with vulnerable devices. Moreover, it may be difficult or impossible to apply updates to certain devices," the FTC comments say. In early May, the FTC issued a 10-page letter to eight leading players in the mobile communications arena requiring them to tell the agency how they issue security patches.

simpz writes: The Register reports that Microsoft has changed the Windows 10 update dialog and no longer shows the "X" close button. They say once agreed to there is no obvious back-out method and it is now out of step with Microsoft's own documentation on this. They have a screenshot of this. As noted above, the latest move is out of step with Microsoft's Knowledge Base documentation, which says you can re-schedule your upgrade.

DaGoatSpanka quotes a report from MacRumors: Apple yesterday released the first preview build of Swift 3.0, a major update to Apple's open source Swift programming language. Swift 3.0's official release is expected to come in late 2016 after proposed changes are finalized. The Swift 3.0 preview can be downloaded from the official Swift website. There are versions of Swift 3.0 available for Xcode 7.2, Ubuntu 14.04, and Ubuntu 15.10. [Swift 3.0 is not source compatible with Swift 2.2 as it introduces source-breaking changes, but going forward, the goal is to make Swift 3.0 source compatible with future Swift language updates.] Swift 3.0 will likely be shown at Apple's upcoming Worldwide Developers Conference (WWDC).

An anonymous reader writes: "A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM," writes Softpedia. The zero-day is up for sale on a Russian underground hacking forum, and is currently available for $90,000 -- after it was initially up for $95,000. The hacker is saying he'll sell the zero-day to one person only, who'll receive its source code and a working demo. Two videos are available, one showing the hacker exploit Windows 10 with the May 2016 security patch, and another one bypassing all EMET features. While security experts think the zero-day may be overpriced, they think the hacker will find a buyer regardless.

An anonymous reader writes from a report via TechCrunch: According to a new study on mobile app usage, nearly one in four mobile users only use an app once. TechCrunch reports: "Based on data from analytics firm Localytics, and its user base of 37,000 applications, user retention has seen a slight increase year-over-year from 34 percent in 2015 to 38 percent in 2016. However, just because this figure has recovered a bit, that doesn't mean the numbers are good. Instead, what this indicates is that 62 percent of users will use an app less than 11 times. These days, 23 percent launch an app only once -- an improvement over last year, but only slightly. For comparison's sake, only 20 percent of users were abandoning apps in 2014. On iOS, user retention saw some slight improvements. The percentage of those only opening apps once fell to 24 percent from 26 percent last year, and those who return to apps 11 times or more grew to 36 percent from 32 percent in 2015. In particular, apps in the middle stage of their growth (between 15,000 and 50,000 monthly active users), saw the strongest lift with retention and abandonment, the report also noted. This is attributed to these apps' use of push notifications, in-app messages, email, and remarking. While push notifications have always been cited as a way to retain users, in-app messages also have a notable impact -- these messages improve users retention to 46 percent, the study found. 17 percent will only use app once if they see an in-app message, but those not using messages see 26 percent of users abandoning the app after one session.

prisoninmate writes from a report via Softpedia: The moment you've all been waiting for is almost here, as you will no longer need a cable to connect your Ubuntu Phone to your TV or a supported LCD monitor. Canonical will soon release the OTA-11 software update to supported Ubuntu Phone devices implementing the Aethercast (also known as Miracast or Display Casting) technology that provides Wireless display support to Ubuntu Phone devices, but only for Meizu PRO 5, which comes with out-of-the-box wireless display functionality. Some other features of the OTA-11 update include: the adoption of the NetworkManager 1.2 network connection manager, an updated VPN feature with username and password authentication support, a pre-loaded Home Scope which will allow for a faster startup, multiple application windows, and subtitles in the header. In addition, the positioning in location service has been greatly improved, Dynamic Grid Unit (DGU) support is now available, and many bugs have been fixed (squashed). You can view a list of the devices that support the OTA-11 update here.

UPDATE 5/31/16: The report has been updated to clarify that the Meizu PRO 5 is the only device that supports wireless display functionality out-of-the-box.

An anonymous reader writes from a report via BetaNews: The notification tray in Android serves a very specific purpose. There's a clue in the name -- and it's nothing to do with advertising. Android user Thom Holwerda was upset this week when Microsoft Office for Android started to spam him with ads for apps he already had installed. There are many questions here, one of which is why is Microsoft ignoring Google's guidelines and using the notification tray to display ads? Thom, from the website OSnews, found that the copy of Word he had installed on his Nexus 6P was spamming him with ads for Excel and Powerpoint -- which he was already using. Mark Wilson from BetaNews contacted Microsoft and they said, "Our team is actively investigating the occurrences of these notifications." After pressing further into the issue, a Microsoft spokesperson said, "Microsoft is deeply committed to ensuring that we maintain the best possible experience for our customers in addition to complying with all applicable policies. We have taken the action to turn off these notifications. This update will be reflected in the coming days." In other semi-related news, users can now remove the 260-character path length limit in the Windows 10 build 14352.

An anonymous reader quotes a report from Softpedia: Windows 10 build 14352, a preview version of the upcoming Anniversary Update (also known as Redstone), comes with an eagerly awaited change that Microsoft hasn't yet announced publicly. The 260-character path length limit in Windows can be removed with the help of a new policy, thus allowing you to run operations with files regardless of their path or file name. While this new rule is not enabled by default, admins can turn it on by following these instructions. Launch the Registry Editor by clicking the Start menu and typing "regedit.exe," and then navigate to the following path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{48981759-12F2-42A6-A048-028B3973495F}Machine\System\CurrentControlSet\Policies. Look for an entry called "LongPathsEnabled," and if it does not exist, simply right-click Policies, select New DWORD (32-bit), name it "LongPathsEnabled" (without the quotes), enter value 1, and you're good to go. The description of the preview reads, "Enabling NTFS long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 char limit per node. Enabling this setting will cause the long paths to be accessible within the process." While the Windows 10 preview build 1452 has been made available last week, according to Windows Central, a Microsoft team member says that the company could released Windows 10 Mobile build 14352 for Insiders on Tuesday, May 31.

An anonymous reader writes from a report issued by Softpedia on May 27: Microsoft and several other security researchers have detected the first ransomware versions that appears to have self-propagation features, being able to spread to other machines on its own by copying itself to shared network drives or portable storage devices automatically. Called ZCryptor, this ransomware seems to enjoy quite the attention from crooks, who are actively distributing today via Flash malvertising and boobytrapped Office files that infect the victim if he enables macro support when opening the file. This just seems to be the latest addition to the ransomware family, one which recently received the ability to launch DDoS attacks while locking the user's computer.

An anonymous reader quotes a report from Phys.Org: A trio of researchers has solved a single math problem by using a supercomputer to grind through over a trillion color combination possibilities, and in the process has generated the largest math proof ever -- the text of it is 200 terabytes in size. The math problem has been named the boolean Pythagorean Triples problem and was first proposed back in the 1980's by mathematician Ronald Graham. In looking at the Pythagorean formula: a^2 + b^2 = c^2, he asked, was it possible to label each a non-negative integer, either blue or red, such that no set of integers a, b and c were all the same color. To solve this problem the researchers applied the Cube-and-Conquer paradigm, which is a hybrid of the SAT method for hard problems. It uses both look-ahead techniques and CDCL solvers. They also did some of the math on their own ahead of giving it over to the computer, by using several techniques to pare down the number of choices the supercomputer would have to check, down to just one trillion (from 10^2,300). Still the 800 processor supercomputer ran for two days to crunch its way through to a solution. After all its work, and spitting out the huge data file, the computer proof showed that yes, it was possible to color the integers in multiple allowable ways -- but only up to 7,824 -- after that point, the answer became no. Is the proof really a proof if it does not answer why there is a cut-off point at 7,825, or even why the first stretch is possible? Does it really exist?

sproketboy shares this article about a computer graphic designer who spent two years building a real-world version of the classic videogame Pong, played on a full-sized coffee table using only mechanical parts. The project's team apparently used a hard drive platter for the real-world scroll wheels controlling the paddles, aided by some large Arduinos and other homemade electronics (along with rainbow LED lights to create the pixels for the score).

"We don't have any electronics, product design, or manufacturing background," Daniel Perdomo told one technology site. "All we knew for this was thanks to the Internet (Google, YouTube, forums). Today you can grab all the knowledge you want just a few clicks away!" He's now looking for a hardware incubator to transform his "Atari Pong Project" into a real consumer product. (Interestingly, another group of hobbyists built a similar electromechanical version of Pong back In 2004.)

Annette Hurst, an attorney at Orrick, Herrington & Sutcliffe who represented Oracle in the recent Oracle v. Google trial, has written an opinion piece for Ars Technica in which she urges developers and creators to not celebrate Google's win in the hard-fought copyright case as the decision -- if remains intact -- is poised to make them "suffer" everywhere and also the free software movement itself "now faces substantial jeopardy." As you're aware, in a verdict earlier this week, a federal court announced that Google's Android operating system didn't infringe on Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." Hurst writes: No business trying to commercialize software with any element of open software can afford to ignore this verdict. Dual licensing models are very common and have long depended upon a delicate balance between free use and commercial use. Royalties from licensed commercial exploitation fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option. This jury's verdict suggests that such restrictions are now meaningless, since disregarding them is simply a matter of claiming "fair use." It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy.

infernalC writes: Ars Technica is reporting that the verdict is in, and that the jury decided that Google's duplication of several Java interfaces is fair use. Ars Technica writes that Google's Android OS does not infringe upon Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." The jury unanimously answered "yes" in response to whether or not Google's use of Java APIs was a "fair use" under copyright law. The trial is now over, since Google won. "Google's win somewhat softens the blow to software developers who previously thought programming language APIs were free to use," Ars Technica writes. "It's still the case that APIs can be protected by copyright under the law of at least one appeals court. However, the first high-profile attempt to control APIs with copyright law has now been stymied by a "fair use" defense." The amount Oracle may have asked for in damages could have been as much as $9 billion.