Framework is one of an increasing number of companies working to address planned obsolescence by creating products that are incredibly customizable and easy to repair. Today, the company's Framework Laptop is up for preorder, starting at $999 and shipping at the end of July. TechCrunch reports: There are three basic configurations -- Base, Performance and Professional, ranging from $999 to $1,999, upgrading from an Intel Core i5, 8GB of Ram and 256GB of storage to a Core i7 and 32GB/1TB. Windows also gets upgraded from Home to Pro at the top level. At $749, the company offers a barebones shell, where users can plug in their own internals.

Other upgrades include: "On top of that, the Framework Laptop is deeply customizable in unique ways. Our Expansion Card system lets you choose the ports you want and which side you want them on, selecting from four at a time of USB-C, USB-A, HDMI, DisplayPort, MicroSD, ultra-fast 250GB and 1TB storage, and more. Magnetic-attach bezels are color-customizable to match your style, and the keyboard language can be swapped too."

New submitter imcdona writes: VideoLan has released VLC Media Player 3.0.14 to fix an issue affecting Window users and causing the widely-used software's auto-updater not to launch the new version's installer automatically. "VLC users on Windows might encounter issues when trying to auto update VLC from version 3.0.12 and 3.0.13," VideoLan explained."We are publishing version 3.0.14 to address this problem for future updates."

This issue is caused by a bug introduced in the automatic updater code of VLC 3.0.12 and fixed with the release of VLC 3.0.14. Because of this bug, VLC updates are downloaded to the users' computers, verified for integrity, but will not be installed as the auto-updater fails to launch the VLC 3.0.14 installer.

System76 today unveiled its newest product -- the "Launch Configurable Keyboard." It is a mechanical keyboard made in the USA with a focus on open source. The Launch has both open source firmware and hardware. Even the configuration software -- which runs on Linux, Windows, and macOS -- is open source. From a report: "With a wide swath of customization options, the Launch is flexible to a variety of needs and use cases. The keyboard's thoughtful design keeps everything within reach, vastly reducing awkward hand contortions. Launch comes with additional keycaps and a convenient keycap puller, meaning one can swap keys based on personal workflow preferences to maximize efficiency. Launch also features a novel split Space Bar, which allows the user to swap out one Space Bar keycap for Shift, Backspace, or Function to reduce hand fatigue while typing. Launch uses only three keycap sizes to vastly expand configuration options," says System76. The keyboard, which has a removable USB-C cable for connectivity, is priced at $285.

An anonymous reader quotes a report from The Register: A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef. On Tuesday, Vanhoef, a postdoctoral researcher in computer security at New York University Abu Dhabi, released a paper titled, "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" [PDF]. Scheduled to be presented later this year at the Usenix Security conference, the paper describes a set of wireless networking vulnerabilities, including three Wi-Fi design flaws and nine implementation flaws. Vanhoef, who in 2017 along with co-author Frank Piessens identified key reinstallation attacks (KRACKs) on the WPA2 protocol (used to secure Wi-Fi communication), has dubbed his latest research project FragAttacks, which stands for fragmentation and aggregation attacks.

The dozen vulnerabilities affect all Wi-Fi security protocols since the wireless networking technology debuted in 1997, from WEP up through WPA3. [...] In total, 75 devices -- network card and operating system combinations (Windows, Linux, Android, macOS, and iOS) -- were tested and all were affected by one or more of the attacks. NetBSD and OpenBSD were not affected because they don't support the reception of A-MSDUs (aggregate MAC service data units). [...]

Patches for many affected devices and software have already been deployed, thanks to a nine-month-long coordinated responsible disclosure overseen by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet (ICASI). Linux patches have been applied and the kernel mailing list note mentions that Intel has addressed the flaws in a recent firmware update without mentioning it. Microsoft released its patches on March 9, 2021 when disclosure was delayed tho Redmond had already committed to publication. Vanhoef advises checking with the vendor(s) of Wi-Fi devices about whether the FragAttacks have been addressed. "[F]or some devices the impact is minor, while for others it's disastrous," he said.

In late 2019, Microsoft announced Windows 10X, a new flavor of Windows 10 designed for dual-screen PCs. Windows 10X, Microsoft said at the time, will power dual-screen PCs from Asus, Dell, HP, Lenovo, and of course Microsoft. But it appears Microsoft has changed its plans about what it wants to do with this version of Windows 10. Microsoft-focused news outlet Petri reported on Friday, citing people familiar with the matter, that Microsoft will not be shipping Windows 10X this year and the OS, as was described by the company in 2019, will likely never arrive. From the report: The company has shifted resources to Windows 10 and 10X is on the back burner, for now. For about a decade, Microsoft has been trying to modernize Windows in various ways. We have seen Windows RT, Windows 10S, and now Windows 10X. The question becomes if there really is a future for anything other than traditional Windows 10? Microsoft said during their last earnings call that there were 1.3 billion active devices are running the OS each month and with that context in mind, does there really need to be a 'lite' version of the OS?

It's a fair question at this point because Microsoft's history of trying to overhaul Windows is a journey down a road with many headstones along the way to 2021. The reality is that if Microsoft is going to invest heavily in a modern version of Windows 10, it should be to run Windows 10 on ARM. A watered-down version of the OS to compete against Chromebooks is not working out today, much like it has not worked out in the past and it may never work out either but the future is hard to predict. While Windows 10 was put in the backseat for the past couple of years and many looked at 10X as a possible revival of excitement for the OS, all eyes should now be focused on Sun Valley -- the next major update to Windows 10. If something is going to return the limelight to Windows, it has to be Sun Valley because that's the only thing left. But just because 10X isn't coming to market anytime soon, the technologies that were built for 10X are migrating to Windows 10. Not everything from 10X will show up in 10 but I would expect to see things like UI updates, app containers, and more arrive in Windows 10.

Microsoft is now planning to refresh the Windows 95-era icons you still sometimes come across in Windows 10. The Verge reports: Windows Latest has spotted new icons for the hibernation mode, networking, memory, floppy drives, and much more as part of the shell32.dll file in preview versions of Windows 10. This DLL is a key part of the Windows Shell, which surfaces icons in a variety of dialog boxes throughout the operating system. It's also a big reason why Windows icons have been so inconsistent throughout the years. Microsoft has often modernized other parts of the OS only for an older app to throw you into a dialog box with Windows 95-era icons from shell32.dll. Hopefully this also means Windows will never ask you for a floppy disk drive when you dig into Device Manager to update a driver. That era of Windows, along with these old icons, has been well and truly over for more than a decade now. These new changes are part of Microsoft's design overhaul to Windows 10, codenamed Sun Valley. "We're expecting to hear more about Sun Valley at Microsoft's Build conference later this month, or as part of a dedicated Windows news event," notes The Verge.

A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives. BleepingComputer reports: The bug started with Windows Defender antivirus engine 1.1.18100.5 and will cause the C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store folder to be filled up with thousands of files with names that appear to be MD5 hashes. From a system seen by BleepingComputer, the created files range in size from 600 bytes to a little over 1KB. While the system we looked at only had approximately 1MB of files, other Windows 10 users report that their systems have been filled up with hundreds of thousands of files, which in one case, used up 30GB of storage space. On smaller SSD system drives (C:), this can be a considerable amount of storage space to waste on unnecessary files. According to Deskmodder, who first reported on this issue, the bug has now been fixed in the latest Windows Defender engine, version 1.1.18100.6.

Microsoft is preparing to issue two more Windows 10 updates in June and July that will eliminate unsupported Adobe Flash Player from Windows PCs for good. ZDNet reports: The update KB4577586 called "Update for Removal of Adobe Flash Player" has been available as an optional update since October and now looks set for a broader deployment. Flash Player officially reached end of life on December 31, 2020 as per an announcement by Adobe and major browser makers in 2017.

"Starting in June 2021, the KB4577586 "Update for Removal of Adobe Flash Player" will be included in the Preview Update for Windows 10, version 1809 and above platforms. It will also be included in every subsequent Latest Cumulative Update," Microsoft said. "As of July 2021, the KB4577586 "Update for Removal of Adobe Flash Player" will be included in the Latest Cumulative Update for Windows 10, versions 1607 and Windows 10, version 1507. The KB will also be included in the Monthly Rollup and the Security Only Update for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard," it added.

"Chromium-based web browser Opera is all set to fully integrate with blockchain domain name provider Unstoppable Domains," reports TechRadar, "in a bid to provide millions of its users with decentralized web access." Opera users will now be able to access decentralized websites hosted via the InterPlanetary File System (IPFS) using Unstoppable Domains' popular .crypto NFT addresses from the Opera browser. This will include platforms such as iOS, Android, Windows, Mac or Linux. Right now, Opera has over 320 million monthly active users across its offerings, following the addition of a crypto wallet to its browsers in 2019.

Unstoppable Domains was launched in 2018 and provides domain names to users with no renewal fees. Users of Unstoppable Domains are granted full ownership and control when they claim a domain because it is minted as an NFT on the Ethereum blockchain. Domain names such as .crypto replace complex wallet addresses for payments across over 40 cryptocurrency wallets and exchanges in addition to accessing the decentralized web through Opera.

Maciej Kocemba, Product Director at Opera said that the company believes in giving all people the ability to access the full web, regardless of the technology behind it.
The Opera product director was further quoted by Business Insider: "We have always supported web innovation, and the decentralized web or Web3 is the natural next wave. Making Unstoppable Domains accessible in the Opera browsers means our users can try blockchain technologies for themselves. Registering your .crypto domain, which is forever yours, is a great first step into Web3," the company's product director Maciej Kocemba said.

Opera is quickly becoming a leader in pushing for the adoption of Web 3.0, also often described as the decentralized web.

It's been just over a year since Microsoft announced it had hit its goal of 1 billion monthly active Windows 10 devices. It took a while to get there, but Microsoft now says Windows 10 is growing even faster, reaching a whopping 1.3 billion active installs in the last quarter. From a report: Like a number of other technology firms, Microsoft has the global pandemic to thank for its windfall. It turns out people buy more computers when they're stuck at home. "Over a year into the pandemic, digital adoption curves aren't slowing down. They're accelerating, and it's just the beginning," said CEO Satya Nadella. The latest device count comes from Microsoft's earnings report, which featured a stunning $41.7 billion in revenue for the quarter.

Today, Blue Origin revealed that it will be selling the first tickets for rides on its space tourism rocket called New Shepard. According to CNBC, the first ticket (or tickets?) will go on sale starting next week, on Wednesday, May 5. From the report: Blue Origin did not reveal how much tickets will cost, only saying that more details will come on May 5 to those who submit their name and email on a form on the company's website. "Sign up to learn how you can buy the very first seat on New Shepard," according to the company's website. The announcement's video features Bezos going out to the capsule of New Shepard after the company's test flight earlier this month. It shows him driving across the Texas desert, the remote location of the New Shepard launch facility -- notably at the wheel of a Rivian R1T electric truck, which is emblazoned with Blue Origin's signature feather.

New Shepard is designed to carrying as many as six people at a time on a ride past the edge of space, with the capsules on previous test flights reaching an altitude of more than 340,000 feet (or more than 100 km). The capsule, which has massive windows to give passengers a view, spends as much as 10 minutes in zero gravity before returning to Earth. The rocket launches vertically, with the booster detaching and returning to land at a concrete pad nearby. The capsule's return is slowed down by a set of parachutes, before softly landing in the desert.

Facebook has joined the Rust Foundation, the organization driving the Rust programming language, alongside Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. From a report: Facebook is the latest tech giant to ramp up its adoption of Rust, a language initially developed by Mozilla that's become popular for systems programming because of its memory safety guarantees compared to fast languages C and C++. Rust is appealing for writing components like drivers and compilers.

The Rust Foundation was established in February with initial backing from Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. Microsoft is exploring Rust for some components of Windows and Azure while Google is using Rust to build new parts of the Android operating system and supporting an effort to bring Rust to the Linux kernel. Facebook's engineering team has now detailed its use of Rust beginning in 2016, a year after Rust reached its 1.0 milestone. "For developers, Rust offers the performance of older languages like C++ with a heavier focus on code safety. Today, there are hundreds of developers at Facebook writing millions of lines of Rust code," Facebook's software engineering team said.

Microsoft is shaking up the world of PC gaming today with a big cut to the amount of revenue it takes from games on Windows. From a report: The software giant is reducing its cut from 30 percent to just 12 percent from August 1st, in a clear bid to compete with Steam and entice developers and studios to bring more PC games to its Microsoft Store. "Game developers are at the heart of bringing great games to our players, and we want them to find success on our platforms," says Matt Booty, head of Xbox Game Studios at Microsoft. "A clear, no-strings-attached revenue share means developers can bring more games to more players and find greater commercial success from doing so."

These changes will only affect PC games and not Xbox console games in Microsoft's store. While Microsoft hasn't explained why it's not reducing the 30 percent it takes on Xbox game sales, it's likely because the console business model is entirely different to PC. Microsoft, Sony, and Nintendo subsidize hardware to make consoles more affordable, and offer marketing deals in return for a 30 percent cut on software sales. Microsoft's new reduction on the PC side is significant, and it matches the same revenue split that Epic Games offers PC game developers while also putting more pressure on Valve to reduce its Steam store cut. Valve still takes a 30 percent cut on sales in its Steam store, which is reduced to 25 percent when sales hit $10 million, and then 20 percent for every sale after $50 million.

From Mike Melanson's "This Week in Programming" column: "The Rustening at Microsoft has begun," tweeted Microsoft distinguished engineer Miguel de Icaza.

What de Icaza is referring to is a newly-offered course by Microsoft on taking the first steps with Rust, which much of the Twitterverse of Rust devotees sees as a sign that the company is further increasing its favor for their crab-themed language of choice. Of course, this isn't the first we've heard of Microsoft looking to Rust to handle the 70% of Microsoft vulnerabilities that it says come from using the memory-unsafe C++ programming language in its software. A few years back now, Microsoft launched Project Verona, a research programming language that takes a bite from Rust in the realm of ownership and is said to be inspired by Rust, among others.

More recently, however, Microsoft announced the preview of Rust for Windows, which "lets you use any Windows API (past, present, and future) directly and seamlessly via the windows crate (crate is Rust's term for a binary or a library, and/or the source code that builds into one)." With Rust for Windows, developers can now not only use Rust on Windows, they can also write apps for Windows using Rust...

According to the project description, the Windows crate "lets you call any Windows API past, present, and future using code generated on the fly directly from the metadata describing the API and right into your Rust package where you can call them as if they were just another Rust module" and that, along with the introduction of a course for learning Rust, is precisely what has all those Rust devotees so excited.
InfoWorld has more information...

jonesy16 writes: While users have long been able to run Linux GUI apps on Windows by installing a separate X Server, this marks the first time that native support is available through the Windows Subsystem for Linux (WSL). Audio support and hardware acceleration are also provided, seemingly enabling a limitless set of use cases for those wishing to live the dual OS life. The change is identified in the recent preview build release along with a more in-depth discussion of the graphical subsystem now called WSLg.

wiredmikey shares a report from SecurityWeek: Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.

The newest Chrome update -- 90.0.4430.85 -- is available for Windows, Mac and Linux users and is being rolled out via the browser's automatic update mechanism. The vulnerability being exploited is identified as CVE-2021-21224 and simply described as a "type confusion" in the V8 Chrome rendering engine. Google credited the Jose Martinez (tr0y4) from VerSprite Inc. for reporting the vulnerability. "Google is aware of reports that exploits for CVE-2021-21224 exist in the wild," the company said, with no additional details.

Dave Knott writes: Microsoft has announced Visual Studio 2022, the next major revision of their flagship development IDE. A public beta will be arriving this summer. The most significant change, which has long been rumored, is that the entire application suite will now be 64-bit. Other major changes include:

* Performance improvements in the core debugger
* Support for .NET 6, which can be used to build web, client and mobile apps by both Windows and Mac developers, as well as improved support for developing Azure apps
* An update UI meant to reduce complexity and which will add integration with Accessibility Insights. Microsoft plans to update the icons and add support for Cascadia Code, a new fixed-width font for better readability
* Support for C++ 20 tooling. language standardization and Intellisense
* Integration of text chat into the Live Share collaboration feature
* Additional support for Git and GitHub
* Improved code search

"In Microsoft's ongoing endeavor to convert people to its rebooted Edge web browser, it's launching a new Kids Mode that makes it easy for parents to control how their children surf the web," reports Gizmodo: Parents have the choice between two versions, one for ages five to eight years and one for ages nine to 12 years. Both enable the strictest level of tracking prevention in Edge and Bing SafeSearch by default to filter out adult text, images, and videos from search results. The only difference between the two age ranges is that the older one includes a newsfeed with curated articles from MSN for Kids. Don't worry though: It focuses on more kid-friendly topics like fun science and animal facts rather than breaking news and politics, Microsoft said.

Kids Mode also restricts what sites kids have access to, with roughly 70 popular kids sites allowed from the get-go (any additional allowable sites have to be added to the list individually). If a child tries to view a site that's not on that list, they're met with a cutesy block page, pictured below, that prompts them to ask an adult for permission.

Parallels today announced the release of Parallels Desktop 16.5 for Mac with full support for M1 Macs, allowing for the Windows 10 ARM Insider Preview and ARM-based Linux distributions to be run in a virtual machine at native speeds on M1 Macs. From a report: Parallels says running a Windows 10 ARM Insider Preview virtual machine natively on an M1 Mac results in up to 30 percent better performance compared to a 2019 model 15-inch MacBook Pro with an Intel Core i9 processor, 32GB of RAM, and Radeon Pro Vega 20 graphics. Parallels also indicates that on an M1 Mac, Parallels Desktop 16.5 uses 2.5x less energy than on the latest Intel-based MacBook Air. Microsoft does not yet offer a retail version of ARM-based Windows, with the Windows 10 ARM Insider Preview available on Microsoft's website for Windows Insider program members. The ability to run macOS Big Sur in a virtual machine is a feature that Parallels hopes to add support for in Parallels Desktop later this year as well.

April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA). The Register reports: Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nineteen of the CVEs have been designated critical. "This month's release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post. "These new vulnerabilities were reported by a security partner through standard coordinated vulnerability disclosure and found internally by Microsoft. We have not seen the vulnerabilities used in attacks against our customers.

Clicking through Microsoft's coy links to CVE-2021-28480 (9.8 severity), CVE-2021-28481 (9.8 severity), CVE-2021-28482 (8.8 severity), and CVE-2021-28483 (9.0 severity), you'll find the unspecified security partner is the NSA. Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9 are affected by this set of problems. "NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks," the signals intelligence agency said via Twitter.