Archive for the ‘Open Source’ Category

Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

July 9th, 2019
Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base. Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects,

Posted in cyber security, GitHub, hacking news, javascript injection, Lodash, Open Source, Prototype Pollution, Vulnerability, Web Framework | Comments (0)

Windows dual booting no longer looking likely on Pixebooks

May 15th, 2019
Google's Pixelbook.

Enlarge / Google's Pixelbook. (credit: Valentina Palladino)

Just under a year ago, there were signs that Google was modifying the firmware of its Pixelbook laptop to enable dual booting into Windows 10. The firmware was updated to give the Pixelbook the ability to boot into an "Alternative OS" ("AltOS" mode). The work included references to the Windows Hardware Certification Kit (WHCK) and the Windows Hardware Lab Kit (HLK), Microsoft's testing frameworks for Windows 8.1 and Windows 10 respectively.

Google now appears to have abandoned this effort. A redditor called crosfrog noticed that AltOs mode was now deprecated (via Android Police). Pixelbooks are going to be for Chrome OS only, after all.

The dual boot work was being done under the name Project Campfire. There appears to have been little development work on Project Campfire since last December. This suggests that Google actually decided not to bother with dual booting many months ago.

Read 1 remaining paragraphs | Comments

Posted in Chrome OS, dual boot, google, linux, microsoft, Open Source, Tech, Windows | Comments (0)

Microsoft open sources algorithm that gives Bing some of its smarts

May 15th, 2019
The Eiffel Tower.

Enlarge / The Eiffel Tower. (credit: Pedro Szekely)

Search engines today are more than just the dumb keyword matchers they used to be. You can ask a question—say, "How tall is the tower in Paris?"—and they'll tell you that the Eiffel Tower is 324 meters (1,063 feet) tall, about the same as an 81-story building. They can do this even though the question never actually names the tower.

How do they do this? As with everything else these days, they use machine learning. Machine-learning algorithms are used to build vectors—essentially, long lists of numbers—that in some sense represent their input data, whether it be text on a webpage, images, sound, or videos. Bing captures billions of these vectors for all the different kinds of media that it indexes. To search the vectors, Microsoft uses an algorithm it calls SPTAG ("Space Partition Tree and Graph"). An input query is converted into a vector, and SPTAG is used to quickly find "approximate nearest neighbors" (ANN), which is to say, vectors that are similar to the input.

This (with some amount of hand-waving) is how the Eiffel Tower question can be answered: a search for "How tall is the tower in Paris?" will be "near" pages talking about towers, Paris, and how tall things are. Such pages are almost surely going to be about the Eiffel Tower.

Read 2 remaining paragraphs | Comments

Posted in machine learning, microsoft, Open Source, Tech | Comments (0)

Microsoft: The open source company

May 10th, 2019
Microsoft: The open source company

Enlarge

The news from Microsoft's Build developer conference that surprised me most was that Microsoft will ship a genuine Linux kernel—GPLed, with all patches published—with Windows. That announcement was made with the announcement of Windows Terminal, a new front-end for command-line programs on Windows that will, among other things, support tabs.

Microsoft's increased involvement with open source software isn't new, as projects such as Visual Studio Code and the .NET runtime have operated as open source, community-driven projects. But this week's announcements felt a bit different.

The Linux kernel will be powering Microsoft's second generation Windows Subsystem for Linux (WSL). The first generation WSL contains a partial re-implementation of the Linux kernel API that uses the Windows NT kernel to perform its functionality. In choosing this approach, Microsoft avoided using any actual Linux code, and hence the company avoided the GPL license with its "viral" stipulations that would have arguably forced Microsoft to open source WSL and perhaps even parts of Windows itself.

Read 5 remaining paragraphs | Comments

Posted in development, GPL, linux, microsoft, Open Source, Tech, Windows | Comments (0)

Windows 10 will soon ship with a full, open source, GPLed Linux kernel

May 6th, 2019
Windows 10 will soon ship with a full, open source, GPLed Linux kernel

Enlarge (credit: Microsoft)

Earlier today, we wrote that Microsoft was going to add some big new features to the Windows Subsystem for Linux, including native support for Docker containers. It turns out that that ain't the half of it.

The current Windows Subsystem for Linux uses a Microsoft-authored kernel component that provided the same kernel API as the Linux kernel but written from scratch by Microsoft. Essentially, it translated from Linux APIs to Windows NT kernel APIs. That worked pretty well, but the current subsystem had a few shortcomings: there was no ability to use Linux drivers, in particular file system drivers. Its file system performance, layered on top of Windows' own NTFS, was often 20 times slower than a real Linux kernel. It was also a relatively old version of the kernel; it offered approximately the set of APIs that Linux 4.4 did, and that was released in 2016. Some APIs aren't implemented at all, and others are only partially implemented to meet the needs of specific applications.

All is changing with Windows Subsystem for Linux 2. Instead of emulating the Linux kernel APIs on the NT kernel, WSL 2 is going to run a full Linux kernel in a lightweight virtual machine. This kernel will be trimmed down and tailored to this particular use case, with stripped-down hardware support (since it will defer to the host Windows OS for that) and faster booting.

Read 5 remaining paragraphs | Comments

Posted in GPL, Open Source, Tech, Windows, Windows 10, windows subsystem for linux, wsl | Comments (0)

Microsoft’s plan for Edge: Integrated IE compatibility, better privacy

May 6th, 2019

Microsoft has outlined its plans for the next stage of development for the new Chromium-based Edge browser, and those plans include a trio of new features.

The first is a big nod to enterprise customers: a built-in Internet Explorer mode. Chrome has a number of extensions that accomplish much the same thing—they create a new tab in the browser and use the Internet Explorer 11 engine, rather than the Chrome engine, to draw that tab. For Edge, this capability will be built in.

Enterprises can already create a compatibility list, the Enterprise Mode Site List, which the current Edge browser uses to know which (internal, line-of-business) sites should be shown in Internet Explorer 11. The new Edge will use this same list to determine when to use Internet Explorer.

Read 3 remaining paragraphs | Comments

Posted in browsers, build 2019, chrome, Chromium, EDGE, microsoft, Open Source, Tech | Comments (0)

Windows 10’s “Sets” tabbed windows will never see the light of day

April 23rd, 2019
Microsoft's inspiration, evidently.

Enlarge / Microsoft's inspiration, evidently. (credit: Jerry / Flickr)

For two periods last year, those using preview builds of Windows 10 could access to a feature called Sets: a tabbed interface that was eventually to allow tabs to be put in the titlebar of just about any window. These tabs would allow both multiple copies of the same application to be combined—a tabbed Explorer or Command Prompt, say—and multiple disparate windows to be grouped—combining, say, a browser window containing research with the Word window. However, both times the feature was enabled only for a few weeks, so Microsoft could gather data, before disabling it. Sets aren't in the Windows 10 May 2019 update.

It seems now that Sets are unlikely to ever materialize. Rich Turner, who oversees Microsoft's revamping of the Windows command-line infrastructure and the Windows Subsystem for Linux tweeted that the interface "is no more." Having everything tabbed everywhere isn't going to happen. Adding tabs specifically for command-line windows is, however, "high on [Microsoft's] to do list."

There was initially some confusion that the tweet might have meant that some other system-wide approach to tabs was going to be used. But Turner clarified today that the command-line tabs will be purpose-built for command-line windows, not a general feature for the entire operating system.

Read 4 remaining paragraphs | Comments

Posted in browser, Chromium, EDGE, microsoft, Open Source, sets, tabs, Tech, user interface, Windows | Comments (0)

Hands-on: First public previews of Chromium-based Edge are now out

April 8th, 2019
There's really no difference between how the Ars front page looks in Edge and Chrome.

Enlarge / There's really no difference between how the Ars front page looks in Edge and Chrome.

Microsoft's switch to using the Chromium engine to power its Edge browser was announced in December last year, and the first public preview build is out now. Canary builds, updated daily, and Dev builds, updated weekly, are available for Windows 10. Versions for other operating systems and a beta that's updated every six weeks are promised to be coming soon.

Chromium is the open source browser project run by Google. It includes the Blink rendering engine (Google's fork of Apple's WebKit), V8 JavaScript engine, Google's software-based sandboxing, and the browser user interface. Google builds on Chromium for its Chrome browser, and a number of third-party browsers, including Opera, Vivaldi, and Brave, also use Chromium.

As a result, every Chromium browser offers more or less the same performance and Web compatibility. Indeed, this is a big part of why Microsoft made the switch: the company had grown tired of updating its own EdgeHTML engine to ensure it behaved identically to Chrome and is now offering Chrome-equivalent behavior in the most direct way possible. I've been using a version 74 build (which is a little out of date at this point) for the last week, and I have yet to see any difference between Edge and Chromium Dev when it comes to displaying Web pages. In principle, a page could treat Edge differently (it reports its identity as a rather ugly "Edg/74.1.96.14"; I'm presuming the misspelling is an attempt to ensure it isn't identified as a variation of the current Edge browser), but in general there's little reason to do so.

Read 5 remaining paragraphs | Comments

Posted in browsers, Chromium, development, EDGE, microsoft, Open Source, Tech, the web, Windows | Comments (0)

Visual Studio 2019 goes live with C++, Python shared editing

April 2nd, 2019
OK, so Visual Studio's always gonna look like Visual Studio. But the eagle-eyed will spot a few differences. There's the menus-in-title bar at the top. There's the message "No issues found" in the status bar, showing that background code analysis has found no problems with my code. Bottom left, to the left of the "Ready" text, is the new background task status indicator that provides more information about things like scanning code to build IntelliSense information. There's a (not visible) GitHub tab in the Solution Explorer panel that's used for the new Pull Request integration. And, of course, there's the Live Share button top right.

Enlarge / OK, so Visual Studio's always gonna look like Visual Studio. But the eagle-eyed will spot a few differences. There's the menus-in-title bar at the top. There's the message "No issues found" in the status bar, showing that background code analysis has found no problems with my code. Bottom left, to the left of the "Ready" text, is the new background task status indicator that provides more information about things like scanning code to build IntelliSense information. There's a (not visible) GitHub tab in the Solution Explorer panel that's used for the new Pull Request integration. And, of course, there's the Live Share button top right.

A new version of Microsoft's integrated development environment (IDE) goes live today with the release of Visual Studio 2019 and its cousin Visual Studio 2019 for Mac.

Visual Studio is in a bit of a strange position, and it would be fair for developers to ask why this branded release even exists. Visual Studio 2017 has received nine point releases and countless patch releases since its release two years ago. Each of these releases has brought a mix of new features and bug fixes, and for Visual Studio users, the experience feels comparable to that of, say, Google Chrome, where each new version brings a steady flow of incrementally improved features and fixes.

Indeed, this iterative, incremental model is the one that Microsoft is pushing (and using) for services such as Azure DevOps and is comparable to the continuous development we see for Office 365, which is updated monthly, and the free and open source Visual Studio Code, which also has monthly iterations. With this development process in place, one wonders why we'd bother with "Visual Studio 2019" at all; let's just have "Visual Studio" and keep on updating it forever.

Read 11 remaining paragraphs | Comments

Posted in C#, development, JavaScript, Mac, microsoft, Open Source, Python, Tech, typescript, visual studio | Comments (0)

Edge-on-Chromium approaches; build leaks, extensions page already live

March 25th, 2019

The Edge Insider extension.

The Edge Insider extension. (credit: Microsoft)

Microsoft's first public release of a Chromium-based version of its Edge browser is fast approaching. Microsoft has published an early version of its extension market for the new browser, and the Windows Store includes a new extension for Edge-on-Chromium. On top of all this, a build of the browser has leaked.

The new build confirms much of what we've seen before: the browser is a minimally changed rebranded version of Chrome, replacing integration with Google's accounts with integration with Microsoft's accounts. This integration is still at an early stage; bookmarks can be synced between systems, but history, passwords, open tabs, autocomplete information, and open tabs don't yet sync.

Google has multiple release channels for Chrome; beyond the Stable channel, there's a Beta channel previewing the next release, the Dev channel previewing the release after that, and the Canary channel, which provides nightly builds. Microsoft's new extension for Edge Insider appears to offer easy switching between channels, announcements, known issues, and asking users for focused testing on particular areas.

Read 4 remaining paragraphs | Comments

Posted in browsers, chrome, Chromium, EDGE, google, microsoft, Open Source, Tech, Web, Windows | Comments (0)