Google announced today that it is willing to dish out bug bounty cash rewards of up to $1.5 million if security researchers find and report bugs in the Android operating system that can also compromise its new Titan M security chip. From a report: Launched last year, the Titan M chip is currently part of Google Pixel 3 and Pixel 4 devices. It's a separate chip that's included in both phones and is dedicated solely to processing sensitive data and processes, like Verified Boot, on-device disk encryption, lock screen protections, secure transactions, and more. Google says that if researchers manage to find "a full chain remote code execution exploit with persistence" that also compromises data protected by Titan M, they are willing to pay up to $1 million to the bug hunter who finds it. If the exploit chain works against a preview version of the Android OS, the reward can go up to $1.5 million.

An anonymous reader quotes a report from Forbes: Denver-based PC manufacturer and Pop!_OS Linux developer System76 plans to follow-up its custom Thelio desktop PC with an in-house laptop beginning next year, according to founder and CEO Carl Richell. During a recent interview, Richell was quick to emphasize that the entire process of designing, prototyping and iterating the final product could take two to three years. But the company is eager to break into this market and put the same signature "stamp" on its laptop hardware that graces its custom-built Thelio desktop.

System76 sells an extensive lineup of laptops, but the machines are designed by the likes of Sager and Clevo. The company doesn't merely buy a chassis and slap Pop!_OS on it, but Richell tells me he's confident that with the experience gained from developing Thelio -- and the recent investment into a factory at the company's Denver headquarters -- System76 is capable of building a laptop from the ground up that meets market needs and carries a unique value proposition. Richell says the company's first priority is locking down the aesthetic of the laptop and how various materials look and feel. It will simultaneously begin working on the supply chain aspects and speaking with various display and component manufacturers. System76 will design and build a U-class laptop first (basically an Ultrabook form factor like the existing Darter and Galago) and then evaluate what it might do with higher-end gaming and workstation notebooks with dedicated graphics.

Android is built on top of the Linux kernel, but it has always used a heavily-modified version with changes from OEMs, chip manufacturers like Qualcomm and MediaTek, and Google. There have been efforts over the years to close the gap between the two kernels, but now Google is getting more serious about it. From a report: At this year's Linux Plumbers Conference, Google engineers held talks about the company's efforts to get Android as close as possible to the mainline Linux kernel. Not only would this reduce technical overhead for Google and other companies, because they would no longer have to merge thousands of changes into each new Linux kernel version (and Google would no longer have to support Linux kernel versions for six years), but it could also benefit the Linux project as a whole. For example, the growing number of ARM-based Linux phones and computers could see improved performance and battery life. The first stage of this process is merging as many of Android's modifications as possible back into the mainline Linux kernel.

As of Feburary 2018, the Android common kernel (which OEMs make additional changes to) has over 32,000 insertions and over 1,500 deletions compared to mainline Linux 4.14.0. That's an improvement from a few years ago, when Android added over 60,000 lines of code on top of Linux. To show off how much progress has been made, Tom Gall, the director of the Linaro Consumer Group, brought a Xiaomi Pocophone on stage that was running Android 10 on top of a mainline Linux kernel. He told the audience, "there are major, major props to be given to the Google Kernel Team in particular for getting their code upstream so that we can boot devices with a mainline kernel." It's likely that some of the phone's features were non-functional (the battery percentage in the picture reads as 0%), but it's still impressive.

Xiaomi today unveiled a new iteration of its virtual assistant Xiao Ai and shared a new feature of Android-based MIUI operating system as the publicly listed Chinese technology group pushes to expand its internet services ecosystem. From a report: At its annual Mi Developer conference in Beijing, the company said it is integrating an earthquake warning function into MIUI for select users in China, with plans to expand it nationwide soon. The integration, touted as the first of its kind globally, will enable alerts to be sent to smartphones running MIUI 11 and Mi TV "seconds to tens of seconds" before the quake waves arrive, Xiaomi said. The feature, which was first tested in September this year, has been developed in partnership with Institute of Care-life, a Chengdu-based organization focusing on natural disaster warning. Xiaomi said it has activated the feature for the earthquake-prone Sichuan Province and plans to expand it elsewhere in the nation soon. Wang Tun, head of the institute, said this function, unlike those available through apps in some countries, works more efficiently and does not rely on a working internet connection.

By Friday this week, Intel plans to remove old drivers and BIOS updates from its official website. From a report: "This download, BIOS Update [BLH6710H.86A] 0163, will no longer be available after November 22, 2019 and will not be supported with any additional functional, security, or other updates," reads a message posted to the download page of one of the impacted components. "Intel recommends that users of BIOS Update [BLH6710H.86A] 0163 uninstall and/or discontinue use as soon as possible," the message continues. The downloads are drivers and BIOS updates for Intel desktop components and motherboards the company released in the 90s and early-to-mid 2000s. Downloads for hundreds of components are believed to have been impacted, from motherboards to NIC cards and graphics cards. Most of the drivers are for Windows versions like 98, ME, XP, and older Windows Server editions -- old Windows OS versions that have themselves reached end-of-life (EOL) All components and motherboards reached (EOL) years ago, and Intel stopped delivering firmware updates as a result. Its website was merely hosting the older files for convenience.

In an interview about the 16-inch MacBook Pro, Apple senior vice president Phil Schiller made a direct attack on Chromebooks. When asked about the growth of Chrome OS in the education sector, Schiller attributes the success of Chromebooks to their being "cheap." He said: Kids who are really into learning and want to learn will have better success. It's not hard to understand why kids aren't engaged in a classroom without applying technology in a way that inspires them. You need to have these cutting-edge learning tools to help kids really achieve their best results. Yet Chromebooks don't do that. Chromebooks have gotten to the classroom because, frankly, they're cheap testing tools for required testing. If all you want to do is test kids, well, maybe a cheap notebook will do that. But they're not going to succeed.

Researchers at Intezer and IBM X-Force have detected an unconventional form of ransomware that's being deployed in targeted attacks against enterprise servers. They're calling it PureLocker because it's written in the PureBasic programming language. ZDNet reports: It's unusual for ransomware to be written in PureBasic, but it provides benefits to attackers because sometimes security vendors struggle to generate reliable detection signatures for malicious software written in this language. PureBasic is also transferable between Windows, Linux, and OS-X, meaning attackers can more easily target different platforms. "Targeting servers means the attackers are trying to hit their victims where it really hurts, especially databases which store the most critical information of the organization," Michael Kajiloti, security researcher at Intezer told ZDNet.

There's currently no figures on the number PureLocker victims, but Intezer and IBM X-Force have confirmed the ransomware campaign is active with the ransomware being offered to attackers 'as-a-service.' However, it's also believed than rather than being offered to anyone who wants it, the service is offered as a bespoke tool, only available to cyber criminal operations which can afford to pay a significant sum in the first place. The source code of PureLocker ransomware offers clues to its exclusive nature, as it contains strings from the 'more_eggs' backdoor malware. This malware is sold on the dark web by what researchers describe as a 'veteran' provider of malicious services. These tools have been used by some of the most prolific cyber criminal groups operating today, including Cobalt Gang and FIN6 -- and the ransomware shares code with previous campaigns by these hacking gangs. It indicates the PureLocker is designed for criminals who know what they're doing and know how to hit a large organization where it hurts.

Microsoft today started rolling out the free Windows 10 November 2019 Update. For those keeping track, this update is Windows 10 build 18363 and will bring Windows 10 to version 1909. From a report: The Windows 10 November 2019 Update (version 1909) is odd because it shares the same Cumulative Update packages as the Windows 10 May 2019 Update (version 1903). That means version 1909 will be delivered more quickly to version 1903 users -- it will install like a monthly security update. The build number will barely change: from build 18362 to build 18363. If two computers have the same servicing content, the build revision number should match: 18362.xxx and 18363.xxx. For developers, this means a new Windows SDK will not be issued in conjunction with this version of Windows (there aren't any new APIs).

Again, the Windows 10 November 2019 Update is not a typical release. It's a much smaller update, though it is still worth getting. Windows 10 version 1909 brings improvements to Windows containers, inking latency, and password recovery. User-facing features include letting third-party digital assistants to voice activate above the Lock screen, being able to create events straight from the Calendar flyout on the Taskbar, and displaying OneDrive content in the File Explorer search box. You may also notice some changes to notification management, better performance and reliability on certain CPUs, and battery life and power efficiency improvements.

An anonymous reader quotes ZDNet: The Russian Parliament is debating a bill that will force all electronic equipment sold in Russia — such as smartphones, computers, and smart TVs — to ship pre-installed with apps from Russian tech firms. According to lawmakers, "the bill will protect the interests of Russian Internet companies and will reduce the abuse by large foreign companies, working in the field of information technology."

If the bill is approved, the Russian government will publish a list of electronic devices that will need to comply with this new law. Smartphones, tablets, computers, servers, and smart TVs are expected to be on the list. Devices that don't run a complex OS or custom software will be exempt. The government will also publish, per each device type, a list of Russian software that equipment vendors will need to include on devices sold in Russia.

Slashdot reader dryriver writes: More and more professional 3D software like 3DMax, Maya, AutoCAD (Autodesk) and Substance Painter (Adobe) is now only available on a monthly or yearly subscription basis — you cannot buy any kind of perpetual license for these industry standard 3D tools anymore, cannot offline install or activate the tools, and the tools also phone home every few days over the internet to see whether you have "paid your rent". Stop paying your rent, and the software shuts down, leaving you unable to even look at any 3D project files you may have created with software.

This has caused so much frustration, concern and anxiety among 3D content creators that, increasingly, everybody is trying to replace their commercial 3D software with Open Source 3D tools. Thankfully, open source 3D tools have grown up nicely in recent years. Some of the most popular FOSS 3D tools are the complete 3D suite Blender, polygon modeling tool Wings 3D, polygon modeling tool Dust3D, CAD modeling tool FreeCAD, PBR texturing tool ArmorPaint, procedural materials generator Material Maker, image editing tool GIMP, painting tool Krita, vector illustration tool Inkscape and the 2D/3D game engine Godot Engine.

Along with these tools comes a beguiling possibility — while working with commercial 3D tools pretty much forced you to use Windows X in terms of OS choice in the past, all of the FOSS 3D tool alternatives have Linux versions. This means that for the first time, professional 3D users can give Windows a miss and work with Linux as their OS instead.
In a comment on the original submission, dryriver offers some anecdotal evidence: Go on any major 3D software forum on the Internet and it is filled with enraged 3D users revolting against forced software subscriptions and threatening to switch to FOSS Blender as soon as possible.

Some major 3D animation studios are also working Blender into their CGI pipeline. Companies like EPIC and Nvidia have begun donating to the Blender foundation. Its happening. The move away from commercial closed source tools - which are expensive, stagnant and don't offer you permanent licenses anymore - is in full swing. The fact that Blender has an innovative GPU accelerated realtime render engine called EEVEE that none of the commercial software has has only accelerated this trend.

Blender is widely believed to have 2 - 3 million active users already, and the fact that V 2.80 comes with a much more usable UI is only accelerating things.

Freshly Exhumed shares a report from Securelist: Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of a sequence of dropping, downloading and installing stages. The malware hides at every step by mimicking common software (protection related, sound drivers software, DVD video creation tools).

The Titanium APT has a very complicated infiltration scheme. It involves numerous steps and requires good coordination between all of them. In addition, none of the files in the file system can be detected as malicious due to the use of encryption and fileless technologies. One other feature that makes detection harder is the mimicking of well-known software. One of the methods Titanium uses to infect its targets and spread is via a local intranet that has already been compromised with malware. Another is via an SFX archive containing a Windows task installation script. A third is shellcode that gets injected into the winlogon.exe process (it's still unknown how this happens).

Bill Gates has revealed that he thinks everyone would be using Windows Mobile right now if Microsoft hadn't have been caught up in a US Justice Department antitrust investigation. From a report: Speaking at The New York Times' DealBook Conference earlier this week, Gates revealed his thoughts on Microsoft's mobile mistakes. "There's no doubt that the antitrust lawsuit was bad for Microsoft, and we would have been more focused on creating the phone operating system and so instead of using Android today you would be using Windows Mobile," claimed Gates. "If it hadn't been for the antitrust case... we were so close, I was just too distracted. I screwed that up because of the distraction."

Microsoft's messy move from Windows Mobile to Windows Phone allowed Android to thrive, but at the time the company had the biggest opportunity in mobile and gave it away. Gates also revealed that Microsoft also missed the opportunity to launch Windows Mobile on a key Motorola handset. "We were just three months too late on a release Motorola would have used on a phone, so yes it's a winner takes all game," explained Gates. "Now nobody here has ever heard of Windows Mobile, but oh well. That's a few hundred billion here or there."

The latest version of Chrome OS, version 78, adds separate browser and device settings, click-to-call, and picture-in-picture support for YouTube. It also introduces virtual desktop support for the operating system with a feature called Virtual Desks. 9to5Google reports: Chrome is getting another cross-device sharing feature after "Send this page" widely rolled in September. With "click-to-call," you can right-click on phone number links -- like tel:800-800-8000 -- to have them sent to your Android device. It's quicker than manually entering those digits or transferring via email. Chrome OS 78 will separate browser and device settings. The former is accessible directly at chrome://settings and what opens when clicking "Settings" at the bottom of the Overflow menu in the top-right corner of any browser window. It opens as a tab and provides web-related preferences. Meanwhile, chrome://os-settings opens as its own window, and can be accessed from the quick settings sheet. It provides device options like Wi-Fi, Bluetooth, and Assistant in a white Material Theme UI with an icon in the launcher/app shelf.

YouTube for Android now supports picture-in-picture with Chrome OS 78. After starting a video in the mobile client, switching to another window, covering, or minimizing the app will automatically open a PiP in the bottom-right corner. Available controls include switching to audio, play/pause, and skipping to the next track. In the top-left, you can expand the window and a settings gear on the other side allows you to open system settings. Tapping in the center expands and returns you to the YouTube Android app. Chrome OS 78 simplifies the printing experience by automatically listing compatible printers without any prior setup required. There are also a number of Linux on Chrome OS enhancements in this version:

- Backups of Linux apps and files can now be saved to local storage, external drive, or Google Drive. That copy can be then restored when setting up a new computer.
- Crostini GPU support will be enabled by default for a "crisp, lower-latency experience."
- You'll be warned when using a Linux app that does not support virtual keyboard in tablet mode.

Google has confirmed to The Verge that it will release "one final software update" next month for the original Google Pixel and Pixel XL. From the report: As of yesterday, it looked like the original Pixel was done getting updates, as Google released its November security update for most Pixel phones, but nothing for the Pixel or Pixel XL. Google tells The Verge that the Pixels won't get that November update, but it says December's "encapsulates a variety of updates" from the November and December updates that were issued for other Pixels.

It wasn't too surprising to see that Google's original Pixels didn't get yesterday's update. When Google announced the phones in 2016, the company said they would get two years of guaranteed Android version updates and three years of security updates, which is also reflected on Google's support page. That said, Google surprised Pixel owners earlier this year by letting them run Android 10, which is one more year of Android than Google originally promised, and now, they have one final update to look forward to as well.

Xiaomi, which competes with Apple for the top position in the wearable market, today made the competition a little more interesting. The Chinese electronics giant has launched its first smartwatch called the Mi Watch that looks strikingly similar to the Apple Watch in its home market. From a report: The Mi Watch, like the Apple Watch, has a square body with a crown and a button. It sports a 1.78-inch AMOLED display (326 ppi) that offers the always-on capability and runs MIUI for Watch, the company's homegrown wearable operating system based on Google's Wear OS. Inside the metal housing -- aluminum alloy with a matte finish -- are microphones on two sides for recording audio and taking calls, and a loudspeaker on the left to listen to music or incoming calls. The Mi Watch, which comes in one size -- 44mm -- has a ceramic back, which is where the charging pins and a heart rate sensor are also placed. The Mi Watch is powered by Qualcomm's Snapdragon Wear 3100 4G chipset with four Cortex A7 cores clocked at 1.2GHz, coupled with 1GB of RAM and 8GB storage. The company says its first smartwatch supports cellular connectivity (through an eSIM), Wi-Fi, GPS, Bluetooth, and NFC for payments. The Mi Watch should last for 36 hours on a single charge on cellular mode, the company claimed. The Mi Watch is priced at CNY 1,299 ($185) and will go on sale in the country next week.

An anonymous reader quotes a report from ZDNet: Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming. NFC beaming works via an internal Android OS service known as Android Beam. This service allows an Android device to send data such as images, files, videos, or even apps, to another nearby device using NFC (Near-Field Communication) radio waves, as an alternative to WiFi or Bluetooth. Typically, apps (APK files) sent via NFC beaming are stored on disk and a notification is shown on screen. The notification asks the device owner if he wants to allow the NFC service to install an app from an unknown source. But, in January this year, a security researcher named Y. Shafranovich discovered that apps sent via NFC beaming on Android 8 (Oreo) or later versions would not show this prompt. Instead, the notification would allow the user to install the app with one tap, without any security warning.

The CVE-2019-2114 bug resided in the fact that the Android Beam app was also whitelisted, receiving the same level of trust as the official Play Store app. Google said this wasn't meant to happen, as the Android Beam service was never meant as a way to install applications, but merely as a way to transfer data from device to device. The October 2019 Android patches removed the Android Beam service from the OS whitelist of trusted sources. However, many millions of users remain at risk. If users have the NFC service and the Android Beam service enabled, a nearby attacker could plant malware (malicious apps) on their phones. Since most newly-sold devices have the NFC feature enabled by default, you'll have to disable Android Beam and NFC or update your phone to receive the October 2019 security updates if you want to protect yourself from this bug.

David Ruddock of AndroidPolice technology blog tries to make sense of last week's $2.1 billion acquisition of Fitbit by Google. He argues that Fitbit's offerings -- hardware, software, engineering talent, or even patent wall -- can't save Google's wearable operating system Wear OS. From his column: Hardware is what Google is after, with a blog post cleatly stating its acquisition of Fitbit is about future Wear OS devices, meaning you can probably kiss Fitbit's unloved smartwatch OS goodbye. So, that means we can count on Google leveraging Fitbit's renowned hardware to finally give Wear OS the horsepower and capabilities it needs to compete with Apple, right? Well, no. Fitbit's smartwatches have been most lauded for their long battery life, which has historically been enabled by extremely slow but highly power-efficient processors. The Versa 2 allegedly comes with significant performance improvements, but as a smartwatch, it just isn't very... smart. Michael Fisher points out in his review that the Versa 2's near week-long life on a single charge is only impressive when looked at in a very generous light. The Versa 2 doesn't have GPS, the battery only lasts that long when not using the always-on display (with AoD, it's closer to 3 days), the watch itself doesn't work for almost anything but fitness tracking on its own, and most of your interactions with it end up happening on your smartphone anyway. I can also tell you from experience that the Apple Watch Series 5 lasts about two days on a charge with the always-on display enabled (and Samsung's watches last even longer), so Fitbit managing a day more which a much less useful watch isn't exactly game-changing technology.

In short, Fitbit's products are not ones Google should be excited about buying. The hardware is nothing special, and the software is clearly going in the dumpster. What has Google bought, then? The sad, very practical truth is probably patents and engineers. Fitbit does develop at least some of its hardware in-house, and likely has a decent number of patents related to fitness tracking and basic wearable technology, including those stemming from its acquisition of Pebble. Its product engineers would receive resources and tools at Google that Fitbit may not have afforded them. In short: Google's purchase is almost certainly a speculative one. Google is hoping that Fitbit's technology portfolio and its engineering talent can create a better, faster, stronger Wear OS watch. That isn't the kind of acquisition that screams "our product is successful," it's one that looks far more like a Hail Mary from a company that is rapidly losing any hope of remaining relevant in the wearables space. A more cynical view of Google's acquisition might argue that this is more about Fitbit's brand and users than anything else. If Google simply markets its in-house smartwatches as Fitbits running Wear OS, it would be more able to tap into Fitbit's existing customer base and retail relationships. Customer base is something Wear OS is sorely missing at the moment, and Fitbit is a brand that many consumers recognize, albeit mostly for the company's "dumb" fitness trackers, not its smartwatches. Speaking of, given Google's focus on Wear OS as part of this acquisition, my guess is that those more popular but very basic trackers will be discontinued.

Google announced this morning that it has entered an agreement to buy Fitbit for $2.1 billion. In a blog post, Google's Senior Vice President of Devices & Services, Rick Osterloh, said the company sees "an opportunity to invest even more in Wear OS as well as introduce Made by Google wearable devices into the market." He added, "Fitbit has been a true pioneer in the industry and has created engaging products, experiences and a vibrant community of users. By working closely with Fitbit's team of experts, and bringing together the best AI, software and hardware, we can help spur innovation in wearables and build products to benefit even more people around the world." From a report: Google's Wear OS wearable platform has been in something of a rut for the last few years. The company introduced the Android Wear to Wear OS rebrand in 2018 to revitalize its branding/image, but the hardware offerings have still been pretty ho-hum. Third-party watches like the Fossil Gen 5 have proven to be quite good, but without a proper "Made by Google" smartwatch and other major players, such as Samsung, ignoring the platform, it's been left to just sort of exist.

Fedora 31 has just rolled out the door. From a report: Is it an exciting release? No, not really. Sure, enthusiasts will find themselves thrilled withe inclusion of the GNOME 3.34 desktop environment (with Qt Wayland by default), Linux 5.3 kernel, and Mesa 9.2, but otherwise, it is fairly boring. You know what? That's not a bad thing. In 2019, Fedora is simply a mature and stable operating system that only needs to follow an evolutionary path at this time -- not revolutionary. It stands alone as the world's best desktop Linux distribution. "Fedora 31 Workstation provides new tools and features for general users as well as developers with the inclusion of GNOME 3.34. GNOME 3.34 brings significant performance enhancements which will be especially noticeable on lower-powered hardware. Fedora 31 Workstation also expands the default uses of Wayland, including allowing Firefox to run natively on Wayland under GNOME instead of the XWayland backend as with prior releases," says The Fedora Project.

Apple has released iOS 13.2 today, bringing over 60 new emoji, new Siri privacy settings, and Apple's new Deep Fusion camera technology. 9to5Mac reports: There are over 60 new emoji and emoji variations in iOS 13.2. Apple first previewed these emoji over the summer, and they are now available for everyone. In total, the new 2019 emoji set includes 59 new characters that make up for 75 total variations when gender options are taken into account, and 230 options when skin tone options are included. iOS 13.2 also includes the Announce Messages with Siri feature that was originally meant for iOS 13. This feature allows Siri to read messages back to you when connected to AirPods or other headphones with Apple's H1 chip.

Perhaps most notably, especially for iPhone 11 users, iOS 13.2 includes Apple's new Deep Fusion camera technology. Deep Fusion is Apple's new image processing technology that works in the background to improve image quality for iPhone 11 and iPhone 11 Pro users. iOS 13.2 also includes new Siri privacy settings that allow you to opt in or opt out of sharing your Siri interactions with Apple. You'll see a new splash screen the first time you boot into iOS 13.2 asking your preference. Last but not least, iOS 13.2 also includes support for the just-announced AirPods Pro. This includes settings for Transparency and Active Noise Cancellation modes.