Maybe Wait on Fall Creator’s Update?

The new Windows 10 Fall Update is on the way! Maybe you should not be “cutting edge” and install it immediately! It might be worth waiting to let things shake out.

Windows 10 Fall Creators Update: New features to try, but don’t rush to install it

ZDNet – By: Ed Bott – “After a little more than two years, Microsoft has finally settled into a rhythm with its new, fast-paced development cadence for Windows 10.

What Microsoft’s marketers are calling the Fall Creators Update (officially version 1709) begins arriving on desktop PCs today via Windows Update and will soon be available for download at all the usual places.

The final build number for this release is 16299.

This is the fourth feature update to Windows 10 in a little over two years. And that pace will continue, with new feature updates (essentially full upgrades) due on a predictable twice-yearly cadence going forward.

As with previous feature updates, there are no last-minute surprises in this update. It’s been developed in the open, with dozens of preview releases to members of the Windows Insider Program. For those who haven’t been paying close attention, though, this article should get you up to speed quickly.

More importantly, it means you have to decide whether to allow the upgrade to happen on Microsoft’s schedule or to take charge of the upgrade timing yourself. IT pros responsible for managing a fleet of Windows 10 PCs can use group policy settings to temporarily delay the Fall Creators Update for up to 18 months; individual Windows 10 users have simpler options in the user interface. In either case, it’s crucial to act now.

In Microsoft’s arcane language, today’s release goes to the Semi-Annual Channel for deployment to targeted consumer devices; it will be declared ready for broad deployment to business PCs after several months of cumulative updates and feedback. (Those “targeted” and “broad deployment” milestones replace the previous Current Branch and Current Branch for Business concepts.)

For most business PCs, the correct option is to defer upgrades for at least a few months, while testing the new release on a limited number of pilot devices to identify compatibility issues with existing applications and hardware.

WHAT’S NEW
The new and changed features in this release encompass a wide array of user scenarios, including a healthy assortment aimed at IT pros and developers.

One of the most important benefits of the twice-annual feature update schedule is that it allows Windows developers to incrementally improve features that previously would have languished for years between major releases. In this feature update, for example, you’ll find the following small but meaningful usability tweaks:

Every Wi-Fi connection now has a prominent option to configure whether it’s part of a public or private network, as shown here. In previous versions, that option was difficult to locate.

Setting a wireless network connection as public or private is easier in this release.

Similarly, the venerable Task Manager has several small improvements, including options that allow you to track GPU activity on a per-application basis and more convenient grouping of related processes. This release also incorporates changes designed to improve the experience of running Windows on high-DPI displays; built-in utilities like Registry Editor and Snipping Tool are no longer blurry when moving between multiple displays running at different scaling factors..

The Power Throttling feature makes its debut in this release, offering a simple slider-based option that lets you tune Windows 10 for better battery life or better performance.

The built-in Windows 10 apps also include major improvements in this release. I’ll have a more detailed look at them in a follow-up post.

THE USER EXPERIENCE
After a few gyrations in the first year, the basic design of the Windows 10 Start experience has remained consistent. This build is the first to incorporate elements of Microsoft’s new Fluent Design, which adds subtle performance and usability improvements, including easier resizing and smoother transitions.

Action Center, which hosts notifications on the right side of the screen, also gets Fluent Design features (most noticeable when you have transparency turned on) and is redesigned to make it easier to deal with notifications.

Cortana’s settings, which used to be available only from within the Cortana app, are now integrated into Settings. And in a cool design change, Cortana now displays answers in a flyout from the Start menu. That also includes results from web searches (powered by Bing only), which means you don’t have to open a browser to do a search.

Cortana now makes full use of the space to the right of Start.

These advanced controls for peer-based updates are new in version 1709.

Windows Update has also evolved significantly in the two years since Windows 10’s initial release. When new updates are available, you’ll see an interactive toast notification that doesn’t interrupt whatever you’re doing now. In addition, the Windows Update display now offers detailed information about the status of individual updates, so you don’t have to wonder whether anything’s happening in the background.

The Delivery Optimization feature, which uses peer-to-peer networking to improve download performance of updates for Windows and Store apps, gets a much-needed set of advanced options that allow you to fine-tune the amount of bandwidth it’s allowed to use and also limit the total uploads on a monthly basis.

One of my favorite classic Windows features, Volume Mixer, has finally been updated to include Universal Windows Platform (UWP) apps, including Microsoft Edge and Groove Music. This option, accessible by right-clicking the speaker icon in the taskbar, lets you set the volume of each app independently without affecting the overall system volume.

UWP apps finally work with the Volume Mixer feature.

Another minor but welcome change is the addition of GPU performance information in Task Manager for systems with a discrete GPU.

The My People feature, which lets you pin icons for frequent correspondents to the taskbar, looks like a gimmick at first but in my experience has become incredibly useful. If you connect mail, calendar, and messaging accounts, it can show appointments, email messages, Skype conversations, and contact details in a scrolling window that’s available with a single click.

SETTINGS IMPROVEMENTS
The migration of Windows knobs and levers from Control Panel to the modern Settings app continues with this update. Here are a few noteworthy changes:

Settings > System > About has been reorganized and streamlined. Previously, the information displayed here was in a single long, scrolling list. The new arrangement organizes the information into three blocks, covering system health, device information, and Windows details.

Remote Desktop settings, which were scattered in several locations in earlier versions, now get a single home: Settings > System > Remote Desktop.

Remote Desktop options are now available in Windows 10 Settings.

The incredibly useful Magnifier tool, which eases eyestrain by allowing you to zoom in on text and objects, also gets its own top-level category in Settings > Ease Of Use.

SECURITY
The long list of improvements to the security architecture of Windows 10 starts with a momentous change. The horribly insecure SMBv1 protocol is being removed from clean installs of Windows 10. (The SMBv1 components will continue to be included on upgrades where they are already installed.)

Home and Professional editions have the SMBv1 server component uninstalled but keep the client software; Enterprise and Education editions have all SMBv1 components uninstalled.

As a side effect of that change, the legacy Computer Browser service is also being removed.

The Windows Defender Security Center, which was introduced in an earlier feature update, has two major additions. The first is Exploit Protection, which offers many of the mitigations that were previously part of the separate Enhanced Mitigation Experience Toolkit (EMET).

Most of the settings previously found in EMET are now here.

The Fall Creators Update also debuts an anti-ransomware feature called Controlled Folder Access, which is also available through the Windows Defender Security Center, under Virus & Threat Protection Settings. When this feature is enabled, only approved apps can access Windows system files and data folders. (You can customize the list of data folders and whitelist specific apps, using the instructions in this online documentation: Protect important folders with Controlled folder access.)

Finally, there’s Windows Defender Application Guard, a security feature that uses Hyper-V virtualization to create sandboxed browser sessions using Microsoft Edge. For now, this feature is available only in Windows 10 Enterprise edition.

HYPER-V
One of the single most useful features in the Professional and Enterprise editions of Windows 10 is Hyper-V. This extremely robust virtualization platform gets more than its share of attention in this release.

A new Virtual Machine Gallery should make it easier for task-focused users to create useful virtual machines without having to wade through a long series of technical settings. Currently, this gallery includes a preconfigured development environment running an evaluation version of Windows 10 Enterprise.

This one-click option to create a virtual machine is new in version 1709.

After you create a virtual machine, you can export it more easily as well, by clicking the new Share button and compressing its pieces into a .vmcz file that can be imported on another Hyper-V capable PC.

In a change of default settings, checkpoints are now on, allowing you to roll back any VM even if you forgot to create a checkpoint manually.

A new advanced feature worth noting is the addition of virtual battery support in Hyper-V. When this feature is enabled on a VM running on a battery-powered device, you can see your physical machine’s battery state inside a VM.

SMARTER STORAGE
It took much longer than it should have, but the OneDrive Files on Demand feature is now built into Windows. The settings take some getting used to (I’ll publish a tutorial later) but the results are worth it, with a much better way to work with large amounts of cloud storage on devices with minimal local storage.

fall-creators-update-onedrive-files-on-demand.jpg
Click the OneDrive icon to see whether File On Demand is enabled.

For those who use either the consumer version of OneDrive or the Office 365 OneDrive for Business feature, this is probably the single most important new feature in Windows 10.

Another unheralded feature in Windows 10 also gets some improvements in the Fall Creators Update. Storage Sense, which is designed to manage storage intelligently, has a new design and a few new settings.

You can now delete previous versions of Windows directly from Storage Sense instead of having to go to the legacy Disk Cleanup Manager utility.

In addition, you can now opt to automatically delete files that have been in your Downloads folder for 30 days without changes. This and other options are available in Settings > System > Storage > Change how we free up space.

EDGE’S INCREMENTAL EVOLUTION
Microsoft Edge, the default browser in Windows 10, is still unlikely to win over most Chrome users, but it’s steadily improving.

WINDOWS 10

With Surface Book 2, Microsoft shows off its vision of the PC’s future
New features galore, but don’t rush to install it
Five promised features that are missing (TechRepublic)
How Microsoft is thinking differently about hardware and software
How to download Fall Creators Update right now (CNET)
Setup and configuration tips: Don’t settle for default settings
Surface Book 2: Specs, pricing, availability
The biggest change in this update is a vastly improved interface for managing saved Favorites. You can now rename Favorites, edit their URLs, and work with folders directly without having to switch to a special editing mode. (The Edge design team must have been reading the comments on the Creators Update installment in this series.)

The ability to pin sites to the Windows taskbar, previously available in Windows 8, is back, but the implementation is frustratingly incomplete and will disappoint anyone who previously relied on this feature.

Microsoft is also determined to turn Edge into something more than just a web browser, as it’s beefed up PDF reading capabilities and added annotations form filling for PDF files. In addition, you can now add notes and annotations for digital books that you read in Edge.

ALTERNATIVE INPUT METHODS
One of the major selling points of Windows 10 devices (led by Microsoft’s own Surface line) is support for input from sources other than traditional keyboards and pointing devices.

Windows 10 already had some of the best handwriting input tools available on any platform, and this update adds some noteworthy improvements that are worth experimenting with if your PC includes a pen. In addition, Microsoft has improved the design of the touch keyboard to make it easier to use.

But the real news, and probably the single most important feature of this update, is the ability to enter emoji directly into a text box.

OK, I was kidding about this being the most important feature, but it certainly makes using Windows more fun. Press Windows key + period (or semicolon) to pop up an emoji box like the one shown here. Although it’s not immediately obvious, you can also begin typing a word to search for a particular emoji based on that term.

This pop-up emoji picker is available with a press of Windows key semicolon.

For those who’ve been part of the Windows Insider Program and have been following these builds, what are you looking forward to most?

PREVIOUS AND RELATED COVERAGE
Microsoft turns Windows 10 Fall Creators Update focus to ‘stabilization’ as of Build 16273

Microsoft’s latest Windows 10 Fall Creators Update Update test build, No. 16273, is almost entirely about bug fixes, as it closes in on ‘release to the world’ (RTW).

Here’s what you need to know before you repair, reinstall, or upgrade Windows 10, including details about activation and product keys.

Two years after its splashy debut, Windows 10 is now running on more than 500 million PCs worldwide. Was the upgrade worth it? Here’s my report card.

The Creators Update is heading to pretty much every PC, and many mobiles, that run Windows 10. However, the extent to which it matters depends on your priorities.”

Botnet Network Can Now Grab Your Desktop Screen

The security issues just keep coming!

This ransomware-spreading botnet will now screengrab your desktop too

ZDNet – Danny Palmer – “Attackers behind one of the world’s most notorious botnets have added another string to their bow, allowing them to take screenshots of the desktops of victims infected with malware.

Having previously been inactive for much of the first half of the year, the Necurs botnet has recently undergone a resurgence, distributing millions of malicious emails – large swathes of which have most recently been spreading Locky ransomware.

It’s also been known to deliver the Trickbot banking trojan, indicating the attackers behind it have their fingers in many pies.

But not happy with just that, wow those behind Necurs – a zombie army of over five million hacked devices – are also attaching a downloader with the functionality to gather telemetery from infected victims.

Uncovered by researchers at Symantec, the Necurs downloader can take screengrabs of infected machines and send them back to a remote server. It also contains an error-reporting feature which sends information back to the attackers on any issues the downloader encounters when performing its activities.

This functionality suggests the attackers are actively attempting to gather operational intelligence about the performance of their campaigns in much the same way legitimate software vendors collect crash reports in order to improve their products. However, in this case, the reports are designed to help the attackers spot problems and improve the chances of the malicious payload doing its job.

‘After all, you can’t count on the victims to report back errors and issues,’ note the researchers.

See also: What is phishing? How to protect yourself from scam emails and more

Like other Necurs campaigns, these attacks begin with a phishing email – this time using the lure of a phony invoice. If this attachment is opened, it’ll download a JavaScript which will in turn download a Locky or Trickbot payload, depending on the particular campaign.

Once loaded onto the system, the downloader also runs a PowerShell script that takes a screen grab and saves it to a file named ‘generalpd.jpg’ which is saved and uploaded to a remote server for further analysis by the attackers.

The last month or so has seen Necurs more active than at any point this year, with a high focus on distributing Locky, to such an extent that it’s almost reclaimed its crown as the king of ransomware.

In order to remain as protected as possible against threats distributed by the Necurs botnet, Symantec recommends security software, operating systems and other applications are always kept up to date and to be extremely suspicious of unsolicited emails – especially if they contain links or attachments.”

GoDaddy Securi Web Firewall Hacked!

Man! I use Securi on my sites too! Ack!

This bug let a researcher bypass GoDaddy’s site security tool

ZDNet – By: Zack Whittaker – “A widely used security tool owned by web hosting provider GoDaddy, designed to prevent websites from being hacked, was easily bypassed, putting websites at risk of data theft.

The company’s website application firewall (WAF), provided by Sucuri and acquired by GoDaddy earlier this year, protects websites against a range of attacks by adding an extra layer of security to a website to protect against cross-site scripting and SQL injection techniques.

But a security researcher told ZDNet that the firewall would let through some commands, allowing him to gain access to vulnerable databases behind the scenes. That, he said, put sites at risk of data theft.

Touseef Gul was able to bypass the firewall with a relatively simple SQL injection string, which he showed to ZDNet but we’re not publishing. SQL injection attacks can be launched from the web browser’s address bar. If the attack is successful it will display a list of database tables on the website itself. Where he was expecting to receive an ‘access denied’ message, the firewall let the command through and returned a list of tables from the target website’s database. He was also able to obtain the database’s admin account and MD5 hashed password, which nowadays is easily crackable.

What surprised the researcher, he said, was how easy the firewall was to bypass.

He gave an example of part of the code he used. He said that while the firewall would block a common command used in SQL injections, such as ‘UNION SELECT,’ a modified, encoded version of the same command — such as ‘UNION SELE%63T’ (where %63 is an encoded ‘C’) — was not blocked by the filter.

For its part, GoDaddy said it patched the bug within a day of the security researcher’s private disclosure to the company.

‘In reviewing this situation, it appears someone was able to find a vulnerable website and manipulate their requests to temporarily bypass our WAF,’ said Daniel Cid, GoDaddy’s vice-president of engineering.

‘Within less than a day, our systems were able to pick up this attempt and put a stop to it,’ he said.

Cid said the company is ‘not aware of other customers’ impacted by the bypass, but wouldn’t say how many websites were at risk of the bypass technique.

Lesley Carhart, a digital forensics and incident response specialist, explained that web application firewalls mimic the behavior of antivirus products rather than a traditional firewall.

‘In a lot of ways web attacks are way harder to firewall than traffic in and out of a network,’ said Carhart. ‘You can deny almost everything at a network firewall or host firewall.’

‘Web traffic filtering relies more on blacklisting bad stuff using signatures than whitelisting slews of unneeded ports and protocols like traditional firewalls,’ she added.

Web application firewalls block attacks on sites running web applications that are already vulnerable to attacks, like out-of-date content management systems, like WordPress or Joomla, she explained.”

‘In principle, it’s a great move to add another layer of defense to sites, but it should never be mistaken for or implied to be a replacement for secure coding,’ she said.”

Google Further Secures Chrome on Windows!

This is GREAT NEWS!

Google just added these antivirus features to Chrome for Windows

ZDNet – By: Liam Tung – “Google has introduced three changes to Chrome for Windows to improve the browser’s malware detection and removal capabilities.

The company is targeting malware and malicious extensions that modify search results to redirect users to unintended pages, inject ads, and lock users on ad-filled sites.

The new security features for Chrome on Windows are an addition to existing defenses, such as Safe Browsing warnings for pages known to deliver malware.

Google is now clamping down on Chrome extensions that change user settings, such as the default search engine. The browser will automatically detect when an unauthorized change is made and offers to restore the original settings.

It has also redesigned Chrome’s Cleanup feature which offers a shortcut to restoring the browser’s default settings after an infection. It shows an alert when the browser detects unwanted software and offers a way to remove it. Chrome users have previously been able to use the standalone Chrome Cleanup Tool to remove harmful software. Google says it redesigned the alerts to make it easier to see what software will be removed.

Chrome Cleanup has also gained a malware detection engine from antivirus firm ESET, which works in tandem with Chrome’s sandbox technology.

This integration of the new ‘sandboxed engine’ doesn’t replace antivirus on Windows as it only targets and removes software that violates Google’s unwanted software policy. However the policy covers a variety of bad behaviors, from deceptive installs to spyware. It also mean that Chrome can detect and remove more unwanted software than previously.

Google estimates the new security features will help ‘tens of millions’ of Chrome users clear up security problems in the next few days.”

This is Bad! Wifi Has Been Compromised!

Stay tuned on this one!

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Ars Technica – Dan Gooden = “An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that’s scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that’s used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it’s resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.

A Github page belonging to one of the researchers and a separate placeholder website for the vulnerability used the following tags:

WPA2
KRACK
key reinstallation
security protocols
network security, attacks
nonce reuse
handshake
packet number
initialization vector

Researchers briefed on the vulnerabilities said they are indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. One researcher told Ars that Aruba and Ubiquiti, which sell wireless access points to large corporations and government organizations, already have updates available to patch or mitigate the vulnerabilities.

The vulnerabilities are scheduled to be formally presented in a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 scheduled for November 1 at the ACM Conference on Computer and Communications Security in Dallas. It’s believed that Monday’s disclosure will be made through the site krackattacks.com. The researchers presenting the talk are Mathy Vanhoef and Frank Piessens of KU Leuven and imec-DistriNet, Maliheh Shirvanian and Nitesh Saxena of the University of Alabama at Birmingham, Yong Li of Huawei Technologies in Düsseldorf, Germany, and Sven Schäge of Ruhr-Universität Bochum in Germany. The researchers presented this related research in August at the Black Hat Security Conference in Las Vegas.

The vast majority of existing access points aren’t likely to be patched quickly, and some may not be patched at all. If initial reports are accurate that encryption bypass exploits are easy and reliable in the WPA2 protocol, it’s likely attackers will be able to eavesdrop on nearby Wi-Fi traffic as it passes between computers and access points. It might also mean it’s possible to forge Dynamic Host Configuration Protocol settings, opening the door to hacks involving users’ domain name service.

It wasn’t possible to confirm the details reported in the CERT advisory or to assess the severity at the time this post was going live. If eavesdropping or hijacking scenarios turn out to be easy to pull off, people should avoid using Wi-Fi whenever possible until a patch or mitigation is in place. When Wi-Fi is the only connection option, people should use HTTPS, STARTTLS, Secure Shell and other reliable protocols to encrypt Web and e-mail traffic as it passes between computers and access points. As a fall-back users should consider using a virtual private network as an added safety measure, but users are reminded to choose their VPN providers carefully, since many services can’t be trusted to make users more secure. This post will be updated as more information becomes available.”

Now You Can Read a Kindle in the Tub?

If you want to…

Amazon finally makes a waterproof Kindle, after 10 years of Kindles

The Verge – By: Lauren Goode – “Amazon has been selling Kindles for 10 years now, but “waterproof” hasn’t appear on its list of incremental technological advancements until now. The company just announced a new version of its popular e-reader that builds on last year’s Kindle design and now has an IPX8 waterproof rating.

The new Kindle Oasis — the same name as last year’s premium Kindle — has jumped up in size, moving from a 6-inch screen to a 7-inch screen. It has an aluminum back, which gives it a more premium look and feel than the Kindles with soft-touch plastic.

Unlike last year’s Kindle Oasis, which used a magnetic case you attached to the e-reader to extend its battery life, the new Oasis relies entirely on its built-in battery. It has a similar physical design, with one thicker side that tapers down on the other side, for one-handed reading. But Amazon has made a point of saying that it managed to fit in a bigger battery, while keeping the tapered side of the device at 3.4 millimeters.

The resolution of the e-paper display is the same at 300 ppi, but it has a couple extra LED lights now for a brighter, more even-looking display. And it also has ambient light sensors that adjust the brightness as you move from room to room, or from outdoors to indoors. (The earlier Voyage Kindle does this, too.)

There are physical page-turn buttons, plus the touchscreen page-turn option; Amazon says it’s worked on both the hardware and software side of things to make page-turning feel faster.

But the big news with the upgraded Oasis is its waterproofing, a long-requested feature from some Kindle fans. (Yes, last year’s model was called Oasis and wasn’t waterproofed.) The new e-reader has been tested in two meters of water for up to 60 minutes. It’s also been tested in different water environments, like hot tubs, pools, and bubble baths. Amazon declined to say how it waterproofed the Kindle, but since it still has an open USB port for charging, it’s recommending that people stand the Kindle upright after it’s been submerged.

The proof is in the pouring: the Oasis’ waterproofing gets a quick test. Audible fans will be happy, as well: the new Oasis has a built-in Audible app. This doesn’t mean you can listen to Audible from the Kindle itself — it still doesn’t have any speakers — but you can start an audio book from the device and stream it over Bluetooth to a set of headphones or a speaker.

The new Oasis ships at the end of October and is replacing last year’s Oasis, leaving four Kindles total in Amazon’s lineup: the original Kindle ($80), the Kindle Paperwhite ($120), Kindle Voyage ($200), and the Oasis, which starts at $250 for an 8GB model. That’s double the base storage of previous Kindles, which Amazon says is to accommodate the storage of audio books. It also connects over both Wi-Fi and 4G LTE.

Amazon has been notoriously coy when it comes to saying how many units of Kindle it has sold — which was the first piece of hardware Amazon ever made and sold — but Kevin Keith, Amazon’s general manager of devices, said in an interview that sales are still “quite good,” with “tens of millions” sold. He also noted that Kindle is in more countries than any other Amazon device.

‘Kindle’ has indeed become synonymous with ‘e-reader’ over the past decade, but that doesn’t necessarily mean Amazon will enjoy the same kind of Kindle success over the next 10 years. In 2016, data showed that ebook sales were down, while sales of physical books surged. And in 2015, a Pew research report on American device ownership showed that e-reader ownership was down significantly from the year prior. According to non-Amazon data, it seems to have reached its peak in 2011.

But a spokesperson for Amazon said that Kindle is still as ‘relevant as ever,’ pointing out that Kindle sales are up year-over-year globally and that it had its best-selling day ever on Prime Day of this year.

For now, at least, there’s a new Kindle you can drop in the bath, the hot tub, or wherever else you enjoy your ebooks when you need a break from the internet.

Update: This article has been updated to include more context on Kindle sales from Amazon. Also, the price of the new Kindle was reported incorrectly in an earlier version of this article. The story has been updated to reflect that it is listed as $249.99 ($250), not $248.”

A Good Deal for Classic Gamers!

Nintendo Classic NES

It’s baaack!

Nintendo bringing back NES Classic Edition in 2018

Polygon – by: Michael McWhertor – “Nintendo’s NES Classic Edition mini console is coming back. Nintendo said in a release today that last year’s popular but hard to find miniature version of the Nintendo Entertainment System will return to store shelves next summer.

New shipments of the NES Classic Edition will be welcome news for fans, as Nintendo released the console in limited supply for a very short window. That was always the plan, Nintendo said, but clearly continued demand for the 8-bit system has changed the company’s mind.

Nintendo also said, officially, that it plans to release more Super NES Classic Edition consoles, its miniaturized version of the Super Nintendo Entertainment System, than originally planned. “Fans have shown their unbridled enthusiasm for these Classic Edition systems, so Nintendo is working to put many more of them on store shelves,” Nintendo said in a release.

Earlier this week, Nintendo of America president Reggie Fils-Aime said in an interview that the Super NES Classic Edition will be more readily available than its 8-bit predecessor.

“I would strongly urge you not to over-bid on an SNES Classic on any of the auction sites,” he told the Financial Times, adding that Nintendo had “dramatically increased” production of the SNES Classic.

Nintendo has promised since it announced the Super NES Classic Edition that it intends to make “significantly more” retro consoles than it did during the NES Classic Edition’s lifespan. But actually pre-ordering and guaranteeing one of the systems has been a headache for consumers, and Nintendo had only committed to manufacturing the Super NES Classic Edition through the end of 2017, leading to worries that the retro system would be hard to find.

The Super NES Classic Edition will include 21 games for Nintendo’s 16-bit console, including Super Mario World, The Legend of Zelda: A Link to the Past, Star Fox 2 and Super Metroid. The system will launch Sept. 29 for $79.99.

The NES Classic Edition, which was originally released in November 2016, included 30 classic 8-bit games. The system originally retailed for $59.99.”

Google Pixel 2 XL: My Next Phone!

Hands on: Google Pixel 2 XL review

TechRadar – By: Cameron Faulkner:

OUR EARLY VERDICT
Despite losing the cherished 3.5mm headphone jack, the Pixel 2 XL seems to have gained more than enough to make up for it thanks to a mix of unique and sought-after features like waterproofing, Active Edge and a truly impressive camera.

Google Pixel 2 XLFOR
Stock Android feels more unique with Active Edge
Confident design
Amazing camera
Waterproof

AGAINST
Price increased over 2016 model
Specs don’t move the needle
No 3.5mm headphone port

After an incredible year for smartphones, which so far has seen the launch of the Samsung Galaxy S8, iPhone X, LG V30, Essential Phone and many more boundary-pushing entries, Google is up to bat for the last big hit of 2017.

And today it took a mighty swing by announcing the Google Pixel 2 and Google Pixel 2 XL, both of which reshape and polish the already-impressive 2016 Pixel devices, but not without a little controversy.

Focusing on the Pixel 2 XL, the company clearly put some effort into making something more than just a larger version of the Pixel 2, as it did last year. In fact, this plus-sized phone visually stands out next to its smaller kin to such a degree that it might as well be a whole new product line.

It’s not just the outside of the phone that has us excited. The specs, including the Snapdragon 835 processor, improvements made to the camera and the intriguing Active Edge feature, look to put it up against (and in some regards, beat down) the toughest round of competition ever put forward by leading manufacturers.

But as always, it comes down to this question: is the phone worth the cost?

When it launches worldwide later this year, the Pixel 2 XL will ship for the hiked-up price of US$849/AU$1,399 (about £630) for the base 64GB model, while the 128GB is priced at US$949/AU$1,549 – we’re getting close to the ceiling in terms of prices set by the Samsung Galaxy Note 8 and iPhone X.

We’ve had some time with Google’s latest at its big event, and leading into our full review, we’ll be updating this post with new impressions as we use the device, fresh photo samples and comparisons and more, so stay tuned.

Design, display and Active Edge

Even if it was pure coincidence, the original Pixel XL certainly blended nicely into the crowd of iPhones, thanks to its generous bezels top and bottom. However, in the year following its debut, this style has quickly gone out the window in favor of the bezel-less look, with even Apple opting for a high screen-to-body ratio with the iPhone X.

So, rather than risk of getting left behind in the last big announcement of the year, it makes sense that the Google Pixel 2 XL would adopt a similar look. And what a refresh this is. Compared to the smaller 5-inch Google Pixel 2, the larger 6-inch version, which now costs a whopping $200 more, provides a decent amount of reason for the price madness.

Starting with the bezels (or the lack thereof), Google’s new phone mostly clears them from view to put the focus on the display – an improved P-OLED display that features a polarized display that can be viewed easily with sunglasses.

Not surprisingly, the new device improves on the original’s with the 2,880 x 1,440 resolution (QHD+), which makes it, once again, the better of Google’s two 2017 options for virtual reality via the Google Daydream View headset.

On its face, the Pixel 2 XL’s bezel layout makes for a similar look to the LG V30 and LG G6. Given that very company poured work into the latest Google phablet, this comes as little surprise, and thankfully, the Pixel 2 XL stands out easily so that you won’t confuse the phones.

Tearing our eyes away from the display (admittedly, a hard thing to do), the rest of the phone has received some big updates that are worth mentioning.

First, let’s address the elephant in the room: neither the Pixel 2 or the Pixel 2 XL feature a 3.5mm headphone jack. These aren’t the first Android phones to omit the legacy port, but given that it made a pointed jab at Apple for doing so last year, there’s a bit of egg on Google’s face right about now.

However, it’s less than you might think given that Android Oreo supports plenty of high-quality wireless audio codecs. This doesn’t excuse the decision, but as opposed to citing “courage” as its inspiration, Google appears to have accounted for the change by working to solve the greater issue of a bad wireless experience, which we’re all for. Plus, it’s tossing a 3.5mm to USB-C adaptor in the box.

Additionally, it has announced the Google Pixel Buds, which could be a good wireless solution if you happen to have $159 around. They’re most interesting than your average headphones though, as they live-translate languages.

Moving right along, the edges of the Pixel 2 XL are rounded off, offering a single, smooth texture instead of the divisive, multi-layered mix of chamfered and glossy metal used in 2016’s model. As usual, the right side of the smartphone plays host to the volume rocker and power button, with each delivering an optimal amount of tactility when pressed.

This sounds like a silly thing to pass judgment on, but in past years the hardware buttons on Nexus phones haven’t yielded the longest lifespan for remaining clicky. Thankfully, we haven’t experienced any issues whatsoever in its Pixel lineup, and this new phone appears to be no exception, though it’s an issue that usually takes months to manifest itself.

Moreover, the Pixel 2 XL features a new button of sorts that’s impervious to whittling away: its Active Edge feature, which lets you squeeze the phone’s frame to issue a command.

Want to boot into the camera app or pull up Google Assistant? Just give the phone a light or hard squeeze, the intensity of which you can determine yourself.

You might remember that this feature first popped up as Edge Sense in the HTC U11, and now it’s been swallowed up in the Pixel 2 XL. While some may stick to using buttons and on-screen prompts, Active Edge is an important new feature that adds a fun, new element of navigation to stock Android, which has the reputation of being a bit stale to some who prefer custom launchers.

Flipped over on its back, the same split, two-toned design of aluminum and glass carries forward into 2017’s Pixel devices, and it’s less divisive than before. My colleagues had some tough words for the original Pixel’s look, calling it “peculiar” and “premium, if slightly odd.” I personally don’t agree, though I can see where they’re coming from. That being said, this melding of materials on the Pixel 2 XL is much more harmonious.

The fingerprint sensor now sits below the glass fold, with only the large rear-facing camera, flash and accompanying sensors sitting within the glass. The slight camera bump might be seen as a flaw to some, but we’re in support of Google raising the camera sensor out a bit, as it prevents the horrors that are endured when the original Pixel’s rear glass cracks.

Performance

Early rumors pointed to the Pixel 2 and Pixel 2 XL being the first phones to launch with a next-gen Snapdragon processor, but that didn’t come to pass. Alas, both smartphones feature 2017’s go-to flagship workhorse, the Snapdragon 835.

Paired with 4GB of RAM, the Pixel 2 XL might not seem like it’s gunning for prime position in the numbers race, but of course we’ve yet to see what this phone is capable of in real-world testing.

Last year’s Pixel XL is equipped with the Snapdragon 821, and we’re still pretty pleased with the performance eked from it, so given Google’s recent work to build a name for itself in internal chipset development, our guess is that this phone has some unique performance tricks up its sleeve.

Of course, this smartphone will already be ahead of the greater pack of Android flagships at launch thanks to it coming with Android Oreo out of the box. You can expect super-fast boot times, optimized background app usage and, perhaps, a few more interesting Pixel-exclusive features coming down the line as Oreo matures.

The Pixel 2 XL’s camera and battery are well worth a discussion, though we won’t know what each is truly capable of until we spend more time with the phone.

Starting with the cameras, Google has gone the extra mile to make its already-stellar camera even better – it’s a 12MP sensor with an aperture of f/1.8 to capture low-light shots better, whether it be in the haze of night or a dark concert hall. On its front, Google has stuck with an 8MP sensor.

Google showed off its Google Lens and ARCore capabilities, both of which are coming to Pixel first. More to come on that later on, but definitely worth a lengthy discussion.

Moving onto the battery, as surprisingly efficient as the Snapdragon 835 has proved itself to be in the past year, we always like to see more battery in our phones, not less (staring daggers at the Moto Z2 Force.) The Pixel 2 XL has been boosted ever so slightly to 3,520mAh over 3,450mAh used in the original XL.

As a result, the 2 XL is very likely to be the popular choice among those who want to use Daydream for longer and, well, just do everything else for longer, too. We’re asking around about official battery capacity.

We’ll have to perform more testing to see if the pairing of its QHD+ display and larger battery will win out versus the Pixel 2’s 1080p screen and smaller battery, or if we’re looking at equal projected lifespans between the two – something that many have said about the first batch of Pixels.

Early verdict

2017 is a hellish year (in that it’s the best ever) to decide on a new smartphone, and Google certainly hasn’t made it any easier with the Pixel 2 XL.

But thanks to some smart re-configurations on both the design and internals fronts, plus a few extra surprises, like Active Edge and its seemingly killer camera, this smartphone could be the one you’ve been waiting for since, if you’re like me, last year’s Google Pixel.

This new device appears to have made improvements where it needed them most (performance and design,) as well as in areas where it already had a comfortable lead (camera, software).

Despite these welcome additions to the Pixel formula, the most unwelcome ingredient is its new price tag, which starts at $849. The divide between the smaller Pixel 2 is wider now: $200 instead of $120.

Is the jump worth it to you? Until we know for sure how the XL’s battery and chipset perform under pressure, check out our guide that might just help make that very decision an easy one.”

This an Exploit That Got Me!

It was in a Google Chrome extension (Chrome Text Editor) that I installed. More about that on the next show!

Surreptitious cryptocurrency miners hide on Politifact and hundreds of other sites

TechCrunch – By: Devin Coldewey – “Politifact is the latest and perhaps most high-profile website to have hosted code that secretly hijacks visitors’ CPUs to mine cryptocurrency. Driven by a boom in cryptocoin value and a lack of protections against JavaScript routines like this one, this surprising form of audience monetization is now found on hundreds of sites.

(Update: Politifact has removed the code and is looking into how it got there.)

It’s not quite an ad, and it’s not quite malware, nor is it strictly speaking a virus or exploit. JavaScript is used for all kinds of things in the background of practically every major website, from tracking users to displaying custom fonts. Generally speaking, these apps are running code hosted on another server that the end user can’t inspect, and often doesn’t even realize their browser is executing.

In recent months, several JavaScript-based cryptocurrency miners have appeared. The idea, supposedly, is that instead of showing your visitors ads, you have their CPU run the calculations necessary to mine a currency like Bitcoin. As the administrator, you could control the CPU load and reap any resulting coins. CoinHive is a new business that offers this as a service.

Predictably, this already questionable approach to monetization has already been repurposed by malicious actors. Injecting a bit of JavaScript into the front page of a website is often simpler to do than penetrate its databases or phish its admins; and once it’s in, it runs itself — all you have to do is give it a wallet to put the coins in.

That seems to be what happened at Politifact; my blocker registers a CoinHive instance on the main pages of the site, with new requests coming in multiple times a second. Inspecting the site’s JavaScript shows an enormous chunk of CoinHive miner code sitting amongst the ordinary scripts. It’s pretty hard to miss, and if not blocked it takes over the whole CPU until the tab is closed. With a few million users mining for a minute or two each while they check out the latest political shenanigans, those cycles add up quick.

I’ve contacted the site’s team to ask what the story is; someone there told The Register that they’re looking into it, but I’ll update if I hear back with more details.

The site is far from alone: a study by ad blocker company AdGuard showed that hundreds of sites, most of them on the shady site (porn and torrent sites, for instance) are running CoinHive code, or some other JavaScript-based miner.

What can you do? Well, this is a great reason to install an ad blocker, if you haven’t already: in addition to getting rid of intrusive ads and trackers, some of them block unknown scripts or have a blacklist of known malicious ones. I use uBlock Origin, which also makes it easy to whitelist sites (like this one) that only feature organic, free-range advertisements. But you could also use NoScript, AdBlock or any one of the many out there, depending on your platform and browser.”

1 29 30 31 32 33 231