Windows 10 enterprise updating explained – branches, rings, and the OS as a service

win10 6

Are you an admin or power user who feels slightly confused by the detail underpinning Microsoft’s Windows 10 updating and patching plans? If so, that’s not surprising. Microsoft has at times been less than clear about the ins and outs of the new Windows 10 updating branches and ‘rings’ which is some respects are similar to the regime pre-dating Windows 10 but dressed up in a new and confusing terminology.

Here we try to piece together what’s what with updating and Windows 10. There are certainly some things to watch out for. What is clear is that this new world is more complex, necessarily so. Today, Windows 10 is still an operating system but at some point it will resemble more of a service. This is the fate for all ‘big’ operating systems.

The mental map to understanding what’s going in are the different updating ‘branches’ and, within each of those, the deployment ‘rings’. A second important issue is to understand the difference between ‘updates’ (additional feature and services) and patches/fixes (security updates). The first of these is described in detail below while the second will happen as and when they deigned necessary by Microsoft.

For a specific primer on Windows 10’s main Security features see Windows 10 – the top 7 enterprise security features

Windows 10 updating: Current Branch (CB) – Windows 10 Home

This is plainly just the old Windows Update (WU) that home users have grown used to since its appearance in 2003 with Patch Tuesday but there are some important subtleties. Instead of the current monthly patching cycle, some updates will be applied on an ongoing basis, including Defender updates and what would once have been called ‘out of band’ security patches. Bigger updates covering new features will happen every four months, nudging Windows evolution along more rapidly than in the past.

In short, security fixes might coincide with CB updates but are, at a deeper level, independent of them and can happen on any timescale Microsoft chooses.

[Source:- Techworld]

Dell’s eDellRoot certificate screw-up – what dazed admins need to know

Image result for Dell eDellRoot certificate screw-up – what dazed admins need to know

For PC users it’s a case of here we go again. Earlier in 2015, PC giant Lenovo was infamously caught shipping Windows computers with a piece of useless adware containing a self-signed root certificate that opened a massive security hole for customers. This week, it was Dell’s turn. Crowdsourced researchers revealed that the company had suffered the same egregious weakness not once, but twice, this time inside a pair of tools used for remote support.

Lenovo’s issue was more embarrassing than Dell’s – the vulnerability was part of a program called Superfish witlessly put there to serve adverts inside browser sessions – but frankly from a security point this sort of distinction makes no odds. Embedding a self-signed SSL certificate with the private key in an application shipped to large numbers of users is asking for trouble and should not have happened. This sort of configuration would be normal for a development application, not the final software, which should have used a signed certificate in the filestore from a Certificate Authority (CA).

The problem in more detail: Dell’s Foundation Services remote support tool was discovered to have installed a self-signed root certificate identifying itself as ‘eDellRoot’. In common parlance, that offered anyone aware of the issue the possibility of extracting the certificate’s private key to create a means to impersonate any HTTPS website connection they fancied as part of a TLS man-in-the-middle compromise. This is very bad – browsers would accept this borrowed certificate as genuine and in most cases throw up no browser warning. Criminals could also sign malware to make it appear legitimate not to mention delve into encrypted data such as website logins by sniffing laptops connecting through public Wi-Fi.

The size of the risk? Potentially huge for any system lacking remediation (see below). This must be addressed urgently.

That all? Apparently a second tool, Dell System Detect (DSD), has been discovered trying the same insecure trick with a self-signed certificate called DSDTestProvider. The Dell private PKI keys used to create these certificates are now insecure.

How was it discovered? Technical users and interested researchers talking to one another on Reddit and other sites.

 

[Source:- Techworld]

 

What is the BBC micro:bit – Gary explains

microbit_pinout

The BBC micro:bit is part of an initiative to get kids coding, primarily in the UK, however its influence is starting to spread world wide. The micro:bit itself is a small credit card sized computer with an ARM Cortex-M0 microprocessor on it, plus a variety of sensors and LEDS. You can program it via MicroPython, JavaScript, a visual blocks editor, or in the C programming language. It is cheap, child friendly and has been given free to every child in year 7 or equivalent across the UK. So regardless of your age, if you find the prospect of learning to code interesting then read on to find out more in my full review of the BBC micro:bit.

History

There is a whole generation of computer scientists, software engineers, coders and hackers who first got into computing due to the home computer revolution of the mid-1980s and early 1990s. Machines such as the Sinclair ZX Spectrum, the Commodore 64 and the BBC Micro became the entry point for whole swathes of young people to learn about computing. Unfortunately as we entered the era of the PC and game consoles the “roll up your sleeves” attitude of the home computer revolution started to fade and in turn universities started to see a drop in the number of applications for computer science related studies.

This decline has been partly addressed by the great work of the Raspberry Pi foundation and now by the work of the Micro:bit foundation. You may have noticed the similarities between the name of the 1980s BBC Micro and the new BBC micro:bit. That is of course intentional. The British Broadcasting Corporation was a major partner in the release and the original BBC Micro and now the corporation is playing a significant role with the launch of the new micro:bit.

The micro:bit

The micro:bit itself measures 4 x 5 cm and includes 25 LEDs, 2 programmable switches, Bluetooth, an accelerometer, a compass, 5 ring type connectors and a 23-pin edge connector. This makes it ideal for not only learning about software but also for learning the fundamentals of electronics. The board can be programmed in a number of different ways including in Python and using JavaScript. The board is actually based on ARM’s mbed OS platform and the various programming environments offer higher level programming access. However the fundamental principle is the same: you write a program, compile it and then flash it onto the board. Once programmed the software on the board remains in the flash memory and will run whenever the board is powered on. This means that you can make standalone projects which just run whenever you power up the micro:bit.

 

Blocks

Probably the easiest introduction to coding for the micro:bit is using Microsoft’s micro:bit Programming Experience Toolkit (PXT). It supports both block-based coding and JavaScript. If you haven’t seen block-based coding before, the premise is very simple. The programmer uses drag-and-drop to pick blocks from a predefined set and stitch them together to make a program. Maybe picture will help:

 

On the left is a micro:bit emulator which demonstrates how the program will run on a real micro:bit. On the right is the program. There is a forever loop with two blocks inside of it. The first tells the micro:bit to scroll the message “Android Authority rulez!” and the second tells the micro:bit to pause for 1 second after the message has finished. Then the program will loop back and do it all again.

To add a new block you click on one of the menu items in the middle and then drag the desired block from the palette. The program in the screenshot above is for a very simple dice program (or should I say “die” as it is singular) that will display a random number between 1 and 6 when someone shakes the micro:bit.

There are blocks for controlling the LED matrix including showing strings, numbers and user-defined images. There are also blocks for reading the inputs like the compass and the accelerometer, plus blocks for all the normal programming stuff like conditions, loops, variables and simple arithmetic. On top of all that there are also blocks for controlling the input/output pins and even a way to do peer-to-peer communications using Bluetooth.

When you plug the micro:bit into your PC it will appear as a USB flash drive, called “MICROBIT.” To flash a blocks program onto the micro:bit you hit the download button and then drag-and-drop the resulting “.hex” file onto the MICROBIT drive. The micro:bit will automatically start the flashing process and then reboot when completed.

JavaScript

Microsoft’s micro:bit PXT also doubles as a Javascript editor. All block programs can be shown as JavaScript, in fact the block editor is just a front end to a JavaScript generator. If you modify the JavaScript the IDE will attempt to convert it back to blocks, however if it is too complex it won’t work and you need to continue in JavaScript only.

 

What this means is that if you are familiar with JavaScript, maybe because you have done some web development or maybe because you have used some of the popular JavaScript frameworks, then you can jump straight into micro:bit programming with little effort. It also means that if you have little or no programming skills then you can start to learn JavaScript using the micro:bit and you can use the blocks editor to help you get started. In either case it is a win-win situation!

Microsoft’s PXT editor isn’t the only way to write JavaScript for the micro:bit, you can also use the Code Kingdoms editor. Similar to Microsoft’s offering you can use blocks and JavaScript and switch between the two.

 

The only problem with the JavaScript approach is that the frameworks used by the two editors aren’t compatible. For example, to pause for 0.5 seconds under PXT you would use basic.pause(500) but under Code Kingdom’s IDE you need to use wait(500). The same thing applies to all the API calls related to the micro:bit including controlling the LED matrix, reading the button inputs, picking random numbers and even how to respond to events like shake.

This incompatibility will certainly be confusing to anyone just starting out and could cause frustration if an inexperienced user tries to switch from one environment to the other.

MicroPython

Python is a very popular high-level programming language that is often used to teach programming as it is simpler than languages like C and C++. MicroPython is a lean version of Python specifically designed to run on microcontrollers (like the ARM Cortex-M0 on the micro:bit).

There are several ways to code in Python on the micro:bit. One is to use the web-based IDE on the official micro:bit website, another is to use an offline editor like Mu. Mu is itself written in Python and works on Windows, OS X, Linux and Raspberry Pi. It is designed specifically for the micro:bit and also includes a built-in flash tool. Like the blocks editors and the JavaScript implementations, MicroPython for the micro:bit includes an API for controlling the hardware like the LED matrix and reading the inputs like the buttons.

 

C

mbed OS is ARM’s open source microcontroller development platform. It allows developers to build microcontroller based solutions using C and C++. The platform also includes everything you need to build IoT products and has a full networking stack along with support for Bluetooth. The micro:bit is in fact a mbed OS product, so while it is designed to be used by the higher level programming languages like JavaScript and Python, you can in fact program it via mbed in C and C++.

To program a micro:bit from mbed you first need to add the board to your setup and then import the micro:bit library into your project. From there you have access to some very low level classes and functions which provide a similar API to that of JavaScript and MicroPython. In fact if you study the mbed OS API you will see lots of similarities between what is available in the higher level languages and what is provided in the support library.

The screenshot above shows how to write the dice program in C++. As you can see it is a little longer than say the JavaScript version as you need to do more setup and handle things at a slightly lower level. This probably isn’t the best place for beginners to learn about the micro:bit. However if you have some C/C++ experience then this is a great way to explore the nitty-gritty of the platform.

Wrap-up

There is no doubt that the micro:bit is a excellent learning tool. It takes a different approach than the Raspberry Pi (which is also an excellent way to get into programming) since it doesn’t need a keyboard, mouse or monitor to use it. However you will need access to a PC for the coding and flashing. Well, actually that isn’t strictly true. It is possible to program the micro:bit from a smartphone or tablet. There are micro:bit apps available for Android and iOS. These apps basically take the place of the PC for the flashing process, which is done over Bluetooth rather than over a USB cable. However the programming environment offered within the app are actually just links to the online web environments.

The aim of the micro:bit is to encourage creativity in terms of software and hardware among young people and it certainly does just that. My kids are keen to play around with the micro:bit (now that the review is done) and I think that because the LED matrix is simpler to program than say sprites in a game on something like the Raspberry Pi then entry point is lower (which is a good thing).

If you are thinking about getting a young person a present which might actually be educational rather than just provide amusement, then you should certainly think about the micro:bit.

 

 
[Source:- Androidauthority]

Why the internet isn’t making us smarter – and how to fight back

Why the internet isn't making us smarter – and how to fight back

In the hours since I first sat down to write this piece, my laptop tells me the National Basketball Association has had to deny that it threatened to cancel its 2017 All-Star Game over a new anti-LGBT law in North Carolina – a story repeated by many news sources including the Associated Press. The authenticity of that viral video of a bear chasing a female snowboarder in Japan has been called into question. And, no, Ted Cruz is not married to his third cousin. It’s just one among an onslaught of half-truths and even pants-on-fire lies coming as we rev up for the 2016 American election season.

The longer I study human psychology, the more impressed I am with the rich tapestry of knowledge each of us owns. We each have a brainy weave of facts, figures, rules and stories that allows us to address an astonishing range of everyday challenges. Contemporary research celebrates just how vast, organized, interconnected and durable that knowledge base is.

That’s the good news. The bad news is that our brains overdo it. Not only do they store helpful and essential information, they are also receptive to false belief and misinformation.

Just in biology alone, many people believe that spinach is a good source of iron (sorry, Popeye), that we use less than 10 percent of our brains (no, it’s too energy-guzzling to allow that), and that some people suffer hypersensitivity to electromagnetic radiation (for which there is no scientific evidence).

But here’s the more concerning news. Our access to information, both good and bad, has only increased as our fingertips have gotten into the act. With computer keyboards and smartphones, we now have access to an Internet containing a vast store of information much bigger than any individual brain can carry – and that’s not always a good thing.

Better access doesn’t mean better information

This access to the Internet’s far reaches should permit us to be smarter and better informed. People certainly assume it. A recent Yale study showed that Internet access causes people to hold inflated, illusory impressions of just how smart and well-informed they are.

But there’s a twofold problem with the Internet that compromises its limitless promise.

First, just like our brains, it is receptive to misinformation. In fact, the World Economic Forum lists “massive digital misinformation” as a main threat to society. A survey of 50 “weight loss” websites found that only three provided sound diet advice. Another of roughly 150 YouTube videos about vaccination found that only half explicitly supported the procedure.

Rumor-mongers, politicians, vested interests, a sensationalizing media and people with intellectual axes to grind all inject false information into the Internet.

So do a lot of well-intentioned but misinformed people. In fact, a study published in the January 2016 Proceedings of National Academy of Science documented just how quickly dubious conspiracy theories spread across the Internet. Specifically, the researchers compared how quickly these rumors spread across Facebook relative to stories on scientific discoveries. Both conspiracy theories and scientific news spread quickly, with the majority of diffusion via Facebook for both types of stories happening within a day.

Making matters worse, misinformation is hard to distinguish from accurate fact. It often has the exact look and feel as the truth. In a series of studies Elanor Williams, Justin Kruger and I published in the Journal of Personality and Social Psychology in 2013, we asked students to solve problems in intuitive physics, logic and finance. Those who consistently relied on false facts or principles – and thus gave the exact same wrong answer to every problem – expressed just as much confidence in their conclusions as those who answered every single problem right.

For example, those who always thought a ball would continue to follow a curved path after rolling out of a bent tube (not true) were virtually as certain as people who knew the right answer (the ball follows a straight path).

Defend yourself

So, how so we separate Internet truth from the false?

First, don’t assume misinformation is obviously distinguishable from true information. Be careful. If the matter is important, perhaps you can start your search with the Internet; just don’t end there. Consult and consider other sources of authority. There is a reason why your doctor suffered medical school, why your financial advisor studied to gain that license.

Second, don’t do what conspiracy theorists did in the Facebook study. They readily spread stories that already fit their worldview. As such, they practiced confirmation bias, giving credence to evidence supporting what they already believed. As a consequence, the conspiracy theories they endorsed burrowed themselves into like-minded Facebook communities who rarely questioned their authenticity.

Instead, be a skeptic. Psychological research shows that groups designating one or two of its members to play devil’s advocates – questioning whatever conclusion the group is leaning toward – make for better-reasoned decisions of greater quality.

If no one else is around, it pays to be your own devil’s advocate. Don’t just believe what the Internet has to say; question it. Practice a disconfirmation bias. If you’re looking up medical information about a health problem, don’t stop at the first diagnosis that looks right. Search for alternative possibilities.

Seeking evidence to the contrary

In addition, look for ways in which that diagnosis might be wrong. Research shows that “considering the opposite” – actively asking how a conclusion might be wrong – is a valuable exercise for reducing unwarranted faith in a conclusion.

After all, you should listen to Mark Twain, who, according to a dozen different websites, warned us, “Be careful about reading health books. You may die of a misprint.”

Wise words, except a little more investigation reveals more detailed and researched sources with evidence that it wasn’t Mark Twain, but German physician Markus Herz who said them. I’m not surprised; in my Internet experience, I’ve learned to be wary of Twain quotes (Will Rogers, too). He was a brilliant wit, but he gets much too much credit for quotable quips.

Misinformation and true information often look awfully alike. The key to an informed life may not require gathering information as much as it does challenging the ideas you already have or have recently encountered. This may be an unpleasant task, and an unending one, but it is the best way to ensure that your brainy intellectual tapestry sports only true colors.

[Source:- Phys.org]

Microsoft to close Lionhead Studios – cans Fable Legends

Fable Legends

Microsoft is set to close the UK game development studio Lionhead and has canned its forthcoming title Fable Legends.

Hanno Lemke, the general manager of Microsoft Studios Europe, announced the decision in a blog post on the Xbox news site. In the same article, posted to the site on Monday afternoon, Lemke announced that the Danish studio Press Play would also be closed.

In the post, Lemke wrote: “These changes are taking effect as Microsoft Studios continues to focus its investment and development on the games and franchises that fans find most exciting and want to play.”

Co-founded by veteran British game designer Peter Molyneux in 1996, Lionhead is best known for the Fable series of role-playing adventures, which became hugely successful on the Xbox consoles. Microsoft purchased the studio in 2006, with Molyneux employed as creative director across Microsoft Game Studios.

He departed in 2012 to found independent studio 22 Cans, just as work began on Fable: Legends, a spin-off from the Fable series, based around co-op play. The release date of this project was delayed several times, reportedly to allow the team to polish the game.

Due to UK employment law, Microsoft must begin a formal consultation period with the employees of Lionhead before the studio can be shut, but closure is all but certain. Other studios are already posting messages on social media and industry forums offering work to departing Lionhead staff members.

Danish studio Press Play, was formed in 2006 and is best known for platforming adventure Max: The Curse of Brotherhood and offbeat puzzler Kalimba.

Microsoft was keen to point out that it was still committed to supporting game development in Europe. Its remaining UK based studio Rare is currently working on much-anticipated adventure Seas of Thieves, while Quantum Break from Finnish team Remedy Entertainment is likely to be one of this year’s major Xbox One releases.

[Source:- Gurdian]