8.5 million Windows devices were ultimately affected by the Crowdstrike outage, according to figures from Microsoft cited by CNN.

And now an anonymous Slashdot reader shares CNN's report on the ramifications: What one cybersecurity expert said appears to be the "largest IT outage in history" led to the cancellation of more than 5,000 commercial airline flights worldwide and disrupted businesses from retail sales to package deliveries to procedures at hospitals, costing revenue and staff time and productivity... While CrowdStrike has apologized, it has not mentioned whether or not it intends to provide compensation to affected customers. And when asked by CNN about whether it plans to provide compensation, its response did not address that question. Experts say they expect that there will be demands for remuneration and very possibly lawsuits.

"If you're a lawyer for CrowdStrike, you're probably not going to enjoy the rest of your summer," said Dan Ives, a tech analyst for Wedbush Securities....

But there could be legal protections for CrowdStrike in its customer contracts to shield it from liability, according to one expert. "I would guess that the contracts protect them," said James Lewis, researcher at the Center for Strategic and International Studies...

It's also not clear how many customers CrowdStrike might lose because of Friday. Wedbush Securities' Ives estimates less than 5% of its customers might go elsewhere. "They're such an entrenched player, to move away from CrowdStrike would be a gamble," he said. It will be difficult, and not without additional costs, for many customers to switch from CrowdStrike to a competitor. But the real hit to CrowdStrike could be reputational damage that will make it difficult to win new customers... [E]ven if customers are understanding, it's likely that CrowdStrike's rivals will be seeking to use Friday's events to try to lure them away.
One final note from CNN. Patrick Anderson, CEO of a Michigan research firm called the Anderson Economic Group, "added that the costs could be particularly significant for airlines, due to lost revenue from canceled flights and excess labor and fuel costs for the planes that did fly but faced significant delays."

See also: Third Day of 1,000+ Cancelled Flights, Just in the US, After Crowdstrike Outage .

The Verge reports that for machines that aren't automatically receiving Crowdstrike's newly-released software fix, Microsoft has released a recovery tool that creates a bootable USB drive. Some IT admins have reported rebooting PCs multiple times will get the necessary update, but for others the only route is having to manually boot into Safe Mode and deleting the problematic CrowdStrike update file. Microsoft's recovery tool now makes this recovery process less manual, by booting into its Windows PE environment via USB, accessing the disk of the affected machine, and automatically deleting the problematic CrowdStrike file to allow the machine to boot properly. This avoids having to boot into Safe Mode or a requirement of admin rights on the machine, because the tool is simply accessing the disk without booting into the local copy of Windows. If a disk is protected by BitLocker encryption, the tool will prompt for the BitLocker recovery key and then continue to fix the CrowdStrike update.

Who wrote the code for Windows' notorious "Blue Screen of Death? It's "been a source of some contention," writes SFGate: A Microsoft developer blog post from Raymond Chen in 2014 said that former Microsoft CEO Steve Ballmer wrote the text for the Ctrl+Alt+Del dialog in Windows 3.1. That very benign post led to countless stories from tech media claiming Ballmer was the inventor of the "Blue Screen of Death." That, in turn, prompted a follow-up developer blog post from Chen titled "Steve Ballmer did not write the text for the blue screen of death...."

Chen then later tried to claim he was responsible for the "Blue Screen of Death," saying he coded it into Windows 95. Problem is, it already existed in previous iterations of Windows, and 95 simply removed it. Chen added it back in, which he sort of cops to, saying: "And I'm the one who wrote it. Or at least modified it last." No one challenged Chen's 2014 self-attribution, until 2021, when former Microsoft developer Dave Plummer stepped in. According to Plummer, the "Blue Screen of Death" was actually the work of Microsoft developer John Vert, whom logs revealed to be the father of the modern Windows blue screen way back in version 3.1.
Plummer spoke directly with Vert, according to Vert, who'd remembered that he got the idea because there was already a blue screen with white text in both his machine at the time (a MIPS RISC box) and this text editor (SlickEdit)...

The pace of China's clean energy transition "is roughly the equivalent of installing five large-scale nuclear power plants worth of renewables every week," according to a report from Australia's national public broadcaster ABC (shared by long-time Slashdot reader AmiMoJo): A report by Sydney-based think tank Climate Energy Finance (CEF) said China was installing renewables so rapidly it would meet its end-of-2030 target by the end of this month — or 6.5 years early.

It's installing at least 10 gigawatts of wind and solar generation capacity every fortnight...

China accounts for about a third of the world's greenhouse gas emissions. A recent drop in emissions (the first since relaxing COVID-19 restrictions), combined with the decarbonisation of the power grid, may mean the country's emissions have peaked. "With the power sector going green, emissions are set to plateau and then progressively fall towards 2030 and beyond," CEF China energy policy analyst Xuyang Dong said... [In China] the world's largest solar and wind farms are being built on the western edge of the country and connected to the east via the world's longest high-voltage transmission lines...

Somewhat counterintuitively, China has built dozens of coal-fired power stations alongside its renewable energy zones, to maintain the pace of its clean energy transition. China was responsible for 95 per cent of the world's new coal power construction activity last year. The new plants are partly needed to meet demand for electricity, which has gone up as more energy-hungry sectors of the economy, like transport, are electrified. The coal-fired plants are also being used, like the batteries and pumped hydro, to provide a stable supply of power down the transmission lines from renewable energy zones, balancing out the intermittent solar and wind.

Despite these new coal plants, coal's share of total electricity generation in the country is falling. The China Energy Council estimated renewables generation would overtake coal by the end of this year.
CEF director Tim Buckley tells the site that China installed just 1GW of nuclear power last year — compared to 300GW of solar and wind. "They had grand plans for nuclear to be massive but they're behind on nuclear by a decade and five years ahead of schedule on solar and wind." Last year China accounted for 16% of the world's nuclear-generated power — but also more than half the world's coal-fired power generation, according to this year's analysis from the long-running International Energy Agency. The IEA estimated that in 2023, China's electricity demand rose by 6.4%, and they're predicting that by 2026 the country will see an increase "more than half of the EU's current annual electricity consumption."

And yet in China "the rapid expansion of renewable energy sources is expected to meet all additional electricity demand..." according to the IEA analysis. "Coal-fired generation in China is currently on course to experience a slow structural decline, driven by the strong expansion of renewables and growing nuclear generation, as well as moderating economic growth."

There's also some interesting stats on the "CO2 intensity" of power generation around the world. "The EU is expected to record the highest rate of progress in reducing emissions intensity, averaging an improvement of 13% per year. This is followed by China, with annual improvements forecast at 6%, and the United States at 5%."

Long-time Slashdot reader Uncle_Meataxe shares a related article from Electrek ...

Slashdot reader Thelasko shared Friday's article from Digital Trends: Nearly every flight in the U.S. is grounded right now following a CrowdStrike system update error that's affecting everything from travel to mobile ordering at Starbucks — but not Southwest Airlines flights. Southwest is still flying high, unaffected by the outage that's plaguing the world today, and that's apparently because it's using Windows 3.1.

Yes, Windows 3.1 — an operating system that is 32 years old. Southwest, along with UPS and FedEx, haven't had any issues with the CrowdStrike outage. In responses to CNN, Delta, American, Spirit, Frontier, United, and Allegiant all said they were having issues, but Southwest told the outlet that its operations are going off without a hitch. Some are attributing that to Windows 3.1. Major portions of Southwest's systems are reportedly built on Windows 95 and Windows 3.1...
UPDATE: Reached for comment, Southwest "would not confirm" that's it's using Windows 3.1, reports SFGate. But they did get this quote from an airline analyst:

âoeWe believe that Southwestâ(TM)s older technology kept it somewhat immune from the issues affecting other airlines today."

Shares of cybersecurity company CrowdStrike Holdings dropped 15% on Friday after the company's software update resulted in what may turn out to be the largest IT outage ever. CrowdStrike stock "is on pace for its steepest daily loss since November 2022 and its $290 low share price is the lowest intraday mark since April 25," reports Forbes. "CrowdStrike is on track for the third-worst day in its five-year history as a publicly traded company." From the report: Microsoft, which was swept up in the outage as the downed systems are those running CrowdStrike's cybersecurity applications and Microsoft's Windows software, also slumped, with its shares down about 1% to the $3.2 trillion behemoth's lowest share price since June 11. CrowdStrike competitor Palo Alto Networks enjoyed a 4% rally Friday, while the tech-heavy Nasdaq Composite stock index gained about 0.2%, held up by the likes of Microsoft rival Apple's 1% stock gain and a 1% rise for shares of Alphabet, which is reportedly in talks to buy cybersecurity firm Wiz for $23 billion.

The CrowdStrike selloff is "an overreaction to a temporary setback," Rosenblatt analyst Catharine Trebnick wrote in a note to clients Friday. It's a "compelling buying opportunity" as it "creates a window for investors to buy into a high-quality, growth-oriented cybersecurity company at a discounted valuation," Trebnick continued. To her point, CrowdStrike stock's relative valuation, according to its price-to-earnings ratio (P/E), which compares its market value to its projected profits over the next four quarters, fell Friday to its lowest number since April. Still, CrowdStrike's P/E of about 70 is very high for a company of its size, meaning investors will need to express significant confidence in the business' ability to grow earnings, a challenge if Friday's incident were to impact CrowdStrike's client base.

A widespread IT outage, caused by a defective software update from cybersecurity firm CrowdStrike, is affecting businesses worldwide, causing significant disruptions across various sectors. The issue has primarily impacted computers running Windows, resulting in system crashes and "blue screen of death" errors. The travel industry appears to be among the hardest hit, with airlines and airports in multiple countries reporting problems with check-in and ticketing systems, leading to flight delays. Other affected sectors include banking, retail, and healthcare.

CrowdStrike CEO George Kurtz confirmed the outage was due to a "defect" in a content update for Windows hosts, ruling out a cyberattack. The company is working on a fix. CrowdStrike said the crash reports were "related to the Falcon Sensor" -- its cloud-based security service that it describes as "real-time threat detection, simplified management, and proactive threat hunting."

A Microsoft spokesperson told TechCrunch that the previous Microsoft 365 service disruption overnight July 18-19 was unrelated to the widespread outage triggered by the CrowdStrike update.

Editor's note: The story has been updated throughout the day and moved higher on the front page.

Cybercriminals are using Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. From a report: Trustwave researchers who observed the campaigns said the threat actors also promote fake downloads for pirated games and software, Sora AI, 3D image creator, and One Click Active. While using Facebook advertisements to push information-stealing malware is not new, the social media platform's massive reach makes these campaigns a significant threat.

The threat actors take out advertisements that promote Windows themes, free game downloads, and software activation cracks for popular applications, like Photoshop, Microsoft Office, and Windows. These advertisements are promoted through newly created Facebook business pages or by hijacking existing ones. When using hijacked Facebook pages, the threat actors rename them to suit the theme of their advertisement and to promote the downloads to the existing page members.

At the end of June, Apple's App Store rejected the Windows/retro PC emulator "UTM SE". But in a reversal Apple approved the app Saturday, reports the Verge.

"We are happy to announce that UTM SE is available (for free) on iOS and visionOS App Store," the developer posted on X, "and coming soon to AltStore PAL."

From the Verge: After Apple rejected the app in June, the developer said it wasn't going to keep trying because the app was "a subpar experience." Today, UTM thanked the AltStore team for helping it and credited another developer "whose QEMU TCTI implementation was pivotal for this JIT-less build."

As with other emulators on the App Store, you can't do much with UTM SE out of the box. It doesn't come with any operating systems, though the app does link to UTM's site, which has guides for Windows XP through Windows 11 emulation, as well as downloads of pre-built virtual Linux machines. Mac OS 9.2.1 and DOS are listed in one screenshot from the UTM SE App Store page. Mac OS 9.2.1 and DOS are listed in one screenshot from the UTM SE App Store page.

"Signal is finally tightening its desktop client's security," reports BleepingComputer — by changing the way it stores plain text encryption keys for the SQLite database where users' messages are stored: When BleepingComputer contacted Signal about the flaw in 2018, we never received a response. Instead, a Signal Support Manager responded to a user's concerns in the Signal forum, stating that the security of its database was never something it claimed to provide. "The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide," responded the Signal employee...

[L]ast week, mobile security researchers Talal Haj Bakry and Tommy Mysk of Mysk Inc warned on X not to use Signal Desktop because of the same security weakness we reported on in 2018... In April, an independent developer, Tom Plant, created a request to merge code that uses Electron's SafeStorage API "...to opportunistically encrypt the key with platform APIs like DPAPI on Windows and Keychain on macOS," Plant explained in the merge request... When used, encryption keys are generated and stored using an operating system's cryptography system and secure key stores. For example, on Macs, the encryption key would be stored in the Keychain, and on Linux, it would use the windows manager's secret store, such as kwallet, kwallet5, kwallet6, and gnome-libsecret... While the solution would provide additional security for all Signal desktop users, the request lay dormant until last week's X drama.

Two days ago, a Signal developer finally replied that they implemented support for Electron's safeStorage, which would be available soon in an upcoming Beta version. While the new safeStorage implementation is tested, Signal also included a fallback mechanism that allows the program to decrypt the database using the legacy database decryption key...

Signal says that the legacy key will be removed once the new feature is tested.
"To be fair to Signal, encrypting local databases without a user-supplied password is a problem for all applications..." the article acknowledges.

"However, as a company that prides itself on its security and privacy, it was strange that the organization dismissed the issue and did not attempt to provide a solution..."

Slashdot reader joshuark shared this report from BetaNews: Check Point Research has identified a critical zero-day spoofing attack exploiting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser's retirement.

Identified as CVE-2024-38112, this vulnerability allows attackers to execute remote code by tricking users into opening malicious Internet Shortcut (.url) files. This attack method has been active for over a year and could potentially impact millions... Attackers use a sophisticated trick to mask the malicious .hta extension, making use of the outdated security of Internet Explorer to compromise systems running updated Windows operating systems.
From Check Point Research: Even though IE has been proclaimed "retired and out-of-support," technically speaking, IE is still part of the Windows OS and is "not inherently unsafe, as IE is still serviced for security vulnerabilities, and there should be no known exploitable security vulnerabilities," according to our communications with Microsoft.

A 2023 red team exercise by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at an unnamed federal agency exposed critical security failings, including unpatched vulnerabilities, inadequate incident response, and weak credential management, leading to a full domain compromise. According to The Register's Connor Jones, the agency failed to detect or remediate malicious activity for five months. From the report: According to the agency's account of the exercise, the red team was able to gain initial access by exploiting an unpatched vulnerability (CVE-2022-21587 - 9.8) in the target agency's Oracle Solaris enclave, leading to what it said was a full compromise. It's worth noting that CVE-2022-21587, an unauthenticated remote code execution (RCE) bug carrying a near-maximum 9.8 CVSS rating, was added to CISA's known exploited vulnerability (KEV) catalog in February 2023. The initial intrusion by CISA's red team was made on January 25, 2023. "After gaining access, the team promptly informed the organization's trusted agents of the unpatched device, but the organization took over two weeks to apply the available patch," CISA's report reads. "Additionally, the organization did not perform a thorough investigation of the affected servers, which would have turned up IOCs and should have led to a full incident response. About two weeks after the team obtained access, exploit code was released publicly into a popular open source exploitation framework. CISA identified that the vulnerability was exploited by an unknown third party. CISA added this CVE to its Known Exploited Vulnerabilities Catalog on February 2, 2023." [...]

After gaining access to the Solaris enclave, the red team discovered they couldn't pivot into the Windows part of the network because missing credentials blocked their path, despite enjoying months of access to sensitive web apps and databases. Undeterred, CISA managed to make its way into the Windows network after carrying out phishing attacks on unidentified members of the target agency, one of which was successful. It said real adversaries may have instead used prolonged password-praying attacks rather than phishing at this stage, given that several service accounts were identified as having weak passwords. After gaining that access, the red team injected a persistent RAT and later discovered unsecured admin credentials, which essentially meant it was game over for the agency being assessed. "None of the accessed servers had any noticeable additional protections or network access restrictions despite their sensitivity and critical functions in the network," CISA said.

CISA described this as a "full domain compromise" that gave the attackers access to tier zero assets -- the most highly privileged systems. "The team found a password file left from a previous employee on an open, administrative IT share, which contained plaintext usernames and passwords for several privileged service accounts," the report reads. "With the harvested Lightweight Directory Access Protocol (LDAP) information, the team identified one of the accounts had system center operations manager (SCOM) administrator privileges and domain administrator privileges for the parent domain. "They identified another account that also had administrative permissions for most servers in the domain. The passwords for both accounts had not been updated in over eight years and were not enrolled in the organization's identity management (IDM)." From here, the red team realized the victim organization had trust relationships with multiple external FCEB organizations, which CISA's team then pivoted into using the access they already had.

The team "kerberoasted" one partner organization. Kerberoasting is an attack on the Kerberos authentication protocol typically used in Windows networks to authenticate users and devices. However, it wasn't able to move laterally with the account due to low privileges, so it instead used those credentials to exploit a second trusted partner organization. Kerberoasting yielded a more privileged account at the second external org, the password for which was crackable. CISA said that due to network ownership, legal agreements, and/or vendor opacity, these kinds of cross-organizational attacks are rarely tested during assessments. However, SILENTSHIELD assessments are able to be carried out following new-ish powers afforded to CISA by the FY21 National Defense Authorization Act (NDAA), the same powers that also allow CISA's Federal Attack Surface Testing (FAST) pentesting program to operate. It's crucial that these avenues are able to be explored in such exercises because they're routes into systems adversaries will have no reservations about exploring in a real-world scenario. For the first five months of the assessment, the target FCEB agency failed to detect or remediate any of the SILENTSHIELD activity, raising concerns over its ability to spot genuine malicious activity. CISA said the findings demonstrated the need for agencies to apply defense-in-depth principles. The cybersecurity agency recommended network segmentation and a Secure-by-Design commitment.

Speaking of Xbox, the Xbox 360 Store and Marketplace are coming to a close later this month. From a report: Microsoft announced this last year and put an official end date of July 29, according to its official FAQ page. In case you didn't notice, the end of July is fast approaching. All of the games, DLC and any gaming tidbits for Microsoft's second generation console won't be available to purchase or download on the Xbox 360 console. Your games and movie purchases are still safe, however, if you've got any throwback titles on your Xbox One or Series X/S console. You can also still watch your purchased movies and shows on Windows 10 and 11 devices.

Longtime Slashdot reader ArchieBunker shares a report from TIME Magazine: On an evening in December 2023, 43-year-old small business owner Sarah Rosenkranz collapsed in her home in Granbury, Texas and was rushed to the emergency room. Her heart pounded 200 beats per minute; her blood pressure spiked into hypertensive crisis; her skull throbbed. "It felt like my head was in a pressure vise being crushed," she says. "That pain was worse than childbirth." Rosenkranz's migraine lasted for five days. Doctors gave her several rounds of IV medication and painkiller shots, but nothing seemed to knock down the pain, she says. This was odd, especially because local doctors were similarly vexed when Indigo, Rosenkranz's 5-year-old daughter, was taken to urgent care earlier that year, screaming that she felt a "red beam behind her eardrums." It didn't occur to Sarah that these symptoms could be linked. But in January 2024, she walked into a town hall in Granbury and found a room full of people worn thin from strange, debilitating illnesses. A mother said her 8-year-old daughter was losing her hearing and fluids were leaking from her ears. Several women said they experienced fainting spells, including while driving on the highway. Others said they were wracked by debilitating vertigo and nausea, waking up in the middle of the night mid-vomit. None of them knew what, exactly, was causing these symptoms. But they all shared a singular grievance: a dull aural hum had crept into their lives, which growled or roared depending on the time of day, rattling their windows and rendering them unable to sleep. The hum, local law enforcement had learned, was emanating from a Bitcoin mining facility that had recently moved into the area -- and was exceeding legal noise ordinances on a daily basis.

Over the course of several months in 2024, TIME spoke to more than 40 people in the Granbury area who reported a medical ailment that they believe is connected to the arrival of the Bitcoin mine: hypertension, heart palpitations, chest pain, vertigo, tinnitus, migraines, panic attacks. At least 10 people went to urgent care or the emergency room with these symptoms. The development of large-scale Bitcoin mines and data centers is quite new, and most of them are housed in extremely remote places. There have been no major medical studies on the impacts of living near one. But there is an increasing body of scientific studies linking prolonged exposure to noise pollution with cardiovascular damage. And one local doctor -- ears, nose, and throat specialist Salim Bhaloo -- says he sees patients with symptoms potentially stemming from the Bitcoin mine's noise on an almost weekly basis. "I'm sure it increases their cortisol and sugar levels, so you're getting headaches, vertigo, and it snowballs from there," Bhaloo says. "This thing is definitely causing a tremendous amount of stress. Everyone is just miserable about it." "By the end of 2024, we intend to have replaced the majority of air-cooled containers with immersion cooling, with no expansion required," said a representative for Marathon Digital Holdings, the company that owns the mine. "Initial sound readings on immersion containers indicate favorable results in sound reduction and compliance with all relevant state noise ordinances." They did not answer questions about the health impacts their mining site was causing.

"We're living in a nightmare," said Rosenkranz. She clocked the hum at 72 decibels in Indigo's bedroom in the dead of night. "Indigo's room directly faces the mine, which sits about a mile and a half away," notes TIME. She had to be pulled from her school after she developed so many ear infections from the sound.

The report also said a resident's dog "started going bald and developed debilitating anxiety shortly after the Bitcoin mine began operating four blocks away." TIME added: "Directly next door, Tom Weeks' dog Jack Rabbit Slim started shaking and hyperventilating uncontrollably for hours on end; a vet placed him on the seizure medication Gabapentin. Rosenkranz's chickens stopped laying eggs for months. And Jerry and Patricia Campbell's centuries-old oak tree, which had served as the family's hub and protector for generations of backyard family reunions and even a wedding, died suddenly three months ago."

Microsoft and Apple dropped plans to take board roles at OpenAI in a surprise decision that underscores growing regulatory scrutiny of Big Tech's influence over artificial intelligence. From a report: Microsoft, which invested $13 billion in the ChatGPT creator, will withdraw from its observer role on the board, the company said in a letter to OpenAI on Tuesday, which was seen by Bloomberg News. Apple was due to take up a similar role, but an OpenAI spokesperson said the startup won't have board observers after Microsoft's departure. Regulators in the US and Europe had expressed concerns about Microsoft's sway over OpenAI, applying pressure on one of the world's most valuable companies to show that it's keeping the relationship at arm's length. Microsoft has integrated OpenAI's services into its Windows and Copilot AI platforms and, like other big US tech companies, is banking on the new technology to help drive growth.

Serif, the design software developer behind Affinity, has introduced a six-month free trial for its creative suite, offering Affinity Photo, Designer, and Publisher on Mac, Windows PC, and iPad. This move, along with a 50% discount on perpetual licenses, aims to attract Adobe users and reassure them of Affinity's commitment to its one-time purchase pricing model despite its recent acquisition by Canva. The Verge reports: Affinity uses a one-time purchase pricing model that has earned it a loyal fanbase among creatives who are sick of paying for recurring subscriptions. Prices start at $69.99 for Affinity's individual desktop apps or $164.99 for the entire suite, with a separate deal currently offering customers 50 percent off all perpetual licenses.

This discount, alongside the six-month free trial, is potentially geared at soothing concerns that Affinity would change its pricing model after being acquired by Canva earlier this year. "We're saying 'try everything and pay nothing' because we understand making a change can be a big step, particularly for busy professionals," said Affinity CEO Ashley Hewson. "Anyone who takes the trial is under absolutely no obligation to buy."

An anonymous reader shares a report: Microsoft is finally rolling out spellcheck and autocorrect for its Notepad app in Windows 11, more than 40 years after the simple text editor was first introduced in Windows in 1983. The software giant started testing both features in March, and has now quietly started enabling them for all Windows 11 users in recent days. The spellcheck feature in Notepad is almost identical to how Word or Edge highlight misspelled words, with a red underline to clearly show mistakes.

In Communications of the ACM, long-time FreeBSD contributor Poul-Henning Kamp mocks the idea that the free and open-source software movement has "come apart" and "will end in tears and regret." Economists and others focused on money — like my bank — have had a lot of trouble figuring out the free and open source software (FOSS) phenomenon, and eventually they seem to have reached the conclusion that it just makes no sense. So, they go with the flow. Recently, very serious people in the FOSS movement have started to write long and thoughtful opinion pieces about how it has all come apart and will end in tears and regret. Allow me to disagree...
What follows is a humorous history of how the Open Source movement bested a series of ill-conceived marketing failures starting after the "utterly bad" 1980s when IBM had an "unimaginably huge monopoly" — and an era of vendor lock-in from companies trying to be the next IBM: Out of that utter market failure came Minix, (Net/Free/Open)BSD, and Linux, at a median year of approximately 1991. I can absolutely guarantee that if we had been able to buy a reasonably priced and solid Unix for our 32-bit PCs — no strings attached — nobody would be running FreeBSD or Linux today, except possibly as an obscure hobby. Bill Gates would also have had a lot less of our money...
The essay moves on to when "that dot-com thing happened, fueled by the availability of FOSS operating systems, which did a much better job than any operating system you could buy — not just for the price, but in absolute terms of performance on any given piece of hardware. Thus, out of utter market failure, the FOSS movement was born."

And ultimately, the essay ends with our present day, and the phenomenon of companies that "make a business out of FOSS or derivatives thereof..." The "F" in FOSS was never silent. In retrospect, it seems clear that open source was not so much the goal itself as a means to an end, which is freedom: freedom to fix broken things, freedom from people who thought they could clutch the source code tightly and wield our ignorance of it as a weapon to force us all to pay for and run Windows Vista. But the FOSS movement has won what it wanted, and no matter how much oldsters dream about their glorious days as young revolutionaries, it is not coming back; the frustrations and anger of IT in 2024 are entirely different from those of 1991.

One very big difference is that more people have realized that source code is a liability rather than an asset. For some, that realization came creeping along the path from young teenage FOSS activists in the late 1990s to CIOs of BigCorp today. For most of us, I expect, it was the increasingly crushing workload of maintaining legacy code bases...

Slashdot reader joshuark shared this report from Windows Central Microsoft may have opened a can of worms with recent comments made by the tech giant's CEO of AI Mustafa Suleyman. The CEO spoke with CNBC's Andrew Ross Sorkin at the Aspen Ideas Festival earlier this week. In his remarks, Suleyman claimed that all content shared on the web is available to be used for AI training unless a content producer says otherwise specifically.
The whole discussion was interesting — but this particular question was very direct. CNBC's interviewer specifically said, "There are a number of authors here... and a number of journalists as well. And it appears that a lot of the information that has been trained on over the years has come from the web — and some of it's the open web, and some of it's not, and we've heard stories about how OpenAI was turning YouTube videos into transcripts and then training on the transcripts."

The question becomes "Who is supposed to own the IP, who is supposed to get value from the IP, and whether, to put it in very blunt terms, whether the AI companies have effectively stolen the world's IP." Suleyman begins his answer — at the 14:40 mark — with "Yeah, I think — look, it's a very fair argument." SULEYMAN: "I think that with respect to content that is already on the open web, the social contract of that content since the 90s has been that it is fair use. Anyone can copy it, recreate with it, reproduce with it. That has been freeware, if you like. That's been the understanding.

"There's a separate category where a website or a publisher or a news organization had explicitly said, 'Do not scrape or crawl me for any other reason than indexing me so that other people can find that content.' That's a gray area and I think that's going to work its way through the courts."


Q: And what does that mean, when you say 'It's a gray area'?

SULEYMAN: "Well, if — so far, some people have taken that information... but that's going to get litigated, and I think that's rightly so...

"You know, look, the economics of information are about to radically change, because we're going to reduce the cost of production of knowledge to zero marginal cost. And this is just a very difficult thing for people to intuit — but in 15 or 20 years time, we will be producing new scientific cultural knowledge at almost zero marginal cost. It will be widely open sourced and available to everybody. And I think that is going to be, you know, a true inflection point in the history of our species. Because what are we, collectively, as an organism of humans, other than an intellectual production engine. We produce knowledge. Our science makes us better. And so what we really want in the world, in my opinion, are new engines that can turbocharge discovery and invention."

Windows Recall was "delayed" over concerns that storing unencrypted recordings of users' activity was a security risk.

But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.

Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."

The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.
Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."

"Beyond that, Microsoft has nothing more to share," the spokesperson added.
Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.

My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...

It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.
The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."