An anonymous reader quotes a report from Ars Technica: At this point, most competitive online multiplayer games on the PC come with some kind of kernel-level anti-cheat software. As we've written before, this is software that runs with more elevated privileges than most other apps and games you run on your PC, allowing it to load in earlier and detect advanced methods of cheating. More recently, anti-cheat software has started to require more Windows security features like Secure Boot, a TPM 2.0 module, and virtualization-based memory integrity protection. Riot Games, best known for titles like Valorant and League of Legends and the Vanguard anti-cheat software, has often been one of the earliest to implement new anti-cheat requirements. There's already a long list of checks that systems need to clear before they'll be allowed to play Riot's games online, and now the studio is announcing a new one: a BIOS update requirement that will be imposed on "certain players" following Riot's discovery of a UEFI bug that could allow especially dedicated and motivated cheaters to circumvent certain memory protections.

In short, the bug affects the input-output memory management unit (IOMMU) "on some UEFI-based motherboards from multiple vendors." One feature of the IOMMU is to protect system memory from direct access during boot by external hardware devices, which otherwise might manipulate the contents of your PC's memory in ways that could enable cheating. The patch for these security vulnerabilities (CVE-2025-11901, CVE-202514302, CVE-2025-14303, and CVE-2025-14304) fixes a problem where this pre-boot direct memory access (DMA) protection could be disabled even if it was marked as enabled in the BIOS, creating a small window during the boot process where DMA devices could gain access to RAM.

The relative obscurity and complexity of this hardware exploit means that Vanguard isn't going to be enforcing these BIOS requirements on every single player of its games. For now, it will just apply to "restricted" players of Valorant whose systems, for one reason or another, are "too similar to cheaters who get around security features in order to become undetectable to Vanguard." But Riot says it's considering rolling the BIOS requirement out to all players in Valorant's highest competitive ranking tiers (Ascendant, Immortal, and Radiant), where there's more to be gained from working around the anti-cheat software. And Riot anti-cheat analyst Mohamed Al-Sharifi says the same restrictions could be turned on for League of Legends, though they aren't currently. If users are blocked from playing by Vanguard, they'll need to download and install the latest BIOS update for their motherboard before they'll be allowed to launch the game. Riot's new anti-cheat change could create problems for older PCs if the new anti-cheat change is expanded, notes Ars.

The update relies on a BIOS patch to fix a UEFI flaw, and many older motherboards, especially Intel 300-series and AMD AM4 boards, may never receive that update. If Riot flags a system and the manufacturer doesn't provide a patched BIOS, players could be locked out of games despite having otherwise capable hardware.

Microsoft's latest holiday ad for its Copilot AI assistant features a 30-second montage of users seamlessly syncing smart home lights to music, scaling recipes for large gatherings, and parsing HOA guidelines -- none of which the software can actually perform reliably when put to the test. The Verge methodically tested each prompt shown in the ad and found that Copilot repeatedly hallucinated interface elements that didn't exist, claimed to highlight on-screen buttons when it hadn't, and abandoned calculations midway through.

The smart home interface shown in the ad belongs to "Relecloud," a fictional company Microsoft uses in internal case studies. A Microsoft spokesperson confirmed that both the HOA document and the inflatable reindeer photo were fabricated for the advertisement. The ad closes with Santa Claus asking Copilot why toy production is behind schedule.

Further reading: Talking To Windows' Copilot AI Makes a Computer Feel Incompetent.

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...]

Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions.

To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

New submitter emangwiro shares a report: The HDMI Forum, responsible for the HDMI specification, continues to stonewall open source. Valve's Steam Machine theoretically supports HDMI 2.1, but the mini-PC is software-limited to HDMI 2.0. As a result, more than 60 frames per second at 4K resolution are only possible with limitations. In a statement to Ars Technica, a Valve spokesperson confirmed that HDMI 2.1 support is "still a work-in-progress on the software side." "We've been working on trying to unblock things there."

The Steam Machine uses an AMD Ryzen APU with a Radeon graphics unit. Valve strictly adheres to open-source drivers, but the HDMI Forum is unwilling to disclose the 2.1 specification. According to Valve, they have validated the HDMI 2.1 hardware under Windows to ensure basic functionality.

Firefox 146 has been released with native fractional scaling support on Wayland -- finally giving Linux users crisp UI rendering. Other new additions include GPU process improvements on macOS, developer-focused CSS features, and broader access to Firefox Labs. Phoronix reports: Firefox 146 also now makes Firefox Labs available to all users, Firefox on macOS now has a dedicated GPU process by default, dropping Direct2D support on Windows, support for compressed elliptic curve points in WebCrypto, and updated the bundled Skia graphics library. Firefox 146 also has some fun developer enhancements like support for the CSS text-decoration-inset property, the @scope rule now being supported, CSS contrast-color() function being available, and several new experimental web features. The release notes and developer changes can be found at their respective links. Release binaries are available at Mozilla.org.

Lenovo may be preparing to unveil a gaming laptop that uses rollable OLED technology to expand horizontally into an ultrawide 21:9 display, according to a Windows Latest report suggesting the device could appear at CES 2026 in January. The Lenovo Legion Pro Rollable would differ from the company's existing ThinkBook Plus Gen 6, which expands its screen vertically.

The new gaming-focused design would see the left and right edges of the display extend beyond the laptop's base chassis when unrolled. Specific details remain scarce. Windows Latest doesn't know the display resolution, refresh rate, screen dimensions in either state, pricing, or release timing -- though it does mention an Intel Core Ultra processor. The ThinkBook Plus Gen 6 currently sells for $3,500.

Why does Netflix want to buy Warner Bros, asks the chief film critic at the long-running motion-picture magazine Variety. "It is hard, at this moment, to resist the suspicion that the ultimate reason... is to eliminate the competition." [Warner Bros. is] one of the only companies that's keeping movies as we've known them alive... Some people think movies are going the way of the horse-and-buggy. A company like Warner Bros. has been the tangible proof that they're not. Ted Sarandos, the co-CEO of Netflix, has a different agenda. He has been unabashed about declaring that the era of movies seen in movie theaters is an antiquated concept. This is what he believes — which is fine. I think a more crucial point is that this is what he wants.

The Netflix business strategy isn't simply about being the most successful streaming company. It's about changing the way people watch movies; it's about replacing what we used to call moviegoing with streaming. (You could still call it moviegoing, only now you're just going into your living room.) It in no way demonizes Sarandos — he'd probably take it as a compliment — to say that there's a world-domination aspect to the Netflix grand strategy. Sarandos's vision is to have the entire planet wired, with everyone watching movies and shows at home. There's a school of thought that sees this an advance, a step forward in civilization. "Remember the days when we used to have to go out to a movie theater? How funny! Now you can just pop up a movie — no trailers! — with the click of a remote...."

Once he owns Warner Bros., will Sarandos keep using the studio to make movies that enjoy powerful runs in theaters the way Sinners and Weapons and One Battle After Another did? In the statement he made to investors and media today, Sarandos said, "I'd say right now, you should count on everything that is planned on going to the theater through Warner Bros. will continue to go to the theaters through Warner Bros." He added, "But our primary goal is to bring first-run movies to our members, because that's what they're looking for." Not exactly a ringing declaration of loyalty to the religion of cinema. And given Sarandos's track record, there is no reason to believe that he will suddenly change his spots.

A letter sent to Congress by a group of anonymous Hollywood producers, who voiced "grave concerns" about Netflix buying Warner Bros., stated, "They have no incentive to support theatrical exhibition, and they have every incentive to kill it." If that happens, though, I have no doubt that Sarandos will be smart enough to do it gradually. Warner Bros. films will probably be released in a "normal" fashion...for a while. Maybe a year or two. But five years from now? There is good reason to believe that by then, a "Warner Bros. movie," even a DC comic-book extravaganza, would be a streaming-only release, or maybe a two-weeks-in-theaters release, all as a more general way of trying to shorten the theatrical window, which could be devastating to the movie business.

Do we know all this to be true? No, but the indicators are somewhat overpowering. (He's been explicit about the windows...)
An anonymous group of "concerned feature film producers" sent an open letter to Congress warning Netflix would "effectively hold a noose around the theatrical marketplace," reports Variety.

And CNN also got this quote from Cinema United, a trade association that represents more than 30,000 movie screens in the United States. "Netflix's stated business model does not support theatrical exhibition," Cinema United President/CEO Michael O'Leary said in a statement. "In fact, it is the opposite."

"Homebrew, the package manager for macOS and Linux, just got a handy new feature in the latest v5.0.4 update," reports How-To Geek.

Brewfile install scripts "are now more like a one-stop shop for installing software, as Flatpaks are now supported alongside Brew packages, Mac App Store Apps, and other packages." For those times when you need to install many software packages at once, like when setting up a new PC or virtual machine, you can create a Brewfile with a list of packages and run it with the 'brew bundle' command. However, the Brewfile isn't limited to just Homebrew packages. You can also use it to install Mac App Store apps, graphical apps through Casks, Visual Studio Code extensions, and Go language packages. Starting with this week's Homebrew v5.0.4 release, Flatpaks are now supported in Brewfiles as well...

This turns Homebrew into a fantastic setup tool for macOS, Linux, and Windows Subsystem for Linux (WSL) environments. You can have one script with all your preferred software, and use 'if' statements with platform variables and existing file checks for added portability.

Linus Torvalds recently defended Windows' infamous Blue Screen of Death during a video with Linus Sebastian of Linus Tech Tips, where the two built a PC together. It's FOSS reports: In that video, Sebastian discussed Torvalds' fondness for ECC (Error Correction Code). I am using their last name because Linus will be confused with Linus. This is where Torvalds says this: "I am convinced that all the jokes about how unstable Windows is and blue screening, I guess it's not a blue screen anymore, a big percentage of those were not actually software bugs. A big percentage of those are hardware being not reliable."

Torvalds further mentioned that gamers who overclock get extra unreliability. Essentially, Torvalds believes that having ECC on the machine makes them more reliable, makes you trust your machine. Without ECC, the memory will go bad, sooner or later. He thinks that more than software bugs, often it is hardware behind Microsoft's blue screen of death. You can watch the video on YouTube (the BSOD comments occur at ~9:37).

joshuark shares a report from BleepingComputer: Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. Tracked as CVE-2025-9491, this security flaw allows attackers to hide malicious commands within Windows LNK files, which can be used to deploy malware and gain persistence on compromised devices. However, the attacks require user interaction to succeed, as they involve tricking potential victims into opening malicious Windows Shell Link (.lnk) files. Thus some element of social engineering, and user technically naive and gullibility such as thinking Windows is secure is required. [...]

As Trend Micro threat analysts discovered in March 2025, the CVE-2025-9491 was already being widely exploited by 11 state-sponsored groups and cybercrime gangs, including Evil Corp, Bitter, APT37, APT43 (also known as Kimsuky), Mustang Panda, SideWinder, RedHotel, Konni, and others. Microsoft told BleepingComputer in March that it would "consider addressing" this zero-day flaw, even though it didn't "meet the bar for immediate servicing." ACROS Security CEO and 0patch co-founder Mitja Kolsek found, Microsoft has silently changed LNK files in the November updates in an apparent effort to mitigate the CVE-2025-9491 flaw. After installing last month's updates, users can now see all characters in the Target field when opening the Properties of LNK files, not just the first 260. As the movie the Ninth Gate stated: "silentium est aurum"

An anonymous reader quotes a report from The Verge's Sean Hollister If you wrote off the Steam Frame as yet another VR headset few will want to wear, I guarantee you're not alone. But the Steam Frame isn't just a headset; it's a Trojan horse that contains the tech gamers need to play Steam games on the next Samsung Galaxy, the next Google Pixel, perhaps Arm gaming notebooks to come. I know, because I'm already using that tech on my Samsung Galaxy. There is no official Android version of Hollow Knight: Silksong, one of the best games of 2025, but that doesn't have to stop you anymore. Thanks to a stack of open-source technologies, including a compatibility layer called Proton and an emulator called Fex, games that were developed for x86-based Windows PCs can now run on Linux-based phones with the Arm processor architecture. With Proton, the Steam Deck could already do the Windows-to-Linux part; now, Fex is bridging x86 and Arm, too.

This stack is what powers the Steam Frame's own ability to play Windows games, of course, and it was widely reported that Valve is using the open-source Fex emulator to make it happen. What wasn't widely reported: Valve is behind Fex itself. In an interview, Valve's Pierre-Loup Griffais, one of the architects behind SteamOS and the Steam Deck, tells The Verge that Valve has been quietly funding almost all the open-source technologies required to play Windows games on Arm. And because they're open-source, Valve is effectively shepherding a future where Arm phones, laptops, and desktops could freely do the same. He says the company believes game developers shouldn't be wasting time porting games if there's a better way.

Remember when the Steam Deck handheld showed that a decade of investment in Linux could make Windows gaming portable? Valve paid open-source developers to follow their passions to help achieve that result. Valve has been guiding the effort to bring games to Arm in much the same way: In 2016 and 2017, Griffais tells me, the company began recruiting and funding open-source developers to bring Windows games to Arm chips. Fex lead developer Ryan Houdek tells The Verge he chatted with Griffais himself at conferences those years and whipped up the first prototype in 2018. He tells me Valve pays enough that Fex is his full-time job. "I want to thank the people from Valve for being here from the start and allowing me to kickstart this project," he recently wrote.

Despite Windows 10 losing free support, Statcounter shows Windows 11 holding only a modest lead of 53.7% market share compared to Windows 10's 42.7%. Analysts say the slow transition reflects both hardware limitations and a lack of must-have Windows 11 features compelling organizations to refresh their fleets. The Register reports: The Register spoke to Lansweeper principal technical evangelist Esben Dochy, who noted that consumers were more likely to have devices that couldn't be upgraded or follow the "if it ain't broke, don't fix it" rule when it comes to change. He also pointed out consumers in the EU get Microsoft Extended Security Updates (ESU) for free.

For businesses, though, it's different. Dochy told us: "The primary blocker is slow change management processes. These can be slow due to bad planning, lack of resources, difficulty in execution (in highly distributed organizations) etc. "The ESU are used to be secure while those change management processes take place, but organizations will have to pay to get those ESU making it more expensive for unprepared or inefficient organizations." [...]

The challenge facing Windows 11 is that, other than the end of free support for many versions, there is no must-have feature to make enterprises break a hardware refresh cycle, particularly in a difficult economic environment. Microsoft has not released official statistics on Windows 11 adoption. However, hardware vendors have noted the sluggish pace of transition. Dell COO Jeffrey Clarke commented during an analyst call: "If you were to look at it relative to the previous OS end of support, we are 10-12 points behind at that point with Windows 11 than we were with the previous generation."

During last month's KubeCon North America in Atlanta, Kubernetes maintainers announced the upcoming retirement of Ingress NGINX. "Best-effort maintenance will continue until March 2026," noted the Kubernetes SIG Network and the Security Response Committee. "Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered." In a recent op-ed for The Register, Steven J. Vaughan-Nichols reflects on the decision and speculates about what might have prevented this outcome: Ingress NGINX, for those who don't know it, is an ingress controller in Kubernetes clusters that manages and routes external HTTP and HTTPS traffic to the cluster's internal services based on configurable Ingress rules. It acts as a reverse proxy, ensuring that requests from clients outside the cluster are forwarded to the correct backend services within the cluster according to path, domain, and TLS configuration. As such, it's vital for network traffic management and load balancing. You know, the important stuff.

Now this longstanding project, once celebrated for its flexibility and breadth of features, will soon be "abandonware." So what? After all, it won't be the first time a once-popular program shuffled off the stage. Off the top of my head, dBase, Lotus 1-2-3, and VisiCalc spring to my mind. What's different is that there are still thousands of Ingress NGINX controllers in use. Why is it being put down, then, if it's so popular? Well, there is a good reason. As Tabitha Sable, a staff engineer at Datadog who is also co-chair of the Kubernetes special interest group for security, pointed out: "Ingress NGINX has always struggled with insufficient or barely sufficient maintainership. For years, the project has had only one or two people doing development work, on their own time, after work hours, and on weekends. Last year, the Ingress NGINX maintainers announced their plans to wind down Ingress NGINX and develop a replacement controller together with the Gateway API community. Unfortunately, even that announcement failed to generate additional interest in helping maintain Ingress NGINX or develop InGate to replace it." [...]

The final nail in the coffin was when security company Wix found a killer Ingress NGINX security hole. How bad was it? Wix declared: "Exploiting this flaw allows an attacker to execute arbitrary code and access all cluster secrets across namespaces, which could lead to complete cluster takeover." [...] You see, the real problem isn't that Ingress NGINX has a major security problem. Heck, hardly a month goes by without another stop-the-presses Windows bug being uncovered. No, the real issue is that here we have yet another example of a mission-critical open source program no one pays to support...

Steam's November 2025 survey shows Linux gaming climbed to its highest share in a decade "thanks to the success of the Steam Deck, the underlying Steam Play (Proton) software, and now further excitement thanks to the upcoming Steam Machine and Steam Frame," writes Phoronix's Michael Larabel. From the report: A decade ago in the early Steam days the initial use was around 3% and back then the Steam user-base in absolute terms was much smaller than it is today. Back in October Steam on Linux finally re-crossed that 3% threshold after for years being stuck in a 1~2% rut. Now the Steam Survey results were published minutes ago for November and they continue an upward trend for Linux.

Steam on Linux is up to 3.2%, an increase of 0.15% for the month. One year ago Steam on Linux was at 2.03% last November, 1.91% for November 2023, and a decade ago for November 2015 was at just 0.98%. [...] Due to AMD APUs powering the Steam Deck, AMD CPUs continue to power nearly 70% of Linux gaming systems. Meanwhile under Windows, AMD has around a 42% CPU marketshare.

Microsoft has acknowledged that a recent Windows preview update, KB5064081, contains a bug that renders the password icon invisible on the lock screen, leaving users to click on what appears to be empty space to enter their credentials.

The issue affects Windows Insider channel users who installed the non-security preview update. The company's suggested workaround is straightforward if somewhat absurd: click where the button should be, and the password field will appear. Microsoft said it is working to resolve the issue.

"By my count, Linux has over 11% of the desktop market," writes ZDNet's Steven Vaughan-Nichols: In StatCounter's latest US numbers, which cover through October, Linux shows up as only 3.49%. But if you look closer, "unknown" accounts for 4.21%. Allow me to make an educated guess here: I suspect those unknown desktops are actually running Linux. What else could it be? FreeBSD? Unix? OS/2? Unlikely. In addition, ChromeOS comes in at 3.67%, which strikes me as much too low. Leaving that aside, ChromeOS is a Linux variant. It just uses the Chrome web browser for its interface rather than KDE Plasma, Cinnamon, or another Linux desktop environment. Put all these together, and you get a Linux desktop market share of 11.37%...

If you want to look at the broader world of end-user operating systems, including phones and tablets, Linux comes out even better. In the US, where we love our Apple iPhones, Android — yes, another Linux distro — boasts 41.71% of the market share, according to StatCounter's latest numbers. Globally, however, Android rules with 72.55% of the market. Yes, that's right, if you widen the Linux end-user operating system metric to include PC, tablets, and smartphones, you can make a reasonable argument that Linux, and not Windows, is already the top dog operating system...

If you add Chrome OS (1.7%) and Android (15.8%), 23.3% of all people accessing the U.S. government's websites are Linux users. The Linux kernel's user-facing footprint is much larger than the "desktop Linux" label suggests.
The article lists reasons more people might be switching to Linux, including broader hardware support and "the increased viability of gaming via Steam and Proton" — but also the rise of Digital Sovereignty initiatives. (One EU group has even created EU OS.")

And finally, "not everyone is thrilled with Windows 11 being turned into an AI-agentic operating system."

Dell has predicted PC sales will be flat next year, despite the potential of the AI PC and the slow replacement of Windows 10. From a report: "We have not completed the Windows 11 transition," COO Jeffrey Clarke said during Dell's Q3 earnings call on Tuesday. "In fact, if you were to look at it relative to the previous OS end of support, we are 10-12 points behind at that point with Windows 11 than we were the previous generation." Clarke said that means 500 million PCs can't run Windows 11, while the same number didn't need an upgrade to handle Microsoft's latest desktop OS. The COO therefore predicted the PC market will "flourish," but then defined the word as meaning "roughly flat" sales despite Dell chalking up mid-to high single digits PC sales growth over the last year.

In the latest Windows Insider beta update, Microsoft has announced that it is exploring preloading File Explorer in the background to improve launch performance. The feature will load File Explorer silently before users click on it and can be toggled off for those who prefer not to use it. Microsoft introduced a similar capability earlier this year for Office called Startup Boost that loads parts of Word in the background so the application launches more quickly. The company is also removing elements from the File Explorer context menu in the same update.

Microsoft is rolling out yet another update to Notepad for Windows 11 Insiders that adds table support and faster AI-generated responses, continuing a transformation of the once-minimal text editor that has drawn sustained criticism from users who preferred its original simplicity. The update, version 11.2510.6.0, lets users insert tables via a formatting toolbar or Markdown syntax and enables streaming responses for the app's Write, Rewrite, and Summarize AI features.

"Three years ago, Google removed JPEG XL support from Chrome, stating there wasn't enough interest at the time," writes the blog Windows Report. "That position has now changed." In a recent note to developers, a Chrome team representative confirmed that work has restarted to bring JPEG XL to Chromium and said Google "would ship it in Chrome" once long-term maintenance and the usual launch requirements are met.

The team explained that other platforms moved ahead. Safari supports JPEG XL, and Windows 11 users can add native support through an image extension from Microsoft Store. The format is also confirmed for use in PDF documents. There has been continuous demand from developers and users who ask for its return.

Before Google ships the feature in Chrome, the company wants the integration to be secure and supported over time. A developer has submitted new code that reintroduces JPEG XL to Chromium. This version is marked as feature complete. The developer said it also "includes animation support," which earlier implementations did not offer.