"It was weird to own a Zune in 2005," remembers a new article in the Verge. "It is even weirder to own a Zune in 2021 — let alone 16 of them. And yet, 27-year-old Conner Woods proudly shows off his lineup on a kitchen table." They come in all different colors, shapes, and sizes, and each can be identified by that telltale black plastic D-pad just below the screen. He owns the entire scope of the brief Zune lineup — from the svelte Zune 4 to the chunky Zune HD — and among the microscopic community of people who still adore Microsoft's much-derided MP3 player, no collection of dead tech could possibly be more enviable.

Woods picked up his Zune foraging habit during the pandemic, while he was furloughed from his job working security at Best Buy. "I taught myself to solder, began buying up dead Zunes, and repairing and flipping them for a profit," he says. "At some point I ran across some rare ones and couldn't bring myself to part with them."

He counts a particularly rare model bearing the Halo 3 logo and another with the Gears of War seal, but to fully understand the depths of Woods' obsession, you need to look past the gadgets and into the great beyond. Click through his post on the r/Zune subreddit, and wander into his veritable shrine of forgotten Zune detritus. Woods owns multiple Zune-stamped traveling cases and boombox docks. He has a Zune-branded stress ball as well as a Zune tinderbox, complete with matches that are dyed in the brand's customary burnt orange and fiery purple. My personal favorite: a Rubik's cube that, when solved, reveals the Zune's polyhedral insignia on all of the white squares, as if to say the answer to one of history's most vexing logic puzzles is, eternally, Zune.
The article also suggests the Zune exemplified Microsoft's inherent "squareness" at the start of the 2000s. "The product was entirely functional, sure, but for reasons that remain difficult to articulate — the video game insignias, the oversized trackpad, their baffling bulkiness — it was also about a million times less chic than the iPod. (That same inscrutable problem flags Bing, Cortana, the ill-fated Windows Phone, etc.)

"But today, almost a decade after Microsoft terminated the brand, there is a small bastion of diehards who are still loving and listening to their Zunes." And one of them has even added a 128GB SSD to their Zune's motherboard.

Jalopnik shares a story for our times: Adobe's Flash, the web browser plug-in that powered so very many crappy games, confusing interfaces, and animated icons of the early web like Homestar Runner is now finally gone, after a long, slow, protracted death. For most of us, this just means that some goofy webgame you searched for out of misplaced nostalgia will no longer run. For a select few in China, though, the death of Flash meant being late to work, because the city of Dalian in northern China was running their railroad system on it.

Yes, a railroad, run on Flash, the same thing used to run "free online casinos" and knockoff Breakout games in mortgage re-fi ads...

Hell, YouTube used to run on Flash until 2015. It wasn't all stupid little web games but, that said, I can't for the life of me fathom why anyone would want to run a freaking railroad network on it, with physical, multi-ton moving railcars full of human beings on it. So, when Adobe finally killed Flash-based content from running, this Tuesday Dalian's railroad network found itself ground to a halt for 20 hours.

The railroad's technicians did get everything back up and running, but the way they did this is fascinating, too. They didn't switch the rail management system to some other, more modern codebase or software installation; instead, they installed a pirated version of Flash that was still operational. The knockoff version seems to be known as "Ghost Version." This, along with installing an older version of the Flash player to work with the knockoff Flash server setup, "solved" the problem, and the railroad was back up and running.
UPDATE: ZDNet reports that "later reports from Chinese media clarified that railway traffic never stopped in Dalian because of the Flash end-of-life": However, the reports also admitted that there's some truth in the original report and that, indeed, some internal traffic statistics system had stopped working at the rail station on Jan. 12, when Adobe blocked Flash content from working.

Beeper is a forthcoming app from the founder of Pebble that claims to be a hub for all your messaging services, including support for iMessage on Android. Gizmodo reports: Instead of managing half a dozen apps for keeping in touch with friends, family, and co-workers, Beeper allows you to funnel everything to one interface. According to its website, the app supports 14 external messaging platforms as well as its own Beeper network. But the company's claim that it brings iMessage to Android, Windows, or Linux devices could be a killer feature for anyone who's suffered through the embarrassment of the green bubble.

Apple likes to keep its in-house products exclusive to its own hardware, so this claim is a bit surprising, but Beeper says it's figured out a workaround. On its website, it explains: "Beeper has two ways of enabling Android, Windows and Linux users to use iMessage: we send each user a Jailbroken iPhone with the Beeper app installed which bridges to iMessage, or if they have a Mac that is always connected to the internet, they can install the Beeper Mac app which acts as a bridge. This is not a joke, it really works!"

Okay, the part about using an always-connected Mac as a bridge is not unprecedented, but the idea of sending users jailbroken upcycled iPhones is a little bonkers. Eric Migicovsky, founder of the Pebble smartwatch company and partner at Beeper, took to Twitter to insist that the jailbreak plan is legit and that he currently has 50 iPhone 4s ready for the task. In an update, Migicovsky tells Gizmodo that "Beeper encrypts all messages on the client before they reach our servers. We cannot decrypt any message contents."

The services compatible with Beeper include: Whatsapp, Facebook Messenger, iMessage, Android Messages (SMS), Telegram, Twitter, Slack, Hangouts, Instagram, Skype, IRC, Matrix, Discord, Signal, and Beeper network.

Wine 6.0 has been released today and contains over 8,300 changes, according to its full release notes. Windows Central reports: The new release of version 6.0 has thousands of changes, but Wine's website highlights some of the biggest improvements: Core modules in PE format; Vulkan backend for WineD3D; DirectShow and Media Foundation support; and Text console redesign. The full release notes for Wine 6.0 explain that the core DLLs, which include NTDLL, KERNEL32, GDI32, and USER32 are now built in the Portable Executable (PE) format. As a result, people should see improvements for certain copy protection schemes.

The update also includes a new mechanism to associate a Unix library with the PE module. This change makes it so systems can call Unix libraries from PE when trying to perform a function that can't be handled by Win32 APIs. Wine 6.0 also includes an experimental Vulkan rendered that translates Direct3D shaders to SPIR-V shaders. In another change related to Direct3D, the Direct3D graphics card database now recognizes more graphics cards and includes updated driver versions.

An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. Bleeping Computer reports: In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed. When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records. The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version. What's worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems. [...] It is unclear why accessing this attribute corrupts the drive, and Jonas told BleepingComputer that a Registry key that would help diagnose the issue doesn't work.

One striking finding shared by Jonas with us was that a crafted Windows shortcut file (.url) that had its icon location set to C:\:$i30:$bitmap would trigger the vulnerability even if the user never opened the file! As observed by BleepingComputer, as soon as this shortcut file is downloaded on a Windows 10 PC, and the user views the folder it is present in, Windows Explorer will attempt to display the file's icon. To do this, Windows Explorer would attempt to access the crafted icon path inside the file in the background, thereby corrupting the NTFS hard drive in the process. Next, "restart to repair hard drive" notifications start popping up on the Windows PC -- all this without the user even having opened or double-clicked on the shortcut file.

Just ahead of its launch for commercial PC-like devices, an install image of Windows 10X for single screens has leaked, giving us an early peek at Microsoft's new OS. And yes, it's just like Chrome OS. From a report: Let's just get that out of the way. Microsoft has been working for years on a Chromebook competitor, but it has been largely unsuccessful. Windows 10 S, which was originally called Windows 10 Cloud, was Terry Myerson's approach, and that, of course, crashed and burned, in part because it looked identical to Windows 10 but couldn't run downloaded Windows 10 desktop applications. And now we have Windows 10X. Microsoft tried to hide its true intent with this product by pretending last year that it was aimed at a new generation of dual-display PCs, but the software giant really created 10X to compete with Chrome OS on inexpensive single-display PCs. So after failing to get its container-based Windows desktop application compatibility solution to work, Microsoft scaled back and repositioned Windows 10X as was originally intended: It will now ship only on new traditional PCs aimed at education and other commercial markets.

Google published a six-part report this week detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices. From a report: The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks, Google said. "One server targeted Windows users, the other targeted Android," Project Zero, one of Google's security teams, said in the first of six blog posts. Google said that both exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. Once an initial entry point was established in the user's browsers, attackers deployed an OS-level exploit to gain more control of the victim's devices. The exploit chains included a combination of both zero-day and n-day vulnerabilities, where zero-day refers to bugs unknown to the software makers, and n-day refers to bugs that have been patched but are still being exploited in the wild.

The WebAssembly portable binary format will now have wider support from Wasmer, the server-side runtime which "allows universal binaries compiled from C++, Rust, Go, Python, and other languages to run on different operating systems and in web browsers without modification," reports InfoWorld: Wasmer can run lightweight containers based on WebAssembly on a variety of platforms — Linux, MacOS, Windows, Android, iOS — from the desktop to the cloud to IoT and mobile devices, while also allowing these containers to be embedded in any programming language. The Wasmer runtime also is able to run the Nginx web server and other WebAssembly modules...

Wasmer was introduced in December 2018, with the stated goal of doing for WebAssembly what JavaScript did for Node.js: establish it server-side. By leveraging Wasmer for containerization, developers can create universal binaries that work anywhere without modification, including on Linux, MacOS, and Windows as well as web browsers. WebAssembly automatically sandboxes applications by default for secure execution, shielding the host environment from malicious code, bugs, and vulnerabilities in the software being run.
Wasmer 1.0 reached "general availability status" with its release on January 5, and its developers are now claiming "out of this world" runtime and compiler performance.

"We believe that WebAssembly will be a crucial component for the future of software execution and containerization (not only inside the browser but also outside)."

Bleeping Computer reports: NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software. The vulnerabilities expose Windows and Linux machines to attacks leading to denial of service, escalation of privileges, data tampering, or information disclosure.

All these security bugs require local user access, which means that potential attackers will first have to gain access to vulnerable devices using an additional attack vector. Following successful exploitation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones granted by the OS.

Microsoft is making a big change to its Windows 10 taskbar soon, with the addition of a news and weather widget. The Verge reports: The new feature is available to testers today, and it will allow Windows 10 users to access a feed of news, stocks, and weather information straight from the taskbar. You'll be able to quickly glance at the weather without having to open the Start menu, install a third-party app, or check online. The taskbar feature will pop out into a mini feed of content that can be personalized with the latest sports news, headlines, and weather information. Microsoft is using its Microsoft News network to surface news and content from more than 4,500 sources. The company has been curating this through artificial intelligence in recent months, and this particular feature will also learn what news is relevant to you when you dismiss or like stories in the feed.

This new taskbar feature will also require Microsoft's Chromium-based Edge to be installed on a PC. That means any link you click within the feature will force you into Edge to read it, and Microsoft is presenting content in the reading view by default. You can of course disable this new taskbar feature, and Microsoft says it will be an ad-free experience.

An anonymous reader quotes a report from ZDNet: Security firm Intezer Labs said it discovered a covert year-long malware operation where cybercriminals created fake cryptocurrency apps in order to trick users into installing a new strain of malware on their systems, with the obvious end goal of stealing victims' funds. The campaign was discovered last month in December 2020, but researchers said they believe the group began spreading their malware as early as January 8, 2020. Intezer Labs said the hackers relied on three cryptocurrency-related apps for their scheme. The fake apps were named Jamm, eTrade/Kintum, and DaoPoker, and were hosted on dedicated websites at jamm[.]to, kintum[.]io, and daopker[.]com, respectively.

The first two apps claimed to provide a simple platform to trade cryptocurrency, while the third was a cryptocurrency poker app. All three apps came in versions for Windows, Mac, and Linux, and were built on top of Electron, an app-building framework. But Intezer researchers say the apps also came with a little surprise in the form of a new malware strain that was hidden inside, which the company's researchers named ElectroRAT. Intezer researchers believe the malware was being used to collect cryptocurrency wallet keys and then drain victims' accounts. To spread the trojanized applications, Intezer says the hackers posted ads for the three apps and their websites on niche cryptocurrency forums, or they used social media accounts. Because of a quirk in the malware's design, which retrieved the address of its command and control server from a Pastebin URL, Intezer believes this operation infected around 6,500 users -- the total number of times the Pastebin URLs were accessed.

Dell is launching three new monitors next month, and all of them come with a dedicated Microsoft Teams button. The Verge reports: Dell claims it has created the "world's first video conferencing monitors certified for Microsoft Teams," after Microsoft started certifying displays, webcams, and headsets last year. Three monitors will be available next month, all offering quick access to Microsoft Teams. The button will let Microsoft Teams users quickly launch the app to make and receive video calls. Hands-free commands will also be supported through Cortana and the built-in microphone.

The Teams button is the main surprise with these displays, but Dell's trio of videoconferencing monitors also have some useful specs designed for an era where remote work and video calling is key. Each includes a 5-megapixel pop-up infrared camera, which supports facial recognition with Windows Hello. Dell also bundles a noise-canceling microphone and dual 5-watt integrated speakers. There's even a built-in mode to reduce blue light emissions. Dell is launching a 24-inch (FHD) version for $519.99, a 27-inch (QHD) model for $719.99, and a curved 34-inch (WQHD) variant for $1,149.99. All three will launch on February 16th. In other Dell-related news, the company has announced new versions of its Latitude laptops with Intel's new 11th Gen vPro chips and new features like an automated, integrated webcam shutter to physically block your camera when it's not in use.

Microsoft is building a universal Outlook client for Windows and Mac that will also replace the default Mail & Calendar apps on Windows 10 when ready. This new client is codenamed Monarch and is based on the already available Outlook Web app available in a browser today. From a report: Project Monarch is the end-goal for Microsoft's "One Outlook" vision, which aims to build a single Outlook client that works across PC, Mac, and the Web. Right now, Microsoft has a number of different Outlook clients for desktop, including Outlook Web, Outlook (Win32) for Windows, Outlook for Mac, and Mail & Calendar on Windows 10. Microsoft wants to replace the existing desktop clients with one app built with web technologies. The project will deliver Outlook as a single product, with the same user experience and codebase whether that be on Windows or Mac. It'll also have a much smaller footprint and be accessible to all users whether they're free Outlook consumers or commercial business customers. I'm told the app will feature native OS integrations with support for things like offline storage, share targets, notifications, and more. I understand that it's one of Microsoft's goals to make the new Monarch client feel as native to the OS as possible while remaining universal across platforms by basing the app on the Outlook website.

The reason why the Windows UI has a 32GB limit on the formatting of FAT32 volumes is because retired Microsoft engineer Dave Plummer "said so." The confession comes "in the latest of a series of anecdotes hosted on his YouTube channel Dave's Garage," reports The Register. From the report: In the closing years of the last century, Plummer was involved in porting the Windows 95 shell to Windows NT. Part of that was a redo of Windows Format ("it had to be a replacement and complete rewrite since the Win95 system was so markedly different") and, as well as the grungy lower-level bits going down to the API, he also knocked together the classic, stacked Format dialog over the course of an hour of UI creativity. As he admired his design genius, he pondered what cluster sizes to offer the potential army of future Windows NT 4.0 users. The options would define the size of the volume; FAT32 has a set maximum number of clusters in a volume. Making those clusters huge would make for an equally huge volume, but at a horrifying cost in terms of wasted space: select a 32-kilobyte cluster size and even the few bytes needed by a "Hello World" file would snaffle the full 32k.

"We call it 'Cluster Slack'," explained Plummer, "and it is the unavoidable waste of using FAT32 on large volumes." "How large is too large? At what point do you say, 'No, it's too inefficient, it would be folly to let you do that'? That is the decision I was faced with." At the time, the largest memory card Plummer could lay his hands on for testing had an impossibly large 16-megabyte capacity. "Perhaps I multiplied its size by a thousand," he said, "and then doubled it again for good measure, and figured that would more than suffice for the lifetime of NT 4.0. I picked the number 32G as the limit and went on with my day."

While Microsoft's former leader may have struggled to put clear water between himself and the infamous "640K" quote of decades past, Plummer was clear that his decision process was aimed at NT 4.0 and would just be a temporary thing until the UI was revised. "That, however, is a fatal mistake on my part that no one should be excused for making. With the perfect being the enemy of the good, 'good enough' has persisted for 25 years and no one seems to have made any substantial changes to Format since then..." ... However, as Plummer put it: "At the end of the day, it was a simple lack of foresight combined with the age-old problem of the temporary solution becoming de-facto permanent."

An anonymous reader shares a report: Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim's IP address and check it against an IP-to-geo database like MaxMind's GeoIP to get a victim's approximate geographical location. While the technique isn't very accurate, it is still the most reliable method of determining a user's actual physical location based on data found on their computer. However, in a blog post last month, Xavier Mertens, a security researcher with the SANS Internet Storm Center, said he discovered a new malware strain that is using a second technique on top of the first. This second technique relies on grabbing the infected user's BSSID. Known as a "Basic Service Set Identifier," the BSSID is basically the MAC physical address of the wireless router or access point the user is using to connect via WiFi. You can see the BSSID on Windows systems by running the command: netsh wlan show interfaces | find "BSSID" Mertens said the malware he discovered was collecting the BSSID and then checking it against a free BSSID-to-geo database maintained by Alexander Mylnikov.

Microsoft is planning a "sweeping visual rejuvenation of Windows" that is designed to signal to users of the operating system that "Windows is BACK." From a report: That's according to a job listing posted by Microsoft recently, advertising for a software engineering role in the Windows Core User Experiences team: "On this team, you'll work with our key platform, Surface, and OEM partners to orchestrate and deliver a sweeping visual rejuvenation of Windows experiences to signal to our customers that Windows is BACK and ensure that Windows is considered the best user OS experience for customers." Microsoft quietly removed references to this "sweeping visual rejuvenation" this morning, after several Windows enthusiasts spotted the job listing over the weekend.

Fast Company's technology editor harrymcc writes: After years of growing technical irrelevance and security concerns, the Flash browser plug-in will reach the end of the road on January 12 when Adobe blocks its ability to display content. The web will survive just fine. But there's a huge library of old Flash games — some of them quirky, interesting, and worth preserving. Over at Fast Company, Jared Newman wrote about several grassroots initiatives that will allow us to continue to enjoy these artifacts of the Flash era even after Flash is history.
Some tips from the article:

• If you have a Windows PC, the best way to replay old Flash content is with FlashPoint, a free program with more than 70,000 web games and 8,000 animations, most of which are Flash-based. (Experimental Mac and Linux versions are also available, but are complicated to set up....)

• Conifer lets you run a legacy browser with Flash support on a remote machine, insulating you from any security issues...

• The Internet Archive has made thousands of Flash games and animations playable online in modern web browsers through emulation, so you can play the Helicopter Game or watch Peanut Butter Jelly Time in their original forms.

• Ruffle is the underlying emulation software that The Internet Archive is using. You can also install it as a standalone program or browser extension...

• Newgrounds has released its own Flash Player for Windows that safely loads content from its website, so you still get the full experience of using Newgrounds proper.

But the article opens with a sentence reminding us that "After all the challenges of 2020, there's one thing we can all look forward to in the new year: Adobe Flash Player will finally be dead."

Long-time programmer/researcher/former MIT research fellow Jonathan Edwards writes a blog called "Alarming Development: Dispatches from the User Liberation Front."

He began the new year by arguing that software "is eating the world. But progress in software technology itself largely stalled around 1996." Slashdot reader tonique summarizes Edwards' argument: In 1996 there were "LISP, Algol, Basic, APL, Unix, C, Oracle, Smalltalk, Windows, C++, LabView, HyperCard, Mathematica, Haskell, WWW, Python, Mosaic, Java, JavaScript, Ruby, Flash, Postgress [sic]". After that we're supposed to have achieved "IntelliJ, Eclipse, ASP, Spring, Rails, Scala, AWS, Clojure, Heroku, V8, Go, React, Docker, Kubernetes, Wasm".

Edwards's main thesis is that the Internet boom around 1996 caused this slowdown because programmers could get rich quick. Then smart and ambitious people moved into Silicon Valley, and founded startups. But you can't do research at a startup due to time and money constraints. Today only "megacorps" like Google, Facebook, Apple and Microsoft are supposedly able to do relevant research because of their vast resources.

Computer science wouldn't help, either, because "most of our software technology was built in companies" and because computer science "strongly disincentivizes risky long-range research". Further, according to Edwards, the aversion to risk and "hyper-professionalization of Computer Science" is part of a larger and worrisome trend throughout the whole field and all of western civilisation.
Edwards' blog post argues that since 1996 "almost everything has been cleverly repackaging and re-engineering prior inventions. Or adding leaky layers to partially paper over problems below. Nothing is obsoleted, and the teetering stack grows ever higher..."

"[M]aybe I'm imagining things. Maybe the reason progress stopped in 1996 is that we invented everything. Maybe there are no more radical breakthroughs possible, and all that's left is to tinker around the edges. This is as good as it gets: a 50 year old OS, 30 year old text editors, and 25 year old languages.

"Bullshit. No technology has ever been permanent. We've just lost the will to improve."

The last day of the year was also the last day for FarmVille, one of the original addictive Facebook games. From a report: FarmVille, which allowed players to cultivate colorful cartoonish farms by tending crops and caring for livestock, had 30 million daily players at its peak. But game developer Zynga announced in September it would shut down the game on Dec. 31, a victim of Adobe's decision to stop distributing and updating its Flash Player for web browsers, which in turn led Facebook to announce an end to support for Flash games on its platform.

With the Flash Player officially reaching the end of life tomorrow, Adobe has started to display alerts on Windows computers recommending that users uninstall Flash Player. From a report: When Flash Player is installed, it creates a scheduled task named 'Adobe Flash Player PPAPI Notifier' that executes the following command: "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe" -update pepperplugin. When this command is executed, it is now displaying an alert thanking users for using Adobe Flash Player and then recommending that they uninstall the program due to its looming end of life. Further reading: Adobe Flash is about to die, but classic Flash games will live on.