Month: March 2019

Enlarge / It's good to see some PC logos in this image. (credit: Xbox Studios)

After a seemingly endless run of rumors, the news Halo fans have been waiting for is here: the series is finally coming back to PC, and in pretty big fashion.

Halo: The Master Chief Collection will arrive on Windows PCs "later this year," according to the official Halo Waypoint site, and fans will be able to buy the collection either via Steam or the Windows Store. (Anybody who's dealt with Windows 10's UWP woes will appreciate this rare example of Microsoft launching one of its first-party games on Steam at the same time as Windows Store, as opposed to delaying a Steam version for a few months.)

The game's listing confirms that PC gamers can look forward to full mouse-and-keyboard control support, along with support for resolutions up to 4K and an HDR toggle. Whether this version will also include the kinds of tweaks that hardcore PC gamers crave—including ultra-widescreen ratios, higher frame rates, and fully remappable controls—remains to be seen. We highly doubt Microsoft will include official mod support beyond letting players use individual games' built-in "Forge" creation tools.

Enlarge / Genuinely the worst.

Windows appears to be getting a little smarter about updates that go wrong. A newly published support page (spotted by Windows Latest) describes what the operating system does when a recent update causes a boot failure. First, Windows will uninstall the update and revert to a configuration that should work correctly. It will then block the update for 30 days.

The page states that this approach will be taken for both driver updates and the regular monthly Patch Tuesday updates. It's not unusual for Microsoft to have to issue blocks for these updates to prevent them from being distributed to certain system configurations after problems are found. But this policy allows for more fine-grained blocking, wherein systems will impose a temporary block on themselves should they have to. In most cases, when problems with updates are discovered, they're fixed and the updates are re-issued within a few days or weeks. So a 30-day block should typically give enough time for the update to be fixed prior to the attempted reinstallation.

It's not clear if this approach will be used for the twice-yearly feature upgrades or just the regular monthly Patch Tuesday updates. Microsoft's terminology usually distinguishes between "updates" (which are the things released on Patch Tuesdays) and "upgrades" (which come out twice a year). The description only mentions updates and driver updates. The install mechanism used by upgrades is completely separate from that used by updates, with its own separate rollback logic, so we'd suspect that nothing has changed for those.

Enlarge (credit: Internet1.jpg by Rock1997 modified)

A major operational error by GoDaddy, Apple, and Google has resulted in the issuance of at least 1 million browser-trusted digital certificates that don’t comply with binding industry mandates. The number of non-compliant certificates may be double that number, and other browser-trusted authorities are also likely to be affected.

The snafu is the result of the companies' misconfiguration of the open source EJBCA software package that many browser-trusted authorities use to generate certificates that secure websites, encrypt email, and digitally sign code. By default, EJBCA generated certificates with 64-bit serial numbers, in keeping, it seemed, with an industry mandate that serial numbers contain 64 bits of output from a secure pseudo-random number generator. Upon further scrutiny, engineers discovered that one of the 64 bits must be a fixed value to ensure the serial number is a positive integer. As a result, the EJBCA default produced a serial number with 63 bits of entropy.

The 63 bits is far off the mark of the required 64 bits and, as such, poses a theoretically unacceptable risk to the entire ecosystem. (Practically speaking, there’s almost no chance of the certificates being maliciously exploited. More about that later.) Adam Caudill, the security researcher who blogged about the mass misissuance last weekend, pointed out that it’s easy to think that a difference of 1 single bit would be largely inconsequential when considering numbers this big. In fact, he said, the difference between 2⁶³ and 2⁶⁴ is more than 9 quintillion.

Enlarge / Elon Musk speaks at the 68th International Astronautical Congress 2017 in Adelaide on September 29, 2017. (credit: PETER PARKS/AFP/Getty Images)

Elon Musk's lawyers have fired back at the Securities and Exchange Commission, arguing that the Tesla CEO did not violate the terms of his September settlement with the agency—and that the agency's attempt to gag Musk violates the First Amendment. The SEC has asked a federal judge to hold Musk in contempt for tweeting out a projection of Tesla's 2019 car production without first clearing the tweet with Tesla's lawyers.

The core disagreement in the case is over whether Musk's February 19 tweet stating "Tesla made 0 cars in 2011, but will make around 500k in 2019" was material—legal jargon for information that's significant enough to affect Tesla's stock price. If that 500k figure is material, then Tesla's policy required Musk to clear the tweet with his lawyers. Failure to do so would be a violation of Musk's deal with the SEC, which settled a previous lawsuit over another tweet containing allegedly inaccurate information.

But if Musk's 500k tweet is not material, as Musk's lawyers claim, then Musk did nothing wrong. Musk's lawyers argue Tesla's policy gives Musk discretion to decide which tweets are material and that Musk reasonably determined that this February 19 tweet was non-material. They argue that Musk's "around 500k" figure wasn't providing new information to the market but rather reiterating information Tesla had disclosed previously.

Enlarge / Sara (Mary Nepi) and Hayley (Gabrielle Elyse) team up to save their Arizona town from an alien invasion in Snatchers. (credit: Stage 13)

A teen pregnancy goes horribly awry in Snatchers, a charming genre-bending send-up of B-movie creature features, infused with the anything-goes spontaneity of sketch comedy. The horror/comedy debuted last weekend at the SXSW Film Festival in Austin, Texas.

(Mild spoilers for Snatchers below.)

High school student Sara (Mary Nepi) is pretty and popular, but she's also just been dumped by her hunky boyfriend, Skyler (Austin Fryberger) because she wanted to wait to have sex. He tells her he's "changed" during his trip to Mexico over the summer and now has "different priorities"—essentially he's turned into a mass of teenage hormones seeking any outlet for release. Desperate to hang onto her social status, Sara relents to his advances, but they don't use protection. She wakes up a day later not just pregnant, but fully nine months pregnant. And what she's carrying is definitely not a baby but some parasitic alien creature that shoots out from her uterus like a bloody cannonball. Things just get weirder (and gorier) from there.

Enlarge / Licensing and support lifecycles are not really the easiest topics to illustrate. (credit: Peter Bright)

As the end of Windows 7's free extended support period nears, Microsoft is going to do more to tell Windows 7 users that their operating system will soon cease receiving security updates.

Starting next month, the operating system will show users a "courtesy reminder" to tell them that security updates will cease and that Windows 10 (and hardware to run it on) exists. Microsoft promises that the message will only appear a "handful of times" during 2019 and that there will be a "do not notify me again" checkbox that will definitely suppress any future messages.

For those organizations that intended to keep using Windows 7 beyond its January 14, 2020 cut-off date, Microsoft has up to three years of paid fixes through its new Extended Security Update (ESU) scheme. These will be available to any organization with a volume license and will have a ratcheting cost structure that doubles the price each year.

Enlarge (credit: TechBargains)

Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today's list is headlined by a deal on Amazon's latest Kindle Paperwhite, which is currently available for $100. That's the typical sale price Amazon likes to slap on its e-book reader every now and then, but it's still good for a solid $30 discount.

You can check out our review of the Kindle Paperwhite for more in-depth feedback, but the short take on the 10th-gen e-reader is that it's the obvious choice for most people in this market. It's still light (6.4 ounces), thin (0.32 inches), and easy to use, with a massive library of things to read. The 6-inch display is still sharp (300 ppi), bright, and evenly lit, and it now sits flush against the display instead of having a cheaper recessed look.

The big upgrade with this particular model is that it's now waterproof with an IPX8 rating, so there's no need to worry about dropping it in the tub or getting it soaked by the pool. It can now play Audible audiobooks back through Bluetooth headphones, too—though there's no headphone jack—and its battery should last for weeks before it needs recharging.