Author: Peter Bright

Last month Microsoft said that it was considering ending support for TLS and SSL certificates that used the SHA-1 hashing algorithm, after Mozilla previously described a plan to do the same. Google is now thinking about joining those two companies and ending Chrome's support for SHA-1 certificates in the middle of next year too.

The underlying problem is that it has become too cost-effective to create forged certificates that use the SHA-1 hashing algorithm. As computers get faster, the cost of creating a fraudulent certificate goes down. Based on 2012 estimates, it was expected that criminals would be able to readily create such certificates by 2018. This declining cost led all three browser vendors to plan to end supporting any SHA-1 certificates issued after January 1, 2016, and all SHA-1 certificates after January 1, 2017.

Newer estimates have brought the cost of certificate fraud down further still. Through the use of cloud services such as Amazon's EC2, the compute power to create bogus SHA-1 certificates both costs less and is more accessible, such that SHA-1 certificates are arguably unsafe already. This led to reconsideration of the 2017 timetable. Mozilla and Microsoft are now contemplating bringing that January 1, 2017 date forward, to July 1, 2016, as long as the impact in-the-wild is not too serious.

Amid the brouhaha surrounding Microsoft's decision to backtrack on its offer of unlimited OneDrive storage for home Office 365 subscribers, one issue remained unaddressed: what about the related OneDrive for Business storage that's offered to enterprise Office 365 subscribers?

The company has finally laid out its plans for these users, and unlimited storage is back for at least some. Enterprise and government customers on the E3, E4, and E5 plans, education customers, and OneDrive for Business Plan 2 and SharePoint Online Plan 2 customers will all see their storage allocation increased provided that the organization has at least five subscribers.

This move to unlimited storage will be phased in two parts. The first part will be an automatic increase from the current 1TB to a new 5TB per user, expected to complete by the end of March 2016. Subsequently, customers will be able to request additional storage.

AMD's position in the graphics market continues to be a tricky one. Although the company has important design wins in the console space—both the PlayStation 4 and Xbox One are built around AMD CPUs with integrated AMD GPUs—its position in the PC space is a little more precarious. Nvidia currently has the outright performance lead, and perhaps more problematically, many games are to a greater or lesser extent optimized for Nvidia GPUs. One of the chief culprits here is Nvidia's GameWorks software, a proprietary library of useful tools for game development—things like realistic hair and shadows, and physics processing for destructible environments—that is optimized for Nvidia's cards. When GameWorks games are played on AMD systems, they can often do so with reduced performance or graphical quality.

To combat this, AMD is today announcing GPUOpen, a comparable set of tools to GameWorks. As the name would suggest, however, there's a key difference between GPUOpen and GameWorks: GPUOpen will, when it is published in January, be open source. AMD will use the permissive MIT license, allowing GPUOpen code to be used without any practical restriction in both open and closed source applications, and will publish all code on GitHub.

Making the libraries open source should make AMD's library much more appealing than it currently is. AMD already has offerings in this space; in particular, its TressFX library handles fur and hair generation in a manner comparable to Nvidia's HairWorks. Developers can, if they take the time and effort, even include both; the PC release of Grand Theft Auto V has both TressFX and HairWorks support. But this is extra work, and many developers won't bother. This tends to leave one or other GPU vendor at a disadvantage.

"From the director of Fast & Furious" are not words that I want to see in any Star Trek trailer.

Star Trek is a science fiction series. It is at its best when it is exploring the implications of its science. Yes, we want action and adventure, too, but there should be a context: exploration, the conflict between different cultures, the dangers of the (mis)use of technology. The TV series has always been better at this than the films, and perhaps it's understandable that the film would have different priorities in a bid for mass market appeal (though the recent success of the very sci-fi The Martian suggests that there is a healthy appetite for this kind of thing after all). Still, the new trailer looks long on punching, short on thinking.

Trailers can, of course, be completely misleading. I was suckered by the first Terminator Genisys trailer—the good trailer, the one that made the film look like it was going to be an exciting riff on the story we've seen before, not the second spoiler-laden trailer that showed what should have been a major reveal before we even stepped foot in the cinema. So maybe Star Trek Beyond will turn out to be good, but oh boy, the new trailer does not inspire confidence. Star Trek Into Darkness was the worst kind of lazy fan-service, totally squandering the promise of the reboot, but at least it was recognizable as Trek. Based on this glimpse Star Trek Beyond isn't, and it looks like it's going to plumb new depths.

One of the best bits of the modern world is the way that anything you buy online inevitably comes with a bunch of user reviews telling you why your purchase does or doesn't suck. Sometimes the compulsion to leave such a review can strike even in situations that most of us would probably feel are a little inappropriate, with employees of Taser International, maker of the occasionally lethal stun guns, apparently the latest to leave reviews without the kind of disclosure that professional reviews might be expected to contain.

Some one-star reviews posted on Amazon and iTunes for Killing Them Safely, a documentary film looking at the Taser stun guns and the safety issues around them, appear to have been posted by Taser International employees, using their own names. The dangers of Tasers are contested by the manufacturer and law enforcement agencies deploying the weapons, and the employees seem to be taking to the user reviews to express their dissatisfaction with the film.

The film's director, Nick Berardini, spotted one dubious review on iTunes, purporting to come from one Uriel Halioua. The review complains that the film is "poorly narrated"—in true user review form, Halioua appears not to have even watched the film, as Berardini says it has no narration—and concludes that it's "swill." The name Uriel Halioua is an uncommon one, but one person who does appear to be blessed with it just happens to work as a pre-sales systems engineer at Taser International. Peculiarly, that review seems now to have been deleted and reposted by a different user, "BobRossRocks."

Microsoft will be giving back some, but not all, of the OneDrive storage that it was planning to take away from users of its cloud storage service.

In early November, the company made a surprising announcement to OneDrive users in two parts. First, the unlimited storage that came with Office 365 subscriptions was being cut back to 1TB. Second, the free storage tier was cut from 15GB to 5GB, and the 15GB bonus that comes from syncing your camera roll with OneDrive was also removed.

The change was unsurprisingly unpopular. The OneDrive UserVoice site, used by Microsoft to solicit feature requests and feedback, quickly recorded a new top complaint: more than 70,000 votes for the storage to be reinstated, dwarfing every other suggestion on the site.

Microsoft promised to bring its Cortana digital personal assistant to iOS and Android in May this year, and public beta for Android came out in July, with a private iOS beta following a few months later. Now both versions have been released, with Cortana available in the App Store and in the Google Play Store, at least for US users.

We looked at the Android preview when it first came out. The version shipping today isn't hugely different from what we saw in July. The Cortana app looks essentially the same whether on Windows 10, Windows 10 Mobile, iOS, and Android; search box at the bottom, hamburger menu on the top left, and information cards. Those cards can show appointments, track packages, give you weather information or the latest sports scores, and so on. Cortana requires a Microsoft Account to use, and will sync your various interests and settings between all Cortana-enabled devices.

There are some differences in capabilities due to the API availability of the respective platforms. Neither iOS nor Android supports opening apps or changing settings from within Cortana. On Android, "Hey Cortana" voice activation is supported on the Android home screen, but not system-wide. On iOS there's no hands-free voice activation at all. Missed call notifications are similarly Android- and Windows 10 Mobile-specific: miss a call on your Cortana phone, and your Cortana Windows 10 PC will tell you. You can write an SMS to reply to the caller on your PC, and through the power of Internet syncing, the SMS will get sent to the caller from your phone.

Another day, another "Microsoft open-sources something" story. At the weekend it was the Chakra JavaScript engine. This time, it's Live Writer, the blogging tool that provides offline, WYSIWYG editing of blog posts, and can publish directly to WordPress, Blogger, and other blogging platforms.

Live Writer hasn't been significantly updated since 2012 but still retains a loyal fan base. For writers who don't trust authoring directly within their content management system, the combination of familiar word processor-like interface and seamlessly integrated publishing is a compelling one.

The lack of maintenance, however, threatened to render the tool useless. The most pressing concern is Blogger. Google is switching Blogger from an old authentication system to OAuth 2. Live Writer only supports the old system and will never include OAuth 2 support. Although Google has extended the availability of the old method to ensure that Live Writer continues to work, it will not do so indefinitely, posing a problem for users of the app.

The Lumia 950, and its larger sibling, the Lumia 950XL, have just received a software update, taking them from Windows 10 Mobile build 10586.0 to build 10586.29. This is a minor update to fix some bugs and improve some upgrade scenarios (and it's the update that will form the basis of our review of the operating system) but the content of the update itself is not really the important bit.

What's remarkable about the update is two things. First, that it exists and is apparently being rolled out by Microsoft, at Microsoft's discretion, on Microsoft's timeline. Second, and related, that this update has a corresponding update for Windows 10 on the PC: Microsoft's mobile and desktop systems are aligned. Windows 10 receives an update on Patch Tuesday and so Windows 10 Mobile receives an update on Patch Tuesday.

Windows 10 Mobile build 102586.29 was distributed to members of the Windows Insider program late last week, and opened up to Insiders using the 950 and 950XL, including AT&T units, yesterday. That much is unexceptional. The Windows Insider program, and before it, the Developer Preview program have for a few years now enabled Microsoft to push out new builds of Windows Phone 8.1 and Windows 10 Mobile to any Windows device, even if it's carrier-branded and carrier-locked.

At JSConf in Florida today, Microsoft announced that it is open sourcing Chakra, the JavaScript engine used in its Edge and Internet Explorer browsers. The code will be published to the company's GitHub page next month.

Microsoft is calling the version it's open sourcing ChakraCore. This is the complete JavaScript engine—the parser, the interpreter, the just-in-time compiler, and the garbage collector  along with the API used to embed the engine into applications (as used in Edge). This will have the same performance and capabilities, including asm.js and SIMD support, as well as cutting-edge support for new ECMAScript 2015 language features like the version found in Microsoft's Windows 10 browser.

There are some small differences, however, between ChakraCore and Chakra as ships in Windows 10. The full Chakra includes the glue between the JavaScript engine and the browser's HTML engine, and similarly, glue between the JavaScript engine and the Universal Windows Platform. Neither of these are part of ChakraCore. Chakra also has diagnostic APIs that use COM and hence are Windows-specific. These won't be in ChakraCore either. Instead, a new set of diagnostic APIs will be developed and eventually integrated into the full Chakra.