Daily Archives: April 15, 2025

Don’t delete your new inetpub folder. It’s a Windows security fix

Posted on by

Canny Windows users who’ve spotted a mysterious folder on hard drives after applying last week’s security patches for the operating system can rest assured – it’s perfectly benign. In fact, it’s recommended you leave the directory there.

The folder, typically C:\inetpub, is empty and related to Microsoft’s Internet Information Services (IIS). It will be created when you install the security patches whether or not you’re using that optional web server. The purpose of the folder is to mitigate an exploitable elevation-of-privileges flaw within Windows Process Activation, classified as CVE-2025-21204.

That CVE, which can give malware on a system or a rogue user system-level file-management privileges, was fixed in the April Patch Tuesday batch from the Windows maker; installing the fix on Windows 11 and 10 will create the directory as additional protection, we’re told.

“After installing the updates listed in the security updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device,” advised Microsoft.

“This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users.”

[…]

If you have deleted it after applying the patch, there’s a fix. Go to the Windows Control Panel and open Programs and Features. On the left you’ll see “Turn Windows features on or off.” Scroll down until you find IIS and hit “OK” after highlighting it. The folder will be recreated with the correct SYSTEM-level permissions. You can then switch off IIS and restart. (No one uses IIS these days.)

Or create the folder by hand with read-only access and SYSTEM-level ownership

Source: Don’t delete inetpub folder. It’s a Windows security fix • The Register

Apple to Spy on User Emails and other Data on Devices to Bolster AI Technology

Posted on by

Apple Inc. will begin analyzing data on customers’ devices in a bid to improve its artificial intelligence platform, a move designed to safeguard user information while still helping it catch up with AI rivals.

Today, Apple typically trains AI models using synthetic data — information that’s meant to mimic real-world inputs without any personal details. But that synthetic information isn’t always representative of actual customer data, making it harder for its AI systems to work properly.

The new approach will address that problem while ensuring that user data remains on customers’ devices and isn’t directly used to train AI models. The idea is to help Apple catch up with competitors such as OpenAI and Alphabet Inc., which have fewer privacy restrictions.

The technology works like this: It takes the synthetic data that Apple has created and compares it to a recent sample of user emails within the iPhone, iPad and Mac email app. By using actual emails to check the fake inputs, Apple can then determine which items within its synthetic dataset are most in line with real-world messages.

These insights will help the company improve text-related features in its Apple Intelligence platform, such as summaries in notifications, the ability to synthesize thoughts in its Writing Tools, and recaps of user messages.

[…]

The company will roll out the new system in an upcoming beta version of iOS and iPadOS 18.5 and macOS 15.5. A second beta test of those upcoming releases was provided to developers earlier on Monday.

[…]

Already, the company has relied on a technology called differential privacy to help improve its Genmoji feature, which lets users create a custom emoji. It uses that system to “identify popular prompts and prompt patterns, while providing a mathematical guarantee that unique or rare prompts aren’t discovered,” the company said in the blog post.

The idea is to track how the model responds in situations where multiple users have made the same request — say, asking for a dinosaur carrying a briefcase — and improving the results in those cases.

The features are only for users who are opted in to device analytics and product improvement capabilities. Those options are managed in the Privacy and Security tab within the Settings app on the company’s devices.

[…]

Source: Apple to Analyze User Data on Devices to Bolster AI Technology

EU gives burner phones and laptops on visits to U.S. (as well as they have been doing for China)

Posted on by

The European Commission has started issuing burner phones and stripped-down laptops to staff visiting the U.S. over concerns that the treatment of visitors to the country has become a security risk, according to a new report from the Financial Times. And it’s just the latest news that America’s slide into fascism under Donald Trump is having severe consequences for the United States’ standing in the world, all while the president announced Monday that he has no plans to obey a U.S. Supreme Court order to bring back a man wrongly sent to a prison in El Salvador.

Officials who spoke with the Financial Times said that new guidance for EU staff traveling to the U.S. included recommendations they not carry personal phones, turn off their burner phones when entering the country, and have “special sleeves” (presumably Faraday cages), that can protect from electronic snooping. U.S. border agents often confiscate phones and claim the right to look through anyone’s personal devices before they can be allowed to enter the U.S.

There have been several reports of researchers denied access to the U.S., including a French scientist who was reportedly stopped last month for having text messages that were critical of Trump. Other travelers from countries like Australia and Canada have reported being detained in horrendous conditions.

[…]

The U.S. is also trying to deport people in a white nationalist scheme to purge the country of any dissent. Several international students have been kidnapped by masked secret police in recent weeks, including people like Mahmoud Khalil and Rumeysa Ozturk, pro-Palestine protesters who are currently sitting in ICE detention facilities. Ozturk’s only “crime” was writing an op-ed for her student newspaper opposing Israel’s war on Gaza and she was picked up off the street near her home outside Boston and flown to Louisiana. The Trump regime has said it locked up Ozturk and is preparing to deport her for “antisemitism,” and supporting Hamas, but the Washington Post reported Sunday that the State Department’s investigation found she did no such thing.

Trump appeared for a press availability in the White House with El Salvador’s president Nayib Bukele on Monday, where he made it clear that he’s going to continue shipping people who’ve committed no crime out of the country to El Salvador’s torture prisons. The U.S. Supreme Court ruled last week that the U.S. government needs to facilitate the return of Kilmar Abrego Garcia, a Maryland man who Trump falsely accuses of being a member of the MS-13 gang, but the U.S. president made it clear he has no plans to bring Garcia back.

[…]

Source: Visitors to U.S. Take Extreme Precautions as Trump Continues March of Fascism

Cholera Outbreak Traced to Holy Water From Ethiopia

Posted on by

A sacred pilgrimage ended up in the toilet for several travelers earlier this year. Health officials in Europe have reported an outbreak of superbug cholera traced back to tainted holy water sourced from Ethiopia.

Health officials in Germany and the UK detailed the strange outbreak in a report published Thursday in the journal Eurosurveillance. At least seven people across both countries were sickened with a multidrug-resistant cholera strain that originated from the Bermel Georgis holy well in Ethiopia. Though several people were hospitalized and some even required intensive care, all of the victims thankfully survived.

[…]

Source: Cholera Outbreak Traced to Holy Water From Ethiopia

VMware revives its free ESXi hypervisor

Posted on by

News of the offering emerged in a throwaway line in the Release Notes for version 8.0 Update 3e of the Broadcom business unit’s ESXi hypervisor.

Just below the “What’s New” section of that document is the statement: “Broadcom makes available the VMware vSphere Hypervisor version 8, an entry-level hypervisor. You can download it free of charge from the Broadcom Support portal.”

We’ve asked VMware for details about the new release and its capabilities, but no further information was available at the time of writing.

VMware offered a free version of ESXi for years, and it was beloved by home lab operators and vAdmins who needed something to tinker with. But in February 2024, VMware discontinued it on grounds that it was dropping perpetual licenses and moving to subscriptions.

If you want to try the hypervisor, you’ll need to be registered with Broadcom’s customer support portal to download it. Sadly, our virtualization desk’s home lab is not currently operational, so while we’ve downloaded the ISO file, we haven’t been able to get it running. Suffice it to say, it doesn’t want to run nested inside a desktop hypervisor.

Broadcom hasn’t explained why it has reversed its decision, but it’s not hard to guess.

VMware shops and partners of all sizes might need test or training environments, but as Broadcom only sells subscriptions (and greatly favors three-year terms) there’s no cheap way to access Virtzilla’s code. A modest freebie makes it more likely the vCurious will do some tinkering that turns into a sale. Free editions are also a way of building a talent pool.

VMware’s rivals know this. Nutanix has had a free Community Edition for years and Platform9 announced a free edition of its own a couple of weeks back. Other VMware competitors are open source, so their code is always free.

While VMware has made its Workstation desktop hypervisor free, it lacked a no-cost server virtualization option. Now it’s back in the game.

[…]

Source: VMware revives its free ESXi hypervisor • The Register

Windows’ Recall Spyware Is Back—Here’s How to Control It

Posted on by

Remember Recall? It’s been close to full trip around the sun since Microsoft announced then suddenly pulled its AI-powered, auto-screenshotting “photographic memory” software for Copilot+ PCs. Whether you want it or not, the feature is coming back, and you should be prepared for it not just if you’re planning to use it, but if you imagine any of your friends, family, or coworkers plan to use it too.

Microsoft’s latest blog about the Windows Insider build KB5055627 includes the note that Recall is rolling out “gradually” to beta users over the coming weeks. Like what Microsoft first showed off in May 2024, Recall automatically screenshots most apps, webpages, or documents you’re on. The system catalogues all these screenshots then uses on-device AI to parse what’s on each screenshot

[…]

Microsoft originally recalled Recall  when security experts found glaring, obvious holes in the software that let any user with access to the PC read the AI’s excerpts. The program had no qualms about screenshotting bank accounts, social security numbers, or any other sensitive information. Microsoft returned Recall to the drawing board, and now users need to enroll in Windows Hello biometric or PIN security to access the screenshots. Users can also pause screenshots or filter out certain apps or specific webpages (though only for Edge, Firefox, Opera, and Chrome browsers). That may not be foolproof, as reports from late last year showed Recall failed to detect when it was looking at bank info. It will be up to users to ensure every sensitive page they visit is on the no-go list.

Microsoft Recall Windows Security 2
© Microsoft

Users will choose whether to enable or disable Recall the first time they startup their device with the new update. To disable it, you need to search “Turn Windows features on or off” in the Windows 11 taskbar, then uncheck Recall.

[…]

This is where some security-focused Windows users are especially concerned. You can tell Recall to gather dust alongside all the other pre-installed Windows apps, but that doesn’t mean your less-tech literate family member will. Security blogger Em pointed out in a Mastodon post (via Ars Technica) if you send that family member any photos or sensitive information, they could be scraping everything you text or email them, including family photos or passwords, and you wouldn’t even know it.

[…]

Source: Windows’ Controversial Recall Is Back—Here’s How to Control It

Electronic Waste Graveyard

Posted on by

Increasingly, we’re pushed to trash tech that should still work, such as Chromebooks, phones, and smart home devices, just because the software has expired or lost support. This database lists more than 100 tech products that have stopped working after manufacturers dropped support. It calculates the total weight of all these dead devices which have joined the 68 million tons of electronic waste disposed of each year.

When software expires, or web cloud services end, consumers and schools are pushed to replace devices that should still work.

[…]

We estimate a minimum of 130 million pounds of electronic waste has been created by expired software and canceled cloud services since 2014.

[…]

Source: Electronic Waste Graveyard

This is not just Chromebooks, Windows 10 machines, Apple laptops and mobile phones, this is doorbells, sous vide cookers, tooth brushes, fitness trackers, VR displays, nightlights, and many many more.

Germany’s ‘Universal Basic Income’ Experiment Proves It Doesn’t Encourage Unmployment

Posted on by

People “are likely to continue working full-time even if they receive no-strings-attached universal basic income payments,” reports CNN, citing results from a recent experiment in Germany (discussed on Slashdot in 2020): Mein Grundeinkommen (My Basic Income), the Berlin-based non-profit that ran the German study, followed 122 people for three years. From June 2021 to May 2024, this group received an unconditional sum of €1,200 ($1,365) per month. The study focused on people aged between 21 and 40 who lived alone and already earned between 1,100 euros (around $1,250) and 2,600 euros ($2,950) a month. They were free to use the extra money from the study on anything they wanted. Over the course of three years, the only condition was that they had to fill out a questionnaire every six months that asked about different areas of their lives, including their financial situation, work patterns, mental well-being and social engagement.

One concern voiced by critics is that receiving a basic income could make people less inclined to work. But the Grundeinkommen study suggests that may not be the case at all. It found that receiving a basic income was not a reason for people to quit their jobs. On average, study participants worked 40 hours a week and stayed in employment — identical to the study’s control group, which received no payment. “We find no evidence that people love doing nothing,” Susann Fiedler, a professor at the Vienna University of Economics and Business who was involved with the study, said on the study’s website.

Unlike the control group, those receiving a basic income were more likely to change jobs or enroll in further education. They reported greater satisfaction in their working life — and were “significantly” more satisfied with their income…

And can more money buy happiness? According to the study, the recipients of a basic income reported feeling that their lives were “more valuable and meaningful” and felt a clear improvement in their mental health.

Source: Germany’s ‘Universal Basic Income’ Experiment Proves It Doesn’t Encourage Unmployment