Cloud

Microsoft Announces 'Hyperlight Wasm': Speedy VM-Based Security at Scale with a WebAssembly Runtime (microsoft.com) 18

Cloud providers like the security of running things in virtual machines "at scale" — even though VMs "are not known for having fast cold starts or a small footprint..." noted Microsoft's Open Source blog last November. So Microsoft's Azure Core Upstream team built an open source Rust library called Hyperlight "to execute functions as fast as possible while isolating those functions within a VM."

But that was just the beginning... Then, we showed how to run Rust functions really, really fast, followed by using C to [securely] run Javascript. In February 2025, the Cloud Native Computing Foundation (CNCF) voted to onboard Hyperlight into their Sandbox program [for early-stage projects].

[This week] we're announcing the release of Hyperlight Wasm: a Hyperlight virtual machine "micro-guest" that can run wasm component workloads written in many programming languages...

Traditional virtual machines do a lot of work to be able to run programs. Not only do they have to load an entire operating system, they also boot up the virtual devices that the operating system depends on. Hyperlight is fast because it doesn't do that work; all it exposes to its VM guests is a linear slice of memory and a CPU. No virtual devices. No operating system. But this speed comes at the cost of compatibility. Chances are that your current production application expects a Linux operating system running on the x86-64 architecture (hardware), not a bare linear slice of memory...

[B]uilding Hyperlight with a WebAssembly runtime — wasmtime — enables any programming language to execute in a protected Hyperlight micro-VM without any prior knowledge of Hyperlight at all. As far as program authors are concerned, they're just compiling for the wasm32-wasip2 target... Executing workloads in the Hyperlight Wasm guest isn't just possible for compiled languages like C, Go, and Rust, but also for interpreted languages like Python, JavaScript, and C#. The trick here, much like with containers, is to also include a language runtime as part of the image... Programming languages, runtimes, application platforms, and cloud providers are all starting to offer rich experiences for WebAssembly out of the box. If we do things right, you will never need to think about whether your application is running inside of a Hyperlight Micro-VM in Azure. You may never know your workload is executing in a Hyperlight Micro VM. And that's a good thing.

While a traditional virtual-device-based VM takes about 125 milliseconds to load, "When the Hyperlight VMM creates a new VM, all it needs do to is create a new slice of memory and load the VM guest, which in turn loads the wasm workload. This takes about 1-2 milliseconds today, and work is happening to bring that number to be less than 1 millisecond in the future."

And there's also double security due to Wasmtime's software-defined runtime sandbox within Hyperlight's larger VM...
United States

Microsoft President Calls For a National Talent Strategy For Electricians 73

theodp writes: "As I prepared for a White House meeting last fall on the nation's electricity needs," begins Microsoft President Brad Smith in The Country Needs More Electricity --And More Electricians, a Fox Business op-ed. "I met with the leaders at Microsoft who are building our AI infrastructure across the country. During our discussion, I asked them to identify the single biggest challenge for data center expansion in the U.S. I expected they would mention slow permitting, delays in bringing more power online or supply chain constraints -- all significant challenges. But instead, they highlighted a national shortage of people. Electricians, to be precise."

Much as Smith has done in the past as he declared crisis-level shortages of Computer Science, cybersecurity, and AI talent, he's calling for the nation's politicians and educators to step up to the plate and deliver students trained to address the data center expansion plans of Microsoft and Big Tech.

"How many new electricians must the U.S. recruit and train over the next decade?" Smith asks. "Probably half a million. [...] The good news is that these are good jobs. The bad news is that we don't have a national strategy to recruit and train the people to fill these jobs. Given the Trump administration's commitment to supporting American workers, American jobs and American innovation, we believe that recruiting and training more electricians should rise to its list of priorities. There are several ways to address this issue, and they deserve consideration. For example, we need to do more as a nation to revitalize the industrial arts and shop classes in American high schools. [...] This should be a priority for local school boards, state governors and appropriate federal support. [..] We must also adopt a broad perspective on where new technology is taking us. The tech sector is most often focused on computer and data science -- people who code. But the future will also be built in critical ways by a new generation of engineers, electricians, plumbers, pipefitters, iron workers, carpenters and other skilled trades.

So, is 'Learn to Wire' the new 'Learn to Code'?
Windows

New Windows Scheduled Task Will Launch Office Apps Faster (bleepingcomputer.com) 93

Microsoft plans to roll out a new Windows scheduled task in May that launches automatically to help Microsoft Office apps load faster. From a report: The company says the "Startup Boost" task will launch in the background on logon, with the roll-out to start in mid-May and worldwide general availability to be reached by late May 2025. On systems where it's toggled on, users will see new Office Startup Boost and Office Startup Boost Logon tasks in the Windows Task Scheduler, which will ensure that Office apps can preload "performance enhancements."

"We are introducing a new Startup Boost task from the Microsoft Office installer to optimize performance and load-time of experiences within Office applications," Microsoft says on the Microsoft 365 message center. "After the system performs the task, the app remains in a paused state until the app launches and the sequence resumes, or the system removes the app from memory to reclaim resources. The system can perform this task for an app after a device reboot and periodically as system conditions allow."

AI

Satya Nadella Says DeepSeek Is the New Bar For Microsoft's AI Success (theverge.com) 14

Microsoft CEO Satya Nadella has told employees that DeepSeek's R1 AI model has set "the new bar" for his company's AI ambitions, citing the startup's ability to reach the top of app store rankings. "What's most impressive about DeepSeek is that it's a great reminder of what 200 people can do when they come together with one thought and one play," The Verge cited Nadella as saying.

"Most importantly, not just leaving it there as a research project or an open source project, but to turn it into a product that was number one in the App Store. That's the new bar to me," he added. Microsoft quickly deployed DeepSeek's R1 on its Azure platform in January. The AI model gained recognition for its optimization below Nvidia's CUDA layer, enabling greater efficiency.
Microsoft

Microsoft Abandons Data Center Projects, TD Cowen Says (bloomberg.com) 25

Microsoft has walked away from new data center projects in the US and Europe that would have amounted to a capacity of about 2 gigawatts of electricity, according to TD Cowen analysts, who attributed the pullback to an oversupply of the clusters of computers that power artificial intelligence. From a report: The analysts, who rattled investors with a February note highlighting leases Microsoft had abandoned in the US, said the latest move also reflected the company's choice to forgo some new business from ChatGPT maker OpenAI, which it has backed with some $13 billion. Microsoft and the startup earlier this year said they had altered their multiyear agreement, letting OpenAI use cloud-computing services from other companies, provided Microsoft didn't want the business itself.

Microsoft's retrenchment in the last six months included lease cancellations and deferrals, the TD Cowen analysts said in their latest research note, dated Wednesday. Alphabet's Google had stepped in to grab some leases Microsoft abandoned in Europe, the analysts wrote, while Meta Platforms had scooped up some of the freed capacity in Europe.

Microsoft

Microsoft's Many Outlooks Are Confusing Users 64

The Register's Richard Speed reports: Baffled by the plethora of Outlook options out there? You aren't alone. Microsoft veteran Scott Hanselman posted a list of some more variants that could be used to do the same thing. It's a problem common to several Microsoft products. A file needs to be opened, but which app should be used? Should it be Outlook New, or Outlook (New)? With tongue firmly in cheek, Hanselman listed some more options: Outlook (Zero Sugar), Outlook (Caffeine Free), and so on. Hanselman, Developer Community veep at Microsoft, also included Outlook '95, although to our mind the peak came with the version of Outlook in Office 97. A happier, more trusting time when security was less important.

While users can create multiple Outlook profiles to store email account details and data locations, Hanselman's post on Bluesky highlights an issue facing many users of Microsoft's software: which incarnation of the application to use. Teams users often find themselves presented with a variety of applications -- Microsoft Teams and Microsoft Teams (Personal), for example, can often appear side by side in the system tray. [...]

There is a cautionary tale about what happened when a soft drinks company tried to replace a well-liked product with a "new" version and renamed the previous preferred version as "classic." The list posted by Hanselman -- who is also notable for tips on managing Microsoft's personal information manager -- is amusing, but also highlights the perils of having multiple, similarly functioning options to do the same thing, and the potential for confusing users.
AI

Microsoft Announces Security AI Agents To Help Overwhelmed Humans 23

Microsoft is expanding its Security Copilot platform with six new AI agents designed to autonomously assist cybersecurity teams by handling tasks like phishing alerts, data loss incidents, and vulnerability monitoring. There are also five third-party AI agents created by its partners, including OneTrust and Tanium. The Verge reports: Microsoft's six security agents will be available in preview next month, and are designed to do things like triage and process phishing and data loss alerts, prioritize critical incidents, and monitor for vulnerabilities. "The six Microsoft Security Copilot agents enable teams to autonomously handle high-volume security and IT tasks while seamlessly integrating with Microsoft Security solutions," says Vasu Jakkal, corporate vice president of Microsoft Security.

Microsoft is also working with OneTrust, Aviatrix, BlueVoyant, Tanium, and Fletch to enable some third-party security agents. These extensions will make it easier to analyze data breaches with OneTrust or perform root cause analysis of network outages and failures with Aviatrix. [...] While these latest AI agents in the Security Copilot are designed for security teams to take advantage of, Microsoft is also improving its phishing protection in Microsoft Teams. Microsoft Defender for Office 365 will start protecting Teams users against phishing and other cyberthreats within Teams next month, including better protection against malicious URLs and attachments.
Unix

Rebooting A Retro PDP-11 Workstation - and Its Classic 'Venix' UNIX (blogspot.com) 36

This week the "Old Vintage Computing Research" blog published a 21,000-word exploration of the DEC PDP-11, the 16-bit minicomputer sold by Digital Equipment Corporation. Slashdot reader AndrewZX calls the blog post "an excellent deep dive" into the machine's history and capabilities "and the classic Venix UNIX that it ran." The blogger still owns a working 1984 DEC Professional 380, "a tank of a machine, a reasonably powerful workstation, and the most practical PDP-adjacent thing you can actually slap on a (large) desk."

But more importantly, "It runs PRO/VENIX, the only official DEC Unix option for the Pros." In that specific market it was almost certainly the earliest such licensed Unix (in 1983) and primarily competed against XENIX, Microsoft's dominant "small Unix," which first emerged for XT-class systems as SCO XENIX in 1984. You'd wonder how rogue processes could be prevented from stomping on each other in such systems when neither the Intel 8086/8088 nor the IBM PC nor the PC/XT had a memory management unit, and the answer was not to try and just hope for the best. It was for this reason that IBM's own Unix variant PC/IX, developed by Interactive Systems Corporation under contract as their intended AT&T killer, was multitasking but single-user since in such an architecture there could be no meaningful security guarantees...

One of Venix's interesting little idiosyncrasies, seen in all three Pro versions, was the SUPER> prompt when you've logged on as root (there is also a MAINT> prompt when you're single-user...

Although Bill Gates had been their biggest nemesis early on, most of the little Unices that flourished in the 1980s and early 90s met their collective demise at the hands of another man: Linus Torvalds. The proliferation of free Unix alternatives like Linux on commodity PC hardware caused the bottom to fall out of the commercial Unix market.

The blogger even found a 1989 log for the computer's one and only guest login session — which seems to consist entirely of someone named tom trying to exit vi.

But the most touching part of the article comes when the author discovers a file named /thankyou that they're certain didn't come with the original Venix. It's an ASCII drawing of a smiling face, under the words "THANK YOU FOR RESCUING ME".

"It's among the last files created on the system before it came into my possession..."

It's all a fun look back to a time when advances in semiconductor density meant microcomputers could do nearly as much as the more expensive minicomputers (while taking up less space) — leaving corporations pondering the new world that was coming: As far back as 1974, an internal skunkworks unit had presented management with two small systems prototypes described as a PDP-8 in a VT50 terminal and a portable PDP-11 chassis.

Engineers were intrigued but sales staff felt these smaller versions would cut into their traditional product lines, and [DEC president Ken] Olsen duly cancelled the project, famously observing no one would want a computer in their home.

Windows

Microsoft Tells Windows 10 Users To Buy New PCs (xda-developers.com) 220

Microsoft has begun urging Windows 10 users to upgrade their systems ahead of the October 14, 2025 support deadline, but with a solution many find impractical: just buy a new computer. According to StatCounter data, 58.7% of Windows users remain on Windows 10 despite the impending end of security updates and technical assistance.

In emails to Windows 10 users, Microsoft's primary recommendation is to trade in old devices for newer Windows 11-compatible hardware, rather than focusing on alternative solutions.
AI

AI-Driven Weather Prediction Breakthrough Reported (theguardian.com) 56

A new AI system called Aardvark could deliver weather forecasts as accurate as those from advanced public weather services but run on desktop computers, according to a project unveiled Thursday and published in Nature. Developed by the UK's Alan Turing Institute with partners including Cambridge University, the European Centre for Medium-Range Weather Forecasts and Microsoft, Aardvark aims to make sophisticated forecasting accessible to countries with fewer resources, particularly in Africa.

The system has already outperformed the US Global Forecast System on many variables in testing. Project leader Richard Turner noted the system is "completely open source" and not planned for commercialization by Microsoft.
Windows

Microsoft Developing Windows 11 Feature To Explain Hardware Performance Issues (bsky.app) 77

Microsoft is developing a new Windows 11 feature that will explain how hardware limitations affect PC performance. The latest preview builds include a hidden FAQ section in system settings that addresses GPU memory, system RAM, and OS version impacts.

The feature, discovered by Windows observer "phantomofearth" in this week's Dev Channel build, requires manual activation. It provides specific recommendations for configurations like low RAM or GPUs with less than 4GB memory, and flags outdated Windows versions.
AI

AI Crawlers Haven't Learned To Play Nice With Websites (theregister.com) 57

SourceHut, an open-source-friendly git-hosting service, says web crawlers for AI companies are slowing down services through their excessive demands for data. From a report: "SourceHut continues to face disruptions due to aggressive LLM crawlers," the biz reported Monday on its status page. "We are continuously working to deploy mitigations. We have deployed a number of mitigations which are keeping the problem contained for now. However, some of our mitigations may impact end-users."

SourceHut said it had deployed Nepenthes, a tar pit to catch web crawlers that scrape data primarily for training large language models, and noted that doing so might degrade access to some web pages for users. "We have unilaterally blocked several cloud providers, including GCP [Google Cloud] and [Microsoft] Azure, for the high volumes of bot traffic originating from their networks," the biz said, advising administrators of services that integrate with SourceHut to get in touch to arrange an exception to the blocking.

Microsoft

Microsoft Quantum Computing Claim Still Lacks Evidence 8

Nature: A Microsoft researcher [this week] presented results behind the company's controversial claim last month to have created the first 'topological' qubits -- a long-sought goal of quantum computing. In front of a packed room at a meeting of the American Physical Society (APS), Chetan Nayak, a theoretical physicist leading Microsoft's quantum computing effort in Redmond, Washington, explained how the company is developing topological qubits, which would be the building blocks for a noise-resistant quantum computer.

Physicists in the audience told Nature's news team they are still unsure whether Microsoft really has made the first topological qubits, however. "It's a hard problem," says Ali Yazdani, an experimental physicist at Princeton University in New Jersey. To anyone trying to make topological qubits, he says, "good luck."
When Nayak displayed measurement data during his presentation, he acknowledged that a characteristic signal was difficult to see due to electrical noise, prompting Cornell University theorist Eun-Ah Kim to question its robustness. Microsoft says additional details will be available in a forthcoming paper on the arXiv preprint server.

Further reading:
Scientists Question Microsoft's Quantum Computing Claims;
Microsoft Quantum Computing 'Breakthrough' Faces Fresh Challenge
Security

Microsoft Isn't Fixing 8-Year-Old Shortcut Exploit Abused For Spying (theregister.com) 34

Trend Micro uncovered an eight-year-long spying campaign exploiting a Windows vulnerability involving malicious .LNK shortcut files, which attackers padded with whitespace to conceal commands. Despite being reported to Microsoft in 2023, the company considers it a UI issue rather than a security risk and has not prioritized a fix. The Register reports: The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware. While appearing to point to legitimate files or executables, these shortcuts quietly include extra instructions to fetch or unpack and attempt to run malicious payloads. Ordinarily, the shortcut's target and command-line arguments would be clearly visible in Windows, making suspicious commands easy to spot. But Trend's Zero Day Initiative said it observed North Korea-backed crews padding out the command-line arguments with megabytes of whitespace, burying the actual commands deep out of sight in the user interface.

Trend reported this to Microsoft in September last year and estimates that it has been used since 2017. It said it had found nearly 1,000 tampered .LNK files in circulation but estimates the actual number of attacks could have been higher. "This is one of many bugs that the attackers are using, but this is one that is not patched and that's why we reported it as a zero day," Dustin Childs, head of threat awareness at the Zero Day Initiative, told The Register. "We told Microsoft but they consider it a UI issue, not a security issue. So it doesn't meet their bar for servicing as a security update, but it might be fixed in a later OS version, or something along those lines."

After poring over malicious .LNK samples, the security shop said it found the vast majority of these files were from state-sponsored attackers (around 70 percent), used for espionage or information theft, with another 20 percent going after financial gain. Among the state-sponsored crews, 46 percent of attacks came from North Korea, while Russia, Iran, and China each accounted for around 18 percent of the activity.

United States

FTC Removes Posts Critical of Amazon, Microsoft, and AI Companies (wired.com) 71

The Federal Trade Commission has removed over 300 business guidance blogs published during former President Biden's term, including consumer protection information on AI and privacy lawsuits against Amazon and Microsoft, WIRED reported Tuesday, citing current and former FTC employees.

Deleted posts included guidance about Amazon's alleged use of Ring camera data to train algorithms, Microsoft's $20 million settlement over Xbox children's data collection, and compliance standards for AI chatbots. New FTC Chair Andrew Ferguson has pledged to pursue tech companies but with focus on alleged conservative censorship rather than data collection practices.
Windows

Huawei To Pivot To Linux, HarmonyOS as Microsoft Windows License Expires 37

Huawei will no longer be able to produce or sell Windows-based PCs as Microsoft's supply license to the Chinese tech company expires this month, according to Chinese tech site MyDrivers. The restriction comes as Huawei remains on the U.S. Department of Commerce's Entity List, requiring American companies to obtain special export licenses to conduct business with the firm.

Richard Yu, executive director of Huawei's consumer business unit, said the company is preparing to pivot to alternative operating systems. Huawei had previously announced plans to abandon Windows for future PC generations. The Chinese tech giant will introduce a new "AI PC" laptop in April running its own Kunpeng CPU and HarmonyOS, alongside a MateBook D16 Linux Edition, its first Linux-based laptop.
XBox (Games)

Xbox 360 Consoles Can Now Be Hacked With Just a USB Key (theverge.com) 20

An anonymous reader shares a report: Xbox 360 modders have discovered a new way to get homebrew apps and games running on the console. A new software-only exploit known as BadUpdate allows you to use a USB key to hack past Microsoft's Hypervisor protections and run unsigned code and games.

Modern Vintage Gamer has tested BadUpdate and found that you don't even have to open up your Xbox 360 console to get it running. Unlike the RGH or JTAG exploits for the Xbox 360, this BadUpdate method just requires a USB key. If you have the time and patience to get this running successfully, you'll be able to run the Xbox 360 homebrew store which includes games, apps, emulators, utilities, and even custom dashboards.

Programming

Why Microsoft's Developers are Porting TypeScript to Go (infoworld.com) 49

Tuesday Microsoft "surprised everyone," writes Neowin, "by announcing a new change that will radically improve TypeScript performance" — porting TypeScript to Go.

InfoWorld writes that "The initiative promises dramatic improvements in editor startup speed, build times, and memory usage, making it easier to scale TypeScript to large code bases, Microsoft said." Microsoft's TypeScript team expects to be able to preview command-line type-checking in Go-based tsc by mid-2025, and to deliver a feature-complete Go implementation of TypeScript by the end of the year. [You can build and run the Go code now from Microsoft's new working repository.] Developers who use Go-based TypeScript in the Visual Studio Code editor will feel the increased speed in the editor, Microsoft said. The company promises an 8x improvement in project load times, instant comprehensive error listings across entire projects, and greater responsiveness for all language service operations including completion lists, quick information, go to definition, and find all references. The new TypeScript will also support more advanced refactoring and deeper insights that were previously too expensive to compute, the company said.
Microsoft believes native Go implementations reduce build times by up to 10x, notes Neowin. But "Developers can expect TypeScript 6.0 to have some deprecations and breaking changes to support the upcoming Go-based version." Later this year, Microsoft will be releasing this new native Go implementation as TypeScript 7.0. The current JS-based TypeScript codebase will continue development into the 6.x series until TypeScript 7+ reaches sufficient maturity and adoption, since some projects may depend on certain API features, legacy configurations, or other things that are not supported by TypeScript 7+.
TypeScript's original creator Anders Hejlsberg recorded an announcement video — and also shared his thoughts in a GitHub discussion titled simply... "Why Go?" The TypeScript compiler's move to Go was influenced by specific technical requirements, such as the need for structural compatibility with the existing JavaScript-based codebase, ease of memory management, and the ability to handle complex graph processing efficiently. After evaluating numerous languages and making multiple prototypes — including in C# — Go emerged as the optimal choice...

Let's be real. Microsoft using Go to write a compiler for TypeScript wouldn't have been possible or conceivable in years past. However, over the last few decades, we've seen Microsoft's strong and ongoing commitment to open-source software, prioritizing developer productivity and community collaboration above all. Our goal is to empower developers with the best tools available, unencumbered by internal politics or narrow constraints. This freedom to choose the right tool for each specific job ultimately benefits the entire developer community, driving innovation, efficiency, and improved outcomes. And you can't argue with a 10x outcome!

Hejlsberg also addressed their choice of Go in an online interview with the Michigan TypeScript meetup.
Windows

End of Windows 10 Leaves PC Charities With Tough Choice (tomshardware.com) 125

With Microsoft ending free security updates for Windows 10 in October, millions of PCs that don't meet Windows 11's hardware requirements face an uncertain fate... Charities that refurbish and distribute computers to low-income individuals must choose between providing soon-to-be-insecure Windows 10 machines, transitioning to Linux -- despite usability challenges for non-tech-savvy users -- or recycling the hardware, contributing to ewaste. Tom's Hardware reports: So how bad will it really be to run an end-of-lifed Windows 10? Should people worry? [Chester Wisniewski, who serves as Director and Global Field CISO for Sophos, a major security services company] and other experts I talked to are unequivocal. You're at risk. "To put this in perspective, today [the day we talked] was Patch Tuesday," he said. "There were 57 vulnerabilities, 6 of which have already been abused by criminals before the fixes were available. There were also 57 in February and 159 in January. Windows 10 and Windows 11 largely have a shared codebase, meaning most, if not all, vulnerabilities each month are exploitable on both OSs. These will be actively turned into digital weapons by criminals and nation-states alike and Windows 10 users will be somewhat defenseless against them."

So, in short, even though Windows 10 has been around since 2015, there are still massive security holes being patched. Even within the past few weeks, dozens of vulnerabilities were fixed by Microsoft. So what's a charity to do when these updates are running out and clients will be left vulnerable? "What we decided to do is one year ahead of the cutoff, we discontinued Windows 10," said Casey Sorensen, CEO of PCs for People, one of the U.S.'s largest non-profit computer refurbishers. "We will distribute Linux laptops that are 6th or 7th gen. If we distribute a Windows laptop, it will be 8th gen or newer." Sorensen said that any PC that's fifth gen or older will be sent to an ewaste recycler.

[...] Sorensen, who founded the company in 1998, told us that he's comfortable giving clients computers that run Linux Mint, a free OS that's based on Ubuntu. The latest version of Mint, version 22.1, will be supported until 2029. "Ten years ago if we distributed Linux, they would be like what is it," he said. But today, he notes that many view their computers as windows to the Internet and, for that, a user-friendly version of Linux is acceptable.
Further reading: Is 2025 the Year of the Linux Desktop?
AI

AI Summaries Are Coming To Notepad (theverge.com) 26

way2trivial shares a report: Microsoft is testing AI-powered summaries in Notepad. In an update rolling out to Windows Insiders in the Canary and Dev channels, you'll be able to summarize information in Notepad by highlighting a chunk of text, right-clicking it, and selecting Summarize.

Notepad will then generate a summary of the text, as well as provide an option to change its length. You can also generate summaries by selecting text and using the Ctrl + M shortcut or choosing Summarize from the Copilot menu.

Slashdot Top Deals