A tragedy that calls for more than words: The need for the tech sector to learn and act after events in New Zealand – Microsoft on the Issues

Four months ago, when our team at Microsoft first made plans for a visit to New Zealand that began yesterday, we did not expect to arrive on the heels of a violent terrorist attack that would kill innocent people, horrify a nation and shock the world. Like so many other people around the globe, across Microsoft we mourn the victims and our hearts go out to their families and loved ones. This includes two of the individuals killed who were part of the broader Microsoft partner community.

We appreciate the gravity of the moment. This is a time when the world needs to stand with New Zealand.

Words alone are not enough. Across the tech sector, we need to do more. Especially for those of us who operate social networks or digital communications tools or platforms that were used to amplify the violence, it’s clear that we need to learn from and take new action based on what happened in Christchurch.

Across Microsoft, we have reviewed how our various services were used by a relatively small number of individuals to try to spread the video from Christchurch. While our employees and technology tools worked quickly to stop this distribution, we have identified improvements we can make and are moving promptly to implement them. This includes the accelerated and broadened implementation of existing technology tools to identify and classify extremist violent content and changes for the process that enables our users to flag such content. We are exploring additional steps we can take as a company and will move quickly to add to these improvements.

We recognize, however, that this is just a beginning. More fundamental progress requires that we work together across the tech sector and in collaboration with governments and nongovernmental organizations so we can take bigger steps.

What should we do?

To start, we should acknowledge that no one yet has all the answers. This is an area in which companies across the tech sector need to learn, think, work and act together. Competition is obviously indispensable to a vibrant technology sector. But when it comes to saving human lives and protecting human rights, we should act in a united way and enable every company large and small to move faster.

Ultimately, we need to develop an industrywide approach that will be principled, comprehensive and effective. The best way to pursue this is to take new and concrete steps quickly in ways that build upon what already exists.

There are in fact important recent steps on which we can build. Just over two years ago, thanks in part to the leadership and urging of the British and the European Commission, four companies – YouTube, Facebook, Twitter and Microsoft – came together to create the Global Internet Forum to Counter Terrorism (GIFCT). Among other things, the group’s members have created a shared hash database of terrorist content and developed photo and video matching and text-based machine learning techniques to identify and thwart the spread of violence on their platforms. These technologies were used more than a million times in 24 hours to stop the distribution of the video from Christchurch.

While these are vital steps, one of the lessons from New Zealand is that the industry rightly will be judged not only by what it prevented, but by what it failed to stop. And from this perspective, there is clearly much more that needs to be done. As Prime Minister Jacinda Ardern noted last week, gone are the days when tech companies can think of their platforms akin to a postal service without regard to the responsibilities embraced by other content publishers. Even if the law in some countries gives digital platforms an exemption from decency requirements, the public rightly expects tech companies to apply a higher standard.

As an industry, tech companies created new services to bring out the best – not the worst – in people. To break down boundaries, not sow division. But as with virtually every technology ever invented, people are using digital services for both good and ill. Unfortunately, individuals are using online platforms to bring out the darkest sides of humanity.

The problem has multiple dimensions and we will need to address all of them. We’ve seen online platforms and digital tools used to help recruit people to violent ideologies. These same tools have been used to incite and organize violent attacks on innocent people. And as we saw in Christchurch, we’ve seen digital platforms used to amplify the impact of attacks through the widespread sharing of violent images and videos around the world.

Regardless of whether a particular technology played a big, small or no part in this event, across the industry we all can and need to be part of the solution. There is a role for everyone to play. That should be one of the most important lessons from Christchurch.

There are at least three areas where we should focus our efforts.

First, we need to focus on prevention. We need to take new steps to stop perpetrators from posting and sharing acts of violence against innocent people. New and more powerful technology tools can contribute even more than they have already. We must work across the industry to continue advancing existing technologies, like PhotoDNA, that identify and apply digital hashes (a kind of digital identifier) to known violent content. We must also continue to improve upon newer, AI-based technologies that can detect whether brand-new content may contain violence. These technologies can enable us more granularly to improve the ability to remove violent video content. For example, while robust hashing technologies allow automated tools to detect additional copies already flagged as violent, we need to further advance technology to better identify and catch edited versions of the same video.

We should also pursue new steps beyond the posting of content. For example, we should explore browser-based solutions – building on ideas like safe search – to block the accessing of such content at the point when people attempt to view and download it.

We should pursue all these steps with a community spirit that will share our learning and technology across the industry through open source and other collaborative mechanisms. This is the only way for the tech sector as a whole to do what will be required to be more effective.

We also should recognize that technology cannot solve this problem by itself. We need to consider and discuss additional controls or other measures that human beings working at tech companies should apply when it comes to the posting of this type of violent material. There are legal responsibilities that need to be discussed as well. It’s a complicated topic with important sensitivities in some parts of the tech sector. But it’s an issue whose importance can no longer be avoided.

Second, we need to respond more effectively to moments of crisis. Even with better progress, we cannot afford to assume that there will never be another tragedy. The tech sector should consider creating a “major event” protocol, in which technology companies would work from a joint virtual command center during a major incident. This would enable all of us to share information more quickly and directly, helping each platform and service to move more proactively, while simultaneously ensuring that we avoid restricting communications that are in the public interest, such as reporting from news organizations.

We should also discuss whether to define a category of agreed “confirmed events,” upon which tech companies would jointly institute additional processes to detect and prevent sharing of these types of extremist violent content. This would better enable efforts to identify and stop this content before it spreads too broadly.

Finally, we should work to foster a healthier online environment more broadly. As many have noted, while much of the focus in recent days rightly has been on the use of digital tools to amplify this violence, the language of hate has existed for decades and even centuries. Nonetheless, digital discourse is sometimes increasingly toxic. There are too many days when online commentary brings out the worst in people. While there’s obviously a big leap from hateful speech to an armed attack, it doesn’t help when online interaction normalizes in cyberspace standards of behavior that almost all of us would consider unacceptable in the real world.

Working on digital civility has been a passion for many employees at Microsoft, who have recognized that the online world inevitably reflects the best and worst of what people learn offline. In many ways, anonymity on the internet can free people to speak and behave in ways they never would in person. This is why we believe it’s important to continue to promote four tenets to live by when engaging online. Namely, we all need to treat others with respect and dignity, respect each other’s differences, pause before replying and stand up for ourselves and for others. This too is an area on which we can build further.

We all need to come together and move faster. This is the type of serious challenge that requires broad discussion and collaboration with people in governments and across civil society around the world. It also requires us to expand and deepen industrywide groups focused on these issues, including key partners from outside the industry.

Finally, we hope this will become a moment that brings together leaders from across the tech sector.

It’s sometimes easy amidst controversy for those not on the hot seat to remain silent and on the sideline. But we believe this would be a mistake. Across the tech sector we can all contribute ideas, innovate together and help develop more effective approaches.

The question is not just what technology did to exacerbate this problem, but what technology and tech companies can do to help solve it. Put in these terms, there is room – and a need – for everyone to help.

Tags: , ,

Go to Original Article
Author: Microsoft News Center

Machine learning methods in EHR show promise, with limits

Jeremy Weiss, assistant professor of health informatics at Carnegie Mellon University’s Heinz College, is after a simple goal: Improve healthcare and health research. He’s using machine learning methods to get there.

Weiss, an M.D.-Ph.D. with a background in computer science, is developing new machine learning algorithms and running them against electronic health record data from the Marshfield Clinic in Wisconsin, health care provider and insurer UPMC in Pittsburgh, as well as Veterans Affairs and MIMIC, a public set of deidentified data from about 40,000 critical care patients. He’s currently focused on improving risk scores, which are used to determine a patient’s level of risk, for diabetes complications and sepsis.

Here, Weiss talks about why new machine learning algorithms are needed for the kind of research he’s doing and why irregular data collection poses a significant challenge for machine learning methods.

Editor’s note: This Q&A has been edited for clarity and brevity.

What data do you look at to determine a risk score?

Jeremy Weiss: There’s this divide. Classically, you would want to choose a minimal set of features or covariates to include in risk models. Some approaches that I’ve taken follow that line of thinking. Others use this concept of, well, we have big data from electronic health records, and we can use that data for improving prediction.

Jeremy Weiss, assistant professor of health informatics, Heinz College, Carnegie Mellon UniversityJeremy Weiss

I think the answer is, yes, that’s true, and we’ve observed that, repeatedly — big data does improve predictive performance. But it comes with all kinds of caveats at the same time.

Like what?

Weiss: In particular, you capture large numbers of features. Instead of having tens of features, you’re talking about thousands to millions of features. Oftentimes, those features are collected in irregular ways. The ability for your predictive model to generalize may go down if the features collected where you want to deploy the model were not collected in a procedurally identical way.

There’s also the question of cost of transferring information for a risk score with 10 features or a risk score with a million features. If you want to deploy the algorithm with a million features, you have to go collect a whole bunch of those, or then you’re going to have a substantial amount of missing data, which basically means the predictive performance is likely to be reduced, because you’re kind of guessing at many of those features.

Why do you have to develop new algorithms to do this kind of work? What’s missing from algorithms that already exist?

Weiss: Machine learning methods have increased flexibility to model effects in ways that classical algorithms have not been able to do. They’re able to easily integrate other information sources, and that can lead to predictive boosts. The methods being developed are useful for predictive tasks, so long as you’re willing to focus on the population you’re training on, because these machine learning methods tend to have less generalizability compared to the classical methods.

Can you give an example of where machine learning methods outperform classical methods?

Weiss: One use case for machine learning is risk stratification. Researchers will conduct risk stratification analyses because they want to intervene on some subset of the population. There’s a Durham Diabetes Coalition, which took a risk score or risk stratification and said we’re going to intervene on the high-risk group much differently than the medium- and low-risk groups. How did they get the risk stratification? They trained the model — in this case, it was a classical model of logistic regression.

What we’re finding with machine learning is that we can do better, because we have the flexibility to improve prediction. If you intend to use the prediction for risk stratification — I just want to know who is at high risk and who is medium and low — it would behoove you to use a machine learning method, because you’re going to intervene on that population for which you trained.

You said machine learning algorithms are better at integrating other data sources. What kind of data sources are you referring to?

Weiss: There are all sorts of information sources, but, classically, we would think about images and text … kind of like social determinants of health data, monitoring, device information, things like that. There’s a lot of opportunity, but it becomes challenging because, oftentimes, there’s nonuniform collection of that data. You can get good prediction in a target population, but because of lack of standardization, it becomes challenging to generalize and integrate into clinical care practices.

You’ve described electronic health record data as messy. Why is that such a challenge?

Weiss: The data is going to be irregularly collected, unlike the collection mechanism you would see in a prospective cohort study. That leads to all sorts of potential biases in your data. Basically, it’s very difficult to tease apart whether it was the collection that’s giving you the boost in prediction of a particular variable or if it’s the actual value of said variable that’s leading to your boost in prediction. If it’s the fact that it was being collected and the collections were irregular, they could be irregular for any number of reasons. … Those irregularities lead to difficulties in trust and generalizability of algorithms. That’s a big limitation.

What you’ll also see is that, if you read a clinical guideline, you’ll see there may be hundreds of factors that are written either about the likelihood or progression of disease or the development of complications. But in an electronic health record, those things will not be uniformly measured. Not everyone will have every measurement, because those measurements are not indicated. It’s not indicated for you to have a CT scan if you don’t have some pathology that requires it.

So, again, you get this problem of, in those people who have the CT scan, they are going to be at a different level of risk because somebody knew that they were at that higher risk.

How do you go about removing bias?

Weiss: We validate the algorithms. Machine learning algorithms tend to validate better internally than externally — every algorithm tends to do that. But I think the degradation we typically see for machine learning algorithms is steeper when we go to external validation. That’s where it’s important to clarify the use case of the machine learning prediction. When you’re doing risk stratification and when you’re doing it for intervention internally or locally, that’s going to be where it really excels.

What other challenges have you experienced that still need work?

Weiss: Access to data can be challenging. Regulations are in place for good reason — to protect patient data. But that means that they also can create silos of data where the data formats may look different and things that are collected, the elements that are collected, and the way that the procedures are conducted vary — and the ways they vary are not documented.

That leads to this generalization challenge. … But that’s also linked to this idea that, when you want to bring new technologies into the healthcare space, if they’re going to be irregularly collected, that’s going to make it more difficult for the adoption of those methods. If we have mechanisms to link data to new technology in a uniform way, that’s going to be really helpful.

Go to Original Article
Author:

Announcing Windows 10 Insider Preview Build 18865 | Windows Experience Blog

Hello Windows Insiders, today we are releasing 20H1 Build 18865 to Windows Insiders who have opted into Skip Ahead. Remember – these builds are from the 20H1 development branch. Some things we are working on in 20H1 require a longer lead time.
IMPORTANT: As is normal with builds early in the development cycle, these builds may contain bugs that might be painful for some. If you take this flight, you won’t be able to switch back to the Fast or Slow rings without doing a clean-install on your PC and starting over.
If you are looking for a complete look at what build is in which Insider ring – head on over to Flight Hub. You can also check out the rest of our documentation here including a complete list of new features and updates that have gone out as part of Insider flights for the current development cycle.

In Cursor & pointer setting, tooltips will now show when you move the mouse over the different color options.
We fixed the issue where Narrator’s Copy command in Scan mode in Facebook’s “Write a comment” text field resulted in message “Item cannot take focus”.
Narrator now announces the toggle state of checkbox in Listview.
We fixed the issue where Narrator read “has finished loading” multiple times when loading a new page in Chrome.
We fixed the issue where Narrator did not read cell content in Excel when using F2 to edit.
We fixed the issue where Narrator said “end of line” when navigated to an empty cell while editing a table.
Scan mode will now switch off to allow typing in the edit field of a spinner control.
We fixed the issue where Narrator did not read aria-label information from button.
Improved Narrator’s fallback logic for controls with no accessible name.
Narrator will now present “invalid” or “required” properties on more controls.
We fixed the issue where Narrator Braille showed the window title instead of the first line on the braille display when navigating to the beginning of the document with Ctrl + Home in a text editing area.
Narrator Braille user can now reliably activate links by routing key.
We fixed the issue where Narrator Braille did not render information on the braille display about the login pop up while creating a page in Facebook.com.
We fixed the issue where Narrator Braille would show the accessible name in the beginning of every line in a text area.
We fixed an issue resulting in a duplicate empty copy of certain folders being created on upgrade for some users.
We fixed an issue where, if your computer supported Wi-Fi and you had the Performance tab set as default in Task Manager, on Task Manager launch, the Wi-Fi section in the Performance tab would appear to be selected, but the details displayed would be for the CPU section.
We fixed an issue resulting in some Insiders experiencing unexpected BitLocker prompts to encrypt certain drives, and then subsequently failing to encrypt.

Launching games that use anti-cheat software may trigger a bugcheck (GSOD).
Some Realtek SD card readers are not functioning properly. We are investigating the issue.
Creative X-Fi sound cards are not functioning properly. Creative has released updated drivers for some affected X-Fi sound cards. Please refer to Creative’s website for details on your particular hardware and any available updates.

If you install any of the recent builds from the Skip Ahead and switch to either the Fast ring or the Slow ring, optional content such as enabling developer mode will fail. You will have to remain in the Fast ring to add/install/enable optional content. This is because optional content will only install on builds approved for specific rings.

Test your skills. Get math help with Bing. Bing’s multiplication table is an interactive way to learn basic multiplication and quiz yourself on your progress. Have a math question you just can’t solve? Bing’s polynomial equation solver takes any polynomial and shows the factorization and solution.
If you want to be among the first to learn about these Bing features, join our Bing Insider Program.
No downtime for Hustle-As-A-Service,Dona

Wanted – Basic Desktop PC

Discussion in ‘Desktop Computer Classifieds‘ started by Marekj, Mar 21, 2019 at 2:56 PM.

  1. Marekj

    Marekj

    Active Member

    Joined:
    Apr 12, 2011
    Messages:
    559
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Ratings:
    +24

    Hi,

    An old Dell/HP box would be ideal.

    Requirements:

    I’d need to be able to add a GPU, if it doesn’t already have one. (nothing meaty – 1050/1060 mini card).
    If it has a GP, needs to be 1050 type level if its’ older, or thereabouts.
    8GB RAM (Or 4GB if there is an additional spare slot).
    Spare SATA to connect and SSD, should it not have one.
    Not sound like a jet engine.
    Be complete (i.e there is nothing I’d need to add, other than what I’ve outlined above)

    Looking to pay £150 max

    Location: Leamington Spa

    ______________________________________________________
    This message is automatically inserted in all classifieds forum threads.
    By replying to this thread you agree to abide by the trading rules detailed here.
    Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

    • Landline telephone number. Make a call to check out the area code and number are correct, too
    • Name and address including postcode
    • Valid e-mail address

    DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Share This Page

Loading…

Go to Original Article
Author:

Windows 10 SDK Preview Build 18361 available now! – Windows Developer Blog

Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18361 or greater). The Preview SDK Build 18361 contains bug fixes and under development changes to the API surface area.
The Preview SDK can be downloaded from developer section on Windows Insider.
For feedback and updates to the known issues, please see the developer forum. For new developer feature requests, head over to our Windows Platform UserVoice.

This build works in conjunction with previously released SDKs and Visual Studio 2017. You can install this SDK and still also continue to submit your apps that target Windows 10 build 1809 or earlier to the Microsoft Store.
The Windows SDK will now formally only be supported by Visual Studio 2017 and greater. You can download the Visual Studio 2017 here.
This build of the Windows SDK will install on Windows 10 Insider Preview builds and supported Windows operating systems.
In order to assist with script access to the SDK, the ISO will also be able to be accessed through the following URL: https://go.microsoft.com/fwlink/?prd=11966&pver=1.0&plcid=0x409&clcid=0x409&ar=Flight&sar=Sdsurl&o1=18361 once the static URL is published.

Message Compiler (mc.exe)

The “-mof” switch (to generate XP-compatible ETW helpers) is considered to be deprecated and will be removed in a future version of mc.exe. Removing this switch will cause the generated ETW helpers to expect Vista or later.
The “-A” switch (to generate .BIN files using ANSI encoding instead of Unicode) is considered to be deprecated and will be removed in a future version of mc.exe. Removing this switch will cause the generated .BIN files to use Unicode string encoding.
The behavior of the “-A” switch has changed. Prior to Windows 1607 Anniversary Update SDK, when using the -A switch, BIN files were encoded using the build system’s ANSI code page. In the Windows 1607 Anniversary Update SDK, mc.exe’s behavior was inadvertently changed to encode BIN files using the build system’s OEM code page. In the 19H1 SDK, mc.exe’s previous behavior has been restored and it now encodes BIN files using the build system’s ANSI code page. Note that the -A switch is deprecated, as ANSI-encoded BIN files do not provide a consistent user experience in multi-lingual systems.

IAppxPackageReader2 has been removed from appxpackaging.h
The interface IAppxPackageReader2 was removed from appxpackaging.h. Eliminate the use of use of IAppxPackageReader2 or use IAppxPackageReader instead.
Change to effect graph of the AcrylicBrush
In this Preview SDK, we’ll be adding a blend mode to the effect graph of the AcrylicBrush called Luminosity. This blend mode will ensure that shadows do not appear behind acrylic surfaces without a cutout. We will also be exposing a LuminosityBlendOpacity API available for tweaking that allows for more AcrylicBrush customization.
By default, for those that have not specified any LuminosityBlendOpacity on their AcrylicBrushes, we have implemented some logic to ensure that the Acrylic will look as similar as it can to current 1809 acrylics. Please note that we will be updating our default brushes to account for this recipe change.
TraceLoggingProvider.h  / TraceLoggingWrite
Events generated by TraceLoggingProvider.h (e.g. via TraceLoggingWrite macros) will now always have Id and Version set to 0.
Previously, TraceLoggingProvider.h would assign IDs to events at link time. These IDs were unique within a DLL or EXE, but changed from build to build and from module to module.

Additions:

namespace Windows.AI.MachineLearning {
public sealed class LearningModelSession : IClosable {
public LearningModelSession(LearningModel model, LearningModelDevice deviceToRunOn, LearningModelSessionOptions learningModelSessionOptions);
}
public sealed class LearningModelSessionOptions
public sealed class TensorBoolean : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorBoolean CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorBoolean CreateFromShapeArrayAndDataArray(long[] shape, bool[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorDouble : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorDouble CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorDouble CreateFromShapeArrayAndDataArray(long[] shape, double[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorFloat : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorFloat CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorFloat CreateFromShapeArrayAndDataArray(long[] shape, float[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorFloat16Bit : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorFloat16Bit CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorFloat16Bit CreateFromShapeArrayAndDataArray(long[] shape, float[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorInt16Bit : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorInt16Bit CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorInt16Bit CreateFromShapeArrayAndDataArray(long[] shape, short[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorInt32Bit : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorInt32Bit CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorInt32Bit CreateFromShapeArrayAndDataArray(long[] shape, int[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorInt64Bit : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorInt64Bit CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorInt64Bit CreateFromShapeArrayAndDataArray(long[] shape, long[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorInt8Bit : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorInt8Bit CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorInt8Bit CreateFromShapeArrayAndDataArray(long[] shape, byte[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorString : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorString CreateFromShapeArrayAndDataArray(long[] shape, string[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorUInt16Bit : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorUInt16Bit CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorUInt16Bit CreateFromShapeArrayAndDataArray(long[] shape, ushort[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorUInt32Bit : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorUInt32Bit CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorUInt32Bit CreateFromShapeArrayAndDataArray(long[] shape, uint[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorUInt64Bit : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorUInt64Bit CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorUInt64Bit CreateFromShapeArrayAndDataArray(long[] shape, ulong[] data);
IMemoryBufferReference CreateReference();
}
public sealed class TensorUInt8Bit : IClosable, ILearningModelFeatureValue, IMemoryBuffer, ITensor {
void Close();
public static TensorUInt8Bit CreateFromBuffer(long[] shape, IBuffer buffer);
public static TensorUInt8Bit CreateFromShapeArrayAndDataArray(long[] shape, byte[] data);
IMemoryBufferReference CreateReference();
}
}
namespace Windows.ApplicationModel {
public sealed class Package {
StorageFolder EffectiveLocation { get; }
StorageFolder MutableLocation { get; }
}
}
namespace Windows.ApplicationModel.AppService {
public sealed class AppServiceConnection : IClosable {
public static IAsyncOperation SendStatelessMessageAsync(AppServiceConnection connection, RemoteSystemConnectionRequest connectionRequest, ValueSet message);
}
public sealed class AppServiceTriggerDetails {
string CallerRemoteConnectionToken { get; }
}
public sealed class StatelessAppServiceResponse
public enum StatelessAppServiceResponseStatus
}
namespace Windows.ApplicationModel.Background {
public sealed class ConversationalAgentTrigger : IBackgroundTrigger
}
namespace Windows.ApplicationModel.Calls {
public sealed class PhoneLine {
string TransportDeviceId { get; }
void EnableTextReply(bool value);
}
public enum PhoneLineTransport {
Bluetooth = 2,
}
public sealed class PhoneLineTransportDevice
}
namespace Windows.ApplicationModel.Calls.Background {
public enum PhoneIncomingCallDismissedReason
public sealed class PhoneIncomingCallDismissedTriggerDetails
public enum PhoneTriggerType {
IncomingCallDismissed = 6,
}
}
namespace Windows.ApplicationModel.Calls.Provider {
public static class PhoneCallOriginManager {
public static bool IsSupported { get; }
}
}
namespace Windows.ApplicationModel.ConversationalAgent {
public sealed class ConversationalAgentSession : IClosable
public sealed class ConversationalAgentSessionInterruptedEventArgs
public enum ConversationalAgentSessionUpdateResponse
public sealed class ConversationalAgentSignal
public sealed class ConversationalAgentSignalDetectedEventArgs
public enum ConversationalAgentState
public sealed class ConversationalAgentSystemStateChangedEventArgs
public enum ConversationalAgentSystemStateChangeType
}
namespace Windows.ApplicationModel.Preview.Holographic {
public sealed class HolographicKeyboardPlacementOverridePreview
}
namespace Windows.ApplicationModel.Resources {
public sealed class ResourceLoader {
public static ResourceLoader GetForUIContext(UIContext context);
}
}
namespace Windows.ApplicationModel.Resources.Core {
public sealed class ResourceCandidate {
ResourceCandidateKind Kind { get; }
}
public enum ResourceCandidateKind
public sealed class ResourceContext {
public static ResourceContext GetForUIContext(UIContext context);
}
}
namespace Windows.ApplicationModel.UserActivities {
public sealed class UserActivityChannel {
public static UserActivityChannel GetForUser(User user);
}
}
namespace Windows.Devices.Bluetooth.GenericAttributeProfile {
public enum GattServiceProviderAdvertisementStatus {
StartedWithoutAllAdvertisementData = 4,
}
public sealed class GattServiceProviderAdvertisingParameters {
IBuffer ServiceData { get; set; }
}
}
namespace Windows.Devices.Enumeration {
public enum DevicePairingKinds : uint {
ProvidePasswordCredential = (uint)16,
}
public sealed class DevicePairingRequestedEventArgs {
void AcceptWithPasswordCredential(PasswordCredential passwordCredential);
}
}
namespace Windows.Devices.Input {
public sealed class PenDevice
}
namespace Windows.Devices.PointOfService {
public sealed class JournalPrinterCapabilities : ICommonPosPrintStationCapabilities {
bool IsReversePaperFeedByLineSupported { get; }
bool IsReversePaperFeedByMapModeUnitSupported { get; }
bool IsReverseVideoSupported { get; }
bool IsStrikethroughSupported { get; }
bool IsSubscriptSupported { get; }
bool IsSuperscriptSupported { get; }
}
public sealed class JournalPrintJob : IPosPrinterJob {
void FeedPaperByLine(int lineCount);
void FeedPaperByMapModeUnit(int distance);
void Print(string data, PosPrinterPrintOptions printOptions);
}
public sealed class PosPrinter : IClosable {
IVectorView SupportedBarcodeSymbologies { get; }
PosPrinterFontProperty GetFontProperty(string typeface);
}
public sealed class PosPrinterFontProperty
public sealed class PosPrinterPrintOptions
public sealed class ReceiptPrinterCapabilities : ICommonPosPrintStationCapabilities, ICommonReceiptSlipCapabilities {
bool IsReversePaperFeedByLineSupported { get; }
bool IsReversePaperFeedByMapModeUnitSupported { get; }
bool IsReverseVideoSupported { get; }
bool IsStrikethroughSupported { get; }
bool IsSubscriptSupported { get; }
bool IsSuperscriptSupported { get; }
}
public sealed class ReceiptPrintJob : IPosPrinterJob, IReceiptOrSlipJob {
void FeedPaperByLine(int lineCount);
void FeedPaperByMapModeUnit(int distance);
void Print(string data, PosPrinterPrintOptions printOptions);
void StampPaper();
}
public struct SizeUInt32
public sealed class SlipPrinterCapabilities : ICommonPosPrintStationCapabilities, ICommonReceiptSlipCapabilities {
bool IsReversePaperFeedByLineSupported { get; }
bool IsReversePaperFeedByMapModeUnitSupported { get; }
bool IsReverseVideoSupported { get; }
bool IsStrikethroughSupported { get; }
bool IsSubscriptSupported { get; }
bool IsSuperscriptSupported { get; }
}
public sealed class SlipPrintJob : IPosPrinterJob, IReceiptOrSlipJob {
void FeedPaperByLine(int lineCount);
void FeedPaperByMapModeUnit(int distance);
void Print(string data, PosPrinterPrintOptions printOptions);
}
}
namespace Windows.Globalization {
public sealed class CurrencyAmount
}
namespace Windows.Graphics.DirectX {
public enum DirectXPrimitiveTopology
}
namespace Windows.Graphics.Holographic {
public sealed class HolographicCamera {
HolographicViewConfiguration ViewConfiguration { get; }
}
public sealed class HolographicDisplay {
HolographicViewConfiguration TryGetViewConfiguration(HolographicViewConfigurationKind kind);
}
public sealed class HolographicViewConfiguration
public enum HolographicViewConfigurationKind
}
namespace Windows.Management.Deployment {
public enum AddPackageByAppInstallerOptions : uint {
LimitToExistingPackages = (uint)512,
}
public enum DeploymentOptions : uint {
RetainFilesOnFailure = (uint)2097152,
}
}
namespace Windows.Media.Devices {
public sealed class InfraredTorchControl
public enum InfraredTorchMode
public sealed class VideoDeviceController : IMediaDeviceController {
InfraredTorchControl InfraredTorchControl { get; }
}
}
namespace Windows.Media.Miracast {
public sealed class MiracastReceiver
public sealed class MiracastReceiverApplySettingsResult
public enum MiracastReceiverApplySettingsStatus
public enum MiracastReceiverAuthorizationMethod
public sealed class MiracastReceiverConnection : IClosable
public sealed class MiracastReceiverConnectionCreatedEventArgs
public sealed class MiracastReceiverCursorImageChannel
public sealed class MiracastReceiverCursorImageChannelSettings
public sealed class MiracastReceiverDisconnectedEventArgs
public enum MiracastReceiverDisconnectReason
public sealed class MiracastReceiverGameControllerDevice
public enum MiracastReceiverGameControllerDeviceUsageMode
public sealed class MiracastReceiverInputDevices
public sealed class MiracastReceiverKeyboardDevice
public enum MiracastReceiverListeningStatus
public sealed class MiracastReceiverMediaSourceCreatedEventArgs
public sealed class MiracastReceiverSession : IClosable
public sealed class MiracastReceiverSessionStartResult
public enum MiracastReceiverSessionStartStatus
public sealed class MiracastReceiverSettings
public sealed class MiracastReceiverStatus
public sealed class MiracastReceiverStreamControl
public sealed class MiracastReceiverVideoStreamSettings
public enum MiracastReceiverWiFiStatus
public sealed class MiracastTransmitter
public enum MiracastTransmitterAuthorizationStatus
}
namespace Windows.Networking.Connectivity {
public enum NetworkAuthenticationType {
Wpa3 = 10,
Wpa3Sae = 11,
}
}
namespace Windows.Networking.NetworkOperators {
public sealed class ESim {
ESimDiscoverResult Discover();
ESimDiscoverResult Discover(string serverAddress, string matchingId);
IAsyncOperation DiscoverAsync();
IAsyncOperation DiscoverAsync(string serverAddress, string matchingId);
}
public sealed class ESimDiscoverEvent
public sealed class ESimDiscoverResult
public enum ESimDiscoverResultKind
}
namespace Windows.Perception.People {
public sealed class EyesPose
public enum HandJointKind
public sealed class HandMeshObserver
public struct HandMeshVertex
public sealed class HandMeshVertexState
public sealed class HandPose
public struct JointPose
public enum JointPoseAccuracy
}
namespace Windows.Perception.Spatial {
public struct SpatialRay
}
namespace Windows.Perception.Spatial.Preview {
public sealed class SpatialGraphInteropFrameOfReferencePreview
public static class SpatialGraphInteropPreview {
public static SpatialGraphInteropFrameOfReferencePreview TryCreateFrameOfReference(SpatialCoordinateSystem coordinateSystem);
public static SpatialGraphInteropFrameOfReferencePreview TryCreateFrameOfReference(SpatialCoordinateSystem coordinateSystem, Vector3 relativePosition);
public static SpatialGraphInteropFrameOfReferencePreview TryCreateFrameOfReference(SpatialCoordinateSystem coordinateSystem, Vector3 relativePosition, Quaternion relativeOrientation);
}
}
namespace Windows.Security.Authorization.AppCapabilityAccess {
public sealed class AppCapability
public sealed class AppCapabilityAccessChangedEventArgs
public enum AppCapabilityAccessStatus
}
namespace Windows.Security.DataProtection {
public enum UserDataAvailability
public sealed class UserDataAvailabilityStateChangedEventArgs
public sealed class UserDataBufferUnprotectResult
public enum UserDataBufferUnprotectStatus
public sealed class UserDataProtectionManager
public sealed class UserDataStorageItemProtectionInfo
public enum UserDataStorageItemProtectionStatus
}
namespace Windows.Storage.AccessCache {
public static class StorageApplicationPermissions {
public static StorageItemAccessList GetFutureAccessListForUser(User user);
public static StorageItemMostRecentlyUsedList GetMostRecentlyUsedListForUser(User user);
}
}
namespace Windows.Storage.Pickers {
public sealed class FileOpenPicker {
User User { get; }
public static FileOpenPicker CreateForUser(User user);
}
public sealed class FileSavePicker {
User User { get; }
public static FileSavePicker CreateForUser(User user);
}
public sealed class FolderPicker {
User User { get; }
public static FolderPicker CreateForUser(User user);
}
}
namespace Windows.System {
public sealed class DispatcherQueue {
bool HasThreadAccess { get; }
}
public enum ProcessorArchitecture {
Arm64 = 12,
X86OnArm64 = 14,
}
}
namespace Windows.System.Profile {
public static class AppApplicability
public sealed class UnsupportedAppRequirement
public enum UnsupportedAppRequirementReasons : uint
}
namespace Windows.System.RemoteSystems {
public sealed class RemoteSystem {
User User { get; }
public static RemoteSystemWatcher CreateWatcherForUser(User user);
public static RemoteSystemWatcher CreateWatcherForUser(User user, IIterable filters);
}
public sealed class RemoteSystemApp {
string ConnectionToken { get; }
User User { get; }
}
public sealed class RemoteSystemConnectionRequest {
string ConnectionToken { get; }
public static RemoteSystemConnectionRequest CreateFromConnectionToken(string connectionToken);
public static RemoteSystemConnectionRequest CreateFromConnectionTokenForUser(User user, string connectionToken);
}
public sealed class RemoteSystemWatcher {
User User { get; }
}
}
namespace Windows.UI {
public sealed class UIContentRoot
public sealed class UIContext
}
namespace Windows.UI.Composition {
public enum CompositionBitmapInterpolationMode {
MagLinearMinLinearMipLinear = 2,
MagLinearMinLinearMipNearest = 3,
MagLinearMinNearestMipLinear = 4,
MagLinearMinNearestMipNearest = 5,
MagNearestMinLinearMipLinear = 6,
MagNearestMinLinearMipNearest = 7,
MagNearestMinNearestMipLinear = 8,
MagNearestMinNearestMipNearest = 9,
}
public sealed class CompositionGraphicsDevice : CompositionObject {
CompositionMipmapSurface CreateMipmapSurface(SizeInt32 sizePixels, DirectXPixelFormat pixelFormat, DirectXAlphaMode alphaMode);
void Trim();
}
public sealed class CompositionMipmapSurface : CompositionObject, ICompositionSurface
public sealed class CompositionProjectedShadow : CompositionObject
public sealed class CompositionProjectedShadowCaster : CompositionObject
public sealed class CompositionProjectedShadowCasterCollection : CompositionObject, IIterable
public sealed class CompositionProjectedShadowReceiver : CompositionObject
public sealed class CompositionProjectedShadowReceiverUnorderedCollection : CompositionObject, IIterable
public sealed class CompositionRadialGradientBrush : CompositionGradientBrush
public sealed class CompositionSurfaceBrush : CompositionBrush {
bool SnapToPixels { get; set; }
}
public class CompositionTransform : CompositionObject
public sealed class CompositionVisualSurface : CompositionObject, ICompositionSurface
public sealed class Compositor : IClosable {
CompositionProjectedShadow CreateProjectedShadow();
CompositionProjectedShadowCaster CreateProjectedShadowCaster();
CompositionProjectedShadowReceiver CreateProjectedShadowReceiver();
CompositionRadialGradientBrush CreateRadialGradientBrush();
CompositionVisualSurface CreateVisualSurface();
}
public interface IVisualElement
}
namespace Windows.UI.Composition.Interactions {
public enum InteractionBindingAxisModes : uint
public sealed class InteractionTracker : CompositionObject {
public static InteractionBindingAxisModes GetBindingMode(InteractionTracker boundTracker1, InteractionTracker boundTracker2);
public static void SetBindingMode(InteractionTracker boundTracker1, InteractionTracker boundTracker2, InteractionBindingAxisModes axisMode);
}
public sealed class InteractionTrackerCustomAnimationStateEnteredArgs {
bool IsFromBinding { get; }
}
public sealed class InteractionTrackerIdleStateEnteredArgs {
bool IsFromBinding { get; }
}
public sealed class InteractionTrackerInertiaStateEnteredArgs {
bool IsFromBinding { get; }
}
public sealed class InteractionTrackerInteractingStateEnteredArgs {
bool IsFromBinding { get; }
}
public class VisualInteractionSource : CompositionObject, ICompositionInteractionSource {
public static VisualInteractionSource CreateFromIVisualElement(IVisualElement source);
}
}
namespace Windows.UI.Composition.Scenes {
public enum SceneAlphaMode
public enum SceneAttributeSemantic
public sealed class SceneBoundingBox : SceneObject
public class SceneComponent : SceneObject
public sealed class SceneComponentCollection : SceneObject, IIterable, IVector
public enum SceneComponentType
public class SceneMaterial : SceneObject
public class SceneMaterialInput : SceneObject
public sealed class SceneMesh : SceneObject
public sealed class SceneMeshMaterialAttributeMap : SceneObject, IIterable, IMap
public sealed class SceneMeshRendererComponent : SceneRendererComponent
public sealed class SceneMetallicRoughnessMaterial : ScenePbrMaterial
public sealed class SceneModelTransform : CompositionTransform
public sealed class SceneNode : SceneObject
public sealed class SceneNodeCollection : SceneObject, IIterable, IVector
public class SceneObject : CompositionObject
public class ScenePbrMaterial : SceneMaterial
public class SceneRendererComponent : SceneComponent
public sealed class SceneSurfaceMaterialInput : SceneMaterialInput
public sealed class SceneVisual : ContainerVisual
public enum SceneWrappingMode
}
namespace Windows.UI.Core {
public sealed class CoreWindow : ICorePointerRedirector, ICoreWindow {
UIContext UIContext { get; }
}
}
namespace Windows.UI.Core.Preview {
public sealed class CoreAppWindowPreview
}
namespace Windows.UI.Input {
public class AttachableInputObject : IClosable
public enum GazeInputAccessStatus
public sealed class InputActivationListener : AttachableInputObject
public sealed class InputActivationListenerActivationChangedEventArgs
public enum InputActivationState
}
namespace Windows.UI.Input.Preview {
public static class InputActivationListenerPreview
}
namespace Windows.UI.Input.Spatial {
public sealed class SpatialInteractionManager {
public static bool IsSourceKindSupported(SpatialInteractionSourceKind kind);
}
public sealed class SpatialInteractionSource {
HandMeshObserver TryCreateHandMeshObserver();
IAsyncOperation TryCreateHandMeshObserverAsync();
}
public sealed class SpatialInteractionSourceState {
HandPose TryGetHandPose();
}
public sealed class SpatialPointerPose {
EyesPose Eyes { get; }
bool IsHeadCapturedBySystem { get; }
}
}
namespace Windows.UI.Notifications {
public sealed class ToastActivatedEventArgs {
ValueSet UserInput { get; }
}
public sealed class ToastNotification {
bool ExpiresOnReboot { get; set; }
}
}
namespace Windows.UI.ViewManagement {
public sealed class ApplicationView {
string PersistedStateId { get; set; }
UIContext UIContext { get; }
WindowingEnvironment WindowingEnvironment { get; }
public static void ClearAllPersistedState();
public static void ClearPersistedState(string key);
IVectorView GetDisplayRegions();
}
public sealed class InputPane {
public static InputPane GetForUIContext(UIContext context);
}
public sealed class UISettings {
bool AutoHideScrollBars { get; }
event TypedEventHandler AutoHideScrollBarsChanged;
}
public sealed class UISettingsAutoHideScrollBarsChangedEventArgs
}
namespace Windows.UI.ViewManagement.Core {
public sealed class CoreInputView {
public static CoreInputView GetForUIContext(UIContext context);
}
}
namespace Windows.UI.WindowManagement {
public sealed class AppWindow
public sealed class AppWindowChangedEventArgs
public sealed class AppWindowClosedEventArgs
public enum AppWindowClosedReason
public sealed class AppWindowCloseRequestedEventArgs
public sealed class AppWindowFrame
public enum AppWindowFrameStyle
public sealed class AppWindowPlacement
public class AppWindowPresentationConfiguration
public enum AppWindowPresentationKind
public sealed class AppWindowPresenter
public sealed class AppWindowTitleBar
public sealed class AppWindowTitleBarOcclusion
public enum AppWindowTitleBarVisibility
public sealed class CompactOverlayPresentationConfiguration : AppWindowPresentationConfiguration
public sealed class DefaultPresentationConfiguration : AppWindowPresentationConfiguration
public sealed class DisplayRegion
public sealed class FullScreenPresentationConfiguration : AppWindowPresentationConfiguration
public sealed class WindowingEnvironment
public sealed class WindowingEnvironmentAddedEventArgs
public sealed class WindowingEnvironmentChangedEventArgs
public enum WindowingEnvironmentKind
public sealed class WindowingEnvironmentRemovedEventArgs
}
namespace Windows.UI.WindowManagement.Preview {
public sealed class WindowManagementPreview
}
namespace Windows.UI.Xaml {
public class UIElement : DependencyObject, IAnimationObject, IVisualElement {
Vector3 ActualOffset { get; }
Vector2 ActualSize { get; }
Shadow Shadow { get; set; }
public static DependencyProperty ShadowProperty { get; }
UIContext UIContext { get; }
XamlRoot XamlRoot { get; set; }
}
public class UIElementWeakCollection : IIterable, IVector
public sealed class Window {
UIContext UIContext { get; }
}
public sealed class XamlRoot
public sealed class XamlRootChangedEventArgs
}
namespace Windows.UI.Xaml.Controls {
public sealed class DatePickerFlyoutPresenter : Control {
bool IsDefaultShadowEnabled { get; set; }
public static DependencyProperty IsDefaultShadowEnabledProperty { get; }
}
public class FlyoutPresenter : ContentControl {
bool IsDefaultShadowEnabled { get; set; }
public static DependencyProperty IsDefaultShadowEnabledProperty { get; }
}
public class InkToolbar : Control {
InkPresenter TargetInkPresenter { get; set; }
public static DependencyProperty TargetInkPresenterProperty { get; }
}
public class MenuFlyoutPresenter : ItemsControl {
bool IsDefaultShadowEnabled { get; set; }
public static DependencyProperty IsDefaultShadowEnabledProperty { get; }
}
public sealed class TimePickerFlyoutPresenter : Control {
bool IsDefaultShadowEnabled { get; set; }
public static DependencyProperty IsDefaultShadowEnabledProperty { get; }
}
public class TwoPaneView : Control
public enum TwoPaneViewMode
public enum TwoPaneViewPriority
public enum TwoPaneViewTallModeConfiguration
public enum TwoPaneViewWideModeConfiguration
}
namespace Windows.UI.Xaml.Controls.Maps {
public sealed class MapControl : Control {
bool CanTiltDown { get; }
public static DependencyProperty CanTiltDownProperty { get; }
bool CanTiltUp { get; }
public static DependencyProperty CanTiltUpProperty { get; }
bool CanZoomIn { get; }
public static DependencyProperty CanZoomInProperty { get; }
bool CanZoomOut { get; }
public static DependencyProperty CanZoomOutProperty { get; }
}
public enum MapLoadingStatus {
DownloadedMapsManagerUnavailable = 3,
}
}
namespace Windows.UI.Xaml.Controls.Primitives {
public sealed class AppBarTemplateSettings : DependencyObject {
double NegativeCompactVerticalDelta { get; }
double NegativeHiddenVerticalDelta { get; }
double NegativeMinimalVerticalDelta { get; }
}
public sealed class CommandBarTemplateSettings : DependencyObject {
double OverflowContentCompactYTranslation { get; }
double OverflowContentHiddenYTranslation { get; }
double OverflowContentMinimalYTranslation { get; }
}
public class FlyoutBase : DependencyObject {
bool IsConstrainedToRootBounds { get; }
bool ShouldConstrainToRootBounds { get; set; }
public static DependencyProperty ShouldConstrainToRootBoundsProperty { get; }
XamlRoot XamlRoot { get; set; }
}
public sealed class Popup : FrameworkElement {
bool IsConstrainedToRootBounds { get; }
bool ShouldConstrainToRootBounds { get; set; }
public static DependencyProperty ShouldConstrainToRootBoundsProperty { get; }
}
}
namespace Windows.UI.Xaml.Core.Direct {
public enum XamlPropertyIndex {
AppBarTemplateSettings_NegativeCompactVerticalDelta = 2367,
AppBarTemplateSettings_NegativeHiddenVerticalDelta = 2368,
AppBarTemplateSettings_NegativeMinimalVerticalDelta = 2369,
CommandBarTemplateSettings_OverflowContentCompactYTranslation = 2384,
CommandBarTemplateSettings_OverflowContentHiddenYTranslation = 2385,
CommandBarTemplateSettings_OverflowContentMinimalYTranslation = 2386,
FlyoutBase_ShouldConstrainToRootBounds = 2378,
FlyoutPresenter_IsDefaultShadowEnabled = 2380,
MenuFlyoutPresenter_IsDefaultShadowEnabled = 2381,
Popup_ShouldConstrainToRootBounds = 2379,
ThemeShadow_Receivers = 2279,
UIElement_ActualOffset = 2382,
UIElement_ActualSize = 2383,
UIElement_Shadow = 2130,
}
public enum XamlTypeIndex {
ThemeShadow = 964,
}
}
namespace Windows.UI.Xaml.Documents {
public class TextElement : DependencyObject {
XamlRoot XamlRoot { get; set; }
}
}
namespace Windows.UI.Xaml.Hosting {
public sealed class ElementCompositionPreview {
public static UIElement GetAppWindowContent(AppWindow appWindow);
public static void SetAppWindowContent(AppWindow appWindow, UIElement xamlContent);
}
}
namespace Windows.UI.Xaml.Input {
public sealed class FocusManager {
public static object GetFocusedElement(XamlRoot xamlRoot);
}
public class StandardUICommand : XamlUICommand {
StandardUICommandKind Kind { get; set; }
}
}
namespace Windows.UI.Xaml.Media {
public class AcrylicBrush : XamlCompositionBrushBase {
IReference TintLuminosityOpacity { get; set; }
public static DependencyProperty TintLuminosityOpacityProperty { get; }
}
public class Shadow : DependencyObject
public class ThemeShadow : Shadow
public sealed class VisualTreeHelper {
public static IVectorView GetOpenPopupsForXamlRoot(XamlRoot xamlRoot);
}
}
namespace Windows.UI.Xaml.Media.Animation {
public class GravityConnectedAnimationConfiguration : ConnectedAnimationConfiguration {
bool IsShadowEnabled { get; set; }
}
}
namespace Windows.Web.Http {
public sealed class HttpClient : IClosable, IStringable {
IAsyncOperationWithProgress TryDeleteAsync(Uri uri);
IAsyncOperationWithProgress TryGetAsync(Uri uri);
IAsyncOperationWithProgress TryGetAsync(Uri uri, HttpCompletionOption completionOption);
IAsyncOperationWithProgress TryGetBufferAsync(Uri uri);
IAsyncOperationWithProgress TryGetInputStreamAsync(Uri uri);
IAsyncOperationWithProgress TryGetStringAsync(Uri uri);
IAsyncOperationWithProgress TryPostAsync(Uri uri, IHttpContent content);
IAsyncOperationWithProgress TryPutAsync(Uri uri, IHttpContent content);
IAsyncOperationWithProgress TrySendRequestAsync(HttpRequestMessage request);
IAsyncOperationWithProgress TrySendRequestAsync(HttpRequestMessage request, HttpCompletionOption completionOption);
}
public sealed class HttpGetBufferResult : IClosable, IStringable
public sealed class HttpGetInputStreamResult : IClosable, IStringable
public sealed class HttpGetStringResult : IClosable, IStringable
public sealed class HttpRequestResult : IClosable, IStringable
}
namespace Windows.Web.Http.Filters {
public sealed class HttpBaseProtocolFilter : IClosable, IHttpFilter {
User User { get; }
public static HttpBaseProtocolFilter CreateForUser(User user);
}
}

Updated March 26, 2019 10:40 am

From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw – Microsoft Security

With Microsoft continuously improving kernel mitigations and raising the bar for exploiting native kernel components, third-party kernel drivers are becoming a more appealing target for attackers and an important area of research for security analysts. A vulnerability in a signed third-party driver could have a serious impact: it can be abused by attackers to escalate privileges or, more commonly, bypass driver signature enforcement—without the complexity of using a more expensive zero-day kernel exploit in the OS itself.

Computer manufacturers usually ship devices with software and tools that facilitate device management. These software and tools, including drivers, often contain components that run with ring-0 privileges in the kernel. With these components installed by default, each must be as secure as the kernel; even one flawed component could become the Achilles’ heel of the whole kernel security design.

We discovered such a driver while investigating an alert raised by Microsoft Defender Advanced Threat Protection’s kernel sensors. We traced the anomalous behavior to a device management driver developed by Huawei. Digging deeper, we found a lapse in the design that led to a vulnerability that could allow local privilege escalation.

We reported the vulnerability (assigned CVE-2019-5241) to Huawei, who responded and cooperated quickly and professionally. On January 9, 2019, Huawei released a fix. In this blog post, we’d like to share our journey from investigating one Microsoft Defender ATP alert to discovering a vulnerability, cooperating with the vendor, and protecting customers.

Detecting kernel-initiated code injections with Microsoft Defender ATP

Starting in Windows 10, version 1809, the kernel has been instrumented with new sensors designed to trace User APC code injection initiated by a kernel code, providing better visibility into kernel threats like DOUBLEPULSAR. As described in our in-depth analysis, DOUBLEPULSAR is a kernel backdoor used by the WannaCry ransomware to inject the main payload into user-space. DOUBLEPULSAR copied the user payload from the kernel into an executable memory region in lsass.exe and inserted a User APC to a victim thread with NormalRoutine targeting this region.

figure-01-WannaCry-user-APC-injection-technique-schematic-diagram

Figure 1. WannaCry User APC injection technique schematic diagram

While the User APC code injection technique isn’t novel (see Conficker or Valerino’s earliest proof-of-concept), detecting threats running in the kernel is not trivial. Since PatchGuard was introduced, hooking NTOSKRNL is no longer allowed; there’s no documented way drivers could get notification for any of the above operations. Hence, without proper optics, the only sustainable strategy would be applying memory forensics, which can be complicated.

The new set of kernel sensors aim to address this kind of kernel threat. Microsoft Defender ATP leverages these sensors to detect suspicious operations invoked by a kernel code that might lead to code injection into user-mode. One such suspicious operation triggered this investigation.

Investigating an anomalous code injection from the kernel

While monitoring alerts related to kernel-mode attacks, one alert drew our attention:

figure-02-2-Microsoft-Defender-ATP-kernel-initiating-code-injection-alert

Figure 2. Microsoft Defender ATP kernel-initiating code injection alert

The alert process tree showed an abnormal memory allocation and execution in the context of services.exe by a kernel code. Investigating further, we found that an identical alert was fired on another machine around the same time.

To get a better understanding of the observed anomaly, we looked at the raw signals we got from the kernel sensors. This analysis yielded the following findings:

  • A system thread called nt!NtAllocateVirtualMemory allocated a single page (size = 0x1000) with PAGE_EXECUTE_READWRITE protection mask in services.exe address space
  • The system thread then called nt!KeInsertQueueApc to queue User APC to a services.exe arbitrary thread with NormalRoutine pointing to the beginning of the executable page and NormalContext pointing to offset 0x800

The payload copied from kernel mode is divided into two portions: a shellcode (NormalRoutine) and a parameter block (NormalContext). At this point, the overall behavior looked suspicious enough for us to proceed with the hunting. Our goal was to incriminate the kernel code that triggered the alert.

Incriminating the source

In user-mode threats, the caller process context could shed light on the actor and link to other phases in the attack chain. In contrast, with kernel-mode threats, the story is more complicated. The kernel by nature is asynchronous; callbacks might be called in an arbitrary context, making process context meaningless for forensics purposes.

Therefore, we tried to find an indirect evidence to third-party code loaded into the kernel. By inspecting the machine timeline, we found that several third-party drivers were loaded earlier that day.

We concluded based on their file path that they are all related to an app from Huawei called PC Manager, a device management software for Huawei MateBook laptops. The installer is available on Huawei website, so we downloaded it for inspection. For each Huawei driver we used dumpbin.exe to examine imported functions.

And then we had a hit:

figure-03-dumpbin-utility-used-to-detect-user-APC injection-primitives

Figure 3. dumpbin utility used to detect user APC injection primitives

HwOs2Ec10x64.sys: Unexpected behavior from a driver

Hunting led us to the kernel code that triggered the alert. One would expect that a device management software would perform mostly hardware-related tasks, with the supplied device drivers being the communication layer with the OEM-specific hardware. So why was this driver exhibiting unusual behavior? To answer this question, we reverse-engineered HwOs2Ec10x64.sys.

Our entry point was the function implementing the user APC injection. We found a code path that:

  1. allocates RWX page in some target process;
  2. resolves CreateProcessW and CloseHandle function pointers in the address space of the target process;
  3. copies a code area from the driver as well as what seemed to be a parameter block to the allocated page; and
  4. performs User APC injection targeting that page

The parameter block contains both the resolved function pointers as well as a string, which was found to be a command line.

figure-04-User-APC-injection-code

Figure 4. User APC injection code

The APC normal routine is a shellcode which calls CreateProcessW with the given process command line string. This implied that the purpose of the code injection to services.exe is to spawn a child process.

figure-05-User-shellcode-performing-process-creation

Figure 5. User shellcode performing process creation

Inspecting the xrefs, we noticed that the injection code originated from a create-process notify routine when Create = FALSE. Hence, the trigger was some process termination.

But what command does the shellcode execute? Attaching a kernel debugger and setting a breakpoint on the memcpy_s in charge of copying the parameters from kernel to user-mode revealed the created process: one of Huawei’s installed services, MateBookService.exe, invoked with “/startup” in its command line.

figure-06-2-Breakpoint-hit-on-the-call-to-memcpy_s-copying-shellcode-parameters

Figure 6. Breakpoint hit on the call to memcpy_s copying shellcode parameters

Why would a valid service be started that way? Inspecting MateBookService.exe!main revealed a “startup mode” that revived the service if it’s stopped – some sort of watchdog mechanism meant to keep the Huawei PC Manager main service running.

figure-07-MateBookService-exe-startup-code-path

Figure 7. MateBookService.exe /startup code path

At this point of the investigation, the only missing piece in the puzzle was making sure the terminated process triggering the injection is indeed MateBookService.exe.

figure-08-Validating-terminated-process-identity

Figure 8. Validating terminated process identity

The code path that decides whether to inject to services.exe uses a global list of watched process names. Hitting a breakpoint in the iteration loop revealed which process was registered: it was MateBookService.exe, as expected, and it was the only process on that list.

figure-09-Breakpoint-hit-during-process-name-comparison-against-global-list

Figure 9. Breakpoint hit during process name comparison against global list

HwOs2Ec10x64.sys also provided process protection against external tampering. Any attempt to force MateBookService.exe termination would fail with Access Denied.

Abusing HwOs2Ec10x64.sys process watch mechanism

The next step in our investigation was to determine whether an attacker can tamper with the global watched process list. We came across an IOCTL handler that added an entry to that list. MateBookService.exe process likely uses this IOCTL to register itself when the service starts. This IOCTL is sent to the driver control device, created from its DriverEntry.

figure-10-HwOs2Ec10x64.sys-control-device-creation-with-IoCreateDevice

Figure 10. HwOs2Ec10x64.sys control device creation with IoCreateDevice

Since the device object is created with IoCreateDevice, Everyone has RW access to it. Another important observation was that this device isn’t exclusive, hence multiple handles could be opened to it.

Nevertheless, when we tried to open a handle to the device \.HwOs2EcX64, it failed with Last Error = 537, “Application verifier has found an error in the current process”. The driver was rejecting our request to open the device. How is access enforced? It must be on the CreateFile path; in other words, in HwOs2Ec10x64.sys IRP_MJ_CREATE dispatch routine.

figure-11-IRP_MJ_CREATE-dispatch-routine

Figure 11. IRP_MJ_CREATE dispatch routine

This function validates the calling process by making sure that the main executable path belongs to a whitelist (e.g., C:Program FilesHuaweiPCManagerMateBookService.exe). This simple check on the initiating process name, however, doesn’t guarantee the integrity of the calling process. An attacker-controlled instance of MateBookService.exe will still be granted access to the device \.HwOs2EcX64 and be able to call some of its IRP functions. Then, the attacker-controlled process could abuse this capability to talk with the device to register a watched executable of its own choice. Given the fact that a parent process has full permissions over its children, even a code with low privileges might spawn an infected MateBookService.exe and inject code into it. In our proof-of-concept, we used process hollowing.

figure-12-Procmon-utility-results-showing-POC-process-start-exit-IL

Figure 12. Procmon utility results showing POC process start/exit & IL

Because watched processes are blindly launched by the watchdog when they’re terminated, the attacker-controlled executable would be invoked as a child of services.exe, running as LocalSystem, hence with elevated privileges.

figure-13-Procexp-utility-process-tree-view-showing-LPE_POC-running-as-LocalSystem

Figure 13. Procexp utility process-tree view showing LPE_POC running as LocalSystem

Responsible disclosure and protecting customers

Once we had a working POC demonstrating the elevation of privilege from a low-integrity attacker-controlled process, we responsibly reported the bug to Huawei through the Microsoft Security Vulnerability Research (MSVR) program. The vulnerability was assigned CVE-2019-5241. Meanwhile, we kept our customers safe by building a detection mechanism that would raise an alert for any successful privilege escalation exploiting the HwOs2Ec10x64.sys watchdog vulnerability as we described.

figure-14-2-Microsoft-Defender-ATP-alerting-on-the-privilege-escalation-POC-code

Figure 14. Microsoft Defender ATP alerting on the privilege escalation POC code

Abusing a second IOCTL handler

Having been able to freely invoke IOCTL handlers of the driver from user-mode, we looked for other capabilities that can be abused. We found one: the driver provided a capability to map any physical page into user-mode with RW permissions. Invoking this handler allowed a code running with low privileges to read-write beyond the process boundaries—to other processes or even to kernel space. This, of course, means a full machine compromise.

We also worked with Huawei to fix this second vulnerability, which was assigned CVE-2019-5242. Huawei addressed the flaw in the same security advisory.

We presented our research at the Blue Hat IL Conference in February. Watch the video recording here, and get the slide deck here.

Summary

The two vulnerabilities we discovered in a driver prove the importance of designing software and products with security in mind. Security boundaries must be honored. Attack surface should be minimized as much as possible. In this case, the flaws could have been prevented if certain precautions were taken:

  • The device object created by the driver should be created with a DACL granting SYSTEM RW access (since only the vendor’s services were communicating directly with the driver)
  • If a service should persist, developers should check that it’s not already provided by the OS before trying to implement a complex mechanism
  • User-mode shouldn’t be allowed to perform privileged operations like writing to any physical page; if needed, the driver should do the actual writing for well-defined, hardware-related scenarios

Microsoft’s driver security checklist provides some guidelines for driver developers to help reduce the risk of drivers being compromised.

Our discovery of the driver vulnerabilities also highlights the strength of Microsoft Defender ATP’s sensors. These sensors expose anomalous behavior and give SecOps personnel the intelligence and tools to investigate threats, as we did.

Anomalous behaviors typically point to attack techniques perpetrated by adversaries with only malicious intent. In this case, they pointed to a flawed design that can be abused. Nevertheless, Microsoft Defender ATP exposed a security flaw and protected customers before it can even be used in actual attacks.

Not yet reaping the benefits of Microsoft Defender ATP’s industry-leading optics and detection capabilities? Sign up for free trial today.

Amit Rapaport (@realAmitRap)
Microsoft Defender Research team

Go to Original Article
Author: Microsoft News Center

Study reveals sale of SSL/TLS certificates on dark web

A recent study uncovered the availability of SSL/TLS certificates on the dark web that are often packaged with crimeware services designed to help cybercriminals create malicious sites that appear safe.

The study, which was conducted by researchers at the Evidence-Based Cybersecurity Research Group at Georgia State University and the University of Surrey, focused on the underground SSL/TLS certificate marketplace and its role in the wider cybercrime economy.

Sponsored by Salt Lake City-based machine identity protection provider Venafi, the study revealed a steady supply of SSL/TLS certificates in five of the Tor network markets researchers observed: Dream Market, Wall Street Market, BlockBooth, Nightmare Market and Galaxy3.

While personal information like Social Security numbers sells for $1 on the dark web, the study found SSL/TLS certificates sell for $260 to $1,600, depending on the type of certificate and scope of additional services offered.

Some sellers offer aged domains — websites that have been registered and active for a long period of time — along with after-sale support and integration with a range of legitimate payment processors, the study revealed. Newer, or young, domains can sometimes be flagged by security products as potentially unsafe.  

Authentic SSL/TLS certificates allow cybercriminals to create sites for phishing campaigns and other malicious activity that evade several web browser security measures, like HTTPS checks and safe browsing modes. Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, said these dark web services essentially deliver “machine identities as a service” to cybercriminals. SSL/TLS certificates provide each machine with a unique machine identity and are used to convey trust to website visitors and search engines, Bocek said.  

“The identities of machines are a lot more valuable, a lot more interesting and a lot more important to hackers these days,” he said. “Having a machine identity as part of your attack is actually a must-have today, because the browsers have now enforced a policy that if you don’t have the TLS digital certificate, then your web service, website and your attack [are] going to be marked as not trusted at all. No hacker wants that.”

Researchers found the vendors on online underground markets were offering the most trusted type of machine identity, the Extended Validation (EV) certificates for U.S. and U.K. companies, for less than $2,000, he added.

EV certificates allow the attackers to create trustworthy spoofed or malicious websites and encrypt the traffic between malicious servers to targeted users, making it difficult to spot problematic behavior, according to the report.

SSL/TLS certificates, Venafi, dark web
SSL certificates sold with website design services (Dream Market)

Safeguarding digital certificates

To ensure successful management of certificates and keys, organizations must have visibility into each of their SSL/TLS key and certificate, Bocek said, and they should recourse to automation for effective management of digital certificates.

SSL/TLS certificates, Venafi, dark web
EV certificates of U.S. companies — no doc or verification required

An open framework like Certificate Transparency can also help security teams with monitoring SSL/TLS certificates, he added.

Monique Becenti, product and channel specialist at website security provider SiteLock, based in Scottsdale, Ariz., said she believes the sale of SSL/TLS certificates on the dark web is concerning, because consumers are advised to visit credible sites using SSL/TLS certificates to complete their online purchases.

“This proves the ingenuity cybercriminals possess to make money in a competitive and illegal underground marketplace,” Becenti said in an email interview.

Marty Puranik, CEO of cloud computing and hosting services provider Atlantic.Net, based in Orlando, Fla., said he believes using tools for data exfiltration along with the SSL/TLS certificates may silently cause more damage over time.

“It will probably take a high-profile data leak related to this to escalate this as a major issue,” Puranik said in an email interview. “Obviously, it’s important for organizations to secure these certificates and reissue new ones — and discontinue insecure ones — in cases where they may have gotten out.”

The identities of machines are a lot more valuable, a lot more interesting and a lot more important to hackers these days.
Kevin BocekVice president of security strategy and threat intelligence at Venafi

According to Andrew Howard, global CTO at Kudelski Security, the sale of SSL/TLS certificates should be expected as more of the internet becomes encrypted and attackers naturally migrate to techniques that attempt to circumvent this control.

“Internet users should not trust a site only because the SSL certificate is valid, even if it is an EV certificate,” Howard said in an email interview. “As the report shows, these can also be spoofed with enough effort. It is our responsibility, as security professionals, to mitigate this attack vector, even if it proves difficult.”

There are ways for organizations to safeguard their legitimate certificates, he said.

“The most secure method would be to use a hardware security module to store keys and perform the necessary cryptoprocessing,” he said. “However, these devices can be expensive and may not be worth the price.”

For those who are not using a strong hardware security, Howard said the focus should fall under monitoring for certificate misuse and evidence of compromise.

“If you only use your certificates sparingly, it may be enough to move your keys and signing activities to an isolated, secure network,” he said. “For example, with code signing, keep your keys on an isolated system and just move your code to the system when it’s ready to be signed. Ensure this network is never exposed to the internet and that you have strong processes in place to protect your keys from malicious insiders.”

Go to Original Article
Author:

Wanted – Cheap 1150 cpu and DDR3 laptop menory

Discussion in ‘Desktop Computer Classifieds‘ started by geordieboy25, Mar 13, 2019.

  1. geordieboy25

    geordieboy25

    Active Member

    Joined:
    Feb 2, 2008
    Messages:
    1,520
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Location:
    Newcastle
    Ratings:
    +42

    Hi guys.

    Just bought a 2nd user laptop and a Lenovo M93P sff.

    None of which came with memory and I’d like a few 4gb ddr3 sticks

    Also the M93P was a barebones kit so would like a cheap cpu. Just wanted to get it up and running, nothing fancy please.

    Thanks

    Location: Newcastle

    ______________________________________________________
    This message is automatically inserted in all classifieds forum threads.
    By replying to this thread you agree to abide by the trading rules detailed here.
    Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

    • Landline telephone number. Make a call to check out the area code and number are correct, too
    • Name and address including postcode
    • Valid e-mail address

    DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

  2. maddy

    maddy

    Well-known Member

    Joined:
    Jan 31, 2006
    Messages:
    1,447
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    83
    Ratings:
    +329

    CEX are cheap for 4GB DDR3 – £8, or £9.50 posted. They’re the cheapest I’ve found.

    Is your Lenovo one of the tiny range? If it is, make sure you buy an Intel from their “T” series as they tiny ones aren’t designed for the thermal load of a non-T CPU.

    Great little machines.

  3. Krooner

    Well-known Member

    Joined:
    Jun 14, 2007
    Messages:
    4,745
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Ratings:
    +511

    I have 2 stick of 4gb DDR3 at home, do you need low voltage ram in the SFF?

  4. geordieboy25

    geordieboy25

    Active Member

    Joined:
    Feb 2, 2008
    Messages:
    1,520
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Location:
    Newcastle
    Ratings:
    +42

    Not too sure, is it SODIMMS that you have?

  5. Krooner

    Well-known Member

    Joined:
    Jun 14, 2007
    Messages:
    4,745
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Ratings:
    +511

    Yes, I know the ultra small form factor units require PC3L is all, not sure about the SFF It was something I ran into on the m92p.

    I have Low voltage sticks, but if it will take standard PC3 then CEX will be 50p per stick cheaper than me.

  6. GIBSrUS

    GIBSrUS

    Active Member

    Joined:
    May 30, 2011
    Messages:
    502
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    28
    Ratings:
    +39

    Hiya. I have a pentium g3258 if that’s of interest?

  7. geordieboy25

    geordieboy25

    Active Member

    Joined:
    Feb 2, 2008
    Messages:
    1,520
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    48
    Location:
    Newcastle
    Ratings:
    +42

    Thanks but I think I need a “t” series cpu.

Share This Page

Loading…

Go to Original Article
Author: