Taiwan's GlobalWafers announced on Monday a new use for the $5 billion it first earmarked for a purchase of Germany's Siltronics: building a 300-millimeter semiconductor wafer plant in the US state of Texas. Construction on the facility – which will eventually span 3.2 million square feet – is expected to commence later this year, with chip production commencing by 2025. The plant will sit in the city of Sherman, near the Texas-Oklahoma border, where it is slated to bring in 1,500 jobs as production climbs towards 1.2 million wafers per month. GlobalWafers is the world's third largest producer of silicon wafers and Sherman is already home to its subsidiary, GlobiTech. According to Texas governor Greg Abbott, the company is receiving a grant of $15 million and was offered an additional $10,000 bonus for creating jobs for US veterans. The initial investment for the new plant will start at around $2 billion with a total reaching $5 billion as the project produces cashflow, according to Nikkei Asia citing Abbott. "This 300-millimeter greenfield investment is consistent with the Company's announcement on February 6th of this year of brownfield and greenfield expansions totaling 100 billion NTD [US 3.4 billion]" explained GlobalWafers in its canned statement. The expansions were announced as a Plan B after German regulators dragged their feet on approval of GlobalWafers' takeover of Siltronic. The offer expired before regulators issued an opinion about whether or not it should be allowed to proceed. Texas blacks out, freezes, and even stops sending juice to semiconductor plants. During a global silicon shortage Yeehaw, y'all! Texas done got itself a honkin' new Samsung semiconductor plant German regulators nix Taiwanese titan GlobalWafers' acquisition of Siltronic Semiconductor boom could be coming to an end – analysts The loss of the Siltronic deal is certainly the United States' gain as GlobalWafers sees its new plant enabling it to address all the new chip factories being built stateside. The US therefore gains two parts of the silicon supply chain, which aligns nicely with Washington's desire to bring semiconduc
(read more)
India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday. The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations. The Directions w
(read more)
In brief A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 residents. Amagasaki lock in Amagasaki's Nishinomiya Ashiya port The unidentified man, who was a contractor with the city working to disburse pandemic subsidies, placed the drive containing all the records into his bag, which he took with him on a night out on the town earlier this week.  It's unknown how good of a time the man had, but he did reportedly end up passing out in the street, Japanese news source NHK reported the company who employed him as saying, elaborating on an incident report from the Amagasaki city government. The company told the newspaper that, upon waking, the contractor found his bag was missing. The incident report states that the memory stick contained names, birth dates, addresses, tax details, banking information, and social security records – all of it very private and potentially harmful if stolen. Amagasaki officials said the data on the USB stick was encrypted, and offered apologies for harming the public's trust in their administration. All the worry came to naught, though. After searching the area with police, the bag and the USB stick were found. Amagasaki officials said there's no evidence anyone attempted to access the information.  CISA fields advisor recommendations, warns that Log4j is still around The Cybersecurity and Infrastructure Security Agency (CISA) held its third Cybersecurity Advisory Committee meeting this week, where it made a laundry list of recommendations on its programs and policies. After six months of prognostication here's a quick rundown of the recommendations made by advisors from Mastercard, Apple, the University of Washington, and other organizations, which met in six subcommittees: CISA needs to prioritize developing a strong workforce by improving its talent acquisition process to compete with the private sector Create a new chief people officer at CISA CISA should launch a nationwide "311" program to provide an emergency call line for SMBs hit by cyber attacks CISA needs to expand its "More Than a Password" MFA campaign by reaching out to NGOs, other government agencies, and private sector partners CISA should take all necessary steps to ensure all companies working with the US Federal Government have fully adopted MFA by 2025 Streamline the incident reporting and vulnerability reporting processes Establish a central platform to handle intake of suspected vulnerabilities Improve communication between security researchers, agencies and vendors Address the risks of misinformation, disinformation, and malinformation in American society Of the recommendations, two were mentioned by more than one subcommittee: expanding the More Than a Password campaign, and establishing the SMB 311 line. CISA director Jen Easterly said that the next meeting would focus on strategies to develop a national alert system for cyber risks.  CISA also released a cybersecurity alert this week warning that Log4Shell is still around and actively being exploited. Together with the US Coast Guard Cyber Command, CISA released an advisory stating that hackers and state-sponsored APT groups are still exploiting Log4Shell on devices that haven't been patched.  CISA said the info it reported was derived from two related incidents. It wasn't immediately clear how the Coast Guard was involved. Chrome add-ons can be used to fingerprint browsers Modern privacy software has undone much of the methods for browser fingerprinting, but it'll have a hard time undoing this problem with Chrome, which seems to be inherent to the way the browser handles extensions.  There are 24.6 billion pairs of credentials for sale on dark web Costa Rican government held up by ransomware … again Ransomware attack sends US county back to 1977 Conti: Russian-backed rulers of Costa Rican hacktocracy? Browser fingerprinting involves gathering information left behind by sessions that identify the browser, or the person behind it, well enough to serve ads and tailor online experiences. In the case of Chrome extensions, says a security researcher going by z0ccc on GitHub, the combination in any given browser can easily ID users.  Chrome stores a list of its extensions in a web-accessible resource file that any web page can view. z0ccc was able to build a demo website that scans for over 1,000 Chrome browser extensions and returns a percentage-based chance that another user was using the exact same extensions.  In this hack's case, only 0.003 percent of Chrome users have the same set of add-ons used, meaning the extension fingerprint would be pretty likely to be identified from a pool of other visitors.  For those concerned there's no place safe from browser fingerprinting online, z0ccc said that Firefox uses unique extension IDs for every browser instance, and thus can't be fingerprinted the same way. Microsoft Edge is vulnerable, however.  Smart Jacuzzi not so smart with user data A security researcher trying to set up their Jacuzzi SmartTub discovered an easily exploited flaw that gave them access to personal info of hot tub owners from around the world. SmartTub, like other IoT products, lets users control their appliance from outside the home using an app. The bug in Jacuzzi's SmartTub system comes from its web portal, which uses a white-labeled Auth0 login page. "I entered my details, thinking this was a website alternative to the mobile app. I was greeted with an Unauthorized screen. Right before that message appeared, I saw a header and table briefly flash on my screen... I was surprised to discover it was an admin panel populated with user data," said the researcher, who goes by Eaton Works. All it took for Eaton to break into the admin panel was using web debugging tool Fiddler to intercept and modify an HTTP response to give himself admin access. "Once into the admin panel, the amount of data I was allowed to was staggering," Eaton exclaimed. Details on each tub, owner name and email address, dealer location, and more were available to view on customers from around the world. Eaton said it also appeared he could edit any data he wanted to, though he didn't confirm if changes would be saved. Jacuzzi wasn't very willing to talk to Eaton about his findings either. "Dialog was not established until Auth0 stepped in. Even then, communication with Jacuzzi/SmartTub eventually dropped off completely, without any formal conclusion or acknowledgement they have addressed all reported issues," Eaton reported.  Eaton added that the admin panel has been taken offline, and can't be accessed via the web anymore. Eaton also has other security concerns with Jacuzzi not addressed in their report, and is open to speaking to the hot tub maker to help. Mitel VoIP zero-day found exploited in the wild CrowdStrike security researchers have discovered a flaw in Mitel VoIP appliances being actively exploited to launch ransomware attacks.  The novel exploit was found by CrowdStrike when investigating a failed ransomware attack on a customer. "All of the identified malicious activity had originated from an internal IP address" discovered to be "a Linux-based Mitel VoIP appliance sitting on the network perimeter," CrowdStrike said. All the attacker needed to gain access to the VoIP appliances was to send a pair of GET requests: one to mask traffic to a malicious address, and a second to inject a command that pointed the GET request to attacker-controlled infrastructure. CrowdStrike said the attack was stopped before ransomware could be deployed, and said Mitel has released a patch that addresses the problem. Of the exploit itself, CrowdStrike said that edge appliances like Mitel VoIP devices have extremely limited security or endpoint detection options available, making timely patching a must. Additionally, CrowdStrike emphasize security best practices, like isolating critical assets from perimeter devices, segmenting a network, maintaining an up-to-date asset inventory, keeping a short leash on service accounts an
(read more)
Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ.com messaging and social media platform. In a post to rival social media platform Sina Weibo – a rough analog of Twitter – Tencent apologized for the incident. The problem manifested on Sunday night and saw an unnamed number of QQ users complain their credentials no longer allowed them access to their accounts. Tencent has characterized that issue as representing "stolen" accounts. Tencent asserts the incident stared with criminals posting QR codes that claimed to offer game logins. Users who scanned the codes were asked to authenticate using their QQ creds. Which was a mistake, as the criminals behind the scam observed those logins. A machine translation of Tencent's explanation produces the phrase "the login behavior was hijacked and recorded by the black industry gang, and then used by criminals to send bad picture ads," which does not read like something you want to happen. Users were also locked out of their accounts. Tencent's security team swung into action and the company stated that by early Monday morning accounts had been restored. The web giant is now gathering evidence to share with local authorities and has pledged co-operation. Tencent's WeChat wants no more talk of cryptocurrency and NFTs Tencent completes 50 million core migration of its own apps to its own clouds Tencent happily parting ways with loss-making cloud customers Those authorities are likely to be interested in Tencent and whoever created the poison QR codes, as China has recently made it clear it expects its web giants to take their responsibility to the nation seriously. If Tencent is held to have provided insufficient security to prevent this incident, a "rectification notice" will soon be headed its way. Such notices are usually resolved with some behind the scenes work to fix the issue and then a public admission that the entity in receipt of the notice should really have done better to begin with and won't be so lax again. China has in recent weeks eased its criticism of its web giants, and suggested their expansion is acceptable provided the
(read more)
Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive personal information on customers and employees was accessed in a string of cyber attacks. A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based biz revealed intruders had not only encrypted some of its data but also downloaded a trove of data – names and addresses, Social Security info, driver's license and passport numbers, and health and payment information for thousands of people in almost every American state. It all started to
(read more)
Google is winding down its messaging app Hangouts before it officially shuts in November, the web giant announced on Monday. Users of the mobile app will see a pop-up asking them to move their conversations onto Google Chat, which is yet another one of its online services. It can be accessed via Gmail as well as its own standalone application. Next month, conversations in the web version of Hangouts will be ported over to Chat in Gmail.  One of Google's warnings to Hangouts users this week, with a link to this page Google encouraged people to download their data using Google Takeout if they
(read more)
In yet another sign of how fortunes have changed in the semiconductor industry, Taiwanese foundry giant TSMC is expected to surpass Intel in quarterly revenue for the first time. Wall Street analysts estimate TSMC will grow second-quarter revenue 43 percent quarter-over-quarter to $18.1 billion. Intel, on the other hand, is expected to see sales decline 2 percent sequentially to $17.98 billion in the same period, according to estimates collected by Yahoo Finance. The potential for TSMC to surpass Intel in quarterly revenue is indicative of how demand has grown for contract chip manufacturing, fueled by companies like Qualcomm, Nvidia, AMD, and Apple who design their own chips and outsource manufacturing to foundries like TSMC. This trend has created a quandary for Intel. The semiconductor giant has traditionally manufactured the chips it designs as part of its integrated device manufacturing model but the company is now increasingly reliant on TSMC and other foundries for certain components, while expanding its own manufacturing capacity in the West. The kicker is that Intel plans to use this increased capacity to produce more of its own chips while also supporting its revitalized foundry business, which hopes to take business from TSMC and South Korea's Samsung, the industry's other leading-edge chipmaker, in the future. This new strategy by Intel is called IDM 2.0, and it means the chipmaker will have to juggle two somewhat conflicting objectives: taking foundry market share away from TSMC and Samsung by convincing various fabless chip designers to use its plants; and using leading-edge nodes from TSMC and Samsung for certain components to compete with fabless companies like AMD and Nvidia. One impact of this strategy is that Intel could potentially help TSMC grow in the future. For instance, Intel's upcoming Ponte Vecchio datacenter GPU will use five different process nodes from itself and TSMC. On the PC side, Intel's next-generation Meteor Lake client processors, which are set to debut in 2023, will also use a mix of nodes from Intel and TSMC. Top chip foundries grow amid electronics spending slowdown. Except Samsung First details on TSMC's 2nm node: Chipmaker reveals nanosheet transistors Big Tech begs Congress to pass $52bn chip subsidies bill Chipmakers to spend record $109b on fab machines this year Meanwhile,
(read more)
The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512 (AVX512). OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292). But this release itself needs further fixing. OpenSSL 3.0.4 "is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken. We're imagining two devices establishing a secure connection between themselves using OpenSSL and this flaw being exploited to run arbitrary malicious code on one of them. Vranken said that if this bug can be exploited remotely – and it's not certain it can be – it could be more severe than Heartbleed, at least from a purely technical point of view. However, Vranken notes several mitigating factors, including the continued use of the 1.1.1 tree of the library rather than v3 tree; the fork of libssl into LibreSSL and BoringSSL; the short amount of time 3.0.4 has been available; and the fact that the error only affects x64 with AVX512 – available on certain Intel chips released between 2016 and early 2022. Intel this year began disabling AVX512 support on Alder Lake, its 12th Gen Intel Core processors. The bug, an AVX512-specific buffer overflow, was reported six days ago. It has been fixed, but OpenSSL 3.0.5 has not yet been released. Broken password check algorithm lets anyone log into Cisco's Wi-Fi admin software How AI can help reverse-engineer malware: Predicting function names of code OpenSSL patches crash-me bug triggered by rogue certs Open source maintainer threatens to throw in the towel if companies won't ante up Meanwhile, Linux distributions like Gentoo have not yet rolled out OpenSSL 3.0.4 as a result of this bug and a test build failure bug. So they include OpenSSL 3.0.3, with its command injection flaw. In the GitHub Issues thread discussing the bug, Tomáš Mráz, software developer at the OpenSSL Foundation, argues the bug shouldn't be classified as a security vulnerability. "I do not think this is a security vulnerability," he said. "It is just a serious bug making [the] 3.0.4 release unusable on AVX512 capable machines." Xi Ruoyao, a PhD student at Xidian University, also said he disagreed with the policy of calling every heap buffer overflow a security flaw. Vim, he said, started doing so this year and the result has been something like ten "high severity" vim CVEs every month without any proof-of-concept exploit code. "I think we shouldn't mark a bug as 'security vulnerability' unless we have some evidence showing it can (or at least, may) be exploited," he wrote, adding that nonetheless 3.0.5 should be released as soon as possible because it's very severe. Alex Gaynor, software resilience engineer with the US Digital Service, however, argues to the contrary. "I'm not sure I understand how it's not a security vulnerability," responded Gayn
(read more)
Taiwan's state-owned energy company is looking to raise prices for industrial users, a move likely to impact chipmakers such as TSMC, which may well have a knock-on effect on the semiconductor supply chain. According to Bloomberg, the Taiwan Power Company, which produces electricity for the island nation, has proposed increasing electricity costs by 15 percent for industrial users, the first increase in four years. The power company has itself been hit by the rising costs of fuel, including the imported coal and natural gas it uses to generate electricity. At the same time, the country is experiencing record demand for power because of increasing industrial requirements and because of high temperatures driving the use of air conditioning, as reported by the local Taipei Times. Taiwan's peak electricity consumption topped 39GW towards the end of last week, which apparently set a new record. Taiwan Power is now predicting that the peak usage figure could easily surpass 40GW this summer. While other countries are also facing rising energy costs, Taiwan holds a key position as one of the dominant players in the global chip market. Taiwanese companies account for 48 per cent of the semiconductor foundry industry and as much as 61 per cent of the world's capacity to manufacture chips using 16nm production nodes or better. According to a report from McKinsey [PDF], electricity can account for up to 30 percent of the operating costs for a chip fabrication plant, with a typical semiconductor fab using as much power in a year as about 50,000 homes. A significant rise in energy prices is therefore likely to result in higher chip prices as the costs are passed on to customers. Taiwan-based TSMC and other semiconductor foundry companies had already been planning to increase the prices they charge for manufacturing chips, as we reported previously. Chinese startup hires chip godfather and TSMC vet to break into DRAM biz Top chip foundries grow amid electronics spending slowdown. Except Samsung Semiconductor boom could be coming to an end – analysts US to help Japan make leading-edge 2nm chips, possibly by 2025 Meanwhile, analyst firm Omdia last week reported that the semiconductor market is flattening out after a period of record revenues for the chipmakers, reaching a plateau in the first quarter of 2022 following five straight quarters of record revenues and continual growth in demand. Omdia predicted that the chip industry is heading for a slowdown because of companies stockpiling components, in addition to broader global economic issues and inflation. A rise in component prices due to growing energy costs is likely to add to the market uncertainty. Earlier this month it was reported that chip manufacturers are investing heavily in new production facilities in order to overcome any chip supply issues. Semiconductor industry group SEMI said it expected that Taiwanese firms will increase spending on equipment by 52 percent to $34 billion, accounting for 31 percent of total investments expected this year. TSMC also recently revealed details of its much-anticipated 2nm production process node, which is set to
(read more)
Employees at Tesla suffered spotty Wi-Fi and struggled to find desks and parking spots when they were returned to work at the office following orders from CEO Elon Musk. Most tech companies are either following a hybrid work model or are still operating fully remotely. Musk, however, wants his automaker's staff back at the office working for at least 40 hours a week. Those who fail to return risk losing their jobs, he warned in an internal email earlier this month. "Everyone at Tesla is required to spend a minimum of 40 hours in the office per week. Moreover, the office must be where your actual colleagues are located, not some remote pseudo office. If you don't show up, we will assume you
(read more)
Customer service as-a-service vendor Zendesk has announced it will allow itself to be acquired for $10.2 billion by a group of investors led by private equity firm Hellman & Friedman, investment comp
(read more)
America's aviation watchdog has said the rollout of 5G C-band coverage near US airports won't fully start until next year, delaying some travelers' access to better cellular broadband at crowded terminals. Acting FAA Administrator Billy Nolen said in a statement this month that its discussions with wireless carriers "have identified a path that will continue to enable aviation and 5G C-band wireless to safely co-exist." 5G C-band operates between 3.7-3.98GHz, near the 4.2-4.4GHz band used by radio altimeters that are jolly useful for landing planes in limited visibility. There is or was a fear that these cellular signals, such as from cell towers close to airports, could bleed into the freq
(read more)
For bosses suffering the effects of the Great Resignation, IT decision makers taking part in this survey have a suggestion: go remote and you won't have any trouble hiring people. That's the overall
(read more)
The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld. According to the American watchdog, a common scam involves a fraudster posing as a potential romantic partner on one of the apps. The cybercriminal sends explicit of a stranger photos while posing as them, and asks for similar ones in return from the mark. If the victim sends photos, the extortionist demands a payment – usually in the form of gift cards – or threatens to share the photos on the chat to the victim's family members, friends, or employer. Such sextortion scams have been going on for years in one form or another, even attempting to hit Reg hacks, and has led to suicides. Crooks can also take another approach. "Other scammers threaten people who are 'closeted' or not yet fully 'out' as LGBTQ+," the FTC wrote in an advisory. "They may pressure you to pay up or be outed, claiming they'll 'ruin your life' by exposing explicit photos or conversations. Whatever their angle, they're after one thing — your money." This extortion are the latest example of criminals using an event to target their victims: Pride Month, which marks the anniversary of the 1969 Stonewall protests in Greenwich Village in New York City following a police raid on a bar. It was the tipping point for the gay pride movement. The FTC for months has worked to make LGBTQ+ folk aware of scams that target their community. The latest blast from the agency is similar to one sent out in September 2021. In addition, last month, as part of National Consumer Protection Week, the FTC asked LGBTQ+ people to report scams to educate more than 3,000 law enforcers and to help the agency get the word out to protect others. "Scammers often like to impersonate familiar people, organizations, and companies that we know and trust," the agency wrote. "For the LGBTQ+ community, that can include 'safe spaces'" where people can freely live their lives. The regulator earlier this month reiterated that dating apps are among the most popular ways scammers target LGBTQ+ members, as well as job boards aimed at helping those in the community find welcoming
(read more)
Pic When space junk crashed into the Moon earlier this year, it made not one but two craters on the lunar surface, judging from images revealed by NASA on Friday. Astronomers predicted a mysterious object would hit the Moon on March 4 after tracking the debris for months. The object was large, and believed to be a spent rocket booster from the Chinese National Space Administration's Long March 3C vehicle that launched the Chang'e 5-T1 spacecraft in 2014. The details are fuzzy. Space agencies tend to monitor junk closer to home, and don't really keep an eye on what might be littering other planetary objects. It was difficult to confirm the nature of the crash; experts reckoned it would probably leave behind a crater. Now, NASA's Lunar Reconnaissance Orbiter (LRO) has spied telltale signs of an impact at the surface. Pictures taken by the probe reveal an odd hole shaped like a peanut shell on the surface of the Moon, presumably caused by the Chinese junk. The peanut-like craters ... Image Credit: NASA/Goddard/Arizona State University "Surprisingly the crater is actually two craters, an eastern crater (18-meter diameter, about 19.5 yards) superimposed on a western crater (16-meter diameter, about 17.5 yards)," said NASA. No other rocket body lunar collision has ever created two cr
(read more)
Less than a week after IBM was ordered in an age discrimination lawsuit to produce internal emails in which its former CEO and former SVP of human resources discuss reducing the number of older workers, the IT giant chose to settle the case for an undisclosed sum rather than proceed to trial next month. The order, issued on June 9, in Schenfeld v. IBM, describes Exhibit 10, which "contains emails that discuss the effort taken by IBM to increase the number of 'millennial' employees." Plaintiff Eugene Schenfeld, who worked as an IBM research scientist when current CEO Arvind Krishna ran IBM's research group, sued IBM for age discrimination in November, 2018. His claim is one of many that followed a March 2018 report by ProPublica and Mother Jones about a concerted effort to de-age IBM and a 2020 finding by the US Equal Employment Opportunity Commission (EEOC) that IBM executives had directed managers to get rid of older workers to make room for younger ones. "The emails contained within Exhibit 10 evidence an interest at the then CEO-level to change the profile of IBM employees so that it reflected a younger workforce," said New Jersey Superior Court Judge Alberto Rivas in his order. On June 14 the judge dismissed the case because IBM agreed to settle. That will prevent the messages in which former CEO Ginny Rometty and former HR SVP Diane Gherson are said to discuss what the judge described as "the push to increase the number of millennial employees and decrease the number of older employees" from being made public. IBM did not immediately respond to a request to comment on the settlement. IBM ordered to hand over ex-CEO emails plotting cuts in older workers IBM ends funding for employee retirement clubs Shareholders turn the screws on IBM and its gag orders IBM not cooperating with discovery, say attorneys in age-discrimination case When we asked IBM to comment on the case earlier this month, an IBM spokesperson repeated past claims that the plaintiff in the case, Eugene Schenfeld, was dismissed lawfully. "The facts of the matter have not changed: there was and is no systemic age discrimination at IBM and the data back that up
(read more)
Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices. US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions.  In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment. Last month, 16 Democratic senators urged the FTC to crack down on data brokers buying and selling location information that could reveal visits to clinics. And in the more recent letter [PDF] to the FTC, the four legislators warned that data collected by Apple and Google's smartphones, which includes customers' locations and web browsing history, could put women seeking abortions in a post-Roe America at higher risk.  There is a concern that this information – from location data and web searches to non-encrypted email and chat messages – could be obtained by prosecutors and litigators to punish women in states where abortion is outlawed. "Data brokers are already selling, licensing, and sharing the location information of people that visit abortion providers to anyone with a credit card," according to the letter.  At press time, Apple and Google had not responded to The Register's request for comment. Big Tech silent on data privacy in post-Roe America Tech companies ready public stances on Roe v. Wade FTC urged to protect data privacy of women visiting abortion clinics Abortion rights: US senators seek ban on sale of health location data And we're still waiting to hear back from these two tech giants, along with Meta, Amazon, Microsoft and Twitter, about what they are doing to ensure that the data
(read more)
In yet another sign of how fortunes have changed in the semiconductor industry, Taiwanese foundry giant TSMC is expected to surpass Intel in quarterly revenue for the first time. Wall Street analysts estimate TSMC will grow second-quarter revenue 43 percent quarter-over-quarter to $18.1 billion. Intel, on the other hand, is expected to see sales decline 2 percent sequentially to $17.98 billion in the same period, according to estimates collected by Yahoo Finance. The potential for TSMC to surpass Intel in quarterly revenue is indicative of how demand has grown for contract chip manufacturing, fueled by companies like Qualcomm, Nvidia, AMD, and Apple who design their own chips and outsource manufacturing to foundries like TSMC. This trend has created a quandary for Intel. The semico
(read more)
Analysis A blog post calling for a boycott of the well-known 7-Zip compression app is attracting some discussion on Reddit. However, it seems criticism for Igor Pavlov and his FOSS compression app 7-Zip is somewhat overblown and may reflect the anti-Russian sentiment of the times. 7-Zip has been around since 1999 and in that two-decade span there have been more widely used Windows compression tools (WinZip and WinRAR, in particular) they are shareware, so try-before-you-buy versus free. There's absolutely nothing wrong with the shareware model. It has been around longer than the modern FOSS ecosystem, and there are some excellent shareware tools. However, a lot of people aren't really trying before a potential purchase: they never intend to pay. And if that's the case, then you mig
(read more)
What's said to be a Ukrainian-made long-range anti-drone rifle is one of the latest weapons to emerge from Russia's ongoing invasion of its neighbor. The Antidron KVS G-6 is manufactured by Kvertus Technology, in the western Ukraine region of Ivano-Frankivsk, whose capital of the same name has twice been subjected to Russian bombings during the war. Like other drone-dropping equipment, we're told it uses radio signals to interrupt control, remotely disabling them, and it reportedly has an impressive 3.5 km (2.17 miles) range. "We are not damaging the drone. With communication lost, it just loses coordination and doesn't know where to go. The drone lands where it is jammed, or can be carried away by the wind because it's uncontrollable,"  Kvertus' director of technology Yaroslav Filimonov said. Because the downed drones are unharmed, they give Ukrainian soldiers recovering them a wealth of potential intelligence, he added.   In a Radio Free Europe video demonstrating the rifle's claimed capabilities, Filimonov said the gun's simple aim-and-shoot design was made to be easy to operate "even in a stressful situation." All of the rifle's components are hidden inside a plastic
(read more)
Microsoft has added a certification to augment the tired eyes and haunted expressions of Exchange support engineers. The "Microsoft 365 Certified: Exchange Online Support Engineer Specialty certification" was unveiled yesterday and requires you to pass the "MS-220: Troubleshooting Microsoft Exchange Online" exam. In Microsoft's world, cloud email still often requires on-premises Exchange. Why? READ MORE Microsoft is keen that customers move to Exchange Online, particularly after some nasty holes turned up in the on-premises version. Plus there is the whole subscription concept inherent in Microsoft 365 that keeps the accounting team in Redmond happy – even if users might mourn the passing of their perpetual licenses. For the support engineer role, Microsoft described IT pros with that title as "professionals with in-depth expertise in resolving difficult technical issues." "You could be an excellent candidate for this certification," the company went on, "if you have subject matter expertise in identifying, troubleshooting, and resolving issues with Microsoft Exchange Online and hybrid Exchange environments." To be honest, that sounds pretty much like the day-to-day experience of many members of IT tasked with keeping the Microsoft's services upright in an enterprise environment. PowerShell and the Exchange PowerShell module would also be handy. Microsoft delays next Exchange Server release to 2025 Software patching must work like car safety recalls, says US cyber boss Phishing operation hits NHS email accounts to harvest Microsoft credentials Autoforwarding in Exchange Online falls over due to a problematic spam rule deployment Microsoft has been flinging
(read more)
Toyota and Subaru are recalling several thousand electric vehicles that might spontaneously shed tires due to self-loosening hub bolts.  Toyota issued the recall last week for 2023 bZ4X all-electric SUVs, 2,700 of which are affected, the automaker said. Subaru is recalling all-electric Solterras, which were developed jointly with Toyota and have the same issue, Reuters reported. Japan's auto safety regulating body said "sharp turns and sudden braking could cause a hub bolt to loosen," Reuters said, though it's unknown if any actual accidents have been caused by the defect. In its recall notice, Toyota said "all of the hub bolts" can loosen "after low-mileage use," but said it was still investigating the cause of, and driving conditions that can lead to, the issue.  Of the approximately 2,700 vehicles affected by the recall, 2,200 went to Europe, 260 to the US, 10 to Canada and 110 stayed in Japan. Subaru is recalling approximately 2,600 Solterras. Toyota said all owners should park affected vehicles until the issue is remedied. "Until remedy is available, any authorized Toyota dealer will pick up the vehicle and provide a loaner free of charge," Toyota said.  Toyota wants 'closed loop' EV batteries in its future cars Tesla Autopilot accounts for 70% of driver assist crashes, says US traffic safety body Semi-autonomous cars sales move up a gear with 3.5 million units leaving forecourts What does my neighbour's Tesla have in common with a stairlift? The bZ4X wa
(read more)
Analysis Lenovo fancies its TruScale anything-as-a-service (XaaS) platform as a more flexible competitor to HPE GreenLake or Dell Apex. Unlike its rivals, Lenovo doesn't believe it needs to mimic all aspects of the cloud to be successful. While subscription services are nothing new for Lenovo, the company only recently consolidated its offerings into a unified XaaS service called TruScale. On the surface TruScale ticks most of the XaaS boxes — cloud-like consumption model, subscription pricing — and it works just like you'd expect. Sign up for a certain amount of compute capacity and a sh
(read more)
Sadly for NASA's mission to take samples from the asteroid Psyche, software problems mean the spacecraft is going to miss its 2022 launch window. The US space agency made the announcement on Friday: "Due to the late delivery of the spacecraft's flight software and testing equipment, NASA does not have sufficient time to complete the testing needed ahead of its remaining launch period this year, which ends on October 11." While it appears the software and testbeds are now working, there just isn't enough time to get everything done before a SpaceX Falcon Heavy sends the spacecraft to study a m
(read more)
Alcatel-Lucent Enterprise is the latest networking outfit to add Wi-Fi 6E capability to its hardware, opening up access to the less congested 6GHz spectrum for business users. The France-based company just revealed the OmniAccess Stellar 14xx series of wireless access points, which are set for availability from this September. Alcatel-Lucent Enterprise said its first Wi-Fi 6E device will be a high-end "premium" Access Point and will be followed by a mid-range product by the end of the year. Wi-Fi 6E is compatible with the Wi-Fi 6 standard, but adds the ability to use channels in the 6GHz port
(read more)
Analysis Supermicro launched a wave of edge appliances using Intel's newly refreshed Xeon-D processors last week. The launch itself was nothing to write home about, but a thought occurred: with all the hype surrounding the outer reaches of computing that we call the edge, you'd think there would be more competition from chipmakers in this arena. So where are all the AMD and Arm-based edge appliances? A glance through the catalogs of the major OEMs – Dell, HPE, Lenovo, Inspur, Supermicro – returned plenty of results for AMD servers, but few, if any, validated for edge deployments. In fact, Supermicro was the only one of the five vendors that even offered an AMD-based edge appliance – which used an ageing Epyc processor. Hardly a great showing from AMD. Meanwhile, just one appliance f
(read more)
Several US tech companies have taken a stance or issued statements promising healthcare-related support for employees following the Supreme Court's ruling to overturn Roe v Wade last Friday. A Supreme Court draft opinion that was leaked in February provided advanced warning of the legal eventuality, giving companies plenty of time to prepare official positions and related policies for employees. Without proper policies in place, tech companies could put themselves at risk of "brain drain" as employees become tempted to relocate to states where abortion access is readily available or to companies that better support potential needs as healthcare in the US is more often tied to an employer than not. Thirteen out of 50 states have "trigger laws," meaning the highest court's action ban
(read more)
Taiwan's state-owned energy company is looking to raise prices for industrial users, a move likely to impact chipmakers such as TSMC, which may well have a knock-on effect on the semiconductor supply chain. According to Bloomberg, the Taiwan Power Company, which produces electricity for the island nation, has proposed increasing electricity costs by at least 8 percent for industrial users, the first increase in four years. The power company has itself been hit by the rising costs of fuel, including the imported coal and natural gas it uses to generate electricity. At the same time, the country is experiencing record demand for power because of increasing industrial requirements and because of high temperatures driving the use of air conditioning, as reported by the local Taipei Times.
(read more)
Cloudflare has added the ability to access private networks to its browser isolation service, and suggests the combo represents an alternative to virtual desktop infrastructure. Browser isolation requires organizations to have a Cloudflare Zero Trust account, and to install a client on users' devices. Cloudflare runs a browser in its cloud and users browse as usual – but Cloudflare intervenes so that users don't make it to whichever web server they intend to visit. Cloudflare browses to the server and then redraws the web page on the client browser. The user's device therefore never touches the web server, so anything nasty on a page is snuffed out by Cloudflare in its cloud instead of poisoning a local PC. Last Friday, Cloudflare added private network access to the service, mean
(read more)
Oracle and systems integrator Evosys have won contracts to implement a new Oracle Fusion ERP system for the London Borough of Waltham Forest as part of a project which expects £12 million capex over three years. The consultancy firm has been awarded a contract worth £2 million ($2.45 million) as the implementation partner on the project, in a deal set to last nearly two years. It is unclear how much of the £12 million ($14.72 million) earmarked for the project in financial years 2021-22, 2022-23, and 2023-24 would contribute to Oracle licenses. In its Outline Business Case [PDF] for the project, the council said Big Red's cloud-based system will replace an ageing SAP product first implemented in 2003. "The Council's current version of SAP has performance issues and poor usabilit
(read more)
Opinion Edge is terribly trendy. Move cloudy workloads as close to the user as possible, the thinking goes, and latency goes down, as do core network and data center pressures. It's true  – until the routing sleight-of-hand breaks that diverts user requests from the site they think they're getting to the copies in the edge server.  If that happens, everything goes dark – as it did last week at Cloudflare, edge lords of large chunks of web content. It deployed a Border Gateway Protocol policy update, which promptly took against a new fancy-pants matrix routing system designed to improve reliability. Yeah. They know.  It took some time to fix, too, because in the words of those in the know, engineers "walked over each other's changes" as fresh frantic patches overwrote slightly stale
(read more)
Who, Me? Monday is here, and with it a warning that steadfast determination to ignore instructions might not be such a silly thing after all. Welcome to Who, Me? Today's story comes from a reader Regomized as "Sam" and takes us back to his first proper IT job following his departure from the education system. Sam found himself on the mainframe operations team for a telecommunications company. The work was, initially, pretty manual stuff. The telco wasn't silly, and had its new recruits start by performing offline duties, such as gathering tapes and job tickets for batch runs, handling payslips, "basically anything involving a bit of leg work," he told us. Everything was detailed in procedures, and it was drilled into the recruits that anything, anything they were asked to do would
(read more)
The government of Indonesia has once again raised the idea of creating a "digital nomad visa" that would allow foreign workers to live and work in the tropical paradise of Bali, tax free, for five years. The idea was raised before the COVID-19 pandemic, but understandably shelved as borders closed and the prospect of any digital nomads showing up dropped to zero. But in recent interviews Sandiaga Uno, Indonesia's minister for Tourism and the Creative Economy, said the visa was back on the drawing board. Uno's plan is for a visa that allows a five-year stay, provided those who take it up work for an entity outside Indonesia. Visa holders would pay tax in whichever jurisdiction they get paid, rather than in Indonesia. What's in it for the archipelagic nation? Th
(read more)
Hitachi has taken a modest step towards becoming a public cloud provider, with the launch of a VMware-powered cloud in Japan that The Register understands may not be its only such venture. The Japanese giant has styled the service a "sovereign cloud" – a term that VMware introduced to distinguish some of its 4,000-plus partners that operate small clouds and can attest to their operations being subject to privacy laws and governance structures within the nation in which they operate. Public cloud heavyweights AWS, Azure, Google, Oracle, IBM, and Alibaba also offer VMware-powered clouds, at hyperscale. But some organizations worry that their US or Chinese roots make them vulnerable to laws that might allow Washington or Beijing to exercise extraterritorial oversight. Virtzilla ther
(read more)
China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns. In its announcement of the investigation, the China Cyberspace Administration (CAC) said: CNKI is a privately-owned publishing company that maintains a monopoly on academic journal searches in China. In recent years, it has been criticized for imposing exorbitant price increases. The price hikes were significant enough – allegedly 132 percent between 2010 and 2016 – that some organizations, including the state-linked Chinese Academy of Sciences, ended their CNKI subscriptions. China's antitrust watchdog, the State Administration for Market Regulation (SAMR) launched an antitrust probe
(read more)
In brief US hardware startup Cerebras claims to have trained the largest AI model on a single device powered by the world's largest Wafer Scale Engine 2 chip the size of a plate. "Using the Cerebras Software Platform (CSoft), our customers can easily train state-of-the-art GPT language models (such as GPT-3 and GPT-J) with up to 20 billion parameters on a single CS-2 system," the company claimed this week. "Running on a single CS-2, these models take minutes to set up and users can quickly move between models with just a few keystrokes." The CS-2 packs a whopping 850,000 cores, and has 40GB of on-chip memory capable of reaching 20 PB/sec memory bandwidth. The specs on other types of AI accelerators and GPUs pale in comparison, meaning machine learning engineers have to train huge AI model
(read more)
In the same week that it welcomed the launch of a local center of excellence focused on crypto-inspired central bank digital currencies, Singapore's Monetary Authority (MAS) has warned crypto cowboys they face a rough ride in the island nation. The center of excellence (COE) was established by the Mojaloop Foundation – an open source effort to create payment platforms to make digital financial services accessible to those access to banks. The COE aims to "accelerate financial inclusion in emerging markets" through hackathons, workshops and pilot projects while examining expanded CBDCs payment capabilities." Singapore's sovereign wealth fund has invested in Mojaloop, and MAS chief fintech officer Sopnendu Mohanty serves as a board advisor and the authority provides representatives to the
(read more)
Virtual reality is all well and good, but decent haptics and a bit of force feedback are essential for it to be truly immersive. The Register donned the Teslasuit Glove at the Goodwood Festival of Speed this week. We looked at Manus VR's Prime Haptic gloves in 2019 and while the accuracy and haptics were impressive, the sensation of gripping something in a VR session was lacking once one pushed past the nudging pads. Click to enlarge Teslasuit, notable for its eponymous VR bodysuit (which we also tried – more on that later), has attempted to deal with this with a glove aimed at making VR a little more tactile. As well as haptics on the fingertips (Teslasuit makes used of Transcutaneous Electrical Nerve Stimulation – TENS – to create a wide range of sensations and virtual textures), the glove is motorized and can exert 9 Newtons of force or 2.8-3.3 kg*cm torque, according to the company's specifications, on fingers. The gloves are wireless, and we were told to expect around 12 hours of battery life from them, although we imagine that would vary considerably depending on usage. They are also surprisingly light and comfortable to wear (and yes, the first thing we did was the exact thing you'd expect us to: curling our fingers into a ball and lifting just our middle finger). One size fits all and each set comprises gloves for the left and right hand along with USB-C cables, pads, and a charger, all packaged in a hefty box. HTC Vive Trackers or Meta Quest 2 Controllers can be fitted to make use of the accurate positioning data available from the gloves, although one would really want to dive into the Control Center, Studio, and SDK to take
(read more)
Something for the Weekend "I have just read your profile. Have you ever thought about becoming a real estate agent?" This is my own fault for blindly accepting every connection request on LinkedIn. My network of professional contacts is in the hundreds but I know only about a dozen of them. The rest? I honestly haven't a clue who they are. They ask to connect and I accept. LinkedIn should consider swapping its Accept / Reject Connection Request options for a simple Yeah Whatever button. [Record scratch] [freeze frame]: Yup. That's me. You're probably wondering how I ended up in this situation... For years I resisted chumming up with the Norbert Spankmonkeys of social media before realizing that LinkedIn was rather dull that way. Its daily feeds became a good deal funnier once I began letting in the more eccentric types. Probably I ought to have been a little more selective about which industry these people worked in but it's too late now. Besides, being offered a job selling homes to poor people for inflated prices is hardly the most outlandish to come my way via LinkedIn's job-matching algorithm. Not a day goes by without an update dropping into my inbox recommending I apply for one mismatched vacancy after another. Chauffeur, hotel receptionist, electrician, the lot. The professional's choice for social media also seems alarmingly keen that I should broaden my outlook by moving into the child-minding sector. One theory put forward by a colleague is that my public profile on the service might be incomplete or misleading, causing the algorithm to charge off in the wrong direction. So I took a quick look at what other people see about me: 30+
(read more)
Interview While the IT industry waits to see if and when Intel will introduce software-defined silicon in Xeon CPUs, one startup us is moving ahead with plans to bring a pay-for-what-you-use pricing model to the telecom market with its "base station-on-a-chip" later this year. Silicon Valley-based EdgeQ, which is led by Qualcomm and Intel executives, announced last week that it has begun sampling an EdgeQ-based 5G small cell and OpenRAN PCIe accelerator card for base stations with telecom operators and equipment makers. Things are apparently moving smoothly enough for the startup that Adil Kidwai, EdgeQ's head of product management, told The Register that its RISC-V-based chip will appear in mass-manufactured products like small cells and base station accelerator cards "by the end of this year."   If EdgeQ chips appear in telecom products on schedule, it could represent a significant change in how companies pay for equipment. That's because the startup is offering its chip first and foremost as software-defined silicon, meaning an organization would only have to pay for the features it uses, that can be toggled on or off through over-the-air updates from EdgeQ and its system partners. EdgeQ believes the software-defined silicon model will make it more cost-effective and, therefore, more feasible for organizations to transition from 4G networks to 5G networks. The reason, according to Kidwai, is the model will allow organizations to spread out the costs for ramping up 5G deployments and adding new features, rather than paying a lot of money upfront for the equipment and any unwanted options. "If you buy from anybody else other than EdgeQ, you have to pay for all the features on the get-go, which means a lot of capex investment. With EdgeQ, what you can do is you can buy features à la carte," said Kidwai, who previously worked on network and AI products at Intel. This means, for example, an IT manager at an organization can start out by only paying for basic connectivity features in an EdgeQ-based small cell and then upgrading over time to new features, like network slicing, location services, and ultra-low latency. "You
(read more)
Cisco has decided it's time to leave Russia and Belarus, almost four months after stopping operations in response to Russia's illegal invasion of Ukraine. The networking giant announced it would halt operations in Russia and Belarus "for the foreseeable future" on March 3 this year. A June 23 update suggests Cisco sees no future in either nation. Russia, China warn US its cyber support of Ukraine has consequences READ MORE "We have now made the decision to begin an orderly wind-down of our business in Russia and Belarus," the statement reads. The company also promises to "communicate directly with customers, partners, and vendors to settle our financial matters, including refunding prepaid service and software arrangements, to the extent permissible under applicable laws and regulations." A spokesperson told The Register the company "remains committed to using all its resources to help our employees, the institutions and people of Ukraine, and our customers and partners during this challenging time." Telegram adds paid tier as it cracks 700 million users International operation takes down Russian RSOCKS botnet Big Tech falls in line with Euro demands to fight bots, deepfakes, disinformation The Register asked if the decision means Cisco's cloud-hosted products won't
(read more)
Feature US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing scourge of ransomware. "Only by working together with key law enforcement and prosecutorial partners in the EU can we effectively combat the threat that ransomware poses to our society," said US assistant attorney general Kenneth Polite, Jr, in a canned statement. Earlier this month, at the annual RSA Conference, this same topic was on cybersecurity professionals' minds – and lips. Ransomware, and other cybercrimes in which miscreants extort organizations for money, "is still the vast majority of the threat activity that we see," Cyber Threat Alliance CEO Michael Daniel said in an interview at the security event. Increasingly, however, cybercrime rings still tracked as ransomware operators are turning toward primarily data theft and extortion – and skipping the encryption step altogether. Rather than scramble files and demand payment for the decryption keys, and all the faff in between in facilitating that, simply exfiltrating the data and demanding a fee to not leak it all is just as effective. This shift has been ongoing for many months, and is now virtually unavoidable. The FBI and CISA this month warned about a lesser-known extortion gang called Karakurt, which demands ransoms as high as $13 million. Karakurt doesn't target any specific sectors or industries, and the gang's victims haven't had any of their documents encrypted and held to ransom. Instead, the crooks claim to have stolen data, with screenshots or copies of exfiltrated files as proof, and they threaten to sell it or leak it publicly if they don't receive a payment.  'Multi-faceted extortion' "That's exactly what's happening to a lot of the victims that we work with," Mandiant Intelligence VP Sandra Joyce told The Register. "We call it multi-faceted extortion. It's a fancy way of saying data theft paired with extortion." Some of these thieves offer discounted ransoms to corporations to encourage them to pay sooner, with the demanded payment getting larger the longer it takes to cough up the cash (or Bitco
(read more)
The two US senators behind a proposed law to bring order to cryptocurrency finance have published their legislation to Microsoft's GitHub to obtain input from the unruly public. The bill, known as the Responsible Financial Innovation Act, was introduced by Senators Cynthia Lummis (R-WY) and Kirsten Gillibrand (D-NY) on June 7 to create a regulatory framework governing digital assets, cryptocurrencies, and blockchain technology. It has been welcomed by the Stellar Development Foundation and cryptocurrency trade group the Chamber of Digital Commerce, a sign that the legislation doesn't ask much of those it would regulate. And its sponsors now want the people on the internet to take a stab at refining the bill's language. "The digital asset industry was built by individuals and will continue to be sustained by individuals," said Senator Lummis, via Twitter on Wednesday. "That's why @SenGillibrand and I want input from the grassroots. If you have constructive thoughts on our legislation, make your voice heard on GitHub." By Thursday, Lummis, sometimes referred to as the senator from HODL to reflect her commitment to Bitcoin, tried to broaden the potential pool of commenters, perhaps aware that those familiar with GitHub are likely to represent a fairly narrow group of technical folk. "Point of clarification: if you do not self-identify as a pleb, don’t be deterred," she said, using another term for Bitcoin supporters. "Comments are open to all, plebs, non-plebs, no-coiners and neophytes. We want to hear from everybody who has a constructive comment to share. But pls pls, pretty please keep it civil and germane." Some thoughtful advice can be found among the 81 Issues (42 open, 39 closed) and 16 pull requests submitted at the time this story was published, but much of the wisdom of the crowd amounts to trolling, like a pull request that proposes a rewrite of the bill as a story about a bee. There are also more substantive critiques, like Issue #37 from Karan Goel, a software engineer at Google, who asked Lummis to explain conflicting statements about personally holding Bitcoin and also holding it in a blind trust – persona
(read more)
Period- and fertility-tracking apps have become weapons in Friday's post-Roe America. These seemingly innocuous trackers contain tons of data about sexual history, menstruation and pregnancy dates, all of which could now be used to prosecute women seeking abortions — or incite digital witch hunts in states that offer abortion bounties. Under a law passed last year in Texas, any citizen who successfully sues an abortion provider, a health center worker, or anyone who helps someone access an abortion after six weeks can claim at least $10,000, and other US states are following that example.
(read more)
Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong. The Horizon Ethereum Bridge, one of the firm's ostensibly secure bridges, was compromised on Thursday, resulting in the loss of 85,867 ETH tokens optimistically worth more than $100 million, the organization said via Twitter. "Our secure bridges offer cross-chain transfers with Ethereum, Binance and three other chains," the cryptocurrency entity explained on its website. Not so, it seems. A similar attack in February on a bridge called Wormho
(read more)
NASA is finally ready to launch its unmanned Orion spacecraft and put it in the orbit of the Moon. Lift-off from Earth is now expected in late August using a Space Launch System (SLS) rocket. This launch, a mission dubbed Artemis I, will be a vital stage in the Artemis series, which has the long-term goal of ferrying humans to the lunar surface using Orion capsules and SLS technology. Earlier this week NASA held a wet dress rehearsal (WDR) for the SLS vehicle – fueling it and getting within 10 seconds of launch. The test uncovered 13 problems, including a hydrogen fuel leak in the main booster, though NASA has declared that everything's fine for a launch next month. At a press conference on Friday, NASA's Phil Weber, senior technical integration manager for the American space agency's Exploration Ground Systems Program (EGSP), said he was "on cloud nine" after testing earlier this week. We were told that "data from the rehearsal [has] determined the testing campaign is complete" during the presentation. Planned to run down to T-10 seconds, the test launch on Monday was aborted at T-29 seconds due to a hydrogen leak in a quick disconnect port. Engineers tricked the rocket's control systems into letting the countdown continue despite the leak, and NASA described the experiment as successful, as teams "performed several critical operations that must be accomplished for launch." The WDR this past Monday was also the first time NASA had fully loaded all of the craft's fuel tanks and proceeded into a terminal countdown; a WDR scheduled for April was scrapped due to "a faulty upper stage check valve and a small leak within the tail service mast umbilical ground plate housing," NASA said.  NASA wants nuclear reactor on the Moon by 2030 NASA tricks Artemis launch computer by masking data showing a leak Space Launch System dress rehearsal canceled for repairs NASA awaits approval of $24bn 2022 budget "After looking at all the data from the WDR, we realized the test went even better than expected," Weber said, despite the failure in the hydrogen disconnect port. "We caught it quickly, and never broke launch criteria," Weber said. Launch criteria for Artemis rockets require them to be kept within certain temperature and pressure limits; outside those limits the rockets won't fire.  The WDR intended to test 128 functions, only 13
(read more)
Chinese telecom equipment maker ZTE has announced what it claims is the first "cloud laptop" – an Android-powered device that the consumes just five watts and links to its cloud desktop-as-a-service. Announced this week at the partially state-owned company's 2022 Cloud Network Ecosystem Summit, the machine – model W600D – measures 325mm × 215mm × 14 mm, weighs 1.1kg and includes a 14-inch HD display, full-size keyboard, HD camera, and Bluetooth and Wi-Fi connectivity. An unspecified eight-core processors drives it, and a 40.42 watt-hour battery is claimed to last for eight hours. It seems the primary purpose of this thing is to access a cloud-hosted remote desktop in which you do all or most of your work. ZTE claimed its home-grown RAP protocol ensures these remote desktops will be usable even on connections of a mere 128Kbit/sec, or with latency of 300ms and packet loss of six percent. That's quite a brag. ZTE's rendering of its W600D 'cloud laptop' As such, the machine is basically a client end-point connected to ZTE’s uSmart cloud PC service, and this is suggested for use in almost any setting – most especially when multiple users share a physical machine at home or work. FCC: Applications for funds to replace Chinese comms kit lack evidence US tweaks requirement for investors to dump Chinese tech stocks India probes ZTE and Vivo over finances, sparking Chinese protests China: Our big tech companies are hiring, not shrinking ZTE already has a cloud PC on the desktop – the W100D, a pack-of-cards-sized device similar to Alibaba's Wuying device. Alibaba released its virtual computer earlier this year. The Wuying is designed for use with Alibaba Cloud
(read more)
Hopes of securing London listing for UK chip designer may be in vain Arm is most likely to list on the US stock exchange Nasdaq, according to Masayoshi Son, chief executive of SoftBank Group, which bought the chip designer in 2016 for $32 billion. Although he stressed no final decision had been made, Son told investors that the British chip designer was better suited to a US listing. "Most of Arm's clients are based in Silicon Valley and... stock markets in the US would love to have Arm," Son told shareholders at the company's annual general meeting. He said there were also requests to list Arm in London without elaborating on where they came from. The entrepreneur did not say whether the conglomerate is considering a secondary listing for Arm there. The CEO then spent much of the presentation building up Arm's prospects, which may have been dented after a planned sale to GPU manufacturer Nvidia fell though. The Cambridge-based company, founded in 1990, was listed in Britain with a secondary listing in the US before the Japanese investment fund swallowed it up. Inspur joins Arm gang with 2U box running Ampere silicon UK govt considers invoking national security in Arm IPO saga RISC OS: 35-year-old original Arm operating system is alive and well Former AMD chip architect says it was wrong to can Arm project Since the Nvidia deal collapse,
(read more)
E-paper display startup Modos wants to make laptops, but is starting out with a standalone high-refresh-rate monitor first. The initial plan is for the "Modos Paper Monitor," which the company describes as: "An open-hardware standalone portable monitor made for reading and writing, especially for people who need to stare at the display for a long time." The listed specifications sound good: a 13.3", 1600×1200 e-ink panel, with a DisplayPort 1.2 input, powered off MicroUSB because it only takes 1.5-2W. The company also has some rather impressive demonstration videos, showing that the display is fast enough to play video, albeit in monochrome. There's also a technical explanation of how this is accomplished. Youtube Video This sounds good, but it also sounded familiar to The Reg FOSS desk. It reminded us a lot of the Paperlike E-ink Monitor which was announced by a Chinese company called Dasung: a 13.3", monochrome, hi-def desktop display. These have been on sale for some years – here's a 2018 review. Modos launched at the start of the year with plans for an e-paper display laptop, simply called the Paper Laptop. We asked for more information, and founder Alexander Soto told us that the company was working on a community prototype model called the Lancer, based around a Lenovo Thinkpad T42 chassis – partly for its build and keyboard quality, and also because of the availability of aftermarket batteries. This sounds perfectly plausible so far – we have reported before on the thriving market in replacement motherboards for older ThinkPads. Modos' initial plan was a Community Pilot program, building prototype laptops around the T42 chassis plus an e-ink display and replacement motherboard. Soto gave us detailed specifications for the motherboard: SoC: Amlogic A311D (4x Cortex-A73 @ 2.2 GHz + 2x Cortex-A53 @ 2.0 GHz) RAM: 4GB DDR4 32bit SSD: User-replaceable M.2 SSD Network: User-replaceable M.2 WiFi/BT Ports: USB 2.0 Type-A Host ×2; 3.5 mm Headphone Jack; 3.5 mm Microphone Jack; Gigabit Ethernet He also detailed the e-paper display controller: EC: NXP LPC11U24 EPDC: "Caster" EPDC on Lattice ECP5 (LFE5U-25F) with 128MB DDR3 The display is a ES133UT2 from EInk Corporation – which is indeed the same display as used in the Dasung monitor, as this teardown confirms. So the display itself is real, commercial, shipping kit – but it's not cheap, at $450 per unit. This may be a relatively low-powered Arm-based laptop, and it should have a superb battery life, but it won't be cheap. Ubuntu Touch OTA-23 is coming: Do you have one of the older model phones that can test it? Original Acorn Arthur project lead explains RISC OS genesis RISC-V International emits more open CPU specs Graphical desktop system X Window just turned 38 Soto told us: "One of the areas we would like to focus on is creating the necessary Linux drivers and Wayland protocols. We hope that the development of these Wayland protocols will enable the development of native e-ink optimized applications and, hopefully, with the support from community members, contribute patches to existing free open-source software." He said that
(read more)
China-based server maker Inspur has joined the Arm server ecosystem, unveiling a rackmount system using Arm-based chips. It said it has achieved Arm SystemReady SR certification, a compliance scheme run by the chip designer and based on a set of hardware and firmware standards that are designed to give buyers confidence that operating systems and applications will work on Arm-based systems. Inspur may not be a familiar name to many, but the company is a big supplier to the hyperscale and cloud companies, and was listed by IDC as the third largest server vendor in the world by market share as recently as last year. Inspur also announced the NF5280R6, its first product with Arm-based Ampere Altra and Altra Max processors. The Altra has 80 cores and runs at speeds up to 3.3GHz, while the Altra Max boasts 128 cores and runs at up to 3GHz. According to Inspur, the NF5280R6 has been designed as a high-end dual-socket server aimed at a variety of workloads, but especially software container services running in cloud environments and big data analytics processing. The system ships in a 2U rackmount chassis that has space for a dozen hot-swap 3.5 or 2.5in drives at the front, with a further four 2.5in drives at the rear, plus an onboard NVMe M.2 drive. The system board can fit up to 32 DIMMs and up to eight PCIe slots, plus there is an OCP 3.0 slot [PDF], a compact slot for a network interface card specified by the Open Compute Project. Inspur starts selling Chinese web giant's in-house servers Nvidia wants to lure you to the Arm side with fresh server bait Chinese server builder Inspur trains monster text-generating neural network AMD, Arm, non-Intel servers soar as overall market stalls Inspur claimed that the system can improve rack density by more than 36 percent while lowering the power consumption by more than 41 percent in comparison with equivalent x86 platforms. The company said that it had delivered an Arm-based server to meet anticipated customer demand for such systems. "As the Arm architecture grew in the server space, we noticed that our customers focused more on the portability of platforms and the convenience of Arm-based cloud-native applications, which is exactly what the Arm SystemReady program provides our customers," said Ricky Zhao, deputy general manager of Inspur's Server Product Line. "NF5280R6, the SystemReady SR-certified cloud-native dual-socket server, handles diversified customer needs, and provides computing power support for a more extensive customer base. In the future, Inspur Information will continue to bring more Arm-based values and innovations complying with industrial standards to our customers and developers," Zhao added. Earlier this year, research company TrendForce predicted that the growing adoption of Arm-based systems by cloud service providers would see the Arm architecture account for 22 percent of datacenter servers by 2025. ®
(read more)
Another kicking has been leveled at American tech giants by EU regulators as Italy's data protection authority ruled against transfers of data to the US using Google Analytics. The ruling by the Garante was made yesterday as regulators took a close look at a website operator who was using Google Analytics. The regulators found that the site collected all manner of information. So far, so normal. Google Analytics is commonly used by websites to analyze traffic. Others exist, but Google's is very much the big beast. It also performs its analysis in the USA, which is what EU regulators have taken exception to. The place is, after all, "a country without an adequate level of data protection," a
(read more)
At The Linux Foundation's Open Source Summit in Austin, Texas on Tuesday, Linus Torvalds said he expects support for Rust code in the Linux kernel to be merged soon, possibly with the next release, 5
(read more)
Microsoft has dropped a preview of its next batch of Windows fixes, slipping a resolution for broken Wi-Fi hotspots in among the goodies. The release – KB5014668 for Windows 11 – addresses the Wi-Fi hotpot functionality broken in June's patch Tuesday alongside some less necessary features like "search highlights," which "present notable and interesting moments of what's special about each day." KB5014697, which was released on June 14 for Windows 11, had a selection of issues. Some .NET Framework 3.5 apps might fail and connecting to a Windows device acting as a hotspot wouldn't always work. The only fix was to roll back the patch or disable the Wi-Fi hotspot feature. A third pro
(read more)
Qualcomm knows that if it wants developers to build and optimize AI applications across its portfolio of silicon, the Snapdragon giant needs to make the experience simpler and, ideally, better than w
(read more)
One of the longest-lived GUI operating systems in the world has its origins as an emergency project – specifically the means by which Acorn planned to rescue the original Archimedes operating system. This is according to the original Acorn Arthur project lead, Paul Fellows, who spoke about the creation of RISC OS at the RISC OS User Group Of London, ROUGOL [after some helpful arrangements made by Liam Proven – Ed]. On Monday, your correspondent hosted and moderated a reunion of four of the original developers of Acorn's RISC OS. Fellows explained that participating were "Paul Fellows (VidC controller, Palette, I2C interface, Real Time Clock and EEPROM), Tim Dobson (Fonts, Audio and Utilities), Richard Manby (Graphics and Desktop), and Stuart Swales (Fileswitch and Heap Manager)." Today, RISC OS is still rumbling along, and version 5 is now open source. But it wasn't the original, planned operating system for Acorn's Archimedes computer. That was going to be ARX, of which almost no trace exists today apart from a few Usenet posts. What information survives has been compiled into the Wikipedia article. ARX was a highly buzzword-compliant project from the Acorn Research Center (ARC) in Palo Alto – neighbor to the famed Xerox PARC, where the graphical user interface as we know it today was pioneered. The design was ambitiously Unix-like. In Fellows' words: "A group in Palo Alto, there was a guy called Jim Mitchell that led the ARX development team out there and a lot of very highly paid Californian software engineers writing it. It would have been absolutely wonderful, it just needed about another 20 years of Moore's Law to make it plausible. "This ARX operating system was preemptively multitasking, multi-threaded, multi-user, written in Acorn-extended Modula2+." It was big, complicated, and slow on the very early Arm silicon of the time. ARC was developing it on the A500 computer: "The first prototype ARM-based machines. Made in 1986, it predates the A305/310 by some 12 months… Inside the case there is a 20MB hard drive, the main board which has 4MB of RAM and the four main chips. Originally fitted with an ARM-1 (3-micron) these machines were upgraded to ARM-2 (2-micron) with the multiply instruction during the period when they were in use for development." The ARC team regularly reported to Acorn management in the UK, who became concerned by the project's slow progress – it wasn't going to be ready in time for the launch of the Archimedes family. Acorn soon turned to Fellows and the Acornsoft team – its in-house software development and publishing wing – to produce an alternative OS for the Archimedes ready for its launch in the absence of a finished ARX. Fellows added: "I was hauled in, in front of the board of directors at Acorn, and they said 'the hardware is being made and we have got no software, you guys aren't doing very much at Acornsoft, can you make us a BBC-like operating system? You've got 5 months,' as that's when the hardware is going to hit the streets. And like an idiot, I said 'yes.'" This ridiculously tight timeline is the origin of the codename Arthur, under wh
(read more)
Salesforce CEO Marc Benioff has doubled down on his company's stance on working from home and flexible working, that great pandemic debate. Following widespread WFH enforced by global COVID-19-related lockdowns, opinion is divided between those welcoming the new normal of work-where-you-like and those who see numbers coming through the office door as a proxy for productivity. Those in the latter camp include Goldman Sachs CEO David Solomon – who has taken several opportunities to insist that his staff get back to the office full time – and UK Prime Minister Boris Johnson, who insisted the
(read more)
The semiconductor market is flattening out after a period of record revenues, according to research outfit Omdia. The report joins a growing list of warnings that the chip industry is heading for a slowdown because of companies stockpiling components and global economic effects such as inflation. Omdia's latest analysis of the worldwide semiconductor market shows that it reached a plateau in the first quarter of 2022 following five straight quarters of record revenues and continual growth in demand. It appears that the decline is rather modest at present, with a drop of just 0.03 perce
(read more)
Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG). RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones. We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too. On Thursday this week, TAG revealed its analysis of the software, and how it helped dismantle the infection. According to Googlers Benoit Sevens and Clement Lecigne, some targets were sent text messages asking them to install an application to fix their mobile data connectivity. This app in fact infected the device with RCS's spyware. It appears the snoops using the surveillance tool got the victims' cellular providers to degrade their wireless internet connectivity, thus convincing the marks to run the app. "We believe this is the reason why most of the applications masqueraded as mobile carrier applications," Sevens and Lecigne explained. In cases without any telco help, the spies sent a link to a page offering malicious applications masquerading as legit messaging apps from Facebook parent Meta. Running these programs infected the device with spyware. Getting the app to download and run on iOS needed some extra steps due to the security measures in the operating system: for one thing, the app wasn't coming from the official App Store and thus would normally be rejected. The snoops instead followed Apple's notes on how to distribute proprietary in-house apps to iThings, according to the Google bug hunters.  This allowed the miscreants to produce an app digitally signed by a company enrolled in the Apple Developer Enterprise Program, and crucially, one that could be installed on a victim's device by getting them to fetch and run it from a webpage. The iPhone app itself contains multiple parts, including a privilege-escalation exploit to escape from the sandbox in which it is run, along with an agent that can steal files from iOS devices. In their analysis, Sevens and Lecigne analyzed an app with exploit code for the following vulnerabilities: The security researchers said CVE-2021-30883 and CVE-2021-30983 were zero-day exploits, and Project Zero published a technical analysis of the latter. Android deployment Meanwhile, on Android, the installation process worked like this: first, the victim is sent a link to a webpage that tricks them into fetching and installing a malicious app that look
(read more)
On Call A tale of theft, fraud and understanding the meaning of "Delete" to end your working week. Welcome to a legally questionable episode of On Call. Our story is another from a reader Regomized as "Ellen" and once again concerns Digital Equipment Corporation's finest. In this case, DEC's ALL-IN-1 office automation suite of the 1980s. ALL-IN-1 was quite the thing back in the day. By modern standards it was pretty rudimentary, but with its email and word processing functionality it must have seemed like a whole new world. It was also highly customizable. Ellen was employed at a financial institution that we will not name and tasked with administering a network of ALL-IN-1 computers, with accounts in every branch. "Normally," she said, "it was pretty pain-free stuff allowing for long lunch breaks." Until, typically, the inevitable happened and Ellen's pager went off. And of course it had to go off during the lengthy (for the UK) Easter holiday. On the LCD screen was a request to go into the office. She ignored it. The pager chirped again. And again. It appeared there was no avoiding a bank holiday visit to the workplace. So in she trudged, only to find the office relatively quiet. The urgency of the message had made her suspect the Vax had dropped over but nope. While there were a few people milling around, a glance at her homegrown status page showed all services up and running. "Before I could say 'Why am I here?', I was called to the top floor, which was an elevated place I very, very rarely had cause to bother. This time it was straight into a boardroom. Lots of very seriously worried people in there." And lots of very big cheeses. How one techie ended up paying the tab on an Apple Macintosh Plus The swift in-person response is part of the service (and nothing to do with the thing I broke while trying to help you) Can't get that printer to work? It's not you. It's that sodding cablin.... oh beautiful job with that cabling, boss Oh Lord, won't you buy me a Mercedes-Benz? Detroit waits for my order, you'd better make amends Was it possible for her to look at some specific email accounts? For a specific branch of the bank? Sure. But what for? There was some shuffling of feet. "Anything strange." This was distinctly unhelpful, and Ellen pointed out that such a vague search would be akin to hunting for a needle in a haystack. When one doesn't know what a needle looks like. Or even a haystack. There was more huffing and puffing and a piece of paper was pushed across the desk. It was a Non-Disclosure Agreement, replete with some hefty penalties should the vow of Omertà be broken. The reason for the call-out was then disclosed. It transpired that an employee had been overly helpful and run a job on the mainframe early – on Friday rather than the next working day, which would have been Tuesday (Easter – remember?) This had thrown up a discrepancy… "It seemed a rather large sum of money was missing," Ellen told us, "but they didn't know why." Attempts to contact the manager of the branch were unsuccessful. Officially he was on vacation. However, the security officer had managed to ge
(read more)
Tachyum, the outfit aiming to develop a "universal processor" for HPC and artificial intelligence workloads, has joined the European Technology Platform for High Performance Computing (ETP4HPC), a think-tank promoting European HPC research and innovation. The Slovakian company put out an FPGA prototype last year, which we noted at the time is still a long way away from proving the company's bold claims. The "Prodigy" chipmaker said it had been accepted as an associated SME member of ETP4HPC, an industry-led non-profit association set up to drive the economic and societal benefits of HPC for European science and industry. The organization counts Intel, HPE, Dell, Atos and Arm among its many members. The company has for several years been working on its "Universal Processor" technology, which is claimed to deliver compute cores with the functionality of a CPU, a GPU, and a TPU - a specialised accelerator for the kind of calculations used in machine learning neural networks – all in a single device. Tachyum's forthcoming Prodigy processor chips are expected to feature 128 of these 64-bit compute cores. The company has made various bold claims about performance, such as it being up to 4x faster than the highest performing X86 processors and up to 3x faster than the highest performing GPU, but has so far only demonstrated it implemented using an FPGA and booting into Linux. Evaluation platforms to ship – in 6+ months Earlier this month, the company announced that it will be offering a limited number of Prodigy Evaluation Platforms, built with functioning Prodigy processors and application software and shipped in a standard 2U server form factor. Qualified customers and partners interested in getting their hands on one need to pre-order before July 31, and delivery is expected to be six to nine months after receipt of order, Tachyum said. According to Tachyum, it is aiming to build "the world's fastest AI supercomputer" in the EU based on the Prodigy processor technology, and claims this will come in at 128 exaflops. To put this in perspective, the Frontier exascale system that became operational at the Oak Ridge National Laboratory in the US recently is working its way up to delivering 2 exaflops. No timeframe has been given by Tachyum for meeting this ambitious goal, however. Intel offers Loihi 2 to boffins: A 7nm chip with more than 1m programmable neurons Tachyum's Prodigy emulator achieves first boot, runs Linux and says 'hello, world' Open-source software starts with developers, but there are other important contributors, too. Who exactly? Good question New release of SweRVolf RISC-V SoC project aims for lower barrier to entry ETP4HPC is itself a private member of the EuroHPC Joint Undertaking project behind some of the newer European supercomputers such as Jupiter and LUMI. Tachyum said that it is "a natural fit" for the ETP4HPC community, and that it will join the activities of selected working groups to share and receive expertise in the chip design and production industry, promote white papers and get to a closer relationship with other SMEs in the field of the HPC from across Europe.
(read more)
Amazon Web Services has proudly revealed that the first completely private expedition to the International Space Station carried one of its Snowcone storge appliances, and that the device worked as advertised. The Snowcone is a rugged shoebox-sized unit packed full of disk drives – specifically 14 terabytes of solid-state disk – a pair of VCPUs and 4GB of RAM. The latter two components mean the Snowcone can run either EC2 instances or apps written with AWS’s Greengrass IoT product. In either case, the idea is that you take a Snowcone into out-of-the-way places where connectivity is limited, collect data in situ and do some pre-processing on location. Once you return to a location wher
(read more)
Lenovo has unveiled a small desktop workstation in a new physical format that's smaller than previous compact designs, but which it claims still has the type of performance professional users require
(read more)
A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Secureworks. The China-backed group, which Secureworks labels Bronze Starlight, has been active since mid-2021. It uses an HUI loader to install ransomware, such as LockFile, AtomSilo, Rook, Night Sky and Pandora. But cybersecurity firm Secureworks asserts that ransomware is probably just a distraction from the true intent: cyber espionage. "The ransomware could distract incident responders from identifying the threat actors' true intent and reduce the likelihood of attributing the malicious activity to a government-sponsored Chinese thre
(read more)
The second coming of Windows 11 is almost upon us. Is it worth chancing an upgrade? We took a look at the latest release preview of 2022's take on Microsoft's flagship operating system. Windows 11 la
(read more)
NSO Group told European lawmakers this week that "under 50" customers use its notorious Pegasus spyware, though these customers include "more than five" European Union member states. The surveillance-ware maker's General Counsel Chaim Gelfand refused to answer specific questions about the company's customers during a European Parliament committee meeting on Thursday.  Instead, he frequently repeated the company line that NSO exclusively sells its spyware to government agencies — not private companies or individuals — and only "for the purpose of preventing and investigating terrorism and other serious crimes." Generally speaking, a target selected by an NSO customer has their phone or other device infected with hidden spyware via the exploitation of one or more security vulnerabilities. Once installed, this software can secretly snoop on that person's calls, messages, and other activities. The code is installed by, say, sending a booby-trapped message to the victim that when received and automatically processed by their device, causes the spyware to silently deploy and run. These tools are "licensed solely to law enforcement and government agencies," Gelfand said, adding these are "limited in number, and contracts are carefully contracted to only permit legitimate use." Well, kind of But, later, he added, sometimes private companies do get involved. A government agency "is always the end user," Gelfand said. "There are sometimes commercial, third parties that are involved in the transaction for reasons of security aspects," he continued. "These commercial third parties will very often be the in-between as an intermediary between NSO and a government on the contractual side of things. They never receive use of the system itself, they do not have access to the system." India's ongoing outrage over Pegasus malware tells a bigger story about privacy law problems Spanish PM, defense minister latest Pegasus spyware victims UK Prime Minister, Catalan groups 'targeted by NSO Pegasus spyware' European officials reportedly targeted by NSO spyware The US ban-hammered the notorious Israeli software provider last year. European
(read more)
Amazon unveiled its first "fully autonomous mobile robot" and other machines designed to operate alongside human workers at its warehouses. In 2012 the e-commerce giant acquired Kiva Systems, a robotics startup, for $775 million. Now, following on from that, Amazon has revealed multiple prototypes powered by AI and computer-vision algorithms, ranging from robotic grippers to moving storage systems, that it has developed over the past decade. The mega-corporation hopes to put them to use in warehouses one day, ostensibly to help staff lift, carry, and scan items more efficiently.  Its "autonomous mobile robot" is a disk-shaped device on wheels, and resembles a Roomba. Instead of hoovering crumbs, the machine, named Proteus, carefully slots itself underneath a cart full of packages and pushes it along the factory floor. Amazon said Proteus was designed to work directly with and alongside humans and doesn't have to be constrained to specific locations caged off for safety reasons.  Youtube Video The robot shines a beam of green light to navigate, stopping if it detects something or someone blocking its path, as seen in the demo video above. Proteus will initially be rolled out in the outbound handling areas of Amazon's fulfillment and sorting cent
(read more)
China's government has outlined its vision for digital services, expected behavior standards at China's big tech companies, and how China will put data to work everywhere – with president Xi Jinping putting his imprimatur to some of the policies. Xi's remarks were made in his role as director of China’s Central Comprehensively Deepening Reforms Commission, which met earlier this week. The subsequent communiqué states that at the meeting Xi called for "financial technology platform enterprises to return to their core business" and "support platform enterprises in playing a bigger role in serving the real economy and smoothing positive interplay between domestic and international economic flows." The remarks outline an attempt to balance Big Tech's desire to create disruptive financial products that challenge monopolies, against efforts to ensure that only licensed and regulated entities offer financial services. "We need to protect the legitimate rights and interests of financial consumers, strengthen oversight of platform enterprises to combat monopoly and unfair competition, step up supervision over data scraping of platform enterprises, and regulate the misuse of big data and algorithm-based discrimination," the communiqué reads. Data is mentioned many more times. Xi points out that China's sheer size means it collects so much data it has an advantage over other nations – if that data is properly governed Xi therefore called for a data property rights system "in which the right to own data resources, the right to process and use data, and the right to engage in the business of data products are clearly defined, and we should improve the system for protecting the rights and interests of data as a factor of production," he said, adding that China needs well regulated markets for data. Data security is also part of his vision, along with a multi-party governance model involving government, enterprises, and society. China's vice premier Liu He advocates technology and government cooperation China's annual parliament gives tech industry much to ponder Microsoft says hello again to China, goodbye to Russia The da
(read more)
NASA has chosen the three companies it will fund to develop a nuclear fission reactor ready to test on the Moon by the end of the decade. This power plant is set to be a vital component of Artemis, the American space agency's most ambitious human spaceflight mission to date. This is a large-scale project to put the first woman and first person of color on the Moon, and establish a long-term presence on Earth's natural satellite. NASA envisions [PDF] astronauts living in a lunar base camp, bombing around in rovers, and using it as a launchpad to explore further out into the Solar System. In order for this to happen, it'll need to figure out how to generate a decent amount of power somehow. Enter fission surface power. A nuclear fission reactor harnesses the energy released from splitting apart atoms like uranium. Unlike solar panels, fission reactors can provide constant power and can be placed in dark cool corners of the lunar surface that receive little to no sunlight. NASA believes it will need 40 kilowatts of power for the first lunar inhabitants. Last year, the agency, with the US government's Dept of Energy, invited companies to send in proposals of how to build such a system. "Plentiful energy will be key to future space exploration," Jim Reuter, associate administrator for NASA's Space Technology Mission Directorate, said at the time. "I expect fission surface power systems to greatly benefit our plans for power architectures for the Moon and Mars and even drive innovation for uses here on Earth." Now, NASA and Dept of Energy officials have selected three of the best ideas. Projects led by aerospace and energy companies Lockheed Martin, Westinghouse of Cranberry Township, and IX, a joint venture between Intuitive Machines and X-Energy, have each been awarded $5 million over twelve months to build prototype designs for the future power source in a competition overseen by the Idaho National Laboratory. "The Fission Surface Power project is a very achievable first step toward the United States establishing nuclear power on the Moon," said INL Director John Wagner. "I look forward to seeing what each of these teams wil
(read more)
Intel has found a new way to voice its displeasure over Congress' inability to pass $52 billion in subsidies to expand US semiconductor manufacturing: withholding a planned groundbreaking ceremony for its $20 billion fab mega-site in Ohio that stands to benefit from the federal funding. The Wall Street Journal reported that Intel was tentatively scheduled to hold a groundbreaking ceremony for the Ohio manufacturing site with state and federal bigwigs on July 22. But, in an email seen by the newspaper, the x86 giant told officials Wednesday it was indefinitely delaying the festivities "due in part to uncertainty around" the stalled Creating Helpful Incentives to Produce Semiconductors (CHIPS) for America Act. That proposed law authorizes the aforementioned subsidies for Intel and others, a
(read more)
Amazon at its re:Mars conference in Las Vegas on Thursday announced a preview of an automated programming assistance tool called CodeWhisperer. Available to those who have obtained an invitation through the AWS IDE Toolkit, a plugin for code editors to assist with writing AWS applications, CodeWhisperer is Amazon's answer to GitHub Copilot, an AI (machine learning-based) code generation extension that entered general availability earlier this week. In a blog post, Jeff Barr, chief evangelist for AWS, said the goal of CodeWhisperer is to make software developers more productive. "CodeWhisperer will continually examine your code and your comments, and present you with syntactically correct recommendations," said Barr. "The recommendations are synthesized based on your coding style an
(read more)
If the proposed addition of the 12GHz spectrum to 5G goes forward, Starlink broadband terminals across America could be crippled, or so SpaceX has complained.  The Elon Musk biz made the claim [PDF] this week in a filing to the FCC, which is considering allowing Dish to operate a 5G service in the 12GHz band (12.2-12.7GHz). This frequency range is also used by Starlink and others to provide over-the-air satellite internet connectivity. SpaceX said its own in-house study, conducted in Las Vegas, showed "harmful interference from terrestrial mobile service to SpaceX's Starlink terminals … more than 77 percent of the time, resulting in full outages 74 percent of the time." It also claimed the interference will extend to a minimum of 13 miles from base stations. In other words, if Dish gets to use these frequencies in the US, it'll render nearby Starlink terminals useless through wireless interference, it was claimed. The rocket maker criticized a 2021 study that was submitted in favor of Dish to the regulator by RS Access, a group focused on bringing the 12GHz spectrum to 5G in the US. RS Access worked closely with Dish Networks, which is trying to expand into 5G service u
(read more)
Embedded World RISC-V International has grown its pile of royalty-free, open specifications, with additional documents covering firmware, hypervisors, and more. RISC-V – pronounced "risk five", and not to be confused with the other architecture of that name, RISC-5 – essentially sets out how a CPU core should work from a software point of view. Chip designers can implement these instruction set specifications in silicon, and there are a good number of big industry players backing it. The latest specs lay out four features that compatible processors should adhere to. Two of them, E-Trace and Zmmul, will be useful for organizations building RISC-V hardware and software, and the other two could prove important in future, aiding the development of OSes to run on RISC-V computers. If you wanna make your own open-source chip, just Google it. Literally. Web giant says it'll fab them for free READ MORE One of these is the UEFI boot protocol that specifies how system firmware obtains and handles information about the hardware before loading an OS kernel. Another defines a Supervisor Binary Interface (SBI) between the hardware and an operating system or hypervisor kernel, complete with a reference implementation by Western Digital called OpenSBI. RISC-V International CTO Mark Himelstein said this was a "critical resource," offering "the ability to port supervisor-mode software across all RISC-V implementations, essentially allowing developers to write something once and apply it everywhere." As for the others, the E-Trace specification allows for efficient processor-branch tracing on RISC-V devices. If that's your sort of jam, there's a 100+ page PDF on GitHub.
(read more)
The UBPorts community is in the final stages of preparing its next release and it's calling for testers. OTA-23 is getting close – the project's Github kanban looks quite good to us – and if you're lucky enough to have one of the project's supported devices lying around, then you can help. Many of them are a few years old now, so there's a good chance that you've already replaced them and they sit unloved and neglected in a drawer. The starred entries in the list of devices are the best supported and should have no show-stopping problems. In order of seniority, that means: the LG-made Google Nexus 5 (2013); the original Oneplus One (2014); two models of Sony Xperia X, the F5121 and F5122 (2016); and Google's Pixel 3a and 3a XL (2019). (The Reg FOSS desk suspects that if you have one of those lying around somewhere and aren't tempted, you can probably sell it to some open-sourcy enthusiast who would love to give it a go.) Not starred but still high on the list are several devices which are listed as "functioning well." This means that they get green ticks across almost all of the feature-list apart from one or two items, such as lacking support for wireless external monitors. To us, this doesn't sound like a deal-breaker. These models include the Xiaomi Mi A2 (2018) and Poco X3 NFC (2020), and the Asus Zenfone Max Pro M1 (2018). There are a few models for which it's a manufacturer-supported option. The Fairphone 2 is quite old now but it's sti
(read more)
A totaled Tesla Model S burst into flames in a Sacramento junkyard earlier this month, causing a fire that took "a significant amount of time, water, and thinking outside the box to extinguish," firefighters said.  The vehicle was involved in a comparably unexplosive accident that sent it to the junkyard three weeks ago – it's unclear what caused the Tesla to explode nearly a month after being taken off the road. Like other electric vehicle fires, it was very difficult to extinguish. "Crews knocked the fire down, but the car kept re-igniting and off-gassing in the battery compartment," the
(read more)
Oracle has slimmed down its on-prem fully managed cloud offer to a smaller datacenter footprint for a sixth of the budget. Snappily dubbed OCI Dedicated Region [email protected], the service was launched in 2020 and promised to run a private cloud inside a customer's datacenter, or one run by a third party. Paid for "as-a-service," the concept promised customers the flexibility of moving workloads seamlessly between the on-prem system and Oracle's public cloud for a $6 million annual fee and a minimum commitment of three years. Big Red has now slashed the fee for a scaled-down version of its on-
(read more)
Matt Ramberg is the vice president of information security at Sanmina, a sprawling electronics manufacturer with close to 60 facilities in 20 countries on six continents and some 35,000 employees spread across the world. Like most enterprises, Sanmina, a big name in contract manufacturing, is also adapting to a new IT environment. The 42-year-old Fortune 500 company, with fiscal year 2021 revenue of more than $6.76 billion, was an early and enthusiastic adopter of the cloud, taking its first step into Google Cloud in 2009. With manufacturing sites around the globe, it also is seeing its techn
(read more)
It's been a good week for free speech advocates as a judge ruled that copyright law cannot be used to circumvent First Amendment anonymity protections. The decision from the US District Court for the Northern District of California overturns a previous ruling that compelled Twitter to unmask an anonymous user accused of violating the Digital Millennium Copyright Act (DMCA).  The Electronic Frontier Foundation (EFF), which filed a joint amicus brief with the ACLU in support of Twitter's position, said the ruling confirms "that copyright holders issuing subpoenas under the DMCA must still meet the Constitution's test before identifying anonymous speakers."  The case in question involves an anonymous Twitter account that tweeted critical statements about wealthy people including Jef
(read more)
Toshiba has received 10 potential offers for the company, eight of which would take the company private, while two would allow it to remain publicly listed, according to reports. Toshiba shares are said to have risen as much as 6.5 percent following the news, with some estimates valuing the deals at up to $22 billion. The Japanese conglomerate announced in April that it was considering proposals to take the company private following numerous scandals and pressure from investor groups. Now Reuters reports that 10 bidders are discussing price ranges up to ¥7,000 a share with Toshiba shareholders, citing anonymous sources, which would be as much as a 27 percent premium on top of Toshiba's current share price. This would result in the deal valuing Toshiba at ¥3 trillion ($22 billion)
(read more)
In the latest episode of Black Mirror, a vast megacorp sells AI software that learns to mimic the voice of a deceased woman whose husband sits weeping over a smart speaker, listening to her dulcet tones. Only joking – it's Amazon, and this is real life. The experimental feature of the company's virtual assistant, Alexa, was announced at an Amazon conference in Las Vegas on Wednesday. Rohit Prasad, head scientist for Alexa AI, described the tech as a means to build trust between human and machine, enabling Alexa to "make the memories last" when "so many of us have lost someone we love" during the pandemic. In an explanatory video, Amazon showed a child asking: "Alexa, can Grandma finish reading me The Wizard of Oz?" at which point the assistant's normally artificial voice shifted
(read more)
A Chinese state-backed startup has hired legendary Japanese chip exec Yukio Sakamoto as part of a strategy to launch a local DRAM industry. Chinese press last week reported that Sakamoto has joined an outfit named SwaySure, also known as Shenzhen Sheng Weixu Technology Company or Sheng Weixu for brevity. Sakamoto's last gig was as senior vice president of Chinese company Tsinghua Unigroup, where he was hired to build up a 100-employee team in Japan with the aim of making DRAM products in Chongqing, China. That effort reportedly faced challenges along the way – some related to US sanctions, others from recruitment. The company scrapped major memory projects in two cities and was forced into bankruptcy last year, before Beijing arranged a bailout. While that v
(read more)
British readers who have only recently packed away the bunting commemorating the Platinum Jubilee of Queen Elizabeth II have been offered reason to get it out again by Crown Commercial Services, which is offering up the 10-year anniversary of G-Cloud as a cause for celebration. The procurement wing of the Cabinet Office has also said that the commercial arrangement for aggregating demand for public-sector cloud consumption had netted £1.5 billion ($1.83 billion) in benefits for public sector customers. Crown Commercial Services did not show its working on how it arrived at the calculation, and has yet to respond to The Register's questioning on the matter. According to the announcement, more than 5,000 suppliers offer over 38,000 services to public-sector organizations through 10
(read more)
Use it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks. Some have therefore suggested the tool is a liability that should be disabled in the interest of improved security. But on Wednesday national cybersecurity agencies from the US, UK, and New Zealand decided that's a bit drastic. Instead, the agencies recommend securing PowerShell prudently. "PowerShell is essential to secure the Windows operating system," the agencies argue. "Removing or
(read more)
UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher. Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars. In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference]. Armed with an email address, Hatton was abl
(read more)
Power and thermal management equipment essential to building datacenters is in short supply, with delays of months on shipments – a situation that's likely to persist well into 2023, Dell'Oro Group reports. The analyst firm's latest datacenter physical infrastructure report – which tracks an array of basic but essential components such as uninterruptible power supplies (UPS), thermal management systems, IT racks, and power distribution units – found that manufacturers' shipments accounted for just one to two percent of datacenter physical infrastructure revenue growth during the first quarter. "Unit shipments, for the most part, were flat to low single-digit growth," Dell'Oro analyst Lucas Beran told The Register. He blamed challenging supply chain conditions and strong deman
(read more)
Promoted phones as ready for a dunking – forgot to mention known problems with subsequent recharges Australia’s Competition and Consumer Commission has fined Samsung Electronics AU$14 million ($9.6 million) for making for misleading water resistance claims about 3.1 million smartphones. The Commission (ACCC) says that between 2016 and 2018 Samsung advertised its Galaxy S7, S7 Edge, A5, A7, S8, S8 Plus and Note 8 smartphones as capable of surviving short submersions in the sea or fresh water. As it happens The Register attended the Australian launch of the Note 8 and watched on in wonder as it survived a brief dunking and bubbles appeared to emerge from within t
(read more)
Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering. The alleged crooks are believed to have stolen "several million euros" from at least "dozens of Belgian victims," according to that nation's police, which, along with the Dutch, supported the cross-border operation. On Tuesday, after searching 24 houses in the Netherlands, officers cuffed eight men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse, and a 25-year-old woman from Deventer. We're told the cops seized, among other things, a firearm, designer clothing, expensive watches, and tens of thousands of euros. The suspects are in police custody and will be extradited to Belgium. Dutch police haven't ruled out additional
(read more)
Scientists in Germany claim to have developed bipolar transistors from organic materials, opening a path for flexible and transparent electronics. The study, led by Shu-Jen Wang, post-doctoral researcher Technische Universität Dresden, built an organic bipolar junction transistor using doped rubrene. That could help the semiconductor industry to make the switch to organic materials, increasing access to a wide library of materials for building electronic devices. Transistors are the basis of today's digital circuits and, at a simple level, allow one signal to control another. They can amplify a signal, or switch between 'on' and 'off' states, through control of a current of charge carriers – which are either electrons or their positive counterpart (holes), or both. There are two
(read more)
Column Sixteen years ago, British mathematician Clive Humby came up with the aphorism "data is the new oil". Rather than something that needed to be managed, Humby argued data could be prospected, mined, refined, productized, and on-sold – essentially the core activities of 21st century IT. Yet while data has become a source of endless bounty, its intrinsic value remains difficult to define. That's a problem, because what cannot be valued cannot be insured. A decade ago, insurers started looking at offering policies to insure data against loss. But in the absence of any methodology for valuing that data, the idea quickly landed in the "too hard" basket. Or, more accurately, landed on the to-do lists of IT departments who valued data by asking the business how long they could live
(read more)
The X window system turned 38 years old this week, and although it has more rivals than ever, it is still the go-to for a graphical desktop on Unix. The first public release of the X window system, according to Robert W. Scheifler's announcement, was 19 June 1984. X itself was a rewrite of an older windowing system called W, which ran on a research microkernel OS called the V-System (V→W→X, you see.) Both the V-System and the W window system seem to have now been lost, although Bryan Lunduke has an interesting history. About the only relic that you can see today, if you're curious, is the V-System manual [PDF]. Just two years after launch, X had already reached version 10 – the oldest point release showing in the release history on the X.org Foundation web page. X11R1 was introduced in 1987, and with some modifications, that's what the world is still using today. That is quite a feat of longevity, considering that that's the same year as OS/2 1.0 came out, as well as Acorn's Archimedes range. Ex-org? Not at all! Three and a half years after X.Org Server 1.20, 1.21 is released READ MORE The latest version, X11R7.7, is already a decade ago, and currently there's no timeline for a monolithic X11R7.8, let alone the barely even sketched out X12. The X project is largely unchanging these days: we reported in 2020 that its lead maintainer had walked away. The X Consortium no longer exists, and today, X is maintained by Freedesktop.org – which is, of course, the primary body behind Wayland, the planned replacement for X. Even so, new releases of X.11 components do appear sometimes. As we said when looking at one, many big-name dist
(read more)
Delivery company Yodel has found itself the latest victim of a cyber "incident" that has disrupted services. Rooted firmly to the bottom of the table of best and worst courier firms by consumer campaigner Which? Yodel has gained popularity and, perhaps, a bit of notoriety in recent years as consumers turned to courier companies rather than venture into physical stores. Click to enlarge Exactly when security problems began is difficult to ascertain, since Yodel's social media voicebox is crammed full of disgruntled customers wondering where their products are (indeed, this writer had the joy of a piece of hardware being lifted from one of the company's depots back in 2019, but that's another story...). However, by June 21 the company changed its customer service narrative to "Yodel is currently experiencing operational disruption affecting our delivery service." Yodel's website was also updated to reflect that its services were not at all well. The Register contacted the company to find out what was happening, and a spokesperson said: "Yodel has experienced a cyber incident that has caused some disruption. We are servicing customers but tracking is currently impacted. UK parcel firm Yodel plugs tracking app's random yaps about where on map to snap up strangers' tat Self-driving vehicles might be autonomous but insurance pay-outs probably won't be Self-stocking internet fridge faces a delivery come down Boston Dynamics' latest robot is a warehouse workhorse "As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by an external IT forensics group. We are working to restore tracking as quickly as we can
(read more)
Brave Software, maker of a privacy-oriented browser, on Wednesday said its surging search service has exited beta testing while its Goggles search personalization system has entered beta testing. Brave Search, which debuted a year ago, has received 2.5 billion search queries since then, apparently, and based on current monthly totals is expected to handle twice as many over the next year. The search service is available in the Brave browser and in other browsers by visiting search.brave.com. "Since launching one year ago, Brave Search has prioritized independence and innovation in order to give users the privacy they deserve," wrote Josep Pujol, chief of search at Brave. "The web is changing, and our incredible growth shows that there is demand for a new player that puts users first." According to Brave, it took Google more than a year to reach 2.5 billion queries and it took DuckDuckGo, which relies on Microsoft's Bing search engine, over four years to achieve similar search volume. Brave, which now claims more than 59 million monthly active users, has chosen to compete with Google through a service with a confusingly similar name: Goggles. In an interview with The Register last year, co-founder and CEO Brendan Eich explained that Goggles isn't an attempt to match Google's vast search index. Rather it's an effort to innovate in an environment that Google has allegedly monopolized. Deep dive into privacy Goggles, accessible in a tab below the search.brave.com input box on the results page, offers browser users the opportunity to redefine the relevance of search results. Or more simply put, it allows users to select how individual sites are boosted up or brought down in the search results. You prefer The Register to appear higher in your search results? You can create a Goggle to do that. Brave imposes its own ranking on search results for a given query. And with Goggles, Brave users – individually or as a group – can create their own private or public adjustments to the default order. Brave says this will allow users to counter any built-in bias in its search results, but a likely consequence is that users or groups of users
(read more)
Okta has completed its analysis of the March 2022 incident that saw The Lapsus$ extortion crew get a glimpse at some customer information, and concluded that its implementation of zero trust techniques foiled the attack – and that its (former) outsourced customer service provider Sitel was largely to blame for the confusion surrounding the incident. So said Brett Winterford, Asia-Pacific and Japan chief security officer of the identity-management-as-a-service vendor, at the Gartner Risk and Security Summit in Sydney today. Winterford explained that the incident started in January when an Okta analyst observed a Sitel support engineer attempting to reset a password – but did so from outside the expected network range, did not attempt to fulfil a multifactor authentication challenge, and requested the new login details be sent to a Sitel email address managed under Microsoft 365 rather than the expected Okta address managed under Google Workspaces. Okta can see what happens in the virtual desktops it provides to Sitel engineers, and in the Workspaces it provides to those engineers. But Okta cannot see Sitel's MS365. That combination saw Okta suspend the user and inquire about any issues at Sitel, which admitted to compromise of an Active Directory account.
(read more)
Facebook parent Meta has settled a complaint brought by the US government, which alleged the internet giant's machine-learning algorithms broke the law by blocking certain users from seeing online real-estate adverts based on their nationality, race, religion, sex, and marital status. Specifically, Meta violated America's Fair Housing Act, which protects people looking to buy or rent properties from discrimination, it was claimed; it is illegal for homeowners to refuse to sell or rent their houses or advertise homes to specific demographics, and to evict tenants based on their demographics. This week, prosecutors sued Meta in New York City, alleging the mega-corp's algorithms discriminated against users on Facebook by unfairly targeting people with housing ads based on their "race, color, religion, sex, disability, familial status, and national origin." Meta agreed to settle the case, and promised to pay a $115,054 fine to end the matter. Crucially, it also agreed to tweak its ad targeting system. The US government can't issue a heftier sanction, since it's the maximum penalty fee for violating the FHA, and we suspect the primary aim was to force a change in the software. "When a company develops and deploys technology that deprives users of housing opportunities based in whole or in part on protected characteristics, it has violated the FHA, just as when companies engage in discriminatory advertising using more traditional advertising methods," Damian Williams, US Attorney from the Southern District Court of New York, said in a statement. "As technology rapidly evolves, companies like Meta have a responsibility to ensure their algorithmic tools are not used in a discriminatory manner," the Department of Justice's Assistant Attorney General Kristen Clarke from the Civil Rights Division added. "This settlement is historic, marking the first time that Meta has agreed to terminate one of its algorithmic targeting tools and modify its delivery algorithms for housing ads in response to a civil rights lawsuit." Meta search engines may infringe database rights: EU Court of Justice A miserable work week spent toiling inside 'the metavers
(read more)
Broadcom has made its first public comment in weeks about its plans for VMware, should the surprise $61 billion acquisition proceed as planned, and has prioritized retaining VMware's engineers to preserve the virtualization giant's innovation capabilities. The outline of Broadcom's plans appeared in a Wednesday blog post by Broadcom Software president Tom Krause. VMware is an iconic software company with a vibrant ecosystem. We don't want to change that. The post opens with blandishments about Broadcom meeting with VMware customers "to tell them more about how this combination will deliver compelling benefits to them." Those benefits center on "greater choice and flexibility to build, run, manage, connect and protect traditional and modern applications at scale across diversified, distributed environments." Krause's definition of "choice" hinges on the intention that Broadcom Software's existing businesses – Symantec and CA – will operate under the VMware name once the deal is done. VMware customers will therefore be able to choose Symantec and CA products. VMware customers are, it should be noted, free to make that choice today. Krause added that the combination of VMware and Broadcom software will "help enterprises build, manage and secure a wide variety of applications – from mainframe to client server to cloud-native via Kubernetes – and more securely deliver amazing end user experiences to any device anywhere." That's a slightly stronger statement, as the combined Broadcom Software and VMware will indeed have expertise on many platforms. But the post makes no mention of integration plans that might link the combined companies' portfolios more elegantly. The post does state: "A key pillar of the combined company's innovation roadmap will be to retain and support VMware's engineering and R&D talent." VMware customers fear Broadcom acquisition will stall innovation, increase cost VMware customers have watched Broadcom's acquisitions and don't like what they see Linux Foundation thinks it can get you interested in smartNICs Broadcom Software has previously stated it prefers to focus R&D on the needs of its v
(read more)
Zscaler is growing the machine-learning capabilities of its zero-trust platform and expanding it into the public cloud and network edge, CEO Jay Chaudhry told devotees at a conference in Las Vegas today. Along with the AI advancements, Zscaler at its Zenith 2022 show in Sin City also announced greater integration of its technologies with Amazon Web Services, and a security management offering designed to enable infosec teams and developers to better detect risks in cloud-native applications. In addition, the biz also is putting a focus on the Internet of Things (IoT) and operational technolog
(read more)
Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others. The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files. The paper [PDF], titled "
(read more)
Cisco has alerted customers to four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances.  The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old. This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come.  To exploit the vulnerability, an attacker needs valid operator-level or higher access to the appliance. Once authenticated, the miscreant can steal sensitive information, such as user credentials, from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to the device due to a blunder in the query process. We can imagine a rogue insider or someone who has compromised an operator account exploiting this flaw to further penetrate a network. "This vulnerability is due to a lack of proper input sanitization while querying the external authentication server," reads the security advisory. If you're using older, vulnerable Cisco small biz routers, throw them out Microsoft fixes under-attack Windows zero-day Follina Atlassian: Unpatched years-old flaw under attack right now to hijack Confluence Patch now: Zoom chat messages can infect PCs, Macs, phones with malware Cisco deemed the three other vulnerabilities medium severity, though their CVSS scores range from 9.1 to 5.4. We're told miscreants haven't (yet) exploited any of these bugs either. The 9.1-severity vuln, tracked as CVE-2022-20829, is in the packaging of Cisco Adaptive Security Device Manager (ASDM) software images and the validation of those images by Cisco Adaptive Security Appliance (ASA) software. Cisco only rates the bug as medium severity, despite the high CVSS score, because an attacker needs administrative privileges to exploit this bug. By uploading a specially crafted image containing malicious code to a device runni
(read more)
Version 21.3 of Manjaro - codenamed "Ruah" - is here, with kernel 5.15, but don't let its beginner-friendly billing fool you: you will need a clue with this one. Manjaro Linux is one of the more popular Arch Linux derivatives, and the new version 21.3 is the latest update to version 21, released in 2021. There are three official variants, with GNOME 42.2, KDE 5.24.5 or Xfce 4.16 desktops, plus community builds with Budgie, Cinnamon, MATE, a choice of tiling window managers (i3 or Sway), plus a Docker image. The Reg took its latest look at Arch Linux a few months ago. Arch is one of the older rolling-release distros, and it's also famously rather minimal. The installation process isn't trivial: it's driven from the command line, and the user does a lot of the hard work, manually partitioning disks and so on. Manjaro describes itself as being "a different kind of beast." The team maintains its own hierarchy of repositories, with more testing and integration – which is why it has releases, rather than a rolling release. Manjaro claims to be "designed to be accessible to newcomers": it has a simple installation program and comes with a choice of ready-rolled desktops, so taking a lot of the hard work out of getting Arch up and running. The user guide compares the relationship between Manjaro and Arch as being similar to that between Ubuntu and Debian. The installation program is Calamares, a distro-neutral tool also used in GeckoLinux and OpenMandriva, so installation is a fairly smooth and polished experience. Before loading into the desktop, a startup screen asks you to choose a language, a keyboard layout, and offers a choice of loading only
(read more)
Microsoft has made it official. Windows Subsystem for Linux 2 distributions are now supported on Windows Server 2022. The technology emerged in preview form last month and represented somewhat of an about-face from the Windows giant, whose employees had previously complained that while the tech was handy for desktop users, sticking it on a server might mean it gets used for things for which it wasn't intended. (And Windows Server absolutely had to have the bloated user interface of its desktop stablemate as well, right?) News of the official support was imparted by Microsoft program manager Craig Loewen and it is indeed good for developers with a particular use case that requires them to fire up Linux on Windows Server 2022. No more full-blown Hyper-V sessions needed – the considerably lighter-weight WSL2 should do the trick nicely. Windows Subsystem for Linux 2 splashes down on Win Server 2022 Windows Subsystem for Linux gets bleeding-edge Ubuntu AlmaLinux comes to Windows Subsystem for Linux How not to attract a WSL (or any) engineer Sadly, it doesn't appear to be all good news. Many organizations will be running the Long Term Servicing Channel of Windows Server for the sake of stability. This is currently Windows Server 2019 and Loewen told eager WSL2 fans that nope, there were no plans to backport the change. The lack of a backport means that it is the semi-annual channel that will get the goodies, although the two to three year gap between Long-Term Servi
(read more)
Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms.  While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat.  Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident.  "There is constant cyber activity against Israel. In terms of Israel working on increasing its cyber resilience, it is not in a bad place," the source commented. "Part of the [state's] multi-year plan is to build a cyber iron dome in cooperation with other nations. The headlines exaggerated about the sirens yesterday." Still, the Jerusalem Post pointed out, it's another bit of escalation in a cyberwar between the two countries that has gone on for years. This latest case, one analyst told the paper, was likely an attack of opportunity against weak infrastructure that would have the greatest-possible psychological effect on Israelis.  Earlier this year, Israel's government was hit by a series of massive distributed denial-of-service attacks that took its websites offline and led to a state of emergency being declared. Again, Iran hasn't been determined to be the culprit, and Israeli officials said they believed it was retaliation for an earlier alleged Israeli attack on an Iranian nuclear enrichment site.  While the enrichment lab assault is unconfirmed, Israel isn't innocent when it comes to cyberattacks against Iran. The Stuxnet infection that targeted Iranian uranium centrifuges was a joint US-Israeli effort, Obama administration officials confirmed in 2012. Info on 1.5m people stolen from US bank in cyberattack Ukraine's secret cyber-defense that blunts Russian attacks: Excellent backups Why do hackers keep coming back to attack you? Because they can CISOs face 'perfect storm' of ransomware and state-supported cybercrime The New York Times reported in November that Israel and Iran's cyberwar had recently begun bleeding into the civilian world; where once both parties would stick to government targets, recent campaigns believed to be coming from both sides have targeted and affected civilians.  A cyberattack last year on Iran's fuel infrastructure left the country without regular gas supplies for nearly two weeks, an attack against Israel's water system was prevented, and some Israeli LGBTQ people were outed after information was stolen from dating sites. While none of those cyberstrikes have been directly linked to Israel or Iran, "foreign nations" have been accused of the incidents by both governments. Yoram Hacohen, CEO of the Israel Internet Association, said in an interview following Sund
(read more)
Castrol, better known for its engine oil, has partnered with cooling specialist Submer to drive the adoption of immersion cooling for datacenter and edge applications. For those of a certain age, Castrol will forever be associated with TV ads that proclaimed its Castrol GTX product as not just oil, but "liquid engineering." Now, however, it is teaming up with Submer to promote liquid immersion cooling as a way towards more efficient and more sustainable datacenter operations. The two companies said they will work together on the global supply, development and standardization of next generation immersion cooling fluids. These are typically so-called dielectric fluids that conduct heat but not electricity, enabling components such as server motherboards to be cooled by being completely immersed in the fluid. This union will combine Castrol's thermal management know-how with Submer's background in immersion cooling systems, with the pair claiming that water usage and the power consumption to operate and cool server equipment can be significantly reduced by turning to immersion cooling. "Teaming up with Submer is a great example of how cooperation can help deliver more efficient operations and can bring about many opportunities for us to continue to deliver products that help save energy whilst delivering high-performance with increased efficiency," said Rebecca Yates, VP for advanced mobility and industrial products at BP, Castrol's parent company. Submer CEO and co-founder Daniel Pope claimed there are two key drivers for switching to a different medium from the air cooling still widely used in many IT environments. One is a technical need driven by upcoming generations of high-density computer chips that will require more cooling capacity than existing technology can deliver, while the other is the need to deliver more sustainable datacenters. Immersion cooling no longer reserved for the hyperscalers, HPC Why chasing the AI dragon may force big tech to take sustainability seriously Supermicro CEO would like it if you could all build new, greener datacenters Nvidia brings liquid cooling to A100 PCIe GPU cards for 'greener' datacenters "Thanks to immersion cooling we can run these digital infrastructures with considerably reduced energy and space typically required," Pope said. Additionally, the heat can be recovered and reused for other purposes, such as domestic heating, he added. Submer announced another partnership earlier this month with German server maker RNT Rausch to provide immersion cooling for customers of RNT's server and storage systems. Castrol said that its immersion cooling fluids are designed for single-phase immersion cooling schemes, where the dielectric fluid is pumped through a heat exchanger to transfer the heat to a water-cooling circuit. It also claimed its products have lower viscosity than conventional dielectric fluids, with high oxidation resistance for long-term stability over the lifetime of the fluid. ®
(read more)
Sometimes it takes research to prove what was already suspected, like how utterly uncomfortable it would be to work in the metaverse. An international team of researchers conducted a study [PDF] to just such an end, putting participants in VR headsets and taking an inventory of their self-reported physical and mental states throughout a five day, eight-hour-a-day period spent in headsets and a virtual "office". Unlike a real job, participants were allowed to set their own work agendas and didn't perform standardized tasks yet even still had trouble undertaking these. Usability, frustration, anxiety, visual fatigue, motion sickness and additional criteria were measured, and the result
(read more)
The demand for consumer electronics has slowed down in the face of inflation – but that didn't stop nine of the world's 10 largest contract chip manufacturers from growing in the first three months
(read more)
Early details of the specifications for PCIe 7.0 are out, and it's expected to deliver data rates of up to 512 GBps bi-directionally for data-intensive applications such as 800G Ethernet. The announcement from the The Peripheral Component Interconnect Special Interest Group (PCI SIG) was made to coincide with its Developers Conference 2022, held at the Santa Clara Convention Center in California this week. It also marks the 30th anniversary of the PCI-SIG itself. While the completed specifications for PCIe 6.0 were only released this January, PCIe 7.0 looks to double the bandwidth of the high-speed interconnect yet again from a raw bit rate of 64 GTps to 128 GTps, and bi-directional speeds
(read more)
Microsoft's GitHub on Tuesday released its Copilot AI programming assistance tool into the wild after a year-long free technical trial. And now that GitHub Copilot is generally available, developers
(read more)