notice: I've disabled signup/login as malformed RSS feeds were costing me loads in cloud bills. Will look at a better way to fix this in future. Contact me on twitter if there's a feed you'd like included in the meantime

A free two-month trial for Windows 365, a virtual PC running Windows 10 on Microsoft's Azure cloud, has been withdrawn after only a day having "reached capacity." A note on the Windows 365 product page states: "Following significant demand, we have reached capacity for Windows 365 trials," and offers a signup to be notified when trials resume. There is still capacity for actual customers, though, with Windows 365 available as specifications from $20 per user/month for 1 vCPU, 2GB RAM and 64GB storage, to $158.00 per user/month for 8 vCPU, 32GB RAM and 512GB storage. These are the prices with "Hybrid benefit," which means users with an existing Windows 10 Pro licence, in effect get a $4.00 discount. The Windows 365 trial, now withdrawn: two months free The trial is still described in the FAQ on Microsoft's site, which states that "trials are available for the three signature Windows 365 configurations: Basic, Standard, and Premium. A trial includes one user license and is available for two months. Customers who qualify should select the trial offer that includes Windows Hybrid Benefit." A note on this also states: "Customers may acquire a promotional license for Windows 365 Business, Windows 365 Enterprise, or both editions to access and use either the Basic, Standard or Premium version (each, a 'Version') at the promotional pricing of $0 for up to 60 days ('Trial Period')." Microsoft notified users that its Windows 365 trials have 'reached capacity' Microsoft has many trial offers for its cloud services. For example, users can get a month of Dynamics 365 Sales for 25 users, or a month of Azure Active Directory Premium for 100 users, or 250 licences for Enterprise Mobility and Security E5 for three months. The trial offer for Windows 365 was therefore business as usual – but we have a hunch that users interested in two months free use of a virtual PC with 4 virtual CPUs, 16GB RAM, and 128GB storage might not have been confined to businesses contemplating purchase. Microsoft's Cloud PCs debut – priced between $20 and $158 a month AWS adds browser access to its cloudy WorkSpaces desktops – but not for Linux HP Inc slurps Teradici to get better at delivering remote PCs It had to happen: Microsoft's cloudy Windows 365 desktops are due to land next month A common problem, for example, is usage of free compute for cryptocurrency mining. Take DevOps company GitLab, which says: "There has been a massive uptick in abuse of free pipeline minutes available on GitLab.com to mine cryptocurrencies – which creates intermittent performance issues for GitLab.com users." Regardless of intent, a free virtual PC for two months was a generous offer and the "significant demand" Microsoft experienced might not necessarily indicate a highly successful launch. That said, there does appear to be significant interest, with businesses able to make a more complete cloud transition than with Microsoft 365 alone. Discussion on Microsoft's Tech Community does reveal a few early issues, though. One customer complained that their Cloud PC is in the wrong language. "We are a UK Business and MS Partner and purchased a Business Cloud PC yesterday to test,"
(read more)
Cisco has published patches for critical vulns affecting the web management interface for some of its Small Business Dual WAN Gigabit routers – including a 9.8-rated nasty. The two vulnerabilities affect the RV340, RV345, RV340W, and RV345P products, which are aimed at SMEs and home office setups. Attackers abusing them on unpatched devices are able to execute arbitrary code and also force reboots of affected routers, causing a denial-of-service condition. CVE-2021-1609, rated 9.8 on the CVSS v3.1 scale, allows attackers to "remotely execute arbitrary code" thanks to improper validation of
(read more)
Around 450 billion fewer pages were printed from home and office devices in 2020 as COVID-19 disrupted the world of work. The direction of travel has been obvious in recent times: people were printing less even before the pandemic took hold, but the decline was sharper last year as volumes plunged 14 per cent on 2019 levels to a total of 2.8 trillion pages, according to IDC. Click to enlarge Unsurprisingly, employees being asked to stay indoors and work from home caused the number of laser pages printed to fall 16 per cent, a drop that was even more pronounced for A3 devices. Conversely, pag
(read more)
Billionaire Donald Bren was behind a quiet $100m donation in 2013 that established Caltech's Space-based Solar Power Project (SSPP) in an attempt to harness solar power from outer space, the California private research university revealed this week. The real estate magnate was inspired by a 2011 article in Popular Science (perhaps this one?). He also knew a thing or two concerning power distribution problems from his experience master planning cities like Irvine, California. Bren subsequently approached Caltech to discuss his ideas. Caltech said he has no stake in the tech and won't make any money from it. The donation is being disclosed now, eight years later, as SSPP wants to highlight upcoming project milestones. In early 2023, the org is launching technology demonstrating prototypes that collect and convert sunlight to electrical energy, transferring the energy wirelessly using RF and a deployable 6x6ft ultralight structure that integrates the power. By integrating the solar power and RF conversion into one element, SSPP says the spacecraft avoids a power distribution network, mitigating localised failure and making the structure scalable. The SSPP website describes the benefit of using solar power harnessed in outer space, which essentially boils down to a lack of shade and night-time hours that we Earthlings are forced to endure: Previous prototypes were launched in 2017. In May, a prototype with 1.5kg/m2 areal density collected solar power and transmitted it to Caltech. Seven months later, photovoltaics and power transfer circuitry were added to the even lighter design (1 kg/m2 areal density) and beam steering was incorporated. NASA warns Mars: We're about to laser your rocks and start stealing them Here boy! Making the Sample Fetch Rover that'll collect soil from the Red Planet Known software issue grounds Ingenuity Mars copter as it attempted fourth flight NASA's getting really good at this flying a helicopter on Mars thing The idea of space solar panel tech has been around a while but its measurable potential is continually improving. In 1941, science-fiction writer Isaac Asimov described space stations transmitting solar energy via microwave beams in his short story Reason. In the early 1970s, Peter Glaser got a patent for a design to transmit power from satellite to ground using microwaves. In the late '70s, N
(read more)
A "left-wing" German infosec researcher was this week threatened with criminal prosecution after revealing that an app used by Angela Merkel's political party to canvass voters was secretly collecting personal data. Germany's respected Chaos Computer Club (CCC) announced it would stop reporting any weaknesses in the centre-right wing Christian Democratic Union's (CDU) web-facing infrastructure to the party after it procured a criminal prosecution against Lilith Wittmann. "I got an email from the Cyber Security Police of Berlin," she told The Register. "Could you please provide us your address, so we can send you... legal documents? And then I was like, that's weird. I didn't do anything wrong. Let's tweet about that. Let's find a lawyer who can look into that." Although the prosecution is due to be withdrawn after an apology from the CDU, the episode shines a light on some German politicians' attitudes to vulnerability disclosures. In May, during federal elections in Germany, the CDU equipped its door-knocking activists with an app called CDU Connect. The app was used for recording data on homeowners: did they welcome political activists knocking on their doors to find out who they were going to vote for? Did they shoo the CDU's foot soldiers away, or did they invite them in for a cuppa and a chat? At the time, Wittmann told us, the CDU insisted that data collected in the app was anonymous. This was incorrect, Wittmann said. The researcher revealed her findings in a blog post (auf Deutsch), explaining on a phone call with The Register that all she did was sniff an API token, "man in the middle" style, "to figure out how the API works." Having done that, she discovered personal data was indeed being processed by the app. The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public C'mon, biz: Give white hats a chance to tell you how screwed you are Google, Facebook, Chaos Computer Club join forces to oppose German state spyware After Wittmann reported the exploitable vulns to the CDU, the party shut down CDU Connect. There was, so the infosec researcher said, no specific agreement between her and the political party about what details could or could not be included in a public writeup so she included them all. Local media picked up on it at the time, and then the moment had passed. Or so everyone thought. A few days ago the police got in touch, said they were following up on the app breach, and asked for Wittmann's postal address. We're sorry for that thing we definitely didn't do German daily newspaper Die Welt reported yesterday that CDU managing director Stefan Hennewig confirmed the party had told police of an alleged data theft and denied the party had accused Wittmann of stealing data – but then apologised anyway for naming her in the CDU's police report. Unsere Anzeige richtet sich NICHT gegen das Responsible Disclosure Verfahren von Lilith Wittmann. RD-Verfahren sind ein guter Weg, um Betroffene auf Sicherheitslücken aufmerksam zu machen. Ich halte diese Verfahren für einen wichtigen Baustein, um IT-Sicherheit zu erhöhen. (2/5) — Stefan Hen
(read more)
The Chia cryptocurrency craze is fuelling record sales growth in Europe among distributors of hard disk drives (HDD), according to calendar Q2 shipment data from venerable number cruncher Context. Stats for the three months show sales to end users, via distributors and resellers, went up by 141 per cent year-on-year to 454,512 – the biggest quarter in the regional channel ever, said Context. Nearline HDDs – the highest capacity drives – led the pack. Sales of the 18TB model swelled to 84,726, up 125 per cent from the prior quarter. 16TB drives, the second most favoured spec, grew to 51,515 units. Other HDD categories also continue to be highly prized thanks to Chia. "The tremendous Chia-driven demand for storage capacity has turned the European market on its head, with buyers rushing to snap up HDDs," said Gurvan Meyer, business enterprise analyst at Context. "Although it's having a knock-on effect for SSDs and NAS segments, it's headline HDDs that are really driving this spike. As long as there's money to be made in mining Chia coins, we can't see these trends changing much." BitTorrent protocol author Bram Cohen founded the Chia network in 2017, and the currency launched in May 2021. It is considered to be greener than Bitcoin in that it uses relatively less power. US SEC chair calls for crypto regulation NFT or not to NFT: Steve Jobs' first job application auction shows physically unique beats cryptographically unique Private cryptocurrencies make lousy national currencies: International Monetary Fund Reserve Bank of India official suggests country may soon have a digital currency pilot As Reg readers know, Chia differs from traditional crypto-coins in that it relies on proof of space rather than proof of work, as detailed by our sister publication Blocks & Files. "So, rather than using computing power in a race, it's using a lottery system. This is not only greener (in terms of passive power consumption) than proof of work but also more accessible. The barrier to entry is lower as almost anyone in the world might have unused storage space on their computer – perhaps even their phone – that could be used," Context's Meyer said. Storage vendors such as Seagate and Western Digital have been caught out by this trend, Context told us in April. In its Q4 earnings call in June, Seagate CEO Dave Mosley said the market for storage-centric blockchain, including those used for decentralised storage applications with Chia cryptocurrency had "garnered significant interest." "We saw meaningful increase in HDD demand due in part to the initial buildout of the Chia net space which is comprised of both new and repurposed HDDs... This incremental demand served to tighten HDD supply dynamics and [provide] an increase in the robust demand environment." Economies opening up and continued demand from cloud providers expanding their infrastructure played a role in in HDD demand too. "While the future growth outlook in this space remains unclear, we are excited by the potential applications associated with innovations and decentralised file storage," said Mosley. Desktop network attached storage
(read more)
Feature In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. In it, he noted [PDF] that in three years, the optimal cost per component on a chip had dropped by a factor of 10, while the optimal number had increased by the same factor, from 10 to 100. Based on not much more but these few data points and his knowledge of silicon chip development – he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley – he said that for the next decade, component counts by area could double every year. By 1975, as far as he would look, up to 65,000 components such as transistors could fit on a single chip costing no
(read more)
Google has temporarily reversed Chrome's removal of browser alert windows and other prompts created via cross-origin iframes after a rocky rollout over the past two weeks broke web apps and alarmed developers. An iframe, or Inline Frame, is a portion of a web page embedded in another web page. When it includes resources from a different origin or domain, it's a cross-origin iframe. Since March, 2020, the team behind Chromium, the open-source engine of Chrome, has been planning to limit the capabilities of cross-origin iframes because they're a security liability. Specifically, they allow an embedded resource like an ad to present a prompt as if it were the host domain. "The current u
(read more)
Amazon Web Services has partnered with the National University of Singapore (NUS) in hope of improving quantum technologies and their applications. The duo announced they had signed a Memorandum of Understanding this week. The collaboration will be led by the NUS-hosted Quantum Engineering Program (QEP), a five-year SG$25m ($18.5m, £13.3m, €15.6m) initiative launched in 2018 by Singapore's National Research Foundation that focuses on translating the often abstract science of quantum physics into tech that can be commercialized. So far, the QEP has supported eight major research projects – such as hardware and software that may be able to eventually outperform today’s supercomputers a
(read more)
Check your bank accounts this month. A settlement payment from Google, regarding a privacy hole in its now-defunct Google+ social network, may be winging its way to you. All $2.15 of it. The vulnerability in question was in the Google+ People API. It could have been exploited by third-party apps to swipe people’s personal information, such as their names, email addresses, genders, and ages, even if this data wasn't publicly visible. At first it was thought 438 apps could have siphoned off the records from up to 500,000 users. It was later discovered that actually a whopping 52.5 million accounts were at risk. It's believed no data was actually stolen by apps. Crucially, Google had
(read more)
Amazon interfered with a formal election by its warehouse workers in Alabama to unionize – and staff ought to be given a second chance to vote again, an official at the US National Labor Relations Board (NLRB) has concluded. After pro-union employees, represented by the Retail, Wholesale and Department Store Union (RWDSU), working at the BHM1 fulfillment center in Bessemer in the Cotton State lost their unionization election in April, the union swiftly filed objections to the labor relations board. "A free and fair election was impossible," said [PDF] Kerstin Meyers, an NLRB hearing officer, this week. "Under the circumstances, I recommend that a second election be ordered." Stuart
(read more)
Facebook, which has repeatedly touted its transparency efforts, on Tuesday disabled the accounts of independent ad transparency researchers. The targeted ad biz said it did so in the name of privacy, a source of persistent scandal for the corporation. Facebook said it disabled the accounts, apps, Pages, and platform access for NYU’s Ad Observatory Project and participating researchers because their work violated its rules. "NYU’s Ad Observatory project studied political ads using unauthorized means to access and collect data from Facebook, in violation of our Terms of Service," said Mike Clark, product management director at Facebook, in a blog post. Clark said Facebook did so to
(read more)
RingCentral is all about the integration of apps in the comms and collaboration sectors to boost productivity and efficiency, but the biz might just need someone to run the same rules over its own bloated overheads. The cloudy comms concern reported second quarter numbers that show continued demand for its services: revenues leaped 36 per cent year-on-year to $379m, of which $351m was subscriptions. This was the 30th period of quarter-on-quarter growth and the highest level of growth in five years, Vlad Shmunis, CEO, chairman and founder of RingCentral, he told analysts on an earnings call. This was down to a "higher number of volume deals" with carriers, better traction with integrated Unified Comms-as-a-Service (UCaaS) and Contact Centre-as-a-Service sales, as well as demand for the RingCentral MVP platform (message, video, and phone). Mitesh Dhruv, CFO, chipped in to say that "gross [customer] churn across our entire business was at a multi-year low." This, he claimed, was the result of more attention paid to "product stickiness, as well as implementation of AI enabled tools which provide predictive analytics on customer health metrics across the entire customer base." Delving further into the numbers, RingCentral recorded operating expenses of $348m compared to $231m a year ago. This included a 75 per cent hike in R&D, soaring sales and marketing costs, and admin expenses up too. Zoom! That's the sounds of comms firm chomping down on loss-making Five9 in transaction valued at $14.7bn Tick tick Zoom, is this thing on? US comms giant Verizon pulls on BlueJeans for 'undisclosed amount' VoIP flinger Vonage taps former SAP chap to fill the gap in Apps Who you gonna call? Avaya grabs $500m investment from RingCentral to cut whopping debts This left the company nursing a loss from operations of $73.38m, more than double the $29.3m operating loss in Q2 2020. Unsurprisingly, execs didn't focus on this during the conference call. Cash and cash equivalents was $325m, down from $463m at the end of calendar Q1. Shmunis tried to talk up the cloud comms market by pointing to the opportunity ahead with "400 million legacy PBX u
(read more)
Google's open security team has claimed the Linux kernel code is not good enough, with nearly 100 new fixes every week, and that at least 100 more engineers are needed to work on it. Kees Cook, a Google software engineer who has devoted much of his time to security features in the Linux kernel, has posted about continuing problems in the kernel which he said have insufficient focus. "The stable kernel releases ('bug fixes only') each contain close to 100 new fixes per week," he said. This puts pressure on Linux vendors – including those who support the countless products which run Linux – to "ignore all the fixes, pick out only 'important' fixes, or face the daunting task of taking everything," he said. Cook partly blames the C programming language. "With Linux written in C, it will continue to have a long tail of associated problems," he said. He added that the Mitre CVE (Common Vulnerabilities and Exposures) list, used by professionals to assess the importance of bugs, is not up to the task since "not all security flaws have CVEs assigned, nor are they assigned in a timely manner." The only solution is to continually update to the latest version of the stable release used, but Cook said that "performing continuous kernel updates... faces enormo
(read more)
USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "best systems engineering content" the event "will no longer be scheduled as a standalone conference." "Established in 1987, USENIX LISA (originally Large Installation System Administration) was one of the industry's longest-running annual gatherings, and shared content for system administrators, network engineers, security engineers, programmers, researchers, and more. At its largest, LISA ran for six days and attracted more than 1,000 attendees and nearly 100 speakers," the note said. The steering committee includes Patrick Cable, senior director of security and reliability engineering at cloud security specialist Treat Stack; Brendan Gregg, kernel and performance engineer at Netflix; and Amy Rich, senior director of DevOps at healthcare data specialist Redox. "LISA was more than a conference: it was a family of friends, technologists, and experts," the committee said. The conference even had its own superhero, USENIX LISA HULK, who posted in block capitals and said things like: "GREAT KEYNOTE. MADE HULK PROUD TO BE A SYSADMIN-AMERICAN." Appreciation of the event was echoed on social media. Cable said the conference "will hold a special place in my heart" and that he has "many feels on this one, especially for my first professional conference and community." Dr Nicole Forsgren, partner at Microsoft Research, took to Twitter to say: "LISA was my first technical community, and the folks here welcomed me when I was building and learning and even doing research — 2007 was my first conference." Subdomain security is substandard, say security researchers ALPACA gnaws through TLS protection to snarf cookies and steal data Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security Apple, you've AirDrop'd the ball: Academics detail ways to leak contact info of nearby iThings for spear-phishing "I attended almost every year, and no one can ever
(read more)
SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business. Insisting that it was "the victim of the most sophisticated cyberattack in history" in a court filing, SolarWinds described a lawsuit from some of its smaller shareholders as an attempt to "convert this sophisticated cyber-crime" into an unrelated securities fraud court case. "The Court should dismiss the Complaint because it fails to satisfy the heightened standards for pleading a Section 10(b) claim imposed by the Private Securities Litigation Reform Act," it said [PDF]. Financial newswire Reuters reported that the suit was originally filed over allegations that former SolarWinds chief exec Kevin Thompson cut cybersecurity efforts in the hope of driving greater dividends into the pockets of major investors, Silver Lake and Thoma Bravo, who each reportedly held around 40 per cent of SolarWinds' stocks at the time. In the wake of the attack, SolarWinds' share price crashed from $24.83 to $14.95. It has rallied over the past few months back to $22.64 at the time of writing. SolarWinds' motion to dismiss the case also alleged that the infamous "solarwinds123" password found on GitHub wasn't linked to the Russian attack, stating that the investors' legal team had not closely linked it to production systems used by the company. Infosec bod Vinoth Kumar told us last year that he was able to use that to upload a file to their servers as a proof-of-concept. Credit-card-stealing, backdoored packages found in Python's PyPI library hub Microsoft names Chinese group as source of new attack on SolarWinds SolarWinds issues software update – one it wrote for a change – to patch hole exploited in the wild SEC still digging into SolarWinds fallout, nudges undeclared victims SolarWinds was attacked and breached by Russian spies who used their illicit access to compromise SolarWinds' build servers. Once that was done, they gained onwards access, through compromised (but signed) updates pushed through legitimate channels, to 1
(read more)
Webcast Some say the best form of defense is offense. But when it comes to modern ransomware from cyber-crime orgs that are well-funded, possibly have state actor backing, and have your data under their control, just how offensive can you afford to be? The fact is dealing with the ransomware threat requires a complete rethink of cybersecurity and data protection, starting with the acceptance that any user, device or application can be compromised and then rethinking all access and permissions accordingly. In short, you need to move to a zero-trust approach. Anything else simply exposes you and your organisation’s precious data to the risk of compromise, ransom demands, and expensive downtime at best, or at worst the risk that your organisation’s data could be lost permanently. So, whe
(read more)
Now that's an expensive contract The UK government has let nearly £40m in contracts to a single supplier for a text message, email, and "letter management" platform. According to a contract award notice published this week, MMGRP Limited was handed £21.6m to support GOV.UK Notify, a multi-channel digital communications platform. "These messages will typically be status updates, requests for action, receipts of applications or supporting information, and reminders," the notice said. The contract – which offers public-sector employed users to send emails, text messages,
(read more)
An 84-year-old German man has been fined €250,000 (£212,796.10) for keeping stockpiles of Second World War-era weaponry in his basement – including a 45-ton tank. The conviction under Germany's War Weapons Control Act was handed down in Kiel, a city in the northern state of Schleswig-Holstein, and regards an investigation from 2015. As we reported at the time, a search for stolen Nazi art at the elderly man's home actually turned up multiple items of military hardware in his underground garage. Among the arsenal were the Panther tank, a torpedo, mortars, anti-aircraft guns, machine guns, automatic pistols, and 1,500 rounds of ammunition. Example of a restored Panther tank in Breda, the Netherlands (Maurizio Fabbroni / Shutterstock.com) The defendant, who was not named due to German privacy laws, also received a suspended prison sentence of 14 months and was ordered to sell or donate the tank and flak cannon to a museum or collector within two years, as reported by AP News. Though its guns were not operational, the tank could be driven – a fact the pensioner made no effort to hide. The mayor of the nearby Keikendorf municipality reported: "He was chugging around in
(read more)
Stack Overflow has published its latest developer survey, revealing widespread deployment of Microsoft's development tools as well as Google Cloud Platform and Azure jockeying behind AWS. The technology section of the survey is where we may get clues about trends in programming languages and platforms. Perhaps the most dramatic chart in this survey concerns development environments, with Microsoft taking first and second place in terms of usage: 71.06 per cent of those polled use Visual Studio Code, and 33.03 per cent use Visual Studio. Third is Notepad++ with 29.1 per cent (note that most percentages in the survey sum to more than 100 per cent thanks to developers who use multiple tools). Visual Studio Code has a huge lead in IDE usage, and Visual Studio is second. Source: Stack Overflow Stack Overflow did not ask this question last year, though in 2019 the same three held those spots albeit with much lower percentages: 50.7 per cent for VS Code, 31.5 per cent Visual Studio, and 30.5 per cent Notepad++. The remarkable ascent of VS Code is the big story here. JavaScript, GitHub, AWS crowned winners in massive survey of 32,000 developers Stack Overflow 2019 hack was guided by advice from none other than... Stack Overflow GitHub Copilot auto-coder snags emerge, from seemingly spilled secrets to bad code, but some love it Microsoft previews Hot Reload for .NET developers, sets date for .NET 6 Other choices such as IntelliJ IDEA, Android Studio, and Eclipse show slight gains, though one of the oddities versus 2019 is that almost all the IDEs show higher percentages, which either means more developers using multiple IDEs, or perhaps something in the survey design made
(read more)
A Brit who tried to sue Dixons Carphone over the 2018 hack of 10 million customers' details, including 5.9 million payment cards, has had his case booted out of the High Court. Not only was Cardix owner DSG Retail Ltd almost completely successful in its application to strike out Darren Warren's case against it, the one count Dixons didn't succeed on saw the case relegated to the county court because of its low value. Warren wanted to sue the retailer over a digital break-in that saw nearly 6,000 point-of-sale terminals infected with malware. DSG discovered the data-slurping malware almost a year after it was planted, prompting a £500,000 fine from the Information Commissioner's Office. He was caught up in that, he told the court, and wanted £5,000 in damages from DSG for "distress" after his personal data was obtained by criminals. In total 5,646,417 payment cards were exposed to the crooks who compromised DSG, including 5,529,349 chip-and-PIN cards that showed the primary account number and expiry date. Names, addresses, phone numbers, email addresses, dates of birth, and more were also exposed. It must have come as a surprise to Warren, therefore, when Mr Justice Saini ruled: "If a burglar enters my home through an open window (carelessly left open by me) and steals my son's bank statements, it makes little sense to describe this as a 'misuse of private information' by me." Lockdown-induced gadgetry rush sent Dixons Carphone's online sales
(read more)
SAP customers need to change the way they operate to shift their ERP systems to the cloud, according to the CEO of the Americas' SAP Users' group (ASUG). Responding to the results of a joint survey between ASUG and German-speaking user group DSAG, which showed some scepticism towards SAP's lift-and-shift package, Geoff Scott said users would have to look again at how they had customised their SAP ERP systems to fit their business processes. "The traditional on-prem, highly customised ERP solution, absolutely, positively has to give way to a more SaaS-based ERP solution," he said. SAP l
(read more)
The UK's data watchdog has defended its approach to regulating government health technologies during the pandemic as "pragmatic." In its annual report, the Information Commissioner's Office (ICO) said it had supported public health innovation, reflecting the flexibility of data protection law. The watchdog had come under fire early in the pandemic as campaigners saw a lack of oversight over the introduction of the Test and Trace system. In June last year, the Open Rights Group (ORG) instructed lawyers to lodge a complaint with the ICO over the rollout of the system, arguing it breached the Ge
(read more)
Quick UDP Internet Connections (QUIC), the alternative to Transmission Control Protocol advanced as a fine way to speed up web traffic, struggles to deliver that outcome without considerable customisation. So write Alexander Yu and Theophilus A. Benson of Brown University in a paper [PDF] titled "Dissecting Performance of Production QUIC". The paper was presented in April 2021, and on Monday a summary yesterday reached the blog of the Asia Pacific Network Information Centre (APNIC) – the regional internet address registry for the Asia-Pacific. The paper explains that QUIC was designed to sp
(read more)
US Securities and Exchange Commission (SEC) chairman Gary Gensler has described cryptocurrency as "rife with fraud, scams, and abuse in certain applications" and called for more government regulation to protect investors in the assets. Speaking at the Aspen Security Forum, an annual three-day conference in Aspen, Colorado, Gensler accepted that cryptocurrency "has been and could continue to be a catalyst for change in the fields of finance and money," but warned it remains "highly speculative" and used as a medium of exchange mostly in situations when users wish to launder money, evade sanctions and/or tax, or enable extortion. He also worried that cryptocurrencies are treated as investments, but lack investor protections. "Right now, we just don't have enough investor protection i
(read more)
State Administration of Market Supervision warns it's going after collusion to cash in on shortages Chinese antitrust watchdog, State Administration of Market Supervision (SAMR), announced Tuesday it has started investigating price gouging in the automotive chip market. The regulatory body promised to strengthen supervision and punish illegal acts such as hoarding, price hikes and collusive price increases. SAMR singled out distributors as the object of its ire. In the early stages of the COVID-19 pandemic, prices for items such as hand sanitizer, face masks, toilet paper and ot
(read more)
Looks to be still figuring out what to do with it, rather than prepping product VMware has offered its customers the chance to use its flagship ESXi hypervisor running on SmartNICs. The virtualization giant yesterday announced an "Early Access Program" for Project Monterey – the effort to run ESXi on network accelerators and treat the devices as just another host that can run virtual machines and be managed by vSphere and vCenter. Plenty of network accelerators – a term The Register uses here because the industry is split on whether to call them SmartNICs, data-processing un
(read more)
China's government has again expressed its severe dislike of gaming, and one of the nation's major purveyors of such entertainment has reacted by limiting the time that can be spent on the pastime. Beijing has never been entirely comfortable with gaming. In 2013, China sought to define gaming addiction so it could be treated, after previously having regulated internet detox camps to ensure that they got results – but without brutalising those felt to need an intervention to curb their online activities. In 2019, industry analysts suggested China was a key backer of World Health Organisation attempts to define gaming-related disorders as comparable to drug or gambling addictions . In 2020, China required gamers to use their real names, and required games platform operators to matc
(read more)
Unless your doctor or god says you can't have the jab Not for the first time, Microsoft has followed Apple's lead and will not bring staff back to its offices until October at the earliest. The Windows giant confirmed to The Register it won't fully reopen its campuses in the United States before October 4 or later, citing concerns over the ongoing coronavirus pandemic. And with variants of the COVID-19 bio-nasty swirling around America and the wider world, from next month those who do set foot inside a Microsoft building must first show proof of vaccination. "As we have done sin
(read more)
Activision Blizzard on Tuesday announced new leadership for Blizzard Entertainment group following a recent sex discrimination and harassment lawsuit filed by California's Department of Fair Employment and Housing (DFEH) and an employee walkout demanding better working conditions. "Starting today, J. Allen Brack will be stepping down as the leader of the studio, and Jen Oneal and Mike Ybarra will co-lead Blizzard moving forward," the video games goliath said in a letter to the Blizzard community. An Activision Blizzard spokesperson confirmed to The Register that Jessie Meschuk, the company's head of global human resources – a department accused in the aforementioned lawsuit of failing to take harassment complaints seriously – has also stepped down. Blizzard Entertainment is beh
(read more)
The International Space Station actually spun one and a half times last week after the just-docked Russian Nauka module unexpectedly fired its thrusters. NASA earlier said the sudden and inadvertent rocket burn nudged the ISS 45 degrees out of attitude. Zebulon Scoville, a flight director working at the US space agency’s mission control in Texas at the time of the accident, today said the effects of Nauka’s engines randomly firing were greater than previously reported. The ISS in fact rotated a total of 540 degrees from the thruster fire, and had to flip another 180 degrees to get back into the correct position, he told the New York Times. The 45-degree angle disclosed by NASA soon after the blunder – which Russia blamed on a software failure in its Nauka module – was what it was
(read more)
Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime. The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," [PDF] calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize. Russia, the ransomware hotbed whose cyber-spies were blamed for attacking US and allied networks, did not join the 2001 Budapest Convention on Cybercrime because it allowed cross-border operations, which it considers a threat to national sovereignty. Russian media outlet Tass also said the 2001 rules are flawed because they only criminalize nine types of cyber offenses. The new draft convention from Russia, subm
(read more)
Promo There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your application development and deployment. But speed, while not necessarily killing your security posture, can seriously damage it, whether by introducing vulnerabilities into the development pipeline or inadvertently inheriting malware that hitches a ride with third-party components. And, trying to retrofit traditional security practices and tooling into these newly accelerated workflows and production environments can be time consuming and ultimately ineffective. This can leave your security and development teams at odds, while cyber criminals and other attackers are only too happy to move into the gap, mounting
(read more)
WireGuard, a high performance and easily configured VPN protocol, is getting a native port from Linux to the Windows kernel, and the code has been published as experimental work in progress. A WireGuard implementation for Windows already exists and can be found here, based on what Jason A Donenfeld, the creator of WireGuard, called "a generic TUN driver we developed called Wintun" and a cross-platform Go codebase called wireguard-go. This current implementation "lives in userspace, and shepherds packets to and from the Wintun interface," Donenfeld said. The goal with the new implementation, called WireGuardNT, is that the whole protocol implementation will be in the Windows networking stack, "in the same way that it's done currently on Linux, OpenBSD, and FreeBSD." Donenfeld went i
(read more)
Semiconductor lead times are running at up to 60 weeks or twice the pre-pandemic norms, according to networking biz Arista. This chimes with talk in the UK channel that reached The Reg last week, which indicates delays in the delivery of orders as network hardware manufacturers try to juggle rising demand with the relative scarcity of silicon and other components. On a conference call to discuss calendar Q1 earnings, John McCool, senior veep and chief platform officer at Arista, was asked to explain the industry-wide challenges. "The continued industry-wide impact of COVID on global supply chain output, combined with an increase in demand for electronics across all segments, is expected to remain for the foreseeable future," he said. "Component lead times are the highest we've seen
(read more)
The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed its websites for vulnerabilities, according to a cheery missive from HackerOne. A month-long "hacker security test" culminated in a couple of dozen folk being handed unspecified rewards – and marking the first public confirmation of HackerOne's UK government partnership. One of those infosec pros, Trevor Shingles (@sowhatsec on Twitter), said in a canned statement: "I successfully reported an OAuth misconfiguration, which would have allowed me to modify permissions and gain access, but instead was able to help the MoD fix and secure." The MoD scheme's groundworks were laid back in December when the ministry promised not to arrest bounty-hunting experts, as we reported. The bounds we
(read more)