log in
Analysis Ajit Pai has left his position as head of the FCC – America's communications regulator – marking the end of an extraordinary four years where telecoms policy was dragged into the era of alternate facts. With sad inevitability, Pai has a list of his accomplishments in a similar fashion. Just as he had done during his tenure, however, Pai has mirrored the 45th president’s approach and, rather than give an overview of actions to show a coherent drive and philosophy, has created the longest list possible. Bigger is better. And so we have a 19-page document with 134 bullet points, many with sub-points. The end result is a mixture of tedium and propaganda with seemingly every program the FCC runs religiously inscribed, and the most controversial decisions whitewashed with tangential facts or ideological zeal. As just one example, Pai’s unforgivably weak response to a devastating hurricane in Puerto Rico – something that mirrored President Trump’s own bizarre response that many have attributed to racism – is ignored. Instead the list heralds how the FCC awarded the island $127m “to expand, improve, and harden broadband networks,” and notes how Pai visited the island not once, but twice. Pai fails to note the extensive, and justified, criticism leveled at him by his own commissioners, the Government Accountability Office, the press, and Puerto Ricans for doing too little, too late. He also refused a review into the FCC’s response: something that is a standard approach used to help the organization learn from mistakes. Had it been run, the review might have queried why normal protocols weren’t followed. The fact he prevented such a probe reveals a darker truth: that Pai’s actions, or lack of them, were not the result of incompetence. Net neutrality Pai will, of course, be most closely associated with the reversal of net neutrality rules. Not only did he undercut the FCC’s own rulings made just two years earlier but he pushed through a predetermined outcome, often with almost comic pretense to running a proper policy process. The FCC not only failed to fix its flawed public comment process and systems but worked to make it more dysfunctional in order to disguise the true depth of feeling against the decision. It allowed organizations to upload hundreds of thousands of responses in one file, knowing from experience that it would be used to flood the comment period with fake comments. The cable industry promptly did exactly that. Later, Pai claimed, wrongly, that the FCC had been hit with a DDoS attack. Pai also actively muddied the policy waters to disguise the fact that the only group that approved of reversing net neutrality protections were the cable giants that stood to gain most from it, along with the various think-tanks and lawmakers that the industry heavily supports. So bye-bye, Mr Ajit Pai. You drove our policy into the levee and we still wonder why READ MORE
(read more)
On Tuesday, during his last full day as US President, Donald Trump issued an executive order seeking to curtail cyber attacks by directing the government to come up with rules requiring cloud service providers to better identify foreign customers. It now falls to the incoming Biden administration to implement the order, which may end up simply being ignored, given the recent flood of executive orders. The "executive order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-En
(read more)
LG Electronics is reportedly considering leaving the smartphone business this year, according to a leaked internal memo issued by CEO Kwon Bong-seok. Writing to staffers, Kwon said the future of LG's mobile business remained uncertain, but promised any decision would not result in any redundancies. "Regardless of any change in the direction of the smartphone business operation, the employment will be maintained, so there is no need to worry," he said. An LG representative subsequently told The Korea Herald it was examining all
(read more)
Red Hat, which is killing CentOS Linux in favour of CentOS Stream, will extend its developer subscription to allow free production use of RHEL for up to 16 systems. CentOS Linux is a community build of Red Hat Enterprise Linux (RHEL) and therefore suitable for production use. CentOS Stream, which will remain available, is a preview build of what is likely to be in RHEL – great for testing but not ideal for production use. The popularity of CentOS, which drives 17.7 per cent of Linux-based web sites, according to W3Techs, has meant a strong response to Red Hat's decision, including alternative free builds such as Rocky Linux and Project Lenix, which is now known as Alma Linux. Red Hat said in December that it would work to plug the gap left by CentOS with new ways to license RHEL and today's statement is said to be "the first of many new programs." Red Hat defends its CentOS decision, claims Stream version can cover '95% of current user workloads' READ MORE The big change is that the free developer subscription "can be used in production for up to 16 systems". This represents a major change to the current developer programme, which states that "the no-cost Red Hat Developer Subscription is only for development purposes and may not be used in production." The wording of the new terms is not yet available, however. "The T&C’s won’t be available to view until the program launch on February 1st," a spokesperson for Red Hat told The Reg. Red Hat said that it "isn't a sales program" and that this updated subscription will be available "no later than February 1, 2021". A second change is that development teams will now be able to join the developer programme, as opposed to individual developers only. Under the new terms, developer subscriptions will also be eligible for Red Hat Cloud Access, which enables deployment to public clouds such as AWS, Google Cloud Platform, and Microsoft Azure, though presumably without the support that Cloud Access currently includes. Reaction to the announcement has been mixed. "16 servers is actually reasonable IMO, as much as I hate Red Hat and how they're running things, 16 systems isn't all that bad for people who run small business
(read more)
The US Federal Communications Commission (FCC) has rejected a petition seeking to block Ligado Networks from deploying its LightSquared nationwide 5G network. The petition – which was rejected by a three-to-two majority – was filed by the Department of Commerce's National Telecommunications and Information Administration (NTIA) on behalf of the Defense and Transportation departments, and largely repeats previous concerns about Ligado's proposed use of L-band spectrum. The term "L-Band" refers to the spectrum between 1GHz and 2GHz. Ligado has proposed using parts of this spectrum as the basis of a low-power terrestrial 5G network primarily serving far-flung IoT devices, particularly those in areas where a stable fixed-line or conventional cellular mobile connection is hard to come by. The L-band is well suited to this as it tends to be less affected by weather conditions and cloud cover. Unfortunately for Ligado, those attributes also make it well suited for satellite-based global navigation systems, and the US GPS system (as well as GLONASS, Gallileo, and BeiDou) relies heavily on the L-Band spectrum. Any interference could prove catastrophic, not just for military users, but also airlines and transportation firms that rely upon GPS. The FCC's rejection notes the onerous conditions placed on Ligado last year as a condition of its approval, which were largely prompted by complaints from within the federal government. These include restrictions on what parts of the spectrum it can use, with the FCC carving out a "guard band" to limit interference with GPS operations, as well as transmission power limits that are 99 per cent lower than those initially proposed. In addition, Ligado is legally compelled to work alongside federal agencies to mitigate any interference, by providing information about the configuration of its base stations, as well as identifying hardware that could be susceptible to interference. It must also provide GPS manufacturers at least six months' notice before it activates any base stations. FCC commissioner Nathan Simington voted against the petition, but did not regard the matter as closed [PDF], citing the absence of any definitive scientific testing about whether LightSquared would interfere with other L-band applications. "As there is an opportunity for further testing, including performance-based testing, there remains the possibility of a showing that will greatly bolster the merits of NTIA's petition for reconsideration," he said. "Such a showing would also allow the Commission to better evaluate the entire record in this proceeding, including the various other petitions for reconsideration that were filed. It is by doing so that we will adduce the best possible record in the service of disinterested policymaking in the public good." FCC chairman Ajit Pai, who leaves office today, added: "We must continue to move forward to ensure next-generation wireless services are available, and to do so, we must
(read more)
On his last day in office, US president Donald Trump has issued 143 pardons – including one for Anthony Levandowski who admitted stealing trade secrets from Waymo while a self-driving car researcher. Breitbart founder and one-time Cambridge Analytica board member Steve Bannon was also among those receiving clemency over fraud charges regarding a fundraiser for Trump's infamous border wall, as were some rappers. In August last year, Levandowski, an engineer in Google's self-driving Waymo division from 2007 to 2016, pleaded guilty to stealing trade secrets and was sent down for 18 months. He was also ordered to pay Google $756,499.22 in compensation and a fine of $95,000. He had resigned from Google to co-found Otto, an autonomous truck firm sold to Uber in 2016. Levandowski was accused of leaving Waymo with more than 14,000 files detailing its proprietary Lidar technology and sharing them with Uber. Google sued Uber over the matter and the companies settled for $245m of Uber stock in 2018. The US Attorney's office took action against Levandowski, filing 33 charges alleging theft and attempted theft of trade secrets, in violation of 18 U.S.C. § 1832. Explaining Levandowski's pardon, the White House press secretary said he "has paid a significant price for his actions and plans to devote his talents to advance the public good". It was noted the sentencing judge described him as a "brilliant, groundbreaking engineer that our country needs". Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist READ MORE The individuals supporting the pardon include Peter Thiel, the prominent Trump financier and PayPal investor who founded AI firm Palantir, which largely carries out information analysis and processing work for the defence and intelligence communities, including the CIA and controversial US border agency ICE. The firm has also fingers in NHS data in the UK. Also campaigning for Levandowski's pardon was Palmer Luckey, VR firm Oculus's CEO when it was acquired by Facebook. Levandowski joins a long list of names to be pardoned hours before the inauguration of President-elect Joe Biden. Among them is Bannon, the media entrepreneur and alt-right cheerleader who led Trump's 2016 election campaign and became senior counsel to the president following the election, leaving eight months later to rejoin the right-wing news site Breitbart, which he founded. The White House statement said: "Prosecutors pursued Mr Bannon with charges related to fraud stemming from his involvement in a political project. Mr Bannon has been an important leader in the conservative movement and is known for his political acumen." Bannon stood charged with fraud in connection with the "We Build the Wall" campaign. He is alleged to have received more than $1m of the donations, some of which he is accused of using to cover personal expenses. Bannon also helpe
(read more)
SpaceX has landed an individual Falcon 9 booster for a record eighth time after pushing the envelope on winds above the waiting drone ship. The launch had been delayed from 18 January due to what the company called "unfavorable weather conditions in the recovery area". There was a further delay on 19 January "to allow additional time for pre-launch inspections" before Elon Musk's band of rocketeers lit the blue touchpaper and stood well back earlier today. The first Starlink mission of 2021 left Kennedy Space Center's LC39-A at 1302 UTC. The veteran booster had previously flown on seven other missions, most recently SXM-7 in
(read more)
Webcast What’s your tech infrastructure going to look like in the next few months or years? You know, once we get past the current situation and find time to start innovating again. All of which may come sooner than you think. Your devs are probably going to be experimenting with analytics, machine learning and AI. Data will be coming at you from all directions, from customers to edge devices. And much, if not all, of this is probably going to happening in the cloud. Sounds interesting, doesn’t it. And you’re not the only one interested. Bad actors are going to be interested too, and would like to exfiltrate as much of
(read more)
OVHcloud has introduced tape-storage-as-a-service, based on IBM technology, in response to European data sovereignty and localisation requirements. The company, which is among Europe's biggest hosting firms, has kicked off with four dedicated facilities, all located in France but, for disaster recovery purposes, sited several hundred kilometres apart. Sylvain Rouri, chief sales officer, said the "reliable and sovereign data preservation solution" will deliver a secure and trusted cloud for European customers. Mike Doran, worldwide sales director at IBM, said the deal with OVH was "another proof point of the enduring value tha
(read more)
The second half of 2020 brought improved 5G availability in the UK with London seeing some of the biggest gains, according to research by RootMetrics. Predictably, the network with the highest 5G availability was EE, which had next-gen connectivity present during 39.9 per cent of RootMetrics' tests in the capital, compared to 28.8 per cent in the first half of the year. Although far from widely available, this growth was an improvement in a relatively short amount of time. Still, EE has an advantage as the first UK carrier to launch a commercial 5G service – it's easier to maintain a lead when you've had a head start.
(read more)
The pandemic has been kind to Logitech, whose profits have almost quadrupled from what they were a year ago. Revenues for the peripheral maker's Q3 ended 31 December show a jump of 85 per cent year-on-year to $1.67bn and profit came in at $448m versus $129m. For the nine months of fiscal '21, sales were up 64 per cent $3.716bn and profit grew 205 per cent to $721.5m. On a conference call with financial analysts, Logitech CEO Bracken Darrell said: "Last quarter, we predicted that as the world opened up, few companies would opt for a full work from home or a full work from the office approach. With another quarter behind us, I
(read more)
Security company Malwarebytes suspects a breach of its Office 365 and Azure tenancies is by the same attacker behind the SolarWinds hack, but reckons flaws in Azure Active Directory security are also to blame. Malwarebytes, whose products include widely used anti-malware tools for consumers and businesses, said that it does not use SolarWinds but believes that the same attacker used "another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments". The attack was spotted because of suspicious activity reported by Microsoft's Security Response Center.
(read more)
In brief After an initial failure in 2020, the Virgin Galactic spinout reached orbit on its second try, with the LauncherOne rocket deploying its payloads to a 500km orbit. Virgin Orbit employs an air-launch system via the Cosmic Girl carrier aircraft, an adapted Boeing 747, which drops LauncherOne at the required altitude. The first attempt, in may last year, saw a brief firing of the rocket's engine before it abruptly cut out. Things went considerably better over the weekend as the NewtonThree engine burned for the full duration before stage separation and the NewtonFour-powered second stage took the payload to orbit. Virgin Orbit can now take its place alongside other small sat launchers, such as Rocket Lab. The differentiator is that air-launch capability removes the need for as much ground infrastructure. NASA bigwigs, the UK Space Agency and UK politicians lined up to congratulate the company. After all, there is a runway in Cornwall anxiously awaiting Virgin Orbit's arrival. Thank you, @spacegovuk, for all of your support. We look forward to bringing launch to Britain! https://t.co/tjY0sQ8eMC — Virgin Orbit (@Virgin_Orbit) January 18, 2021 Boeing's Calamity Capsule software checks out While the Space Launch System core stage, led by Boeing, may have faltered over the weekend, the company's troubled CST-100 Starliner spacecraft took another step closer to launch. Issues with the qualification processes the first time around resulted in a failure of the uncrewed capsule to reach the International Space Station (ISS) and a truncated mission. Boeing announced that the formal requalification of the flight software was now complete ahead of a re-run of that first mission in March. Testing has included full end-to-end mission scenarios and "additional assessments were made to verify the complete integration of software with all recommended flight hardware." It's a shame that such diligence did not feature quite so prominently before. Addition
(read more)
Distributed SQL database biz Cockroach Labs has analysed public cloud performance and concluded that Google Cloud Platform wins on throughput, although AWS is ahead on CPU performance and network latency. Cockroach Labs first reported on cloud performance in 2018, saying: "We are committed to building a cloud neutral product, and we run test clusters on all three leading US cloud providers." The researchers measured CPU, network, storage, and online transaction processing (OLTP) performance. At the time, the researchers reported that "AWS outperforms GCP on nearly every criteria we tested – including cost." Azure was not tested in 2018. In 2020 a new test showed relatively close performance from AWS, Azure and GCP, the conclusion being that "GCP shows dramatic improvement in the 2020 Cloud Report edging out AWS and Azure on price per performance of TPC-C but slightly underperforming AWS and Azure on max tpmC available on a three node cluster." How about 2021? The researchers benchmarked 54 different virtual machine types and performed nearly 1,000 benchmark runs. The benchmark scripts are open source here. None of the three providers have been shamed, with the detailed results showing wins fo
(read more)
Element Matrix Services is adding a bridge between hipster chat platform Slack and the open-source world of Matrix messaging. With recent events focusing the minds of users on what might be happening to their data on centrally hosted platforms, Matrix, which emerged from beta in June 2019, represents a more open alternative. To ease the journey from the centralised world of Slack, Element Matrix Services (EMS) – a hosting platform for Matrix – is adding a managed bridge for connecting Slack to the Matrix ecosystem. The bridge will join others that connect services such as Telegram and Discord to the network. The functionality costs $20 for one workspace and a maximum of 20 rooms (unless one wishes to purchase multiple bridges) on top of the EMS subscription pricing. The Register spoke to Matthew Hodgson, technical co-founder of Matrix and CEO of Element, who explained how it worked. "The integration happens on the server side, so it's available on all of the clients both on the Matrix side and also on the Slack side," he said. The implementation works on a room-by-room or channel-by-channel basis and, assuming an administrator has enabled the necessary inbound and outbound webhooks, replicates the requisite bits of Slack in the Matrix. Matrix users appear as bots in Slack, and authorised Slack users appear in the Matrix. Things are text-based for the time being. Hodgson was, however, hopeful that the impending Digital Markets Act [PDF] would see more APIs opening up and the arrival of VoIP in the coming months. Managed bridges for other platforms, such as Microsoft Teams, are also on the cards. The Matrix project itself is all about secure, decentralised and real-time communication. Messaging is protected by end-to-end encryption, VoIP is present and correct and the reference implementations for the system are Apache licensed. The system can handle pretty much any real-time data, according to the foundation. "If you're familiar with how Git work
(read more)
The product activation inflicted on Windows by Microsoft has few fans, but one of its creators stepped up over the weekend to explain and defend the maligned technology. The sight of Windows bleating about activation is a familiar one (certainly to those that follow our Bork feature). While also a mainstay of the Office productivity suite, it turned up in Windows XP as an extension to the serial numbers of the past, as Microsoft tried to address piracy worries. As with the serial number, the user was expected to enter a lengthy alphanumeric that was associated with a computed hash based on the system components. Microsoft's servers took care of the activation and, as long as that hardware hash didn't change too much, would allow repeated activations. Posting in his YouTube channel, retired Microsoft engineer Dave Plummer admitted his part in the technology back in the early days of Windows XP, as well as coughing to a tweak made to Windows to allow for a special bit of Registry shenanigans. Windows Protect Activation has come in for some stick over the years. Plummer explained the thinking behind the hardware identifier used, highlighting the need to allow users to call in with the value. "One of the requirements we set out for ourselves was that people didn't have to be online," he explained. "Maybe we would do it differently today, but at the turn of the millennium it wasn't a given that every computer could be connected to the net." "Phone activation," he said, "is always going to limit the amount of information that can go back and forth and so will always be an attack vector and likely the easiest one for hackers to target." Plummer noted the tiny amount of bandwidth afforded by "what a user was willing to enter using the telephone" meant they had to make a few compromises. For example, he suggested the engineer responsible might, say, elect to categorise memory sizes rather than shoehorn the entire figure into the limited space of the identifier. The retired engi
(read more)
US sanctions on Huawei got the Chinese firm kicked out of Britain, the former head of the National Cyber Security Centre (NCSC) has told Parliament – adding that he didn't feel under pressure to change the body's own verdict on keeping Huawei in UK mobile networks. Speaking to Parliament's National Security Strategy (NSS) Committee, Ciaran Martin told peers and MPs that US trade sanctions aimed at Huawei were the final nail in the coffin for the Chinese telecom equipment supplier in Britain. "While the Huawei issue for better or worse is resolved by, essentially, the change in US sanctions, more important is shaping the regulation of standards, providers who come from trustworthy backgrounds and were developed in democrac
(read more)
AirPods are as close as you can get to a swearword in the repair world, known for being almost impossible to service thanks to their densely packed circuitry and closed design. Mercifully, that isn't the case when it comes to Apple's hugely expensive AirPods Max headphones. The buds proved surprisingly modular when subjected to the harsh glare of spudger-wielders at iFixit. Here's the good news: the AirPods Max are fairly modular, making disassembly straightforward. That is, provided you've got a sufficiently large screwdriver collection. The gadget botherers encountered a dizzying array of screw types, ranging from pentalobe and Torx to one they couldn't quite identify at first glance. This shouldn't co
(read more)
Taiwanese chip flinger MediaTek has introduced two new additions to its Dimensity SoC lineup, both targeting higher-end smartphones. The Dimensity 1200 and 1100 are both manufactured using TSMC's 6nm process and use the same GPU, Arm's Mali-G77. Across the board, there's support for dual-sim 5G connections, Wi-Fi 6, and Bluetooth 5.2. Each supports LPDDR4x RAM and UFS 3.1 storage. The main points of differentiation come when you look at processing power as well as photography capabilities. At the high-end, the Dimensity 1200 is seen as a replacement to the 1000-series chip introduced early last year. This time, MediaTek has opted for a tri-cluster architecture. This consists of a single Cortex-A78 "ultra-core" clocked at 3GHz, three A78 "super cores" clocked at 2.6GHz, and four power-sipping "efficiency cores" based on the Cortex-A55 design and clocked at 2GHz. In a briefing, MediaTek's GM of sales, Finbarr Moynihan, claimed the Dimensity 1200 offers a 22 per cent uplift in computing performance, and operates 25 per cent more efficiently than its predecessor. By cont
(read more)
Astronomers have discovered the two largest-known radio galaxies to date. At a whopping 62 times the size of our own Milky Way, they are believed to be the largest single objects yet found in the universe. Radio galaxies, characterized by their large powerful billowing jets of radio emissions from a supermassive black hole gobbling mass at their centers, are fairly common in space. Humongous ones, measuring at least 700 kiloparsecs in size – that’s about 22 times the size of the Milky Way, are much more rare. A large team of researchers led by the University of Cape Town, South Africa, however, this month said they managed to find not one but two huge radio galaxies over a small patch of sky. “We found these giant radio galaxies in a region of sky which is only about four times the area of the full Moon,” said Jacinta Delhaize, lead author of a study into the discovery published in the Monthly Notices of the Royal Astronomical Society and a research fellow at the university. “Based on our current knowledge of the density of giant radio galaxies in the sky, the probability of finding two of them in this region is less than 0.0003 per cent." Delhaize reckons the discovery isn’t just a stroke of luck: she reckons the findings show gigantic radio galaxies are actually more common than previously believed. Only 800 radio-jet-emitting galaxies larger than 700 kiloparsecs have been detected so far, we’re told. Despite their sheer size, they’re difficult to spot. Their large distances from Earth mean that their massive plumes of radiation are very f
(read more)
Qualcomm announced the Snapdragon 870, a 5G-capable system-on-chip designed for high-ish-end Android smartphones coming out at the end by March. “Building upon the success of Snapdragon 865 and 865 Plus, the new Snapdragon 870 was designed to address OEM and mobile industry requirements,” Kedar Kondap, Qualcomm’s vice president, product management, said on Tuesday. “Snapdragon 870 will power a selection of flagship devices from key customers including Motorola, iQOO, OnePlus, OPPO, and Xiaomi.” The Snapdragon 870’s specs [PDF] are a tiny bit better than the 865 Plus [PDF] in terms of CPU clock speed, and not much else. The Snapdragon family's 5nm 888 is still the biz's top chip. Both the 870 and 865 are pretty much the same chip with different labels. They’re both 7nm and powered by 64-bit Arm-based Kryo 585 CPU cores except the 870 can reach speeds of 3.2 GHz, compared 865 Plus’s 3.1 GHz and the 865's 2.84 GHz. They also have the same Adreno 650 GPU. Barbs exchanged over Linux for M1 Silicon ... lest Apple's lawyers lie in wait READ MORE The chip also integrates Qualcomm’s Snapdragon X55 modem and radio components to support mmWave and sub-6 GHz 5G with dynamic spectrum sharing. Depending on local 5G coverage, upcoming handsets can expect download speeds of up to 7.5 Gbps and upload speeds of 3 Gbps – again, this is the
(read more)
Seven vulnerabilities have been found in a popular DNS caching proxy and DHCP server known as dnsmasq, raising the possibility of widespread online attacks on networking devices. The flaws, collectively dubbed DNSpooq, were revealed on Tuesday by Israel-based security firm JSOF at the conclusion of a five-month coordinated disclosure period. The bugs are believed to affect products from more than 40 IT vendors, including Cisco, Comcast, Google, Netgear, Red Hat, and Ubiquiti, and major Linux distributions. JSOF researchers iden
(read more)
The Indian government has sent a fierce letter to Facebook over its decision to update the privacy rules around its WhatsApp chat service, and asked the antisocial media giant to put a halt to the plans. In an email from the IT ministry to WhatsApp head Will Cathcart, provided to media outlets, the Indian government notes that the proposed changes “raise grave concerns regarding the implications for the choice and autonomy of Indian citizens.” In particular, the ministry is incensed that European users will be given a choic
(read more)
GitHub has apologized for what it called “significant errors of judgment and procedure” in the firing of a Jewish employee for warning colleagues of neo-Nazis at the Capitol during its ransacking by pro-Trump rioters this month. Microsoft-owned code-hosting biz's COO Erica Brescia said in a blog post, shared late on Friday before America's Martin Luther King Jr long weekend, that it had “engaged an outside investigator to conduct an independent investigation” following complaints from other employees. Three days later,
(read more)
Google on Tuesday announced the stable channel release of Chrome 88, which includes support for an extension platform revision known as Manifest v3. Manifest v3 was announced in October, 2018, as part of a broad effort to overhaul the security of various Google products and services. The term refers to the manifest.json file, one of several files in a Chrome extension, through which the developer declares the APIs and permissions necessary for the extension to function. Version 3 redefines the scope and capabilities of the APIs available to those creating extensions for Google's Chrome web browser. "Manifest v3 is a new extension platform that makes Chrome extensions more secure, performant, and privacy
(read more)
Any organizations that used the backdoored SolarWinds network-monitoring software should take another look at their logs for signs of intrusion in light of new guidance and tooling. In an update and white paper [PDF] released on Tuesday, FireEye warned that the hackers – which intelligence services and computer security outfits have concluded were state-sponsored Russians – had specifically targeted two groups of people: those with access to high-level information, and sysadmins. But the targeting of those accounts will be difficult to detect, FireEye warned, because of the way they did it: forging the digital certificates and tokens used for authentication to look around networks without drawing much or any attention.
(read more)
Taiwanese chip flinger MediaTek has introduced two new additions to its Dimensity SoC lineup, both targeting higher-end smartphones. The Dimensity 1200 and 1100 are both manufactured using TSMC's 6nm process and use the same GPU, Arm's Mali-G77. Across the board, there's support for dual-sim 5G connections, Wi-Fi 6, and Bluetooth 5.2. Each supports LPDDR4x RAM and UFS 3.1 storage. The main points of differentiation come when you look at processing power, as well as photography capabilities. At the high-end, the Dimensity 1200 is seen as a replacement to the 1000-series chip introduced early last year. This time, MediaTek has opted for a tri-cluster architecture. This consists of a single Cortex-A78 "ultra-core" clocked at 3
(read more)
After the weekend's shorter-than-hoped-for test firing of the core stage of NASA's monstrous Space Launch System (SLS) rocket, engineers have confirmed the hardware remains in "excellent condition" and blamed "test parameters that were intentionally conservative." The parameters were designed for ground testing and were exceeded by a hydraulic system during gimballing by thrust vector control hardware, resulting in the shutdown. "If this scenario occurred during a flight," the agency explained, "the rocket would have continued to fly using the remaining CAPUs [Core Stage Auxiliary Power Units] to power the thrust vector control systems for the engines." "The specific logic that stopped the test is unique to the ground test
(read more)
Facebook and its Irish subsidiary on Thursday announced the filing of a lawsuit in Portugal against two people for allegedly scraping Facebook profile data and other browser info using malicious Chrome extensions. "Using the business name 'Oink And Stuff,' the defendants developed browser extensions and made them available on the Chrome store," said Jessica Romero, director of platform enforcement and litigation for Facebook, in a blog post. "They misled users into installing the extensions with a privacy policy that claimed they did not collect any personal information." Oink And Stuff did not immediately respond to a request for comment. The company's privacy policy claims, "Oink and Stuff is audited by Softpedia Labs as
(read more)
In brief Last week ended with news that the venerable infosec mailing list Bugtraq was being shutdown at the end of the month. From its first posts in November 1993, Bugtraq aimed to get details of vulnerabilities, as well as defence and exploitation techniques, onto netizens' radar, and discussed among admins and security researchers. Posts to this once high-volume Symantec-owned list stopped on February 22 last year, and now we know why – a lack of funding and resources. "Assets of Symantec were acquired by Broadcom in late 2019, and some of those assets were then acquired by Accenture in 2020," an email from the list administrators read. "At this time, resources for the Bugtraq mailing list have not
(read more)
Citrix has confirmed plans to buy Wrike, a project management and team-based collaboration tool, for $2.25bn. While the move is dwarfed by Salesforce's $28bn takeover of hipster chat and collaboration darling Slack, the purchase will see the combination serving over 400,000 customers over 140 countries. The all-cash deal is expected to close later this year, and has received unanimous sign-off from directors in both camps. Founded in 2006, Wrike is a relative veteran of SaaS-based project management. It includes cloud-based content creation tools, like those from Hubspot, while other features focus on keeping projects on track, similar to what you'd expect from Trello or Zenkit.
(read more)
Brave Software on Tuesday plans to release an update of its Brave browser that implements support for the InterPlanetary File System (IPFS), a peer-to-peer hypermedia protocol for storing and sharing data over a distributed network. IPFS support, which arrives in v1.19, allows Brave users to access IPFS resources using an ipfs:// URI, either through its embedded gateway service or by installing a full IPFS node, which enables the hosting of IPFS-accessible content. Brave claims to be the first widely used browser to implement native IPFS support; Opera for Android did so in March, 2020, though it relies on a gateway – a cloud service, like Cloudflare's IPFS Gateway, that handles IPFS in the absence of built-in browser sup
(read more)
Microsoft's next major version of its Entity Framework (EF) database library for .NET will have long-term support and attempt to match rival Dapper for performance – an attempt, said senior program manager Jeremy Likness, that "will likely not be fully achieved." Entity Framework is Microsoft's Object-Relational Mapping (ORM) library, and sits on top of ADO.Net, a lower-level database library. The theory behind using an ORM is that it relieves developers of much of the tedious and error-prone work of writing code for CRUD (Create, Retrieve, Update, Delete) operations against databases. Using an ORM, developers can work with classes representing their business objects and ask the ORM to save and retrieve them as needed.
(read more)
How many poor underlings are trapped in Redmond's locker? Over 200 million, apparently. With BettFest 2021 firing up the virtual halls, Microsoft is trumpeting the number of devices it has in the world of education along with the penetration of its Teams platform. The company today laid claim to more than 200 million users of Microsoft Education products (with Teams for Education as the hub) and highlighted the arrival of the Reflect app, due to roll out in Teams over spring and set for integration with Education Insights. The app is designed to allow anyone using Teams for remote or hybrid learning to express how they are feeling in general, or about specific topics. Judging by the experience of some us
(read more)
The UK's Information Commissioner's Office needs to update its Code of Employment Practices to tackle workplace spying by bosses, the Prospect trade union and the Labour Party have said. The call for more regulation of workplace surveillance comes after recent reports of new gadgets designed to tell bosses whether their toiling underlings are happy or sad. It also echoes previous calls by Prospect for stronger regulation of workplace surveillance tech. Chi Onwurah MP, Labour's shadow digital minister, said today: "Ministers must urgently provide better regulatory oversight of online surveillance software to ensure people have the right to privacy whether in their workplace or home – which are increasin
(read more)
Preliminary teardowns suggest the Samsung Galaxy S21 is easier to fix than its predecessors, sidestepping some of the more dubious design decisions that previously frustrated third-party repair shops. The most welcome change is that Samsung appears to have toned down its use of glue, historically a hallmark of the firm's pricey flagships. This is demonstrated by a recent teardown published by right-to-repair vlogger PBKreviews, which demonstrates the Galaxy S21's backplate effortlessly detaching following a modest application of heat. By contrast, opening phones from the previous Galaxy S20 series was an insanely involved process, relying on specialist tools and demanding monk-like levels of patience. Anyone hoping to glimp
(read more)
It’s hard to pull solidarity out of the bag when everyone’s having a tough January but that’s what the General Secretary for the Communication Workers Union has asked the wider org to do for a small band of Openreach project engineers poised to vote on strike action. The dispute has arisen in a corner of BT’s infrastructure unit involving a team which diverts already laid copper wires and fibre cables, for a fee, to make way for new developments. The engineers claim Openreach parent BT is changing the grading structure for new hires, resulting in lower pay, fewer holidays, and so on. Consultation on these changes was not pushed through correctly, the CWU has claimed, adding that hiring on these new terms has begun. As such, a consultative ballot last year saw the unionised repayment project engineers vote overwhelmingly for industrial action. They now have the opportunity to do so again in a formal ballot. In a video message to members, CWU General Secretary Dave Ward said: "It's absolutely crucial that you vote yes. This is yet another example of BT's unacceptable attacks on our members' future, their current jobs, where they're seeking to drive down the terms and conditions of good decent jobs." He described the 170 or so band of affected engineers as "very self organised," adding: "You deliver a big yes vote on a big turnout and we're going to get the whole resources of the CWU behind you to win this dispute. "I also have a message to any of our other members who may be watching this: this may be a relative
(read more)
Porting a workable Linux to Apple's new silicon is a modern-day Holy Grail for some. Sadly, it's not all sunshine and rainbows for those undertaking the quest. Two outfits having a crack at it are Asahi Linux, which has the goal of getting a Linux functioning well enough on the silicon to the point where it could become a daily driver, and Corellium, a Florida-based company that sells virtual Arm-based devices running in the cloud (including iPhones.) The latter was founded back in 2017 and its service has proven to be a boon for researchers, with features such an optional jailbreak "for any version". With that experience under its belt, it was therefore not particularly surprising to see Corellium unveil a port of Linux to Apple's M1 silicon over the weekend. We had some spare time today so we ported Linux to the M1. Releasing tomorrow #fridayfun pic.twitter.com/dCrXApyKef — Corellium (@CorelliumHQ) January 16, 2021 Chris Wade, CTO of Corellium, went on to say: "All of @CorelliumHQ's Linux for M1 code will be released under a permissive open-source license and we are actively looking to upstream it into Linux." The release, which Wade explained was for "advanced users only" due to its early beta state and lacking features such as USB, caused a few raised eyebrows among observers. Some were delighted to see it, but others pondered the apparent lack of a GNU General Public Licence (GPL). Judge rules Corellium iOS research app 'fair use' in slap to Apple READ MORE You gotta
(read more)
Fans of 1980s memorabilia, rejoice! You too can wow your neighbours with your very own KITT, as owned by Knight Rider actor David Hasselhoff. Sadly, the Pontiac Firebird in question, a 1989 model with beige upholstery, is a conversion job decked out to resemble the iconic Knight Industries Two Thousand vehicle. One of several lots in an auction of Hasslehoff's collection of goodies, the car is listed as "Fully Functional". While a representative of the auction house told us the replica features a recorded voice, we doubt 93-year-old actor William Daniels will be hiding under the bonnet to afford the buyer with a full-on conversational experience with KITT. It is also highly unlikely that a jab of the iconic "Turbo Boost" button will ramp up the velocity in the way we remember, but the interior and exterior shots do bear at least a passing resemblance to the dream car of many a 1980s schoolchild. Whether it is worth the $475,000 currently bid for the vehicle is another matter entirely. Certainly, the steering "wheel" fitted might make manoeuvring tricky and the dual CRTs of the original look to have been replaced with a flat panel. It is also worth considering that there are a good few replicas of the car out there already in varying levels of fidelity, and considerably less than the auction price will get you your own Tesco car park trolley magnet. However, dropping the cash on Hasselhoff's model could land you with a chance of having your purchase delivered personally (depending on current travel restrictions) by the Baywatch and SpongeBob SquarePants Movie star himself, although you'll need to beat the reserve by at least 25 per cent for that honour. Should a full-sized KITT replica be too rich for your wallet, the auction also features Hasselhoff's 1961 Mercedes SL190 ("needs restoration"), a Knight Rider pedal car, and all manner of clothing and posters (including a somewhat distressing fan painting of the man himself). We'll pass this time around. After all, this hack's 1980s four-wheeler of c
(read more)
A police drone operator managed to switch his craft off mid-flight, dropping it squarely into a pond while attempting to search for a missing person. The blunder happened after the hapless operator of the Aeryon Skyranger R60 accidentally button-mashed the drone's "emergency cut-out function icon". According to the Air Accidents Investigation Branch's (AAIB) summary report, the 3.5kg drone's 1am flight ended with it being destroyed after a 70ft drop – just yards from family homes in Crawley, West Sussex. Back in June last year police were searching for a missing person near Maidenbower Pond, next to Three Bridges railway depot. Police were using the quadcopter's onboard thermal camera to hunt for the individual. An unnamed 33-year-old with just six hours' experience flying drones, and four hours of flying the Skyranger type, was operating the craft when an unfamiliar warning popped up on its flight controller. "He did not realise the message was a warning and attempted to clear it but in doing so the aircraft motors cut out, causing the [unmanned aircraft] to fall from a height of about 70 ft into the pond below," said the AAIB in its report.
(read more)
BT has been awarded a £20m contract extension, without competition, on a project that has already ballooned in value by 138 per cent. The telecoms and IT services group has been providing the Northern Ireland Land and Property Services' infrastructure since 1999, and last week it won a further four-year extension to July 2026. The £20m deal was awarded for the LandWeb service without asking for bids from other suppliers because the private-sector supplier owns the intellectual rights to the system. "There are technical reasons relating to the bespoke and complex nature of the solution which would lead to substantial duplication of costs and unacceptable technical risks which would not allow for the service to be transferred to another supplier," Northern Ireland's Department of Finance said in a tender notice. LandWeb is a fee-based service for registering and searching land rights in Northern Ireland. BT won the contract to finance the design, build, and operation of the service in 1999 for a fee originally agreed at £46m. The vendor was set to recover costs entirely by receiving a set transaction fee, forming part of the charges made by Land and Property Services directly to customers. However, a report from the Northern Ireland Audit Office [PDF] found that as of April 2019, a total of £97.89m had been paid to BT by way of unitary charges, which were inclusive of transaction fees. Total payments to July 2021 were set to reach £106.89m, it found. What's more, the services had overcharged the public by around £39m since the 2006-07 financial year. "Although the excess is absorbed into public finances... LPS customers nonetheless continue to pay too much for the services provided," the NIAO said after acting on a tip-off from a member of the public. But signs of problems with the project go back more than a decade. The NIAO report points to limited benchmarking of the service. At the Northern Ireland Assembly Public Accounts Committee in March 2010, an accounting
(read more)
Anyvan, the European online marketplace that lets users buy delivery, transport or removal services from a network of providers, has confirmed it was the victim of a digital burglary that involved the theft of customers' personal data. The company wrote to customers mid-last week to inform them of a "breach of security resulting in the unauthorised access to data from our user database," according to the email seen by The Register. "This leaking of data came to our attention on the 31st December but we understand the incident itself occurred at the end of September. As soon as the incident came to our attention, our specialist IT team investigated it and have since taken the following remedial action: all passwords have been changed." The data in question? "Customers' names, email and a cryptographic hash of their password were accessed and 'potentially viewed' but no other personal data was unwittingly shared. A probe of events continues," said Anyvan. As well as being "very sorry for the inconvenience," the company advised customers who used a password to access their account from April last year to update it immediately and in line with good hygiene to "regularly change your password to accounts that hold your personal data." Besides changing the passwords, it didn't mention how it would avoid the same incident from re-occurring. It is not known whether the password hashes were salted. Salting is normally done to prevent hash collision attacks - where an attacker tries to find two input strings of a hash function to produce the same result. El Reg sent a list of questions to AnyVan last week about the compromise of its internal systems, asking how entry was gained; how it has since been secured; whether the password hashes had been salted; and whether customers in mainland Europe had been impacted or just those in the UK. We also asked if it had informed the ICO. We can answer the last one. The UK's Information Commissioner confirmed to us it was not told of the incident by AnyVan. "No
(read more)