An anonymous reader quotes a report from Ars Technica: Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they're secured. The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it's patching. The key may also allow parties other than Intel -- say a malicious hacker or a hobbyist -- to update chips with their own microcode, although that customized version wouldn't survive a reboot. "At the moment, it is quite difficult to assess the security impact," independent researcher Maxim Goryachy said in a direct message. "But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates." Goryachy and two other researchers -- Dmitry Sklyarov and Mark Ermolov, both with security firm Positive Technologies -- worked jointly on the project. The key can be extracted for any chip -- be it a Celeron, Pentium, or Atom -- that's based on Intel's Goldmont architecture. In a statement, Intel officials wrote: "The issue described does not represent security exposure to customers, and we do not rely on obfuscation of information behind red unlock as a security measure. In addition to the INTEL-SA-00086 mitigation, OEMs following Intel's manufacturing guidance have mitigated the OEM specific unlock capabilities required for this research. The private key used to authenticate microcode does not reside in the silicon, and an attacker cannot load an unauthenticated patch on a remote system."

Read more of this story at Slashdot.

Alphabet's Loon, the company focused on creating new networking capabilities using stratosphere-based infrastructure, has set a new world record for a continuous stratospheric flight. One of Loon's ultra high-altitude balloons flew for 312 days straight, beating the existing record of 223 days by a considerable margin, and nearly racking up a full year of sustained time aloft. From a report: The balloon in question took off from Puerto Rico in May 2019, and then made its way to Peru, where it took part in a service test for three months. It then headed south over the Pacific Ocean, and finally ended up in Baja, Mexico for a landing in March this year. Loon's CTO Sal Candido said in a blog post that the record-setting flight is the result of the company's continued work on advancing its technology and pushing both hardware and software forward in new and innovative ways. Part of that means learning as much as possible from balloons that break records like this one, and Candido points out that Loon has a unique advantage over more traditional high-altitude balloons designed for weather observation because it recovers just about all of them, and can study the best performers in extreme detail. That allows it to replicate and improve on what's going right when balloons are staying aloft for long periods.

Read more of this story at Slashdot.

NASA's Mars 2020 Perseverance rover mission has logged a lot of flight miles since being lofted skyward on July 30 -- 146.3 million miles (235.4 million kilometers) to be exact. Turns out that is exactly the same distance it has to go before the spacecraft hits the Red Planet's atmosphere like a 11,900 mph (19,000 kph) freight train on Feb. 18, 2021. From a report: "At 1:40 p.m. Pacific Time today, our spacecraft will have just as many miles in its metaphorical rearview mirror as it will out its metaphorical windshield," said Julie Kangas, a navigator working on the Perseverance rover mission at NASA's Jet Propulsion Laboratory in Southern California. "While I don't think there will be cake, especially since most of us are working from home, it's still a pretty neat milestone. Next stop, Jezero Crater." The Sun's gravitational influence plays a significant role in shaping not just spacecraft trajectories to Mars (as well as to everywhere else in the solar system), but also the relative movement of the two planets. So Perseverance's route to the Red Planet follows a curved trajectory rather than an arrow-straight path. "Although we're halfway into the distance we need to travel to Mars, the rover is not halfway between the two worlds," Kangas explained. "In straight-line distance, Earth is 26.6 million miles [42.7 million kilometers] behind Perseverance and Mars is 17.9 million miles [28.8 million kilometers] in front." At the current distance, it takes 2 minutes, 22 seconds for a transmission to travel from mission controllers at JPL via the Deep Space Network to the spacecraft. By time of landing, Perseverance will have covered 292.5 million miles (470.8 million kilometers), and Mars will be about 130 million miles (209 million kilometers) away from Earth; at that point, a transmission will take about 11.5 minutes to reach the spacecraft.

Read more of this story at Slashdot.

Brian Krebs: In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents -- including schematics of client bank vaults and surveillance systems. The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually. Acting on a tip from Milwaukee, Wis.-based cyber intelligence firm Hold Security, KrebsOnSecurity in March told Gunnebo about a financial transaction between a malicious hacker and a cybercriminal group which specializes in deploying ransomware. That transaction included credentials to a Remote Desktop Protocol (RDP) account apparently set up by a Gunnebo Group employee who wished to access the company's internal network remotely. Five months later, Gunnebo disclosed it had suffered a cyber attack targeting its IT systems that forced the shutdown of internal servers. Nevertheless, the company said its quick reaction prevented the intruders from spreading the ransomware throughout its systems, and that the overall lasting impact from the incident was minimal.

Read more of this story at Slashdot.

Podcast: Why I'd like to invest in the Lincoln Project.

When an Amazon Prime Video user buys content on the platform, what they're really paying for is a limited license for "on-demand viewing over an indefinite period of time" and they're warned of that in the company's terms of use. That's the company's argument for why a lawsuit over hypothetical future deletions of content should be dismissed. From a report: Amanda Caudel in April sued Amazon for unfair competition and false advertising. She claims the company "secretly reserves the right" to end consumers' access to content purchased through its Prime Video service. She filed her putative class action on behalf of herself and any California residents who purchased video content from the service from April 25, 2016 to present. On Monday, Amazon filed a motion to dismiss her complaint arguing that she lacks standing to sue because she hasn't been injured -- and noting that she's purchased 13 titles on Prime since filing her complaint. "Plaintiff claims that Defendant Amazon's Prime Video service, which allows consumers to purchase video content for streaming or download, misleads consumers because sometimes that video content might later become unavailable if a third-party rights' holder revokes or modifies Amazon's license," writes attorney David Biderman in the motion, which is posted below. "The Complaint points vaguely to online commentary about this alleged potential harm but does not identify any Prime Video purchase unavailable to Plaintiff herself. In fact, all of the Prime Video content that Plaintiff has ever purchased remains available."

Read more of this story at Slashdot.

Windows Central reports: Microsoft is preparing a major OS update for Windows 10 in 2021 that sources say will bring with it a significant design refresh to the Windows UI. I'm told that Microsoft is planning to update many top-level user interfaces such as the Start menu, Action Center, and even File Explorer, with refreshed modern designs, better animations, and new features. This UI project is codenamed "Sun Valley" internally and is expected to ship as part of the Windows 10 "Cobalt" release scheduled for the holiday 2021 season. Internal documentation describes the project as "reinvigorating" and modernizing the Windows desktop experience to keep up with customer expectation in a world driven by other modern and lightweight platforms. Windows 10 has remained much the same these last few years, with little to no changes in its design or feature set. Many other platforms on the market have gone through entire redesigns or UI refreshes in the last five years, and while Windows 10 has gone through minor design iterations with the introduction of Fluent Design, we've not seen a significant refresh or rethinking of its UI. The Sun Valley project appears to be spearheaded by the Windows Devices and Experiences team, lead by Chief Product Officer Panos Panay, who took charge of said division back in February. Microsoft announced in May that the company would be "reinvesting" in Windows 10 in the 2021 timeframe, and my sources say that Sun Valley is the result of that reinvestment.

Read more of this story at Slashdot.

An anonymous reader shares a report: Microsoft has announced that it is ending the ability to cross-sign drivers, effective 1 July 2021. This will effectively make it impossible to release new or updated drivers for Windows 7, Windows 8, and Windows 8.1 systems, including Server 2012 R2. This is not an exaggeration. The only option that will remain available to devs who want to release drivers for versions of Windows other than Windows 10 will be to have those drivers pass HLK/WHQL testing. Unfortunately, not all drivers are even eligible for HLK/WHQL testing, and even for those that are eligible, getting some drivers to pass the HLK/WHQL tests is effectively impossible. [...]

Read more of this story at Slashdot.

Preparing to close out a major month of announcements for AMD -- and to open the door to the next era of architectures across the company -- AMD wrapped up its final keynote presentation of the month by announcing their Radeon RX 6000 series of video cards. From a report: Hosted once more by AMD CEO Dr. Lisa Su, AMD's hour-long keynote revealed the first three parts in AMD's new RDNA2 architecture video card family: the Radeon RX 6800 ($579), 6800 XT ($649), and 6900 XT ($999). The core of AMD's new high-end video card lineup, AMD means to do battle with the best of the best out of arch-rival NVIDIA. And we'll get to see first-hand if AMD can retake the high-end market on November 18th, when the first two cards hit retail shelves. AMD's forthcoming video card launch has been a long time coming for the company, and one they've been teasing particularly heavily. For AMD, the Radeon RX 6000 series represents the culmination of efforts from across the company as everyone from the GPU architecture team and the semi-custom SoC team to the Zen CPU team has played a role in developing AMD's latest GPU technology. All the while, these new cards are AMD's best chance in at least half a decade to finally catch up to NVIDIA at the high-end of the video card market. So understandably, the company is jazzed -- and in more than just a marketing manner -- about what the RX 6000 means. Anchoring the new cards is AMD's RDNA2 GPU architecture. RDNA2 is launching near-simultaneously across consoles and PC video cards next month, where it will be the backbone of some 200 million video game consoles plus countless AMD GPUs and APUs to come. Accordingly, AMD has pulled out all of the stops in designing it, assembling an architecture that's on the cutting-edge of technical features like ray tracing and DirectX 12 Ultimate support, all the while leveraging the many things they've learned from their successful Zen CPU architectures to maximize RDNA2's performance. RDNA2 is also rare in that it isn't being built on a new manufacturing process, so coming from AMD's earlier RDNA architecture and associated video cards, AMD is relying on architectural improvements to deliver virtually all of their performance gains. Truly, it's AMD's RDNA2 architecture that's going to make or break their new cards.

Read more of this story at Slashdot.

Ooops this was published accidentally.

It's not ready for primetime yet.

Still diggin!

This is awesome. Audible wanted to create a proprietary “podcast” network (in quotes because of the contradiction), now instead will try an open one. The power of an open juggernaut.

Uber, Lyft and DoorDash are spending tens of millions of dollars and flooding voters with messages in a neck-and-neck battle to preserve their current business model in California. From a report: The companies, along with other gig-economy giants like Postmates and Instacart , have contributed nearly $200 million to persuade voters to approve a ballot measure that would exempt them from a new state law requiring businesses to reclassify contract workers as employees. That amount, the most ever raised for a California ballot question, according to Ballotpedia, suggests how pivotal the vote will be for companies reliant on a labor model in which workers are summoned at the touch of an app. The opposition, which has raised far less -- roughly $19 million, largely from labor unions -- says the companies have flourished on the backs of gig workers without providing them the protections that most employees receive. Victory for Uber, Lyft, DoorDash and others would let stand the companies' business models in their home state of 40 million people. If voters reject the Proposition 22 measure, the companies would be compelled to offer their drivers broad employment benefits, such as minimum wage, paid sick leave and unemployment assistance, that would weigh heavily on their already money-losing bottom lines.

Read more of this story at Slashdot.

Standing 500m (1,640ft) tall, the "blade-like" reef was found off Australia's far north.

Apple is stepping up efforts to develop its own search technology as US antitrust authorities threaten multibillion-dollar payments that Google makes to secure prime placement of its engine on the iPhone, Financial Times reported Wednesday [Editor's note: the link may be paywalled; alternative source]. From the report: In a little-noticed change to the latest version of the iPhone operating system, iOS 14, Apple has begun to show its own search results and link directly to websites when users type queries from its home screen. That web search capability marks an important advance in Apple's in-house development and could form the foundation of a fuller attack on Google, according to several people in the industry. The Silicon Valley company is notoriously secretive about its internal projects, but the move adds to growing evidence that it is working to build a rival to Google's search engine. Two and a half years ago, Apple poached Google's head of search, John Giannandrea. The hire was ostensibly to boost its artificial intelligence capabilities and its Siri virtual assistant, but also brought eight years of experience running the world's most popular search engine. The company's growing in-house search capability gives it an alternative if regulators block its lucrative partnership with Google. When the US Department of Justice launched a case last week, over payments that Google makes to Apple to be the iPhone's default search tool, urgency was added to the initiative.

Read more of this story at Slashdot.

Scientists put new numbers of Chinese trees' ability to pull carbon dioxide from the atmosphere.