Artem S. Tashkinov - Slashdot User

Submission + - Microsoft Orders China Staff to Use iPhones for Work and Drop Android (bloomberg.com)

Submitted by Artem S. Tashkinov on Monday July 08, 2024 @06:53AM

Artem S. Tashkinov writes: Bloomberg reports that Microsoft Corp. told employees in China that from September they’ll only be able to use iPhones for work, effectively cutting off Android-powered devices from the workplace.

The US company will soon require Chinese-based employees to use only Apple Inc. devices to verify their identities when logging in to work computers or phones, according to an internal memo reviewed by Bloomberg News. The measure, part of Microsoft’s global Secure Future Initiative, will affect hundreds of workers across the Chinese mainland and is intended to ensure that all staff use the Microsoft Authenticator password manager and Identity Pass app.

The move highlights the fragmented nature of Android app stores in the country and the growing differences between Chinese and foreign mobile ecosystems. Unlike Apple’s iOS store, Google Play isn’t available in China, so local smartphone makers like Huawei Technologies Co. and Xiaomi Corp. operate their own platforms. Microsoft has chosen to block access from those devices to its corporate resources because they lack Google’s mobile services in the country, the message said.

Submission + - New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

Submitted by Artem S. Tashkinov on Friday July 05, 2024 @06:01AM

Artem S. Tashkinov writes: A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week.

"This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection. An attacker can use this information to infer websites a user visits or videos a user watches."

A defining characteristic of the approach is that it obviates the need for carrying out an adversary-in-the-middle (AitM) attack or being in physical proximity to the Wi-Fi connection to sniff network traffic.

Specifically, it entails tricking a target into loading a harmless asset (e.g., a file, an image, or an ad) from a threat actor-controlled server, which then exploits the victim's network latency as a side channel to determine online activities on the victim system.

Submission + - regreSSHion: Unauthenticated Remote Root Vulnerability in OpenSSH Server (qualys.com)

Submitted by Artem S. Tashkinov on Monday July 01, 2024 @07:26AM

Artem S. Tashkinov writes: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.

Based on searches using Censys and Shodan, we have identified over 14 million potentially vulnerable OpenSSH server instances exposed to the Internet. Anonymized data from Qualys CSAM 3.0 with External Attack Surface Management data reveals that approximately 700,000 external internet-facing instances are vulnerable. This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base.

In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1).

Submission + - World's 1st bioprocessor on 16 brain cells has 10^6 times less power consumption (tomshardware.com)

Submitted by Artem S. Tashkinov on Friday May 31, 2024 @05:07AM

Artem S. Tashkinov writes: Tom's Hardware reports: "A Swiss biocomputing startup has launched an online platform that provides remote access to 16 human brain organoids. FinalSpark claims its Neuroplatform is the world’s first online platform delivering access to biological neurons in vitro. Moreover, bioprocessors like this “consume a million times less power than traditional digital processors,” the company says.

FinalSpark says its Neuroplatform is capable of learning and processing information, and due to its low power consumption, it could reduce the environmental impacts of computing. In a recent research paper about its developments, FinalSpakr claims that training a single LLM like GPT-3 required approximately 10GWh – about 6,000 times greater energy consumption than the average European citizen uses in a whole year. Such energy expenditure could be massively cut following the successful deployment of bioprocessors".

Submission + - Major Chinese smartphone vendors leak data left and right (theregister.com)

Submitted by Artem S. Tashkinov on Tuesday February 07, 2023 @09:32AM

Artem S. Tashkinov writes: Don't buy an Android phone in China, boffins have warned, as they come crammed with preinstalled apps transmitting privacy-sensitive data to third-party domains without consent or notice. The research suggests that private information leakage poses a serious tracking risk to mobile phone customers in China, even when they travel abroad in countries with stronger privacy laws.

In a paper titled "Android OS Privacy Under the Loupe – A Tale from the East," the trio of university boffins analyzed the Android system apps installed on the mobile handsets of three popular smartphone vendors in China: OnePlus, Xiaomi and Oppo Realme. The researchers looked specifically at the information transmitted by the operating system and system apps, in order to exclude user-installed software. Within this limited scope, the researchers found that Android handsets from the three named vendors "send a worrying amount of Personally Identifiable Information (PII) not only to the device vendor but also to service providers like Baidu and to Chinese mobile network operators."

Submission + - Code bloat has become astronomical (positech.co.uk) 3

Submitted by Artem S. Tashkinov on Tuesday June 21, 2022 @10:08AM

Artem S. Tashkinov writes: An indie game programmer Cliff Harris shares his concerns about the current state of compute: Code bloat sounds like something that grumpy old programmers in their fifties (like me) make a big deal out of, because we are grumpy and old and also grumpy. I get that. But us being old and grumpy means complaining when code runs 50% slower than it should, or is 50% too big. This is way, way, way beyond that. We are at the point where I honestly do believe that 99.9% of the code in files on your PC is absolutely useless and is never even executed. Its just there, in a suite of 65 DLLS, all because some coder wanted to do something trivial, like save out a bitmap and had *no idea how easy that is*, so they just imported an entire bucketful of bloatware to achieve it.

Like I say, I really should not be annoyed at young programmers doing this. Its what they learned. They have no idea what high performance or constraint-based development is. When you tell them the original game Elite had a sprawling galaxy, space combat in 3D, a career progression system, trading and thousands of planets to explore, and it was 64k, I guess they HEAR you, but they don’t REALLY understand the gap between that, and what we have now.

Computers are so fast these days that you should be able to consider them absolute magic. Everything that you could possibly imagine should happen between the 60ths of a second of the refresh rate. And yet, when I click the volume icon on my microsoft surface laptop (pretty new), there is a VISIBLE DELAY as the machine gradually builds up a new user interface element, and eventually works out what icons to draw and has them pop-in and they go live. It takes ACTUAL TIME. I suspect a half second, which in CPU time, is like a billion fucking years.

Submission + - Mark Zuckerberg unveils future near-retina-quality VR headsets (theverge.com)

Submitted by Artem S. Tashkinov on Monday June 20, 2022 @01:57PM

Artem S. Tashkinov writes: Meta’s Reality Labs division has revealed new prototypes in its roadmap toward lightweight, hyper-realistic virtual reality graphics. The breakthroughs remain far from consumer-ready, but the designs — codenamed Butterscotch, Starburst, Holocake 2, and Mirror Lake — could add up to a slender, brightly lit headset that supports finer detail than its current Quest 2 display.

Yet to be released headsets have features which have been sorely missing previously: near-retina-quality image offering about 2.5 times the resolution of the Quest 2’s (sort of) 1832 x 1920 pixels per eye, letting users read the 20/20 vision line on an eye chart, high dynamic range (HDR) lighting with 20,000 nits of brightness and eye tracking. “The goal of all this work is to help us identify which technical paths are going to allow us to make meaningful enough improvements that we can start approaching visual realism.” says the Meta CEO.

Submission + - Mozilla releases local machine translation tools (mozilla.org)

Submitted by Artem S. Tashkinov on Thursday June 02, 2022 @05:03PM

Artem S. Tashkinov writes: In January of 2019, Mozilla joined the University of Edinburgh, Charles University, University of Sheffield and University of Tartu as part of a project funded by the European Union called Project Bergamot. The ultimate goal of this consortium was to build a set of neural machine translation tools that would enable Mozilla to develop a website translation add-on that operates locally, i.e. the engines, language models and in-page translation algorithms would need to reside and be executed entirely in the user’s computer, so none of the data would be sent to the cloud, making it entirely private.

The result of this work is the translations add-on that is now available in the Firefox Add-On store for installation on Firefox Nightly, Beta and in General Release. It currently supports 14 languages. You can test the translation engine without installing the add-on.

Submission + - Intel fails to get Spectre, Meltdown chip flaw class-action suit tossed out (theregister.com)

Submitted by Artem S. Tashkinov on Sunday January 30, 2022 @06:33AM

Artem S. Tashkinov writes: Intel will have to defend itself against claims that the semiconductor goliath knew its microprocessors were defective and failed to tell customers. On Wednesday, Judge Michael Simon, of the US District Court of Oregon, partially denied the tech giant's motion to dismiss a class-action lawsuit arising from the 2018 public disclosure of Meltdown and Spectre, the family of data-leaking chip microarchitecture design blunders. Intel, as the largest x86 microprocessor maker, has been the most affected by the findings: its chips were vulnerable to both Meltdown (along with Arm Cortex-A75 and IBM POWER) and Spectre, whereas rivals like AMD were affected only by Spectre. Thus Intel is the focus of much litigation: the biz faced 32 lawsuits only a month after the vulnerabilities were publicly acknowledged. Those lawsuits have been consolidated into a multi-district proceeding known as "Intel Corp. CPU Marketing, Sales Practices and Products Liability Litigation" (3:18-md-02828-SI). And since 2018, Intel has been trying to get them to go away.

Submission + - NVIDIA's ARM acquisition is no go (bloomberg.com)

Submitted by Artem S. Tashkinov on Tuesday January 25, 2022 @07:36AM

Artem S. Tashkinov writes: Nvidia Corp. is quietly preparing to abandon its purchase of Arm Ltd. from SoftBank Group Corp. after making little to no progress in winning approval for the $40 billion chip deal, according to people familiar with the matter. Nvidia has told partners that it doesn’t expect the transaction to close, according to one person, who asked not to be identified because the discussions are private. SoftBank, meanwhile, is stepping up preparations for an Arm initial public offering as an alternative to the Nvidia takeover, another person said.

Submission + - Biological neurons are for more complex than we imagined 1

Submitted by Artem S. Tashkinov on Thursday September 02, 2021 @01:46PM

Artem S. Tashkinov writes: Today, the most powerful artificial intelligence systems employ a type of machine learning called deep learning. Their algorithms learn by processing massive amounts of data through hidden layers of interconnected nodes, referred to as deep neural networks. As their name suggests, deep neural networks were inspired by the real neural networks in the brain, with the nodes modeled after real neurons — or, at least, after what neuroscientists knew about neurons back in the 1950s, when an influential neuron model called the perceptron was born. Since then, our understanding of the computational complexity of single neurons has dramatically expanded, so biological neurons are known to be more complex than artificial ones. But by how much?

To find out, David Beniaguev, Idan Segev and Michael London, all at the Hebrew University of Jerusalem, trained an artificial deep neural network to mimic the computations of a simulated biological neuron. They showed that a deep neural network requires between five and eight layers of interconnected “neurons” to represent the complexity of one single biological neuron. Even the authors did not anticipate such complexity. “I thought it would be simpler and smaller,” said Beniaguev. He expected that three or four layers would be enough to capture the computations performed within the cell.

Submission + - Brazil rejects Sputnik V vaccine, says it's tainted with replicating cold virus (arstechnica.com)

Submitted by Artem S. Tashkinov on Thursday April 29, 2021 @08:49PM

Artem S. Tashkinov writes: Health regulators in Brazil say that doses of Russia’s Sputnik V COVID-19 vaccine contain a cold-causing virus capable of replicating in human cells. The unintended presence of the virus in the vaccine can “lead to infections in humans and can cause damage and death, especially in people with low immunity and respiratory problems, among other health problems,” Brazil’s Health Regulatory Agency, Anvisa, said Wednesday in a translated statement. Russia has unequivocally denied the claim, lobbed legal threats at Anvisa, and accused the respected regulators of being politically motivated to reject the vaccine. Still, Brazil’s findings raise serious questions about the quality and safety of the vaccine, which is now being used in many countries. The findings also support concerns of Slovak regulators, who said earlier this month that batches of Sputnik V they received did not “have the same characteristics and properties” as the Sputnik V vaccine that was described in a peer-reviewed publication and found to be 91.6 percent effective.

Moreover, quality-control issues weren’t the end of Anvisa’s concerns. In an overall evaluation of the Russian vaccine, Brazil’s regulators found its safety and efficacy were based on insufficient, limited, and sometimes faulty data and analyses. “Flaws... were identified in all stages of clinical studies,” Anvisa said. The agency also reported that its inspectors who traveled to Russia to assess the vaccine’s production were barred from vaccine facilities at Gamaleya Institute, which developed Sputnik V.

Russia touts that “the safety and efficacy of Sputnik V has been confirmed by 61 regulators in countries where the vaccine has been authorized.” However, Brazil’s regulators said that of the 51 countries it contacted, only 14 were using the vaccine, and most of those countries did not have a tradition of vigilant drug-safety monitoring.

Submission + - Mozilla is hellbent on making their new Firefox UI unusable. What can be done? 1

Submitted by Artem S. Tashkinov on Thursday April 22, 2021 @02:56PM

Artem S. Tashkinov writes: Over the past ten years Firefox market share has decreased substantially and the web browser has lost its appeal and coolness. Seeing that, someone at Mozilla probably decided that the best way to entice people back is by changing its UI, thus Firefox has already seen quite a huge number of changes despite other major web browsers staying relatively the same in terms of their visuals, i.e. Google Chrome and Apple Safari look almost the same as they a decade ago. The most substantial redesign which is being prepared for the next release, which is called Proton, promises to drive most powerful users away because it's broken on a number of levels and makes using the browser a very unpleasant experience.

So, what has changed:

The compact density option for the address bar is now gone and not only that, the title bar is now a lot taller than before. Overall vertically the title bar and address bar now take almost a dozen pixels more than previous Firefox releases which steals very precious vertical space.li>

The floating tabs. The active tab is now totally disconnected from the active web page and it looks out of space.
The inactive tabs now completely lack a delimiter between them and in case of websites lacking a favicon, all inactive tabs look like one, which makes understanding what's open and what to click very difficult and time consuming.
Mozilla has removed icons from menus which made navigating them slower and more difficult. Human beings can easily recognize and memorize icons, and now instead you have to read 20 menu items trying to understand what you actually need to click.

Just to illustrate it, check how Firefox 88 looks and what is up and coming.

It surely looks like whatever UX studies Mozilla has had are either not run properly, or the data being collected is not properly understood. Mozilla has disabled feedback for Firefox, the company has made it abundantly clear that you cannot leave comments in their bugzilla and considering they want to deprecate userChrome.css it makes it impossible to restore whatever semblance of a good web browser experience. The Slashdot crowd loves free and open source web browsers, so the question is, how can we make the company stop maiming and destroying their most important product?

Submission + - Windows XP source code might have leaked (gizmodo.com.au)

Submitted by Artem S. Tashkinov on Friday September 25, 2020 @08:45AM

Artem S. Tashkinov writes: Gizmodo Australia reports: On Thursday, users on 4chan posted what they claimed was the source code of Windows XP. Posting an image of a screenshot allegedly of the source code in front of Window’s XP iconic Bliss background, one user wrote ‘sooooo Windows XP Source code leaked’. Another Redditor helpfully has uploaded the code as a torrent, assisting in its spread. While there is no confirmation that this code is definitely Windows XP, independent researchers have begun to pick through the source code and believe it stands up to scrutiny.

The Windows XP source code is not the only code which might have leaked. A screenshot of the torrent files contains files and folders named, Xbox, Windows Research Kernel, MS DOS 6.0, Windows NT 3.5 and 4 source code, Windows Embedded and CE and many others.

If true, that could spell a disaster for Microsoft because large chunks of Windows XP source code are still used in Windows 10, and as for Open Source, this leak could become a boom for Wine development because Microsoft is notorious for having a great number of internal APIs and various hacks in their APIs which make it difficult to reimplement them properly.

Submission + - Linusgate: the Debian project leaders want to ban Linus Torvalds for his manners (linuxreviews.org) 3

Submitted by Artem S. Tashkinov on Friday September 04, 2020 @05:44PM

Artem S. Tashkinov writes: 253 emails have been leaked from from Debian private high-level mailing lists in which its representatives vocally complain about the talk Linus Torvalds gave at the most recent DebConf conference and some people insist that he should be permanently banned from future conferences because the language he uses is inappropriate and infringes on the project's Code of Conduct. This could set a very bad precedent for the open source community which has recently seen an influx of various CoC policies applied to a number of high profile projects mostly after very vocal concerns from the people who barely participate in the Open Source community. Some observers believe that it's a plot by Microsoft to destroy the open source movement from the inside.

Slashdot Top Deals