Agregátor RSS

Po čase Microsoft ukázal další vylepšení aplikací Malování a Výstřižky. Novinky jsou jako obvykle nejdříve dostupné k testování v programu Windows Insider, specificky v kanálech Dev a Canary. Nástroj na focení obsahu obrazovky před pár měsíci nabídl OCR nebo nahrávání videa. Výstřižky od verze ...

Telekomunikační operátor Cetin spadající do skupiny PPF podle informací e15 koupil dalšího malého konkurenta. Od podnikatelů Miroslava Holuba a Martina Richtarika získal poskytovatele internetu M.Net Studénka působícího na Ostravsku. M.Net má v několika obcích v blízkosti Ostravy vlastní optickou ...

Feds scoff at blockchain integrity while software bug said to have been at heart of the matter

The US Department of Justice has booked two brothers on allegations that they exploited open source software used in the Ethereum blockchain world to bag $25 million (£20 million).…

Throw another healthcare biz on the barby, mate

Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients' personal and health data.…

Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.

Nejasnosti okolo jednoho z případů slavného detektiva Sherlocka Holmese.

Microsoft released 62 updates on Patch Tuesday this week, with three zero-days (CVE-2024-30051, CVE-2024-30046, and CVE-2024-30040) forcing a “patch now” deployment guidance for Windows desktops. Adobe is back with a “Patch Now” update, while Microsoft Office, Edge browsers and Microsoft’s development platform (Visual Studio and .NET) can be dealt with using standard release schedules. 

Unusually for Azure updates, the Readiness team recommends particular attention be paid to an Azure Agent update (CVE-2024-30060), as it can affect corporate VM’s (associated with testing or development platforms). The team has provided an infographic outlining the risks associated with each of the updates for this month’s cycle. 

Known issues 

Each month, Microsoft publishes a list of known issues related to the operating system and platforms included in each cycle; the following two reported minor issues:

• Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview). Yes, Microsoft is still working on this one.
• There appears to be an issue with how Windows clients receive their updates after installing KB5034203. Instead of downloading from their peers or designated enterprise update endpoints, clients that use DHCP option 235 will download from the internet instead. Aside from the (serious) security concerns in getting your updates from outside your organization, some clients will see a significant increase in their internet traffic.

And for all you Windows 11 users, Microsoft has reported that after installing this update you might not be able to change your profile photo from the default. (For many, this is a good thing.)

Major revisions 

This month, Microsoft published the following major revisions to past security and feature updates:

• CVE-2024-30009: Windows Routing and Remote Access Service (RRAS) Remote Code Execution. The FAQs were updated for this Microsoft patch. This is an information change only.
• CVE-2024-30044: Microsoft SharePoint Server Remote Code Execution Vulnerability. Microsoft updated the documentation, added a FAQ, and updated the CVSS score for this critical update.
• CVE-2024-30046: Visual Studio Denial of Service Vulnerability. Microsoft has revised the Security Updates table to include .NET 7.0 and .NET 8.0 as these versions of .NET are now affected by this vulnerability. 

I’m not sure where to place this latest (and late) addition to the May patches. Microsoft released a major update (CVE-2024-30060) to the Azure agent (we use this Microsoft tool for our Azure-based application packaging, conversion and testing Virtual Machines). If you are using Azure-based VMs, this update will be important for all your builds. Unfortunately, this vulnerability has been publicly disclosed and adds to our tally of May Patch Tuesday zero days.

Mitigations and workarounds 

As of May 17, Microsoft has not published any mitigations or workarounds for this month’s patch cycle.

Testing guidance

Each month, the team at Readiness analyzes the latest updates and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the patches and their potential impact on the Windows platforms and application installations.

We have grouped the critical updates and required testing efforts into functional area including:

Microsoft Office

• A change to how OLE handles web content will require a test scenario for embedding and loading external web content (text, images and video).

Microsoft .NET and developer tools

• Microsoft SQL server updates will require a test of new connections with different versions of SQL Server. Line-of-business (LOB) applications that rely on SQL server connections will require a full UAT before releasing this month’s developer update.

Windows

The following core Microsoft features have been updated and might require attention:

• The updates to the Windows Common Error log feature (CLDFLT.SYS) will require testing of creating, reading, updating and deleting (CRUD) log files.
• DNS updates will require testing for non-existing domains registered in each managed zone.
• This month’s update to the Microsoft Crypto library will require tests of new creation and deletion.
• Microsoft’s Routing and Remote Access Servers (RRAS) servers will require light testing for valid connections.
• Smartcard access to Microsoft Windows desktops will require basic access testing.

Aside from updating several key features on the Windows desktop platform, Microsoft also updated the way the following APIs are handled:

• SetFileBandwidthReservation and GetFileBandwidthReservation;
• The MMC and Windows Shell (MPRAPI.DLL);
• Microsoft’s CNG crypto implementation (NCRYPT.DLL).

These are tough updates to test properly, as you need a detailed list of what applications depend upon (and actually use) these APIs. 

Automated testing will help (especially a testing platform that offers a “delta” or comparison between builds). However, for LOB apps, getting the application owner (doing UAT) to test and approve the results is absolutely essential. 

This month, Microsoft made a major (general) update to the Win32 and GDI subsystems with a recommendation to test out a significant portion of your application portfolio.

Windows lifecycle update 

This section will contain important changes to servicing (and most security updates) to Windows desktop and server platforms.

• Support for Windows 10 (21H2) ends this month. In fact, support ends before the next Patch Tuesday. This is serious now, people.
• Microsoft SQL Server (2014 SP3 CU4): the final stage of support (aka Security Support) ends in five weeks.
• Microsoft Visual Studio 2022 loses full support in less than two months.

Each month, we break down the update cycle into product families with the following basic groupings: 

• Browsers (Microsoft IE and Edge) 
• Microsoft Windows (both desktop and server) 
• Microsoft Office
• Microsoft SQL Server (not Exchange Server) 
• Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core)
• Adobe (if you get this far) 

Browsers

Microsoft and the Chromium project have been releasing patches to both Chrome and Edge every three or four days since the latest major update in April. So far, there are now seven updates to Chrome (with the recent addition of CVE-2024-30056), all of which are rated important. These security vulnerabilities relate to memory handling and “use after free” issues but have not been reported as exploited or publicly disclosed. Add these updates to your standard release schedule.

Windows

Microsoft published 46 updates for the Windows desktop and server updates. For this (much smaller) release to the Windows desktop platform, the following functional areas have been updated:

• Windows Common Log File System Driver Windows Hyper-V;
• Windows Cryptographic Services;
• Windows DHCP Server;
• Windows NTFS;
• Windows Win32K – ICOMP;
• Windows RRAS and Remote Access Connection Manager.

Unfortunately, we have three zero-days (CVE-2024-30051, CVE-2024-30046, and CVE-2024-30040) that affect the Windows platform. The team at Readiness has already discovered several applications that are particularly vulnerable to the DWM vulnerability (CVE-2024-30051) which could lead to full SYSTEM (caps added by Microsoft) privileges on the compromised system. Add this update to your “Patch Now” schedule.

Microsoft Office 

Microsoft released just three updates for the Office platform. CVE-2024-30042 addresses a remote code execution vulnerability in Excel that is both challenging to exploit and non-wormable. The other updates relate to Microsoft SharePoint. All are rated important and should be added to your standard desktop release schedule. 

Microsoft SQL Server (not Exchange Server)

Microsoft has not released any patches for Exchange Server but did push out a single update (CVE-2024-30054) rated important for SQL Server. This update to SQL Server Power BI feature really belongs in the developer release cycle, as it updates Software Development Kit (SDK). Add this to your standard developer release schedule.

Microsoft development platforms 

Microsoft released four updates to the development platform, affecting Visual Studio and .NET for those deploying and managing desktop patches. Add these to your standard developer release schedule.

Adobe Reader (if you get this far) 

We are back! Adobe released an update to Adobe Reader (APSB24-29) covering 12 memory related and “use after free ” security vulnerabilities that have a serious rating of 8.8. This attracts a “Patch Now” rating from the Readiness team due to Adobe Reader’s tight integration with the Windows desktop ecosystem.

Microsoft, Security, Windows, Windows 10, Windows 11, Windows Security

Your local nail tech could be a secret agent for Kim’s cunning plan

Three individuals accused of helping North Korea fund its weapons programs using US money are now in handcuffs.…

Nedávno jsme na VTM informovali o spuštění obrovské čističky vzduchu Mammoth, která má z atmosféry odsávat oxid uhličitý. Poněkud kriticky jsme tehdy konstatovali, že zařízení, které dokáže odstranit z ovzduší až 36 000 tun oxidu uhličitého ročně, je „plivnutím do moře“, neboť jen v roce 2023 bylo ...

Out of the box, my first reaction when taking hold of Apple’s all-new 11-in. M4-powered iPad Pro was how light it was, closely followed by some sense of wonder at how thin it has become. 

The model I’ve been using weighs just 0.98-pounds. (This is the version with both Wi-Fi and cellular capabilities; the equivalent 13-in. model weights 1.28 pounds.)

You got to carry that weight…

To put this into perspective, the previous generation 11-in. model weighed just a little more, 1.04-pounds — but that small, roughly 5% weight reduction is still quite tangible. 

I think it’s worth noting that Apple’s first ever cellular-equipped iPad weighed 1.6-pounds when introduced in 2010, meaning this iPad Pro is only 61% as heavy as that first-gen product, the one thousands of C-suite executives acquired.

At 5.3mm, it’s super-thin, too. (The 13-inch model is even thinner). Apple claims it is the thinnest product it has ever made; it’s even thinner than the iPod Nano I sentimentally keep on my desk.

You’d think that thinness would make it easy to bend the product. I’m not about to try that, but I have found the iPad is reinforced with an additional spine to make it more resilient. My take is that you’ll have to try pretty hard to bend this thing, or you could try sitting on it by mistake when taking a flight, as I recently did with another model. It’s probably best to be careful.

Apple Got to get yourself connected

The second set of reactions kicked in once I turned on the device. I’m always impressed at how Apple continues to improve the on-boarding process for its products. To get this machine working, I just had to bring my iPhone across, go through a very simple set up process, create a PIN code and wait for my apps and data to shift over from iCloud. That process takes longer the more data you need to transfer, but it’s painless.

If you’re setting up a managed device, it will be quite similar, though you’ll probably need to enter your Managed Apple ID before the iPad Pro is provisioned for you and your company. Apple’s on-boarding process is excellently executed.

Looks are sometimes everything

Once the iPad had stuffed itself with my data, I picked it up and began to use it.  That’s when my fourth big reaction kicked in: the image quality on the tandem OLED display is stupendous. 

I mentioned that ill-fated iPad-wrecking flight I took. While I was away, I took holiday photos, including a selection of beautiful, luscious, green landscapes. I like these images, but I have been truly impressed by the true-to-life detail and excellence in color rendering on this particular machine. The multitude of different greens you see in a forest really snap out at you, like being there. 

There’s a reason for this, of course. Both iPad Pro models feature what Apple calls an Ultra Retina XDR display and modestly describes as “the world’s most advanced display.” Those greens, deep true blacks, and all the other visual details are there because these displays use technology similar to what’s used in Apple’s XDR display for Macs. 

And those Mac displays deliver images just as good as the hugely expensive “reference displays” you find in movie studios. That’s great for iPhoto collections, of course, but also means that when you’re working on video footage or photos in the field, you get state-of-the-art color accuracy on a display that’s bright and beautiful. And packed inside a mobile device with a 10-hour battery life weighing less than a pound. That’s great for creatives.

A mobile creative powerhouse

In case you want the technical details, the display can reach a peak 1,600 nits brightness and a stable 1,000 nits most of the time. It also has a 2,000,000-to-1 contrast ratio, which is another reason colors really pop. And yes, if you need professional color, the device can display reference color for all the popular color standards. This display is a professional workhorse.

But iPad Pro isn’t only for creatives. And while Apple does tend to focus on the creative markets in its marketing materials, this system has something to offer any professional who needs a high-performance and highly portable system for any reason.

It might be over-specced for some enterprise uses of tablets (for which the iPad Air remains a more logical choice). But for use in some sectors (medical, education, and architecture, for example) the iPad Pro’s excellent display is most certainly part of the attraction.

Of course, some of the most challenging users really need to get the best possible performance, and you get that here thanks to the M4 chip inside. 

Possibly, the world’s best AI PC…

Apple suggests it needed to use this processor because it wanted to make the iPad Pro thin and to drive the amazing display. The move to M4 also means you get a huge leap in processor performance (1.5x faster than the last model) and graphics (rendering is four times faster).

But what may become more important is that the deployment of this chip means the iPad Pro with M4 will perhaps soon become the world’s ultimate AI-driven tablet, about which we’ll learn much more at WWDC. 

I’m willing to speculate that once Apple introduces generative AI in iPadOS, the iPad Pro will be seen as even more than a tablet; you’ll even be able to control it with voice and glance. Think about that and recognize that this means it will also become the ultimate mobile computing (with AI) experience. If Apple gets it right. 

If your computer interactions are no longer reliant on keyboard and mice, and your device can deliver the computational power (thanks to the M4 chip) you require, at what point does the PC become history? I think these iPads are part of that story.

But let’s not focus too much on what isn’t here yet, because what we actually have is quite something already. The iPad Pro can easily handle powerful apps such as Procreate, or large spreadsheets, or video apps, or whatever you need to run; all will run faster, perform better, and complete their tasks more swiftly than before. 

(It also gives developers of mobile apps an on-ramp for the addition of powerful new features in the future, and a glimpse at M4 Macs.)

What about the Magic Keyboard?

I’m using the iPad Pro with Apple’s new Magic Keyboard. I love it. 

Not only does it provide a 14-key function row, but it has been designed to include a comfortable aluminum palm rest and a much bigger, haptic trackpad. It makes working with iPad Pro much more Mac-like, especially as the keypad is backlit for use in darker places. The keyboard is comfortable to use and responsive — so much so, that I’m writing this review with it. 

The keyboard is a little heavy. At 1.27 pounds (according to my scales), the Magic Keyboard is actually heavier than the iPad Pro it holds, though the keyboard is a little lighter than the last version. Together, that’s a combined weight of 2.3 pounds — considerably lighter than a 3.4-pound 13-in. MacBook Pro .

Of course, these do different things, and your iPad Pro can deliver all its functionality in a lighter case, along with that precious, Made For AI M4 chip. 

Weight aside, if you intend on using your iPad Pro as a highly mobile productive device, the Magic Keyboard is a must.

Write me kindly, sir

Digital creatives have another must-have accessory, the Apple Pencil Pro. Actually, a tiny computer in a pencil, the real achievement here is that Apple has managed to cram so much into something that feels just like the original Apple Pencil.

This iteration lets you squeeze the side to bring up a tool palette; you get unlimited undo; double tap; and a new barrel roll capability which changes the orientation of shaped pen and brush tools. You also get haptic feedback, so when you do something, you’ll feel something, and support for existing pencil features like low latency and “hover.” (Hover lets you precisely place where you want to be, with on-screen objects jumping at you.) 

It’s the squeeze function I find most useful; it makes the pencil so much more intuitive to use, as I’ve always kind of struggled moving between modes. Now, it seems much more natural. There are six sets of commands you can set Squeeze to handle, but only one can be in use at any point. The only limitation at present is that apps must be updated to gain all these tools. 

More to think about

There are lots of elements I’ve not touched on. One of these is the iPad Pro probably won’t get too hot, as thermal performance has been improved by almost 20%. Another is the four speakers and four microphones inside the system, which support the new landscape front camera to make the device a great tool for video conferencing on Zoom, FaceTime, WebEx, even Teams (if you must). 

The primary camera has also been improved for better performance in low light, augmented by AI to secure better images. There’s a built-in document scanner function and a LiDAR camera.

Who pays the iMan?

What may be the world’s most advanced mobile device comes at a price. The model I tested has the nano-texture glass (what’s this?) and 1TB storage. It costs $1,899. 

Add the Apple Pencil Pro at a surprisingly low $129 and Magic Keyboard at $299 and the combined system I’ve been testing costs $2,327 — just $71 less than the top-of-the-range 14-in. MacBook Pro with an M3 Pro chip. 

Price isn’t the only consideration, of course. You don’t necessarily have to get nanotexture, unless robust color accuracy is something you need. You might not want 1TB of storage. You might not even need cellular, the pencil, or the Magic Keyboard. The entry-level configuration will set you back $999, and frankly from what I’ve seen, you’re still getting a lot at that price. (If you are price conscious, the also-new iPad Air might be precisely what you need. I can’t say, as I’ve not yet looked at that model since I broke my own iPad on that flight.)

Who is this for?

Apple’s varied range of iPads now has something for every price point. The iPad Pro is for aspirational Apple fans, high-end mobile creatives, critical workers in some industries, designers, movie makers, quite possibly data analysts, IT admins and (as ever) the C-suite executives who get everything.

It’s also an amazing, high-class product that I think checks the boxes for almost every task we once relied on computers to achieve. I can’t wait to see how Apple plans to exploit the computational capabilities of the device in the days ahead.

On its own account, the iPad Pro with M4 is a very desirable machine, and while most of us might choose an M2-based iPad Air, those who don’t can look forward to a great experience. And the rest of us can look forward to at least some of these improvements extending across Apple’s other tablets over time.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, iOS, iPad, Mobile

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining Newsroomhttp://www.blogger.com/profile/[email protected]

Nadšení z nových produktů a služeb nám kazí celá škála faktorů. Internet způsobil záplavu informacemi a výrobci se snaží urvat si pozornost tím, že pracují s úniky, ale také nás oficiálně zásobují drobnými ukázkami, abychom se na jejich produkty těšili. My se ale nedokážeme nadchnout, když víme, co ...

The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in developing and deploying quantum computing technologies. As quantum computing technology advances, there is a growing need for operating systems that can support quantum computing frameworks. This interdisciplinary discussion should be particularly interesting to Linux admins, infosec professionals, internet security enthusiasts, and sysadmins as the impact on security and infrastructure is significant.

Some of the hardest sectors to decarbonize are industries that require high temperatures like steel smelting and cement production. A new approach uses a synthetic quartz solar trap to generate temperatures of over 1,000 degrees Celsius (1,832 degrees Fahrenheit)—hot enough for a host of carbon-intensive industries.

While most of the focus on the climate fight has been on cleaning up the electric grid and transportation, a surprisingly large amount of fossil fuel usage goes into industrial heat. As much as 25 percent of global energy consumption goes towards manufacturing glass, steel, and cement.

Electrifying these processes is challenging because it’s difficult to reach the high temperatures required. Solar receivers, which use thousands of sun-tracking mirrors to concentrate energy from the sun, have shown promise as they can hit temperatures of 3,000 C. But they’re very inefficient when processes require temperatures over 1,000 C because much of the energy is radiated back out.

To get around this, researchers from ETH Zurich in Switzerland showed that adding semi-transparent quartz to a solar receiver could trap solar energy at temperatures as high as 1,050 C. That’s hot enough to replace fossil fuels in a range of highly polluting industries, the researchers say.

“Previous research has only managed to demonstrate the thermal-trap effect up to 170 C,” lead researcher Emiliano Casati said in a press release. “Our research showed that solar thermal trapping works not just at low temperatures, but well above 1,000 C. This is crucial to show its potential for real-world industrial applications.”

The researchers used a silicon carbide disk to absorb solar energy but attached a roughly one-foot-long quartz rod to it. Because quartz is semi-transparent, light is able pass through it, but it also readily absorbs heat and prevents it from being radiated back out.

That meant that when the researchers subjected the quartz rod to simulated sunlight equivalent to 136 suns, the solar energy readily passed through to the silicon plate and was then trapped there. This allowed the plate to heat up to 1,050 C, compared to just 600 C at the other end of the rod.

Simulations of the device found that the quartz’s thermal trapping capabilities could significantly boost the efficiency of solar receivers. Adding a quartz rod to a state-of-the-art receiver could boost efficiency from 40 percent to 70 percent when attempting to hit temperatures of 1,200 C. That kind of efficiency gain could drastically reduce the size, and therefore cost, of solar heat installations.

While still just a proof of concept, the simplicity of the approach means it would probably not be too difficult to apply to existing receiver technology. Companies like Heliogen, which is backed by Bill Gates, has already developed solar furnace technology designed to generate the high temperatures required in a wide range of industries.

Casati says the promise is clear, but work remains to be done to prove its commercial feasibility.

“Solar energy is readily available, and the technology is already here,” he says. “To really motivate industry adoption, we need to demonstrate the economic viability and advantages of this technology at scale.”

But the prospect of replacing such a big chunk of our fossil fuel usage with solar power should be motivation enough to bring this technology to fruition.

Image Credit: A new solar trap built by a team of ETH Zurich scientists reaches 1050 C (Device/Casati et al.)