Agregátor RSS

OpenAI a Google se oba vrhli do multimodální umělé inteligence, která čte, vidí a slyší, a nasadili tak laťku hodně vysoko. Říkáme tomu GPT-4o v případě OpenAI a Project Astra v případě Googlu. Ten na své výroční konferenci I/O ukázal také nový model Gemini 1.5 s obrovskou pamětí 1 milionů tokenů, ...

„Na co tohle sakra může být?,“ ptá se na Redditu Dan Smith a přikládá screenshot z konfigurátoru dodávky Citroën Relay (v Česku Jumper). Dvě kabiny spojené k sobě, každá míří opačným směrem… Vysvětlení je překvapivě jednoduché – jde o konfiguraci určenou firmám, které staví obytná vozidla, ...

ARTIFICIAL INTELLIGENCE

It’s Time to Believe the AI Hype
Steven Levy | Wired
“There’s universal agreement in the tech world that AI is the biggest thing since the internet, and maybe bigger. …Skeptics might try to claim that this is an industry-wide delusion, fueled by the prospect of massive profits. But the demos aren’t lying. We will eventually become acclimated to the AI marvels unveiled this week. The smartphone once seemed exotic; now it’s an appendage no less critical to our daily life than an arm or a leg. At a certain point AI’s feats, too, may not seem magical any more.”

archive page

COMPUTING

How to Put a Datacenter in a Shoebox
Anna Herr and Quentin Herr | IEEE Spectrum
“At Imec, we have spent the past two years developing superconducting processing units that can be manufactured using standard CMOS tools. A processor based on this work would be one hundred times as energy efficient as the most efficient chips today, and it would lead to a computer that fits a data-center’s worth of computing resources into a system the size of a shoebox.”

BIOTECH

IndieBio’s SF Incubator Lineup Is Making Some Wild Biotech Promises
Devin Coldewey | TechCrunch
“We took special note of a few, which were making some major, bordering on ludicrous, claims that could pay off in a big way. Biotech has been creeping out in recent years to touch adjacent industries, as companies find how much they rely on outdated processes or even organisms to get things done. So it may not surprise you that there’s a microbiome company in the latest batch—but you might be surprised when you hear it’s the microbiome of copper ore.”

TECH

It’s the End of Google Search as We Know It
Lauren Goode | Wired
“It’s as though Google took the index cards for the screenplay it’s been writing for the past 25 years and tossed them into the air to see where the cards might fall. Also: The screenplay was written by AI. These changes to Google Search have been long in the making. Last year the company carved out a section of its Search Labs, which lets users try experimental new features, for something called Search Generative Experience. The big question since has been whether, or when, those features would become a permanent part of Google Search. The answer is, well, now.”

AUTOMATION

Waymo Says Its Robotaxis Are Now Making 50,000 Paid Trips Every Week
Mariella Moon | Engadget
“If you’ve been seeing more Waymo robotaxis recently in Phoenix, San Francisco, and Los Angeles, that’s because more and more people are hailing one for a ride. The Alphabet-owned company has announced on Twitter/X that it’s now serving more than 50,000 paid trips every week across three cities. Waymo One operates 24/7 in parts of those cities. If the company is getting 50,000 rides a week, that means it receives an average of 300 bookings every hour or five bookings every minute.”

CULTURE

Technology Is Probably Changing Us for the Worse—or So We Always Think
Timothy Maher | MIT Technology Review
“We’ve always greeted new technologies with a mixture of fascination and fear,  says Margaret O’Mara, a historian at the University of Washington who focuses on the intersection of technology and American politics. ‘People think: “Wow, this is going to change everything affirmatively, positively,”‘ she says. ‘And at the same time: ‘It’s scary—this is going to corrupt us or change us in some negative way.”‘ And then something interesting happens: ‘We get used to it,’ she says. ‘The novelty wears off and the new thing becomes a habit.'”

TECH

This Is the Next Smartphone Evolution
Matteo Wong | The Atlantic
“Earlier [this week], OpenAI announced its newest product: GPT-4o, a faster, cheaper, more powerful version of its most advanced large language model, and one that the company has deliberately positioned as the next step in ‘natural human-computer interaction.’ …Watching the presentation, I felt that I was witnessing the murder of Siri, along with that entire generation of smartphone voice assistants, at the hands of a company most people had not heard of just two years ago.”

SPACE

In the Race for Space Metals, Companies Hope to Cash In
Sarah Scoles | Undark
“Previous companies have rocketed toward similar goals before but went bust about a half decade ago. In the years since that first cohort left the stage, though, ‘the field has exploded in interest,’ said Angel Abbud-Madrid, director of the Center for Space Resources at the Colorado School of Mines. …The economic picture has improved with the cost of rocket launches decreasing, as has the regulatory environment, with countries creating laws specifically allowing space mining. But only time will tell if this decade’s prospectors will cash in where others have drilled into the red or be buried by their business plans.”

FUTURE

What I Got Wrong in a Decade of Predicting the Future of Tech
Christopher Mims | The Wall Street Journal
“Anniversaries are typically a time for people to get misty-eyed and recount their successes. But after almost 500 articles in The Wall Street Journal, one thing I’ve learned from covering the tech industry is that failures are far more instructive. Especially when they’re the kind of errors made by many people. Here’s what I’ve learned from a decade of embarrassing myself in public—and having the privilege of getting an earful about it from readers.”

FUTURE OF FOOD

Lab-Grown Meat Is on Shelves Now. But There’s a Catch
Matt Reynolds | Wired
“Now cultivated meat is available in one store in Singapore. There is a catch, however: The chicken on sale at Huber’s Butchery contains just 3 percent animal cells. The rest will be made of plant protein—the same kind of ingredients you’d find in plant-based meats that are already on supermarket shelves worldwide. This might feel like a bit of a bait and switch. Didn’t cultivated meat firms promise us real chicken? And now we’re getting plant-based products with a sprinkling of animal cells? That criticism wouldn’t be entirely fair, though.”

Image Credit: Pawel Czerwinski / Unsplash

Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport fixes. It emphasizes the importance of using the most up-to-date kernel releases for enhanced security, challenging the traditional vendor-bound kernel model.

Vypadá to, že sociální sítě Mety, tedy konkrétně Facebook a Instagram, čeká další boj s úřady. Evropská komise totiž pochybuje o dostatečné ochraně dětí na těchto platformách. Zahájila proto formální vyšetřování, jehož výsledkem může být hodně mastná pokuta, informuje zpravodajství ...

For starters: Crypto, import tariffs, and Microsoft shipping out staff

Kettle  It's been a fairly troubling week in terms of the relationship between China and the Western world.…

Security is vital for your Linux web apps, but keeping up with the latest exploits and meeting compliance standards can quickly become overwhelming.

In the dynamic landscape of web development , ensuring that applications perform uniformly across various web browsers is a vital aspect of user experience. This becomes increasingly important for Linux systems, where the default browsers and configurations range presents unique challenges. Cross-browser compatibility testing on Linux helps to identify and resolve these discrepancies, thereby enhancing the accessibility and functionality of web applications for all users.

Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs. Understanding and mitigating the vulnerabilities in the Linux kernel is essential in safeguarding your systems against exploits leading to compromise. Let's examine why kernel vulnerabilities are such a severe threat and mitigation strategies for protecting against them.

V Praze se konal 7. ročník největšího festivalu kreativců • Prošli jsme všechny pavilony za vás a nafotili to nejzajímavější • V následujících měsících zamíří Maker Faire do regionů

Po čase Microsoft ukázal další vylepšení aplikací Malování a Výstřižky. Novinky jsou jako obvykle nejdříve dostupné k testování v programu Windows Insider, specificky v kanálech Dev a Canary. Nástroj na focení obsahu obrazovky před pár měsíci nabídl OCR nebo nahrávání videa. Výstřižky od verze ...

Telekomunikační operátor Cetin spadající do skupiny PPF podle informací e15 koupil dalšího malého konkurenta. Od podnikatelů Miroslava Holuba a Martina Richtarika získal poskytovatele internetu M.Net Studénka působícího na Ostravsku. M.Net má v několika obcích v blízkosti Ostravy vlastní optickou ...

Feds scoff at blockchain integrity while software bug said to have been at heart of the matter

The US Department of Justice has booked two brothers on allegations that they exploited open source software used in the Ethereum blockchain world to bag $25 million (£20 million).…

Throw another healthcare biz on the barby, mate

Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients' personal and health data.…

Nejasnosti okolo jednoho z případů slavného detektiva Sherlocka Holmese.

Microsoft released 62 updates on Patch Tuesday this week, with three zero-days (CVE-2024-30051, CVE-2024-30046, and CVE-2024-30040) forcing a “patch now” deployment guidance for Windows desktops. Adobe is back with a “Patch Now” update, while Microsoft Office, Edge browsers and Microsoft’s development platform (Visual Studio and .NET) can be dealt with using standard release schedules. 

Unusually for Azure updates, the Readiness team recommends particular attention be paid to an Azure Agent update (CVE-2024-30060), as it can affect corporate VM’s (associated with testing or development platforms). The team has provided an infographic outlining the risks associated with each of the updates for this month’s cycle. 

Known issues 

Each month, Microsoft publishes a list of known issues related to the operating system and platforms included in each cycle; the following two reported minor issues:

• Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview). Yes, Microsoft is still working on this one.
• There appears to be an issue with how Windows clients receive their updates after installing KB5034203. Instead of downloading from their peers or designated enterprise update endpoints, clients that use DHCP option 235 will download from the internet instead. Aside from the (serious) security concerns in getting your updates from outside your organization, some clients will see a significant increase in their internet traffic.

And for all you Windows 11 users, Microsoft has reported that after installing this update you might not be able to change your profile photo from the default. (For many, this is a good thing.)

Major revisions 

This month, Microsoft published the following major revisions to past security and feature updates:

• CVE-2024-30009: Windows Routing and Remote Access Service (RRAS) Remote Code Execution. The FAQs were updated for this Microsoft patch. This is an information change only.
• CVE-2024-30044: Microsoft SharePoint Server Remote Code Execution Vulnerability. Microsoft updated the documentation, added a FAQ, and updated the CVSS score for this critical update.
• CVE-2024-30046: Visual Studio Denial of Service Vulnerability. Microsoft has revised the Security Updates table to include .NET 7.0 and .NET 8.0 as these versions of .NET are now affected by this vulnerability. 

I’m not sure where to place this latest (and late) addition to the May patches. Microsoft released a major update (CVE-2024-30060) to the Azure agent (we use this Microsoft tool for our Azure-based application packaging, conversion and testing Virtual Machines). If you are using Azure-based VMs, this update will be important for all your builds. Unfortunately, this vulnerability has been publicly disclosed and adds to our tally of May Patch Tuesday zero days.

Mitigations and workarounds 

As of May 17, Microsoft has not published any mitigations or workarounds for this month’s patch cycle.

Testing guidance

Each month, the team at Readiness analyzes the latest updates and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the patches and their potential impact on the Windows platforms and application installations.

We have grouped the critical updates and required testing efforts into functional area including:

Microsoft Office

• A change to how OLE handles web content will require a test scenario for embedding and loading external web content (text, images and video).

Microsoft .NET and developer tools

• Microsoft SQL server updates will require a test of new connections with different versions of SQL Server. Line-of-business (LOB) applications that rely on SQL server connections will require a full UAT before releasing this month’s developer update.

Windows

The following core Microsoft features have been updated and might require attention:

• The updates to the Windows Common Error log feature (CLDFLT.SYS) will require testing of creating, reading, updating and deleting (CRUD) log files.
• DNS updates will require testing for non-existing domains registered in each managed zone.
• This month’s update to the Microsoft Crypto library will require tests of new creation and deletion.
• Microsoft’s Routing and Remote Access Servers (RRAS) servers will require light testing for valid connections.
• Smartcard access to Microsoft Windows desktops will require basic access testing.

Aside from updating several key features on the Windows desktop platform, Microsoft also updated the way the following APIs are handled:

• SetFileBandwidthReservation and GetFileBandwidthReservation;
• The MMC and Windows Shell (MPRAPI.DLL);
• Microsoft’s CNG crypto implementation (NCRYPT.DLL).

These are tough updates to test properly, as you need a detailed list of what applications depend upon (and actually use) these APIs. 

Automated testing will help (especially a testing platform that offers a “delta” or comparison between builds). However, for LOB apps, getting the application owner (doing UAT) to test and approve the results is absolutely essential. 

This month, Microsoft made a major (general) update to the Win32 and GDI subsystems with a recommendation to test out a significant portion of your application portfolio.

Windows lifecycle update 

This section will contain important changes to servicing (and most security updates) to Windows desktop and server platforms.

• Support for Windows 10 (21H2) ends this month. In fact, support ends before the next Patch Tuesday. This is serious now, people.
• Microsoft SQL Server (2014 SP3 CU4): the final stage of support (aka Security Support) ends in five weeks.
• Microsoft Visual Studio 2022 loses full support in less than two months.

Each month, we break down the update cycle into product families with the following basic groupings: 

• Browsers (Microsoft IE and Edge) 
• Microsoft Windows (both desktop and server) 
• Microsoft Office
• Microsoft SQL Server (not Exchange Server) 
• Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core)
• Adobe (if you get this far) 

Browsers

Microsoft and the Chromium project have been releasing patches to both Chrome and Edge every three or four days since the latest major update in April. So far, there are now seven updates to Chrome (with the recent addition of CVE-2024-30056), all of which are rated important. These security vulnerabilities relate to memory handling and “use after free” issues but have not been reported as exploited or publicly disclosed. Add these updates to your standard release schedule.

Windows

Microsoft published 46 updates for the Windows desktop and server updates. For this (much smaller) release to the Windows desktop platform, the following functional areas have been updated:

• Windows Common Log File System Driver Windows Hyper-V;
• Windows Cryptographic Services;
• Windows DHCP Server;
• Windows NTFS;
• Windows Win32K – ICOMP;
• Windows RRAS and Remote Access Connection Manager.

Unfortunately, we have three zero-days (CVE-2024-30051, CVE-2024-30046, and CVE-2024-30040) that affect the Windows platform. The team at Readiness has already discovered several applications that are particularly vulnerable to the DWM vulnerability (CVE-2024-30051) which could lead to full SYSTEM (caps added by Microsoft) privileges on the compromised system. Add this update to your “Patch Now” schedule.

Microsoft Office 

Microsoft released just three updates for the Office platform. CVE-2024-30042 addresses a remote code execution vulnerability in Excel that is both challenging to exploit and non-wormable. The other updates relate to Microsoft SharePoint. All are rated important and should be added to your standard desktop release schedule. 

Microsoft SQL Server (not Exchange Server)

Microsoft has not released any patches for Exchange Server but did push out a single update (CVE-2024-30054) rated important for SQL Server. This update to SQL Server Power BI feature really belongs in the developer release cycle, as it updates Software Development Kit (SDK). Add this to your standard developer release schedule.

Microsoft development platforms 

Microsoft released four updates to the development platform, affecting Visual Studio and .NET for those deploying and managing desktop patches. Add these to your standard developer release schedule.

Adobe Reader (if you get this far) 

We are back! Adobe released an update to Adobe Reader (APSB24-29) covering 12 memory related and “use after free ” security vulnerabilities that have a serious rating of 8.8. This attracts a “Patch Now” rating from the Readiness team due to Adobe Reader’s tight integration with the Windows desktop ecosystem.

Microsoft, Security, Windows, Windows 10, Windows 11, Windows Security

Your local nail tech could be a secret agent for Kim’s cunning plan

Three individuals accused of helping North Korea fund its weapons programs using US money are now in handcuffs.…

Nedávno jsme na VTM informovali o spuštění obrovské čističky vzduchu Mammoth, která má z atmosféry odsávat oxid uhličitý. Poněkud kriticky jsme tehdy konstatovali, že zařízení, které dokáže odstranit z ovzduší až 36 000 tun oxidu uhličitého ročně, je „plivnutím do moře“, neboť jen v roce 2023 bylo ...