Security

• Chip makers aren't all-in on metaverse hardware yet – we should know, we asked them

  Nvidia, though, expects this virtual-reality world to be as vast as the internet
  Agam Shah Fri 5 Nov 2021 // 07:23 UTC 1

  Is the Facebook-driven metaverse opportunity for real? Chip makers seemingly have more important things to worry about than a concept that could either take off or emerge as the Myspace of virtual reality.

  Facebook, as a corporation, last week rebranded itself Meta, and is betting its future around a metaverse, or a large virtual-reality world in which people create and appear as avatars that can interact, play, and work. Meta is building virtual reality headsets and other hardware to meet its vision, but it will need chip makers and hardware companies to create the underlying electronics and infrastructure.

  Qualcomm dedicated some time early in an earnings call this week highlighting its XR platform – XR being a term encompassing virtual and mixed reality scenarios – which includes chips and software for virtual reality devices. But other than that no more time was spent on kit dedicated to the metaverse.

  Continue reading

• Close but no cigar: Lenovo infrastructure group narrowly falls short of a profit

  When IBM sold it back in 2014, it was a breakeven proposition. Seven years later not much has changed
  Simon Sharwood, APAC Editor Fri 5 Nov 2021 // 06:38 UTC

  Lenovo has come within $17 million of recording a profit for its Infrastructure Solutions Group (ISG), the enterprise hardware division within the PC giant.

  Readers may recall that the ISG has its roots in IBM's 2014 sale of the System X server business to Lenovo.

  At the time, IBM described System X – which offered Intel-powered servers – as "a $4 billion business for us last year" that achieved "breakeven on an annual basis".

  Continue reading

• Beijing fingers foreign spies for data mischief, with help from consulting firm

  Chinese media wonders why it hasn't been reported in the West - hang on, you're reading this ...
  Laura Dobberstein Fri 5 Nov 2021 // 05:45 UTC

  China's Ministry of State Security released details this week of three alleged security breaches that saw sensitive data illegally transferred abroad.

  State-sponsored Xinhua News Agency described the breaches as "endangering the security of important data" and said by disclosing them, the Ministry sought to build awareness of non-traditional security and, by doing so, better maintain national security.

  The announcement, which deliberately coincides with the seventh anniversary of the country's anti-espionage law, described airline data stolen by an overseas intelligence agency, shipping data collected by a consulting firm that provided it to a foreign spy agency, and the construction of weather devices to transfer sensitive meteorological data abroad. It is unclear whether one or more foreign intelligence agencies conducted the alleged attacks, or if the actions were linked.

  Continue reading

• 140 million Chinese punters adopt Digital Yuan and spend up big

  But central bank worries about security, usability – and business continuity
  Simon Sharwood, APAC Editor Fri 5 Nov 2021 // 04:37 UTC 1

  140 million digital wallets capable of storing China's central bank digital currency – the Digital Yuan or E-CNY – have already been issued to individuals, and another ten million businesses have signed up too.

  So said Mu Changchun, director of the Digital Currency Research Institute of the People's Bank of China, at an event in Hong Kong earlier this week. Those wallet-holders have already spent over ¥62 billion ($9.8B) with the 1.5 million merchants that have signed up to accept the digital currency.

  But Mu also admitted that the People's Bank of China is worried about the E-CNY's security. He told the event that the Bank knows digital currencies will attract attention from criminals, so is working on encryption algorithms, data security, and business continuity plans.

  Continue reading

• So it is possible for Jeff Bezos to lose: Court dismisses Blue Origin complaint about Moon contract award to Elon Musk

  NASA and SpaceX to resume working on the next lunar lander
  Katyanna Quach Fri 5 Nov 2021 // 03:18 UTC 5

  The US Court of Federal Claims has dismissed Blue Origin’s complaints that NASA unfairly awarded its $2.89bn next-generation lunar lander system contract to SpaceX.

  The lander, known as the Human Landing System or HLS, is expected to launch the next man and first woman to the Moon. It's part of NASA’s Artemis program, a project to get humans back on the lunar surface. We haven't been there since 1972.

  Commercial aerospace companies like SpaceX, Blue Origin, and Dynetics jumped at the chance to build the spaceship that would take future astronauts to Earth's natural satellite.

  Continue reading

• Red Hat forced to hire cheaper, less senior engineers amid budget freeze

  Email tells bosses to down-level open positions to control costs
  Thomas Claburn in San Francisco Fri 5 Nov 2021 // 00:57 UTC 12

  Exclusive Next year, IBM's Red Hat plans to cut back on hiring senior engineers in an effort aimed largely at controlling costs.

  An internal email sent on Wednesday by Timothy Cramer, SVP of software engineering, to Red Hat managers directs hiring requisitions to be made at a lower level of seniority than usual.

  "All new plan reqs should be opened at a level below senior (e.g., Associate Software Engineer or Software Engineer)," the message says.

  Continue reading

• Cisco warns 'unintentional debugging credential' left in some network switches can be abused to hijack equipment

  Pair of 10/10 critical bugs demand your attention, as does a 9.8-rated SSH SNAFU
  Simon Sharwood, APAC Editor Fri 5 Nov 2021 // 00:22 UTC 4

  Cisco this week revealed a pair of critical flaws, rated ten out of ten in severity, in its family of Catalyst PON Series Switches Optical Network Terminals.

  One of these vulnerabilities, CVE-2021-34795, is "an unintentional debugging credential," as Cisco put it, baked into the devices.

  What on Earth is an "unintentional debugging credential"? It kinda smells like a backdoor left in by engineers for testing. Cisco's not explained how such a credential was left in a shipping product; we've asked for more details.

  Continue reading

• There, that wasn't so hard, was it? South Korea makes Google allow rival payment systems in Play store apps

  All right, which country's next?
  Thomas Claburn in San Francisco Thu 4 Nov 2021 // 23:28 UTC 4

  Google says it will comply with South Korean law by allowing Android apps hosted on Google Play to include third-party in-app billing systems, a decision that shows the dominant app store duopoly – represented by Apple and Google – losing control of their mobile app platforms.

  In August, the South Korean parliament passed a law that banned major app store operators from requiring that developers use only the platform-endorsed payment system for in-app transactions.

  "In response to the recent legislation, developers will now be able to add an alternative in-app billing system, alongside Google Play’s billing system, for their mobile and tablet users in South Korea," said Wilson White, senior director of public policy at Google, in a blog post. "At checkout, users will be able to choose which billing system to use."

  Continue reading

• Kyndryl spins out of IBM, stock starts trading on NYSE – and shares tumble

  We're sure everything will be OK, its revenues have only fallen 37 per cent in the past decade
  Paul Kunert Thu 4 Nov 2021 // 21:56 UTC 4

  IBM has finally cut loose its multi-billion-dollar managed infrastructure business, renamed to Kyndryl, sending 90,000 staffers into a life that is less big and less blue.

  The spin off, announced in October 2020, was completed today, meaning Kyndryl is now being traded as a separate entity on the New York Stock Exchange. Martin Schroeder, a former IBMer and now Kyndryl CEO and chairman, said:

  Continue reading

• Expired cert breaks Windows 11 snipping tool, emoji panel, S Mode features, other stuff

  And we're talking about shipped code, not some Insider beta, here
  Iain Thomson in San Francisco Thu 4 Nov 2021 // 20:00 UTC 27

  It has proved an unfortunate Halloween for Microsoft, with the ghost of an expired certificate haunting Windows 11 users. The upshot is: various built-in programs may stop working properly or cannot be opened at all.

  Redmond yesterday said "some users" are affected, so you may or may not notice the blunder. This all applies to at least Windows 11 version 21H2.

  The cryptographic cert at the heart of this affair ran out at the end of October leading to failures this month, according to Microsoft: "Starting on November 1, 2021, some users might be unable to open or use certain built-in Windows apps or parts of some built-in apps. This is caused by an issue with a Microsoft digital certificate, which expired October 31, 2021."

  Continue reading

• Teams has a mute button all of its own in taskbar of latest Windows 11 preview build

  Another way to make sure the yawns don't get through
  Richard Speed Thu 4 Nov 2021 // 18:56 UTC 5

  Microsoft has added a mute button for Teams into the taskbar of the latest Windows 11 preview build.

  This should prove very handy for when one lets loose with the expletives due to the collaboration platform behaving poorly.

  The feature has turned up in build 22494 and pops a microphone icon into the taskbar when the user joins a meeting, assuming one is a member of the subset of Windows Insiders lucky enough to have the feature switched on, and also have the work or school version of Microsoft Teams installed.

  Continue reading