quonset shares a report: In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying "a cascade of errors" by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.

The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company's knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China. It concluded that "Microsoft's security culture was inadequate and requires an overhaul" given the company's ubiquity and critical role in the global technology ecosystem. Microsoft products "underpin essential services that support national security, the foundations of our economy, and public health and safety."

The panel said the intrusion, discovered in June by the State Department and dating to May "was preventable and should never have occurred," blaming its success on "a cascade of avoidable errors." What's more, the board said, Microsoft still doesn't know how the hackers got in. [...] It said Microsoft's CEO and board should institute "rapid cultural change" including publicly sharing "a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products."

An anonymous reader quotes a report from Ars Technica: Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. "Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack," officials wrote Tuesday. "Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been rendered inoperative while others continue to function as normal."

The systems confirmed inoperable include tax and online property payments, issuance of marriage licenses, and inmate searches. In response, the Assessment, Collection and Recorder of Deeds offices at all county locations are closed until further notice. The closure occurred the same day that the county was holding a special election to vote on a proposed sales tax to fund a stadium for MLB's Kansas City Royals and the NFL's Kansas City Chiefs. Neither the Jackson County Board of Elections nor the Kansas City Board of Elections have been affected by the attack; both remain open.

The Jackson County website says there are 654,000 residents in the 607-square-mile county, which includes most of Kansas City, the biggest city in Missouri. The response to the attack and the investigation into it have just begun, but so far, officials said they had no evidence that data had been compromised. Jackson County Executive Frank White, Jr. has issued (PDF) an executive order declaring a state of emergency. The County has notified law enforcement and retained IT security contractors to help investigate and remediate the attack. "The potential significant budgetary impact of this incident may require appropriations from the County's emergency fund and, if these funds are found to be insufficient, the enactment of additional budgetary adjustments or cuts," White wrote. "It is directed that all county staff are to take whatever steps are necessary to protect resident data, county assets, and continue essential services, thereby mitigating the impact of this potential ransomware attack."

The UK and US have signed a landmark deal to work together on testing advanced artificial intelligence (AI) and develop "robust" safety methods for AI tools and their underlying systems. "It is the first bilateral agreement of its kind," reports the BBC. From the report: UK tech minister Michelle Donelan said it is "the defining technology challenge of our generation." "We have always been clear that ensuring the safe development of AI is a shared global issue," she said. "Only by working together can we address the technology's risks head on and harness its enormous potential to help us all live easier and healthier lives."

The secretary of state for science, innovation and technology added that the agreement builds upon commitments made at the AI Safety Summit held in Bletchley Park in November 2023. The event, attended by AI bosses including OpenAI's Sam Altman, Google DeepMind's Demis Hassabis and tech billionaire Elon Musk, saw both the UK and US create AI Safety Institutes which aim to evaluate open and closed-source AI systems. [...]

Gina Raimondo, the US commerce secretary, said the agreement will give the governments a better understanding of AI systems, which will allow them to give better guidance. "It will accelerate both of our Institutes' work across the full spectrum of risks, whether to our national security or to our broader society," she said. "Our partnership makes clear that we aren't running away from these concerns - we're running at them."

Taiwan's biggest earthquake in 25 years has disrupted production at the island's semiconductor companies, raising the possibility of fallout for the technology industry and perhaps the global economy. From a report: The potential repercussions are significant because of the critical role Taiwan plays in the manufacture of advanced chips, the foundation of technologies from artificial intelligence and smartphones to electric vehicles.

The 7.4-magnitude earthquake led to the collapse of at least 26 buildings, four deaths and the injury of 57 people across Taiwan, with much of the fallout still unknown. Taiwan Semiconductor Manufacturing Co., the world's largest maker of advanced chips for customers like Apple and Nvidia, halted some chipmaking machinery and evacuated staff. Local rival United Microelectronics also stopped machinery at some plants and evacuated certain facilities at its hubs of Hsinchu and Tainan.

Taiwan is the leading producer of the most advanced semiconductors in the world, including the processors at the heart of the latest iPhones and the Nvidia graphics chips that train AI models like OpenAI's ChatGPT. TSMC has become the tech linchpin because it's the most advanced in producing complex chips. Taiwan is the source of an estimated 80% to 90% of the highest-end chips -- there is effectively no substitute. Jan-Peter Kleinhans, director of the technology and geopolitics project at Berlin-based think tank Stiftung Neue Verantwortung, has called Taiwan "potentially the most critical single point of failure" in the semiconductor industry.

artmancc writes: The White House has directed NASA and other federal agencies to get to work on a plan to implement precision timekeeping and dissemination on the moon and elsewhere in space. Reuters cited a memo from the head of the White House Office of Science and Technology Policy (OSTP) that "instructed the space agency to work with other parts of the U.S. government to devise a plan by the end of 2026 for setting what it called a Coordinated Lunar Time (LTC). The name of the proposed time standard is similar to the terrestrial time standard known as Coordinated Universal Time (UTC).

"OSTP chief Arati Prabhakar's memo said that for a person on the moon, an Earth-based clock would appear to lose on average 58.7 microseconds per Earth-day and come with other periodic variations that would further drift moon time from Earth time," Reuters reported. An unidentified OSTP official said the lunar time standard is needed for secure and synchronized communication between astronauts, satellites orbiting the moon, and Earth.

An anonymous reader quotes an opinion piece from the Washington Post, published by the Editorial Board: A just-published investigation by Russian, American and German journalists has unearthed startling new information about the so-called Havana syndrome, or "Anomalous Health Incidents," as the government calls the unexplained bouts of painful disorientation that U.S. diplomats and intelligence officers have suffered in recent years. The new information suggests but does not prove that Russia's military intelligence agency is responsible. Earlier, agencies in the U.S. intelligence community had concluded that "it is very unlikely a foreign adversary is responsible." They need to look again. [...]

[T]he new investigation by the Insider, a Russian investigative news outlet, in collaboration with CBS's "60 Minutes" and Germany's Der Spiegel, paints a different picture. It identifies the possible culprit as Unit 29155, a "notorious assassination and sabotage squad" of the GRU, Moscow's military intelligence service. Senior members of the unit received "awards and political promotions for work related to the development of 'non-lethal acoustic weapons'" -- a term used in the Russian military-scientific literature to describe both sound- and radiofrequency-based directed energy devices. The investigation found documentary evidence that Unit 29155 "has been experimenting with exactly the kind of weaponized technology" experts suggest is a plausible cause. Moreover, the Insider reported, geolocation data shows that operators attached to Unit 29155, traveling undercover, were present in places where Havana syndrome struck, just before the incidents took place.

Even more concerning, the investigation found that a commonality among the Americans targeted was their work history on Russia issues. This included CIA officers who were helping Ukraine build up its intelligence capabilities in the years before Russia's full-scale invasion in 2022. One veteran of the CIA Kyiv station was named the new chief of station in Vietnam and was hit there. A second veteran of the CIA in Ukraine was hit in his apartment in Tashkent, Uzbekistan. Both these intelligence officers had to be medevaced and were treated at Walter Reed National Military Medical Center. The wife of a third CIA officer who had served in Kyiv was hit in London. "Of all the cases" examined by the news organizations, they said, "the most well-documented involve U.S. intelligence and diplomatic personnel with subject matter expertise in Russia or operational experience in countries such as Georgia and Ukraine," both of which were the scene of popular pro-Western uprisings in the past two decades. The news organizations point out that Russian President Vladimir Putin has often blamed these "color revolutions" on the CIA and the State Department. They conclude, "Putin would have every interest in neutralizing scores of U.S. intelligence officers he deemed responsible for his loss of the former satellites." The Editorial Board is advocating for a thorough and aggressive investigation by the U.S. intelligence community that "takes into account all aspects of the incidents."

"If the incidents are a deliberate attack, the perpetrator must be identified and held to account. Along with sending a message to those who might harm American personnel, the United States needs to show all those who might join the diplomatic and intelligence services that the government will protect them abroad and at home from foreign adversaries, no matter what."

Intel on Tuesday disclosed $7 billion in operating losses for its foundry business in 2023, "a steeper loss than the $5.2 billion in operating losses the year before," reports Reuters. "The unit had revenue of $18.9 billion for 2023, down 31% from $27.49 billion the year before." From the report: Intel shares were down 4.3% after the documents were filed with the U.S. Securities and Exchange Commission (SEC). During a presentation for investors, Chief Executive Pat Gelsinger said that 2024 would be the year of worst operating losses for the company's chipmaking business and that it expects to break even on an operating basis by about 2027. Gelsinger said the foundry business was weighed down by bad decisions, including one years ago against using extreme ultraviolet (EUV) machines from Dutch firm ASML. While those machines can cost more than $150 million, they are more cost-effective than earlier chip making tools.

Partially as a result of the missteps, Intel has outsourced about 30% of the total number of wafers to external contract manufacturers such as TSMC, Gelsinger said. It aims to bring that number down to roughly 20%. Intel has now switched over to using EUV tools, which will cover more and more production needs as older machines are phased out. "In the post EUV era, we see that we're very competitive now on price, performance (and) back to leadership," Gelsinger said. "And in the pre-EUV era we carried a lot of costs and (were) uncompetitive." Editor's note: This story has been corrected to change the 2022 revenue figure for Intel Foundry to $27.49 billion, as reflected in the source article. We apologize for the math error.

Sara Fischer reports via Axios: Jon Stewart on Monday told Federal Trade Commission (FTC) Chair Lina Khan that Apple wouldn't let him interview her for a podcast. "I wanted to have you on a podcast and Apple asked us not to do it," "The Daily Show" host said to Khan, in reference to his former podcast that was an extension of his Apple TV+ comedy show "The Problem With Jon Stewart." "They literally said 'please don't talk to her,' having nothing to do with what you do for a living. I think they just... I didn't think they cared for you is what happened," he added during his conversation with Khan. "They wouldn't let us do even that dumb thing we just did in the first act on AI. Like, what is that sensitivity? Why are they so afraid to even have these conversations out in the public sphere?"

Stewart returned to "The Daily Show" in February after leaving in 2015 as its executive producer and host on Monday evenings through the 2024 election cycle. Stewart's Apple TV+ show ended late last year after Stewart and Apple executives parted ways over creative differences, including the comedian's desire to cover topics such as China and AI, the New York Times reported.

Bitcoin fell more than 4.76% on Tuesday to $66,134 amid rising Treasury yields and strength in the U.S. dollar. CNBC reports: On Monday morning, it was trading at about $70,000 before data came out showing growth in the manufacturing sector for the first time since September 2022 and investor bets on June rate cuts began to cool. Bitcoin is now off its all-time high, reached on March 14, by about 11%. Ether went down with it, losing 5.6% to trade at $3,240.27. Meanwhile, the 10-year U.S. Treasury yield hit its highest level of the year and the dollar, which has an inverse relationship with bitcoin, hit a five-month high.

Bitcoin's move may have been exacerbated by a large bitcoin holder, or "whale," who transferred more than 4,000 bitcoin to the Bitfinex exchange late Monday night. Data from CryptoQuant shows a spike in that exchange's reserves -- which typically signals a boost in selling activity -- that coincides with the sudden drop in bitcoin price late Monday night. Stocks tied to the performance of bitcoin were dragged down but traded off their lows to end the day.

President Joe Biden has become the first sitting U.S. president to post on a decentralized networking protocol. As reported by The Verge, President Biden's Threads account "has begun using Meta's ActivityPub integration," which allows for content, data, and followers to be ported between networks -- the basis that makes up the "fediverse." From the report: The account turning on fediverse posting comes only a couple of weeks after Threads rolled out its beta ActivityPub integration for users in the US, Canada, and Japan. Biden may not be able to see replies and follows as they pour in from the fediverse -- and with some servers blocking connections to Meta, not everyone there will be able to see his posts -- as those features weren't part of Threads' integration when it opened up beta testing last month. But his posts are available, and he'll see likes coming in from there. Or whoever is running the Presidential Threads account will, anyway.

An anonymous reader quotes a report from Reuters: The U.S. Federal Communications Commission will vote to reinstate landmark net neutrality rules and assume new regulatory oversight of broadband internet that was rescinded under former President Donald Trump, the agency's chair said. The FCC told advocates on Tuesday of the plan to vote on the final rule at its April 25 meeting. The commission voted 3-2 in October on the proposal to reinstate open internet rules adopted in 2015 and re-establish the commission's authority over broadband internet.

Net neutrality refers to the principle that internet service providers should enable access to all content and applications regardless of the source, and without favoring or blocking particular products or websites. FCC Chair Jessica Rosenworcel confirmed the planned commission vote in an interview with Reuters. "The pandemic made clear that broadband is an essential service, that every one of us -- no matter who we are or where we live -- needs it to have a fair shot at success in the digital age," she said. "An essential service requires oversight and in this case we are just putting back in place the rules that have already been court-approved that ensures that broadband access is fast, open and fair."

Yahoo is acquiring Artifact, the AI news app from Instagram's co-founders that failed to make it big on its own. The Verge reports: The two sides declined to share the cost of the acquisition, but both made clear Yahoo is acquiring Artifact's tech rather than its team. Mike Krieger and Kevin Systrom, Artifact's co-founders, will be "special advisors" for Yahoo but won't be joining the company. Artifact's remaining five employees have either gotten other jobs or are planning to take some time off. The acquisition comes a bit more than a year after Artifact's launch and about three months after Systrom and Krieger announced its death. [...]

Artifact, the app, will go away once the acquisition is complete. But Artifact's underlying tech for categorizing, curating, and personalizing content will soon start to show up on Yahoo News -- and eventually on other Yahoo platforms, too. "You'll see that stuff flowing into our products in the coming months," says Downs Mulder. It sounds like there's also a good chance that Yahoo's apps might get a bit of Artifact's speed and polish over time, too. Both Systrom and Downs Mulder say the integration will take time, that you can't just drop an Artifact algorithm into Yahoo News and call it a day. But they see a possibility to get everybody into the future a little faster. Yahoo can develop a personalized content ecosystem, the "TikTok for text" that was so alluring to Artifact users. And Artifact can power a news service of the future.

Bill Toulas reports via BleepingComputer: Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. CVE-2024-3094 is a supply chain compromise in XZ Utils, a set of data compression tools and libraries used in many major Linux distributions. Late last month, Microsoft engineer Andres Freud discovered the backdoor in the latest version of the XZ Utils package while investigating unusually slow SSH logins on Debian Sid, a rolling release of the Linux distribution.

The backdoor was introduced by a pseudonymous contributor to XZ version 5.6.0, which remained present in 5.6.1. However, only a few Linux distributions and versions following a "bleeding edge" upgrading approach were impacted, with most using an earlier, safe library version. Following the discovery of the backdoor, a detection and remediation effort was started, with CISA proposing downgrading the XZ Utils 5.4.6 Stable and hunting for and reporting any malicious activity.

Binarly says the approach taken so far in the threat mitigation efforts relies on simple checks such as byte string matching, file hash blocklisting, and YARA rules, which could lead to false positives. This approach can trigger significant alert fatigue and doesn't help detect similar backdoors on other projects. To address this problem, Binarly developed a dedicated scanner that would work for the particular library and any file carrying the same backdoor. [...] Binarly's scanner increases detection as it scans for various supply chain points beyond just the XZ Utils project, and the results are of much higher confidence. Binarly has made a free API available to accomodate bulk scans, too.

An anonymous reader quotes a report from The Register: VMware by Broadcom will deliver a significant update to its flagship Cloud Foundation bundle in the middle of this year and follow it up with a major update early in 2025. Both releases will show off Broadcom's plan to make the package easier to implement and operate, and hopefully assuage customer concerns about price rises. More on that later. First, the updates. One release is currently scheduled to debut in July, according to Paul Turner, vice-president of product management and the leader of the VMware Cloud Foundation (VCF) team. The release will allow use of a single license key for all the components of Cloud Foundation, improve OAuth support as a step towards single sign-on across the VMware range, and add an NSX overlay that will allow implementation of software-defined networks without requiring IP address changes.

Turner explained those features as exemplifying the sort of simplification VMware by Broadcom thinks is needed to make Cloud Foundation easier to implement. A bigger release Turner hopes will debut in early 2025 -- though he would commit to only a H1 launch -- will be a "unified" release in which more of VCF is better integrated. Today, Turner admitted, VMware customers may have implemented vSphere and the Aria management suite, but might still need or choose discrete storage for each. Future VCF releases will increasingly unify the products so that silos aren't needed. Prashanth Shenoy, vice president for VMware by Broadcom's cloud platform, infrastructure, and solutions marketing, told The Register the release will be called VCF 9 and will represent "the fullest expression of Broadcom's vision for product integration." "When customers deploy VCF there are seams -- when they deploy networking and storage, they feel like they do not have a unified developer or operator experience," Shenoy admitted. VCF 9 will tidy that sort of thing up and make the process "seamless." Buyers can also expect improved log file analysis, the ability to acquire templates from a marketplace and adopt them as PaaS, and plenty more.

Turner and Shenoy told The Register that the two releases are hoped to make VCF adoption easier, and by doing so demonstrate the value of the bundle. Today, they argue, would-be hybrid cloud adopters using VCF are in reality integrating siloed products -- which doesn't prove the value of the vStack well. VCF 9's planned integrations, they argue, should demonstrate the power of the stack and the wisdom of Broadcom's decision to create a VMware unit dedicated to VCF. That team, they explained, means developers for each of the bundle's components work together on a unified experience, rather than to create their own product. It may also demonstrate the value of VMware by Broadcom's new licenses – which some users have complained are considerably more expensive now that subscriptions are required, and products are only sold in bundles. Sylvain Cazard, president of Broadcom Software for Asia-Pacific, told The Register that complaints about higher prices are unwarranted since customers using at least two components of VMware's flagship Cloud Foundation will end up paying less. He also noted that the new pricing includes support, which VMware didn't include previously.

Personal computing and console gaming revenue growth is expected to remain below pre-pandemic levels through 2026 as gamers record fewer hours of playtime, according to research firm Newzoo. From a report: The market is expected to grow 2.7% from 2023-end to 2026, below the 7.2% growth rate from 2015 to 2021, according to the report. Gamers have been recording fewer hours of play, with the average quarterly playtime falling 26% from 2021 to 2023. The trend is expected to continue this year due to weaker gaming release schedules, with playtime falling around 10% in January. "Slower player growth rates will impact the industry's capacity to 'expand the pie' via net organic growth," Newzoo said.

An anonymous reader shares a report: Burnout, quiet quitting, strikes -- the news (and likely your schedule) is filled with markers that workers are overwhelmed and too much is expected of them. There's little regulation in the United States to prevent employers from forcing workers to be at their desks or on call at all hours, but that might soon change. California State Assemblyman Matt Haney has introduced AB 2751, a "right to disconnect" proposition, The San Francisco Standard reports. The bill is in its early stages but, if passed, would make every California employer lay out exactly what a person's hours are and ensure they aren't required to respond to work-related communications while off the clock. Time periods in which a salaried employee might have to work longer hours would need to be laid out in their contract. Exceptions would exist for emergencies.

The Department of Labor would monitor adherence and fine companies a minimum of $100 for wrongdoing -- whether that's forcing employees to be on Zoom, their inbox, answering texts or monitoring Slack when they're not getting paid to do so. "I do think it's fitting that California, which has created many of these technologies, is also the state that introduces how we make it sustainable and update our protections for the times we live in and the world we've created," Haney told The Standard.

The White House plans to renew a push in April to convince Congress to extend an internet subsidy program used by 23 million American households just weeks before it runs out of money, officials said. From a report: In October, the White House asked for $6 billion to extend the program through December 2024, but Congress has not funded it, potentially putting millions of households at risk of losing their internet service. Federal Communications Commission Chair Jessica Rosenworcel told lawmakers in a letter that April is the last month participants will get the full subsidy, with partial subsidies in May.

Congress previously allocated $17 billion to help lower-income families and people impacted by COVID-19 gain broadband access through a $30 per month voucher to use toward internet service. "We have come too far to allow this successful effort to promote internet access for all to end," Rosenworcel said on Tuesday. "Despite the breadth of this support and the urgent need to continue this program to ensure millions of households nationwide do not lose essential internet access, no additional funding has yet been appropriated."

Amazon is phasing out its checkout-less grocery stores with "Just Walk Out" technology. The company's senior vice president of grocery stores says they're moving away from Just Walk Out, which relied on cameras and sensors to track what people were leaving the store with. From a report: Just over half of Amazon Fresh stores are equipped with Just Walk Out. The technology allows customers to skip checkout altogether by scanning a QR code when they enter the store. Though it seemed completely automated, Just Walk Out relied on more than 1,000 people in India watching and labeling videos to ensure accurate checkouts. The cashiers were simply moved off-site, and they watched you as you shopped.

Instead, Amazon is moving towards Dash Carts, a scanner and screen are embedded in your shopping cart, allowing you to checkout as you shop. These offer a more reliable solution than Just Walk Out, whose impressive technology was truly ahead of its time. Amazon Fresh stores will also feature self check out counters from now on, for people who aren't Amazon members.

More than 200 musical artists -- including Billie Eilish, Katy Perry and Smokey Robinson -- have penned an open letter to AI developers, tech firms and digital platforms to "cease the use of artificial intelligence (AI) to infringe upon and devalue the rights of human artists." From a report: Unlike other advocacy efforts from creators around AI, this letter specifically addresses tech firms about the concerns of musical artists, such as replicating artist's voices, using their work to train AI models without compensation and diluting royalty pools that are paid out to artists. Jen Jacobsen, executive director at The Artist Rights Alliance (ARA), the trade group representing the artists signing the letter, told Axios, "We're not thinking about legislation here."

"We're kind of calling on our technology and digital partners to work with us to make this a responsible marketplace, and to keep the quality of the music sound, and not to replace human artists." The letter, penned by dozens of well-known musicians within ARA, specifically calls on tech firms and AI developers to stop the "predatory use of AI to steal professional artists' voices and likenesses, violate creators' rights, and destroy the music ecosystem." Signatories include Elvis Costello, Norah Jones, Nicki Minaj, Camila Cabello, Kacey Musgraves, Jon Batiste, Ja Rule, Jason Isbell, Pearl Jam, Sam Smith and dozens more spanning every musical genre.

Thawing ice in the Arctic may open up new routes for internet cables that lie at the bottom of the ocean and carry most international data traffic. And more routes matter when underwater infrastructure is at risk of attack. From a report: Baltic Sea gas and telecoms cables were damaged last year, with a Chinese vessel a potential suspect. Red Sea data cables were cut last month after a Yemeni government warning of attacks by Iran-backed Houthi rebels. Over 90 percent of all Europe-Asia traffic flows through the Red Sea route. The problem of critical data relying on only one path is clear. "It's clearly a kind of concentration of several cables, which means that there is a risk that areas will bottleneck," Taneli Vuorinen, the executive vice president at Cinia, a Finland-based company working on an innovative pan-Arctic cable, said.

"In order to meet the increasing demand, there's an increasing pressure to find diversity" of routes, he said. The Far North Fiber project is seeking to offer just that. The 14,500 kilometer long cable will directly link Europe to Japan, via the Northwest Passage in the Arctic, with landing sites in Japan, the United States (Alaska), Canada, Norway, Finland and Ireland. It would have been unthinkable until just a few years ago, when a thick, multiyear layer of ice made navigation impossible. But the Arctic is warming up at a worrying pace with climate change, nearly four times faster than the rest of the world. Sea ice is shrinking by almost 13 percent every decade.