Strider Technologies scours open-source data in China to identify technologies most at risk of being stolen -- and the people who might be tempted to steal them. China's government calls IP theft allegations 'malicious slandering.' From a report: Oak Ridge National Laboratory in Tennessee has for decades been a hotbed of US nuclear experimentation. It's also a target for countries seeking to steal American secrets. More than 1,700 technologies developed in the lab are in China's crosshairs, according to three-year-old startup Strider Technologies. The list includes ion beams, nuclear power equipment and energy storage materials. Using custom software to scour widely available sources of information on China's internet, Strider executives said they identified two postdoctoral researchers in nanotechnology who, while working at Oak Ridge, were recruited into China's Youth Thousand Talents Program. The researchers were lured by perks including a grant of 500,000 yuan (about $75,000) apiece and other subsidies worth up to 3 million yuan (about $450,000), the executives said. Both relocated to China and are now employed by university labs with ties to China's defense industry, they said.

This is the potential power of Strider, which uses open-source data from China to identify technologies most at risk of being stolen -- and to spot the people who might be tempted to steal them. The company's pitch coincides with a debate in the US over how to investigate Chinese industrial espionage while protecting civil liberties, and follows a decision by the Justice Department to shut down a program targeting crimes involving China amid allegations that the agency was targeting people based on their ethnicity. The brainchild of globetrotting American twin brothers, Strider, which is based in suburban Salt Lake City, used Oak Ridge only as an example of its prowess; the lab isn't a client. "Companies around the world have been dealing with nation-state threats and IP theft for a decade or more, with little to no tools," said Eric Levesque, Strider's chief operating officer. "Governments can't solve for this and there is huge unmet demand in the market. We're enabling companies to get ahead of the threat rather than just react to issues post-incident."

After weeks of teases, Nothing is finally announcing its debut smartphone -- the Nothing Phone 1 -- at a launch event today. From a report: Led by OnePlus co-founder Carl Pei, it's the well-funded startup's second product released following last year's Ear 1 true wireless earbuds. The big news is that the Nothing Phone 1 will be sold with a modest starting price of $475 USD (though it's not getting a widespread release in the US) when it goes on sale on July 21st. $475 gets you the model with 8GB of RAM and 128GB of storage, while stepping up to $535 gets you 256GB of storage. The model with 12GB of RAM and 256GB of storage goes on sale later this summer for $593 USD.

The New York Times describes Pegasus as "a 'zero-click' hacking tool that can remotely extract everything from a target's mobile phone [and] turn the mobile phone into a tracking and recording device." But they also report that the tool's "notorious" maker, NSO Group, was visited "numerous times" in recent months by a executives from American military contractor L3Harris — makes of the cellphone-tracking Stingray tool — who'd wanted to negotiate a purchase of the company.

Their first problem? The U.S. government had blacklisted NSO Group in November, saying Pegasus had been used to compromise phones of political leaders, human rights activists and journalists. But five people familiar with the negotiations said that the L3Harris team had brought with them a surprising message that made a deal seem possible. American intelligence officials, they said, quietly supported its plans to purchase NSO, whose technology over the years has been of intense interest to many intelligence and law enforcement agencies around the world, including the F.B.I. and the C.I.A.

The talks continued in secret until last month, when word of NSO's possible sale leaked and sent all the parties scrambling. White House officials said they were outraged to learn about the negotiations, and that any attempt by American defense firms to purchase a blacklisted company would be met by serious resistance.... Left in place are questions in Washington, other allied capitals and Jerusalem about whether parts of the U.S. government — with or without the knowledge of the White House — had seized an opportunity to try to bring control of NSO's powerful spyware under U.S. authority, despite the administration's very public stance against the Israeli firm....

[NSO Group] had seen a deal with the American defense contractor as a potential lifeline after being blacklisted by the Commerce Department, which has crippled its business. American firms are not allowed to do business with companies on the blacklist, under penalty of sanctions. As a result, NSO cannot buy any American technology to sustain its operations — whether it be Dell servers or Amazon cloud storage — and the Israeli firm has been hoping that being sold to a company in the United States could lead to the sanctions being lifted....

L3 Harris's representatives told the Israelis that U.S. intelligence agencies supported the acquisition as long as certain conditions were met, according to five people familiar with the discussions. One of the conditions, those people said, was that NSO's arsenal of "zero days" — the vulnerabilities in computer source code that allow Pegasus to hack into mobile phones — could be sold to all of the United States' partners in the so-called Five Eyes intelligence sharing relationship. The other partners are Britain, Canada, Australia and New Zealand.
"Several people familiar with the talks said there have been attempts to resuscitate the negotiations..."

System76, the Colorado-based Linux laptop, desktop, and server specialist, has announced a new highly portable laptop with an Intel Alder Lake processor inside. Tom's Hardware reports: The new Lemur Pro(opens in new tab) is a "lighter than Air" 14-inch form factor laptop with excellent battery life and attractions such as open firmware (powered by Coreboot) and a 180-degree hinge. In addition, buyers can choose to go with Pop!_OS 22.04 LTS or Ubuntu 22.04 LTS pre-installed. The new Lemur Pro has many attractive modern features you might see advertised in many rival mainstream thin and light designs. However, the special sauce here is the "System76 Open Firmware with Coreboot." Coreboot, known initially as LinuxBIOS, is significant as it is an open-source BIOS implementation embraced by Linux users. It is lightweight, flexible, and feature-rich. [...]

System76 has designed the Lemur Pro with monitor-based docking in mind. It envisions users connecting to a big screen using the USB-C connection to benefit from the more expansive workspace and laptop charging. Like Windows, Linux had to have some serious tinkering under the hood to prepare for the mix of Performance and Efficiency cores in Alder Lake chips. However, rest assured, efficient hybrid scheduling is taken care of with the two OS options that can be pre-installed on the Lemur Pro.

System76 allows customers to configure and buy Lemur Pro laptops right now. There are many RAM and storage configurations to pick through, and you can add external keyboards and monitors to the bundle. The entry price with an Intel Core i5-1235U, 8GB RAM, 240GB of storage, and no extras is $1,149. However, the Core i7-1255U model is a bit of a stretch, adding $200 to the base price for the faster CPU clocks.

Polar Night Energy says it's just opened its first commercial sand battery at the premises of "new energy" company Vatajankoski, a few hours out of Helsinki. New Atlas reports: This is a thermal energy storage system, effectively built around a big, insulated steel tank -- around 4 meters (13.1 ft) wide and 7 meters (23 ft) high -- full of plain old sand. When this sand is heated up, using a simple heat exchanger buried in the middle of it, this device is capable of storing an impressive 8 megawatt-hours of energy, at a nominal power rating of 100 kW, with the sand heated to somewhere around 500-600 degrees Celsius (932-1112F). When it's needed, the energy is extracted again as heat in the same way. Vatajankowski is using this stored heat, in conjunction with excess heat from its own data servers, to feed the local district heating system, which uses piped water to transmit heat around the area. It can then be used to heat buildings, or swimming pools, or in industrial processes, or in any other situation that requires heat.

This helps make it extremely efficient, the company tells Disruptive Investing in a video interview. "It's really easy to convert electricity into heat," says Polar Night CTO Markku Ylonen. "But going back from heat to electricity, that's where you need turbines and more complex things. As long as we're just using the heat as heat, it stays really simple." The company claims an efficiency factor up to 99 percent, a capability to store heat with minimal loss for months on end, and a lifespan in the decades. There's nothing special about the sand -- the company says it just needs to be dry and free from combustible debris. [...] The company says it'll scale up, too, with installations around 20 gigawatt-hours of energy storage making hundreds of megawatts of nominal power, and the sand heated as far as 1,000C (1,832F) in certain designs. It's possible to create bulk underground storage facilities out of disused mine shafts, if they're the right shape. There are no high-pressure vessels needed, and the biggest cost involved is often the pipework.

Longstanding Thunderbolt and network-attached storage company Drobo filed for Chapter 11 bankruptcy in late June, and will hold its first creditors meeting on July 17. AppleInsider reports: First formed as Data Robotics in 2005, Drobo manufactured solutions for remote and network storage. Parent company StarCentric filed bankrupcy papers with the California Northern Bankruptcy Court (San Jose) on June 20, 2022. According to official court documentation, the company is to hold its first creditors meeting on July 19. There is also a final deadline for filing claims against the company, which is October 17, 2022.

The company has no commented publicly on the decision. However, the company appears to have been badly affected by the coronavirus. [...] Drobo's online US and European stores are currently both showing every product as sold out. The Chapter 11 filing implies that the company is trying to reorganize and return to full operations at some point. It isn't yet clear what the reorganization will look like, nor the magnitude of the creditors' demands.

An anonymous reader quotes a report from TechCrunch: The burgeoning low-code and no-code movement is showing little sign of waning, with numerous startups continuing to raise sizable sums to help the less-technical workforce develop and deploy software with ease. Arguably one of the most notable examples of this trend is Airtable, a 10-year-old business that recently attained a whopping $11 billion valuation for a no-code platform used by firms such as Netflix and Shopify to create relational databases. In tandem, we're also seeing a rise in "open source alternatives" to some of the big-name technology incumbents, from Google's backend-as-a-service platform Firebase to open source scheduling infrastructure that seeks to supplant the mighty Calendly. A young Dutch company called Baserow sits at the intersection of both these trends, pitching itself as an open source Airbase alternative that helps people build databases with minimal technical prowess. Today, Baserow announced that it has raised $5.2 million in seed funding to launch a suite of new premium and enterprise products in the coming months, transforming the platform from its current database-focused foundation into a "complete, open source no-code toolchain," co-founder and CEO Bram Wiepjes told TechCrunch.

So what, exactly, does Baserow do in its current guise? Well, anyone with even the most rudimentary spreadsheet skills can use Baserow for use-cases spanning content marketing, such as managing brand assets collaboratively across teams; managing and organizing events; helping HR teams or startups manage and track applicants for a new role; and countless more, which Baserow provides pre-built templates for. [...] Baserow's open source credentials are arguably its core selling point, with the promise of greater extensibility and customizations (users can create their own plug-ins to enhance its functionality, similar to how WordPress works) -- this is a particularly alluring proposition for businesses with very specific or niche use cases that aren't well supported from an off-the-shelf SaaS solution. On top of that, some sectors require full control of their data and technology stack for security or compliance purposes. This is where open source really comes into its own, given that businesses can host the product themselves and circumvent vendor lock-in.

With a fresh 5 million euros in the bank, Baserow is planning to double down on its commercial efforts, starting with a premium incarnation that's officially launching out of an early access program later this month. This offering will be available as a SaaS and self-hosted product and will include various features such as the ability to export in different formats; user management tools for admin; Kanban view; and more. An additional "advanced" product will also be made available purely for SaaS customers and will include a higher data storage limit and service level agreements (SLAs). Although Baserow has operated under the radar somewhat since its official foundation in Amsterdam last year, it claims to have 10,000 active users, 100 sponsors who donate to the project via GitHub and 800 users already on the waiting list for its premium version. Later this year, Baserow plans to introduce a paid enterprise version for self-hosting customers, with support for specific requirements such as audit logs, single sign-on (SSO), role-based access control and more.

A 900 MW 'water battery' that cost Switzerland 2 billion euros and was under construction for 14 years, is now operational, Euronews reported. The battery is located nearly 2,000 feet (600 m) underground in the Swiss Alps. Interesting Engineering reports: A water battery consists of two large pools of water located at different heights. When power production is high, excessive power is used to move water from the lower pool to the pool at a higher height, which is similar to charging a conventional battery. When power demand increases, the water at the higher level can be released and, as it heads to the lower pool, it passes through turbines that generate electricity and can be used to power the grid.

The water battery that recently went operational in Switzerland has a storage capacity of 20 million kWh, the equivalent of 400,000 electric cars, and is aimed at helping stabilize the energy grid in Switzerland and other connected grids in Europe. The plant has six turbines that can generate 900 MW of power, Euronews revealed. The battery has been built between the reservoirs of Emosson and Vieux Emosson in Valais, a canton in the southwestern part of Switzerland. Located nearly 2,000 feet (600 m) underground, the vast engine room of the plant measures about 650 feet (200 m) long and is over 100 feet (32 m) wide.

To move the building materials to the site, the engineers had first to carve out tunnels through the Alps. The length of the tunnels dug for the project extends to about 11 miles (18 km). Once these tunnels were in place, building material and prefabricated buildings could be moved into the mountain, a process that took 14 years. To increase the energy storage capacity of the battery, the height of the Vieux Emosson dam was also increased by 65 feet (20 m). After all this hard work, the battery is now operational and at its peak is capable of powering 900,000 homes at a time.

The Associated Press reports on a massive new 150-foot (45-meter) tower going up in Berlin — just to hold 56 million liters (14.8 million gallons) of hot water that "will help heat Berlin homes this winter even if Russian gas supplies dry up..."

"[T]he new facility unveiled Thursday at Vattenfall's Reuter power station will hold water brought to almost boiling temperature using electricity from solar and wind power plants across Germany. During periods when renewable energy exceeds demand the facility effectively acts as a giant battery, though instead of storing electricity it stores heat..." "It's a huge thermos that helps us to store the heat when we don't need it," said Tanja Wielgoss, who heads the Sweden-based company's heat unit in Germany. "And then we can release it when we need to use it.... Sometimes you have an abundance of electricity in the grids that you cannot use anymore, and then you need to turn off the wind turbines," said Wielgoss. "Where we are standing we can take in this electricity."

The 50-million-euro ($52 million) facility will have a thermal capacity of 200 Megawatts — enough to meet much of Berlin's hot water needs during the summer and about 10% of what it requires in the winter. The vast, insulated tank can keep water hot for up to 13 hours, helping bridge short periods when there's little wind or sun....

Berlin's top climate official, Bettina Jarasch, said the faster such heat storage systems are built, the better. "Due to its geographic location the Berlin region is even more dependent on Russian fossil fuels than other parts of Germany," she told The Associated Press. "That's why we're really in a hurry here."
"While it will be Europe's biggest heat storage facility when it's completed at the end of this year, an even bigger one is already being planned in the Netherlands."

An anonymous reader quotes a report from Phoronix, written by Michael Larabel: RISC-V International has relayed word to us that in China the DeepComputing and Xcalibyte organizations have announced pre-orders on the first RISC-V laptop intended for developers. The "ROMA" development platform features a quad-core RISC-V processor, up to 16GB of RAM, up to 256GB of storage, and should work with most RISC-V Linux distributions. [...] DeepComputing and Xcalibyte say this laptop uses an "unannounced" quad-core RISC-V processor so is very light on the details. But frankly if it wasn't a RISC-V International PR contact relaying this to me, it sounds more like a satire announcement. The ROMA press release today goes on to note, "A Web3-friendly platform with NFT creation and publication plus integrated MetaMask-style wallet, ROMA will create an even more integrated experience with future AR glasses and AI speakers operating entirely on RISC-V software and powered by RISC-V hardware."

Quantities are also said to be limited for this ROMA laptop, which likely will put a pricing premium on it. Their cringe-worthy press release filled with buzzwords and scant technical details goes on to note, "The first 100 customers to pre-order ROMA will receive a unique NFT to mark the birth of the world's first native RISC-V development platform laptop. And you can have your ROMA personally engraved with your name or company name." [...] So right now this announcement just raises a lot more questions than answers, but we are certainly looking forward to hearing more about RISC-V laptops... Further reading: Pine64 Is Working On a RISC-V Single-Board Computer

An anonymous reader quotes a report from Ars Technica: A few months ago, we reviewed the MNT Reform, which attempts to bring the dream of entirely open source hardware to an audience that doesn't want to design and build a laptop totally from scratch. Now, MNT is bringing its open-hardware ethos to a second PC, a 7-inch "Pocket Reform" laptop that recalls the design of old clamshell Pocket PCs, just like the big Reform references the design of chunky '90s ThinkPads.

The Pocket Reform borrows many of the big Reform laptop's design impulses, including a low-profile mechanical keyboard and trackball-based pointing device and a chunky, retro-throwback design. The device includes a 7-inch 1080p screen, a pair of USB-C ports (one of which is used for charging), a microSD slot for storage expansion, and a micro HDMI port for connecting to a display when you're at your desk. [...] The version of the Pocket Reform in the announcement isn't ready to launch yet, and MNT says it represents "near-final specs and design." For users interested in the Pocket Reform's imminent early beta program, there's a newsletter sign-up link at the bottom of the announcement. One of the main complaints Ars noted about the big Reform was the "miserably slow ARM processor," which will be included in the Pocket Reform.

With that said, MNT has addressed other complaints about the big Reform by "adding reinforced metal side panels to cover the ports and a redesigned battery system that won't let the batteries fully discharge if the laptop is left unplugged."

Following the launch of Apple's new 13-inch MacBook Pro with the M2 chip, it has been discovered that the $1,299 base model with 256GB of storage has significantly slower SSD read/write speeds compared to the equivalent previous-generation model. From a report: YouTube channels such as Max Tech and Created Tech tested the 256GB model with Blackmagic's Disk Speed Test app and found that the SSD's read and write speeds are both around 1,450 MB/s, which is around 50% slower reading and around 30% slower writing compared to the 13-inch MacBook Pro with the M1 chip and 256GB of storage.

Disk Speed Test app numbers shared by Vadim Yuryev of Max Tech:
13-inch MacBook Pro (M1/256GB) Read Speed: 2,900
13-inch MacBook Pro (M2/256GB) Read Speed: 1,446
13-inch MacBook Pro (M1/256GB) Write Speed: 2,215
13-inch MacBook Pro (M2/256GB) Write Speed: 1,463

Yuryev disassembled the new 13-inch MacBook Pro and discovered that the 256GB model is equipped with only a single NAND flash storage chip, whereas the previous model has two NAND chips that are likely 128GB each. This difference likely explains why the new model has a slower SSD, as multiple NAND chips allows for faster speeds in parallel.

"Tesla has launched a new virtual power plant in partnership with PG&E in California that will pay Powerwalls owners to help stabilize the electric grid and end brownouts in California," reports Electrek. A virtual power plant (VPP) consists of distributed energy storage systems, like Tesla Powerwalls, used in concert to provide grid services and avoid the use of polluting and expensive peaker power plants.
PC Magazine notes the program was launched in conjunction with California power utility Pacific Gas and Electric Company: As well as the personal feeling of satisfaction for helping to stabilize California's grid, you'll receive $2 for every additional kilowatt-hour delivered during designated "events," such as any time grid operator CAISO issues an energy alert, warning, or emergency. Contributors will receive push notifications before and during an event with details of its expected start and finish times. Once an event is over, each Powerwall will automatically resume normal operation.
Electrek adds that "The $2 per kWh amount is quite significant and reflects just how much value a Virtual Power Plant can add to the grid in case of an emergency event where the grid needs more capacity. Depending on the events and the number of Powerwalls homeowners have, they could earn anywhere from $10 to $60 per event or even more for bigger systems."

But in addition, "Tesla will dispatch your Powerwall when the grid is in critical need of additional power. That is when the least efficient generators would typically come online."

And you get the distinction of being pat of "the largest distributed battery in the world — potentially over 50,000 Powerwalls.... Tesla said that it has about 50,000 Powerwalls that could be eligible for this VPP, which add up to a significant 500 MWh of energy capacity than can be distributed in any event... [I]t is basically going to turn the company into a major decentralized electric utility. It's already in operation in Australia. Now it's in California, and soon it is going to be in Texas."

An anonymous reader quotes a report from PC Gamer: Back in March, a wave of bizarre copyright strikes rocked the Destiny 2 community. Not only did it affect some of the game's biggest content creators, but also videos on Bungie's own YouTube channel. It turned out none of them had actually come from the developer but a "bad actor" impersonating two employees from the CSC, Bungie's IP protection agency of choice. Now, that person has allegedly been identified and Bungie's suing them for a whopping $7.6 million. Ouch.

Nicholas 'Lord Nazo' Minor is accused of fraudulently firing off 96 separate DMCA takedown notices throughout mid-March (thanks, TheGamePost). According to the lawsuit (PDF), Minor was issued legitimate copyright strikes in both December 2021 and March 2022 for uploading the OST for Destiny's The Taken King and The Witch Queen expansions. During that period, Minor is said to have created two separate email addresses impersonating CSC employees. He then used those email addresses to issue the false takedown notices.

The lawsuit goes on to say that during the whole kerfuffle, Minor was "taking part in the community discussion of 'Bungie's' takedowns, spreading disinformation" as well as trying to file a counterclaim with YouTube, saying the legitimate takedowns on his channel were included in the wave of fraudulent ones. Bungie claims that the situation caused "significant reputational and economic damage," with the publisher having to "devote significant internal resources to addressing it and helping its players restore their videos and channels." It claims its "entitled to damages and injunctive relief, including enhanced statutory damages of $150,000 for each of the works implicated in the Fraudulent Takedown Notice that willfully infringed Bungie's registered copyrights, totaling $7,650,000."

An anonymous reader quotes a report from TechCrunch: The co-founder and CEO of Solana, Anatoly Yakovenko, had a Steve Jobs moment when he stood in front of an auditorium in New York City and announced the launch of Saga, an Android web3-focused smartphone. "This is something that I fundamentally believe the industry needs to do," Yakovenko said. "We didn't see a single crypto feature at the Apple developer conference 13 years after Bitcoin was alive." People will pull out their laptops in the middle of dates so they don't miss an NFT minting opportunity, Yakovenko joked. "So I think it's time for crypto to go mobile," Yakovenko added.

Saga aims to implement digital asset products and services, so users can easily transact with their cryptocurrency through the device, opposed to a laptop browser. In addition to the announcement of Saga, Yakovenko shared the launch of the Solana Mobile Stack, or SMS, which is a web3 layer for Solana built on the phone. SMS will consist of a number of products including a seed vault, a custody solution, a mobile wallet adapter, Solana Pay for Android and its decentralized application (dApp) store. It "provides a new set of libraries for wallets and apps, allowing developers to create rich mobile experiences on Solana," a press release said.

A number of crypto companies including FTX, Phantom and Magic Eden will partner with SMS and there is also a $10 million developer fund for people who build apps on it. "The builders are coming and they are higher quality than before," Raj Gokal, COO at Solana Labs said. "They're ready for the next leg of user growth." The $1,000 device will have 512 GB of storage with a 6.67-inch OLED display and is available for preorder with a $100 deposit and deliveries will occur in Q1 2023, Yakovenko said.

The group responsible for developing and updating the PCI Express standard, the PCI-SIG, aims to update that standard roughly every three years. From a report: Version 6.0 was released earlier this year, and the group has announced that PCIe version 7.0 is currently on track to be finalized sometime in 2025. Like all new PCI Express versions, its goal is to double the available bandwidth of its predecessor, which in PCIe 7.0's case means that a single PCIe 7.0 lane will be able to transmit at speeds of up to 32GB per second. That's a doubling of the 16GB per second promised by PCIe 6.0, but it's even more striking when compared to PCIe 4.0, the version of the standard used in high-end GPUs and SSDs today. A single PCIe 4.0 lane provides bandwidth of about 4GB per second, and you need eight of those lanes to offer the same speeds as a single PCIe 7.0 lane.

Increasing speeds opens the door to ever-faster GPUs and storage devices, but bandwidth gains this large would also make it possible to do the same amount of work with fewer PCIe lanes. Today's SSDs normally use four lanes of PCIe bandwidth, and GPUs normally use 16 lanes. You could use the same number of lanes to support more SSDs and GPUs while still providing big increases in bandwidth compared to today's accessories, something that could be especially useful in servers.

An anonymous reader quotes a report from Ars Technica: In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores. On the company's homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega's lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not. Over the years, the company has repeatedly reminded the world of this supposed distinction, which is perhaps best summarized in this blog post. In it, the company claims, "As long as you ensure that your password is sufficiently strong and unique, no one will ever be able to access your data on MEGA. Even in the exceptionally improbable event MEGA's entire infrastructure is seized!" (emphasis added). Third-party reviewers have been all too happy to agree and to cite the Mega claim when recommending the service.

Research published on Tuesday shows there's no truth to the claim that Mega, or an entity with control over Mega's infrastructure, is unable to access data stored on the service. The authors say that the architecture Mega uses to encrypt files is riddled with fundamental cryptography flaws that make it trivial for anyone with control of the platform to perform a full key recovery attack on users once they have logged in a sufficient number of times. With that, the malicious party can decipher stored files or even upload incriminating or otherwise malicious files to an account; these files look indistinguishable from genuinely uploaded data.

After receiving the researchers' report privately in March, Mega on Tuesday began rolling out an update that makes it harder to perform the attacks. But the researchers warn that the patch provides only an "ad hoc" means for thwarting their key-recovery attack and does not fix the key reuse issue, lack of integrity checks, and other systemic problems they identified. With the researchers' precise key-recovery attack no longer possible, the other exploits described in the research are no longer possible, either, but the lack of a comprehensive fix is a source of concern for them. "This means that if the preconditions for the other attacks are fulfilled in some different way, they can still be exploited," the researchers wrote in an email. "Hence we do not endorse this patch, but the system will no longer be vulnerable to the exact chain of attacks that we proposed." Mega has published an advisory here. However, the chairman of the service says that he has no plans to revise promises that the company cannot access customer data.

Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, has been found guilty by a Seattle jury on charges of wire fraud and computer hacking. From a report: Thompson, 36, was accused of using her knowledge as a software engineer working in the retail giant's cloud division, Amazon Web Services, to identify cloud storage servers that were allegedly misconfigured to gain access to the cloud stored data used by CapitalOne. That included names, dates of birth, Social Security numbers, email addresses and phone numbers, and other sensitive financial information, such as credit scores, limits and balances. Some one million Canadians were also affected by the CapitalOne breach. Thompson also accessed the cloud stored data of more than 30 other companies, according to a superseding indictment filed by the Justice Department almost two years after Thompson was first charged, which reportedly included Vodafone, Ford, Michigan State University and the Ohio Department of Transportation.

"The most impactful change to come out of WWDC had nothing to do with APIs, a new framework or any hardware announcement," writes Jordan Morgan via Daring Fireball. "Instead, it was a change I've been clamoring for the last several years -- and it's one that's incredibly indie friendly. As you've no doubt heard by now, I'm of course talking about iCloud enabled apps now allowing app transfers." 9to5Mac explains how it works: According to Apple, you already could transfer an app when you've sold it to another developer or you would want to move it to another App Store Connect account or organization. You can also transfer the ownership of an app to another developer without removing it from the App Store. The company said: "The app retains its reviews and ratings during and after the transfer, and users continue to have access to future updates. Additionally, when an app is transferred, it maintains its Bundle ID -- it's not possible to update the Bundle ID after a build has been uploaded for the app."

The news here is that it's easier for developers to transfer the ownership of apps that use iCloud. Apple said that if your app uses any of the following, it will be transferred to the transfer recipient after they accept the app transfer: iCloud to store user data; iCloud containers; and KVS identifiers are associated with the app.

The company said: "If multiple apps on your account share a CloudKit container, the transfer of one app will disable the other apps' ability to read or store data using the transferred CloudKit container. Additionally, the transferor will no longer have access to user data for the transferred app via the iCloud dashboard. Any app updates will disable the app's ability to read or store data using the transferred CloudKit container. If your app uses iCloud Key-Value Storage (KVS), the full KVS value will be embedded in any new provisioning profiles you create for the transferred app. Update your entitlements plist with the full KVS value in your provisioning profile." You can learn more about the news via this Apple Developer page.

India has lifted business restrictions on Mastercard, nearly a year after imposing the ban, once again allowing the cards giant to add new customers in the South Asian market after it demonstrated "satisfactory compliance" with the local data storage rules, the central bank said on Thursday. From a report: In a series of moves last year, the Reserve Bank of India indefinitely barred Mastercard, American Express and Diners Club from issuing new debit, credit or prepaid cards to customers over noncompliance with local data storage rules. The business restrictions on American Express and Diners Club remain in place in the country, though they are permitted to continue to serve their existing customer base. The report adds: Unveiled in 2018, the local data-storage rules require payments firms to store all Indian transaction data within servers in the country. Visa, Mastercard and several other firms, as well as the U.S. government, previously requested New Delhi to reconsider its rules, which they argued were designed to allow the regulator "unfettered supervisory access."