An anonymous reader quotes a report from The Register: Germany's Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrike's outage in July are dropping their current vendor's products. Four percent of organizations have already abandoned their existing solutions, while a further 6 percent plan to do so in the near future. It wasn't explicitly said whether this referred to CrowdStrike's Falcon product specifically or was a knee-jerk reaction to security vendors generally. One in five will also change the selection criteria when it comes to reviewing which security vendor gets their business. The whole fiasco doesn't seem to have hurt the company much though, at least not yet.

The findings come from a report examining the experiences of 311 affected organizations in Germany, published today. Of those affected in one way or another, most said they first heard about the issues from social media (23 percent) rather than CrowdStrike itself (22 percent). The report also revealed that half of the 311 surveyed orgs had to halt operations -- 48 percent experienced temporary downtime. Ten hours, on average. Aside from the obvious business continuity impacts, this led to various issues with customers too. Forty percent said their collaboration with customers was damaged because they couldn't provide their usual services, while more than one in ten organizations didn't even want to address the topic. The majority of respondents (66 percent) said they will improve their incident response plans in light of what happened, or have done so already, despite largely considering events like these as unavoidable. The report highlights a curious finding that over half of CrowdStrike customers wanted to install updates more regularly, even though that would have been worse for an organization.

"Regardless, with the number of urgent patch warnings we and the infosec community dish out every week, it's probably a net positive, even if it's slightly misguided," concludes The Register.

Apple's latest macOS 15 "Sequoia" update, released earlier this week, has disrupted security tools from major providers including CrowdStrike, SentinelOne, and Microsoft, according to reports. The extent and cause of the disruption remain unclear.

Google is updating its Password Manager to allow users to sync passkeys across multiple devices, including Windows, macOS, Linux, and Android, with iOS and ChromeOS support coming soon. Engadget reports: Once saved, the passkey automatically syncs across other devices using Google Password Manager. The company says this data is end-to-end encrypted, so it'll be pretty tough for someone to go in and steal credentials. [...] Today's update also brings another layer of security to passkeys on Google Password Manager. The company has introduced a six-digit PIN that will be required when using passkeys on a new device. This would likely stop nefarious actors from logging into an account even if they've somehow gotten ahold of the digital credentials. Just don't leave the PIN number laying on a sheet of paper directly next to the computer.

A conspiracy theory known as "Dead Internet Theory" has gained traction in recent years, positing that most online social activity is artificial and designed to manipulate users. This theory has grown alongside the rise of large language models like ChatGPT. On Monday, software developer Michael Sayman launched SocialAI, an app that seems to embody aspects of this theory. ArsTechnica: SocialAI's 28-year-old creator, Michael Sayman, previously served as a product lead at Google, and he also bounced between Facebook, Roblox, and Twitter over the years. In an announcement post on X, Sayman wrote about how he had dreamed of creating the service for years, but the tech was not yet ready. He sees it as a tool that can help lonely or rejected people.

"SocialAI is designed to help people feel heard, and to give them a space for reflection, support, and feedback that acts like a close-knit community," wrote Sayman. "It's a response to all those times I've felt isolated, or like I needed a sounding board but didn't have one. I know this app won't solve all of life's problems, but I hope it can be a small tool for others to reflect, to grow, and to feel seen." As The Verge reports in an excellent rundown of the example interactions, SocialAI lets users choose the types of AI followers they want, including categories like "supporters," "nerds," and "skeptics." These AI chatbots then respond to user posts with brief comments and reactions on almost any topic, including nonsensical "Lorem ipsum" text.

An anonymous reader quotes a report from NPR: The State Department announced Wednesday that its online renewal system is now fully operational, after testing in pilot programs, and available to adult passport holders whose passport has expired within the past five years or will expire in the coming year. It is not available for the renewal of children's passports, for first-time passport applicants for renewal applicants who live outside the United States or for expedited applications. "By offering this online alternative to the traditional paper application process, the Department is embracing digital transformation to offer the most efficient and convenient passport renewal experience possible," Secretary of State Antony Blinken said in a statement. The department said it estimated that about 5 million Americans would be able to use this service a year. In 2023, it processed 24 million passports, about 40% of which were renewals.

Assistant Secretary of State for Consular Affairs Rena Bitter, whose bureau oversees passport processing said the department hoped to expand the program in the coming years to possibly include Americans living abroad, those seeking to renew a second passport and children's passports. "This is not going to be the last thing that we do," she told reporters. "We want to see how this goes and then we'll start looking at ways to continue to make this service available to more American citizens in the coming months and years." You can renew your passport at www.Travel.State.Gov/renewonline.

The once-booming tech job market has contracted sharply, with software development postings down over 30% since February 2020, according to Indeed.com. Tech companies have shed around 137,000 jobs since January, Layoffs.fyi reports.

This downturn, following years of aggressive hiring, marks a significant shift in the industry's labor dynamics. Companies are pivoting from growth-at-all-costs strategies to revenue-focused approaches, cutting entry-level positions and redirecting resources towards AI development. The release of ChatGPT in late 2022 sparked an AI investment frenzy, creating high demand for specialized AI talent.

Coming soon: Amazon sellers duking it out on TV to get their wares prime placement at the world's largest online retailer. Think "Shark Tank" meets Home Shopping Network. From a report: The e-commerce giant plans to introduce a new competition show next month in which entrepreneurs pitch their products to a studio audience as well as to judges including Amazon executives and celebrities like Goop founder Gwyneth Paltrow and designer Christian Siriano. Finalists will have their inventions sold in a new Amazon "Buy It Now" online store, and the winner of each episode will earn $20,000.

The show is the retailer's latest attempt to marry content and commerce. Persuading consumers to shop through Internet-enabled televisions has long been a goal of traditional entertainment companies, but getting viewers to scan the QR code can be difficult. By creating shows that highlight its sellers and their products, Amazon has a better shot at getting viewers to shop -- especially younger audiences who are already doing this on apps like TikTok, said Bernstein analyst Mark Shmulik. "This feels more elegant than QR codes," Shmulik said of Amazon's new game show. Over the past few years, Amazon has introduced ads with QR codes in about 100 shows and movies, including "The Summer I Turned Pretty," "The Boys" and, more recently, NFL football games.

The Federal Trade Commission said on Thursday it found that several social media and streaming services engaged in a "vast surveillance" of consumers, including minors, collecting and sharing more personal information than most users realized. From a report: The findings come from a study of how nine companies -- including Meta, YouTube and TikTok -- collected and used consumer data. The sites, which mostly offer free services, profited off the data by feeding it into advertising that targets specific users by demographics, according to the report. The companies also failed to protect users, especially children and teens.

The F.T.C. said it began its study nearly four years ago to offer the first holistic look into the opaque business practices of some of the biggest online platforms that have created multibillion-dollar ad businesses using consumer data. The agency said the report showed the need for federal privacy legislation and restrictions on how companies collect and use data. "Surveillance practices can endanger people's privacy, threaten their freedoms, and expose them to a host of harms, from identify theft to stalking," said Lina Kahn, the F.T.C.'s chair, in a statement.

Anduril Industries, a defense startup founded by Palmer Luckey, will integrate its Lattice suite of software into Microsoft's Integrated Visual Augmentation System headset for the U.S. Army. The deal aims to enhance soldiers' battlefield awareness by displaying real-time data from drones, vehicles, and defense systems.

Luckey, who sold virtual reality company Oculus to Facebook for $2 billion, launched Anduril in 2017 to challenge traditional defense contractors. The firm recently secured a contract to develop an experimental robotic fighter jet, beating out industry giants. While Microsoft's IVAS faced initial user complaints of nausea and headaches, the Army plans to invest $21.9 billion in the project.

U.S. tech giant Cisco has let go of thousands of employees following its second layoff of 2024. From a report: The technology and networking company announced in August that it would reduce its headcount by 7%, or around 5,600 employees, following an earlier layoff in February, in which the company let go of about 4,000 employees. As TechCrunch previously reported, Cisco employees said that the company refused to say who was affected by the layoffs until September 16. Cisco did not give a reason for the month-long delay in notifying affected staff. One employee told TechCrunch at the time that Cisco's workplace had become the "most toxic environment" they had worked in. TechCrunch has learned that the layoffs also affect Talos Security, the company's threat intelligence and security research unit.

Kenya signed a Memorandum of Understanding (MoU) with the U.S. on nuclear technology cooperation during the 2024 IAEA General Conference in Vienna, with the aim of safely integrating nuclear power into Kenya's energy mix by 2035. The agreement focuses on collaboration in nuclear safety, regulatory experience, and research. The Standard reports: The historic pact came a day after Prime Cabinet Secretary Musalia Mudavadi addressed the general session of the conference. Mudavadi had outlined Kenya's ambitious plans to integrate nuclear power into the country's energy mix by 2035, as part of a broader strategy to meet its growing energy demand. Kenya's current installed energy capacity, as of 2023, totals 3,321 MW, with significant contributions from geothermal (863 MW), hydroelectric power (838 MW), wind (436 MW), solar (173 MW), biomass (2 MW), and thermal energy (678 MW). However, despite these sources, the country still faces a shortfall in its energy supply. Experts say nuclear energy will be crucial in addressing this deficit and supporting Kenya's long-term industrialization goals.

The MoU was signed by the Kenya Nuclear Regulatory Authority (KNRA) and the United States Nuclear Regulatory Commission (USNRC), with both parties expressing optimism about the future of nuclear cooperation between the two nations. [...] Areas of cooperation will include sharing of operating experience and regulatory experience, cooperation in joint programs of nuclear safety research and trainings. Kenya, along with several other developing nations, is exploring the potential use of nuclear energy beyond electricity generation, including its applications in health and agriculture. As the country moves forward with its nuclear aspirations, experts highlight the importance of robust regulatory frameworks and international cooperation to ensure the safe and effective deployment.

schwit1 shares a report from SpaceNews: The FAA announced Sept. 17 that it notified SpaceX of $633,009 in proposed fines for violating terms of its launch licenses during the June 2023 Falcon 9 launch of the Satria-1, or PSN Satria, broadband satellite and the July 2023 Falcon Heavy launch of Jupiter-3, or EchoStar-24, broadband satellite. Both launches were successful.

For the Satria-1 launch, the FAA said in its enforcement notice (PDF) to the company that SpaceX had requested in May 2023 changes to its communications plan to allow the use of a new launch control center at the company's "Hangar X" facility at the Kennedy Space Center and to skip a poll of launch controllers at two hours before liftoff. The FAA notified SpaceX shortly before the scheduled launch that it would not be able to approve those changes and modify the license in time, although the enforcement notice did not state why. SpaceX went ahead and used the Hangar X control center and skipped the "T-2 hours" poll for the launch. The agency concluded that violated two conditions of its launch license, which allowed for civil penalties of up to $283,009 each. The FAA said it planned to fine SpaceX a combined $350,000 for that launch.

A month later, SpaceX conducted the Falcon Heavy launch of Jupiter-3, but nine days before the launch the company requested a modification to its launch license to allow it to use a new tank farm for RP-1 fuel at KSC's Launch Complex 39A, according to a separate enforcement notice. The FAA notified SpaceX two days before the scheduled launch that the agency would not be able to modify the license in time, but SpaceX nonetheless used the new tank farm for the launch. The agency said it proposed to fine SpaceX the maximum $283,009 for that violation. Instead of participating in administrative procedures, SpaceX CEO Elon Musk said it would take the FAA to court. "SpaceX will be filing suit against the FAA for regulatory overreach," he posted on X.

An anonymous reader quotes a report from Ars Technica: The Senate Judiciary Committee is scheduled to consider two bills Thursday that would effectively nullify the Supreme Court's rulings against patents on broad software processes and human genes. Open source and Internet freedom advocates are mobilizing and pushing back. The Patent Eligibility Restoration Act (or PERA, S. 2140), sponsored by Sens. Thom Tillis (R-NC) and Chris Coons (D-Del.), would amend US Code such that "all judicial exceptions to patent eligibility are eliminated." That would include the 2014 ruling in which the Supreme Court held, with Justice Clarence Thomas writing, that simply performing an existing process on a computer does not make it a new, patentable invention. "The relevant question is whether the claims here do more than simply instruct the practitioner to implement the abstract idea of intermediated settlement on a generic computer," Thomas wrote. "They do not." That case also drew on Bilski v. Kappos, a case in which a patent was proposed based solely on the concept of hedging against price fluctuations in commodity markets. [...]

Another wrinkle in the PERA bill involves genetic patents. The Supreme Court ruled in June 2013 that pieces of DNA that occur naturally in the genomes of humans or other organisms cannot, themselves, be patented. Myriad Genetics had previously been granted patents on genes associated with breast and ovarian cancer, BRCA1 and BRCA2, which were targeted in a lawsuit led by the American Civil Liberties Union (ACLU). The resulting Supreme Court decision -- this one also written by Thomas -- found that information that naturally occurs in the human genome could not be the subject to a patent, even if the patent covered the process of isolating that information from the rest of the genome. As with broad software patents, PERA would seemingly allow for the patenting of isolated human genes and connections between those genes and diseases like cancer. [...] The Judiciary Committee is set to debate and potentially amend or rewrite PREVAIL and PERA (i.e. mark up) on Thursday.

Snapchat's terms of service for its "My Selfie" tool reserve the right to use users' AI-generated images in ads. While users can opt out by disabling the "See My Selfie in Ads" feature, it is enabled by default. 404 Media's Emanuel Maiberg reports: A support page on the Snapchat website titled "What is My Selfie?" explains further: "You'll take selfies with your Snap camera or select images from your camera roll. These images will be used to understand what you look like to enable you, Snap and your friends to generate novel images of you. If you're uploading images from the camera roll, only add images of yourself," Snapchat's site says. "After you've successfully onboarded, you may have access to some features powered by My Selfie, like Cameos stickers and AI Snaps. We are constantly adding features and functionality so stay tuned for more My Selfie features."

After seeing the popup, I searched for instances of people getting ads featuring their own face on Snapchat, and found this thread on the r/Privacy Reddit community where a user claimed exactly this happened to them. In an email to 404 Media, Snapchat said that it couldn't confirm or deny whether this user was served an ad featuring their face, but if they did, the ad was not using My Selfie images. Snapchat also said that it investigated the claim in the Reddit thread and that the advertiser, yourdreamdegree.com, has a history of advertising on Snapchat and that Snapchat believes the ad in question does not violate any of its policies. "The photo that was used in the advertisement is clearly AI, however, it is very clearly me," the Reddit user said. "It has my face, my hair, the clothing I wear, and even has my lamp & part of a painting on my wall in the background. I have no idea how they got photos of me to be able to generate this ad." Snapchat confirmed the news but emphasized that advertisers do not have access to Snapchat users' generative AI data. "You are correct that our terms do reserve the right, in the future, to offer advertising based on My Selfies in which a Snapchatter can see themselves in a generated image delivered to them," a Snapchat spokesperson said. "As explained in the onboarding modal, Snapchatters have full control over this, and can turn this on and off in My Selfie Settings at any time."

"Apple has begun manufacturing its A16 SoC at the newly-opened TSCM Fab 21 in Arizona," writes Slashdot reader NoMoreACs. AppleInsider reports: According to sources of Tim Culpan, Phase 1 of TSMC's Fab 21 in Arizona is making the A16 SoC of the iPhone 14 Pro in "small, but significant, numbers. The production is largely a test for the facility at this stage, but more production is expected in the coming months. The volume will ramp up massively once the second stage of the Phase 1 fab actually concludes. If everything stays on schedule, the Arizona plant will hit a target for production sometime in the first half of 2025.

Sources say TSMC is achieving yields that are marginally behind those of Taiwan-based factories. Yield parity is expected to happen within months. TSMC has also raised its investment and moved to build additional plants in Arizona, with three set to be constructed in total. The U.S. Commerce Department previously claimed this will create 6,000 direct manufacturing jobs, on top of an estimated 20,000 construction jobs.

Late last month, Brazilian Justice Alexandre de Moraes ordered X to suspend operations in Brazil after a months-long dispute with X owner Elon Musk. The conflict centered on Musk's refusal to appoint a legal representative in the country and his refusal to take down disinformation and far-right accounts. However, on Wednesday, X bypassed the court-ordered block by utilizing third-party cloud services, allowing many Brazilian users to access the platform without the need for a virtual private network (VPN). From a report: The number of Brazilians accessing X is unknown, according to [Abrint, the Brazilian Association of Internet and Telecommunications Providers]. "I believe the change was probably intentional. Why would X use a third-party service that ends up being slower than its own?" said Basilio Perez, a board member at Abrint.

Any revised order from Brazil's national telecommunications agency Anatel, which is responsible for implementing the court ruling, will need to be more specific, because blocking cloud access is complex and may jeopardize government agencies and financial services providers, Perez said.

Anatel has identified the problem and is working to first notify content delivery network providers, followed by telecom companies to block access again to X in Brazil, according to a person familiar with the situation. The same person said it is not clear how long it will take for the providers to comply with the order...

In a statement tweeted from X's global government affairs account, the company said the restoration of service was an "inadvertent and temporary" side-effect of switching network providers.

ZDNet's Steven Vaughan-Nichols reports: After 20 years, Real-Time Linux (PREEMPT_RT) is finally -- finally -- in the mainline kernel. Linus Torvalds blessed the code while he was at Open Source Summit Europe. [...] The real-time Linux code is now baked into all Linux distros as of the forthcoming Linux 6.12 kernel. This means Linux will soon start appearing in more mission-critical devices and industrial hardware. But it took its sweet time getting here. An RTOS is a specialized operating system designed to handle time-critical tasks with precision and reliability. Unlike general-purpose operating systems like Windows or macOS, an RTOS is built to respond to events and process data within strict time constraints, often measured in milliseconds or microseconds. As Steven Rostedt, a prominent real-time Linux developer and Google engineer, put it, "Real-time is the fastest worst-case scenario." He means that the essential characteristic of an RTOS is its deterministic behavior. An RTOS guarantees that critical tasks will be completed within specified deadlines. [...]

So, why is Real-Time Linux only now completely blessed in the kernel? "We actually would not push something up unless we thought it was ready," Rostedt explained. "Almost everything was usually rewritten at least three times before it went into mainline because we had such a high bar for what would go in." In addition, the path to the mainline wasn't just about technical challenges. Politics and perception also played a role. "In the beginning, we couldn't even mention real-time," Rostedt recalled. "Everyone said, 'Oh, we don't care about real-time.'" Another problem was money. For many years funding for real-time Linux was erratic. In 2015, the Linux Foundation established the Real-Time Linux (RTL) collaborative project to coordinate efforts around mainlining PREEMPT_RT.

The final hurdle for full integration was reworking the kernel's print_k function, a critical debugging tool dating back to 1991. Torvalds was particularly protective of print_k --He wrote the original code and still uses it for debugging. However, print_k also puts a hard delay in a Linux program whenever it's called. That kind of slowdown is unacceptable in real-time systems. Rostedt explained: "Print_k has a thousand hacks to handle a thousand different situations. Whenever we modified print_k to do something, it would break one of these cases. The thing about print_k that's great about debugging is you can know exactly where you were when a process crashed. When I would be hammering the system really, really hard, and the latency was mostly around maybe 30 microseconds, and then suddenly it would jump to five milliseconds." That delay was the print_k message. After much work, many heated discussions, and several rejected proposals, a compromise was reached earlier this year. Torvalds is happy, the real-time Linux developers are happy, print_K users are happy, and, at long last, real-time Linux is real.

An anonymous reader quotes a report from Data Center Dynamics: BlackRock plans to launch a new $30 billion artificial intelligence (AI) investment fund focused on data centers and energy projects. Microsoft and Abu Dhabi-backed investment company MGX are general partners of the fund. GPU giant Nvidia will also advise. Run through BlackRock's Global Infrastructure Partners fund, which it acquired for $12.5 billion earlier this year, the 'Global AI Investment Partnership,' plans to raise up to $30 billion in equity investments. Another $70 billion could come via leveraged debt financing. "Mobilizing private capital to build AI infrastructure like data centers and power will unlock a multi-trillion-dollar long-term investment opportunity," said Larry Fink, chairman and CEO of BlackRock. "Data centers are the bedrock of the digital economy, and these investments will help power economic growth, create jobs, and drive AI technology innovation."

Brad Smith, Microsoft's president, added: "The capital spending needed for AI infrastructure and the new energy to power it goes beyond what any single company or government can finance. This financial partnership will not only help advance technology, but enhance national competitiveness, security, and economic prosperity."

Bayo Ogunlesi, CEO of Global Infrastructure Partners, said: "There is a clear need to mobilize significant amounts of private capital to fund investments in essential infrastructure. One manifestation of this is the capital required to support the development of AI. We are highly confident that the combined capabilities of our partnership will help accelerate the pace of investments in AI-related infrastructure."

The Register's Jessica Lyons reports: Chinese state-sponsored spies have been spotted inside a global engineering firm's network, having gained initial entry using an admin portal's default credentials on an IBM AIX server. In an exclusive interview with The Register, Binary Defense's Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim's three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer's IT environment for four months while poking around for more boxes to commandeer. It's a tale that should be a warning to those with long- or almost-forgotten machines connected to their networks; those with shadow IT deployments; and those with unmanaged equipment. While the rest of your environment is protected by whatever threat detection you have in place, these legacy services are perfect starting points for miscreants.

This particular company, which Dwyer declined to name, makes components for public and private aerospace organizations and other critical sectors, including oil and gas. The intrusion has been attributed to an unnamed People's Republic of China team, whose motivation appears to be espionage and blueprint theft. It's worth noting the Feds have issued multiple security alerts this year about Beijing's spy crews including APT40 and Volt Typhoon, which has been accused of burrowing into American networks in preparation for destructive cyberattacks.

After discovering China's agents within its network in August, the manufacturer alerted local and federal law enforcement agencies and worked with government cybersecurity officials on attribution and mitigation, we're told. Binary Defense was also called in to investigate. Before being caught and subsequently booted off the network, the Chinese intruders uploaded a web shell and established persistent access, thus giving them full, remote access to the IT network -- putting the spies in a prime position for potential intellectual property theft and supply-chain manipulation. If a compromised component makes it out of the supply chain and into machinery in production, whoever is using that equipment or vehicle will end up feeling the brunt when that component fails, goes rogue, or goes awry.

"The scary side of it is: With our supply chain, we have an assumed risk chain, where whoever is consuming the final product -- whether it is the government, the US Department of the Defense, school systems â" assumes all of the risks of all the interconnected pieces of the supply chain," Dwyer told The Register. Plus, he added, adversarial nations are well aware of this, "and the attacks continually seem to be shifting left." That is to say, attempts to meddle with products are happening earlier and earlier in the supply-chain pipeline, thus affecting more and more victims and being more deep-rooted in systems. Breaking into a classified network to steal designs or cause trouble is not super easy. "But can I get into a piece of the supply chain at a manufacturing center that isn't beholden to the same standards and accomplish my goals and objectives?" Dwyer asked. The answer, of course, is yes. [...]

The House Energy and Commerce Committee has approved the AM for Every Vehicle Act, which mandates that automakers include AM radio in new vehicles without additional charges. The Verge reports: The bill passed the committee on a roll-call vote of 45-2 and now heads to the full House for final approval. The bill, titled the AM for Every Vehicle Act, would direct the National Highway Traffic Safety Administration (NHTSA) to issue a rule that "requires automakers to maintain AM broadcast radio in their vehicles without a separate or additional payment, fee, or surcharge." Supporters say they are pushing the bill out of a concern that the slow demise of AM radio could make it more difficult to broadcast emergency information during a natural disaster or other related events. Conservatives are also worried about losing a lucrative platform for right-wing news and media. [...]

Automakers generally see AM radio as an obsolete technology, arguing that there are other, better technologies, such as internet streaming, HD radio delivered on FM bands, or some apps that provide AM content that will make up for the absence of AM radio in vehicles. Critics say the bill could also add to the costs of producing EVs at a time when many manufacturers are struggling to rein in their costs. "With a new mandate, [EV companies] will have to go through a significant powertrain redesign, vehicle redesign," Albert Gore, executive director of the Zero Emission Transportation Association, said in an interview earlier this year, "because of the degree to which electric motor generates this [electromagnetic] interference."