Alphabet, Google's parent company, is reportedly in advanced negotiations to acquire cloud security startup Wiz for approximately $23 billion, Wall Street Journal reported on Sunday. The potential deal, which would value Wiz at nearly double its most recent private valuation of $12 billion, underscores the growing importance of cybersecurity in Alphabet's enterprise strategy as it seeks to narrow the gap with cloud computing rivals such as Microsoft, Morgan Stanley said in a note.

Founded in January 2020, Wiz has quickly established itself as a leading player in the Cloud-Native Application Protection Platform (CNAPP) space, utilizing an agentless approach to secure cloud application deployments throughout their lifecycle. The company's platform continuously assesses and prioritizes critical risks across various security domains, providing customers with a comprehensive view of their cloud security posture. Wiz has experienced rapid growth since its inception, with annual recurring revenue (ARR) exceeding $350 million as of January 2024, representing a year-over-year increase of over 75%. The company boasts an impressive client roster, with more than 40% of Fortune 100 companies among its customers, and has raised nearly $2 billion in funding to date.

If confirmed, the acquisition would mark Alphabet's largest to date, significantly expanding its footprint in the burgeoning cloud security market. The move follows previous security-focused acquisitions by the tech giant, including the $5.4 billion purchase of Mandiant in 2022 and the $500 million acquisition of Siemplify. Morgan Stanley adds that the potential acquisition could raise questions about Wiz's ability to maintain neutrality across multiple cloud platforms, potentially benefiting competitors such as Palo Alto Networks and CrowdStrike in the near term.

Thunderbird's annual Extended Support Release was revealed Friday, promising "significant" improvements to the overall user experience and "the speed at which we can deliver new features to you," according to the Thunderbird blog: We've devoted significant development time integrating Rust — a modern programming language originally created by Mozilla Research — into Thunderbird. Even though this is a seemingly invisible change, it is a major leap forward because it enhances our code quality and performance. This overhaul will allow us to share features between the desktop and future mobile versions of Thunderbird, and speed up our development process. It's a win for our developers and a win for you.
More from the blog OMG Ubuntu: I'm also stoked to see that Thunderbird 128 makes 'newest first' the default sort order for messages in message list. While some prefer the old way, I always found it strange that the oldest mails were shown first — team reverse chronology, represent!
They also cite "a number of OpenPGP improvements," plus a new preference option for displaying full names and email addresses of all recipients in the message list. (Plus, threaded-message views now display a "New Message" count.)

Other new features in this release:

• A new and more attractive layout for Cards View (with adjustable heights) that "makes it easier to scan your email threads and glean information."

• The folder pane has better recall of message thread states

• Improved theme compatibility. "Your Thunderbird should blend seamlessly with your desktop environment, matching the system's accent colors perfectly." (Especially beneficial on Ubuntu and Mint.)

• You can now customize the color of your account icon.

The Thunderbird blog also mentions that "We plan to launch the first phase of built-in support for Exchange, as well as Mozilla Sync, in a future Nebula point release (e.g. Thunderbird 128.X)."

"A leading South Korean producer of electric vehicle batteries has declared itself in crisis," reports the Financial Times, "as its customers struggle with disappointing EV sales in Europe and the US." SK On, the world's fourth-largest EV battery maker behind Chinese giants CATL and BYD and South Korean rival LG Energy Solution, has recorded losses for 10 consecutive quarters since being spun off by its parent company in 2021. Its net debt has increased more than fivefold, from Won2.9tn ($2.1bn) to Won15.6tn over the same period, as western EV sales have fallen far short of its expectations. With losses snowballing, chief executive Lee Seok-hee announced a series of cost-cutting and working practice measures last Monday, describing them as a state of "emergency management".

"We have our back against the wall," Lee wrote in a letter to employees. "We should all pull together."

[...] Tim Bush, a Seoul-based battery analyst at UBS, said the South Korean battery makers had been "badly let down" by US car manufacturers, which he said had failed to produce EVs sufficiently attractive to mass market consumers to meet their own bullish sales projections. He noted that until as recently as last year, General Motors was forecasting it would sell 1 million EVs in 2025. It sold just 21,930 in the second quarter of this year.
Bush tells the Financial Times that "the automakers didn't invest enough in producing high-quality affordable EVs." But he also tells the newspaper that a transition to EVs is still "inevitable".

"As long as the wider SK Group continues to see SK On as a trophy asset and gives it the support it needs to weather the present storm, then its long-term future is likely to be assured."

Thanks to long-time Slashdot reader schwit1 for sharing the article.

"Signal is finally tightening its desktop client's security," reports BleepingComputer — by changing the way it stores plain text encryption keys for the SQLite database where users' messages are stored: When BleepingComputer contacted Signal about the flaw in 2018, we never received a response. Instead, a Signal Support Manager responded to a user's concerns in the Signal forum, stating that the security of its database was never something it claimed to provide. "The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide," responded the Signal employee...

[L]ast week, mobile security researchers Talal Haj Bakry and Tommy Mysk of Mysk Inc warned on X not to use Signal Desktop because of the same security weakness we reported on in 2018... In April, an independent developer, Tom Plant, created a request to merge code that uses Electron's SafeStorage API "...to opportunistically encrypt the key with platform APIs like DPAPI on Windows and Keychain on macOS," Plant explained in the merge request... When used, encryption keys are generated and stored using an operating system's cryptography system and secure key stores. For example, on Macs, the encryption key would be stored in the Keychain, and on Linux, it would use the windows manager's secret store, such as kwallet, kwallet5, kwallet6, and gnome-libsecret... While the solution would provide additional security for all Signal desktop users, the request lay dormant until last week's X drama.

Two days ago, a Signal developer finally replied that they implemented support for Electron's safeStorage, which would be available soon in an upcoming Beta version. While the new safeStorage implementation is tested, Signal also included a fallback mechanism that allows the program to decrypt the database using the legacy database decryption key...

Signal says that the legacy key will be removed once the new feature is tested.
"To be fair to Signal, encrypting local databases without a user-supplied password is a problem for all applications..." the article acknowledges.

"However, as a company that prides itself on its security and privacy, it was strange that the organization dismissed the issue and did not attempt to provide a solution..."

clovis (Slashdot reader #4,684) writes: Joe Engle received his astronaut wings in a ceremony on July 15, 1965, for his flight in the hypersonic aircraft, reaching an altitude of 50 miles above the Earth. At 32, he was the youngest man to become an astronaut.

Later, he entered the Apollo program and eventually commanded the STS-2 flight of the Space Shuttle.

Here is an interview from 2004. I thought it was interesting that they used the F-104 as the chase plane and for training because the flight characteristics were so similar, which says a lot about the F-104.

Anyway, the X-15 project was a big deal for us science/geek types back when I was a kid. I wonder if it's something today's generation is even aware of.

Slashdot reader joshuark shared this report from BetaNews: Check Point Research has identified a critical zero-day spoofing attack exploiting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser's retirement.

Identified as CVE-2024-38112, this vulnerability allows attackers to execute remote code by tricking users into opening malicious Internet Shortcut (.url) files. This attack method has been active for over a year and could potentially impact millions... Attackers use a sophisticated trick to mask the malicious .hta extension, making use of the outdated security of Internet Explorer to compromise systems running updated Windows operating systems.
From Check Point Research: Even though IE has been proclaimed "retired and out-of-support," technically speaking, IE is still part of the Windows OS and is "not inherently unsafe, as IE is still serviced for security vulnerabilities, and there should be no known exploitable security vulnerabilities," according to our communications with Microsoft.

TechSpot writes: Users of the Linksys Velop Pro 6E and 7 mesh routers should change their passwords and Wi-Fi network names through an external web browser. The two models transmit critical information to outside servers in an insecure manner upon initial installation. New patches have emerged since the issue was discovered, but Linksys hasn't publicly responded to the matter, and it is unclear if the latest firmware leaves sensitive data exposed to interception.
The issue was discovered by Testaankoop, the Belgian equivalent of the Consumers' Association. And they warned Linksys back in November, according to the tech news site Stack Diary. (The practice could leave passwords and other information vulnerable to Man-in-the-Middle attacks.) Testaankoop suspects the security issue might stem from third-party software used in the Linksys firmware. However, they emphasize that this does not excuse the vulnerability.
Thanks to long-time Slashdot reader schwit1 for sharing the news.

An anonymous reader quotes a report from DefenseScoop: A group of NATO countries are set to begin implementing a new project aimed at improving the alliance's ability to quickly share intelligence gathered by space-based assets operated by both member nations and the commercial sector. Seventeen NATO members signed a memorandum of understanding for the Alliance Persistence Surveillance from Space (APSS) program as part of the annual NATO summit being held in Washington this week, the alliance announced Tuesday. Members will now move into a five-year implementation phase of the project, during which allies will contribute more than $1 billion "to leverage commercial and national space assets, and to expand advanced exploitation capacities," according to a press release.

The United States is one of the nations signed onto the initiative, as well as Belgium, Canada, Denmark, Finland, France, Germany, Greece, Hungary, Italy, Luxembourg, the Netherlands, Norway, Poland, Romania, Sweden and Turkey, according to a NATO source. The transatlantic organization created APSS last year with the intent to establish a "virtual constellation" -- dubbed Aquila -- comprising both national and commercial space systems, sensors and data that can be used by NATO's command structure and other allies. The project is considered "the largest multinational investment in space-based capabilities" in the alliance's history, and is set to increase NATO's ability "to monitor activities on the ground and at sea with unprecedented accuracy and timeliness," a press release stated.

Participating nations will be able to use their own space systems, provide tools for intelligence collection and analysis, or purchase space-based data gathered by commercial constellations. "Integrating and exploiting data from space effectively has been a growing challenge over time," a NATO press release stated. "By leveraging latest technologies from industry, APSS will help advance NATO's innovation agenda and offer a new platform to engage with the growing space industry." The APSS project is part of the larger implementation of NATO's overarching space policy adopted in 2019, which officially recognized space as a new operational domain. Since then, the alliance has worked to bolster its presence in space -- including the establishment of a NATO Space Centre in 2020 and approval of an official Space Branch within the Allied Command Transformation in June.

OpenAI is close to a breakthrough with a new project called "Strawberry," which aims to enhance its AI models with advanced reasoning abilities. Reuters reports: Teams inside OpenAI are working on Strawberry, according to a copy of a recent internal OpenAI document seen by Reuters in May. Reuters could not ascertain the precise date of the document, which details a plan for how OpenAI intends to use Strawberry to perform research. The source described the plan to Reuters as a work in progress. The news agency could not establish how close Strawberry is to being publicly available. How Strawberry works is a tightly kept secret even within OpenAI, the person said.

The document describes a project that uses Strawberry models with the aim of enabling the company's AI to not just generate answers to queries but to plan ahead enough to navigate the internet autonomously and reliably to perform what OpenAI terms "deep research," according to the source. This is something that has eluded AI models to date, according to interviews with more than a dozen AI researchers. Asked about Strawberry and the details reported in this story, an OpenAI company spokesperson said in a statement: "We want our AI models to see and understand the world more like we do. Continuous research into new AI capabilities is a common practice in the industry, with a shared belief that these systems will improve in reasoning over time."

On Tuesday at an internal all-hands meeting, OpenAI showed a demo of a research project that it claimed had new human-like reasoning skills, according to Bloomberg, opens new tab. An OpenAI spokesperson confirmed the meeting but declined to give details of the contents. Reuters could not determine if the project demonstrated was Strawberry. OpenAI hopes the innovation will improve its AI models' reasoning capabilities dramatically, the person familiar with it said, adding that Strawberry involves a specialized way of processing an AI model after it has been pre-trained on very large datasets. Researchers Reuters interviewed say that reasoning is key to AI achieving human or super-human-level intelligence.

Mark Tyson reports via Tom's Hardware: The German Navy is searching for a new storage system to replace the aging 8-inch (20cm) floppy disks which are vital to the running of its Brandenburg class F123 frigates. According to an official tender document, the ideal answer to the German Navy's problems would be a drop-in floppy disk replacement based upon a storage emulation system, reports Golem.de. Germany's Brandenburg class F123 frigates were commissioned in the mid 1990s, so it is understandable that floppy disks were seen as a handy removable storage medium. These drives are part of the frigates' data acquisition system and, thus "central to controlling basic ship functions such as propulsion and power generation," according to the source report.

The F123s are specialized in submarine hunting, and they are also being upgraded in terms of the weapon systems and weapon control systems. Swedish company Saab is the general contractor for the F123 modernizations. It won't be trivial to replace three decades old computer hardware seamlessly, while retaining the full functionality of the existing floppies. However, we note that other companies have wrestled similar problems in recent years. Moreover, there are plenty of emulator enthusiasts using technologies for floppy emulation solutions like Gotek drives which can emulate a variety of floppy drive standards and formats. There are other workable solutions already out there, but it all depends on who the German Navy chooses to deliver the project.

Southwest Airlines has signed a deal with Archer Aviation to develop plans for an on-demand eVTOL (electric vertical takeoff and landing) service in California. The Verge reports: The service will operate using Archer's battery-powered, four-passenger, tilt-rotor Midnight aircraft, which are designed to take off and land vertically from a landing strip like a helicopter. As part of the deal, the aircraft will get access to 14 California airports where Southwest operates. [...] Archer claims that trips that normally take 60-90 minutes by car can be done in 10-20 minutes in the company's air taxis.

Archer came out of stealth in spring 2020 after having poached key talent from Wisk and Airbus' Vahana project. (That fact spurred a lawsuit from Wisk for alleged trade secret theft, which was finally settled last year.) The company has a $1 billion order from United Airlines for its eVTOL aircraft and a deal to mass-produce its eVTOL craft with global automaker Stellantis.

Archer recently received a Part 135 air carrier certification from the Federal Aviation Administration, which the company will need to operate an on-demand air taxi service. Archer has said it plans on launching before the end of 2025. [...] As part of the deal, Archer will work with Southwest and its partners on the development of an air taxi network across California. That includes the unions of Southwest employees, like the Southwest Airlines Pilots Association.

Jowi Morales reports via Tom's Hardware: There's a vast difference between hardware and software developers, which opens up pitfalls for those trying to coordinate the two teams. Arm and x86 researchers encountered it years ago -- and Linus Torvalds, the creator of Linux, fears RISC-V development may fall into the same chasm again. "Even when you do hardware design in a more open manner, hardware people are different enough from software people [that] there's a fairly big gulf between the Verilog and even the kernel, much less higher up the stack where you are working in what [is] so far away from the hardware that you really have no idea how the hardware works," he said (video here). "So, it's really hard to kind of work across this very wide gulf of things and I suspect the hardware designers, some of them have some overlap, but they will learn by doing mistakes -- all the same mistakes that have been done before." [...]

"They'll have all the same issues we have on the Arm side and that x86 had before them," he says. "It will take a few generations for them to say, 'Oh, we didn't think about that,' because they have new people involved." But even if RISC-V development is still expected to make many mistakes, he also said it will be much easier to develop the hardware now. Linus says, "It took a few decades to really get to the point where Arm and x86 are competing on fairly equal ground because there was al this software that was fairly PC-centric and that has passed. That will make it easier for new architectures like RISC-V to then come in."

In a new analysis, research firm Bernstein challenges the conventional wisdom surrounding Apple's iPhone sales fluctuations, arguing that perceived market share shifts between Apple and Android devices are largely illusory. The report, which Bernstein sent to its clients, contends that the majority of iPhone buyers are existing users upgrading their devices, rather than switchers from Android platforms.

Bernstein posits that year-to-year changes in iPhone unit sales are predominantly driven by Apple's upgrade rates within its established user base. This dynamic creates the appearance of significant market share gains or losses, particularly in China, where consumers are highly sensitive to new features. The analyst notes that upgrade cycles in China tend to be more pronounced than in other markets, leading to exaggerated perceptions of market share volatility. He suggests that the company's struggles in the region are more likely attributed to poor upgrade rates within its existing customer base rather than a mass exodus to competitors like Huawei.

An anonymous reader shares a report: The vast majority of the massive, metallic towers the city commissioned to help low-income neighborhoods access high-speed 5G internet still lack cell signal equipment -- more than two years after hundreds of the structures began sprouting across the five boroughs. Just two of the nearly 200 Link5G towers installed by tech firm CityBridge since 2022 have been fitted with 5G equipment, company officials said. Delayed installations and cooling enthusiasm around 5G technology have discouraged carriers like Verizon from using the towers to build out their networks, experts say. The firm only has an agreement with a single telecommunications carrier to deliver high-speed internet, stymieing its efforts to boost mobile connectivity citywide.

The 32-foot-tall structures, which resemble giant tampon applicators emerging from the sidewalk, offer the same services as the LinkNYC electronic billboards that popped up around the city in 2016. Those were also installed by CityBridge. Both the original Link kiosks and the 5G towers provide free limited-range Wi-Fi, charging outlets and a tablet to connect users to city services. Data shared by the company shows that 16 million people have used the internet at kiosks since 2016, and the attached tablets are used to call for city services thousands of times each month. But unlike the LinkNYC kiosks, each new tower is topped with a 12-foot-tall cylindrical mesh chamber containing five empty shelves reserved for companies like Verizon and T-Mobile to store the equipment they use to transmit high-speed 5G internet service to paying customers.

Arm is launching its Arm Accuracy Super Resolution (ASR) upscaler that "can make games look better, while lowering power consumption on your phone," according to The Verge. "It's also making the upscaling technology available to developers under an MIT open-source license." From the reprot: Arm based its technology on AMD's FidelityFX Super Resolution 2 (FSR 2), which uses temporal upscaling to make PC games look better and boost frame rates. Unlike spatial upscaling, which upscales an image based on a single frame, temporal upscaling involves using multiple frames to generate a higher-quality image.

You can see just how Arm ASR stacks up to AMD's FSR 2 and Qualcomm's GSR tech in [this chart] created by Arm. Arm claims ASR produced 53 percent higher frame rates than rendering at native resolution on a device with an Arm Immortalis-G720 GPU and 2800 x 1260 display, beating AMD FSR 2. It also tested ASR on a device using MediaTek's Dimensity 9300 chip and found that rendering at 540p and upscaling with ASR used much less power than running a game at native 1080p resolution.

An anonymous reader quotes a report from Ars Technica, written by Samuel Axon: In one of the most egregiously unethical uses of AI we've seen, a web advertising company has re-created some defunct, classic tech blogs like The Unofficial Apple Weblog (TUAW) and iLounge by mimicking the bylines of the websites' former writers and publishing AI-generated content under their names. The Verge reported on the fiasco in detail, including speaking to Christina Warren, a former writer for TUAW who now works at GitHub. Warren took to the social media platform Threads yesterday to point out that someone had re-launched TUAW at its original domain and populated it with fake content allegedly written by her and other past TUAW staff. Some of the content simply reworded articles that originally appeared on TUAW, while other articles tied real writers' names to new, AI-generated articles about current events.

TUAW was shut down in 2015, but its intellectual property and domain name continued to be owned by Yahoo. A Hong Kong-based web advertising firm named Web Orange Limited claims to have purchased the domain and brand name but not the content. The domain name still carries some value in terms of Google ranking, so Web Orange Limited seems to have relaunched the site and then used AI summarization tools to reword the original content and publish it under the original authors' names. (It did the same with another classic Apple blog, iLounge.) The site also includes author bios, which are generic and may have been generated, and they are accompanied by author photos that don't look anything like the real writers. The Verge found that some of these same photos have appeared in other places, like web display ads for iPhone cases and dating websites. They may have been AI-generated, though the company has also been caught reusing photos of real people without permission in other contexts.

At first, some of Web Orange Limited's websites named Haider Ali Khan, an Australian currently residing in Dubai, as the owner of the company. Khan's own website identified him as "an independent cyber security analyst" and "long-time advocate for web security" who also runs a web hosting company, and who "started investing in several technology reporting websites" and "manages and runs several news blogs such as the well-known Apple tech-news blog iLounge." However, mentions of his name were removed from the websites today, and the details on his personal website have apparently been taken offline. Warren emailed the company, threatening legal action. After she did that, the byline was changed to what we can only assume is a made-up name -- "Mary Brown." The same goes for many of the other author names on Web Orange Limited's websites.

The company likely tried to use the original authors' names as part of an SEO play; Google tracks the names of authors and gives them authority rankings on specific topics as another layer on top of a website's own authority. That way, Google can try to respond to user queries with results written by people who have built strong reputations in the users' areas of interest. It also helps Google surface authors who are experts on a topic but who write for multiple websites, which is common among freelance writers. The websites are still operational, even though the most arguably egregious breach of ethics -- the false use of real people's names -- has been addressed in many cases.

Apple's biggest new product in years is not expected to shake off its slow sales start until the release of a cheaper model next year. From a report: The $3,500 Vision Pro mixed-reality headset has yet to sell 100,000 units in a quarter since its launch in the US in February, and it faces a 75% drop in domestic sales in the current quarter, according to market tracker IDC.

The gadget's international launch at the end of June will offset weakness in the US. A more affordable edition -- which IDC estimates would cost roughly half as much -- should rekindle interest in 2025, but sales may not rise meaningfully over the coming year, IDC said. "The Vision Pro's success, regardless of its price, will ultimately depend on the available content," said Francisco Jeronimo, vice president at IDC. "As Apple expands the product to international markets, it's crucial that local content is also made available."

Alphabet unit Google's cloud subsidiary will look into other options in its fight against Microsoft's licensing practices, the head of Google Cloud head said on Wednesday. From a report: The comments by Amit Zavery came after Microsoft reached a deal with trade body CISPE to resolve the latter's antitrust complaint about its cloud licensing practices. "Many regulatory bodies have opened inquiries into Microsoft's licensing practices, and we are hopeful there will be remedies to protect the cloud market from Microsoft's anti-competitive behavior," he said.

"We are exploring our options to continue to fight against Microsoft's anti-competitive licensing in order to promote choice, innovation, and the growth of the digital economy in Europe."

A group of residents in Tokyo said on Wednesday they were aiming to block construction of a massive logistics and data centre planned by Singaporean developer GLP, in a worrying sign for businesses looking to Japan to meet growing demand. From a report: The petition by more than 220 residents of Akishima city in western Tokyo follows a successful bid in December in Nagareyama city to quash a similar data-centre plan. The Akishima residents were concerned the centre would threaten wildlife, cause pollution and a spike in electricity usage, and drain its water supply which comes solely from groundwater. They filed a petition to audit the urban planning procedure that approved GLP's 3.63-million-megawatt data centre, which GLP estimated would likely emit about 1.8 million tons of carbon dioxide a year. "One company will be responsible for ruining Akishima. That's what this development is," Yuji Ohtake, a representative of the residents' group, told a press conference. Global tech firms such as Microsoft, Amazon and Oracle also have plans to build data centres in Japan. The residents estimated that 3,000 of 4,800 trees on the site would have to be cut down, threatening the area's Eurasian goshawk birds and badgers.

An anonymous reader quotes a report from VentureBeat: The Girls in Tech nonprofit women's tech community is closing its doors after 17 years, according to a newsletter from founder Adriana Gascoigne. Gascoigne said the decision was made with "sadness and devastation" and was not made lightly. "It is with a heavy heart that I share the news that Girls in Tech will be closing its doors. This decision was not made lightly, and the sadness and devastation we feel cannot be overstated," Gascoigne wrote. "For 17 incredible years, we have offered a welcoming community based on empowerment, support, and inspiration for women in the tech industry. Together, we have made a profound impact, helping women reach for the stars and excel in their careers, while working tirelessly to eliminate the gender gap in tech worldwide."

The group reached more than 250,000 individuals across 35 chapters in 30 countries on six continents. It was founded in Silicon Valley, but Gascoigne relocated the group to Nashville, Tennessee, in 2022 during the pandemic. I interviewed her numerous times about the group's mission and goals, and how it rose to greater relevance in fighting the "toxic culture" of Silicon Valley. The group's programs included a mentorship program, hackathons, coding bootcamps, the Girls in Tech Conference, a startup challenge, global classroom, podcast, blog, jobs board, and shop. The group organized thousands of in-person and virtual events, producing educational and engaging content. Without explanation, Gascoigne said in closing, "Though Girls in Tech is closing its doors, the movement we started must and will continue. I encourage each of you to carry on the fight to eliminate the gender gap in tech. Our mission will live on in other forms, driven by the same passion and commitment that have always defined us. I will miss you all deeply. Thank you for being a part of this incredible journey."