According to the Wall Street Journal, a deal for IBM to acquire HashiCorp could materialize in the next few days. Shares of HashiCorp jumped almost 20% on the news. CNBC reports: Developers use HashiCorp's software to set up and manage infrastructure in public clouds that companies such as Amazon and Microsoft operate. Organizations also pay HashiCorp for managing security credentials. Founded in 2012, HashiCorp went public on Nasdaq in 2021. The company generated a net loss of nearly $191 million on $583 million in revenue in the fiscal year ending Jan. 31, according to its annual report. In December, Mitchell Hashimoto, co-founder of HashiCorp, whose family name is reflected in the company name, announced that he was leaving.

Revenue jumped almost 23% during that period, compared with 2% for IBM in 2023. IBM executives pointed to a difficult economic climate during a conference call with analysts in January. The hardware, software and consulting provider reports earnings on Wednesday. Cisco held $9 million in HashiCorp shares at the end of March, according to a regulatory filing. Cisco held early acquisition talks with HashiCorp, according to a 2019 report.

An anonymous reader quotes a report from Ars Technica: There's a new Linux distro on the scene today, and it's a bit specialized. Its development was led by the automotive electronics supplier Elektrobit, and it's the first open source OS that complies with the automotive industry's functional safety requirements. [...] With Elektrobit's EB corbos Linux for Safety Applications (that sure is a long name), there's an open source Linux distro that finally fits the bill, having just been given the thumbs up by the German organization TUV Nord. (It also complies with the IEC 61508 standard for safety applications.) "The beauty of our concept is that you don't even need to safety-qualify Linux itself," said Moritz Neukirchner, a senior director at Elektrobit overseeing SDVs. Instead, an external safety monitor runs in a hypervisor, intercepting and validating kernel actions.

"When you look at how safety is typically being done, look at communication -- you don't safety-certify the communication specs or Ethernet stack, but you do a checker library on top, and you have a hardware anchor for checking down below, and you insure it end to end but take everything in between out of the certification path. And we have now created a concept that allows us to do exactly that for an operating system," Neukirchner told me. "So in the end, since we take Linux out of the certification path and make it usable in a safety-related context, we don't have any problems in keeping up to speed with the developer community," he explained. "Because if you start it off and say, 'Well, we're going to do Linux as a one-shot for safety,' you're going to have the next five patches and you're off [schedule] again, especially with the security regulation that's now getting toward effect now, starting in July with the UNECE R155 that requires continuous cybersecurity management vulnerability scanning for all software that ends up in the vehicle."

"In the end, we see roughly 4,000 kernel security patches within eight years for Linux. And this is the kind of challenge that you're being put up to if you want to participate in that speed of innovation of an open source community as rich as that of Linux and now want to combine this with safety-related applications," Neukirchner said. Elektrobit developed EB corbos Linux for Safety Applications together with Canonical, and together they will share the maintenance of keeping it compliant with safety requirements over time.

prisoninmate writes: Fedora Linux 40 distribution has been officially released -- powered by the latest Linux 6.8 kernel series, and featuring the GNOME 46 and KDE Plasma 6 desktop environments, reports 9to5Linux:

"Powered by the latest and greatest Linux 6.8 kernel series, the Fedora Linux 40 release ships with the GNOME 46 desktop environment for the flagship Fedora Workstation edition and the KDE Plasma 6 desktop environment for the Fedora KDE Spin, which defaults to the Wayland session as the X11 session was completely removed."

"Fedora Linux 40 also includes some interesting package management changes, such as dropping Delta RPMs and disabling support in the default configuration of DNF / DNF5. It also changes the DNF behavior to no longer download filelists by default. However, this release doesn't ship with the long-awaited DNF5 package manager. For AMD GPUs, Fedora Linux 40 ships with AMD ROCm 6.0 as the latest release of AMD's software optimized for AI and HPC workload performance, which enables support for the newest flagship AMD Instinct MI300A and MI300X datacenter GPUs."

quonset writes: Just over two weeks ago, NASA figured out why its Voyager 1 spacecraft stopped sending useful data. They suspected corrupted memory in its flight data system (FDS) was the culprit. Today, for the first time since November, Voyager 1 is sending useful data about its health and the status of its onboard systems back to NASA. How did NASA accomplish this feat of long distance repair? They broke up the code into smaller pieces and redistributed them throughout the memory.

From NASA: "... So they devised a plan to divide the affected code into sections and store those sections in different places in the FDS. To make this plan work, they also needed to adjust those code sections to ensure, for example, that they all still function as a whole. Any references to the location of that code in other parts of the FDS memory needed to be updated as well. The team started by singling out the code responsible for packaging the spacecraft's engineering data. They sent it to its new location in the FDS memory on April 18. A radio signal takes about 22 1/2 hours to reach Voyager 1, which is over 15 billion miles (24 billion kilometers) from Earth, and another 22 1/2 hours for a signal to come back to Earth. When the mission flight team heard back from the spacecraft on April 20, they saw that the modification worked: For the first time in five months, they have been able to check the health and status of the spacecraft. During the coming weeks, the team will relocate and adjust the other affected portions of the FDS software. These include the portions that will start returning science data.

In a huge move for the mixed reality industry, Meta announced today that it's opening the Quest's operating system to third-party companies, allowing them to build headsets of their own. From a report: Think of it like moving the Quest's ecosystem from an Apple model, where one company builds both the hardware and software, to more of a hardware free-for-all like Android. The Quest OS is being rebranded to "Meta Horizon OS," and at this point it seems to have found two early adopters. ASUS's Republic of Gamers (ROG) brand is working on a new "performance gaming" headsets, while Lenovo is working on devices for "productivity, learning and entertainment." (Don't forget, Lenovo also built the poorly-received Oculus Rift S.)

As part of the news, Meta says it's also working on a limited-edition Xbox "inspired" Quest headset. (Microsoft and Meta also worked together recently to bring Xbox cloud gaming to the Quest.) Meta is also calling on Google to bring over the Google Play 2D app store to Meta Horizon OS. And, in an effort to bring more content to the Horizon ecosystem, software developed through the Quest App Lab will be featured in the Horizon Store. The company is also developing a new spatial framework to let mobile developers created mixed reality apps.

50 years ago this week, PC software pioneer Gary Kildall "demonstrated CP/M, the first commercially successful personal computer operating system in Pacific Grove, California," according to a blog post from Silicon Valley's Computer History Museum. It tells the story of "how his company, Digital Research Inc., established CP/M as an industry standard and its subsequent loss to a version from Microsoft that copied the look and feel of the DRI software."

Kildall was a CS instructor and later associate professor at the Naval Postgraduate School (NPS) in Monterey, California... He became fascinated with Intel Corporation's first microprocessor chip and simulated its operation on the school's IBM mainframe computer. This work earned him a consulting relationship with the company to develop PL/M, a high-level programming language that played a significant role in establishing Intel as the dominant supplier of chips for personal computers.

To design software tools for Intel's second-generation processor, he needed to connect to a new 8" floppy disk-drive storage unit from Memorex. He wrote code for the necessary interface software that he called CP/M (Control Program for Microcomputers) in a few weeks, but his efforts to build the electronic hardware required to transfer the data failed. The project languished for a year. Frustrated, he called electronic engineer John Torode, a college friend then teaching at UC Berkeley, who crafted a "beautiful rat's nest of wirewraps, boards and cables" for the task.

Late one afternoon in the fall of 1974, together with John Torode, in the backyard workshop of his home at 781 Bayview Avenue, Pacific Grove, Gary "loaded my CP/M program from paper tape to the diskette and 'booted' CP/M from the diskette, and up came the prompt: *

[...] By successfully booting a computer from a floppy disk drive, they had given birth to an operating system that, together with the microprocessor and the disk drive, would provide one of the key building blocks of the personal computer revolution... As Intel expressed no interest in CP/M, Gary was free to exploit the program on his own and sold the first license in 1975.
What happened next? Here's some highlights from the blog post:

• "Reluctant to adapt the code for another controller, Gary worked with Glen Ewing to split out the hardware dependent-portions so they could be incorporated into a separate piece of code called the BIOS (Basic Input Output System)... The BIOS code allowed all Intel and compatible microprocessor-based computers from other manufacturers to run CP/M on any new hardware. This capability stimulated the rise of an independent software industry..."

• "CP/M became accepted as a standard and was offered by most early personal computer vendors, including pioneers Altair, Amstrad, Kaypro, and Osborne..."

• "[Gary's company] introduced operating systems with windowing capability and menu-driven user interfaces years before Apple and Microsoft... However, by the mid-1980s, in the struggle with the juggernaut created by the combined efforts of IBM and Microsoft, DRI had lost the basis of its operating systems business."

• "Gary sold the company to Novell Inc. of Provo, Utah, in 1991. Ultimately, Novell closed the California operation and, in 1996, disposed of the assets to Caldera, Inc., which used DRI intellectual property assets to prevail in a lawsuit against Microsoft."

This week the Register spoke to former senior White House cyber policy director A.J. Grotto — who complained it was hard to get even slight concessions from Microsoft: "If you go back to the SolarWinds episode from a few years ago ... [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default. [In the interview he calls it "an epic fight" which lasted 18 months."] [G]iven the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern.
He estimates that Microsoft makes 85% of U.S. government productivity software — and has an even greater share of their operating systems. "Microsoft in many ways has the government locked in, he says in the interview, "and so it's able to transfer a lot of these costs associated with the security breaches over to the federal government."

And about five minutes in, he says, point-blank, that "It's perfectly fair" to consider Microsoft a national security threat, given its dominance "not just within the federal government, but really in sort of the boarder IT marketplace. I think it's fair to say, yeah, that a systemic compromise that affects Microsoft and its products do rise to the level of a national security risk."

He'd like to see the government encourage more competition — to the point where public scrutiny prompts software customers to change their behavior, and creates a true market incentive for better performance...

Long-time Slashdot reader tippen shared this report from the Register: AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.

In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists — Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang — report that OpenAI's GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw. "To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description," the US-based authors explain in their paper. "When given the CVE description, GPT-4 is capable of exploiting 87 percent of these vulnerabilities compared to 0 percent for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit)...."

The researchers' work builds upon prior findings that LLMs can be used to automate attacks on websites in a sandboxed environment. GPT-4, said Daniel Kang, assistant professor at UIUC, in an email to The Register, "can actually autonomously carry out the steps to perform certain exploits that open-source vulnerability scanners cannot find (at the time of writing)."
The researchers wrote that "Our vulnerabilities span website vulnerabilities, container vulnerabilities, and vulnerable Python packages. Over half are categorized as 'high' or 'critical' severity by the CVE description...."

"Kang and his colleagues computed the cost to conduct a successful LLM agent attack and came up with a figure of $8.80 per exploit"

Remember when Apple filed a lawsuit against chip startup Rivos (saying that in one year Rivos hired more than 40 former Apple employees to work on competing system-on-a-chip technology)? Apple settled that suit in February.

And now Tuesday Rivos announced that it raised $250 million, according to Reuters, "in a funding round that will enable it to manufacture its first server chip geared for artificial intelligence," combining a CPU with an AI-accelerating component optimized for LLMs and data analytics. Nvidia gobbled up more than 80% market share of AI chips in 2023. But a host of startups and chip giants have started to launch competing products, such as Intel's Gaudi 3 and Meta's inference chip — both unveiled last week. Rivos is tight-lipped about the specifics of the product, but has disclosed that its plans include designing chips based on the RISC-V architecture, which is an open source alternative to the architectures made by Arm, Intel, and Advanced Micro Devices.. [U]sing the open source alternative means Rivos does not have to pay a license fee to Arm. "RISC-V doesn't have a (large) software ecosystem, so I decided to form a company and then build software-defined hardware — just like what CUDA did with Nvidia," said Lip-Bu Tan, founding managing partner at Walden Catalyst, one of Rivos' investors.
Meanwhile, there's a rumor that Allen Wu, former chief executive of Arm China, has founded a new company that will develop chips based on RISC-V. Tom's Hardware writes: Under the leadership of the controversial Allen Wu, Zhongzhi Chip is reportedly attracting a notable influx of talent, including numerous former employees of Arm, indicating the new company's serious ambitions in the chip sector... [T]he company's operational focus remains partially unclear, with speculation around whether it will primarily engage in its own R&D initiatives or represent Tenstorrent in China as its agent... which develops HPC CPUs and AI processors based on the RISC-V ISA... Based on the source report, Zhongzhi Chip is leveraging its connections and forming alliances with several other leading global RISC-V chip developers.

The co-founder of Silicon Valley-based software testing startup HeadSpin was sentenced Friday to 18 months in prison and a $1 million fine, reports SFGate — for defrauding investors. Lachwani pleaded guilty to two counts of wire fraud and a count of securities fraud in April 2023, after federal prosecutors accused him of, for years, lying to investors about HeadSpin's finances to raise more money. HeadSpin, founded in 2015, grew to a $1.1 billion valuation by 2020 with over $115 million in funding from investors including Google Ventures and Iconiq Capital... He had personally altered invoices, lied to the company accountant and sent slide decks with fraudulent information to investors, [according to the government's 2021 criminal complaint]...

Breyer, per the New York Times, rejected Lachwani's lawyer's argument that because HeadSpin investors didn't end up losing money, he should receive a light sentence. The judge, who often oversees tech industry cases, reportedly said: "If you win, there are no serious consequences — that simply can't be the law." Still, the sentencing was far lighter than it could have been. The government's prosecuting attorneys had asked for a five-year prison term.
The New York Times reported in December that HeadSpin's financial statements had "often arrived months late, if at all, investors said in legal declarations," while the company's financial department "consisted of one external accountant who worked mostly from home using QuickBooks." And the comnpany also had no human resources department or organizational chart... After Manish Lachwani founded the Silicon Valley software start-up HeadSpin in 2015, he inflated the company's revenue numbers by nearly fourfold and falsely claimed that firms including Apple and American Express were customers. He showed a profit where there were losses. He used HeadSpin's cash to make risky trades on tech stocks. And he created fake invoices to cover it all up.

What was especially breathtaking was how easily Mr. Lachwani, now 48, pulled all that off... [HeadSpin] had no chief financial officer, had no human resources department and was never audited. Mr. Lachwani used that lack of oversight to paint a rosier picture of HeadSpin's growth. Even though its main investors knew the start-up's financials were not accurate, according to Mr. Lachwani's lawyers, they chose to invest anyway, eventually propelling HeadSpin to a $1.1 billion valuation in 2020. When the investors pushed Mr. Lachwani to add a chief financial officer and share more details about the company's finances, he simply brushed them off. These details emerged this month in filings in U.S. District Court for the Northern District of California after Mr. Lachwani had pleaded guilty to three counts of fraud in April...

The absence of controls at HeadSpin is part of an increasingly noticeable pattern at Silicon Valley start-ups that have run into trouble. Over the past decade, investors in tech start-ups were so eager to back hot companies that many often overlooked reckless behavior and gave up key controls like board seats, all in the service of fast growth and disruption. Then when founders took the ethos of "fake it till you make it" too far, their investors were often unaware or helpless...

Now, amid a start-up shakeout, more frauds have started coming to light. The founder of the college aid company Frank has been charged, the internet connectivity start-up Cloudbrink has been sued, and the social media app IRL has been investigated and sued. Last month, Mike Rothenberg, a Silicon Valley investor, was found guilty on 21 counts of fraud and money laundering. On Monday, Trevor Milton, founder of the electric vehicle company Nikola, was sentenced to four years in prison for lying about Nikola's technological capabilities.
The Times points out that similarly, FTX only had a three-person board "with barely any influence over the company, tracked its finances on QuickBooks and used a small, little-known accounting firm." And that Theranos had no financial audits for six years.

Long-time Slashdot reader AmiMoJo shares an article from TechSpot: Zilog is retiring the Z80 after 48 years on the market. Originally developed as a project stemming from the Intel 8080, it eventually rose to become one of the most popular and widely used 8-bit CPUs in both gaming and general computing devices.

The iconic IC device, developed by Federico Faggin, will soon be phased out, and interested parties only have a few months left to place their orders before Zilog's manufacturing partner ends support for the technology... Federico Faggin, an Intel engineer, founded Zilog in 1974 after his work on the Intel 4004, the first 4-bit CPU. The Zilog Z80 was then released in July 1976, conceived as a software-compatible 'extension' and enhancement of the Intel 8080 processor.
Back in 1999 Slashdot was calling Zilog's updated eZ80 "one of the fastest 8-bit CPUs available today, executing code 4 times faster than a standard Z80 operating at the same clock speed."

Another headline, from 2001: Zilog To File For Chapter 11...

SiliconANGLE reports that to help organizations detect vulnerabilities earlier, Red Hat has "announced updates to its Trusted Software Supply Chain that enable organizations to shift security 'left' in the software supply chain." Red Hat announced Trusted Software Supply Chain in May 2023, pitching it as a way to address the rising threat of software supply chain attacks. The service secures software pipelines by verifying software origins, automating security processes and providing a secure catalog of verified open-source software packages. [Thursday's updates] are aimed at advancing the ability for customers to embed security into the software development life cycle, thereby increasing software integrity earlier in the supply chain while also adhering to industry regulations and compliance standards.

They start with a new tool called Red Hat Trust Artifact Signer. Based on the open-source Sigstore project [founded at Red Hat and now part of the Open Source Security Foundation], Trust Artifact Signer allows developers to sign and verify software artifacts cryptographically without managing centralized keys, to enhance trust in the software supply chain. The second new release, Red Hat Trusted Profile Analyzer, provides a central source for security documentation such as Software Bill of Materials and Vulnerability Exploitability Exchange. The tool simplifies vulnerability management by enabling proactive identification and minimization of security threats.

The final new release, Red Hat Trusted Application Pipeline, combines the capabilities of the Trusted Profile Analyzer and Trusted Artifact Signer with Red Hat's internal developer platform to provide integrated security-focused development templates. The feature aims to standardize and accelerate the adoption of secure development practices within organizations.
Specifically, Red Hat's announcement says organizations can use their new Trust Application Pipeline feature "to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations."

Ben Schoon reports via 9to5Google: Google's Arif Dikici confirmed on LinkedIn this week that Android is now using VideoLAN's (the makers of VLC) "dav1d" software decoder to allow AV1 to work on more devices. This is now available on all devices running Android 12 or higher via a software update. Mishaal Rahman points out that this started to roll out with the March 2024 Google Play system update.

Dikici says that "most" devices can at least support 720p at 30 frames per second, but that apps will need to opt in "for now" to support AV1 via software decoding. One app that has opted in is YouTube, which now uses AV1 on all compatible devices (though it may have reverted this). This may result in increased power usage depending on your device, though. Improvements on that front may be coming, though, says VideoLAN on Twitter/X.

A software glitch in the "ticket in, cash out" (TICO) machines at Star Casino in Sydney, Australia, saw it inadvertently give away $2.05 million over several weeks. This glitch allowed gamblers to reuse a receipt for slot machine winnings, leading to unwarranted cash payouts which went undetected due to systematic failures in oversight and audit processes. The Register reports: News of the giveaway emerged on Monday at an independent inquiry into the casino, which has had years of compliance troubles that led to a finding that its operators were unsuitable to hold a license. In testimony [PDF] given on Monday to the inquiry, casino manager Nicholas Weeks explained that it is possible to insert two receipts into TICO machines. That was a feature, not a bug, and allowed gamblers to redeem two receipts and be paid the aggregate amount. But a software glitch meant that the machines would return one of those tickets and allow it to be re-used -- the barcode it bore was not recognized as having been paid.

"What occurred was small additional amounts of cash were being provided to customers in circumstances when they shouldn't have received it because of that defect," Weeks told the inquiry. Local media reported that news of the free cash got around and 43 people used the TICO machines to withdraw money to which they were not entitled -- at least one of them a recovering gambling addict who fell off the wagon as the "free" money allowed them to fund their activities. Known abusers of the TICO machines have been charged, and one of those set to face the courts is accused of association with a criminal group. (The first inquiry into The Star, two years ago, found it may have been targeted by organized crime groups.)

Google CEO Sundar Pichai announced substantial internal reorganizations on Thursday, including the creation of a new team called "Platforms and Devices" that will oversee all of Google's Pixel products, all of Android, Chrome, ChromeOS, Photos, and more. From a report: The team will be run by Rick Osterloh, who was previously the SVP of devices and services, overseeing all of Google's hardware efforts. Hiroshi Lockheimer, the longtime head of Android, Chrome, and ChromeOS, will be taking on other projects inside of Google and Alphabet. This is a huge change for Google, and it likely won't be the last one. There's only one reason for all of it, Osterloh says: AI. "This is not a secret, right?" he says.

Consolidating teams "helps us to be able to do full-stack innovation when that's necessary," Osterloh says. He uses the example of the Pixel camera: "You had to have deep knowledge of the hardware systems, from the sensors to the ISPs, to all layers of the software stack. And, at the time, all the early HDR and ML models that were doing camera processing... and I think that hardware / software / AI integration really showed how AI could totally transform a user experience. That was important. And it's even more true today."

CNBC reports that nine Google workers were arrested on trespassing charges Tuesday night in protest of the company's $1.2 billion contract providing cloud computing services to the Israeli government. The sit-in happened at Google Cloud CEO Thomas Kurian's office in Sunnyvale and the 10th floor commons of Google's New York office. From the report: The arrests, which were livestreamed on Twitch by participants, follow rallies outside Google offices in New York, Sunnyvale and Seattle, which attracted hundreds of attendees, according to workers involved. [...] Protesters in Sunnyvale sat in Kurian's office for more than nine hours until their arrests, writing demands on Kurian's whiteboard and wearing shirts that read "Googler against genocide." In New York, protesters sat in a three-floor common space. Five workers from Sunnyvale and four from New York were arrested.

"On a personal level, I am opposed to Google taking any military contracts -- no matter which government they're with or what exactly the contract is about," Cheyne Anderson, a Google Cloud software engineer based in Washington, told CNBC. "And I hold that opinion because Google is an international company and no matter which military it's with, there are always going to be people on the receiving end... represented in Google's employee base and also our user base." Anderson had flown to Sunnyvale for the protest in Kurian's office and was one of the workers arrested Tuesday. "Google Cloud supports numerous governments around the world in countries where we operate, including the Israeli government, with our generally available cloud computing services," a Google spokesperson told CNBC, adding, "This work is not directed at highly sensitive, classified, or military workloads relevant to weapons or intelligence services."

AI's voracious need for computing power is threatening to overwhelm energy sources, requiring the industry to change its approach to the technology, according to Arm Chief Executive Officer Rene Haas. From a report: By 2030, the world's data centers are on course to use more electricity than India, the world's most populous country, Haas said. Finding ways to head off that projected tripling of energy use is paramount if artificial intelligence is going to achieve its promise, he said.

"We are still incredibly in the early days in terms of the capabilities," Haas said in an interview. For AI systems to get better, they will need more training -- a stage that involves bombarding the software with data -- and that's going to run up against the limits of energy capacity, he said.

An anonymous reader quotes a report from The Register: In a Monday post, Broadcom CEO Hock Tan restated his belief that VMware's portfolio was too complex, and too poorly integrated, for the virtualization giant to represent true competition for hyperscale clouds. Broadcom's injection of R&D cash, he insisted, will see VMware's flagship Cloud Foundation suite evolve to become more powerful and easy to operate. He also admitted that customers aren't enjoying the ride. "As we roll out this strategy, we continue to learn from our customers on how best to prepare them for success by ensuring they always have the transition time and support they need," he wrote. "In particular, the subscription pricing model does involve a change in the timing of customers' expenditures and the balance of those expenditures between capital and operating spending."

Customers also told Tan that "fast-moving change may require more time, so we have given support extensions to many customers who came up for renewal while these changes were rolling out." That's one of the changes -- Broadcom has previously not publicly suggested such extensions would be possible. "We have always been and remain ready to work with our customers on their specific concerns," Tan wrote. The other change is providing some ongoing security patches for VMware customers who persist with their perpetual licenses instead of shifting to Broadcom's subs. "We are announcing free access to zero-day security patches for supported versions of vSphere, and we'll add other VMware products over time," Tan wrote, describing the measure as aimed at ensuring that customers "whose maintenance and support contracts have expired and choose to not continue on one of our subscription offerings." The change means such customers "are able to use perpetual licenses in a safe and secure fashion."

An anonymous reader quotes a report from Wired: Dozens of Google employees began occupying company offices in New York City and Sunnyvale, California, on Tuesday in protest of the company's $1.2 billion contract providing cloud computing services to the Israeli government. The sit-in, organized by the activist group No Tech for Apartheid, is happening at Google Cloud CEO Thomas Kurian's office in Sunnyvale and the 10th floor commons of Google's New York office. The sit-in will be accompanied by outdoor protests at Google offices in New York, Sunnyvale, San Francisco, and Seattle beginning at 2 pm ET and 11 am PT. Tuesday's actions mark an escalation in a series of recent protests organized by tech workers who oppose their employer's relationship with the Israeli government, especially in light of Israel's ongoing assault on Gaza. Since Hamas killed about 1,100 Israelis on October 7, the IDF has killed more than 34,000 Palestinians.

Just over a dozen people gathered outside Google's offices in New York and Sunnyvale on Tuesday. Among those in New York was Google cloud software engineer Eddie Hatfield, who was fired days after disrupting Google Israel's managing director at March's Mind The Tech, a company-sponsored conference focused on the Israeli tech industry, in early March. Several hours into the sit-ins on Tuesday, Google security began to accuse the workers of "trespassing" and disrupting work, prompting several people to leave while others vowed to remain until they were forced out. The 2021 contract, known as Project Nimbus, involves Google and Amazon jointly providing cloud computing infrastructure and services across branches of the Israeli government. Last week, Time reported that Google's work on Project Nimbus involves providing direct services to the Israel Defense Forces. [...]

On March 4, more than600 other Googlers signed a petition opposing the company's sponsorship of the conference. After Hatfield was fired three days later, Google trust-and-safety-policy employee Vidana Abdel Khalek resigned from her position in opposition to Project Nimbus. Then, in late March, more than 300 Apple workers signed an open letter that alleged retaliation against workers who have expressed support for Palestinians, and urged company leadership to show public support for Palestinians. Hasan Ibraheem, a Google software engineer, is participating in the sit-in at his local Google office in New York. "This has really been a culmination of our efforts," he tells WIRED. Since joining No Tech for Apartheid in December, Ibraheem says, he has been participating in weekly "tabling" actions being held at Google office cafes in New York, Sunnyvale, San Francisco, and Mountain View, California. It involves holding a sign that says "Ask me about Project Nimbus" during lunch break, passing out flyers, and answering questions from coworkers. "It's actually shocking how many people at Google don't even know that this contract exists," Ibraheem says. "A lot of people who don't know about it, who then learn about it through us, are reasonably upset that this contract exists. They just didn't know that it existed beforehand."

Framework, the company known for designing and selling upgradeable, modular laptops, has struggled with providing up-to-date software for its products. Ars Technica's Andrew Cunningham spoke with CEO Nirav Patel to discuss how the company is working on fixing these issues. Longtime Slashdot reader snikulin shares the report: Driver bundles remain un-updated for years after their initial release. BIOS updates go through long and confusing beta processes, keeping users from getting feature improvements, bug fixes, and security updates. In its community support forums, Framework employees, including founder and CEO Nirav Patel, have acknowledged these issues and promised fixes but have remained inconsistent and vague about actual timelines. [...] Patel says Framework has taken steps to improve the update problem, but he admits that the team's initial approach -- supporting existing laptops while also trying to spin up firmware for upcoming launches -- wasn't working. "We started 12th-gen [Intel Framework Laptop] development, basically the 12th-gen team was also handling looking back at 11th-gen [Intel Framework Laptop] to do firmware updates there," Patel told Ars. "And it became clear, especially as we continued to add on more platforms, that just wasn't a sustainable path to proceed on."

Part of the issue is that Framework relies on external companies to put together firmware updates. Some components are provided by Intel, AMD, and other chip companies to all PC companies that use their chips. Others are provided by Insyde, which writes UEFI firmware for Framework and others. And some are handled by Compal, the contract manufacturer that actually produces Framework's systems and has also designed and sold systems for most of the big-name PC companies. As far back as August 2023, Patel has written that the plan is to work with Compal and Insyde to hire dedicated staff to provide better firmware support for Framework laptops. However, the benefits of this arrangement have been slow to reach users. "[Compal] started recruiting on their side towards the end of last year," Patel told Ars. "And now, just at the beginning of this year, we've been able to get that whole team into place and start onboarding them. And especially after Lunar New Year, which is in early February, that team is now up and running at full speed." The goal, Patel says, is to continuously cycle through all of Framework's actively supported laptops, updating each of them one at a time before looping back around and starting the process over again. Functionality-breaking problems and security fixes will take precedence, while additional features and user requests will be lower-priority. ... snikulin adds: "As a recent Framework 13/AMD owner, I can confirm that it does not sleep properly on a default Windows 11 install. When I close the lid in the evening, the battery is dead the next morning. It's interesting to hear from Linus Sebastian (LTT) on the topic because he is a stakeholder in Framework."