Al Capone™

https://www.tomshardware.com/pc-components/motherboards/logofail-exploit-bypasses-hardware-and-software-security-measures-and-is-nearly-impossible-to-detect-or-remove Computers running Windows or Linux are vulnerable to a new type of firmware attack called LogoFAIL, according to a report from Ars Technica. This attack has proven to be extremely effective because it rewrites the logo that typically appears when the system boots after a successful POST (hence the name, "LogoFAIL"), which is early enough that it can bypass security measures designed to prevent bootkit attacks. The issue affects any motherboards using UEFI provided by Independent BIOS Vendors (IBVs). IBVs such as AMI, Insyde, and Phoenix will need to release UEFI patches to motherboard companies. Because of the way LogoFAIL overwrites the boot-up logo in the UEFI, the exploit can be executed on any platform using Intel, AMD, or ARM running any Windows operating system or Linux kernel. It works because of the way the rewriteable boot logo is executed when the system turns on. It affects both DIY and prebuilt systems with certain functions kept open by default. Mode of Attack The exploit was discovered by researchers at Binarly, who published their findings. The attack occurs when the 'Driver Execution Environment' (DXE) phase is underway after a successful POST. The DXE is responsible for loading up boot and runtime services, initiating the CPU, chipset, and other components in a correct sequence for the boot process to proceed. LogoFAIL replaces the UEFI boot-up logo with the exploit, which then loads during the DXE phase. The researchers demonstrated its execution and exploit on an Intel 11th gen CPU-based Lenovo ThinkCentre M70s with Intel Secure Boot and Boot Guard enabled and the latest available UEFI update from June. Alex Matrodov, the founder and CEO of Binarly, highlighted that this issue exploits a newly discovered vulnerability in the image-parsing libraries that are used by the UEFI during the boot process. LogoFAIL exploits that vulnerability to bypass all security solutions implemented by the CPU, operating system, and any third-party security software. Since the exploit is not stored in the storage drive, the infection is impossible to eliminate, even after an OS reformat. This UEFI-level exploit can later install a bootkit without being stopped by any security layer from here onwards — making it very dangerous (and a very effective delivery mechanism). Many OEMs, such as Dell, do not allow their logos to be changed in the UEFI — and their image files are protected by Image Boot Guard; these systems are therefore immune to this exploit. Macs, whose hardware and software are developed in-house by Apple, have logo images hardcoded into the UEFI and are similarly protected. This is also the case for Macs running on Intel CPUs (hardcoded logo images), and so those Macs are also safe. If your system integrator does not allow for rewriting boot images in its BIOS, you should be fine. But for everyone else, this is an exploit that needs to be patched by both motherboard manufacturers and OEMs, as the research shows both are vulnerable. The only way to protect the image parsing in your system's UEFI is by installing a new UEFI security patch, which you'll need to get from your motherboard manufacturer or OEM (who will get it from the IBV). AMI, Insyde, and Lenovo, among others, have published advisories, but there's no complete list of affected companies — to see if your system is vulnerable, you'll need to check with your OEM/motherboard manufacturer.

@Josue.- Has been remove reason: Retirement.. @Desire-Has been remove reason: Retirement.. @Oskar™0 activity @[M]anuel0 activity

welcome to our team .

Video title: ¡Minecraft PERO es 1 BLOQUE ALEATORIO! 😲🌈💥 SILVIOGAMER MINECRAFT PERO Content creator ( Youtuber ) : SILVIOGAMER Official YT video:

Nick movie: Duro de entrenar Time: 2023 Netflix / Amazon / HBO: N/A Duration of the movie: - Trailer:

https://www.bbc.com/news/uk-politics-67587763 School closures in January 2021 could have been avoided if ministers had taken action earlier the previous autumn, Matt Hancock has said. The former health secretary told the Covid inquiry that avoiding a lockdown led to tougher measures later on. WhatsApp messages from October 2020 showed he was worried then-Chancellor Rishi Sunak was putting "pressure" on Boris Johnson "not to do enough again". He also accused local leaders of putting "politics over public health". The West Suffolk MP suggested that politicians in Greater Manchester such as the mayor, Andy Burnham, had been "actively unhelpful" when the government tried to put local restrictions in place. This was the inquiry's second day of hearing evidence from Mr Hancock, who was health secretary for the bulk of the pandemic. 'I'm still alive Mr Hancock', says former city mayor He was forced to resign in June 2021 after being caught breaching social distancing guidance by kissing his aide, Gina Coladangelo. Asked about the incident, he acknowledged it could have damaged public confidence in the rules. line More on Covid and the Covid Inquiry What is the UK Covid inquiry and how long will it take? How inquiry is exposing deep flaws in Covid decision-making The private WhatsApp messages from inside Downing Street What to do if you have Covid: Can you go to work or school? line Questions at the start of Friday's session focused on decisions made from September 2020, when Covid cases started to rise after a lull in the summer. WhatsApp messages from October 2020 show Mr Hancock asking civil service head Simon Case for information about a meeting, from which he claims he was "blocked". "Rishi is in the room... so the PM will be under enormous pressure to not do enough once again," he wrote. Mr Case responded: "Rishi has already resigned himself to the choice ahead... his only question (and a fair one) is about nonessential retail - where obviously we have no evidence of transmission. "He thinks better to do something in secondary schools (where we know transmission takes place) instead of closing all shops (where we know it doesn't seem to)." Speaking to the inquiry counsel, Hugo Keith KC, Mr Hancock rejected suggestions that there was a trade-off between health and economic considerations, saying: "If we don't lock down there will be more deaths and we will have to have a tougher lockdown in the future." "So on reflection and with hindsight if we had taken action sooner in September of 2020, then we might for instance have avoided the need to close schools, which in the end we had to because cases were so high by January." Mr Hancock added that, by January, the situation had become so serious that "every lever had to be pulled". There has been concern about the damaging effect of schools closures on children - particularly those from disadvantaged backgrounds. Earlier this year, MPs warned it could take 10 years for the gap between disadvantaged children and others to narrow to what it was before the pandemic. 'In despair' In mid-October 2020, in a bid to slow the spread of the virus, the government introduced the tier system, whereby different rules were implemented in areas depending on the local case numbers. In his statement to the inquiry, Mr Hancock said he was "in despair" when the policy was announced because he knew it "would not work". He argued that was because the toughest restrictions were not strong enough, but also because negotiations with local leaders had led to delay and confusion. He had praise for Joe Anderson, who was Liverpool mayor at the time, saying they were able to work together to put in place an "effective" package of support. However, he raised eyebrows when he said Mr Anderson was "sadly, no longer with us", despite the fact the former mayor is still alive. Mr Anderson responded by posting a message on social media: "Just took my pulse and I seem to still be here and I feel ok." Andy Burnham gave evidence to the inquiry earlier in the week Comparing Mr Anderson to other local leaders, Mr Hancock, said they were "not so constructive and in some cases actively unhelpful". Mr Keith KC asked if that is what former Chief Scientific Adviser Sir Patrick Vallance was referring to when, in his diaries, he mentioned "difficult negotiations in Manchester". Mr Hancock said it was and stressed that his comments related to the local leadership, adding "I have got no beef with the fine city of Manchester." Greater Manchester was placed into tier three restrictions on 20 October, meaning pubs and bars had to close and household mixing was restricted. The decision triggered a row between Mr Burnham and the government over how much financial support should be provided for the area. Responding to the criticism, Mr Burnham said: "That may be Mr Hancock's opinion, but he's wrong. "The mayor and 10 leaders in Greater Manchester, including a Conservative leader, spent many hours trying to negotiate a deal with the government... it would not have been right to place further restrictions on the residents of Greater Manchester without the financial package to support them." 'Therapy sessions' Mr Hancock also said the way then-First Minister of Scotland Nicola Sturgeon communicated UK-wide decisions was "unhelpful and confusing" and "undermined" the response to Covid. Welsh ministers' Covid powers illogical - Hancock The inquiry was shown messages in which Mr Hancock said he wanted to make a particular announcement as soon as possible, saying: "It will leak anyway - and the Scots will try to get their announcement out first." He told the inquiry: "Sometimes, [she] would leave a meeting and begin communication of a decision, for instance, sooner than agreed." He said he had a good relationship with health ministers in Wales, Scotland and Northern Ireland and compared their meetings to "therapy sessions". Ms Sturgeon appeared at the inquiry in June this year but is expected to make further appearances, with public hearings continuing until 2026. Boris Johnson and Rishi Sunak are expected to give evidence to the inquiry before the end of the year.

https://www.bbc.com/news/uk-scotland-south-scotland-65425033 The disappearance of a golden eagle in the Borders is a blow to efforts to boost numbers in southern Scotland. Over the past five years, a project has been ongoing from a base near Moffat to increase levels in the area. Police are treating the latest incident - between Heriot and Stow - as suspicious and have vowed to protect the "magnificent birds". Eagle numbers are at their highest level in centuries - but the scheme has not been without its setbacks. Prior to the release of the chicks only two to four breeding pairs remained in the south of Scotland The first chicks from the South of Scotland Golden Eagle Project (SSGEP) were released in the area in August 2018 more than a decade after the idea was initially hatched. They had been brought to a secret location in the Moffat Hills from the Highlands. Watch a golden eagle being released into the wild Golden eagle project lands ecology award At the time, there were between two and four breeding pairs in the south of Scotland. Cat Barlow, project manager, described it as a "very significant" moment. "We are trying to boost the dwindling po[CENSORED]tion and make sure that we are seeing a bird that should be here in the skies of the south of Scotland," she said. SNH said the attack by one bird on another in 2019 was "extremely surprising" The project was just a year old when one bird apparently attacked another, causing its death. Scotland's natural heritage agency NatureScot said the incident was "distressing and extremely surprising" and was behaviour it had "not observed before". A female bird released in 2018 appeared to have turned on a male bird introduced the following year. The eagle, named Beaky, had returned to its release site and was witnessed being "aggressive and domineering" towards three birds. However, NatureScot said it remained determined to see the project achieve its goals. The po[CENSORED]tion of golden eagles had nearly doubled three years into the scheme Despite the loss of one of the young golden eagles, more were brought from the Highlands and by August 2021 eight more chicks had been successfully moved south. It took the total number relocated to 12 and nearly doubled the local po[CENSORED]tion in the space of three years. The project had suffered some delays due to Covid but it said it was "absolutely amazing" to see so many birds "soaring majestically" across south of Scotland skies. NatureScot chief executive Francesca Osowska described the scheme as a "vital part" of efforts to reverse biodiversity loss and combat the climate emergency. The golden eagle po[CENSORED]tion in the area is now believed to be at its highest level in centuries Earlier this year, the number of golden eagles in southern Scotland had hit its highest recorded level in centuries with the po[CENSORED]tion reaching nearly 50. Although the project began by bringing chicks, it has started to introduce older birds making it the first scheme in the UK to move golden eagles aged between six months and three years from one part of the country to another. Ms Barlow said the success of moving the older eagles would be monitored closely by similar projects. Meanwhile, thousands of people had got involved in the SSGEP through a range of initiatives and a festival celebrating the golden eagle has also been staged in Moffat. A wind farm was scaled back in size in the area amid concerns over its impact on the eagles Plans for a major wind farm near Moffat were scaled back in January this year amid concerns they could have an impact on the golden eagles. Community Windpower initially wanted to build 75 turbines at Scoop Hill but cut that back to 60 following consultation. The RSPB objected to the original proposals due to concerns about the collision risk and habitat loss for the birds. The company said it hoped the changes being proposed could address those issues. No definitive cause for Sula's death was found after thorough tests When a bird was found dead on a south of Scotland estate in February this year it prompted a lengthy investigation into the cause with concerns it could have been poisoned or have been a victim of avian flu. Both of those were ruled out and it was concluded the bird - named Sula - had been "very fit" prior to its death. The SSGEP said it showed that golden eagles, like any species, could die suddenly for a variety of reasons - including natural causes. However, it said the survival rate in southern Scotland remained high and it hoped that would continue in the years to come. The death of one bird has now been followed by the disappearance of another. The female eagle - Merrick - was last seen in the Borders on 12 October in an area between Heriot and Stow. Police believe she has come to harm and are investigating the circumstances. The golden eagle project - and all its partner organisations - have vowed to keep up their efforts to boost golden eagle numbers in the area despite the setback.

https://www.bbc.com/sport/football/67577192 Ella Toone scored a late winner for England as they came from two goals down to beat the Netherlands in a crucial Women's Nations League tie, keeping alive Team GB's hopes of qualifying for the Olympic Games. The World Cup runners-up were 2-0 down after 35 minutes when Lineth Beerensteyn punished defensive errors and took advantage of a passive midfield to score twice for the Netherlands. But England responded through Georgia Stanway and Lauren Hemp, who netted within two minutes of each other in the second half, before Toone fired in a dramatic late goal and received a roar of celebration from supporters at Wembley Stadium. On a stage that has produced so many successful moments for the Lionesses, Sarina Wiegman's side did just enough to edge past a Netherlands team who had outwitted them before the break. On a bitterly cold evening at Wembley, the Lionesses knew only victory would be enough to keep alive Team GB's hopes of competing in Paris. As the nominated nation to qualify on behalf of Team GB, England need to win their Nations League group and reach the final - or finish third if Olympic hosts France make the final - in order to secure a place. But having already suffered defeats by Belgium and the Netherlands in the competition, England's hopes were in major doubt and nothing short of victory against Andries Jonker's side would have been enough at Wembley. Euro 2022 stars Beth Mead, Alessia Russo and Toone all came off the bench to help inspire a comeback and it was the Manchester United midfielder, who scored the opening goal in that European success at Wembley, who delivered the goods again. England will qualify for the semi-finals if they beat Scotland on Tuesday and the Netherlands drop points in their final match with Belgium. However, even if the Netherlands beat Belgium at home, England could still go through if they defeat the Scots by a sufficiently large scoreline to take their goal difference above the Dutch. There had been concern about England's form for several months with criticism even coming during their World Cup campaign, which ended in defeat by Spain in August's showpiece. With just two wins in their previous five matches - having lost only once in their first 30 games under Wiegman - pressure was on England to perform. Their first-half display was nowhere near good enough and they were duly punished by Beerensteyn's ruthlessness, with Wiegman also paying for some questionable team selections. Lauren Hemp, making her 50th appearance for the Lionesses, was preferred in central attack over mainstay Russo, while Chelsea centre-back Jess Carter was the chosen replacement for injured club team-mate Millie Bright. But England were all over the place for the majority of the opening 45 minutes as gaps broke in defence. The Netherlands were able to carve through the midfield and England's forwards could not get into the game. Goalkeeper Mary Earps, wearing the armband in Bright's absence, was at fault for Beerensteyn's second goal as she allowed the ball to squeeze between her hands at the near post, after the Dutch striker had got the better of Carter and Lucy Bronze for her opener. However, a much-needed half-time break seemed to mark a reset for England and Stanway was unmarked in the box when she headed in Lauren James' curling cross, before Hemp's low strike beat goalkeeper Daphne van Domselaar to make it 2-2. Wiegman's wildcards - her substitutions - were all used, including a return for winger Mead for the first time in a year, and it eventually paid off with Toone's driven strike nestling into the far corner with minutes remaining. England's job is still not complete but qualification is in their hands as they travel to Scotland for their final group match on Tuesday at Hampden Park.

https://www.bbc.com/news/world-europe-67587331 Ukrainian President Volodymyr Zelensky has said defences must be quickly beefed up across the front line, after meeting commanders in some of the main pressure points in the south and east. "In all major sectors where reinforcement is needed, [we must] speed up building of structures," he said in his nightly address. Russian forces are trying to encircle the eastern town of Avdiivka. And they are targeting the southern regions of Kherson and Zaporizhzhia. Overnight Ukraine's air force said it had shot down 18 out of 25 Russian drones and one of two cruise missiles. With temperatures falling below freezing and Ukraine cloaked with snow, President Zelensky has said "winter as a whole is a new phase of war". The Ukrainian leader said "maximum attention" would be paid to eastern towns coming under fire in the Donetsk region as well as a key defensive line in the north-east between Kupyansk and Lyman. He also included the region around the capital Kyiv where fortifications would be bolstered. President Zelensky's emphasis on strengthening defensive lines may lend weight to fears of an increasingly "frozen" conflict, despite some continued fierce fighting. Ukraine counter-offensive since the summer is widely viewed as having failed to quickly deliver hoped-for gains. Frontline morale on both sides will hinge to some extent on how well soldiers are equipped to cope with these colder months. The military said 20 attacks had been repelled near Avdiivka alone and villages had come under attack around Bakhmut. Map showing the south of Ukraine and town of Avdiivka The industrial hub of Avdiivka has been almost encircled in recent weeks by Russian forces, who now control areas to the north and south, as well as the east of the town. Dmytro Lazutkin, the spokesman for Ukraine's 47th Mechanised Brigade said the situation had become constantly difficult. One community to the north-west of Avdiivka, Stepove, was coming under repeated attack, and Russia was sending significant forces in a bid to seize a nearby coke plant just outside Avdiivka. "Without taking the coke plant, they can only dream about [capturing] Avdiivka... I'm not convinced they have such power to do that, although very many of them are concentrated there," he told Ukraine's public broadcaster. In the south-east as well, Russian forces have sought to regain areas lost during Ukraine's counter-offensive around Robotyne, according to Ukrainian officials, who say they are managing to maintain positions they recaptured recently on the east bank of the River Dnipro. Mr Zelensky said Ukraine was not backing down after its summer operations, although he was unhappy with the extent of casualties. "We are losing people, I'm not satisfied. We didn't get all the weapons we wanted, I can't be satisfied," he told the Associated Press. Ukraine forces regained a foothold the village of Krynky last month after they crossed the Dnipro, and have since come under relentless Russian attack. Russia's defence ministry has meanwhile said its navy repelled a Ukrainian naval attack on occupied Crimea via the Black Sea. Part of the peninsula, seized and then annexed by Russia in 2014, was placed under a state of emergency this week after a storm left five people dead. Coastal areas were worst hit, according to Russian-appointed leader Sergei Aksyonov.

https://www.gadgets360.com/games/news/xbox-game-pass-december-2023-games-far-cry-6-remnant-2-rise-of-tomb-raider-pc-xbox-series-one-4625289 Xbox Game Pass is adding 12 new titles to its December catalogue, including two day-one releases. The standout here has to be the Remnant franchise — both From the Ashes and its newly launched sequel Remnant II, celebrated for its souls-like shooter experience that pits players against tough-as-nails fantastical monsters, across procedurally-generated levels. Its challenges can also be tackled in co-op, so it's best advised that you check out the sequel because it will have a larger active player base. Another major addition this month is Far Cry 6, setting you against the vibrant tropical island of Yara to topple its ruthless dictator Antón Castillo (Giancarlo Esposito), who is hellbent on using the Viviro, an unstable form of cancer treatment, to restore his land to former glory. It arrives December 14 on Xbox Game Pass. The December lineup feels too good to be true, but makes sense given the Christmas season, as a means for Xbox to get more people to subscribe to Game Pass. Rise of the Tomb Raider is another major entry, putting you in the shoes of lone adventurer Lara Croft, who is thrust into a sprawling mystery surrounding The Order of Trinity looking to acquire ancient artefacts that would grant them the power to change the fate of humanity. Taking players to the Lost City of Kitezh in Siberia, this is the second story in a three-part reboot trilogy from Crystal Dynamics, borrowing a range of mechanics from Naughty Dogs Uncharted games in terms of ammo pick-up and a robust close-quarters combat system. Rise of the Tomb Raider will be out December 5 across PC, console, and the cloud. Let your creativity run wild as you construct a mining town punctuated by cutesy little roads and settlements, with enough power water, and resources to ensure your steampunk civilians are well-equipped to excavate long-lost space technology — the kind that might help save the barren, dying planet. SteamWorld Build is a day-one launch on Xbox Game Pass and is now available to download for free on PC and console. Experience the life of a village blacksmith in While the Iron's Hot, a pixelated RPG set on the enigmatic island of Ellian, which drew countless craftsmen together in order to perfect their craft. Explore every tunnel, forge new machinery to get past puzzles, and interact with its colourful cast to unveil the mystery surrounding a recent disaster. The game is now available on cloud, console, and PC. Or you could engage in some co-op zombie-killing action in World War Z: Aftermath, as thousands of undead hordes leap across rooftops to deliver high-tension challenges, as you stock up on ammunition and makeshift weapons to blast skulls, all the while being granted the responsibility of escorting civilians to safety. While it is based on the Brad Pitt-led Paramount Pictures film, the game was well-received at launch and promises to be a jolly good time when it comes to Game Pass on December 5. After all that gory beatdown, one might need to relax a little. So why not turn into an annoying farm animal, and wreak havoc on a sandbox town in Goat Simulator 3, as you headbutt, lick, and triple-jump your way through?

https://techxplore.com/news/2023-12-boosting-faith-authenticity-source-software.html Open source software—software that is freely distributed, along with its source code, so that copies, additions, or modifications can be readily made —is "everywhere," to quote the 2023 Open Source Security and Risk Analysis Report. Of the computer programs used by major industries, 96% include open source software, and 76% of those programs consists of open source software. But the percentage of software packages "containing security vulnerabilities remains troublingly high," the report warned. One concern is that "the software you've gotten from what you believe to be a reliable developer has somehow been compromised," says Kelsey Merrill, a software engineer who received a master's degree earlier this year from MIT's Department of Electrical Engineering and Computer Science. "Suppose that somewhere in the supply chain, the software has been changed by an attacker who has malicious intent." The risk of a security breach of this sort is by no means abstract. In 2020, to take a notorious example, the Texas company SolarWinds made a software update to its widely used program called Orion. Hackers broke into the system, inserting pernicious code into the software before SolarWinds shipped the latest version of Orion to more than 18,000 customers, including Microsoft, Intel, and roughly 100 other companies, as well as a dozen U.S. government agencies—including the Departments of State, Defense, Treasury, Commerce, and Homeland Security. In this case, the product that was corrupted came from a large commercial company, but lapses may be even more likely to occur in the open source realm, Merrill says, "where people of varying backgrounds—many of whom are hobbyists without any security training—can publish software that gets used around the world." She and three collaborators—her former advisor Karen Sollins, a Principal Scientist at the MIT Computer Science and Artificial Intelligence Laboratory; Santiago Torres-Arias, an assistant professor of computer science at Purdue University; and Zachary Newman, a former MIT graduate student and current research scientist at Chainguard Labs—have developed a new system called Speranza, which is aimed at reassuring software consumers that the product they are getting has not been tampered with and is coming directly from a source they trust. The paper is published on the arXiv preprint server. "What we have done," explains Sollins, "is to develop, prove correct, and demonstrate the viability of an approach that allows the [software] maintainers to remain anonymous." Preserving anonymity is obviously important, given that almost everyone—software developers included—value their confidentiality. This new approach, Sollins adds, "simultaneously allows [software] users to have confidence that the maintainers are, in fact, legitimate maintainers and, furthermore, that the code being downloaded is, in fact, the correct code of that maintainer." So how can users confirm the genuineness of a software package in order to guarantee, as Merrill puts it, "that the maintainers are who they say they are?" The classical way of doing this, which was invented more than 40 years ago, is by means of a digital signature, which is analogous to a handwritten signature—albeit with far greater built-in security through the use of various cryptographic techniques. To carry out a digital signature, two "keys" are generated at the same time—each of which is a number, composed of zeros and ones, that is 256 digits long. One key is designated "private," the other "public," but they constitute a pair that is mathematically linked. A software developer can use their private key, along with the contents of the document or computer program, to generate a digital signature that is attached exclusively to that document or program. A software user can then use the public key—as well as the developer's signature, plus the contents of the package they downloaded—to verify the package's authenticity. Validation comes in the form of a yes or a no, a 1 or a zero. "Getting a 1 means that the authenticity has been assured," Merrill explains. "The document is the same as when it was signed and is hence unchanged. A 0 means something is amiss, and you may not want to rely on that document." Although this decades-old approach is tried-and-true in a sense, it is far from perfect. One problem, Merrill notes, "is that people are bad at managing cryptographic keys, which consist of very long numbers, in a way that is secure and prevents them from getting lost." People lose their passwords all the time, Merrill says. "And if a software developer were to lose the private key and then contact a user saying, 'Hey, I have a new key,' how would you know who that really is?" To address those concerns, Speranza is building off of "Sigstore"—a system introduced last year to enhance the security of the software supply chain. Sigstore was developed by Newman (who instigated the Speranza project) and Torres-Arias, along with John Speed Meyers of Chainguard Labs. Sigstore automates and streamlines the digital signing process. Users no longer have to manage long cryptographic keys but are instead issued ephemeral keys (an approach called "keyless signing") that expire quickly—perhaps within a matter of minutes—and therefore don't have to be stored. A drawback with Sigstore stems from the fact that it dispensed with long-lasting public keys, so that software maintainers instead have to identify themselves—through a protocol called OpenID Connect (OIDC)—in a way that can be linked to their email addresses. That feature, alone, may inhibit the widespread adoption of Sigstore, and it served as the motivating factor behind—and the raison d'etre for—Speranza. "We take Sigstore's basic infrastructure and change it to provide privacy guarantees," Merrill explains. With Speranza, privacy is achieved through an original idea that she and her collaborators call "identity co-commitments." Here, in simple terms, is how the idea works: A software developer's identity, in the form of an email address, is converted into a so-called "commitment" that consists of a big pseudorandom number. (A pseudorandom number does not meet the technical definition of "random" but, practically speaking, is about as good as random.) Meanwhile, another big pseudorandom number—the accompanying commitment (or co-commitment)—is generated that is associated with a software package that this developer either created or was granted permission to modify. In order to demonstrate to a prospective user of a particular software package as to who created this version of the package and signed it, the authorized developer would publish a proof that establishes an unequivocal link between the commitment that represents their identity and the commitment attached to the software product. The proof that is carried out is of a special type, called a zero-knowledge proof, which is a way of showing, for instance, that two things have a common bound, without divulging details as to what those things—such as the developer's email address—actually are. "Speranza ensures that software comes from the correct source without requiring developers to reveal personal information like their email addresses," comments Marina Moore, a Ph.D. candidate at the New York University Center for Cyber Security. "It allows verifiers to see that the same developer signed a package several times without revealing who the developer is or even other packages that they work on. This provides a usability improvement over long-term signing keys, and a privacy benefit over other OIDC-based solutions like Sigstore." Marcela Mellara, a research scientist in the Security and Privacy Research group at Intel Labs, agrees. "This approach has the advantage of allowing software consumers to automatically verify that the package they obtain from a Speranza-enabled repository originated from an expected maintainer, and gain trust that the software they are using is authentic."

https://www.tomshardware.com/software/windows/windows-12-will-be-launched-with-a-raft-of-ai-pcs-in-june-2024-according-to-taiwans-commercial-times Microsoft will launch Windows 12 in June 2024, claims a report published by the Commercial Times today. The business-focused Taiwanese newspaper highlighted this date as very important to the island’s PC industry sector, sparking significant sales of a new wave of AI PCs. Leading industry figures from companies like Acer, Quanta, MSI, and Gigabyte were all said to be very excited about “the first year of AI PC” and the business opportunities it will herald. Though the Commercial Times report leads with its statement about Windows 12 and the purported June release date, no direct quotes from industry leaders are given in support. It implies the information emanated from recent statements by Acer Chairman and CEO Jason Chen and/or Quanta Chairman Barry Lam. Both of these important executives from the world of PCs were at the Taiwan Medical Technology Exhibition in Taipei on Thursday. Acer’s Chen was reportedly cautiously optimistic about AI PCs contributing to "continuously accelerate” the industry through a virtuous cycle of AI PCs, new AI app development, new AI PCs, and so on. Quanta’s Lam was more bullish. He highlighted an expected upturn across three segments for Quanta - AI PC, AI server, and AI automotive electronics. The Commercial Times adds that Lam expects “next summer, when Microsoft launches a new generation of Windows operating systems, AI PCs will also be launched one after another.” However, that doesn't appear to be a direct quote from Mr Lam. Intel Meteor Lake If the June 2024 launch of Windows 12 happens, it will be earlier than a few previous clues have indicated. In March, we reported on an Intel Meteor Lake desktop processor (MTL-S) leak, where the as-yet-unreleased Windows version was apparently listed as a supported operating system. At the time, we pondered over Windows 12 being likely to launch in H2 2024, given its recently adopted three-year cycle. Also, in May, we reported that Microsoft was preparing a new own-branded (Arm?) CPU for Windows 12 devices. AMD Ryzen 7040U Intel Meteor Lake chips will be important to the mass adoption of accelerated AI due to dedicated processing hardware on all SoCs in this family. Meanwhile, hardware AI acceleration on the latest AMD Ryzen 7000 family offers is less clear-cut. Only Ryzen mobile 7040 ‘Phoenix’ chips have the XDNA architecture hardware to accelerate local AI processing. This will hopefully change, as there are signs of Phoenix coming to desktop, and of the Ryzen 8000 family chips on the way to mobile in the coming months. All this raises the specter that hardware AI processing support could be one of the minimum spec requirements for Windows 12.

voted

https://www.gadgets360.com/apps/news/elon-musk-x-could-lose-nearly-usd-75-million-in-ad-revenue-by-year-end-report-4606257 Elon Musk-owned social media company X could lose as much as $75 million (nearly Rs. 625 crore) in advertising revenue by the end of the year as dozens of major brands pause their marketing campaigns, the New York Times reported on Friday. Musk backing an antisemitic post on the platform last week has led several companies including Walt Disney and Warner Bros. Discovery to pause their advertisements on the site formerly called Twitter. X has struck back and sued media watchdog group Media Matters, alleging the organization defamed the platform with a report that said ads for major brands including Apple and Oracle had appeared next to posts touting Adolf Hitler and the Nazi party. Internal documents viewed by The New York Times this week list more than 200 ad units of companies from the likes of Airbnb, Amazon, Coca-Cola and Microsoft, many of which have halted or are considering pausing their ads on the social network, the report said. X said on Friday $11 million (nearly Rs. 92 crore) in revenue was at risk and the exact figure fluctuated as some advertisers returned to the platform and others increased spending, according to the report. The company did not immediately respond to a Reuters request for comment. Advertisers have fled X since Musk bought it in October 2022 and reduced content moderation, resulting in a sharp rise in hate speech on the site, according to civil rights groups. The platform's US ad revenue has declined at least 55 percent year-over-year each month since Musk's takeover, Reuters previously reported.

https://techxplore.com/news/2023-11-digital-winglets-real-time-flight-paths.html Before airplanes even reach the runway, pilots must file a plan to inform air traffic controllers where they're going and the path they are going to take. When planes are in the air, however, that plan often changes. From turbulence causing passenger discomfort and additional fuel use to unexpected weather patterns blocking the original path, pilots have to think on the fly and inform air traffic controllers of any modifications to their routes. In the past, these changes would have to happen suddenly and with little lead time. But as airplanes have become more digitally connected, the flying machines can take advantage of the additional data they receive, and a NASA-developed technology can help pilots find the best path every time. NASA has explored methods to improve aircraft efficiency since its inception. Among the agency's most famous contributions are winglets, upturned vertical flanges at the ends of airplane wings that eliminate turbulence at the wingtip and significantly save fuel. Fuel efficiency is critical to future aircraft development, as it not only improves performance and the weight it can carry but also reduces the amount of greenhouse gases released into the atmosphere. David Wing, principal researcher of air traffic management at NASA's Langley Research Center in Hampton, Virginia, develops advanced autonomy systems for aircraft, allowing operators to directly manage flight paths in crowded skies. He noticed some of the same technology used for safe routing could also optimize routes for flights already in the air. Allowing pilots to identify a better path as soon as it's available could save time and money. "Air traffic control is there to keep the aircraft safely separated from other aircraft," said Wing. "So, the trick is, when you need to change your routing, what route do you ask for, and how much will it save you?" Under Wing's lead, NASA developed Traffic-Aware Strategic Aircrew Requests (TASAR), a piece of software pilots and ground operations teams can use to find better routes in transit. TASAR uses a genetic algorithm, a machine learning system that finds the optimal answer by pitting hundreds of route changes against each other and seeing which one comes out on top. TASAR takes a map of the area and draws hundreds of lines radiating from the airplane. These lines represent potential routes the plane could take. The software whittles down every route it generates, avoiding ones that stray into no-fly zones or dangerous weather systems or get too close to other aircraft until it's found the most efficient route the airplane can take. Then, it's up to the pilot to take the computer's advice. Information is constantly updated using sensors on the airplane and connections to ground-based services, which TASAR takes into account. "The algorithms had been tested and matured already for many years in our research, so they were in pretty good shape," Wing said. "But we had to connect this system to a real aircraft, which meant that we needed to be able to access data from the onboard avionics." In this screenshot of the APiJET Digital Winglets software based on NASA technology, a route is plotted along navigational waypoints, presenting three options that would save fuel and time based on real-time information. Credit: APiJET LLC On NASA test flights, the software worked perfectly, but for TASAR to break into more flights, commercial planes needed to be able to access large amounts of data. As it turned out, a solution was close at hand. The company iJET originally built components that could keep planes connected to the latest information available on the ground, which often wasn't available in the sky. After developing better antennas, the company soon began working on a new integrated computer system for airplanes to collect data and stay connected to ground-based information sources. When looking for a "killer app" for the system, the company discovered TASAR. "We saw that NASA was getting to the conclusion of this work, and we took a business decision to pick up the baton," said Rob Green, CEO of the company. After being acquired by another company called Aviation Partners, the Seattle-based company was renamed APiJET in 2018 and became the first company to license TASAR from NASA. APiJET proceeded to tie the software to the in-flight computer system. The company's version of TASAR is called Digital Winglets, named after the NASA invention. The app runs on electronic flight bags, computer devices approved for use in flight operations by the Federal Aviation Administration, most commonly Apple iPads. Green said there are no plans to integrate it directly into a cockpit instrument panel because updating an app is easier. In testing with Alaska Airlines, Green said the program saved 2% on fuel, working out to approximately 28,000 pounds of fuel per hundred flights. "Two percent may not sound like much, but little savings can really add up at airline scale," Green said. Several more airlines have tested the technology, and Frontier Airlines is currently field testing for a potential deployment of Digital Winglets across its fleet. APiJET still keeps in touch with the developers at NASA to further research TASAR's benefits and build out its commercial capabilities. "Everybody that worked on TASAR at NASA should be really proud of their direct impact on fuel savings and carbon reduction," Green said. "It's a lot to wrap your head around, but it works."

https://www.tomshardware.com/news/wd-18tb-easystore-external-hard-drive-hdd-cyber-monday-deal If you're looking for a massive storage volume and aren't concerned about the fastest performance, or if you're willing to take a bit of a risk and "shuck" the drive, this WD Easystore 18TB hard drive deal is for you — Best Buy has the 18TB drive on sale for a mere $199 for Cyber Monday. That's half the normal pricing and works out to a mere penny for each gigabyte of storage. It's even $10 less than the smaller 16TB model, making this a fantastic deal. This drive is particularly po[CENSORED]r for those who "shuck" drives. This process involves popping the case apart to remove the underlying 18TB HDD and then installing it in a PC or NAS, just like a normal drive. This tactic takes advantage of the lower pricing of external HDDs — which are significantly less expensive than drives designed for PCs and NAS — to score a drive to use inside a PC or NAS (there are a multitude of guides online that detail how to accomplish this feat). If you aren't familiar with the practice, you probably shouldn't do it, as it voids your warranty. Regardless, this is a po[CENSORED]r use case for this specific model. For those looking for the traditional use case of employing this drive for backup or archival data, this external 18TB HDD attaches to your system via a USB 3.0 interface with a Micro-USB Type B connector, so you should keep your performance expectations in check — WD doesn't list a performance rating because you'll be limited by the speed of the 5Gb/s USB cable. The enclosure comes with an AC adaptor to power the enclosure. Again, popping the drive out of its enclosure will void the two-year warranty that comes standard with the device, so proceed at your own risk. With most external drive enclosures, you can find out which drive the vendor uses, but WD uses white-label drives of varying types for this enclosure, so there's no real telling what lies beneath the sleek black enclosure. These drives are known to come in both 5,400- and 7,200-RPM flavors, which is only important if you shuck the device, but there is a bit of lottery involved to get the faster variant. For more savings, check out our up-to-the-minute Black Friday tech deals live blog. There, you'll find the latest deal news and buying advice from our editors all day and night. For even more savings, see our lists of the best Black Friday SSD deals, Black Friday GPU deals, Black Friday CPU deals, Black Friday gaming laptop deals, Black Friday monitor deals, Black Friday 3D printer deals, and Black Friday PC hardware deals overall.