"Microsoft buys a lot of GPUs from both Nvidia and AMD," writes the Register. "But moving forward, Redmond's leaders want to shift the majority of its AI workloads from GPUs to its own homegrown accelerators..." Driving the transition is a focus on performance per dollar, which for a hyperscale cloud provider is arguably the only metric that really matters. Speaking during a fireside chat moderated by CNBC on Wednesday, Microsoft CTO Kevin Scott said that up to this point, Nvidia has offered the best price-performance, but he's willing to entertain anything in order to meet demand.

Going forward, Scott suggested Microsoft hopes to use its homegrown chips for the majority of its datacenter workloads. When asked, "Is the longer term idea to have mainly Microsoft silicon in the data center?" Scott responded, "Yeah, absolutely...

Microsoft is reportedly in the process of bringing a second-generation Maia accelerator to market next year that will no doubt offer more competitive compute, memory, and interconnect performance... It should be noted that AI accelerators aren't the only custom chips Microsoft has been working on. Redmond also has its own CPU called Cobalt and a whole host of platform security silicon designed to accelerate cryptography and safeguard key exchanges across its vast datacenter domains.

An anonymous reader quotes a report from Ars Technica: As we careen toward a future in which Google has final say over what apps you can run, the company has sought to assuage the community's fears with a blog post and a casual "backstage" video. Google has said again and again since announcing the change that sideloading isn't going anywhere, but it's definitely not going to be as easy. The new information confirms app installs will be more reliant on the cloud, and devs can expect new fees, but there will be an escape hatch for hobbyists.

Confirming app verification status will be the job of a new system component called the Android Developer Verifier, which will be rolled out to devices in the next major release of Android 16. Google explains that phones must ensure each app has a package name and signing keys that have been registered with Google at the time of installation. This process may break the popular FOSS storefront F-Droid. It would be impossible for your phone to carry a database of all verified apps, so this process may require Internet access. Google plans to have a local cache of the most common sideloaded apps on devices, but for anything else, an Internet connection is required. Google suggests alternative app stores will be able to use a pre-auth token to bypass network calls, but it's still deciding how that will work.

The financial arrangement has been murky since the initial announcement, but it's getting clearer. Even though Google's largely automated verification process has been described as simple, it's still going to cost developers money. The verification process will mirror the current Google Play registration fee of $25, which Google claims will go to cover administrative costs. So anyone wishing to distribute an app on Android outside of Google's ecosystem has to pay Google to do so. What if you don't need to distribute apps widely? This is the one piece of good news as developer verification takes shape. Google will let hobbyists and students sign up with only an email for a lesser tier of verification. This won't cost anything, but there will be an unclear limit on how many times these apps can be installed. The team in the video strongly encourages everyone to go through the full verification process (and pay Google for the privilege). We've asked Google for more specifics here.

An anonymous reader shares a report from The Verge: Microsoft is getting ready to announce an ad-supported version of Xbox Cloud Gaming. Sources familiar with Microsoft's plans tell The Verge that the software maker has started testing ad-supported games streaming internally, allowing employees to play select titles free without a Game Pass subscription.

I understand that the free ad-supported version of Xbox Cloud Gaming will include the ability to stream some games you own, as well as eligible Free Play Days titles, which let Xbox players try games over a weekend. You'll also be able to stream Xbox Retro Classics games. Sources tell me the internal testing includes around two minutes of preroll ads before a game is available to stream for free through Xbox Cloud Gaming. [...] The ad-supported Xbox Cloud Gaming version will be available on PC, Xbox consoles, handheld devices, and via the web.

An anonymous reader quotes a report from The Register: New Zealand's Institute of IT Professionals has discovered it is insolvent and advised members it has no alternative but to enter liquidation. The Institute (ITP) wrote to members on Thursday and posted a document titled "Important Update on ITP's Future" that reveals it has "reached a point where the organization cannot continue. After a full review of our finances, the Board has confirmed that ITP is insolvent."

Insolvency seems to have come as something of a surprise. "These debts are historic. They go back over many years. While some of the issues were worked on in more recent times, the full scale of the problem only became visible during the leadership change in 2025," the Update states. "Once the Board understood the full picture, it was clear that there was no responsible way forward other than liquidation." [...]

ITP's constitution requires its members to formally resolve to wind up the organization, so as one of its final acts the group has called a Special General Meeting (SGM) for 23 October 2025 to confirm liquidation and appoint a liquidator. This situation impacts more than ITP's ~10,000 members, because the organization offers assessment services that assess whether IT professionals' skills and qualifications make them eligible to move to New Zealand for work. ITP also certifies IT degrees at New Zealand universities, and oversees the NZ Cloud Computing Code of Practice. ITP also conducted educational and advocacy activities aimed at growing New Zealand's tech workforce.

Google has laid off over 100 employees in design-related roles, including user experience research and cloud design teams, as part of broader cost-cutting measures to prioritize AI infrastructure. CNBC reports: Earlier this week, the company laid off employees within the cloud unit's "quantitative user experience research" teams and "platform and service experience" teams, as well as some adjacent teams, according to internal documents viewed by CNBC. The roles often focus on using data, surveys and other tools to understand and implement user behaviors that inform product development and design. Google has halved some of the cloud unit's design teams, and many of those affected are U.S.-based roles. Some employees have been given until early December to find a new role within the company.

Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports: In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.

Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.

The UK government has issued a new order to Apple to create a backdoor into its cloud storage service, this time targeting only British users' data, despite US claims that Britain had abandoned all attempts to break the tech giant's encryption. Financial Times: The UK Home Office demanded in early September that Apple create a means to allow officials access to encrypted cloud backups, but stipulated that the order applied only to British citizens' data, according to people briefed on the matter.

A previous technical capability notice (TCN) issued in January sought global access to encrypted user data. That move sparked a diplomatic clash between the UK and US governments and threatened to derail the two nations' efforts to secure a trade agreement.

In February, Apple withdrew its most secure cloud storage service, iCloud Advanced Data Protection, from the UK. "Apple is still unable to offer Advanced Data Protection in the United Kingdom to new users," Apple said on Wednesday. "We are gravely disappointed that the protections provided by ADP are not available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy." It added: "As we have said many times before, we have never built a back door or master key to any of our products or services and we never will."

Microsoft has announced that Xbox Game Pass Ultimate will cost $29.99 per month, up from $19.99. The company restructured its subscription service into three tiers ahead of the October 16 launch of two Xbox ROG Ally handheld consoles. The new Essential tier offers 50-plus games for $9.99 monthly. Premium includes 200-plus games for $14.99. Ultimate subscribers gain access to more than 400 games, day-one releases, improved cloud streaming quality, and services including EA Play, Ubisoft+ Classics, and Fortnite Crew.

Game Pass generated nearly $5 billion in fiscal 2025 revenue with 34 million subscribers in 2024. Console hardware prices are also increasing, with the Xbox Series X rising $50 to $649.99 starting October 3.

An anonymous reader shared this report from Computer Weekly: Policing data hosted in Microsoft's hyperscale cloud infrastructure could be processed in more than 100 countries, but the tech giant is obfuscating this information from its customers, Computer Weekly can reveal. According to documents released by the Scottish Police Authority (SPA) under freedom of information (FoI) rules, Microsoft refused to hand over crucial information about its international data flows to the SPA and Police Scotland when asked...

The tech giant also refused to disclose its own risk assessments into the transfer of UK policing data to other jurisdictions, including China and others deemed "hostile" in the DPIA documents. This means Police Scotland and the SPA — which are jointly rolling out Office 365 — are unable to satisfy the law enforcement-specific data protection rules laid out in Part Three of the Data Protection Act 2018 (DPA18), which places strict limits on the transfer of policing data outside the UK. The same documents also contain an admission from Microsoft — given while simultaneously refusing to divulge key information about data flows — that it is unable to guarantee the sovereignty of policing data held and processed within its O365 infrastructure. This echoes the statements senior Microsoft representatives made to the French senate in June 2025, in which they admitted the company cannot guarantee the sovereignty of European data stored and processed in its services generally.

The revelation that Microsoft may access customer data from more than 100 countries is a result of the correspondence previously disclosed under Freedom of Information and reported on by Computer Weekly... All in all, an analysis of Microsoft's distributed documentation — conducted by independent security consultant Owen Sayers and shared with Computer Weekly — suggests that Microsoft personnel or contractors can remotely access the data from 105 different countries, using 148 different sub-processors. Despite technically being public, Sayers highlighted how this information is not transparently laid out for Microsoft customers, and is distributed across different documents contained in non-indexed webpages.... "[A]ny normal amount of due diligence — even if it is conducted by skilled persons will likely fail to see the full scope of offshoring in play," he said...

Microsoft did not contest the accuracy of the remote access location figures cited by Computer Weekly in this story.

MacStadium's inaugural CIO survey shows Apple devices gaining major ground in U.S. enterprises, with 96% of CIOs expecting Mac fleets to expand in the next two years and Macs already representing an average of 65% of enterprise endpoints. "The results show rapid Mac deployment across US business in the last two years, with 93% of CIOs claiming increased use, and 59% claiming a significant increase in use of all Apple devices," adds Computerworld. From the report: "As the adoption of Apple hardware continues to rise with both consumers and business users, and Apple Silicon is emerging as a secure and energy-efficient option for AI workloads, Apple is turning its sights to the enterprise," [MacStadium CEO Ken Tacelli] said in an interview. Among the specifics:

- 93% of CIOs report increased Apple device usage over the past two years.
- 45% of CIOs describe their leadership's view of Macs as a strategic investment, reflecting growing executive-level buy-in.
- The top drivers for Apple adoption are security and privacy (59%), employee preference (59%), and hardware performance (54%).
- Perhaps most importantly, 65% of CIOs say Macs are easier to manage than Windows or Linux devices.

In addition to those factors, the unique technical capabilities of Apple's kit (53%) play a role. Businesses are buying Macs because they're cheaper to run, last longer, allow employees to be more productive, and are both more private and more secure. The survey also shows that AI has become a leading reason to choose Macs. Apple Silicon is highly performant and energy efficient, enabling Macs to run on-device, secure AI, and to access cloud-based AI services.

An anonymous reader quotes a report from CNN: A team of suspected Chinese hackers has infiltrated US software developers and law firms in a sophisticated campaign to collect intelligence that could help Beijing in its ongoing trade fight with Washington, cybersecurity firm Mandiant said Wednesday. The hackers have been rampant in recent weeks, hitting the cloud-computing firms that numerous American companies rely on to store key data, Mandiant, which is owned by Google, said. In a sign of how important China's hacking army is in the race for tech supremacy, the hackers have also stolen US tech firms' proprietary software and used it to find new vulnerabilities to burrow deeper into networks, according to Mandiant.

[...] In some cases, the hackers have lurked undetected in the US corporate networks for over a year, quietly collecting intelligence, Mandiant said. The disclosure comes after the Trump administration escalated America's trade war with China this spring by slapping unprecedented tariffs on Chinese exports to the United States. The tit-for-tat tariffs set off a scramble in both governments to understand each other's positions. Mandiant analysts said the fallout from the breaches -- the task of kicking out the hackers and assessing the damage -- could last many months. They described it as a milestone hack, comparable in severity and sophistication to Russia's use of SolarWinds software to infiltrate US government agencies in 2020.

Longtime Slashdot reader hackingbear writes: President Donald Trump signed an executive order Thursday that he says will allow TikTok to continue operating in the United States in a way that meets national security concerns. Trump's order will enable an American-led of group of investors to "buy the app" (up to 80% ownership) from China's ByteDance, though the deal is not yet finalized and also requires China's approval. However, much about the deal is still unknown. So, did the U.S. successfully snatch TikTok from ByteDance? It is probably up to individual's interpretation.

As with any deals between U.S. and China, the devil is in the details. According Shen Yi, an internet influencer and a professor at Shanghai's Fudan University, what the U.S. investor will eventually take control of is an entity known as TikTok U.S. Data Security Company ("USDS"), which is a subsidiary of TikTok U.S. and is exclusively responsible to handle data security in the U.S.. ByteDance will continue, through its U.S. subsidiary "ByteDance TikTok U.S. Company," to operate business and other related activities (such as e-commerce, advertising for brands, and cross-border commercial activities). It is important to stress that "Byte TikTok U.S. Company" remains 100% owned by ByteDance through its global TikTok subsidiary -- this arrangement has not changed. The TikTok algorithm remains the property of ByteDance, only licensed to USDS for use. This point was in fact explicitly clarified by a relevant official of China's Cyberspace Administration at the press conference following the Madrid talks.

After reaching the TikTok deal, Beijing and Washington are now selling it to their respective domestic audience, each highlighting the part of the deal that it can characterize as a win. Shen's details are not in conflict with the widely-reported account given by Karoline Leavitt, the White House Press Secretary, who emphasized "a new board with six American directors out of seven." Observers can also find the TikTok arrangement being very similar to that of Apple's iCloud operation in China being run by GCBD (AIPO Cloud (Guizhou) Technology Co. Ltd.) while Apple retain controls of the brand and business.

Microsoft has disabled the Israeli Defense Ministry's access to certain services and subscriptions, after finding evidence that the ministry used the tech company's cloud services to surveil Gaza citizens. WSJ adds: The software company made the move after an internal investigation indicated Israel's Defense Ministry used Microsoft's Azure cloud services for surveillance, according to a person familiar with the matter. The company probe is ongoing. "As employees, we all have a shared interest in privacy protection, given the business value it creates by ensuring our customers can rely on our services with rock solid trust," Microsoft President Brad Smith said in a blog post Thursday on Microsoft's company website.

Smith said Microsoft's investigation was guided by the company's "longstanding protection of privacy as a fundamental right." Microsoft opened the probe after the Guardian, the British news organization, reported in August that Israel used Azure to store data on Gaza civilians and surveil them. The issue has been the source of protests at the company.

The Shai-Hulud malware campaign impacted hundreds of npm packages across multiple maintainers, reports Koi Security, including popular libraries like @ctrl/tinycolor and some packages maintained by CrowdStrike. Malicious versions embed a trojanized script (bundle.js) designed to steal developer credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows.
Koi Security created a table of packages identified as compromised, promising it's "continuously updated" (and showing the last compromise detected Tuesday). Nearly all of the compromised packages have a status of "removed from NPM". Attackers published malicious versions of @ctrl/tinycolor and other npm packages, injecting a large obfuscated script (bundle.js) that executes automatically during installation. This payload repackages and republishes maintainer projects, enabling the malware to spread laterally across related packages without direct developer involvement. As a result, the compromise quickly scaled beyond its initial entry point, impacting not only widely used open-source libraries but also CrowdStrike's npm packages.

The injected script performs credential harvesting and persistence operations. It runs TruffleHog to scan local filesystems and repositories for secrets, including npm tokens, GitHub credentials, and cloud access keys for AWS, GCP, and Azure. It also writes a hidden GitHub Actions workflow file (.github/workflows/shai-hulud-workflow.yml) that exfiltrates secrets during CI/CD runs, ensuring long-term access even after the initial infection. This dual focus on endpoint secret theft and backdoors makes Shai-Hulud one of the most dangerous campaigns ever compared to previous compromises.
"The malicious code also attempts to leak data on GitHub by making private repositories public," according to a Tuesday blog post from security systems provider Sysdig: The Sysdig Threat Research Team (TRT) has been monitoring this worm's progress since its discovery. Due to quick response times, the number of new packages being compromised has slowed considerably. No new packages have been seen in several hours at the time...
Their blog post concludes "Supply chain attacks are increasing in frequency. It is more important than ever to monitor third-party packages for malicious activity."

Some context from Tom's Hardware: To be clear: This campaign is distinct from the incident that we covered on Sept. 9, which saw multiple npm packages with billions of weekly downloads compromised in a bid to steal cryptocurrency. The ecosystem is the same — attackers have clearly realized the GitHub-owned npm package registry for the Node.js ecosystem is a valuable target — but whoever's behind the Shai-Hulud campaign is after more than just some Bitcoin.

alternative_right writes: Austria's armed forces have switched from Microsoft's Office programs to the open-source LibreOffice package. The reason for this is not to save on software license fees for around 16,000 workstations. "It was very important for us to show that we are doing this primarily (...) to strengthen our digital sovereignty, to maintain our independence in terms of ICT infrastructure and (...) to ensure that data is only processed in-house," emphasizes Michael Hillebrand from the Austrian Armed Forces' Directorate 6 ICT and Cyber.

This is because processing data in external clouds is out of the question for the Austrian Armed Forces, as Hillebrand explained on ORF radio station O1. It was already apparent five years ago that Microsoft Office would move to the cloud. Back then, in 2020, the decision-making process for the switch began and was completed in 2021.

BrianFagioli shares a report from NERDS.xyz: The Fedora Project has announced Fedora Linux 43 Beta, giving users and developers the opportunity to test the distribution ahead of its final release. This beta introduces improvements across installation, system tools, and programming languages while continuing Fedora's pattern of cleaning out older components. The beta can be downloaded in Workstation, KDE Plasma, Server, IoT, and Cloud editions. Spins and Labs are also available, though Mate and i3 are not provided in some builds. Existing systems can be upgraded with DNF system-upgrade. Fedora CoreOS will follow one week later through its "next" stream. The beta brings enhancements to its Anaconda WebUI, moves to Python 3.14, and supports Wayland-only GNOME, among many other changes. A full list of improvements and system enhancements can be found here.

The official release should be available in late October or early November.

Lead times for high-capacity hard drives have exceeded 52 weeks as AI workloads drive unprecedented demand for warm storage that sits between fast SSDs and offline tape archives, according to TrendForce. Western Digital notified customers of price increases across its entire hard drive portfolio citing demand for "every capacity" in its product line.

The shortage stems from AI infrastructure requirements including training datasets, model checkpoints and inference logs that consume petabytes of storage space. These files are too large for primary SSD storage but must remain accessible for quick retrieval. Hard drive manufacturers have not significantly expanded production capacity in approximately a decade. Cloud service providers are evaluating QLC SSDs for cold data storage despite costs remaining four to five times higher per gigabyte than mechanical drives. Memory suppliers are developing SSD products specifically for this intermediate storage tier.

An anonymous reader quotes a report from TechCrunch: Rainmaker Technology's bid to deploy cloud-seeding flares on small drones is being met by resistance from the airline pilots union, which has urged the Federal Aviation Administration to consider denying the startup's request unless it meets stricter safety guidelines. The FAA's decision will signal how the regulator views weather modification by unmanned aerial systems going forward. Rainmaker's bet on small drones hangs in the balance.

The Air Line Pilots Association (ALPA) told the FAA that Rainmaker's petition "fails to demonstrate an equivalent level of safety" and poses "an extreme safety risk." Rainmaker is seeking an exemption from rules that bar small drones from carrying hazardous materials. The startup filed in July, and the FAA has yet to rule. Instead, it issued a follow-up request for information, pressing for specifics on operations and safety. In its filing, Rainmaker proposed using two flare types, one "burn-in-place" and the other ejectable, on its Elijah quadcopter, to disperse particles that stimulate precipitation. Elijah has a maximum altitude of 15,000 feet MSL (measured from sea level), which sits inside controlled airspace where commercial airliners routinely fly. Drones need permission from Air Traffic Control to fly inside this bubble. Rainmaker's petition says it will operate in Class G (uncontrolled) airspace unless otherwise authorized. ALPA notes the filing doesn't clearly state where flights would occur or what altitudes would be used. Rainmaker and ALPA did not reply to TechCrunch's requests for comment.

The union also objects to the flares themselves, citing concerns about foreign object debris and fire safety. ALPA points out that the petition does not include trajectory modeling of the ejectable casings or analysis on the environmental impacts of chemical agents. However, Rainmaker says the flights will occur over rural areas and over properties owned by private landlords "with whom Rainmaker has developed close working relationships." [...] What happens next hinges on whether the FAA thinks those mitigations are sufficient. However it's decided, the agency's response will likely set the tone for novel cloud-seeding approaches.

Intel's long-time Xeon chief architect Ronak Singhal is leaving the company after nearly 30 years, marking yet another high-profile departure amid Intel's leadership churn and intensifying competition from AMD and Arm-based cloud CPUs. The Register reports: The Carnegie Mellon alum holds degrees in electrical and computer engineering, along with at least 30 patents involving CPUs. Singhal joined Intel in 1997 after spending the previous summer as an intern at Cyrix. After a year in Intel's Rotation Engineers Program, he spent the remainder of his tenure helping to develop some of the chipmaker's most consequential and, at times, controversial processors. Most notably, Singhal oversaw the core development of Intel's 22nm Haswell and 14nm Broadwell processor architectures. His innovations aren't limited to the datacenter either, with his architectural contributions playing a significant role in the success of Intel's Core and Atom processor families as well. [...]

Singhal is only the latest Xeon lead to jump ship since the start of the year. In January, Sailesh Kottapalli, another senior fellow, left for Qualcomm barely a month after former CEO Pat Gelsinger's unceremonious "retirement." Even before Gelsinger's eviction, Intel's datacenter group has been something of a revolving door. Last summer Singhal's long-time colleague Lisa Spelman departed the company, eventually landing a spot as CEO of HPC interconnect vendor Cornelis Networks. Her replacement, Ryan Tabrah, lasted seven months in the role, about half as long as Intel datacenter boss Justin Hotard, who defected for the forests of Finland to lead Nokia as its new President and CEO back in April.

In fact, the churn now extends all the way to the top. On Monday, Intel announced its CEO of Products, Michelle Johnston Holthaus, would be leaving the business. The move is part of a broader executive shakeup that will see former Arm engineer Kevork Kechichian take over as head of Intel's datacenter engineering group. Jim Johnson, meanwhile, will take over as head of the chipmaker's client computing group while Srinivasan (Srini) Iyengar will head up a new central engineering division.

Microsoft and OpenAI have signed a non-binding deal to restructure their partnership, paving the way for OpenAI to shift into a conventional for-profit model and potentially go public. Reuters reports: Details on the new commercial arrangements were not disclosed, but the companies said they were working to finalize terms of a definitive agreement. [...] Microsoft invested $1 billion in OpenAI in 2019 and another $10 billion at the beginning of 2023. Under their previous agreement, Microsoft had exclusive rights to sell OpenAI's software tools through its Azure cloud computing platform and had preferred access to the startup's technology.

Microsoft was once designated as OpenAI's sole compute provider, though it lessened its grip this year to allow OpenAI to pursue its own data center project, Stargate, including signing $300 billion worth of long-term contracts with Oracle, as well as another cloud deal with Google. As OpenAI's revenue grows into the billions, it is seeking a more conventional corporate structure and partnerships with additional cloud providers to expand sales and secure the computing capacity needed to meet demand. Microsoft, meanwhile, wants continued access to OpenAI's technology even if OpenAI declares its models have reached humanlike intelligence - a milestone that would end the current partnership under existing terms.

OpenAI said under current terms, its nonprofit arm will receive more than $100 billion -- about 20% of the $500 billion valuation it is seeking in private markets -- making it one of the most well-funded nonprofits, according to a memo from Bret Taylor, chairman of OpenAI's current nonprofit board. The companies did not disclose how much of OpenAI Microsoft will own, nor whether Microsoft will retain exclusive access to OpenAI's latest models and technology. Regulatory hurdles remain for OpenAI, as attorneys general in California and Delaware need to approve OpenAI's new structure. The company hopes to complete the conversion by year's end, or risk losing billions in funding tied to that timeline.