U.S. real estate developers "are having a hard time keeping up with demand," reports the Los Angeles Times, "as businesses in search of secure spots for their servers rent nearly every square foot that becomes available..." Construction of new data centers is at "extraordinary levels" driven by "insatiable demand," a recent report on the industry by real estate brokerage JLL found. "Never in my career of 25 years in real estate have I seen demand like this on a global scale," said JLL real estate broker Darren Eades, who specializes in data centers...

The biggest drivers are AI and cloud service providers that include some of the biggest names in tech, such as Amazon, Microsoft, Google and Oracle. With occupancy in conventional office buildings still down sharply following the impact of the COVID-19 pandemic and property values falling, data centers represent a rare ripe opportunity for real estate developers, who are pursuing opportunities in major markets like Los Angeles and less urban locales that are served by plentiful and preferably cheap power needed to run data centers. "If you can find a cluster of power to build a site, they'll come," Eades said of developers. Construction is taking place at an "extraordinary" pace nationwide and still not keeping up, the JLL data center report said. [Data center] "Vacancy declined to a record low of 3% at midyear due to insatiable demand and despite rampant construction."

Development increased more than sevenfold in two years, with the pipeline of new projects leveling off in the first half of 2024, a potential signal that the U.S. power grid cannot support development at a faster pace. But when projects currently under construction or planned are complete, the U.S. colocation market, in which businesses rent space in a data center owned by another company for their servers and other computing hardware, will triple in size from current levels... Real estate investors and landlords are being drawn into the market because demand from tenants is high and they are likely to renew their leases after shouldering the costs of setting up data centers. "They invest in their space and in your space and they tend to stick around longer," said Mark Messana, president of Downtown Properties, which owns offices in Los Angeles and San Francisco. "As we all know, the office market is struggling a little bit, so it's nice to be able to have some data customers in the mix..."

Power demand for computing is growing so intense that it threatens to strain the nation's electrical grid, sending users to remote locations where power is plentiful and preferably cheap. Data center developers are working in Alabama, the Dakotas and Indiana, "traditionally states that wouldn't have data centers," Eades said.
The article includes "the mother of all data centers" in the western U.S. — a 30-story building where "thousands of miles of undersea fiber-optic cables disappear into an ordinary-looking office tower." Once a prestigious location for businesses, "The recent departure of a law firm that had been in the building more than 50 years cleared out five floors that will quickly be re-leased to data tenants, said Eades, who represents the landlord..."

To retrofit the building for data centers, "two elevators were removed so the empty shafts could hold water pipes used to help keep the temperature cool enough for the heat-producing servers" — and developers are happy rents "can be double what they are at newer downtown office high-rises, according to real estate data provider CoStar...

"By 2030, data centers could account for as much as 11% of U.S. power demand — up from 3% now, according to analysts at Goldman Sachs."

Uplevel provides insights from coding and collaboration data, according to a recent report from CIO magazine — and recently they measured "the time to merge code into a repository [and] the number of pull requests merged" for about 800 developers over a three-month period (comparing the statistics to the previous three months).

Their study "found no significant improvements for developers" using Microsoft's AI-powered coding assistant tool Copilot, according to the article (shared by Slashdot reader snydeq): Use of GitHub Copilot also introduced 41% more bugs, according to the study...

In addition to measuring productivity, the Uplevel study looked at factors in developer burnout, and it found that GitHub Copilot hasn't helped there, either. The amount of working time spent outside of standard hours decreased for both the control group and the test group using the coding tool, but it decreased more when the developers weren't using Copilot.
An Uplevel product manager/data analyst acknowledged to the magazine that there may be other ways to measure developer productivity — but they still consider their metrics solid. "We heard that people are ending up being more reviewers for this code than in the past... You just have to keep a close eye on what is being generated; does it do the thing that you're expecting it to do?"

The article also quotes the CEO of software development firm Gehtsoft, who says they didn't see major productivity gains from LLM-based coding assistants — but did see them introducing errors into code. With different prompts generating different code sections, "It becomes increasingly more challenging to understand and debug the AI-generated code, and troubleshooting becomes so resource-intensive that it is easier to rewrite the code from scratch than fix it."

On the other hand, cloud services provider Innovative Solutions saw significant productivity gains from coding assistants like Claude Dev and GitHub Copilot. And Slashdot reader destined2fail1990 says that while large/complex code bases may not see big gains, "I have seen a notable increase in productivity from using Cursor, the AI powered IDE." Yes, you have to review all the code that it generates, why wouldn't you? But often times it just works. It removes the tedious tasks like querying databases, writing model code, writing forms and processing forms, and a lot more. Some forms can have hundreds of fields and processing those fields along with doing checks for valid input is time consuming, but can be automated effectively using AI.
This prompted an interesting discussion on the original story submission. Slashdot reader bleedingobvious responded: Cursor/Claude are great BUT the code produced is almost never great quality. Even given these tools, the junior/intern teams still cannot outpace the senior devs. Great for learning, maybe, but the productivity angle not quite there.... yet.

It's damned close, though. GIve it 3-6 months.
And Slashdot reader abEeyore posted: I suspect that the results are quite a bit more nuanced than that. I expect that it is, even outside of the mentioned code review, a shift in where and how the time is spent, and not necessarily in how much time is spent.
Agree? Disagree? Share your own experiences in the comments.

And are developers really saving time with AI coding assistants?

The Register's Tobias Mann reports: Oracle could choose to take control of Ampere Computing, the Arm processor designer it has backed and uses in its cloud. A proxy statement [PDF] filed on Wednesday reveals that Oracle held 29 percent stake in Ampere as of May 31, 2024, and has the option to gain majority control over the chip house in 2027. "The total carrying value of our investments in Ampere, after accounting for losses under the equity method of accounting, was $1.5 billion as of May 31, 2024," the filing reads. Oracle also revealed it extended $600 million in loans in the form of convertible debt to Ampere during its 2024 fiscal year, on top of $400 million in debt given during the prior fiscal year. Ampere's debts are set to mature beginning June 2026, when Oracle will have the option of converting those investments into additional equity in the chip startup. "If either of such options is exercised by us or our co-investors, we would obtain control of Ampere and consolidate its results with our results of operations," the filing explains.

According to the document, Oracle spent roughly $48 million on Ampere processors during its 2023 fiscal year -- some of it direct with Ampere and some through a third party. By comparison, Big Red spent just $3 million on Ampere's chips and had $101.1 million worth of products available under a pre-payment order by the end of fiscal year 2024. This is despite the fact that Oracle is aggressively expanding its datacenter footprint to address growing demand for AI infrastructure. These efforts have included the deployment of massive clusters of GPUs from Nvidia and AMD with the largest campus developments nearing a gigawatt in scale. The filing also revealed that Ampere founder and CEO Renee James will not seek re-election to Oracle's board of directors.

"Dozens of Fortune 100 organizations" have unknowingly hired North Korean IT workers using fake identities, generating revenue for the North Korean government while potentially compromising tech firms, according to Google's Mandiant unit. "In a report published Monday [...], researchers describe a common scheme orchestrated by the group it tracks as UNC5267, which has been active since 2018," reports The Record. "In most cases, the IT workers 'consist of individuals sent by the North Korean government to live primarily in China and Russia, with smaller numbers in Africa and Southeast Asia.'" From the report: The remote workers "often gain elevated access to modify code and administer network systems," Mandiant found, warning of the downstream effects of allowing malicious actors into a company's inner sanctum. [...] Using stolen identities or fictitious ones, the actors are generally hired as remote contractors. Mandiant has seen the workers hired in a variety of complex roles across several sectors. Some workers are employed at multiple companies, bringing in several salaries each month. The tactic is facilitated by someone based in the U.S. who runs a laptop farm where workers' laptops are sent. Remote technology is installed on the laptops, allowing the North Koreans to log in and conduct their work from China or Russia.

Workers typically asked for their work laptops to be sent to different addresses than those listed on their resumes, raising the suspicions of companies. Mandiant said it found evidence that the laptops at these farms are connected to a "keyboard video mouse" device or multiple remote management tools including LogMeIn, GoToMeeting, Chrome Remote Desktop, AnyDesk, TeamViewer and others. "Feedback from team members and managers who spoke with Mandiant during investigations consistently highlighted behavior patterns, such as reluctance to engage in video communication and below-average work quality exhibited by the DPRK IT worker remotely operating the laptops," Mandiant reported.

In several incident response engagements, Mandiant found the workers used the same resumes that had links to fabricated software engineer profiles hosted on Netlify, a platform often used for quickly creating and deploying websites. Many of the resumes and profiles included poor English and other clues indicating the actor was not based in the U.S. One characteristic repeatedly seen was the use of U.S-based addresses accompanied by education credentials from universities outside of North America, frequently in countries such as Singapore, Japan or Hong Kong. Companies, according to Mandiant, typically don't verify credentials from universities overseas. Further reading: How Not To Hire a North Korean IT Spy

Alphabet unit Google filed a complaint to the European Commission on Wednesday against what it said were Microsoft's anti-competitive practices to lock customers into Microsoft's cloud platform Azure. From a report: Google, whose biggest cloud computing rivals are Microsoft and Amazon Web Services, said Microsoft was exploiting its dominant Windows Server operating system to prevent competition. Google Cloud Vice President Amit Zavery told a briefing that Microsoft made customers pay a 400% mark-up to keep running Windows Server on rival cloud computing operators. This did not apply if they used Azure. Users of rival cloud systems would also get later and more limited security updates, Zavery said.

Google pointed to a 2023 study by cloud services organization CISPE which found that European businesses and public sector bodies were paying up to 1 billion euros ($1.12 billion) per year on Microsoft licensing penalties. Microsoft in July clinched a 20-million-euro deal to settle an antitrust complaint about its cloud computing licensing practices with CISPE, averting an EU investigation. However, the settlement did not include Amazon Web Services, Google Cloud Platform and AliCloud, prompting criticism from the first two companies.

Microsoft giveth and Microsoft taketh away, as administrators using Windows Server Update Services (WSUS) will soon find out. From a report: Windows Server 2025 remains in preview, but Microsoft has been busy letting users know what is set for removal and what will be deprecated in the release. WSUS fits into the latter category -- still there for now, but no longer under active development. This is a big deal for many administrators who rely on the feature to deploy and manage the distribution of updates and features in an enterprise environment.

It'll even work on a network disconnected from the internet -- download the patches to a connected computer, stick them on some removable media, import the patches to a WSUS server on the disconnected network, and away you go. A tame administrator told El Reg: "We are migrating to Intune. It's a lot more complicated than WSUS, and it takes a lot longer to get set up."

"Such is progress!" he sighed. Microsoft's advice is, unsurprisingly, to migrate to cloud tools. As well as the aforementioned Intune, there is also Windows Autopatch for client update management or Azure Update Manager for server update management. And there are plenty of third-party tools out there too, such as Ansible. Microsoft's announcement has attracted comment. One user said: "Congratulations, you just made centralized automated patching subject to internal politics and budget constraints. "I survived the era of Melissa, SQL Slammer, and other things that were solved when we no longer had to choose between paid patch management or trusting admins of every server to do the right thing. For those of you that did not live through that, buckle up!"

Google is getting ready to show off updated Street View imagery in nearly 80 countries. The Verge: In a now-removed blog post seen by The Verge, Google announced that the new images are coming to countries like Australia, Brazil, Denmark, Japan, the Philippines, Rwanda, Serbia, South Africa, and more. Google is also bringing Street View to a handful of countries where it's never been available, including Bosnia, Namibia, Lichtenstein, and Paraguay. The company said its more portable Street View camera, which launched in 2022, will help offer images of "even more places in the future."

Google Maps and Google Earth are getting sharper satellite imagery as well, thanks to the company's cloud-removal AI tool that takes out clouds, shadows, haze, and mist. This should result in "brighter, more vibrant" images, according to Google.

Sonos launched a disastrous app update in May, prompting CEO Patrick Spence to commission an internal investigation led by chief counsel Eddie Lazarus. The software release, plagued with missing features and bugs, has sparked widespread customer outrage and led to a $200 million revenue shortfall. Sonos shares have plummeted 25% this year. Lazarus interviewed about two dozen employees and reviewed meeting recordings before presenting his findings to the board in late July. Bloomberg: What has happened to Sonos is at its heart a cautionary tale of company leadership ignoring the perils of "technical debt," the term used by software engineers to describe the compounding threat of outdated code and infrastructure on security, usability and stability.

For two decades, Sonos had allowed its tech debt to pile high. When it undertook in earnest its effort to revamp its app in mid-2022, the company knew it was sitting on infrastructure and code written in languages that were pretty much obsolete. The Sonos app had been adapted and spliced and tinkered with so often, the vast majority of work being performed for the new app was less about introducing new functionality than sorting out the existing mess.

The company could have tackled its tech debt sooner but appears to have lacked a crucial element: urgency. It finally came in the form of the Sonos Ace headphones, the first product in the Sonos range to be fully mobile rather than using home or office Wi-Fi. The app needed to be rebuilt, as did the cloud computing setup underpinning it.

Ace is a critical product for Sonos. Now that Sonos' pandemic sales boom has subsided, Wall Street has started to question where revenue growth will come from. Sonos Ace is a big part of the answer. Despite the company's lofty and well-earned reputation, Sonos' share of the $100 billion audio market is only around 2% because it has not gone toe-to-toe in the headphones category with Apple, Sennheiser, Bose and the rest.

"In the era of the open source rug pull, the role of open source foundations is more important than ever," argues the co-founder of the developer-focused industry analyst firm RedMonk: The "rug pull" here refers to companies that have used open source as a distribution mechanism, building a community and user base, before changing the license to be restricted, rather than truly open source. "This is capitalism, yo. We've got shareholders to satisfy. It's time to relicense that software, move to a Business Source license." [...] Where open source used to be a sustainable commitment, today too often it feels like a short term tactic. Commercial open source isn't what it used to be.

Which means that open source foundations, which provide ongoing governance and intellectual property management for open source projects, are in an interesting position, in some cases becoming more adversarial than they historically have been with vendors.... [T]he Apache Software Foundation (ASF) has done a great job of fostering sustainable, commercial, open source for decades now, most notably in the data infrastructure space — think Hadoop, Spark, Kafka, Flink etc. ["[C]ommercial open source would almost certainly never have achieved critical mass and continued success without foundations in the mix," the article notes later. "The ASF was founded in 1999, and underpinned the adoption of open source middleware in the enterprise..."] One premise behind the Cloud Native Computing Foundation (CNCF) is that user organisations can within reason trust it to stand behind the projects it incubates and manages. While not an explicit commitment, adopters generally, and enterprises specifically, have seen the CNCF imprimatur as one that they can rely on. In the era of the open source rug pull this kind of promise becomes even more important....

Sid Sijbrandij, CEO of GitLab has argued that open source companies should commit to an Open Charter as a mechanism to protect users from open source rug pulls. "Open source software isn't useful if people can't rely on the project remaining open source. Adopting Open Charter offers open source users predictability amidst the growing licensing switch trend." With a CNCF project, though, the need for this kind of charter becomes less important, because the code is by design not single source, but has a diverse set of contributors. Which is to say that open source foundations can make rug pulls a lot less likely than adoption of open source technology built by a single company. Relying on benevolent dictators is generally pretty risky. And recently the benevolent dictators have seemed... less benevolent.
In conclusion, "Open Source Foundations Considered Helpful," according to the post's title. It does argue that "Any company is within its rights to relicense its software, but it can certainly be problematic from a community and project health perspective.

"Which is exactly why open source foundations are more important than ever."

Microsoft has launched a new Windows app that serves as a hub for streaming Windows environments from services like Windows 365 and Azure Virtual Desktop. However, it's limited to Microsoft work and school accounts with "no signs that Microsoft plans to support consumer accounts," notes The Verge's Tom Warren. From the report: This new unified app has been in testing for nearly a year, and includes a customizable home screen, multi-monitor support, and USB redirection so you can use local devices like webcams, storage devices, and printers as if they were plugged directly into a cloud PC. This Windows app is limited to Microsoft work and school accounts, as it's primarily designed for existing users of Remote Desktop clients for Windows and other operating systems to move to. Microsoft has had similar apps for connecting to PCs remotely in Windows for decades, including the Remote Desktop Connection app that still ships as part of Windows 11. These apps, including the new Windows one, are useful for connecting to work PCs from a personal laptop or PC. The Windows app is available from the Microsoft Store and Apple App Store. An Android version enters public preview mode today.

Late last month, Brazilian Justice Alexandre de Moraes ordered X to suspend operations in Brazil after a months-long dispute with X owner Elon Musk. The conflict centered on Musk's refusal to appoint a legal representative in the country and his refusal to take down disinformation and far-right accounts. However, on Wednesday, X bypassed the court-ordered block by utilizing third-party cloud services, allowing many Brazilian users to access the platform without the need for a virtual private network (VPN). From a report: The number of Brazilians accessing X is unknown, according to [Abrint, the Brazilian Association of Internet and Telecommunications Providers]. "I believe the change was probably intentional. Why would X use a third-party service that ends up being slower than its own?" said Basilio Perez, a board member at Abrint.

Any revised order from Brazil's national telecommunications agency Anatel, which is responsible for implementing the court ruling, will need to be more specific, because blocking cloud access is complex and may jeopardize government agencies and financial services providers, Perez said.

Anatel has identified the problem and is working to first notify content delivery network providers, followed by telecom companies to block access again to X in Brazil, according to a person familiar with the situation. The same person said it is not clear how long it will take for the providers to comply with the order...

In a statement tweeted from X's global government affairs account, the company said the restoration of service was an "inadvertent and temporary" side-effect of switching network providers.

IBM has been laying off a substantial number of employees this week and is trying to keep it quiet, The Register reported Wednesday, citing its sources. From the report: One IBM employee told The Register that IBM Cloud experienced "a massive layoff" in the past few days that affected thousands of people. "Unlike traditional layoffs, this one was done in secret," the insider said. "My manager told me that they were required to sign an NDA not to talk about the specifics."

Multiple posts on layoff-focused message boards and corroborating accounts with other sources familiar with the IT giant's operations suggest the cuts are large. Asked to confirm the layoffs, an IBM spokesperson told The Register, "Early this year, IBM disclosed a workforce rebalancing charge that would represent a very low single digit percentage of IBM's global workforce, and we still expect to exit 2024 at roughly the same level of employment as we entered with."

Longtime Slashdot reader theodp writes: Python in Excel is now generally available for Windows users of Microsoft 365 Business and Enterprise," Microsoft announced in a Monday blog post. "Last August, in partnership with Anaconda, we introduced an exciting new addition to Excel by integrating Python, making it possible to seamlessly combine Python and Excel analytics within the same workbook, no setup required. Since then, we've brought the power of popular Python analytics libraries such as pandas, Matplotlib, and NLTK to countless Excel users." Microsoft also announced the public preview of Copilot in Excel with Python, which will take users' natural language requests for analysis and automatically generate, explain, and insert Python code into Excel spreadsheets.

While drawing criticism for limiting Python execution to locked-down Azure cloud containers, Python in Excel has also earned accolades from the likes of Python creator Guido van Rossum, now a Microsoft Distinguished Engineer, as well as Pandas creator Wes McKinney.

Left unmentioned in Monday's announcement is that Microsoft managed to convince the USPTO to issue it a patent in July 2024 on the Enhanced Integration of Spreadsheets With External Environments (alt. source), which Microsoft explains covers the "implementation of enhanced integrations of native spreadsheet environments with external resources such as-but not limited to-Python." All of which may come as a surprise to software vendors and individuals that were integrating Excel and external programming environments years before Microsoft filed its patent application in September 2022.

IBM has acquired Kubecost, a FinOps startup that helps teams at companies like Allianz, Audi, Rakuten, and GitLab monitor and optimize their Kubernetes clusters with a focus on efficiency and, ultimately, cost. From a report: Tuesday's announcement follows IBM's $4.3 billion acquisition of Apptio in 2023, another company in the FinOps space. In previous years, we also saw IBM acquire companies like cloud app and network management firm Turbonomic and application performance management startup Instana. Now with the acquisition of KubeCost, IBM continues this effort to bolster its IT and FinOps capabilities as enterprises increasingly look to better manage their increasingly complex cloud and on-prem infrastructure.

Oracle cofounder Larry Ellison envisions AI as the backbone of a new era of mass surveillance, positioning Oracle as a key player in AI infrastructure through its unique networking architecture and partnerships with AWS and Microsoft. The Register reports: Ellison made the comments near the end of an hour-long chat at the Oracle financial analyst meeting last week during a question and answer session in which he painted Oracle as the AI infrastructure player to beat in light of its recent deals with AWS and Microsoft. Many companies, Ellison touted, build AI models at Oracle because of its "unique networking architecture," which dates back to the database era.

"AI is hot, and databases are not," he said, making Oracle's part of the puzzle less sexy, but no less important, at least according to the man himself - AI systems have to have well-organized data, or else they won't be that valuable. The fact that some of the biggest names in cloud computing (and Elon Musk's Grok) have turned to Oracle to run their AI infrastructure means it's clear that Oracle is doing something right, claimed now-CTO Ellison. "If Elon and Satya [Nadella] want to pick us, that's a good sign - we have tech that's valuable and differentiated," Ellison said, adding: One of the ideal uses of that differentiated offering? Maximizing AI's pubic security capabilities.

"The police will be on their best behavior because we're constantly watching and recording everything that's going on," Ellison told analysts. He described police body cameras that were constantly on, with no ability for officers to disable the feed to Oracle. Even requesting privacy for a bathroom break or a meal only meant sections of recording would require a subpoena to view - not that the video feed was ever stopped. AI would be trained to monitor officer feeds for anything untoward, which Ellison said could prevent abuse of police power and save lives. [...] "Citizens will be on their best behavior because we're constantly recording and reporting," Ellison added, though it's not clear what he sees as the source of those recordings - police body cams or publicly placed security cameras. "There are so many opportunities to exploit AI," he said.

On Tuesday Ivanti issued a "high severity vulnerability" announcement for version 4.6 of its Cloud Service Appliance (or CSA). "Successful exploitation could lead to unauthorized access to the device running the CSA." And Friday that announcement got an update: Ivanti "has confirmed exploitation of this vulnerability in the wild."

While Ivanti released a security update, they warned that "with the end-of-life status this is the last fix that Ivanti will backport for this version. Customers must upgrade to Ivanti CSA 5.0 for continued support."

This prompted a response from CISA (the Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security). The noted that Ivanti is urging customers to upgrade to version 5.0, as "Ivanti no longer supports CSA 4.6 (end-of-life)." But in addition, CISA "ordered all federal civilian agencies to remove CSA 4.6. from service or upgrade to the 5.0. by October 4," reports the Record: Ivanti said users will know they are impacted by exploitation of the bug by looking to see if there are modified or newly added administrative users. They also urged customers to check security alerts if they have certain security tools involved.

The issue arose one day after another Ivanti bug caused alarm among defenders. The company pledged a security overhaul in April after a cascade of headline-grabbing nation-state attacks broke through the systems of government agencies in the U.S. and Europe using vulnerabilities in Ivanti products.

An anonymous reader shared this report from DevClass: A report from developer-focused analyst Redmonk finds "there does not seem to be a clear link between moving from an open source to proprietary license and increasing the company's value."

Senior analyst Rachel Stevens studied the question of whether the companies that changed from open source to proprietary licenses have since reported better financial positions. In particular, she looked at MongoDB, which changed from AGPL (GNU Affero General Public License) to its SSPL (Server Side Public License) in 2018; Elastic Co, which changed from Apache 2 to SSPL or Elastic License in early 2021; HashiCorp, which changed from MPL (Mozilla Public License 2.0) a year ago, and Confluent, which checked from Apache 2 to its own Confluent Community License in 2018.

The report is too recent to take account of Elastic's reversion to AGPL; and the financial impact of that is of course yet to be known, though it is perhaps unlikely that the switch back would have been made if the company considered it detrimental to its finances. Rather, Elastic's latest licensing change reinforces the view that proprietary licenses are not necessarily more profitable... All the companies studied increased their revenue after their license change, Stevens said, but added that the rate of change was similar to that before the change...

MongoDB stated in 2018 that "once an open source project becomes interesting or popular, it becomes too easy for the cloud vendors to capture all the value and give nothing back to the community." Six years later, it remains the case that the large cloud vendors are highly profitable, but that these companies who changed their license are not. In February this year, Bruce Perens, creator of the 1998 Open Source Definition, described open source as "a great corporate welfare program" and not at all what he had intended...

The new Redmonk report suggests that such license manoeuvres are neither fatal nor beneficial to the finances of the companies involved — though there are so many caveats that it is impossible to draw firm conclusions.
The report's final sentence concludes that "there does not seem to be a clear link between moving from an open source to proprietary license and increasing the company's value."

Wired published some thoughts from Hans Peter Brondmo, the former head of "Google's seven-year mission to give AI a robot body".

An anonymous reader shared this report from Axios: Building AI-powered robots that can flexibly operate in the real world is going to take much longer than Silicon Valley believes and promises, according to the former head of Google's robotics moonshot project, writing in Wired...

Everyday Robotics spent seven years and a small Google fortune developing a one-armed robot on a wheeled platform. By the time Google pulled the plug on the project in February 2023, the robots were helping clean up researchers' desks and sorting trash during the daytime; in the evening, they were improvising dances. [Google hired a professional dancer as an artist-in-residence who teamed with "a few other engineers" to build an AI algorithm trained on the dancer's choreography preferences...]

Google founder Larry Page — favored moving directly to "end to end" (e2e) learning, where you'd hand robots a general task and they'd be able to figure out how to execute it. That, Page felt, was a goal worthy of a moonshot. But it also turned out to be out of reach. "I have come to believe," Brondmo writes, "it will take many, many thousands, maybe even millions of robots doing stuff in the real world to collect enough data to train e2e models that make the robots do anything other than fairly narrow, well-defined tasks...." ["Building robots that perform useful services — like cleaning up and wiping all the tables in a restaurant, or making the beds in a hotel — will require both AI and traditional programming for a long time to come. In other words, don't expect robots to go running off outside our control, doing something they weren't programmed to do, anytime soon."]

The bottom line: So far, robot hype is outpacing robot reality. Boston Dynamics' back-flipping humanoid and quadruped bots have wowed YouTube viewers — but you wouldn't want to let them anywhere near your office or home.
It's an interesting look back. "My job: help figure out what to do with the employees and technology left over from nine robot companies that Google had acquired," Brondmo writes: Andy "the father of Android" Rubin, who had previously been in charge, had suddenly left. Larry Page and Sergey Brin kept trying to offer guidance and direction during occasional flybys in their "spare time...." I knew from firsthand experience how hard it was to build a company that, in Steve Jobs' famous words, could put a dent in the universe, and I believed that Google was the right place to make certain big bets. AI-powered robots, the ones that will live and work alongside us one day, was one such audacious bet.

Eight and a half years later — and 18 months after Google decided to discontinue its largest bet in robotics and AI — it seems as if a new robotics startup pops up every week. I am more convinced than ever that the robots need to come. Yet I have concerns that Silicon Valley, with its focus on "minimum viable products" and VCs' general aversion to investing in hardware, will be patient enough to win the global race to give AI a robot body. And much of the money that is being invested is focusing on the wrong things...

When I arrived, the lab had already hatched Waymo, Google Glass, and other science-fiction-sounding projects like flying energy windmills and stratospheric balloons that would provide internet access to the underserved... [But] in January 2023, two months after OpenAI introduced ChatGPT, Google shut down Everyday Robots, citing overall cost concerns. The robots and a small number of people eventually landed at Google DeepMind to conduct research. In spite of the high cost and the long timeline, everyone involved was shocked.
They'd tackled the problem with earnestness. ("[S]even robots working for months to learn how to pick up a rubber duckling? That wasn't going to cut it... So we built a cloud-based simulator and, in 2021, created more than 240 million robot instances in the sim.ma")

Brondmo adds this his mother had advanced Parkinson's disease, and hoped that one day robots could support her. "Our frequent conversations toward the end of her life convinced me more than ever that a future version of what we started at Everyday Robots will be coming. In fact, it can't come soon enough.

"So the question we are left to ponder becomes: How does this kind of change and future happen? I remain curious, and concerned."

Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. From a report: Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and EDR/XDR solutions, as well as consulting services.

Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance. The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to download. The threat actor, known as "Fortibitch," claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay. In response to our questions about incident, Fortinet confirmed that customer data was stolen from a "third-party cloud-based shared file drive."

An anonymous reader quotes a report from Ars Technica: Microsoft has updated a key cryptographic library with two new encryption algorithms designed to withstand attacks from quantum computers. The updates were made last week to SymCrypt, a core cryptographic code library for handing cryptographic functions in Windows and Linux. The library, started in 2006, provides operations and algorithms developers can use to safely implement secure encryption, decryption, signing, verification, hashing, and key exchange in the apps they create. The library supports federal certification requirements for cryptographic modules used in some governmental environments. Despite the name, SymCrypt supports both symmetric and asymmetric algorithms. It's the main cryptographic library Microsoft uses in products and services including Azure, Microsoft 365, all supported versions of Windows, Azure Stack HCI, and Azure Linux. The library provides cryptographic security used in email security, cloud storage, web browsing, remote access, and device management. Microsoft documented the update in a post on Monday. The updates are the first steps in implementing a massive overhaul of encryption protocols that incorporate a new set of algorithms that aren't vulnerable to attacks from quantum computers. [...]

The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren't vulnerable to Shor's algorithm when the keys are of a sufficient size. [...] The other algorithm added to SymCrypt is the NIST-recommended XMSS. Short for eXtended Merkle Signature Scheme, it's based on "stateful hash-based signature schemes." These algorithms are useful in very specific contexts such as firmware signing, but are not suitable for more general uses. Monday's post said Microsoft will add additional post-quantum algorithms to SymCrypt in the coming months. They are ML-DSA, a lattice-based digital signature scheme, previously called Dilithium, and SLH-DSA, a stateless hash-based signature scheme previously called SPHINCS+. Both became NIST standards last month and are formally referred to as FIPS 204 and FIPS 205. In Monday's post, Microsoft Principal Product Manager Lead Aabha Thipsay wrote: "PQC algorithms offer a promising solution for the future of cryptography, but they also come with some trade-offs. For example, these typically require larger key sizes, longer computation times, and more bandwidth than classical algorithms. Therefore, implementing PQC in real-world applications requires careful optimization and integration with existing systems and standards."