UK government-appointed commissioners have labeled Birmingham City Council's Oracle Fusion rollout as "the poorest ERP deployment" they have seen. From a report: A report published by the UK council's Corporate Finance Overview and Scrutiny Committee found that 18 months after Fusion went live, the largest public authority in Europe "had not tactically stabilized the system or formulated clear plans to resolve the system issues and recover the operation."

The city council's cloud-based Oracle tech replaced the SAP system that it began using in 1999, but the disastrous project encountered a string of landmark failures. The council has failed to produce auditable accounts since Oracle was implemented in 2022, costs have ballooned from around 19 million pound to a projected estimate of 131 million pound and, because the council chose not to use system audit features, it cannot tell if fraud has taken place on its multibillion-pound spending budget for an 18-month period. In September last year, the council became effectively bankrupt due to outstanding equal pay claims and the Oracle implementation.

The report from "best value commissioners" appointed by central government to investigate struggling councils said that following the Oracle implementation, "a serious lack of trust had developed between members and officers driven by the failed implementation and subsequent lack of progress to resolve the situation."

Microsoft is introducing a feature to Notepad called Rewrite that will let you use AI to "rephrase sentences, adjust tone, and modify the length of your content." The Verge reports: If you're a Windows Insider with early access to the feature, you can try it by highlighting the text you want to adjust in Notepad, right-clicking it, and choosing Rewrite. Notepad will then display a dialogue box where you can decide how they want to change their text -- for example, if it needs to be longer or shorter. Rewrite will then offer three rewritten versions that you can replace your work with.

It's worth noting that you'll have to sign in to your Microsoft account to use Rewrite, as it's "powered by a cloud-based service that requires authentication and authorization." Microsoft is launching this feature in preview on Windows 11 in the US, France, UK, Canada, Italy, and Germany. In July, Microsoft rolled out spellcheck and autocorrect for Notepad.

Nvidia will impose a 100-hour monthly limit on its GeForce Now cloud gaming service for new subscribers starting January 2025, with existing members facing the same restriction from 2026, the company said on Thursday.

The gaming giant aims to maintain current subscription prices by implementing the cap, which affects roughly 6% of users. Members can purchase additional 15-hour blocks for $2.99 on Performance tier or $5.99 for Ultimate tier once they exceed the limit.

The service, which allows users to stream games from remote servers, will also rebrand its Priority membership to Performance tier, adding 1440p streaming and ultrawide resolution support. Subscribers can carry over 15 unused hours monthly or switch to basic servers after reaching the cap, Nvidia said.

An anonymous reader quotes a report from Fortune: Google CEO Sundar Pichai has weighed in on the debate over the relative values of political expression and workplace coexistence by ordering employees to leave their political opinions at home. A day after firing 28 workers for participating in a sit-in protest of the tech giant's cloud contract with Israel, Pichai warned staff that the office is not a place "to fight over disruptive issues or debate politics" in a company blog post.

Although Pichai didn't specifically mention the protests or the Israel-Hamas war, he concluded that the $1.92 trillion company "is a business, and not a place to act in a way that disrupts coworkers or makes them feel unsafe, to attempt to use the company as a personal platform." "We have a duty to be an objective and trusted provider of information that serves all of our users globally," Pichai continued. "When we come to work, our goal is to organize the world's information and make it universally accessible and useful. That supersedes everything else and I expect us to act with a focus that reflects that." The sit-in protest was staged against Google's involvement in Project Nimbus, a $1.2 billion cloud contract with the Israeli government. During the nearly 10-hour protest, employees wore "Googler against genocide" T-shirts and occupied the office of Google Cloud CEO Thomas Kurian.

The report notes how tech companies, "previously famed for their progressive culture where nap pods and abortion benefits were welcome," are increasingly restricting political discussions to avoid internal conflict. Pichai notes in his memo that Google has previously enjoyed "a culture of vibrant, open discussion that enables us to create amazing products and turn great ideas into action."

India's capital territory of Delhi is keen to use artificial rain to fight air pollution this year, its Environment Minister Gopal Rai said on Tuesday, as deteriorating air quality in the region led to an increase in respiratory illnesses. From a report: Large swathes of north India battle pollution each winter as cold air traps dust, vehicle emissions and smoke from farm fires in the breadbasket states of Punjab and Haryana, shrouding the national capital and its suburbs in a toxic haze. Cloud-seeding - the method of triggering rain by seeding clouds with salts - was considered to curb pollution in 2023 too but the plan did not materialise due to unfavourable weather conditions.

"I appeal to the federal environment minister...now in Delhi and north India, the pollution has reached the border of 400," Rai told reporters, referring to the air quality index (AQI) score on Tuesday. "The next 10 days are quite crucial...help us get permission for artificial rain, call a meeting," he said. About a third of Delhi's 39 monitoring stations showed a severe AQI score of more than 400 on Tuesday, a level which affects healthy people but is more serious for those fighting disease. An air quality score of zero to 50 is considered good.

Ars Technica's Samuel Axon reports on Microsoft's quarterly earnings: Some investors have been uneasy about the company's aggressive spending on AI, while others have demanded it. During this quarter, Microsoft reported that it spent $20 billion on capital expenditures, nearly double what it had spent during the same quarter last year. However, the company satisfied both groups of investors, as it revealed it has still been doing well in the short term amid those long-term investments. The fiscal quarter, which covered July through September, saw overall sales rise 16 percent year over year to $65.6 billion. Despite all that AI spending, profits were up 11 percent, too. The growth was largely driven by Azure and cloud services, which saw a 33 percent increase in revenue. The company attributed 12 percent of that to AI-related products and services.

Meanwhile, Microsoft's gaming division continued to challenge long-standing assumptions that hardware is king, with Xbox content and services posting 61 percent increased year-over-year revenue despite a 29 percent drop in hardware sales. [...] The company attributed 53 points of that to the recent $69 billion Activision acquisition.

An anonymous reader quotes a report from The Intercept: Less than a year after OpenAI quietly signaled it wanted to do business with the Pentagon, a procurement document obtained by The Intercept shows U.S. Africa Command, or AFRICOM, believes access to OpenAI's technology is "essential" for its mission. The September 30 document lays out AFRICOM's rationale for buying cloud computing services directly from Microsoft as part of its $9 billion Joint Warfighting Cloud Capability contract, rather than seeking another provider on the open market. "The USAFRICOM operates in a dynamic and evolving environment where IT plays a critical role in achieving mission objectives," the document reads, including "its vital mission in support of our African Mission Partners [and] USAFRICOM joint exercises."

The document, labeled Controlled Unclassified Information, is marked as FEDCON, indicating it is not meant to be distributed beyond government or contractors. It shows AFRICOM's request was approved by the Defense Information Systems Agency. While the price of the purchase is redacted, the approval document notes its value is less than $15 million. Like the rest of the Department of Defense, AFRICOM -- which oversees the Pentagon's operations across Africa, including local military cooperation with U.S. allies there -- has an increasing appetite for cloud computing. The Defense Department already purchases cloud computing access from Microsoft via the Joint Warfighting Cloud Capability project. This new document reflects AFRICOM's desire to bypass contracting red tape and buy immediatelyMicrosoft Azure cloud services, including OpenAI software, without considering other vendors. AFRICOM states that the "ability to support advanced AI/ML workloads is crucial. This includes services for search, natural language processing, [machine learning], and unified analytics for data processing." And according to AFRICOM, Microsoft's Azure cloud platform, which includes a suite of tools provided by OpenAI, is the only cloud provider capable of meeting its needs.

Microsoft began selling OpenAI's GPT-4 large language model to defense customers in June 2023. Earlier this year, following the revelation that OpenAI had changed its mind on military work, the company announced a cybersecurity collaboration with DARPA in January and said its tools would be used for an unspecified veteran suicide prevention initiative. In April, Microsoft pitched the Pentagon on using DALL-E, OpenAI's image generation tool, for command and control software. But the AFRICOM document marks the first confirmed purchase of OpenAI's products by a U.S. combatant command whose mission is one of killing. OpenAI's stated corporate mission remains "to ensure that artificial general intelligence benefits all of humanity." The AFRICOM document marks the first confirmed purchase of OpenAI's products by a U.S. combatant command whose mission is one of killing. "Without access to Microsoft's integrated suite of AI tools and services, USAFRICOM would face significant challenges in analyzing and extracting actionable insights from vast amounts of data," reads the AFRICOM document. "This could lead to delays in decision-making, compromised situational awareness, and decreased agility in responding to dynamic and evolving threats across the African continent." The document contains little information about how exactly the OpenAI tools will be used.

Dropbox is letting go 20% of its workforce as the cloud company undergoes what CEO Drew Houston calls a "transitional period." From a report: In a letter to staff, Houston said that the reduction in headcount would impact 528 people. The goal, he added, was to make cuts in areas where Dropbox has "over-invested" while designing a "flatter, more efficient" team structure.

"As CEO, I take full responsibility for this decision and the circumstances that led to it, and I'm truly sorry to those impacted by this change," he wrote. "This market is moving fast and investors are pouring hundreds of millions of dollars into this space. This both validates the opportunity we've been pursuing and underscores the need for even more urgency, even more aggressive investment, and decisive action." According to a filing with the SEC, Dropbox estimates it'll lay out total cash expenditures of $63 million to $68 million on the layoffs, primarily in the form of severance and benefits, and recognize $47 million to $52 million of incremental expense.

Google has integrated AI deeply across its operations, with over 25% of its new code generated by AI. CEO Sundar Pichai announced the milestone during the company's third quarter 2024 earnings call. The Verge reports: AI is helping Google make money as well. Alphabet reported $88.3 billion in revenue for the quarter, with Google Services (which includes Search) revenue of $76.5 billion, up 13 percent year-over-year, and Google Cloud (which includes its AI infrastructure products for other companies) revenue of $11.4 billion, up 35 percent year-over-year. Operating incomes were also strong. Google Services hit $30.9 billion, up from $23.9 billion last year, and Google Cloud hit $1.95 billion, significantly up from last year's $270 million. "In Search, our new AI features are expanding what people can search for and how they search for it," CEO Sundar Pichai says in a statement. "In Cloud, our AI solutions are helping drive deeper product adoption with existing customers, attract new customers and win larger deals. And YouTube's total ads and subscription revenues surpassed $50 billion over the past four quarters for the first time."

Microsoft took the unusual step on Monday of publicly criticizing longtime rival Google for running "shadow campaigns" in Europe designed to discredit the software giant with regulators. CNBC: Microsoft lawyer Rima Alaily wrote in a blog post that Google hired a firm to recruit European cloud companies to represent the search company's case. "This week an astroturf group organized by Google is launching," Microsoft lawyer Rima Alaily wrote in a blog post. "It is designed to discredit Microsoft with competition authorities, and policymakers and mislead the public. Google has gone through great lengths to obfuscate its involvement, funding, and control, most notably by recruiting a handful of European cloud providers, to serve as the public face of the new organization."

The conflict represents a fresh battle between two companies that do battle in cloud infrastructure as well as online advertising and productivity software. The latest chapter surfaces as Google faces heightened regulatory pressure in Europe and in the U.S., where it's in the midst of its second antitrust trial against the Justice Department. Alaily suggested in Monday's post that Google hired advisory firm DGA Group to set up the Open Cloud Coalition. One company that opted not to participate in the group told Microsoft that the coalition would receive financial backing from Google and criticize Microsoft's practices in Europe, Alaily wrote.

SC World reports: Several major end-to-end encrypted cloud storage services contain cryptographic flaws that could lead to loss of confidentiality, file tampering, file injection and more, researchers from ETH Zurich said in a paper published this month.

The five cloud services studied offer end-to-end encryption (E2EE), intended to ensure files can not be read or edited by anyone other than the uploader, meaning not even the cloud storage provider can access the files. However, ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong, who presented their findings at the ACM Conference on Computer and Communications Security (CCS) last week, found serious flaws in four out of the five services that could effectively bypass the security benefits provided by E2EE by enabling an attacker who managed to compromise a cloud server to access, tamper with or inject files.

The E2EE cloud storage services studied were Sync, pCloud, Seafile, Icedrive and Tresorit, which have a collective total of about 22 million users. Tresorit had the fewest vulnerabilities, which could enable some metadata tampering and use of non-authentic keys when sharing files. The other four services were found to have more severe flaws posing a greater risk to file confidentiality and integrity.
BleepingComputer reports that Sync is "fast-tracking fixes," while Seafile "promised to patch the protocol downgrade problem on a future upgrade." And SC World does note that all 10 of the tested exploits "would require the attacker to have already gained control of a server with the ability to read, modify and inject data.

"The authors wrote that they consider this to be a realistic threat model for E2EE services, as these services are meant to protect files even if such a compromise was to occur."

Thanks to Slashdot reader spatwei for sharing the article.

An anonymous reader quotes a report from TechCrunch: Ahead of the debut of Apple's private AI cloud next week, dubbed Private Cloud Compute, the technology giant says it will pay security researchers up to $1 million to find vulnerabilities that can compromise the security of its private AI cloud. In a post on Apple's security blog, the company said it would pay up to the maximum $1 million bounty to anyone who reports exploits capable of remotely running malicious code on its Private Cloud Compute servers. Apple said it would also award researchers up to $250,000 for privately reporting exploits capable of extracting users' sensitive information or the prompts that customers submit to the company's private cloud.

Apple said it would "consider any security issue that has a significant impact" outside of a published category, including up to $150,000 for exploits capable of accessing sensitive user information from a privileged network position. "We award maximum amounts for vulnerabilities that compromise user data and inference request data outside the [private cloud compute] trust boundary," Apple said. You can learn more about Apple's Private Cloud Computer service in their blog post. Its source code and documentation is available here.

Former Nvidia engineer Luke Durant, working with the Great Internet Mersenne Prime Search (GIMPS), recently discovered the largest known prime number: (2^136,279,841)-1 or M136279841 (where the number following the letter M represents the exponent). The achievement was detailed on Mersenne.org. Tom's Hardware reports: This is the largest prime number we've seen so far, with the last one, M82589933, being discovered six years prior. What makes this discovery particularly fascinating is that this is the first GIMPS discovery that used the power of data center GPUs. Mihai Preda was the first one to harness GPU muscle in 2017, says the GIMPS website, when he "wrote the GpuOwl program to test Mersenne numbers for primarilty, making his software available to all GIMPS users." When Luke joined GIMPS in 2023, they built the infrastructure needed to deploy Preda's software across several GPU servers available in the cloud.

While it took a year of testing, Luke's efforts finally bore fruit when an A100 GPU in Dublin, Ireland gave the M136279841 result last October 11. This was then corroborated by an Nvidia H100 located in San Antonio, Texas, which confirmed its primality with the Lucas-Lehmer test.

Anthropic has released an upgraded version of its AI model Claude 3.5 Sonnet and announced a new model, Claude 3.5 Haiku, alongside a public beta feature enabling AI to operate computers like humans. The enhanced Sonnet model improved its coding capabilities, scoring 49% on the SWEbench Verified benchmark, surpassing OpenAI and other competitors. The Haiku model matches the performance of Anthropic's previous flagship Claude 3 Opus while maintaining lower costs and faster speeds.

The computer use feature, available through Anthropic's API and cloud partners, allows Claude to perform tasks like navigating web browsers, filling forms, and manipulating data. Early adopters include Asana, DoorDash, and Replit, though Anthropic -- backed by investors including Google and Amazon -- acknowledges the feature remains experimental and error-prone. Claude 3.5 Haiku will launch later this month, initially supporting text-only inputs with image capabilities to follow.

An anonymous reader quotes a report from Ars Technica: 37Signals is not a company that makes its policy or management decisions quietly. The productivity software company was an avowedly Mac-centric shop until Apple's move to kill home screen web apps (or Progressive Web Apps, or PWAs) led the firm and its very-public-facing co-founder, David Heinemeier Hansson, to declare a "Return to Windows," followed by a stew of Windows/Mac/Linux. The company waged a public battle with Apple over its App Store subscription policies, and the resulting outcry helped nudge Apple a bit. 37Signals has maintained an active blog for years, its co-founders and employees have written numerous business advice books, and its blog and social media posts regularly hit the front pages of Hacker News.

So when 37Signals decided to pull its seven cloud-based apps off Amazon Web Services in the fall of 2022, it didn't do so quietly or without details. Back then, Hansson described his firm as paying "an at times almost absurd premium" for defense against "wild swings or towering peaks in usage." In early 2023, Hansson wrote that 37Signals expected to save $7 million over five years by buying more than $600,000 worth of Dell server gear and hosting its own apps.

Late last week, Hansson had an update: it's more like $10 million (and, he told the BBC, more like $800,000 in gear). By squeezing more hardware into existing racks and power allowances, estimating seven years' life for that hardware, and eventually transferring its 10 petabytes of S3 storage into a dual-DC Pure Storage flash array, 37Signals expects to save money, run faster, and have more storage available. "The motto of the 2010s and early 2020s -- all-cloud, everything, all the time -- seems to finally have peaked," Hansson writes. "And thank heavens for that!" He adds the caveat that companies with "enormous fluctuations in load," and those in early or uncertain stages, still have a place in the cloud.

Though Sam Altman once called OpenAI's partnership with Microsoft "the best bromance in tech," now "ties between the companies have started to fray" reports the New York Times — citing interviews with 19 people "familiar with the relationship". [Alternate URL here.]

Among other things, Satya Nadella "has said privately that Altman's firing in November shocked and concerned him, according to five people with knowledge of his comments. Since then, Microsoft has started to hedge its bet on OpenAI," and reconsidered new investments beyond its initial $13 billion — even as OpenAI expects to lose $5 billion this year That tension demonstrates a key challenge for AI startups: They are dependent on the world's tech giants for money and computing power because those big companies control the massive cloud computing systems the small outfits need to develop AI... Over the past year, OpenAI has been trying to renegotiate the deal to help it secure more computing power and reduce crushing expenses while Microsoft executives have grown concerned that their AI work is too dependent on OpenAI... [I]n March, Microsoft paid at least $650 million to hire most of the staff from Inflection, an OpenAI competitor...

In June, Microsoft agreed to an exception in [OpenAI's] contract, six people with knowledge of the change said. That allowed OpenAI to sign a roughly $10 billion computing deal with Oracle for additional computing resources, according to two people familiar with the deal. Oracle is providing computers packed with chips suited to building AI, while Microsoft provides the software that drives the hardware... While it was looking for computer power alternatives, OpenAI also raced to broaden its investors, according to two people familiar with the company's plan. Part of the plan was to secure strategic investments from organizations that could bolster OpenAI's prospects in ways beyond throwing around money. Those organizations included Apple, chipmaker Nvidia, and MGX, a tech investment firm controlled by the United Arab Emirates... Earlier this month, OpenAI closed a $6.6 billion funding round led by Thrive Capital, with additional participation from Nvidia, MGX and others. Apple did not invest, but Microsoft also participated in the funding round.

OpenAI expected to spend at least $5.4 billion in computing costs through the end of 2024, according to documents reviewed by The New York Times. That amount was expected to skyrocket over the next five years as OpenAI expanded, soaring to an estimated $37.5 billion in annual computing costs by 2029, the documents showed... Still, OpenAI employees complain that Microsoft is not providing enough computing power, according to three people familiar with the relationship. And some have complained that if another company beat it to the creation of AI that matches the human brain, Microsoft will be to blame because it hasn't given OpenAI the computing power it needs, according to two people familiar with the complaints.

Oddly, that could be the key to getting out from under its contract with Microsoft. The contract contains a clause that says that if OpenAI builds artificial general intelligence, or AGI — roughly speaking, a machine that matches the power of the human brain — Microsoft loses access to OpenAI's technologies.

A principal security software engineer at Microsoft described how they use their Azure cloud platform "to hunt phishers at scale," in a talk at the information security conference BSides Exeter.

Calling himself Microsoft's "Head of Deception." Ross Bevington described how they'd created a "hybrid high interaction honeypot" on the now retired code.microsoft.com "to collect threat intelligence on actors ranging from both less skilled cybercriminals to nation state groups targeting Microsoft infrastructure," according to a report by BleepingComputer: With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity... Bevington and his team fight phishing by leveraging deception techniques using entire Microsoft tenant environments as honeypots with custom domain names, thousands of user accounts, and activity like internal communications and file-sharing...

In his BSides Exeter presentation, the researcher says that the active approach consists in visiting active phishing sites identified by Defender and typing in the credentials from the honeypot tenants. Since the credentials are not protected by two-factor authentication and the tenants are populated with realistic-looking information, attackers have an easy way in and start wasting time looking for signs of a trap. Microsoft says it monitors roughly 25,000 phishing sites every day, feeding about 20% of them with the honeypot credentials; the rest are blocked by CAPTCHA or other anti-bot mechanisms.

Once the attackers log into the fake tenants, which happens in 5% of the cases, it turns on detailed logging to track every action they take, thus learning the threat actors' tactics, techniques, and procedures. Intelligence collected includes IP addresses, browsers, location, behavioral patterns, whether they use VPNs or VPSs, and what phishing kits they rely on... The deception technology currently wastes an attacker 30 days before they realize they breached a fake environment. All along, Microsoft collects actionable data that can be used by other security teams to create more complex profiles and better defenses.

MIT engineers have built a solar-powered desalination system that "ramps up its desalting process and automatically adjusts to any sudden variation in sunlight, for example by dialing down in response to a passing cloud or revving up as the skies clear."

While traditional reverse osmosis systems typically require steady power levels, "the MIT system requires no extra batteries for energy storage, nor a supplemental power supply, such as from the grid." And their results were pretty impressive: The engineers tested a community-scale prototype on groundwater wells in New Mexico over six months, working in variable weather conditions and water types. The system harnessed on average over 94 percent of the electrical energy generated from the system's solar panels to produce up to 5,000 liters of water per day despite large swings in weather and available sunlight... "Being able to make drinking water with renewables, without requiring battery storage, is a massive grand challenge," says Amos Winter, the Germeshausen Professor of Mechanical Engineering and director of the K. Lisa Yang Global Engineering and Research Center at MIT. "And we've done it."

The system is geared toward desalinating brackish groundwater — a salty source of water that is found in underground reservoirs and is more prevalent than fresh groundwater resources. The researchers see brackish groundwater as a huge untapped source of potential drinking water, particularly as reserves of fresh water are stressed in parts of the world. They envision that the new renewable, battery-free system could provide much-needed drinking water at low costs, especially for inland communities where access to seawater and grid power are limited...

The researchers' report details the new system in a paper appearing in Nature Water. The study's co-authors are Bessette, Winter, and staff engineer Shane Pratt... "Our focus now is on testing, maximizing reliability, and building out a product line that can provide desalinated water using renewables to multiple markets around the world," Pratt adds. The team will be launching a company based on their technology in the coming months.

This research was supported in part by the National Science Foundation, the Julia Burke Foundation, and the MIT Morningside Academy of Design. This work was additionally supported in-kind by Veolia Water Technologies and Solutions and Xylem Goulds.
Thanks to long-time Slashdot reader schwit1 for sharing the news.

"Six years after the Spectre transient execution processor design flaws were disclosed, efforts to patch the problem continue to fall short," writes the Register: Johannes Wikner and Kaveh Razavi of Swiss University ETH Zurich on Friday published details about a cross-process Spectre attack that derandomizes Address Space Layout Randomization and leaks the hash of the root password from the Set User ID (suid) process on recent Intel processors. The researchers claim they successfully conducted such an attack.... [Read their upcomong paper here.] The indirect branch predictor barrier (IBPB) was intended as a defense against Spectre v2 (CVE-2017-5715) attacks on x86 Intel and AMD chips. IBPB is designed to prevent forwarding of previously learned indirect branch target predictions for speculative execution. Evidently, the barrier wasn't implemented properly.

"We found a microcode bug in the recent Intel microarchitectures — like Golden Cove and Raptor Cove, found in the 12th, 13th and 14th generations of Intel Core processors, and the 5th and 6th generations of Xeon processors — which retains branch predictions such that they may still be used after IBPB should have invalidated them," explained Wikner. "Such post-barrier speculation allows an attacker to bypass security boundaries imposed by process contexts and virtual machines." Wikner and Razavi also managed to leak arbitrary kernel memory from an unprivileged process on AMD silicon built with its Zen 2 architecture.

Videos of the Intel and AMD attacks have been posted, with all the cinematic dynamism one might expect from command line interaction.

Intel chips — including Intel Core 12th, 13th, and 14th generation and Xeon 5th and 6th — may be vulnerable. On AMD Zen 1(+) and Zen 2 hardware, the issue potentially affects Linux users. The relevant details were disclosed in June 2024, but Intel and AMD found the problem independently. Intel fixed the issue in a microcode patch (INTEL-SA-00982) released in March, 2024. Nonetheless, some Intel hardware may not have received that microcode update. In their technical summary, Wikner and Razavi observe: "This microcode update was, however, not available in Ubuntu repositories at the time of writing this paper." It appears Ubuntu has subsequently dealt with the issue.

AMD issued its own advisory in November 2022, in security bulletin AMD-SB-1040. The firm notes that hypervisor and/or operating system vendors have work to do on their own mitigations. "Because AMD's issue was previously known and tracked under AMD-SB-1040, AMD considers the issue a software bug," the researchers explain. "We are currently working with the Linux kernel maintainers to merge our proposed software patch."
BleepingComputer adds that the ETH Zurich team "is working with Linux kernel maintainers to develop a patch for AMD processors, which will be available here when ready."

Microsoft has notified customers that it's missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. From a report: According to a notification sent to affected customers, Microsoft said that "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform" between September 2 and September 19.

The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.