An anonymous reader shares a report: The Cloud Native Computing Foundation has returned to Shanghai for the city's first Kubecon since the pandemic. During a keynote that switched languages several times, demonstrating the challenges faced by both AI and human translators in keeping up, Jim Zemlin, executive director of the Linux Foundation, threw out several crowd-pleasing statistics while also highlighting some projects likely to make one or two companies squirm a little. On the statistics front, Zemlin joked that the Linux Foundation was likely the largest software company in the world, noting that if one took an average software developer's salary -- he put the worldwide mean as being $40,000 -- and multiplied it by the number of developers contributing to the foundation, the payroll would come to around $26 billion -- more than Microsoft's $24 billion R&D payroll.

The statistic was somewhat tongue in cheek as Zemlin pointed out that none of the developers working on Linux Foundation projects actually work for the Linux Foundation. However, the sheer quantity of engineers involved highlighted another issue noted by Zemlin: the "paradox of choice" when selecting the correct open source project for a given purpose when the number on offer reaches the hundreds, thousands, and beyond. Reflecting the increasing maturity of some elements of the open source world, he also emphasized the opportunities for companies to increase revenues and profits through the use of open source. WeChat, Alibaba, and Huawei all received nods -- unsurprising considering the location -- as Zemlin noted a virtuous circle whereby improvements go back into projects, meaning better profits, meaning more improvements, and so on. It all sounded very utopian, although darkening clouds were signaled by the addition of OpenTofu to the list of projects Zemlin was keen to boast about, including open source efforts around large language models.

The next-generation of Meta Quest hardware is here, and Meta announced a bunch of software news alongside the Quest 3 VR headset hardware reveal at its Connect conference. One such announcement was the debut of Microsoft's Xbox Cloud Gaming service on Meta Quest 3, which is actually a huge boon for fans of the Facebook owner's mixed reality gear. From a report: The Xbox Cloud Gaming implementation in Quest resembles a lot of how Apple showed its own vision for mixed reality with the Vision Pro headset: It's primarily a virtual screen that can float in either a virtual or mixed reality space, which appears to be reposition-able and resizable, but which basically works exactly as you'd expect an Xbox game to work with a large TV. This is a key acknowledgement on the part of Meta that while immersive, native gaming is undoubtedly a draw for users, so too is a more traditional gaming experience that basically just benefits from taking place in your own private face-mounted theater.

The Philips Hue ecosystem of home automation devices is "collapsing into stupidity," writes Rachel Kroll, veteran sysadmin and former production engineer at Facebook. "Unfortunately, the idiot C-suite phenomenon has happened here too, and they have been slowly walking down the road to full-on enshittification." From her blog post: I figured something was up a few years ago when their iOS app would block entry until you pushed an upgrade to the hub box. That kind of behavior would never fly with any product team that gives a damn about their users -- want to control something, so you start up the app? Forget it, we are making you placate us first! How is that user-focused, you ask? It isn't.

Their latest round of stupidity pops up a new EULA and forces you to take it or, again, you can't access your stuff. But that's just more unenforceable garbage, so who cares, right? Well, it's getting worse.

It seems they are planning on dropping an update which will force you to log in. Yep, no longer will your stuff Just Work across the local network. Now it will have yet another garbage "cloud" "integration" involved, and they certainly will find a way to make things suck even worse for you. If you have just the lights and smart outlets, Kroll recommends deleting the units from the Hue Hub and adding them to an IKEA Dirigera hub. "It'll run them just fine, and will also export them to HomeKit so that much will keep working as well." That said, it's not a perfect solution. You will lose motion sensor data, the light level, the temperature of that room, and the ability to set custom behaviors with those buttons.

"Also, there's no guarantee that IKEA won't hop on the train to sketchville and start screwing over their users as well," adds Kroll.

What has your experience been with the Philips Hue ecosystem? Do you have any alternatives you recommend?

Microsoft's push to put artificial intelligence into its software has hinged almost entirely on OpenAI, the startup Microsoft funded in exchange for the right to use its cutting-edge technology. But as the costs of running advanced AI models rise, Microsoft researchers and product teams are working on a plan B. The Information: In recent weeks, Peter Lee, who oversees Microsoft's 1,500 researchers, directed many of them to develop conversational AI that may not perform as well as OpenAI's but that is smaller in size and costs far less to operate, according to a current employee and another person who recently left the company. Microsoft's product teams are already working on incorporating some of that Microsoft-made AI software, powered by large language models, in existing products, such as a chatbot within Bing search that is similar to OpenAI's ChatGPT, these people said.

[...] Microsoft's research group doesn't have illusions about developing a large AI like GPT-4. The team doesn't have the same computing resources as OpenAI, nor does it have armies of human reviewers to give feedback about how well their LLMs answer questions so engineers can improve them. Undeniably, OpenAI and other developers -- including Google and Anthropic, which on Monday received $4 billion from Amazon Web Services -- are firmly ahead of Microsoft when it comes to developing advanced LLMs. But Microsoft may be able to compete in a race to build AI models that mimic the quality of OpenAI software at a fraction of the cost, as Microsoft showed in June with the release of one in-house model it calls Orca.

The White House is considering requiring cloud computing firms to report some information about their customers to the U.S. government, Semafor reported Friday, citing people familiar with an upcoming executive order on AI. From the report: The provision would direct the Commerce Department to write rules forcing cloud companies like Microsoft, Google, and Amazon to disclose when a customer purchases computing resources beyond a certain threshold. The order hasn't been finalized and specifics of it could still change. Similar "know-your-customer" policies already exist in the banking sector to prevent money laundering and other illegal activities, such as the law mandating firms to report cash transactions exceeding $10,000.

In this case, the rules are intended to create a system that would allow the U.S. government to identify potential AI threats ahead of time, particularly those coming from entities in foreign countries. If a company in the Middle East began building a powerful large language model using Amazon Web Services, for example, the reporting requirement would theoretically give American authorities an early warning about it. The policy proposal represents a potential step toward treating computing power -- or the technical capacity AI systems need to perform tasks -- like a national resource. Mining Bitcoin, developing video games, and running AI models like ChatGPT all require large amounts of compute.

Brazilian engineer Luiz Andre Barroso, who ripped up the rulebook at Google, has died. His radical ideas for data centers laid the foundations for cloud computing. Wired: Luiz Andre Barroso had never designed a data center before Google asked him to do it in the early 2000s. By the time he finished his first, he had overturned many conventions of the computing industry, laying the foundations for Silicon Valley's development of cloud computing.

Barroso, a 22-year veteran of Google who unexpectedly died on September 16 at age 59, built his data centers with low-cost components instead of expensive specialized hardware. He reimagined how they worked together to develop the concept of "the data center as a computer," which now underpins the web, mobile apps, and other internet services.

Jen Fitzpatrick, senior vice president of Google's infrastructure organization, says Barroso left an indelible imprint at the company whose contributions to the industry are countless. "We lost a beloved friend, colleague and respected leader," she writes in a statement on behalf of the company.

An anonymous reader quotes a report from TechCrunch: When HashiCorp announced it was changing its Terraform license in August, it set off a firestorm in the open source community, and actually represented an existential threat to startups that were built on top of the popular open source project. The community went into action and within weeks they had written a manifesto, and soon after that launched an official fork called OpenTF. Today, that group went a step further when the Linux Foundation announced OpenTofu, the official name for the Terraform fork, which will live forever under the auspices of the foundation as an open source project. At the same time, the project announced it would be applying for entry into the Cloud Native Computing Foundation (CNCF).

"OpenTofu is an open and community-driven response to Terraform's recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business Source License v1.1 providing everyone with a reliable, open source alternative under a neutral governance model," the foundation said in a statement. The name is deliberately playful says Yevgeniy (Jim) Brikman from the OpenTofu founding team, who is also co-founder of Gruntwork. "I'm glad your reaction was to laugh. That's a good thing. We're trying to keep things a little more humorous," Brikman told TechCrunch, but the group is dead serious when it comes to building an open fork. [...]

"The first thing was to get an alpha release out there. So you can go to the OpenTofu website and download OpenTofu and start using it and trying it out," he said. "Then the next thing is a stable release. That's coming in the very near future, but there's work to do. Once you have a stable release, people can start using it. Then we can start growing adoption, and once we start growing adoption, some of the big players will start stepping in when some of the big players start stepping in other big players will start stepping in as well."

At the Open Source Summit Europe in Bilbao, Spain, the Linux Foundation this week announced the launch of the Unified Acceleration (UXL) Foundation. The group's mission is to deliver "an open standard accelerator programming model that simplifies development of performant, cross-platform applications." From a report: The foundation's founding members include the likes of Arm, Fujitsu, Google Cloud, Imagination Technologies, Intel, Qualcomm and Samsung. The company most conspicuously missing from this list is Nvidia, which offers its own CUDA programming model for working with its GPUs. At its core, this new foundation is an evolution of the oneAPI initiative, which is also aimed to create a new programming model to make it easier for developers to support a wide range of accelerators, no matter whether they are GPUs, FPGAs or other specialized accelerators. Like with the oneAPI spec, the aim of the new foundation is to ensure that developers can make use of these technologies without having to delve deep into the specifics of the underlying accelerators and the infrastructure they run on.

An anonymous reader quotes a report from the Associated Press: The International Criminal Court said Tuesday that it detected "anomalous activity affecting its information systems" last week and took urgent measures to respond. It didn't elaborate on what it called a "cybersecurity incident." Court spokesman Fadi El Abdallah said in a written statement that extra "response and security measures are now ongoing" with the assistance of authorities in the Netherlands, where the court is based. "Looking forward, the Court will be building on existing work presently underway to strengthen its cyber security framework, including accelerating its use of cloud technology," his statement added. The court declined to go into any more detail about the incident, but said that as it "continues to analyze and mitigate the impact of this incident, priority is also being given to ensuring that the core work of the Court continues."

Microsoft is planning to refresh its Xbox Series X console in 2024 with an all-new design and features. The Verge reports: Codenamed Brooklin, the unannounced console refresh has been accidentally revealed in new FTC v. Microsoft documents this week. The new Xbox Series X design looks a lot more cylindrical than the existing console and will ship without a disc drive. Internal confidential Microsoft documents reveal it has 2TB of storage (up from 1TB), a USB-C front port with power delivery, and an "all-new, more immersive controller."

The new controller, codenamed Sebile, is set to be announced early next year for $69.99 and will include an accelerometer which should let you merely lift it to wake the gamepad. It has a two-tone color scheme and will support a direct connection to cloud, Bluetooth 5.2, and a presumably updated âoeXbox Wireless 2â connection. Microsoft also lists "precision haptic feedback" and "VCA haptics double as speakers" as specs for the controller. It will also have quieter buttons and thumbsticks, a rechargeable and swappable battery, and modular thumbsticks.

Inside the new Xbox Series X design, Microsoft is also adding Wi-Fi 6E support, a Bluetooth 5.2 radio, and the company is shrinking the existing die to 6nm "for improve efficiency." The PSU power will be reduced by 15 percent, according to Microsoft's document. Microsoft is targeting the same $499 launch price of the Xbox Series X. Microsoft lists a roadmap for this new Xbox Series X console and controller, alongside a refreshed Xbox Series S with 1TB of storage. Microsoft just launched a refreshed Xbox Series S in black, but there could be another refresh on the way in 2024 with Wi-Fi 6E support and Bluetooth 5.2. It will also include this new Xbox controller. [...] Microsoft is tentatively planning to launch this new Xbox Series S refresh next September, with the Xbox Series X refresh in November.

Intel Chief Executive Officer Pat Gelsinger, plotting a comeback for the once-dominant chipmaker, made the case that the company's technology will be vital to an industrywide boom in artificial intelligence computing. From a report: Speaking at Intel's annual Innovation conference, Gelsinger pointed to advances that his company is making in production technology and software developer tools for AI. The opportunity will only grow as more artificial intelligence capabilities are powered by personal computers, he said. "AI represents a generational shift, giving rise to a new era of global expansion where computing is even more foundational to a better future for all," Gelsinger said.

"For developers, this creates massive societal and business opportunities to push the boundaries of what's possible, to create solutions to the world's biggest challenges." Gelsinger is trying to fire up interest in Intel's technology and return to an era when its annual conferences offered a road map for the whole computing industry. He argues that artificial intelligence use won't be confined to the data centers of giant cloud providers, which rely heavily on chips from Nvidia. Instead, it will fan out into new areas, including the now-moribund PC market.

The documents in the FTC v. Microsoft case also reveal Microsoft's far future plans for 2028 -- by which the company believed it could achieve "full convergence" of its cloud gaming platform and physical hardware to deliver "cloud hybrid games." From a report: "Our vision: develop a next generation hybrid game platform capable of leveraging the combined power of the client and cloud to deliver deeper immersion and entirely new classes of game experiences." Those are the words on just one slide from a leaked presentation dubbed "The Next Generation of Gaming at Microsoft," which appears to be a May 2022 pitch document entirely around this idea. The company imagined you playing these games using the combined power of a sub-$99 gadget -- possibly a handheld -- and its xCloud platform simultaneously.

David Heinemeier Hansson, CTO of SaaS project management outfit 37Signals, has posted an update on the cloud repatriation project he's led, writing that it's already saved the company $1 million. The Register: Hansson has previously revealed that his company spent $3.2 million a year on cloud computing, most of it at Amazon Web Services. His repatriation plan called for the company to spend $600,000 on eight meaty servers that each pack 256 virtual CPUs, and have them hosted at an outfit called Deft. That plan was projected to save $7 million over five years. In his Saturday post, Hansson wrote he now thinks he can find $10 million of savings in the same period.

"Our cloud spend is down by 60 percent already... from around $180,000/month to less than $80,000," he wrote, qualifying that the number excludes the cost of Amazon Web Services's Simple Storage Service. "That's a cool million dollars in savings at the yearly run rate, and we have another big drop coming in September, before the remaining spend will petter out through the rest of the year," he added. The CTO revealed that the 37 Signals ops team remains the same size even though it now tends its own hardware, which cost "about half a million dollars."

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. From a report: In research shared with TechCrunch, cloud security startup Wiz said it discovered a GitHub repository belonging to Microsoft's AI research division as part of its ongoing work into the accidental exposure of cloud-hosted data. Readers of the GitHub repository, which provided open source code and AI models for image recognition, were instructed to download the models from an Azure Storage URL. However, Wiz found that this URL was configured to grant permissions on the entire storage account, exposing additional private data by mistake. This data included 38 terabytes of sensitive information, including the personal backups of two Microsoft employees' personal computers. The data also contained other sensitive personal data, including passwords to Microsoft services, secret keys and more than 30,000 internal Microsoft Teams messages from hundreds of Microsoft employees.

The cloud-based system the Air Force is co-developing with Canada to enable instantaneous combat data-sharing is just about ready for prime time, although the looming threat of a budget gap may slow its global deployment. The Drive reports: Cloud-based command-and-control (CBC2), a pillar of the service's Advanced Battle Management System (ABMS), will hit initial operating capability roughly on schedule next month, Brig. Gen. Luke Cropsey, integrating program officer for Command, Control, Communications and Battle Management, told The War Zone and other outlets this week at the Air, Space, and Cyber conference near Washington, D.C. It's headed to three unspecified base locations within the first half of 2024, Cropsey said, with others to follow at "more scale" as what's anticipated to be a five-year rollout plan gets underway. [...] CBC2 is designed to replace the hardware-based Battle Control System-Fixed, which provides command-and-control for Canada and the U.S., including Alaska and Hawaii. Officially made a program in 2022, CBC2 is "a set of microservice applications," according to an Air Force release, that can take in more than 750 radar feeds and deliver them to a single user interface. "The system then allows operators to create machine-generated courses of action to help shorten the tactical C2 kill chain and send a desired effect via machine-to-machine connections," the release adds.

In addition to delivering data faster and streamlining communication, CBC2 will build in new artificial intelligence elements. A January Government Accountability Office report states that it will build upon Pathfinder, an AI-empowered prototype that ingests "data that would in the past have been ... left on the cutting room floor," as North American Aerospace Defense Command chief Gen. Glen VanHerck put it in remarks reported by C4ISRNet. A September 2020 paper (PDF) from the Canada Institute described Pathfinder as "giving new life to old sensors" for NORAD's defense. "In a recent demonstration," the paper stated, "The Pathfinder system was tied to Federal Aviation Administration radars, and without any modification to the radars themselves, consistently demonstrated an ability to effectively detect and track very small unmanned aircraft, previously thought to be beyond the capability of the system."

According to The Information, Google is nearing the release of Gemini, its conversational artificial intelligence software intended to compete with OpenAI's GPT-4 model. Reuters reports: For Google, the stakes of Gemini's launch are high. Google has intensified investments in generative AI this year as it plays catch-up after Microsoft-backed OpenAI's launch of ChatGPT last year took the tech world by storm. Gemini is a collection of large-language models that power everything from chatbots to features that either summarize text or generate original text based on what users want to read like email drafts, music lyrics, or news stories, the report said. It is also expected to help software engineers write code and generate original images based on what users ask to see.

Google is currently giving developers access to a relatively large version of Gemini, but not the largest version it is developing which would be more on par with GPT-4, the report said. The search and advertising giant plans to make Gemini available to companies through its Google Cloud Vertex AI service.

An anonymous reader quotes a report from Ars Technica: A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday. The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.

After accessing an IP address for the malicious domain, the backdoor launched a reverse shell that allowed the attackers to remotely control the infected device. Researchers from Kaspersky, the security firm that discovered the malware, then ran the backdoor on a lab device to observe how it behaved. "This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)," the researchers wrote in a report on Tuesday. "After collecting information from the infected machine, the stealer downloads an uploader binary from the C2 server, saving it to /var/tmp/atd. It then uses this binary to upload stealer execution results to the attackers' infrastructure."

An anonymous reader shared this report from Bloomberg: China-linked hackers breached the corporate account of a Microsoft engineer and are suspected of using that access to steal a valuable key that enabled the hack of senior U.S. officials' email accounts, the company said in a blog post. The hackers used the key to forge authentication tokens to access email accounts on Microsoft's cloud servers, including those belonging to Commerce Secretary Gina Raimondo, Representative Don Bacon and State Department officials earlier this year.

The U.S. Cybersecurity and Infrastructure Security Agency and Microsoft disclosed the breach in June, but it was still unclear at the time exactly how hackers were able to steal the key that allowed them to access the email accounts. Microsoft said the key had been improperly stored within a "crash dump," which is data stored after a computer or application unexpectedly crashes...

The incident has brought fresh scrutiny to Microsoft's cybersecurity practices.
Microsoft's blog post says they corrected two conditions which allowed this to occur. First, "a race condition allowed the key to be present in the crash dump," and second, "the key material's presence in the crash dump was not detected by our systems." We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network. This is consistent with our standard debugging processes. Our credential scanning methods did not detect its presence (this issue has been corrected).

After April 2021, when the key was leaked to the corporate environment in the crash dump, the Storm-0558 actor was able to successfully compromise a Microsoft engineer's corporate account. This account had access to the debugging environment containing the crash dump which incorrectly contained the key. Due to log retention policies, we don't have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key.

An anonymous reader shared this report from InfoWorld: The uses of WebAssembly, aka Wasm, have grown far beyond its initial target of web applications, according to The State of WebAssembly 2023 report. But some developers remain skeptical. Released September 6 by the Cloud Native Computing Foundation (CNCF) and SlashData, in collaboration with the Linux Foundation, the report finds mostly optimism among software developers about future adoption of Wasm for web and non-web environments... However, about 22% of participants in the report indicated pessimism about Wasm adoption for either the web or non-web environments. Further, 83% of the respondents reported challenges with Wasm including difficulties with debugging and troubleshooting, different performance between runtimes, lack of consistent developer experiences between runtimes, lack of learning materials, and compatibility issues with certain browsers.

The report finds that respondents are using WebAssembly across a wide range of software projects including data visualization (35%), internet of things (32%, artificial intelligence (30%), games (28%), back-end services (27%), edge computing (25%), and more. While Wasm is still primarily used to develop web applications (58%), this is changing thanks to WASI (WebAssembly System Interface), which provides a modular interface for Wasm...

Other findings of the State of WebAssembly 2023 report:

- When migrating existing applications to Wasm, 30% of respondents experience performance benefits of more than 50%.
- JavaScript is the most popular language used with Wasm applications. But Rust stands out in popularity in Wasm projects compared to other use cases...
The article says WebAssembly developers were attracted by "faster loading times, the ability to explore new use cases and technologies, and the ability to share code between projects. Improved performance over JavaScript and efficient execution of computationally intensive tasks also were cited."

Birmingham City Council, the largest local authority in Europe, has declared itself in financial distress after troubled Oracle project costs ballooned from $25 million to around $125.5 million. The Register reports: Contributing to the publication of a legal Section 114 Notice, which says the $4.3 billion revenue organization is unable to balance the books, is a bill of up to $954 million to settle equal pay claims. In a statement today, councillors John Cotton and Sharon Thompson, leader and deputy leader respectively, said the authority was also hit by financial stress owing to issues with the implementation of its Oracle IT system. The council has made a request to the Local Government Association for additional strategic support, the statement said.

In May, Birmingham City Council said it was set to pay up to $125.5 million for its Oracle ERP system -- potentially a fourfold increase on initial estimated expenses -- in a project suffering from delays, cost over-runs, and a lack of controls. After grappling with the project to replace SAP for core HR and finance functions since 2018, the council reviewed the plan in 2019, 2020, and again in 2021, when the total implementation cost for the project almost doubled to $48.5 million. The project, dubbed Financial and People, was "crucial to an organisation of Birmingham City Council's size," a spokesperson said at the time. Cotton said the system had a problem with how it was "tracking our financial transactions and HR transactions issues as well. That's got to be fixed," he said.

Earlier this year, one insider told The Register that Oracle Fusion, the cloud-based ERP system the council is moving to, "is not a product that is suitable for local authorities, because it's very much geared towards a manufacturing/trading organization." They said the previous SAP system had been heavily customized to meet the council's needs and it was struggling to recreate these functions in Oracle.