An anonymous reader quotes a report from Wired: Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world. On Wednesday, Cisco warned that its so-called Adaptive Security Appliances -- devices that integrate a firewall and VPN with other security features -- had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant's gear to compromise government targets globally in a hacking campaign it's calling ArcaneDoor.

The hackers behind the intrusions, which Cisco's security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn't be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group's espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored. "This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor," a blog post from Cisco's Talos researchers reads. Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China's state interests.

Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. "The investigation that followed identified additional victims, all of which involved government networks globally," the company's report reads. In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco's ASA products. One, which it's calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers' malware to maintain its access to the target devices even when they were rebooted or updated. It's not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances. Cisco advises that customers apply its new software updates to patch both vulnerabilities.

A separate advisory (PDF) from the UK's National Cybersecurity Center notes that physically unplugging an ASA device does disrupt the hackers' access. "A hard reboot by pulling the power plug from the Cisco ASA has been confirmed to prevent Line Runner from re-installing itself," the advisory reads.

Similar to the way Google makes its mobile OS Android open source, Meta announced it is opening up its Quest headset's operating system to rival device makers. Reuters reports: The move will allow partner companies to build their headsets using Meta Horizon OS, a rebranded operating system that brings capabilities like gesture recognition, passthrough, scene understanding and spatial anchors to the devices that run on it, the company said in a blog post. The social media company said partners Asus and Lenovo would use the operating system to build devices tailored for particular activities. Meta is also using it to make a limited edition version of the Quest headset "inspired by" Microsoft's Xbox gaming console, according to the company's statement. [...]

In a video posted on Zuckerberg's Instagram account, he previewed examples of specialized headsets partners might make: a lightweight device with sweat-wicking materials for exercise, an immersive high-resolution one for entertainment and another equipped with sensation-inducing haptics for gaming. Meta said in its blog post that ASUS' Republic of Gamers is developing a gaming headset and Lenovo is working on an MR device for productivity, learning, and entertainment using the Horizon OS. Zuckerberg said it may take a few years for these devices to launch. [...] Meta said the Meta Horizon OS includes Horizon Store, renamed from Quest Store, to download apps and experiences. The platform will work with a mobile companion app now called Meta Horizon app. While Google is reportedly working on an Android platform for VR and MR devices, Meta has called on Google to bring the Play Store to Quest, saying: "Because we don't restrict users to titles from our own app store, there are multiple ways to access great content on Meta Horizon OS, including popular gaming services like Xbox Game Pass Ultimate, or through Steam Link or our Air Link system for wirelessly streaming PC software to headsets. And we encourage the Google Play 2D app store to come to Meta Horizon OS, where it can operate with the same economic model it does on other platforms."

"Should Google bring the Play Store to Horizon OS, Meta says Google would be able to operate it on the 'same economic model' as it does on Android," notes 9to5Google. "In theory, that could actually represent a better payout for developers compared to what's been reported for Meta's store, but Meta does specifically say '2D app store,' implying VR/XR apps wouldn't be in the Play Store on Horizon OS."

According to the Wall Street Journal, a deal for IBM to acquire HashiCorp could materialize in the next few days. Shares of HashiCorp jumped almost 20% on the news.

UPDATE 4/24/24: IBM has confirmed the deal valued at $6.4 billion. "IBM will pay $35 per share for HashiCorp, a 42.6% premium to Monday's closing price," reports Reuters. "The acquisition will be funded by cash on hand and will add to adjusted core profit within the first full year of closing, expected by the end of 2024." HashiCorp's shares continued to surge Tuesday on the news. CNBC reports: Developers use HashiCorp's software to set up and manage infrastructure in public clouds that companies such as Amazon and Microsoft operate. Organizations also pay HashiCorp for managing security credentials. Founded in 2012, HashiCorp went public on Nasdaq in 2021. The company generated a net loss of nearly $191 million on $583 million in revenue in the fiscal year ending Jan. 31, according to its annual report. In December, Mitchell Hashimoto, co-founder of HashiCorp, whose family name is reflected in the company name, announced that he was leaving.

Revenue jumped almost 23% during that period, compared with 2% for IBM in 2023. IBM executives pointed to a difficult economic climate during a conference call with analysts in January. The hardware, software and consulting provider reports earnings on Wednesday. Cisco held $9 million in HashiCorp shares at the end of March, according to a regulatory filing. Cisco held early acquisition talks with HashiCorp, according to a 2019 report.

Just as Google, Samsung and Microsoft continue to push their efforts with generative AI on PCs and mobile devices, Apple is moving to join the party with OpenELM, a new family of open source large language models (LLMs) that can run entirely on a single device rather than having to connect to cloud servers. From a report: Released a few hours ago on AI code community Hugging Face, OpenELM consists of small models designed to perform efficiently at text generation tasks. There are eight OpenELM models in total -- four pre-trained and four instruction-tuned -- covering different parameter sizes between 270 million and 3 billion parameters (referring to the connections between artificial neurons in an LLM, and more parameters typically denote greater performance and more capabilities, though not always).

[...] Apple is offering the weights of its OpenELM models under what it deems a "sample code license," along with different checkpoints from training, stats on how the models perform as well as instructions for pre-training, evaluation, instruction tuning and parameter-efficient fine tuning. The sample code license does not prohibit commercial usage or modification, only mandating that "if you redistribute the Apple Software in its entirety and without modifications, you must retain this notice and the following text and disclaimers in all such redistributions of the Apple Software." The company further notes that the models "are made available without any safety guarantees. Consequently, there exists the possibility of these models producing outputs that are inaccurate, harmful, biased, or objectionable in response to user prompts."

Nvidia, in a blog post: To help customers make more efficient use of their AI computing resources, NVIDIA today announced it has entered into a definitive agreement to acquire Run:ai, a Kubernetes-based workload management and orchestration software provider. Customer AI deployments are becoming increasingly complex, with workloads distributed across cloud, edge and on-premises data center infrastructure.

Managing and orchestrating generative AI, recommender systems, search engines and other workloads requires sophisticated scheduling to optimize performance at the system level and on the underlying infrastructure. Run:ai enables enterprise customers to manage and optimize their compute infrastructure, whether on premises, in the cloud or in hybrid environments. The deal is valued at about $700 million.

Oracle Chairman Larry Ellison said Tuesday that the company is moving its world headquarters to Nashville, Tennessee, to be closer to a major health-care epicenter. CNBC reports: In a wide-ranging conversation with Bill Frist, a former U.S. Senate Majority Leader, Ellison said Oracle is moving a "huge campus" to Nashville, "which will ultimately be our world headquarters." He said Nashville is an established health center and a "fabulous place to live," one that Oracle employees are excited about. "It's the center of the industry we're most concerned about, which is the health-care industry," Ellison said. The announcement was seemingly spur-of-the-moment. "I shouldn't have said that," Ellison told Frist, a longtime health-care industry veteran who represented Tennessee in the Senate. The pair spoke during a fireside chat at the Oracle Health Summit in Nashville.

Nashville has been a major player in the health-care scene for decades, and the city is now home to a vibrant network of health systems, startups and investment firms. The city's reputation as a health-care hub was catalyzed when HCA Healthcare, one of the first for-profit hospital companies in the U.S., was founded there in 1968. HCA helped attract troves of health-care professionals to Nashville, and other organizations quickly followed suit. Oracle has been developing its new $1.2 billion campus in the city for about three years, according to The Tennessean. "Our people love it here, and we think it's the center of our future," Ellison said.

An anonymous reader quotes a report from Ars Technica: There's a new Linux distro on the scene today, and it's a bit specialized. Its development was led by the automotive electronics supplier Elektrobit, and it's the first open source OS that complies with the automotive industry's functional safety requirements. [...] With Elektrobit's EB corbos Linux for Safety Applications (that sure is a long name), there's an open source Linux distro that finally fits the bill, having just been given the thumbs up by the German organization TUV Nord. (It also complies with the IEC 61508 standard for safety applications.) "The beauty of our concept is that you don't even need to safety-qualify Linux itself," said Moritz Neukirchner, a senior director at Elektrobit overseeing SDVs. Instead, an external safety monitor runs in a hypervisor, intercepting and validating kernel actions.

"When you look at how safety is typically being done, look at communication -- you don't safety-certify the communication specs or Ethernet stack, but you do a checker library on top, and you have a hardware anchor for checking down below, and you insure it end to end but take everything in between out of the certification path. And we have now created a concept that allows us to do exactly that for an operating system," Neukirchner told me. "So in the end, since we take Linux out of the certification path and make it usable in a safety-related context, we don't have any problems in keeping up to speed with the developer community," he explained. "Because if you start it off and say, 'Well, we're going to do Linux as a one-shot for safety,' you're going to have the next five patches and you're off [schedule] again, especially with the security regulation that's now getting toward effect now, starting in July with the UNECE R155 that requires continuous cybersecurity management vulnerability scanning for all software that ends up in the vehicle."

"In the end, we see roughly 4,000 kernel security patches within eight years for Linux. And this is the kind of challenge that you're being put up to if you want to participate in that speed of innovation of an open source community as rich as that of Linux and now want to combine this with safety-related applications," Neukirchner said. Elektrobit developed EB corbos Linux for Safety Applications together with Canonical, and together they will share the maintenance of keeping it compliant with safety requirements over time.

prisoninmate writes: Fedora Linux 40 distribution has been officially released -- powered by the latest Linux 6.8 kernel series, and featuring the GNOME 46 and KDE Plasma 6 desktop environments, reports 9to5Linux:

"Powered by the latest and greatest Linux 6.8 kernel series, the Fedora Linux 40 release ships with the GNOME 46 desktop environment for the flagship Fedora Workstation edition and the KDE Plasma 6 desktop environment for the Fedora KDE Spin, which defaults to the Wayland session as the X11 session was completely removed."

"Fedora Linux 40 also includes some interesting package management changes, such as dropping Delta RPMs and disabling support in the default configuration of DNF / DNF5. It also changes the DNF behavior to no longer download filelists by default. However, this release doesn't ship with the long-awaited DNF5 package manager. For AMD GPUs, Fedora Linux 40 ships with AMD ROCm 6.0 as the latest release of AMD's software optimized for AI and HPC workload performance, which enables support for the newest flagship AMD Instinct MI300A and MI300X datacenter GPUs."

quonset writes: Just over two weeks ago, NASA figured out why its Voyager 1 spacecraft stopped sending useful data. They suspected corrupted memory in its flight data system (FDS) was the culprit. Today, for the first time since November, Voyager 1 is sending useful data about its health and the status of its onboard systems back to NASA. How did NASA accomplish this feat of long distance repair? They broke up the code into smaller pieces and redistributed them throughout the memory.

From NASA: "... So they devised a plan to divide the affected code into sections and store those sections in different places in the FDS. To make this plan work, they also needed to adjust those code sections to ensure, for example, that they all still function as a whole. Any references to the location of that code in other parts of the FDS memory needed to be updated as well. The team started by singling out the code responsible for packaging the spacecraft's engineering data. They sent it to its new location in the FDS memory on April 18. A radio signal takes about 22 1/2 hours to reach Voyager 1, which is over 15 billion miles (24 billion kilometers) from Earth, and another 22 1/2 hours for a signal to come back to Earth. When the mission flight team heard back from the spacecraft on April 20, they saw that the modification worked: For the first time in five months, they have been able to check the health and status of the spacecraft. During the coming weeks, the team will relocate and adjust the other affected portions of the FDS software. These include the portions that will start returning science data.

In a huge move for the mixed reality industry, Meta announced today that it's opening the Quest's operating system to third-party companies, allowing them to build headsets of their own. From a report: Think of it like moving the Quest's ecosystem from an Apple model, where one company builds both the hardware and software, to more of a hardware free-for-all like Android. The Quest OS is being rebranded to "Meta Horizon OS," and at this point it seems to have found two early adopters. ASUS's Republic of Gamers (ROG) brand is working on a new "performance gaming" headsets, while Lenovo is working on devices for "productivity, learning and entertainment." (Don't forget, Lenovo also built the poorly-received Oculus Rift S.)

As part of the news, Meta says it's also working on a limited-edition Xbox "inspired" Quest headset. (Microsoft and Meta also worked together recently to bring Xbox cloud gaming to the Quest.) Meta is also calling on Google to bring over the Google Play 2D app store to Meta Horizon OS. And, in an effort to bring more content to the Horizon ecosystem, software developed through the Quest App Lab will be featured in the Horizon Store. The company is also developing a new spatial framework to let mobile developers created mixed reality apps.

50 years ago this week, PC software pioneer Gary Kildall "demonstrated CP/M, the first commercially successful personal computer operating system in Pacific Grove, California," according to a blog post from Silicon Valley's Computer History Museum. It tells the story of "how his company, Digital Research Inc., established CP/M as an industry standard and its subsequent loss to a version from Microsoft that copied the look and feel of the DRI software."

Kildall was a CS instructor and later associate professor at the Naval Postgraduate School (NPS) in Monterey, California... He became fascinated with Intel Corporation's first microprocessor chip and simulated its operation on the school's IBM mainframe computer. This work earned him a consulting relationship with the company to develop PL/M, a high-level programming language that played a significant role in establishing Intel as the dominant supplier of chips for personal computers.

To design software tools for Intel's second-generation processor, he needed to connect to a new 8" floppy disk-drive storage unit from Memorex. He wrote code for the necessary interface software that he called CP/M (Control Program for Microcomputers) in a few weeks, but his efforts to build the electronic hardware required to transfer the data failed. The project languished for a year. Frustrated, he called electronic engineer John Torode, a college friend then teaching at UC Berkeley, who crafted a "beautiful rat's nest of wirewraps, boards and cables" for the task.

Late one afternoon in the fall of 1974, together with John Torode, in the backyard workshop of his home at 781 Bayview Avenue, Pacific Grove, Gary "loaded my CP/M program from paper tape to the diskette and 'booted' CP/M from the diskette, and up came the prompt: *

[...] By successfully booting a computer from a floppy disk drive, they had given birth to an operating system that, together with the microprocessor and the disk drive, would provide one of the key building blocks of the personal computer revolution... As Intel expressed no interest in CP/M, Gary was free to exploit the program on his own and sold the first license in 1975.
What happened next? Here's some highlights from the blog post:

• "Reluctant to adapt the code for another controller, Gary worked with Glen Ewing to split out the hardware dependent-portions so they could be incorporated into a separate piece of code called the BIOS (Basic Input Output System)... The BIOS code allowed all Intel and compatible microprocessor-based computers from other manufacturers to run CP/M on any new hardware. This capability stimulated the rise of an independent software industry..."

• "CP/M became accepted as a standard and was offered by most early personal computer vendors, including pioneers Altair, Amstrad, Kaypro, and Osborne..."

• "[Gary's company] introduced operating systems with windowing capability and menu-driven user interfaces years before Apple and Microsoft... However, by the mid-1980s, in the struggle with the juggernaut created by the combined efforts of IBM and Microsoft, DRI had lost the basis of its operating systems business."

• "Gary sold the company to Novell Inc. of Provo, Utah, in 1991. Ultimately, Novell closed the California operation and, in 1996, disposed of the assets to Caldera, Inc., which used DRI intellectual property assets to prevail in a lawsuit against Microsoft."

This week the Register spoke to former senior White House cyber policy director A.J. Grotto — who complained it was hard to get even slight concessions from Microsoft: "If you go back to the SolarWinds episode from a few years ago ... [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default. [In the interview he calls it "an epic fight" which lasted 18 months."] [G]iven the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern.
He estimates that Microsoft makes 85% of U.S. government productivity software — and has an even greater share of their operating systems. "Microsoft in many ways has the government locked in, he says in the interview, "and so it's able to transfer a lot of these costs associated with the security breaches over to the federal government."

And about five minutes in, he says, point-blank, that "It's perfectly fair" to consider Microsoft a national security threat, given its dominance "not just within the federal government, but really in sort of the boarder IT marketplace. I think it's fair to say, yeah, that a systemic compromise that affects Microsoft and its products do rise to the level of a national security risk."

He'd like to see the government encourage more competition — to the point where public scrutiny prompts software customers to change their behavior, and creates a true market incentive for better performance...

Long-time Slashdot reader tippen shared this report from the Register: AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.

In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists — Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang — report that OpenAI's GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw. "To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description," the US-based authors explain in their paper. "When given the CVE description, GPT-4 is capable of exploiting 87 percent of these vulnerabilities compared to 0 percent for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit)...."

The researchers' work builds upon prior findings that LLMs can be used to automate attacks on websites in a sandboxed environment. GPT-4, said Daniel Kang, assistant professor at UIUC, in an email to The Register, "can actually autonomously carry out the steps to perform certain exploits that open-source vulnerability scanners cannot find (at the time of writing)."
The researchers wrote that "Our vulnerabilities span website vulnerabilities, container vulnerabilities, and vulnerable Python packages. Over half are categorized as 'high' or 'critical' severity by the CVE description...."

"Kang and his colleagues computed the cost to conduct a successful LLM agent attack and came up with a figure of $8.80 per exploit"

Remember when Apple filed a lawsuit against chip startup Rivos (saying that in one year Rivos hired more than 40 former Apple employees to work on competing system-on-a-chip technology)? Apple settled that suit in February.

And now Tuesday Rivos announced that it raised $250 million, according to Reuters, "in a funding round that will enable it to manufacture its first server chip geared for artificial intelligence," combining a CPU with an AI-accelerating component optimized for LLMs and data analytics. Nvidia gobbled up more than 80% market share of AI chips in 2023. But a host of startups and chip giants have started to launch competing products, such as Intel's Gaudi 3 and Meta's inference chip — both unveiled last week. Rivos is tight-lipped about the specifics of the product, but has disclosed that its plans include designing chips based on the RISC-V architecture, which is an open source alternative to the architectures made by Arm, Intel, and Advanced Micro Devices.. [U]sing the open source alternative means Rivos does not have to pay a license fee to Arm. "RISC-V doesn't have a (large) software ecosystem, so I decided to form a company and then build software-defined hardware — just like what CUDA did with Nvidia," said Lip-Bu Tan, founding managing partner at Walden Catalyst, one of Rivos' investors.
Meanwhile, there's a rumor that Allen Wu, former chief executive of Arm China, has founded a new company that will develop chips based on RISC-V. Tom's Hardware writes: Under the leadership of the controversial Allen Wu, Zhongzhi Chip is reportedly attracting a notable influx of talent, including numerous former employees of Arm, indicating the new company's serious ambitions in the chip sector... [T]he company's operational focus remains partially unclear, with speculation around whether it will primarily engage in its own R&D initiatives or represent Tenstorrent in China as its agent... which develops HPC CPUs and AI processors based on the RISC-V ISA... Based on the source report, Zhongzhi Chip is leveraging its connections and forming alliances with several other leading global RISC-V chip developers.

The co-founder of Silicon Valley-based software testing startup HeadSpin was sentenced Friday to 18 months in prison and a $1 million fine, reports SFGate — for defrauding investors. Lachwani pleaded guilty to two counts of wire fraud and a count of securities fraud in April 2023, after federal prosecutors accused him of, for years, lying to investors about HeadSpin's finances to raise more money. HeadSpin, founded in 2015, grew to a $1.1 billion valuation by 2020 with over $115 million in funding from investors including Google Ventures and Iconiq Capital... He had personally altered invoices, lied to the company accountant and sent slide decks with fraudulent information to investors, [according to the government's 2021 criminal complaint]...

Breyer, per the New York Times, rejected Lachwani's lawyer's argument that because HeadSpin investors didn't end up losing money, he should receive a light sentence. The judge, who often oversees tech industry cases, reportedly said: "If you win, there are no serious consequences — that simply can't be the law." Still, the sentencing was far lighter than it could have been. The government's prosecuting attorneys had asked for a five-year prison term.
The New York Times reported in December that HeadSpin's financial statements had "often arrived months late, if at all, investors said in legal declarations," while the company's financial department "consisted of one external accountant who worked mostly from home using QuickBooks." And the comnpany also had no human resources department or organizational chart... After Manish Lachwani founded the Silicon Valley software start-up HeadSpin in 2015, he inflated the company's revenue numbers by nearly fourfold and falsely claimed that firms including Apple and American Express were customers. He showed a profit where there were losses. He used HeadSpin's cash to make risky trades on tech stocks. And he created fake invoices to cover it all up.

What was especially breathtaking was how easily Mr. Lachwani, now 48, pulled all that off... [HeadSpin] had no chief financial officer, had no human resources department and was never audited. Mr. Lachwani used that lack of oversight to paint a rosier picture of HeadSpin's growth. Even though its main investors knew the start-up's financials were not accurate, according to Mr. Lachwani's lawyers, they chose to invest anyway, eventually propelling HeadSpin to a $1.1 billion valuation in 2020. When the investors pushed Mr. Lachwani to add a chief financial officer and share more details about the company's finances, he simply brushed them off. These details emerged this month in filings in U.S. District Court for the Northern District of California after Mr. Lachwani had pleaded guilty to three counts of fraud in April...

The absence of controls at HeadSpin is part of an increasingly noticeable pattern at Silicon Valley start-ups that have run into trouble. Over the past decade, investors in tech start-ups were so eager to back hot companies that many often overlooked reckless behavior and gave up key controls like board seats, all in the service of fast growth and disruption. Then when founders took the ethos of "fake it till you make it" too far, their investors were often unaware or helpless...

Now, amid a start-up shakeout, more frauds have started coming to light. The founder of the college aid company Frank has been charged, the internet connectivity start-up Cloudbrink has been sued, and the social media app IRL has been investigated and sued. Last month, Mike Rothenberg, a Silicon Valley investor, was found guilty on 21 counts of fraud and money laundering. On Monday, Trevor Milton, founder of the electric vehicle company Nikola, was sentenced to four years in prison for lying about Nikola's technological capabilities.
The Times points out that similarly, FTX only had a three-person board "with barely any influence over the company, tracked its finances on QuickBooks and used a small, little-known accounting firm." And that Theranos had no financial audits for six years.

Long-time Slashdot reader AmiMoJo shares an article from TechSpot: Zilog is retiring the Z80 after 48 years on the market. Originally developed as a project stemming from the Intel 8080, it eventually rose to become one of the most popular and widely used 8-bit CPUs in both gaming and general computing devices.

The iconic IC device, developed by Federico Faggin, will soon be phased out, and interested parties only have a few months left to place their orders before Zilog's manufacturing partner ends support for the technology... Federico Faggin, an Intel engineer, founded Zilog in 1974 after his work on the Intel 4004, the first 4-bit CPU. The Zilog Z80 was then released in July 1976, conceived as a software-compatible 'extension' and enhancement of the Intel 8080 processor.
Back in 1999 Slashdot was calling Zilog's updated eZ80 "one of the fastest 8-bit CPUs available today, executing code 4 times faster than a standard Z80 operating at the same clock speed."

Another headline, from 2001: Zilog To File For Chapter 11...

SiliconANGLE reports that to help organizations detect vulnerabilities earlier, Red Hat has "announced updates to its Trusted Software Supply Chain that enable organizations to shift security 'left' in the software supply chain." Red Hat announced Trusted Software Supply Chain in May 2023, pitching it as a way to address the rising threat of software supply chain attacks. The service secures software pipelines by verifying software origins, automating security processes and providing a secure catalog of verified open-source software packages. [Thursday's updates] are aimed at advancing the ability for customers to embed security into the software development life cycle, thereby increasing software integrity earlier in the supply chain while also adhering to industry regulations and compliance standards.

They start with a new tool called Red Hat Trust Artifact Signer. Based on the open-source Sigstore project [founded at Red Hat and now part of the Open Source Security Foundation], Trust Artifact Signer allows developers to sign and verify software artifacts cryptographically without managing centralized keys, to enhance trust in the software supply chain. The second new release, Red Hat Trusted Profile Analyzer, provides a central source for security documentation such as Software Bill of Materials and Vulnerability Exploitability Exchange. The tool simplifies vulnerability management by enabling proactive identification and minimization of security threats.

The final new release, Red Hat Trusted Application Pipeline, combines the capabilities of the Trusted Profile Analyzer and Trusted Artifact Signer with Red Hat's internal developer platform to provide integrated security-focused development templates. The feature aims to standardize and accelerate the adoption of secure development practices within organizations.
Specifically, Red Hat's announcement says organizations can use their new Trust Application Pipeline feature "to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations."

Ben Schoon reports via 9to5Google: Google's Arif Dikici confirmed on LinkedIn this week that Android is now using VideoLAN's (the makers of VLC) "dav1d" software decoder to allow AV1 to work on more devices. This is now available on all devices running Android 12 or higher via a software update. Mishaal Rahman points out that this started to roll out with the March 2024 Google Play system update.

Dikici says that "most" devices can at least support 720p at 30 frames per second, but that apps will need to opt in "for now" to support AV1 via software decoding. One app that has opted in is YouTube, which now uses AV1 on all compatible devices (though it may have reverted this). This may result in increased power usage depending on your device, though. Improvements on that front may be coming, though, says VideoLAN on Twitter/X.

A software glitch in the "ticket in, cash out" (TICO) machines at Star Casino in Sydney, Australia, saw it inadvertently give away $2.05 million over several weeks. This glitch allowed gamblers to reuse a receipt for slot machine winnings, leading to unwarranted cash payouts which went undetected due to systematic failures in oversight and audit processes. The Register reports: News of the giveaway emerged on Monday at an independent inquiry into the casino, which has had years of compliance troubles that led to a finding that its operators were unsuitable to hold a license. In testimony [PDF] given on Monday to the inquiry, casino manager Nicholas Weeks explained that it is possible to insert two receipts into TICO machines. That was a feature, not a bug, and allowed gamblers to redeem two receipts and be paid the aggregate amount. But a software glitch meant that the machines would return one of those tickets and allow it to be re-used -- the barcode it bore was not recognized as having been paid.

"What occurred was small additional amounts of cash were being provided to customers in circumstances when they shouldn't have received it because of that defect," Weeks told the inquiry. Local media reported that news of the free cash got around and 43 people used the TICO machines to withdraw money to which they were not entitled -- at least one of them a recovering gambling addict who fell off the wagon as the "free" money allowed them to fund their activities. Known abusers of the TICO machines have been charged, and one of those set to face the courts is accused of association with a criminal group. (The first inquiry into The Star, two years ago, found it may have been targeted by organized crime groups.)

Google CEO Sundar Pichai announced substantial internal reorganizations on Thursday, including the creation of a new team called "Platforms and Devices" that will oversee all of Google's Pixel products, all of Android, Chrome, ChromeOS, Photos, and more. From a report: The team will be run by Rick Osterloh, who was previously the SVP of devices and services, overseeing all of Google's hardware efforts. Hiroshi Lockheimer, the longtime head of Android, Chrome, and ChromeOS, will be taking on other projects inside of Google and Alphabet. This is a huge change for Google, and it likely won't be the last one. There's only one reason for all of it, Osterloh says: AI. "This is not a secret, right?" he says.

Consolidating teams "helps us to be able to do full-stack innovation when that's necessary," Osterloh says. He uses the example of the Pixel camera: "You had to have deep knowledge of the hardware systems, from the sensors to the ISPs, to all layers of the software stack. And, at the time, all the early HDR and ML models that were doing camera processing... and I think that hardware / software / AI integration really showed how AI could totally transform a user experience. That was important. And it's even more true today."