An anonymous reader shares a report:Intel, Microsoft, Qualcomm, and AMD have all been pushing the idea of an "AI PC" for months now as we head toward more AI-powered features in Windows. While we're still waiting to hear the finer details from Microsoft on its big plans for AI in Windows, Intel has started sharing Microsoft's requirements for OEMs to build an AI PC -- and one of the main ones is that an AI PC must have Microsoft's Copilot key. Microsoft wants its OEM partners to provide a combination of hardware and software for its idea of an AI PC. That includes a system that comes with a Neural Processing Unit (NPU), the latest CPUs and GPUs, and access to Copilot. It will also need to have the new Copilot key that Microsoft announced earlier this year.

This requirement means that some laptops, like Asus' new ROG Zephyrus, have already shipped with Intel's new Core Ultra chips and aren't technically AI PCs in the eyes of Microsoft's strict requirements because they don't have a Copilot key. But they're still AI PCs in Intel's eyes. "Our joint aligned definition, Intel and Microsoft, we've aligned on Core Ultra, Copilot, and Copilot key," explains Todd Lewellen, head of the PC ecosystem at Intel, in a press briefing with The Verge. "From an Intel perspective our AI PC has Core Ultra and it has an integrated NPU because it is unlocking all kinds of new capabilities and functions in the AI space. We have great alignment with Microsoft, but there are going to be some systems out there that may not have the physical key on it but it does have our integrated NPU."

Britain's government has been urged to provide more support for the software industry with measures including tax incentives and talent visas. From a report: More than 120 industry leaders have called for government intervention to improve conditions for European software companies. Europe has long struggled to scale up homegrown tech companies as successfully as the U.S., with many startups forced to seek investment abroad as they scale up.

A new policy document -- published by industry body Boardwave and seen by Reuters -- highlights what it calls Europe's "dreadful" track record of scaling software companies, with one recent study showing only one software-focused firm, Sage, counted among Britain's top 100 publicly-traded businesses, compared to dozens in the U.S. Phill Robinson, Boardwave founder and a former executive at software giant Salesfore, shared the report with Britain's technology minister Michele Donelan last week, warning that mid-sized software companies had received little government attention compared to Big Tech firms and buzzy venture-funded startups.

Google is releasing an optimized version of its Chrome browser for Windows on Arm this week, the search giant has announced alongside chipmaker Qualcomm. From a report: The official release comes two months after an early version of the browser was spotted in Chrome's Canary channel. Qualcomm says the release "will roll out starting today."

The release will be a big deal for any Chrome users with Windows machines powered by Arm-based processors, who'll now have access to a much faster native browser. That's in contrast to the x64 version of Chrome they've previously had to run in an emulated state with slow performance. Arm-based users have previously been able to turn to Microsoft's Edge, which is already available for Windows on Arm devices.

The Register: Cloudflare has revealed a little about how it maintains the millions of boxes it operates around the world -- including the concept of an "error budget" that enacts "empathy embedded in automation." In a Tuesday post titled "Autonomous hardware diagnostics and recovery at scale," the internet-taming biz explains that it built fault-tolerant infrastructure that can continue operating with "little to no impact" on its services. But as explained by infrastructure engineering tech lead Jet Marsical and systems engineers Aakash Shah and Yilin Xiong, when servers did break the Data Center Operations team relied on manual processes to identify dead boxes. And those processes could take "hours for a single server alone, and [could] easily consume an engineer's entire day."

Which does not work at hyperscale. Worse, dead servers would sometimes remain powered on, costing Cloudflare money without producing anything of value. Enter Phoenix -- a tool Cloudflare created to detect broken servers and automatically initiate workflows to get them fixed. Phoenix makes a "discovery run" every thirty minutes, during which it probes up to two datacenters known to house broken boxen. That pace of discovery means Phoenix can find dead machines across Cloudflare's network in no more than three days. If it spots machines already listed for repairs, it "takes care of ensuring that the Recovery phase is executed immediately."

An anonymous reader shares a report: About 6,000 older Bitcoin mining machines in the US will soon be idled and sent to a warehouse in Colorado Springs where they'll be refreshed and resold to buyers overseas looking to profit from mining in lower-cost environs. Wholesaler SunnySide Digital operates the 35,000 square-foot facility taking in the equipment from a mining client. The outdated machines are among several hundred-thousand it expects to receive and refurbish around a major quadrennial update in the Bitcoin blockchain.

Known as the halving, the late April event will slash the reward that's the main revenue stream for miners, who will try to lessen the impact by upgrading to the latest and most efficient technology. With electricity the biggest expense, mining companies including publicly traded giants Marathon Digital Holdings and Riot Platforms need to lower usage costs to maintain a positive margin. Their older computers may still bring a profit, just not likely in the US.

Some 600,000 S19 series computers, which account for a majority of machines currently in use, are moving out of the US mostly to Africa and South America, according to an estimate by Ethan Vera, chief operating officer at crypto-mining services and logistics provider Luxor Technology in Seattle. In Bitcoin mining, specialized machines are used to validate transactions on the blockchain and earn operators a fixed token reward. Anonymous Bitcoin creator Satoshi Nakamoto baked in the once-every-four-years halving to maintain the hard cap of 21 million tokens. Next month's event is the fourth since 2012 and the reward will drop to 3.125 Bitcoin from 6.25 now.

Atlas VPN informed customers on Monday that it will discontinue its services on April 24, citing technological demands, market competition, and escalating costs as key factors in the decision. The company said it will transfer its paid subscribers to its sister company, NordVPN, for the remainder of their subscription period to ensure uninterrupted VPN services.

Dave Plummer, a former Microsoft developer, has shared the story behind the Format drive dialog box in Windows, which has remained unchanged for nearly three decades. According to Plummer, the dialog box was created as a temporary solution during the porting of code from Windows 95 to Windows NT, due to differences between the two operating systems. Plummer jotted down all the formatting options on a piece of paper and created a basic UI, intending it to be a placeholder until a more refined version could be developed. However, the intended UI improvement never materialized, and Plummer's temporary solution has persisted through numerous Windows versions, including the latest Windows 11.

Plummer also admitted that the 32GB limit on FAT volume size in Windows was an arbitrary decision he made at the time, which has since become a permanent constraint.

An anonymous reader shared this report from The Register: Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised U.S. defense organizations, UK government agencies, and hundreds of other entities, according to Mandiant.

The Google-owned threat hunters said they assess, "with moderate confidence," that a crew they track as UNC5174 was behind the exploitation of CVE-2023-46747, a 9.8-out-of-10-CVSS-rated remote code execution bug in the F5 BIG-IP Traffic Management User Interface, and CVE-2024-1709, a path traversal flaw in ConnectWise ScreenConnect that scored a perfect 10 out of 10 CVSS severity rating.

UNC5174 uses the online persona Uteus, and has bragged about its links to China's Ministry of State Security (MSS) — boasts that may well be true. The gang focuses on gaining initial access into victim organizations and then reselling access to valuable targets... Just last month, Mandiant noticed the same combination of tools, believed to be unique to this particular Chinese gang, being used to exploit the ConnectWise flaw and compromise "hundreds" or entities, mostly in the U.S. and Canada. Also between October 2023 and February 2024, UNC5174 exploited CVE-2023-22518 in Atlassian Confluence, CVE-2022-0185 in Linux kernels, and CVE-2022-3052, a Zyxel Firewall OS command injection vulnerability, according to Mandiant.

These campaigns included "extensive reconnaissance, web application fuzzing, and aggressive scanning for vulnerabilities on internet-facing systems belonging to prominent universities in the U.S., Oceania, and Hong Kong regions," the threat intel team noted.
More details from The Record. "One of the strangest things the researchers found was that UNC5174 would create backdoors into compromised systems and then patch the vulnerability they used to break in. Mandiant said it believes this was an 'attempt to limit subsequent exploitation of the system by additional unrelated threat actors attempting to access the appliance.'"

"Hollywood is bracing for another actors strike, this time against the videogame industry," according to MarketWatch: "We're currently in bargaining with all the major game studios, and the major sticking point is AI," SAG-AFTRA National Executive Director Duncan Crabtree-Ireland said Thursday. "Actors at all levels are at risk of digital replication. We have strike authorization on that contract and it is, at this point — we could end up going on strike...."

The union, which navigated its way to a new film and TV contract after a 118-day strike against the Hollywood studios last year, is again focusing on regulating artificial intelligence and its impact on wages and jobs. "It will be a recurring issue with each successive contract" every three years, Crabtree-Ireland said.
Some studios are already using AI-generated voices to save money, the article points out. "Actors and actresses should be very much afraid," Chris Mattmann, an adjunct research professor at the University of Southern California's Computer Science Department, says in the article. "Within three seconds, gen AI can effectively clone a voice."

The strike could affect Microsoft's Activision Publishing and Disney, as well as other major game publishers including Electronic Arts, Epic Games, and Warner Bros.

BleepingComputer reports on "a new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols."

According to their article, the attack "can pair network services into an indefinite communication loop that creates large volumes of traffic." Devised by researchers at the CISPA Helmholtz-Center for Information Security, the attack uses the User Datagram Protocol (UDP) and impacts an estimated 300,000 host and their networks. The attack is possible due to a vulnerability, currently tracked as CVE-2024-2169, in the implementation of the UDP protocol, which is susceptible to IP spoofing and does not provide sufficient packet verification. An attacker exploiting the vulnerability creates a self-perpetuating mechanism that generates excessive traffic without limits and without a way to stop it, leading to a denial-of-service (DoS) condition on the target system or even an entire network. Loop DoS relies on IP spoofing and can be triggered from a single host that sends one message to start the communication.

According to the Carnegie Mellon CERT Coordination Center (CERT/CC) there are three potential outcomes when an attacker leverages the vulnerability:

— Overloading of a vulnerable service and causing it to become unstable or unusable.
— DoS attack on the network backbone, causing network outages to other services.
— Amplification attacks that involve network loops causing amplified DOS or DDOS attacks.

CISPA researchers Yepeng Pan and Professor Dr. Christian Rossow say the potential impact is notable, spanning both outdated (QOTD, Chargen, Echo) and modern protocols (DNS, NTP, TFTP) that are crucial for basic internet-based functions like time synchronization, domain name resolution, and file transfer without authentication... The researchers warned that the attack is easy to exploit, noting that there is no evidence indicating active exploitation at this time. Rossow and Pan shared their findings with affected vendors and notified CERT/CC for coordinated disclosure. So far, vendors who confirmed their implementations are affected by CVE-2024-2169 are Broadcom, Cisco, Honeywell, Microsoft, and MikroTik.

To avoid the risk of denial of service via Loop DoS, CERT/CC recommends installing the latest patches from vendors that address the vulnerability and replace products that no longer receive security updates. Using firewall rules and access-control lists for UDP applications, turning off unnecessary UDP services, and implementing TCP or request validation are also measures that can mitigate the risk of an attack. Furthermore, the organization recommends deploying anti-spoofing solutions like BCP38 and Unicast Reverse Path Forwarding (uRPF), and using Quality-of-Service (QoS) measures to limit network traffic and protect against abuse from network loops and DoS amplifications.
Thanks to long-time Slashdot reader schneidafunk for sharing the article.

"On December 28 2023, bugreport 12604 was filed in the curl issue tracker," writes cURL lead developer Daniel Stenberg: The title stated of the problem in this case was quite clear: flag -cacert behavior isn't consistent between macOS and Linux , and it was filed by Yuedong Wu.

The friendly reporter showed how the curl version bundled with macOS behaves differently than curl binaries built entirely from open source. Even when running the same curl version on the same macOS machine.

The curl command line option --cacert provides a way for the user to say to curl that this is the exact set of CA certificates to trust when doing the following transfer. If the TLS server cannot provide a certificate that can be verified with that set of certificates, it should fail and return error. This particular behavior and functionality in curl has been established since many years (this option was added to curl in December 2000) and of course is provided to allow users to know that it communicates with a known and trusted server. A pretty fundamental part of what TLS does really.

When this command line option is used with curl on macOS, the version shipped by Apple, it seems to fall back and checks the system CA store in case the provided set of CA certs fail the verification. A secondary check that was not asked for, is not documented and plain frankly comes completely by surprise. Therefore, when a user runs the check with a trimmed and dedicated CA cert file, it will not fail if the system CA store contains a cert that can verify the server!

This is a security problem because now suddenly certificate checks pass that should not pass.
"We don't consider this something that needs to be addressed in our platforms," Apple Product Security responded. Stenberg's blog post responds, "I disagree."

Long-time Slashdot reader lee1 shares their reaction: I started to sour on MacOS about 20 years ago when I discovered that they had, without notice, substituted their own, nonstandard version of the Readline library for the one that the rest of the Unix-like world was using. This broke gnuplot and a lot of other free software...

Apple is still breaking things, this time with serious security and privacy implications.

"Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash," BleepingComputer reported Thursday.

Friday Microsoft wrote that the issue "was resolved in the out-of-band update KB5037422," only available via the Microsoft Update Catalog. (The update "is not available from Windows Update and will not install automatically.")

BleepingComputer reported the leak only affected "enterprise systems using the impacted Windows Server platform," and home users were not affected. But Microsoft confirmed it impacted all domain controller servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates: As BleepingComputer first reported on Wednesday and as many admins have warned over the last week, affected servers are freezing and restarting unexpectedly due to a Local Security Authority Subsystem Service (LSASS) process memory leak introduced with this month's cumulative updates.

"Since installation of the March updates (Exchange as well as regular Windows Server updates) most of our DCs show constantly increasing lsass memory usage (until they die)," one admin said.

"Our symptoms were ballooning memory usage on the lsass.exe process after installing KB5035855 (Server 2016) and KB5035857 (Server 2022) to the point that all physical and virtual memory was consumed and the machine hung," another Windows admin told BleepingComputer.
The leak "is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests," Microsoft wrote. "Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers..."

"We strongly recommend you do not apply the March 2024 security update on DCs and install KB5037422 instead..."

"There is a new side channel attack against Apple 'M' series CPUs that does not appear to be fixable without a major performance hit," writes Slashdot reader EncryptedSoldier. SecurityWeek reports: A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. The attack targets a hardware optimization named data memory-dependent prefetcher (DMP), which attempts to prefetch addresses found in the contents of program memory to improve performance.

The researchers have found a way to use specially crafted cryptographic operation inputs that allow them to infer secret keys, guessing them bits at a time by monitoring the behavior of the DMP. They managed to demonstrate end-to-end key extraction attacks against several crypto implementations, including OpenSSL Diffie-Hellman Key Exchange, Go RSA, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium. The researchers have conducted successful GoFetch attacks against systems powered by Apple M1 processors, and they have found evidence that the attack could also work against M2 and M3 processors. They have also tested an Intel processor that uses DMP, but found that it's 'more robust' against such attacks.

The experts said Apple is investigating the issue, but fully addressing it does not seem trivial. The researchers have proposed several countermeasures, but they involve hardware changes that are not easy to implement or mitigations that can have a significant impact on performance. Apple told SecurityWeek that it thanks the researchers for their collaboration as this work advances the company's understanding of these types of threats. The tech giant also shared a link to a developer page that outlines one of the mitigations mentioned by the researchers. The researchers have published a paper (PDF) detailing their work.

Ars Technica's Dan Goodin also reported on the vulnerability.

Switch emulator Suyu -- a fork of the Nintendo-targeted and now-defunct emulation project Yuzu -- has been taken down from GitLab following a DMCA request Thursday. But the emulation project's open source files remain available on a self-hosted git repo on the Suyu website, and recent compiled binaries remain available on an extant GitLab repo. From a report: While the DMCA takedown request has not yet appeared on GitLab's public repository of such requests, a GitLab spokesperson confirmed to The Verge that the project was taken down after the site received notice "from a representative of the rightsholder."

An anonymous reader shares a report: On Monday, the Biden administration announced that six new countries had joined an international coalition to fight the proliferation of commercial spyware, sold by companies such as NSO Group or Intellexa. Now, some investors have announced that they too are committed to fighting spyware. But at least one of those investors, Paladin Capital Group, has previously invested in a company that developed malware, according to a leaked 2021-dated slide deck obtained by TechCrunch, although the firm tells TechCrunch it "got out" of the firm some time ago.

In the last couple of years, the U.S. government has led an effort to limit or at least restrain the use of spyware across the world by putting surveillance tech makers like NSO Group, Candiru, and Intellexa on blocklists, as well as imposing export controls on those companies and visa restrictions on people involved in the industry. More recently, the government has imposed economic sanctions not only on companies, but also directly on the executive who founded Intellexa. These actions have put others in the spyware industry on alert. In a call with reporters on Monday that TechCrunch attended, a senior Biden administration official said that a representative from Paladin participated in meetings at the White House on March 7, as well as this week in Seoul, where governments gathered for the Summit for Democracy to discuss spyware.

Paladin, one of the biggest investors in cybersecurity startups, and several other venture firms published a set of voluntary investment principles, noting that they would invest in companies that "enhance the defense, national security, and foreign policy interests of free and open societies." "For us, it was an important first step in having an investor outline both recognition that investments should not be going towards companies that are undertaking selling products, and selling to clients that can undermine free and fair societies," the senior administration official said in the call, where journalists agreed not to quote the officials by name.

An anonymous reader quotes a report from CNBC: UnitedHealth Group said Monday that it's paid out more than $2 billion to help health-care providers who have been affected by the cyberattack on subsidiary Change Healthcare. "We continue to make significant progress in restoring the services impacted by this cyberattack," UnitedHealth CEO Andrew Witty said in a press release. "We know this has been an enormous challenge for health care providers and we encourage any in need to contact us."

UnitedHealth disclosed nearly a month ago that a cyber threat actor breached part of Change Healthcare's information technology network. The fallout has wreaked havoc across the U.S. health-care system. Change Healthcare offers e-prescription software and tools for payment management, so the interruptions left many providers temporarily unable to fill medications or get reimbursed for their services by insurers. UnitedHealth, which provides care for 152 million people, said on Monday that it began releasing medical claims preparation software, which will be available to thousands of customers in the next several days. The company called it "an important step in the resumption of services."

On Friday, UnitedHealth said it restored Change Healthcare's electronic payments platform, after rebooting 99% of its pharmacy network services earlier this month. It also introduced a temporary funding assistance program to help health-care providers experiencing cash flow trouble because of the attack. UnitedHealth said the advances will not need to be repaid until claims flows return to normal. Federal agencies like the Centers for Medicare & Medicaid Services have introduced additional options to ensure that states and other stakeholders can make interim payments to providers, according to a release.

An anonymous reader quotes a report from Wired: When thousands of security researchers descend on Las Vegas every August for what's come to be known as "hacker summer camp," the back-to-back Black Hat and Defcon hacker conferences, it's a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city's elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room's gadgets, from its TV to its bedside VoIP phone. One team of hackers spent those days focused on the lock on the room's door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they're finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba's encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel -- say, by booking a room there or grabbing a keycard out of a box of used ones -- then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock's data, and the second opens it.

Dormakaba says that it's been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks. For many of the Saflok systems sold in the last eight years, there's no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door. Wouters and Carroll say they were nonetheless told by Dormakaba that, as of this month, only 36 percent of installed Safloks have been updated. Given that the locks aren't connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months longer to roll out, at the very least. Some older installations may take years.

A newly discovered vulnerability baked into Apple's M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. From a report: The flaw -- a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols -- can't be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

The threat resides in the chips' data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it's actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel's 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years. Security experts have long known that classical prefetchers open a side channel that malicious processes can probe to obtain secret key material from cryptographic operations. This vulnerability is the result of the prefetchers making predictions based on previous access patterns, which can create changes in state that attackers can exploit to leak information. In response, cryptographic engineers have devised constant-time programming, an approach that ensures that all operations take the same amount of time to complete, regardless of their operands. It does this by keeping code free of secret-dependent memory accesses or structures.

An anonymous reader quotes a report from Ars Technica: Starting in early 2023, Williams team principal James Vowles and chief technical officer Pat Fry started reworking the F1 team's systems for designing and building its car. It would be painful, but the pain would keep the team from falling even further behind. As they started figuring out new processes and systems, they encountered what they considered a core issue: Microsoft Excel. The Williams car build workbook, with roughly 20,000 individual parts, was "a joke," Vowles recently told The Race. "Impossible to navigate and impossible to update." This colossal Excel file lacked information on how much each of those parts cost and the time it took to produce them, along with whether the parts were already on order. Prioritizing one car section over another, from manufacture through inspection, was impossible, Vowles suggested.

"When you start tracking now hundreds of thousands of components through your organization moving around, an Excel spreadsheet is useless," Vowles told The Race. Because of the multiple states each part could be in -- ordered, backordered, inspected, returned -- humans are often left to work out the details. "And once you start putting that level of complexity in, which is where modern Formula 1 is, the Excel spreadsheet falls over, and humans fall over. And that's exactly where we are." The consequences of this row/column chaos, and the resulting hiccups, were many. Williams missed early pre-season testing in 2019. Workers sometimes had to physically search the team's factory for parts. The wrong parts got priority, other parts came late, and some piled up. And yet transitioning to a modern tracking system was "viciously expensive," Fry told The Race, and making up for the painful process required "humans pushing themselves to the absolute limits and breaking."

The idea that a modern Formula 1 team, building some of the most fantastically advanced and efficient machines on Earth, would be using Excel to build those machines might strike you as odd. F1 cars cost an estimated $12-$16 million each, with resource cap of about $145 million. But none of this really matters, and it actually makes sense, if you've ever worked IT at nearly any decent-sized organization. Then again, it's not even uncommon in Formula 1. When Sebastian Anthony embedded with the Renault team, he reported back for Ars in 2017 that Renault Sport Formula One's Excel design and build spreadsheet was 77,000 lines long -- more than three times as large as the Williams setup that spurred an internal revolution in 2023.

Every F1 team has its own software setup, Anthony wrote, but they have to integrate with a lot of other systems: Computational Fluid Dynamics (CFD) and wind tunnel results, rapid prototyping and manufacturing, and inventory. This leaves F1 teams "susceptible to the plague of legacy software," Anthony wrote, though he noted that Renault had moved on to a more dynamic cloud-based system that year. (Renault was also "a big Microsoft shop" in other areas, like email and file sharing, at the time.) One year prior to Anthony's excavation, Adam Banks wrote for Ars about the benefits of adopting cloud-based tools for enterprise resource planning (ERP). You adopt a cloud-based business management software to go "Beyond Excel." "If PowerPoint is the universal language businesses use to talk to one another, their internal monologue is Excel," Banks wrote. The issue is that all the systems and processes a business touches are complex and generate all kinds of data, but Excel is totally cool with taking in all of it. Or at least 1,048,576 rows of it. Banks cited Tim Worstall's 2013 contention that Excel could be "the most dangerous software on the planet." Back then, international investment bankers were found manually copying and pasting Excel between Excel sheets to do their work, and it raised alarm.

The macOS Sonoma 14.4 update introduces a bug affecting iCloud Drive's versioning system, where users with "Optimize Mac Storage" enabled can lose all previous versions of a file removed from local storage. MacRumors reports: Versions are normally created automatically when users save files using apps that work with the version system in macOS. According to The Eclectic Light Company's Howard Oakley, users running macOS 14.4 that have "Optimize Mac Storage" enabled should be aware that they are at risk of losing all previously saved versions of a file if they opt to remove it from iCloud Drive local storage: "In previous versions of macOS, when a file is evicted from local storage in iCloud Drive [using the Remove Download option in the right-click contextual menu], all its saved versions have been preserved. Download that file again from iCloud Drive, and versions saved on that Mac (but not other Macs or devices) have remained fully accessible. Do that in 14.4, and all previous versions are now removed, and lost forever."

Oakley said his own tests confirmed that this behavior does not happen in macOS Sonoma 14.3 or macOS Ventura, so it is exclusive to macOS 14.4. For users who have already updated, he suggests either not saving files to iCloud Drive at all, or turning off Optimize Mac Storage. To perform the latter in System Settings, click your Apple ID, select iCloud, and then toggle off the switch next to "Optimize Mac Storage." You may need to perform this action twice -- reports suggest it can turn back on by itself. For a more exhaustive account of the problem, see Oakley's subsequent post.