There are some 'usb devices over IP' software offerings that add a virtual USB root and can be used to connect USB devices that are physically connected to other hosts(obviously this works better with relatively low-bandwidth and latency-insensitive things; it's more about license dongles and USB to serial converters than video capture devices); so you do have options(and those offerings also tend to have explicit support for relatively easy switching of the USB devices being redirected between multiple hosts, if that's required); but it seems pretty unlikely that their virtual USB devices have gotten the same amount of probing that the vmware ones have, since they are relatively niche offerings vs. being the de-facto on-prem virtualization option(at least until Broadcom showed up).

Potentially still worth it, if you've got some absolutely unpatchable ESX host running at least one guest that must have USB, since the vulnerability on the vmware side is now a known one; but quite likely to not be a net gain in security vs. a patchable host; just given the relative amount of attention given.

There was a somewhat similar(also a bug in the virtual USB device allowing manipulation of the VM host from inside a guest with virtual USB a few years ago. There have also been a couple(CVE-2015-3456 and CVE-2021-3507) targeting the virtual floppy drive device.

They seem to be relatively rare; though tend to be pretty alarming when they do come up because their relative rarity means that people often treat a hypervisor as a reliable security boundary so there isn't necessarily a lot of backup built in to handle cases where that assumption is invalidated.

I don't know whether they'll be able to get past the requirement that Apple have sufficient market power in at least one of the tied products; but it seems like a pretty straightforward argument that iCloud is tied to iDevices in a number of ways that typically aren't wholly without justification(eg. having iCloud be the only thing you can restore from reduces the complexity of the first-run restore option because it can just assume iCloud; rather than Apple having to define an interface that 3rd party restore providers would offer or add a pre-restore app install section so that the relevant 3rd party app could be installed to provide the restore interface(the way 3rd party apps can snap into the "Files" app); but which are...awfully convenient...given Apple's margins on both cloud storage and higher storage phone models.

It probably doesn't help(if Apple seeks to make some sort of "we do it for the security of the people!" argument) that iOS historically(and still does, though it is much de-emphasized) supported either unencrypted or encrypted backups and restores over USB when directly connected to a computer; so clearly it was possible to design a backup mechanism for an untrusted storage medium back when cabled syncs were still general practice; and they specifically didn't bother to do that for networked backup and restore.

This seems like a pretty tenuous theory. There's a reasonably solid suspicion when businesses with clear connections to the cube farms, like restaurants and coffee places whose main draw is proximity to offices(and, typically, because of the way the zoning shakes down, significantly less proximity to things that aren't offices) are involved that people no longer seeing them as convenient, because they aren't in the office, or requiring their convenience, because it's a lot easier to make your own coffee when you don't have a commute.

This is a department store though: furniture, clothing, cosmetics, jewelry, housewares of various sorts. Am I claiming that literally nobody has ever popped over in an emergency after spilling coffee on their pants; or that it has never benefitted from being more convenient because it's on the way home from work? No, that sort of thing must happen at least occasionally. Do I buy that people drawn to the area by the fact that they work there are the primary audience for those sorts of (more typically) planned purchases? That seems like a hard sell.

I'm having a really, really, hard time seeing the case for transparency in a screen this small. Sure, if a screen is going to dominate your field of view there are cases where you might need to consider how the stuff onscreen is going to coexist with the rest of the world(though many more where the point is that your screen is dominating your field of view because you are working/gaming/watching a movie and not looking to be interrupted); but this isn't that screen.

Even your 17in 'desktop replacement'/'mobile workstation' monster just doesn't occupy that much of your field of view; especially when you can just tilt it down a trifle if you want it out of the way. I'm having a hard time seeing the virtues of totally ruining the quality of the screen space you do have in order to retain visibility of such a relatively small space that you can easily inspect at will just by moving your head.

That's crazy talk. Do you know how many supply-chain attacks we suspect of being in still-sealed packaging?

The fact that her husband was able to obtain the material nonpublic information she was handling(and without any signs of especially sophisticated or invasive surveillance methods) seems like pretty solid evidence of sloppy handling of sensitive internal data.

That's definitely less of a bad look than either insider trading or deliberately conspiring to feed information to the inside trader; but it's still easily the sort of inadequately careful handling of sensitive data that would not go well with any job whose description includes handling sensitive data.

Not being directly involved in the insider trading presumably made the firing a decision, rather than basically mandatory; but not an unjustifiable one.

Being able to store considerable internal stress, and sometimes decide to release it in response to seemingly trivial provocation, is pretty classic behavior for glass especially if it has been chemically toughened, worked or deformed without being annealed, etc.

Embarrassing for it to happen on such an expensive device, and from a vendor that does a lot of glass; but not a huge surprise from the material.

It's reasonably predictable that a fundie judge would rule this way; 'fetal personhood'/assorted pearl-clutching about early stage embryos and fertilized eggs has been a very popular tactic for anti-abortionists for some time time now; but actually taking a position that basically makes it impossible to do IVF legally seems like it could be risky overreach for them.

IVF is notably popular even among people who are allegedly "pro life". This is particularly dramatically visible in the fact that, technically, the Catholic Church's position is that IVF is super bad; but the laity are basically in favor of it and its not something that the Church is typically willing to actually try to argue with people about: they'll deny communion to politicians for not being against abortion hard enough; but(while they won't deny their position on IVF, it's all there in writing) you basically never hear about it; unless someone proposes that it should be readily available to the unmarried or homosexuals: as a mechanism for married heterosexuals with fertility issues it's just too popular. Protestant denominations aren't even necessarily against it; and the ones that are tend to take a pretty similar position in practice: they shut the hell up about it unless it's being used by someone they don't approve of.

This judge gets to score his points(albeit in a ruling that was practically written to be overturned on establishment clause grounds by a higher court); but I can't see "Nope, you can't get IVF anymore" going over well even among the pious pro-lifers.

You don't even need to wait for that scenario to arise: successful uterine implant rate of fertilized eggs is well below 100% even in young, healthy, women under typical conditions; with various 'spontaneous abortion' and miscarriage events further along also pretty common.

IVF makes the failures a lot more visible, since people are watching closely and attempts are expensive; but human reproduction simply can't be done(on average; obviously there's someone who has managed to implant and carry to term all eggs ever fertilized) without significant attrition of fertilized eggs and embryos of various stages(with spontaneous losses more common early; but continuing right up to full terms stillbirths).

A sympathetic observer would probably try to argue something about intention: that it's somehow different to deliberately toss the excess after an IVF round is finished than it is to know that what you are doing is probably going to result in a bunch of failures to implant or early stage spontaneous abortions; but you won't actually be making the choice on those.

I'm not sure that's really viable: in a variety of circumstances we recognize that doing something in the full knowledge of the bad outcomes it is likely to have is seriously morally problematic(typically not quite as bad as outright murder, instead it's "reckless negligence" or "depraved indifference" or something). Whether you are talking IVF or natural attempted reproduction is only really morally defensible if the destruction of some fertilized eggs and early stage embryos is either simply not an issue, or vaguely unfortunate but so much less important than getting the child you are interested in as to basically not matter.

I assume that (barring some of the really fly-by-night ones who focus on being gone by the time anyone goes to investigate; rather than just being technically legal) do sport some variation on the "Not Intended to Diagnose, Treat, Cure or Prevent Any Disease" quack-Miranda you see on every "dietary supplement".

It seems likely that the FDA is concerned(probably not entirely unreasonably) that the 'it's not a medical device; it's just for quantified wellness!" tech guys, mostly harmless when selling new numbers to obsess over to the basically healthy, are going to cause some real trouble if their technically-not-illegal marketing claims sway anyone whose life does, in fact, depend on accurate blood glucose numbers and responding to them appropriately.

It wouldn't be surprising if, as a cultural thing, cautious FDA validation wonks don't really much like the people selling lightweight lifestyle hypochondria at tech gadget prices; but they don't have regulatory authority and if it's just mostly-healthy people fretting over numbers that normally take care of themselves it's a pretty low priority. If actual diabetics get into it, though, (as you could see them wanting to; noninvasive is definitely a compelling sales pitch) any shortcomings are going to turn into bad outcomes fairly quickly.

I'm not sure what the grant landscape looks like for optical CGMs, or related technology, specifically; but I don't think that the FDA does much medical research funding. Lots of food safety and some laboratory standards and development for the sort of wide-scale testing that food safety requires; but for drugs and medical devices they are mostly just in charge of judging clinical trials and postmarket reporting; not running their own.

The Feds as a whole do a fairly substantial amount; but FDA research money is largely for food safety related stuff. Not entirely, I had a quick poke through taggs.hss.gov and there were some FDA grants and cooperative agreements for 'prospective' and "phase 2" trials of a few directly medical things(didn't see blood glucose, might have missed it, I'm not a huge federal database wonk); but one of the other HHS divisions is probably a more likely bet(CDC has a slightly epidemiological bent; but enough interest in public health stuff that diabetes is probably on the menu. HRSA looks more closely focused on capacity to handle specific difficult patient populations; but you might be able to sell low-invasiveness CGM improvements as a major boon to telehealth-based diabetes management. NIH is probably the best bet if you want to do some straight medical R&D.

Thereâ(TM)s probably some pure organization problem: not all the equipment is going to even be from the same vendor, so coordination of different alarm sounds for different purposes or severity is going to be a challenge; and then thereâ(TM)s the asymmetrical incentives: everyone knows that alarm fatigue is bad, in a vague theoretical way, and that we should be minimizing noise to avoid distracted mistakes; but being the guy who signed off on disabling the cardiac anomaly beeper because itâ(TM)s mostly nonsense is real awkward when it turns out that this time it was a real event and now the dead patientâ(TM)s family is suing.

Itâ(TM)s certainly possible that some genuinely useless alarms have snuck through; but my suspicion would be that most of the noise is competing alarms that are poor UX in context; but just meaningful enough to be defensible in isolation.

Is this study actually telling us anything about the sounds, or just about response to novel sounds vs. overwhelmingly habituated ones?

I donâ(TM)t doubt that novel musical tones got better response that that-spurious-out-of-range-alarm-thatâ(TM)s-never-worth-checking; but would that remain the case if you started hammering people with spurious musical alarms?

This guy can do whatever he wants, of course, he doesn't work for them anymore and the license allows forking; but it seems like a bizarrely small dispute to take such action over(unless it's just the proximate cause and there were longer-running togetherness problems).

Both parties agreed that there was a bug; corporate said that the affected code was in use by some customers and wanted to issue a CVE; devs apparently wanted to treat it as a just-a-bug-that-has-security-implications-but-doesn't-need-a-CVE-for-reasons; and that is the corpo oppression that shows that nginx is no longer in the public interest?

I could see if it were the other way around, and F5 was demanding silence and secrecy in order to downplay their vulnerability numbers; but how could warning whoever is using the experimental feature that they'd better take mitigation steps until it is fixed be a problem? If it's really that experimental almost nobody will care, and a few people will be helped. Is there something I'm missing?