×
Encryption

The US Navy, NATO, and NASA Are Using a Shady Chinese Company's Encryption Chips (wired.com) 10

New submitter ole_timer shares a report from Wired: TikTok to Huawei routers to DJI drones, rising tensions between China and the US have made Americans -- and the US government -- increasingly wary of Chinese-owned technologies. But thanks to the complexity of the hardware supply chain, encryption chips sold by the subsidiary of a company specifically flagged in warnings from the US Department of Commerce for its ties to the Chinese military have found their way into the storage hardware of military and intelligence networks across the West. In July of 2021, the Commerce Department's Bureau of Industry and Security added the Hangzhou, China-based encryption chip manufacturer Hualan Microelectronics, also known as Sage Microelectronics, to its so-called "Entity List," a vaguely named trade restrictions list that highlights companies "acting contrary to the foreign policy interests of the United States." Specifically, the bureau noted that Hualan had been added to the list for "acquiring and ... attempting to acquire US-origin items in support of military modernization for [China's] People's Liberation Army."

Yet nearly two years later, Hualan -- and in particular its subsidiary known as Initio, a company originally headquartered in Taiwan that it acquired in 2016 -- still supplies encryption microcontroller chips to Western manufacturers of encrypted hard drives, including several that list as customers on their websites Western governments' aerospace, military, and intelligence agencies: NASA, NATO, and the US and UK militaries. Federal procurement records show that US government agencies from the Federal Aviation Administration to the Drug Enforcement Administration to the US Navy have bought encrypted hard drives that use the chips, too. The disconnect between the Commerce Department's warnings and Western government customers means that chips sold by Hualan's subsidiary have ended up deep inside sensitive Western information networks, perhaps due to the ambiguity of their Initio branding and its Taiwanese origin prior to 2016. The chip vendor's Chinese ownership has raised fears among security researchers and China-focused national security analysts that they could have a hidden backdoor that would allow China's government to stealthily decrypt Western agencies' secrets. And while no such backdoor has been found, security researchers warn that if one did exist, it would be virtually impossible to detect it.

"If a company is on the Entity List with a specific warning like this one, it's because the US government says this company is actively supporting another country's military development," says Dakota Cary, a China-focused research fellow at the Atlantic Council, a Washington, DC-based think tank. "It's saying you should not be purchasing from them, not just because the money you're spending is going to a company that will use those proceeds in the furtherance of another country's military objectives, but because you can't trust the product." [...] The mere fact that so many Western government agencies are buying products that include chips sold by the subsidiary of a company on the Commerce Department's trade restrictions list points to the complexities of navigating the computing hardware supply chain, says the Atlantic Council's Cary. "At minimum, it's a real oversight. Organizations that should be prioritizing this level of security are apparently not able to do so, or are making mistakes that have allowed for these products to get into their environments," he says. "It seems very significant. And it's probably not a one-off mistake."

Security

Security Expert Defeats Lenovo Laptop BIOS Password With a Screwdriver (tomshardware.com) 19

Cybersecurity experts at CyberCX have demonstrated a simple method for consistently accessing older BIOS-locked laptops by shorting pins on the EEPROM chip with a screwdriver, enabling full access to the BIOS settings and bypassing the password. Tom's Hardware reports: Before we go further, it is worth pointing out that CyberCX's BIOS password bypass demonstration was done on several Lenovo laptops that it had retired from service. The blog shows that the easily reproducible bypass is viable on the Lenovo ThinkPad L440 (launched Q4 2013) and the Lenovo ThinkPad X230 (launched Q3 2012). Other laptop and desktop models and brands that have a separate EEPROM chip where passwords are stored may be similarly vulnerable. [...] From reading various documentation and research articles, CyberCX knew that it needed to follow the following process on its BIOS-locked Lenovo laptops: Locate the correct EEPROM chip; Locate the SCL and SDA pins; and Short the SCL and SDA pins at the right time.

Checking likely looking chips on the mainboard and looking up series numbers eventually lead to being able to target the correct EEPROM. In the case of the ThinkPad L440, the chip is marked L08-1 X (this may not always be the case). An embedded video in the CyberCX blog post shows just how easy this 'hack' is to do. Shorting the L08-1 X chip pins requires something as simple as a screwdriver tip being held between two of the chip legs. Then, once you enter the BIOS, you should find that all configuration options are open to be changed. There is said to be some timing needed, but the timing isn't so tight, so there is some latitude. You can watch the video for a bit of 'technique.'

CyberCX includes some quite in-depth analysis of how its BIOS hack works and explains that you can't just short the EEPROM chips straight away as you turn the machine on (hence the need for timing). Some readers may be wondering about their own laptops or BIOS-locked machines they have seen on eBay and so on. CyberCX says that some modern machines with the BIOS and EEPROM packages in one Surface Mount Device (SMD) would be more difficult to hack in this way, requiring an "off-chip attack." The cyber security firm also says that some motherboard and system makers do indeed already use an integrated SMD. Those particularly worried about their data, rather than their system, should implement "full disk encryption [to] prevent an attacker from obtaining data from the laptop's drive," says the security outfit.

Hardware

M2 Max Is Basically An M1 Ultra, and M2 Ultra Nearly Doubles the Performance (9to5mac.com) 8

The new Mac Studio started shipping to customers this week, giving product reviewers a chance to test Apple's "most capable chip ever." According to new benchmarks by YouTuber Luke Miani, the M2 Ultra features nearly double the GPU performance of last year's M1 Ultra, with notable performance improvements in other areas. 9to5Mac reports: While the M1 Max and M1 Ultra are blazing fast, the difference between the two wasn't as notable as some expected. In many tasks, the much cheaper M1 Max wasn't too far off from the top-end M1 Ultra variant, especially in video editing, photo editing, and 3D rendering. Despite the M1 Ultra literally being 2 M1 Max's fused, the performance was never doubled. For the M2 series, Apple has made some significant changes under the hood, especially in GPU scaling. In Luke's testing, he found that in some GPU heavy applications, like Blender 3D and 3DMark, the M2 Ultra was sometimes precisely twice the performance of M2 Max -- perfect GPU scaling! In Final Cut Pro exports, it nearly doubled again. He also found that the M2 Ultra doubled the GPU performance of the M1 Ultra in these same benchmarks -- a genuinely remarkable year-over-year upgrade.

The reason for the massive performance improvement is that Apple added a memory controller chip to the M2 generation that balances the load between all of M2 Ultra's cores -- M1 Ultra required the ram to be maxed out before using all cores. M1 Ultra was very good at doing many tasks simultaneously but struggled to do one task, such as benchmarking or rendering, faster than the M1 Max. With M2 Ultra, because of this new memory controller, Apple can now achieve the same incredible performance without the memory buffer needing to be maxed out. It's important to note that some applications cannot take advantage of the M2 Ultra fully, and in non-optimized applications, you should not expect double the performance.

Despite this incredible efficiency and performance, the better deal might be the M2 Max. In Luke's testing, the M2 Max performed very similarly or outperformed last year's M1 Ultra. In Blender, Final Cut Pro, 3DMark, and Rise of the Tomb Raider, the M2 Max consistently performed the same or better than the M1 Ultra. Instead of finding an M1 Ultra on eBay, it might be best to save money and get the M2 Max if you're planning on doing tasks that heavily utilize the GPU. While the GPU performance is similar, the M1 Ultra still has the advantage of far more CPU cores, and will outperform the M2 Max in CPU heavy workloads.

Businesses

Xi Jinping Tells Bill Gates He Welcomes US AI Tech In China (reuters.com) 6

Chinese President Xi Jinping met with Bill Gates to discuss the global rise of artificial intelligence, expressing his support for U.S. companies bringing their AI technology to China. Reuters reports: Xi also discussed Microsoft's business development in China during their meeting in Beijing, one of the sources said. The comments on AI made at the meeting between Xi and Gates were not disclosed in reports of the meeting published by Chinese state media or in a Friday post by Gates reflecting on his China trip. Xi has previously said China needs to seize opportunities to use AI to drive economic development, but has also cautioned about its risks, with the country weighing up a new law on the technology as well as rules for generative AI.
Businesses

iPhone Maker Foxconn To Switch To Cars As US-China Ties Sour (bbc.com) 7

An anonymous reader quotes a report from the BBC: iPhone maker Foxconn is betting big on electric cars and redrawing some of its supply chains as it navigates a new era of icy Washington-Beijing relations. In an exclusive interview, chairman and boss Young Liu told the BBC what the future may hold for the Taiwanese firm. He said even as Foxconn shifts some supply chains away from China, electric vehicles (EVs) are what will drive its growth in the coming decades. As US-China tensions soar, Mr Liu said, Foxconn must prepare for the worst.

"We hope peace and stability will be something the leaders of these two countries will keep in mind," 67-year-old Mr Liu told us, in his offices in Taipei, Taiwan's capital. "But as a business, as a CEO, I have to think about what if the worst case happens?" The scenarios could include attempts by Beijing to blockade Taiwan, which it claims as part of China, or worse, to invade the self-ruled island. Mr Liu said "business continuity planning" was already under way, and pointed out that some production lines, particularly those linked to "national security products" were already being moved from China to Mexico and Vietnam. He was likely to be referring to servers Foxconn makes that are used in data centers, and can contain sensitive information. [...]

Foxconn's hopes to capture about 5% of the global electric vehicle market in the next few years -- an ambitious target given the firm has only made a handful of models so far. But it is a gamble that Mr Liu is confident will pay off. "It doesn't make sense for you to make [EVs] in one place, so regionalized production for cars is very natural," he added. Foxconn car factories will be based in Ohio in the US, in Thailand, Indonesia and perhaps even in India, he said. For now, the company will keep focusing on what it does best -- making electronic products for clients. But perhaps not too far in the future, Foxconn will do the same for clients with electric cars. Either way, with the foray into electric cars, Foxconn is diversifying not just production but also supply lines -- both of which, Mr Liu believes, hold the key to the company's future.

XBox (Games)

Microsoft Is No Longer Making New Games For the Xbox One (engadget.com) 6

Microsoft says it is no longer making games for the Xbox One but will continue to support ongoing previous-generation titles like Minecraft and Halo Infinite. Engadget reports: "We've moved on to gen 9," Xbox Game Studios head Matt Booty told Axios, referring to the Xbox Series X/S consoles. The company also makes its games for PC. This move had to happen at some point to avoid newer and more complex games being hamstrung by the hardware limitations of the decade-old Xbox One. Still, it'll be possible for those clinging onto an Xbox One to play Series X/S titles such as Starfield and Forza Motorsport through Xbox Cloud Gaming. "That's how we're going to maintain support," Booty said.

The move away from Xbox One will free Microsoft's teams from the shackles of the previous generation. However, some third-party developers have raised concerns that the Xbox Series S, which is less powerful than the Series X, is holding them back too. Booty conceded that making sure games run well on the Series S requires "more work." Still, he noted Microsoft's studios (particularly those working on their second games for this generation of consoles) are now able to better optimize their projects for the Series S.

Government

Daniel Ellsberg, Who Leaked the Pentagon Papers, Is Dead At 92 (nytimes.com) 17

Daniel Ellsberg, a military analyst who leaked what came to be known as the Pentagon Papers, died on Friday at the age of 92. The cause was pancreatic cancer. The New York Times reports: The disclosure of the Pentagon Papers -- 7,000 government pages of damning revelations about deceptions by successive presidents who exceeded their authority, bypassed Congress and misled the American people -- plunged a nation that was already wounded and divided by the war deeper into angry controversy. It led to illegal countermeasures by the White House to discredit Mr. Ellsberg, halt leaks of government information and attack perceived political enemies, forming a constellation of crimes known as the Watergate scandal that led to the disgrace and resignation of President Richard M. Nixon. And it set up a First Amendment confrontation between the Nixon administration and The New York Times, whose publication of the papers was denounced by the government as an act of espionage that jeopardized national security. The U.S. Supreme Court upheld the freedom of the press.

Mr. Ellsberg was charged with espionage, conspiracy and other crimes and tried in federal court in Los Angeles. But on the eve of jury deliberations, the judge threw out the case, citing government misconduct, including illegal wiretapping, a break-in at the office of Mr. Ellsberg's former psychiatrist and an offer by President Nixon to appoint the judge himself as director of the Federal Bureau of Investigation. "The demystification and de-sanctification of the president has begun," Mr. Ellsberg said after being released. "It's like the defrocking of the Wizard of Oz." The story of Daniel Ellsberg in many ways mirrored the American experience in Vietnam, which began in the 1950s as a struggle to contain communism in Indochina and ended in 1975 with humiliating defeat in a corrosive war that killed more than 58,000 Americans and millions of Vietnamese, Cambodians and Laotians. [...]
Over the years, Ellsberg was mentioned on Slashdot several times. In late 2000, Ellsberg was mentioned in a story about Clinton's veto of what would have been a new law to prevent leaks of classified information.

Ellsberg also expressed his support for WikiLeaks founder Julian Assange in 2010 and called Edward Snowden the "greatest patriot whistleblower of our time."

He was also featured in a Slashdot story for his view on the growing role of internet companies in the public sphere. In 2011, Ellsberg said companies such as Google, Facebook, and Twitter need to take a stand and push back on excessive requests for personal data.
Businesses

Wargraphs, a Gaming Startup With Only One Employee and No Outside Funding, Sells For $54 Million (techcrunch.com) 7

An anonymous reader quotes a report from TechCrunch: Wargraphs, a one-man-band startup behind a popular companion app for League of Legends called Porofessor, which helps players track and improve their playing stats, is getting acquired for up to [$54 million], half up front and half based on meeting certain earnings and growth targets. MOBA Networks, a company founded out of Sweden that buys, grows and runs online gaming communities (MOBA is short for "multiplayer online battle arena"), is buying the startup and its existing products. The plan is to expand them to more markets, in particular across Asia, and to build analytics for more titles.

I write "startup", but that might be with the loosest interpretation of the term. There is only a single employee, the mild-mannered Jean-Nicholas, and he has also entirely bootstrapped the business on his own. But that hasn't held him back. Wargraphs currently also builds analytics for Legends of Runeterra and Teamfight Tactics, but the League of Legends business has been its biggest it by far. Porofessor has had 10 million downloads of its app on Overwolf -- which is where Porofessor was built -- and more than 1.25 million daily active users if you combine traffic both from that platform and its own direct website. The company, such as it is, has been around for some 10 years, has pretty much always been profitable with revenues of 12.3 million euros in its last fiscal year.
Jean-Nicholas told TechCrunch's Ingrid Lunden that he wants to build "a game" next. "Specifically, a card game that will compete against Hearthstone, coincidentally published by Activision Blizzard," writes Lunden. "He has no plans to raise outside funding for this, but he might hire an employee or two."
Earth

Action To Tackle Air Pollution Failing To Keep Up With Research 26

Globally, outdoor air pollution is second only to tobacco as greatest cause of lung and respiratory cancers. From a report: This year marks a decade since the International Agency for Research on Cancer (IARC) gathered in Lyon, France, to unanimously declare that air pollution caused cancer in humans. Air pollution was classified as a type 1 carcinogen, the most certain category possible. This was mainly based on more than 20 years of research in particle pollution and lung cancer. The number of research studies has almost doubled since the IARC meeting in Lyon, with even more evidence on lung cancer in never-smokers, but governmental action to reduce air pollution has not kept up.

Globally, outdoor air pollution is second only to tobacco as the greatest cause of lung and respiratory cancers. This holds true in almost all parts of the world, with a notable exception of low-income countries where people (especially women and children) also breathe smoke in their homes from cooking on open fires. In the past 10 years new studies have linked air pollution to other cancers, including breast and bladder cancer. These have also been associated with nitrogen dioxide, a pollutant from diesel traffic that is being targeted by low emissions zones in many cities. There is emerging evidence of links to childhood leukaemia too. For those people with lung cancer, smokers and never-smokers, their prognosis and survival appears to be reduced if they live in a polluted area. Research includes a recent study of more than a quarter of a million people with lung cancer in Pennsylvania. This raises questions about the impact of air pollution on the way that cancer progresses and how it may change the effectiveness of chemotherapy.
Security

Millions of Americans' Personal Data Exposed in Global Hack (cnn.com) 14

Millions of people in Louisiana and Oregon have had their data compromised in the sprawling cyberattack that has also hit the US federal government, state agencies said late Thursday. From a report: The breach has affected 3.5 million Oregonians with driver's licenses or state ID cards, and anyone with that documentation in Louisiana, authorities said. The Louisiana governor's office did not put a number on the number of victims but over 3 million Louisianians hold driver's licenses, according to public data. The states did not blame anyone in particular for the hack, but federal officials have attributed a broader hacking campaign using the same software vulnerability to a Russian ransomware gang. The sweeping hack has likely exposed data at hundreds of organizations across the globe and also compromised multiple US federal agencies, including the Department of Energy, as well as data from major corporations in Britain like the BBC and British Airways. The Russian-speaking hackers that claimed credit are known to demand multimillion-dollar ransoms, though US and state governments say they have not received any demands.
Science

Venture Capital's AI-Run Lettuce Farms Start To Go Bust (bloomberg.com) 60

The pitch for vertical farming had all the promise of a modern venture capital dream: a new way to grow crops that would use robots and artificial intelligence to conserve water, combat food insecurity and save the environment. But after firms poured billions of dollars into these startups, pushing valuations into the stratosphere, the industry is now facing a harsh new reality: funding is drying up, profits remain elusive, and creditors are circling. From a report: AeroFarms last week became the latest, most high-profile example of the challenges facing the business, filing for bankruptcy after building a massive new facility in Virginia that drained its cash, according to court papers. Its collapse comes on the heels of lettuce grower Kalera seeking court protection in April. And in May, publicly traded AppHarvest, which operates high-tech greenhouses, received a notice of default from one of its investors, according to a regulatory filing. The company contests the default notice, but if it can't reach an agreement with its creditors, the firm warned it could become "bankrupt or insolvent."

"We really were in a hype cycle," said Vonnie Estes, vice president of innovation for the International Fresh Produce Association. Venture capitalists entered the scene in a frenzy, likening these companies to software firms, and expecting comparable returns. "There was a lot of money that rushed in without really understanding that this is actually just farming." Industry experts still say that indoor farming is a crucial piece of agriculture's future, especially as climate change spurs more destructive wildfires and floods. Nonetheless, the ability of vertical farms to carve out meaningful market share on a national scale could be years away, they note.

Businesses

FCC Chair To Investigate Exactly How Much Everyone Hates Data Caps (arstechnica.com) 49

Federal Communications Commission Chairwoman Jessica Rosenworcel wants the FCC to open a formal inquiry into how data caps harm Internet users and why broadband providers still impose the caps. The inquiry could eventually lead to the FCC regulating how Internet service providers such as Comcast impose limits on data usage. From a report: Rosenworcel yesterday announced that she asked fellow commissioners to support a Notice of Inquiry on the topic. Among other things, the Notice would seek comment from the public "to better understand why the use of data caps continues to persist despite increased broadband needs of consumers and providers' demonstrated technical ability to offer unlimited data plans."

The inquiry would also seek comment on "trends in consumer data usage... on the impact of data caps on consumers, consumers' experience with data caps, how consumers are informed about data caps on service offerings, and how data caps impact competition." Finally, Rosenworcel wants to seek comment about the FCC's "legal authority to take actions regarding data caps." "In particular, the agency would like to better understand the current state of data caps, their impact on consumers, and whether the Commission should consider taking action to ensure that data caps do not cause harm to competition or consumers' ability to access broadband Internet services," the press release said.

AI

Meta Wants Companies To Make Money Off Its Open-Source AI, in Challenge To Google (theinformation.com) 10

Meta Platforms CEO Mark Zuckerberg and his deputies want other companies to freely use and profit from new artificial intelligence software Meta is developing, a decision that could have big implications for other AI developers and businesses that are increasingly adopting it. The Information: Meta is working on ways to make the next version of its open-source large-language model -- technology that can power chatbots like ChatGPT -- available for commercial use, said a person with direct knowledge of the situation and a person who was briefed about it. The move could prompt a feeding frenzy among AI developers eager for alternatives to proprietary software sold by rivals Google and OpenAI. It would also indirectly benefit Meta's own AI development.

[...] Meta stands to gain from releasing open-source AI models. As developers adopt and improve those models or patch their security holes, Meta will be able to incorporate those improvements in AI models for its own consumer and advertising products, Zuckerberg said in an April call with stock analysts. For instance, Zuckerberg has said he wants small businesses and content creators that use Facebook's apps to have access to "AI agents" who can act on their behalf by automatically communicating with fans or customers. "LLaMA or the language model underlying this is basically going to be the engine that powers that," he said in an interview last week with podcaster Lex Fridman.

Games

Valve Gives Steam Its Biggest Update and Redesign in Years 19

An anonymous reader shares a report: PC gamers could easily make a joke that three things in life never change: death, taxes, and the classic look of Steam. One of those things just changed, though; Valve just released the most substantial overhaul to Steam in years, including a visual makeover and several new features. Further, the company has brought the Mac and Linux versions of Steam closer to parity with the historically superior Windows version. Valve says "the most impactful changes" are actually under the hood. The company's developers put effort into achieving greater consistency between how things work in Steam for desktop, the TV-oriented Big Picture mode, and Steam Deck. This codebase overhaul means that new features that come to the desktop version of Steam can simultaneously ship on Steam Deck with minimal effort.

As for stuff that's visible to users, though, the entire application's look has been overhauled and modernized. In most cases, things are more or less where they used to be in the interface -- they just look a little different, with new fonts, colors, sizes, and so on. That said, the in-game overlay has received a more significant overhaul, as did notifications. Steam users have access to more customizations about how and when notifications are displayed, and the notifications panel displays only new notifications, with a "view all" button for digging into older ones. In general, the overlay has more information about the game you're playing, from achievement progress to playing time and beyond. Valve has made big changes to the controller configurator from the Steam Deck, which is now part of the overlay whenever a game is connected.
EU

EU Votes To Bring Back Replaceable Phone Batteries 136

What's old is new again, at least in the European Union. The European Parliament recently voted in favor of new legislation that would overhaul the entire battery life cycle, from design to end-of-life, which includes important caveats for smartphone users. From a report: Among the many changes, the new rules would require batteries in consumer devices like smartphones to be easily removable and replaceable. That's far from the case today with most phones, but that wasn't always the case.

Slashdot Top Deals