One of the Mac's built-in malware detection tools may not be working quite as well as you think. From a report: At the Defcon hacker conference in Las Vegas, longtime Mac security researcher Patrick Wardle presented findings today about vulnerabilities in Apple's macOS Background Task Management mechanism, which could be exploited to bypass and, therefore, defeat the company's recently added monitoring tool. There's no foolproof method for catching malware on computers with perfect accuracy because, at their core, malicious programs are just software, like your web browser or chat app. It can be difficult to tell the legitimate programs from the transgressors. So operating system makers like Microsoft and Apple, as well as third-party security companies, are always working to develop new detection mechanisms and tools that can spot potentially malicious software behavior in new ways.

Apple's Background Task Management tool focuses on watching for software "persistence." Malware can be designed to be ephemeral and operate only briefly on a device or until the computer restarts. But it can also be built to establish itself more deeply and "persist" on a target even when the computer is shut down and rebooted. Lots of legitimate software needs persistence so all of your apps and data and preferences will show up as you left them every time you turn on your device. But if software establishes persistence unexpectedly or out of the blue, it could be a sign of something malicious. With this in mind, Apple added Background Task Manager in macOS Ventura, which launched in October 2022, to send notifications both directly to users and to any third-party security tools running on a system if a "persistence event" occurs. This way, if you know you just downloaded and installed a new application, you can disregard the message. But if you didn't, you can investigate the possibility that you've been compromised.

An anonymous reader quotes a report from CNN: A group of teenage hackers managed to breach some of the world's biggest tech firms last year by exploiting systemic security weaknesses in US telecom carriers and the business supply chain, a US government review of the incidents has found, in what is a cautionary tale for America's critical infrastructure. The Department of Homeland Security-led review of the hacks, which was shared exclusively with CNN, determined US regulators should penalize telecom firms with lax security practices and Congress should consider funding programs to steer American youth away from cybercrime. The investigation of the hacks -- which hit companies like Microsoft and Samsung -- found that, in general, it was far too easy for the cybercriminals to intercept text messages that corporate employees use to log into systems. [...]

"It is highly concerning that a loose band of hackers, including a number of teenagers, was able to consistently break into the best-defended companies in the world," Homeland Security Secretary Alejandro Mayorkas told CNN in an interview, adding: "We are seeing a rise in juvenile cybercrime." After a series of high-profile cyberattacks marked his first four months in office, President Joe Biden established the DHS-led Cyber Safety Review Board in 2021 to study the root causes of major hacking incidents and inform policy on how to prevent the next big cyberattack. Staffed by senior US cybersecurity officials and executives at major technology firms like Google, the board does not have regulatory authority, but its recommendations could shape legislation in Congress and future directives from federal agencies. [...]

The board's first review, released in July 2022, concluded that it could take a decade to eradicate a vulnerability in software used by thousands of corporations and government agencies worldwide. The second review, to be released Thursday, focused on a band of young criminal hackers based in the United Kingdom and Brazil that last year launched a series of attacks on Microsoft, Uber, Samsung and identity management firm Okta, among others. The audacious hacks were often followed by extortion demands and taunts by hackers who seemed to be out for publicity as much as they were for money. The hacking group, known as Lapsus$, alarmed US officials because they were able to embarrass major tech firms with robust security programs. "If richly resourced cybersecurity programs were so easily breached by a loosely organized threat actor group, which included several juveniles, how can organizations expect their programs to perform against well-resourced cybercrime syndicates and nation-state actors?" the Cyber Safety Review Board's new report states. Lapsus$, as well as other hacking groups, conduct "SIM-swapping" attacks that can take over a victim's phone number by having it transferred to another device, thereby gaining access to 2FA security codes and personal messages. These can then be used to reveal login credentials and access financial information.

"The board wants telecom carriers to report SIM-swapping attacks to US regulatory agencies, and for those agencies to penalize carriers when they don't adequately protect customers from such attacks," reports CNN.

Paramount said on Monday it had reached a deal to sell Simon and Schuster, one of the biggest and most prestigious publishing houses in the United States, to the private-equity firm KKR, in a major changing of the guard in the books business. From a report: The deal, for $1.62 billion, will put control of the cultural touchstone behind authors like Stephen King and Bob Woodward in the hands of a financial buyer with an expanding presence in the publishing industry. While private equity investors have had a significant footprint in the book business --different firms have owned literary agencies, publishing houses and the retailer Barnes & Noble -- the acquisition of one of the largest publishers in the country vastly increases the hold of financial interests in the business.

[...] Since Simon & Schuster was first put up for sale in 2020, many in the publishing industry have fretted over where the company might land. A sale to another publisher would mean the new management would understand the book business. But it would also mean further consolidation in the industry, with potentially fewer players available to bid on big books, and the chance of layoffs as redundant jobs were eliminated. It could also raise regulatory scrutiny: Paramount's first attempt to sell Simon & Schuster, to Penguin Random House in 2020, was derailed by government antitrust concerns.

Even Zoom is now telling its 8,400 employees to stop working remotely at least two days a week and return to the office. The policy applies to employees within 50 miles of a Zoom office ith a Zoom spokesperson calling this hybrid approach the "most effective".

Business Insider quips that Zoom making the move means "The remote work revolution is officially dead."

And earlier this week The Los Angeles Times argues that "After watching and waiting, some chaotic back-and-forth and a few false starts, the white-collar American workforce appears to be settling — for now — in a hybrid mode." Even as more corporations are moving to call workers back to the office, arguing it's better for preserving company culture and decision-making, few employers have required employees to work on-site five days a week. Most are like Meta and Los Angeles-based Farmers Group, which recently announced that most employees who had been working remotely will have to come in three days a week starting in September.

Some firms have backtracked in favor of a more flexible system, or put return-to-office plans on ice, because of worker resistance and other changes wrought by the pandemic... [M]any other companies have stayed silent on the issue of remote work, maintaining vague or largely unenforced policies as they wait to see where the struggle ends. More unions, including the guild at the Los Angeles Times, are wrestling with management over remote work, which has become a top labor issue. For all these reasons, the overall amount of work done from home has held remarkably steady this year at about 28%, according to monthly surveys of thousands of workers by WFH Research, a group including Stanford and the University of Chicago. That's way up from roughly 5% of work done at home before COVID-19.

And there are some signs that employers are giving workers greater flexibility in their work schedules and when they can work from home. In a nationwide survey conducted last month for The Times by polling firm Leger, 27% of full-time workers said their employers had become more lenient over the last year about working remotely. Only 15% said their employers got stricter. Most of the rest said there was no change. Leger's survey showed that 11% of full-time employees work 100% from home, and 31% work a hybrid schedule, with most saying they choose which days to come into the office. The remainder said that they work fully on company premises or that their jobs aren't compatible with at-home work. These results line up almost exactly with WFH data...

Rob Sadow, chief executive at Scoop Technologies, a firm specializing in flexible-work software and research, says the percentages of employers that are fully remote and fully in-office have both declined since the start of the year. What's grown in their place is a "structured" hybrid model in which employees and employers have essentially split the difference. "This two to three days a week is starting to feel like a pretty decent, happy medium," Sadow said. "Executives and employees are finding somewhat of a truce in terms of how much time is spent in the office and at home."
The article also points out that "Some employees have quit and moved to more remote-work friendly firms."

Threads, Meta's Twitter rival, is struggling to retain users roughly a month after its highly publicized launch, according to fresh industry estimates showing that app engagement has fallen to new lows. From a report: The data from market research firms Similarweb and Sensor Tower highlight the challenges facing Meta as it seeks to exploit the opening created by the chaos surrounding Twitter's management. Threads' daily active user count is down 82% from launch as of July 31, according to Sensor Tower, with just eight million users accessing the app each day.

That is the lowest it has been since the day after the app's release when daily active users peaked at roughly 44 million, Sensor Tower said. People are also opening the app less frequently and spending less time there, Sensor Tower added. On its launch day, Threads users opened the app an average of 14 times and spent an average of 19 minutes scrolling through it, the company reported. By the end of the month, however, those figures had fallen sharply.

A new study found that people working in finance, sales and managerial roles are much more likely than others on average to think their jobs are useless or unhelpful to others. Phys.Org reports: The study, by Simon Walo, of Zurich University, Switzerland, is the first to give quantitative support to a theory put forward by the American anthropologist David Graeber in 2018 that many jobs were "bullshit" -- socially useless and meaningless. Researchers had since suggested that the reason people felt their jobs were useless was solely because they were routine and lacked autonomy or good management rather than anything intrinsic to their work, but Mr. Walo found this was only part of the story.

He analyzed survey data on 1,811 respondents in the U.S. working in 21 types of jobs, who were asked if their work gave them "a feeling of making a positive impact on community and society" and "the feeling of doing useful work." The American Working Conditions Survey, carried out in 2015, found that 19% of respondents answered "never" or "rarely" to the questions whether they had "a feeling of making a positive impact on community and society" and "of doing useful work" spread across a range of occupations.

Mr. Walo adjusted the raw data to compare workers with the same degree of routine work, job autonomy and quality of management, and found that in the occupations Graeber thought were useless, the nature of the job still had a large effect beyond these factors. Those working in business and finance and sales were more than twice as likely to say their jobs were socially useless than others. Managers were 1.9 more likely to say this and office assistants 1.6 times. [...] Law was the only occupation cited by Graeber as useless where Mr. Walo found no statistically significant evidence that staff found their jobs meaningless. Mr. Walo also found that the share of workers who consider their jobs socially useless is higher in the private sector than in the non-profit or the public sector. The study has been published in the journal Work, Employment and Society.

Managing windows — "even after 50 years, nobody's fully cracked it yet," writes GNOME developer Tobias Bernard: Most of the time you don't care about exact window sizes and positions and just want to see the windows that you need for your current task. Often that's just a single, maximized window. Sometimes it's two or three windows next to each other. It's incredibly rare that you need a dozen different overlapping windows. Yet this is what you end up with by default today, when you simply use the computer, opening apps as you need them. Messy is the default, and it's up to you to clean it up...

We've wanted more powerful tiling for years, but there has not been much progress due to the huge amount of work involved on the technical side and the lack of a clear design direction we were happy with. We now finally feel like the design is at a stage where we can take concrete next steps towards making it happen, which is very exciting! The key point we keep coming back to with this work is that, if we do add a new kind of window management to GNOME, it needs to be good enough to be the default. We don't want to add yet another manual opt-in tool that doesn't solve the problems the majority of people face.
The current concept imagines three possible layout states for windows:

- Floating, the classic stacked windows model
- Edge Tiling, i.e. windows splitting the screen edge-to-edge
- Mosaic, a new window management mode which combines the best parts of tiling and floating

Mosaic is the default — where "you open a window, it opens centered on the screen at a size that makes the most sense for the app." (Videos in the blog post show how this works.) "As you open more windows, the existing windows move aside to make room for the new ones. If a new window doesn't fit (e.g. because it wants to be maximized) it moves to its own workspace. If the window layout comes close to filling the screen, the windows are automatically tiled." You can also manually tile windows. If there's enough space, other windows are left in a mosaic layout. However, if there's not enough space for this mosaic layout, you're prompted to pick another window to tile alongside. You're not limited to tiling just two windows side by side. Any tile (or the remaining space) can be split by dragging another window over it, and freely resized as the window minimum sizes allow.
So what's next? Windows can already set a fixed size and they have an implicit minimum size, but to build a great tiling experience we need more... At the Brno hackfest in April we had an initial discussion with GNOME Shell developers about many of the technical details. There is tentative agreement that we want to move in the direction outlined in this post, but there's still a lot of work ahead... We'd like to do user research to validate some of our assumptions on different aspects of this, but it's the kind of project that's very difficult to test outside of an actual prototype that's usable day to day.
"There's another issue with GNOME's current windowing system," notes 9to5Linux. "If the stacking is interrupted, newly opened windows will be opened from the top, covering the first opened window." For this new windowing system to become a reality, the GNOME devs would have to do a lot of user research and test numerous scenarios so that everyone can be happy. As you can imagine, this could take months or even years, so if you want to get involved and help them do it faster, please reach out to the GNOME team here.

Oxide Computer Company spent four years working toward "The power of the cloud in your data center... bringing hyperscaler agility to the mainstream enterprise." And on June 30, Oxide finally shipped its very first server rack.

Long-time Slashdot reader destinyland shares this report: It's the culmination of years of work — to fulfill a long-standing dream. In December of 2019, Oxide co-founder Jess Frazelle had written a blog post remembering conversations over the year with people who'd been running their own workloads on-premises... "Hyperscalers like Facebook, Google, and Microsoft have what I like to call 'infrastructure privilege' since they long ago decided they could build their own hardware and software to fulfill their needs better than commodity vendors. We are working to bring that same infrastructure privilege to everyone else!"

Frazelle had seen a chance to make an impact with "better integration between the hardware and software stacks, better power distribution, and better density. It's even better for the environment due to the energy consumption wins."
Oxide CTO Bryan Cantrill sees real problems in the proprietary firmware that sits between hardware and system software — so Oxide's server eliminates the BIOS and UEFI altogether, and replaces the hardware-managing baseboard management controller (or BMC) with "a proper service processor." They even wrote their own custom, all-Rust operating system (named Hubris). On the Software Engineering Daily podcast, Cantrill says "These things boot like a rocket."

And it's all open source. "Everything we do is out there for people to see and understand..." Cantrill added. On the Changelog podcast Cantrill assessed its significance. "I don't necessarily view it as a revolution in its own right, so much as it is bringing the open source revolution to firmware."

Oxide's early funders include 92-year-old Pierre Lamond (who hired Andy Grove at Fairchild Semiconductor) — and customers who supported their vision. On Software Engineering Daily's podcast Cantrill points out that "If you're going to use a lot of compute, you actually don't want to rent it — you want to own it."

Tuesday North America's largest lithium mining operation cleared its last legal hurdle in federal appeals court, giving a green light to the mining of 6,000 acres in an 18,000-acre project site near Nevada's northern border.

But meanwhile, in Southern Nevada... Federal land managers have formally withdrawn their authorization of a Canadian mining company's lithium exploration project bordering a national wildlife refuge in southern Nevada after conservationists sought a court order to block it.

The Center for Biological Diversity and the Amargosa Conservancy said in a lawsuit filed July 7 that the project on the edge of the Ash Meadows National Wildlife Refuge outside Las Vegas posed an illegal risk to a dozen fish, snail and plant species currently protected under the Endangered Species Act. They filed an additional motion this week in federal court seeking a temporary injunction prohibiting Rover Metals from initiating the drilling of 30 bore sites in search of the highly sought-after metal used to manufacture batteries for electric vehicles.

But before a judge in Las Vegas could rule on the request, the Bureau of Land Management notified Rover Metals on Wednesday that its earlier acceptance of the company's notice of its intent to proceed "was in error... The agency has concluded that proposed operations are likely to result in disturbance to localized groundwaters that supply the connected surface waters associated with Threatened and Endangered species in local springs," said Angelita Bulletts, district manager of the bureau's southern Nevada district...

Conservationists said the reversal provides at least a temporary reprieve for the lush oasis in the Mojave Desert that is home to 25 species of fish, plants, insects and snails that are found nowhere else on Earth — one of the highest concentrations of endemic species in North America at one of the hottest, driest places on the planet.
The article ends with this quote from a director at the Center for Biological Diversity and the Amargosa Conservancy. "We need lithium for our renewable energy transition, but this episode sends a message loud and clear that some places are just too special to drill."

Researchers have warned that leaked information from a ransomware attack on hardware-maker Gigabyte two years ago may contain critical zero-day vulnerabilities that pose a significant risk to the computing world. The vulnerabilities were found in firmware made by AMI for BMCs (baseboard management controllers), which are small computers integrated into server motherboards allowing remote management of multiple computers. These vulnerabilities, which can be exploited by local or remote attackers with access to Redfish remote management interfaces, could lead to unauthorized access, remote code execution, and potential physical damage to servers. Ars Technica reports: Until the vulnerabilities are patched using an update AMI published on Thursday, they provide a means for malicious hackers -- both financially motivated or nation-state sponsored -- to gain superuser status inside some of the most sensitive cloud environments in the world. From there, the attackers could install ransomware and espionage malware that runs at some of the lowest levels inside infected machines. Successful attackers could also cause physical damage to servers or indefinite reboot loops that a victim organization can't interrupt. Eclypsium warned such events could lead to "lights out forever" scenarios.

The researchers went on to note that if they could locate the vulnerabilities and write exploits after analyzing the publicly available source code, there's nothing stopping malicious actors from doing the same. And even without access to the source code, the vulnerabilities could still be identified by decompiling BMC firmware images. There's no indication malicious parties have done so, but there's also no way to know they haven't. The researchers privately notified AMI of the vulnerabilities, and the company created firmware patches, which are available to customers through a restricted support page. AMI has also published an advisory here.

An anonymous reader quotes a report from Motherboard: [T]he NYPD announced it's piloting test drones to fly over at-risk neighborhoods and make public announcements during emergencies. On Sunday, at the tail end of a weekend of heavy rainfall and flooding, New York City's emergency notification system tweeted that the NYPD would be "conducting a test of remote-piloted public messaging capabilities" at a location confirmed to AM New York as Hook Creek Park in Queens. The NYPD told AM New York that the drones were being tested to make announcements during weather-related emergencies, and were being tested in advance of more flooding expected this weekend. The comments suggest that public announcement drones could be deployed in a real-world scenario very soon.

Besides the eeriness of a drone instructing New Yorkers during life-threatening emergencies, the test raises questions about the NYPD's compliance with laws that require the agency to alert the public when deploying surveillance technology. The NYPD is required to post an impact statement and use policy on its website and seek public comment 90 days prior to deploying new surveillance technology to comply with the 2020 POST Act. However, according to the law, the NYPD merely has to amend old use policies if it is using previously existing surveillance tech for new purposes. For its use policy for unmanned aircraft, finalized in April 2021, there is no mention of the emergency announcements. The document says, "In situations where deployment of NYPD (drones) has not been foreseen or prescribed in policy, the highest uniformed member of the NYPD, the Chief of Department, will decide if deployment is appropriate and lawful. In accordance with the Public Oversight of Surveillance Technology Act, an addendum to this impact and use policy will be prepared as necessary to describe any additional uses of UAS." No such addendum appears on the website. "This plan just isn't going to fly. The city already has countless ways of reaching New Yorkers, and it would take thousands of drones to reach the whole city," Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project told Motherboard by email.

"The drones are a terrible way to alert New Yorkers, but they are a great way to creep us out. More alarmingly, the NYPD is once again violating the landmark Public Oversight of Surveillance Technology (POST) Act, which requires public notice and comment before deploying new surveillance systems." Cahn added: "No gadget is going to be a substitute for effective city management and communication practices."

Virtual pet website Neopets, which was popular in the 2000s but declined in recent years, is planning a comeback with $4 million in funding and a promise to bring back 50 classic games on July 25th. The BBC reports: Launched in 1999 by British developers, the site let users care for cartoon pets, chat and play games. But after Viacom bought it, for $160 million in 2005, the site failed to keep up with the times and many elements stopped working. At its peak, in the mid-2000s, Neopets had 25 million users, rivaling the popularity of Tamagotchis and other virtual pets. But by 2017, that had collapsed to just 100,000 daily users, according to then chief executive David Lord.

But will the promise of new funding and functionality tempt people to return to their neglected pets? [...] Neopets said a management buyout deal meant the website was now an independent business without a large corporate owner. "Free from the corporate baggage that existed in the past, the newly united [Neopets Team] has now been entrusted with the decision-making and overall brand strategy of Neopets, enabling them to work solely on the betterment of the entire Neopets game and community," it said in a blog post. "The Neopets Team is, for the first time in over a decade, equipped to make meaningful changes in pursuit of a Neopian renaissance." It plans to begin the "new era" with a refreshed homepage, on Thursday, 20 July. Five days later, it will bring back 50 of the website's classic games amid plans to fix "many of the most beloved games" in the future.

An anonymous reader quotes a report from Ars Technica: JumpCloud, a cloud-based IT management service that lists Cars.com, GoFundMe, and Foursquare among its 5,000 paying customers, experienced a security breach carried out by hackers working for a nation-state, the company said last week. The attack began on June 22 as a spear-phishing campaign, the company revealed last Wednesday. As part of that incident, JumpCloud said, the "sophisticated nation-state sponsored threat actor" gained access to an unspecified part of the JumpCloud internal network. Although investigators at the time found no evidence any customers were affected, the company said it rotated account credentials, rebuilt its systems, and took other defensive measures.

On July 5, investigators discovered the breach involved "unusual activity in the commands framework for a small set of customers." In response, the company's security team performed a forced-rotation of all admin API keys and notified affected customers. As investigators continued their analysis, they found that the breach also involved a "data injection into the commands framework," which the disclosure described as the "attack vector." The disclosure didn't explain the connection between the data injection and the access gained by the spear-phishing attack on June 22. Ars asked JumpCloud PR for details, and employees responded by sending the same disclosure post that omits such details. Investigators also found that the attack was extremely targeted and limited to specific customers, which the company didn't name.

JumpCloud says on its website that it has a global user base of more than 200,000 organizations, with more than 5,000 paying customers. They include Cars.com, GoFundMe, Grab, ClassPass, Uplight, Beyond Finance, and Foursquare. JumpCloud has raised over $400 million from investors, including Sapphire Ventures, General Atlantic, Sands Capital, Atlassian, and CrowdStrike. The company has also published a list of IP addresses, domain names, and cryptographic hashes used by the attacker that other organizations can use to indicate if they were targeted by the same attackers. JumpCloud has yet to name the country of origin or other details about the threat group responsible.

BlackRock's move into crypto fits into the asset management giant's broader mission of creating products that are easy to use and cheap for investors, CEO Larry Fink said Friday. From a report: "We believe we have a responsibility to democratize investing. We've done a great job, and the role of ETFs in the world is transforming investing. And we're only at the beginning of that," Fink said. BlackRock applied for a spot bitcoin ETF on June 15, which appeared to spur a rally in cryptocurrencies and a flurry of similar filings from other asset managers. The initial filing for the iShares Bitcoin Trust did not include a management fee.

[...] Fink had previously been critical of crypto, saying in 2017 that the popularity of digital currencies was do in large part to money laundering. However, interest from clients and the high cost of transactions motivated BlackRock to take a closer look at entering the space, Fink said. He also added that crypto can serve a diversification role in investor portfolios. "It has a differentiating value versus other asset classes, but more importantly, because it's so international it's going to transcend any one currency," Fink said.

An anonymous reader shares a report: For two weeks in June, Nawshin Khan, a marketing and content management strategist at Dhaka-based outsourcing firm Datacrete, struggled to stay awake and alert at work. As Bangladesh experienced its longest heatwave in decades, temperatures in Dhaka soared to a 58-year-high of 40.6 degrees Celsius (around 105 degrees Fahrenheit). The capital city faced severe electricity cuts as power plants fell short of meeting a surging demand. Some areas reported load-shedding, or controlled power blackouts, for as long as 10 hours at a stretch. With no power back at her apartment, Khan could barely get any sleep at night. The 28-year-old didn't even have the option of sleeping next to an open window "because the air was so hot outside," she told Rest of World. Despite the sleep deprivation, going to work felt like a respite because "at least there was a generator [in the office] that operated the fans."

Khan works in Bangladesh's business process outsourcing (BPO) sector. She is one of around 70,000 workers in an industry to which companies around the world outsource entire business functions -- from marketing and payroll to human resources. The BPO industry in Bangladesh has been expanding, with jobs in the sector growing steadily in recent years, according to the Bangladesh Association of Contact Center and Outsourcing. According to local media reports, there were at least 350 BPO firms in the country as of March 2023, with an annual revenue of $700 million in 2022. They support real estate companies, health-care facilities, and law firms in the U.K. and U.S. But the foot soldiers of this industry -- BPO workers -- are now staring at a disconcerting future as global temperatures continue to rise.

Several told Rest of World they're already weary and exhausted. Five hours from Dhaka, in Chattogram, known for its balmy summers with frequent spells of rain, 27-year-old BPO worker Naima Shirmen said the heat has felt like "living hell" this year. "I've never seen heat as bad as this in my whole life. I get headaches everyday. I feel sick. I'm not able to sleep at night properly," she told Rest of World. "And as you know, if you can't sleep properly, you can't do work." Shirmen provides remote marketing support for foreign clients of BPOs in Dhaka. "The [heat] is so bad this year that when we switch on the fans, it makes no difference," she said. "It's like there's no air in the room. It's like the fan isn't working at all.

Long-time Slashdot reader Ammalgam shares a report from CRM Rank: Salesforce, the leading provider of software for customer relations management, announced that it will implement a price increase for some of its cloud and marketing tools starting in August. The company's decision to raise prices, the first in seven years, was met with a positive market response as its shares surged nearly 4% during early trading on Tuesday.

This move by Salesforce aligns with the current trend among technology companies, including Salesforce itself, to invest in generative artificial intelligence (AI) and incorporate it into their products and services. To enhance its software capabilities, Salesforce has dedicated over $20 billion to research and development efforts over the past seven years. These investments have led to the introduction of new features, particularly generative AI tools, aimed at providing enhanced value to customers. The revised prices will apply to a range of Salesforce products, including Tableau, Sales Cloud, Service Cloud, Marketing Cloud, and Industries. Both new and existing customers will be subject to price adjustments, ensuring consistency across the customer base. Salesforce detailed the new price increases in a statement, saying: "New list pricing will go into effect globally for new customers and existing customers purchasing new clouds in August 2023. The new list prices will be Professional Edition $80 (up $5), Enterprise Edition $165 (up $15) and Unlimited Edition $330 (up $30). These editions will be priced comparably in other currencies. Similar list price increases will go into effect for Industries, Marketing Cloud Engagement and Account Engagement, CRM Analytics and Tableau."

An anonymous reader quotes a report from Ars Technica: Two small spacecraft should have now been cruising through the Solar System on the way to study unexplored asteroids, but after several years of development and nearly $50 million in expenditures, NASA announced Tuesday the probes will remain locked inside a Lockheed Martin factory in Colorado. That's because the mission, called Janus, was supposed to launch last year as a piggyback payload on the same rocket with NASA's much larger Psyche spacecraft, which will fly to a 140-mile-wide (225-kilometer) metal-rich asteroid -- also named Psyche -- for more than two years of close-up observations. Problems with software testing on the Psyche spacecraft prompted NASA managers to delay the launch by more than a year. An independent review board set up to analyze the reasons for the Psyche launch delay identified issues with the spacecraft's software and weaknesses in the plan to test the software before Psyche's launch. Digging deeper, the review panel determined that NASA's Jet Propulsion Laboratory, which manages the Psyche mission, was encumbered by staffing and workforce problems exacerbated by the COVID-19 pandemic. Psyche is now back on track for liftoff in October on a SpaceX Falcon Heavy rocket, but Janus won't be aboard.

Janus was designed to fly to two binary asteroids -- consisting of two bodies near one another -- that orbit the Sun closer to Earth than the metallic asteroid Psyche. While the Psyche mission can still reach its asteroid destination and accomplish its science mission with a launch this year, the asteroids targeted by Janus will have changed positions in the Solar System by too much since last year. They are no longer accessible to the two Janus spacecraft without flying too far from the Sun for their solar arrays to generate sufficient power. When it became clear the two Janus target asteroids were no longer reachable, scientists on the Janus team and NASA management agreed last year to remove the twin spacecraft from the Psyche launch. Scientists considered other uses for the suitcase-size Janus spacecraft, which were already built and were weeks away from shipment to Florida to begin final launch preparations when NASA decided to delay the launch of Psyche.

One of the ideas to repurpose the Janus spacecraft was to send the probes to fly by asteroid Apophis, a space rock bigger than the Empire State Building that will encroach within 20,000 miles (32,000 kilometers) from our planet's surface in 2029. For a time soon after its discovery in 2004, scientists said there was a small chance Apophis could impact Earth in 2029 or later this century, but astronomers have now ruled out any risk of a collision for the next 100-plus years. In the end, Janus fell victim to the delay of the Psyche mission and tight budget constraints at NASA. The agency said Tuesday it has directed the Janus team to "prepare the spacecraft for long-term storage."

Evernote, the note-taking and task management application, is triggering fears of closure after its parent company Bending Spoon laid off most of the company's staff and announced plans to relocate all operations to Europe. Thurrott reports: Most of the company's "operations will be transitioned to Europe," Bending Spoons CEO Luca Ferrari told SFGate, due to the "significant boost in operational efficiency that will come as a consequence of centralizing operations in Europe." As a result, most of Evernote's staff in the San Francisco Bay area and Chile has been laid off and those offices will be closed for good.

Bending Spoons won't confirm how many Evernote employees it laid off, but Ferrari claims all is well. "Our plans for Evernote are as ambitious as ever," he said. "Going forward, a growing, dedicated team based in Europe will continue to assume ownership of the Evernote product. This team will also be in an ideal position to leverage the extensive expertise and strength of the 400-plus workforce at Bending Spoons, many of whom have been working on Evernote full-time since the acquisition." Paul Thurrott notes that Bending Spoons announced plans to acquire Evernote in November 2022. "At the time of the announcement, Mr. Ferrari said that he 'saw the potential' in Evernote, which has struggled in recent years after being a Silicon Valley startup darling a decade or more ago."

Wednesday Greg Kroah-Hartman announced the release of the 6.4.2 kernel. "All users of the 6.4 kernel series must upgrade."

The Hacker News reports: Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.

"As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said. "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging."

Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds. A proof-of-concept (PoC) exploit and additional technical specifics about the bug are expected to be made public by the end of the month.
ZDNet points out that Linux 6.4 "offers improved hardware enablement for ARM boards" and does a better job with the power demands of Steam Deck gaming devices. And "On the software side, the Linux 6.4 release includes more upstreamed Rust code. We're getting ever closer to full in-kernel Rust language support."

The Register also notes that Linux 6.4 also includes "the beginnings of support for Apple's M2 processors," along with support for hibernation of RISC-V CPUs, "a likely presage to such silicon powering laptop computers."

CNBC has created a 15-minute video titled "The Rise and Fall of Skype," telling the story of how Skype was developed in just nine months in 2003 by a six-person group of childhood friends in Estonia. "We were smart engineers," says Skype's former chief technical architect Ahti Heinla. "We learned on the go. None of us had any telecoms background." But at the end of the interview, he concedes "I myself use Skype right now fairly little. I still have it installed on my phone, but my primary communication methods now are elsewhere."

GigaOm founder Om Malik tells CNBC it was Skype's missteps that enabled the massive growth of WhatsApp, and shared this succinct diagnosis of what's happening to Skype. "Microsoft is where consumer brands go to die." From an accompanying article on CNBC's web site: In 2005 eBay bought it. That deal didn't work out as planned, and an investor group led by Silver Lake purchased a majority stake. Microsoft then stepped in, shelling out $8.5 billion for the company in 2011. Even backed by the world's largest software company, Skype is falling by the wayside. During the pandemic, consumers and business workers turned to tools like Zoom and Meta's WhatsApp, and now there are any number of options to quickly connect with groups of friends and colleagues over smartphones... Microsoft has promoted Skype in Outlook and Windows and even enriched the app with its Bing generative artificial intelligence chatbot. But the numbers still don't look great.

In March 2020, Microsoft said Skype had 40 million daily active users, a number that's since slipped to 36 million, according to a spokesperson. Microsoft's newer Teams communication app, by contrast, is growing in popularity, rising from nearly 250 million monthly users in July 2021 to a record of over 300 million in the first quarter.
Microsoft Teams reached an all-time high of 300 million active users in the second quarter of 2023, according to CNBC's video report. But a research VP at International Data Corp says Microsoft Teams was successful — in taking users away from Skype.

GigaOm's Malik says Microsoft "failed to capitalize on Skype, 100%. Steve Balmer was the king of buying things and not knowing what to do with them... What happened with Skype is the story of every large company with a lot of middle management: they didn't innovate on the product for a very long time."

Jordan Novet from CNBC Business News calls Skype "a product with an uncertain future," arguing that Microsoft "is pouring a lot of engineering resources into making Teams a big destination for communication. It's not doing the same thing with Skype." Could Skype make a comeback? "Anything is possible," Novet concedes. "Microsoft is trying to make Skype happen in a bigger way now." He points out that Skype is now equipped with Bing's AI-powered chatbot, so "You can talk to Bing in Skype. Will that make Skype explode in popularity, or make a comeback? I don't think so."

Microsoft's current head of Skype was not available for CNBC's video. But as a kind of epilogue, they report that Jaan Tallinn, one of Skype's original programmers, now "spends most of his time discussing the dangers of unchecked AI development."

"I don't know what the future holds for Skype..." he tells CNBC. "I'm concerned about humans being wiped out, so it's unlikely that we'll need Skype if that happens."