A software glitch in the "ticket in, cash out" (TICO) machines at Star Casino in Sydney, Australia, saw it inadvertently give away $2.05 million over several weeks. This glitch allowed gamblers to reuse a receipt for slot machine winnings, leading to unwarranted cash payouts which went undetected due to systematic failures in oversight and audit processes. The Register reports: News of the giveaway emerged on Monday at an independent inquiry into the casino, which has had years of compliance troubles that led to a finding that its operators were unsuitable to hold a license. In testimony [PDF] given on Monday to the inquiry, casino manager Nicholas Weeks explained that it is possible to insert two receipts into TICO machines. That was a feature, not a bug, and allowed gamblers to redeem two receipts and be paid the aggregate amount. But a software glitch meant that the machines would return one of those tickets and allow it to be re-used -- the barcode it bore was not recognized as having been paid.

"What occurred was small additional amounts of cash were being provided to customers in circumstances when they shouldn't have received it because of that defect," Weeks told the inquiry. Local media reported that news of the free cash got around and 43 people used the TICO machines to withdraw money to which they were not entitled -- at least one of them a recovering gambling addict who fell off the wagon as the "free" money allowed them to fund their activities. Known abusers of the TICO machines have been charged, and one of those set to face the courts is accused of association with a criminal group. (The first inquiry into The Star, two years ago, found it may have been targeted by organized crime groups.)

An anonymous reader shares a report: A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime. The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for "know your customer" checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions.The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm. A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

Amazon staff went undercover on Walmart, eBay and other marketplaces as a third-party seller called "Big River," WSJ reports. The mission: to scoop up information on pricing, logistics and other business practices. From the report: For nearly a decade, workers in a warehouse in Seattle's Denny Triangle neighborhood have shipped boxes of shoes, beach chairs, Marvel T-shirts and other items to online retail customers across the U.S. The operation, called Big River Services International, sells around $1 million a year of goods through e-commerce marketplaces including eBay, Shopify, Walmart and Amazon under brand names such as Rapid Cascade and Svea Bliss. "We are entrepreneurs, thinkers, marketers and creators," Big River says on its website. "We have a passion for customers and aren't afraid to experiment."

What the website doesn't say is that Big River is an arm of Amazon that surreptitiously gathers intelligence on the tech giant's competitors. Born out of a 2015 plan code named "Project Curiosity," Big River uses its sales across multiple countries to obtain pricing data, logistics information and other details about rival e-commerce marketplaces, logistics operations and payments services, according to people familiar with Big River and corporate documents viewed by The Wall Street Journal. The team then shared that information with Amazon to incorporate into decisions about its own business.

[...] The story of Big River offers new insight into Amazon's elaborate efforts to stay ahead of rivals. Team members attended their rivals' seller conferences and met with competitors identifying themselves only as employees of Big River Services, instead of disclosing that they worked for Amazon. They were given non-Amazon email addresses to use externally -- in emails with people at Amazon, they used Amazon email addresses -- and took other extraordinary measures to keep the project secret. They disseminated their reports to Amazon executives using printed, numbered copies rather than email. Those who worked on the project weren't even supposed to discuss the relationship internally with most teams at Amazon.

Jess Weatherbed reports via The Verge: It's alive! A day after announcing it was retiring Atlas, its hydraulic robot, Boston Dynamics has introduced a new, all-electric version of its humanoid machine. The next-generation Atlas robot is designed to offer a far greater range of movement than its predecessor. Boston Dynamics wanted the new version to show that Atlas can keep a humanoid form without limiting "how a bipedal robot can move." The new version has been redesigned with swiveling joints that the company claims make it "uniquely capable of tackling dull, dirty, and dangerous tasks."

The teaser showcasing the new robot's capabilities is as unnerving as it is theatrical. The video starts with Atlas lying in a cadaver-like fashion on the floor before it swiftly folds its legs backward over its body and rises to a standing position in a manner befitting some kind of Cronenberg body-horror flick. Its curved, illuminated head does add some Pixar lamp-like charm, but the way Atlas then spins at the waist and marches toward the camera really feels rather jarring. The design itself is also a little more humanoid. Similar to bipedal robots like Tesla's Optimus, the new Atlas now has longer limbs, a straighter back, and a distinct "head" that can swivel around as needed. There are no cables in sight, and its "face" includes a built-in ring light. It is a marked improvement on its predecessor and now features a bunch of Boston Dynamics' new AI and machine learning tools. [...] Boston Dynamics said the new Atlas will be tested with a small group of customers "over the next few years," starting with Hyundai.

AltStore PAL has become one of the first alternative app marketplaces to launch in the European Union. Developed by Riley Testut, AltStore PAL is marketed as an open-source project designed to distribute apps from independent developers. MacRumors reports: At launch, it features two apps, including Testut's Delta game emulator and clipboard manager app Clip. Delta is also being simultaneously released in the App Store outside of the European Union, but it looks like EU customers will need to download it from AltStore. Testut says that once AltStore PAL is "running smoothly," third-party app developers will be able to submit their apps for distribution outside of the App Store. The app marketplace is designed to be decentralized with no directory, so developers will need to self-promote their apps and direct users to their websites to install an app through AltStore.

Distributing apps through AltStore is free of charge, but it is worth noting that apps that see more than one million first annual installs will need to pay Apple an 0.50 euro Core Technology Fee. App marketplaces have to pay the fee for every install with no free allowance, so AltStore is charged 0.50 euros each time it is installed. To afford the fee, Testut is charging 1.50 euros per year for AltStore PAL access. Testut has been working on AltStore PAL since Apple announced plans to support alternative app marketplaces in iOS 17.4. It is open to all apps, but Testut says that it makes the most sense for "smaller, indie apps that otherwise couldn't exist due to App Store rules." AltStore PAL is equipped with Patreon integration to allow developers to monetize their apps. Developers can offer their apps to just their patrons, and this method of distribution also allows for a sub-1 million cap on those who can subscribe to use an app.

At Amazon's annual cloud conference in 2016, the company captured the crowd's attention by driving an 18-wheeler onstage. Andy Jassy, now Amazon's CEO, called it the Snowmobile, and said the company would be using the truck to help customers speedily transfer data to Amazon Web Services facilities. Less than eight years later, the semi is out of commission. From a report: As of March, AWS had removed Snowmobile from its website, and the Amazon unit has stopped offering the service, CNBC has confirmed. The webpage devoted to AWS' "Snow family" of products now directs users to its other data transport services, including the Snowball Edge, a 50-pound suitcase-sized device that can be equipped with fast solid-state drives, and the smaller Snowcone.

An AWS spokesperson said in an emailed statement that the company has introduced more cost-effective options for moving data. Clients had to deal with power, cooling, networking, parking and security when they used the Snowmobile service, the spokesperson said.

Dropbox cofounder and CEO Drew Houston said he views his employees like customers, and that means giving them what they want -- which isn't in-person work. From a report: "We will support however they want to gather," Houston said in a new interview with The Verge. "But we're finding that these retreats and off-sites and things like that are often a lot more effective than asking people to commute." Houston said other business leaders are making the wrong move by forcing employees back to the office. Many companies are pushing employees to return to office in a hybrid structure, including giants like Google, Apple, and Amazon.

"They keep mashing the go back to 2019 button, and they see it's not working," Houston said in the interview, speaking generally about return-to-office mandates. "Then they just push harder, and then you have this really toxic relationship." He compared returning to the office to returning to movie theaters or malls. It may have been cool for a time and people might still occasionally want to watch a big movie like "Top Gun" at the cinema, he said, "but the world has moved on." The CEO said the reason it used to be so easy to get people to the office was because they didn't have a choice. A lot of CEOs today don't understand that flexibility wasn't an option in the past, Houston said.

An anonymous reader quotes a report from The Register: In a Monday post, Broadcom CEO Hock Tan restated his belief that VMware's portfolio was too complex, and too poorly integrated, for the virtualization giant to represent true competition for hyperscale clouds. Broadcom's injection of R&D cash, he insisted, will see VMware's flagship Cloud Foundation suite evolve to become more powerful and easy to operate. He also admitted that customers aren't enjoying the ride. "As we roll out this strategy, we continue to learn from our customers on how best to prepare them for success by ensuring they always have the transition time and support they need," he wrote. "In particular, the subscription pricing model does involve a change in the timing of customers' expenditures and the balance of those expenditures between capital and operating spending."

Customers also told Tan that "fast-moving change may require more time, so we have given support extensions to many customers who came up for renewal while these changes were rolling out." That's one of the changes -- Broadcom has previously not publicly suggested such extensions would be possible. "We have always been and remain ready to work with our customers on their specific concerns," Tan wrote. The other change is providing some ongoing security patches for VMware customers who persist with their perpetual licenses instead of shifting to Broadcom's subs. "We are announcing free access to zero-day security patches for supported versions of vSphere, and we'll add other VMware products over time," Tan wrote, describing the measure as aimed at ensuring that customers "whose maintenance and support contracts have expired and choose to not continue on one of our subscription offerings." The change means such customers "are able to use perpetual licenses in a safe and secure fashion."

Roku has made two-factor authentication (2FA) mandatory for all users following two credential stuffing attacks that compromised approximately 591,000 customer accounts and led to unauthorized purchases in fewer than 400 cases. The Register reports: Credential stuffing and password spraying are both fairly similar types of brute force attacks, but the former uses known pairs of credentials (usernames and passwords). The latter simply spams common passwords at known usernames in the hope one of them leads to an authenticated session. "There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," it said in an update to customers. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials."

All accounts now require 2FA to be implemented, whether they were affected by the wave of compromises or not. Roku has more than 80 million active accounts, so only a minority were affected, and these have all been issued mandatory password resets. Compromised or not, all users are encouraged to create a strong, unique password for their accounts, consisting of at least eight characters, including a mix of numbers, symbols, and letter cases. [...] Roku also asked users to remain vigilant to suspicious activity regarding its service, such as phishing emails or clicking on dodgy links to rest passwords -- the usual stuff. "In closing, we sincerely regret that these incidents occurred and any disruption they may have caused," it said. "Your account security is a top priority, and we are committed to protecting your Roku account."

Senator Elizabeth Warren (D-MA) has written a letter to the Federal Trade Commission, saying that TurboTax "continues to relentlessly upsell" customers while also directing them away from services that would otherwise be free. From a report: As noted in the letter, Warren's staff analyzed TurboTax's services using a sample taxpayer and found that the company attempted to upsell the customer eight times during the tax filing process. Warren writes that in "several cases," these solicitations "appear to be efforts to mislead customers into thinking that they must pay the extra fees in order to file their taxes when that is not the case." Some show up as full-screen prompts, forcing users to scroll to the bottom to deny the upgrade.

In one instance, Warren's team found that TurboTax highlighted its $89 tax filing package as "the right option" for their sample taxpayer, leaving the free option at the bottom of the page. After choosing just one upgrade, Warren's staff found that their sample taxpayer with "simple" filing requirements had to pay an extra $69 to report her unemployment income and educator expenses, plus $64 to file Massachusetts state tax returns. That makes for a grand total of $133 -- a sum people wouldn't have to pay through the IRS's free Direct File service, Warren argues.

AT&T, Charter, Comcast and Verizon are quietly trying to weaken a $42.5 billion federal program to improve internet access across the nation, aiming to block strict new rules that would require them to lower their poorest customers' monthly bills in exchange for a share of the federal aid. From a report: In state after state, the telecom firms have blasted the proposed price cuts as illegal -- forcing regulators in California, New York, South Carolina, Tennessee, Virginia and elsewhere to rethink, scale back or abandon their plans to condition the federal funds on financial relief for consumers. The lobbying campaign threatens to undermine the largest burst of money to upgrade the country's internet service in U.S. history. Enacted by President Biden as part of a sprawling 2021 infrastructure law, the funds are intended to deliver speedy and affordable broadband to the final unserved pockets of America by 2030 -- a goal that the White House likens to the federal campaign nearly a century ago to electrify the nation's heartland.

A business columnist at the Los Angeles Times notes Sam Bankman-Fried's judge issued another ruling "that may have a more far-reaching effect on the crypto business.

U.S. Judge Failla "cleared the Securities and Exchange Commission to proceed with its lawsuit alleging that the giant crypto broker and exchange Coinbase has been dealing in securities without a license." What's important about Failla's ruling is that she dismissed out of hand Coinbase's argument, which is that cryptocurrencies are novel assets that don't fall within the SEC's jurisdiction — in short, they're not "securities." Crypto promoters have been making the same argument in court and the halls of Congress, where they're urging that the lawmakers craft an entirely new regulatory structure for crypto — preferably one less rigorous than the existing rules and regulations promulgated by the SEC and the Commodity Futures Trading Commission...

Failla saw through that argument without breaking a sweat. "The 'crypto' nomenclature may be of recent vintage," she wrote, "but the challenged transactions fall comfortably within the framework that courts have used to identify securities for nearly eighty years...." Since Congress hasn't enacted regulations specifically aimed at crypto, Coinbase said, the SEC's lawsuit should be dismissed. The judge's opinion of that argument was withering. "While certainly sizable and important," she wrote, "the cryptocurrency industry 'falls far short of being a "portion of the American economy" bearing vast economic and political significance....'"

Failla's ruling followed another in New York federal court in which a judge deemed crypto to be securities. In that case, Judge Edgardo Ramos refused to dismiss SEC charges against Gemini Trust Co., a crypto trading outfit run by Cameron and Tyler Winkelvoss, and the crypto lender Genesis Global Capital. The SEC charged that a scheme in which Gemini pooled customers' crypto assets and lent them to Genesis while promising the customers high interest returns is an unregistered security. The SEC case, like that against Coinbase, will proceed....

The hangover from March continued into this month. On April 5, a federal jury in New York found Terraform Labs and its chief executive and major shareholder, Do Kwon, liable in what the SEC termed "a massive crypto fraud...." The value of UST fell in effect to zero, the SEC said, "wiping out over $40 billion of total market value ... and sending shock waves through the crypto asset community."

According to Bloomberg, Adobe used images from its competitor Midjourney to train its own artificial intelligence image generator, Firefly -- contradicting the "commercially safe" ethical standards the company promotes. Tom's Guide reports: The startup has never declared the source of its training data but many suspect it is from images it scraped from the internet without licensing. Adobe says only about 5% of the millions of images used to train Firefly fell into this category and all of them were part of the Adobe Stock library, which meant they'd been through a "rigorous moderation process."

When Adobe first launched Firefly it offered an indemnity against copyright theft claims for its enterprise customers as a way to convince them it was safe. Adobe also sold Firefly as the safe alternative to the likes of Midjourney and DALL-E as all the data had been licensed and cleared for use in training the model. Not all artists were that keen at the time and felt they were coerced into agreeing to let their work be used by the creative tech giant -- but the sense was any image made with Firefly was safe to use without risk of being sued for copyright theft.

Despite the revelation some of the images came from potentially less reputable sources, Adobe says all of the non-human pictures are still safe. A spokesperson told Bloomberg: "Every image submitted to Adobe Stock, including a very small subset of images generated with AI, goes through a rigorous moderation process to ensure it does not include IP, trademarks, recognizable characters or logos, or reference artists' names." The company seems to be taking a slightly more rigorous step with its plans to build an AI video generator. Rumors suggest it is paying artists per minute for video clips.

Datacenter power issues in Ireland may be coming to a head amid reports from customers that Amazon is restricting resources users can spin up in that nation, even directing them to other AWS regions across Europe instead. From a report: Energy consumed by datacenters is a growing concern, especially in places such as Ireland where there are clusters of facilities around Dublin that already account for a significant share of the country's energy supply. This may be leading to restrictions on how much infrastructure can be used, given the power requirements. AWS users have informed The Register that there are sometimes limits on the resources that they can access in its Ireland bit barn, home to Amazon's eu-west-1 region, especially with power-hungry instances that make use of GPUs to accelerate workloads such as AI.

"You cannot spin up GPU nodes in AWS Dublin as those locations are maxed out power-wise. There is reserved capacity for EC2 just in case," one source told us. "If you have a problem with that, AWS Europe will point you at spare capacity in Sweden and other parts of the EU." We asked AWS about these issues, but when it finally responded the company was somewhat evasive. "Ireland remains core to our global infrastructure strategy, and we will continue to work with customers to understand their needs, and help them to scale and grow their business," a spokesperson told us. Ireland's power grid operator, EirGrid, was likewise less than direct when we asked if they were limiting the amount of power datacenters could consume.

HP "sought to take advantage of customers' sunk costs," printer owners claimed this week in a class action lawsuit against the hardware giant. The Register: Lawyers representing the aggrieved were responding in an Illinois court to an earlier HP motion to dismiss a January lawsuit. Among other things, the plaintiffs' filing stated that the printer buyers "never entered into any contractual agreement to buy only HP-branded ink prior to receiving the firmware updates." They allege HP broke several anti-competitive statutes, which they claim: "bar tying schemes, and certain uses of software to accomplish that without permission, that would monopolize an aftermarket for replacement ink cartridges, when these results are achieved in a way that 'take[s] advantage of customers' sunk costs.'"

In the case, which began in January, the plaintiffs are arguing that HP issued a firmware update between late 2022 and early 2023 that they allege disabled their printers if they installed a replacement cartridge that was not HP-branded. They are asking for damages that include the cost of now-useless third-party cartridges and an injunction to disable the part of the firmware updates that prevent the use of third-party ink.

Kyle Wiggers reports via TechCrunch: OpenAI announced today that premium ChatGPT users -- customers paying for ChatGPT Plus, Team or Enterprise -- can now leveraged an updated and enhanced version of GPT-4 Turbo, one of the models that powers the conversational ChatGPT experience. This new model ("gpt-4-turbo-2024-04-09") brings with it improvements in writing, math, logical reasoning and coding, OpenAI claims, as well as a more up-to-date knowledge base. It was trained on publicly available data up to December 2023, in contrast to the previous edition of GPT-4 Turbo available in ChatGPT, which had an April 2023 cut-off. "When writing with ChatGPT [with the new GPT-4 Turbo], responses will be more direct, less verbose and use more conversational language," OpenAI writes in a post on X.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that "certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)" In its alert, CISA said it was working with private industry partners to respond to a recent compromise discovered by independent security researchers involving Sisense.

Sisense declined to comment when asked about the veracity of information shared by two trusted sources with close knowledge of the breach investigation. Those sources said the breach appears to have started when the attackers somehow gained access to the company's code repository at Gitlab, and that in that repository was a token or credential that gave the bad guys access to Sisense's Amazon S3 buckets in the cloud. Both sources said the attackers used the S3 access to copy and exfiltrate several terabytes worth of Sisense customer data, which apparently included millions of access tokens, email account passwords, and even SSL certificates.

The incident raises questions about whether Sisense was doing enough to protect sensitive data entrusted to it by customers, such as whether the massive volume of stolen customer data was ever encrypted while at rest in these Amazon cloud servers. It is clear, however, that unknown attackers now have all of the credentials that Sisense customers used in their dashboards. The breach also makes clear that Sisense is somewhat limited in the clean-up actions that it can take on behalf of customers, because access tokens are essentially text files on your computer that allow you to stay logged in for extended periods of time -- sometimes indefinitely. And depending on which service we're talking about, it may be possible for attackers to re-use those access tokens to authenticate as the victim without ever having to present valid credentials. Beyond that, it is largely up to Sisense customers to decide if and when they change passwords to the various third-party services that they've previously entrusted to Sisense. "If they are hosting customer data on a third-party system like Amazon, it better damn well be encrypted," said Nicholas Weaver, a researcher at University of California, Berkeley's International Computer Science Institute (ICSI) and lecturer at UC Davis. "If they are telling people to rest credentials, that means it was not encrypted. So mistake number one is leaving Amazon credentials in your Git archive. Mistake number two is using S3 without using encryption on top of it. The former is bad but forgivable, but the latter given their business is unforgivable."

An anonymous reader quotes a report from Ars Technica: Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products. Researchers from security firm Binarly have confirmed that the lapse has resulted in Intel, Lenovo, and Supermicro shipping server hardware that contains a vulnerability that can be exploited to reveal security-critical information. The researchers, however, went on to warn that any hardware that incorporates certain generations of baseboard management controllers made by Duluth, Georgia-based AMI or Taiwan-based AETN are also affected.

BMCs are tiny computers soldered into the motherboard of servers that allow cloud centers, and sometimes their customers, to streamline the remote management of vast fleets of servers. They enable administrators to remotely reinstall OSes, install and uninstall apps, and control just about every other aspect of the system -- even when it's turned off. BMCs provide what's known in the industry as "lights-out" system management. AMI and AETN are two of several makers of BMCs. For years, BMCs from multiple manufacturers have incorporated vulnerable versions of open source software known as lighttpd. Lighttpd is a fast, lightweight web server that's compatible with various hardware and software platforms. It's used in all kinds of wares, including in embedded devices like BMCs, to allow remote administrators to control servers remotely with HTTP requests. [...] "All these years, [the lighttpd vulnerability] was present inside the firmware and nobody cared to update one of the third-party components used to build this firmware image," Binarly researchers wrote Thursday. "This is another perfect example of inconsistencies in the firmware supply chain. A very outdated third-party component present in the latest version of firmware, creating additional risk for end users. Are there more systems that use the vulnerable version of lighttpd across the industry?"

The vulnerability makes it possible for hackers to identify memory addresses responsible for handling key functions. Operating systems take pains to randomize and conceal these locations so they can't be used in software exploits. By chaining an exploit for the lighttpd vulnerability with a separate vulnerability, hackers could defeat this standard protection, which is known as address space layout randomization. The chaining of two or more exploits has become a common feature of hacking attacks these days as software makers continue to add anti-exploitation protections to their code. Tracking the supply chain for multiple BMCs used in multiple server hardware is difficult. So far, Binarly has identified AMI's MegaRAC BMC as one of the vulnerable BMCs. The security firm has confirmed that the AMI BMC is contained in the Intel Server System M70KLP hardware. Information about BMCs from ATEN or hardware from Lenovo and Supermicro aren't available at the moment. The vulnerability is present in any hardware that uses lighttpd versions 1.4.35, 1.4.45, and 1.4.51. "A potential attacker can exploit this vulnerability in order to read memory of Lighttpd Web Server process," Binarly researchers wrote in an advisory. "This may lead to sensitive data exfiltration, such as memory addresses, which can be used to bypass security mechanisms such as ASLR." Advisories are available here, here, and here.

An anonymous reader shares a report: Last week South Korea's SK Hynix announced it would partner with Purdue University on a $3.9 billion semiconductor complex here, the largest single corporate investment in state history. Now comes the hard part. SK Hynix must not only build the fabrication plant, or fab, which will package high-bandwidth memory chips used in artificial intelligence, and a connected research-and-development center. It also has to staff them. "We need several hundred engineers to operate our advanced-packaging manufacturing fab -- in physics, chemistry, material science, electronics engineering," Kwak Noh-Jung, chief executive of SK Hynix, said in an interview following last week's announcement.

Staffing a fab is harder in the U.S. than in South Korea, where SK Hynix has contracts with local universities and its own in-house university. Nonetheless, Kwak said, "the final goal is very clear. We need to have very good engineers for our success in U.S." The U.S. is trying to do something unprecedented: reverse a shrinking share in a key manufacturing sector. Between 1990 and 2020, the U.S. share of world chip making shrank to 12% from 37%, while the combined share of Taiwan, South Korea and China grew to 58%. The federal CHIPS program has showered billions of dollars on Intel for fabs in several states, Taiwan Semiconductor Manufacturing Co.in Arizona and GlobalFoundries in New York and Vermont. SK Hynix hopes for support as well.

Subsidies alone won't guarantee a sustainable industry. Fabs need customers, a supply chain and, above all, a skilled, specialized workforce. From 2000 to 2017, U.S. employment in semiconductor manufacturing shrank to 181,000 from 287,000. It has since recovered to about 200,000. Why did the U.S. share of semiconductor production shrink? As in other industries, the U.S. became an expensive place to manufacture. Susan Houseman of the Upjohn Institute, who has studied outsourcing, said this wasn't "primarily a story about offshoring." U.S. companies still lead in chip design: Nvidia in artificial intelligence, Qualcomm in communications and Apple in smartphones. Over time they mostly contracted out fabrication of their chips to foundries such as TSMC who benefited from generous domestic subsidies. The theory behind CHIPS is that, by matching Asia's subsidies, the U.S. can again be competitive in chip making. Nonetheless, there is a chicken-egg problem. Fabs need a ready supply of skilled workers. But without fabs, America's best and brightest have little incentive to pursue careers in the sector.

Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that may have been targeted by mercenary spyware attacks. From a report: The company said it sent the alerts to individuals in 92 nations at 12pm Pacific Time Wednesday. The notification, which TechCrunch has seen, did not disclose the attackers' identities or the countries where users received notifications.

"Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-," it wrote in the warning to affected customers. "This attack is likely targeting you specifically because of who you are or what you do. Although it's never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning -- please take it seriously," Apple added in the text.