An anonymous reader shares a report: The Federal Aviation Administration is investigating whether Boeing failed to complete required inspections on 787 Dreamliner planes and whether Boeing employees falsified aircraft records, the agency said this week. The investigation was launched after an employee reported the problem to Boeing management, and Boeing informed the FAA. "The FAA has opened an investigation into Boeing after the company voluntarily informed us in April that it may not have completed required inspections to confirm adequate bonding and grounding where the wings join the fuselage on certain 787 Dreamliner airplanes," the FAA said in a statement provided to Ars today. The FAA said it "is investigating whether Boeing completed the inspections and whether company employees may have falsified aircraft records. At the same time, Boeing is reinspecting all 787 airplanes still within the production system and must also create a plan to address the in-service fleet." The agency added that it "will take any necessary action -- as always -- to ensure the safety of the flying public."

Boeing VP Scott Stocker, who leads the 787 Dreamliner program, described "misconduct" in an April 29 email to employees in South Carolina. Boeing provided a copy of the email to Ars. "After receiving the report, we quickly reviewed the matter and learned that several people had been violating Company policies by not performing a required test, but recording the work as having been completed," Stocker wrote. "As you all know, we have zero tolerance for not following processes designed to ensure quality and safety. We promptly informed our regulator about what we learned and are taking swift and serious corrective action with multiple teammates."

Along with introducing a new iPad Air and iPad Pro during its Let Loose event, Apple quietly killed its ninth-gen iPad -- also known as the last iPad with a headphone jack. From a report: The 10th-gen iPad is now the sole entry-level iPad in Apple's official lineup and, as such, has received a $100 price cut. Released in late 2022, the 10th-generation iPad arrived starting at $449, or about $120 more than base entry-level iPads from previous years. Apple justified the price increase with new iPad Air-like features, like a 10.9-inch screen and USB-C support.

Financial Times Alphaville: Look, we know we write a lot about Jane Street, but it's a fascinating place, and people seem interested in it. So it was hard to resist writing about the trading shop entering the mobile phone game space (kinda). Back in 2013 Jane Street developed a card game called "Figgie," which it made to simulate open outcry trading, teach trading nous, and generally burnish its reputation for quirkiness -- de rigueur in the industry.

All you need are 40 cards from a normal deck, and the rules have been public for a while. During Covid, Jane Street made a virtual version for remote interns. Now it's a mobile game that's publicly available on the official Apple and Google app stores.

Motional, the autonomous vehicle startup borne out of a $4 billion joint venture between Hyundai and automotive supplier Aptiv, will pause its commercial operations and delay plans to launch a driverless taxi service as it undergoes a restructuring, TechCrunch reported Tuesday. From a report: The aim is make progress on the core technology and the business model, while preserving capital, according to sources familiar with the changes. Motional has pushed its plan to launch a commercial driverless robotaxi service with its second-generation AV -- the Hyundai Ioniq 5 -- to 2026, two years later than planned.

The company told employees Tuesday during an all-hands meeting that the changes will include layoffs, but did not provide a figure of how many people would be affected, according to sources who spoke to TechCrunch on condition of anonymity. Motional began notifying employees if they were laid off shortly after the meeting ended. The company employed more than 1,300 people prior to a 5% cut in workforce in March 2024. Motional will halt its commercial operations, which today includes taxi rides in autonomous Hyundai Ioniq 5 vehicles in Las Vegas via the Uber and Lyft network. The company will also end deliveries for Uber Eats customers in Santa Monica using its autonomous vehicles. A human safety operator is behind the wheel in all of its commercial operations.

Microsoft has deployed a generative AI model entirely divorced from the internet, saying US intelligence agencies can now safely harness the powerful technology to analyze top-secret information. From a report: It's the first time a major large language model has operated fully separated from the internet, a senior executive at the US company said. Most AI models including OpenAI's ChatGPT rely on cloud services to learn and infer patterns from data, but Microsoft wanted to deliver a truly secure system to the US intelligence community.

Spy agencies around the world want generative AI to help them understand and analyze the growing amounts of classified information generated daily, but must balance turning to large language models with the risk that data could leak into the open -- or get deliberately hacked. Microsoft has deployed the GPT4-based model and key elements that support it onto a cloud with an "air-gapped" environment that is isolated from the internet, said William Chappell, Microsoft's chief technology officer for strategic missions and technology.

Less than two weeks after President Biden signed a bill that will force TikTok's Chinese owner, ByteDance, to sell the popular social media app or face a ban in the United States, TikTok said it sued the federal government on Tuesday, arguing the law was unconstitutional. From a report: TikTok said that the law violated the First Amendment by effectively removing an app that millions of Americans use to share their views and communicate freely. It also argued that a divestiture was "simply not possible," especially within the law's 270-day timeline, pointing to difficulties such as Beijing's refusal to sell a key feature that powers TikTok in the United States.

"For the first time in history, Congress has enacted a law that subjects a single, named speech platform to a permanent, nationwide ban, and bars every American from participating in a unique online community with more than one billion people worldwide," the company said in the 67-page petition it provided, which initiates the lawsuit. "There is no question: The act will force a shutdown of TikTok by Jan. 19, 2025." TikTok is battling for its survival in the United States, with the fight set to play out primarily in courts over the next few months. While lawmakers who passed the bill have said the app is a national security threat because of its ties to China, the courts must now weigh those concerns against TikTok's argument that a sale or ban would violate the First Amendment free-speech rights of its users and hurt small businesses that owe their livelihood to the platform.

The identity of the leader of one of the most infamous ransomware groups in history has finally been revealed. From a report: On Tuesday, a coalition of law enforcement led by the U.K.'s National Crime Agency announced that Russian national, Dmitry Yuryevich Khoroshev, 31, is the person behind the nickname LockBitSupp, the administrator and developer of the LockBit ransomware. The U.S. Department of Justice also announced the indictment of Khoroshev, accusing him of computer crimes, fraud and extortion.

"Today we are going a step further, charging the individual who we allege developed and administered this malicious cyber scheme, which has targeted over 2,000 victims and stolen more than $100 million in ransomware payments," Attorney General Merrick B. Garland was quoted as saying in the announcement. According to the DOJ, Khoroshev is from Voronezh, a city in Russia around 300 miles south of Moscow. "Dmitry Khoroshev conceived, developed, and administered Lockbit, the most prolific ransomware variant and group in the world, enabling himself and his affiliates to wreak havoc and cause billions of dollars in damage to thousands of victims around the globe," said U.S. Attorney Philip R. Sellinger for the District of New Jersey, where Khoroshev was indicted.

Disney CEO Bob Iger says the company is shrinking the MCU with a new mission to drop the number of Marvel TV series to two a year and the film output to no more than three movies per year. The comment follows Iger conceding last year that Marvel had diluted audience's focus by making too many TV shows. From a report: Iger said this is part of Disney's overall strategy to reduce output and focus on quality, a strategy "that's particularly true with Marvel."

"We're slowly going to decrease volume and go to probably about two TV series a year instead of what had become four and reduce our film output from maybe four a year to two, or a maximum of three," the Disney CEO said during the company's quarterly earnings call Tuesday. "And we're working hard on what that path is." Iger says Marvel has "a couple of good films in '25 and then we're heading to more 'Avengers,' which we're extremely excited about," adding: "Overall, I feel great about the slate. It's something that I've committed to spending more and more time on. The team is one that I have tremendous confidence in and the IP that we're mining, including all the sequels that we're doing, is second to none."

Apple revealed its refreshed iPad Pro lineup at its "Let Loose" virtual event Tuesday, featuring a slimmer design, OLED displays, and the company's latest M4 chip. The new 13-inch and 11-inch models boast enhanced brightness, color saturation, and contrast, with the 13-inch model measuring just 5.1 millimeters thick, making it Apple's thinnest device ever.

The M4 chip, which powers the new iPad Pros, delivers a 50% faster CPU and improved efficiency compared to the previous-gen M2 chip. Apple has also introduced updated accessories, including a redesigned Magic Keyboard with an aluminum palm rest and function key row, and the Apple Pencil Pro with squeeze gestures, Find My location tracking, and haptic feedback. The switch to OLED technology ensures consistent display quality across both iPad Pro sizes, addressing the previous disparity between the 12.9-inch Mini LED model and the smaller, traditional-screen version.

The base storage for both models is now 256GB, with prices starting at $999 for the 11-inch and $1,299 for the 13-inch. Both are available for preorder today and will be available in stores next week.

Wesley Yin-Poole, reporting for IGN: Microsoft has closed a number of Bethesda studios, including Redfall maker Arkane Austin, Hi-Fi Rush and The Evil Within developer Tango Gameworks, and more in devastating cuts at Bethesda, IGN can confirm. Alpha Dog Studios, maker of mobile game Mighty Doom, will also close. Roundhouse Games will be absorbed by The Elder Scrolls Online developer ZeniMax Online Studios.

On Redfall, the disastrous vampire co-op game will now not receive promised updates as Microsoft has ended all development on the game. Microsoft said Redfall will remain online to play, and it will provide a "make-good" offer for those who bought the Hero DLC. In an email to staff sent by Matt Booty, head of Xbox Game Studios, Microsoft blamed the cuts on a "reprioritization of titles and resources."

The Register provides a retrospective look at how Microsoft "absorbed the handset division of Nokia" ten years ago, only to kill the unit two years later and write it off as a tax loss. What went wrong? "It was a fatal combination of bad management, a market evolving in ways hidebound people didn't predict, and some really (with a few superb exceptions) terrible products," reports The Register. From the report: Like Nokia, Windows Mobile's popularity peaked in 2007, then started to drop away. The iPhone was the tech item of choice for fashionistas, Blackberry was seen as essential for serious business, and Android -- with Google as its new owner -- was gaining traction. Microsoft by that time had a new CEO in Steve Ballmer, who completely and famously failed to see the shifting sands in the mobile market. He dismissed the iPhone as a threat to what he thought was Windows Mobile's unassailable market position, and was roundly mocked for it. So the scene was set for a mobile standards war, and Steve Ballmer staked his professional pride on winning it. Microsoft recruited Nokia to help out. [...]

Under [Executive VP of Microsoft Stephen Elop's] leadership, a closer working relationship with Microsoft was a given -- but in 2013 Redmond announced it was going the whole hog and buying Nokia's handset business outright for $7.2 billion. The deal was done in April 2014, a decade ago from today. Microsoft also got a ten-year license on Nokia's patents and the option to renew in perpetuity. It also got Elop back, as executive vice president of the Microsoft Devices Group. That meant stepping down as CEO of Nokia, for which he trousered an 18.8 million bonus package -- a payoff the Finnish prime minister at the time called "outrageous." Nokia retained its networking business in Finland. It purchased Siemens' half of the Nokia Siemens Networks joint venture and renamed in Nokia Networks. The Nokia board rolled the dice again on hiring another non-Suomi manager, Rajeev Suri, and this time hit a double D20 in D&D terms.

When Ballmer stepped down from the helm at Microsoft in 2014 -- shortly before the Nokia deal completion -- he left a hot mess to deal with. His plan had been to develop the mobile operating system in conjunction with Windows 10, and Windows Mobile 10 was supposed to be a part of a unified code environment. While Windows 10 on the desktop wasn't a bad operating system, Windows Mobile 10 really was. The promised synergy just didn't happen -- it was power-hungry, clunky, and about as popular as a rattlesnake in a pinata. It was this mess that Satya Nadella faced when he took over the reins. Nadella was never very keen on the phone platform and spent more time in press conferences talking about cricket or the cloud than Microsoft's mobile ambitions. It was clear to all that this really wasn't working. Elop was laid off by Redmond a year later.

It was clear that Windows Mobile wasn't going to work. Android and iOS were drinking Microsoft's milkshake, and Redmond realized the game was up. Microsoft started shedding mobile jobs -- both in Finland and Redmond. While mobile was still publicly touted as the way forward for Microsoft with Ballmer gone, the impetus wasn't there and support for the mobile OS shriveled. In 2015 Microsoft declared it was writing off $7.6 billion on the Phone Hardware division as "goodwill and asset impairment charges" -- $400 million more than it had originally paid for the Finnish firm. Nokia bought European networking giant Alcatel-Lucent in a $16.7 billion deal in 2015. Around the same time, Suri announced a move into tablets, since it had a non-compete agreement with Microsoft on mobiles. Meanwhile a bunch of former Nokia execs who'd fled Elop and Microsoft had started a mobile biz of their own: HMD. It was Finnish, but outsourced production to Foxconn in China, and was planning to make cheapish Android devices. In 2016 Microsoft sold its mobile hardware arm to HMD for an undisclosed -- but probably not large -- sum. Nadella clearly wanted out of the whole business and the Finnish startup concentrated on selling good-enough Android smartphones to Nokia's traditional cheap markets.

"Out of an abundance of caution," Boeing says its historic Starliner launch has been postponed, citing an issue with the oxygen relief valve on the Atlas V rocket's upper stage. It was expected to launch tonight at 10:34 p.m. ET. TechCrunch reports: There are backup launch opportunities on May 7, 10 and 11. After years of delays and over $1 billion in cost overruns, the mission is set to be Boeing's first attempt to transport astronauts to the International Space Station. Once the issue is resolved with the upper stage, the United Launch Alliance Atlas V will carry the CST-100 Starliner capsule to orbit along with the two onboard astronauts -- Butch Wilmore and Sunny Williams -- from Florida's Cape Canaveral at 10:34 PM local time Monday evening. The mission also marks the first time ULA's Atlas will carry crew. The rocket boasts a success rate of 100% across 99 missions. (ULA is a joint venture of Boeing and Lockheed Martin.)

The astronauts would now dock at the station at the earliest on Thursday, where they would remain for at least eight days. The two astronauts will return to Earth in the capsule no earlier than May 16. If all goes to plan, Boeing will be able to finally certify its Starliner for human transportation and begin fulfilling the terms of its $4.2 billion NASA astronaut taxi contract. That contract, under the agency's Commercial Crew Program, was awarded in 2014. Elon Musk's SpaceX was also granted a contract under that program, for its Crew Dragon capsule, and has been transporting astronauts to and from the ISS since 2020.

An anonymous reader quotes a report from Wired: In April, Apple sent notifications to iPhone users in 92 countries, warning them they'd been targeted with spyware. "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID," the notification reads. Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based inIndia, but others in Europe also reported receiving Apple's warning. Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed "LightSpy," but Apple spokesperson Shane Bauer says this is inaccurate.

While Apple says the latest spyware notifications aren't linked to LightSpy, the spyware remains a growing threat, particularly to people who may be targeted in Southern Asia, according to Blackberry's researchers. Described as a "sophisticated iOS implant," LightSpy first emerged targeting Hong Kong protesters in 2020. However, the latest iteration is much more capable than the first. "It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims' private information, including hyper-specific location data and sound recording during voice over IP calls," the researchers wrote. April's warnings were not the first time Apple has issued notifications of this kind. The iPhone maker has sent out alerts to people in over 150 countries since 2021 as spyware continues to target high-profile figures across the globe.

Spyware can be weaponized by nation-state adversaries -- but this is relatively rare and expensive. Its deployment is typically highly targeted against a very specific group of people, including journalists, political dissidents, government workers, and businesses in certain sectors. "Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks." Plus, Apple says its Lockdown Mode feature can successfully protect against attacks. "As we have said before, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware," Bauer says. Still, for those who are targeted and caught unaware, spyware is extremely dangerous. There are a number of ways to protect yourself against spyware and zero-click exploits in particular:

1. Regularly Update Devices: Keep your devices updated to the latest software to protect against known vulnerabilities.
2. Restart Devices Daily: Regularly restarting your device can help disrupt persistent spyware infections by forcing attackers to reinfect the device, potentially increasing their chances of detection.
3. Disable Vulnerable Features: Consider disabling features prone to exploits, such as iMessage and FaceTime, especially if you suspect you're a target for spyware.
4. Use Multifactor Authentication and Secure Sources: Employ multifactor authentication and only install apps from verified sources to prevent unauthorized access and downloads.
5. Monitor for Indicators: Be vigilant for signs of infection such as battery drain, unexpected shutdowns, and high data usage, though these may not always be present with more sophisticated spyware.
6. Seek Professional Help: If you suspect a spyware infection, consider professional assistance or helplines like Access Now's Digital Security Helpline for guidance on removal.
7. Utilize Advanced Security Features: Activate security features like Apple's Lockdown Mode, which limits device functionality to reduce vulnerabilities, thus safeguarding against infections.

Swedish energy company Stockholm Exergi and Microsoft have announced a 10-year deal that will provide the tech giant with more than 3.3 million tons of carbon removal certificates through bioenergy with carbon capture and storage. While the value of the deal was not disclosed, it stands as the largest of its kind globally. Carbon Herald reports: Scheduled to commence in 2028 and span a decade, the agreement underscores a pivotal moment in combatting climate change. Anders Egelrud, CEO of Stockholm Exergi, lauded the deal as a "huge step" for the company and its BECCS project, emphasizing its profound implications for climate action. "I believe the agreement will inspire corporations with ambitious climate objectives, and we target to announce more deals with other pioneering companies over the coming months," he said. Recognizing the imperative of permanent carbon removals in limiting global warming to 1.5C or below, the deal aligns with Microsoft's ambitious goal of becoming carbon negative by 2030.

"Leveraging existing biomass power plants is a crucial first step to building worldwide carbon removal capacity," Brian Marrs, Microsoft's Senior Director of Energy & Carbon Removal, said, highlighting the importance of sustainable biomass sourcing for BECCS projects, as is the case with Stockholm Exergi. The partners will adhere to stringent quality standards, ensuring transparent reporting and adherence to sustainability criteria. The BECCS facility, once operational, will remove up to 800,000 tons of carbon dioxide (CO2) annually, contributing significantly to atmospheric carbon reduction. With environmental permits secured and construction set to commence in 2025, Stockholm Exergi plans to reach the final investment decision by the end of the year.

Researchers have discovered a new attack that can force VPN applications to route traffic outside the encrypted tunnel, thereby exposing the user's traffic to potential snooping or manipulation. This vulnerability, named TunnelVision, is found in almost all VPNs on non-Linux and non-Android systems. It's believe that the vulnerability "may have been possible since 2002 and may already have been discovered and used in the wild since then," reports Ars Technica. From the report: The effect of TunnelVision is "the victim's traffic is now decloaked and being routed through the attacker directly," a video demonstration explained. "The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet." The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. [...]

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It's also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server. The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that's diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app.

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn't in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device. You can learn more about the research here.