Forgot your password?
typodupeerror

Comment Re:Zero day already in the wild? (Score 1) 46

The summary says: "Microsoft also addressed three zero-day flaws, including two that are already being exploited in the wild. "

(scratches head) How can a flaw be called zero-day and already be exploited in the wild?

Because a zero-day is any flaw made public before the developer knows about it. One of the main ways this happens is by noticing that hackers are breaking into systems using a heretofore unknown exploit.

Submission + - Physicists create first room-temperature quantum material (phys.org)

alternative_right writes: In a study published in Nature, LSU physicists have developed the first room-temperature quantum material capable of distinguishing and transporting different quantum states of light, overcoming one of the biggest challenges in quantum materials research. Led by Associate Professor of Physics Omar S. Magaña-Loaiza, the work establishes a general design principle for engineering an entirely new class of quantum materials, opening new possibilities for quantum computing, secure communications, sensing technologies and advanced energy systems.

Submission + - Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes (darkreading.com)

schwit1 writes: When Microsoft vice president of engineering Tom Gallagher warned in May that the company's monthly patch releases could soon grow larger because of AI-driven vulnerability discovery, few likely expected the numbers would surpass 600 just two months later.

But with fixes for 622 unique CVEs, Microsoft’s July 2026 Patch Tuesday update is the largest by far in the program's history and offers a preview of the growing prioritization challenges organizations face as AI dramatically increases the volume of flaws requiring attention.

July's update contains fixes for three zero-day vulnerabilities, two of which attackers are already exploiting and one that's publicly known but remains unexploited. The patch update also includes fixes for more than five dozen critical vulnerabilities, many of which Microsoft identified as flaws that attackers are more likely to exploit. The total includes 416 vulnerabilities in Windows, 82 each in Office and Office 2016, 46 in Edge, 27 in Microsoft Developer Tools, and 17 in SharePoint Server.

"If people want a severity hook, July has 26 vulnerabilities with a CVSS base score above 9.0, and 13 of those sit at 9.8," said Josh Taylor, lead cybersecurity analyst at Fortra, in an emailed comment. "That matters, but CVSS is still only one part of the risk story. The real triage problem this month is the mix of exploited issues, a publicly disclosed BitLocker flaw, and a massive concentration of vulnerabilities in Windows and Office," he said. And rather than focusing on volume, patching teams need to prioritize the exploited vulnerabilities and their exposed infrastructure first, Taylor added.

"Today, July 14, 2026, marks a pivotal moment in our industry," researchers from Nightwing said in a statement. "We are officially moving past the traditional 'Patch Tuesday' approach and entering an era of continuous, high-volume security updates" and continuous patching.

Submission + - How Microsoft's "Little Workaround" Created a Major Pentagon Threat (propublica.org)

joshuark writes: ProPublica Reporter Renee Dudley heard Microsoft was running tech support for the U.S. Defense Department through China, the country’s biggest cybersecurity adversary.

The arrangement was called “digital escorting.” She thought it sounded like a conspiracy theory — until she started looking into it. This is the story of what she found and how her investigation changed government policy.

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.

The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.

National security and cybersecurity experts in the Trump administration contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.

Microsoft uses the escort system to handle the government’s most sensitive information that falls below “classified.” According to the government, this “high impact level” category includes “data that involves the protection of life and financial ruin.” The “loss of confidentiality, integrity, or availability” of this information “could be expected to have a severe or catastrophic adverse effect” on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as “Impact Level” 4 and 5 and includes materials that directly support military operations.

“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the “scope of systems they could disrupt” is limited.

In an emailed statement, the Defense Information Systems Agency said that cloud service providers “are required to establish and maintain controls for vetting and using qualified specialists,” but the agency did not respond to ProPublica’s questions regarding the digital escorts’ qualifications.

It’s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.

A spokesperson for the inspector general — whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse — told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.

Comment Re:good self awareness (Score 5, Interesting) 57

Good question. Their POWER series of CPUs were not insignificant in capability, their chip designers were clearly technically sophisticated, and GPUs are just specialised vector processors with a few extra bells and whistles - stuff IBM is extremely familiar with.

It would not have been difficult to release a GPU or other LLM-specific processor to go along with the POWER11. They'd been working on the POWER11 for 4 years, they knew in 2020 that LLMs had a strong potential to be significant for Big Data processing - an area you use big iron for, they're not rank amateurs, they have plenty of reserve, they could have assembled an emergency team to build a vector processor that was custom-designed for just LLM work, and released an LLM processor card that could run circles around nVidia.

They didn't. Because, as has happened before, their management is simply too stupid and too slow.

Comment "The" or "A"? (Score 4, Insightful) 9

I don't want to diminish the accomplishment; that seems like a very cool dataset and probably one that was really fiddly to pull together; but, if you are talking single-neuron resolution; I am curious about whether you can still call an individual sample "the human brainstem" rather than "a human brainstem" and what comparative purposes you can use it for without running into trouble with cases where there are multiple ways for a brainstem to be adequately healthy, so long as certain requirements are met, so you'll need considerably more samples to draw useful inferences about exactly what the problem abnormality is.

Same sort of thing as when "sequencing the human genome" was a big project. Obviously a major exercise in gene sequencing and a basis for situating subsequent sequencing operations; but once you start talking detail there isn't 'the human genome'; literally everyone has one; and it turns out that different differences matter or don't at radically different levels.

Presumably the methods used to do it once will be helpful in doing it more often in the future; but I'll be curious what we discover about the balance of 'normalcy' vs. some relatively subtle and confusing combination of surprisingly variable ways to have a brainstem that seems to work just fine along with surprisingly subtle, no ghastly big lesions, ways to have one that ends up being totally dodgy.

Comment The large print giveth; the small print taketh... (Score 1) 102

I find "NOTE: Experiences vary by region." to be a bad sign for something that would be so trivial for MS to alter the behavior of; and where they are obviously not earnestly making improvements that were previously impossible but grudgingly rolling back bullshit they thought they could get away with.

Probably means good news for users in the EU; same way they get left out of some of the most egregiously bullshit 'AI' stuff; may help EDU and enterprise; but I'm guessing that it's no promises for less favored users.

Comment the juice isn't worth the squeeze (Score 1) 107

1) there's no feedback of any value, at least not worth the effort. Any post can be immediately swarmed by bots or by humans that are little more than such. It happens here; you might be posting about the functionality of light switches and you'll get 5 anon posts about being a MAGA cuck and how it's Trump's fault; likewise you might post asking legit questions about data centers and have 5 anon posts calling you a communist woke traitor. Why bother connecting your brain to social media if all you're getting back is digital feces?

2) I've just spent much less time online anyway; I've decided to practice what I preach and - unless I'm actually doing something like ordering food, etc - I simply put my phone away when there are other humans present that I might interact with. At all. On a tram, in a waiting room. I am ready to engage other people, and if they don't choose to I've welcomed being alone with my thoughts again instead of being constantly bemused by some bit of celebrity news I couldn't give a shite about.

Comment Framing (Score 3, Insightful) 86

It doesn't matter if it's bad - if China and Russia agree it's bad you have to be for it.

You can never agree with China because they have a totalitarian AI Surveillance Police State there so you must support a totalitarian AI Surveillance Police State here.

If you are against techo-feudalism you must be one of them Putin Lovers.

- The New York Times / Langley, apparently.

Comment Thought for the day (Score 1) 35

What if...

Someone (say someone who was familiar with doxygen and GCC) developed number of comment types, where some stipulated preconditions that must be true for the function to run correctly, postconditions that must be true once the function has run, kernel facilities that the function definitely needs, and kernel facilities that the function definitely doesn't need. These would all be optional for any given function.

A static checker could then validate if the code meets the behaviour expected by the programmer. This is precisely what is done in SPARK, a fork of Ada for high-reliability code. Combined with existing static checker capabilities, this would greatly increase the number of bugs that could be caught with all kinds of tools, AI included.

It could ALSO build a full fine-grained mapping for any fine-grained mandatory access controls system. You'd also want includes that you could import for precompiled libraries. This would allow someone to verify if the code was making unanticipated/undesirable calls but would also make SELinux possible to develop for at the application level.

It would not be trivial. If it was trivial, it would have been done simply because it already IS done in other languages and that makes it "obvious" to anyone who has been programming for a while. However, it should not be massively complicated, simply because you can use AI as the static checker. Once it has a definite set of bounda that must be satisfied, it should be much more capable of knowing what paths would violate those bounds. Which means that the checker stage essentially is trivial today, leaving only the markup stage.

Comment Re:People are sheep and can't help themselves (Score 1) 110

Why is that desirable?

Because the cost to society is paid not by the smokers but by all of us. And health care costs are only the tip of the iceberg.

Cull the least smart and self-restrained.

There's no culling here. Both doom scrolling and smoking kill you so slowly that evolutionary it doesn't matter.

Comment Re:"the most extreme and troubling end" (Score 1) 70

I'm not expecting that from domestic opponents; both because the penalties are high and because people are, historically, shockingly bad at shooting for targets that actually matter. I'm thinking more internationally.

If 'AI' is half so interesting as its proponents claim one would expect being a machine learning researcher worth offering a fat signing bonus to be about as dangerous as being an Iranian nuclear physicist or a Russian oligarch who has fallen off Putin's friends list. If Zuck thinks that you are worth $100 million it seems like someone who takes the idea that 'AI' is the next frontier in state power would consider it worth the trouble to hire some local criminal to kill you in a botched robbery or have their clandestine services attempt to throw you a little tea party. So far no reports of even foiled attempts.

Slashdot Top Deals

Be sociable. Speak to the person next to you in the unemployment line tomorrow.

Working...