Omnipotent BMCs From Quanta Remain Vulnerable To Critical Pantsdown Threat

“Quanta not patching vulnerable baseboard management controllers leaves data centers vulnerable,” writes long-time Slashdot reader couchslug. “Pantsdown was disclosed in 2019…” Ars Technica reports: In January 2019, a researcher disclosed a devastating vulnerability in one of the most powerful and sensitive devices embedded into modern servers and workstations. With a severity rating of 9.8 out of 10, the vulnerability affected a wide range of baseboard management controllers (BMC) made by multiple manufacturers. These tiny computers soldered into the motherboard of servers allow cloud centers, and sometimes their customers, to streamline the remote management of vast fleets of computers. They enable administrators to remotely reinstall OSes, install and uninstall apps, and control just about every other aspect of the system — even when it’s turned off. Pantsdown, as the researcher dubbed the threat, allowed anyone who already had some access to the server an extraordinary opportunity. Exploiting the arbitrary read/write flaw, the hacker could become a super admin who persistently had the highest level of control for an entire data center.

Over the next few months, multiple BMC vendors issued patches and advisories that told customers why patching the vulnerability was critical. Now, researchers from security firm Eclypsium reported a disturbing finding: for reasons that remain unanswered, a widely used BMC from data center solutions provider Quanta Cloud Technology, better known as QCT, remained unpatched against the vulnerability as recently as last month. As if QCT’s inaction wasn’t enough, the company’s current posture also remains baffling. After Eclypsium privately reported its findings to QCT, the solutions company responded that it had finally fixed the vulnerability. But rather than publish an advisory and make a patch public — as just about every company does when fixing a critical vulnerability — it told Eclypsium it was providing updates privately on a customer-by-customer basis. As this post was about to go live, “CVE-2019-6260,” the industry’s designation to track the vulnerability, didn’t appear on QCT’s website. […] “[T]hese types of attacks have remained possible on BMCs that were using firmware QCT provided as recently as last month,” writes Ars’ Dan Goodin in closing. “QCT’s decision not to publish a patched version of its firmware or even an advisory, coupled with the radio silence with reporters asking legitimate questions, should be a red flag. Data centers or data center customers working with this company’s BMCs should verify their firmware’s integrity or contact QCT’s support team for more information.”

Read more of this story at Slashdot.

RED Sues Nikon For Infringing On Its Video Compression Patents

RED filed a lawsuit yesterday suing (PDF) Nikon for infringing on its video compression patents. PetaPixel reports: The lawsuit was filed in a southern California federal court today and asserts that the Japanese camera manufacturer and its United States subsidiaries have illegally infringed on seven patents that deal specifically with “a video camera that can be configured to highly compress video data in a visually lossless manner.”

In the filing, RED notes a type of compression that it says it has patented and is in use by Nikon in the Z9: “The camera can be configured to transform blue and red image data in a manner that enhances the compressibility of the data. The data can then be compressed and stored in this form. This allows a user to reconstruct the red and blue data to obtain the original raw data for a modified version of the original raw data that is visually lossless when demosaiced. Additionally, the data can be processed so the green image elements are demosaiced first, and then the red and blue elements are reconstructed based on values of the demosaiced green image elements.”

This compression comes thanks to a partnership with intoPIX’s TicoRAW which was announced last December. […] The TicoRAW feature has been in the news for months, but RED was likely waiting for it to be implemented into a competitor’s camera before filing a lawsuit. RED’s lawsuit says Nikon’s infringement on its patent was “willful” and claims Nikon would have known about RED’s patents. […] RED then cites multiple lawsuits it has filed against Kinefinity, Sony, and Nokia over the years. RED is seeking damages or royalties for the infringement as well as an injunction to ban Nikon from further infringing.

Read more of this story at Slashdot.

Tangle-Free Magnetic USB Cables Are Here

The Verge’s Sean Hollister has been testing a number of “nifty” USB cables that magnetically stick to themselves and don’t get all tangled up in your drawers and bags. The only problem is “they all suck big time at data transfer, charging, or both,” he writes. From the report: This one, which also has its own built-in blue LED light and magnetic swappable tips for USB-C, micro-USB, and Lightning, won’t charge most of my USB-C gadgets at all, but I was able to sling some files from an external drive at lackluster USB 2.0 speeds and charge my iPhone over Lightning. It’s also got super weak coiling magnets and felt even cheaper than the rest.

This USB-C to USB-C one was pretty decent at charging, giving me 65W of USB-C PD power and had the best magnets of the bunch — but it wouldn’t connect to a Pixel 4A phone or my USB-C external drive at all. They just didn’t show up on my desktop!

This USB-A to USB-C cable was the worst of the lot. Just wiggling it would disconnect anything I had plugged in, and it topped out at 10W of charging — not the 15-18W I’d usually see with my Pixel.

Lastly, this USB-A to Lightning one seems to be a SuperCalla cable, showing up in an “Original SuperCalla” box, even though it’s sold by a brand named “Tech.” Slow charging, slow data, but at least it seems to stay reliably connected to my iPhone so far.

But those aren’t the only style of magnetic no-tangle cable I found. I also bought this neat accordion-style one, which is perhaps the best of the bunch: I got 15W charging, and it feels better built than the rest. But it’s less fun to play with, the magnets aren’t as strong, and it’s got a bit of an awkward shape when fully extended because the joints will always stick out. Plus, it tops out at USB 2.0 speeds of 480Mbps (or around 42MB/s in practice.) I couldn’t find a C-to-C or Lightning version. […] Right now, all I’ve found are these cheap-o, $10 novelty cables, and that’s a real shame. The magnet design deserves better, and so do we.

Read more of this story at Slashdot.

Corey B. Marion, Co-Founder of The Iconfactory, Dies Age 54

Designer and co-founder of The Iconfactory, Corey B. Marion, has died following a long battle with cancer. He was 54. AppleInsider reports: Marion founded The Iconfactory in 1996 with Talos Tsui, and Gedeon Maheux, when he was 29. For a quarter of a century, he led the firm while also designing icons — including the company’s own factory logo one — and created a typeface based on his own handwriting. […] The Iconfactory produces sets of icons, such as free ones commissioned by Paramount to promote a “Star Trek” film, and over 100 for Microsoft Windows XP. Corey designed logos, emojis, and wallpapers too. Plus from 1997 to 2004, he was a judge on The Iconfactory’s annual Pixelpalooza icon design contest, created specifically for the Mac community. “We hope you’ll join us in celebrating his life via the digital gifts he gave of himself as well as send warm and comforting wishes to his entire family,” says a statement on the front page of the company’s site. “Our sadness is tempered by the fact that his art and legacy live on in all of us here at the factory as well as for all those, like yourselves, who have enjoyed his creations over the years.”

Read more of this story at Slashdot.

NCTC Could Drop ‘Cable’ As Industry Group Eyes Name Change

Industry trade group the National Cable Television Cooperative (NCTC) could be dropping the “cable” moniker as it eyes a potential name change. Fierce Video reports: A trademark application filed by NCTC on May 17 shows one proposal for a new name: National Content & Technology Cooperative. An NCTC spokesperson confirmed to Fierce that the organization will be changing its name, but said it is considering a large number of options and hasn’t yet settled on a final decision. The spokesperson noted it’s taking time to register potential names, but some of the other choices on the table include simply “NCTC,” “NCTC Online” or even sticking with its current brand of the National Cable Television Cooperative. […] According to the application, it appears NCTC is also considering losing the image of a coaxial cable that’s currently featured in its logo.

So why the potential shift away from cable? One factor could be that the industry has clearly changed since NCTC formed in 1984, with cable operators in recent years deemphasizing traditional video offerings. The “Cable Television” part of the group’s name is becoming less accurate over time, said Brett Sappington, VP of Interpret. “Broadband, not television, is the cash cow for the cable industry,” he told Fierce Video. “Many of the organization’s members are actually moving away from offering their own video service and are, instead, focusing on broadband bundled with streaming services.” […] Along with industry changes come some shifts in perception as well. “Cable TV doesn’t necessarily have a positive connotation today,” Sappington noted. “In fact, many online TV services such as Sling TV or FuboTV emphasize why consumers should ‘drop cable’ and go with their services instead,” he continued.

Read more of this story at Slashdot.

Dyson’s Been Secretly Working On Robots That Do Household Chores

Dyson has revealed that it has an entire division that’s secretly been developing robot prototypes that do household chores. Engadget reports: The company didn’t detail any of the models in particularly, but many look like regular robot arms adapted to do specialized home chores like cleaning and tidying. One appeared to be designed to vacuum out the seat cushions, mapping an armchair out in detail to do the job. “So this means I’ll never, ever find crisps around the back of my sofa again?” the company’s chief engineer, Jake Dyson, asked a researcher in a video (here).

Another robot was putting away dishes or at least placing them in a drying rack, and another was grasping a teddy bear, presumably picking up after a child. Dyson also showed off a “Perception Lab” that was all about robotic vision systems, detecting its environment and mapping humans with sensors, cameras and thermal imaging systems. Dyson is currently on a recruiting drive, looking for around 700 engineers, which is one reason it finally decided to show off the lab (located at Hullavington Airfield, Wiltshire in the UK) after keeping it under wraps.

Read more of this story at Slashdot.

California Parents Could Soon Sue For Social Media Addiction

California could soon hold social media companies responsible for harming children who have become addicted to their products, permitting parents to sue platforms like Instagram and TikTok for up to $25,000 per violation under a bill that passed the state Assembly on Monday. The Associated Press reports: The bill defines “addiction” as kids under 18 who are both harmed — either physically, mentally, emotionally, developmentally or materially — and who want to stop or reduce how much time they spend on social media but they can’t because they are preoccupied or obsessed with it. Business groups have warned that if the bill passes, social media companies would most likely cease operations for children in California rather than face the legal risk.

The proposal would only apply to social media companies that had at least $100 million in gross revenue in the past year, appearing to take aim at social media giants like Facebook and others that dominate the marketplace. It would not apply to streaming services like Netflix and Hulu or to companies that only offer email and text messaging services. […] The bill gives social media companies two paths to escape liability in the courts. If the bill becomes law, it would take effect on Jan. 1. Companies that remove features deemed addictive to children by April 1 would not be responsible for damages. Also, companies that conduct regular audits of their practices to identify and remove features that could be addictive to children would be immune from lawsuits. “Monday’s vote is a key — but not final — step for the legislation,” adds the report. “The bill now heads to the state Senate, where it will undergo weeks of hearings and negotiations among lawmakers and advocates. But Monday’s vote keeps the bill alive this year.”

Read more of this story at Slashdot.

Microsoft Dev Box Will Virtualize Your Windows Development PC In a Browser Window

Microsoft Dev Box is intended to simplify the process of getting new developer workstations up and running quickly, with all necessary tools and dependencies installed and working out-of-the-box (so to speak), along with access to up-to-date source code and fresh copies of any nightly builds. Ars Technica reports: Dev Box is built on Windows 365, a service that IT admins can use to provide preconfigured virtual PCs to users. Admins can build operating system images and offer hardware configurations with different amounts of CPU power, storage, and RAM based on what particular users (or workloads) need. Windows 365 virtual machines, including but not limited to Dev Box VMs, can be accessed from other Windows PCs, or devices running macOS, iOS, Android, Linux, or ChromeOS.

“Microsoft Dev Box supports any developer IDE, SDK, or internal tool that runs on Windows,” writes Microsoft product manager Anthony Cangialosi [in a blog post introducing the service]. “Dev Boxes can target any development workload you can build from a Windows desktop and are particularly well-suited for desktop, mobile, IoT, and gaming. You can even build cross-platform apps using Windows Subsystem for Linux.” Dev Box is currently available in a private preview. If you’re interested in testing it when the preview goes public, you can sign up to learn more here.

Read more of this story at Slashdot.

Samsung Allegedly Assembling a ‘Dream Team’ To Take Down Apple’s M1 In 2025

Samsung is rumored to be assembling a special task force dubbed “Dream Platform One team” tasked with designing a custom in-house Samsung mobile Application Processor (AP) that can take on Apple Silicon. Neowin reports: It’s probably fair to say that Samsung hasn’t had the best time with its Exynos offerings when compared against rivals like Qualcomm or Apple. To shake its fortunes up, the company also paired up with AMD for its Exynos 2200 GPU, and results were a mixed bag. Both the AMD RDNA 2 Xclipse 920 graphics and the Exynos 2200 CPU were found to be pretty disappointing in terms of power efficiency as they were not much better than the previous Exynos 2100 offering. In a nutshell, the new CPU was around 5% faster while the AMD graphics was around 17% better, both of which were clearly not enough (via TechAltar on Twitter). However, the company is looking to get real serious and down to business come 2025. The new report coincides with a separate report suggesting that Samsung was working on a custom chipset for its Galaxy S series. The downside is that it’s not slated for 2025 and will obviously have to compete against whatever Apple offers at that time.

Read more of this story at Slashdot.

Spain To Invest $13 Billion To Build Microchip Industry

The Spanish government on Tuesday announced plans to invest $13.2 billion to build microchips in the country and “help reduce the dependence of Span and the European Union on other suppliers,” reports the Associated Press. From the report: Speaking in Madrid, Deputy Prime Minister and Economy Minister Nadia Calvino said the five-year plan is aimed at enabling Spain to cover every area in the design and production of microchips, which are now considered key to all areas of modern industry. She said the plan was among the most ambitious of the Spanish government’s projects to reboot the economy after the COVID-19 pandemic and that it would have an effect on other sectors.

The project was directed at boosting the EU’s weak position in microchip production, which Calvino said represented some 10% of the world total. She said this led to a great dependence on a small number of major producers such as Taiwan, the United States, South Korea, Japan and China. Calvino added that “the war in Ukraine makes it a priority to reinforce strategic autonomy in energy, technology, food production as well as cyber security.”

Read more of this story at Slashdot.