Google Cloud Security Exec: Government Reliance on Microsoft Is a Security Vulnerability

“Google is taking aim at Microsoft’s dominance in government technology and security,” reports NBC News:

Jeanette Manfra, director of risk and compliance for Google’s cloud services and a former top U.S. cybersecurity official, said Thursday that the government’s reliance on Microsoft — one of Google’s top business rivals — is an ongoing security threat.

Manfra also said in a blog post published Thursday that a survey commissioned by Google found that a majority of federal employees believe that the government’s reliance on Microsoft products is a cybersecurity vulnerability. “Overreliance on any single vendor is usually not a great idea,” Manfra said in a phone interview. “You have an attack on one product that the majority of the government is depending on to do their job, you have a significant risk in how the government can continue to function.”

Microsoft pushed back strongly against the claim, calling it “unhelpful.” The study comes as Google is positioning itself to challenge Microsoft’s dominance in federal government offices, where Windows and Office programs are commonly used….

The blog post comes as hackers continue to discover critical software vulnerabilities at an increasing pace across major tech products, but especially in Microsoft programs. Last year, researchers discovered 21 “zero-days” — an industry term for a critical vulnerability that a company doesn’t have a ready solution for — actively in use against Microsoft products, compared to 16 against Google and 12 against Apple. he most prominent zero-day was used against Microsoft’s Exchange email program, which cybersecurity experts say was first employed by Chinese cyberspies and then quickly adopted by criminal hackers, leading to hundreds of companies becoming compromised.

Read more of this story at Slashdot.

Intel Beats AMD and Nvidia with Arc GPU’s Full AV1 Support

Neowin notes growing support for the “very efficient, potent, royalty-free video codec” AV1, including Microsoft’s adding of support for hardware acceleration of AV1 on Windows.

But AV1 even turned up in Intel’s announcement this week of the Arc A-series, a new line of discrete GPUs, Neowin reports:

Intel has been quick to respond and the company has become the first such GPU hardware vendor to have full AV1 support on its newly launched Arc GPUs. While AMD and Nvidia both offer AV1 decoding with their newest GPUs, neither have support for AV1 encoding.

Intel says that hardware encoding of AV1 on its new Arc GPUs is 50 times faster than those based on software-only solutions. It also adds that the efficiency of AV1 encode with Arc is 20% better compared to HEVC. With this feature, Intel hopes to potentially capture at least some of the streaming and video editing market that’s based on users who are looking for a more robust AV1 encoding solution compared to CPU-based software approaches.

From Intel’s announcement:
Intel Arc A-Series GPUs are the first in the industry to offer full AV1 hardware acceleration, including both encode and decode, delivering faster video encode and higher quality streaming while consuming the same internet bandwidth. We’ve worked with industry partners to ensure that AV1 support is available today in many of the most popular media applications, with broader adoption expected this year. The AV1 codec will be a game changer for the future of video encoding and streaming.

Read more of this story at Slashdot.

Turmoil at Metals Exchange Trading Nickel Used in Lithium-Ion Batteries and EVs

Early last month on the London Metals Exchange, a Chinese metals producer named Tsingshan Holding Group “wagered a massive bet that the price of nickel would fall,” reports CNN Business. At the peak Tsingshan’s position “was equivalent to about an eighth of all of the outstanding contracts in the market.”

But between Friday, March 4 and Tuesday March 8, the metal soared in value from about $29,000 to $100,000 per ton. “If prices had stood at $100,000 the company would have owed the London Metals Exchange $15 billion, according to the Wall Street Journal.”
The spike generated margin calls higher than the London Metals Exchange [the LME] had ever seen — and if paid, they would force multiple defaults that would ripple through the exchange and destabilize the global market. Exchange executives scrambled to respond, ultimately throwing a lifeline to the brokers representing Tsingshan and other producers. In an unprecedented move, they halted trading and retroactively canceled all 9,000 trades that occurred on Tuesday, worth about $4 billion in total. The market would remain dark for a week, unleashing a tidal wave of chaos and a mob of angry investors onto the exchange. In its wake, threats of lawsuits abound and trust has eroded. [The day it re-opened, CNN also reported the exchange “had to suspend the electronic trading of nickel shortly after it resumed due to a technical problem.”]

Now, the 145 year-old British giant is teetering on a nickel. Over the past century-and-a-half the LME, known for its ring of red couches and barking brokers, has successfully trudged its way through world wars, meltdowns and defaults. But nickel, the metal used in stainless steel and the lithium-ion battery cells in most electric vehicles, might be what finally brings the world’s largest market for base metals contracts to its knees.”The world’s pricing mechanism for nickel is failing,” said Daniel Ghali, the director of commodities strategy at TD Securities. “The question is, will it continue to fail?” Others weren’t as diplomatic. “The LME is now very likely going to die a slow self-inflicted death through the loss of confidence in it and its products,” tweeted Mark Thompson, executive vice-chairman at Tungsten West, a mining development company….

Until 2012, the LME was owned by its members, the same people who traded on the exchange — but then it was sold to Hong Kong Exchanges and Clearing (HKEX) for $2.2 billion….

The LME’s lack of transparency allows two or three big names to throw around vast sums of money and “hijack” a relatively illiquid market, said Adrian Gardner, principal analyst of nickel markets at Wood Mackenzie…. Sitting on the other side of the short were hedge funds, who had bet that nickel supply would decrease because of Russia’s invasion of Ukraine (Russia provides about 20% of all top-grade nickel). When the LME decided to retroactively cancel those $4 billion in gains on March 8, it was hedge funds who lost giant sums of money. Global investment management firm AQR, which has $124 billion in assets under management, was among those that lost money when trades were canceled. “The winners were commodity producers and their banks, and the losers are the various clients that AQR and other large asset managers represent: firefighters, municipal workers, and university endowments,” said Jordan Brooks, principal at AQR Capital Management. AQR is considering legal action against the exchange. Investors, said Brooks, “acted in good faith and provided liquidity, but the LME just decided to shift their trading gains to commodities producers and their banks….”

Volume in trading has yet to recover, raising questions about the LME’s ability to accurately benchmark the price of the metal. Fewer than 210 contracts were traded in the first hour after the market opened on Tuesday. That’s down about 60% from the 90-day average before the trading halt. Other metals on the LME, like copper and aluminum, have also seen a decrease in trade volume….

The Chicago Mercantile Exchange doesn’t currently trade nickel, but perhaps it soon will. “[The LME] did something that was egregious and a betrayal of trust,” said Brooks. “I’d be shocked if the strategic plans of other exchanges haven’t changed in the past three weeks.”

Read more of this story at Slashdot.

Two More Successful Rocket Launches from Satellite Launch-Service Providers

SpaceNews reports:
The launch was the latest in a series of Electron launches of BlackSky satellites arranged by Spaceflight. That deal included launches of pairs of BlackSky satellites in November and December 2021 as well as a failed Electron launch in May 2021….

Rocket Lab did not attempt to recover the first stage of the Electron after this launch. The company said in November that, after three launches where it recovered Electron boosters after splashing down in the ocean, it was ready to attempt a midair recovery of a booster by catching it with a helicopter, the final step before reusing those boosters. The company has not announced when that recovery will take place, but hinted it would take place soon….

Lars Hoffman, senior vice president of global launch services at Rocket Lab, during a panel session at the Satellite 2022 conference March 22…added that the company has a “full manifest” of Electron launches this year, including the first from Launch Complex 2 at Wallops Island, Virginia, with a goal of launching on average once per month. “We’re keeping pace with the market. We’re trying not to get too far ahead.”

Meanwhile, in mid-March Space.com reported that the launch-service provider Astra “bounced back from last month’s launch failure with a groundbreaking success, deploying satellites in Earth orbit for the first time ever” with its low-cost two-stage launch vehicle, LV0009. (Watch video of the launch here.)
It was a huge moment for Astra, which suffered a failure last month during its first-ever launch with operational payloads onboard…. Astra aims to break into the small-satellite launch market in a big way with its line of cost-effective, easily transported and ever-evolving rockets.

The company had conducted five orbital flights before today, four of them test missions from Kodiak. Astra reached orbit successfully on the most recent of those four test flights, a November 2021 mission that carried a non-deployable dummy payload for the U.S. Department of Defense. But the company stumbled on its next mission, its first with operational payloads onboard…

Astra investigators soon got to the bottom of both problems, tracing the fairing issue to an erroneous wiring diagram and the tumble to a software snafu. The company instituted fixes, clearing LV0009’s path to the pad… LV0009 rose into the Alaska sky smoothly and ticked off its early milestones as planned. Stage separation and fairing deploy went well, and the rocket’s second stage cruised to the desired orbit with no apparent issues. LV0009 deployed its payloads successfully about nine minutes after liftoff….

One of the known payloads is OreSat0, a tiny cubesat built by students at Portland State University in Oregon that is designed to serve as a testbed for future cubesats that will study Earth’s climate and provide STEM (science, technology, engineering and math) outreach opportunities.

Read more of this story at Slashdot.

Face Scanner Clearview AI Aims To Branch Out Beyond Police

A controversial facial recognition company that’s built a massive photographic dossier of the world’s people for use by police, national governments and — most recently — the Ukrainian military is now planning to offer its technology to banks and other private businesses. The Washington Post reports: Clearview AI co-founder and CEO Hoan Ton-That disclosed the plans Friday to The Associated Press in order to clarify a recent federal court filing that suggested the company was up for sale. “We don’t have any plans to sell the company,” he said. Instead, he said the New York startup is looking to launch a new business venture to compete with the likes of Amazon and Microsoft in verifying people’s identity using facial recognition.

The new “consent-based” product would use Clearview’s algorithms to verify a person’s face, but would not involve its ever-growing trove of some 20 billion images, which Ton-That said is reserved for law enforcement use. Such ID checks that can be used to validate bank transactions or for other commercial purposes are the “least controversial use case” of facial recognition, he said. That’s in contrast to the business practice for which Clearview is best known: collecting a huge trove of images posted on Facebook, YouTube and just about anywhere else on the publicly-accessible internet.

Read more of this story at Slashdot.

Writing Google Reviews About Patients Is Actually a HIPAA Violation

“According to The Verge, health providers writing Google reviews about patients with identifiable information is a HIPAA violation,” writes Slashdot reader August Oleman. From the report: In the past few years, the phrase ‘HIPAA violation’ has been thrown around a lot, often incorrectly. People have cited the law, which protects patient health information, as a reason they can’t be asked if they’re vaccinated or get a doctor’s note for an employer. But asking someone if they’re vaccinated isn’t actually a HIPAA violation. That’s a fine and not-illegal thing for one non-doctor to ask another non-doctor. What is a HIPAA violation is what U. Phillip Igbinadolor, a dentist in North Carolina, did in September 2015, according to the Department of Health and Human Services. After a patient left an anonymous, negative Google review, he logged on and responded with his own post on the Google page, saying that the patient missed scheduled appointments. […]

In the post, he used the patient’s full name and described, in detail, the specific dental problem he was in for: “excruciating pain” from the lower left quadrant, which resulted in a referral for a root canal. That’s what a HIPAA violation actually looks like. The law says that healthcare providers and insurance companies can’t share identifiable, personal information without a patient’s consent. In this case, the dentist (a healthcare provider) publicly shared a patient’s name, medical condition, and medical history (personal information). As a result, the office was fined $50,000 (PDF).

Read more of this story at Slashdot.

Chrome’s ‘Topics’ Advertising System Is Here, Whether You Want It Or Not

slack_justyb writes: After the failure of the Chrome user-tracking system that was called FLoC, Google’s latest try at topic tracking to replace the 3rd party cookie (that Chrome is the only browser to still support) is FLEDGE and the most recent drop of Canary has this on full display for users and privacy advocates to dive deeper into. This recent release shows Google’s hand that it views user tracking as a mandatory part of internet usage, especially given this system’s eye-rolling name of “Privacy Sandbox” and the tightness in the coupling of this new API to the browser directly.

The new API will allow the browser itself to build what it believes to be things that you are interested in, based on broad topics that Google creates. New topics and methods for how you are placed into those topics will be added to the browser’s database and indexing software via updates from Google. The main point to take away here though is that the topic database is built using your CPU’s time. At this time, opting out of the browser building this interest database is possible thus saving you a few cycles from being used for that purpose. In the future there may not be a way to stop the browser from using cycles to build the database; the only means may be to just constantly remove all interest from your personal database. At this time there doesn’t seem to be any way to completely turn off the underlying API. A website that expects this API will always succeed in “some sort of response” so long as you are using Chrome. The response may be that you are interested in nothing, but a response none-the-less. Of course, sending a response of “interested in nothing” would more than likely require someone constantly, and timely, clearing out the interest database, especially if at some later time the option to turn off the building of the database is removed.

With 82% of Google’s empire based on ad revenue, this latest development in Chrome shows that Google is not keen on any moves to threaten their main money maker. Google continues to argue that it is mandatory that it builds a user tracking and advertising system into Chrome, and the company says it won’t block third-party cookies until it accomplishes that — no matter what the final solution may ultimately be. The upshot, if it can be called that, of the FLEDGE API over FLoC, is that abuse of FLEDGE looks to yield less valuable results. And attempting to use the API alone to pick out an individual user via fingerprinting or other methods employed elsewhere seems to be rather difficult to do. But only time will tell if that remains true or just Google idealizing this new API. As for the current timeline, here’s what the company had to say in the latest Chromium Blog post: “Starting today, developers can begin testing globally the Topics, FLEDGE, and Attribution Reporting APIs in the Canary version of Chrome. We’ll progress to a limited number of Chrome Beta users as soon as possible. Once things are working smoothly in Beta, we’ll make API testing available in the stable version of Chrome to expand testing to more Chrome users.”

Read more of this story at Slashdot.