NSA Urges Organizations To Shift To Memory Safe Programming Languages

In an press release published earlier today, the National Security Agency (NSA) says it will be making a strategic shift to memory safe programming languages. The agency is advising organizations explore such changes themselves by utilizing languages such as C#, Go, Java, Ruby, or Swift. From the report: The “Software Memory Safety” Cybersecurity Information Sheet (PDF) highlights how malicious cyber actors can exploit poor memory management issues to access sensitive information, promulgate unauthorized code execution, and cause other negative impacts. “Memory management issues have been exploited for decades and are still entirely too common today,” said Neal Ziring, Cybersecurity Technical Director. “We have to consistently use memory safe languages and other protections when developing software to eliminate these weaknesses from malicious cyber actors.”

Microsoft and Google have each stated that software memory safety issues are behind around 70 percent of their vulnerabilities. Poor memory management can lead to technical issues as well, such as incorrect program results, degradation of the program’s performance over time, and program crashes. NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations. The full report is available here (PDF).

Read more of this story at Slashdot.

How Mem Plans To Reinvent Note-Taking Apps With AI

David Pierce writes via The Verge: In the summer of 2019, Kevin Moody and Dennis Xu started meeting with investors to pitch their new app. They had this big idea about reshaping the way users’ personal information moves around the internet, coalescing all their data into a single tool in a way that could actually work for them. But they quickly ran into a problem: all of their mock-ups and descriptions made it seem like they were building a note-taking app. And even in those hazy early days of product development — before they had a prototype, a design, even a name — they were crystal clear that this would not be a note-taking app. Instead, the founders wanted to create something much bigger. It would encompass all of your notes but also your interests, your viewing history, your works-in-progress. “Imagine if you had a Google search bar but for all nonpublic information,” Xu says. “For every piece of information that was uniquely relevant to you.”

That’s what Moody and Xu were actually trying to build. So they kept tweaking the approach until it made sense. At one point, their app was going to be called NSFW, a half-joke that stood for “Notes and Search for Work,” and for a while, it was called Supernote. But after a few meetings and months, they eventually landed on the name “Mem.” Like Memex, a long-imagined device that humans could use to store their entire memory. Or like, well, memory. Either way, it’s not a note-taking app. It’s more like a protocol for private information, a way to pipe in everything that matters to you — your email, your calendar events, your airline confirmations, your meeting notes, that idea you had on the train this morning — and then automatically organize and make sense of it all. More importantly, it’s meant to use cutting-edge AI to give all that information back to you at exactly the right time and in exactly the right place. […]

So far, Mem is mostly a note-taking app. It’s blisteringly fast and deliberately sparse — mostly just a timeline of every mem (the company’s parlance for an individual note) you’ve ever created or viewed, with a few simple ways to categorize and organize them. It does tasks and tags, but a full-featured project manager or Second Brain system this is not. But if you look carefully, the app already contains a few signs of where Mem is headed: a tool called Writer that can actually generate information for you, based on both its knowledge of the public internet and your personal information; AI features that summarize tweet threads for you; a sidebar that automatically displays mems related to what you’re working on. All this still barely scratches the surface of what Mem wants to do and will need to do to be more than a note-taking app…

Read more of this story at Slashdot.

Kaspersky To Kill Its VPN Service In Russia Next Week

Kaspersky is stopping the operation and sales of its VPN product, Kaspersky Secure Connection, in the Russian Federation, with the free version to be suspended as early as November 15, 2022. BleepingComputer reports: As the Moscow-based company informed on its Russian blog earlier this week, the shutdown of the VPN service will be staged, so that impact on customers remains minimal. Purchases of the paid version of Kaspersky Secure Connection will remain available on both the official website and mobile app stores until December 2022. Customers with active subscriptions will continue to enjoy the product’s VPN service until the end of the paid period, which cannot go beyond the end of 2023 (one-year subscription).
Russian-based users of the free version of Kaspersky Secure Connection will not be able to continue using the product after November 15, 2022, so they will have to seek alternatives. BleepingComputer emailed Kaspersky questions regarding its decision to stop offering VPN products in Russia, but a spokesperson has declined to provide more information. Russia’s telecommunications watchdog, Roskomnadzor, announced VPN bans in June 2021 and then again in December 2021. “The reason for banning 15 VPNs in the country was because their vendors refused to connect their services to the FGIS database, which would apply government-imposed censorship in VPN connections, and would also make user traffic and identity subject to state scrutiny,” reports BleepingComputer.

“Ever-increasing controls are strangling VPN usage in Russia. On Tuesday, the Ministry of Digital Transformation requested all state-owned companies to declare what VPN products they use, for what purposes, and in what locations.”

Read more of this story at Slashdot.

Court Upholds Piracy Blocking Order Against Cloudflare’s 1.1.1.1 DNS Resolver

The Court of Rome has confirmed that Cloudflare must block three torrent sites through its public 1.1.1.1 DNS resolver. The order applies to kickasstorrents.to, limetorrents.pro, and ilcorsaronero.pro, three domains that are already blocked by ISPs in Italy following an order from local regulator AGCOM. TorrentFreak reports: Disappointed by the ruling, Cloudflare filed an appeal at the Court of Milan. The internet infrastructure company doesn’t object to blocking requests that target its customers’ websites but believes that interfering with its DNS resolver is problematic, as those measures are not easy to restrict geographically. “Because such a block would apply globally to all users of the resolver, regardless of where they are located, it would affect end users outside of the blocking government’s jurisdiction,” Cloudflare recently said. “We therefore evaluate any government requests or court orders to block content through a globally available public recursive resolver as requests or orders to block content globally.” At the court of appeal, Cloudflare argued that DNS blocking is an ineffective measure that can be easily bypassed, with a VPN for example. In addition, it contested that it is subject to the jurisdiction of an Italian court.

Cloudflare’s defenses failed to gain traction in court and its appeal was dismissed. DNS blocking may not be a perfect solution, but that doesn’t mean that Cloudflare can’t be compelled to intervene. […] Cloudflare believes that these types of orders set a dangerous precedent. The company previously said that it hadn’t actually blocked content through the 1.1.1.1 Public DNS Resolver. Instead, it implemented an “alternative remedy” to comply with the Italian court order.

Read more of this story at Slashdot.

FTX Contagion Is Spreading To the Solana Ecosystem

Solana’s SOL is down much further than any of the other major cryptocurrencies today, all of which are down badly following the sudden unraveling of the wildly fast growing crypto exchange FTX on Tuesday. Axios reports: Blockchain principles aim to instantiate the ideals of decentralization. That is, no single points of failure. Blockchain realities, though, show that each community tends to have its major leaders. For Solana, one of those was definitely FTX’s c0-founder, Sam Bankman-Fried (SBF). SBF has long been bullish on Solana, including working to build Serum, an order book style exchange that runs in a decentralized fashion. His firms are rumored to have owned a substantial amount of the total SOL supply.

FTX and Alameda Trading are in trouble. If they hold large amounts of SOL, they are very likely to exit those positions, which will tank SOL price. CoinDesk reported on Nov. 2 that Alameda had $292 million in SOL and $863 million in locked SOL (on the Solana blockchain, large holders can earn more by backing the blockchain’s validators by committing not to sell — or locking — for a certain period of time). “People are dumping already — self-fulfilling prophecy,” Economics Design’s Lisa Jy Tan told Axios over Twitter DM. Tomorrow, the entities verifying the Solana blockchain have already publicly indicated their intention to unlock about a billion dollars worth of SOL (at current prices), about 17% of its market cap. It’s reasonable to expect they might intend to sell.

Solana’s fall has put stress on one of its leading decentralized finance applications, Solend, a money market that works much like Ethereum’s Compound. Solend is gradually unwinding a single, almost $30 million USDC (stablecoin) loan, collateralized by SOL, which is falling fast while the protocol tries to sell. Much like SOL’s price, the total value locked (TVL) in various DeFi projects on Solana has fallen much further in the last day than on other smart contract blockchains, according to DefiLlama. Solana TVL is down 45% over the last day, to $470 million, as of Wednesday afternoon, New York time.

Read more of this story at Slashdot.

TSMC Reportedly Looks To Raise a Second Arizona Chip Fab

An anonymous reader quotes a report from The Register: Taiwan’s chipmaking giant TSMC is said to be preparing to build another semiconductor fabrication plant in Arizona, alongside the facility it completed this summer, in a move that may be seen as a vindication of the US government’s CHIPS Act funding. According to reports in the Wall Street Journal, TSMC is planning to announce in the near future that it will build a further factory for making cutting edge chips at a site just north of Phoenix, adjacent to the $12 billion Fab 21 plant the company decided to construct in 2020.

The new facility will be used to manufacture 3nm chips, according to the paper, which cites anonymous sources “familiar with the expansion plans.” The scale of this project is expected to be comparable to the existing plant. Reports last year suggested that TSMC was already considering constructing up to five additional semiconductor factories in Arizona, on top of the one just completed, which is not scheduled to start up production of chips until 2024. The move to build another plant comes despite the Taiwanese chip behemoth announcing recently that it was cutting back on its capital investment budget in the face of a market slowdown which led to TSMC predicting that Q4 revenue growth will likely be flat. However, the fact that TSMC is still considering further facilities in Arizona could be seen as vindication that the US CHIPS Act, which includes subsidies and other incentives for semiconductor companies like TSMC to build on American soil, is having the desired effect.

Read more of this story at Slashdot.

‘If You Die in the Game, You Die in Real Life.’

Oculus co-founder Palmer Luckey, writing on his personal blog: Today is November 6th, 2022, the day of the SAO Incident. Thousands of VRMMORPG gamers were trapped by a mad scientist inside a death game that could only be escaped through completion. If their hit points dropped to zero, their brain would be bombarded by extraordinarily powerful microwaves, supposedly killing the user. The same would happen if anyone in the real world tampered with their NerveGear, the virtual reality head-mounted-display that transported their minds and souls to Aincrad, the primary setting of Sword Art Online.

[…] In SAO, the NerveGear contained a microwave emitter that could be overdriven to lethal levels, something the creator of SAO and the NerveGear itself (Akihiko Kayaba) was able to hide from his employees, regulators, and contract manufacturing partners. I am a pretty smart guy, but I couldn’t come up with any way to make anything like this work, not without attaching the headset to gigantic pieces of equipment.

In lieu of this, I used three of the explosive charge modules I usually use for a different project, tying them to a narrow-band photosensor that can detect when the screen flashes red at a specific frequency, making game-over integration on the part of the developer very easy. When an appropriate game-over screen is displayed, the charges fire, instantly destroying the brain of the user. This isn’t a perfect system, of course. I have plans for an anti-tamper mechanism that, like the NerveGear, will make it impossible to remove or destroy the headset.

Even so, there are a huge variety of failures that could occur and kill the user at the wrong time. This is why I have not worked up the balls to actually use it myself, and also why I am convinced that, like in SAO, the final triggering should really be tied to a high-intelligence agent that can readily determine if conditions for termination are actually correct. At this point, it is just a piece of office art, a thought-provoking reminder of unexplored avenues in game design. It is also, as far as I know, the first non-fiction example of a VR device that can actually kill the user. It won’t be the last.

Read more of this story at Slashdot.

Microsoft Is Exploring Energy-Saving Graphics Modes For Xbox and Windows Games

A new survey on the Xbox Insider Hub suggests Microsoft is looking to expand on its energy saving features for Xbox consoles and potentially PC games too. Jez Corden writes via Windows Central: A recent questionnaire I came across in the Xbox Insider app on Windows PC detailed a potential list of new features Microsoft is exploring for games across consoles and PC. These new features pertain specifically to opting-in to reduce frame rates, resolution, and so on, with the goal of limiting energy consumption. Of course, surveys don’t necessarily mean that these sorts of features will make it into a final product, but Microsoft’s commitments to net zero carbon use have seen the firm increase its investments in this space.

The survey asks users about their current feelings with regard to energy consumption, potentially polling users on how the energy crisis is affecting their willingness to spend. The survey asks users if they would be interested in features that reduce power consumption in games, both while the games are running and while they’re inactive, specifically to save energy and thus money. Microsoft also asks users how they would prefer these features to be branded, with terms like “eco-saving” and “energy-saving,” and even asks if these sorts of features would affect users’ purchase decisions per game.

Read more of this story at Slashdot.