CircleCI Says Hackers Stole Encryption Keys and Customers’ Secrets

Last month, CircleCI urged users to rotate their secrets following a breach of the company’s systems. The company confirmed in a blog post on Friday that some customers’ data was stolen in the breach. While the customer data was encrypted, cybercriminals obtained the encryption keys able to decrypt the data. TechCrunch reports: The company said in a detailed blog post on Friday that it identified the intruder’s initial point of access as an employee’s laptop that was compromised with malware, allowing the theft of session tokens used to keep the employee logged in to certain applications, even though their access was protected with two-factor authentication. The company took the blame for the compromise, calling it a “systems failure,” adding that its antivirus software failed to detect the token-stealing malware on the employee’s laptop. Session tokens allow a user to stay logged in without having to keep re-entering their password or re-authorizing using two-factor authentication each time. But a stolen session token allows an intruder to gain the same access as the account holder without needing their password or two-factor code. As such, it can be difficult to differentiate between a session token of the account owner, or a hacker who stole the token.

CircleCi said the theft of the session token allowed the cybercriminals to impersonate the employee and gain access to some of the company’s production systems, which store customer data. “Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a subset of databases and stores, including customer environment variables, tokens, and keys,” said Rob Zuber, the company’s chief technology officer. Zuber said the intruders had access from December 16 through January 4.

Zuber said that while customer data was encrypted, the cybercriminals also obtained the encryption keys able to decrypt customer data. “We encourage customers who have yet to take action to do so in order to prevent unauthorized access to third-party systems and stores,” Zuber added. Several customers have already informed CircleCi of unauthorized access to their systems, Zuber said. Zuber said that CircleCi employees who retain access to production systems “have added additional step-up authentication steps and controls,” which should prevent a repeat-incident, likely by way of using hardware security keys.

Read more of this story at Slashdot.

Report: ‘Matter’ Standard Has ‘Undeniable Momentum’

The Verge reports “undeniable momentum” for Matter, the royalty-free interoperability standard that “allows smart home devices from any manufacturer to talk to other devices directly and locally with no need to use the cloud.”

“Matter was the buzzword throughout CES 2023 this year, with most companies even remotely connected to the smart home loudly discussing their Matter plans.”

The new smart home standard was featured in several keynotes and displayed prominently in smart home device makers’ booths as well as in Google, Amazon, and Samsung’s big, showy displays. More importantly, dozens of companies and manufacturers announced specific plans. Several companies said they would update entire product lines, while others announced new ones, sometimes with actual dates and prices. And Matter controllers have become a major thing, with at least four brand-new ones debuting at CES. Interestingly, nearly all of them have a dual or triple function, helping banish the specter of seemingly pointless white hubs stuck in your router closet….

Matter works over the protocols Thread, Wi-Fi, and ethernet and has been jointly developed by Apple, Google, Samsung, Amazon, and pretty much every other smart home brand you can name, big or small. If a device supports Matter, it will work locally with Amazon Alexa, Samsung SmartThings, Apple Home, Google Home, and any other smart home platform that supports Matter. It will also be controllable by any of the four voice assistants….

The big four have turned on Matter support on their platforms, but Amazon’s approach has been piecemeal, and aside from Apple, nobody supports onboarding devices to Matter on iOS yet.

However, that is shifting: at CES, Amazon announced a full rollout by spring, and Samsung’s Jaeyeon Jung told The Verge that Matter support is coming to its iOS app this month. There’s still no news on Matter support in Google Home’s iOS app. Then there’s the whole competing Thread network issue, although that sounds like it will be resolved sooner rather than later….

The Matter device drought should be over soon — although, judging by most of these ship dates, not until at least the second half of 2023.
“It’s also likely we’ll see dedicated bridges coming out that can bring Z-Wave and other products with proprietary protocols into Matter….”

Read more of this story at Slashdot.

Will This Next-Generation Display Technology Change the World?

“I saw the future at CES 2023,” writes Geoffrey Morrison, describing “a new, top-secret prototype display technology” that could one day replace LCD and OLED for phones and TVs. “It was impossibly flat, like a vibrantly glowing piece of paper.”

Meet electroluminescent quantum dots:

Until now, quantum dots were always a supporting player in another technology’s game. A futuristic booster for older tech, elevating that tech’s performance. QDs weren’t a character on their own. That is no longer the case. The prototype I saw was completely different. No traditional LEDs and no OLED. Instead of using light to excite quantum dots into emitting light, it uses electricity. Nothing but quantum dots. Electroluminescent, aka direct-view, quantum dots. This is huge.

Or at least, has the potential to be huge. Theoretically, this will mean thinner, more energy-efficient displays. It means displays that can be easier, as in cheaper, to manufacture. That could mean even less expensive, more efficient, bigger-screen TVs. The potential in picture quality is at least as good as QD-OLED, if not better. The tech is scalable from tiny, lightweight, high-brightness displays for next-generation VR headsets, to highly efficient phone screens, to high-performance flat-screen TVs.
The article predicts the simpler structure means “Essentially, you can print an entire QD display onto a surface without the heat required by other ‘printable’ tech…. Just about any flat or curved surface could be a screen.” This leads to QD screens not just on TVs and phones, but on car windshields, eyeglass lenses, and even bus or subway windows. (“These will initially be pitched by cities as a way to show people important info, but inevitably they’ll be used for advertising. That’s certainly not a knock against the tech, just how things work in the world….”)

Nanosys is calling this direct-view, electroluminescent quantum dot tech “nanoLED,” and told CNET that “their as-yet-unnamed manufacturing partner is going to be talking more about the technology in a few months…

“Even Nanosys admits direct-view quantum dot displays are still several years away from mass production…. But 5-10 years from now we’ll almost certainly have options for QD [quantum dot] displays in our phones, probably in our living rooms, and possibly on our windshields and windows.”

Read more of this story at Slashdot.

Symbolic Wyoming Proposal Urges Voluntary Phase-out of EV Purchases by 2035

Though the state of Wyoming is home to one of America’s largest wind farms, “Wyoming’s legislature is considering a resolution that calls for a phaseout of new electric vehicle sales by 2035,” reports Engadget:

In the proposed resolution, a group of lawmakers led by Senator Jim Anderson says Wyoming’s “proud and valued” oil and gas industry has created “countless” jobs and contributed revenue to the state’s coffers. They add that a lack of charging infrastructure within Wyoming would make the widespread use of EVs “impracticable” and that the state would need to build “massive amounts of new power generation” to “sustain the misadventure of electric vehicles.” SJ4 calls for residents and businesses to limit the sale and purchase of EVs voluntarily, with the goal of phasing them out entirely by 2035.

If passed, the resolution would be entirely symbolic. In fact, it’s more about sending a message to EV advocates than banning the vehicles altogether. To that point, the final section of SJ4 calls for Wyoming’s Secretary of State to send President Biden and California Governor Gavin Newsom copies of the resolution. “One might even say tongue-in-cheek, but obviously it’s a very serious issue that deserves some public discussion,” Senator Boner, one of the bill’s co-sponsors, told the Cowboy State Daily. “I’m interested in making sure that the solutions that some folks want to the so-called climate crisis are actually practical in real life. I just don’t appreciate when other states try to force technology that isn’t ready.”

Read more of this story at Slashdot.

How NASA’s Planned Moon Presence Will Practice Living in Space

NASA’s plans for a presence on the moon “will allow the program to practice how to live in space sustainably,” writes the Washington Post. “It will allow scientists to tap into the moon’s considerable scientific value to learn more about how Earth was formed. And perhaps, it would also serve as a steppingstone to Mars and other deep-space destinations years in the future.”

First, unlike in the 1960s — we now know that the moon has water.

Water is not only key to sustaining human life, but its component parts — hydrogen and oxygen — can be used as rocket propellant, making the moon a gas station in space. That could be critical for long-duration missions, allowing spacecraft to refuel on the moon instead of lugging all the fuel from Earth. And since the moon’s gravity is one-sixth of Earth’s, it is a relatively easy springboard to other points of the solar system.

NASA is also considering building a nuclear reactor on the moon:

It’s one of several initiatives NASA has begun under its Artemis program, designed to help astronauts stay for extended periods when they’ll need power, transportation and the ability to use the moon’s resources…. The effort is still very much in its nascent stages, and the funding NASA would need for the long term has not materialized in full…. A sustainable presence, despite the rosy predictions coming from the top echelons of the agency, is still years away, and the technical challenges are immense.

But NASA has begun developing the technologies that would be needed to sustain astronauts on the surface for extended periods. In June of last year, the agency and the Energy Department awarded contracts, worth $5 million each, to three companies to develop nuclear power systems that could be ready to launch by the end of the decade for a test on the moon. The systems would generate 40 kilowatts of power, enough energy to power six or seven American households, and last about 10 years….

NASA is also looking to build solar farms, using arrays that point vertically and catch the angle of the sun over the horizon. And it’s exploring how best to exploit what are called “in situ resources” — meaning those that already exist, such as the regolith.

The article even broaches the idea of “a lunar economy that would help sustain a permanent presence.”

Read more of this story at Slashdot.

Videogame Studio Called ‘Proletariat’ Declines to Recognize Union

Will Digital Signatures Replace Handwritten Ones?

The Toronto Star notes “the near-elimination of cursive from the school curriculum and a move to paperless commerce” over the past two decades. So where does that leave handwritten signatures?

Then the pandemic hit, and with it came an accelerated adoption of technology, including the electronic signature, which helped us through forcibly distant transactions. Overnight, companies like Docusign and Adobe became vital lifelines as people shifted to relying on e-signatures. Docusign, for example, went from 585,000 customers in 2020 to 1.1 million as of January 2022 and revenue over the same period grew from $974 million to $2.1 billion, according to the company’s most recent annual report. “We believe that once businesses have shifted to digital agreement processes, they will not return to manual ones,” noted Docusign.

So even as life has returned to a semblance of normal, the now near ubiquitous option to just tap an electronic device doesn’t bode well for the signature as we know it…. During the pandemic, jurisdictions round the world, including Ontario, amended legislation or relaxed rules around contract activity to mitigate the challenges social distancing posed….

Since 2006, the Ontario language curriculum lists cursive only as an option beginning in Grade 3. A plan by the Toronto Catholic District School Board in 2019 to reintroduce it as part of a pilot project was shuttered by the pandemic. And so you get stories of parents shocked to discover their child has to resort to block letters on a passport because they don’t know how to “sign” their name.

Digital signatures may be poised for even more growth. Market research firm P&S Intelligence estimates that just the U.S. digital signature market alone “stood at $921.3 million in 2021,” and “will propel at a mammoth compound annual growth rate of 31.2% in the years to come, reaching $10.6 billion by 2030.”

Of course, there’s always the question of whether or not handwritten signatures ever worked in the first place.

Read more of this story at Slashdot.

D&D Publisher Addresses Backlash Over Controversial License

An anonymous reader quotes a report from TechCrunch: After a week of silence amid intense backlash, Dungeons & Dragons publisher Wizards of the Coast (WoTC) has finally addressed its community’s concerns about changes to the open gaming license. The open gaming license (OGL) has existed since 2000 and has made it possible for a diverse ecosystem of third-party creators to publish virtual tabletop software, expansion books and more. Many of these creators can make a living thanks to the OGL. But over the last week, a new version of the OGL leaked after WoTC sent it to some top creators. More than 66,000 Dungeons & Dragons fans signed an open letter under the name #OpenDnD ahead of an expected announcement, and waves of users deleted their subscriptions to D&D Beyond, WoTC’s online platform. Now, WoTC admitted that “it’s clear from the reaction that we rolled a 1.” Or, in non-Dungeons and Dragons speak, they screwed up.

“We wanted to ensure that the OGL is for the content creator, the homebrewer, the aspiring designer, our players, and the community — not major corporations to use for their own commercial and promotional purpose,” the company wrote in a statement. But fans have critiqued this language, since WoTC — a subsidiary of Hasbro — is a “major corporation” in itself. Hasbro earned $1.68 billion in revenue during the third quarter of 2022. TechCrunch spoke to content creators who had received the unpublished OGL update from WoTC. The terms of this updated OGL would force any creator making more than $50,000 to report earnings to WoTC. Creators earning over $750,000 in gross revenue would have to pay a 25% royalty. The latter creators are the closest thing that third-party Dungeons & Dragons content has to “major corporations” — but gross revenue is not a reflection of profit, so to refer to these companies in that way is a misnomer. […] The fan community also worried about whether WoTC would be allowed to publish and profit off of third-party work without credit to the original creator. Noah Downs, a partner at Premack Rogers and a Dungeons & Dragons livestreamer, told TechCrunch that there was a clause in the document that granted WoTC a perpetual, royalty-free sublicense to all third-party content created under the OGL.

Now, WoTC appears to be walking back both the royalty clause and the perpetual license. “What [the next OGL] will not contain is any royalty structure. It also will not include the license back provision that some people were afraid was a means for us to steal work. That thought never crossed our minds,” WoTC wrote in a statement. “Under any new OGL, you will own the content you create. We won’t.” WoTC claims that it included this language in the leaked version of the OGL to prevent creators from being able to “incorrectly allege” that WoTC stole their work. Throughout the document, WoTC refers to the document that certain creators received as a draft — however, creators who received the document told TechCrunch that it was sent to them with the intention of getting them to sign off on it. The backlash against these terms was so severe that other tabletop roleplaying game (TTRPG) publishers took action. Paizo is the publisher of Pathfinder, a popular game covered under WoTC’s original OGL. Paizo’s owner and presidents were leaders at Wizards of the Coast at the time that the OGL was originally published in 2000, and wrote in a statement yesterday that the company was prepared to go to court over the idea that WoTC could suddenly revoke the OGL license from existing projects. Along with other publishers like Kobold Press, Chaosium and Legendary Games, Paizo announced it would release its own Open RPG Creative License (ORC). “Ultimately, the collective action of the signatures on the open letter and unsubscribing from D&D Beyond made a difference. We have seen that all they care about is profit, and we are hitting their bottom line,” said Eric Silver, game master of Dungeons & Dragons podcast Join the Party. He told TechCrunch that WoTC’s response on Friday is “just a PR statement.”

“Until we see what they release in clear language, we can’t let our foot off the gas pedal,” Silver said. “The corporate playbook is wait it out until the people get bored; we can’t and we won’t.”

Read more of this story at Slashdot.

Google’s Stadia Controller Is Getting Bluetooth Support

Google is launching its final Stadia game today and is promising to release a tool next week to enable Bluetooth connections on its Stadia Controller. The Verge reports: The last Stadia game to launch on the service is Worm Game, a test game that was technically available on Stadia before Stadia launched publicly in November 2019. Developers at Google have decided to release the game just before the streaming service disappears next week. […] Alongside the new game, Google is also committing to enabling Bluetooth on Stadia controllers. Google Stadia owners will be pleased to hear there’s a self-serve tool coming next week that will enable Bluetooth on the Stadia Controller. “We’ll share details next week on how to enable this feature,” says a Google Stadia community manager in a forum post.

Google originally launched the Stadia Controller as a device that connects directly to Stadia services and had the Bluetooth chip disabled. After news broke of the Stadia shutdown, fans have been finding ways to save the controller from an e-waste fate by using workarounds to connect it wirelessly to other devices. Workarounds like connecting to an Android device will no longer be required thanks to this new tool. It means that most Stadia players that purchased a Founders or Premiere edition will have been effectively gifted a free Bluetooth controller thanks to Google’s refunds.

Read more of this story at Slashdot.