Valve Releases Steam Deck CAD Files Allowing Anyone To 3D-Print Custom Shells

Engadget reports:

With two weeks to go before its February 25th release date, Valve has published CAD files for Steam Deck’s exterior shell to GitHub. Making them available under a Creative Commons license, the company noted the release is “good news” for DIY enthusiasts, modders and most notably, accessory manufacturers. All three groups can use the provided technical drawings and schematics to 3D-print custom shells for the handheld.

As Eurogamer notes, Valve’s decision here is an interesting one. It suggests the company will allow case makers to freely make aftermarket shells for Steam Deck. In fact, Valve said it was “looking forward to seeing what the community creates!” Contrast that to the approach Sony has taken with the PlayStation 5. When Sony’s latest console first shipped and only came in one color, an entire cottage industry of companies sprang up to produce colored plates for the PS5. However, Sony quickly moved to shut down those projects before it went on to announce a set of first-party covers for people to purchase.

Read more of this story at Slashdot.

Journalist Labeled ‘Hacker’ By Missouri’s Governor Will Not Be Prosecuted

Remember when more than 100,000 Social Security numbers of Missouri teachers were revealed in the HTML code of a state web site? The St. Louis Post-Dispatch’s reporter informed the state government and delayed publishings his findings until they’d fixed the hole — but the state’s governor then demanded the reporter’s prosecution, labelling him “a hacker.” In the months that followed, throughout a probe — which for some reason was run by the state’s Highway Patrol — the governor had continued to suggest that prosecution of that reporter was imminent.

But it’s not. The St. Louis Post-Dispatch reports:
A St. Louis Post-Dispatch journalist will not be charged after pointing out a weakness in a state computer database, the prosecuting attorney for Cole County said Friday. Prosecutor Locke Thompson issued a statement to television station KRCG Friday, saying he appreciated Gov. Mike Parson for forwarding his concerns but would not be filing charges….

Parson, who had suggested prosecution was imminent throughout the probe, issued a statement saying Thompson’s office believed the decision “was properly addressed….” Post-Dispatch Publisher Ian Caso said in a statement Friday: “We are pleased the prosecutor recognized there was no legitimate basis for any charges against the St. Louis Post-Dispatch or our reporter. While an investigation of how the state allowed this information to be accessible was appropriate, the accusations against our reporter were unfounded and made to deflect embarrassment for the state’s failures and for political purposes….”

There is no authorization required to examine public websites, but some researchers say overly broad hacking laws in many jurisdictions let embarrassed institutions lob hacking allegations against good Samaritans who try to flag vulnerabilities before they’re exploited….
A political action committee supporting Parson ran an ad attacking the newspaper over the computer incident, saying the governor was “standing up to the fake news media.”
Thanks to long-time Slashdot reader UnknowingFool for submitting the story.

Read more of this story at Slashdot.

Valve’s Steam Deck Will Run Linux-Based Steam OS – But Won’t Have a Fortnite Port

Liliputing reports:
When Valve’s Steam Deck begins shipping to customers later this month, the handheld gaming PC will be running a Linux-based operating system called Steam OS. And that could give gaming on Linux a bit of a boost.

While Valve’s game client has been able to run on Linux for years, as of last month just over 1% of Steam users were running Linux (and fewer than 3% were using macOS, with Windows holding a 96% share). It’ll be interesting to see if that starts to change once the Steam Deck hits the streets. And if it does, maybe we’ll see more game makers add support for Linux… but one of the most popular games around isn’t going to add Linux support anytime soon: Epic CEO Tim Sweeney says the company has no plans to port Fortnite to Linux.

He says it’s because Epic doesn’t “have confidence that we’d be able to combat cheating at scale under a wide array of kernel configurations including custom ones,” but it’s an interesting take since Epic has already ported its anti-cheat software to support Mac and Linux devices including the Steam Deck.

Read more of this story at Slashdot.

America’s Cybersecurity Agency is Now Urging ‘Heightened Posture’ Against Russian Cyberattacks

America’s Cybersecurity and Infrastructure Agency (CISA) “says that American companies should be extra wary about potential hacking attempts from Russia as tensions with the country rise,” reports PC Magazine:

Even if Russia doesn’t invade Ukraine, it has often targeted the country with what Wired has characterized as “many of the most costly cyberattacks in history.” Those attacks might not always be confined to Ukraine, however, which is where CISA’s new Shields Up campaign comes in…. CISA says that it “recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.” It also says that it’s collaborated with its “critical infrastructure partners” to raise awareness of these risks.
The agency wants everyone to “reduce the likelihood of a damaging cyber intrusion,” “take steps to quickly detect a potential intrusion,” “ensure that the organization is prepared to respond if an intrusion occurs,” and “maximize the organization’s resilience to a destructive cyber incident.” CISA offers advice related to each of those focus areas on its website.

Earlier this week CISA also added 15 “known exploited” vulnerabilities to its catalog, ZDNet reports, in products from Apache, Apple, Jenkins, and Microsoft:

The list includes a Microsoft Windows SAM local privilege escalation vulnerability with a remediation date set for February 24. Vulcan Cyber engineer Mike Parkin said the vulnerability — CVE-2021-36934 — was patched in August 2021 shortly after it was disclosed. “It is a local vulnerability, which reduces the risk of attack and gives more time to deploy the patch. CISA set the due date for Federal organizations who take direction from them, and that date is based on their own risk criteria,” Parkin said. “With Microsoft releasing the fix 5 months ago, and given the relative threat, it is reasonable for them to set late February as the deadline.”

Read more of this story at Slashdot.

Zoom Update Prevents Microphone From Staying Active After Calls On Mac

Popular video conferencing platform Zoom this week released an important update to its macOS app following user reports about the microphone not being disabled after ending a conference. Luckily, according to the company, this was just a bug that has now been fixed. 9to5Mac reports: Since December last year, a number of users have been complaining about this bug in the Zoom Community (via The Register). According to them, the Mac’s microphone stayed active even after ending a Zoom conference — which certainly raised privacy concerns.

Zoom has confirmed that there was a bug in its macOS app that could cause the orange microphone-in-use indicator to appear even after leaving a call. According to a company representative, the latest version of the app no longer has this problem: “We experienced a bug relating to the Zoom client for macOS, which could show the orange indicator light continue to appear after having left a meeting, call, or webinar. This bug was addressed in the Zoom client for macOS version 5.9.3 and we recommend you update to version 5.9.3 to apply the fix.”

Read more of this story at Slashdot.

Cisco Made $20 Billion-Plus Takeover Offer For Splunk

US Nuclear Power Plants Contain Dangerous Counterfeit Parts, Report Finds

At least some nuclear power plants in the US contain counterfeit parts that could pose significant risks, an investigation by the inspector general’s office of the Nuclear Regulatory Commission has found. Those parts “present nuclear safety and security concerns that could have serious consequences,” says the resulting report (PDF) published on February 9th. The Verge reports: The investigation was conducted after unnamed individuals alleged that “most, if not all,” nuclear plants in the US have fake or faulty parts. The inspector general’s office uncovered problems with counterfeit parts at a few different plants as part of its investigation. The report also says that the DOE had separately flagged 100 “incidents” involving counterfeit parts just last year. It’s a problem that the US will have to crack down on if it moves forward with plans to include nuclear power in its transition to clean energy. Without greater oversight at the NRC, the report warns, the risk of counterfeit parts going unnoticed in the nation’s nuclear power plants could rise.

As part of its inquiry, the inspector general’s office looked for parts that are illegally altered to look like legitimate products, parts that are “intentionally misrepresented to deceive,” and parts that don’t meet product specifications. It sampled four power plants across the US and found evidence of counterfeit parts at one of those plants in the midwest. It also points to nuclear power plants in the Northeast, separate from those it sampled, where a “well-placed NRC principal” found that counterfeit parts were involved in two separate component failures.

The NRC might be underestimating the prevalence of counterfeit parts, the report warns, because the regulatory agency doesn’t have a robust system in place for tracking problematic parts. It only requires plants to report counterfeits in extraordinary circumstances, like if they lead to an emergency shutdown of a reactor. The report also notes that the NRC hasn’t thoroughly investigated all counterfeit allegations. There were 55 nuclear power plants operating in the US as of September 2021, and the inspector general’s office sampled just four for its report. NRC Public Affairs Officer Scott Burnell told The Verge in an email that “nothing in the report suggests an immediate safety concern. The NRC’s office of the Executive Director for Operations is thoroughly reviewing the report and will direct the agency’s program offices to take appropriate action.”

Read more of this story at Slashdot.

Intel’s Pay-As-You-Go CPU Feature Gets Launch Window

Intel’s mysterious Software Defined Silicon (SDSi) mechanism for adding features to Xeon CPUs will be officially supported in Linux 5.18, the next major release of the operating system. Tom’s Hardware reports: SDSi allows users to add features to their CPU after they’ve already purchased it. Formal SDSi support means that the technology is coming to Intel’s Xeon processors that will be released rather shortly, implying Sapphire Rapids will be the first CPUs with SDSi. Intel started to roll out Linux patches to enable its SDSi functionality in the OS last September. By now, several sets of patches have been released and it looks like they will be added to Linux 5.18, which is due this Spring. Hans de Goede, a long-time Linux developer who works at Red Hat on a wide array of hardware enablement related projects, claims that SDSi will land in Linux 5.18 if no problems emerge, reports Phoronix. “Assuming no major issues are found, the plan definitely is to get this in before the 5.18 merge window,” said de Goede.

Intel Software Defined Silicon (SDSi) is a mechanism for activating additional silicon features in already produced and deployed server CPUs using the software. While formal support for the functionality is coming to Linux 5.18 and is set to be available this spring, Intel hasn’t disclosed what exactly it plans to enable using its pay-as-you-go CPU upgrade model. We don’t know how it works and what it enables, but we can make some educated guesses. […]

Read more of this story at Slashdot.

Samsung Held An Event In the Metaverse. And It Didn’t Quite Go To Plan

Samsung held a launch event for its new Galaxy smartphones in a metaverse this week but many people struggled to gain access as they encountered technical difficulties. CNBC reports: The South Korean tech giant hosted the event Wednesday on Decentraland, a cryptocurrency-focused virtual world that users can create, explore and trade in. Decentraland, one of many metaverse efforts, is accessed via a desktop browser. Users create an avatar which they can then navigate around the blockchain-powered virtual world using a mouse and keyboard — something that isn’t exactly intuitive for non-gamers. The event specifically took place in Samsung 837X, a virtual building that Samsung has built on Decentraland that’s designed to be a replica of its flagship New York experience center. Samsung 837X is there all the time but there just happened to be an event inside the building’s “Connectivity Theatre” on Wednesday. But CNBC, and many others, struggled to find the 837X building and when we did many of us were unable to gain access to it.

When an avatar is first created on Decentraland, it lands in a sort of atrium where clouds appear to be gliding across the floor. There’s a round pool in the middle that has a worrying vortex in the center. Our avatar was soon surrounded by around 20 others. A chat box in the bottom left-hand corner of the screen was full of messages like “help” and “I hate this game.” One user named claireinnit#87fa, boldly claimed “we’re in the —-in future.” On the opposite side of the intimidating pool, three large boards read “classics, events and crowd.” An ad for Samsung 837X hang on the “crowd” board. Once clicked (easier said than done), you’re then given the option to “jump in.” After jumping in, you’re transported to Samsung’s little world on Decentraland and you can see the 837X building. There’s a pizza store next door, but not much else.

CNBC immediately noticed a large line of people at the main entrance to the 837X building. People were struggling to get in. Some users were getting their avatars to jump on other people’s heads as they clambered to the front of the queue but it didn’t help. The doors wouldn’t open and the chatbox was again full of pleas for help. A rumor circulated that a YouTuber had managed to find a way in, while a CNET journalist wrote on Twitter that they had managed to gain access by switching to the “ATHENA” server. It wasn’t immediately obvious how to do this. “Many people were unable to actually enter Samsung 837X before the event started,” wrote CNET’s Russell Holly. […] After around 30 minutes of trying to access Samsung’s building in the metaverse, CNBC gave up and went back to the real world.

Read more of this story at Slashdot.