Connect with us

Windows

Microsoft has blocked users from updating, demonstrating an intent to follow the smartphone model of updates, which is terrible news if you own an old computer

blank

Published

on

Microsoft has blocked users from updating

Last week it became apparent that Microsoft has blocked users from updating to the latest Windows creator update because their hardware was no longer supported. This will be unlikely to affect anybody with newer machines but it shows a concerning shift in the direction of Windows as a service. Instead of purchasing a new machine when the hardware begins to wear out users may be forced to purchase a new machine simply because Microsoft has decided their hardware is out of date.

Microsoft are once again trying to cram a computer into a smartphone’s box

If this sounds familiar it is because it is the model generally used by Android and iOS for smartphones. When a phone is considered to be too old, then support is gradually phased out, as with the Google Pixel. This model works for smartphones because most phones also have a life expectancy of around one and a half to two years; until the battery dies or the user accidentally destroys it.  There is also a fairly large gap in capacity between each new generation of phone, so companies need to be able to create an operating system that is not hamstrung by three year old hardware.

Unfortunately for Microsoft a computer is not a smartphone. A fact that they found to their cost with the cross platform release of very unpopular Windows 8. Microsoft showed then that a one size fits all approach simply can’t compare with a system designed for a specific purpose. This phenomenon is certainly not unique to Microsoft and we are beginning to see similar trends in the gaming console industry. The fact that Microsoft has blocked users from updating to the latest version of Windows 10 demonstrates that they’ve not yet learned these lessons.

 

A computer lasts longer than a phone and most users don’t have the knowledge to upgrade hardware

Generally users plan to keep their laptop or stationary computer in use for a significantly longer period of time than their phones and they buy their hardware ready-made rather than building it themselves. As Microsoft has blocked users from updating to Windows Creator there is a risk that they will gradually phase out older hardware, forcing users to update before they are ready.

This could lead to a situation where users are forced to get rid of a perfectly functioning computer because Microsoft has decided that the hardware is no longer up to date. The hardware in question, Intel Clover Trail Atom Processors, is only around 3 to 4 years old. This isn’t cutting edge by any means but in terms of computer hardware it is hardly ancient. Microsoft’s decision means that users will face the stark decision between an out of date, buggy, insecure system or getting rid of a perfectly good computer that Microsoft has decided is no longer good enough.

Microsoft has agreed to continue security updates but users will miss out on new features

To be fair, Microsoft has agreed to continue the all important security updates until January 2023 which should give users some peace of mind. They also pointed out that support for these processors had been dropped because Intel themselves had dropped support for them, essentially tying Microsoft’s hands.

This will however provide little comfort for those users who will miss out on the latest update because Microsoft fears that it will cause a “potential performance impact” for the new update.

The real question is, who do you want to decide when your computer needs to be replaced? It seems that Microsoft want to be the one making that call.

You'll find me wandering around the Science sections mostly, excitedly waving my arms around while jumping up and down about the latest science and tech news. I am also occasionally found in the gaming section, trying to convince everyone else that linux is the future of the computer gaming.

Android

Telegram launches a global self-custodial crypto wallet, excluding the US

blank

Published

on

blank

Telegram, with 800 million monthly users, is launching a self-custodial crypto wallet. The move will solidify its presence in the vibrant crypto community that has grown from its chat platform and may attract more people to crypto.

Telegram and TON Foundation announced TON Space, a self-custodial wallet, on Wednesday at Singapore’s Token2049 crypto conference, which draws over 10,000 attendees.

Telegram has a complicated blockchain relationship. After the SEC sued Telegram over a massive initial coin offering, the chat app abandoned its Telegram Open Network (TON) blockchain project in 2020. The Open Network Foundation (TON Foundation), founded by open-source developers and blockchain enthusiasts, supports the development of The Open Network (TON), the blockchain powering a growing number of Telegram applications, including the wallet.

The Open Platform (TOP) and TOP Labs, a venture-building division, created the TON-based wallet.

TON Space will be available to Telegram users worldwide without wallet registration in November. The U.S., which has cracked down on the crypto industry and promoted many crypto apps to geofence users, is currently excluded from the feature.

Continue Reading

Software

According to Microsoft, hackers stole its email signing key. Kind of

blank

Published

on

blank

China-backed hackers stole a digital skeleton key to access US government emails.

A China-backed hacking group stole one of Microsoft’s email keys, allowing near-unfettered access to U.S. government inboxes, due to a series of unfortunate and cascading mistakes. Microsoft revealed how the hackers pulled off the heist in a long-awaited blog post this week. Although one mystery was solved, several crucial details remain unknown.

In July, Microsoft disclosed that Storm-0558 hackers, which it believes are backed by China, “acquired” an email signing key used to secure Outlook.com accounts. The hackers broke into government officials’ Microsoft-hosted personal and enterprise email accounts using that digital skeleton key. The hack targeted unclassified emails of U.S. government officials and diplomats, including Commerce Secretary Gina Raimondo and Ambassador to China Nicholas Burns.

The hackers’ source of that consumer email signing key was unknown until this week, when Microsoft revealed the five issues that led to its leak.

Microsoft reported in its blog that a consumer key signing system crashed in April 2021. The crash created a system snapshot for analysis. This consumer key signing system is “highly isolated and restricted” from the internet to prevent cyberattacks. Microsoft was unaware that the system crash resulted in a snapshot image containing the consumer signing key #1, which they failed to detect in snapshot#2 .

The snapshot image was “subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network” to determine the system crash. Microsoft confirmed its standard debugging process, but credential scanning did not detect the key in snapshot image#3.

After the snapshot image was moved to Microsoft’s corporate network in April 2021, Microsoft said the Storm-0558 hackers were able to “successfully compromise” a Microsoft engineer’s corporate account, which had access to the snapshot image’s debugging environment, which contained the consumer signing key. Microsoft said “we don’t have logs with specific evidence of this exfiltration,” but this was the “most probable mechanism by which the actor acquired the key.”

Microsoft stated that its email systems were not properly validating the consumer signing key#4, allowing access to enterprise and corporate email accounts of various organizations and government departments. The company stated that its email system would accept a request for enterprise email using a security token signed with the consumer key#5.

Mystery solved? Not quite

Microsoft’s admission that the consumer signing key was likely stolen from its systems ends the speculation that it was obtained elsewhere.

How the intruders hacked Microsoft is unknown. Jeff Jones, senior director at Microsoft, told that “token-stealing malware” compromised the engineer’s account but declined to comment.

Phishing and malicious links can spread token-stealing malware that steals session tokens. Session tokens are small files that keep users logged in without having to re-enter a password or two-factor authentication. Thus, stolen session tokens can give an attacker full access without the user’s password or two-factor code.

Last year, a teenage hacking team called Lapsus$ used malware to steal Uber employee passwords and session tokens. CircleCi was compromised in January after its antivirus software missed token-stealing malware on an engineer’s laptop. After hackers broke into LastPass’s cloud storage via a compromised developer’s computer, customers’ password vaults were breached.

How the Microsoft engineer’s account was compromised could help network defenders prevent future incidents. The engineer’s work computer or a personal device Microsoft allowed on its network may have been compromised. The real culprits for the compromise are the network security policies that failed to block the (albeit highly skilled) intruder, so focusing on an engineer seems unfair.

Cybersecurity is difficult even for corporate mega-giants with nearly unlimited cash and resources. Even if they failed, Microsoft engineers considered a wide range of complex threats and cyberattacks when designing protections and defenses for the company’s most sensitive and critical systems. Storm-0558 hacked into Microsoft’s network by chance or knowing it would find the keys to its email kingdom. It’s a reminder that cybercriminals only need to succeed once.

No analogy fits this unique breach or circumstances. It’s possible to admire a bank’s vault security while acknowledging the robbers who stole the loot inside.

It will be some time before the full extent of the espionage campaign is known, and the remaining victims whose emails were accessed are unknown. The Cyber Security Review Board, a group of security experts that analyzes major cybersecurity incidents, will investigate the Microsoft email breach and other issues “relating to cloud-based identity and authentication infrastructure.”

 

Continue Reading

Android

AI-powered BeFake is not a parody of BeReal but an actual app…and it’s backed by a $3M budget

blank

Published

on

blank

Social networking app BeFake raised $3 million in seed funding to develop an AI-enhanced social network that borrows ideas from the successful Gen Z app BeReal. The name of the app is obviously a play on BeReal, which emphasizes genuine photo sharing among friends. Instead of sharing your current activities, BeFake users can use the app’s front and back cameras to take photos, which they can then edit with artificial intelligence (AI) using the app’s presets or their own individualized prompts.

Alias Technologies, an applied AI firm, developed the app with the help of generative media and multi-modal AI systems.

Kristen Garcia Dumont and Tracy Tracy Lane, the executive team behind the gaming giant Machine Zone before it was acquired by AppLovin in 2020, founded Alias in 2021. World War Rising and Final Fantasy XV: A New Empire, two mobile games that Dumont oversaw at Machine Zone and helped bring to market, have combined sales of over $1 billion. Meanwhile, as COO, Lane was in charge of all things related to the platform’s community, moderators, and regulations.

blank

With Alias’ AI technology, users can input text prompts to transform their photos into AI-augmented visuals, and the founders hope to create a parody of the real-time social network BeReal’s push notification-driven posting concept with their app. The goal is to encourage genuine expression of one’s creativity rather than one’s true self.

Dumont claims that the gaming industry has a lot more in common with his own than may at first be apparent.

“We used AI to make money,” she says. To wit: “What is it that a player ought to be offered…?”When to offer a discount, what to discount, how to discount, and how to best monetize that user are all questions that need answers. To continue, Dumont. But we also began to use it to better pair players.

They discovered that when the algorithms functioned properly, players were more engaged and were able to form relationships with one another despite their differences in geography.

The inspiration for BeFake came from the idea of gamers forming relationships online without disclosing their true identities to each other.

They use a completely separate online persona. It was a spark moment, Dumont says, to see the magical connection form because the algorithms got it right.

blank

blank

Other front-back apps like BeReal and Frontback work similarly to BeFake. Users take front and back photos on their phones and then choose a preset or type a prompt to create an AI image.

The app offers style and custom location prompts, such as fantasy imagery or Mount Everest. Otherwise, users can type their own prompts to imagine themselves in different scenarios.

The company uses Stable Diffusion with a custom denoising loop. Its proprietary pipeline components emphasize the app’s social network nature. That means it must work with candids, zoomed-in photos, multi-person photos, etc.

blank

BeFake doesn’t require dozens of selfies to start, unlike other AI apps. Also, it applies AI-powered changes in under 30 seconds, usually less than 10. However, users spend at least 10 minutes per session designing AI.

Augmented photos can be shared with friends, in the main discovery feed where AI creators can build a following, or on other social media. You can also switch between the normal and AI photos, which is fun. Since every photo will be unique, the company thinks its feed will be more interesting than BeReal.

blank

When asked why they chose the name “BeFake,” which makes the app sound like a parody of BeReal rather than a serious attempt to build a standalone social network, Dumont said they wanted to reject the “whole concept where you either need to Facetune yourself or perfectly curate yourself.”

Since users started curating their “real” moments on BeReal, she says it’s fake.

“Hurry downstairs and pretend you have 20 friends. Brush your hair, take a side pic, right? It was unauthentic, she says. “So it’s less about BeReal and much more about this full and total rejection of the authenticity movement, which is inauthentic,” Dumant says.

Since BeFake launched on the App Store and Google Play this month, the company is not sharing downloads or user adoption metrics, but it is seeing triple-digit week-over-week growth.

Subscriptions allow users to post outside the time window or more than once per day by paying for compute time to create AI images on BeFake. The plans cost $2.99/week, $9.99/month, or $99.99/year. However, the company sends a daily push notification alerting users to a 20-minute free AI image making period.

BeFake founders believe their gaming background will help them stay relevant because they learned you must quickly adapt to users’ changing tastes to retain them.

blank

Dumont says, “Part of what we’ve built under the hood is the ability to deploy changes to the app almost on a dime, similar to gaming so we can respond to consumer tastes.”

The moat for most AI apps is not the technology. We have a proprietary pipeline. Other people probably do too. You want to use open-source tools. As open source tools improve, so do you because you can use them, she says. “So don’t be too precious about your engineering pipeline. In AI apps, your moat is your community. We’re focused on building that community, which requires hyper-responsiveness.”

The company is already learning what AI images users like to improve its algorithms.

The 12-person, remotely-distributed company also announced $3 million in seed funding from Khosla Ventures. Next Coast Ventures, Maveron Ventures, Peter Thiel, Joe Lonsdale, and WS Investments also invested. The round closed in April 2022 but was not reported.

 

 

Continue Reading

Trending