"We're excited to be working with Microsoft to keep Xboxes running longer and out of the waste heap," iFixit's director of sustainability told The Verge. iFixit now sells genuine Xbox parts you can use to repair your Xbox Series X or S and offers official guides to help with fixes [including both the all-digital and disk drive editions]...

iFixit's Microsoft Repair Hub also features iFixit's parts for repairing Microsoft Surface devices, which it started selling in 2023. "Since we launched our Surface parts collaboration with Microsoft last year, we've been helping our customers repair their own Microsoft laptops and tablets — and it's awesome to be able to offer Xbox owners the same opportunity," says Elizabeth Chamberlain, iFixit's director of sustainability.
The article points out that iFixit also sells "nearly every part of the Steam Deck" and "a bunch of repair guides for Valve's handheld PC, too," along with genuine repair parts for Google's Pixel phones and the Pixel Tablet.

"With Microsoft, we've created a one-stop place for guides, tools, and spare parts to make self-service repair accessible to anyone," says iFixit's new web page. "Imagine how different the world would be if repairing every device could be this easy."

The Verge thinks Valve "could make a play to dethrone the Sony PlayStation and Microsoft." And it's not just because there's lots of new SteamOS hardware on the way (including a wireless VR headset and a pair of trackable wands, a Steam Controller 2 gamepad, and a living room console.

"Valve has also now seemingly revealed plans for partners to create third-party SteamOS hardware too." It won't be easy to take on Sony, Microsoft, or Meta. Those companies have a lot to lose, and they're deeply entrenched. But the Steam Deck has revealed a massive weakness in each of their businesses that may take them years to correct — the desire to play a huge library of games anytime, anywhere. And while they figure that out, Valve may be building an entire new ecosystem of SteamOS hardware, one that could finally let PC and peripheral makers tap into the huge and growing library of Windows games on all sorts of different hardware without relying on Microsoft or subjecting their customers to the many annoyances of Windows...

Valve has long said it will open up SteamOS to other manufacturers, even recently committing to some direct support for rival handhelds like the Asus ROG Ally — and the other week, Valve quietly updated a document that may reveal its larger overarching strategy. It won't just leave SteamOS sitting around and hope manufacturers build something — it'll hold their hand. Valve now has an explicit label for third parties to create "Powered by SteamOS" devices, which it explicitly defines as "hardware running the SteamOS operating system, implemented in close collaboration with Valve." It additionally lets companies create "Steam Compatible" hardware that ships with "Valve approved controller inputs," as well as SteamVR hardware and Steam Link hardware that lets you stream games from one device to another...

When Valve asked PC manufacturers to sign onto its Steam Machines initiative over a decade ago, with the idea of building living room PC consoles, it asked for a leap of faith with very little to show and a tiny chance of success. It took years for Valve to even build the oddball living room controller for its Steam Machines, and it didn't get far in convincing Windows game developers to port their games to Linux. But by the time it announced the Steam Deck, Valve had hammered out a Proton software compatibility layer so good that many Windows games now run better on Linux, and created the most customizable yet familiar set of controls ever made. If manufacturers could build their own Steam Machines rather than equivalent Windows machines, they could offer better gaming products than they do today. Maybe they'd even want to release a VR headset that isn't tied to Microsoft or Meta if it doubled as a Steam Deck, portably playing decades of flatscreen games.

It's not clear any of this will pan out; Valve is an exceedingly small company that tries not to chase too many things at a time. When I speak to PC industry executives about why they pick Windows over SteamOS, some say they're concerned about whether Valve would truly be able to support them. But it's just as intriguing an idea as it was 12 years ago when Gabe Newell explained the initial vision to us, and this time, there's a far better chance it'll work.
"Today, every major PC company is building one or more Steam Deck rivals," the article points out. "But without Valve's blessing and support, they're saddled with a Windows OS that doesn't start, pause, and resume games quickly and seamlessly enough to feel portable and easy..."

An anonymous reader shared this report from the blog Windows Central: Microsoft has ended production on the Surface Studio 2+, its ultra-premium all-in-one desktop PC designed for creatives and commercial customers. Starting at a whopping $4,500, the Studio 2+ was the ultimate Windows all-in-one with the best touchscreen display on a unique hinge that allowed the screen to lay down like a draft board... So, if you're interested in buying a Surface Studio 2+, you better hurry, as whatever stock is remaining is all that's left. Unfortunately, it's likely that the end of production on the Surface Studio 2+ also marks an end to the Surface Studio line as a whole. My own sources tell me there's no Studio 2+ successor lined up currently.
Ars Technica points out that over the eight-year run of the Surface Studio, Microsoft only updated it twice. Like the Surface Laptop Studio, the desktop's claim to fame was a unique hinge design for its screen, which could reposition it to make it easier to draw on with the Surface Pen. But the desktop's high cost and its perennially outdated internal components made it a less appealing machine than it could have been...

The longest-lived Studio desktop was the Surface Studio 2, which was released in 2018 and wasn't replaced until a revised Surface Studio 2+ was announced in late 2022. It used an even higher-quality display panel, but it still used previous-generation internal components. This might not have been so egregious if Microsoft had updated it more consistently, but this model went untouched for so long that Microsoft had to lower Windows 11's system requirements specifically to cover the Studio 2 so that the company wouldn't be ending support for a PC that it was still actively selling.

The Studio 2+ was the desktop's last hurrah, and despite jumping two GPU generations and four CPU generations, it still didn't use the latest components available at the time. Again, more consistent updates like the ones Microsoft provides for the Surface Pro and Surface Laptop could have made this less of a problem, but the Studio 2+ once again sat untouched for two years after being updated.

"Elon Musk's AI chatbot Grok is now available to free users on X," reports the Verge: Several users noticed the change on Friday, which gives non-Premium subscribers the ability to send up to 10 messages to Grok every two hours.

xAI launched Grok last year as a "humorous AI assistant," but it was only available to Premium subscribers... Making Grok more widely available might help it compete with the already-free chatbots like OpenAI's ChatGPT, Google Gemini, Microsoft Copilot, and Anthropic's Claude.

Getty Images CEO has criticized AI companies' stance on copyright, particularly pushing back against claims that all web content is fair use for AI training. The statement comes amid Getty's ongoing litigation against Stability AI for allegedly using millions of Getty-owned images without permission to train its Stable Diffusion model, launched in August 2022.

Acknowledging AI's potential benefits in areas like healthcare and climate change, Getty's chief executive argued against the industry's "all-or-nothing" approach to copyright. He specifically challenged Microsoft AI CEO Mustafa Suleyman's assertion that web content has been "freeware" since the 1990s. The Getty chief advocated for applying fair use principles case-by-case, distinguishing between AI models for scientific advancement and commercial content generation. He also drew parallels to music streaming's evolution from Napster to licensed platforms like Spotify, suggesting AI companies could develop similar permission-based models.

He adds: As litigation slowly advances, AI companies advance an argument that there will be no AI absent the ability to freely scrape content for training, resulting in our inability to leverage the promise of AI to solve cancer, mitigate global climate change, and eradicate global hunger. Note that the companies investing in and building AI spend billions of dollars on talent, GPUs, and the required power to train and run these models -- but remarkably claim compensation for content owners is an unsurmountable challenge.

My focus is to achieve a world where creativity is celebrated and rewarded AND a world that is without cancer, climate change, and global hunger. I want the cake and to eat it. I suspect most of us want the same.

An anonymous reader shares a report: Google Cloud dangled hundreds of million of euros worth of financial incentives to ally itself with an association of European cloud providers that had lodged a complaint against Microsoft, according to confidential documents seen by The Register.

Amit Zavery, the former Vice President of Google Cloud Platform, presented to a selection of members of the Cloud Infrastructure Service Providers in Europe (CISPE) trade body, then to the board and finally to the entire organization, according to sources that asked to remain anonymous.

In the presentation, seen by us, Zavery offered to provide a Members Innovation Fund of $4.2 million, which Google described as $105,000 per member to be used as "immediate funding for projects and license fees of CISPE members to support innovation in open cloud ecosystems." CISPE actually has 36 members now, including Oxya, Leaseweb, UpCloud and AWS -- the latter being the only non-European participant. The number has grown from 27 in July. Google also offered to contribute an additional $10.6 million to the trade association, described in the presentation as "participating and membership resources."

The FTC has opened a broad antitrust investigation into Microsoft, including of its software licensing and cloud computing business. Bloomberg first reported the news. Reuters reports: The probe was approved by FTC Chair Lina Khan ahead of her likely departure in January. The election of Donald Trump as U.S. president and the expectation he will appoint a fellow Republican with a softer approach toward business, leaves the outcome of the investigation up in the air.

The FTC is examining allegations that the software giant is potentially abusing its market power in productivity software by imposing punitive licensing terms to prevent customers from moving their data from its Azure cloud service to other competitive platforms, sources confirmed earlier this month. The FTC is also looking at practices related to cybersecurity and artificial intelligence products, the source said on Wednesday.

Microsoft has confirmed that Windows 11 24H2 has issues with USB-connected devices that support the Scanner Communication Language (eSCL) protocol. From a report: A compatibility hold has been applied to the hardware. The hold means that hardware connected to a USB device supporting the eSCL protocol will not be offered an upgrade to Windows 11 24H2. Microsoft said: "This issue primarily affects USB-connected multifunction devices or standalone scanners that support scan functionality and the eSCL protocol."

According to Microsoft, the issue lies in device discovery. Install Windows 11 24H2, wait for it to discover USB-connected peripherals, and... nothing. Or as Microsoft put it: "You might observe that your device does not discover the USB-connected peripheral and the device discovery does not complete." The company added: "This issue is caused due to the device not switching out of eSCL mode to USB mode, which allows the scanner drivers to be matched."

An anonymous reader quotes a report from TechCrunch: Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America. RomCom is a cybercrime group that is known to carry out cyberattacks and other digital intrusions for the Russian government. The group -- which was last month linked to a ransomware attack targeting Japanese tech giant Casio -- is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014.

Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs -- described as such because the software makers had no time to roll out fixes before they were used to hack people -- to create a "zero click" exploit, which allows the hackers to remotely plant malware on a target's computer without any user interaction. "This level of sophistication demonstrates the threat actor's capability and intent to develop stealthy attack methods," ESET researchers Damien Schaeffer and Romain Dumont said in a blog post on Monday. [...] Schaeffer told TechCrunch that the number of potential victims from RomCom's "widespread" hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America. Mozilla and the Tor Project quickly patched a Firefox-based vulnerability after being alerted by ESET, with no evidence of Tor Browser exploitation. Meanwhile, Microsoft addressed a Windows vulnerability on November 12 following a report by Google's Threat Analysis Group, indicating potential use in government-backed hacking campaigns.

The Macquarie Dictionary, the national dictionary of Australia, has picked "enshittification" as its word of the year. Gizmodo reports: The Australians define the word as "the gradual deterioration of a service or product brought about by a reduction in the quality of service provided, especially of an online platform, and as a consequence of profit-seeking." We've all felt this. Google search is filled with garbage. The internet is clogged with SEO-farming websites that clog up results. Facebook is an endless stream of AI-generated slop. Zoom wants you to test out its new AI features while you're trying to go into a meeting. Twitter has become X, and its owner thinks sharing links is a waste of time. Last night I reinstalled Windows 11 on a desktop machine and got pissed as it was finalized and Microsoft kept trying to get me to install OneDrive, Office 360, Call of Duty Black Ops 6, and a bunch of other shit I didn't want. Writer and activist Cory Doctorow coined the term enshittification in 2022, and recently offered potential solutions to the age-old phenomenon in an interview with The Register.

"We need to have prohibition and regulation that prohibits the capital markets from funding predatory pricing," he explained. "It's very hard to enter the market when people are selling things below cost. We need to prohibit predatory acquisitions. Look at Facebook: buying Instagram, and Mark Zuckerberg sending an email saying we're buying Instagram because people don't like Facebook and they're moving to Instagram, and we just don't want them to have anywhere else to go."

Microsoft has denied claims that it automatically enables data collection from Word and Excel documents to train its AI models. The controversy emerged after cybersecurity expert nixCraft reported that Microsoft's Connected Experiences feature was collecting user data by default. While Microsoft's services agreement grants the company rights to use customer content, officials stated via Twitter that document data is not used for AI training.

Microsoft is retiring its "Get Licensing Ready" website, a resource for software licensing education. Going forward, content licensing will be located at microsoft.com/licensing. The Register also notes Microsoft's plans to enhance learning with AI tools, though specifics for licensing applications remain unclear. From the report: Software licensing is notoriously labyrinthine, so resources like the site Microsoft will close -- Get Licensing Ready -- can be very handy. Today, the site offers over 50 training modules plus documentation. But Microsoft has decided not to keep it around in its current form. Indeed, visitors to the site currently see a pop-up that explains "Microsoft will be ending support for licensing certifications through this platform and phasing out the Get Licensing Ready resource."

The site's "retirement" date is January 1. Users have until December 1 to complete any active modules and download certificates. If you're a user of the site, get cracking: Redmond warns it is "unable to provide copies of certification after December 31st, 2024." An email alias dedicated to the site will also go away on New Year's Day. A Microsoft spokesperson told The Register the software megalith "remains committed to supporting licensing knowledge and solution-building for our partners and customers" -- in part with "new AI capabilities to further enhance learning and engagement."

An anonymous reader shares a report: On Monday, Apple's list of finalists for its coveted "iPhone App of the Year" award once again reveals how the iPhone maker is downplaying the impact of AI technology on the mobile app ecosystem. As it did last year, Apple's 2024 list of top iPhone finalists favors more traditional iOS apps, including those that help iPhone users perform specific tasks like recording professional video (Kino), tailoring their running plans (Runna), or organizing their travels (Tripsy). Other AI apps like ChatGPT, Anthropic's Claude, Microsoft Copilot, and those that create AI photos or videos were not nominated for iPhone App of the Year.

Given the popularity of ChatGPT, also now an Apple partner for its Siri improvements, it's surprising to find the app has not earned any official year-end accolades from Apple's App Store editorial team, despite its adoption of clever new features in 2024, like an Advanced Voice Mode for chatting with the AI virtual assistant and a web search feature that challenges Google.

Sony is developing a new portable gaming device capable of playing PlayStation 5 games, Bloomberg News reported Monday. The project follows the 2023 release of PlayStation Portal, a streaming-only handheld, and aims to compete with Nintendo's dominant Switch console and potential Microsoft offerings in the portable gaming space.

Microsoft's controversial "Recall" feature (in a public preview of Windows 11) already has some known issues, Microsoft admitted Friday. For example:

- Recall can be enabled or disabled from "Turn Windows features on or off". We are caching the Recall binaries on disk while we test add/remove. In a future update we will completely remove the binaries.

- You must have Secure Boot enabled for Recall to save snapshots.

- Some users experience a delay before snapshots first appear in the timeline while using their device. If snapshots do not appear after 5 minutes, reboot your device. If saving snapshots is enabled, but you see snapshots are no longer being saved, reboot your device.

- Clicking links within Recall to submit feedback may experience a delay in loading the Feedback Hub application. Be patient and it will display.

CNBC adds that according to Microsoft Recall "won't work with some accessibility programs, and if you specify that Recall shouldn't save content from a given website, it might get captured anyway while using the built-in Edge browser..." But those aren't the only issues CNBC noticed: - While you might expect that your computer will be recording every last thing you look at once you've turned on Recall, it can go several minutes between making snapshots, leaving gaps in the timeline.

- Recall allows you to prevent screenshots from being made when you're accessing specific apps. But a few apps installed on my Surface Pro are not shown on that list.

- When you enter a search string to find words, results might be incomplete or incorrect. Recall clearly had two screen images that mention "Yankees," but when I typed that into the search box, only one of them came up as a text match. I typed in my last name, which appeared in eight images, but Recall produced just two text matches.

- Recall made a screenshot while I was scrolling through posts on social network BlueSky, and one contains a photo of a New York street scene. You can see a stoplight, a smokestack and street signs. I typed each of those into the search box, but Recall came up with no results...

- The search function is fast, but flipping through snapshots in Recall is not. It can take a couple of seconds to load screenshots as you swipe between them.

The GitHub Secure Open Source Fund launched this week with an initial commitment of $1.25 million, reports TechCrunch, using "capital from contributors including American Express, 1Password, Shopify, Stripe, and GitHub's own parent company Microsoft." GitHub briefly teased the new initiative at its annual GitHub Universe developer conference last month, but Tuesday it announced full details and formally opened the program for applicants, which will be reviewed "on a rolling basis" through the closing date of January 7, 2025, with programming and funding starting shortly after...

Tuesday's news builds on a number of previous GitHub initiatives designed to support project maintainers that work on key components of critical software, including GitHub Sponsors which landed in 2019 (and which is powering the new fund), but more directly the GitHub Accelerator program that launched its first cohort last year — the GitHub Secure Open Source Fund is essentially an extension of that.

"We're trying to acknowledge the fact that we're the home of open source, ultimately, and we have an obligation to help ensure that open source can continue to thrive and have the support that it needs," GitHub Chief Operating Officer Kyle Daigle told TechCrunch in an interview. Qualifying projects can be pretty much any project that has an open source license, but of course GitHub will be looking at those that need the funds most — so Kubernetes can hold fire with its application. "We're looking for the outsized impact, which tends to be big projects with few maintainers that we all rely on," Daigle said.

The sum of $1.25 million might sound like a reasonable amount, but it will be split across 125 projects, which means just $10,000 each — better than nothing, for sure, but a drop in the ocean on the grand scheme of things. However, Daigle is quick to stress that money is only part of the prize here — as with the initial accelerator program, maintainers embark on a three-week program, which includes mentorship, certification, education workshops, and ongoing access to GitHub tools.
From GitHub's announcement: Since introducing support for organizations through GitHub Sponsors, more than 5,800 organizations, including Microsoft and Stripe, have invested in maintainers and projects on GitHub, up nearly 40% YoY. Cumulatively, the platform has unlocked over $60 million in funding for maintainers to help them spend more time working on their projects.

But we know we're just scratching the surface when it comes to organizations and corporate support of open source. This summer, we partnered with the Linux Foundation and researchers from Laboratory for Innovation Science at Harvard (LISH) to learn more about the state of open source funding today. Diving in, we assessed organizations funding behaviors, potential misalignments, and opportunities to improve. In the report launched today, we found:


- Responding organizations annually invest $1.7 billion in open source, which can be extrapolated to estimate that approximately $7.7 billion is invested across the entire open source ecosystem annually.

- 86% of investment is in the form of contribution labor by employees and contractors working for the funding organization, with the remaining 14% being direct financial contributions.

- Organizations generally know how and where they contribute (65%) but lack specific clarity of their contributions (38%).

- Security efforts focus on bugs and maintenance; only a few (6%) said comprehensive security audits are a priority.


We all stand to benefit from unlocking more funding for open source. By tackling problems like open source security as an ecosystem, we believe we can help create more available funding and resources that are vital to the sustainability of open source. Not every open source project or maintainer has access to funding and training for security. That's why we created a fund that everyone potentially eligible can apply for...

This is the beginning of a journey into helping find ways to secure open source. On its own, it's not the answer, but we are confident it will help. We will be monitoring the impact of these investments and share what we learn as we go.

Microsoft-owned GitHub published a blog post asking "Does GitHub Copilot improve code quality? Here's what the data says."

Its first paragraph includes statistics from past studies — that GitHub Copilot has helped developers code up to 55% faster, leaving 88% of developers feeling more "in the flow" and 85% feeling more confident in their code.

But does it improve code quality? [W]e recruited 202 [Python] developers with at least five years of experience. Half were randomly assigned GitHub Copilot access and the other half were instructed not to use any AI tools... We then evaluated the code with unit tests and with an expert review conducted by developers.

Our findings overall show that code authored with GitHub Copilot has increased functionality and improved readability, is of better quality, and receives higher approval rates... Developers with GitHub Copilot access had a 56% greater likelihood of passing all 10 unit tests in the study, indicating that GitHub Copilot helps developers write more functional code by a wide margin. In blind reviews, code written with GitHub Copilot had significantly fewer code readability errors, allowing developers to write 13.6% more lines of code, on average, without encountering readability problems. Readability improved by 3.62%, reliability by 2.94%, maintainability by 2.47%, and conciseness by 4.16%. All numbers were statistically significant... Developers were 5% more likely to approve code written with GitHub Copilot, meaning that such code is ready to be merged sooner, speeding up the time to fix bugs or deploy new features.
"While GitHub's reports have been positive, a few others haven't," reports Visual Studio magazine: For example, a recent study from Uplevel Data Labs said, "Developers with Copilot access saw a significantly higher bug rate while their issue throughput remained consistent."

And earlier this year a "Coding on Copilot" whitepaper from GitClear said, "We find disconcerting trends for maintainability. Code churn — the percentage of lines that are reverted or updated less than two weeks after being authored — is projected to double in 2024 compared to its 2021, pre-AI baseline. We further find that the percentage of 'added code' and 'copy/pasted code' is increasing in proportion to 'updated,' 'deleted,' and 'moved 'code. In this regard, AI-generated code resembles an itinerant contributor, prone to violate the DRY-ness [don't repeat yourself] of the repos visited."

"You can use any Linux distribution inside of the Windows Subsystem for Linux" Microsoft recently reminded Windows users, "even if it is not available in the Microsoft Store, by importing it with a tar file."

But being an official distro "makes it easier for Windows Subsystem for Linux users to install and discover it with actions like wsl --list --online and wsl --install," Microsoft pointed out this week. And "We're excited to announce that Red Hat will soon be delivering a Red Hat Enterprise Linux WSL distro image in the coming months..."

Thank you to the Red Hat team as their feedback has been invaluable as we built out this new architecture, and we're looking forwards to the release...! Ron Pacheco, senior director, Red Hat Enterprise Linux Ecosystem, Red Hat says:

"Developers have their preferred platforms for developing applications for multiple operating systems, and WSL is an important platform for many of them. Red Hat is committed to driving greater choice and flexibility for developers, which is why we're working closely with the Microsoft team to bring Red Hat Enterprise Linux, the largest commercially available open source Linux distribution, to all WSL users."
Read Pacheco's own blog post here.

But in addition Microsoft is also releasing "a new way to make WSL distros," they announced this week, "with a new architecture that backs how WSL distros are packaged and installed." Up until now, you could make a WSL distro by either creating an appx package and distributing it via the Microsoft Store, or by importing a .tar file with wsl -import. We wanted to improve this by making it possible to create a WSL distro without needing to write Windows code, and for users to more easily install their distros from a file or network share which is common in enterprise scenarios... With the tar based architecture, you can start with the same .tar file (which can be an exported Linux container!) and just edit it to add details to make it a WSL distro... These options will describe key distro attributes, like the name of the distro, its icon in Windows, and its out of box experience (OOBE) which is what happens when you run WSL for the first time. You'll notice that the oobe_command option points to a file which is a Linux executable, meaning you can set up your full experience just in Linux if you wish.

Longtime Slashdot reader theodp writes: Past corporate-sponsored Hour of Code tutorials for the nation's schoolchildren have blurred the lines between coding lessons and product infomercials. So too is the case again with this year's newly-announced Hour of Code 2024 flagship tutorials, which include Microsoft Minecraft, Amazon Music, and Transformers One movie-themed intros to coding. The press release announcing the tutorials from tech-backed nonprofit Code.org, which organizes the Hour of Code and counts Microsoft and Amazon as $30+ million donors, boasts of its "decade of partnership with [Microsoft] Minecraft this year, reaching more than 300 million sessions of Minecraft Hour of Code since 2015!"

Interestingly, The Transformers (Paramount Pictures, which released Transformers One in the U.S., is a $25,000+ Code.org donor) is cited as one of the OG's of children's Saturday morning cartoon advertising (aka 30-minute commercials) that prompted the Children's Television Act (CTA) of 1990, an act of Congress that ordered the FCC to put in place regulations to protect children from advertising. Throughout the 1980s, Action for Children's Television (ACT) criticized children's television programs that "blur(red) the distinction between program content and commercial speech."

"Steven Adair, of cybersecurity firm Veloxity, revealed at the Cyberwarcon security conference how Russian hackers were able to daisy-chain as many as three separate Wi-Fi networks in their efforts to attack victims," writes Longtime Slashdot reader smooth wombat. Wired reports: Adair says that Volexity first began investigating the breach of its DC customer's network in the first months of 2022, when the company saw signs of repeated intrusions into the customer's systems by hackers who had carefully covered their tracks. Volexity's analysts eventually traced the compromise to a hijacked user's account connecting to a Wi-Fi access point in a far end of the building, in a conference room with external-facing windows. Adair says he personally scoured the area looking for the source of that connection. "I went there to physically run down what it could be. We looked at smart TVs, looked for devices in closets. Is someone in the parking lot? Is it a printer?" he says. "We came up dry."

Only after the next intrusion, when Volexity managed to get more complete logs of the hackers' traffic, did its analysts solve the mystery: The company found that the hijacked machine which the hackers were using to dig around in its customer's systems was leaking the name of the domain on which it was hosted -- in fact, the name of another organization just across the road. "At that point, it was 100 percent clear where it was coming from," Adair says. "It's not a car in the street. It's the building next door." With the cooperation of that neighbor, Volexity investigated that second organization's network and found that a certain laptop was the source of the street-jumping Wi-Fi intrusion. The hackers had penetrated that device, which was plugged into a dock connected to the local network via Ethernet, and then switched on its Wi-Fi, allowing it to act as a radio-based relay into the target network. Volexity found that, to break into that target's Wi-Fi, the hackers had used credentials they'd somehow obtained online but had apparently been unable to exploit elsewhere, likely due to two-factor authentication.

Volexity eventually tracked the hackers on that second network to two possible points of intrusion. The hackers appeared to have compromised a VPN appliance owned by the other organization. But they had also broken into the organization's Wi-Fi from another network's devices in the same building, suggesting that the hackers may have daisy-chained as many as three networks via Wi-Fi to reach their final target. "Who knows how many devices or networks they compromised and were doing this on," says Adair. Volexity had presumed early on in its investigation that the hackers were Russian in origin due to their targeting of individual staffers at the customer organization focused on Ukraine. Then in April, fully two years after the original intrusion, Microsoft warned of a vulnerability in Windows' print spooler that had been used by Russia's APT28 hacker group -- Microsoft refers to the group as Forest Blizzard -- to gain administrative privileges on target machines. Remnants left behind on the very first computer Volexity had analyzed in the Wi-Fi-based breach of its customer exactly matched that technique. "It was an exact one-to-one match," Adair says.